services/outline/default.nix at 641f4ed3563f2c06f7719ff769c2b55bce69e1fb · sapphic.moe/flake

sapphic.moe / flake
❄️ Dotfiles for our NixOS system configuration.
flake / services / outline / default.nix
at 641f4ed3563f2c06f7719ff769c2b55bce69e1fb 3.1 kB view raw
  1{ config, ... }:
  2
  3{
  4  age.secrets = {
  5    minioCredentials = {
  6      file = ../../secrets/minio.age;
  7      mode = "600";
  8      owner = "minio";
  9      group = "minio";
 10    };
 11
 12    outlineClientSecret = {
 13      file = ../../secrets/outline/client-secret.age;
 14      mode = "600";
 15      owner = "outline";
 16      group = "outline";
 17    };
 18    outlineMinioSecret = {
 19      file = ../../secrets/outline/minio-password.age;
 20      mode = "600";
 21      owner = "outline";
 22      group = "outline";
 23    };
 24    outlineSecretKey = {
 25      file = ../../secrets/outline/secret-key.age;
 26      mode = "600";
 27      owner = "outline";
 28      group = "outline";
 29    };
 30    outlineSMTPPassword = {
 31      file = ../../secrets/outline/smtp-password.age;
 32      mode = "600";
 33      owner = "outline";
 34      group = "outline";
 35    };
 36    outlineUtilsSecret = {
 37      file = ../../secrets/outline/utils-secret.age;
 38      mode = "600";
 39      owner = "outline";
 40      group = "outline";
 41    };
 42  };
 43
 44  services.outline = {
 45    enable = true;
 46    publicUrl = "https://wiki.sappho.systems";
 47    port = 3300;
 48    forceHttps = true;
 49
 50    secretKeyFile = config.age.secrets.outlineSecretKey.path;
 51    utilsSecretFile = config.age.secrets.outlineUtilsSecret.path;
 52
 53    databaseUrl = "local";
 54    redisUrl = "local";
 55
 56    maximumImportSize = 104857600;
 57
 58    storage = {
 59      storageType = "s3";
 60      accessKey = "minio";
 61      secretKeyFile = config.age.secrets.outlineMinioSecret.path;
 62      uploadBucketUrl = "https://minio.sappho.systems";
 63      uploadBucketName = "outline";
 64      region = "us-east-1";
 65      uploadMaxSize = 104857600;
 66      forcePathStyle = true;
 67      acl = "private";
 68    };
 69
 70    smtp = {
 71      host = "smtp.purelymail.com";
 72      port = 587;
 73      username = "noreply@sapphic.moe";
 74      replyEmail = "noreply@sapphic.moe";
 75      passwordFile = config.age.secrets.outlineSMTPPassword.path;
 76      fromEmail = "noreply@sapphic.moe";
 77      secure = false;
 78    };
 79
 80    oidcAuthentication = {
 81      displayName = "Pocket ID";
 82
 83      clientId = "257b92c1-6b7f-41e9-a9c6-858a083295d8";
 84      clientSecretFile = config.age.secrets.outlineClientSecret.path;
 85
 86      authUrl = "https://id.sappho.systems/authorize";
 87      tokenUrl = "https://id.sappho.systems/api/oidc/token";
 88      userinfoUrl = "https://id.sappho.systems/api/oidc/userinfo";
 89
 90      usernameClaim = "preferred_username";
 91      scopes = [
 92        "openid"
 93        "profile"
 94        "email"
 95        "groups"
 96      ];
 97    };
 98  };
 99
100  services.minio = {
101    enable = true;
102    rootCredentialsFile = config.age.secrets.minioCredentials.path;
103    dataDir = [ "/var/lib/minio" ];
104    listenAddress = "0.0.0.0:9000";
105    consoleAddress = "0.0.0.0:9001";
106  };
107
108  services.caddy.virtualHosts."wiki.sappho.systems" = {
109    extraConfig = ''
110      import common
111      import tls_bunny
112      reverse_proxy http://localhost:3300
113    '';
114  };
115
116  services.caddy.virtualHosts."minio.sappho.systems" = {
117    extraConfig = ''
118      import common
119      import tls_bunny
120      reverse_proxy http://localhost:9000
121    '';
122  };
123}