From 6fb5d93ee78fa3d868d4e34d7dd2773f0d07f6a8 Mon Sep 17 00:00:00 2001 From: GaspardCulis Date: Sun, 3 Nov 2024 21:06:00 +0100 Subject: [PATCH] feat(services): Added `Outline` service --- secrets/OVHCloud.yaml | 15 ++++++-- services/authelia/configuration.yml | 14 ++++++++ services/default.nix | 1 + services/outline/default.nix | 53 +++++++++++++++++++++++++++++ services/penpot/default.nix | 1 + 5 files changed, 81 insertions(+), 3 deletions(-) create mode 100644 services/outline/default.nix diff --git a/secrets/OVHCloud.yaml b/secrets/OVHCloud.yaml index 74541cb..4972697 100644 --- a/secrets/OVHCloud.yaml +++ b/secrets/OVHCloud.yaml @@ -22,6 +22,15 @@ gitlab: OTP_KEY: ENC[AES256_GCM,data:BphY+ZO26N82iN1782ephpyqYwTt3UmCawX9/1kwvWEo5OebpUOOOQnR03I=,iv:EaHAW/sb1MGfN9ZFeB8t4xxVUtxb5jM7uL06/eGPxck=,tag:Qg+0oBsc0oB1T8NO2Znw5g==,type:str] DB_KEY: ENC[AES256_GCM,data:9Yso0CEnpAU/sX2NW8roSz+w/lhfK220f35U8Z3t+GNOi+Zd7Ybb/7kill4=,iv:fsQ86NRJbLYfjFZ/ka6po1o35dagqmiqhfQmUQNzlPg=,tag:LV9Sh+TlYv+kRW0bLWajnw==,type:str] JWS_KEY: ENC[AES256_GCM,data:7QGTClTixUmLFuPwkdvaVbPfZhVFpjtnW4/T6W0Lpu2j5Xt1jxijgRSHYRo=,iv:9v5TGU8+SlKzAQtfF/3VBQ4D9asyNcOOa4ElEG7OQdE=,tag:MPWKPJtFfIeo38uCVG1H7w==,type:str] +notesnook: + API_SECRET: ENC[AES256_GCM,data:E2wikU7aAXzuZ1m1javW7SbkCxVSii1zLF2AjFCWbVpyRvVN9le764fU29A=,iv:9R/Hzwdr9shQNYxtSJB18CUiaGq/XfMY2mTlTL5aLHs=,tag:ediIkiZRNOK61xGUO8vKwA==,type:str] + S3_ACCESS_KEY_ID: ENC[AES256_GCM,data:Pmzvjon0RH2d78hiO0JEa8Lbad2a+mzX+zs=,iv:IyKuX3lWVqJuovkVNi/5eEZbRSL+jsOG5Kd09mEwr6w=,tag:Z2SfFsLpaPMDphhBp/1b0Q==,type:str] + S3_ACCESS_KEY: ENC[AES256_GCM,data:cFv5P0u1u+eITCjf/le7Pcllqdj3UoUzoN5b3G/4R6aZR08RBKdcvs3mR9gnDHVMlhxogZfzkl4yptHK671cZA==,iv:rE4cbfbdqkYmuap4iYZMnakOveT3jCRUuw6E/Q0RnWg=,tag:eSz4UqduFRW3BnVUJSY3mw==,type:str] + SMTP_PASSWORD: ENC[AES256_GCM,data:efOK1OwlbehUv/a2K0zHTlNjqyVlUWFF,iv:kDA0sS8Rs4zlK+YJhUWiNAw0OsskFyszoSEQ0RiZxy8=,tag:JdclQMpkTc3Ggl8g0Dxdww==,type:str] +outline: + OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:BlV4g/ri3BkvjD/2BybGS5H8fqQkGZ8dE+Nm91WV1ia5Qq/QhzED0NsM2sIcow2vKh12Q/T+NyhvkgmdV6xzWKjY7C/WMkt+,iv:lIhD8drsTqlbEKM/2ZlIspabTjy55eHnnh6YjXm996o=,tag:kaTDj28HUjKKqVkOu1XSRA==,type:str] + SMTP_PASSWORD: ENC[AES256_GCM,data:ZkVT5HLT0PB6FsdHBFaasQp86S+UNM91,iv:AG+7F0zMgGHcCEd6KkZu+UPzCfs+CGfe4P54PtZCxr0=,tag:QcG8wBeyRwmeHg+RmF7jqQ==,type:str] + S3_SECRET_KEY: ENC[AES256_GCM,data:G/uX/JggGnMu9JMqXR2AkNjxAmGjjXKJchAOfnYLFWFt/oc8rJaK6TKPmHKF7+dL9Iphfvuu6k8Bs/hkOuhG6w==,iv:ghazTJoiBk1frpJbJrcSm53dU1/xi//+yruAqhm6T8E=,tag:kd3XYWQg5z/pMMmXqAtzGw==,type:str] penpot: SECRET_KEY: ENC[AES256_GCM,data:Ebeehmby3FBDOaTxwTWg9vKTsB+w8wpa6FdxcvvRTwDR07A0Ljk4WCaPmbPBArbwB14cMSuGeDGBrvNo1x8N+u3FeMMei+TGvgJGssZynxEN7+g5gTg=,iv:ZAa3n7CCyeeeAIv48JpIZmjFiyHiXLFK+Q0Wqf7utFY=,tag:6JZZ53jEM579vYhQG4X2Fw==,type:str] OIDC_CLIENT_SECRET: ENC[AES256_GCM,data:+GrXq113byY5XqFDE1tF4n5xcrhIjg2KI39xgxY6hEcS3r6KcF6SAFmczoscMFPJccaTv7Pcr7zfzDxGT7zDuNyj324nzvff,iv:onZV3ESU4Kbvp9x9rfXuq17FlhaoE/4ZXIwH4/bOXPc=,tag:I02FFF54NDMyJuicdwy4TA==,type:str] @@ -65,8 +74,8 @@ sops: MFpMemF4MGg1bmVUeWV5N25LTUtyczQKss0x4zT1kyeRu+qenhrdbcPlU/p+yjVN y3j4eGpnwgc2rxSL9vkrrkzx/atUqUkgGU/YstszUrP6XKbJ+9ydpQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-10-24T10:04:55Z" - mac: ENC[AES256_GCM,data:fXCKFVev+ALjXdSPDw7QynQvh2ItusAUq/ZHCUv2dTLZcoW1/42hOyRexQPoQTAw+mACB1Sp9IPu5N5Gg3TSoxV6I67q7+S8FZVzfB1a8wMTIDF1vSOp5eHM3g6i8Wjip23V0LqUqjok4tuunDVnkOmp0uD0fLlaIiTpFgS3HJo=,iv:iq8CYdzR2F4knyTBHYIsS/hF+WCYcWXrpBAl2Ow60A0=,tag:hmNaTtIUqHRbU9aFzD6gww==,type:str] + lastmodified: "2024-11-03T19:39:34Z" + mac: ENC[AES256_GCM,data:/LhtjIGX+a2q4gOZ8KpcNX1UFaLCUG1xAM4pGVx5c4YwdbC4UUuKSaeu0WWzaHaVw/1GNgODhXTC7HOcIr7Y4WgbDV79dF7kdotn1dRlIV0LwLJ22MrmUeQpxOR25zvAEshP0ekqNAV1gf8/TqNvHy8jGwThq4F/8J0hKbov3VQ=,iv:c5Vagv78n+T3Kym/h6EJnGbtWhDrFKg8GKhpu7FQYZ4=,tag:LGtkD/4SfCaMo/LfZwvlhQ==,type:str] pgp: [] unencrypted_suffix: _unencrypted - version: 3.9.0 + version: 3.9.1 diff --git a/services/authelia/configuration.yml b/services/authelia/configuration.yml index fa18c18..988e863 100644 --- a/services/authelia/configuration.yml +++ b/services/authelia/configuration.yml @@ -34,6 +34,20 @@ identity_providers: - 'email' - 'openid' - 'profile' + - client_id: 'outline' + client_name: 'Outline' + client_secret: '$pbkdf2-sha512$310000$KykggigTF2ZRKzEdHqPD0A$TV66lPDqlTodPjFGMpxMUaeQPywHliW8yTXfXsMh4EBkYI3cIqmDc.z6Yk/3/So2.HqsRWwfPlEHmBn9Esq/4A' + public: false + authorization_policy: 'one_factor' + redirect_uris: + - 'https://outline.gasdev.fr/auth/oidc.callback' + scopes: + - 'openid' + - 'offline_access' + - 'profile' + - 'email' + userinfo_signed_response_alg: 'none' + token_endpoint_auth_method: 'client_secret_post' authentication_backend: diff --git a/services/default.nix b/services/default.nix index 2234a8e..d4c2b74 100644 --- a/services/default.nix +++ b/services/default.nix @@ -2,6 +2,7 @@ imports = [ ./authelia ./garage + ./outline ./penpot ./shadowsocks ./uptime-kuma diff --git a/services/outline/default.nix b/services/outline/default.nix new file mode 100644 index 0000000..4a835b7 --- /dev/null +++ b/services/outline/default.nix @@ -0,0 +1,53 @@ +{ + config, + lib, + ... +}: { + sops.secrets."outline/OIDC_CLIENT_SECRET".owner = "outline"; + sops.secrets."outline/SMTP_PASSWORD".owner = "outline"; + sops.secrets."outline/S3_SECRET_KEY".owner = "outline"; + + services.caddy.virtualHosts."outline.gasdev.fr".extraConfig = '' + reverse_proxy http://127.0.0.1:7143 + ''; + + services.outline = { + enable = true; + port = 7143; + publicUrl = "https://outline.gasdev.fr"; + forceHttps = false; + + oidcAuthentication = { + authUrl = "https://auth.gasdev.fr/api/oidc/authorization"; + userinfoUrl = "https://auth.gasdev.fr/api/oidc/userinfo"; + tokenUrl = "https://auth.gasdev.fr/api/oidc/token"; + displayName = "Authelia"; + clientId = "outline"; + clientSecretFile = config.sops.secrets."outline/OIDC_CLIENT_SECRET".path; + scopes = ["openid" "offline_access" "profile" "email"]; + }; + + smtp = { + host = "smtp.mail.ovh.net"; + port = 465; + username = "postmaster@gasdev.fr"; + passwordFile = config.sops.secrets."outline/SMTP_PASSWORD".path; + fromEmail = "from.outline@gasdev.fr"; + replyEmail = "reply.outline@gasdev.fr"; + }; + + storage = { + storageType = "s3"; + uploadBucketUrl = "https://s3.gasdev.fr"; + uploadBucketName = "outline-bucket"; + accessKey = "GKd60d7ca02de8478633442cf6"; + secretKeyFile = config.sops.secrets."outline/S3_SECRET_KEY".path; + region = "garage"; + }; + }; + + nixpkgs.config.allowUnfreePredicate = pkg: + builtins.elem (lib.getName pkg) [ + "outline" + ]; +} diff --git a/services/penpot/default.nix b/services/penpot/default.nix index f7b88bf..5880ce6 100644 --- a/services/penpot/default.nix +++ b/services/penpot/default.nix @@ -100,6 +100,7 @@ penpot-postgres = { image = "docker.io/postgres:15"; autoStart = true; + ports = []; volumes = [ "penpot_postgres:/var/lib/postgresql/data" ];