From 09a675471e4cb4d240ad6838e40c05768b343672 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 9 Mar 2024 21:49:12 +0100
Subject: [PATCH 1/2] flake: bump inputs

And fix the breaking changes in Vikunja (which actually make my
configuration simpler).
---
 flake.lock                                 | 24 +++++++++++-----------
 modules/nixos/services/vikunja/default.nix | 23 ++-------------------
 2 files changed, 14 insertions(+), 33 deletions(-)

diff --git a/flake.lock b/flake.lock
index cd0b2de..ce8318f 100644
--- a/flake.lock
+++ b/flake.lock
@@ -73,11 +73,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1706830856,
-        "narHash": "sha256-a0NYyp+h9hlb7ddVz4LUn1vT/PLwqfrWYcHMvFB1xYg=",
+        "lastModified": 1709336216,
+        "narHash": "sha256-Dt/wOWeW6Sqm11Yh+2+t0dfEWxoMxGBvv3JpIocFl9E=",
         "owner": "hercules-ci",
         "repo": "flake-parts",
-        "rev": "b253292d9c0a5ead9bc98c4e9a26c6312e27d69f",
+        "rev": "f7b3c975cf067e56e7cda6cb098ebe3fb4d74ca2",
         "type": "github"
       },
       "original": {
@@ -136,11 +136,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1709204054,
-        "narHash": "sha256-U1idK0JHs1XOfSI1APYuXi4AEADf+B+ZU4Wifc0pBHk=",
+        "lastModified": 1709988192,
+        "narHash": "sha256-qxwIkl85P0I1/EyTT+NJwzbXdOv86vgZxcv4UKicjK8=",
         "owner": "nix-community",
         "repo": "home-manager",
-        "rev": "2f3367769a93b226c467551315e9e270c3f78b15",
+        "rev": "b0b0c3d94345050a7f86d1ebc6c56eea4389d030",
         "type": "github"
       },
       "original": {
@@ -152,11 +152,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1709150264,
-        "narHash": "sha256-HofykKuisObPUfj0E9CJVfaMhawXkYx3G8UIFR/XQ38=",
+        "lastModified": 1709703039,
+        "narHash": "sha256-6hqgQ8OK6gsMu1VtcGKBxKQInRLHtzulDo9Z5jxHEFY=",
         "owner": "NixOS",
         "repo": "nixpkgs",
-        "rev": "9099616b93301d5cf84274b184a3a5ec69e94e08",
+        "rev": "9df3e30ce24fd28c7b3e2de0d986769db5d6225d",
         "type": "github"
       },
       "original": {
@@ -168,11 +168,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1709206595,
-        "narHash": "sha256-lBU/gE7DiJCNkJGPVUms0zA0hxzDVgENIXfebj1oeLc=",
+        "lastModified": 1710013455,
+        "narHash": "sha256-qzOpU4APTso6JLA+/F4zlO/yL8++n/CsUpmxbQAsy/4=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "fbe8df1c13fd8e63e35c2c4654104661eb1fbbed",
+        "rev": "cf1e9b0e085368cc489c765f285f1d07c2ec8d36",
         "type": "github"
       },
       "original": {
diff --git a/modules/nixos/services/vikunja/default.nix b/modules/nixos/services/vikunja/default.nix
index 9767d00..6e7700f 100644
--- a/modules/nixos/services/vikunja/default.nix
+++ b/modules/nixos/services/vikunja/default.nix
@@ -30,8 +30,6 @@ in
       frontendScheme = "https";
       frontendHostname = vikunjaDomain;
 
-      setupNginx = false;
-
       database = {
         type = "postgres";
         user = "vikunja";
@@ -61,28 +59,11 @@ in
     # This is a weird setup
     my.services.nginx.virtualHosts = {
       ${subdomain} = {
-        # Serve the root for the web-ui
-        root = config.services.vikunja.package-frontend;
-
-        extraConfig = {
-          locations = {
-            "/" = {
-              tryFiles = "try_files $uri $uri/ /";
-            };
-
-            # Serve the API through a UNIX socket
-            "~* ^/(api|dav|\\.well-known)/" = {
-              proxyPass = "http://unix:${socketPath}";
-              extraConfig = ''
-                client_max_body_size 20M;
-              '';
-            };
-          };
-        };
+        socket = socketPath;
       };
     };
 
-    systemd.services.vikunja-api = {
+    systemd.services.vikunja = {
       serviceConfig = {
         # Use a system user to simplify using the CLI
         DynamicUser = lib.mkForce false;

From e59c277cddf70c328baea8ec1776e598473a6272 Mon Sep 17 00:00:00 2001
From: Bruno BELANYI <bruno@belanyi.fr>
Date: Sat, 9 Mar 2024 22:00:17 +0100
Subject: [PATCH 2/2] nixos: services: lohr: migrate to tmpfiles

This is better than a custom script.
---
 modules/nixos/services/lohr/default.nix | 34 ++++++++++++++-----------
 1 file changed, 19 insertions(+), 15 deletions(-)

diff --git a/modules/nixos/services/lohr/default.nix b/modules/nixos/services/lohr/default.nix
index dd4eea8..21aadba 100644
--- a/modules/nixos/services/lohr/default.nix
+++ b/modules/nixos/services/lohr/default.nix
@@ -59,21 +59,6 @@ in
           "LOHR_HOME=${lohrHome}"
           "LOHR_CONFIG="
         ];
-        ExecStartPre = lib.mkIf (cfg.sshKeyFile != null) ''+${
-          pkgs.writeScript "copy-ssh-key" ''
-            #!${pkgs.bash}/bin/bash
-            # Ensure the key is not there
-            mkdir -p '${lohrHome}/.ssh'
-            rm -f '${lohrHome}/.ssh/id_ed25519'
-
-            # Move the key into place
-            cp ${cfg.sshKeyFile} '${lohrHome}/.ssh/id_ed25519'
-
-            # Fix permissions
-            chown -R lohr:lohr '${lohrHome}/.ssh'
-            chmod -R 0700 '${lohrHome}/.ssh'
-          ''
-        }'';
         ExecStart =
           let
             configFile = settingsFormat.generate "lohr-config.yaml" cfg.setting;
@@ -103,5 +88,24 @@ in
         inherit (cfg) port;
       };
     };
+
+    # SSH key provisioning
+    systemd.tmpfiles.settings."10-lohr" = lib.mkIf (cfg.sshKeyFile != null) {
+      "${lohrHome}/.ssh" = {
+        d = {
+          user = "lohr";
+          group = "lohr";
+          mode = "0700";
+        };
+      };
+      "${lohrHome}/.ssh/id_ed25519" = {
+        "f+" = {
+          user = "lohr";
+          group = "lohr";
+          mode = "0700";
+          argument = cfg.sshKeyFile;
+        };
+      };
+    };
   };
 }