2 files changed, 41 insertions, 3 deletions
diff --git a/hosts/vidhar/vikunja/default.nix b/hosts/vidhar/vikunja/default.nix
index a53f7f18..aa3b368f 100644
--- a/hosts/vidhar/vikunja/default.nix
+++ b/hosts/vidhar/vikunja/default.nix
@@ -1,4 +1,4 @@
-{ lib, ... }:
+{ config, lib, ... }:
 {
  config = {
@@ -7,13 +7,33 @@
      frontendScheme = "https";
      frontendHostname = "vikunja.yggdrasil.li";
      settings = {
-        service.interface = lib.mkForce "[2a03:4000:52:ada:4:1::]:3456";
+        service = {
-        service.enableregistration = false;
+          interface = lib.mkForce "[2a03:4000:52:ada:4:1::]:3456";
+          enableregistration = false;
+          publicurl = with config.services.vikunja; "${frontendScheme}://${frontendHostname}/";
+        };
+        mailer = {
+          enabled = true;
+          host = "mailsub.bouncy.email";
+          port = 466;
+          username = "vikunja";
+          fromemail = "vikunja@bouncy.email";
+          forcessl = true;
+        };
      };
      database = {
        host = "/run/postgresql";
        type = "postgres";
      };
+      environmentFiles = [
+        config.sops.secrets."vikunja_env".path
+      ];
+    };
+    sops.secrets."vikunja_env" = {
+      format = "binary";
+      sopsFile = ./vikunja_env;
    };
    services.postgresql = {
diff --git a/hosts/vidhar/vikunja/vikunja_env b/hosts/vidhar/vikunja/vikunja_env
new file mode 100644
index 00000000..d9ff0296
--- /dev/null
+++ b/hosts/vidhar/vikunja/vikunja_env
@@ -0,0 +1,18 @@
+{
+        "data": "ENC[AES256_GCM,data:/3vSwdctF6pm1Rxp5v2EEgh3ZWxXoH0O8WX+EqHdp81gOQNUE+ozM7DROrNunVIrrg==,iv:k8/tPOoaT72cEUQVlFQ34ZlNQMQR+eMCUXteVGxIZP4=,tag:9CAh67Ckcxwho4esHGPHlg==,type:str]",
+        "sops": {
+                "age": [
+                        {
+                                "recipient": "age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866",
+                                "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4dFhNeUtOTVVFUzRRc2R2\nL2dXSC84TDMrVzM2bTltOFBZL0xHVk45NjM4CklHdWhBOE50VlFqVDRXK2hmSXEr\nWTUzVFlqbDB3alhzY0RSbUhwSnVYc1kKLS0tIDczZms4VVRZcmp2NG8wRjF5K0xn\nTGxjYkUzaFJXczVIQVVKSitRZ3dYZ3cKBoKJ0/9eFSEdSUyeMRkn7sXXYq9gDLRE\nHN5+T0Bk8jK40NEnhqwwiL0D4OITTcAeL7XVjKyt9sksJPedtWGToA==\n-----END AGE ENCRYPTED FILE-----\n"
+                        },
+                        {
+                                "recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
+                                "enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOK2RLZDU4RS9JcklXTTNw\nMnhWL05UOENuYXdaZ0dIYTVSNjQyMkVTSkNjCmk1WTJoSTFwV1J5dzhYSjZhcjZD\nOGNRVm44b09BWnlUZWNsRjB1dFpLWGcKLS0tIEFEK1VaQnZPcXdEc1VaVTVuWFEx\nUnV6Z0NuUEw2M2V3ektBMURMTDdGbGcKdtpxGm4Fa77ooi+Xezkcb6y+VfZP3pUF\nwAMutvW+/Be+U4+rvwrGSYQ4/fDQNxX50O7S08atfW2EV7soELF38A==\n-----END AGE ENCRYPTED FILE-----\n"
+                        }
+                ],
+                "lastmodified": "2026-01-14T08:00:06Z",
+                "mac": "ENC[AES256_GCM,data:foWtFQ8MGUbIn8zAnlY4wAWVI/ojzx9gr6TvDHZythtTbGOU9dHLoNRy7fZQdwZu7sJvTQxdmzU3CfUcwIhv6M9sZeVJYs6O8X0yeTN68EqkTX2WMW4xr+I+DEeEIxoU6FI1ZSzKijImcPsygooFGZ9SQoiRLKWcxvWVYVbt7Oc=,iv:HJ2X1wJ4ZAHEbXi2QPjckTdmcdXtECzijYlmwyBokNU=,tag:kYGAD9oQYurv4zTt6Ow1MA==,type:str]",
+                "version": "3.11.0"
+        }
+}

diff --git a/hosts/vidhar/vikunja/default.nix b/hosts/vidhar/vikunja/default.nix index a53f7f18..aa3b368f 100644 --- a/hosts/vidhar/vikunja/default.nix +++ b/hosts/vidhar/vikunja/default.nix
@@ -1,4 +1,4 @@
1	{ lib, ... }:	1	{ config, lib, ... }:
2		2
3	{	3	{
4	config = {	4	config = {
@@ -7,13 +7,33 @@
7	frontendScheme = "https";	7	frontendScheme = "https";
8	frontendHostname = "vikunja.yggdrasil.li";	8	frontendHostname = "vikunja.yggdrasil.li";
9	settings = {	9	settings = {
10	service.interface = lib.mkForce "[2a03:4000:52:ada:4:1::]:3456";	10	service = {
11	service.enableregistration = false;	11	interface = lib.mkForce "[2a03:4000:52:ada:4:1::]:3456";
		12	enableregistration = false;
		13	publicurl = with config.services.vikunja; "${frontendScheme}://${frontendHostname}/";
		14	};
		15
		16	mailer = {
		17	enabled = true;
		18	host = "mailsub.bouncy.email";
		19	port = 466;
		20	username = "vikunja";
		21	fromemail = "vikunja@bouncy.email";
		22	forcessl = true;
		23	};
12	};	24	};
13	database = {	25	database = {
14	host = "/run/postgresql";	26	host = "/run/postgresql";
15	type = "postgres";	27	type = "postgres";
16	};	28	};
		29	environmentFiles = [
		30	config.sops.secrets."vikunja_env".path
		31	];
		32	};
		33
		34	sops.secrets."vikunja_env" = {
		35	format = "binary";
		36	sopsFile = ./vikunja_env;
17	};	37	};
18		38
19	services.postgresql = {	39	services.postgresql = {


diff --git a/hosts/vidhar/vikunja/vikunja_env b/hosts/vidhar/vikunja/vikunja_env new file mode 100644 index 00000000..d9ff0296 --- /dev/null +++ b/hosts/vidhar/vikunja/vikunja_env
@@ -0,0 +1,18 @@
		1	{
		2	"data": "ENC[AES256_GCM,data:/3vSwdctF6pm1Rxp5v2EEgh3ZWxXoH0O8WX+EqHdp81gOQNUE+ozM7DROrNunVIrrg==,iv:k8/tPOoaT72cEUQVlFQ34ZlNQMQR+eMCUXteVGxIZP4=,tag:9CAh67Ckcxwho4esHGPHlg==,type:str]",
		3	"sops": {
		4	"age": [
		5	{
		6	"recipient": "age1rmmhetcmllq0ahl5qznlr0eya2zdxwl9h6y5wnl97d2wtyx5t99sm2u866",
		7	"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA4dFhNeUtOTVVFUzRRc2R2\nL2dXSC84TDMrVzM2bTltOFBZL0xHVk45NjM4CklHdWhBOE50VlFqVDRXK2hmSXEr\nWTUzVFlqbDB3alhzY0RSbUhwSnVYc1kKLS0tIDczZms4VVRZcmp2NG8wRjF5K0xn\nTGxjYkUzaFJXczVIQVVKSitRZ3dYZ3cKBoKJ0/9eFSEdSUyeMRkn7sXXYq9gDLRE\nHN5+T0Bk8jK40NEnhqwwiL0D4OITTcAeL7XVjKyt9sksJPedtWGToA==\n-----END AGE ENCRYPTED FILE-----\n"
		8	},
		9	{
		10	"recipient": "age1qffdqvy9arld9zd5a5cylt0n98xhcns5shxhrhwjq5g4qa844ejselaa4l",
		11	"enc": "-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBOK2RLZDU4RS9JcklXTTNw\nMnhWL05UOENuYXdaZ0dIYTVSNjQyMkVTSkNjCmk1WTJoSTFwV1J5dzhYSjZhcjZD\nOGNRVm44b09BWnlUZWNsRjB1dFpLWGcKLS0tIEFEK1VaQnZPcXdEc1VaVTVuWFEx\nUnV6Z0NuUEw2M2V3ektBMURMTDdGbGcKdtpxGm4Fa77ooi+Xezkcb6y+VfZP3pUF\nwAMutvW+/Be+U4+rvwrGSYQ4/fDQNxX50O7S08atfW2EV7soELF38A==\n-----END AGE ENCRYPTED FILE-----\n"
		12	}
		13	],
		14	"lastmodified": "2026-01-14T08:00:06Z",
		15	"mac": "ENC[AES256_GCM,data:foWtFQ8MGUbIn8zAnlY4wAWVI/ojzx9gr6TvDHZythtTbGOU9dHLoNRy7fZQdwZu7sJvTQxdmzU3CfUcwIhv6M9sZeVJYs6O8X0yeTN68EqkTX2WMW4xr+I+DEeEIxoU6FI1ZSzKijImcPsygooFGZ9SQoiRLKWcxvWVYVbt7Oc=,iv:HJ2X1wJ4ZAHEbXi2QPjckTdmcdXtECzijYlmwyBokNU=,tag:kYGAD9oQYurv4zTt6Ow1MA==,type:str]",
		16	"version": "3.11.0"
		17	}
		18	}