jordan/nix-config
1
1
Fork 0
Code Issues 14 Pull Requests Actions Projects 3 Wiki Activity

vps1: add outline service
All checks were successful
Check flake / build-amd64-linux (push) Successful in 4m20s
Details

Browse Source
This commit is contained in:
Jordan Holt 2025-02-24 15:16:16 +00:00
parent 48386a44c5
commit bdefd4523a
Signed by: jordan
GPG Key ID: B8CFFF61F1CCF520
2 changed files with 48 additions and 5 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
flake.lock generated
View File

@ -688,11 +688,11 @@
"secrets": {
"flake": false,
"locked": {
"lastModified": 1730732927,
"narHash": "sha256-t3MTEgi6O7DMxMjdi3xcTAztLDQmEtqQ+oU+ZbWz2AI=",
"lastModified": 1740407512,
"narHash": "sha256-Hy+8DoWLZUFfls5XwaMGPDOck2dDKyIrEgo9T+AkjjU=",
"ref": "refs/heads/master",
"rev": "4ae2ac777c38f60a29384b70c456f41847cdf1b5",
"revCount": 28,
"rev": "4e69a52227a61bf4bfbfd9b781bef4bf1fa0bd2b",
"revCount": 29,
"type": "git",
"url": "ssh://git@git.vimium.com/jordan/nix-secrets.git"
},

45
hosts/vps1/default.nix
View File

@ -2,6 +2,7 @@
config,
pkgs,
lib,
self,
...
}:
@ -11,7 +12,10 @@
../server.nix
];
nixpkgs.hostPlatform = "x86_64-linux";
nixpkgs = {
hostPlatform = "x86_64-linux";
config.allowUnfree = true;
};
networking = {
hostId = "08bf6db3";
@ -86,6 +90,45 @@
proxyPass = "https://127.0.0.1:3013";
};
};
"outline.vimium.com" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:3000";
extraConfig = ''
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "Upgrade";
proxy_set_header Host $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Scheme $scheme;
proxy_set_header X-Forwarded-Proto $scheme;
proxy_redirect off;
'';
};
};
};
age.secrets."passwords/services/outline/oidc-client-secret" = {
file = "${self.inputs.secrets}/passwords/services/outline/oidc-client-secret.age";
owner = "outline";
group = "outline";
};
services.outline = {
enable = true;
forceHttps = false;
oidcAuthentication = {
clientId = "outline";
clientSecretFile = config.age.secrets."passwords/services/outline/oidc-client-secret".path;
displayName = "Vimium";
authUrl = "https://auth.vimium.com/ui/oauth2";
tokenUrl = "https://auth.vimium.com/oauth2/token";
userinfoUrl = "https://auth.vimium.com/oauth2/openid/outline/userinfo";
};
publicUrl = "https://outline.vimium.com";
storage.storageType = "local";
};
modules = rec {