nixos-server-conf/configuration.nix

# Edit this configuration file to define what should be installed on
# your system. Help is available in the configuration.nix(5) man page, on
# https://search.nixos.org/options and in the NixOS manual (`nixos-help`).

# NixOS-WSL specific options are documented on the NixOS-WSL repository:
# https://github.com/nix-community/NixOS-WSL

{ config, lib, pkgs, ... }:

{
  imports = [
    # include NixOS-WSL modules
    <nixos-wsl/modules>
  ];

  wsl.enable = true;
  wsl.defaultUser = "nixos";


  # This value determines the NixOS release from which the default
  # settings for stateful data, like file locations and database versions
  # on your system were taken. It's perfectly fine and recommended to leave
  # this value at the release version of the first install of this system.
  # Before changing this value read the documentation for this option
  # (e.g. man configuration.nix or on https://nixos.org/nixos/options.html).
  system.stateVersion = "24.05"; # Did you read the comment?

  nix = {
    settings = {
      experimental-features = [ "nix-command" "flakes" ];
    };
  };

  environment = {
    systemPackages = with pkgs; [
      git
      vim
      wget
      curl
      htop
    ];
  };

  openproject = pkgs.fetchFromGithub {
    owner = "bendlas";
    repo = "openproject-nix";
    rev = "";
    sha256 = "";
  };

  services = {
    openssh = {
      enable = true;
      settings.PermitRootLogin = "yes";
    };
    redis = {
      servers = {
        # Queue, naming it "" makes it use default values.
        "".enable = true;

        socketio = {
          enable = true;
          port = 12311;
        };
      };
    };
  };

  networking = {
    firewall = {
      enable = false;
    };
  };

  users = {
    mutableUsers = false;

    extraUsers = {
      root = {
        password = "root";
      };
    };

    users = {
      root = {

      };
      openproject = {
        description = "User to run openproject";
        group = "openproject";
        isSystemUser = true;
        home = "/var/lib/openproject";
        createHome = true;
      }
    };
  };

  systemd = {
    services = {
      openproject = {
        enable = true;
        wantedBy = [ "multi-user.target" ];
        after = [ "mysql.service" "redis.service" "redis-socketio.service" ];
        description = "ERPNext";
        confinement = {
          enable = true;
          packages = [ pkgs.mariadb-client pkgs.nodejs penv ];
        };
        script = ''
          export PYTHON_PATH=${penv}/${pkgs.python3.sitePackages}
          export PATH="${pkgs.mariadb-client}/bin:${pkgs.nodejs}/bin:${penv}/bin:$PATH"

          # Initialize the DB
          # Start the server

        '';
        serviceConfig = {
          User = "erpnext";
          NoNewPrivileges = true;
          Type = "simple";
          BindReadOnlyPaths = [
            "/etc/hosts:/etc/hosts"
            "${pkgs.openproject}:${pkgs.openproject}"
          ];
          BindPaths = [
            "/var/lib/openproject:/var/libopenproject"
          ];
        };
      };
    };
  };
}