tsuki/taskserver: (unfinished) start setting up taskserver and taskwarrior

2023-07-12 23:40:58 +02:00 · 2023-07-12 23:40:58 +02:00 · 1f5832074b
parent 6c2bd3f2d5
commit 1f5832074b
2 changed files with 36 additions and 0 deletions
--- a/hosts/tsuki/configuration.nix
+++ b/hosts/tsuki/configuration.nix
@ -24,6 +24,7 @@
    ./services/pgadmin.nix
    ./services/plex.nix
    ./services/postgres.nix
+    ./services/taskserver.nix
    ./services/vaultwarden.nix
    ./services/vscode-server.nix

--- a/hosts/tsuki/services/taskserver.nix
+++ b/hosts/tsuki/services/taskserver.nix
@ -0,0 +1,35 @@
+{ pkgs, config, secrets, ... }:
+{
+  security.acme.certs."tasks.nani.wtf" = {
+    group = config.services.taskserver.group;
+  };
+
+  systemd.services.taskserver.serviceConfig = {
+    ReadOnlyPaths = config.security.acme.certs."tasks.nani.wtf".directory;
+  };
+
+  services.taskserver = {
+    enable = true;
+    fqdn = "todo.nani.wtf";
+    listenPort = secrets.ports.taskserver;
+    dataDir = "${config.machineVars.dataDrives.default}/var/taskserver";
+
+    organisations.h7x4 = {
+      groups = [ "users" ];
+      users = [ "h7x4" ];
+    };
+
+    pki.manual = let
+      inherit (config.security.acme.certs."tasks.nani.wtf") directory;
+    in {
+      server.key = "${directory}/key.pem";
+      server.cert = "${directory}/cert.pem";
+      ca.cert = "${directory}/chain.pem";
+    };
+  };
+
+  environment = {
+    systemPackages = with pkgs; [ taskserver ];
+    variables.TASKDDATA = config.services.taskserver.dataDir;
+  };
+}