From 1f5832074b11387cd3b940bead73978567b61165 Mon Sep 17 00:00:00 2001
From: h7x4 <h7x4@nani.wtf>
Date: Wed, 12 Jul 2023 23:40:58 +0200
Subject: [PATCH] tsuki/taskserver: (unfinished) start setting up taskserver
 and taskwarrior

---
 hosts/tsuki/configuration.nix       |  1 +
 hosts/tsuki/services/taskserver.nix | 35 +++++++++++++++++++++++++++++
 2 files changed, 36 insertions(+)
 create mode 100644 hosts/tsuki/services/taskserver.nix

diff --git a/hosts/tsuki/configuration.nix b/hosts/tsuki/configuration.nix
index ddbecf9..742a923 100644
--- a/hosts/tsuki/configuration.nix
+++ b/hosts/tsuki/configuration.nix
@@ -24,6 +24,7 @@
     ./services/pgadmin.nix
     ./services/plex.nix
     ./services/postgres.nix
+    ./services/taskserver.nix
     ./services/vaultwarden.nix
     ./services/vscode-server.nix
 
diff --git a/hosts/tsuki/services/taskserver.nix b/hosts/tsuki/services/taskserver.nix
new file mode 100644
index 0000000..16e304a
--- /dev/null
+++ b/hosts/tsuki/services/taskserver.nix
@@ -0,0 +1,35 @@
+{ pkgs, config, secrets, ... }:
+{
+  security.acme.certs."tasks.nani.wtf" = {
+    group = config.services.taskserver.group;
+  };
+
+  systemd.services.taskserver.serviceConfig = {
+    ReadOnlyPaths = config.security.acme.certs."tasks.nani.wtf".directory;
+  };
+
+  services.taskserver = {
+    enable = true;
+    fqdn = "todo.nani.wtf";
+    listenPort = secrets.ports.taskserver;
+    dataDir = "${config.machineVars.dataDrives.default}/var/taskserver";
+
+    organisations.h7x4 = {
+      groups = [ "users" ];
+      users = [ "h7x4" ];
+    };
+
+    pki.manual = let
+      inherit (config.security.acme.certs."tasks.nani.wtf") directory;
+    in {
+      server.key = "${directory}/key.pem";
+      server.cert = "${directory}/cert.pem";
+      ca.cert = "${directory}/chain.pem";
+    };
+  };
+
+  environment = {
+    systemPackages = with pkgs; [ taskserver ];
+    variables.TASKDDATA = config.services.taskserver.dataDir;
+  };
+}