forked from DGNum/infrastructure
feat(compute01): Deploy outline on docs.dgnum.eu
This commit is contained in:
parent
b6cb1e798e
commit
4c5a9685db
8 changed files with 171 additions and 1 deletions
3
hive.nix
3
hive.nix
|
@ -20,6 +20,9 @@ let
|
||||||
# Set NIX_PATH to the patched version of nixpkgs
|
# Set NIX_PATH to the patched version of nixpkgs
|
||||||
nix.nixPath = [ "nixpkgs=${mkNixpkgs node}" ];
|
nix.nixPath = [ "nixpkgs=${mkNixpkgs node}" ];
|
||||||
|
|
||||||
|
# Allow unfree packages
|
||||||
|
nixpkgs.config.allowUnfree = true;
|
||||||
|
|
||||||
# Use the stateVersion declared in the metadata
|
# Use the stateVersion declared in the metadata
|
||||||
system = { inherit (metadata.nodes.${node}) stateVersion; };
|
system = { inherit (metadata.nodes.${node}) stateVersion; };
|
||||||
};
|
};
|
||||||
|
|
|
@ -17,6 +17,7 @@ let
|
||||||
"kanidm"
|
"kanidm"
|
||||||
"mastodon"
|
"mastodon"
|
||||||
"nextcloud"
|
"nextcloud"
|
||||||
|
"outline"
|
||||||
];
|
];
|
||||||
in
|
in
|
||||||
|
|
||||||
|
|
64
machines/compute01/outline.nix
Normal file
64
machines/compute01/outline.nix
Normal file
|
@ -0,0 +1,64 @@
|
||||||
|
{ config, lib, dgn-lib, ... }:
|
||||||
|
|
||||||
|
let
|
||||||
|
inherit (dgn-lib) setDefault;
|
||||||
|
|
||||||
|
host = "docs.dgnum.eu";
|
||||||
|
in {
|
||||||
|
services.outline = {
|
||||||
|
enable = true;
|
||||||
|
|
||||||
|
storage = {
|
||||||
|
region = "garage";
|
||||||
|
uploadBucketUrl = "https://s3.dgnum.eu";
|
||||||
|
|
||||||
|
uploadBucketName = "outline-dgnum";
|
||||||
|
accessKey = "GKb3aa6f6d6627204e8e53729c";
|
||||||
|
secretKeyFile = config.age.secrets."outline-storage_secret_key_file".path;
|
||||||
|
};
|
||||||
|
|
||||||
|
smtp = {
|
||||||
|
username = "web-services@infra.dgnum.eu";
|
||||||
|
port = 465;
|
||||||
|
host = "kurisu.lahfa.xyz";
|
||||||
|
|
||||||
|
fromEmail = "docs@infra.dgnum.eu";
|
||||||
|
replyEmail = "web-services@infra.dgnum.eu";
|
||||||
|
passwordFile = config.age.secrets."outline-smtp_password_file".path;
|
||||||
|
};
|
||||||
|
|
||||||
|
redisUrl = "local";
|
||||||
|
publicUrl = "https://${host}";
|
||||||
|
|
||||||
|
oidcAuthentication = {
|
||||||
|
clientId = "outline_dgn";
|
||||||
|
authUrl = "https://sso.dgnum.eu/ui/oauth2";
|
||||||
|
tokenUrl = "https://sso.dgnum.eu/oauth2/token";
|
||||||
|
userinfoUrl = "https://sso.dgnum.eu/oauth2/openid/outline_dgn/userinfo";
|
||||||
|
displayName = "DGNum SSO";
|
||||||
|
|
||||||
|
clientSecretFile =
|
||||||
|
config.age.secrets."outline-oidc_client_secret_file".path;
|
||||||
|
};
|
||||||
|
|
||||||
|
defaultLanguage = "fr_FR";
|
||||||
|
|
||||||
|
forceHttps = false;
|
||||||
|
port = 3003;
|
||||||
|
};
|
||||||
|
|
||||||
|
services.nginx.virtualHosts.${host} = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
|
||||||
|
locations."/" = {
|
||||||
|
proxyPass = "http://localhost:3003";
|
||||||
|
proxyWebsockets = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
|
||||||
|
dgn-secrets.options = [
|
||||||
|
(setDefault { owner = "outline"; }
|
||||||
|
(builtins.filter (lib.hasPrefix "outline-") config.dgn-secrets.names))
|
||||||
|
];
|
||||||
|
}
|
24
machines/compute01/secrets/outline-oidc_client_secret_file
Normal file
24
machines/compute01/secrets/outline-oidc_client_secret_file
Normal file
|
@ -0,0 +1,24 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 tDqJRg AVv0vGbKDOtg9/9hCgShq3DA28lTB6kHp0k8ge4Hf3Q
|
||||||
|
Nr7eHDfrbddYDbW8Zcn+Hv6hvci+gmynz0OdpOjNprw
|
||||||
|
-> ssh-ed25519 jIXfPA IsQ5TtcSdQ25SbsQsXAnRliu9T9l7+7H7tcZk2AgkEc
|
||||||
|
+SdK5KiGdPo2LLGmJhOVG2du1/c4GpuHpu7SSYz2+Yw
|
||||||
|
-> ssh-ed25519 QlRB9Q YeFY9jbPOxks4KhHneQFYZY/0/QVB30YXwgQTfTL6yY
|
||||||
|
AadG1HEfSj8koG2IVJ75KtJ8QQgEidA66jsKVQiNAA4
|
||||||
|
-> ssh-ed25519 r+nK/Q 73waGcipRsP0v3TmOrvp0jDUpi2lcmMf81JITiu/BUQ
|
||||||
|
d7wqTZxfZK1n5LetGyYTdfqcJsYJHa2IP6rBAftFUdk
|
||||||
|
-> ssh-rsa krWCLQ
|
||||||
|
dtcNdYyCEu+yOwZHmkx6VoZzF4RvbSVmt+OtfJaQKetA423II1/O2lrMGJKwRJaB
|
||||||
|
9RtoHO96wGn2DyuVE79G2XuW7eos6ama1kCv9vDhcNaw6vV2cjZvBZrIp3HtxvGO
|
||||||
|
R5m8xZ+u/qS65FIss6CLaomzRY8qaYYs3ZO4UGcSHpYRUmjfTiOhVa83dp3m6llJ
|
||||||
|
kcSLn9ZtAFiSeFgql+i0ao8PhXYy5GBG8GOzuB54kbUMkZEJQ2O5TKj9bQGecC6t
|
||||||
|
oQeyxfFqGkIRiX51J6CfkIu7rL2XcIABXdPQm+ficujgtH0rutgvXsTddd/+DFii
|
||||||
|
3PsWwdae/m/oOPPF641ktg
|
||||||
|
-> ssh-ed25519 /vwQcQ Z0a+s0N/S/jk/ckgQV7NomgjbGV1icNt/WmsxPfUlHo
|
||||||
|
qJBzJoHKzemuzNRLpN7MlFPuCLWsYLX2RRMpgxdVszE
|
||||||
|
-> ssh-ed25519 0R97PA MlwV6Zwq6cUcnGi7pyPp9KIsVqPMarkx4ftpmAk7bmE
|
||||||
|
XlwfjAZKk4Kp+g1YE4Yf4LEe1XdKlR+xbWsMKvpNi+M
|
||||||
|
-> XxeEZ--grease mz
|
||||||
|
p7B8S8a07ZJXiLBPUXY87J9kog8Yk3Exuj7hoSiHIHHxw8y7JIU7wMYJ
|
||||||
|
--- Pc3pgxkLnwGdDkVaOeONDkI0/kO1Dt09XP65yaw0iAE
|
||||||
|
ÞÆ<EFBFBD>…£e‹‡.F|1Rz‚×ÔE´Ç¬"ÅÄ;ø¥qÊÿpʸ£s¯h <20>îL¤sìøÀŠquT_p´ì;\ÍÖÁø6õó@~ã;}o
|
25
machines/compute01/secrets/outline-smtp_password_file
Normal file
25
machines/compute01/secrets/outline-smtp_password_file
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 tDqJRg 9WAIktIsZEHMOXYl1e/aZnZv7eeOJ++hMu0x4//qDAI
|
||||||
|
ymJfRtQmnzEfJbsK+KSePeV/DFDH+32doemzLMFOJWc
|
||||||
|
-> ssh-ed25519 jIXfPA IBvTDhdX55RTpnqcOkHvr2XBe6EBs1EX3OfFCRjYMCI
|
||||||
|
kIzzu8FG9e6tRljWPONAaMSSvMLKl/W6IEDOyFF7OkM
|
||||||
|
-> ssh-ed25519 QlRB9Q n6qVc0/3t0Tl+jHCJlwaCwA/8vLG9iHqWYIhubxB8WA
|
||||||
|
eoi6bqgfXPDmxxz6wBjJYZQgLb65NHseMkzE16J2yuo
|
||||||
|
-> ssh-ed25519 r+nK/Q hwhs4tVIi1V34yHbpNsos+xDE+ExwdT06mn7VHS7KHE
|
||||||
|
BLf1uJmHF1aA0EH0ACjvVZiTh9u1sgVw6uyWgX5ipKU
|
||||||
|
-> ssh-rsa krWCLQ
|
||||||
|
rqv74qhjmZUvQHXb0Qn1o2Q/vAqH3DoamBH5y7L0KiE6iUPy2AuBqcPf6mCq8xIe
|
||||||
|
J/rIY1YpzIbXAbvgEPpXcAsvFDTa9u7w/PNAxTsWnFRnxQGGZ8rFJuovjGpwrMtN
|
||||||
|
b7pluBg0AReaIHRrZ0NfBBuq+oBpa2szMMs5M7K6XuCmZiA5om6AeGD8xO/hEyK7
|
||||||
|
wSASRjVPoEq9US6rzVQ1/HF7VGtAUm0pwa5BSdcQSt8Wetk2VHWOk/affzViRQMY
|
||||||
|
Qa0RO08NjC8bipoKslAfOgQBG0Qkz4W30qo/TM/aXQD0LFVzO8xNGZ+fsMlZHVDd
|
||||||
|
8fUmdr6YdedeM6sK1lSbmQ
|
||||||
|
-> ssh-ed25519 /vwQcQ IIHpbKYRwc4l17JTSnlC27uOW9BCPpct6e4t9c6Gm1w
|
||||||
|
r1YpYRzp9oKzB7K7TfSjVJ5/u8MgQUsBCwX33eufk8c
|
||||||
|
-> ssh-ed25519 0R97PA qKxNGLm68wijV0MVwPDgHfEBS1QrjaPbCUAzyXDzTD8
|
||||||
|
xTd7eSGhUTTg8DNZvXlXVJn9qR4QNTWAEZEpvZtp8eQ
|
||||||
|
-> F3[qO-grease >
|
||||||
|
+nxdwvSJfb2jUmfvHo4NdrF5zMKs/7UKDdfdR/Nq0ixKldOc38t/fsQT/nO7Sc0X
|
||||||
|
YUfcwPlm0A
|
||||||
|
--- XFCl0I2MfdkSIPZn+qYuUbrrYT4hFyS+J9oIcDOpCog
|
||||||
|
‰âÓ‹¦rPŽþÜuìϖч܉„CšZÜGÕÁñ¯62«\g'½oï$ŠcÔšî«Þ{Ïô
c‡½©âÙ
|
25
machines/compute01/secrets/outline-storage_secret_key_file
Normal file
25
machines/compute01/secrets/outline-storage_secret_key_file
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-ed25519 tDqJRg 5j5AMbEgiJVrZPe/1cKw5pRZAq7Q5cDPYYiGq1P14zo
|
||||||
|
CqKy45yH2agjoiVrNq12gHTrMtAIYfQpczGAAIAQKz4
|
||||||
|
-> ssh-ed25519 jIXfPA E/2hcFg1L2QOwi0KiImfQr2PyXlSGEaThjXbduZ3tVM
|
||||||
|
de9WpiLuu6vLvXUBEPytKYEtlGRPLCR/xZ21zUuJ6M4
|
||||||
|
-> ssh-ed25519 QlRB9Q v5bKs2O+wI9S7OWUdQxZ5NFrHqoCY5TOktzcEow5ykE
|
||||||
|
TCv3AZHETGED0mHm+VSZpCounNYmYjOF3CpnwWkOvzA
|
||||||
|
-> ssh-ed25519 r+nK/Q ST1yzmBl2GPU4gOPnOP1k/JsE6mlmPgY8I4SVI8BlG4
|
||||||
|
CLFXWyY1dDFW67fpOghefAyGFTWsKPe4WrbpyIWgl7c
|
||||||
|
-> ssh-rsa krWCLQ
|
||||||
|
DymuVdMYvmXesAgXxIguJ69qZt2FbejjM51zsdtMP2Si6KN66+iWDqxs/TqqoGt2
|
||||||
|
MOTm0sZsKhCR5UtWTDtCnpSgxgIDkyjQGn6hYWLISWkXrxwqu98bzUzsEojoftns
|
||||||
|
4vFmMTaAgj/thebGX/0aVlw3AoXLjk/noe+vV6MzdS+MEn2cMK3ptYl8o03SJE48
|
||||||
|
Pd+kCCHE0ZTw4A6cu8kAdIcfLD504+rv7UMyF+N51awc4U/wNb0e//NyqTCwu8lu
|
||||||
|
NUmpijmihbmg0Jfzygpb/AOmPd7tWZ6edlMKMTgqcmRUGlBy255vo/1aJ4013wES
|
||||||
|
oVrLuKxFhFFa/MltC25Fag
|
||||||
|
-> ssh-ed25519 /vwQcQ fVeNhIbP0fJhEjP6+D1V3hzbu4O0Qphu8m3NbM6sLw0
|
||||||
|
FkOkl8VouaA6aPpKo3N0sOrRfFUOno4Dss6wQ29HbIk
|
||||||
|
-> ssh-ed25519 0R97PA CQPcshNi8+1UXyIfobDdOgds2DhmW7AqGVtgc89B6GY
|
||||||
|
RaB00hjXE5YJYPNcc/vDKPDb61YmZOF6ag/dPHfCcAo
|
||||||
|
-> N%i-grease I% : c'3
|
||||||
|
Cnk2LzKDFMF2kDPHleKJTtY2NoC0nOIA4fUoe5NLhiJRqaWJWV0tYFIxzSu68TWb
|
||||||
|
nnB01VeEeyYYdz/LK3SakmI7D7OI40SS
|
||||||
|
--- 3GObimibJjJjx0ML8Dg29fcgI1AFdvi4tpEQwkHyKBA
|
||||||
|
Ôi¯Ì¸Z=£haC6Àêw"¯ÃlÕG|‰š6ž§:×?‚#bxM}šê;’µ±<C2B5>™Íòä%ˆíEY/œ6J=ÄD¨ˆÕi‡ðrLþ¼; ¦8³¸Xhl¾ÁäpK
|
|
@ -8,4 +8,7 @@ lib.setDefault { inherit publicKeys; } [
|
||||||
"mastodon-extra_env_file"
|
"mastodon-extra_env_file"
|
||||||
"nextcloud-adminpass_file"
|
"nextcloud-adminpass_file"
|
||||||
"nextcloud-s3_secret_file"
|
"nextcloud-s3_secret_file"
|
||||||
|
"outline-oidc_client_secret_file"
|
||||||
|
"outline-smtp_password_file"
|
||||||
|
"outline-storage_secret_key_file"
|
||||||
]
|
]
|
||||||
|
|
|
@ -63,7 +63,32 @@
|
||||||
# garage: add environmentFile
|
# garage: add environmentFile
|
||||||
{
|
{
|
||||||
id = 257043;
|
id = 257043;
|
||||||
hash = "sha256-etzGZRFgFZra5KmL2pUQnIFBFiAudePDmNTVA4VDiBs=";
|
hash = "sha256-Z+WmDPuDoV1Ex+XzvUhvMPn8U+aw0tCRH3O5oR2qQrM=";
|
||||||
|
}
|
||||||
|
|
||||||
|
# outline: 0.68.1 -> 0.69.2
|
||||||
|
{
|
||||||
|
id = 232235;
|
||||||
|
hash = "sha256-f+upHsuuYyLqd9Wv+9JHhB3HnP+mXWer6L/xi5eFpwE=";
|
||||||
|
}
|
||||||
|
|
||||||
|
# outline: 0.69.2 -> 0.70.2
|
||||||
|
{
|
||||||
|
id = 241667;
|
||||||
|
excludes = [ "nixos/doc/manual/*" ];
|
||||||
|
hash = "sha256-9bOjwaXN/4/ASpNfyhaby+nuIz23gDLDIqgTdApdj1U=";
|
||||||
|
}
|
||||||
|
|
||||||
|
# outline 0.70.2 -> 0.71.0
|
||||||
|
{
|
||||||
|
id = 252126;
|
||||||
|
hash = "sha256-lH8xp5zG2fAaXS2gLF7UxqvuPlAigJ297hvlks0CG/U=";
|
||||||
|
}
|
||||||
|
|
||||||
|
# outline: use fetchYarnDeps
|
||||||
|
{
|
||||||
|
id = 253567;
|
||||||
|
hash = "sha256-aR62vOuTfmJ7MIr3plDcBonQQH2+o2F6z/LAAgcKVHU=";
|
||||||
}
|
}
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue