Added properly configured vikunja container

.sops.yaml

@@ -0,0 +1,7 @@
+keys:
+  - &host_key age15x4h66uk6ct3436e6r4l0tkpf86e7jzl3lqd2acndq2jjvq5za3stqg2fy
+creation_rules:
+  - path_regex: secrets\.yaml$
+    key_groups:
+    - age:
+      - *host_key

flake.nix

@@ -9,6 +9,8 @@
     # Home manager
     home-manager.url = "github:nix-community/home-manager/release-24.11";
     home-manager.inputs.nixpkgs.follows = "nixpkgs";
+    # Add sops for secret management
+    sops-nix.url = "github:Mic92/sops-nix";
     # add phinger hyprcursor flake
     hyprcursor-phinger.url = "github:jappie3/hyprcursor-phinger";
     # add zen browser flake
@@ -122,6 +124,16 @@
           };
         };
         modules = [
+          inputs.sops-nix.homeManagerModules.sops
+          {
+            sops = {
+              defaultSopsFile = ./secrets.yaml;
+              secrets = {
+                # Define your secrets here
+                vikunja_jwtsecret = {};
+              };
+            };
+          }
           ./home-manager/homeserver.nix
         ];
       };

home-manager/homeserver/containers/work_tools.nix

@@ -10,29 +10,20 @@
   services.podman.containers = {
     vikunja = {
       image = "docker.io/vikunja/vikunja:latest";
+      autoUpdate = "registry";
       environment = {
-        VIKUNJA_SERVICE_JWTSECRET = "<a super secure random secret>";
+        VIKUNJA_SERVICE_JWTSECRET = config.sops.secrets.vikunja_jwt_secret.path;
         VIKUNJA_SERVICE_PUBLICURL = "http://bulba.space/";
-        # Note the default path is /app/vikunja/vikunja.db.
-        # This config variable moves it to a different folder so you can use a volume and
-        # store the database file outside the container so state is persisted even if the container is destroyed.
         VIKUNJA_DATABASE_PATH = "/db/vikunja.db";
       };
+      environmentFiles = [
+        config.sops.secrets.vikunja_jwt_secret.path
+      ];
+      volumes = [
+        "/home/cianh/vikunja/files:/app/vikunja/files"
+        "/home/cianh/vikunja/db:/db"
+      ];
+      ports = ["3456:3456"];
     };
   };
-  # vikunja:
-  #   image: vikunja/vikunja
-  #   environment:
-  #     VIKUNJA_SERVICE_JWTSECRET: <a super secure random secret>
-  #     VIKUNJA_SERVICE_PUBLICURL: http://<your public frontend url with slash>/
-  #     # Note the default path is /app/vikunja/vikunja.db.
-  #     # This config variable moves it to a different folder so you can use a volume and
-  #     # store the database file outside the container so state is persisted even if the container is destroyed.
-  #     VIKUNJA_DATABASE_PATH: /db/vikunja.db
-  #   ports:
-  #     - 3456:3456
-  #   volumes:
-  #     - ./files:/app/vikunja/files
-  #     - ./db:/db
-  #   restart: unless-stopped
 }

home-manager/homeserver/packages.nix

@@ -20,6 +20,7 @@
       lua54Packages.lua
       luajitPackages.luarocks
       nodejs-slim
+      sops
       stylua
     ])
     ++ (with unstablePkgs; [