From b58df0632ac512fda887d6c756e9b922f351458c Mon Sep 17 00:00:00 2001 From: Zuckerberg Date: Sun, 10 Aug 2025 20:49:50 -0700 Subject: [PATCH] Add outline service --- machines/storage/s0/default.nix | 23 +++++++++++++++++++++++ machines/storage/s0/properties.nix | 1 + secrets/robots-email-pw.age | Bin 483 -> 813 bytes secrets/secrets.nix | 2 +- 4 files changed, 25 insertions(+), 1 deletion(-) diff --git a/machines/storage/s0/default.nix b/machines/storage/s0/default.nix index bc58395..3036cd6 100644 --- a/machines/storage/s0/default.nix +++ b/machines/storage/s0/default.nix @@ -253,6 +253,7 @@ (mkVirtualHost "budget.s0.neet.dev" "http://localhost:${toString config.services.actual.settings.port}") # actual budget (mkVirtualHost "linkwarden.s0.neet.dev" "http://localhost:${toString config.services.linkwarden.port}") (mkVirtualHost "memos.s0.neet.dev" "http://localhost:${toString config.services.memos.port}") + (mkVirtualHost "outline.s0.neet.dev" "http://localhost:${toString config.services.outline.port}") ]; tailscaleAuth = { @@ -276,6 +277,7 @@ "budget.s0.neet.dev" "linkwarden.s0.neet.dev" # "memos.s0.neet.dev" # messes up memos /auth route + # "outline.s0.neet.dev" # messes up outline /auth route ]; expectedTailnet = "koi-bebop.ts.net"; }; @@ -351,5 +353,26 @@ port = 57643; }; + services.outline = { + enable = true; + forceHttps = false; # https through nginx + port = 43933; + publicUrl = "https://outline.s0.neet.dev"; + storage.storageType = "local"; + smtp = { + secure = true; + fromEmail = "robot@runyan.org"; + username = "robot@runyan.org"; + replyEmail = "robot@runyan.org"; + host = "mail.neet.dev"; + port = 465; + passwordFile = "/run/agenix/robots-email-pw"; + }; + }; + age.secrets.robots-email-pw = { + file = ../../../secrets/robots-email-pw.age; + owner = config.services.outline.user; + }; + boot.binfmt.emulatedSystems = [ "aarch64-linux" "armv7l-linux" ]; } diff --git a/machines/storage/s0/properties.nix b/machines/storage/s0/properties.nix index f58f391..9d133c8 100644 --- a/machines/storage/s0/properties.nix +++ b/machines/storage/s0/properties.nix @@ -16,6 +16,7 @@ "zigbee" "media-server" "linkwarden" + "outline" ]; hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q"; diff --git a/secrets/robots-email-pw.age b/secrets/robots-email-pw.age index 362c882bc79dfb845e145cfc08ec2b96b3e30501..4622b7d48c8a56226610c41f579747f591379941 100644 GIT binary patch delta 741 zcmaFNyq0Z(PQ77JsCH#=Zi%0{VPHV9wr_G_maBiVp|6u^iLtw1rhj@!q(^d8p?N@H zI+tI*vu{*Jrlm_!c%DaikZEe6t7&R_nv1D_s%K_?p=)x6Q*lsQP;!NKAeXM4LUD11 zZfc5=si~o*Lb-8XsYSX%YG80ifs<=qT3W7Uxr9c z4-)kTg}DXUd7%|)`N4T%PMQ9`MwOnvz7~#dWrbc9Ar|SD#wA|Hfsq--*^XS^&L-|< zC7J%|`lbPyCCNEy&ILaC*)GNr{{Fe?VV<6jE}s4_6%pp%W)|ok$p|Pg%qv%@aEUNB zj7aeC!-od67A(mw+g}F|?Tq$K$NyZg!WhOy>{z3UEIf=%l$vGvy zSy91Gp-Gh`m1ViErIx+{xqhC-6F-XAd*>xbl)9&wm<3t58;6?ZcxL#y`R65PMr0Qm z76<1W6nJFVk#gln6bnq*Y?=R{Olc=<5CP)pUhalD tqWJPMFJ|jC=kN2$E_$-=8cWEpHT^|775)+i8E0kxPQBC>IOp@BM*x|=1E2r^ delta 409 zcmZ3>_LzBsPPk8AV2N`^qN%56hG|uPc9~B^P?%GZkA84fp-DtRj=q7JrE5`2Kt`2e zIhU)EuR)@>Nn%iXW=KI{aHNy5Q&mBwc~oIyrE9RMPkyeOOPY3CVntX)^5nCO;$a>h zB?U!kA%4Lw0m)TG`oXT2CI%IWQI0`Q6F*4Q2Rjz|2N>m)mz#&=Wat-} zB)OR6dWU!=rxdtX<|l^cnT2^8r>90nmAT||g;!a6WLjhyr}+j)Ci|MEW*g@Prdzre zd3XdE<@lzjWSfR28RwZgmK!*7>FVk#WTtzXCHomigy(u2h8agy8iZMvr#qXK75kSt z6=xNBml`?6n52g#xq1dgayd?%WjZBkZl&M-IK%jaWsUqB-~W-6b6R=gMXdj1=icl` zIldLIcHO@AaMN`2XhW5Wsj4Z;DJxFg?B0BE!-jv{XLGi^>Jz%3yK3?;FU3EWm5bKj G_zM88W0+w8 diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 3071fd2..50c279e 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -17,7 +17,7 @@ with roles; "cris-hashed-email-pw.age".publicKeys = email-server; "sasl_relay_passwd.age".publicKeys = email-server; "hashed-robots-email-pw.age".publicKeys = email-server; - "robots-email-pw.age".publicKeys = gitea; + "robots-email-pw.age".publicKeys = gitea ++ outline; # nix binary cache # public key: s0.koi-bebop.ts.net:OjbzD86YjyJZpCp9RWaQKANaflcpKhtzBMNP8I2aPUU=