WIP: Enable vikunja

Reviewed-by: Aleix Boné <abonerib@bsc.es>

m/common/base/env.nix

@@ -2,11 +2,36 @@
 
 {
   environment.systemPackages = with pkgs; [
-    vim wget git htop tmux pciutils tcpdump ripgrep nix-index nixos-option
+    cmake
-    nix-diff ipmitool freeipmi ethtool lm_sensors cmake gnumake file tree
+    ethtool
-    ncdu perf ldns pv
+    file
+    freeipmi
+    git
+    gnumake
+    home-manager
+    htop
+    ipmitool
+    ldns
+    lm_sensors
+    ncdu
+    nix-diff
+    nix-index
+    nix-output-monitor
+    nixfmt-tree
+    nixos-option
+    pciutils
+    perf
+    pv
+    ripgrep
+    tcpdump
+    tmux
+    tree
+    vim
+    wget
+
     # From jungle overlay
-    osumb nixgen
+    nixgen
+    osumb
   ];
 
   programs.direnv.enable = true;

m/common/base/users.nix

@@ -194,6 +194,19 @@
           "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOlRX7ZCnqtUJYCxKgWmgSrFCYuA2LHY96rVwqxXPl86 aaguirre@BSC-8488184117"
         ];
       };
+
+      emonteir = {
+        uid = 9656;
+        isNormalUser = true;
+        home = "/home/Computational/emonteir";
+        description = "Erwin Royson Monteiro";
+        group = "Computational";
+        hosts = [ "apex" "fox" ];
+        hashedPassword = "$6$0mU88zd3ZuK5NiJQ$DFWL5RMLH6esQM5UyhBCiiNryw4lDDmvJp7Usz3tmevnsiSJr6u0RsUKAnR/K8GRBFrV1.GocrgNjKjik5GY//";
+        openssh.authorizedKeys.keys = [
+          "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOKZKot/Y3F5Wq9pQIXlCbyvQuVVeWMCsAC96Nd+LTcG erwin@Oreo"
+        ];
+      };
     };
 
     groups = {

m/hut/nginx.nix

@@ -4,8 +4,8 @@ let
     name = "jungle-web";
     src = pkgs.fetchgit {
       url = "https://jungle.bsc.es/git/rarias/jungle-website.git";
-      rev = "52abaf4d71652a9ef77a0b098db14ca33bffff4c";
+      rev = "5f18335d14126d2fef134c0cd441771436f7dfa1";
-      hash = "sha256-/ul9GazbOrOkmlvSgDz/+2W+V+ir5725Y7mVLc3rb0M=";
+      hash = "sha256-s9VBF91sQ7hg9+lrwNFPYgoXTTyXaQcAulCiGJgWERo=";
     };
     buildInputs = [ pkgs.hugo ];
     buildPhase = ''

m/module/tc1-board.nix

@@ -0,0 +1,27 @@
+{ lib, pkgs, ... }:
+
+{
+  # Allow user access to FTDI USB device
+  services.udev.packages = lib.singleton (pkgs.writeTextFile {
+    # Needs to be < 73
+    name = "60-ftdi-tc1.rules";
+    text = ''
+      # Bus 003 Device 003: ID 0403:6011 Future Technology Devices International, Ltd FT4232H Quad HS USB-UART/FIFO IC
+      # Use := to make sure it doesn't get changed later
+      SUBSYSTEMS=="usb", ATTRS{idVendor}=="0403", ATTRS{idProduct}=="6011", MODE:="0666"
+    '';
+    destination = "/etc/udev/rules.d/60-ftdi-tc1.rules";
+  });
+
+  # Allow access to USB for docker in GitLab runner
+  services.gitlab-runner = {
+    services.gitlab-bsc-docker = {
+      registrationFlags = [
+        # We need raw access to the USB port to reboot the board
+        "--docker-devices /dev/bus/usb/003/003"
+        # And TTY access for the serial port
+        "--docker-devices /dev/ttyUSB2"
+      ];
+    };
+  };
+}

m/tent/configuration.nix

@@ -11,11 +11,15 @@
     ./nix-serve.nix
     ./gitlab-runner.nix
     ./gitea.nix
+    ./openproject.nix
+    ./redmine.nix
+    ./vikunja.nix
     ../hut/public-inbox.nix
     ../hut/msmtp.nix
     ../module/p.nix
     ../module/vpn-dac.nix
     ../module/hut-substituter.nix
+    ../module/tc1-board.nix
   ];
 
   # Select the this using the ID to avoid mismatches

m/tent/nginx.nix

@@ -4,8 +4,8 @@ let
     name = "jungle-web";
     src = pkgs.fetchgit {
       url = "https://jungle.bsc.es/git/rarias/jungle-website.git";
-      rev = "52abaf4d71652a9ef77a0b098db14ca33bffff4c";
+      rev = "5f18335d14126d2fef134c0cd441771436f7dfa1";
-      hash = "sha256-/ul9GazbOrOkmlvSgDz/+2W+V+ir5725Y7mVLc3rb0M=";
+      hash = "sha256-s9VBF91sQ7hg9+lrwNFPYgoXTTyXaQcAulCiGJgWERo=";
     };
     buildInputs = [ pkgs.hugo ];
     buildPhase = ''
@@ -52,6 +52,16 @@ in
           proxy_pass http://127.0.0.1:8081;
           proxy_redirect http:// $scheme://;
         }
+        location /op {
+          proxy_pass http://127.0.0.1:8080;
+          proxy_pass_header  Server;
+          proxy_redirect     off;
+          proxy_set_header   X-Forwarded-Proto https;          
+          proxy_set_header   Host $host;
+          proxy_set_header   X-Real-IP $remote_addr;
+          proxy_set_header   X-Scheme $scheme;
+          proxy_pass_request_headers on;
+        }
         location /grafana {
           proxy_pass http://127.0.0.1:2342;
           proxy_redirect http:// $scheme://;

m/tent/openproject.nix

@@ -0,0 +1,51 @@
+{ pkgs, ... }:
+
+let
+  dataDir = "/var/lib/openproject/assets";
+in
+{
+  # TODO: Create a new user and group to run openproject
+
+  # Ensure directory exists
+  systemd.tmpfiles.rules = [
+    "d ${dataDir} 777 root root"
+  ];
+
+  systemd.services.openproject = let
+    openprojectSrc = pkgs.fetchFromGitHub {
+      owner = "opf";
+      repo = "openproject-docker-compose";
+      rev = "b66694f26020a205fbefd697530fee287d1ddea2"; # branch stable/17
+      sha256 = "sha256-m23vM0NyaTA54sjAHlFJ8mOhOjqp9CAciLx4UxzFfHI=";
+    };
+    envFile = pkgs.writeText ".env" ''
+    # https://www.openproject.org/docs/installation-and-operations/configuration/environment/
+    TAG=17-slim
+    OPENPROJECT_HTTPS=true
+    SECRET_KEY_BASE=OVERWRITE_ME
+    OPENPROJECT_HOST__NAME=jungle.bsc.es
+    PORT=127.0.0.1:8080
+    OPENPROJECT_RAILS__RELATIVE__URL__ROOT=/op
+    IMAP_ENABLED=false
+    DATABASE_URL=postgres://postgres:p4ssw0rd@db/openproject?pool=20&encoding=unicode&reconnect=true
+    RAILS_MIN_THREADS=4
+    RAILS_MAX_THREADS=16
+    PGDATA="/var/lib/postgresql/data"
+    OPDATA="${dataDir}"
+    COLLABORATIVE_SERVER_URL=ws://localhost:8080/hocuspocus
+    COLLABORATIVE_SERVER_SECRET=secret12345
+    '';
+  in {
+    # Needs docker-compose package
+    path = with pkgs; [ docker-compose ];
+    script = ''
+      docker-compose \
+        -p openproject \
+        -f ${openprojectSrc}/docker-compose.yml \
+        --env-file ${envFile} \
+        up --build --pull always
+    '';
+    wantedBy = [ "multi-user.target" ];
+    after = [ "docker.service" "docker.socket" ];
+  };
+}

m/tent/redmine.nix

@@ -0,0 +1,10 @@
+{ pkgs, ... }:
+
+{
+  services.redmine = {
+    enable = true;
+    port = 3003;
+    database.type = "sqlite3";
+    # Redmine::Utils::relative_url_root = "/redmine" 
+  };
+}

m/tent/vikunja.nix

@@ -0,0 +1,13 @@
+{ pkgs, ... }:
+{
+  services.vikunja.enable = true;
+  services.vikunja.frontendScheme = "http";
+  services.vikunja.frontendHostname = "localhost";
+
+  # To run vikunja from a subdirectory we need to *sigh* rebuild it with the
+  # variable "VIKUNJA_FRONTEND_BASE" set to the subpath.
+  # See https://vikunja.io/docs/running-vikunja-in-a-subdirectory/
+  # services.vikunja.package = pkgs.vikunja.overrideAttrs (old: {
+  # });
+  #services.nginx.virtualHosts."jungle.bsc.es".locations."/vikunja".extraConfig
+}