{ config, lib, pkgs, ... }: let uiPort = 8080; in { users.users.taskwarrior-webui = { isSystemUser = true; group = "taskwarrior-webui"; uid = config.ids.uids.taskd; }; users.groups.taskwarrior-webui = { gid = config.ids.gids.taskd; }; # fixme: process is running as root # fixme: task sync not working virtualisation.oci-containers = { containers.taskwarrior-webui = { volumes = [ "/srv/taskwarrior/taskrc:/.taskrc" "/srv/taskwarrior/task:/.task" ]; ports = [ # only allow access via wireguard "10.100.0.1:${toString uiPort}:80" ]; #user = "${toString config.users.users.taskwarrior-webui.uid}:${toString config.users.groups.taskwarrior-webui.gid}"; environment = { TZ = "Europe/Berlin"; }; image = "dcsunset/taskwarrior-webui:3"; extraOptions = [ # https://www.artificialworlds.net/blog/2023/08/18/accessing-services-on-the-host-from-a-docker-container-or-a-podman-one/ # host.containers.internal <- will reference host ports "--network=slirp4netns:allow_host_loopback=true" ]; }; }; networking.firewall.interfaces.wg0.allowedTCPPorts = [ uiPort ]; networking.firewall.interfaces.wg0.allowedUDPPorts = [ uiPort ]; verify.closed.public.ports.taskserver-webui = [ uiPort ]; # host nginx setup # ---------------- # curl -H "Host: taskwarrior.ingolf-wagner.de" https://orbi.private/ < will work # curl -H "Host: taskwarrior.ingolf-wagner.de" https://10.100.0.1/ < will work # curl -H "Host: taskwarrior.ingolf-wagner.de" https://144.76.13.147/ < wont work #services.nginx = { # enable = true; # recommendedProxySettings = true; # virtualHosts = { # "transmission2.${config.networking.hostName}.private" = { # extraConfig = '' # allow ${config.tinc.private.subnet}; # allow ${config.wireguard.wg0.subnet}; # deny all; # ''; # locations."/" = { # proxyPass = "http://127.0.0.1:${toString uiPort}"; # }; # }; # }; #}; }