From 175a8acde2c3cc0e789f71b043c9679c63b5eeda Mon Sep 17 00:00:00 2001 From: Bruno BELANYI Date: Sat, 13 May 2023 20:18:58 +0200 Subject: [PATCH] modules: services: add vikunja --- modules/services/default.nix | 1 + modules/services/vikunja/default.nix | 123 +++++++++++++++++++++++++++ 2 files changed, 124 insertions(+) create mode 100644 modules/services/vikunja/default.nix diff --git a/modules/services/default.nix b/modules/services/default.nix index 268a3a5..4fcf453 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -32,6 +32,7 @@ ./ssh-server ./tlp ./transmission + ./vikunja ./wireguard ./woodpecker ]; diff --git a/modules/services/vikunja/default.nix b/modules/services/vikunja/default.nix new file mode 100644 index 0000000..1cdef5f --- /dev/null +++ b/modules/services/vikunja/default.nix @@ -0,0 +1,123 @@ +# Todo and kanban app +{ config, lib, ... }: +let + cfg = config.my.services.vikunja; + subdomain = "todo"; + vikunjaDomain = "${subdomain}.${config.networking.domain}"; + socketPath = "/run/vikunja/vikunja.socket"; +in +{ + options.my.services.vikunja = with lib; { + enable = mkEnableOption "Vikunja todo app"; + + mail = { + enable = mkEnableOption { + description = "mailer configuration"; + }; + + configFile = mkOption { + type = types.str; + example = "/run/secrets/vikunja-mail-config.env"; + description = "Configuration for the mailer connection, using environment variables."; + }; + }; + }; + + config = lib.mkIf cfg.enable { + services.vikunja = { + enable = true; + + frontendScheme = "https"; + frontendHostname = vikunjaDomain; + + setupNginx = false; + + database = { + type = "postgres"; + user = "vikunja"; + database = "vikunja"; + host = "/run/postgresql"; + }; + + settings = { + service = { + # Only allow registration of users through the CLI + enableregistration = false; + # Ues the host's timezone + timezone = config.time.timeZone; + # Use UNIX socket for serving the API + unixsocket = socketPath; + unixsocketmode = "0o660"; + }; + + mailer = { + enabled = cfg.mail.enable; + }; + }; + + environmentFiles = lib.optional cfg.mail.enable cfg.mail.configFile; + }; + + # This is a weird setup + my.services.nginx.virtualHosts = [ + { + inherit subdomain; + # Serve the root for the web-ui + root = config.services.vikunja.package-frontend; + + extraConfig = { + locations = { + "/" = { + tryFiles = "try_files $uri $uri/ /"; + }; + + # Serve the API through a UNIX socket + "~* ^/(api|dav|\\.well-known)/" = { + proxyPass = "http://unix:${socketPath}"; + extraConfig = '' + client_max_body_size 20M; + ''; + }; + }; + }; + } + ]; + + systemd.services.vikunja-api = { + serviceConfig = { + # Use a system user to simplify using the CLI + DynamicUser = lib.mkForce false; + # Set the user for postgres authentication + User = "vikunja"; + # Create /run/vikunja/ to serve the UNIX socket + RuntimeDirectory = "vikunja"; + }; + }; + + users.users.vikunja = { + description = "Vikunja Service"; + group = "vikunja"; + isSystemUser = true; + }; + users.groups.vikunja = { }; + + # Allow nginx to access the UNIX socket + users.users.nginx.extraGroups = [ "vikunja" ]; + + services.postgresql = { + ensureDatabases = [ "vikunja" ]; + ensureUsers = [ + { + name = "vikunja"; + ensurePermissions = { "DATABASE vikunja" = "ALL PRIVILEGES"; }; + } + ]; + }; + + my.services.backup = { + paths = [ + config.services.vikunja.settings.files.basepath + ]; + }; + }; +}