feat(taskchampion): sync service

modules/system/exports/taskchampion.nix

@@ -0,0 +1,35 @@
+{
+  lib,
+  gensokyo-zone,
+  ...
+}: let
+  inherit (gensokyo-zone.lib) mkAlmostOptionDefault;
+  inherit (lib.modules) mkIf;
+in {
+  config.exports.services.taskchampion = {config, ...}: let
+    mkAssertion = f: nixosConfig: let
+      cfg = nixosConfig.services.${config.nixos.serviceAttr};
+    in
+      f nixosConfig cfg;
+  in {
+    displayName = "TaskChampion";
+    nixos = {
+      serviceAttr = "taskchampion-sync-server";
+      assertions = mkIf config.enable [
+        (mkAssertion (nixosConfig: cfg: {
+          assertion = config.ports.default.port == cfg.port;
+          message = "server-port mismatch";
+        }))
+      ];
+    };
+    defaults.port.listen = mkAlmostOptionDefault "lan";
+    ports.default = {
+      port = mkAlmostOptionDefault 10222;
+      protocol = "http";
+      status = {
+        enable = mkAlmostOptionDefault true;
+        gatus.client.network = mkAlmostOptionDefault "ip4";
+      };
+    };
+  };
+}

nixos/taskchampion.nix

@@ -0,0 +1,23 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  inherit (lib.modules) mkIf mkDefault;
+  cfg = config.services.taskchampion-sync-server;
+in {
+  services.taskchampion-sync-server = {
+    enable = mkDefault true;
+  };
+  users = mkIf (cfg.enable && cfg.user == "taskchampion") {
+    users.taskchampion.uid = 917;
+    groups.taskchampion.gid = config.users.users.taskchampion.uid;
+  };
+  systemd.services.taskchampion-sync-server = mkIf cfg.enable {
+    confinement.enable = true;
+    gensokyo-zone.sharedMounts.taskchampion.path = mkDefault cfg.dataDir;
+  };
+  networking.firewall.interfaces.lan = mkIf cfg.enable {
+    allowedTCPPorts = [cfg.port];
+  };
+}

systems/reisen/setup.sh

@@ -159,6 +159,7 @@ chmod 1775 /rpool/shared/nix/store
 chown 100000:100000 /rpool/shared/nix/var
 
 mkcache zigbee2mqtt 100317 100317 0700
+mkcache taskchampion 100917 100917 0750
 mkcache plex 0 0 0755
 if [[ ! -d /rpool/caches/plex/Cache ]]; then
 	mkdir /rpool/caches/plex/Cache
@@ -178,6 +179,7 @@ mkshared kanidm 100994 100993 0700
 mkshared mosquitto 100246 100246 0700
 mkshared plex 100193 100193 0750
 mkshared postgresql 100071 100071 0750
+mkshared taskchampion 100917 100917 0750
 mkshared unifi 100990 100990 0750
 mkshared zigbee2mqtt 100317 100317 0700
 mkshared vaultwarden 100915 100915 0750

systems/tei/default.nix

@@ -15,6 +15,7 @@ _: {
       };
       cloudflared.enable = true;
       tailscale.enable = true;
+      taskchampion.enable = true;
       home-assistant.enable = true;
       zigbee2mqtt.enable = true;
       barcodebuddy.enable = true;

systems/tei/lxc.json

@@ -1,8 +1,10 @@
 {
 	"lxc": {
 		"lxc.mount.entry": [
+			"/rpool/caches/taskchampion mnt/caches/taskchampion none bind,optional,create=dir",
 			"/rpool/caches/zigbee2mqtt mnt/caches/zigbee2mqtt none bind,optional,create=dir",
 			"/rpool/shared/zigbee2mqtt mnt/shared/zigbee2mqtt none bind,optional,create=dir",
+			"/rpool/shared/taskchampion mnt/shared/taskchampion none bind,optional,create=dir",
 			"/rpool/shared/hass mnt/shared/hass none bind,optional,create=dir",
 			"/rpool/shared/grocy mnt/shared/grocy none bind,optional,create=dir",
 			"/rpool/shared/barcodebuddy mnt/shared/barcodebuddy none bind,optional,create=dir",

systems/tei/nixos.nix

@@ -25,6 +25,7 @@ in {
     nixos.zigbee2mqtt
     nixos.grocy
     nixos.barcodebuddy
+    nixos.taskchampion
     ./cloudflared.nix
   ];