From 6bb26431d3fd7696c85b73b3831abf8a89c9be90 Mon Sep 17 00:00:00 2001 From: sefidel Date: Wed, 6 Dec 2023 23:10:39 +0900 Subject: feat(modules/{tt-rss -> rss}): change tt-rss to freshrss --- modules/services/rss.nix | 39 ++++++++++++++++++++++++++++++++++ modules/services/tt-rss.nix | 42 ------------------------------------- systems/cobalt/default.nix | 4 +++- systems/cobalt/secrets/secrets.yaml | 5 +++-- 4 files changed, 45 insertions(+), 45 deletions(-) create mode 100644 modules/services/rss.nix delete mode 100644 modules/services/tt-rss.nix diff --git a/modules/services/rss.nix b/modules/services/rss.nix new file mode 100644 index 0000000..7c44580 --- /dev/null +++ b/modules/services/rss.nix @@ -0,0 +1,39 @@ +{ config, lib, pkgs, ... }: + +with lib; +let + cfg = config.modules.services.rss; +in +{ + options.modules.services.rss = { + enable = mkEnableOption "RSS Aggregator"; + domain = mkOption { type = types.str; }; + realHost = mkOption { type = types.str; default = "rss.${cfg.domain}"; }; + secrets.admin-password = mkOption { type = types.str; description = "path to file containing admin password"; }; + }; + + config = mkIf cfg.enable { + services.freshrss = { + enable = true; + virtualHost = cfg.realHost; + baseUrl = "https://${cfg.realHost}"; + + defaultUser = "admin"; + passwordFile = cfg.secrets.admin-password; + + database = { + type = "pgsql"; + host = "/run/postgresql"; + }; + }; + + environment.persistence."/persist".directories = [ + "/var/lib/freshrss" + ]; + + services.nginx.virtualHosts.${cfg.realHost} = { + forceSSL = true; + useACMEHost = cfg.domain; + }; + }; +} diff --git a/modules/services/tt-rss.nix b/modules/services/tt-rss.nix deleted file mode 100644 index 4351065..0000000 --- a/modules/services/tt-rss.nix +++ /dev/null @@ -1,42 +0,0 @@ -{ config, lib, pkgs, ... }: - -with lib; -let - cfg = config.modules.services.tt-rss; -in -{ - options.modules.services.tt-rss = { - enable = mkEnableOption "Tiny Tiny RSS Client"; - domain = mkOption { type = types.str; }; - realHost = mkOption { type = types.str; default = "rss.${cfg.domain}"; }; - }; - - config = mkIf cfg.enable { - services.tt-rss = { - enable = true; - virtualHost = cfg.realHost; - selfUrlPath = "https://${cfg.realHost}"; - - themePackages = [ - pkgs.tt-rss-theme-feedly - ]; - - plugins = [ - "auth_internal" - "note" - ]; - - database = { - type = "pgsql"; - password = null; - host = "/run/postgresql"; - }; - - }; - - services.nginx.virtualHosts.${cfg.realHost} = { - forceSSL = true; - useACMEHost = cfg.domain; - }; - }; -} diff --git a/systems/cobalt/default.nix b/systems/cobalt/default.nix index d5c5a8f..05f75d3 100644 --- a/systems/cobalt/default.nix +++ b/systems/cobalt/default.nix @@ -168,6 +168,7 @@ in # owner = "openldap"; # }; sops.secrets.searx-env = { }; + sops.secrets.freshrss-admin-pass = { owner = "freshrss"; }; nix.experimentalFeatures = "nix-command flakes"; @@ -326,10 +327,11 @@ in domain = "exotic.sh"; realHost = "todo.exotic.sh"; }; - services.tt-rss = { + services.rss = { enable = true; domain = "exotic.sh"; realHost = "rss.exotic.sh"; + secrets.admin-password = config.sops.secrets.freshrss-admin-pass.path; }; services.searx = { enable = true; diff --git a/systems/cobalt/secrets/secrets.yaml b/systems/cobalt/secrets/secrets.yaml index 18c819d..be519e0 100644 --- a/systems/cobalt/secrets/secrets.yaml +++ b/systems/cobalt/secrets/secrets.yaml @@ -17,6 +17,7 @@ system-imap-pass: ENC[AES256_GCM,data:T4yuF8+dkLjuiGhZUK33xvVqvyhs6vUL35/EUyue1L internal-imap-pass: ENC[AES256_GCM,data:2+Bk1hxM+veEXvSpqSZw1I9NaNBjE79CpJmLi2WHrMt5fQtfQCECNj0Pvwvj2QUrmt7HKZFT7GNbJopM,iv:nrOWRovsbkk4aIf0lS78daL2Jy6L5fVNkn2ZubK1xEI=,tag:/X8A5YJy3NNSSoV96IXPDg==,type:str] grafana-admin-pass: ENC[AES256_GCM,data:88z+mLcZ5s1u/8LWYcnOOhWTkff8sv1NIhQ=,iv:YdGaKCaq1bCCLsuYIug6NFO2rhqX/Xyt5yQ/hgWOfko=,tag:D+xWcN2bC2Q1Q2mjtpWqLg==,type:str] searx-env: ENC[AES256_GCM,data:FX5CpcDqkpUH2bsS00gFCzPFcInNMbf1Z0mBmoHXk2BJ54AVOVVM1aiVwXDyWnX2wN4gO8nHFypAY451R6UiSt7FAWlkYbBdlv7EsLyaLUR+,iv:c9B+tkipD3IbWTNCzOTvV1MtwJJsOonhxSM+31CHoXg=,tag:hP/BX6TahGqecTtUO3LorQ==,type:str] +freshrss-admin-pass: ENC[AES256_GCM,data:xfDBsL9OWmOJy7wCKSJPobsk33pwT+E6ylGfjsZDbPozClT6I5nXtQ==,iv:c8au21XjXE97g3SS5JFwVk45NrsnO8aCHWpWP5o0bfY=,tag:Q65jkxymo/VMHOScFq8hPw==,type:str] sops: kms: [] gcp_kms: [] @@ -41,8 +42,8 @@ sops: cUpBZ01CMEFjNnNuWjlYejVKajkwcGMKehqYCZP0zZHDTfJrC/5LYiE/3doa0OiM OKXhOuUX8HF8RfkyiOSMpntxuNX2jSvd9sQRYnHkUvgm793+IuQjrg== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-12-04T11:08:32Z" - mac: ENC[AES256_GCM,data:fPhtlUiSvlIlJusSVwu+tSkYjQSc4MjKRko7fIJrZLaiTjORYFbbDosH7Y2XLAoiXhWrQsZs2n7Nk0xi5iDS4RtnDJ7smIzojh6ePOjVlu/gNm7o9d7gphF0y2gB8cchw/Iv2f89S9z2PPGeQqPzUnuvJFhiKVlMA1b2geHK8A8=,iv:u916JFQus/0gPOdZtb29UPbqoqMjVyBmruFvFcFTdDE=,tag:ipYMgxNto1oBT7p5CrsK2A==,type:str] + lastmodified: "2023-12-06T14:07:55Z" + mac: ENC[AES256_GCM,data:aUq03Frpab/ixsQ6CqISOjEEwbUmIWKfuFbUNhZKoXGa5pqHZJD8P6PxoEWbAm59O/5h5LnPFJF44TMKZ7R2WQ3Twlq8fiM+J0Q7aaHUvsy7HEKQR4DMKgZ9QHikx77Z3+7zmGntszrQqS2ayd9ad3b/TGcBvaAD+iHIjvSJnas=,iv:xod4JS7GLTCNvV4d08qtv2O1FVvoAUzCRZTgKM3CptE=,tag:SbCke7FgMLLwLi+R3hT6Rg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 -- cgit 1.4.1