From 6bb26431d3fd7696c85b73b3831abf8a89c9be90 Mon Sep 17 00:00:00 2001
From: sefidel <contact@sefidel.net>
Date: Wed, 6 Dec 2023 23:10:39 +0900
Subject: feat(modules/{tt-rss -> rss}): change tt-rss to freshrss

---
 modules/services/rss.nix            | 39 ++++++++++++++++++++++++++++++++++
 modules/services/tt-rss.nix         | 42 -------------------------------------
 systems/cobalt/default.nix          |  4 +++-
 systems/cobalt/secrets/secrets.yaml |  5 +++--
 4 files changed, 45 insertions(+), 45 deletions(-)
 create mode 100644 modules/services/rss.nix
 delete mode 100644 modules/services/tt-rss.nix

diff --git a/modules/services/rss.nix b/modules/services/rss.nix
new file mode 100644
index 0000000..7c44580
--- /dev/null
+++ b/modules/services/rss.nix
@@ -0,0 +1,39 @@
+{ config, lib, pkgs, ... }:
+
+with lib;
+let
+  cfg = config.modules.services.rss;
+in
+{
+  options.modules.services.rss = {
+    enable = mkEnableOption "RSS Aggregator";
+    domain = mkOption { type = types.str; };
+    realHost = mkOption { type = types.str; default = "rss.${cfg.domain}"; };
+    secrets.admin-password = mkOption { type = types.str; description = "path to file containing admin password"; };
+  };
+
+  config = mkIf cfg.enable {
+    services.freshrss = {
+      enable = true;
+      virtualHost = cfg.realHost;
+      baseUrl = "https://${cfg.realHost}";
+
+      defaultUser = "admin";
+      passwordFile = cfg.secrets.admin-password;
+
+      database = {
+        type = "pgsql";
+        host = "/run/postgresql";
+      };
+    };
+
+    environment.persistence."/persist".directories = [
+      "/var/lib/freshrss"
+    ];
+
+    services.nginx.virtualHosts.${cfg.realHost} = {
+      forceSSL = true;
+      useACMEHost = cfg.domain;
+    };
+  };
+}
diff --git a/modules/services/tt-rss.nix b/modules/services/tt-rss.nix
deleted file mode 100644
index 4351065..0000000
--- a/modules/services/tt-rss.nix
+++ /dev/null
@@ -1,42 +0,0 @@
-{ config, lib, pkgs, ... }:
-
-with lib;
-let
-  cfg = config.modules.services.tt-rss;
-in
-{
-  options.modules.services.tt-rss = {
-    enable = mkEnableOption "Tiny Tiny RSS Client";
-    domain = mkOption { type = types.str; };
-    realHost = mkOption { type = types.str; default = "rss.${cfg.domain}"; };
-  };
-
-  config = mkIf cfg.enable {
-    services.tt-rss = {
-      enable = true;
-      virtualHost = cfg.realHost;
-      selfUrlPath = "https://${cfg.realHost}";
-
-      themePackages = [
-        pkgs.tt-rss-theme-feedly
-      ];
-
-      plugins = [
-        "auth_internal"
-        "note"
-      ];
-
-      database = {
-        type = "pgsql";
-        password = null;
-        host = "/run/postgresql";
-      };
-
-    };
-
-    services.nginx.virtualHosts.${cfg.realHost} = {
-      forceSSL = true;
-      useACMEHost = cfg.domain;
-    };
-  };
-}
diff --git a/systems/cobalt/default.nix b/systems/cobalt/default.nix
index d5c5a8f..05f75d3 100644
--- a/systems/cobalt/default.nix
+++ b/systems/cobalt/default.nix
@@ -168,6 +168,7 @@ in
   # owner = "openldap";
   # };
   sops.secrets.searx-env = { };
+  sops.secrets.freshrss-admin-pass = { owner = "freshrss"; };
 
   nix.experimentalFeatures = "nix-command flakes";
 
@@ -326,10 +327,11 @@ in
       domain = "exotic.sh";
       realHost = "todo.exotic.sh";
     };
-    services.tt-rss = {
+    services.rss = {
       enable = true;
       domain = "exotic.sh";
       realHost = "rss.exotic.sh";
+      secrets.admin-password = config.sops.secrets.freshrss-admin-pass.path;
     };
     services.searx = {
       enable = true;
diff --git a/systems/cobalt/secrets/secrets.yaml b/systems/cobalt/secrets/secrets.yaml
index 18c819d..be519e0 100644
--- a/systems/cobalt/secrets/secrets.yaml
+++ b/systems/cobalt/secrets/secrets.yaml
@@ -17,6 +17,7 @@ system-imap-pass: ENC[AES256_GCM,data:T4yuF8+dkLjuiGhZUK33xvVqvyhs6vUL35/EUyue1L
 internal-imap-pass: ENC[AES256_GCM,data:2+Bk1hxM+veEXvSpqSZw1I9NaNBjE79CpJmLi2WHrMt5fQtfQCECNj0Pvwvj2QUrmt7HKZFT7GNbJopM,iv:nrOWRovsbkk4aIf0lS78daL2Jy6L5fVNkn2ZubK1xEI=,tag:/X8A5YJy3NNSSoV96IXPDg==,type:str]
 grafana-admin-pass: ENC[AES256_GCM,data:88z+mLcZ5s1u/8LWYcnOOhWTkff8sv1NIhQ=,iv:YdGaKCaq1bCCLsuYIug6NFO2rhqX/Xyt5yQ/hgWOfko=,tag:D+xWcN2bC2Q1Q2mjtpWqLg==,type:str]
 searx-env: ENC[AES256_GCM,data:FX5CpcDqkpUH2bsS00gFCzPFcInNMbf1Z0mBmoHXk2BJ54AVOVVM1aiVwXDyWnX2wN4gO8nHFypAY451R6UiSt7FAWlkYbBdlv7EsLyaLUR+,iv:c9B+tkipD3IbWTNCzOTvV1MtwJJsOonhxSM+31CHoXg=,tag:hP/BX6TahGqecTtUO3LorQ==,type:str]
+freshrss-admin-pass: ENC[AES256_GCM,data:xfDBsL9OWmOJy7wCKSJPobsk33pwT+E6ylGfjsZDbPozClT6I5nXtQ==,iv:c8au21XjXE97g3SS5JFwVk45NrsnO8aCHWpWP5o0bfY=,tag:Q65jkxymo/VMHOScFq8hPw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -41,8 +42,8 @@ sops:
             cUpBZ01CMEFjNnNuWjlYejVKajkwcGMKehqYCZP0zZHDTfJrC/5LYiE/3doa0OiM
             OKXhOuUX8HF8RfkyiOSMpntxuNX2jSvd9sQRYnHkUvgm793+IuQjrg==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-12-04T11:08:32Z"
-    mac: ENC[AES256_GCM,data:fPhtlUiSvlIlJusSVwu+tSkYjQSc4MjKRko7fIJrZLaiTjORYFbbDosH7Y2XLAoiXhWrQsZs2n7Nk0xi5iDS4RtnDJ7smIzojh6ePOjVlu/gNm7o9d7gphF0y2gB8cchw/Iv2f89S9z2PPGeQqPzUnuvJFhiKVlMA1b2geHK8A8=,iv:u916JFQus/0gPOdZtb29UPbqoqMjVyBmruFvFcFTdDE=,tag:ipYMgxNto1oBT7p5CrsK2A==,type:str]
+    lastmodified: "2023-12-06T14:07:55Z"
+    mac: ENC[AES256_GCM,data:aUq03Frpab/ixsQ6CqISOjEEwbUmIWKfuFbUNhZKoXGa5pqHZJD8P6PxoEWbAm59O/5h5LnPFJF44TMKZ7R2WQ3Twlq8fiM+J0Q7aaHUvsy7HEKQR4DMKgZ9QHikx77Z3+7zmGntszrQqS2ayd9ad3b/TGcBvaAD+iHIjvSJnas=,iv:xod4JS7GLTCNvV4d08qtv2O1FVvoAUzCRZTgKM3CptE=,tag:SbCke7FgMLLwLi+R3hT6Rg==,type:str]
     pgp: []
     unencrypted_suffix: _unencrypted
     version: 3.8.1
-- 
cgit 1.4.1