ghoscht/nix-config
ghoscht/nix-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Arion: Add outline wiki

Browse source
This commit is contained in:
GHOSCHT 2024-08-09 15:59:15 +02:00
parent b5b149474b
commit 4545dd5efe
Signed by: ghoscht
GPG key ID: 2C2C1C62A5388E82
5 changed files with 166 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
hosts/franz/arion/default.nix
View file

@ -22,6 +22,7 @@
./auth ./auth
./minio ./minio
./stats ./stats
./wiki
]; ];
environment.systemPackages = with pkgs; [arion]; environment.systemPackages = with pkgs; [arion];

82
hosts/franz/arion/wiki/arion-compose.nix Normal file
View file

@ -0,0 +1,82 @@
{
project.name = "wiki";
networks.dmz = {
name = "dmz";
external = true;
};
networks.internal = {};
services = {
outline.service = {
image = "docker.getoutline.com/outlinewiki/outline:0.77.2";
container_name = "outline";
labels = {
"traefik.enable" = "true";
"traefik.http.services.outline.loadbalancer.server.port" = "3000";
"traefik.http.routers.outline.service" = "outline";
"traefik.http.routers.outline.rule" = "Host(`wiki.ghoscht.com`)";
"traefik.http.routers.outline.entrypoints" = "websecure";
"traefik.http.routers.outline.tls" = "true";
"traefik.http.routers.outline.tls.certresolver" = "letsencrypt";
};
environment = {
NODE_ENV = "production";
PGSSLMODE = "disable";
REDIS_URL = "redis://redis:6379";
URL = "https://wiki.ghoscht.com";
PORT = 3000;
OIDC_AUTH_URI = "https://auth.ghoscht.com/application/o/authorize/";
OIDC_TOKEN_URI = "https://auth.ghoscht.com/application/o/token/";
OIDC_USERINFO_URI = "https://auth.ghoscht.com/application/o/userinfo/";
AWS_REGION = "local";
AWS_S3_UPLOAD_BUCKET_URL = "https://files.ghoscht.com";
AWS_S3_UPLOAD_BUCKET_NAME = "outline";
AWS_S3_UPLOAD_MAX_SIZE = 26214400;
AWS_S3_FORCE_PATH_STYLE = "true";
AWS_S3_ACL = "private";
};
env_file = [
"/home/ghoscht/.docker/wiki/outline.env"
];
restart = "always";
depends_on = {
redis = {condition = "service_healthy";};
postgres = {condition = "service_healthy";};
};
networks = [
"dmz"
"internal"
];
};
redis.service = {
image = "redis:7.2.4";
command = "--save 60 1 --loglevel warning";
restart = "always";
volumes = [
"/storage/dataset/docker/wiki/redis_data:/data"
];
networks = [
"internal"
];
};
postgres.service = {
image = "postgres:12.18";
restart = "always";
volumes = [
"/storage/dataset/docker/wiki/postgres_data:/var/lib/postgresql/data"
];
networks = [
"internal"
];
env_file = [
"/home/ghoscht/.docker/wiki/postgres.env"
];
};
};
}

6
hosts/franz/arion/wiki/arion-pkgs.nix Normal file
View file

@ -0,0 +1,6 @@
# Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH
import <nixpkgs> {
# We specify the architecture explicitly. Use a Linux remote builder when
# calling arion from other platforms.
system = "x86_64-linux";
}

67
hosts/franz/arion/wiki/default.nix Normal file
View file

@ -0,0 +1,67 @@
{config, ...}: let
vars = import ../../../../vars.nix;
in {
virtualisation.arion = {
projects.wiki.settings = {
imports = [./arion-compose.nix];
};
};
sops.secrets."wiki/aws_access_key_id" = {
owner = vars.user;
};
sops.secrets."wiki/aws_secret_access_key" = {
owner = vars.user;
};
sops.secrets."wiki/oidc_client_id" = {
owner = vars.user;
};
sops.secrets."wiki/oidc_client_secret" = {
owner = vars.user;
};
sops.secrets."wiki/secret_key" = {
owner = vars.user;
};
sops.secrets."wiki/utils_secret" = {
owner = vars.user;
};
sops.secrets."wiki/db_user" = {
owner = vars.user;
};
sops.secrets."wiki/db_pass" = {
owner = vars.user;
};
sops.secrets."wiki/db_name" = {
owner = vars.user;
};
sops.templates."wiki-postgres.env" = {
path = "/home/${vars.user}/.docker/wiki/postgres.env";
owner = vars.user;
mode = "0775";
content = ''
POSTGRES_PASSWORD="${config.sops.placeholder."wiki/db_pass"}"
POSTGRES_USER="${config.sops.placeholder."wiki/db_user"}"
POSTGRES_DB="${config.sops.placeholder."wiki/db_name"}"
'';
};
sops.templates."wiki-outline.env" = {
path = "/home/${vars.user}/.docker/wiki/outline.env";
owner = vars.user;
mode = "0775";
content = ''
SECRET_KEY="${config.sops.placeholder."wiki/secret_key"}"
UTILS_SECRET="${config.sops.placeholder."wiki/utils_secret"}"
OIDC_CLIENT_ID="${config.sops.placeholder."wiki/oidc_client_id"}"
OIDC_CLIENT_SECRET="${config.sops.placeholder."wiki/oidc_client_secret"}"
AWS_ACCESS_KEY_ID="${config.sops.placeholder."wiki/aws_access_key_id"}"
AWS_SECRET_ACCESS_KEY="${config.sops.placeholder."wiki/aws_secret_access_key"}"
DATABASE_URL="postgres://${config.sops.placeholder."wiki/db_user"}:${config.sops.placeholder."wiki/db_pass"}@postgres:5432/${config.sops.placeholder."wiki/db_name"}"
DATABASE_URL_TEST="postgres://${config.sops.placeholder."wiki/db_user"}:${config.sops.placeholder."wiki/db_pass"}@postgres:5432/${config.sops.placeholder."wiki/db_name"}"
'';
};
}

10
secrets/franz.yaml
View file

@ -51,6 +51,16 @@ minio:
root_password: ENC[AES256_GCM,data:0//dfGYkV80=,iv:h1b0R2QRpN/RI9kUBU0fiKLOI3PUYmisa7RH1ibSF4c=,tag:ln1cv5LQpb76vK5+eTvSuA==,type:str] root_password: ENC[AES256_GCM,data:0//dfGYkV80=,iv:h1b0R2QRpN/RI9kUBU0fiKLOI3PUYmisa7RH1ibSF4c=,tag:ln1cv5LQpb76vK5+eTvSuA==,type:str]
diun: diun:
ntfy_access_token: ENC[AES256_GCM,data:37UYgaMlmpoMW74LqtxkuMqGQmCvLpVdJAgEmVxSULY=,iv:tZPlfIgo1vWvMPlQzCBPXj5xYDiTWJOsVwkxBjGNMDk=,tag:882g2UxFfg5VSKqAtEMk2Q==,type:str] ntfy_access_token: ENC[AES256_GCM,data:37UYgaMlmpoMW74LqtxkuMqGQmCvLpVdJAgEmVxSULY=,iv:tZPlfIgo1vWvMPlQzCBPXj5xYDiTWJOsVwkxBjGNMDk=,tag:882g2UxFfg5VSKqAtEMk2Q==,type:str]
wiki:
aws_access_key_id: ENC[AES256_GCM,data:Fqfa6XcDDpQ0l+/entQh6sxobBM=,iv:gbfHxTy0Oj9xYlucpN98CjNIURDrx9BuFF4Pfo90V0M=,tag:df8Z3J2ovO1MHPnzOsCtpg==,type:str]
aws_secret_access_key: ENC[AES256_GCM,data:sbgzvlN5dP4jZIGKtDsMn5o2RqWTl+XNi80ydnOgrQkgnQ/HxluWWA==,iv:xyCKfbf/UF9cFunCYHwVBw4eVvOeZQtfPtrz2s6zIII=,tag:S0wzL8d5iEn20VbOVfrZBw==,type:str]
oidc_client_id: ENC[AES256_GCM,data:SSuRQJfgzeb641U2eeVE8wYZAbEWHYSSx0b8n4687FHLslFPGCAWeA==,iv:khCwIE50KVEtHJoDJBdCBJIDVZiDjkCS2D4yUt3AEOQ=,tag:JjVil9C2HHdTH1fDzDAJkg==,type:str]
oidc_client_secret: ENC[AES256_GCM,data:6TgTZsfaBdsismhK/lAiayMU8uIFOCmumV9tzmqNSocbqQgKAuEwgXTisMtndsk64JA2NYCS2DXhe+NSBO++aBscZ/hbqxBNWqw7c84YugqXMRFeqidb+RSJKdJ6WDmwGBfGm6/kjGJ+FSGuiu1S4sfOlfp2bXM5mhvgAXUygfg=,iv:Q9QoWp2V6uwFJidsL7QzB67TO4uFsqmun8zdZgRXbNI=,tag:wphiixaGZgsmk4sQFyvqbg==,type:str]
secret_key: ENC[AES256_GCM,data:Xr4iRj2oYJYVBBzIOsT6d4LjQo/M+qy7XVoNoM9vQWeWZuZlCnrdy7cfsa6VfHVnPNfdMIccmvBk3VzdDH1ukA==,iv:62LiqANdqrSMGzgaxL3uxgwyZtZd1XrsYEMF/ixt+lM=,tag:OH4xth89KDKONnbniM3itg==,type:str]
utils_secret: ENC[AES256_GCM,data:M062FvE0kFVyjkxIlolLtR/NwIya1Si7r/im1SDLvGNIHn4kDgat5KTHitjjMFMOKeSKT7ipgHc/lWCQYbi6IA==,iv:LWLOt+vZF0xK68LJTw1xWIWG65pkGiMnx/oMRBzeyyQ=,tag:SXKu3UO6IKupBVfvAwCtHw==,type:str]
db_user: ENC[AES256_GCM,data:g2+KPA==,iv:0I7EoGNlnnKf5H0UnmJ++9XDHEqZpXgZkyaW9flxN8c=,tag:b3WrfHGkxIJ1nNFp3FHAjA==,type:str]
db_pass: ENC[AES256_GCM,data:rYmNXQ==,iv:ZnImkMdIkp92jkojLVBSGSN06my3xFwr3AFfENNXgfQ=,tag:AZHqXRLfJ0lFrGyut+Sdug==,type:str]
db_name: ENC[AES256_GCM,data:Ns7vKJxeTw==,iv:GREMMRicS+1n/uk+KOeplqHn/ZdjjOjQ4d0qV5FICy8=,tag:CSeDTNjBiJ4G2VnytpNXiw==,type:str]
sops: sops:
kms: [] kms: []
gcp_kms: [] gcp_kms: []