feat(snipe-it): install snipe-it

nixos/borgbackup.nix

@@ -3,7 +3,9 @@
     paths = [
       # server storage
       "/var/lib/postgresql"
+      "/var/lib/mysql"
       "/var/lib/sourcehut"
+      "/var/lib/snipe-it"
       # user storage
       "/home"
     ];

nixos/configuration.nix

@@ -8,6 +8,7 @@
     [ # Include the results of the hardware scan.
       ./hardware-configuration.nix
       ./sourcehut.nix
+      ./snipeit.nix
       ./borgbackup.nix
     ];
 
@@ -21,6 +22,8 @@
     127.0.0.1 meta.sourcehut.nixos.local
     127.0.0.1 man.sourcehut.nixos.local
     127.0.0.1 git.sourcehut.nixos.local
+
+    127.0.0.1 snipe-it.nixos.local
   '';
   # networking.wireless.enable = true;  # Enables wireless support via wpa_supplicant.
 

nixos/snipeit.nix

@@ -0,0 +1,34 @@
+let
+  snipeit-fqdn = "snipe-it.nixos.local";
+in
+{ pkgs, ... }:
+{
+  services.snipe-it = {
+    enable = true;
+    appKeyFile = "/etc/nixos/secrets/snipe-it/appkey";
+    appURL = "https://${snipeit-fqdn}";
+    hostName = snipeit-fqdn;
+    database = {
+      user = "snipeit";
+    };
+    nginx = {
+      sslCertificate = "/etc/nixos/secrets/certs/snipe-it.nixos.local.crt";
+      sslCertificateKey = "/etc/nixos/secrets/certs/snipe-it.nixos.local.key";
+      forceSSL = true;
+      kTLS = true;
+    };
+  };
+  services.mysql = {
+    enable = true;
+    package = pkgs.mariadb;
+    ensureUsers = [
+      {
+        name = "snipeit";
+        ensurePermissions = {
+          "snipeit.*" = "ALL PRIVILEGES";
+        };
+      }
+    ];
+    ensureDatabases = [ "snipeit" ];
+  };
+}

nixos/sourcehut.nix

@@ -91,7 +91,7 @@ in
 
   services.nginx = {
     enable = true;
-    recommendedTlsSettings = false;
+    recommendedTlsSettings = true;
     recommendedOptimisation = true;
     recommendedGzipSettings = true;
     recommendedProxySettings = true;