services.vikunja: init

2026-01-12 04:39:23 +08:00 · 2024-02-17 22:21:07 +08:00
parent fd4e8ebdff
commit 61b3df7c82
5 changed files with 52 additions and 3 deletions
--- a/devices/vps6/default.nix
+++ b/devices/vps6/default.nix
@@ -53,7 +53,7 @@ inputs:
            (site: { name = "${site}.chn.moe"; value.upstream.address = "wireguard.vps7.chn.moe"; })
            [
              "xn--s8w913fdga" "misskey" "synapse" "syncv3.synapse" "matrix" "syncv3.matrix"
-              "send" "kkmeeting" "api" "git" "grafana"
+              "send" "kkmeeting" "api" "git" "grafana" "vikunja"
            ]));
          applications =
          {
--- a/devices/vps7/default.nix
+++ b/devices/vps7/default.nix
@@ -72,6 +72,7 @@ inputs:
          wireguardIp = "192.168.83.2";
          listenIp = "95.111.228.40";
        };
+        vikunja.enable = true;
      };
    };
  };
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -41,6 +41,7 @@ inputs:
    ./wireguard.nix
    ./akkoma.nix
    ./gamemode.nix
+    ./vikunja.nix
  ];
  options.nixos.services = let inherit (inputs.lib) mkOption types; in
  {
--- a/modules/services/vikunja.nix
+++ b/modules/services/vikunja.nix
@@ -0,0 +1,44 @@
+inputs:
+{
+  options.nixos.services.vikunja = let inherit (inputs.lib) mkOption types; in
+  {
+    enable = mkOption { type = types.bool; default = false; };
+    autoStart = mkOption { type = types.bool; default = true; };
+    port = mkOption { type = types.ints.unsigned; default = 3456; };
+    hostname = mkOption { type = types.nonEmptyStr; default = "vikunja.chn.moe"; };
+  };
+  config = let inherit (inputs.config.nixos.services) vikunja; in inputs.lib.mkIf vikunja.enable
+  {
+    services.vikunja =
+    {
+      enable = true;
+      environmentFiles = [ inputs.config.sops.templates."vikunja.env".path ];
+      settings =
+      {
+        service.timezone = "Asia/Shanghai";
+        mailer = { enable = true; host = "mail.chn.moe"; username = "bot@chn.moe"; fromemail = "bot@chn.moe"; };
+        defaultsettings.discoverable_by_email = true;
+      };
+      inherit (vikunja) port;
+      frontendScheme = "https";
+      frontendHostname = vikunja.hostname;
+      database.type = "postgres";
+    };
+    sops =
+    {
+      templates."vikunja.env".content = let placeholder = inputs.config.sops.placeholder; in
+      ''
+        VIKUNJA_SERVICE_JWTSECRET=${placeholder."vikunja/jwtsecret"}
+        VIKUNJA_DATABASE_PASSWORD=${placeholder."postgresql/vikunja"}
+        VIKUNJA_MAILER_PASSWORD=${placeholder."mail/bot"}
+      '';
+      secrets = { "vikunja/jwtsecret" = {}; "mail/bot" = {}; };
+    };
+    systemd.services.vikunja-api.enable = vikunja.autoStart;
+    nixos.services =
+    {
+      postgresql = { enable = true; instances.vikunja = {}; };
+      nginx = { enable = true; https.${vikunja.hostname}.global.configName = vikunja.hostname; };
+    };
+  };
+}
--- a/secrets/vps7/default.yaml
+++ b/secrets/vps7/default.yaml
@@ -27,6 +27,7 @@ postgresql:
    grafana: ENC[AES256_GCM,data:ZLtDIZ3oKasE4r1WNllNe/rkXxqRS+QAJI7EGPKhiFF1BtAxD46UpGQnUag3yg0gP/8+3COQs6camVSxcKFL1A==,iv:wMj3keVjNpVwNMwlt4E3ds1EYjLNIZ/S3RydhOlmYWU=,tag:ZRn7NWaUPbf2rHYLoLYw+w==,type:str]
    akkoma: ENC[AES256_GCM,data:6piRt7BbMBLVGdot+VyoJN3/S8DoPNTYHFh/1coHSLNmiA6kU/6sca4Bts1Up/Vu164oTsFAr1JsKx6tzNzAPg==,iv:qplA1GXHwzVrmjm7eagCk3PFa7DRdwaf+p7N1HLb6mw=,tag:W6WedSK3R1IgZVo/0Hr9vA==,type:str]
    synapse_matrix: ENC[AES256_GCM,data:5j+TYJ3vYUqu6CdRDYAT558DsTWbX4Rh+HuukPog5HGXlhneL3RnxVeGBR9CV1rlCP1NY99Nm8roBG+BcyPYHQ==,iv:CboB6lzqxAE/8ZlzaTU3bxw94N6OAhrq8pZ0AfxQiUc=,tag:z6cM3ufgbMn5n5PzgqdRjw==,type:str]
+    vikunja: ENC[AES256_GCM,data:syb4NYBxL3DdmZmcC+em0klmm6bkkIL/DH/gnzShYRiaezRFskT+yay9govn++SpbuvkoCJq/GYAFxNL+hcVtw==,iv:TQUgdzYQ0gqsAmux9v3BAQFNzHnCTZ+X/OC0b9Bfya8=,tag:b1AsiAW5XzA3DzGdf8J03g==,type:str]
 meilisearch:
    misskey-misskey: ENC[AES256_GCM,data:4s+qqd6mmstioC0XmG/vA6ED9mzu1vRJVPFFalRiqnnsFy0dYEU87H+y12eOp/KDSLdTNvpp6Z6jCNvxnpDXzQ==,iv:x6L9OPu/dwVsD9pYb4dqavw9NesMbo7LB+rwz6veAR4=,tag:/BBqV2sHIgPas7XsZydh2g==,type:str]
 rsshub:
@@ -105,6 +106,8 @@ grafana:
    chn: ENC[AES256_GCM,data:0bbjggWS1MdcUIQiQyPlBTULm+faKDpJbmZmV6vSw8k=,iv:am65WQzUE+AvQrQV+NSF5u6RCWn7EetyPsdy4Cuvyyw=,tag:lxNUM1cIYVSXVgwEnS1Hdw==,type:str]
 wireguard:
    privateKey: ENC[AES256_GCM,data:TS+toaJRgAvC78XVwTciXe2IG8++vaqXVCi/u/8Aej6qq1B9Cb6f20cp5K0=,iv:T/NkLvcYiWzIDG3jWtuhe/sH2GT4z5f0xdUGbSL901I=,tag:qN7YokFBj3Kbbx4ijHTRnw==,type:str]
+vikunja:
+    jwtsecret: ENC[AES256_GCM,data:p6e22qPJzTGB21oWhSr8AA4bfrele9ZOHVtZ8BHgX21IhoKdm58coGtSX1CGXR7J6+1/74RdLY9K88nGrM1F1w==,iv:DGUO8rhf7Lg9dTqSmzlR/Jd2K4oUjO8w9E5bihwsykI=,tag:SpX6UI0QIju/tC1fIL9CCg==,type:str]
 sops:
    kms: []
    gcp_kms: []
@@ -129,8 +132,8 @@ sops:
            SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy
            HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-20T06:27:19Z"
-    mac: ENC[AES256_GCM,data:i7AN+Sd4C61GSzT409mYd6D2tQzDyONIUsto52b1mV8hIJ4Q/U9VT5wumRjm4dGUWqrq9oFdD0/iUL1CmEdasBN7VFwNEpSYl6yhzU7zX3Re3N/0mffeW0Fx/38LdvywusJAHC9yWvsNMblKDnYxGm/UI2W/7QRMDyr8jnU6La0=,iv:Ua+K1m27GkkrUn+wcylkwrdWnq1yzFG1NMVzYAiW/6k=,tag:Gqqk5zOU3Ax2Al5CvXEV7g==,type:str]
+    lastmodified: "2024-02-17T14:13:10Z"
+    mac: ENC[AES256_GCM,data:zHSDJx6v1POGNcqH6/kBnFCSVmtQqK/+IarTdRJyKO7humRWNxfzORmFbu7cHpkwHLc1fTXFTWjOgzERL2To6w89U3elSGMadIbk5wSu/45Zjd+sqNiO+74teZxYskD371MXsz69OzXhnjOAgQBtK8+JC+H6gM5S5xErBg+Oqr4=,iv:ViETycX10iIkFXb5HCoBwsfM7+vhmI3zkdhvSbrEIaM=,tag:a6TdA/hR1cyDivXpBFJu3A==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1