From e1007920d21b81cf4575cf231b6ba9dccab315e6 Mon Sep 17 00:00:00 2001 From: Gabriel Arazas Date: Tue, 31 Dec 2024 14:16:34 +0800 Subject: [PATCH] hosts/ni/services/rss-reader: init --- configs/nixos/ni/default.nix | 1 + configs/nixos/ni/modules/default.nix | 1 + .../modules/services/rss-reader/default.nix | 33 +++++++++++++++++++ .../modules/services/rss-reader/secrets.yaml | 22 +++++++++++++ 4 files changed, 57 insertions(+) create mode 100644 configs/nixos/ni/modules/services/rss-reader/default.nix create mode 100644 configs/nixos/ni/modules/services/rss-reader/secrets.yaml diff --git a/configs/nixos/ni/default.nix b/configs/nixos/ni/default.nix index e89aeacf..3b64ad36 100644 --- a/configs/nixos/ni/default.nix +++ b/configs/nixos/ni/default.nix @@ -22,6 +22,7 @@ services.mail-archive.enable = true; services.reverse-proxy.enable = true; services.download-media.enable = true; + services.rss-reader.enable = true; setups = { desktop.enable = true; development.enable = true; diff --git a/configs/nixos/ni/modules/default.nix b/configs/nixos/ni/modules/default.nix index b2b10c24..75e1321f 100644 --- a/configs/nixos/ni/modules/default.nix +++ b/configs/nixos/ni/modules/default.nix @@ -9,6 +9,7 @@ ./services/reverse-proxy.nix ./services/monitoring.nix ./services/download-media + ./services/rss-reader ./services/penpot ./setups/desktop.nix ./setups/development.nix diff --git a/configs/nixos/ni/modules/services/rss-reader/default.nix b/configs/nixos/ni/modules/services/rss-reader/default.nix new file mode 100644 index 00000000..dd3bbb87 --- /dev/null +++ b/configs/nixos/ni/modules/services/rss-reader/default.nix @@ -0,0 +1,33 @@ +{ config, lib, foodogsquaredLib, ... }: + +let + hostCfg = config.hosts.ni; + cfg = hostCfg.services.rss-reader; + + port = config.state.ports.miniflux.value; +in +{ + options.hosts.ni.services.rss-reader.enable = + lib.mkEnableOption "preferred RSS reader service"; + + config = lib.mkIf cfg.enable { + sops.secrets = foodogsquaredLib.sops-nix.getSecrets ./secrets.yaml { + "miniflux/admin" = {}; + }; + + state.ports.miniflux.value = 9640; + + services.miniflux = { + enable = true; + adminCredentialsFile = config.sops.secrets."miniflux/admin".path; + config = { + LISTEN_ADDR = "127.0.0.1:${builtins.toString port}"; + BASE_URL = "http://rss.ni.internal"; + }; + }; + + services.nginx.virtualHosts."rss.ni.internal" = { + locations."/".proxyPass = "http://localhost:${builtins.toString port}"; + }; + }; +} diff --git a/configs/nixos/ni/modules/services/rss-reader/secrets.yaml b/configs/nixos/ni/modules/services/rss-reader/secrets.yaml new file mode 100644 index 00000000..8d0353dd --- /dev/null +++ b/configs/nixos/ni/modules/services/rss-reader/secrets.yaml @@ -0,0 +1,22 @@ +miniflux: + admin: ENC[AES256_GCM,data:TMDKcG9rp1tA+FLEgogpH7e3sFUKAKOKyFe9o2g7It/nELNroLDRgh6kgbRsqIEqeeAzENi9yR27bg==,iv:pwHRAmLSR1oDwH8wzS+tFQikocNmjrYWeS3H9M/9pzc=,tag:VRiEWHb17dcMiTDPOh7vqg==,type:str] +sops: + kms: [] + gcp_kms: [] + azure_kv: [] + hc_vault: [] + age: + - recipient: age1jxna9vm7nx4g69s84qgjptxvuzszcypf2rfk4ss2lyhnpe3yxdnqusu6jp + enc: | + -----BEGIN AGE ENCRYPTED FILE----- + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBwWjd2TC95NFQ4VXBheVlP + TDUwajluNHhsY1ZPSlYxMlN1L25EZzhjQjBrCnFjWmI2WUZXNER0dkF6dVlNSUVs + MUcwNmFpODZmdHUvY1VlSEdtOTNqRFkKLS0tIHhkK3BWSXFTZS9DcHRPNG9hbzN5 + bG5tektneTBvR29yTzVqNHZVYldKZXMKWgRWcu0kl6TwIeDTU1N4ofH1HY+G9/zh + GrppMajmw5ZLB3/e3xCzn4KaAEUkcLvJjq9AgZzjQm/PXhzlAxU4tg== + -----END AGE ENCRYPTED FILE----- + lastmodified: "2024-12-31T08:27:39Z" + mac: ENC[AES256_GCM,data:/j7QFv8cuKL2TXEmtVgx9qxMqpBOJydOQmzbNOCY8ZxSIvB/lstmGk7Q4lByb51H6KBiSDdJFewXmQo+hosafOMX7cAY4rQvzD5zEylmntESMOKnEdG39zo0HKAcLDapUSsPjEj0L/BGqhyU6ZKAJgFrEwq9aWGS9NKHXvhMD+Q=,iv:BeURmnqEfro8JcRZ0CQ269D/UinK3jAeSVQavGCbODw=,tag:BLEnDVX3fxEP/KCsOVGO3Q==,type:str] + pgp: [] + unencrypted_suffix: _unencrypted + version: 3.9.2