migrate to freshrss for the news server

This commit is contained in:
Cyryl Płotnicki 2023-11-11 23:27:01 +00:00
parent 8b26153c12
commit 1c63a2a522
2 changed files with 116 additions and 63 deletions

View file

@ -5,73 +5,24 @@
lib, lib,
... ...
}: let }: let
port = 8080;
domain = "news.cyplo.dev"; domain = "news.cyplo.dev";
postgresPort = 5435;
in { in {
imports = [../nginx.nix]; imports = [../nginx.nix];
services.nginx = { services.nginx.virtualHosts."${domain}" = {
virtualHosts = {
"${domain}" = {
forceSSL = true; forceSSL = true;
enableACME = true; enableACME = true;
locations."/" = {proxyPass = "http://127.0.0.1:" + toString port;};
}; };
sops.secrets."freshrss-password" = {
sopsFile = ./rss.sops.yaml;
owner = "freshrss";
}; };
}; services.freshrss = {
containers.rss = {
autoStart = true;
forwardPorts = [
{
containerPort = port;
hostPort = port;
}
];
config = {
config,
pkgs,
...
}: let
inherit (config.services.tt-rss) pool;
inherit (config.services.tt-rss) root;
in {
system.stateVersion = "23.05";
services.postgresql.port = postgresPort;
services.tt-rss = {
enable = true; enable = true;
selfUrlPath = "https://${domain}"; virtualHost = domain;
virtualHost = null; baseUrl = "https://${domain}";
registration.enable = false; database.type = "sqlite";
simpleUpdateMode = true; defaultUser = "cyryl";
database.port = postgresPort; passwordFile = config.sops.secrets.freshrss-password.path;
};
services.nginx = {
enable = true;
virtualHosts = {
"${domain}" = {
listen = [
{
inherit port;
addr = "0.0.0.0";
}
];
root = "${root}/www";
locations."/" = {index = "index.php";};
locations."^~ /feed-icons" = {root = "${root}";};
locations."~ \\.php$" = {
extraConfig = ''
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass unix:${
config.services.phpfpm.pools.${pool}.socket
};
fastcgi_index index.php;
'';
};
};
};
};
};
}; };
} }

View file

@ -0,0 +1,102 @@
freshrss-password: ENC[AES256_GCM,data:DRo33SMRV89iUoQtdWaTVHcFBA7Y,iv:I4zbnJb4O4S7fTBqHl3kxGh33sndBrHNJPPZL8v41i8=,tag:C1NgSANYMQiOWNYBBnYAQg==,type:str]
sops:
kms: []
gcp_kms: []
azure_kv: []
hc_vault: []
age:
- recipient: age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBweElpTmRLY3A1dHVsekYy
ODJZUzdUUDVheWZBcGNkTTUzdk1ZVXRJU25vCmcwazNvc21IaExiQXdZcnZZNDdu
VkxOU3NZdnZsNENyd2k1cktaNUVNNGsKLS0tIGhnZEM5WjlIQ1BHOWt0QnhaTlBW
T3h6MU5wSWZHZ1doNFpKQjVFdHRxUUEKcsxSwvfyd41VOsZcCOpmPtS5v+sGhzGe
am6Om06uCyZGy/uViUaQYwHnTElsdrHs8GP1+xijEtImIz0bYaKB2g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGY092UUZxQUc1RVRabi9Z
L0pFWUgvdkxMdyswWXBSSytBMnBmdTg2MGk4ClVrdlM4ZDNUVXhCNnJ5aEU4RDRU
VWlwelFFdVY4YkdvNzNua092YlZ0MmcKLS0tIHErcGdjVWNlZnl1RVpYcU03SDQ1
aG53Q3c5ZmV2N3lsZlQxTU1aS1IvdjgKs4tbRx7VnGagRCFAxoKF2AA1g4laC6bE
H59SOA8UzoF2QDeBzcvtmUW7KPJAtivszod8bNkghq6/EieGzMV49g==
-----END AGE ENCRYPTED FILE-----
- recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBbnd4WWppNm5uTlhUVlZK
d3lSdGxFRWlsbE1WTVBkVHJpemd2Q08wMTJzCngxUUo0bFZ5bkFSZkZ3RUF5NlRp
OFRrZzRkTkJBK0V1djFuNHhRMVZTcHcKLS0tIFF6RGRiSXNXTlBESjRWWGYvTzFo
a25vVTdmUnE3dHBvTWs4WVljYWZYOHcKHXT2Ua4uEi5pIZ0JQKcKsFUIEcYdhIkp
RxzaugZA0bjEgKxY/eHF2sK743MuAkA5XjLPcVbreYcUJqUD2o/wVQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtN3dIbWphL0xKY3gybmVu
YU9XUWNVbUZwRS9nOFBKUlFhTS9NQ1dlOGlRCmFvNHVadVdBQnJJaHRHWEdNMDRH
aWE4WkV4QzNFR0tjTXMza1paSkZqeGMKLS0tIFI3MzZrT3ZTc2lmZlBtR2R1dWpD
dEJiR1VSWWZqZWhmdEVuK2NZS1pBZ3MKKivgEIU92cX8EWrgFBuduCdWlvnsZBwa
l7p+VtWRKNHLH95Tr4Rq3scysAPtkRerJHKIExozyUeDw+n21eL9Hg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwaUNPa0E4NzZUellCTUFY
bzVNYmNnZTFGcjduTC9GU21TRmNqVXdWWndBClV2Rnd4ZTlWR3RDYnpLV294dUxS
SzhIUG91V0RHRmJNVjlpWDNuU0hzTGMKLS0tIG5rZnk2L3hMN3hnWnU1aXhqSUNv
OHRkN3dTbzdNSzBnbFpaM050dUowUU0KBcBr5Tw8fmGx5HEQ3OlpnKJQzsad5bUq
oDashn3vucbOcG/reUx2FXGhPL5hj3KbD4tk6909Sf1gHWtO5s5EIQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSejFXbTFKVFVMSmxGK3Mx
c2ljQ0s3Z2xhYytwMWpKMzUwUUtaaTJJZXlrCmNqa2UzTXNNdXBxRDVxektBcHBt
T2I3S0N5YmNHbGgzOWlRQkhNV1p2K1UKLS0tIDFDSW9KLzBmWjFJb1BSNkJGNkxC
Q1VKTml1UUJ4a2xjKzFIcGtIVVhsN00KVzQYLGla9LVEmzA2YvsDMxp5vjVNHDZV
eo09QDcXwrQYziE8FdC0vuK6SLOpJPw5CvXB33u2ciCci+Jxe2cYwQ==
-----END AGE ENCRYPTED FILE-----
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUMmFobHE3bGIwN0tQR2Za
VHkyYVZ0RDArSVhOWWczcC9MNEdhbXk1Q1VBCmVreW15Nk9VOUprR3I2T3pnRjU3
NHMvU2xCcW9JVW9QNEd0d0FLdkRIcFkKLS0tIHozdTE2NTZWMFFpZGVFRjRkbkNw
VXF2ay95U2RxRHREYW84SUVTUnR2MU0KvFB1m8EMvshIP48pEeHmQxs/AIthxezw
Rv1R1SzxP96/B1tW9kbSx7J0CNzhDAsu2Rq7TMe3dHXN/iHi6O1D2w==
-----END AGE ENCRYPTED FILE-----
- recipient: age18vg9wvmj2jc8tdcyc202v46lvfndqfe3dse2hewx0snalpvk43fqc22n6y
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPbks4alZjYm9OT3JtSEw3
OTJTOTNRWnJSR3dmaVM0S2pURE9QU3ZvVG5VCjdadmhHZDlTSW94Um5ORmJUa2Y1
SmJBcmNoTEtndW5mcm1UR3ZPZ2cxS1kKLS0tIE95alptR3VHcEp5L05JM1Nha3du
dGdESTZuSnIwVW1YQlZJZGI0cmtlNkEKwPJnFHcHbGqQC9GOfZtVFPpHicgy4pz9
a14lL3aaWFnEtIAKlRo8hD4vD289PtVcI6WCDbtCAbQxrhWTrQZ3qg==
-----END AGE ENCRYPTED FILE-----
- recipient: age1n09swn3qekcuw23vksp7hv4hpg0krlag3c5qcjjaf08m99c3ysqs6sxeyk
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByendCQk9QcldYYVh3YVdQ
SmI1ZXVDSEVBc2h5SkZJcW0zbjg5cExBc2lZCmxEVFJyejcwN2JyK25HRmtQZVFW
QlY4YkNmamFzaTdvNHBhYUxkd0YxY28KLS0tIGRHTzdHcFdQWEM1a3BPM2xYSkx2
ZjBFVXdjeVlPeWtpQ1NOcml6WTFkUXcKjHx7MA916qsi88uBmuN3mw0mwXuhUzhm
IkLkboQIFr2lJDdr8L74+OoDq43UcA+M0uG0UH8BROPQkaLOkwI4Vw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1tt4c8t72fha2fj7xlm0dew5avmkdxujmgplte4qm7sxlcucggedq0eyk7t
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Tm9sajZwVHc3TnlzTWN5
NEVnU3NZbnd6d2JHZWx4cFdNaTZ0eWxWd1VZCkd3UFVHaUQ4VTJlMFg3SHFaNWlM
cDJxU0ZsSE9SVzhmMXZJZEdXRlBGazgKLS0tIDdmVXdteUhSR21hTkYyOS9yMVBW
WmUwcDV2YlpGbXJydlgzKzRNSVFwSlEK0Atv2OnAaJGFi0lk+xt9K4Yf4TBsIOsJ
rIUW2UCpEW+XtvMTXt24X0RqNpgZ9cNHz+O5VX/DBgoaB+ncHHynWA==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2023-11-11T23:18:32Z"
mac: ENC[AES256_GCM,data:mD03I8vLrkOhlYKetnsx5bs1GiqkzA2owfXg/02jE3t5Ujm5iSJY+WGJQYiv+dNdE8Ys99Wq5YMs8+WISrtJInSTJ1U5SMDOx8OmuEiU9+HIBdwkLceTp9s+cVDUVkQej19hBtBV5XTs6/LAHVqgOn8w15VfAwnztodBjZCdLxQ=,iv:VI7Qdim0vs96gc36Tf2rppzyh2PeFNtxsgEovZqr+34=,tag:l3mwCjvAWfn4MVmSLjKxlQ==,type:str]
pgp: []
unencrypted_suffix: _unencrypted
version: 3.7.3