From 26a33620bc4c84ae11a4e6bb3e904af284506dbf Mon Sep 17 00:00:00 2001
From: teidesu <alina@tei.su>
Date: Tue, 17 Sep 2024 01:04:18 +0300
Subject: [PATCH] feat(koi): outline wiki

---
 hosts/koi/configuration.nix                   |   2 +
 hosts/koi/containers/outline-wiki/default.nix |  85 ++++++++++++++++++
 .../containers/outline-wiki/image/Dockerfile  |   8 ++
 .../outline-wiki/image/license.patch          |   6 ++
 secrets/outline-wiki-env.age                  | Bin 0 -> 859 bytes
 5 files changed, 101 insertions(+)
 create mode 100644 hosts/koi/containers/outline-wiki/default.nix
 create mode 100644 hosts/koi/containers/outline-wiki/image/Dockerfile
 create mode 100644 hosts/koi/containers/outline-wiki/image/license.patch
 create mode 100644 secrets/outline-wiki-env.age

diff --git a/hosts/koi/configuration.nix b/hosts/koi/configuration.nix
index d39c59b..5cfcc9a 100755
--- a/hosts/koi/configuration.nix
+++ b/hosts/koi/configuration.nix
@@ -29,6 +29,8 @@
     ./containers/navidrome
     ./containers/conduwuit
     ./containers/zond
+    ./containers/authentik
+    ./containers/outline-wiki
     ./containers/teisu.nix
     ./containers/bots/pcre-sub-bot.nix
     ./containers/bots/channel-logger-bot.nix
diff --git a/hosts/koi/containers/outline-wiki/default.nix b/hosts/koi/containers/outline-wiki/default.nix
new file mode 100644
index 0000000..6fb5f5b
--- /dev/null
+++ b/hosts/koi/containers/outline-wiki/default.nix
@@ -0,0 +1,85 @@
+{ abs, pkgs, config, ... }@inputs:
+
+let 
+  secrets = import (abs "lib/secrets.nix");
+  trivial = import (abs "lib/trivial.nix") inputs;
+
+  UID = 1111;
+  context = trivial.storeDirectory ./image;
+in {
+  imports = [
+    (secrets.declare [{
+      name = "outline-wiki-env";
+      owner = "outline-wiki";
+    }])
+  ];
+
+  users.users.outline-wiki = {
+    isNormalUser = true;
+    uid = UID;
+  };
+
+  services.postgresql.ensureUsers = [
+    { name = "outline-wiki"; ensureDBOwnership = true; }
+  ];
+  services.postgresql.ensureDatabases = [ "outline-wiki" ];
+  desu.postgresql.ensurePasswords.outline-wiki = "outline-wiki";
+
+  virtualisation.oci-containers.containers.outline-wiki-redis = {
+    image = "docker.io/redis:7.0-alpine";
+    volumes = [
+      "/srv/outline-wiki/redis:/data"
+    ];
+    user = builtins.toString UID;
+  };
+
+  systemd.services.docker-outline-wiki.serviceConfig.ExecStartPre = [
+    (pkgs.writeShellScript "build-outline-wiki" ''
+      docker build -t local/outline-wiki ${context}
+    '')
+  ];
+  virtualisation.oci-containers.containers.outline-wiki = {
+    dependsOn = [ "outline-wiki-redis" ];
+    image = "local/outline-wiki";
+    volumes = [
+      "/srv/outline-wiki/media:/var/lib/outline/data"
+    ];
+    environment = {
+      NODE_ENV = "production";
+      PORT = "80";
+      DATABASE_URL = "postgres://outline-wiki:outline-wiki@172.17.0.1:5432/outline-wiki";
+      PGSSLMODE = "disable";
+      REDIS_URL = "redis://outline-wiki-redis.docker:6379";
+      URL = "https://lore.stupid.fish";
+      COLLABORATION_URL = "https://lore.stupid.fish";
+      FILE_STORAGE = "local";
+      FILE_STORAGE_LOCAL_ROOT_DIR = "/var/lib/outline/data";
+      FILE_STORAGE_UPLOAD_MAX_SIZE = "262144000";
+      ENABLE_UPDATES = "false";
+      WEB_CONCURRENCY = "1";
+      LOG_LEVEL = "info";
+      # fake license key
+      LICENSE_KEY = "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhdWQiOiJjYXRnaXJscyA6MyIsImV4cCI6MTc5ODc1MDgwMCwiY3VzdG9tZXJJZCI6ImNhdGdpcmxzIDozIiwic2VhdENvdW50Ijo5OTk5OTksImlzVHJpYWwiOmZhbHNlLCJpYXQiOjE3MjY0ODg2MDV9.msuM1RpFYcEpD1FMfO55PZ6-DRn1q0EIu1zjAz-oHI8";
+    };
+    environmentFiles = [
+      # oidc related config + SECRET_KEY, UTILS_SECRET
+      (secrets.file config "outline-wiki-env")
+    ];
+    user = builtins.toString UID;
+  };
+  systemd.services.docker-outline-wiki.after = [ "postgresql.service" ];
+
+  systemd.tmpfiles.rules = [
+    "d /srv/outline-wiki 0777 root root -"
+  ];
+
+  services.nginx.virtualHosts."lore.stupid.fish" = {
+    forceSSL = true;
+    useACMEHost = "stupid.fish";
+
+    locations."/" = {
+      proxyPass = "http://outline-wiki.docker$request_uri";
+      proxyWebsockets = true;
+    };
+  };
+}
\ No newline at end of file
diff --git a/hosts/koi/containers/outline-wiki/image/Dockerfile b/hosts/koi/containers/outline-wiki/image/Dockerfile
new file mode 100644
index 0000000..906f342
--- /dev/null
+++ b/hosts/koi/containers/outline-wiki/image/Dockerfile
@@ -0,0 +1,8 @@
+FROM outlinewiki/outline-enterprise:0.79.1
+
+USER root
+RUN apt-get update && apt-get install -y patch
+USER nodejs
+
+COPY license.patch /license.patch
+RUN patch /opt/outline/build/server/utils/LicenseHelper.js < /license.patch
\ No newline at end of file
diff --git a/hosts/koi/containers/outline-wiki/image/license.patch b/hosts/koi/containers/outline-wiki/image/license.patch
new file mode 100644
index 0000000..0c43fe2
--- /dev/null
+++ b/hosts/koi/containers/outline-wiki/image/license.patch
@@ -0,0 +1,6 @@
+22,24c22
+<       const decoded = _jsonwebtoken.default.verify(process.env.LICENSE_KEY || "", this.publicKey, {
+<         ignoreExpiration: true
+<       });
+---
+>       const decoded = _jsonwebtoken.default.decode(process.env.LICENSE_KEY || "");
diff --git a/secrets/outline-wiki-env.age b/secrets/outline-wiki-env.age
new file mode 100644
index 0000000000000000000000000000000000000000..9fee747772c7c6ff83fe6a2775c759c583aa2945
GIT binary patch
literal 859
zcmV-h1El<6XJsvAZewzJaCB*JZZ2<fXD@a!3N1b$b8~1dWn?lnH8D9Lb80v^Sa%?0
zc4v8Rc6w-OVJkyWS9N!Gbu>(IQ*%}|bv0^uNLX(~GkP#?LUvejYFP?eS6V_iMnY#-
zH8D<4ZANEIQ%+eyLs4s2R!nF$MMP3iQA9y-aB@{cGf@gHEiE8Rc}8VuW;QibQ8!0q
zVmEMRRC#K6Xl!qCaW^t_Su}5ELTOZ1IY>%sMp+6IZ9!=)K<%bTt`R;Alb7SS*ML7^
z(`8ON<QinG6mbLbiDBg^(v+SQe|$<wx9IX1a@TsKdZXvf|IElq31q;|8^dTs#2)*x
zU<Alyj)#28t05V8G5Id4M`jH1w=oSmYnD^6O6Z_R<J^MVW0u6XoqiqkIyQ9R@lF<%
zjp1#h2)fj?jWfILQ&gMDNFPULm|SsD1D}daMmQk)?HxD9NZ;!sgw^wI4VA4g^I3Q$
zCB`r6ts{I)2;sq67<pl*GAOg$dpKnfep4cJ4&Thv7tp)f2Mv~A=;j4bmM6U7KP01D
z!Bqn)_xtv=X8<NS`kK3wOc-jAxLat7WdgU(ywwFOJ&^mbt7FH3hvKODi%$3BBwS;x
zzrOz?0V>wjuD!W2v&91OGB}pl=!H>!vu<|#v-?EBAOI}k&0;o=<66~b5WMoOZfeH4
z1>z-uY;}vzRgG`j6#6NS>=E%vDQgpISFMqHPg_o7=2bEYAf?D1N|#o#dss$H?{0K~
z_CWo}h3^ni!YOKYJdhCCyot+-O5m>K&8>3s9rsNqm`-ZjrXs5<{W}gn9sPuI`QTdP
zWKo{X8KIB&%Gzj29>>GjKY&?LHG`XRY^!)Jz&%uiTaq^iAdiSSEA=Ojgx(hl2@y=4
zrswP@#1Zy|4*+TIGpNc8%IQEdB<{QS0_w(*Ef<gOgr<2CwB8ek45k`r@BbtgmP7S~
znG;t8w`jU60Xb1~tTqTUj4n9-4XG=&*mVSzGu=J=8>V{i*k}H3UI?+PjX9YG80^*i
zNcvAW*AeF2rcTZzrBNB9pxl$WnPe8s`1>5-Ciw!)i^Z7@mP&QR?)sp83M127TGQu0
lK?;Rh>e4@is|_@hBZwCv*JA&m_(HXw@^c~I$CD|lFRYi!jamQz

literal 0
HcmV?d00001