jordan/nix-config
1
1
Fork 0
Code Issues 14 Pull Requests Actions Projects 3 Wiki Activity

outline: refactor

Browse Source
This commit is contained in:
Jordan Holt 2025-03-10 15:42:19 +00:00
parent cbf449c356
commit 06600f76ca
Signed by: jordan
GPG Key ID: B8CFFF61F1CCF520
2 changed files with 54 additions and 45 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

46
hosts/vps1/default.nix
View File

@ -1,7 +1,5 @@
{ {
config,
lib, lib,
self,
... ...
}: }:
@ -10,12 +8,12 @@
./hardware-configuration.nix ./hardware-configuration.nix
./gitea.nix ./gitea.nix
./kanidm.nix ./kanidm.nix
./outline.nix
../server.nix ../server.nix
]; ];
nixpkgs = { nixpkgs = {
hostPlatform = "x86_64-linux"; hostPlatform = "x86_64-linux";
config.allowUnfree = true;
}; };
networking = { networking = {
@ -51,48 +49,6 @@
services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password"; services.openssh.settings.PermitRootLogin = lib.mkForce "prohibit-password";
services.nginx.virtualHosts = {
"outline.vimium.com" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
'';
};
};
};
age.secrets."passwords/services/outline/oidc-client-secret" = {
file = "${self.inputs.secrets}/passwords/services/outline/oidc-client-secret.age";
owner = "outline";
group = "outline";
};
services.outline = {
enable = true;
forceHttps = false;
oidcAuthentication = {
clientId = "outline";
clientSecretFile = config.age.secrets."passwords/services/outline/oidc-client-secret".path;
displayName = "Vimium";
authUrl = "https://auth.vimium.com/ui/oauth2";
tokenUrl = "https://auth.vimium.com/oauth2/token";
userinfoUrl = "https://auth.vimium.com/oauth2/openid/outline/userinfo";
};
publicUrl = "https://outline.vimium.com";
storage.storageType = "local";
};
modules = rec { modules = rec {
services = { services = {
borgmatic = { borgmatic = {

53
hosts/vps1/outline.nix Normal file
View File

@ -0,0 +1,53 @@
{
config,
self,
...
}:
let
domain = "outline.vimium.com";
in
{
nixpkgs.config.allowUnfree = true;
services.nginx.virtualHosts = {
"${domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
'';
};
};
};
age.secrets."passwords/services/outline/oidc-client-secret" = {
file = "${self.inputs.secrets}/passwords/services/outline/oidc-client-secret.age";
owner = "outline";
group = "outline";
};
services.outline = {
enable = true;
forceHttps = false;
oidcAuthentication = {
clientId = "outline";
clientSecretFile = config.age.secrets."passwords/services/outline/oidc-client-secret".path;
displayName = "Vimium";
authUrl = "https://auth.vimium.com/ui/oauth2";
tokenUrl = "https://auth.vimium.com/oauth2/token";
userinfoUrl = "https://auth.vimium.com/oauth2/openid/outline/userinfo";
};
publicUrl = "https://${domain}";
storage.storageType = "local";
};
}