diff options
| -rw-r--r-- | modules/services/rss.nix (renamed from modules/services/tt-rss.nix) | 27 | ||||
| -rw-r--r-- | systems/cobalt/default.nix | 4 | ||||
| -rw-r--r-- | systems/cobalt/secrets/secrets.yaml | 5 |
3 files changed, 18 insertions, 18 deletions
diff --git a/modules/services/tt-rss.nix b/modules/services/rss.nix index 4351065..7c44580 100644 --- a/modules/services/tt-rss.nix +++ b/modules/services/rss.nix @@ -2,38 +2,35 @@ with lib; let - cfg = config.modules.services.tt-rss; + cfg = config.modules.services.rss; in { - options.modules.services.tt-rss = { - enable = mkEnableOption "Tiny Tiny RSS Client"; + options.modules.services.rss = { + enable = mkEnableOption "RSS Aggregator"; domain = mkOption { type = types.str; }; realHost = mkOption { type = types.str; default = "rss.${cfg.domain}"; }; + secrets.admin-password = mkOption { type = types.str; description = "path to file containing admin password"; }; }; config = mkIf cfg.enable { - services.tt-rss = { + services.freshrss = { enable = true; virtualHost = cfg.realHost; - selfUrlPath = "https://${cfg.realHost}"; + baseUrl = "https://${cfg.realHost}"; - themePackages = [ - pkgs.tt-rss-theme-feedly - ]; - - plugins = [ - "auth_internal" - "note" - ]; + defaultUser = "admin"; + passwordFile = cfg.secrets.admin-password; database = { type = "pgsql"; - password = null; host = "/run/postgresql"; }; - }; + environment.persistence."/persist".directories = [ + "/var/lib/freshrss" + ]; + services.nginx.virtualHosts.${cfg.realHost} = { forceSSL = true; useACMEHost = cfg.domain; diff --git a/systems/cobalt/default.nix b/systems/cobalt/default.nix index d5c5a8f..05f75d3 100644 --- a/systems/cobalt/default.nix +++ b/systems/cobalt/default.nix @@ -168,6 +168,7 @@ in # owner = "openldap"; # }; sops.secrets.searx-env = { }; + sops.secrets.freshrss-admin-pass = { owner = "freshrss"; }; nix.experimentalFeatures = "nix-command flakes"; @@ -326,10 +327,11 @@ in domain = "exotic.sh"; realHost = "todo.exotic.sh"; }; - services.tt-rss = { + services.rss = { enable = true; domain = "exotic.sh"; realHost = "rss.exotic.sh"; + secrets.admin-password = config.sops.secrets.freshrss-admin-pass.path; }; services.searx = { enable = true; diff --git a/systems/cobalt/secrets/secrets.yaml b/systems/cobalt/secrets/secrets.yaml index 18c819d..be519e0 100644 --- a/systems/cobalt/secrets/secrets.yaml +++ b/systems/cobalt/secrets/secrets.yaml @@ -17,6 +17,7 @@ system-imap-pass: ENC[AES256_GCM,data:T4yuF8+dkLjuiGhZUK33xvVqvyhs6vUL35/EUyue1L internal-imap-pass: ENC[AES256_GCM,data:2+Bk1hxM+veEXvSpqSZw1I9NaNBjE79CpJmLi2WHrMt5fQtfQCECNj0Pvwvj2QUrmt7HKZFT7GNbJopM,iv:nrOWRovsbkk4aIf0lS78daL2Jy6L5fVNkn2ZubK1xEI=,tag:/X8A5YJy3NNSSoV96IXPDg==,type:str] grafana-admin-pass: ENC[AES256_GCM,data:88z+mLcZ5s1u/8LWYcnOOhWTkff8sv1NIhQ=,iv:YdGaKCaq1bCCLsuYIug6NFO2rhqX/Xyt5yQ/hgWOfko=,tag:D+xWcN2bC2Q1Q2mjtpWqLg==,type:str] searx-env: ENC[AES256_GCM,data:FX5CpcDqkpUH2bsS00gFCzPFcInNMbf1Z0mBmoHXk2BJ54AVOVVM1aiVwXDyWnX2wN4gO8nHFypAY451R6UiSt7FAWlkYbBdlv7EsLyaLUR+,iv:c9B+tkipD3IbWTNCzOTvV1MtwJJsOonhxSM+31CHoXg=,tag:hP/BX6TahGqecTtUO3LorQ==,type:str] +freshrss-admin-pass: ENC[AES256_GCM,data:xfDBsL9OWmOJy7wCKSJPobsk33pwT+E6ylGfjsZDbPozClT6I5nXtQ==,iv:c8au21XjXE97g3SS5JFwVk45NrsnO8aCHWpWP5o0bfY=,tag:Q65jkxymo/VMHOScFq8hPw==,type:str] sops: kms: [] gcp_kms: [] @@ -41,8 +42,8 @@ sops: cUpBZ01CMEFjNnNuWjlYejVKajkwcGMKehqYCZP0zZHDTfJrC/5LYiE/3doa0OiM OKXhOuUX8HF8RfkyiOSMpntxuNX2jSvd9sQRYnHkUvgm793+IuQjrg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-04T11:08:32Z" - mac: ENC[AES256_GCM,data:fPhtlUiSvlIlJusSVwu+tSkYjQSc4MjKRko7fIJrZLaiTjORYFbbDosH7Y2XLAoiXhWrQsZs2n7Nk0xi5iDS4RtnDJ7smIzojh6ePOjVlu/gNm7o9d7gphF0y2gB8cchw/Iv2f89S9z2PPGeQqPzUnuvJFhiKVlMA1b2geHK8A8=,iv:u916JFQus/0gPOdZtb29UPbqoqMjVyBmruFvFcFTdDE=,tag:ipYMgxNto1oBT7p5CrsK2A==,type:str] + lastmodified: "2023-12-06T14:07:55Z" + mac: ENC[AES256_GCM,data:aUq03Frpab/ixsQ6CqISOjEEwbUmIWKfuFbUNhZKoXGa5pqHZJD8P6PxoEWbAm59O/5h5LnPFJF44TMKZ7R2WQ3Twlq8fiM+J0Q7aaHUvsy7HEKQR4DMKgZ9QHikx77Z3+7zmGntszrQqS2ayd9ad3b/TGcBvaAD+iHIjvSJnas=,iv:xod4JS7GLTCNvV4d08qtv2O1FVvoAUzCRZTgKM3CptE=,tag:SbCke7FgMLLwLi+R3hT6Rg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 |