commit d2aab78db25694534af513e1e3c705b0a91b0771 · sapphic.moe/flake

+25 -41
services/outline/default.nix
···

       1
       1
       -
       { config, pkgs, ... }:

     

       1
       1
       +
       { config, ... }:

     

       2
       2
        
       

     

       3
       3
        
       {

     

       4
       4
        
         age.secrets = {

     
···

       50
       50
        
           secretKeyFile = config.age.secrets.outlineSecretKey.path;

     

       51
       51
        
           utilsSecretFile = config.age.secrets.outlineUtilsSecret.path;

     

       52
       52
        
       

     

       53
       53
       -
           databaseUrl = "postgres://outline:${builtins.readFile config.age.secrets.outlineSecretKey.path}@localhost/outline?sslmode=disable";

     

       54
       54
       -
           redisUrl = "redis://127.0.0.1:6380";

     

       53
       53
       +
           databaseUrl = "local";

     

       54
       54
       +
           redisUrl = "local";

     

       55
       55
       +
       

     

       56
       56
       +
           maximumImportSize = 104857600;

     

       55
       57
        
       

     

       56
       58
        
           storage = {

     

       57
       59
        
             storageType = "s3";

     
···

       61
       63
        
             uploadBucketName = "outline";

     

       62
       64
        
             region = "us-east-1";

     

       63
       65
        
             uploadMaxSize = 104857600;

     

       64
       64
       -
             importMaxSize = 104857600;

     

       65
       65
       -
             workspaceImportMaxSize = 104857600;

     

       66
       66
        
             forcePathStyle = true;

     

       67
       67
        
             acl = "private";

     

       68
       68
        
           };

     
···

       71
       71
        
             host = "smtp.purelymail.com";

     

       72
       72
        
             port = 587;

     

       73
       73
        
             username = "noreply@sapphic.moe";

     

       74
       74
       +
             replyEmail = "noreply@sapphic.moe";

     

       74
       75
        
             passwordFile = config.age.secrets.outlineSMTPPassword.path;

     

       75
       76
        
             fromEmail = "noreply@sapphic.moe";

     

       76
       77
        
             secure = false;

     
···

       85
       86
        
             authUrl = "https://id.sappho.systems/authorize";

     

       86
       87
        
             tokenUrl = "https://id.sappho.systems/api/oidc/token";

     

       87
       88
        
             userinfoUrl = "https://id.sappho.systems/api/oidc/userinfo";

     

       88
       88
       -
             logoutUrl = "https://id.sappho.systems/api/oidc/end-session";

     

       89
       89
        
       

     

       90
       90
        
             usernameClaim = "preferred_username";

     

       91
       91
        
             scopes = [

     
···

       94
       94
        
               "email"

     

       95
       95
        
               "groups"

     

       96
       96
        
             ];

     

       97
       97
       -
       

     

       98
       98
       -
             disableRedirect = true;

     

       99
       97
        
           };

     

       100
       98
        
         };

     

       101
       99
        
       

     

       102
       102
       -
         services.postgresql = {

     

       103
       103
       -
           enable = true;

     

       104
       104
       -
           package = pkgs.postgresql_15;

     

       105
       105
       -
           dataDir = "/var/lib/postgresql";

     

       106
       106
       -
           enableTCPIP = true;

     

       107
       107
       -
           ensureDatabases = [ "outline" ];

     

       108
       108
       -
           ensureUsers = [

     

       109
       109
       -
             {

     

       110
       110
       -
               name = "outline";

     

       111
       111
       -
               password = builtins.readFile config.age.secrets.outlineSecretKey.path;

     

       112
       112
       -
             }

     

       113
       113
       -
           ];

     

       114
       114
       -
           authentication = pkgs.lib.mkOverride 10 ''

     

       115
       115
       -
             #type database DBuser origin-address auth-method

     

       116
       116
       -
             local all      all     trust

     

       117
       117
       -
             host  all      all     127.0.0.1/32   scram-sha-256

     

       118
       118
       -
             host  all      all     ::1/128        scram-sha-256

     

       119
       119
       -
           '';

     

       120
       120
       -
         };

     

       121
       121
       -
       

     

       122
       122
       -
         # Ensure Outline waits for Postgres

     

       123
       123
       -
         systemd.services.outline.requires = [ "postgresql.service" ];

     

       124
       124
       -
         services.redis.servers."outline" = {

     

       125
       125
       -
           enable = true;

     

       126
       126
       -
           port = 6380;

     

       127
       127
       -
           bind = "127.0.0.1";

     

       128
       128
       -
         };

     

       129
       129
       -
       

     

       130
       100
        
         services.minio = {

     

       131
       101
        
           enable = true;

     

       132
       102
        
           rootCredentialsFile = config.age.secrets.minioCredentials.path;

     

       133
       133
       -
           dataDir = "/var/lib/minio";

     

       134
       134
       -
           listenAddress = [

     

       135
       135
       -
             "0.0.0.0:9000"

     

       136
       136
       -
             "0.0.0.0:9001"

     

       137
       137
       -
           ];

     

       103
       103
       +
           dataDir = [ "/var/lib/minio" ];

     

       104
       104
       +
           listenAddress = "0.0.0.0:9000";

     

       105
       105
       +
           consoleAddress = "0.0.0.0:9001";

     

       138
       106
        
         };

     

       139
       107
        
       

     

       140
       108
        
         services.caddy.virtualHosts."wiki.sappho.systems" = {

     
···

       142
       110
        
             import common

     

       143
       111
        
             import tls_cloudflare

     

       144
       112
        
             reverse_proxy http://localhost:3300

     

       113
       113
       +
           '';

     

       114
       114
       +
         };

     

       115
       115
       +
       

     

       116
       116
       +
         services.caddy.virtualHosts."minio.sappho.systems" = {

     

       117
       117
       +
           extraConfig = ''

     

       118
       118
       +
             import common

     

       119
       119
       +
             import tls_cloudflare

     

       120
       120
       +
             reverse_proxy http://localhost:9000

     

       121
       121
       +
           '';

     

       122
       122
       +
         };

     

       123
       123
       +
       

     

       124
       124
       +
         services.caddy.virtualHosts."minio-admin.sappho.systems" = {

     

       125
       125
       +
           extraConfig = ''

     

       126
       126
       +
             import common

     

       127
       127
       +
             import tls_cloudflare

     

       128
       128
       +
             reverse_proxy http://localhost:9001

     

       145
       129
        
           '';

     

       146
       130
        
         };

     

       147
       131