From 133cc115efb06890c28baa4f98ad2f219e65f703 Mon Sep 17 00:00:00 2001 From: Eli Ribble Date: Tue, 28 Apr 2026 08:22:31 +0000 Subject: [PATCH] Push latest build to prod --- flake.lock | 133 ++++++++++++++++++++--------------- flake.nix | 7 +- modules/system/cloudreve.nix | 2 +- modules/system/default.nix | 1 + modules/system/taiga.nix | 60 ++++++++++++++++ secrets/vikunja.yaml | 8 +-- 6 files changed, 143 insertions(+), 68 deletions(-) create mode 100644 modules/system/taiga.nix diff --git a/flake.lock b/flake.lock index e60199d..06b4214 100644 --- a/flake.lock +++ b/flake.lock @@ -1,7 +1,24 @@ { "nodes": { + "authentik-go": { + "flake": false, + "locked": { + "lastModified": 1771856219, + "narHash": "sha256-zTEmvxe+BpfWYvAl675PnhXCH4jV4GUTFb1MrQ1Eyno=", + "owner": "goauthentik", + "repo": "client-go", + "rev": "4c1444ee54d945fbcc5ae107b4f191ca0352023d", + "type": "github" + }, + "original": { + "owner": "goauthentik", + "repo": "client-go", + "type": "github" + } + }, "authentik-nix": { "inputs": { + "authentik-go": "authentik-go", "authentik-src": "authentik-src", "flake-compat": "flake-compat", "flake-parts": "flake-parts", @@ -16,15 +33,15 @@ "uv2nix": "uv2nix" }, "locked": { - "lastModified": 1768160794, - "narHash": "sha256-J7kRUDkNPtmL2Se4voIMXbCkCVPZAnLTgtCaHs2E2Zc=", - "owner": "Pentusha", + "lastModified": 1776085803, + "narHash": "sha256-JvvWVbXJYSY8qOReMbAOD4lxcN2cjKV6lg/jLz8CEuY=", + "owner": "nix-community", "repo": "authentik-nix", - "rev": "1981227096e155ce36897c920641dd4ae8aaf683", + "rev": "4370b561c8bafb59773ce3a518506bcf1161dbdb", "type": "github" }, "original": { - "owner": "Pentusha", + "owner": "nix-community", "repo": "authentik-nix", "type": "github" } @@ -32,16 +49,16 @@ "authentik-src": { "flake": false, "locked": { - "lastModified": 1768172416, - "narHash": "sha256-qVlhrxHqcVFKrOwEl/DxdgSltMLiWp+ztBrjCW+Uu6k=", + "lastModified": 1775573258, + "narHash": "sha256-Xq7JGI/8ppIydIuWd9KRJKUrh7UpeniwvZ4NAtXbYJ4=", "owner": "goauthentik", "repo": "authentik", - "rev": "e44cf378d7e17d517cb07a69fb725b8d926795b9", + "rev": "5249546862986202b901c2afd860992ec48c6ef6", "type": "github" }, "original": { "owner": "goauthentik", - "ref": "version-2025.10", + "ref": "version/2026.2.2", "repo": "authentik", "type": "github" } @@ -53,11 +70,11 @@ ] }, "locked": { - "lastModified": 1766150702, - "narHash": "sha256-P0kM+5o+DKnB6raXgFEk3azw8Wqg5FL6wyl9jD+G5a4=", + "lastModified": 1776613567, + "narHash": "sha256-gC9Cp5ibBmGD5awCA9z7xy6MW6iJufhazTYJOiGlCUI=", "owner": "nix-community", "repo": "disko", - "rev": "916506443ecd0d0b4a0f4cf9d40a3c22ce39b378", + "rev": "32f4236bfc141ae930b5ba2fb604f561fed5219d", "type": "github" }, "original": { @@ -89,11 +106,11 @@ "flake-compat": { "flake": false, "locked": { - "lastModified": 1765121682, - "narHash": "sha256-4VBOP18BFeiPkyhy9o4ssBNQEvfvv1kXkasAYd0+rrA=", + "lastModified": 1767039857, + "narHash": "sha256-vNpUSpF5Nuw8xvDLj2KCwwksIbjua2LZCqhV1LNRDns=", "owner": "edolstra", "repo": "flake-compat", - "rev": "65f23138d8d09a92e30f1e5c87611b23ef451bf3", + "rev": "5edf11c44bc78a0d334f6334cdaf7d60d732daab", "type": "github" }, "original": { @@ -107,11 +124,11 @@ "nixpkgs-lib": "nixpkgs-lib" }, "locked": { - "lastModified": 1765835352, - "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", + "lastModified": 1769996383, + "narHash": "sha256-AnYjnFWgS49RlqX7LrC4uA+sCCDBj0Ry/WOJ5XWAsa0=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "a34fae9c08a15ad73f295041fec82323541400a9", + "rev": "57928607ea566b5db3ad13af0e57e921e6b12381", "type": "github" }, "original": { @@ -128,11 +145,11 @@ ] }, "locked": { - "lastModified": 1765835352, - "narHash": "sha256-XswHlK/Qtjasvhd1nOa1e8MgZ8GS//jBoTqWtrS1Giw=", + "lastModified": 1768135262, + "narHash": "sha256-PVvu7OqHBGWN16zSi6tEmPwwHQ4rLPU9Plvs8/1TUBY=", "owner": "hercules-ci", "repo": "flake-parts", - "rev": "a34fae9c08a15ad73f295041fec82323541400a9", + "rev": "80daad04eddbbf5a4d883996a73f3f542fa437ac", "type": "github" }, "original": { @@ -241,11 +258,11 @@ ] }, "locked": { - "lastModified": 1767910483, - "narHash": "sha256-MOU5YdVu4DVwuT5ztXgQpPuRRBjSjUGIdUzOQr9iQOY=", + "lastModified": 1775425411, + "narHash": "sha256-KY6HsebJHEe5nHOWP7ur09mb0drGxYSzE3rQxy62rJo=", "owner": "nix-community", "repo": "home-manager", - "rev": "82fb7dedaad83e5e279127a38ef410bcfac6d77c", + "rev": "0d02ec1d0a05f88ef9e74b516842900c41f0f2fe", "type": "github" }, "original": { @@ -316,27 +333,27 @@ "proj": "proj" }, "locked": { - "lastModified": 1776872762, - "narHash": "sha256-pMtrQaFPVQlbi1meZ7VBNdGRVbREvv59+9Ug9McWs1s=", + "lastModified": 1777361694, + "narHash": "sha256-ZoQ3xicLf//v1H3sQmkdjQ7wDYSfLwN0uaOumPZaEAY=", "owner": "Gleipnir-Technology", "repo": "nidus-sync", - "rev": "78458760ec5524d5ad9696b7ba923fc75264dfe1", + "rev": "175fd8d0fbbde0f556fa38e5eb93c056d4595ed2", "type": "github" }, "original": { "owner": "Gleipnir-Technology", "repo": "nidus-sync", - "rev": "78458760ec5524d5ad9696b7ba923fc75264dfe1", + "rev": "175fd8d0fbbde0f556fa38e5eb93c056d4595ed2", "type": "github" } }, "nixos-facter-modules": { "locked": { - "lastModified": 1766558141, - "narHash": "sha256-Ud9v49ZPsoDBFuyJSQ2Mpw1ZgAH/aMwUwwzrVoetNus=", + "lastModified": 1773858690, + "narHash": "sha256-oW0/lC0oRG5H5LaK6Rmh9L1wmkn9TbenM4bXwnIEDKA=", "owner": "numtide", "repo": "nixos-facter-modules", - "rev": "e796d536e3d83de74267069e179dc620a608ed7d", + "rev": "139dcef4dfc97009629c445806f197883351ab4a", "type": "github" }, "original": { @@ -363,11 +380,11 @@ }, "nixpkgs-lib": { "locked": { - "lastModified": 1765674936, - "narHash": "sha256-k00uTP4JNfmejrCLJOwdObYC9jHRrr/5M/a/8L2EIdo=", + "lastModified": 1769909678, + "narHash": "sha256-cBEymOf4/o3FD5AZnzC3J9hLbiZ+QDT/KDuyHXVJOpM=", "owner": "nix-community", "repo": "nixpkgs.lib", - "rev": "2075416fcb47225d9b68ac469a5c4801a9c4dd85", + "rev": "72716169fe93074c333e8d0173151350670b824c", "type": "github" }, "original": { @@ -410,11 +427,11 @@ }, "nixpkgs_4": { "locked": { - "lastModified": 1768028080, - "narHash": "sha256-50aDK+8eLvsLK39TzQhKNq50/HcXyP4hyxOYoPoVxjo=", + "lastModified": 1776734388, + "narHash": "sha256-vl3dkhlE5gzsItuHoEMVe+DlonsK+0836LIRDnm6MXQ=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "d03088749a110d52a4739348f39a63f84bb0be14", + "rev": "10e7ad5bbcb421fe07e3a4ad53a634b0cd57ffac", "type": "github" }, "original": { @@ -426,11 +443,11 @@ }, "nixpkgs_5": { "locked": { - "lastModified": 1768032153, - "narHash": "sha256-6kD1MdY9fsE6FgSwdnx29hdH2UcBKs3/+JJleMShuJg=", + "lastModified": 1775888245, + "narHash": "sha256-nwASzrRDD1JBEu/o8ekKYEXm/oJW6EMCzCRdrwcLe90=", "owner": "NixOS", "repo": "nixpkgs", - "rev": "3146c6aa9995e7351a398e17470e15305e6e18ff", + "rev": "13043924aaa7375ce482ebe2494338e058282925", "type": "github" }, "original": { @@ -464,11 +481,11 @@ "systems": "systems_6" }, "locked": { - "lastModified": 1767448089, - "narHash": "sha256-U1fHsZBnFrUil731NHD9Sg5HoiG+eSHau8OFuClhwW0=", + "lastModified": 1769049374, + "narHash": "sha256-h0Os2qqNyycDY1FyZgtbn28VF1ySP74/n0f+LDd8j+w=", "owner": "nix-community", "repo": "nixvim", - "rev": "983751b66f255bbea1adc185364e9e7b73f82358", + "rev": "b8f76bf5751835647538ef8784e4e6ee8deb8f95", "type": "github" }, "original": { @@ -488,11 +505,11 @@ ] }, "locked": { - "lastModified": 1761730856, - "narHash": "sha256-t1i5p/vSWwueZSC0Z2BImxx3BjoUDNKyC2mk24krcMY=", + "lastModified": 1768249818, + "narHash": "sha256-ANfn5OqIxq3HONPIXZ6zuI5sLzX1sS+2qcf/Pa0kQEc=", "owner": "NuschtOS", "repo": "search", - "rev": "e29de6db0cb3182e9aee75a3b1fd1919d995d85b", + "rev": "b6f77b88e9009bfde28e2130e218e5123dc66796", "type": "github" }, "original": { @@ -536,11 +553,11 @@ ] }, "locked": { - "lastModified": 1763662255, - "narHash": "sha256-4bocaOyLa3AfiS8KrWjZQYu+IAta05u3gYZzZ6zXbT0=", + "lastModified": 1771423342, + "narHash": "sha256-7uXPiWB0YQ4HNaAqRvVndYL34FEp1ZTwVQHgZmyMtC8=", "owner": "pyproject-nix", "repo": "build-system-pkgs", - "rev": "042904167604c681a090c07eb6967b4dd4dae88c", + "rev": "04e9c186e01f0830dad3739088070e4c551191a4", "type": "github" }, "original": { @@ -557,11 +574,11 @@ ] }, "locked": { - "lastModified": 1764134915, - "narHash": "sha256-xaKvtPx6YAnA3HQVp5LwyYG1MaN4LLehpQI8xEdBvBY=", + "lastModified": 1771518446, + "narHash": "sha256-nFJSfD89vWTu92KyuJWDoTQJuoDuddkJV3TlOl1cOic=", "owner": "pyproject-nix", "repo": "pyproject.nix", - "rev": "2c8df1383b32e5443c921f61224b198a2282a657", + "rev": "eb204c6b3335698dec6c7fc1da0ebc3c6df05937", "type": "github" }, "original": { @@ -610,11 +627,11 @@ "nixpkgs": "nixpkgs_5" }, "locked": { - "lastModified": 1768104471, - "narHash": "sha256-HdnXWQsA1EI27IJlaENUEEug58trUrh6+MT0cFiDHmY=", + "lastModified": 1776771786, + "narHash": "sha256-DRFGPfFV6hbrfO9a1PH1FkCi7qR5FgjSqsQGGvk1rdI=", "owner": "Mic92", "repo": "sops-nix", - "rev": "94f9cbd20f680ebb2ad6cdf39da97cbcfaedf004", + "rev": "bef289e2248991f7afeb95965c82fbcd8ff72598", "type": "github" }, "original": { @@ -745,11 +762,11 @@ ] }, "locked": { - "lastModified": 1765631794, - "narHash": "sha256-90d//IZ4GXipNsngO4sb2SAPbIC/a2P+IAdAWOwpcOM=", + "lastModified": 1772187362, + "narHash": "sha256-gCojeIlQ/rfWMe3adif3akyHsT95wiMkLURpxTeqmPc=", "owner": "pyproject-nix", "repo": "uv2nix", - "rev": "4cca323a547a1aaa9b94929c4901bed5343eafe8", + "rev": "abe65de114300de41614002fe9dce2152ac2ac23", "type": "github" }, "original": { diff --git a/flake.nix b/flake.nix index d25b57d..2e705b6 100644 --- a/flake.nix +++ b/flake.nix @@ -4,10 +4,7 @@ inputs = { authentik-nix = { inputs.nixpkgs.follows = "nixpkgs"; - #url = "github:nix-community/authentik-nix"; - # Temporary workaround for build failure - # See https://github.com/nix-community/authentik-nix/issues/83 - url = "github:Pentusha/authentik-nix"; + url = "github:nix-community/authentik-nix"; }; disko = { inputs.nixpkgs.follows = "nixpkgs"; @@ -27,7 +24,7 @@ type = "github"; owner = "Gleipnir-Technology"; repo = "nidus-sync"; - rev = "78458760ec5524d5ad9696b7ba923fc75264dfe1"; + rev = "175fd8d0fbbde0f556fa38e5eb93c056d4595ed2"; }; nixos-facter-modules.url = "github:numtide/nixos-facter-modules"; nixpkgs.url = "github:NixOS/nixpkgs/nixos-25.11"; diff --git a/modules/system/cloudreve.nix b/modules/system/cloudreve.nix index c5c4dfe..06eca5e 100644 --- a/modules/system/cloudreve.nix +++ b/modules/system/cloudreve.nix @@ -88,7 +88,7 @@ with lib; "/var/run/secrets/cloudreve-env" ]; #extraOptions = ["--network=pasta:--map-gw"]; - image = "cloudreve.azurecr.io/cloudreve/pro:4.10.1"; + image = "cloudreve.azurecr.io/cloudreve/pro:4.15.0"; # I'd much rather be doing this, but it fails in inscrutible ways #podman.user = "cloudreve"; ports = [ "127.0.0.1:10040:5212" ]; diff --git a/modules/system/default.nix b/modules/system/default.nix index da5685c..a88112b 100644 --- a/modules/system/default.nix +++ b/modules/system/default.nix @@ -27,6 +27,7 @@ ./sudo.nix ./switch-fix.nix ./synapse.nix + ./taiga.nix ./tegola.nix ./timecardbot.nix ./tmux.nix diff --git a/modules/system/taiga.nix b/modules/system/taiga.nix new file mode 100644 index 0000000..8c98b83 --- /dev/null +++ b/modules/system/taiga.nix @@ -0,0 +1,60 @@ +{ config, configPath, lib, pkgs, ... }: + +{ + options.myModules.taiga.enable = mkEnableOption "custom taiga configuration"; + + config = mkIf config.myModules.taiga.enable { + services.postgresql = { + ensureDatabases = [ "taiga" ]; + ensureUsers = [{ + ensureClauses.login = true; + ensureDBOwnership = true; + name = "taiga"; + }]; + }; + # Define the container as a systemd service + virtualisation.oci-containers = { + backend = "docker"; # or "podman" + + containers = { + taiga-back = { + image = "taigaio/taiga-back:6.9.0"; + + # Environment variables + environment = { + POSTGRES_HOST = "postgres"; + POSTGRES_DB = "taiga"; + TAIGA_SECRET_KEY = "your-secret-key-here"; + TAIGA_SITES_DOMAIN = "taiga.example.com"; + }; + + # Port mappings + ports = [ + "8000:8000" + ]; + + # Volumes + volumes = [ + "/var/lib/taiga/media:/taiga-back/media" + "/var/lib/taiga/static:/taiga-back/static" + ]; + + # Auto-start on boot + autoStart = true; + + # Extra options + #extraOptions = [ + #"--network=taiga-net" + #]; + }; + }; + }; + + # Ensure the data directories exist + systemd.tmpfiles.rules = [ + "d /var/lib/taiga 0755 root root -" + "d /var/lib/taiga/media 0755 root root -" + "d /var/lib/taiga/static 0755 root root -" + ]; + }; +} diff --git a/secrets/vikunja.yaml b/secrets/vikunja.yaml index 50b730b..71f9d08 100644 --- a/secrets/vikunja.yaml +++ b/secrets/vikunja.yaml @@ -29,8 +29,8 @@ mailer: username: ENC[AES256_GCM,data:ztArgBSBI4o9HOPIVc9n+k8az4Xm2Cwz57EN8TI=,iv:nOr2oZIW5nOMMg0FtgP+YEXISUfNqI93L/me20Euvn4=,tag:FNfoMYuIRj5y5b6FUJWmWA==,type:str] service: enableopenidteamusersearch: ENC[AES256_GCM,data:RiSp/A==,iv:AdSnQXhu/TBWl/p8tqsNjNCe95khihwzjGF5j9j4UKw=,tag:/9InRg0weDo+zK7agkfMCA==,type:bool] - frontendurl: ENC[AES256_GCM,data:kIyk5SRoJpGhQhu+97QpC4DwkwjT3B4rhu0y8ayVbjct,iv:x8N43NrKuIVA9IrOW3buu6c4jlSIXR4FwMeeM9/e3TA=,tag:KKBrKxK9uIWuO33DkxeJHA==,type:str] interface: ENC[AES256_GCM,data:Cpbtlf/c,iv:B6/3k8sGfIv8D/Yf0Ak92D4Xvou5orbvPcd1f3ZR7uo=,tag:7lHdcWMI/sNqOmuuhmTbYw==,type:str] + publicurl: ENC[AES256_GCM,data:So4F8h2jfWaENbaxhCN4TaTZnQpCiRh7tU8hhMBfJJsf,iv:J9dX9gNy4AZYLoI0tbNDugdyF/HyHZ3YT1qXJJMcJnU=,tag:i1JGgCu4eFA6+5QtlHinkw==,type:str] sops: age: - recipient: age1wxlwx75hfxer4trvfzad7cwdn2hhu4we50p32vpy3qvdct7t656q3pp04x @@ -114,7 +114,7 @@ sops: TXFSMDF2cWMzeEhCd055cnQrQVppdlkKkgfFOfEhLzuZDKu7byQnrFjUlBH58t2a WXv2JeG9ymBYP69n6apQsSOv32O6c9bgl8xbMwTKDBIG8CN1QBmuCA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-09-21T21:49:00Z" - mac: ENC[AES256_GCM,data:+mUMtg2rlCz5R+xkEPhtpe0vrMiYJV1/YI1HuIwhli/4ZWUuG184ND/S2LU89tvcTsxFhfToThBIy/J68XHKor0hlU61u3LhgiIcgOa1QONZz2ulIgP9SfWjXLD2f4TYg1QHWXheaYc1Lx9Y7OJ6gLKlxzoMt30coeFa7z5/Bzk=,iv:f0iKViDgccs/Kv8P3IrfS+QSB4mKFuLz0aWGdM/xPOU=,tag:GyWD52tVbCVJxNBG2UfNAA==,type:str] + lastmodified: "2026-04-23T21:45:32Z" + mac: ENC[AES256_GCM,data:Pm0VSC2A2m0xHG2GP6gwmW81vss1gUnqr9p8gOIbtTe8FoXrxU8ibUpx/ryqs7BM/IgnH5378SI4tk7yfjMG9wYS7sY851JxR9x0MyuZMU9kWZuV3Yfd/RTfGpeE8JE4nt07lqYDBt1dDXvwVoMjHuFlvB44+XC6uGcgPUZCH0I=,iv:nyaGhyX4MNoS8whY4Dz7D2yUmomdK/4wvi2u1g6GWos=,tag:fQGWn67gZbNAokfncALQog==,type:str] unencrypted_suffix: _unencrypted - version: 3.10.2 + version: 3.12.1