linkding: init

flake.nix

@@ -33,6 +33,7 @@
         ./modules/games/linux.nix
         ./modules/applications/1password.nix
         ./modules/services/archiveteam-warrior.nix
+        ./modules/services/linkding.nix
 
         ./modules/nix/linux.nix
         ./modules/shell.nix

modules/services/linkding.nix

@@ -0,0 +1,61 @@
+{ config, ... }:
+
+{
+  virtualisation.oci-containers.containers.linkding = {
+    image = "sissbruecker/linkding:latest";
+    ports = [ "9090:9090" ];
+    volumes = [ "/var/lib/linkding/data:/data" ];
+    environmentFiles = [
+      # create superuser account before initially signing in
+      # https://linkding.link/options/#oidc-and-ld_superuser_name
+      # include following environment variables:
+      #   OIDC_RP_CLIENT_SECRET - set to oidc client secret
+      /var/lib/linkding/oidc
+
+    ];
+    environment = {
+      # Can be used to run linkding under a context path, for example: linkding/
+      # Must end with a slash `/`
+      "LD_CONTEXT_PATH"="";
+      # Username of the initial superuser to create, leave empty to not create one
+      "LD_SUPERUSER_NAME"="";
+      # Option to disable background tasks
+      "LD_DISABLE_BACKGROUND_TASKS"="False";
+      # Option to disable URL validation for bookmarks completely
+      "LD_DISABLE_URL_VALIDATION"="False";
+      # List of trusted origins from which to accept POST requests
+      # See docs/Options.md for more details
+      "LD_CSRF_TRUSTED_ORIGINS"="";
+
+      # OIDC
+      "LD_ENABLE_OIDC" = "True";
+      "OIDC_OP_AUTHORIZATION_ENDPOINT"="https://${config.homelab.authDomain}/ui/oauth2";
+      "OIDC_OP_TOKEN_ENDPOINT"="https://${config.homelab.authDomain}/oauth2/token";
+      "OIDC_OP_USER_ENDPOINT"="https://${config.homelab.authDomain}/oauth2/openid/linkding/userinfo";
+      "OIDC_OP_JWKS_ENDPOINT"="https://${config.homelab.authDomain}/oauth2/openid/linkding/public_key.jwk";
+      "OIDC_RP_SIGN_ALGO"="ES256";
+      "OIDC_RP_CLIENT_ID"="linkding";
+
+      # Database settings
+      # These are currently only required for configuring PostreSQL.
+      # By default, linkding uses SQLite for which you don't need to configure anything.
+
+      # Database engine, can be sqlite (default) or postgres
+      "LD_DB_ENGINE"="sqlite";
+      # Database name (default: linkding)
+      "LD_DB_DATABASE"="";
+      # Username to connect to the database server  (default: linkding)
+      "LD_DB_USER"="";
+      # Password to connect to the database server
+      "LD_DB_PASSWORD"="";
+    };
+  };
+
+  services.caddy.virtualHosts."bookmark.${config.homelab.domain}" = {
+    useACMEHost = config.homelab.domain;
+    extraConfig = ''
+      reverse_proxy http://localhost:9090
+      import block_non_private_ips
+    '';
+  };
+}