outline: move config to separate module
This commit is contained in:
parent
a386973589
commit
d2ee858caa
3 changed files with 168 additions and 144 deletions
|
@ -84,6 +84,7 @@
|
|||
./modules/monitoring/monitoring.nix
|
||||
./modules/calibre.nix
|
||||
./modules/wiki.nix
|
||||
./modules/outline.nix
|
||||
./modules/vaultwarden.nix
|
||||
|
||||
# Host-specific config
|
||||
|
|
167
modules/outline.nix
Normal file
167
modules/outline.nix
Normal file
|
@ -0,0 +1,167 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
# Open paperless port, but only for local network
|
||||
networking.firewall.extraCommands = ''
|
||||
iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 28981:28981 -j nixos-fw-accept
|
||||
iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 3000:3000 -j nixos-fw-accept
|
||||
iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 9909:9909 -j nixos-fw-accept
|
||||
iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 9910:9910 -j nixos-fw-accept
|
||||
iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 5556:5556 -j nixos-fw-accept
|
||||
'';
|
||||
|
||||
systemd.services = {
|
||||
dex.serviceConfig.StateDirectory = "dex";
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
"f /run/agenix/outline_gmail 0600 outline users -"
|
||||
];
|
||||
|
||||
services = {
|
||||
minio = {
|
||||
enable = true;
|
||||
region = "ap-south-1";
|
||||
listenAddress = "0.0.0.0:9909";
|
||||
consoleAddress = "0.0.0.0:9910";
|
||||
browser = true;
|
||||
rootCredentialsFile = "/run/agenix/minio";
|
||||
};
|
||||
|
||||
dex = {
|
||||
enable = true;
|
||||
settings = {
|
||||
issuer = "https://dex.bhankas.org";
|
||||
storage = {
|
||||
type = "sqlite3";
|
||||
config.file = "/var/lib/dex/db.sqlite3";
|
||||
};
|
||||
web.http = "127.0.0.1:5556";
|
||||
staticClients = [
|
||||
{
|
||||
id = "outline";
|
||||
name = "Outline Client";
|
||||
redirectURIs = [
|
||||
"https://outline.bhankas.org/auth/oidc.callback"
|
||||
];
|
||||
secretFile = "${pkgs.writeText "outline-oidc-secret" "test123"}";
|
||||
}
|
||||
];
|
||||
connectors = [
|
||||
{
|
||||
type = "mockPassword";
|
||||
id = "mock";
|
||||
name = "example";
|
||||
config = {
|
||||
username = "bruce";
|
||||
password = "wayne";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
outline = {
|
||||
enable = true;
|
||||
port = 3000;
|
||||
publicUrl = "https://outline.bhankas.org";
|
||||
enableUpdateCheck = false;
|
||||
defaultLanguage = "en_US";
|
||||
databaseUrl = "local";
|
||||
redisUrl = "local";
|
||||
concurrency = 4;
|
||||
forceHttps = false;
|
||||
rateLimiter = {
|
||||
enable = true;
|
||||
durationWindow = 60;
|
||||
requests = 5000;
|
||||
};
|
||||
storage = {
|
||||
region = config.services.minio.region;
|
||||
accessKey = "lWdhw1nclwmJiR9j";
|
||||
secretKeyFile = "/run/agenix/minio_secret_key";
|
||||
uploadBucketUrl = "https://minio.bhankas.org";
|
||||
uploadBucketName = "outline";
|
||||
};
|
||||
smtp = {
|
||||
username = "gandalf@bhankas.org";
|
||||
secure = true;
|
||||
fromEmail = "gandalf@bhankas.org";
|
||||
replyEmail = "gandalf@bhankas.org";
|
||||
host = "smtp.purelymail.com";
|
||||
port = 587;
|
||||
passwordFile = "/run/agenix/outline_gmail";
|
||||
};
|
||||
oidcAuthentication = {
|
||||
authUrl = "https://dex.bhankas.org/auth";
|
||||
tokenUrl = "https://dex.bhankas.org/token";
|
||||
userinfoUrl = "https://dex.bhankas.org/userinfo";
|
||||
clientId = "outline";
|
||||
clientSecretFile = (builtins.elemAt config.services.dex.settings.staticClients 0).secretFile;
|
||||
scopes = [ "openid" "email" "profile" ];
|
||||
usernameClaim = "preferred_username";
|
||||
displayName = "Dex";
|
||||
};
|
||||
};
|
||||
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"minio.bhankas.org" = {
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://${config.services.minio.consoleAddress}";
|
||||
proxyWebsockets = false;
|
||||
extraConfig =
|
||||
"proxy_set_header Host $host;"
|
||||
;
|
||||
};
|
||||
};
|
||||
|
||||
"outline.bhankas.org" = {
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:3000";
|
||||
proxyWebsockets = true;
|
||||
extraConfig =
|
||||
"proxy_set_header Host $host;"
|
||||
;
|
||||
};
|
||||
};
|
||||
|
||||
"dex.bhankas.org" = {
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:5556";
|
||||
proxyWebsockets = false;
|
||||
extraConfig =
|
||||
"proxy_set_header Host $host;"
|
||||
;
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
|
||||
security.acme = {
|
||||
acceptTerms = true;
|
||||
certs = {
|
||||
"minio.bhankas.org" = {
|
||||
email = "admin@bhankas.org";
|
||||
dnsResolver = "1.1.1.1:53";
|
||||
};
|
||||
|
||||
"outline.bhankas.org" = {
|
||||
email = "admin@bhankas.org";
|
||||
dnsResolver = "1.1.1.1:53";
|
||||
};
|
||||
|
||||
"dex.bhankas.org" = {
|
||||
email = "admin@bhankas.org";
|
||||
dnsResolver = "1.1.1.1:53";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
144
modules/wiki.nix
144
modules/wiki.nix
|
@ -1,20 +1,13 @@
|
|||
{ config, pkgs, ... }:
|
||||
{
|
||||
# Open paperless port, but only for local network
|
||||
networking.firewall.extraCommands = ''
|
||||
iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 28981:28981 -j nixos-fw-accept
|
||||
iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 3000:3000 -j nixos-fw-accept
|
||||
iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 9909:9909 -j nixos-fw-accept
|
||||
iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 9910:9910 -j nixos-fw-accept
|
||||
iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 5556:5556 -j nixos-fw-accept
|
||||
'';
|
||||
|
||||
systemd.services = {
|
||||
paperless-scheduler.after = [ "var-lib-paperless.mount" ];
|
||||
paperless-consumer.after = [ "var-lib-paperless.mount" ];
|
||||
paperless-web.after = [ "var-lib-paperless.mount" ];
|
||||
|
||||
dex.serviceConfig.StateDirectory = "dex";
|
||||
};
|
||||
|
||||
systemd.tmpfiles.rules = [
|
||||
|
@ -43,91 +36,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
minio = {
|
||||
enable = true;
|
||||
region = "ap-south-1";
|
||||
listenAddress = "0.0.0.0:9909";
|
||||
consoleAddress = "0.0.0.0:9910";
|
||||
browser = true;
|
||||
rootCredentialsFile = "/run/agenix/minio";
|
||||
};
|
||||
|
||||
dex = {
|
||||
enable = true;
|
||||
settings = {
|
||||
issuer = "https://dex.bhankas.org";
|
||||
storage = {
|
||||
type = "sqlite3";
|
||||
config.file = "/var/lib/dex/db.sqlite3";
|
||||
};
|
||||
web.http = "127.0.0.1:5556";
|
||||
staticClients = [
|
||||
{
|
||||
id = "outline";
|
||||
name = "Outline Client";
|
||||
redirectURIs = [
|
||||
"https://outline.bhankas.org/auth/oidc.callback"
|
||||
];
|
||||
secretFile = "${pkgs.writeText "outline-oidc-secret" "test123"}";
|
||||
}
|
||||
];
|
||||
connectors = [
|
||||
{
|
||||
type = "mockPassword";
|
||||
id = "mock";
|
||||
name = "example";
|
||||
config = {
|
||||
username = "bruce";
|
||||
password = "wayne";
|
||||
};
|
||||
}
|
||||
];
|
||||
};
|
||||
};
|
||||
|
||||
outline = {
|
||||
enable = true;
|
||||
port = 3000;
|
||||
publicUrl = "https://outline.bhankas.org";
|
||||
enableUpdateCheck = false;
|
||||
defaultLanguage = "en_US";
|
||||
databaseUrl = "local";
|
||||
redisUrl = "local";
|
||||
concurrency = 4;
|
||||
forceHttps = false;
|
||||
rateLimiter = {
|
||||
enable = true;
|
||||
durationWindow = 60;
|
||||
requests = 5000;
|
||||
};
|
||||
storage = {
|
||||
region = config.services.minio.region;
|
||||
accessKey = "lWdhw1nclwmJiR9j";
|
||||
secretKeyFile = "/run/agenix/minio_secret_key";
|
||||
uploadBucketUrl = "https://minio.bhankas.org";
|
||||
uploadBucketName = "outline";
|
||||
};
|
||||
smtp = {
|
||||
username = "gandalf@bhankas.org";
|
||||
secure = true;
|
||||
fromEmail = "gandalf@bhankas.org";
|
||||
replyEmail = "gandalf@bhankas.org";
|
||||
host = "smtp.purelymail.com";
|
||||
port = 587;
|
||||
passwordFile = "/run/agenix/outline_gmail";
|
||||
};
|
||||
oidcAuthentication = {
|
||||
authUrl = "https://dex.bhankas.org/auth";
|
||||
tokenUrl = "https://dex.bhankas.org/token";
|
||||
userinfoUrl = "https://dex.bhankas.org/userinfo";
|
||||
clientId = "outline";
|
||||
clientSecretFile = (builtins.elemAt config.services.dex.settings.staticClients 0).secretFile;
|
||||
scopes = [ "openid" "email" "profile" ];
|
||||
usernameClaim = "preferred_username";
|
||||
displayName = "Dex";
|
||||
};
|
||||
};
|
||||
|
||||
radicale = {
|
||||
enable = true;
|
||||
settings = {
|
||||
|
@ -162,7 +70,6 @@
|
|||
|
||||
# TODO: Split to their respective locations
|
||||
nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"bebop.bhankas.org" = {
|
||||
addSSL = true;
|
||||
|
@ -176,18 +83,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
"minio.bhankas.org" = {
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://${config.services.minio.consoleAddress}";
|
||||
proxyWebsockets = false;
|
||||
extraConfig =
|
||||
"proxy_set_header Host $host;"
|
||||
;
|
||||
};
|
||||
};
|
||||
|
||||
"paperless.bhankas.org" = {
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
|
@ -200,30 +95,6 @@
|
|||
};
|
||||
};
|
||||
|
||||
"outline.bhankas.org" = {
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:3000";
|
||||
proxyWebsockets = true;
|
||||
extraConfig =
|
||||
"proxy_set_header Host $host;"
|
||||
;
|
||||
};
|
||||
};
|
||||
|
||||
"dex.bhankas.org" = {
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://127.0.0.1:5556";
|
||||
proxyWebsockets = false;
|
||||
extraConfig =
|
||||
"proxy_set_header Host $host;"
|
||||
;
|
||||
};
|
||||
};
|
||||
|
||||
"radicale.bhankas.org" = {
|
||||
addSSL = true;
|
||||
enableACME = true;
|
||||
|
@ -259,26 +130,11 @@
|
|||
dnsResolver = "1.1.1.1:53";
|
||||
};
|
||||
|
||||
"minio.bhankas.org" = {
|
||||
email = "admin@bhankas.org";
|
||||
dnsResolver = "1.1.1.1:53";
|
||||
};
|
||||
|
||||
"paperless.bhankas.org" = {
|
||||
email = "admin@bhankas.org";
|
||||
dnsResolver = "1.1.1.1:53";
|
||||
};
|
||||
|
||||
"outline.bhankas.org" = {
|
||||
email = "admin@bhankas.org";
|
||||
dnsResolver = "1.1.1.1:53";
|
||||
};
|
||||
|
||||
"dex.bhankas.org" = {
|
||||
email = "admin@bhankas.org";
|
||||
dnsResolver = "1.1.1.1:53";
|
||||
};
|
||||
|
||||
"radicale.bhankas.org" = {
|
||||
email = "admin@bhankas.org";
|
||||
dnsResolver = "1.1.1.1:53";
|
||||
|
|
Reference in a new issue