From 2a45b6837ea381c893d0ebde2f8cce2897331c35 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Sat, 24 May 2025 20:26:52 +0200
Subject: kimai

---
 hosts/vidhar/kimai/default.nix | 89 ++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 89 insertions(+)
 create mode 100644 hosts/vidhar/kimai/default.nix

(limited to 'hosts/vidhar/kimai/default.nix')

diff --git a/hosts/vidhar/kimai/default.nix b/hosts/vidhar/kimai/default.nix
new file mode 100644
index 00000000..0258697b
--- /dev/null
+++ b/hosts/vidhar/kimai/default.nix
@@ -0,0 +1,89 @@
+{ flake, config, ... }:
+
+{
+  config = {
+    boot.enableContainers = true;
+    boot.kernel.sysctl = {
+      "net.netfilter.nf_log_all_netns" = true;
+    };
+
+    containers."kimai" = {
+      autoStart = true;
+      ephemeral = true;
+      bindMounts = {
+        "/var/lib/kimai" = {
+          hostPath = "/var/lib/kimai/state";
+          isReadOnly = false;
+        };
+        "/var/lib/mysql" = {
+          hostPath = "/var/lib/kimai/mysql";
+          isReadOnly = false;
+        };
+      };
+      privateNetwork = true;
+      # forwardPorts = [
+      #   { containerPort = 80;
+      #     hostPort = 28983;
+      #   }
+      # ];
+      hostAddress = "192.168.52.113";
+      localAddress = "192.168.52.114";
+      hostAddress6 = "2a03:4000:52:ada:6::1";
+      localAddress6 = "2a03:4000:52:ada:6::2";
+      config = let hostConfig = config; in { config, pkgs, lib, ... }: {
+        system.stateVersion = lib.mkIf hostConfig.containers."kimai".ephemeral config.system.nixos.release;
+        system.configurationRevision = lib.mkIf (flake ? rev) flake.rev;
+        nixpkgs.pkgs = hostConfig.nixpkgs.pkgs;
+
+        services.kimai.sites."kimai.yggdrasil.li" = {
+          database.socket = "/run/mysqld/mysqld.sock";
+        };
+
+        networking = {
+          useDHCP = false;
+          useNetworkd = true;
+          useHostResolvConf = false;
+          firewall.enable = false;
+          nftables = {
+            enable = true;
+            rulesetFile = ./ruleset.nft;
+          };
+        };
+
+        services.resolved.fallbackDns = [
+          "9.9.9.10#dns10.quad9.net"
+          "149.112.112.10#dns10.quad9.net"
+          "2620:fe::10#dns10.quad9.net"
+          "2620:fe::fe:10#dns10.quad9.net"
+        ];
+
+        systemd.network = {
+          networks.upstream = {
+            name = "eth0";
+            matchConfig = {
+              Name = "eth0";
+            };
+            linkConfig = {
+              RequiredForOnline = true;
+            };
+            networkConfig = {
+              Address = [ "192.168.52.114/32" "2a03:4000:52:ada:6::2/128" ];
+              LLMNR = false;
+              MulticastDNS = false;
+            };
+            routes = [
+              { Destination = "192.168.52.113/32"; }
+              { Destination = "2a03:4000:52:ada:6::1/128"; }
+              { Destination = "0.0.0.0/0";
+                Gateway = "192.168.52.113";
+              }
+              { Destination = "::/0";
+                Gateway = "2a03:4000:52:ada:6::1";
+              }
+            ];
+          };
+        };
+      };
+    };
+  };
+}
-- 
cgit v1.2.3