+
+ system.activationScripts.taskwarrior-web = {
+ deps = [ "users" ];
+ text = ''
+ install -m 0755 -o ${user} -g ${group} -d ${taskwarrior-web.socketsDir}
+ install -m 0750 -o ${user} -g ${group} -d ${taskwarrior-web.varDir}
+ ${builtins.concatStringsSep "\n" (lib.attrsets.mapAttrsToList
+ (k: v: "install -m 0750 -o ${user} -g ${group} -d ${taskwarrior-web.varDir}/${k}")
+ env.taskwarrior-web
+ )}
+ if [ ! -f ${vardir}/userkeys/taskwarrior-web.cert.pem ]; then
+ ${taskserver-user-certs}/bin/taskserver-user-certs taskwarrior-web
+ chown taskd:taskd ${vardir}/userkeys/taskwarrior-web.cert.pem ${vardir}/userkeys/taskwarrior-web.key.pem
+ fi
+ '';
+ };
+
+ systemd.services = (lib.attrsets.mapAttrs' (name: userConfig:
+ let
+ credentials = "${userConfig.org}/${name}/${userConfig.key}";
+ dateFormat = userConfig.date;
+ taskrc = pkgs.writeText "taskrc" ''
+ data.location=${taskwarrior-web.varDir}/${name}
+ taskd.certificate=${vardir}/userkeys/taskwarrior-web.cert.pem
+ taskd.key=${vardir}/userkeys/taskwarrior-web.key.pem
+ taskd.ca=${vardir}/keys/server.cert
+ taskd.server=${fqdn}:${toString config.services.taskserver.listenPort}
+ taskd.credentials=${credentials}
+ dateformat=${dateFormat}
+ '';
+ in lib.attrsets.nameValuePair "taskwarrior-web-${name}" {
+ description = "Taskwarrior webapp for ${name}";
+ wantedBy = [ "multi-user.target" ];
+ after = [ "network.target" ];
+ path = [ pkgs.taskwarrior ];
+
+ environment.TASKRC = taskrc;
+ environment.BUNDLE_PATH = "${taskwarrior-web.gems}/lib/ruby/gems/2.5.0";
+ environment.BUNDLE_GEMFILE = "${taskwarrior-web.gems.confFiles}/Gemfile";
+ environment.LC_ALL = "fr_FR.UTF-8";
+
+ script = ''
+ exec ${taskwarrior-web.gems}/lib/ruby/gems/2.5.0/bin/bundle exec thin start -R config.ru -S ${taskwarrior-web.socketsDir}/${name}.sock
+ '';
+
+ serviceConfig = {
+ User = user;
+ PrivateTmp = true;
+ Restart = "always";
+ TimeoutSec = 60;
+ Type = "simple";
+ WorkingDirectory = taskwarrior-web.rubyRoot;
+ };
+
+ unitConfig.RequiresMountsFor = taskwarrior-web.varDir;
+ }) env.taskwarrior-web) // {
+ taskserver-ca.postStart = ''
+ chown :${group} "${vardir}/keys/ca.key"
+ chmod g+r "${vardir}/keys/ca.key"
+ '';
+ };
+