Skip to content

Commit

Permalink
chore(brim): add outline service
Browse files Browse the repository at this point in the history 
Closes #53
  • Loading branch information
@tie
tie committed Sep 7, 2024
1 parent 4d0bc72 commit 9ef0bb3
Show file tree
Hide file tree
Showing 5 changed files with 116 additions and 4 deletions.
10 changes: 10 additions & 0 deletions hosts/brim/Caddyfile
View file
Original file line number Diff line number Diff line change
Expand Up @@ -77,6 +77,16 @@ s3.brim.su {
reverse_proxy localhost:9000
}

outline.brim.su {
import tls-brim-su
reverse_proxy localhost:3000
}

wiki.brimworld.online {
import tls-brimworld-online
reverse_proxy localhost:3000
}

netdata.brim.su {
import tls-brim-su
reverse_proxy localhost:19999
Expand Down
64 changes: 64 additions & 0 deletions hosts/brim/configuration.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -106,6 +106,16 @@
package = pkgs.mariadb_1011;
};

redis.servers.outline = {
enable = true;
bind = "::1 127.0.0.1";
};

postgresql = {
enable = true;
package = pkgs.postgresql_16;
};

caddy = {
enable = true;
adapter = "caddyfile";
Expand Down Expand Up @@ -164,6 +174,60 @@
};
};

# TODO: refactor into separate module?
systemd.services.outline = {
wantedBy = [ "multi-user.target" ];
after = [ "network.target" ];

environment = {
NODE_ENV = "production";

URL = "https://outline.brim.su";
PORT = "3000";

DATABASE_URL = "postgresql://localhost/outline?user=outline&host=/run/postgresql&sslmode=disable";
REDIS_URL = "unix://${config.services.redis.servers.outline.unixSocket}";

DISCORD_SERVER_ID = "925681822766092319"; # BrimWorld
DISCORD_SERVER_ROLES = "925695895880761345,1281827267634401341"; # Admin, Wiki editor
DISCORD_CLIENT_ID = "1279604766476861451";
# DISCORD_CLIENT_SECRET is set from EnvironmentFile.

FILE_STORAGE = "s3";
AWS_ACCESS_KEY_ID = "y2gCQlb66nIzJLthers4";
AWS_REGION = "eu-west-1";
# AWS_SECRET_ACCESS_KEY is set from EnvironmentFile.
AWS_S3_UPLOAD_BUCKET_URL = "https://s3.brim.su";
AWS_S3_UPLOAD_BUCKET_NAME = "outline";
AWS_S3_FORCE_PATH_STYLE = "1";
};

restartTriggers = [ config.sops.templates."outline.env".file ];

serviceConfig = {
Type = "exec";
ExecStart = "${pkgs.outline}/bin/outline-server";
WorkingDirectory = "${pkgs.outline}/share/outline";

EnvironmentFile = config.sops.templates."outline.env".path;

Restart = "always";

DynamicUser = true;
SupplementaryGroups = [
config.users.groups.postgres.name
config.services.redis.servers.outline.user
];

UMask = "0007";

StateDirectory = "outline";
StateDirectoryMode = "0750";
RuntimeDirectory = "outline";
RuntimeDirectoryMode = "0750";
};
};

systemd.services.mcactivity.serviceConfig = {
EnvironmentFile = config.sops.templates."mcactivity.env".path;
IPAddressAllow = [ "any" ];
Expand Down
9 changes: 7 additions & 2 deletions hosts/brim/secrets.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,5 +1,10 @@
minio:
root-password: ENC[AES256_GCM,data:FIRvkcColKAEIPPjIBweRg==,iv:QDn2sHyJoHtTtvA8ix6qxxNwYJJUo9NOPynUjXBWJ5U=,tag:b8PUuMYzgHIECXE7QaebaA==,type:str]
outline:
utils-secret: ENC[AES256_GCM,data:r0j1mJsNXngT2ngR2JlcOynteZsrVWTVdcJelqtlH7mqHCD5oXUOyZwzaXFZw2pB3GXjRihskC+5BSTuBJZRHg==,iv:dQyWAemM7SCJzEAx4RB4VsIJ+3PhADfoqDM9JETjM4M=,tag:sx+rUsXUSHEL9cl1dubUpg==,type:str]
secret-key: ENC[AES256_GCM,data:wUKC8p55VuJQaVmzAC/S+RNqQnIj/f1/9CZ+Hqjfo1lLffOWss3V9Mgs+xS3YoGt4VqxzXdRYdqhVhg9gTLFBw==,iv:J1LN/0oEfZ3V3dhOCYUssMJTXD/ERwRcpRrGZgZBtAI=,tag:neR0AjbmC6CTyIHc5Ln/Kw==,type:str]
discord-client-secret: ENC[AES256_GCM,data:fYqsHwWOtNP0sj1DyN2ujkOfJWuNfpta8FBQBeEhcT4=,iv:pfcijOYbyS/T7ZTZTnCxayRwUPcdItXPJBXyJfB1onk=,tag:0NQOieGc3jP+8orzB9jEpw==,type:str]
s3-secret-access-key: ENC[AES256_GCM,data:09p2OeVzEA4KAUGHpoRKT6jVic7FYUj0/R76TJKxKxBmX034Sm1qfw==,iv:EeB6CXLmlVUK59BIluzd+FGjygv8WU7juE9VZzVeHg4=,tag:mL4N1MDqt954r+uiR2/FCw==,type:str]
caddy:
brim-su-key.pem: ENC[AES256_GCM,data:+SnwMC8J3KPHMyNmwg32vvhVzjJ5FqjYuoSHZheqeFvkY82uWvV/hkWl2XfoqG2QljNujfn6VjqxWFchVobziQS7naYBULM+1Q515V7gBnbpKUBxa5gN0w0YcdXItbOhOQ1KtWiKWRph9SYxJUUGvwdTiuM12RUOkS5idqxYl6geBHVrSLlbJOUg6zsWOi5R18n7wWfl613rSoKyV1cttUmvvaRMiiWZjvzc83adXPdNYhjseqqXR3DNbK7wsNcQfGvd2KhzLPd7Zam7zsWrG+e1r5n7AgUQhCNeOpS1Qq+3Q5k859iWW5DMiFRUK6RAJg==,iv:Wo/cUIbDGi1erOqDtUD6ycKTbVl36e1bQ6Zm6E9KWtk=,tag:JAPPvs69DZtK5CyGAzASuQ==,type:str]
brimworld-online-key.pem: ENC[AES256_GCM,data:zCwDFSAggHzT+2XaG4JiFxnTjphQvMKP6/GnUQxd1Q9+fq5R0obMzMjK7S5FTh7jPKOVwQHVaiIhHPD/lRe/vS2tu2lUhKT4tzjTa6EsrwggksafllsO/MSJiIc9MjUYoDXN3zFnFDxxNxxn0VZ1PJhI3Ux8XubJpMu/ELx9tOedKWFcrasl6r5dM0WbIAgr+WthuWMUAtpPABiWuU5agUle4Rs+RF5ubkM2UT0gnwGL6PdJDf3FWraOOd6HUXE0MsOB0IO+4IXfS06oRkBxVIu48vZ/dnHX1xpNEhX4nkFFKV4Px9A0HMNs70gDkoAXkw==,iv:C2Lq+g4q7Qu7eoLP7PMlSk7R/kZlK7khmMGGiEpUe/E=,tag:+vlZb+POt+14B6c3YS8E0g==,type:str]
Expand Down Expand Up @@ -38,8 +43,8 @@ sops:
dVlvTkdEMmZrZ0h3a0J3dGo3bTBESGMK486k2AF0bagaxHy900dbXmwvXdw0M23Q
eNNZs/2j95ZMNQotUM4u5LPiz0p8QZM4ye1xn6UZQEKC4aFPnT6zTw==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-04-10T01:27:46Z"
mac: ENC[AES256_GCM,data:Mna4hT2eZsyJZwzgbURoCGrCXezfrxvYEOPXEI2kxiR4MvuymaNkeVmoOL4clvZOsjM43TUTq8KyA+v+WHQN4nyg4tZ4a3FvV5tQGZoL4DMzlGBoHeY7i+Z5gbgqQmA3mEUWV+kHhHgEOPtVfGDGy6UlCGFTDU++yY2ZdPanX6E=,iv:8NJEn4KvkoRQT+nJiZI2znvWYvxtGZesXhEFh1bkVbU=,tag:A01bN2acXRZAdmWIaUc+og==,type:str]
lastmodified: "2024-09-07T03:58:07Z"
mac: ENC[AES256_GCM,data:T5cCrFW691DXM2bptLQb4mFXa7JlO1yqbzUr23PuXgG3ZKirAZZ5wSKCFrkPUhFwquFHKojad0YtjZBae9EAD7ZlZMFKZaU54sCV2awsliB0at9TpNOR1dMc3IkdD8l+0k8hCugF/6HjpoBLo56RytQPlPn1v/D/UhSHLvvcpDM=,iv:1ig7B/TeYW2TPZI3SdACAetkcLRNemxIW76vt2CFpnY=,tag:UnpMlIQ1mM4ktZxIloOXRA==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.8.1
23 changes: 23 additions & 0 deletions hosts/brim/sops.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,13 @@
MCACTIVITY_BOT_TOKEN=${config.sops.placeholder."discord/brimworld-bot-token"}
'';

sops.templates."outline.env".content = ''
SECRET_KEY=${config.sops.placeholder."outline/secret-key"}
UTILS_SECRET=${config.sops.placeholder."outline/utils-secret"}
DISCORD_CLIENT_SECRET=${config.sops.placeholder."outline/discord-client-secret"}
AWS_SECRET_ACCESS_KEY=${config.sops.placeholder."outline/s3-secret-access-key"}
'';

sops.secrets =
lib.listToAttrs
(map
Expand All @@ -24,6 +31,22 @@
})
config.passthru.caddySecrets)
// {
"outline/secret-key" = {
restartUnits = [ "outline.service" ];
sopsFile = ./secrets.yaml;
};
"outline/utils-secret" = {
restartUnits = [ "outline.service" ];
sopsFile = ./secrets.yaml;
};
"outline/discord-client-secret" = {
restartUnits = [ "outline.service" ];
sopsFile = ./secrets.yaml;
};
"outline/s3-secret-access-key" = {
restartUnits = [ "outline.service" ];
sopsFile = ./secrets.yaml;
};
"discord/brimworld-bot-token" = {
restartUnits = [ "mcactivity.service" ];
sopsFile = ./secrets.yaml;
Expand Down
14 changes: 12 additions & 2 deletions nixpkgs.nix
View file
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
{ self, inputs, ... }: {
{ self, inputs, lib, ... }: {
perSystem = { system, ... }:
let
nixpkgsArgs = {
Expand All @@ -13,7 +13,17 @@
inputs.btrfs-rollback.overlays.default
];

config.allowUnfreePredicate = inputs.steam-games.lib.unfreePredicate;
config.allowUnfreePredicate =
let
allowUnfree = {
steamworks-sdk-redist = true;
satisfactory-server = true;
palworld-server = true;
eco-server = true;
outline = true;
};
in
pkg: builtins.hasAttr (lib.getName pkg) allowUnfree;
};

nixpkgsFun = newArgs: import inputs.nixpkgs (nixpkgsArgs // newArgs);
Expand Down

0 comments on commit 9ef0bb3

Please sign in to comment.