outline: refactor

2025-03-10 15:42:19 +00:00 · 2025-03-10 15:42:19 +00:00 · 06600f76ca
commit 06600f76ca
parent cbf449c356
2 changed files with 54 additions and 45 deletions
--- a/hosts/vps1/default.nix
+++ b/hosts/vps1/default.nix
@ -1,7 +1,5 @@
 {
-  config,
  lib,
-  self,
  ...
 }:

@ -10,12 +8,12 @@
    ./hardware-configuration.nix
    ./gitea.nix
    ./kanidm.nix
+    ./outline.nix
    ../server.nix
  ];

  nixpkgs = {
    hostPlatform = "x86_64-linux";
-    config.allowUnfree = true;
  };

  networking = {
@ -51,48 +49,6 @@

  services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";

-  services.nginx.virtualHosts = {
-    "outline.vimium.com" = {
-      forceSSL = true;
-      enableACME = true;
-      locations."/" = {
-        proxyPass = "http://127.0.0.1:3000";
-        extraConfig = ''
-          proxy_set_header Upgrade $http_upgrade;
-          proxy_set_header Connection "Upgrade";
-          proxy_set_header Host $host;
-
-          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-          proxy_set_header X-Real-IP $remote_addr;
-          proxy_set_header X-Scheme $scheme;
-          proxy_set_header X-Forwarded-Proto $scheme;
-          proxy_redirect off;
-        '';
-      };
-    };
-  };
-
-  age.secrets."passwords/services/outline/oidc-client-secret" = {
-    file = "${self.inputs.secrets}/passwords/services/outline/oidc-client-secret.age";
-    owner = "outline";
-    group = "outline";
-  };
-
-  services.outline = {
-    enable = true;
-    forceHttps = false;
-    oidcAuthentication = {
-      clientId = "outline";
-      clientSecretFile = config.age.secrets."passwords/services/outline/oidc-client-secret".path;
-      displayName = "Vimium";
-      authUrl = "https://auth.vimium.com/ui/oauth2";
-      tokenUrl = "https://auth.vimium.com/oauth2/token";
-      userinfoUrl = "https://auth.vimium.com/oauth2/openid/outline/userinfo";
-    };
-    publicUrl = "https://outline.vimium.com";
-    storage.storageType = "local";
-  };
-
  modules = rec {
    services = {
      borgmatic = {
--- a/hosts/vps1/outline.nix
+++ b/hosts/vps1/outline.nix
@ -0,0 +1,53 @@
+{
+  config,
+  self,
+  ...
+}:
+let
+  domain = "outline.vimium.com";
+in
+{
+  nixpkgs.config.allowUnfree = true;
+
+  services.nginx.virtualHosts = {
+    "${domain}" = {
+      forceSSL = true;
+      enableACME = true;
+      locations."/" = {
+        proxyPass = "http://127.0.0.1:3000";
+        extraConfig = ''
+          proxy_set_header Upgrade $http_upgrade;
+          proxy_set_header Connection "Upgrade";
+          proxy_set_header Host $host;
+
+          proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+          proxy_set_header X-Real-IP $remote_addr;
+          proxy_set_header X-Scheme $scheme;
+          proxy_set_header X-Forwarded-Proto $scheme;
+          proxy_redirect off;
+        '';
+      };
+    };
+  };
+
+  age.secrets."passwords/services/outline/oidc-client-secret" = {
+    file = "${self.inputs.secrets}/passwords/services/outline/oidc-client-secret.age";
+    owner = "outline";
+    group = "outline";
+  };
+
+  services.outline = {
+    enable = true;
+    forceHttps = false;
+    oidcAuthentication = {
+      clientId = "outline";
+      clientSecretFile = config.age.secrets."passwords/services/outline/oidc-client-secret".path;
+      displayName = "Vimium";
+      authUrl = "https://auth.vimium.com/ui/oauth2";
+      tokenUrl = "https://auth.vimium.com/oauth2/token";
+      userinfoUrl = "https://auth.vimium.com/oauth2/openid/outline/userinfo";
+    };
+    publicUrl = "https://${domain}";
+    storage.storageType = "local";
+  };
+}