add outline

2023-07-26 21:20:52 +03:00 · 2023-07-26 21:20:52 +03:00 · cb9ad324c1
commit cb9ad324c1
parent 41da95615d
6 changed files with 101 additions and 14 deletions
--- a/machines/Home-Hypervisor/default.nix
+++ b/machines/Home-Hypervisor/default.nix
@ -40,6 +40,7 @@ in {
    nixosProfiles.atticd
    nixosProfiles.attic
    nixosProfiles.restic-server
+    nixosProfiles.outline

    (import nixosProfiles.blocky {
      inherit config;
--- a/machines/Home-Hypervisor/dns-mapping.nix
+++ b/machines/Home-Hypervisor/dns-mapping.nix
@ -27,6 +27,7 @@
        "cinny.ataraxiadev.com" = "matrix.ataraxiadev.com";
        "cocalc.ataraxiadev.com" = "ataraxiadev.com";
        "code.ataraxiadev.com" = "ataraxiadev.com";
+        "docs.ataraxiadev.com" = "ataraxiadev.com";
        "dimension.ataraxiadev.com" = "matrix.ataraxiadev.com";
        "element.ataraxiadev.com" = "matrix.ataraxiadev.com";
        "fb.ataraxiadev.com" = "ataraxiadev.com";
--- a/machines/NixOS-VPS/hardware/dns-mapping.nix
+++ b/machines/NixOS-VPS/hardware/dns-mapping.nix
@ -8,6 +8,7 @@
    { name = "cocalc.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
    { name = "code.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
    { name = "dimension.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
+    { name = "docs.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
    { name = "element.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
    { name = "fb.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
    { name = "file.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
@ -49,6 +50,7 @@
    { name = "cocalc.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
    { name = "code.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
    { name = "dimension.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
+    { name = "docs.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
    { name = "element.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
    { name = "fb.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
    { name = "file.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
--- a/profiles/servers/mailserver.nix
+++ b/profiles/servers/mailserver.nix
@ -16,6 +16,7 @@ in {
  secrets.mailserver-authentik = secrets-default;
  secrets.mailserver-kavita = secrets-default;
  secrets.mailserver-synapse = secrets-default;
+  secrets.mailserver-outline = secrets-default;

  security.acme.certs."mail.ataraxiadev.com" = {
    webroot = "/var/lib/acme/acme-challenge";
@ -118,6 +119,10 @@ in {
        aliases = [ "matrix" ];
        hashedPasswordFile = config.secrets.mailserver-synapse.decrypted;
      };
+      "outline@ataraxiadev.com" = {
+        aliases = [ "outline" ];
+        hashedPasswordFile = config.secrets.mailserver-outline.decrypted;
+      };
    };
    hierarchySeparator = "/";
    localDnsResolver = false;
--- a/profiles/servers/nginx.nix
+++ b/profiles/servers/nginx.nix
@ -77,6 +77,7 @@ in {
        "home.ataraxiadev.com"
        "openbooks.ataraxiadev.com"
        "cache.ataraxiadev.com"
+        "docs.ataraxiadev.com"

        "matrix.ataraxiadev.com"
        "cinny.ataraxiadev.com"
@ -161,13 +162,8 @@ in {
        locations."/" = {
          proxyPass = "http://matrix.pve:81";
          extraConfig = ''
-            # proxy_hide_header Content-Security-Policy;
-            proxy_set_header X-Forwarded-For $remote_addr;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
            client_max_body_size 50M;
-          '';
+          '' + proxySettings;
        };
      } // default;
      "matrix:8448" = {
@ -178,24 +174,36 @@ in {
          ssl = true;
        }];
        locations."/" = {
-          proxyPass = "http://matrix.pve:8449";
+          proxyPass = "http://matrix.pve:8448";
          extraConfig = ''
-            proxy_set_header X-Forwarded-For $remote_addr;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header Host $host;
            client_max_body_size 50M;
-          '';
+          '' + proxySettings;
        };
      } // default;
      "home.ataraxiadev.com" = default // authentik {
        root = { proxyPass = "http://127.0.0.1:3000"; };
      };
-      "openbooks.ataraxiadev.com" = default // authentik {
-        root = {
+      # "openbooks.ataraxiadev.com" = default // authentik {
+      #   root = {
+      #     proxyPass = "http://127.0.0.1:8097";
+      #     proxyWebsockets = true;
+      #   };
+      # };
+      "openbooks.ataraxiadev.com" = {
+        locations."/" = {
          proxyPass = "http://127.0.0.1:8097";
          proxyWebsockets = true;
        };
-      };
+      } // default;
+      "docs.ataraxiadev.com" = {
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:3010";
+          proxyWebsockets = true;
+          extraConfig = ''
+            client_max_body_size 100M;
+          '' + proxySettings;
+        };
+      } // default;
      "vw.ataraxiadev.com" = {
        locations."/" = {
          proxyPass = "http://127.0.0.1:8812";
--- a/profiles/servers/outline.nix
+++ b/profiles/servers/outline.nix
@ -0,0 +1,70 @@
+{ config, pkgs, lib, ... }: {
+  secrets = let
+    default = {
+      owner = config.services.outline.user;
+      services = [ "outline.service" ];
+    };
+  in {
+    minio-cred.owner = "minio";
+    minio-cred.services = [ "minio.service" ];
+    minio-outline = default;
+    outline-mail = default;
+    outline-oidc = default;
+    outline-key = default;
+    outline-utils = default;
+  };
+  services = {
+    outline = {
+      enable = true;
+      port = 3010;
+      publicUrl = "https://docs.ataraxiadev.com";
+      forceHttps = false;
+
+      storage = {
+        accessKey = "outline";
+        secretKeyFile = config.secrets.minio-outline.decrypted;
+        region = config.services.minio.region;
+        uploadBucketUrl = "http://127.0.0.1:9100";
+        uploadBucketName = "outline";
+        # uploadMaxSize = 0;
+      };
+
+      oidcAuthentication = {
+        authUrl = "https://auth.ataraxiadev.com/application/o/authorize/";
+        tokenUrl = "https://auth.ataraxiadev.com/application/o/token/";
+        userinfoUrl = "https://auth.ataraxiadev.com/application/o/userinfo/";
+        clientId = "tUs7tv85xlK3W4VOw7AQDMYNXqibpV5H8ofR7zix";
+        clientSecretFile = config.secrets.outline-oidc.decrypted;
+        scopes = [ "openid" "email" "profile" ];
+        usernameClaim = "email";
+        displayName = "openid";
+      };
+
+      smtp = {
+        host = "mail.ataraxiadev.com";
+        port = 465;
+        secure = true;
+        username = "outline@ataraxiadev.com";
+        passwordFile = config.secrets.outline-mail.decrypted;
+        fromEmail = "Outline <no-reply@ataraxiadev.com>";
+        replyEmail = "Outline <outline@ataraxiadev.com>";
+      };
+
+      secretKeyFile = config.secrets.outline-key.decrypted;
+      utilsSecretFile = config.secrets.outline-utils.decrypted;
+    };
+    minio = {
+      enable = true;
+      listenAddress = "127.0.0.1:9100";
+      consoleAddress = "192.168.0.10:9101";
+      rootCredentialsFile = config.secrets.minio-cred.decrypted;
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 9101 ];
+
+  persist.state.directories = config.services.minio.dataDir ++ [
+    "/var/lib/redis-outline"
+    config.services.minio.configDir
+  ];
+}