outline: Remove dex
Now that SMTP is working, Dex does not serve a good purpose any longer. It might be somehting I'll think of in future, but the complexity of credential management for little benefit is something I'm not up for right now.
This commit is contained in:
parent
330607b315
commit
455259f5a2
1 changed files with 0 additions and 70 deletions
|
@ -2,21 +2,11 @@
|
|||
{
|
||||
# Open paperless port, but only for local network
|
||||
networking.firewall.extraCommands = ''
|
||||
iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 28981:28981 -j nixos-fw-accept
|
||||
iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 3000:3000 -j nixos-fw-accept
|
||||
iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 9909:9909 -j nixos-fw-accept
|
||||
iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 9910:9910 -j nixos-fw-accept
|
||||
iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 5556:5556 -j nixos-fw-accept
|
||||
'';
|
||||
|
||||
systemd.services = {
|
||||
dex.serviceConfig.StateDirectory = "dex";
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"f /run/agenix/outline_gmail 0600 outline users -"
|
||||
];
|
||||
|
||||
services = {
|
||||
minio = {
|
||||
enable = true;
|
||||
|
@ -27,39 +17,6 @@
|
|||
rootCredentialsFile = "/run/agenix/minio";
|
||||
};
|
||||
|
||||
dex = {
|
||||
enable = true;
|
||||
settings = {
|
||||
issuer = "https://dex.bhankas.org";
|
||||
storage = {
|
||||
type = "sqlite3";
|
||||
config.file = "/var/lib/dex/db.sqlite3";
|
||||
};
|
||||
web.http = "127.0.0.1:5556";
|
||||
staticClients = [
|
||||
{
|
||||
id = "outline";
|
||||
name = "Outline Client";
|
||||
redirectURIs = [
|
||||
"https://outline.bhankas.org/auth/oidc.callback"
|
||||
];
|
||||
secretFile = "${pkgs.writeText "outline-oidc-secret" "test123"}";
|
||||
}
|
||||
];
|
||||
connectors = [
|
||||
{
|
||||
type = "mockPassword";
|
||||
id = "mock";
|
||||
name = "example";
|
||||
config = {
|
||||
username = "bruce";
|
||||
password = "wayne";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
outline = {
|
||||
enable = true;
|
||||
port = 3000;
|
||||
|
@ -91,16 +48,6 @@
|
|||
port = 465;
|
||||
passwordFile = "/run/agenix/gandalf_mail";
|
||||
};
|
||||
oidcAuthentication = {
|
||||
authUrl = "https://dex.bhankas.org/auth";
|
||||
tokenUrl = "https://dex.bhankas.org/token";
|
||||
userinfoUrl = "https://dex.bhankas.org/userinfo";
|
||||
clientId = "outline";
|
||||
clientSecretFile = (builtins.elemAt config.services.dex.settings.staticClients 0).secretFile;
|
||||
scopes = [ "openid" "email" "profile" ];
|
||||
usernameClaim = "preferred_username";
|
||||
displayName = "Dex";
|
||||
};
|
||||
};
|
||||
|
||||
nginx = {
|
||||
|
@ -129,18 +76,6 @@
|
|||
;
|
||||
};
|
||||
};
|
||||
|
||||
"dex.bhankas.org" = {
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:5556";
|
||||
proxyWebsockets = false;
|
||||
extraConfig =
|
||||
"proxy_set_header Host $host;"
|
||||
;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
@ -157,11 +92,6 @@
|
|||
email = "admin@bhankas.org";
|
||||
dnsResolver = "1.1.1.1:53";
|
||||
};
|
||||
|
||||
"dex.bhankas.org" = {
|
||||
email = "admin@bhankas.org";
|
||||
dnsResolver = "1.1.1.1:53";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Reference in a new issue