feat(miniflux): init module, host on server2

7 files changed, 61 insertions, 44 deletions

diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix
index 24b66e4..8b21e79 100644
--- a/hosts/by-name/server3/configuration.nix
+++ b/hosts/by-name/server3/configuration.nix
@@ -6,6 +6,15 @@
 
   vhack = {
     fail2ban.enable = true;
+    miniflux = {
+      enable = true;
+      domain = "miniflux.foss-syndicate.org";
+      extraDomains = [
+        "rss.foss-syndicate.org"
+        "rss.vhack.eu"
+        "miniflux.vhack.eu"
+      ];
+    };
     openssh.enable = true;
     persist = {
       enable = true;
diff --git a/modules/by-name/mi/miniflux/module.nix b/modules/by-name/mi/miniflux/module.nix
new file mode 100644
index 0000000..ca6f476
--- /dev/null
+++ b/modules/by-name/mi/miniflux/module.nix
@@ -0,0 +1,51 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.vhack.miniflux;
+in {
+  options.vhack.miniflux = {
+    enable = lib.mkEnableOption "miniflux, an simple web rss reading software";
+    domain = lib.mkOption {
+      type = lib.types.str;
+      description = "The primary domain miniflux should be served on";
+    };
+    extraDomains = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      description = "Additional domains to serve miniflux on";
+      default = [];
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    age.secrets = {
+      minifluxAdmin = {
+        file = ./secrets/admin.age;
+        mode = "700";
+        owner = "root";
+        group = "root";
+      };
+    };
+    services.miniflux = {
+      enable = true;
+      config = {
+        LISTEN_ADDR = "127.0.0.1:5892";
+      };
+      adminCredentialsFile = config.age.secrets.minifluxAdmin.path;
+    };
+
+    vhack = {
+      nginx.enable = true;
+      postgresql.enable = true;
+    };
+    services.nginx = {
+      virtualHosts.${cfg.domain} = {
+        locations."/".proxyPass = "http://${config.services.miniflux.config.LISTEN_ADDR}";
+
+        enableACME = true;
+        forceSSL = true;
+        serverAliases = cfg.extraDomains;
+      };
+    };
+  };
+}
diff --git a/secrets.nix b/secrets.nix
index 19f69a8..0339544 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -27,13 +27,13 @@ in {
   "./modules/by-name/et/etesync/secret_file.age".publicKeys = server1;
   "./modules/by-name/pe/peertube/secrets/general.age".publicKeys = server1;
   "./modules/by-name/pe/peertube/secrets/smtp.age".publicKeys = server1;
+  "./modules/by-name/mi/miniflux/secrets/admin.age".publicKeys = server3;
 
   "./system/secrets/backup/backuppass.age".publicKeys = server1;
   "./system/secrets/backup/backupssh.age".publicKeys = server1;
   "./system/secrets/invidious/hmac.age".publicKeys = server1;
   "./system/secrets/mastodon/mail.age".publicKeys = server1;
   "./system/secrets/matrix-synapse/passwd.age".publicKeys = server1;
-  "./system/secrets/miniflux/admin.age".publicKeys = server1;
   "./system/secrets/taskserver/ca.age".publicKeys = server1;
   "./system/secrets/taskserver/systemd_tmpfiles.age".publicKeys = server1;
 }
diff --git a/system/secrets/default.nix b/system/secrets/default.nix
index b74e883..565a774 100644
--- a/system/secrets/default.nix
+++ b/system/secrets/default.nix
@@ -19,12 +19,6 @@
         owner = "matrix-synapse";
         group = "matrix-synapse";
       };
-      minifluxAdmin = {
-        file = ./miniflux/admin.age;
-        mode = "700";
-        owner = "root";
-        group = "root";
-      };
       resticpass = {
         file = ./backup/backuppass.age;
         mode = "0700";
diff --git a/system/secrets/miniflux/admin.age b/system/secrets/miniflux/admin.age
deleted file mode 100644
index 6b34ab0..0000000
--- a/system/secrets/miniflux/admin.age
+++ /dev/null
@@ -1,14 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ZHJ3V0E3bjVLYUd5N2gx
-eE15dlBldWt1ZGpBcGc3ZWcwMTNKSTcxR0Y0Cm03dEgxYzdhYjYvWFNNUVdtR3E1
-dW1lMlE3R3dlcUZ1Qm1GMElPQU8xYmMKLT4gWDI1NTE5IFJrc28wZzhWQ3RoeFFK
-WFlTSmVzRGMzamxrQ0NSUG9KVWxSajJsQ1BablEKS0tFb096djZOdUJIVTdaSndH
-b1ZMT3ZCZGVkaWMvU0hPSFhsMkY3RzBkNAotPiBzc2gtZWQyNTUxOSBPRDhUNGcg
-SWdGV1pSYzY3bWxadWJZeXVmTXBHeGpMTTYyak1IbE9jTjZQS3dwRXozUQo1UFlT
-am9WNzh1TytMNTFsNjM4amh0N2JDdkxjYk9GL285UWUrZHV5L3p3Ci0+IEkqMS1n
-cmVhc2UgZV4KRFlYWlRyNDFtZlJWcS9vZ1hiUkJxdE9saHpTTWQ3TitMc1N0UXBE
-eWZ5SQotLS0gRzE4bmpSTWpjUnlHUlNHTTNWSjNNL0d3VFFpVFdOaVlMUERmRHNt
-d2k3WQqd+49pa75kfJffbdCOmNvPLUN7N+d+lI4lXlPTyLWTNnM8qaVz+BAhMH40
-ri9BTHHtg4ql7bXZWXZt/CiBLUOuv+yKckm4u51vjOwyHwUjaMYF4bfXS+rChsQV
-BL+XWihQZ5wNsUh1PRHMy3mrF1XSYROa4ApK/i5Sgm271cvBMI4C4G+oux0/wvkL
------END AGE ENCRYPTED FILE-----
diff --git a/system/services/default.nix b/system/services/default.nix
index db7ca4f..7d2b4d2 100644
--- a/system/services/default.nix
+++ b/system/services/default.nix
@@ -6,7 +6,6 @@
     ./mastodon
     ./matrix
     ./minecraft
-    ./miniflux
     ./murmur
     ./nix
     ./restic
diff --git a/system/services/miniflux/default.nix b/system/services/miniflux/default.nix
deleted file mode 100644
index 9a0f2bc..0000000
--- a/system/services/miniflux/default.nix
+++ /dev/null
@@ -1,22 +0,0 @@
-{config, ...}: {
-  services.miniflux = {
-    enable = true;
-    config = {
-      LISTEN_ADDR = "127.0.0.1:5892";
-    };
-    adminCredentialsFile = config.age.secrets.minifluxAdmin.path;
-  };
-
-  services.nginx = {
-    enable = true;
-    virtualHosts."miniflux.vhack.eu" = {
-      locations."/".proxyPass = "http://${config.services.miniflux.config.LISTEN_ADDR}";
-
-      enableACME = true;
-      forceSSL = true;
-      serverAliases = [
-        "rss.vhack.eu"
-      ];
-    };
-  };
-}