infrastructure/machines/public-cof/outline.nix

{ pkgs, lib, config, ... }:
{
  services.nginx.virtualHosts."notion.rz.ens.wtf" = {
    enableACME = true;
    forceSSL = true;
    locations."/" = {
      proxyPass = "http://localhost:3000";
      proxyWebsockets = true;
    };
  };
  services.outline = {
    enable = true;
    publicUrl = "https://notion.rz.ens.wtf";
    defaultLanguage = "fr_FR";
    storage = {
      accessKey = "GK8b32d276b2eafb999a53188a";
      secretKeyFile = config.age.secrets.outlineS3Secrets.path;
      uploadBucketUrl = "https://s3.rz.ens.wtf";
      uploadBucketName = "outline";
      region = "ens";
    };
    oidcAuthentication = {
      userinfoUrl = "https://auth.rz.ens.wtf/auth/realms/ClubReseau/protocol/openid-connect/userinfo";
      tokenUrl = "https://auth.rz.ens.wtf/auth/realms/ClubReseau/protocol/openid-connect/token";
      authUrl = "https://auth.rz.ens.wtf/auth/realms/ClubReseau/protocol/openid-connect/auth";
      clientSecretFile = config.age.secrets.outline-oidc-client-secret.path;
      displayName = "Club réseau";
      clientId = "outline";
    };
  };
}