Add outline service

flake.lock

@@ -283,6 +283,18 @@
         "url": "https://github.com/NixOS/nixpkgs/pull/347353.diff"
       }
     },
+    "nixpkgs-memos": {
+      "flake": false,
+      "locked": {
+        "narHash": "sha256-UidUaQY+9vo90rNCVInX1E+JbJ1xKFVSTMNRYKQEKpQ=",
+        "type": "file",
+        "url": "https://github.com/NixOS/nixpkgs/pull/426687.diff"
+      },
+      "original": {
+        "type": "file",
+        "url": "https://github.com/NixOS/nixpkgs/pull/426687.diff"
+      }
+    },
     "root": {
       "inputs": {
         "agenix": "agenix",
@@ -295,6 +307,7 @@
         "nixos-hardware": "nixos-hardware",
         "nixpkgs": "nixpkgs",
         "nixpkgs-linkwarden": "nixpkgs-linkwarden",
+        "nixpkgs-memos": "nixpkgs-memos",
         "simple-nixos-mailserver": "simple-nixos-mailserver",
         "systems": "systems"
       }

flake.nix

@@ -6,6 +6,10 @@
       url = "https://github.com/NixOS/nixpkgs/pull/347353.diff";
       flake = false;
     };
+    nixpkgs-memos = {
+      url = "https://github.com/NixOS/nixpkgs/pull/426687.diff";
+      flake = false;
+    };
 
     # Common Utils Among flake inputs
     systems.url = "github:nix-systems/default";
@@ -129,6 +133,7 @@
                   # despite me following guides and examples specific to rust packages.
                   ./patches/librespot-pin.patch
                   inputs.nixpkgs-linkwarden
+                  inputs.nixpkgs-memos
                 ];
               };
               patchedNixpkgs = nixpkgs.lib.fix (self: (import "${patchedNixpkgsSrc}/flake.nix").outputs { self = nixpkgs; });

machines/storage/s0/default.nix

@@ -252,6 +252,8 @@
         (mkVirtualHost "todo.s0.neet.dev" "http://localhost:${toString config.services.vikunja.port}")
         (mkVirtualHost "budget.s0.neet.dev" "http://localhost:${toString config.services.actual.settings.port}") # actual budget
         (mkVirtualHost "linkwarden.s0.neet.dev" "http://localhost:${toString config.services.linkwarden.port}")
+        (mkVirtualHost "memos.s0.neet.dev" "http://localhost:${toString config.services.memos.port}")
+        (mkVirtualHost "outline.s0.neet.dev" "http://localhost:${toString config.services.outline.port}")
       ];
 
     tailscaleAuth = {
@@ -272,6 +274,10 @@
         "zigbee.s0.neet.dev"
         "vacuum.s0.neet.dev"
         "todo.s0.neet.dev"
+        "budget.s0.neet.dev"
+        "linkwarden.s0.neet.dev"
+        # "memos.s0.neet.dev" # messes up memos /auth route
+        # "outline.s0.neet.dev" # messes up outline /auth route
       ];
       expectedTailnet = "koi-bebop.ts.net";
     };
@@ -341,5 +347,32 @@
     port = 48072;
   };
 
+  services.memos = {
+    enable = true;
+    address = "127.0.0.1";
+    port = 57643;
+  };
+
+  services.outline = {
+    enable = true;
+    forceHttps = false; # https through nginx
+    port = 43933;
+    publicUrl = "https://outline.s0.neet.dev";
+    storage.storageType = "local";
+    smtp = {
+      secure = true;
+      fromEmail = "robot@runyan.org";
+      username = "robot@runyan.org";
+      replyEmail = "robot@runyan.org";
+      host = "mail.neet.dev";
+      port = 465;
+      passwordFile = "/run/agenix/robots-email-pw";
+    };
+  };
+  age.secrets.robots-email-pw = {
+    file = ../../../secrets/robots-email-pw.age;
+    owner = config.services.outline.user;
+  };
+
   boot.binfmt.emulatedSystems = [ "aarch64-linux" "armv7l-linux" ];
 }

machines/storage/s0/properties.nix

@@ -16,6 +16,7 @@
     "zigbee"
     "media-server"
     "linkwarden"
+    "outline"
   ];
 
   hostKey = "ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIAwiXcUFtAvZCayhu4+AIcF+Ktrdgv9ee/mXSIhJbp4q";

secrets/secrets.nix

@@ -17,7 +17,7 @@ with roles;
   "cris-hashed-email-pw.age".publicKeys = email-server;
   "sasl_relay_passwd.age".publicKeys = email-server;
   "hashed-robots-email-pw.age".publicKeys = email-server;
-  "robots-email-pw.age".publicKeys = gitea;
+  "robots-email-pw.age".publicKeys = gitea ++ outline;
 
   # nix binary cache
   # public key: s0.koi-bebop.ts.net:OjbzD86YjyJZpCp9RWaQKANaflcpKhtzBMNP8I2aPUU=