modules: services: add vikunja

This commit is contained in:
Bruno BELANYI 2023-05-13 20:18:58 +02:00
parent 685c571018
commit 175a8acde2
2 changed files with 124 additions and 0 deletions

View File

@ -32,6 +32,7 @@
./ssh-server
./tlp
./transmission
./vikunja
./wireguard
./woodpecker
];

View File

@ -0,0 +1,123 @@
# Todo and kanban app
{ config, lib, ... }:
let
cfg = config.my.services.vikunja;
subdomain = "todo";
vikunjaDomain = "${subdomain}.${config.networking.domain}";
socketPath = "/run/vikunja/vikunja.socket";
in
{
options.my.services.vikunja = with lib; {
enable = mkEnableOption "Vikunja todo app";
mail = {
enable = mkEnableOption {
description = "mailer configuration";
};
configFile = mkOption {
type = types.str;
example = "/run/secrets/vikunja-mail-config.env";
description = "Configuration for the mailer connection, using environment variables.";
};
};
};
config = lib.mkIf cfg.enable {
services.vikunja = {
enable = true;
frontendScheme = "https";
frontendHostname = vikunjaDomain;
setupNginx = false;
database = {
type = "postgres";
user = "vikunja";
database = "vikunja";
host = "/run/postgresql";
};
settings = {
service = {
# Only allow registration of users through the CLI
enableregistration = false;
# Ues the host's timezone
timezone = config.time.timeZone;
# Use UNIX socket for serving the API
unixsocket = socketPath;
unixsocketmode = "0o660";
};
mailer = {
enabled = cfg.mail.enable;
};
};
environmentFiles = lib.optional cfg.mail.enable cfg.mail.configFile;
};
# This is a weird setup
my.services.nginx.virtualHosts = [
{
inherit subdomain;
# Serve the root for the web-ui
root = config.services.vikunja.package-frontend;
extraConfig = {
locations = {
"/" = {
tryFiles = "try_files $uri $uri/ /";
};
# Serve the API through a UNIX socket
"~* ^/(api|dav|\\.well-known)/" = {
proxyPass = "http://unix:${socketPath}";
extraConfig = ''
client_max_body_size 20M;
'';
};
};
};
}
];
systemd.services.vikunja-api = {
serviceConfig = {
# Use a system user to simplify using the CLI
DynamicUser = lib.mkForce false;
# Set the user for postgres authentication
User = "vikunja";
# Create /run/vikunja/ to serve the UNIX socket
RuntimeDirectory = "vikunja";
};
};
users.users.vikunja = {
description = "Vikunja Service";
group = "vikunja";
isSystemUser = true;
};
users.groups.vikunja = { };
# Allow nginx to access the UNIX socket
users.users.nginx.extraGroups = [ "vikunja" ];
services.postgresql = {
ensureDatabases = [ "vikunja" ];
ensureUsers = [
{
name = "vikunja";
ensurePermissions = { "DATABASE vikunja" = "ALL PRIVILEGES"; };
}
];
};
my.services.backup = {
paths = [
config.services.vikunja.settings.files.basepath
];
};
};
}