feat: fully functional kanboard

2022-09-18 18:40:55 +02:00 · 2022-09-18 18:40:55 +02:00 · 893339ba0b
commit 893339ba0b
parent 5a796ef74f
5 changed files with 62 additions and 14 deletions
--- a/machines/public-cof/kanboard-config.php
+++ b/machines/public-cof/kanboard-config.php
@ -6,6 +6,9 @@
 /* Make sure all paths are absolute by using __DIR__ where needed  */
 /*******************************************************************/

+// Require the secret file
+require('@secretsPath@');
+
 // Data folder (must be writeable by the web server user and absolute)
 define('DATA_DIR', '/var/lib/kanboard/data');

@ -13,7 +16,7 @@ define('DATA_DIR', '/var/lib/kanboard/data');
 define('DEBUG', false);

 // Available log drivers: syslog, stderr, stdout, system or file
-define('LOG_DRIVER', 'stdout');
+define('LOG_DRIVER', 'file');

 // Log filename if the log driver is "file"
 define('LOG_FILE', DATA_DIR.DIRECTORY_SEPARATOR.'debug.log');
@ -42,21 +45,20 @@ define('FILES_DIR', DATA_DIR.DIRECTORY_SEPARATOR.'files');
 define('MAIL_CONFIGURATION', true);

 // E-mail address used for the "From" header (notifications)
-define('MAIL_FROM', 'replace-me@kanboard.local');
+define('MAIL_FROM', 'todo@dgnum.eu');

 // E-mail address used for the "Bcc" header to send a copy of all notifications
 define('MAIL_BCC', '');

 // Mail transport available: "smtp", "sendmail", "mail" (PHP mail function), "postmark", "mailgun", "sendgrid"
-define('MAIL_TRANSPORT', 'mail');
+define('MAIL_TRANSPORT', 'smtp');

 // SMTP configuration to use when the "smtp" transport is chosen
-define('MAIL_SMTP_HOSTNAME', '');
-define('MAIL_SMTP_PORT', 25);
-define('MAIL_SMTP_USERNAME', '');
-define('MAIL_SMTP_PASSWORD', '');
+define('MAIL_SMTP_HOSTNAME', 'kurisu.lahfa.xyz');
+define('MAIL_SMTP_PORT', 587);
+define('MAIL_SMTP_USERNAME', 'todo@dgnum.eu');
 define('MAIL_SMTP_HELO_NAME', null); // valid: null (default), or FQDN
-define('MAIL_SMTP_ENCRYPTION', null); // Valid values are null (not a string "null"), "ssl" or "tls"
+define('MAIL_SMTP_ENCRYPTION', "tls"); // Valid values are null (not a string "null"), "ssl" or "tls"

 // Sendmail command to use when the transport is "sendmail"
 define('MAIL_SENDMAIL_COMMAND', '/usr/sbin/sendmail -bs');
@ -197,7 +199,7 @@ define('LDAP_GROUP_USER_ATTRIBUTE', 'username');
 define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');

 // Enable/Disable groups synchronization when external authentication is used.
-define('LDAP_GROUP_SYNC', true);
+define('LDAP_GROUP_SYNC', false);

 // Enable/disable the reverse proxy authentication
 define('REVERSE_PROXY_AUTH', false);
--- a/machines/public-cof/kanboard.nix
+++ b/machines/public-cof/kanboard.nix
@ -5,22 +5,35 @@ let
    sha256 = if hash == null then lib.fakeHash else hash;
  };
  plugins = map mkKanboardPlugin [
-    { name = "userimport_wgroups"; url = "https://github.com/creecros/userimport_wgroups/releases/download/1.0.0/ImportWithGroup-1.0.0.zip"; hash = "sha256-iLpOxwu/atxd062z7z0T3Mkh5YH7IHmcCqiVZPAJbsA="; }
+    { name = "Milestone"; url = "https://github.com/oliviermaridat/kanboard-milestone-plugin/releases/download/1.1.2/Milestone-1.1.2.zip"; hash = "sha256-NrkMvk/5NdVokKQTYoZajdNEt5athjEzXVgrSHBdQ4w="; }
    { name = "MarkdownPlus"; url = "https://github.com/creecros/MarkdownPlus/releases/download/1.1.0/MarkdownPlus-1.1.0.zip"; hash = "sha256-BMzEaj47NnLvatEgUbKeibiWf9G+B4EFlVYhDNqk+y4="; }
    { name = "MetaMagik"; url = "https://github.com/creecros/MetaMagik/releases/download/1.5.1/MetaMagik-1.5.1.zip"; hash = "sha256-8y8+YvS5MAzRt4VVECQK0vQk6oA4Jbxn+2jWQ8nP3gU="; }
    { name = "OAuth2"; url = "https://github.com/kanboard/plugin-oauth2/releases/download/v1.0.2/OAuth2-1.0.2.zip"; hash = "sha256-L0df8bwPCxHjVOCNiVp+dqVsqJ0CEuJbHzwv5sYprIU="; }
-    { name = "KanboardOffline"; url = "https://github.com/ipunkt/KanboardOffline/releases/download/1.0.0/OfflineKanboardPlugin-1.0.0.zip"; hash = "sha256-zYIWKM82Em/ys75XgB/udIGk1+EeScE8jpP2HK2wHGQ="; }
    { name = "HighlightCodeSyntax"; url = "https://github.com/kenlog/HighlightCodeSyntax/releases/download/v1.0.3/HighlightCodeSyntax-v1.0.3.zip"; hash = "sha256-c4bV1gGVNUjHOJKBI6QxsV72mAzcEgjqv8r62ebpPdU="; }
    { name = "Group_assign"; url = "https://github.com/creecros/Group_assign/releases/download/1.7.12/Group_assign-1.7.12.zip"; hash = "sha256-ijI8nIIqsK8Pr1iEfCBUeUD3dlsIfmkOP0xC39JkIAs="; }
  ];
  pluginsDirectory = pkgs.linkFarmFromDrvs "kanboard-plugins" plugins;
+  secretsPath = config.age.secrets.kanboard-secrets.path;
  kanboardConfig = pkgs.substituteAll {
    name = "kanboard-config.php";
    src = ./kanboard-config.php;
+    inherit secretsPath;
    inherit pluginsDirectory;
  };
+  package = pkgs.kanboard.overrideAttrs (old: {
+    installPhase = ''
+      ${(old.installPhase or "")}
+      runHook postInstall
+    '';
+
+    postInstall = ''
+      ${pkgs.xorg.lndir}/bin/lndir ${pluginsDirectory} $out/share/kanboard/plugins
+    '';
+  });
 in
 {
+  environment.systemPackages = [
+  ];
  services.phpfpm.pools.kanboard = {
    user = "kanboard";
    group = "kanboard";
@ -48,13 +61,14 @@ in
            mkdir -p $out
            for f in index.php jsonrpc.php ; do
              echo "<?php require('$out/config.php');" > $out/$f
-              tail -n+2 ${pkgs.kanboard}/share/kanboard/$f \
-                | sed 's^__DIR__^"${pkgs.kanboard}/share/kanboard"^' >> $out/$f
+              tail -n+2 ${package}/share/kanboard/$f \
+                | sed 's^__DIR__^"${package}/share/kanboard"^' >> $out/$f
            done
            ln -s /var/lib/kanboard $out/data
+            ln -s ${pluginsDirectory} $out/plugins
            ln -s ${kanboardConfig} $out/config.php
          '')
-          { outPath = "${pkgs.kanboard}/share/kanboard"; meta.priority = 10; }
+          { outPath = "${package}/share/kanboard"; meta.priority = 10; }
        ];
      };
      locations = {
--- a/machines/public-cof/secrets/default.nix
+++ b/machines/public-cof/secrets/default.nix
@ -10,4 +10,10 @@
    group = "nextcloud";
    file = ./nextcloudDatabasePasswordFile.age;
  };
+
+  age.secrets.kanboard-secrets = {
+    owner = "kanboard";
+    group = "kanboard";
+    file = ./kanboard-secrets.age;
+  };
 }
--- a/machines/public-cof/secrets/kanboard-secrets.age
+++ b/machines/public-cof/secrets/kanboard-secrets.age
@ -0,0 +1,25 @@
+age-encryption.org/v1
+-> ssh-rsa krWCLQ
+jsay8IXK6RjVULRqpfvgHOr8H3ALxQyJ3BQIkmSfRrLlJXDbYWUKBCztXc7whfb/
+XTc3Sa5bybIXXX3wLzYmxCYjUa1CoHgIb1UWAhM3KyTJ4XSw7pVti29VM5p74+ex
+tJeb44hXlkD7V7C2yYp6CcBH1IgnvEL8ulVopkis/TBQtWi6QaGJBPX2yxEJ3QDh
+uAn5czrrDenBZRsIYTaKrlbgCM/Oeh4mDFSaFKIqfX2g7ClbsC1ejF3PvbsXN6il
+pk2YSZ/F5ivNBkvWFmQrNJyLjkcIrxoFvzcXOTk8yM9iu4BFlPbX7NcAMrHpbSIR
+3ew59I0cGkbzRAtLI9p97w
+-> ssh-ed25519 85WiGg XQK2huU0kqkKbVYf6SJFqcumOL8zDPfOuGwNy78dJm4
+aP8CNgS1/wfv2RB7nXZqYnZaXDORk9I5lPZy87FVmRY
+-> ssh-ed25519 reTIKw jZ57SfMYyOr9P9eNK/Q2CMAWtYtfjyV/MaTVnqEHxkU
+ycPo/pwC9CtYWAcrclo1b26+mPU4Z6pCPecGPMmL3ag
+-> ssh-ed25519 /vwQcQ v5bvHTvld6WErGt+Vp0mivpFH5srQPHkbPd0Nk3IDy0
+27+ZreTwyaxtb5vrRpD/2C2MUT9onRcX4Yr7KHnTGOo
+-> ssh-ed25519 cvTB5g gKxECDYMSja0FTqteAk39iMDsNIM+ox31sIvnY2ityk
+pkUZgDWdAzuGCvuRhOE8oeazIRw+kpPhnkksF2zTjxA
+-> ssh-ed25519 Wu8JLQ lMgIKw3Qzg/Lw6UtpPZWDrE0WBc71meaprrnmARqDDM
+FN/S9xo22u4kMWqrPD3KmfLbDq8L0TxtfDUSBLVq+Tk
+-> ssh-ed25519 xbfJnw emSflhzdsItaXULjPXre8jlnXxJuXFAaoLWGVAAej1I
+4OS68AuzPr+zwp9Bqb4lYGJHjPwPMSXuprw7+8agOyU
+-> Wd-grease
+pdSa/JP70fd6VvSgpIJQAk8ZiZfKo8l7UpVwBib59SB9IRNVZdSbHINFUzuIozGu
+Z7dyg+x6QQ
+--- TjceHicjeIIKz0f7R5u7nLrCtb39MmS/vEK3w0xHbmw
+¾ßQ¢ëºZ`? ZvÆ~^è¼Ø$öÒcèt§è2ÓÁÚÔ“y3Ö.+KFÊ2OC‚_$¤]y£³¬À³~ý¢×l%0ôÐ_ ð Ü»”à	R·®EÆM4H’Ä°•á™{ÑrÐ$˜çÞ¬™*<2A>1\2FÚ¬BLAK!ÜÜ&Cþ×‹û_Õ.Oëmœ3¬ÕÍ•©hÎ´êµV<ü	z$Š'-sø'J
--- a/machines/public-cof/secrets/secrets.nix
+++ b/machines/public-cof/secrets/secrets.nix
@ -9,5 +9,6 @@ in
  {
    "nextcloudAdminPasswordFile.age".publicKeys = superadmins ++ systems;
    "nextcloudDatabasePasswordFile.age".publicKeys = superadmins ++ systems;
+    "kanboard-secrets.age".publicKeys = superadmins ++ systems;
  }