nix-home/nki-personal-do/vikunja.nix

{ pkgs, lib, config, ... }:
let
  secrets = config.sops.secrets;

  host = "kanban.dtth.ch";
  user = "vikunja";
  port = 12785;

  storageMount = "/mnt/data/vikunja";
in
{
  sops.secrets."vikunja/env" = { restartUnits = [ "vikunja.service" ]; };
  sops.secrets."vikunja/provider-clientsecret" = { restartUnits = [ "vikunja.service" ]; };
  cloud.postgresql.databases = [ user ];
  cloud.traefik.hosts.vikunja = {
    inherit port host;
  };

  # users
  users.users."${user}" = {
    group = "${user}";
    isSystemUser = true;
  };
  users.groups."${user}" = { };


  services.vikunja = {
    inherit port;
    enable = true;

    frontendScheme = "https";
    frontendHostname = host;

    environmentFiles = [ secrets."vikunja/env".path ];

    database = {
      type = "postgres";
      host = "/var/run/postgresql";
      user = user;
      database = user;
    };

    settings = {
      service = {
        publicurl = "https://${host}";
        enableregistration = false;
        enablepublicteams = true;
      };
      mailer = {
        enabled = true;
        host = "mx1.nkagami.me";
        port = 465;
        forcessl = true;
      };
      files.basepath = lib.mkForce storageMount;
      migration = {
        todoist.enable = true;
        trello.enable = true;
      };
      backgrounds.providers.unsplash.enabled = true;
      auth = {
        local.enabled = false;
        openid = {
          enabled = true;
          providers.authentik = {
            name = "DTTH Discord Account";
            authurl = "https://auth.dtth.ch/application/o/vikunja/";
            logouturl = "https://auth.dtth.ch/application/o/vikunja/end-session/";
            clientid = "GvCIBtdE2ZRbAo5BJzw4FbZjer7umJlaROT1Pvlp";
            scope = "openid profile email vikunja_scope";
          };
        };
      };
      defaultsettings = {
        avatar_provider = "gravatar";
        week_start = 1;
        language = "VN";
        timezone = "Asia/Ho_Chi_Minh";
      };
    };
  };

  systemd.services.vikunja = {
    serviceConfig.LoadCredential = [ "VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET_FILE:${secrets."vikunja/provider-clientsecret".path}" ];
    serviceConfig.User = user;
    serviceConfig.DynamicUser = lib.mkForce false;
    serviceConfig.ReadWritePaths = [ storageMount ];
    environment.VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET_FILE = "%d/VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET_FILE";
    unitConfig = {
      RequiresMountsFor = [ storageMount ];
    };
  };
  systemd.tmpfiles.settings."10-vikunja".${storageMount}.d = {
    user = user;
    group = user;
    mode = "0700";
  };
}
cloud: add vikunja 2024-12-03 13:29:16 +00:00			`{ pkgs, lib, config, ... }:`
			`let`
			`secrets = config.sops.secrets;`

			`host = "kanban.dtth.ch";`
			`user = "vikunja";`
			`port = 12785;`

			`storageMount = "/mnt/data/vikunja";`
			`in`
			`{`
vikunja: add Todoist and Trello import 2024-12-07 15:53:30 +00:00			`sops.secrets."vikunja/env" = { restartUnits = [ "vikunja.service" ]; };`
			`sops.secrets."vikunja/provider-clientsecret" = { restartUnits = [ "vikunja.service" ]; };`
cloud: add vikunja 2024-12-03 13:29:16 +00:00			`cloud.postgresql.databases = [ user ];`
			`cloud.traefik.hosts.vikunja = {`
			`inherit port host;`
			`};`

			`# users`
			`users.users."${user}" = {`
			`group = "${user}";`
			`isSystemUser = true;`
			`};`
			`users.groups."${user}" = { };`


			`services.vikunja = {`
			`inherit port;`
			`enable = true;`

			`frontendScheme = "https";`
			`frontendHostname = host;`

			`environmentFiles = [ secrets."vikunja/env".path ];`

			`database = {`
			`type = "postgres";`
			`host = "/var/run/postgresql";`
			`user = user;`
			`database = user;`
			`};`

			`settings = {`
			`service = {`
			`publicurl = "https://${host}";`
			`enableregistration = false;`
			`enablepublicteams = true;`
			`};`
			`mailer = {`
			`enabled = true;`
			`host = "mx1.nkagami.me";`
			`port = 465;`
			`forcessl = true;`
			`};`
			`files.basepath = lib.mkForce storageMount;`
vikunja: add Todoist and Trello import 2024-12-07 15:53:30 +00:00			`migration = {`
			`todoist.enable = true;`
			`trello.enable = true;`
			`};`
vikunja: Properly use the right frontend too 2024-12-07 17:24:34 +00:00			`backgrounds.providers.unsplash.enabled = true;`
cloud: add vikunja 2024-12-03 13:29:16 +00:00			`auth = {`
			`local.enabled = false;`
			`openid = {`
			`enabled = true;`
			`providers.authentik = {`
			`name = "DTTH Discord Account";`
			`authurl = "https://auth.dtth.ch/application/o/vikunja/";`
			`logouturl = "https://auth.dtth.ch/application/o/vikunja/end-session/";`
			`clientid = "GvCIBtdE2ZRbAo5BJzw4FbZjer7umJlaROT1Pvlp";`
			`scope = "openid profile email vikunja_scope";`
			`};`
			`};`
			`};`
			`defaultsettings = {`
			`avatar_provider = "gravatar";`
			`week_start = 1;`
			`language = "VN";`
			`timezone = "Asia/Ho_Chi_Minh";`
			`};`
			`};`
			`};`

			`systemd.services.vikunja = {`
			`serviceConfig.LoadCredential = [ "VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET_FILE:${secrets."vikunja/provider-clientsecret".path}" ];`
n8n: deploy 2024-12-08 11:05:38 +00:00			`serviceConfig.User = user;`
cloud: add vikunja 2024-12-03 13:29:16 +00:00			`serviceConfig.DynamicUser = lib.mkForce false;`
vikunja: add Todoist and Trello import 2024-12-07 15:53:30 +00:00			`serviceConfig.ReadWritePaths = [ storageMount ];`
cloud: add vikunja 2024-12-03 13:29:16 +00:00			`environment.VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET_FILE = "%d/VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET_FILE";`
			`unitConfig = {`
			`RequiresMountsFor = [ storageMount ];`
			`};`
			`};`
			`systemd.tmpfiles.settings."10-vikunja".${storageMount}.d = {`
			`user = user;`
			`group = user;`
			`mode = "0700";`
			`};`
			`}`