diff --git a/nki-personal-do/secrets/secrets.yaml b/nki-personal-do/secrets/secrets.yaml index d041d34..f671d26 100644 --- a/nki-personal-do/secrets/secrets.yaml +++ b/nki-personal-do/secrets/secrets.yaml @@ -43,7 +43,7 @@ peertube-env: ENC[AES256_GCM,data:ZrWBwSfMuepIYTzHVCCSnpsXb+MTcOfklI0O/UdcGaR3Rz nix-build-farm: private-key: ENC[AES256_GCM,data:bYQ5TAHgJ8rZmmnp0ZW9pM3p6e2ewAqz9+clp2lDnvPsU/YHr/POSW+UESvulT0UDI8t5th71py2G4BG3z9PdPaWw2iSm6hW3VITYCGYvLbF2yK6anSkww0ilpjwm5NXKJLTiPehkAqsZlZsAxeYw5bF0+7JjeH9+49jLOXtGD0uFSf5M3wVZcObzSYsdGaNKGYkokBYeZii1tdwZvAuUKKZ1eOvDAz5v6hjqZA7brDWr5IZXNCqRZOdyGQ5g3UP4o5XFnl57d1RAmKPK9WaTCjbi0hMfms4zldqGeXTRDAhvqMH2w/BY7KvgIOr+aQelTvQbOciq+DaZbzNgdI5gqrSUA19EEL04Qu/gjoVGwMhZ7Lq9+yS2Lb+xdhmn/99sbcRjaRqqjgzHRvbyirPT9EuEAdrijyuZzY9kASv8LN/Q8cawRZNk2vf0M8Qzg0F7iw2kcDrf+dwdcyrrAbg2XDlGsFBckBcPKA44PkOPtFLHZRU9pSpd15rL1JIes6m2YX7AmJFP2+FA5WjXQoqF+CRhBVUWXaXAmcq,iv:7Uqnu2xEcHotczRzIcDfq9bM7wNXdz0Fg2HNpxlV1/Q=,tag:w5aLsT9LN92+83rdP2YJTg==,type:str] vikunja: - env: ENC[AES256_GCM,data:TyHSS5aqrzdKDki42vtTKj707R2HRWDCmKqU/ntUfHVADgy3fljpBslokbO2PdXH8/WbV42STALqPXdWvN6EYSpoE/NZECP35W0PS4bYhQfhvY/tMDiTR1aBTDJejzgadC1n4/uIeicbnzAU8BQNljilFGg3GIR+A36M42CJUjAHPAAOuKarz+5ADs/T1WJRL3kG30TVC8o=,iv:9PI4jjVmRcsVg7aYpSrxSxMofIflYZ0WYT5vRbB2Hxc=,tag:4AZmCfB8xLRfV9vFdp3Vng==,type:str] + env: ENC[AES256_GCM,data:cHbpfD5THQidjF/Hx5QREJyUJApEHhtalLFMs3npY/zsS9WscCkpKwEPxOmxie/jB2iIQQvR5Xlvbnbr5DVAIduXy7KJCyDEUV1jyJI0+V1FeT5q+69fKg4Jbqz9S32ozMJP0agnKSIvMhZZ8vu+gyMU7UWro5r+VYtVsqb8TlC5Vn8vNK0GcB0nmRUxcBcjuywKhDBrGuAdXpNrb/fqLmnOe5iBk8oXqyyUjF6I+qVn+K8VMfl/Da/2pb7GbuXuQ4jJB1gVrN4+R3uRwB9iKlrc1lF+QJm+pCGqoQU9AjDHxDzIBaGYgSvU82EXUlbDBGyR9r/y0PQ8/59otE1A83EsMyMmA1CerncA8dM24Zv85O9tmsryqqPa6azfVi794tH6YT2lK2dBKxbn6cwusC7fRacON4JmMe2RLZWApZJF9xQd2h64Ffs4x9WC228vemRJC2iKp+Tj6CqCpcfHB/UJxyBaS5GSh6VJ1XV4gnilTLQBvOBgmXd4WOkHy1C1tEI8GKO+TJ0Q/TDuWMSb9hw+uGBi749OHOf5bizCRXo4IfdDt+g1KsnBp2ZLeX3wK3ucNR4UHUcb2MOT0gkRDljn8AhEwu9RrA4DmUTELclkMcyiiMJCl4kBdacjU1RM4GJ5AqqaeIzQd9ny5yRuU5ozQf3URaaRs3oAupAv/y0cuZo7ga80SQj8onxY3FCYeZpVZe+3Jjmx4Qqwrh5L7dNmVPTN1D2BF41oj6mCdM4fEconzt7L229QT/ZA,iv:W7vpIw2815QurKF3N18lP1eIqoc3IODfOvLyJOE0kA4=,tag:d2Ip7Y6Kwo4keP2hzQMwMQ==,type:str] provider-clientsecret: ENC[AES256_GCM,data:/fN1rH2CKoaivhespd+/KamERjBQOdwR7QQ+hoB+pQ3ZSrBVIKbLMWyOJe8f7rVwXAByqDxQIZJEVPjcjhWSU1eicwpu57FBx+/xJLFazspTVZ+5XKyAwR+UxTHDGAgtFV00QHN53l7ygg4joWWko4IPN1JIpNIASaIWWzpsrIo=,iv:NLsZcmE1kKlzV7B/XPVfENMWlpQtOpESH0ByX1KQ8IQ=,tag:P+ZmsKq0KJAeRTTbvbduMg==,type:str] sops: kms: [] @@ -78,8 +78,8 @@ sops: by9kZFlTRVdCZFkxYTVVb0RIRk8zUlkKCqMw9oL9RaYBV5Hhy3o8Nm5xmGrPH8Sd hv36sxRFFNZT/DCKaHaSRbT3mfpBZSTXJt1dgl4nZe6whH54t/1KmA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-12-03T01:35:02Z" - mac: ENC[AES256_GCM,data:DrcQDEOAQZnyJ2e0hLdWJ3tYVuRBhYa/TcdoUV6/J3tLMcFYQRZXbO8GxQMMWAs6hZ4nqJWNihAbAwfwRqCLR5mmd2ntjjEYYcRzekWaqQ2JV+yCnXEMouUeVWabkrbbuB0k600Po8vsU2gMb6RtIf95YaUJRkA9dkkAyQVN1mU=,iv:av7TlBrMLHfnkOVzXyKSG9IfZOrDD2t1KCWWjJsmNTE=,tag:tKkYUn6Y32HwXYBHFO4CZg==,type:str] + lastmodified: "2024-12-07T15:37:34Z" + mac: ENC[AES256_GCM,data:iG2Nyy9vVyFni5n30ytm9fM6grpDIuCKy2oIjbAnlf98pIC3PXOW2DodTfyo5cP7Wqb5ursD8d89XhoDvB+ConWWyKTG982ek0C2PU8veiNTTlEuzNGg+GafadMyeK8zZv3Vvbc1tCH8bPyWkvLHKgEccX5YXj4rhC9JGch3Ry0=,iv:Milv9EVRVpiWrSYuXg4X1vUT+8EXVLH5CoCwiD1peQg=,tag:x5UWToiWeEHEwx+KhudJzQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.1 diff --git a/nki-personal-do/vikunja.nix b/nki-personal-do/vikunja.nix index 0ed6177..f576791 100644 --- a/nki-personal-do/vikunja.nix +++ b/nki-personal-do/vikunja.nix @@ -9,8 +9,8 @@ let storageMount = "/mnt/data/vikunja"; in { - sops.secrets."vikunja/env" = { }; - sops.secrets."vikunja/provider-clientsecret" = { }; + sops.secrets."vikunja/env" = { restartUnits = [ "vikunja.service" ]; }; + sops.secrets."vikunja/provider-clientsecret" = { restartUnits = [ "vikunja.service" ]; }; cloud.postgresql.databases = [ user ]; cloud.traefik.hosts.vikunja = { inherit port host; @@ -71,6 +71,10 @@ in forcessl = true; }; files.basepath = lib.mkForce storageMount; + migration = { + todoist.enable = true; + trello.enable = true; + }; auth = { local.enabled = false; openid = { @@ -97,10 +101,10 @@ in serviceConfig.User = user; serviceConfig.LoadCredential = [ "VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET_FILE:${secrets."vikunja/provider-clientsecret".path}" ]; serviceConfig.DynamicUser = lib.mkForce false; + serviceConfig.ReadWritePaths = [ storageMount ]; environment.VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET_FILE = "%d/VIKUNJA_AUTH_OPENID_PROVIDERS_AUTHENTIK_CLIENTSECRET_FILE"; unitConfig = { RequiresMountsFor = [ storageMount ]; - ReadWritePaths = [ storageMount ]; }; }; systemd.tmpfiles.settings."10-vikunja".${storageMount}.d = {