{ lib, pkgs, config, taskwarrior-web, ... }: let cfg = config.myServices.tasks; server_vardir = config.services.taskserver.dataDir; fqdn = "task.immae.eu"; user = config.services.taskserver.user; env = config.myEnv.tools.task; group = config.services.taskserver.group; taskserver-user-certs = pkgs.runCommand "taskserver-user-certs" {} '' mkdir -p $out/bin cat > $out/bin/taskserver-user-certs <<"EOF" #!/usr/bin/env bash user=$1 silent_certtool() { if ! output="$("${pkgs.gnutls.bin}/bin/certtool" "$@" 2>&1)"; then echo "GNUTLS certtool invocation failed with output:" >&2 echo "$output" >&2 fi } silent_certtool -p \ --bits 4096 \ --outfile "${server_vardir}/userkeys/$user.key.pem" ${pkgs.gnused}/bin/sed -i -n -e '/^-----BEGIN RSA PRIVATE KEY-----$/,$p' "${server_vardir}/userkeys/$user.key.pem" silent_certtool -c \ --template "${pkgs.writeText "taskserver-ca.template" '' tls_www_client encryption_key signing_key expiration_days = 3650 ''}" \ --load-ca-certificate "${server_vardir}/keys/ca.cert" \ --load-ca-privkey "${server_vardir}/keys/ca.key" \ --load-privkey "${server_vardir}/userkeys/$user.key.pem" \ --outfile "${server_vardir}/userkeys/$user.cert.pem" EOF chmod a+x $out/bin/taskserver-user-certs patchShebangs $out/bin/taskserver-user-certs ''; socketsDir = "/run/taskwarrior-web"; varDir = "/var/lib/taskwarrior-web"; taskwebPages = let uidPages = lib.attrsets.zipAttrs ( lib.lists.flatten (lib.attrsets.mapAttrsToList (k: c: map (v: { "${v}" = k; }) c.uid) env.taskwarrior-web) ); pages = lib.attrsets.mapAttrs (uid: items: if lib.lists.length items == 1 then ''
'' else ''