From 73ab11f05dbcfdc83f30141ad2daeb72e6ce6760 Mon Sep 17 00:00:00 2001
From: Gregor Kleen <gkleen@yggdrasil.li>
Date: Thu, 1 Jan 2026 16:08:50 +0100
Subject: vikunja

---
 hosts/vidhar/default.nix         |  2 +-
 hosts/vidhar/network/ruleset.nft |  4 ++++
 hosts/vidhar/vikunja/default.nix | 37 +++++++++++++++++++++++++++++++++++++
 3 files changed, 42 insertions(+), 1 deletion(-)
 create mode 100644 hosts/vidhar/vikunja/default.nix

(limited to 'hosts/vidhar')

diff --git a/hosts/vidhar/default.nix b/hosts/vidhar/default.nix
index c54d57cd..b799ee5f 100644
--- a/hosts/vidhar/default.nix
+++ b/hosts/vidhar/default.nix
@@ -4,7 +4,7 @@ with lib;
 
 {
   imports = with flake.nixosModules.systemProfiles; [
-    ./zfs.nix ./network ./samba.nix ./dns ./prometheus ./borg ./pgbackrest ./postgresql.nix ./immich.nix ./paperless ./hledger ./audiobookshelf ./kimai ./changedetection-io
+    ./zfs.nix ./network ./samba.nix ./dns ./prometheus ./borg ./pgbackrest ./postgresql.nix ./immich.nix ./paperless ./hledger ./audiobookshelf ./kimai ./changedetection-io ./vikunja
     tmpfs-root zfs
     initrd-all-crypto-modules default-locale openssh rebuild-machines
     build-server
diff --git a/hosts/vidhar/network/ruleset.nft b/hosts/vidhar/network/ruleset.nft
index 44b6b7a9..5df73e2f 100644
--- a/hosts/vidhar/network/ruleset.nft
+++ b/hosts/vidhar/network/ruleset.nft
@@ -99,6 +99,7 @@ table inet filter {
   counter audiobookshelf-rx {}
   counter kimai-rx {}
   counter changedetection-rx {}
+  counter vikunja-rx {}
 
   counter established-rx {}
 
@@ -133,6 +134,7 @@ table inet filter {
   counter audiobookshelf-tx {}
   counter kimai-tx {}
   counter changedetection-tx {}
+  counter vikunja-tx {}
 
   counter tx {}
 
@@ -220,6 +222,7 @@ table inet filter {
     iifname bifrost tcp dport 5000 ip6 saddr $bifrost_surtr counter name hledger-rx accept
     iifname bifrost tcp dport 28982 ip6 saddr $bifrost_surtr counter name audiobookshelf-rx accept
     iifname bifrost tcp dport 5001 ip6 saddr $bifrost_surtr counter name changedetection-rx accept
+    iifname bifrost tcp dport 3456 ip6 saddr $bifrost_surtr counter name vikunja-rx accept
 
     ct state { established, related } counter name established-rx accept
 
@@ -273,6 +276,7 @@ table inet filter {
     iifname bifrost tcp sport 5000 ip6 daddr $bifrost_surtr counter name hledger-tx accept
     iifname bifrost tcp sport 28982 ip6 daddr $bifrost_surtr counter name audiobookshelf-tx accept
     iifname bifrost tcp sport 5001 ip6 daddr $bifrost_surtr counter name changedetection-tx accept
+    iifname bifrost tcp sport 3456 ip6 daddr $bifrost_surtr counter name vikunja-tx accept
 
 
     counter name tx
diff --git a/hosts/vidhar/vikunja/default.nix b/hosts/vidhar/vikunja/default.nix
new file mode 100644
index 00000000..a53f7f18
--- /dev/null
+++ b/hosts/vidhar/vikunja/default.nix
@@ -0,0 +1,37 @@
+{ lib, ... }:
+
+{
+  config = {
+    services.vikunja = {
+      enable = true;
+      frontendScheme = "https";
+      frontendHostname = "vikunja.yggdrasil.li";
+      settings = {
+        service.interface = lib.mkForce "[2a03:4000:52:ada:4:1::]:3456";
+        service.enableregistration = false;
+      };
+      database = {
+        host = "/run/postgresql";
+        type = "postgres";
+      };
+    };
+
+    services.postgresql = {
+      ensureDatabases = [ "vikunja" ];
+      ensureUsers = [
+        {
+          name = "vikunja";
+          ensureDBOwnership = true;
+          ensureClauses.login = true;
+        }
+      ];
+    };
+
+    systemd.services.vikunja = {
+      serviceConfig = {
+        User = "vikunja";
+        Group = "vikunja";
+      };
+    };
+  };
+}
-- 
cgit v1.2.3