]> git.immae.eu Git - perso/Immae/Config/Nix.git/blobdiff - systems/eldiron/tasks/default.nix
projects / perso / Immae / Config / Nix.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Squash changes containing private information
[perso/Immae/Config/Nix.git] / systems / eldiron / tasks / default.nix
diff --git a/modules/private/tasks/default.nix b/systems/eldiron/tasks/default.nix
similarity index 88%
rename from modules/private/tasks/default.nix
rename to systems/eldiron/tasks/default.nix
index 64802550ac73a8e9591a1d76dd414daba66d1715..0772a5fd2727e07194ce80937285f9a8536828a2 100644 (file)
--- a/modules/private/tasks/default.nix
+++ b/systems/eldiron/tasks/default.nix
@@ -1,4 +1,4 @@
-{ lib, pkgs, config,  ... }:
+{ lib, pkgs, config, taskwarrior-web, ... }:
 let
   cfg = config.myServices.tasks;
   server_vardir = config.services.taskserver.dataDir;
@@ -40,7 +40,6 @@ let
     chmod a+x $out/bin/taskserver-user-certs
     patchShebangs $out/bin/taskserver-user-certs
     '';
-  taskwarrior-web = pkgs.webapps.taskwarrior-web;
   socketsDir = "/run/taskwarrior-web";
   varDir = "/var/lib/taskwarrior-web";
   taskwebPages = let
@@ -86,6 +85,31 @@ in {
   };
 
   config = lib.mkIf cfg.enable {
+    myServices.dns.zones."immae.eu".subdomains.task =
+      with config.myServices.dns.helpers; ips servers.eldiron.ips.main;
+
+    myServices.chatonsProperties.services.taskwarrior = {
+      file.datetime = "2022-08-22T00:00:00";
+      service = {
+        name = "Taskwarrior";
+        description = "Taskwarrior is Free and Open Source Software that manages your TODO list from the command line. Web interface and synchronization server";
+        website = "https://task.immae.eu/";
+        logo = "https://taskwarrior.org/favicon.ico";
+        status.level = "OK";
+        status.description = "OK";
+        registration."" = ["MEMBER" "CLIENT"];
+        registration.load = "OPEN";
+        install.type = "PACKAGE";
+      };
+      software = {
+        name = "Taskwarrior";
+        website = "https://taskwarrior.org/";
+        license.url = "https://github.com/GothenburgBitFactory/taskwarrior/blob/develop/LICENSE";
+        license.name = "MIT License";
+        version = taskwarrior-web.version;
+        source.url = "https://taskwarrior.org/download/";
+      };
+    };
     secrets.keys = {
       "webapps/tools-taskwarrior-web" = {
         user = "wwwrun";
@@ -101,19 +125,11 @@ in {
             SetEnv TASKD_LDAP_FILTER   "${env.ldap.filter}"
           '';
       };
-    } // (lib.mapAttrs' (name: userConfig: lib.nameValuePair "webapps/tools-taskwarrior/${name}-taskrc" {
-      inherit user group;
-      permissions = "0400";
-      text = let
+    } // (lib.mapAttrs' (name: userConfig: lib.nameValuePair "webapps/tools-taskwarrior/${name}-taskrc" (
+      let
         credentials = "${userConfig.org}/${name}/${userConfig.key}";
         dateFormat = userConfig.date;
-      in ''
-        data.location=${varDir}/${name}
-        taskd.certificate=${server_vardir}/userkeys/taskwarrior-web.cert.pem
-        taskd.key=${server_vardir}/userkeys/taskwarrior-web.key.pem
-        # IdenTrust DST Root CA X3
-        # obtained here: https://letsencrypt.org/fr/certificates/
-        taskd.ca=${pkgs.writeText "ca.cert" ''
+        cacert = pkgs.writeText "ca.cert" ''
           -----BEGIN CERTIFICATE-----
           MIIFazCCA1OgAwIBAgIRAIIQz7DSQONZRGPgu2OCiwAwDQYJKoZIhvcNAQELBQAw
           TzELMAkGA1UEBhMCVVMxKTAnBgNVBAoTIEludGVybmV0IFNlY3VyaXR5IFJlc2Vh
@@ -144,17 +160,28 @@ in {
           4RgqsahDYVvTH9w7jXbyLeiNdd8XM2w9U/t7y0Ff/9yi0GE44Za4rF2LN9d11TPA
           mRGunUHBcnWEvgJBQl9nJEiU0Zsnvgc/ubhPgXRR4Xq37Z0j4r7g1SgEEzwxA57d
           emyPxgcYxn/eR44/KJ4EBs+lVDR3veyJm+kXQ99b21/+jh5Xos1AnX5iItreGCc=
-          -----END CERTIFICATE-----''}
+          -----END CERTIFICATE-----'';
+      in {
+      inherit user group;
+      permissions = "0400";
+      text = ''
+        data.location=${varDir}/${name}
+        taskd.certificate=${server_vardir}/userkeys/taskwarrior-web.cert.pem
+        taskd.key=${server_vardir}/userkeys/taskwarrior-web.key.pem
+        # IdenTrust DST Root CA X3
+        # obtained here: https://letsencrypt.org/fr/certificates/
+        taskd.ca=${cacert}
         taskd.server=${fqdn}:${toString config.services.taskserver.listenPort}
         taskd.credentials=${credentials}
         dateformat=${dateFormat}
       '';
-    }) env.taskwarrior-web);
+      keyDependencies = [ cacert ];
+    })) env.taskwarrior-web);
+    security.acme.certs.eldiron.extraDomainNames = [ "task.immae.eu" ];
     services.websites.env.tools.watchPaths = [ config.secrets.fullPaths."webapps/tools-taskwarrior-web" ];
     services.websites.env.tools.modules = [ "proxy_fcgi" "sed" ];
     services.websites.env.tools.vhostConfs.task = {
       certName    = "eldiron";
-      addToCerts  = true;
       hosts       = [ "task.immae.eu" ];
       root        = ./www;
       extraConfig = [ ''
@@ -225,17 +252,19 @@ in {
 
           # Needed to avoid clashes in browser cookies (same domain)
           "php_value[session.name]" = "TaskPHPSESSID";
+          "php_admin_value[session.save_handler]" = "redis";
+          "php_admin_value[session.save_path]" = "'unix:///run/redis-php-sessions/redis.sock?persistent=1&prefix=Tools:Task:'";
           "php_admin_value[open_basedir]" = "${./www}:/tmp:${server_vardir}:/etc/profiles/per-user/${user}/bin/";
         };
         phpEnv = {
           PATH = "/etc/profiles/per-user/${user}/bin";
         };
-        phpPackage = pkgs.php72;
+        phpPackage = pkgs.php72.withExtensions({ enabled, all }: enabled ++ [ all.redis ]);
       };
     };
 
-    security.acme.certs."task" = config.myServices.certificates.certConfig // {
-      inherit user group;
+    security.acme.certs."task" = {
+      inherit group;
       domain = fqdn;
       postRun = ''
         systemctl restart taskserver.service
My infrastructure configuration