{ config, ... }: { # Open paperless port, but only for local network networking.firewall.extraCommands = '' iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 3000:3000 -j nixos-fw-accept iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 9909:9909 -j nixos-fw-accept iptables -A nixos-fw -p tcp --source 192.168.0.0/24 --dport 9910:9910 -j nixos-fw-accept ''; systemd.tmpfiles.rules = [ "f /run/agenix/outline_gmail 0600 outline users -" ]; services = { minio = { enable = true; region = "ap-south-1"; listenAddress = "0.0.0.0:9909"; consoleAddress = "0.0.0.0:9910"; browser = true; rootCredentialsFile = "/run/agenix/minio"; }; outline = { enable = true; port = 3000; publicUrl = "https://outline.bhankas.org"; enableUpdateCheck = false; defaultLanguage = "en_US"; databaseUrl = "local"; redisUrl = "local"; concurrency = 4; forceHttps = false; rateLimiter = { enable = true; durationWindow = 60; requests = 5000; }; storage = { region = config.services.minio.region; accessKey = "lWdhw1nclwmJiR9j"; secretKeyFile = "/run/agenix/minio_secret_key"; uploadBucketUrl = "https://minio.bhankas.org"; uploadBucketName = "outline"; }; smtp = { username = "gandalf@bhankas.org"; secure = true; fromEmail = "gandalf@bhankas.org"; replyEmail = "gandalf@bhankas.org"; host = "smtp.purelymail.com"; port = 465; passwordFile = "/run/agenix/gandalf_mail"; }; }; nginx = { enable = true; virtualHosts = { "minio.bhankas.org" = { addSSL = true; enableACME = true; locations."/" = { proxyPass = "http://${config.services.minio.consoleAddress}"; proxyWebsockets = false; extraConfig = "proxy_set_header Host $host;" ; }; }; "outline.bhankas.org" = { addSSL = true; enableACME = true; locations."/" = { proxyPass = "http://127.0.0.1:3000"; proxyWebsockets = true; extraConfig = "proxy_set_header Host $host;" ; }; }; }; }; }; security.acme = { acceptTerms = true; certs = { "minio.bhankas.org" = { email = "admin@bhankas.org"; dnsResolver = "1.1.1.1:53"; }; "outline.bhankas.org" = { email = "admin@bhankas.org"; dnsResolver = "1.1.1.1:53"; }; }; }; }