public-cof: deploy completely Outline and Garage
This commit is contained in:
parent
43d3367e9f
commit
42a569b41d
7 changed files with 118 additions and 0 deletions
|
@ -11,6 +11,7 @@
|
|||
./monitoring.nix
|
||||
./garage.nix
|
||||
./nextcloud.nix
|
||||
./outline.nix
|
||||
./minecraft.nix
|
||||
# ./rstudio-server
|
||||
./nur.nix
|
||||
|
@ -27,6 +28,7 @@
|
|||
nixpkgs.config.allowUnfreePredicate = pkg: builtins.elem (lib.getName pkg) [
|
||||
"minecraft-server"
|
||||
"factorio-headless"
|
||||
"outline"
|
||||
];
|
||||
|
||||
boot.loader.systemd-boot.enable = true;
|
||||
|
|
|
@ -1,5 +1,25 @@
|
|||
{ pkgs, ... }:
|
||||
{
|
||||
security.acme.certs."cdn.rz.ens.wtf" = {
|
||||
dnsProvider = "acme-dns";
|
||||
credentialsFile = pkgs.writeText "acme-dns-env" ''
|
||||
ACME_DNS_API_BASE=https://acme.rz.ens.wtf
|
||||
ACME_DNS_STORAGE_PATH=/var/lib/acme/lego-acme-dns-accounts.json
|
||||
'';
|
||||
extraDomainNames = [ "*.cdn.rz.ens.wtf" ];
|
||||
group = "nginx";
|
||||
};
|
||||
services.nginx.virtualHosts."s3.rz.ens.wtf" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/".proxyPass = "http://[::1]:3900";
|
||||
};
|
||||
services.nginx.virtualHosts."cdn.rz.ens.wtf" = {
|
||||
serverAliases = [ "*.cdn.rz.ens.wtf" ];
|
||||
useACMEHost = "cdn.rz.ens.wtf";
|
||||
forceSSL = true;
|
||||
locations."/".proxyPass = "http://[::1]:3902";
|
||||
};
|
||||
services.garage = {
|
||||
enable = true;
|
||||
settings = {
|
||||
|
|
31
machines/public-cof/outline.nix
Normal file
31
machines/public-cof/outline.nix
Normal file
|
@ -0,0 +1,31 @@
|
|||
{ pkgs, lib, config, ... }:
|
||||
{
|
||||
services.nginx.virtualHosts."notion.rz.ens.wtf" = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:3000";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
services.outline = {
|
||||
enable = true;
|
||||
publicUrl = "https://notion.rz.ens.wtf";
|
||||
defaultLanguage = "fr_FR";
|
||||
storage = {
|
||||
accessKey = "GK8b32d276b2eafb999a53188a";
|
||||
secretKeyFile = config.age.secrets.outlineS3Secrets.path;
|
||||
uploadBucketUrl = "https://s3.rz.ens.wtf";
|
||||
uploadBucketName = "outline";
|
||||
region = "ens";
|
||||
};
|
||||
oidcAuthentication = {
|
||||
userinfoUrl = "https://auth.rz.ens.wtf/auth/realms/ClubReseau/protocol/openid-connect/userinfo";
|
||||
tokenUrl = "https://auth.rz.ens.wtf/auth/realms/ClubReseau/protocol/openid-connect/token";
|
||||
authUrl = "https://auth.rz.ens.wtf/auth/realms/ClubReseau/protocol/openid-connect/auth";
|
||||
clientSecretFile = config.age.secrets.outline-oidc-client-secret.path;
|
||||
displayName = "Club réseau";
|
||||
clientId = "outline";
|
||||
};
|
||||
};
|
||||
}
|
|
@ -16,4 +16,16 @@
|
|||
group = "kanboard";
|
||||
file = ./kanboard-secrets.age;
|
||||
};
|
||||
|
||||
age.secrets.outlineS3Secrets = {
|
||||
owner = "outline";
|
||||
group = "outline";
|
||||
file = ./outlineS3Secrets.age;
|
||||
};
|
||||
|
||||
age.secrets.outline-oidc-client-secret = {
|
||||
owner = "outline";
|
||||
group = "outline";
|
||||
file = ./outline-oidc-client-secret.age;
|
||||
};
|
||||
}
|
||||
|
|
26
machines/public-cof/secrets/outline-oidc-client-secret.age
Normal file
26
machines/public-cof/secrets/outline-oidc-client-secret.age
Normal file
|
@ -0,0 +1,26 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-rsa krWCLQ
|
||||
HeTVcJxU2zRewuzQVknnxAYjlCU8+GJjBz9joGPo2j934uiM3A6PBsFmoz6I1ZfJ
|
||||
pg68benaKfV+VI1sN8fMDWoEO0QrFzHYULXT9JCyQTClUzUZSlMpzmDgCmHjLPEc
|
||||
qB23sbwKzgyFO9SKHsPvOqxZrEyTwAKiNYa33QuSyRxN3S4/9PxVjgJTTqLbTVqf
|
||||
hhnujxviU3iHV2ACqLAV5jYSbAleiAh53vnBc0k326vXbrumQqFvQtgwcqDn4vDR
|
||||
2QYzEwsj+yV9BlRrGSBZSnoHZjWtsE/ntrEaIZiItT3Ots1CCVswd7LGb3LspYbf
|
||||
NheRvY7zUXppGiB0+mjZJg
|
||||
-> ssh-ed25519 85WiGg tGvDzYdpKP8lql3murRlp95w7jQUhhuodIgVxDk4Lgs
|
||||
aVV4b71w/nU3nBaYKdzzYjXVaxgN2EpyQiKsjO33GcI
|
||||
-> ssh-ed25519 reTIKw LJJF7K8fRsSoAFDyndWP9nA5FV4w7cWSqUgGnvdB42I
|
||||
wI22cL/GuyVou1robDUHzNMfCR7L6NA4UWFSeV73d88
|
||||
-> ssh-ed25519 /vwQcQ KZQSME50r4yrnyFfH6nwbmCn0UmVUMIBhhfqoicrKVY
|
||||
xDdBu7/K8ZxGT2BnffAR8UsQIAVlLpSfEvo1m4k87ng
|
||||
-> ssh-ed25519 cvTB5g HjLQQhFwEekFYHV5sko/x8RwcAsgvl/cCoKakX4B6yE
|
||||
Ub5TWpDPYA3DSwfRT2hmgPcwoMIhsOhgdhckFuZxQ8s
|
||||
-> ssh-ed25519 Wu8JLQ L0bnDPmv3Chemi/BKhux9GYXDMMLUjO6H8MQe1REpBA
|
||||
qtN6IH8M8kLYAQ8a64kYCCaAPhg6VjrojTONdY4MVyA
|
||||
-> ssh-ed25519 xbfJnw 94xx8KL0EWqs3HIsdY9RFvC6aRsk7cemZxciLIkVCDM
|
||||
WZnyqSwpCBA8GNnu6VEJSLIRtv8rzOpGFH6e387ohpQ
|
||||
-> TS-grease
|
||||
D32P8/tpegDSy/xsspwpuq8EVqwDyZUzJF2Ose+3cqHAx8db4DPWnmt4z4Ch5bXw
|
||||
KtmO+2eEYTmPyYUZxI+uzr93CQhVq7aFlch6cWLEaqg
|
||||
--- 6kPR6tdczt01UaY4ps38dncSMFCupa9uZmSWBjm85ps
|
||||
<18>LnŸÖ4¦K¬z>Ê(³Ù†°=f¼õ´ˆÊ·œ®PG<50>Þ<hÒçº×ø±uÓÖV’³Ø#–¸P
|
||||
ÑÑ&¶qý
|
25
machines/public-cof/secrets/outlineS3Secrets.age
Normal file
25
machines/public-cof/secrets/outlineS3Secrets.age
Normal file
|
@ -0,0 +1,25 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-rsa krWCLQ
|
||||
nxiY5l98JhWEwLYN7sWtsgN4faDTIpgo1fiPScxXB8/ljnxIyd1vhMVRt0WCTOQV
|
||||
CFTQ9MOoTAk90Zj4wjxDjoJjjsXLUBVnjqLdQy76kgR5vAvVrHzuYTYO4Y4k0/qh
|
||||
S6BEFN655P0n4Gxf9kJtKxi3ipN6B46ydACAjFeyeuOPMkMdBBZq1BOLPEOC9I+O
|
||||
87p+8BdL+zxkYfaWfEggYgabrE7y91EjiB1VCuT0GFm8T8iBojvThxWQlHQAybBc
|
||||
gvgTlyGf8YmY82uGhGQR39okrA914mJUkr11JZ9457qL+/t5Au/dha1x6QlwcUoz
|
||||
Tp5OQJAfXZc02LsICq2I7A
|
||||
-> ssh-ed25519 85WiGg c6vyT96h0eVL+xZpR0Zk06l5ApUsqENY9ESeYuOG0zY
|
||||
dJbQVgH41Ti/AM7WAlXCCA501h8wgx2os5yiZt+jxp8
|
||||
-> ssh-ed25519 reTIKw rVhKDqm51EMuOQnTcsdWmqoBDI/LLnFpkJW93EfcdB0
|
||||
AAOEQp0tux1vJ0bPIcB1HtLodig/J4poeu6j/Hk8KiA
|
||||
-> ssh-ed25519 /vwQcQ jGLr83VDSxYd3v42ECOiTpSTDRB5TVSqx3QHRbMgfEk
|
||||
k2hBCGntsqP0czKV2JvMbf8lAqpjVvnJqSxfdr00A7w
|
||||
-> ssh-ed25519 cvTB5g BqVT8ytcjINNKrGAtttAtxRMpLs4LJg1Uy3zvDxTvwk
|
||||
DRDEl+CNZnuT+KE1txjHgaWIYmiSeUTsesnXYq89YNQ
|
||||
-> ssh-ed25519 Wu8JLQ 731ytp+gu36OvH0QbkeDUwMHj3J4u0JujJnfTUQ2C1A
|
||||
KPGEKLoV9K1PPdIyla5D1lsmhRt/XUHLrCTeApbqR6c
|
||||
-> ssh-ed25519 xbfJnw Ojf4cuctALx+Q/qWqSarRcnxvwrHjbAK5r4pnhKUzmo
|
||||
WHp4Op3N3SeniWS7XhPmvRkTyjDIPDBBGviDaiCNbOc
|
||||
-> 3P-h|3ru-grease
|
||||
5icFsPwzKpnImSlgICy/wDq6YJLTcIML3EoDUOgvGOFSs+efH4bWExmd2ktGtqYd
|
||||
ewEKHYlnpIFNTMtlRs7U7sR3qnLHadq3McnhR/8OlQ
|
||||
--- iwVp/AYpQfFOIg/OI85nNTgdY/HKlEsCHWiBO0lOtJg
|
||||
Z=eBÒbÀ£›â[3‹$”Ôk‘â„(õ®²2Èöx%0ž—£+18T•,;ÅÛóFÕ¬"EÏKe³•¶óÃZø*’Òè$}ýœCp Ão9æ+À¡‡›|CJ’¹-¼
|
|
@ -10,5 +10,7 @@ in
|
|||
"nextcloudAdminPasswordFile.age".publicKeys = superadmins ++ systems;
|
||||
"nextcloudDatabasePasswordFile.age".publicKeys = superadmins ++ systems;
|
||||
"kanboard-secrets.age".publicKeys = superadmins ++ systems;
|
||||
"outlineS3Secrets.age".publicKeys = superadmins ++ systems;
|
||||
"outline-oidc-client-secret.age".publicKeys = superadmins ++ systems;
|
||||
}
|
||||
|
||||
|
|
Loading…
Reference in a new issue