2023-07-08 14:08:24 +05:30
|
|
|
{ config, ... }:
|
2023-06-09 23:17:04 +05:30
|
|
|
{
|
|
|
|
# Open paperless port, but only for local network
|
|
|
|
networking.firewall.extraCommands = ''
|
|
|
|
iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 3000:3000 -j nixos-fw-accept
|
|
|
|
iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 9909:9909 -j nixos-fw-accept
|
|
|
|
iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 9910:9910 -j nixos-fw-accept
|
|
|
|
'';
|
|
|
|
|
2023-07-08 14:08:24 +05:30
|
|
|
systemd.tmpfiles.rules = [
|
|
|
|
"f /run/agenix/outline_gmail 0600 outline users -"
|
|
|
|
];
|
|
|
|
|
2023-06-09 23:17:04 +05:30
|
|
|
services = {
|
|
|
|
minio = {
|
|
|
|
enable = true;
|
|
|
|
region = "ap-south-1";
|
|
|
|
listenAddress = "0.0.0.0:9909";
|
|
|
|
consoleAddress = "0.0.0.0:9910";
|
|
|
|
browser = true;
|
|
|
|
rootCredentialsFile = "/run/agenix/minio";
|
|
|
|
};
|
|
|
|
|
|
|
|
outline = {
|
|
|
|
enable = true;
|
|
|
|
port = 3000;
|
|
|
|
publicUrl = "https://outline.bhankas.org";
|
|
|
|
enableUpdateCheck = false;
|
|
|
|
defaultLanguage = "en_US";
|
|
|
|
databaseUrl = "local";
|
|
|
|
redisUrl = "local";
|
|
|
|
concurrency = 4;
|
|
|
|
forceHttps = false;
|
|
|
|
rateLimiter = {
|
|
|
|
enable = true;
|
|
|
|
durationWindow = 60;
|
|
|
|
requests = 5000;
|
|
|
|
};
|
|
|
|
storage = {
|
|
|
|
region = config.services.minio.region;
|
|
|
|
accessKey = "lWdhw1nclwmJiR9j";
|
|
|
|
secretKeyFile = "/run/agenix/minio_secret_key";
|
|
|
|
uploadBucketUrl = "https://minio.bhankas.org";
|
|
|
|
uploadBucketName = "outline";
|
|
|
|
};
|
|
|
|
smtp = {
|
|
|
|
username = "gandalf@bhankas.org";
|
|
|
|
secure = true;
|
|
|
|
fromEmail = "gandalf@bhankas.org";
|
|
|
|
replyEmail = "gandalf@bhankas.org";
|
|
|
|
host = "smtp.purelymail.com";
|
2023-06-10 13:45:50 +05:30
|
|
|
port = 465;
|
2023-06-10 13:34:12 +05:30
|
|
|
passwordFile = "/run/agenix/gandalf_mail";
|
2023-06-09 23:17:04 +05:30
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
nginx = {
|
|
|
|
enable = true;
|
|
|
|
virtualHosts = {
|
|
|
|
"minio.bhankas.org" = {
|
|
|
|
addSSL = true;
|
|
|
|
enableACME = true;
|
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://${config.services.minio.consoleAddress}";
|
|
|
|
proxyWebsockets = false;
|
|
|
|
extraConfig =
|
|
|
|
"proxy_set_header Host $host;"
|
|
|
|
;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
"outline.bhankas.org" = {
|
|
|
|
addSSL = true;
|
|
|
|
enableACME = true;
|
|
|
|
locations."/" = {
|
|
|
|
proxyPass = "http://127.0.0.1:3000";
|
|
|
|
proxyWebsockets = true;
|
|
|
|
extraConfig =
|
|
|
|
"proxy_set_header Host $host;"
|
|
|
|
;
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
|
|
|
|
security.acme = {
|
|
|
|
acceptTerms = true;
|
|
|
|
certs = {
|
|
|
|
"minio.bhankas.org" = {
|
|
|
|
email = "admin@bhankas.org";
|
|
|
|
dnsResolver = "1.1.1.1:53";
|
|
|
|
};
|
|
|
|
|
|
|
|
"outline.bhankas.org" = {
|
|
|
|
email = "admin@bhankas.org";
|
|
|
|
dnsResolver = "1.1.1.1:53";
|
|
|
|
};
|
|
|
|
};
|
|
|
|
};
|
|
|
|
}
|