blob: 0075bca1836a6f06c595c722e68a8c78b24ded57 (
plain) (
tree)
|
|
{
config,
lib,
...
}: let
cfg = config.vhack.miniflux;
in {
options.vhack.miniflux = {
enable = lib.mkEnableOption "miniflux, an simple web rss reading software";
domain = lib.mkOption {
type = lib.types.str;
description = "The primary domain miniflux should be served on";
};
extraDomains = lib.mkOption {
type = lib.types.listOf lib.types.str;
description = "Additional domains to serve miniflux on";
default = [];
};
adminCredentialsFile = lib.mkOption {
type = lib.types.path;
description = "The age encrypted admin credentials file passed to agenix";
};
};
config = lib.mkIf cfg.enable {
age.secrets = {
minifluxAdmin = {
file = cfg.adminCredentialsFile;
mode = "700";
owner = "root";
group = "root";
};
};
services.miniflux = {
enable = true;
config = {
LISTEN_ADDR = "127.0.0.1:5892";
};
adminCredentialsFile = config.age.secrets.minifluxAdmin.path;
};
vhack = {
nginx.enable = true;
postgresql.enable = true;
};
services.nginx = {
virtualHosts.${cfg.domain} = {
locations."/".proxyPass = "http://${config.services.miniflux.config.LISTEN_ADDR}";
enableACME = true;
forceSSL = true;
serverAliases = cfg.extraDomains;
};
};
};
}
|
