migrate to freshrss for the news server
This commit is contained in:
parent
8b26153c12
commit
1c63a2a522
2 changed files with 116 additions and 63 deletions
|
@ -5,73 +5,24 @@
|
||||||
lib,
|
lib,
|
||||||
...
|
...
|
||||||
}: let
|
}: let
|
||||||
port = 8080;
|
|
||||||
domain = "news.cyplo.dev";
|
domain = "news.cyplo.dev";
|
||||||
postgresPort = 5435;
|
|
||||||
in {
|
in {
|
||||||
imports = [../nginx.nix];
|
imports = [../nginx.nix];
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx.virtualHosts."${domain}" = {
|
||||||
virtualHosts = {
|
forceSSL = true;
|
||||||
"${domain}" = {
|
enableACME = true;
|
||||||
forceSSL = true;
|
|
||||||
enableACME = true;
|
|
||||||
locations."/" = {proxyPass = "http://127.0.0.1:" + toString port;};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
|
sops.secrets."freshrss-password" = {
|
||||||
containers.rss = {
|
sopsFile = ./rss.sops.yaml;
|
||||||
autoStart = true;
|
owner = "freshrss";
|
||||||
forwardPorts = [
|
};
|
||||||
{
|
services.freshrss = {
|
||||||
containerPort = port;
|
enable = true;
|
||||||
hostPort = port;
|
virtualHost = domain;
|
||||||
}
|
baseUrl = "https://${domain}";
|
||||||
];
|
database.type = "sqlite";
|
||||||
config = {
|
defaultUser = "cyryl";
|
||||||
config,
|
passwordFile = config.sops.secrets.freshrss-password.path;
|
||||||
pkgs,
|
|
||||||
...
|
|
||||||
}: let
|
|
||||||
inherit (config.services.tt-rss) pool;
|
|
||||||
inherit (config.services.tt-rss) root;
|
|
||||||
in {
|
|
||||||
system.stateVersion = "23.05";
|
|
||||||
services.postgresql.port = postgresPort;
|
|
||||||
services.tt-rss = {
|
|
||||||
enable = true;
|
|
||||||
selfUrlPath = "https://${domain}";
|
|
||||||
virtualHost = null;
|
|
||||||
registration.enable = false;
|
|
||||||
simpleUpdateMode = true;
|
|
||||||
database.port = postgresPort;
|
|
||||||
};
|
|
||||||
services.nginx = {
|
|
||||||
enable = true;
|
|
||||||
virtualHosts = {
|
|
||||||
"${domain}" = {
|
|
||||||
listen = [
|
|
||||||
{
|
|
||||||
inherit port;
|
|
||||||
addr = "0.0.0.0";
|
|
||||||
}
|
|
||||||
];
|
|
||||||
root = "${root}/www";
|
|
||||||
locations."/" = {index = "index.php";};
|
|
||||||
locations."^~ /feed-icons" = {root = "${root}";};
|
|
||||||
locations."~ \\.php$" = {
|
|
||||||
extraConfig = ''
|
|
||||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
|
||||||
fastcgi_pass unix:${
|
|
||||||
config.services.phpfpm.pools.${pool}.socket
|
|
||||||
};
|
|
||||||
fastcgi_index index.php;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
102
nixos/boxes/vpsfree1/rss.sops.yaml
Normal file
102
nixos/boxes/vpsfree1/rss.sops.yaml
Normal file
|
@ -0,0 +1,102 @@
|
||||||
|
freshrss-password: ENC[AES256_GCM,data:DRo33SMRV89iUoQtdWaTVHcFBA7Y,iv:I4zbnJb4O4S7fTBqHl3kxGh33sndBrHNJPPZL8v41i8=,tag:C1NgSANYMQiOWNYBBnYAQg==,type:str]
|
||||||
|
sops:
|
||||||
|
kms: []
|
||||||
|
gcp_kms: []
|
||||||
|
azure_kv: []
|
||||||
|
hc_vault: []
|
||||||
|
age:
|
||||||
|
- recipient: age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBweElpTmRLY3A1dHVsekYy
|
||||||
|
ODJZUzdUUDVheWZBcGNkTTUzdk1ZVXRJU25vCmcwazNvc21IaExiQXdZcnZZNDdu
|
||||||
|
VkxOU3NZdnZsNENyd2k1cktaNUVNNGsKLS0tIGhnZEM5WjlIQ1BHOWt0QnhaTlBW
|
||||||
|
T3h6MU5wSWZHZ1doNFpKQjVFdHRxUUEKcsxSwvfyd41VOsZcCOpmPtS5v+sGhzGe
|
||||||
|
am6Om06uCyZGy/uViUaQYwHnTElsdrHs8GP1+xijEtImIz0bYaKB2g==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGY092UUZxQUc1RVRabi9Z
|
||||||
|
L0pFWUgvdkxMdyswWXBSSytBMnBmdTg2MGk4ClVrdlM4ZDNUVXhCNnJ5aEU4RDRU
|
||||||
|
VWlwelFFdVY4YkdvNzNua092YlZ0MmcKLS0tIHErcGdjVWNlZnl1RVpYcU03SDQ1
|
||||||
|
aG53Q3c5ZmV2N3lsZlQxTU1aS1IvdjgKs4tbRx7VnGagRCFAxoKF2AA1g4laC6bE
|
||||||
|
H59SOA8UzoF2QDeBzcvtmUW7KPJAtivszod8bNkghq6/EieGzMV49g==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBbnd4WWppNm5uTlhUVlZK
|
||||||
|
d3lSdGxFRWlsbE1WTVBkVHJpemd2Q08wMTJzCngxUUo0bFZ5bkFSZkZ3RUF5NlRp
|
||||||
|
OFRrZzRkTkJBK0V1djFuNHhRMVZTcHcKLS0tIFF6RGRiSXNXTlBESjRWWGYvTzFo
|
||||||
|
a25vVTdmUnE3dHBvTWs4WVljYWZYOHcKHXT2Ua4uEi5pIZ0JQKcKsFUIEcYdhIkp
|
||||||
|
RxzaugZA0bjEgKxY/eHF2sK743MuAkA5XjLPcVbreYcUJqUD2o/wVQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtN3dIbWphL0xKY3gybmVu
|
||||||
|
YU9XUWNVbUZwRS9nOFBKUlFhTS9NQ1dlOGlRCmFvNHVadVdBQnJJaHRHWEdNMDRH
|
||||||
|
aWE4WkV4QzNFR0tjTXMza1paSkZqeGMKLS0tIFI3MzZrT3ZTc2lmZlBtR2R1dWpD
|
||||||
|
dEJiR1VSWWZqZWhmdEVuK2NZS1pBZ3MKKivgEIU92cX8EWrgFBuduCdWlvnsZBwa
|
||||||
|
l7p+VtWRKNHLH95Tr4Rq3scysAPtkRerJHKIExozyUeDw+n21eL9Hg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwaUNPa0E4NzZUellCTUFY
|
||||||
|
bzVNYmNnZTFGcjduTC9GU21TRmNqVXdWWndBClV2Rnd4ZTlWR3RDYnpLV294dUxS
|
||||||
|
SzhIUG91V0RHRmJNVjlpWDNuU0hzTGMKLS0tIG5rZnk2L3hMN3hnWnU1aXhqSUNv
|
||||||
|
OHRkN3dTbzdNSzBnbFpaM050dUowUU0KBcBr5Tw8fmGx5HEQ3OlpnKJQzsad5bUq
|
||||||
|
oDashn3vucbOcG/reUx2FXGhPL5hj3KbD4tk6909Sf1gHWtO5s5EIQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSejFXbTFKVFVMSmxGK3Mx
|
||||||
|
c2ljQ0s3Z2xhYytwMWpKMzUwUUtaaTJJZXlrCmNqa2UzTXNNdXBxRDVxektBcHBt
|
||||||
|
T2I3S0N5YmNHbGgzOWlRQkhNV1p2K1UKLS0tIDFDSW9KLzBmWjFJb1BSNkJGNkxC
|
||||||
|
Q1VKTml1UUJ4a2xjKzFIcGtIVVhsN00KVzQYLGla9LVEmzA2YvsDMxp5vjVNHDZV
|
||||||
|
eo09QDcXwrQYziE8FdC0vuK6SLOpJPw5CvXB33u2ciCci+Jxe2cYwQ==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUMmFobHE3bGIwN0tQR2Za
|
||||||
|
VHkyYVZ0RDArSVhOWWczcC9MNEdhbXk1Q1VBCmVreW15Nk9VOUprR3I2T3pnRjU3
|
||||||
|
NHMvU2xCcW9JVW9QNEd0d0FLdkRIcFkKLS0tIHozdTE2NTZWMFFpZGVFRjRkbkNw
|
||||||
|
VXF2ay95U2RxRHREYW84SUVTUnR2MU0KvFB1m8EMvshIP48pEeHmQxs/AIthxezw
|
||||||
|
Rv1R1SzxP96/B1tW9kbSx7J0CNzhDAsu2Rq7TMe3dHXN/iHi6O1D2w==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age18vg9wvmj2jc8tdcyc202v46lvfndqfe3dse2hewx0snalpvk43fqc22n6y
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPbks4alZjYm9OT3JtSEw3
|
||||||
|
OTJTOTNRWnJSR3dmaVM0S2pURE9QU3ZvVG5VCjdadmhHZDlTSW94Um5ORmJUa2Y1
|
||||||
|
SmJBcmNoTEtndW5mcm1UR3ZPZ2cxS1kKLS0tIE95alptR3VHcEp5L05JM1Nha3du
|
||||||
|
dGdESTZuSnIwVW1YQlZJZGI0cmtlNkEKwPJnFHcHbGqQC9GOfZtVFPpHicgy4pz9
|
||||||
|
a14lL3aaWFnEtIAKlRo8hD4vD289PtVcI6WCDbtCAbQxrhWTrQZ3qg==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1n09swn3qekcuw23vksp7hv4hpg0krlag3c5qcjjaf08m99c3ysqs6sxeyk
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByendCQk9QcldYYVh3YVdQ
|
||||||
|
SmI1ZXVDSEVBc2h5SkZJcW0zbjg5cExBc2lZCmxEVFJyejcwN2JyK25HRmtQZVFW
|
||||||
|
QlY4YkNmamFzaTdvNHBhYUxkd0YxY28KLS0tIGRHTzdHcFdQWEM1a3BPM2xYSkx2
|
||||||
|
ZjBFVXdjeVlPeWtpQ1NOcml6WTFkUXcKjHx7MA916qsi88uBmuN3mw0mwXuhUzhm
|
||||||
|
IkLkboQIFr2lJDdr8L74+OoDq43UcA+M0uG0UH8BROPQkaLOkwI4Vw==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
- recipient: age1tt4c8t72fha2fj7xlm0dew5avmkdxujmgplte4qm7sxlcucggedq0eyk7t
|
||||||
|
enc: |
|
||||||
|
-----BEGIN AGE ENCRYPTED FILE-----
|
||||||
|
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Tm9sajZwVHc3TnlzTWN5
|
||||||
|
NEVnU3NZbnd6d2JHZWx4cFdNaTZ0eWxWd1VZCkd3UFVHaUQ4VTJlMFg3SHFaNWlM
|
||||||
|
cDJxU0ZsSE9SVzhmMXZJZEdXRlBGazgKLS0tIDdmVXdteUhSR21hTkYyOS9yMVBW
|
||||||
|
WmUwcDV2YlpGbXJydlgzKzRNSVFwSlEK0Atv2OnAaJGFi0lk+xt9K4Yf4TBsIOsJ
|
||||||
|
rIUW2UCpEW+XtvMTXt24X0RqNpgZ9cNHz+O5VX/DBgoaB+ncHHynWA==
|
||||||
|
-----END AGE ENCRYPTED FILE-----
|
||||||
|
lastmodified: "2023-11-11T23:18:32Z"
|
||||||
|
mac: ENC[AES256_GCM,data:mD03I8vLrkOhlYKetnsx5bs1GiqkzA2owfXg/02jE3t5Ujm5iSJY+WGJQYiv+dNdE8Ys99Wq5YMs8+WISrtJInSTJ1U5SMDOx8OmuEiU9+HIBdwkLceTp9s+cVDUVkQej19hBtBV5XTs6/LAHVqgOn8w15VfAwnztodBjZCdLxQ=,iv:VI7Qdim0vs96gc36Tf2rppzyh2PeFNtxsgEovZqr+34=,tag:l3mwCjvAWfn4MVmSLjKxlQ==,type:str]
|
||||||
|
pgp: []
|
||||||
|
unencrypted_suffix: _unencrypted
|
||||||
|
version: 3.7.3
|
Loading…
Reference in a new issue