add outline

machines/Home-Hypervisor/default.nix

@@ -40,6 +40,7 @@ in {
     nixosProfiles.atticd
     nixosProfiles.attic
     nixosProfiles.restic-server
+    nixosProfiles.outline
 
     (import nixosProfiles.blocky {
       inherit config;

machines/Home-Hypervisor/dns-mapping.nix

@@ -27,6 +27,7 @@
         "cinny.ataraxiadev.com" = "matrix.ataraxiadev.com";
         "cocalc.ataraxiadev.com" = "ataraxiadev.com";
         "code.ataraxiadev.com" = "ataraxiadev.com";
+        "docs.ataraxiadev.com" = "ataraxiadev.com";
         "dimension.ataraxiadev.com" = "matrix.ataraxiadev.com";
         "element.ataraxiadev.com" = "matrix.ataraxiadev.com";
         "fb.ataraxiadev.com" = "ataraxiadev.com";

machines/NixOS-VPS/hardware/dns-mapping.nix

@@ -8,6 +8,7 @@
     { name = "cocalc.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
     { name = "code.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
     { name = "dimension.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
+    { name = "docs.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
     { name = "element.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
     { name = "fb.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
     { name = "file.ataraxiadev.com"; type = "A"; value = "100.64.0.3"; }
@@ -49,6 +50,7 @@
     { name = "cocalc.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
     { name = "code.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
     { name = "dimension.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
+    { name = "docs.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
     { name = "element.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
     { name = "fb.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }
     { name = "file.ataraxiadev.com"; type = "AAAA"; value = "fd7a:115c:a1e0::3"; }

profiles/servers/mailserver.nix

@@ -16,6 +16,7 @@ in {
   secrets.mailserver-authentik = secrets-default;
   secrets.mailserver-kavita = secrets-default;
   secrets.mailserver-synapse = secrets-default;
+  secrets.mailserver-outline = secrets-default;
 
   security.acme.certs."mail.ataraxiadev.com" = {
     webroot = "/var/lib/acme/acme-challenge";
@@ -118,6 +119,10 @@ in {
         aliases = [ "matrix" ];
         hashedPasswordFile = config.secrets.mailserver-synapse.decrypted;
       };
+      "outline@ataraxiadev.com" = {
+        aliases = [ "outline" ];
+        hashedPasswordFile = config.secrets.mailserver-outline.decrypted;
+      };
     };
     hierarchySeparator = "/";
     localDnsResolver = false;

profiles/servers/nginx.nix

@@ -77,6 +77,7 @@ in {
         "home.ataraxiadev.com"
         "openbooks.ataraxiadev.com"
         "cache.ataraxiadev.com"
+        "docs.ataraxiadev.com"
 
         "matrix.ataraxiadev.com"
         "cinny.ataraxiadev.com"
@@ -161,13 +162,8 @@ in {
         locations."/" = {
           proxyPass = "http://matrix.pve:81";
           extraConfig = ''
-            # proxy_hide_header Content-Security-Policy;
-            proxy_set_header X-Forwarded-For $remote_addr;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header Host $host;
-            proxy_set_header X-Real-IP $remote_addr;
             client_max_body_size 50M;
-          '';
+          '' + proxySettings;
         };
       } // default;
       "matrix:8448" = {
@@ -178,24 +174,36 @@ in {
           ssl = true;
         }];
         locations."/" = {
-          proxyPass = "http://matrix.pve:8449";
+          proxyPass = "http://matrix.pve:8448";
           extraConfig = ''
-            proxy_set_header X-Forwarded-For $remote_addr;
-            proxy_set_header X-Forwarded-Proto $scheme;
-            proxy_set_header Host $host;
             client_max_body_size 50M;
-          '';
+          '' + proxySettings;
         };
       } // default;
       "home.ataraxiadev.com" = default // authentik {
         root = { proxyPass = "http://127.0.0.1:3000"; };
       };
-      "openbooks.ataraxiadev.com" = default // authentik {
+      # "openbooks.ataraxiadev.com" = default // authentik {
-        root = {
+      #   root = {
+      #     proxyPass = "http://127.0.0.1:8097";
+      #     proxyWebsockets = true;
+      #   };
+      # };
+      "openbooks.ataraxiadev.com" = {
+        locations."/" = {
           proxyPass = "http://127.0.0.1:8097";
           proxyWebsockets = true;
         };
-      };
+      } // default;
+      "docs.ataraxiadev.com" = {
+        locations."/" = {
+          proxyPass = "http://127.0.0.1:3010";
+          proxyWebsockets = true;
+          extraConfig = ''
+            client_max_body_size 100M;
+          '' + proxySettings;
+        };
+      } // default;
       "vw.ataraxiadev.com" = {
         locations."/" = {
           proxyPass = "http://127.0.0.1:8812";

profiles/servers/outline.nix

@@ -0,0 +1,70 @@
+{ config, pkgs, lib, ... }: {
+  secrets = let
+    default = {
+      owner = config.services.outline.user;
+      services = [ "outline.service" ];
+    };
+  in {
+    minio-cred.owner = "minio";
+    minio-cred.services = [ "minio.service" ];
+    minio-outline = default;
+    outline-mail = default;
+    outline-oidc = default;
+    outline-key = default;
+    outline-utils = default;
+  };
+  services = {
+    outline = {
+      enable = true;
+      port = 3010;
+      publicUrl = "https://docs.ataraxiadev.com";
+      forceHttps = false;
+
+      storage = {
+        accessKey = "outline";
+        secretKeyFile = config.secrets.minio-outline.decrypted;
+        region = config.services.minio.region;
+        uploadBucketUrl = "http://127.0.0.1:9100";
+        uploadBucketName = "outline";
+        # uploadMaxSize = 0;
+      };
+
+      oidcAuthentication = {
+        authUrl = "https://auth.ataraxiadev.com/application/o/authorize/";
+        tokenUrl = "https://auth.ataraxiadev.com/application/o/token/";
+        userinfoUrl = "https://auth.ataraxiadev.com/application/o/userinfo/";
+        clientId = "tUs7tv85xlK3W4VOw7AQDMYNXqibpV5H8ofR7zix";
+        clientSecretFile = config.secrets.outline-oidc.decrypted;
+        scopes = [ "openid" "email" "profile" ];
+        usernameClaim = "email";
+        displayName = "openid";
+      };
+
+      smtp = {
+        host = "mail.ataraxiadev.com";
+        port = 465;
+        secure = true;
+        username = "outline@ataraxiadev.com";
+        passwordFile = config.secrets.outline-mail.decrypted;
+        fromEmail = "Outline <no-reply@ataraxiadev.com>";
+        replyEmail = "Outline <outline@ataraxiadev.com>";
+      };
+
+      secretKeyFile = config.secrets.outline-key.decrypted;
+      utilsSecretFile = config.secrets.outline-utils.decrypted;
+    };
+    minio = {
+      enable = true;
+      listenAddress = "127.0.0.1:9100";
+      consoleAddress = "192.168.0.10:9101";
+      rootCredentialsFile = config.secrets.minio-cred.decrypted;
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 9101 ];
+
+  persist.state.directories = config.services.minio.dataDir ++ [
+    "/var/lib/redis-outline"
+    config.services.minio.configDir
+  ];
+}