From 893339ba0b8ef8807f20b02e45dca3390b8ba784 Mon Sep 17 00:00:00 2001
From: Raito Bezarius <masterancpp@gmail.com>
Date: Sun, 18 Sep 2022 18:40:55 +0200
Subject: [PATCH] feat: fully functional kanboard

---
 machines/public-cof/kanboard-config.php       | 20 ++++++++-------
 machines/public-cof/kanboard.nix              | 24 ++++++++++++++----
 machines/public-cof/secrets/default.nix       |  6 +++++
 .../public-cof/secrets/kanboard-secrets.age   | 25 +++++++++++++++++++
 machines/public-cof/secrets/secrets.nix       |  1 +
 5 files changed, 62 insertions(+), 14 deletions(-)
 create mode 100644 machines/public-cof/secrets/kanboard-secrets.age

diff --git a/machines/public-cof/kanboard-config.php b/machines/public-cof/kanboard-config.php
index 9c82452..6268892 100644
--- a/machines/public-cof/kanboard-config.php
+++ b/machines/public-cof/kanboard-config.php
@@ -6,6 +6,9 @@
 /* Make sure all paths are absolute by using __DIR__ where needed  */
 /*******************************************************************/
 
+// Require the secret file
+require('@secretsPath@');
+
 // Data folder (must be writeable by the web server user and absolute)
 define('DATA_DIR', '/var/lib/kanboard/data');
 
@@ -13,7 +16,7 @@ define('DATA_DIR', '/var/lib/kanboard/data');
 define('DEBUG', false);
 
 // Available log drivers: syslog, stderr, stdout, system or file
-define('LOG_DRIVER', 'stdout');
+define('LOG_DRIVER', 'file');
 
 // Log filename if the log driver is "file"
 define('LOG_FILE', DATA_DIR.DIRECTORY_SEPARATOR.'debug.log');
@@ -42,21 +45,20 @@ define('FILES_DIR', DATA_DIR.DIRECTORY_SEPARATOR.'files');
 define('MAIL_CONFIGURATION', true);
 
 // E-mail address used for the "From" header (notifications)
-define('MAIL_FROM', 'replace-me@kanboard.local');
+define('MAIL_FROM', 'todo@dgnum.eu');
 
 // E-mail address used for the "Bcc" header to send a copy of all notifications
 define('MAIL_BCC', '');
 
 // Mail transport available: "smtp", "sendmail", "mail" (PHP mail function), "postmark", "mailgun", "sendgrid"
-define('MAIL_TRANSPORT', 'mail');
+define('MAIL_TRANSPORT', 'smtp');
 
 // SMTP configuration to use when the "smtp" transport is chosen
-define('MAIL_SMTP_HOSTNAME', '');
-define('MAIL_SMTP_PORT', 25);
-define('MAIL_SMTP_USERNAME', '');
-define('MAIL_SMTP_PASSWORD', '');
+define('MAIL_SMTP_HOSTNAME', 'kurisu.lahfa.xyz');
+define('MAIL_SMTP_PORT', 587);
+define('MAIL_SMTP_USERNAME', 'todo@dgnum.eu');
 define('MAIL_SMTP_HELO_NAME', null); // valid: null (default), or FQDN
-define('MAIL_SMTP_ENCRYPTION', null); // Valid values are null (not a string "null"), "ssl" or "tls"
+define('MAIL_SMTP_ENCRYPTION', "tls"); // Valid values are null (not a string "null"), "ssl" or "tls"
 
 // Sendmail command to use when the transport is "sendmail"
 define('MAIL_SENDMAIL_COMMAND', '/usr/sbin/sendmail -bs');
@@ -197,7 +199,7 @@ define('LDAP_GROUP_USER_ATTRIBUTE', 'username');
 define('LDAP_GROUP_ATTRIBUTE_NAME', 'cn');
 
 // Enable/Disable groups synchronization when external authentication is used.
-define('LDAP_GROUP_SYNC', true);
+define('LDAP_GROUP_SYNC', false);
 
 // Enable/disable the reverse proxy authentication
 define('REVERSE_PROXY_AUTH', false);
diff --git a/machines/public-cof/kanboard.nix b/machines/public-cof/kanboard.nix
index 3ce8a22..37d411c 100644
--- a/machines/public-cof/kanboard.nix
+++ b/machines/public-cof/kanboard.nix
@@ -5,22 +5,35 @@ let
     sha256 = if hash == null then lib.fakeHash else hash;
   };
   plugins = map mkKanboardPlugin [
-    { name = "userimport_wgroups"; url = "https://github.com/creecros/userimport_wgroups/releases/download/1.0.0/ImportWithGroup-1.0.0.zip"; hash = "sha256-iLpOxwu/atxd062z7z0T3Mkh5YH7IHmcCqiVZPAJbsA="; }
+    { name = "Milestone"; url = "https://github.com/oliviermaridat/kanboard-milestone-plugin/releases/download/1.1.2/Milestone-1.1.2.zip"; hash = "sha256-NrkMvk/5NdVokKQTYoZajdNEt5athjEzXVgrSHBdQ4w="; }
     { name = "MarkdownPlus"; url = "https://github.com/creecros/MarkdownPlus/releases/download/1.1.0/MarkdownPlus-1.1.0.zip"; hash = "sha256-BMzEaj47NnLvatEgUbKeibiWf9G+B4EFlVYhDNqk+y4="; }
     { name = "MetaMagik"; url = "https://github.com/creecros/MetaMagik/releases/download/1.5.1/MetaMagik-1.5.1.zip"; hash = "sha256-8y8+YvS5MAzRt4VVECQK0vQk6oA4Jbxn+2jWQ8nP3gU="; }
     { name = "OAuth2"; url = "https://github.com/kanboard/plugin-oauth2/releases/download/v1.0.2/OAuth2-1.0.2.zip"; hash = "sha256-L0df8bwPCxHjVOCNiVp+dqVsqJ0CEuJbHzwv5sYprIU="; }
-    { name = "KanboardOffline"; url = "https://github.com/ipunkt/KanboardOffline/releases/download/1.0.0/OfflineKanboardPlugin-1.0.0.zip"; hash = "sha256-zYIWKM82Em/ys75XgB/udIGk1+EeScE8jpP2HK2wHGQ="; }
     { name = "HighlightCodeSyntax"; url = "https://github.com/kenlog/HighlightCodeSyntax/releases/download/v1.0.3/HighlightCodeSyntax-v1.0.3.zip"; hash = "sha256-c4bV1gGVNUjHOJKBI6QxsV72mAzcEgjqv8r62ebpPdU="; }
     { name = "Group_assign"; url = "https://github.com/creecros/Group_assign/releases/download/1.7.12/Group_assign-1.7.12.zip"; hash = "sha256-ijI8nIIqsK8Pr1iEfCBUeUD3dlsIfmkOP0xC39JkIAs="; }
   ];
   pluginsDirectory = pkgs.linkFarmFromDrvs "kanboard-plugins" plugins;
+  secretsPath = config.age.secrets.kanboard-secrets.path;
   kanboardConfig = pkgs.substituteAll {
     name = "kanboard-config.php";
     src = ./kanboard-config.php;
+    inherit secretsPath;
     inherit pluginsDirectory;
   };
+  package = pkgs.kanboard.overrideAttrs (old: {
+    installPhase = ''
+      ${(old.installPhase or "")}
+      runHook postInstall
+    '';
+
+    postInstall = ''
+      ${pkgs.xorg.lndir}/bin/lndir ${pluginsDirectory} $out/share/kanboard/plugins
+    '';
+  });
 in
 {
+  environment.systemPackages = [
+  ];
   services.phpfpm.pools.kanboard = {
     user = "kanboard";
     group = "kanboard";
@@ -48,13 +61,14 @@ in
             mkdir -p $out
             for f in index.php jsonrpc.php ; do
               echo "<?php require('$out/config.php');" > $out/$f
-              tail -n+2 ${pkgs.kanboard}/share/kanboard/$f \
-                | sed 's^__DIR__^"${pkgs.kanboard}/share/kanboard"^' >> $out/$f
+              tail -n+2 ${package}/share/kanboard/$f \
+                | sed 's^__DIR__^"${package}/share/kanboard"^' >> $out/$f
             done
             ln -s /var/lib/kanboard $out/data
+            ln -s ${pluginsDirectory} $out/plugins
             ln -s ${kanboardConfig} $out/config.php
           '')
-          { outPath = "${pkgs.kanboard}/share/kanboard"; meta.priority = 10; }
+          { outPath = "${package}/share/kanboard"; meta.priority = 10; }
         ];
       };
       locations = {
diff --git a/machines/public-cof/secrets/default.nix b/machines/public-cof/secrets/default.nix
index a7cd5ea..861d254 100644
--- a/machines/public-cof/secrets/default.nix
+++ b/machines/public-cof/secrets/default.nix
@@ -10,4 +10,10 @@
     group = "nextcloud";
     file = ./nextcloudDatabasePasswordFile.age;
   };
+
+  age.secrets.kanboard-secrets = {
+    owner = "kanboard";
+    group = "kanboard";
+    file = ./kanboard-secrets.age;
+  };
 }
diff --git a/machines/public-cof/secrets/kanboard-secrets.age b/machines/public-cof/secrets/kanboard-secrets.age
new file mode 100644
index 0000000..5bc708c
--- /dev/null
+++ b/machines/public-cof/secrets/kanboard-secrets.age
@@ -0,0 +1,25 @@
+age-encryption.org/v1
+-> ssh-rsa krWCLQ
+jsay8IXK6RjVULRqpfvgHOr8H3ALxQyJ3BQIkmSfRrLlJXDbYWUKBCztXc7whfb/
+XTc3Sa5bybIXXX3wLzYmxCYjUa1CoHgIb1UWAhM3KyTJ4XSw7pVti29VM5p74+ex
+tJeb44hXlkD7V7C2yYp6CcBH1IgnvEL8ulVopkis/TBQtWi6QaGJBPX2yxEJ3QDh
+uAn5czrrDenBZRsIYTaKrlbgCM/Oeh4mDFSaFKIqfX2g7ClbsC1ejF3PvbsXN6il
+pk2YSZ/F5ivNBkvWFmQrNJyLjkcIrxoFvzcXOTk8yM9iu4BFlPbX7NcAMrHpbSIR
+3ew59I0cGkbzRAtLI9p97w
+-> ssh-ed25519 85WiGg XQK2huU0kqkKbVYf6SJFqcumOL8zDPfOuGwNy78dJm4
+aP8CNgS1/wfv2RB7nXZqYnZaXDORk9I5lPZy87FVmRY
+-> ssh-ed25519 reTIKw jZ57SfMYyOr9P9eNK/Q2CMAWtYtfjyV/MaTVnqEHxkU
+ycPo/pwC9CtYWAcrclo1b26+mPU4Z6pCPecGPMmL3ag
+-> ssh-ed25519 /vwQcQ v5bvHTvld6WErGt+Vp0mivpFH5srQPHkbPd0Nk3IDy0
+27+ZreTwyaxtb5vrRpD/2C2MUT9onRcX4Yr7KHnTGOo
+-> ssh-ed25519 cvTB5g gKxECDYMSja0FTqteAk39iMDsNIM+ox31sIvnY2ityk
+pkUZgDWdAzuGCvuRhOE8oeazIRw+kpPhnkksF2zTjxA
+-> ssh-ed25519 Wu8JLQ lMgIKw3Qzg/Lw6UtpPZWDrE0WBc71meaprrnmARqDDM
+FN/S9xo22u4kMWqrPD3KmfLbDq8L0TxtfDUSBLVq+Tk
+-> ssh-ed25519 xbfJnw emSflhzdsItaXULjPXre8jlnXxJuXFAaoLWGVAAej1I
+4OS68AuzPr+zwp9Bqb4lYGJHjPwPMSXuprw7+8agOyU
+-> Wd-grease
+pdSa/JP70fd6VvSgpIJQAk8ZiZfKo8l7UpVwBib59SB9IRNVZdSbHINFUzuIozGu
+Z7dyg+x6QQ
+--- TjceHicjeIIKz0f7R5u7nLrCtb39MmS/vEK3w0xHbmw
+¾ßQ¢ëºZ`? ZvÆ~^è¼Ø$öÒcèt§è2ÓÁÚÔ“y3Ö.+KFÊ2OC‚_$¤]y£³¬À³~ý¢×l%0ôÐ_ ð Ü»”à	R·®EÆM4H’Ä°•á™{ÑrÐ$˜çÞ¬™*1\2FÚ¬BLAK!ÜÜ&Cþ×‹û_Õ.Oëmœ3¬ÕÍ•©hÎ´êµV<ü	z$Š'-sø'J
\ No newline at end of file
diff --git a/machines/public-cof/secrets/secrets.nix b/machines/public-cof/secrets/secrets.nix
index 3f8a62a..70be48a 100644
--- a/machines/public-cof/secrets/secrets.nix
+++ b/machines/public-cof/secrets/secrets.nix
@@ -9,5 +9,6 @@ in
   {
     "nextcloudAdminPasswordFile.age".publicKeys = superadmins ++ systems;
     "nextcloudDatabasePasswordFile.age".publicKeys = superadmins ++ systems;
+    "kanboard-secrets.age".publicKeys = superadmins ++ systems;
   }