infrastructure/machines/compute01/outline.nix

65 lines
1.5 KiB
Nix
Raw Normal View History

{ config, lib, dgn-lib, ... }:
let
inherit (dgn-lib) setDefault;
host = "docs.dgnum.eu";
in {
services.outline = {
enable = true;
storage = {
region = "garage";
uploadBucketUrl = "https://s3.dgnum.eu";
uploadBucketName = "outline-dgnum";
accessKey = "GKb3aa6f6d6627204e8e53729c";
secretKeyFile = config.age.secrets."outline-storage_secret_key_file".path;
};
smtp = {
username = "web-services@infra.dgnum.eu";
port = 465;
host = "kurisu.lahfa.xyz";
fromEmail = "docs@infra.dgnum.eu";
replyEmail = "web-services@infra.dgnum.eu";
passwordFile = config.age.secrets."outline-smtp_password_file".path;
};
redisUrl = "local";
publicUrl = "https://${host}";
oidcAuthentication = {
clientId = "outline_dgn";
authUrl = "https://sso.dgnum.eu/ui/oauth2";
tokenUrl = "https://sso.dgnum.eu/oauth2/token";
userinfoUrl = "https://sso.dgnum.eu/oauth2/openid/outline_dgn/userinfo";
displayName = "DGNum SSO";
clientSecretFile =
config.age.secrets."outline-oidc_client_secret_file".path;
};
defaultLanguage = "fr_FR";
forceHttps = false;
port = 3003;
};
services.nginx.virtualHosts.${host} = {
enableACME = true;
forceSSL = true;
locations."/" = {
proxyPass = "http://localhost:3003";
proxyWebsockets = true;
};
};
dgn-secrets.options = [
(setDefault { owner = "outline"; }
(builtins.filter (lib.hasPrefix "outline-") config.dgn-secrets.names))
];
}