mirror of
https://github.com/gensokyo-zone/infrastructure.git
synced 2026-02-09 20:39:18 -08:00
105 lines
2.5 KiB
Nix
105 lines
2.5 KiB
Nix
{ config, pkgs, lib, tf, ... }: with lib;
|
|
|
|
let
|
|
settings = {
|
|
database = {
|
|
inherit (config.services.vikunja.database) type host user database path;
|
|
};
|
|
service = {
|
|
frontendurl = "${config.services.vikunja.frontendScheme}://${config.services.vikunja.frontendHostname}/";
|
|
JWTSecret = tf.variables.vikunja-jwt.ref;
|
|
timezone = "Europe/London";
|
|
};
|
|
mailer = {
|
|
enabled = true;
|
|
host = "daiyousei.kittywit.ch";
|
|
port = 465;
|
|
forcessl = true;
|
|
username = "vikunja@kittywit.ch";
|
|
password = tf.variables.vikunja-email.ref;
|
|
fromemail = "vikunja@kittywit.ch";
|
|
};
|
|
files = {
|
|
basepath = "/var/lib/vikunja/files";
|
|
};
|
|
log.http = "off";
|
|
auth = {
|
|
local = {
|
|
enabled = false;
|
|
};
|
|
openid = {
|
|
enabled = true;
|
|
providers = [{
|
|
name = "keycloak";
|
|
authurl = "https://auth.kittywit.ch/auth/realms/kittywitch";
|
|
clientid = "vikunja";
|
|
clientsecret = tf.variables.vikunja-secret.ref;
|
|
}];
|
|
};
|
|
};
|
|
};
|
|
in {
|
|
|
|
kw.secrets.variables = (mapListToAttrs
|
|
(field:
|
|
nameValuePair "vikunja-${field}" {
|
|
path = "secrets/vikunja";
|
|
inherit field;
|
|
}) [ "secret" "email" "jwt" ]);
|
|
|
|
secrets.files.vikunja-config = {
|
|
text = builtins.toJSON settings;
|
|
owner = "vikunja";
|
|
group = "vikunja";
|
|
};
|
|
|
|
deploy.tf.dns.records.services_vikunja = {
|
|
inherit (config.network.dns) zone;
|
|
domain = "todo";
|
|
cname = { inherit (config.network.addresses.public) target; };
|
|
};
|
|
|
|
environment.etc."vikunja/config.yaml".source = mkForce config.secrets.files.vikunja-config.path;
|
|
|
|
services.vikunja = {
|
|
enable = true;
|
|
frontendScheme = "https";
|
|
frontendHostname = "todo.${config.network.dns.domain}";
|
|
database = {
|
|
type = "postgres";
|
|
user = "vikunja";
|
|
database = "vikunja";
|
|
host = "/run/postgresql";
|
|
};
|
|
};
|
|
services.nginx.virtualHosts."${config.services.vikunja.frontendHostname}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
};
|
|
|
|
services.postgresql = {
|
|
ensureDatabases = [ "vikunja" ];
|
|
ensureUsers = [
|
|
{ name = "vikunja";
|
|
ensurePermissions = { "DATABASE vikunja" = "ALL PRIVILEGES"; };
|
|
}
|
|
];
|
|
};
|
|
|
|
systemd.services.vikunja-api = {
|
|
serviceConfig = {
|
|
DynamicUser = lib.mkForce false;
|
|
User = "vikunja";
|
|
Group = "vikunja";
|
|
};
|
|
};
|
|
|
|
users.users.vikunja = {
|
|
description = "Vikunja Service";
|
|
createHome = false;
|
|
group = "vikunja";
|
|
isSystemUser = true;
|
|
};
|
|
|
|
users.groups.vikunja = {};
|
|
}
|