forked from DGNum/infrastructure
feat(compute01): Deploy outline on docs.dgnum.eu
This commit is contained in:
parent
b6cb1e798e
commit
4c5a9685db
8 changed files with 171 additions and 1 deletions
3
hive.nix
3
hive.nix
|
@ -20,6 +20,9 @@ let
|
|||
# Set NIX_PATH to the patched version of nixpkgs
|
||||
nix.nixPath = [ "nixpkgs=${mkNixpkgs node}" ];
|
||||
|
||||
# Allow unfree packages
|
||||
nixpkgs.config.allowUnfree = true;
|
||||
|
||||
# Use the stateVersion declared in the metadata
|
||||
system = { inherit (metadata.nodes.${node}) stateVersion; };
|
||||
};
|
||||
|
|
|
@ -17,6 +17,7 @@ let
|
|||
"kanidm"
|
||||
"mastodon"
|
||||
"nextcloud"
|
||||
"outline"
|
||||
];
|
||||
in
|
||||
|
||||
|
|
64
machines/compute01/outline.nix
Normal file
64
machines/compute01/outline.nix
Normal file
|
@ -0,0 +1,64 @@
|
|||
{ config, lib, dgn-lib, ... }:
|
||||
|
||||
let
|
||||
inherit (dgn-lib) setDefault;
|
||||
|
||||
host = "docs.dgnum.eu";
|
||||
in {
|
||||
services.outline = {
|
||||
enable = true;
|
||||
|
||||
storage = {
|
||||
region = "garage";
|
||||
uploadBucketUrl = "https://s3.dgnum.eu";
|
||||
|
||||
uploadBucketName = "outline-dgnum";
|
||||
accessKey = "GKb3aa6f6d6627204e8e53729c";
|
||||
secretKeyFile = config.age.secrets."outline-storage_secret_key_file".path;
|
||||
};
|
||||
|
||||
smtp = {
|
||||
username = "web-services@infra.dgnum.eu";
|
||||
port = 465;
|
||||
host = "kurisu.lahfa.xyz";
|
||||
|
||||
fromEmail = "docs@infra.dgnum.eu";
|
||||
replyEmail = "web-services@infra.dgnum.eu";
|
||||
passwordFile = config.age.secrets."outline-smtp_password_file".path;
|
||||
};
|
||||
|
||||
redisUrl = "local";
|
||||
publicUrl = "https://${host}";
|
||||
|
||||
oidcAuthentication = {
|
||||
clientId = "outline_dgn";
|
||||
authUrl = "https://sso.dgnum.eu/ui/oauth2";
|
||||
tokenUrl = "https://sso.dgnum.eu/oauth2/token";
|
||||
userinfoUrl = "https://sso.dgnum.eu/oauth2/openid/outline_dgn/userinfo";
|
||||
displayName = "DGNum SSO";
|
||||
|
||||
clientSecretFile =
|
||||
config.age.secrets."outline-oidc_client_secret_file".path;
|
||||
};
|
||||
|
||||
defaultLanguage = "fr_FR";
|
||||
|
||||
forceHttps = false;
|
||||
port = 3003;
|
||||
};
|
||||
|
||||
services.nginx.virtualHosts.${host} = {
|
||||
enableACME = true;
|
||||
forceSSL = true;
|
||||
|
||||
locations."/" = {
|
||||
proxyPass = "http://localhost:3003";
|
||||
proxyWebsockets = true;
|
||||
};
|
||||
};
|
||||
|
||||
dgn-secrets.options = [
|
||||
(setDefault { owner = "outline"; }
|
||||
(builtins.filter (lib.hasPrefix "outline-") config.dgn-secrets.names))
|
||||
];
|
||||
}
|
24
machines/compute01/secrets/outline-oidc_client_secret_file
Normal file
24
machines/compute01/secrets/outline-oidc_client_secret_file
Normal file
|
@ -0,0 +1,24 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 tDqJRg AVv0vGbKDOtg9/9hCgShq3DA28lTB6kHp0k8ge4Hf3Q
|
||||
Nr7eHDfrbddYDbW8Zcn+Hv6hvci+gmynz0OdpOjNprw
|
||||
-> ssh-ed25519 jIXfPA IsQ5TtcSdQ25SbsQsXAnRliu9T9l7+7H7tcZk2AgkEc
|
||||
+SdK5KiGdPo2LLGmJhOVG2du1/c4GpuHpu7SSYz2+Yw
|
||||
-> ssh-ed25519 QlRB9Q YeFY9jbPOxks4KhHneQFYZY/0/QVB30YXwgQTfTL6yY
|
||||
AadG1HEfSj8koG2IVJ75KtJ8QQgEidA66jsKVQiNAA4
|
||||
-> ssh-ed25519 r+nK/Q 73waGcipRsP0v3TmOrvp0jDUpi2lcmMf81JITiu/BUQ
|
||||
d7wqTZxfZK1n5LetGyYTdfqcJsYJHa2IP6rBAftFUdk
|
||||
-> ssh-rsa krWCLQ
|
||||
dtcNdYyCEu+yOwZHmkx6VoZzF4RvbSVmt+OtfJaQKetA423II1/O2lrMGJKwRJaB
|
||||
9RtoHO96wGn2DyuVE79G2XuW7eos6ama1kCv9vDhcNaw6vV2cjZvBZrIp3HtxvGO
|
||||
R5m8xZ+u/qS65FIss6CLaomzRY8qaYYs3ZO4UGcSHpYRUmjfTiOhVa83dp3m6llJ
|
||||
kcSLn9ZtAFiSeFgql+i0ao8PhXYy5GBG8GOzuB54kbUMkZEJQ2O5TKj9bQGecC6t
|
||||
oQeyxfFqGkIRiX51J6CfkIu7rL2XcIABXdPQm+ficujgtH0rutgvXsTddd/+DFii
|
||||
3PsWwdae/m/oOPPF641ktg
|
||||
-> ssh-ed25519 /vwQcQ Z0a+s0N/S/jk/ckgQV7NomgjbGV1icNt/WmsxPfUlHo
|
||||
qJBzJoHKzemuzNRLpN7MlFPuCLWsYLX2RRMpgxdVszE
|
||||
-> ssh-ed25519 0R97PA MlwV6Zwq6cUcnGi7pyPp9KIsVqPMarkx4ftpmAk7bmE
|
||||
XlwfjAZKk4Kp+g1YE4Yf4LEe1XdKlR+xbWsMKvpNi+M
|
||||
-> XxeEZ--grease mz
|
||||
p7B8S8a07ZJXiLBPUXY87J9kog8Yk3Exuj7hoSiHIHHxw8y7JIU7wMYJ
|
||||
--- Pc3pgxkLnwGdDkVaOeONDkI0/kO1Dt09XP65yaw0iAE
|
||||
ÞÆ<EFBFBD>…£e‹‡.F|1Rz‚×ÔE´Ç¬"ÅÄ;ø¥qÊÿpʸ£s¯h <20>îL¤sìøÀŠquT_p´ì;\ÍÖÁø6õó@~ã;}o
|
25
machines/compute01/secrets/outline-smtp_password_file
Normal file
25
machines/compute01/secrets/outline-smtp_password_file
Normal file
|
@ -0,0 +1,25 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 tDqJRg 9WAIktIsZEHMOXYl1e/aZnZv7eeOJ++hMu0x4//qDAI
|
||||
ymJfRtQmnzEfJbsK+KSePeV/DFDH+32doemzLMFOJWc
|
||||
-> ssh-ed25519 jIXfPA IBvTDhdX55RTpnqcOkHvr2XBe6EBs1EX3OfFCRjYMCI
|
||||
kIzzu8FG9e6tRljWPONAaMSSvMLKl/W6IEDOyFF7OkM
|
||||
-> ssh-ed25519 QlRB9Q n6qVc0/3t0Tl+jHCJlwaCwA/8vLG9iHqWYIhubxB8WA
|
||||
eoi6bqgfXPDmxxz6wBjJYZQgLb65NHseMkzE16J2yuo
|
||||
-> ssh-ed25519 r+nK/Q hwhs4tVIi1V34yHbpNsos+xDE+ExwdT06mn7VHS7KHE
|
||||
BLf1uJmHF1aA0EH0ACjvVZiTh9u1sgVw6uyWgX5ipKU
|
||||
-> ssh-rsa krWCLQ
|
||||
rqv74qhjmZUvQHXb0Qn1o2Q/vAqH3DoamBH5y7L0KiE6iUPy2AuBqcPf6mCq8xIe
|
||||
J/rIY1YpzIbXAbvgEPpXcAsvFDTa9u7w/PNAxTsWnFRnxQGGZ8rFJuovjGpwrMtN
|
||||
b7pluBg0AReaIHRrZ0NfBBuq+oBpa2szMMs5M7K6XuCmZiA5om6AeGD8xO/hEyK7
|
||||
wSASRjVPoEq9US6rzVQ1/HF7VGtAUm0pwa5BSdcQSt8Wetk2VHWOk/affzViRQMY
|
||||
Qa0RO08NjC8bipoKslAfOgQBG0Qkz4W30qo/TM/aXQD0LFVzO8xNGZ+fsMlZHVDd
|
||||
8fUmdr6YdedeM6sK1lSbmQ
|
||||
-> ssh-ed25519 /vwQcQ IIHpbKYRwc4l17JTSnlC27uOW9BCPpct6e4t9c6Gm1w
|
||||
r1YpYRzp9oKzB7K7TfSjVJ5/u8MgQUsBCwX33eufk8c
|
||||
-> ssh-ed25519 0R97PA qKxNGLm68wijV0MVwPDgHfEBS1QrjaPbCUAzyXDzTD8
|
||||
xTd7eSGhUTTg8DNZvXlXVJn9qR4QNTWAEZEpvZtp8eQ
|
||||
-> F3[qO-grease >
|
||||
+nxdwvSJfb2jUmfvHo4NdrF5zMKs/7UKDdfdR/Nq0ixKldOc38t/fsQT/nO7Sc0X
|
||||
YUfcwPlm0A
|
||||
--- XFCl0I2MfdkSIPZn+qYuUbrrYT4hFyS+J9oIcDOpCog
|
||||
‰âÓ‹¦rPŽþÜuìϖч܉„CšZÜGÕÁñ¯62«\g'½oï$ŠcÔšî«Þ{Ïô
c‡½©âÙ
|
25
machines/compute01/secrets/outline-storage_secret_key_file
Normal file
25
machines/compute01/secrets/outline-storage_secret_key_file
Normal file
|
@ -0,0 +1,25 @@
|
|||
age-encryption.org/v1
|
||||
-> ssh-ed25519 tDqJRg 5j5AMbEgiJVrZPe/1cKw5pRZAq7Q5cDPYYiGq1P14zo
|
||||
CqKy45yH2agjoiVrNq12gHTrMtAIYfQpczGAAIAQKz4
|
||||
-> ssh-ed25519 jIXfPA E/2hcFg1L2QOwi0KiImfQr2PyXlSGEaThjXbduZ3tVM
|
||||
de9WpiLuu6vLvXUBEPytKYEtlGRPLCR/xZ21zUuJ6M4
|
||||
-> ssh-ed25519 QlRB9Q v5bKs2O+wI9S7OWUdQxZ5NFrHqoCY5TOktzcEow5ykE
|
||||
TCv3AZHETGED0mHm+VSZpCounNYmYjOF3CpnwWkOvzA
|
||||
-> ssh-ed25519 r+nK/Q ST1yzmBl2GPU4gOPnOP1k/JsE6mlmPgY8I4SVI8BlG4
|
||||
CLFXWyY1dDFW67fpOghefAyGFTWsKPe4WrbpyIWgl7c
|
||||
-> ssh-rsa krWCLQ
|
||||
DymuVdMYvmXesAgXxIguJ69qZt2FbejjM51zsdtMP2Si6KN66+iWDqxs/TqqoGt2
|
||||
MOTm0sZsKhCR5UtWTDtCnpSgxgIDkyjQGn6hYWLISWkXrxwqu98bzUzsEojoftns
|
||||
4vFmMTaAgj/thebGX/0aVlw3AoXLjk/noe+vV6MzdS+MEn2cMK3ptYl8o03SJE48
|
||||
Pd+kCCHE0ZTw4A6cu8kAdIcfLD504+rv7UMyF+N51awc4U/wNb0e//NyqTCwu8lu
|
||||
NUmpijmihbmg0Jfzygpb/AOmPd7tWZ6edlMKMTgqcmRUGlBy255vo/1aJ4013wES
|
||||
oVrLuKxFhFFa/MltC25Fag
|
||||
-> ssh-ed25519 /vwQcQ fVeNhIbP0fJhEjP6+D1V3hzbu4O0Qphu8m3NbM6sLw0
|
||||
FkOkl8VouaA6aPpKo3N0sOrRfFUOno4Dss6wQ29HbIk
|
||||
-> ssh-ed25519 0R97PA CQPcshNi8+1UXyIfobDdOgds2DhmW7AqGVtgc89B6GY
|
||||
RaB00hjXE5YJYPNcc/vDKPDb61YmZOF6ag/dPHfCcAo
|
||||
-> N%i-grease I% : c'3
|
||||
Cnk2LzKDFMF2kDPHleKJTtY2NoC0nOIA4fUoe5NLhiJRqaWJWV0tYFIxzSu68TWb
|
||||
nnB01VeEeyYYdz/LK3SakmI7D7OI40SS
|
||||
--- 3GObimibJjJjx0ML8Dg29fcgI1AFdvi4tpEQwkHyKBA
|
||||
Ôi¯Ì¸Z=£haC6Àêw"¯ÃlÕG|‰š6ž§:×?‚#bxM}šê;’µ±<C2B5>™Íòä%ˆíEY/œ6J=ÄD¨ˆÕi‡ðrLþ¼; ¦8³¸Xhl¾ÁäpK
|
|
@ -8,4 +8,7 @@ lib.setDefault { inherit publicKeys; } [
|
|||
"mastodon-extra_env_file"
|
||||
"nextcloud-adminpass_file"
|
||||
"nextcloud-s3_secret_file"
|
||||
"outline-oidc_client_secret_file"
|
||||
"outline-smtp_password_file"
|
||||
"outline-storage_secret_key_file"
|
||||
]
|
||||
|
|
|
@ -63,7 +63,32 @@
|
|||
# garage: add environmentFile
|
||||
{
|
||||
id = 257043;
|
||||
hash = "sha256-etzGZRFgFZra5KmL2pUQnIFBFiAudePDmNTVA4VDiBs=";
|
||||
hash = "sha256-Z+WmDPuDoV1Ex+XzvUhvMPn8U+aw0tCRH3O5oR2qQrM=";
|
||||
}
|
||||
|
||||
# outline: 0.68.1 -> 0.69.2
|
||||
{
|
||||
id = 232235;
|
||||
hash = "sha256-f+upHsuuYyLqd9Wv+9JHhB3HnP+mXWer6L/xi5eFpwE=";
|
||||
}
|
||||
|
||||
# outline: 0.69.2 -> 0.70.2
|
||||
{
|
||||
id = 241667;
|
||||
excludes = [ "nixos/doc/manual/*" ];
|
||||
hash = "sha256-9bOjwaXN/4/ASpNfyhaby+nuIz23gDLDIqgTdApdj1U=";
|
||||
}
|
||||
|
||||
# outline 0.70.2 -> 0.71.0
|
||||
{
|
||||
id = 252126;
|
||||
hash = "sha256-lH8xp5zG2fAaXS2gLF7UxqvuPlAigJ297hvlks0CG/U=";
|
||||
}
|
||||
|
||||
# outline: use fetchYarnDeps
|
||||
{
|
||||
id = 253567;
|
||||
hash = "sha256-aR62vOuTfmJ7MIr3plDcBonQQH2+o2F6z/LAAgcKVHU=";
|
||||
}
|
||||
];
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue