diff options
| -rw-r--r-- | hosts/by-name/server3/configuration.nix | 9 | ||||
| -rw-r--r-- | modules/by-name/mi/miniflux/module.nix | 51 | ||||
| -rw-r--r-- | secrets.nix | 2 | ||||
| -rw-r--r-- | system/secrets/default.nix | 6 | ||||
| -rw-r--r-- | system/secrets/miniflux/admin.age | 14 | ||||
| -rw-r--r-- | system/services/default.nix | 1 | ||||
| -rw-r--r-- | system/services/miniflux/default.nix | 22 |
7 files changed, 61 insertions, 44 deletions
diff --git a/hosts/by-name/server3/configuration.nix b/hosts/by-name/server3/configuration.nix index 24b66e4..8b21e79 100644 --- a/hosts/by-name/server3/configuration.nix +++ b/hosts/by-name/server3/configuration.nix @@ -6,6 +6,15 @@ vhack = { fail2ban.enable = true; + miniflux = { + enable = true; + domain = "miniflux.foss-syndicate.org"; + extraDomains = [ + "rss.foss-syndicate.org" + "rss.vhack.eu" + "miniflux.vhack.eu" + ]; + }; openssh.enable = true; persist = { enable = true; diff --git a/modules/by-name/mi/miniflux/module.nix b/modules/by-name/mi/miniflux/module.nix new file mode 100644 index 0000000..ca6f476 --- /dev/null +++ b/modules/by-name/mi/miniflux/module.nix @@ -0,0 +1,51 @@ +{ + config, + lib, + ... +}: let + cfg = config.vhack.miniflux; +in { + options.vhack.miniflux = { + enable = lib.mkEnableOption "miniflux, an simple web rss reading software"; + domain = lib.mkOption { + type = lib.types.str; + description = "The primary domain miniflux should be served on"; + }; + extraDomains = lib.mkOption { + type = lib.types.listOf lib.types.str; + description = "Additional domains to serve miniflux on"; + default = []; + }; + }; + config = lib.mkIf cfg.enable { + age.secrets = { + minifluxAdmin = { + file = ./secrets/admin.age; + mode = "700"; + owner = "root"; + group = "root"; + }; + }; + services.miniflux = { + enable = true; + config = { + LISTEN_ADDR = "127.0.0.1:5892"; + }; + adminCredentialsFile = config.age.secrets.minifluxAdmin.path; + }; + + vhack = { + nginx.enable = true; + postgresql.enable = true; + }; + services.nginx = { + virtualHosts.${cfg.domain} = { + locations."/".proxyPass = "http://${config.services.miniflux.config.LISTEN_ADDR}"; + + enableACME = true; + forceSSL = true; + serverAliases = cfg.extraDomains; + }; + }; + }; +} diff --git a/secrets.nix b/secrets.nix index 19f69a8..0339544 100644 --- a/secrets.nix +++ b/secrets.nix @@ -27,13 +27,13 @@ in { "./modules/by-name/et/etesync/secret_file.age".publicKeys = server1; "./modules/by-name/pe/peertube/secrets/general.age".publicKeys = server1; "./modules/by-name/pe/peertube/secrets/smtp.age".publicKeys = server1; + "./modules/by-name/mi/miniflux/secrets/admin.age".publicKeys = server3; "./system/secrets/backup/backuppass.age".publicKeys = server1; "./system/secrets/backup/backupssh.age".publicKeys = server1; "./system/secrets/invidious/hmac.age".publicKeys = server1; "./system/secrets/mastodon/mail.age".publicKeys = server1; "./system/secrets/matrix-synapse/passwd.age".publicKeys = server1; - "./system/secrets/miniflux/admin.age".publicKeys = server1; "./system/secrets/taskserver/ca.age".publicKeys = server1; "./system/secrets/taskserver/systemd_tmpfiles.age".publicKeys = server1; } diff --git a/system/secrets/default.nix b/system/secrets/default.nix index b74e883..565a774 100644 --- a/system/secrets/default.nix +++ b/system/secrets/default.nix @@ -19,12 +19,6 @@ owner = "matrix-synapse"; group = "matrix-synapse"; }; - minifluxAdmin = { - file = ./miniflux/admin.age; - mode = "700"; - owner = "root"; - group = "root"; - }; resticpass = { file = ./backup/backuppass.age; mode = "0700"; diff --git a/system/secrets/miniflux/admin.age b/system/secrets/miniflux/admin.age deleted file mode 100644 index 6b34ab0..0000000 --- a/system/secrets/miniflux/admin.age +++ /dev/null @@ -1,14 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA0ZHJ3V0E3bjVLYUd5N2gx -eE15dlBldWt1ZGpBcGc3ZWcwMTNKSTcxR0Y0Cm03dEgxYzdhYjYvWFNNUVdtR3E1 -dW1lMlE3R3dlcUZ1Qm1GMElPQU8xYmMKLT4gWDI1NTE5IFJrc28wZzhWQ3RoeFFK -WFlTSmVzRGMzamxrQ0NSUG9KVWxSajJsQ1BablEKS0tFb096djZOdUJIVTdaSndH -b1ZMT3ZCZGVkaWMvU0hPSFhsMkY3RzBkNAotPiBzc2gtZWQyNTUxOSBPRDhUNGcg -SWdGV1pSYzY3bWxadWJZeXVmTXBHeGpMTTYyak1IbE9jTjZQS3dwRXozUQo1UFlT -am9WNzh1TytMNTFsNjM4amh0N2JDdkxjYk9GL285UWUrZHV5L3p3Ci0+IEkqMS1n -cmVhc2UgZV4KRFlYWlRyNDFtZlJWcS9vZ1hiUkJxdE9saHpTTWQ3TitMc1N0UXBE -eWZ5SQotLS0gRzE4bmpSTWpjUnlHUlNHTTNWSjNNL0d3VFFpVFdOaVlMUERmRHNt -d2k3WQqd+49pa75kfJffbdCOmNvPLUN7N+d+lI4lXlPTyLWTNnM8qaVz+BAhMH40 -ri9BTHHtg4ql7bXZWXZt/CiBLUOuv+yKckm4u51vjOwyHwUjaMYF4bfXS+rChsQV -BL+XWihQZ5wNsUh1PRHMy3mrF1XSYROa4ApK/i5Sgm271cvBMI4C4G+oux0/wvkL ------END AGE ENCRYPTED FILE----- diff --git a/system/services/default.nix b/system/services/default.nix index db7ca4f..7d2b4d2 100644 --- a/system/services/default.nix +++ b/system/services/default.nix @@ -6,7 +6,6 @@ ./mastodon ./matrix ./minecraft - ./miniflux ./murmur ./nix ./restic diff --git a/system/services/miniflux/default.nix b/system/services/miniflux/default.nix deleted file mode 100644 index 9a0f2bc..0000000 --- a/system/services/miniflux/default.nix +++ /dev/null @@ -1,22 +0,0 @@ -{config, ...}: { - services.miniflux = { - enable = true; - config = { - LISTEN_ADDR = "127.0.0.1:5892"; - }; - adminCredentialsFile = config.age.secrets.minifluxAdmin.path; - }; - - services.nginx = { - enable = true; - virtualHosts."miniflux.vhack.eu" = { - locations."/".proxyPass = "http://${config.services.miniflux.config.LISTEN_ADDR}"; - - enableACME = true; - forceSSL = true; - serverAliases = [ - "rss.vhack.eu" - ]; - }; - }; -} |