-{ lib, pkgs, config, ... }:
+{ lib, pkgs, config, taskwarrior-web, ... }:
let
cfg = config.myServices.tasks;
server_vardir = config.services.taskserver.dataDir;
chmod a+x $out/bin/taskserver-user-certs
patchShebangs $out/bin/taskserver-user-certs
'';
- taskwarrior-web = pkgs.webapps.taskwarrior-web;
socketsDir = "/run/taskwarrior-web";
varDir = "/var/lib/taskwarrior-web";
taskwebPages = let
};
config = lib.mkIf cfg.enable {
+ myServices.dns.zones."immae.eu".subdomains.task =
+ with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
+
+ myServices.chatonsProperties.services.taskwarrior = {
+ file.datetime = "2022-08-22T00:00:00";
+ service = {
+ name = "Taskwarrior";
+ description = "Taskwarrior is Free and Open Source Software that manages your TODO list from the command line. Web interface and synchronization server";
+ website = "https://task.immae.eu/";
+ logo = "https://taskwarrior.org/favicon.ico";
+ status.level = "OK";
+ status.description = "OK";
+ registration."" = ["MEMBER" "CLIENT"];
+ registration.load = "OPEN";
+ install.type = "PACKAGE";
+ };
+ software = {
+ name = "Taskwarrior";
+ website = "https://taskwarrior.org/";
+ license.url = "https://github.com/GothenburgBitFactory/taskwarrior/blob/develop/LICENSE";
+ license.name = "MIT License";
+ version = taskwarrior-web.version;
+ source.url = "https://taskwarrior.org/download/";
+ };
+ };
secrets.keys = {
"webapps/tools-taskwarrior-web" = {
user = "wwwrun";
SetEnv TASKD_LDAP_FILTER "${env.ldap.filter}"
'';
};
- } // (lib.mapAttrs' (name: userConfig: lib.nameValuePair "webapps/tools-taskwarrior/${name}-taskrc" {
- inherit user group;
- permissions = "0400";
- text = let
+ } // (lib.mapAttrs' (name: userConfig: lib.nameValuePair "webapps/tools-taskwarrior/${name}-taskrc" (
+ let
credentials = "${userConfig.org}/${name}/${userConfig.key}";
dateFormat = userConfig.date;
- in ''
- data.location=${varDir}/${name}
- taskd.certificate=${server_vardir}/userkeys/taskwarrior-web.cert.pem
- taskd.key=${server_vardir}/userkeys/taskwarrior-web.key.pem
- # IdenTrust DST Root CA X3
- # obtained here: https://letsencrypt.org/fr/certificates/
- taskd.ca=${pkgs.writeText "ca.cert" ''
+ cacert = pkgs.writeText "ca.cert" ''
-----BEGIN CERTIFICATE-----
MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
- -----END CERTIFICATE-----''}
+ -----END CERTIFICATE-----'';
+ in {
+ inherit user group;
+ permissions = "0400";
+ text = ''
+ data.location=${varDir}/${name}
+ taskd.certificate=${server_vardir}/userkeys/taskwarrior-web.cert.pem
+ taskd.key=${server_vardir}/userkeys/taskwarrior-web.key.pem
+ # IdenTrust DST Root CA X3
+ # obtained here: https://letsencrypt.org/fr/certificates/
+ taskd.ca=${cacert}
taskd.server=${fqdn}:${toString config.services.taskserver.listenPort}
taskd.credentials=${credentials}
dateformat=${dateFormat}
'';
- }) env.taskwarrior-web);
+ keyDependencies = [ cacert ];
+ })) env.taskwarrior-web);
+ security.acme.certs.eldiron.extraDomainNames = [ "task.immae.eu" ];
services.websites.env.tools.watchPaths = [ config.secrets.fullPaths."webapps/tools-taskwarrior-web" ];
services.websites.env.tools.modules = [ "proxy_fcgi" "sed" ];
services.websites.env.tools.vhostConfs.task = {
certName = "eldiron";
- addToCerts = true;
hosts = [ "task.immae.eu" ];
root = ./www;
extraConfig = [ ''
# Needed to avoid clashes in browser cookies (same domain)
"php_value[session.name]" = "TaskPHPSESSID";
+ "php_admin_value[session.save_handler]" = "redis";
+ "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Task:'";
"php_admin_value[open_basedir]" = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/";
};
phpEnv = {
PATH = "/etc/profiles/per-user/${user}/bin";
};
- phpPackage = pkgs.php72;
+ phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
};
};
- security.acme.certs."task" = config.myServices.certificates.certConfig // {
- inherit user group;
+ security.acme.certs."task" = {
+ inherit group;
domain = fqdn;
postRun = ''
systemctl restart taskserver.service