113 lines
2.7 KiB
Markdown
113 lines
2.7 KiB
Markdown
# USDA Dashboard System Configuration
|
|
|
|
External NixOS module configuration for the usda-dash LXC container.
|
|
|
|
## Overview
|
|
|
|
This repository contains the system configuration for the USDA Dashboard, managed as an external module for the nixos-systems fleet.
|
|
|
|
## Usage
|
|
|
|
### From nixos-systems inventory.nix
|
|
|
|
Replace the inline configuration with this external module:
|
|
|
|
```nix
|
|
nix-lxc = {
|
|
devices = {
|
|
"usda-dash" = builtins.fetchGit {
|
|
url = "https://github.com/UGA-Innovation-Factory/usda-dash-config";
|
|
rev = "abc123..."; # Commit hash for reproducibility
|
|
};
|
|
};
|
|
overrides = {
|
|
athenix.host.useHostPrefix = false;
|
|
extraUsers = [ "sv22900" "hdh20267" ]; # Users remain in inventory
|
|
};
|
|
};
|
|
```
|
|
|
|
### Local Development
|
|
|
|
For testing changes locally before pushing:
|
|
|
|
```nix
|
|
nix-lxc = {
|
|
devices = {
|
|
"usda-dash" = /path/to/local/usda-dash-config;
|
|
};
|
|
};
|
|
```
|
|
|
|
## Configuration Structure
|
|
|
|
```
|
|
usda-dash-config/
|
|
├── default.nix # Main module configuration
|
|
├── README.md # This file
|
|
└── services/ # Optional: Additional service modules
|
|
```
|
|
|
|
## Module Contents
|
|
|
|
The `default.nix` module includes:
|
|
- Base system packages
|
|
- SSH configuration
|
|
- Service configurations (nginx, postgresql, etc.)
|
|
- Firewall rules
|
|
- Dashboard-specific settings
|
|
|
|
## Integration
|
|
|
|
This module:
|
|
- Receives the same flake inputs as nixos-systems (nixpkgs, home-manager, etc.)
|
|
- Can use athenix.* options from the host type module
|
|
- Is merged with inventory.nix overrides and extraUsers
|
|
- Works with all build methods (LXC, Proxmox, ISO)
|
|
|
|
## Development Workflow
|
|
|
|
1. Make changes to `default.nix`
|
|
2. Test locally by pointing inventory.nix to local path
|
|
3. Build: `nix build .#nixosConfigurations.usda-dash.config.system.build.toplevel`
|
|
4. Commit and push changes
|
|
5. Update inventory.nix with new commit hash
|
|
|
|
## Important Notes
|
|
|
|
### Avoiding Configuration Conflicts
|
|
|
|
External modules should generally **not** override settings that are already defined by the host type modules (like `nix-lxc`). The host type already configures:
|
|
- SSH settings
|
|
- Basic services
|
|
- Networking
|
|
|
|
Your external module should focus on:
|
|
- Application-specific packages
|
|
- Custom services unique to your application
|
|
- Application configuration files
|
|
|
|
If you need to override host type settings, use `lib.mkForce`:
|
|
|
|
```nix
|
|
services.openssh.settings.PermitRootLogin = lib.mkForce "no";
|
|
```
|
|
|
|
## Deployment
|
|
|
|
After updating the configuration:
|
|
|
|
```bash
|
|
cd /path/to/nixos-systems
|
|
# Update the rev in inventory.nix to the new commit hash
|
|
# Nix will automatically fetch the new version
|
|
nix flake check # Verify the configuration
|
|
./deploy usda-dash
|
|
```
|
|
|
|
To force Nix to re-fetch (if you've updated the same commit):
|
|
```bash
|
|
rm -rf ~/.cache/nix/gitv3/*
|
|
nix flake check --refresh
|
|
```
|