fricloud/server-configs
2
0
Fork 0
Code Issues 4 Pull requests Projects Releases Packages Wiki Activity Actions

adds vikunja

Browse source
This commit is contained in:
eyjhb 2025-04-19 19:45:08 +02:00
parent 7099f0b01e
commit ec0f386ab5
Signed by: eyjhb
GPG key ID: 609F508E3239F920
5 changed files with 132 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

1
machines/gerd.nix
View file

@ -30,6 +30,7 @@
./gerd/services/notify ./gerd/services/notify
./gerd/services/drasl.nix ./gerd/services/drasl.nix
./gerd/services/drtvrss.nix ./gerd/services/drtvrss.nix
./gerd/services/vikunja.nix
./gerd/services/monitoring ./gerd/services/monitoring
]; ];

125
machines/gerd/services/vikunja.nix Normal file
View file

@ -0,0 +1,125 @@
{ config, pkgs, lib, ... }:
let
svc_domain = "vikunja.${config.mine.shared.settings.domain}";
vikunjaOIDCName = "authelia";
in {
services.vikunja = {
enable = true;
package = pkgs.vikunja.overrideAttrs (old: {
# src = lib.cleanSource /tmp/vikunja;
patches = (old.patches or []) ++ [
(pkgs.writeText "vikunja-clientsecret-envvar.patch" ''
diff --git a/pkg/modules/auth/openid/providers.go b/pkg/modules/auth/openid/providers.go
index 5e14c1b31..d9a5215c1 100644
--- a/pkg/modules/auth/openid/providers.go
+++ b/pkg/modules/auth/openid/providers.go
@@ -17,6 +17,8 @@
package openid
import (
+ "fmt"
+ "os"
"regexp"
"strconv"
"strings"
@@ -139,6 +141,10 @@ func getProviderFromMap(pi map[string]interface{}) (provider *Provider, err erro
Scope: scope,
}
+ if clientSecret, ok := os.LookupEnv(fmt.Sprintf("VIKUNJA_AUTH_OPENID_PROVIDERS_%s_CLIENTSECRET", strings.ToUpper(provider.Name))); ok {
+ provider.ClientSecret = clientSecret
+ }
+
cl, is := pi["clientid"].(int)
if is {
provider.ClientID = strconv.Itoa(cl)
'')
];
});
frontendScheme = "https";
frontendHostname = svc_domain;
database = {
type = "postgres";
host = "/run/postgresql";
};
environmentFiles = [
config.age.secrets.vikunja-env.path
];
settings = {
service.enableregistration = false;
auth.local.enabled = false;
auth.openid = {
enabled = true;
providers = [{
key = "authelia";
name = vikunjaOIDCName;
clientid = "vikunja";
authurl = "https://${config.mine.shared.settings.authelia.domain}";
clientsecret = "not-used-but-needs-to-be-set";
}];
};
};
};
# setup for oidc
services.authelia.instances.main.settings.identity_providers.oidc.clients = [{
client_id = "vikunja";
client_name = "Vikunja";
client_secret = "$pbkdf2-sha512$310000$GjslCZ8GAperXUFzmFGslA$QsQHK.HbuvMIiH5Q2vnM1cYR5N.yNjc6RDNU0RBnqVpJjySvjZBQa1dteceTNtvgQz7hXPlnSpRzKTGYj/k.Hw";
consent_mode = "implicit";
redirect_uris = [ "https://${svc_domain}/auth/openid/${vikunjaOIDCName}" ];
scopes = [
"openid"
"profile"
"email"
];
}];
# persistence
environment.persistence.root.directories = [
{ directory = "/var/lib/private/vikunja"; mode = "0700"; }
];
# setup postgresql
services.postgresql = let
user = config.services.vikunja.database.user;
in {
ensureDatabases = [ user ];
ensureUsers = [{
name = user;
ensureDBOwnership = true;
}];
};
# nginx
services.nginx.virtualHosts."${svc_domain}" = {
forceSSL = true;
enableACME = true;
locations."/".proxyPass = "http://localhost:${builtins.toString config.services.vikunja.port}";
};
# meta
mine.shared.meta.vikunja = rec {
name = "Vikunja";
description = ''
The to-do app to organize your life.
'';
url = "https://${svc_domain}";
package = let
pkg = config.services.vikunja.package;
in {
name = pkg.pname;
version = pkg.version;
meta = pkg.meta;
};
};
}

3
secrets/default.nix
View file

@ -69,6 +69,9 @@
# drasl # drasl
drasl-env.file = ./drasl/env.age; drasl-env.file = ./drasl/env.age;
# vikunja
vikunja-env.file = ./vikunja/env.age;
}; };
users.groups.secrets-lldap-bind-user-pass = {}; users.groups.secrets-lldap-bind-user-pass = {};

3
secrets/secrets.nix
View file

@ -79,4 +79,7 @@ in
# drasl # drasl
"drasl/env.age".publicKeys = defaultAccess; "drasl/env.age".publicKeys = defaultAccess;
# vikunja
"vikunja/env.age".publicKeys = defaultAccess;
} }

BIN
secrets/vikunja/env.age Normal file
View file

Binary file not shown.