nixos-config/profiles/servers/outline.nix

{ config, lib, inputs, ... }: {
  sops.secrets = let
    default = {
      sopsFile = inputs.self.secretsDir + /home-hypervisor/outline.yaml;
      owner = config.services.outline.user;
      restartUnits = [ "outline.service" ];
    };
  in {
    outline-minio-key = default;
    outline-mail = default;
    outline-oidc = default;
    outline-key = default;
    outline-utils = default;
  };
  services.outline = {
    enable = true;
    port = 3010;
    publicUrl = "https://docs.ataraxiadev.com";
    forceHttps = false;

    storage = {
      accessKey = "outline";
      secretKeyFile = config.sops.secrets.outline-minio-key.path;
      region = config.services.minio.region;
      uploadBucketUrl = "https://s3.ataraxiadev.com";
      uploadBucketName = "outline";
      # uploadMaxSize = 0;
    };

    oidcAuthentication = {
      authUrl = "https://auth.ataraxiadev.com/application/o/authorize/";
      tokenUrl = "https://auth.ataraxiadev.com/application/o/token/";
      userinfoUrl = "https://auth.ataraxiadev.com/application/o/userinfo/";
      clientId = "tUs7tv85xlK3W4VOw7AQDMYNXqibpV5H8ofR7zix";
      clientSecretFile = config.sops.secrets.outline-oidc.path;
      scopes = [ "openid" "email" "profile" ];
      usernameClaim = "email";
      displayName = "openid";
    };

    smtp = {
      host = "mail.ataraxiadev.com";
      port = 465;
      secure = true;
      username = "outline@ataraxiadev.com";
      passwordFile = config.sops.secrets.outline-mail.path;
      fromEmail = "Outline <no-reply@ataraxiadev.com>";
      replyEmail = "Outline <outline@ataraxiadev.com>";
    };

    secretKeyFile = config.sops.secrets.outline-key.path;
    utilsSecretFile = config.sops.secrets.outline-utils.path;
  };

  systemd.services.outline.after =
    lib.mkIf config.services.authentik.enable [
      "authentik-server.service"
      "authentik-worker.service"
      "nginx.service"
    ];

  backups.postgresql.outline = {};

  persist.state.directories = [
    "/var/lib/redis-outline"
  ];
}
start oidc dependant services after authentik 2024-01-25 21:02:29 +03:00			`{ config, lib, inputs, ... }: {`
use sops instead of secrets module 2024-01-22 16:44:51 +03:00			`sops.secrets = let`
add outline 2023-07-26 21:20:52 +03:00			`default = {`
use sops instead of secrets module 2024-01-22 16:44:51 +03:00			`sopsFile = inputs.self.secretsDir + /home-hypervisor/outline.yaml;`
add outline 2023-07-26 21:20:52 +03:00			`owner = config.services.outline.user;`
use sops instead of secrets module 2024-01-22 16:44:51 +03:00			`restartUnits = [ "outline.service" ];`
add outline 2023-07-26 21:20:52 +03:00			`};`
			`in {`
use sops instead of secrets module 2024-01-22 16:44:51 +03:00			`outline-minio-key = default;`
add outline 2023-07-26 21:20:52 +03:00			`outline-mail = default;`
			`outline-oidc = default;`
			`outline-key = default;`
			`outline-utils = default;`
			`};`
refactor minio 2024-01-21 16:26:48 +03:00			`services.outline = {`
			`enable = true;`
			`port = 3010;`
			`publicUrl = "https://docs.ataraxiadev.com";`
			`forceHttps = false;`
add outline 2023-07-26 21:20:52 +03:00
refactor minio 2024-01-21 16:26:48 +03:00			`storage = {`
			`accessKey = "outline";`
use sops instead of secrets module 2024-01-22 16:44:51 +03:00			`secretKeyFile = config.sops.secrets.outline-minio-key.path;`
refactor minio 2024-01-21 16:26:48 +03:00			`region = config.services.minio.region;`
			`uploadBucketUrl = "https://s3.ataraxiadev.com";`
			`uploadBucketName = "outline";`
			`# uploadMaxSize = 0;`
			`};`
add outline 2023-07-26 21:20:52 +03:00
refactor minio 2024-01-21 16:26:48 +03:00			`oidcAuthentication = {`
			`authUrl = "https://auth.ataraxiadev.com/application/o/authorize/";`
			`tokenUrl = "https://auth.ataraxiadev.com/application/o/token/";`
			`userinfoUrl = "https://auth.ataraxiadev.com/application/o/userinfo/";`
			`clientId = "tUs7tv85xlK3W4VOw7AQDMYNXqibpV5H8ofR7zix";`
use sops instead of secrets module 2024-01-22 16:44:51 +03:00			`clientSecretFile = config.sops.secrets.outline-oidc.path;`
refactor minio 2024-01-21 16:26:48 +03:00			`scopes = [ "openid" "email" "profile" ];`
			`usernameClaim = "email";`
			`displayName = "openid";`
add outline 2023-07-26 21:20:52 +03:00			`};`
refactor minio 2024-01-21 16:26:48 +03:00
			`smtp = {`
			`host = "mail.ataraxiadev.com";`
			`port = 465;`
			`secure = true;`
			`username = "outline@ataraxiadev.com";`
use sops instead of secrets module 2024-01-22 16:44:51 +03:00			`passwordFile = config.sops.secrets.outline-mail.path;`
refactor minio 2024-01-21 16:26:48 +03:00			`fromEmail = "Outline <no-reply@ataraxiadev.com>";`
			`replyEmail = "Outline <outline@ataraxiadev.com>";`
add outline 2023-07-26 21:20:52 +03:00			`};`

use sops instead of secrets module 2024-01-22 16:44:51 +03:00			`secretKeyFile = config.sops.secrets.outline-key.path;`
			`utilsSecretFile = config.sops.secrets.outline-utils.path;`
refactor minio 2024-01-21 16:26:48 +03:00			`};`
add outline 2023-07-26 21:20:52 +03:00
start oidc dependant services after authentik 2024-01-25 21:02:29 +03:00			`systemd.services.outline.after =`
			`lib.mkIf config.services.authentik.enable [`
			`"authentik-server.service"`
			`"authentik-worker.service"`
			`"nginx.service"`
			`];`

backup postresql db's with rustic 2024-01-24 17:28:46 +03:00			`backups.postgresql.outline = {};`

refactor minio 2024-01-21 16:26:48 +03:00			`persist.state.directories = [`
add outline 2023-07-26 21:20:52 +03:00			`"/var/lib/redis-outline"`
			`];`
			`}`