nix-home/nki-personal-do/vikunja.nix

{ pkgs, lib, config, ... }:
let
  secrets = config.sops.secrets;

  host = "kanban.dtth.ch";
  user = "vikunja";
  port = 12785;

  storageMount = "/mnt/data/vikunja";
in
{
  sops.secrets."vikunja/env" = { };
  sops.secrets."vikunja/provider-clientsecret" = { };
  cloud.postgresql.databases = [ user ];
  cloud.traefik.hosts.vikunja = {
    inherit port host;
  };

  # users
  users.users."${user}" = {
    group = "${user}";
    isSystemUser = true;
  };
  users.groups."${user}" = { };


  services.vikunja = {
    inherit port;
    enable = true;
    package =
      builtins.seq
        (lib.assertMsg (pkgs.vikunja.version == "0.24.5") "Vikunja probably doesn't need custom versions anymore")
        (pkgs.vikunja.overrideAttrs
          (attrs: {
            src = pkgs.fetchFromGitHub {
              owner = "go-vikunja";
              repo = "vikunja";
              rev = "e57f04ec23e9ff8aa9877d2ea7d571c2a44790b0";
              hash = "sha256-W6o1h6XBPvT1lH1zO5N7HcodksKill5eqSuaFl2kfuY=";
            };

            passthru = attrs.passthru // {
              overrideModAttrs = attrs: {
                outputHash = "sha256-UWjlivF9ySXCAr84A1trCJ/n9pB98ZhEyG11qz3PL7g=";
              };
            };
          }));

    frontendScheme = "https";
    frontendHostname = host;

    environmentFiles = [ secrets."vikunja/env".path ];

    database = {
      type = "postgres";
      host = "/var/run/postgresql";
      user = user;
      database = user;
    };

    settings = {
      service = {
        publicurl = "https://${host}";
        enableregistration = false;
        enablepublicteams = true;
      };
      mailer = {
        enabled = true;
        host = "mx1.nkagami.me";
        port = 465;
        forcessl = true;
      };
      files.basepath = lib.mkForce storageMount;
      auth = {
        local.enabled = false;
        openid = {
          enabled = true;
          providers.authentik = {
            name = "DTTH Discord Account";
            authurl = "https://auth.dtth.ch/application/o/vikunja/";
            logouturl = "https://auth.dtth.ch/application/o/vikunja/end-session/";
            clientid = "GvCIBtdE2ZRbAo5BJzw4FbZjer7umJlaROT1Pvlp";
            scope = "openid profile email vikunja_scope";
          };
        };
      };
      defaultsettings = {
        avatar_provider = "gravatar";
        week_start = 1;
        language = "VN";
        timezone = "Asia/Ho_Chi_Minh";
      };
    };
  };

  systemd.services.vikunja = {
    serviceConfig.User = user;
    serviceConfig.LoadCredential = [ "VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET_FILE:${secrets."vikunja/provider-clientsecret".path}" ];
    serviceConfig.DynamicUser = lib.mkForce false;
    environment.VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET_FILE = "%d/VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET_FILE";
    unitConfig = {
      RequiresMountsFor = [ storageMount ];
      ReadWritePaths = [ storageMount ];
    };
  };
  systemd.tmpfiles.settings."10-vikunja".${storageMount}.d = {
    user = user;
    group = user;
    mode = "0700";
  };
}
cloud: add vikunja 2024-12-03 13:29:16 +00:00			`{ pkgs, lib, config, ... }:`
			`let`
			`secrets = config.sops.secrets;`

			`host = "kanban.dtth.ch";`
			`user = "vikunja";`
			`port = 12785;`

			`storageMount = "/mnt/data/vikunja";`
			`in`
			`{`
			`sops.secrets."vikunja/env" = { };`
			`sops.secrets."vikunja/provider-clientsecret" = { };`
			`cloud.postgresql.databases = [ user ];`
			`cloud.traefik.hosts.vikunja = {`
			`inherit port host;`
			`};`

			`# users`
			`users.users."${user}" = {`
			`group = "${user}";`
			`isSystemUser = true;`
			`};`
			`users.groups."${user}" = { };`


			`services.vikunja = {`
			`inherit port;`
			`enable = true;`
			`package =`
			`builtins.seq`
			`(lib.assertMsg (pkgs.vikunja.version == "0.24.5") "Vikunja probably doesn't need custom versions anymore")`
			`(pkgs.vikunja.overrideAttrs`
			`(attrs: {`
			`src = pkgs.fetchFromGitHub {`
			`owner = "go-vikunja";`
			`repo = "vikunja";`
			`rev = "e57f04ec23e9ff8aa9877d2ea7d571c2a44790b0";`
			`hash = "sha256-W6o1h6XBPvT1lH1zO5N7HcodksKill5eqSuaFl2kfuY=";`
			`};`

			`passthru = attrs.passthru // {`
			`overrideModAttrs = attrs: {`
			`outputHash = "sha256-UWjlivF9ySXCAr84A1trCJ/n9pB98ZhEyG11qz3PL7g=";`
			`};`
			`};`
			`}));`

			`frontendScheme = "https";`
			`frontendHostname = host;`

			`environmentFiles = [ secrets."vikunja/env".path ];`

			`database = {`
			`type = "postgres";`
			`host = "/var/run/postgresql";`
			`user = user;`
			`database = user;`
			`};`

			`settings = {`
			`service = {`
			`publicurl = "https://${host}";`
			`enableregistration = false;`
			`enablepublicteams = true;`
			`};`
			`mailer = {`
			`enabled = true;`
			`host = "mx1.nkagami.me";`
			`port = 465;`
			`forcessl = true;`
			`};`
			`files.basepath = lib.mkForce storageMount;`
			`auth = {`
			`local.enabled = false;`
			`openid = {`
			`enabled = true;`
			`providers.authentik = {`
			`name = "DTTH Discord Account";`
			`authurl = "https://auth.dtth.ch/application/o/vikunja/";`
			`logouturl = "https://auth.dtth.ch/application/o/vikunja/end-session/";`
			`clientid = "GvCIBtdE2ZRbAo5BJzw4FbZjer7umJlaROT1Pvlp";`
			`scope = "openid profile email vikunja_scope";`
			`};`
			`};`
			`};`
			`defaultsettings = {`
			`avatar_provider = "gravatar";`
			`week_start = 1;`
			`language = "VN";`
			`timezone = "Asia/Ho_Chi_Minh";`
			`};`
			`};`
			`};`

			`systemd.services.vikunja = {`
			`serviceConfig.User = user;`
			`serviceConfig.LoadCredential = [ "VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET_FILE:${secrets."vikunja/provider-clientsecret".path}" ];`
			`serviceConfig.DynamicUser = lib.mkForce false;`
			`environment.VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET_FILE = "%d/VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET_FILE";`
			`unitConfig = {`
			`RequiresMountsFor = [ storageMount ];`
			`ReadWritePaths = [ storageMount ];`
			`};`
			`};`
			`systemd.tmpfiles.settings."10-vikunja".${storageMount}.d = {`
			`user = user;`
			`group = user;`
			`mode = "0700";`
			`};`
			`}`