[openproject] Adds openproject

secrets/mcp.yaml

@@ -2,6 +2,8 @@ gitea_db_password: ENC[AES256_GCM,data:G2YqiDk0msBRjUJkoPxWmayQ9dI=,iv:FsojIJIi6
 bookstack_app_key: ENC[AES256_GCM,data:N79JVlQSoVCXOsIHCxd19HFm6LkrYyXQu/xWenEdUlQWqwZEi3PuHXG7fQgvzQY4KI7S,iv:cd2l2eOv+wAJ5sih3YhHgQTdy1qrvaIsoHcywOnHuYM=,tag:5QvCHlQX8wUz3tI2NXl+8A==,type:str]
 bookstack_db: ENC[AES256_GCM,data:m8fGgAfmJu1rEaxmTVH4FfBhyiU=,iv:OnBT/6sp9zmcJ1+kBmdmvaE630hifxBpvKnu3XrVXcE=,tag:SSVQcYkAymlbFOnf0MB6KA==,type:str]
 mariadb_root_password: ENC[AES256_GCM,data:p965ZhFQqqX+Ub1yhgklVYlBH6A=,iv:qC5WwTvZGvlbAkYiv35xHizMYAnP0V0Vw79EkvL32wQ=,tag:gOJQvHeOC9turFKOMQ9DNg==,type:str]
+openproject:
+    secret-key-base: ENC[AES256_GCM,data:luTuUtxL/SGx6O10y9cRiAzJHw==,iv:8qVJm+obsHr9eV0h+jdpsreeFGxEM+UFZHHiIUUPs6w=,tag:+zpjhKoIiNNSSYxe1QkQ7Q==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -26,8 +28,8 @@ sops:
             by9aNFY4dXNxaWxnTXFTQS9reHhuQWMKh5rZ93nFtBV9EpFVRp+E+GXZ6xzVy2Jw
             vFh4deGcAb60q4odSaeWfk1Dr7L9Ua69oK9omjbCNUt+P7Kwlfca7Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-03-25T21:23:10Z"
-    mac: ENC[AES256_GCM,data:BTmAMxauVjQaMoQhDCCAloniVfEaxB5vUhI6Cvu1YFMesLv3yhnZ9lgRB4SXsyd7Kf3xefY7Wg+PtMnl2aX6BR4Tdss5H+UTHzsa3M888TI3EAEykXbPFUfOapAiboP71aibiDj8L0lbcKimGJpg3llzeNtK370fjAp7hsnh7aE=,iv:YTMrTtqDkq9L2y42X2nmEKruSKp7v70GStMw/JjPrL8=,tag:x1LclBpygFZQBWPYkE9chw==,type:str]
+    lastmodified: "2025-04-03T19:04:17Z"
+    mac: ENC[AES256_GCM,data:DEUuXrCl3OXJ9NbfLoxHIND5+m7enHNDbuLE2jS8nvZCpKm83YoXwp0RhIFA725wJnBej26HLkovCi7V/4s5NrrfT9sPHGNBMSHB0AAcwu3Dmo6G2PBKvAWZTxXmiIXGx8vSvWNbLrp3vTV8jjTpfbuMvOiuxayKfn6esKI9T2o=,iv:zUfbL753Uvzg6WW4kwI8swmpWHIQ/IpCyYSsLptVDG4=,tag:XZy8jNZYYcqspd6zptH3pQ==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.4

system/hosts/mcp/containers.nix

@@ -9,6 +9,7 @@
     ./containers/jobhunt.nix
     ./containers/mariadb.nix
     ./containers/nextcloud.nix
+    ./containers/openproject.nix
     ./containers/prometheus.nix
     ./containers/pocket-id.nix
     ./containers/public-homepage.nix

system/hosts/mcp/containers/lib.nix

@@ -27,10 +27,11 @@ in
     homepageOpts,
     dependsOn ? [],
     domain ? havenisms,
+    ports ? [],
     volumes ? [],
     environment ? {},
     environmentFiles ? [],
-    public ? false
+    public ? false,
   }:
     let routerRule = if public then hostRule hostName domain else localHostRule hostName domain;
     in

system/hosts/mcp/containers/openproject.nix

@@ -0,0 +1,43 @@
+{ config, ... }:
+let 
+  inherit (import ./lib.nix config) mkContainer havenisms;
+  hostName = "projects";
+in {
+
+  sops.secrets = {
+    "openproject/secret-key-base" = {
+      restartUnits = [ "podman-openproject.service" ];
+      mode = "0400";
+      owner = config.users.users.bookstack.name;
+    };
+  };
+
+  sops.templates."openproject.env" = {
+    restartUnits = [ "podman-openproject.service" ];
+    content = ''
+      OPENPROJECT_SECRET_KEY_BASE=${config.sops.placeholder."openproject/secret-key-base"}
+      OPENPROJECT_HOST__NAME=${hostName}.${havenisms}
+      OPENPROJECT_HTTPS=false
+      OPENPROJECT_DEFAULT__LANGUAGE=en
+    '';
+  };
+
+  virtualisation.oci-containers.containers.openproject = mkContainer {
+    inherit hostName;
+    # Note: this is the all-in-one container that has it's own database.
+    # Consider switching to the `-slim` version and configuring your own
+    # database.
+    image = "openproject/openproject:15";
+    domain = havenisms;
+    port = 80;
+    homepageOpts = {
+      group = "Apps";
+      name = "OpenProject";
+      icon = "openproject.svg";
+      description = "Project Management";
+    };
+    environmentFiles = [
+      config.sops.templates."openproject.env".path
+    ];
+  };
+}