feat(compute01): Deploy outline on docs.dgnum.eu

2023-09-24 15:47:29 +02:00 · 2023-09-24 15:47:29 +02:00 · 4c5a9685db
commit 4c5a9685db
parent b6cb1e798e
8 changed files with 171 additions and 1 deletions
--- a/machines/compute01/outline.nix
+++ b/machines/compute01/outline.nix
@ -0,0 +1,64 @@
+{ config, lib, dgn-lib, ... }:
+
+let
+  inherit (dgn-lib) setDefault;
+
+  host = "docs.dgnum.eu";
+in {
+  services.outline = {
+    enable = true;
+
+    storage = {
+      region = "garage";
+      uploadBucketUrl = "https://s3.dgnum.eu";
+
+      uploadBucketName = "outline-dgnum";
+      accessKey = "GKb3aa6f6d6627204e8e53729c";
+      secretKeyFile = config.age.secrets."outline-storage_secret_key_file".path;
+    };
+
+    smtp = {
+      username = "web-services@infra.dgnum.eu";
+      port = 465;
+      host = "kurisu.lahfa.xyz";
+
+      fromEmail = "docs@infra.dgnum.eu";
+      replyEmail = "web-services@infra.dgnum.eu";
+      passwordFile = config.age.secrets."outline-smtp_password_file".path;
+    };
+
+    redisUrl = "local";
+    publicUrl = "https://${host}";
+
+    oidcAuthentication = {
+      clientId = "outline_dgn";
+      authUrl = "https://sso.dgnum.eu/ui/oauth2";
+      tokenUrl = "https://sso.dgnum.eu/oauth2/token";
+      userinfoUrl = "https://sso.dgnum.eu/oauth2/openid/outline_dgn/userinfo";
+      displayName = "DGNum SSO";
+
+      clientSecretFile =
+        config.age.secrets."outline-oidc_client_secret_file".path;
+    };
+
+    defaultLanguage = "fr_FR";
+
+    forceHttps = false;
+    port = 3003;
+  };
+
+  services.nginx.virtualHosts.${host} = {
+    enableACME = true;
+    forceSSL = true;
+
+    locations."/" = {
+      proxyPass = "http://localhost:3003";
+      proxyWebsockets = true;
+    };
+  };
+
+  dgn-secrets.options = [
+    (setDefault { owner = "outline"; }
+      (builtins.filter (lib.hasPrefix "outline-") config.dgn-secrets.names))
+  ];
+}