karaolidis/nix
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add outline

Browse Source 
Signed-off-by: Nikolaos Karaolidis <nick@karaolidis.com>
This commit is contained in:
Nick Karaolidis
2025-05-18 19:45:21 +01:00
parent bf82f4b52e
commit 52e3183244
8 changed files with 204 additions and 10 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
hosts/jupiter/users/storm/configs/console/podman/authelia/default.nix
View File

@@ -129,6 +129,7 @@ in
groups = [
"admins"
"git"
"docs"
];
};
}

1
hosts/jupiter/users/storm/configs/console/podman/default.nix
View File

@@ -12,6 +12,7 @@ in
(import ./gitea { inherit user home; })
(import ./grafana { inherit user home; })
(import ./ntfy { inherit user home; })
(import ./outline { inherit user home; })
(import ./prometheus { inherit user home; })
(import ./sish { inherit user home; })
(import ./traefik { inherit user home; })

161
hosts/jupiter/users/storm/configs/console/podman/outline/default.nix Normal file
View File

@@ -0,0 +1,161 @@
{
user ? throw "user argument is required",
home ? throw "home argument is required",
}:
{
config,
inputs,
pkgs,
system,
...
}:
let
selfPkgs = inputs.self.packages.${system};
hmConfig = config.home-manager.users.${user};
inherit (hmConfig.virtualisation.quadlet) volumes networks;
autheliaClientId = "3U5O3TkoIFb3bz3MMqscGEDx2wkT2G48iLLJalqSKA40zCweSBfgORGNMjDEidz4qiQ93qIoW2UlgTyLfzAwbklTvwHJPcarmXaq";
in
{
home-manager.users.${user} = {
sops = {
secrets = {
"outline/postgresql".sopsFile = ../../../../../../secrets/secrets.yaml;
"outline/secretKey".sopsFile = ../../../../../../secrets/secrets.yaml;
"outline/utilsSecret".sopsFile = ../../../../../../secrets/secrets.yaml;
"outline/authelia/password".sopsFile = ../../../../../../secrets/secrets.yaml;
"outline/authelia/digest".sopsFile = ../../../../../../secrets/secrets.yaml;
"outline/smtp".sopsFile = ../../../../../../secrets/secrets.yaml;
};
templates = {
outline-postgresql-env.content = ''
POSTGRES_PASSWORD=${hmConfig.sops.placeholder."outline/postgresql"}
'';
outline-env.content = ''
SECRET_KEY=${hmConfig.sops.placeholder."outline/secretKey"}
UTILS_SECRET=${hmConfig.sops.placeholder."outline/utilsSecret"}
DATABASE_URL=postgres://outline:${
hmConfig.sops.placeholder."outline/postgresql"
}@outline-postgresql:5432/outline
OIDC_CLIENT_SECRET=${hmConfig.sops.placeholder."outline/authelia/password"}
SMTP_PASSWORD=${hmConfig.sops.placeholder."outline/smtp"}
'';
authelia-outline.content = builtins.readFile (
(pkgs.formats.yaml { }).generate "outline.yaml" {
identity_providers.oidc = {
authorization_policies.docs = {
default_policy = "deny";
rules = [
{
policy = "one_factor";
subject = "group:docs";
}
];
};
clients = [
{
client_id = autheliaClientId;
client_name = "Outline";
client_secret = hmConfig.sops.placeholder."outline/authelia/digest";
redirect_uris = [ "https://docs.karaolidis.com/auth/oidc.callback" ];
authorization_policy = "docs";
scopes = [
"openid"
"profile"
"email"
"offline_access"
];
token_endpoint_auth_method = "client_secret_post";
}
];
};
}
);
};
};
virtualisation.quadlet = {
networks.outline.networkConfig.internal = true;
volumes = {
outline-redis = { };
outline-postgresql = { };
outline = { };
};
containers = {
outline = {
containerConfig = {
image = "docker-archive:${selfPkgs.docker-outline}";
networks = [
networks.outline.ref
networks.traefik.ref
];
volumes = [
"${volumes.outline.ref}:/var/lib/outline/data"
];
environments = {
URL = "https://docs.karaolidis.com";
PGSSLMODE = "disable";
REDIS_URL = "redis://outline-redis:6379";
FILE_STORAGE = "local";
FILE_STORAGE_UPLOAD_MAX_SIZE = "1048576000";
FORCE_HTTPS = "false";
OIDC_CLIENT_ID = autheliaClientId;
OIDC_AUTH_URI = "https://id.karaolidis.com/api/oidc/authorization";
OIDC_TOKEN_URI = "https://id.karaolidis.com/api/oidc/token";
OIDC_USERINFO_URI = "https://id.karaolidis.com/api/oidc/userinfo";
OIDC_LOGOUT_URI = "https://id.karaolidis.com/logout";
OIDC_DISPLAY_NAME = "Authelia";
OIDC_SCOPES = "openid profile email offline_access";
OIDC_DISABLE_REDIRECT = "true";
SMTP_HOST = "smtp.protonmail.ch";
SMTP_PORT = "587";
SMTP_USERNAME = "jupiter@karaolidis.com";
SMTP_FROM_EMAIL = "jupiter@karaolidis.com";
SMTP_SECURE = "false";
ENABLE_UPDATES = "false";
DEBUG = "";
};
environmentFiles = [ hmConfig.sops.templates.outline-env.path ];
labels = [
"traefik.enable=true"
"traefik.http.routers.outline.rule=Host(`docs.karaolidis.com`)"
];
};
unitConfig.After = [ "sops-nix.service" ];
};
outline-postgresql = {
containerConfig = {
image = "docker-archive:${selfPkgs.docker-postgresql}";
networks = [ networks.outline.ref ];
volumes = [ "${volumes.outline-postgresql.ref}:/var/lib/postgresql/data" ];
environments = {
POSTGRES_DB = "outline";
POSTGRES_USER = "outline";
};
environmentFiles = [ hmConfig.sops.templates.outline-postgresql-env.path ];
};
unitConfig.After = [ "sops-nix.service" ];
};
outline-redis.containerConfig = {
image = "docker-archive:${selfPkgs.docker-redis}";
networks = [ networks.outline.ref ];
volumes = [ "${volumes.outline-redis.ref}:/var/lib/redis" ];
exec = [ "--save 60 1" ];
};
authelia-init.containerConfig.volumes = [
"${hmConfig.sops.templates.authelia-outline.path}:/etc/authelia/conf.d/outline.yaml:ro"
];
};
};
};
}