diff --git a/modules/system/exports/taskchampion.nix b/modules/system/exports/taskchampion.nix new file mode 100644 index 00000000..7175c879 --- /dev/null +++ b/modules/system/exports/taskchampion.nix @@ -0,0 +1,35 @@ +{ + lib, + gensokyo-zone, + ... +}: let + inherit (gensokyo-zone.lib) mkAlmostOptionDefault; + inherit (lib.modules) mkIf; +in { + config.exports.services.taskchampion = {config, ...}: let + mkAssertion = f: nixosConfig: let + cfg = nixosConfig.services.${config.nixos.serviceAttr}; + in + f nixosConfig cfg; + in { + displayName = "TaskChampion"; + nixos = { + serviceAttr = "taskchampion-sync-server"; + assertions = mkIf config.enable [ + (mkAssertion (nixosConfig: cfg: { + assertion = config.ports.default.port == cfg.port; + message = "server-port mismatch"; + })) + ]; + }; + defaults.port.listen = mkAlmostOptionDefault "lan"; + ports.default = { + port = mkAlmostOptionDefault 10222; + protocol = "http"; + status = { + enable = mkAlmostOptionDefault true; + gatus.client.network = mkAlmostOptionDefault "ip4"; + }; + }; + }; +} diff --git a/nixos/taskchampion.nix b/nixos/taskchampion.nix new file mode 100644 index 00000000..89bf45cc --- /dev/null +++ b/nixos/taskchampion.nix @@ -0,0 +1,23 @@ +{ + config, + lib, + ... +}: let + inherit (lib.modules) mkIf mkDefault; + cfg = config.services.taskchampion-sync-server; +in { + services.taskchampion-sync-server = { + enable = mkDefault true; + }; + users = mkIf (cfg.enable && cfg.user == "taskchampion") { + users.taskchampion.uid = 917; + groups.taskchampion.gid = config.users.users.taskchampion.uid; + }; + systemd.services.taskchampion-sync-server = mkIf cfg.enable { + confinement.enable = true; + gensokyo-zone.sharedMounts.taskchampion.path = mkDefault cfg.dataDir; + }; + networking.firewall.interfaces.lan = mkIf cfg.enable { + allowedTCPPorts = [cfg.port]; + }; +} diff --git a/systems/reisen/setup.sh b/systems/reisen/setup.sh index a5134b6d..f3680145 100644 --- a/systems/reisen/setup.sh +++ b/systems/reisen/setup.sh @@ -159,6 +159,7 @@ chmod 1775 /rpool/shared/nix/store chown 100000:100000 /rpool/shared/nix/var mkcache zigbee2mqtt 100317 100317 0700 +mkcache taskchampion 100917 100917 0750 mkcache plex 0 0 0755 if [[ ! -d /rpool/caches/plex/Cache ]]; then mkdir /rpool/caches/plex/Cache @@ -178,6 +179,7 @@ mkshared kanidm 100994 100993 0700 mkshared mosquitto 100246 100246 0700 mkshared plex 100193 100193 0750 mkshared postgresql 100071 100071 0750 +mkshared taskchampion 100917 100917 0750 mkshared unifi 100990 100990 0750 mkshared zigbee2mqtt 100317 100317 0700 mkshared vaultwarden 100915 100915 0750 diff --git a/systems/tei/default.nix b/systems/tei/default.nix index c8dff582..30ba333c 100644 --- a/systems/tei/default.nix +++ b/systems/tei/default.nix @@ -15,6 +15,7 @@ _: { }; cloudflared.enable = true; tailscale.enable = true; + taskchampion.enable = true; home-assistant.enable = true; zigbee2mqtt.enable = true; barcodebuddy.enable = true; diff --git a/systems/tei/lxc.json b/systems/tei/lxc.json index 8276ae55..0107977f 100644 --- a/systems/tei/lxc.json +++ b/systems/tei/lxc.json @@ -1,8 +1,10 @@ { "lxc": { "lxc.mount.entry": [ + "/rpool/caches/taskchampion mnt/caches/taskchampion none bind,optional,create=dir", "/rpool/caches/zigbee2mqtt mnt/caches/zigbee2mqtt none bind,optional,create=dir", "/rpool/shared/zigbee2mqtt mnt/shared/zigbee2mqtt none bind,optional,create=dir", + "/rpool/shared/taskchampion mnt/shared/taskchampion none bind,optional,create=dir", "/rpool/shared/hass mnt/shared/hass none bind,optional,create=dir", "/rpool/shared/grocy mnt/shared/grocy none bind,optional,create=dir", "/rpool/shared/barcodebuddy mnt/shared/barcodebuddy none bind,optional,create=dir", diff --git a/systems/tei/nixos.nix b/systems/tei/nixos.nix index 5b303f8b..6e4de4fe 100644 --- a/systems/tei/nixos.nix +++ b/systems/tei/nixos.nix @@ -25,6 +25,7 @@ in { nixos.zigbee2mqtt nixos.grocy nixos.barcodebuddy + nixos.taskchampion ./cloudflared.nix ];