WIP: Enable vikunja

Enable redmine
Add OpenProject service to tent with docker
2026-02-18 02:55:30 +01:00 · 2026-02-18 02:05:24 +01:00 · 2026-02-12 19:32:01 +01:00
13 changed files with 99 additions and 161 deletions
--- a/m/common/base.nix
+++ b/m/common/base.nix
@@ -7,7 +7,6 @@
    ./base/august-shutdown.nix
    ./base/boot.nix
    ./base/env.nix
-    ./base/fish.nix
    ./base/fs.nix
    ./base/hw.nix
    ./base/net.nix
--- a/m/common/base/env.nix
+++ b/m/common/base/env.nix
@@ -53,22 +53,9 @@
    VISUAL = "vim";
  };

-  programs.bash.promptInit = # bash
-    ''
-      if echo "$PATH" | grep -qc '/nix/store'; then
-        # Inside a nix shell, dumb prompt
-        PS1="\h\\$ "
-      elif [ "$TERM" != "dumb" ] ; then
-        PROMPT_COLOR="1;31m"
-        ((UID)) && PROMPT_COLOR="1;32m"
-
-        PS1="\n\[\033[$PROMPT_COLOR\][\[\e]0;\u@\h: \w\a\]\u@\h:\w]\\$\[\033[0m\] "
-
-        if test "$TERM" = "xterm"; then
-          PS1="\[\033]2;\h:\u:\w\007\]$PS1"
-        fi
-      fi
-    '';
+  programs.bash.promptInit = ''
+    PS1="\h\\$ "
+  '';

  time.timeZone = "Europe/Madrid";
  i18n.defaultLocale = "en_DK.UTF-8";
--- a/m/common/base/fish.nix
+++ b/m/common/base/fish.nix
@@ -1,3 +0,0 @@
-{
-  programs.fish.enable = true;
-}
--- a/m/common/base/users.nix
+++ b/m/common/base/users.nix
@@ -87,13 +87,6 @@
        openssh.authorizedKeys.keys = [
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIIFiqXqt88VuUfyANkZyLJNiuroIITaGlOOTMhVDKjf abonerib@bsc"
        ];
-        shell = pkgs.fish;
-        packages = with pkgs; [
-          fzf
-          jujutsu
-          neovim
-          starship
-        ];
      };

      vlopez = {
@@ -214,19 +207,6 @@
          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKZKot/Y3F5Wq9pQIXlCbyvQuVVeWMCsAC96Nd+LTcG erwin@Oreo"
        ];
      };
-
-      ssanzmar = {
-        uid = 9657;
-        isNormalUser = true;
-        home = "/home/Computational/ssanzmar";
-        description = "Sergio Sanz Martínez";
-        group = "Computational";
-        hosts = [ "apex" "fox" ];
-        hashedPassword = "$6$HUjNDJeJMmNQ6M64$laXSOZcXg6o4v2r8Jm8Xj9kmqw7veCY32po3TVDPRR4WlyxvOeqwoKr4NjlUlPPpKN55Oot3ZYHi.9iNXsH5E1";
-        openssh.authorizedKeys.keys = [
-          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIIELrsRRHXryrdA2ZBx5XmdGxL4DC5bmJydhBeTWQ0SQ sergio.sanz.martinez@estudiantat.upc.edu"
-        ];
-      };
    };

    groups = {
--- a/m/tent/configuration.nix
+++ b/m/tent/configuration.nix
@@ -11,6 +11,9 @@
    ./nix-serve.nix
    ./gitlab-runner.nix
    ./gitea.nix
+    ./openproject.nix
+    ./redmine.nix
+    ./vikunja.nix
    ../hut/public-inbox.nix
    ../hut/msmtp.nix
    ../module/p.nix
--- a/m/tent/gitea.nix
+++ b/m/tent/gitea.nix
@@ -6,60 +6,26 @@

    settings = {
      server = {
+        ROOT_URL = "https://jungle.bsc.es/git/";
+        LOCAL_ROOT_URL = "https://jungle.bsc.es/git/";
        LANDING_PAGE = "explore";
      };
+      metrics.ENABLED = true;
      service = {
+        DISABLE_REGISTRATION = true;
+        REGISTER_MANUAL_CONFIRM = true;
+        ENABLE_NOTIFY_MAIL = true;
      };
      log.LEVEL = "Warn";

      mailer = {
-        ENABLED       = false;
+        ENABLED       = true;
        FROM          = "jungle-robot@bsc.es";
        PROTOCOL      = "sendmail";
        SENDMAIL_PATH = "/run/wrappers/bin/sendmail";
        SENDMAIL_ARGS = "--";
      };
    };
-
-    dump = {
-      enable = false; # Do not enable NixOS module, use our custom systemd script below
-      backupDir = "/vault/gitea";
-    };
-  };
-
-  systemd.services.gitea-dump-rotating = let
-    cfg = config.services.gitea;
-    exe = lib.getExe cfg.package;
-  in {
-    description = "gitea dump rotation";
-    after = [ "gitea.service" ];
-    path = [ cfg.package ];
-
-    environment = {
-      USER = cfg.user;
-      HOME = cfg.stateDir;
-      GITEA_WORK_DIR = cfg.stateDir;
-      GITEA_CUSTOM = cfg.customDir;
-    };
-
-    serviceConfig = {
-      Type = "oneshot";
-      User = cfg.user;
-      WorkingDirectory = cfg.dump.backupDir;
-    };
-
-    script = ''
-      name="gitea-dump-$(date +%a).${cfg.dump.type}"
-      ${exe} dump --type ${cfg.dump.type} --file - >"$name.tmp"
-      mv "$name.tmp" "$name"
-    '';
-  };
-
-  systemd.timers.gitea-dump-rotating = {
-    description = "Update timer for gitea-dump-rotating";
-    partOf = [ "gitea-dump-rotating.service" ];
-    wantedBy = [ "timers.target" ];
-    timerConfig.OnCalendar = config.services.gitea.dump.interval;
  };

  # Allow gitea user to send mail
--- a/m/tent/gitlab-runner.nix
+++ b/m/tent/gitlab-runner.nix
@@ -43,7 +43,6 @@
        registrationFlags = [
          # Increase build log length to 64 MiB
          "--output-limit 65536"
-          "--docker-network-mode host"
        ];
        preBuildScript = pkgs.writeScript "setup-container" ''
          mkdir -p -m 0755 /nix/var/log/nix/drvs
--- a/m/tent/nginx.nix
+++ b/m/tent/nginx.nix
@@ -52,6 +52,16 @@ in
          proxy_pass http://127.0.0.1:8081;
          proxy_redirect http:// $scheme://;
        }
+        location /op {
+          proxy_pass http://127.0.0.1:8080;
+          proxy_pass_header  Server;
+          proxy_redirect     off;
+          proxy_set_header   X-Forwarded-Proto https;          
+          proxy_set_header   Host $host;
+          proxy_set_header   X-Real-IP $remote_addr;
+          proxy_set_header   X-Scheme $scheme;
+          proxy_pass_request_headers on;
+        }
        location /grafana {
          proxy_pass http://127.0.0.1:2342;
          proxy_redirect http:// $scheme://;
--- a/m/tent/openproject.nix
+++ b/m/tent/openproject.nix
@@ -0,0 +1,51 @@
+{ pkgs, ... }:
+
+let
+  dataDir = "/var/lib/openproject/assets";
+in
+{
+  # TODO: Create a new user and group to run openproject
+
+  # Ensure directory exists
+  systemd.tmpfiles.rules = [
+    "d ${dataDir} 777 root root"
+  ];
+
+  systemd.services.openproject = let
+    openprojectSrc = pkgs.fetchFromGitHub {
+      owner = "opf";
+      repo = "openproject-docker-compose";
+      rev = "b66694f26020a205fbefd697530fee287d1ddea2"; # branch stable/17
+      sha256 = "sha256-m23vM0NyaTA54sjAHlFJ8mOhOjqp9CAciLx4UxzFfHI=";
+    };
+    envFile = pkgs.writeText ".env" ''
+    # https://www.openproject.org/docs/installation-and-operations/configuration/environment/
+    TAG=17-slim
+    OPENPROJECT_HTTPS=true
+    SECRET_KEY_BASE=OVERWRITE_ME
+    OPENPROJECT_HOST__NAME=jungle.bsc.es
+    PORT=127.0.0.1:8080
+    OPENPROJECT_RAILS__RELATIVE__URL__ROOT=/op
+    IMAP_ENABLED=false
+    DATABASE_URL=postgres://postgres:p4ssw0rd@db/openproject?pool=20&encoding=unicode&reconnect=true
+    RAILS_MIN_THREADS=4
+    RAILS_MAX_THREADS=16
+    PGDATA="/var/lib/postgresql/data"
+    OPDATA="${dataDir}"
+    COLLABORATIVE_SERVER_URL=ws://localhost:8080/hocuspocus
+    COLLABORATIVE_SERVER_SECRET=secret12345
+    '';
+  in {
+    # Needs docker-compose package
+    path = with pkgs; [ docker-compose ];
+    script = ''
+      docker-compose \
+        -p openproject \
+        -f ${openprojectSrc}/docker-compose.yml \
+        --env-file ${envFile} \
+        up --build --pull always
+    '';
+    wantedBy = [ "multi-user.target" ];
+    after = [ "docker.service" "docker.socket" ];
+  };
+}
--- a/m/tent/redmine.nix
+++ b/m/tent/redmine.nix
@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+
+{
+  services.redmine = {
+    enable = true;
+    port = 3003;
+    database.type = "sqlite3";
+    # Redmine::Utils::relative_url_root = "/redmine" 
+  };
+}
--- a/m/tent/vikunja.nix
+++ b/m/tent/vikunja.nix
@@ -0,0 +1,13 @@
+{ pkgs, ... }:
+{
+  services.vikunja.enable = true;
+  services.vikunja.frontendScheme = "http";
+  services.vikunja.frontendHostname = "localhost";
+
+  # To run vikunja from a subdirectory we need to *sigh* rebuild it with the
+  # variable "VIKUNJA_FRONTEND_BASE" set to the subpath.
+  # See https://vikunja.io/docs/running-vikunja-in-a-subdirectory/
+  # services.vikunja.package = pkgs.vikunja.overrideAttrs (old: {
+  # });
+  #services.nginx.virtualHosts."jungle.bsc.es".locations."/vikunja".extraConfig
+}
--- a/m/weasel/configuration.nix
+++ b/m/weasel/configuration.nix
@@ -1,11 +1,9 @@
-{ lib, pkgs, ... }:
+{ lib, ... }:

 {
  imports = [
    ../common/ssf.nix
    ../module/hut-substituter.nix
-    ./hydra.nix
-    ../tent/gitea.nix
  ];

  # Select this using the ID to avoid mismatches
@@ -27,27 +25,9 @@
      address = "10.0.40.6";
      prefixLength = 24;
    } ];
-    interfaces.ibs785.ipv4.addresses = [ {
+    interfaces.ibp5s0.ipv4.addresses = [ {
      address = "10.0.42.6";
      prefixLength = 24;
    } ];
  };
-
-  services.nix-serve = {
-    enable = true;
-    bindAddress = "0.0.0.0";
-    port = 5000;
-    package = pkgs.haskell.lib.overrideSrc (pkgs.haskell.packages.ghc96.nix-serve-ng.override { nix = pkgs.nixVersions.nix_2_28; }) {
-      src = pkgs.fetchgit {
-        url = "https://jungle.bsc.es/git/abonerib/nix-serve-ng.git";
-        rev = "9c056641300a826db66b66d7e584b2541d38927a";
-        hash = "sha256-y69ZchFiZOU71eyeljcQgLxkLk5JUzZfanq8Yzw4MkI=";
-      };
-      version = "unstable";
-    };
-
-    secretKeyFile = "/var/cache-priv-key.pem";
-    # Public key:
-    # 10.0.40.6:8jBhIdXEBap+Qo+vc1/fnV9vj43A2oDk839EEheRr/U=
-  };
 }
--- a/m/weasel/hydra.nix
+++ b/m/weasel/hydra.nix
@@ -1,57 +0,0 @@
-{
-  config,
-  pkgs,
-  lib,
-  ...
-}:
-{
-  services.hydra = {
-    enable = true;
-
-    # Wrap hydra so it puts quiet flag every time... This is dumb and annoying,
-    # but i can't override the systemd ExecStart without running into infinite
-    # recursion.
-    package = pkgs.symlinkJoin {
-      name = "hydra-quiet";
-      paths = [ pkgs.hydra ];
-      postBuild = ''
-        for prog in hydra-queue-runner hydra-evaluator ; do
-          prev=$(realpath $out/bin/$prog)
-          rm $out/bin/$prog
-          cat >$out/bin/$prog <<EOF
-        #!/bin/sh
-        args=()
-        for arg in "\$@"; do
-          if [ "\$arg" != "-v" ]; then
-            args+=("\$arg")
-          fi
-        done
-        exec $prev --quiet "\''${args[@]}"
-        EOF
-
-          chmod +x $out/bin/$prog
-        done
-      '';
-    };
-
-    hydraURL = "http://localhost:3001"; # externally visible URL
-    notificationSender = "hydra@jungle.bsc.es"; # e-mail of Hydra service
-    port = 3001;
-    # a standalone Hydra will require you to unset the buildMachinesFiles list to avoid using a nonexistant /etc/nix/machines
-    buildMachinesFiles = [ ];
-    # you will probably also want, otherwise *everything* will be built from scratch
-    useSubstitutes = true;
-    listenHost = "0.0.0.0"; # Force IPv4
-  };
-
-  systemd.services.hydra-send-stats.enable = lib.mkForce false;
-
-  networking.firewall.allowedTCPPorts = [ config.services.hydra.port ];
-
-  nix.settings.extra-allowed-uris = [
-    "git+ssh://git@bscpm04.bsc.es"
-    "git+ssh://git@gitlab-internal.bsc.es"
-    "https://github.com"
-    "git+ssh://github.com"
-  ];
-}
Author	SHA1	Message	Date
Rodrigo Arias Mallo	6001d90daf	WIP: Enable vikunja	2026-02-18 02:55:30 +01:00
Rodrigo Arias Mallo	48bb34847a	Enable redmine	2026-02-18 02:05:24 +01:00
Rodrigo Arias Mallo	41a1f8e17e	Add OpenProject service to tent with docker	2026-02-12 19:32:01 +01:00