From fe6d12b060d4e521b151e3d1b60eed1f23b10a5f Mon Sep 17 00:00:00 2001
From: Timo Boomers <me+gitea@xeovalyte.dev>
Date: Tue, 20 May 2025 15:36:56 +0200
Subject: [PATCH] added linkding

---
 hosts/v-th-ctr-01/home.nix           |  1 +
 modules/home/containers/caddy.nix    |  5 +++
 modules/home/containers/linkding.nix | 53 ++++++++++++++++++++++++++++
 modules/home/default.nix             |  1 +
 secrets/deploy.yaml                  |  6 ++--
 5 files changed, 64 insertions(+), 2 deletions(-)
 create mode 100644 modules/home/containers/linkding.nix

diff --git a/hosts/v-th-ctr-01/home.nix b/hosts/v-th-ctr-01/home.nix
index f6e82f8..8128814 100644
--- a/hosts/v-th-ctr-01/home.nix
+++ b/hosts/v-th-ctr-01/home.nix
@@ -56,6 +56,7 @@
         karakeep.enable = true;
         vikunja.enable = true;
         stalwart.enable = true;
+        linkding.enable = true;
       };
     };
 
diff --git a/modules/home/containers/caddy.nix b/modules/home/containers/caddy.nix
index 1038711..48774f7 100644
--- a/modules/home/containers/caddy.nix
+++ b/modules/home/containers/caddy.nix
@@ -126,6 +126,11 @@ in {
         handle @vikunja {
           reverse_proxy vikunja:3456
         }
+
+        @linkding host linkding.local.tbmrs.nl
+        handle @linkding {
+          reverse_proxy linkding:9090
+        }
       }
     '';
   };
diff --git a/modules/home/containers/linkding.nix b/modules/home/containers/linkding.nix
new file mode 100644
index 0000000..db0766a
--- /dev/null
+++ b/modules/home/containers/linkding.nix
@@ -0,0 +1,53 @@
+{ config, lib, ... }:
+
+with lib;
+
+let
+  cfg = config.settings.containers.linkding;
+in {
+  options = {
+    settings.containers.linkding.enable = lib.mkOption {
+      type = lib.types.bool;
+      default = false;
+      description = ''
+        Enable linkding container
+      '';
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services.podman.containers.linkding = {
+      image = "ghcr.io/sissbruecker/linkding:latest";
+      network = "proxy";
+      volumes = [
+        "%h/containers/linkding/data:/etc/linkding/data" 
+      ];
+      environment = {
+        LD_ENABLE_OIDC = "True";
+        OIDC_RP_CLIENT_ID = "linkding";
+        OIDC_OP_AUTHORIZATION_ENDPOINT = "https://auth.tbmrs.nl/ui/oauth2";
+        OIDC_OP_TOKEN_ENDPOINT = "https://auth.tbmrs.nl/oauth2/token";
+        OIDC_OP_USER_ENDPOINT = "https://auth.tbmrs.nl/oauth2/openid/linkding/userinfo";
+        OIDC_OP_JWKS_ENDPOINT = "https://auth.tbmrs.nl/oauth2/openid/linkding/public_key.jwk";
+        OIDC_RP_SIGN_ALGO = "ES256";
+      };
+      environmentFile = [
+        "${config.sops.templates."container-linkding.env".path}"
+      ];
+    };
+
+    settings.services.sops.enable = true;
+
+    sops.templates = {
+      "container-linkding.env" = {
+        content = /*bash*/ ''
+          OIDC_RP_CLIENT_SECRET=${config.sops.placeholder."containers/linkding/oidc-secret"}
+        '';
+      };
+    };
+
+    sops.secrets = {
+      "containers/linkding/oidc-secret" = { };
+    };
+  };
+}
diff --git a/modules/home/default.nix b/modules/home/default.nix
index b877917..b98bd16 100644
--- a/modules/home/default.nix
+++ b/modules/home/default.nix
@@ -45,6 +45,7 @@
     ./containers/vikunja.nix
     ./containers/stalwart.nix
     ./containers/static.nix
+    ./containers/linkding.nix
   ];
 
   config = {
diff --git a/secrets/deploy.yaml b/secrets/deploy.yaml
index 3e4f8c8..be3e17c 100644
--- a/secrets/deploy.yaml
+++ b/secrets/deploy.yaml
@@ -2,6 +2,8 @@ example-key: ENC[AES256_GCM,data:+fugS5JmmpnH2CJdDg==,iv:SgpzREfqbgBgd8psV7Optl4
 containers:
     pingvin-share:
         oidc-secret: ENC[AES256_GCM,data:NYeCjqcwmBD4TK3Ma1d/OlgCAcgMkOHecGlaNat28ZQtzBJmzjYllcB06F3VUZtq,iv:SnnmXiZoawpZV83483esQ1TIaFTACiIUcA6hcoXsw0I=,tag:iWuZvHe9bqvn/+NOLUkO1Q==,type:str]
+    linkding:
+        oidc-secret: ENC[AES256_GCM,data:nHY/qyZVK8soqdCgPJfh1gQlh/2+w4CU83+xbpLMQZ0/17qEuh53C1cC5mUXyQjV,iv:IlbwHY8BXB93L0UYDU9jmbXX7s6ovHQp9BUAmDBhgwk=,tag:VqaIRKeNUTPScsaLQ0H6VQ==,type:str]
     beszel:
         key: ENC[AES256_GCM,data:pnk1AUQvhdj4WJOqSB+3bnuNYeOU3xucacLVnUY8D8ulXJUOs1UOc3rlv27IGEbGurEWmbrghDZlIyM91jtWQZN4P2SpwR18ry6PJVYKXCY=,iv:OS/+jF4MtwPdijXPpG2pgpJQTYyer9bms97B+kO8XhI=,tag:G+6ur+SwFJS5Sq69hl2faA==,type:str]
     karakeep:
@@ -26,8 +28,8 @@ sops:
             YW9ScGtXMCtlTnFKZU1uSGxlNzhrY3cKkIJgEglWVxmgMx805z9hhkxM2Igbn3OF
             9xXdHBqaWC+pepYoYyNSA8gnptto3I5BPsC5p9RSAI8bQLsi2ciR5Q==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-05-17T13:23:59Z"
-    mac: ENC[AES256_GCM,data:5vM+Isza9LfnM7dNLd7w9/kd08kUA/UqLYG9FLQLJtDEnUC5ypEmHHeoJMlVP4WvpDj58LCKNPKZq9VEGMr7ussFdbCx374ov9TZEsaR3/Ifla8Ad+yxo+cQ7nEIdk59VTMZD2leU5gcoxwCVJJDK5Cfdr96jIlbPQCyaycWUR0=,iv:lNX8liwqgoDmPk2d52i+VXKuYkeVdAAI5AsNqQZeSmo=,tag:OFhDlm3zUPiFeQZwBSDqWw==,type:str]
+    lastmodified: "2025-05-19T09:10:03Z"
+    mac: ENC[AES256_GCM,data:DYG42CpouwjfjLD5XV89sDPtRO3KbF54lD1VTjEziPIUl97GSj2a6ssY3/Z8IOkgSJ/09NHi3cucbG5Aakb7P4dvdxzQTmeV2rpQU/ZkxGJN6Au16AtuQlbFhyIYEO/cbUBgzt2FOYjwoO+IqbOCssY3lEnJf/MyypoiLmCNsF0=,iv:ftnnOu+6ufgrgkf8BzuMxQDpvRbjCPDWNWFXHsrqTr8=,tag:GchjRRn5k4FoMTANvJXZ8Q==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.9.4