vikunja

author: Gregor Kleen <gkleen@yggdrasil.li> 2026-01-01 16:08:50 +0100
committer: Gregor Kleen <gkleen@yggdrasil.li> 2026-01-01 16:08:50 +0100
commit: 73ab11f05dbcfdc83f30141ad2daeb72e6ce6760 (patch)
tree: ccc20bcbf722c1df0dd3a3743fea2a61ca32e81d /hosts/vidhar
parent: 6ba7966f10e4a059c4f556f8ac194b279a4be77c (diff)
download: nixos-73ab11f05dbcfdc83f30141ad2daeb72e6ce6760.tar
nixos-73ab11f05dbcfdc83f30141ad2daeb72e6ce6760.tar.gz
nixos-73ab11f05dbcfdc83f30141ad2daeb72e6ce6760.tar.bz2
nixos-73ab11f05dbcfdc83f30141ad2daeb72e6ce6760.tar.xz
nixos-73ab11f05dbcfdc83f30141ad2daeb72e6ce6760.zip
3 files changed, 42 insertions, 1 deletions
diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index c54d57cd..b799ee5f 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -4,7 +4,7 @@ with lib;
 {
  imports = with flake.nixosModules.systemProfiles; [
-    ./zfs.nix ./network ./samba.nix ./dns ./prometheus ./borg ./pgbackrest ./postgresql.nix ./immich.nix ./paperless ./hledger ./audiobookshelf ./kimai ./changedetection-io
+    ./zfs.nix ./network ./samba.nix ./dns ./prometheus ./borg ./pgbackrest ./postgresql.nix ./immich.nix ./paperless ./hledger ./audiobookshelf ./kimai ./changedetection-io ./vikunja
    tmpfs-root zfs
    initrd-all-crypto-modules default-locale openssh rebuild-machines
    build-server
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index 44b6b7a9..5df73e2f 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -99,6 +99,7 @@ table inet filter {
  counter audiobookshelf-rx {}
  counter kimai-rx {}
  counter changedetection-rx {}
+  counter vikunja-rx {}
  counter established-rx {}
@@ -133,6 +134,7 @@ table inet filter {
  counter audiobookshelf-tx {}
  counter kimai-tx {}
  counter changedetection-tx {}
+  counter vikunja-tx {}
  counter tx {}
@@ -220,6 +222,7 @@ table inet filter {
    iifname bifrost tcp dport 5000 ip6 saddr $bifrost_surtr counter name hledger-rx accept
    iifname bifrost tcp dport 28982 ip6 saddr $bifrost_surtr counter name audiobookshelf-rx accept
    iifname bifrost tcp dport 5001 ip6 saddr $bifrost_surtr counter name changedetection-rx accept
+    iifname bifrost tcp dport 3456 ip6 saddr $bifrost_surtr counter name vikunja-rx accept
    ct state { established, related } counter name established-rx accept
@@ -273,6 +276,7 @@ table inet filter {
    iifname bifrost tcp sport 5000 ip6 daddr $bifrost_surtr counter name hledger-tx accept
    iifname bifrost tcp sport 28982 ip6 daddr $bifrost_surtr counter name audiobookshelf-tx accept
    iifname bifrost tcp sport 5001 ip6 daddr $bifrost_surtr counter name changedetection-tx accept
+    iifname bifrost tcp sport 3456 ip6 daddr $bifrost_surtr counter name vikunja-tx accept
    counter name tx
diff --git a/hosts/vidhar/vikunja/default.nix b/hosts/vidhar/vikunja/default.nix
new file mode 100644
index 00000000..a53f7f18
--- /dev/null
+++ b/hosts/vidhar/vikunja/default.nix
@@ -0,0 +1,37 @@
+{ lib, ... }:
+{
+  config = {
+    services.vikunja = {
+      enable = true;
+      frontendScheme = "https";
+      frontendHostname = "vikunja.yggdrasil.li";
+      settings = {
+        service.interface = lib.mkForce "[2a03:4000:52:ada:4:1::]:3456";
+        service.enableregistration = false;
+      };
+      database = {
+        host = "/run/postgresql";
+        type = "postgres";
+      };
+    };
+    services.postgresql = {
+      ensureDatabases = [ "vikunja" ];
+      ensureUsers = [
+        {
+          name = "vikunja";
+          ensureDBOwnership = true;
+          ensureClauses.login = true;
+        }
+      ];
+    };
+    systemd.services.vikunja = {
+      serviceConfig = {
+        User = "vikunja";
+        Group = "vikunja";
+      };
+    };
+  };
+}
author	Gregor Kleen <gkleen@yggdrasil.li>	2026-01-01 16:08:50 +0100
committer	Gregor Kleen <gkleen@yggdrasil.li>	2026-01-01 16:08:50 +0100
commit	73ab11f05dbcfdc83f30141ad2daeb72e6ce6760 (patch)
tree	ccc20bcbf722c1df0dd3a3743fea2a61ca32e81d /hosts/vidhar
parent	6ba7966f10e4a059c4f556f8ac194b279a4be77c (diff)
download	nixos-73ab11f05dbcfdc83f30141ad2daeb72e6ce6760.tar nixos-73ab11f05dbcfdc83f30141ad2daeb72e6ce6760.tar.gz nixos-73ab11f05dbcfdc83f30141ad2daeb72e6ce6760.tar.bz2 nixos-73ab11f05dbcfdc83f30141ad2daeb72e6ce6760.tar.xz nixos-73ab11f05dbcfdc83f30141ad2daeb72e6ce6760.zip

diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix index c54d57cd..b799ee5f 100644 --- a/hosts/vidhar/default.nix +++ b/hosts/vidhar/default.nix
@@ -4,7 +4,7 @@ with lib;
4		4
5	{	5	{
6	imports = with flake.nixosModules.systemProfiles; [	6	imports = with flake.nixosModules.systemProfiles; [
7	./zfs.nix ./network ./samba.nix ./dns ./prometheus ./borg ./pgbackrest ./postgresql.nix ./immich.nix ./paperless ./hledger ./audiobookshelf ./kimai ./changedetection-io	7	./zfs.nix ./network ./samba.nix ./dns ./prometheus ./borg ./pgbackrest ./postgresql.nix ./immich.nix ./paperless ./hledger ./audiobookshelf ./kimai ./changedetection-io ./vikunja
8	tmpfs-root zfs	8	tmpfs-root zfs
9	initrd-all-crypto-modules default-locale openssh rebuild-machines	9	initrd-all-crypto-modules default-locale openssh rebuild-machines
10	build-server	10	build-server


diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft index 44b6b7a9..5df73e2f 100644 --- a/hosts/vidhar/network/ruleset.nft +++ b/hosts/vidhar/network/ruleset.nft
@@ -99,6 +99,7 @@ table inet filter {
99	counter audiobookshelf-rx {}	99	counter audiobookshelf-rx {}
100	counter kimai-rx {}	100	counter kimai-rx {}
101	counter changedetection-rx {}	101	counter changedetection-rx {}
		102	counter vikunja-rx {}
102		103
103	counter established-rx {}	104	counter established-rx {}
104		105
@@ -133,6 +134,7 @@ table inet filter {
133	counter audiobookshelf-tx {}	134	counter audiobookshelf-tx {}
134	counter kimai-tx {}	135	counter kimai-tx {}
135	counter changedetection-tx {}	136	counter changedetection-tx {}
		137	counter vikunja-tx {}
136		138
137	counter tx {}	139	counter tx {}
138		140
@@ -220,6 +222,7 @@ table inet filter {
220	iifname bifrost tcp dport 5000 ip6 saddr $bifrost_surtr counter name hledger-rx accept	222	iifname bifrost tcp dport 5000 ip6 saddr $bifrost_surtr counter name hledger-rx accept
221	iifname bifrost tcp dport 28982 ip6 saddr $bifrost_surtr counter name audiobookshelf-rx accept	223	iifname bifrost tcp dport 28982 ip6 saddr $bifrost_surtr counter name audiobookshelf-rx accept
222	iifname bifrost tcp dport 5001 ip6 saddr $bifrost_surtr counter name changedetection-rx accept	224	iifname bifrost tcp dport 5001 ip6 saddr $bifrost_surtr counter name changedetection-rx accept
		225	iifname bifrost tcp dport 3456 ip6 saddr $bifrost_surtr counter name vikunja-rx accept
223		226
224	ct state { established, related } counter name established-rx accept	227	ct state { established, related } counter name established-rx accept
225		228
@@ -273,6 +276,7 @@ table inet filter {
273	iifname bifrost tcp sport 5000 ip6 daddr $bifrost_surtr counter name hledger-tx accept	276	iifname bifrost tcp sport 5000 ip6 daddr $bifrost_surtr counter name hledger-tx accept
274	iifname bifrost tcp sport 28982 ip6 daddr $bifrost_surtr counter name audiobookshelf-tx accept	277	iifname bifrost tcp sport 28982 ip6 daddr $bifrost_surtr counter name audiobookshelf-tx accept
275	iifname bifrost tcp sport 5001 ip6 daddr $bifrost_surtr counter name changedetection-tx accept	278	iifname bifrost tcp sport 5001 ip6 daddr $bifrost_surtr counter name changedetection-tx accept
		279	iifname bifrost tcp sport 3456 ip6 daddr $bifrost_surtr counter name vikunja-tx accept
276		280
277		281
278	counter name tx	282	counter name tx


diff --git a/hosts/vidhar/vikunja/default.nix b/hosts/vidhar/vikunja/default.nix new file mode 100644 index 00000000..a53f7f18 --- /dev/null +++ b/hosts/vidhar/vikunja/default.nix
@@ -0,0 +1,37 @@
		1	{ lib, ... }:
		2
		3	{
		4	config = {
		5	services.vikunja = {
		6	enable = true;
		7	frontendScheme = "https";
		8	frontendHostname = "vikunja.yggdrasil.li";
		9	settings = {
		10	service.interface = lib.mkForce "[2a03:4000:52:ada:4:1::]:3456";
		11	service.enableregistration = false;
		12	};
		13	database = {
		14	host = "/run/postgresql";
		15	type = "postgres";
		16	};
		17	};
		18
		19	services.postgresql = {
		20	ensureDatabases = [ "vikunja" ];
		21	ensureUsers = [
		22	{
		23	name = "vikunja";
		24	ensureDBOwnership = true;
		25	ensureClauses.login = true;
		26	}
		27	];
		28	};
		29
		30	systemd.services.vikunja = {
		31	serviceConfig = {
		32	User = "vikunja";
		33	Group = "vikunja";
		34	};
		35	};
		36	};
		37	}