Outline
Outline is a modern web based wiki and knowledge base for teams.
Setup
The most minimal local installation of Outline can be enabled with the following configuration
/etc/nixos/configuration.nix
{ config, pkgs, lib, ... }: {
networking.extraHosts = ''
127.0.0.1 dex.localhost
'';
services = {
outline = {
enable = true;
publicUrl = "http://localhost:3000";
forceHttps = false;
# Defined but not used in a minimal setup. Uploading files will
# only work if you configure a sotrage backend (see below).
storage = {
accessKey = "outline";
secretKeyFile = "${pkgs.writeText "minio-secret" "test123"}";
region = config.services.minio.region;
uploadBucketUrl = "http://127.0.0.1:9000";
uploadBucketName = "outline";
};
oidcAuthentication = {
# Parts taken from
# http://dex.localhost/.well-known/openid-configuration
authUrl = "http://dex.localhost/auth";
tokenUrl = "http://dex.localhost/token";
userinfoUrl = "http://dex.localhost/userinfo";
clientId = "outline";
clientSecretFile = (builtins.elemAt config.services.dex.settings.staticClients 0).secretFile;
scopes = [ "openid" "email" "profile" ];
usernameClaim = "preferred_username";
displayName = "Dex";
};
};
dex = {
enable = true;
settings = {
issuer = "http://dex.localhost";
storage = {
type = "sqlite3";
config.file = "/var/lib/dex/db.sqlite3";
};
web.http = "127.0.0.1:5556";
staticClients = [
{
id = "outline";
name = "Outline Client";
redirectURIs = [ "http://localhost:3000/auth/oidc.callback" ];
secretFile = "${pkgs.writeText "outline-oidc-secret" "test123"}";
}
];
connectors = [
{
type = "mockPassword";
id = "mock";
name = "Example";
config = {
username = "admin";
password = "password";
};
}
];
};
};
nginx = {
enable = true;
virtualHosts = {
"localhost" = {
locations."/" = {
proxyPass = "${config.services.outline.publicUrl}";
};
};
"dex.localhost" = {
locations."/" = {
proxyPass = "http://${config.services.dex.settings.web.http}";
};
};
};
};
};
systemd.services.dex = {
serviceConfig.StateDirectory = "dex";
};
Outline is available at http://localhost . Choose login provider "Dex" and authenticate with the example mock login admin
and password
.
Configuration
Storage backend
It is possible to host a S3-compatible object storage using Minio. The following configuration enables a minimal, local Minio instance:
/etc/nixos/configuration.nix
services.minio = {
enable = true;
listenAddress = "127.0.0.1:9000";
consoleAddress = "127.0.0.1:9001";
# Storing secrets world-readable in the Nix store is not recommended.
# This is only for demonstration purpose.
rootCredentialsFile = "${pkgs.writeText "minio-secret" "test123"}";
};
Login into the Minio web console on http://127.0.0.1:9001 using the default credentials with user minioadmin
and password minioadmin
.
- Create a new bucket and name it, for example
outline
. - Create a new user. For demonstration purpose call it
outline
with the passwordoutline123
Bucket name (outline
), user (or accessKey: outline
) and password (or the content of secretKeyFile: outline123
) have to match the storage configuration of the Outline module above.