nixos/modules/outline.nix

{ config, ... }:
{
  # Open paperless port, but only for local network
  networking.firewall.extraCommands = ''
    iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 3000:3000 -j nixos-fw-accept
    iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 9909:9909 -j nixos-fw-accept
    iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 9910:9910 -j nixos-fw-accept
  '';

  systemd.tmpfiles.rules = [
    "f /run/agenix/outline_gmail 0600 outline users -"
  ];

  services = {
    minio = {
      enable = true;
      region = "ap-south-1";
      listenAddress = "0.0.0.0:9909";
      consoleAddress = "0.0.0.0:9910";
      browser = true;
      rootCredentialsFile = "/run/agenix/minio";
    };

    outline = {
      enable = true;
      port = 3000;
      publicUrl = "https://outline.bhankas.org";
      enableUpdateCheck = false;
      defaultLanguage = "en_US";
      databaseUrl = "local";
      redisUrl = "local";
      concurrency = 4;
      forceHttps = false;
      rateLimiter = {
        enable = true;
        durationWindow = 60;
        requests = 5000;
      };
      storage = {
        region = config.services.minio.region;
        accessKey = "lWdhw1nclwmJiR9j";
        secretKeyFile = "/run/agenix/minio_secret_key";
        uploadBucketUrl = "https://minio.bhankas.org";
        uploadBucketName = "outline";
      };
      smtp = {
        username = "gandalf@bhankas.org";
        secure = true;
        fromEmail = "gandalf@bhankas.org";
        replyEmail = "gandalf@bhankas.org";
        host = "smtp.purelymail.com";
        port = 465;
        passwordFile = "/run/agenix/gandalf_mail";
      };
    };

    nginx = {
      enable = true;
      virtualHosts = {
        "minio.bhankas.org" = {
          addSSL = true;
          enableACME = true;
          locations."/" = {
            proxyPass = "http://${config.services.minio.consoleAddress}";
            proxyWebsockets = false;
            extraConfig =
              "proxy_set_header Host $host;"
            ;
          };
        };

        "outline.bhankas.org" = {
          addSSL = true;
          enableACME = true;
          locations."/" = {
            proxyPass = "http://127.0.0.1:3000";
            proxyWebsockets = true;
            extraConfig =
              "proxy_set_header Host $host;"
            ;
          };
        };
      };
    };
  };

  security.acme = {
    acceptTerms = true;
    certs = {
      "minio.bhankas.org" = {
        email = "admin@bhankas.org";
        dnsResolver = "1.1.1.1:53";
      };

      "outline.bhankas.org" = {
        email = "admin@bhankas.org";
        dnsResolver = "1.1.1.1:53";
      };
    };
  };
}
Clean up wiki.nix, split to outline, paperless and plausible 2023-07-08 14:08:24 +05:30			`{ config, ... }:`
outline: move config to separate module 2023-06-09 23:17:04 +05:30			`{`
			`# Open paperless port, but only for local network`
			`networking.firewall.extraCommands = ''`
			`iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 3000:3000 -j nixos-fw-accept`
			`iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 9909:9909 -j nixos-fw-accept`
			`iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 9910:9910 -j nixos-fw-accept`
			`'';`

Clean up wiki.nix, split to outline, paperless and plausible 2023-07-08 14:08:24 +05:30			`systemd.tmpfiles.rules = [`
			`"f /run/agenix/outline_gmail 0600 outline users -"`
			`];`

outline: move config to separate module 2023-06-09 23:17:04 +05:30			`services = {`
			`minio = {`
			`enable = true;`
			`region = "ap-south-1";`
			`listenAddress = "0.0.0.0:9909";`
			`consoleAddress = "0.0.0.0:9910";`
			`browser = true;`
			`rootCredentialsFile = "/run/agenix/minio";`
			`};`

			`outline = {`
			`enable = true;`
			`port = 3000;`
			`publicUrl = "https://outline.bhankas.org";`
			`enableUpdateCheck = false;`
			`defaultLanguage = "en_US";`
			`databaseUrl = "local";`
			`redisUrl = "local";`
			`concurrency = 4;`
			`forceHttps = false;`
			`rateLimiter = {`
			`enable = true;`
			`durationWindow = 60;`
			`requests = 5000;`
			`};`
			`storage = {`
			`region = config.services.minio.region;`
			`accessKey = "lWdhw1nclwmJiR9j";`
			`secretKeyFile = "/run/agenix/minio_secret_key";`
			`uploadBucketUrl = "https://minio.bhankas.org";`
			`uploadBucketName = "outline";`
			`};`
			`smtp = {`
			`username = "gandalf@bhankas.org";`
			`secure = true;`
			`fromEmail = "gandalf@bhankas.org";`
			`replyEmail = "gandalf@bhankas.org";`
			`host = "smtp.purelymail.com";`
outline: correct smtp port 2023-06-10 13:45:50 +05:30			`port = 465;`
outline: use correct password file 2023-06-10 13:34:12 +05:30			`passwordFile = "/run/agenix/gandalf_mail";`
outline: move config to separate module 2023-06-09 23:17:04 +05:30			`};`
			`};`

			`nginx = {`
			`enable = true;`
			`virtualHosts = {`
			`"minio.bhankas.org" = {`
			`addSSL = true;`
			`enableACME = true;`
			`locations."/" = {`
			`proxyPass = "http://${config.services.minio.consoleAddress}";`
			`proxyWebsockets = false;`
			`extraConfig =`
			`"proxy_set_header Host $host;"`
			`;`
			`};`
			`};`

			`"outline.bhankas.org" = {`
			`addSSL = true;`
			`enableACME = true;`
			`locations."/" = {`
			`proxyPass = "http://127.0.0.1:3000";`
			`proxyWebsockets = true;`
			`extraConfig =`
			`"proxy_set_header Host $host;"`
			`;`
			`};`
			`};`
			`};`
			`};`
			`};`

			`security.acme = {`
			`acceptTerms = true;`
			`certs = {`
			`"minio.bhankas.org" = {`
			`email = "admin@bhankas.org";`
			`dnsResolver = "1.1.1.1:53";`
			`};`

			`"outline.bhankas.org" = {`
			`email = "admin@bhankas.org";`
			`dnsResolver = "1.1.1.1:53";`
			`};`
			`};`
			`};`
			`}`