Outline: Difference between revisions
imported>Sleepful using staticpasswords instead |
imported>Onny Restructuring |
||
| Line 4: | Line 4: | ||
The most minimal local installation of Outline can be enabled with the following configuration | The most minimal local installation of Outline can be enabled with the following configuration | ||
{{note|Previous example used the <code>mockPassword</code> connector, which is [https://github.com/dexidp/dex/blob/8e07edc188222fed79a6db7c8e3e57e6d8e82df7/server/server.go#L566 an undocumented configuration option] in Dex, used solely to [https://github.com/dexidp/dex/blob/8e07edc188222fed79a6db7c8e3e57e6d8e82df7/server/handlers_test.go#L250 run some tests]. Use [https://dexidp.io/docs/connectors/local/ staticPasswords] configuration instead, which allows using a hash for the password and setting a real email for the user which can be used to send notifications if an SMTP server is configured. Keep in mind, if you created your first user with the previous method (mockPassword), that user is your only <code>admin</code> user and you need to keep it around in order to confer <code>admin</code> privileges to the next user.</nowiki>}} | |||
{{file|/etc/nixos/configuration.nix|nix|<nowiki> | {{file|/etc/nixos/configuration.nix|nix|<nowiki> | ||
| Line 39: | Line 41: | ||
storage.type = "sqlite3"; | storage.type = "sqlite3"; | ||
web.http = "127.0.0.1:5556"; | web.http = "127.0.0.1:5556"; | ||
enablePasswordDB = true; | |||
staticClients = [ | staticClients = [ | ||
{ | { | ||
| Line 47: | Line 50: | ||
} | } | ||
]; | ]; | ||
staticPasswords = [ | |||
{ | { | ||
email = "user.email@example.com"; | |||
# bcrypt hash of the string "password": $(echo password | htpasswd -BinC 10 admin | cut -d: -f2) | |||
hash = "10$TDh68T5XUK10$TDh68T5XUK10$TDh68T5XUK"; | |||
username = "test"; | |||
# easily generated with `$ uuidgen` | |||
userID = "6D196B03-8A28-4D6E-B849-9298168CBA34"; | |||
} | } | ||
]; | ]; | ||
}; | }; | ||
}; | }; | ||
| Line 80: | Line 82: | ||
</nowiki>}} | </nowiki>}} | ||
Outline is available at http://localhost . Choose login provider "Dex" and authenticate with the example mock login <code> | Outline is available at http://localhost . Choose login provider "Dex" and authenticate with the example mock login <code>user.email@example.com</code> and <code>password</code>. | ||
== | === SSL example === | ||
Similar as before but this time with Nginx handling SSL | Similar as before but this time with Nginx handling SSL. | ||
{{file|/etc/nixos/configuration.nix|nix|<nowiki> | {{file|/etc/nixos/configuration.nix|nix|<nowiki> | ||
| Line 167: | Line 167: | ||
</nowiki>}} | </nowiki>}} | ||
== | == Troubleshooting == | ||
=== Option storageType does not exist === | |||
If you see an error that says something like <code>option "services.outline.storage.storageType" does not exist"</code> you may need to update your channels (<code>nix-channel --update</code>) | If you see an error that says something like <code>option "services.outline.storage.storageType" does not exist"</code> you may need to update your channels (<code>nix-channel --update</code>) | ||
Revision as of 13:10, 30 January 2024
Outline is a modern web based wiki and knowledge base for teams.
Setup
The most minimal local installation of Outline can be enabled with the following configuration
/etc/nixos/configuration.nix
{ config, pkgs, lib, ... }: {
networking.extraHosts = ''
127.0.0.1 dex.localhost
'';
services = {
outline = {
enable = true;
publicUrl = "http://localhost:3000";
forceHttps = false;
storage.storageType = "local";
oidcAuthentication = {
# Parts taken from
# http://dex.localhost/.well-known/openid-configuration
authUrl = "http://dex.localhost/auth";
tokenUrl = "http://dex.localhost/token";
userinfoUrl = "http://dex.localhost/userinfo";
clientId = "outline";
clientSecretFile = (builtins.elemAt config.services.dex.settings.staticClients 0).secretFile;
scopes = [ "openid" "email" "profile" ];
usernameClaim = "preferred_username";
displayName = "Dex";
};
};
dex = {
enable = true;
settings = {
issuer = "http://dex.localhost";
storage.type = "sqlite3";
web.http = "127.0.0.1:5556";
enablePasswordDB = true;
staticClients = [
{
id = "outline";
name = "Outline Client";
redirectURIs = [ "http://localhost:3000/auth/oidc.callback" ];
secretFile = "${pkgs.writeText "outline-oidc-secret" "test123"}";
}
];
staticPasswords = [
{
email = "user.email@example.com";
# bcrypt hash of the string "password": $(echo password | htpasswd -BinC 10 admin | cut -d: -f2)
hash = "10$TDh68T5XUK10$TDh68T5XUK10$TDh68T5XUK";
username = "test";
# easily generated with `$ uuidgen`
userID = "6D196B03-8A28-4D6E-B849-9298168CBA34";
}
];
};
};
nginx = {
enable = true;
virtualHosts = {
"localhost" = {
locations."/" = {
proxyPass = "${config.services.outline.publicUrl}";
};
};
"dex.localhost" = {
locations."/" = {
proxyPass = "http://${config.services.dex.settings.web.http}";
};
};
};
};
};
Outline is available at http://localhost . Choose login provider "Dex" and authenticate with the example mock login user.email@example.com and password.
SSL example
Similar as before but this time with Nginx handling SSL.
/etc/nixos/configuration.nix
{ config, pkgs, lib, ... }: {
services.nginx = {
enable = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts = {
"outline.example.tld" = {
onlySSL = true;
useACMEHost = "example.tld"; # assuming security.acme.certs."example.tld" with `extraDomainNames = [ "outline.example.tld" ]`
locations."/" = {
proxyPass = "http://localhost:${toString config.services.outline.port}";
proxyWebsockets = true;
extraConfig = ''
proxy_set_header X-Scheme $scheme;
'';
};
};
"dex.example.tld" = {
onlySSL = true;
useACMEHost = "example.tld";
locations."/" = {
proxyPass = "http://${config.services.dex.settings.web.http}";
proxyWebsockets = true;
};
};
};
};
services.outline = {
enable = true;
publicUrl = "https://outline.example.tld";
port = 3003; # using 3003 instead of default 3000 just in case another service is already using 3000
forceHttps = false;
storage.storageType = "local";
oidcAuthentication = {
authUrl = "https://dex.example.tld/auth";
tokenUrl = "https://dex.example.tld/token";
userinfoUrl = "https://dex.example.tld/userinfo";
clientId = "outline";
clientSecretFile = (builtins.elemAt config.services.dex.settings.staticClients 0).secretFile;
scopes = [ "openid" "email" "profile" ];
usernameClaim = "preferred_username";
displayName = "Dex";
};
};
services.dex = {
enable = true;
settings = {
issuer = "https://dex.example.tld";
storage.type = "sqlite3";
web.http = "127.0.0.1:5556";
staticClients = [
{
id = "outline";
name = "Outline Client";
redirectURIs = [ "https://outline.example.tld/auth/oidc.callback" ];
secretFile = "${pkgs.writeText "outline-oidc-secret" "test123"}";
}
];
staticPasswords = [
{
email = "user.email@example.com";
# bcrypt hash of the string "password": $(echo password | htpasswd -BinC 10 admin | cut -d: -f2)
hash = "10$TDh68T5XUK10$TDh68T5XUK10$TDh68T5XUK";
username = "test";
# easily generated with `$ uuidgen`
userID = "6D196B03-8A28-4D6E-B849-9298168CBA34";
}
];
};
};
Troubleshooting
Option storageType does not exist
If you see an error that says something like option "services.outline.storage.storageType" does not exist" you may need to update your channels (nix-channel --update)