feat(miniflux): init module, host on server2

1 files changed, 51 insertions, 0 deletions

diff --git a/modules/by-name/mi/miniflux/module.nix b/modules/by-name/mi/miniflux/module.nix
new file mode 100644
index 0000000..ca6f476
--- /dev/null
+++ b/modules/by-name/mi/miniflux/module.nix
@@ -0,0 +1,51 @@
+{
+  config,
+  lib,
+  ...
+}: let
+  cfg = config.vhack.miniflux;
+in {
+  options.vhack.miniflux = {
+    enable = lib.mkEnableOption "miniflux, an simple web rss reading software";
+    domain = lib.mkOption {
+      type = lib.types.str;
+      description = "The primary domain miniflux should be served on";
+    };
+    extraDomains = lib.mkOption {
+      type = lib.types.listOf lib.types.str;
+      description = "Additional domains to serve miniflux on";
+      default = [];
+    };
+  };
+  config = lib.mkIf cfg.enable {
+    age.secrets = {
+      minifluxAdmin = {
+        file = ./secrets/admin.age;
+        mode = "700";
+        owner = "root";
+        group = "root";
+      };
+    };
+    services.miniflux = {
+      enable = true;
+      config = {
+        LISTEN_ADDR = "127.0.0.1:5892";
+      };
+      adminCredentialsFile = config.age.secrets.minifluxAdmin.path;
+    };
+
+    vhack = {
+      nginx.enable = true;
+      postgresql.enable = true;
+    };
+    services.nginx = {
+      virtualHosts.${cfg.domain} = {
+        locations."/".proxyPass = "http://${config.services.miniflux.config.LISTEN_ADDR}";
+
+        enableACME = true;
+        forceSSL = true;
+        serverAliases = cfg.extraDomains;
+      };
+    };
+  };
+}