migrate to freshrss for the news server
This commit is contained in:
parent
8b26153c12
commit
1c63a2a522
2 changed files with 116 additions and 63 deletions
|
@ -5,73 +5,24 @@
|
|||
lib,
|
||||
...
|
||||
}: let
|
||||
port = 8080;
|
||||
domain = "news.cyplo.dev";
|
||||
postgresPort = 5435;
|
||||
in {
|
||||
imports = [../nginx.nix];
|
||||
|
||||
services.nginx = {
|
||||
virtualHosts = {
|
||||
"${domain}" = {
|
||||
services.nginx.virtualHosts."${domain}" = {
|
||||
forceSSL = true;
|
||||
enableACME = true;
|
||||
locations."/" = {proxyPass = "http://127.0.0.1:" + toString port;};
|
||||
};
|
||||
sops.secrets."freshrss-password" = {
|
||||
sopsFile = ./rss.sops.yaml;
|
||||
owner = "freshrss";
|
||||
};
|
||||
};
|
||||
|
||||
containers.rss = {
|
||||
autoStart = true;
|
||||
forwardPorts = [
|
||||
{
|
||||
containerPort = port;
|
||||
hostPort = port;
|
||||
}
|
||||
];
|
||||
config = {
|
||||
config,
|
||||
pkgs,
|
||||
...
|
||||
}: let
|
||||
inherit (config.services.tt-rss) pool;
|
||||
inherit (config.services.tt-rss) root;
|
||||
in {
|
||||
system.stateVersion = "23.05";
|
||||
services.postgresql.port = postgresPort;
|
||||
services.tt-rss = {
|
||||
services.freshrss = {
|
||||
enable = true;
|
||||
selfUrlPath = "https://${domain}";
|
||||
virtualHost = null;
|
||||
registration.enable = false;
|
||||
simpleUpdateMode = true;
|
||||
database.port = postgresPort;
|
||||
};
|
||||
services.nginx = {
|
||||
enable = true;
|
||||
virtualHosts = {
|
||||
"${domain}" = {
|
||||
listen = [
|
||||
{
|
||||
inherit port;
|
||||
addr = "0.0.0.0";
|
||||
}
|
||||
];
|
||||
root = "${root}/www";
|
||||
locations."/" = {index = "index.php";};
|
||||
locations."^~ /feed-icons" = {root = "${root}";};
|
||||
locations."~ \\.php$" = {
|
||||
extraConfig = ''
|
||||
fastcgi_split_path_info ^(.+\.php)(/.+)$;
|
||||
fastcgi_pass unix:${
|
||||
config.services.phpfpm.pools.${pool}.socket
|
||||
};
|
||||
fastcgi_index index.php;
|
||||
'';
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
};
|
||||
virtualHost = domain;
|
||||
baseUrl = "https://${domain}";
|
||||
database.type = "sqlite";
|
||||
defaultUser = "cyryl";
|
||||
passwordFile = config.sops.secrets.freshrss-password.path;
|
||||
};
|
||||
}
|
||||
|
|
102
nixos/boxes/vpsfree1/rss.sops.yaml
Normal file
102
nixos/boxes/vpsfree1/rss.sops.yaml
Normal file
|
@ -0,0 +1,102 @@
|
|||
freshrss-password: ENC[AES256_GCM,data:DRo33SMRV89iUoQtdWaTVHcFBA7Y,iv:I4zbnJb4O4S7fTBqHl3kxGh33sndBrHNJPPZL8v41i8=,tag:C1NgSANYMQiOWNYBBnYAQg==,type:str]
|
||||
sops:
|
||||
kms: []
|
||||
gcp_kms: []
|
||||
azure_kv: []
|
||||
hc_vault: []
|
||||
age:
|
||||
- recipient: age1qpxvqf2254vynw7aah2pyd8tm0lqtfqr9maguewdj3uqjp8smqvssjp43n
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBweElpTmRLY3A1dHVsekYy
|
||||
ODJZUzdUUDVheWZBcGNkTTUzdk1ZVXRJU25vCmcwazNvc21IaExiQXdZcnZZNDdu
|
||||
VkxOU3NZdnZsNENyd2k1cktaNUVNNGsKLS0tIGhnZEM5WjlIQ1BHOWt0QnhaTlBW
|
||||
T3h6MU5wSWZHZ1doNFpKQjVFdHRxUUEKcsxSwvfyd41VOsZcCOpmPtS5v+sGhzGe
|
||||
am6Om06uCyZGy/uViUaQYwHnTElsdrHs8GP1+xijEtImIz0bYaKB2g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1s3z2rfske90kt93a3z7twp6kew6mqd08sgunupym0gpmuh8ezqqscdrv7m
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBGY092UUZxQUc1RVRabi9Z
|
||||
L0pFWUgvdkxMdyswWXBSSytBMnBmdTg2MGk4ClVrdlM4ZDNUVXhCNnJ5aEU4RDRU
|
||||
VWlwelFFdVY4YkdvNzNua092YlZ0MmcKLS0tIHErcGdjVWNlZnl1RVpYcU03SDQ1
|
||||
aG53Q3c5ZmV2N3lsZlQxTU1aS1IvdjgKs4tbRx7VnGagRCFAxoKF2AA1g4laC6bE
|
||||
H59SOA8UzoF2QDeBzcvtmUW7KPJAtivszod8bNkghq6/EieGzMV49g==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1p76577kkfttxxj8ckwwkhyhhz7qq2d7qf2lenyaa0g3v2gd3eecqhhf9jn
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBBbnd4WWppNm5uTlhUVlZK
|
||||
d3lSdGxFRWlsbE1WTVBkVHJpemd2Q08wMTJzCngxUUo0bFZ5bkFSZkZ3RUF5NlRp
|
||||
OFRrZzRkTkJBK0V1djFuNHhRMVZTcHcKLS0tIFF6RGRiSXNXTlBESjRWWGYvTzFo
|
||||
a25vVTdmUnE3dHBvTWs4WVljYWZYOHcKHXT2Ua4uEi5pIZ0JQKcKsFUIEcYdhIkp
|
||||
RxzaugZA0bjEgKxY/eHF2sK743MuAkA5XjLPcVbreYcUJqUD2o/wVQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1mpgtj57e256q9nqz8jt0jt9ntxrldu0p7aunxx3y5vnerfz04vqqdst2gt
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBtN3dIbWphL0xKY3gybmVu
|
||||
YU9XUWNVbUZwRS9nOFBKUlFhTS9NQ1dlOGlRCmFvNHVadVdBQnJJaHRHWEdNMDRH
|
||||
aWE4WkV4QzNFR0tjTXMza1paSkZqeGMKLS0tIFI3MzZrT3ZTc2lmZlBtR2R1dWpD
|
||||
dEJiR1VSWWZqZWhmdEVuK2NZS1pBZ3MKKivgEIU92cX8EWrgFBuduCdWlvnsZBwa
|
||||
l7p+VtWRKNHLH95Tr4Rq3scysAPtkRerJHKIExozyUeDw+n21eL9Hg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1msgz4lzqj3wd4yu3mfgxyl5gz0y94al59njv8fqu7s0dvwt9yuvsctlhvu
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAwaUNPa0E4NzZUellCTUFY
|
||||
bzVNYmNnZTFGcjduTC9GU21TRmNqVXdWWndBClV2Rnd4ZTlWR3RDYnpLV294dUxS
|
||||
SzhIUG91V0RHRmJNVjlpWDNuU0hzTGMKLS0tIG5rZnk2L3hMN3hnWnU1aXhqSUNv
|
||||
OHRkN3dTbzdNSzBnbFpaM050dUowUU0KBcBr5Tw8fmGx5HEQ3OlpnKJQzsad5bUq
|
||||
oDashn3vucbOcG/reUx2FXGhPL5hj3KbD4tk6909Sf1gHWtO5s5EIQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBSejFXbTFKVFVMSmxGK3Mx
|
||||
c2ljQ0s3Z2xhYytwMWpKMzUwUUtaaTJJZXlrCmNqa2UzTXNNdXBxRDVxektBcHBt
|
||||
T2I3S0N5YmNHbGgzOWlRQkhNV1p2K1UKLS0tIDFDSW9KLzBmWjFJb1BSNkJGNkxC
|
||||
Q1VKTml1UUJ4a2xjKzFIcGtIVVhsN00KVzQYLGla9LVEmzA2YvsDMxp5vjVNHDZV
|
||||
eo09QDcXwrQYziE8FdC0vuK6SLOpJPw5CvXB33u2ciCci+Jxe2cYwQ==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age10f7djsyu5fwew2l2x89a4st4qw4xdkyr3z7qd8frs54yqz7cayvqruttla
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBUMmFobHE3bGIwN0tQR2Za
|
||||
VHkyYVZ0RDArSVhOWWczcC9MNEdhbXk1Q1VBCmVreW15Nk9VOUprR3I2T3pnRjU3
|
||||
NHMvU2xCcW9JVW9QNEd0d0FLdkRIcFkKLS0tIHozdTE2NTZWMFFpZGVFRjRkbkNw
|
||||
VXF2ay95U2RxRHREYW84SUVTUnR2MU0KvFB1m8EMvshIP48pEeHmQxs/AIthxezw
|
||||
Rv1R1SzxP96/B1tW9kbSx7J0CNzhDAsu2Rq7TMe3dHXN/iHi6O1D2w==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age18vg9wvmj2jc8tdcyc202v46lvfndqfe3dse2hewx0snalpvk43fqc22n6y
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBPbks4alZjYm9OT3JtSEw3
|
||||
OTJTOTNRWnJSR3dmaVM0S2pURE9QU3ZvVG5VCjdadmhHZDlTSW94Um5ORmJUa2Y1
|
||||
SmJBcmNoTEtndW5mcm1UR3ZPZ2cxS1kKLS0tIE95alptR3VHcEp5L05JM1Nha3du
|
||||
dGdESTZuSnIwVW1YQlZJZGI0cmtlNkEKwPJnFHcHbGqQC9GOfZtVFPpHicgy4pz9
|
||||
a14lL3aaWFnEtIAKlRo8hD4vD289PtVcI6WCDbtCAbQxrhWTrQZ3qg==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1n09swn3qekcuw23vksp7hv4hpg0krlag3c5qcjjaf08m99c3ysqs6sxeyk
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSByendCQk9QcldYYVh3YVdQ
|
||||
SmI1ZXVDSEVBc2h5SkZJcW0zbjg5cExBc2lZCmxEVFJyejcwN2JyK25HRmtQZVFW
|
||||
QlY4YkNmamFzaTdvNHBhYUxkd0YxY28KLS0tIGRHTzdHcFdQWEM1a3BPM2xYSkx2
|
||||
ZjBFVXdjeVlPeWtpQ1NOcml6WTFkUXcKjHx7MA916qsi88uBmuN3mw0mwXuhUzhm
|
||||
IkLkboQIFr2lJDdr8L74+OoDq43UcA+M0uG0UH8BROPQkaLOkwI4Vw==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
- recipient: age1tt4c8t72fha2fj7xlm0dew5avmkdxujmgplte4qm7sxlcucggedq0eyk7t
|
||||
enc: |
|
||||
-----BEGIN AGE ENCRYPTED FILE-----
|
||||
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA1Tm9sajZwVHc3TnlzTWN5
|
||||
NEVnU3NZbnd6d2JHZWx4cFdNaTZ0eWxWd1VZCkd3UFVHaUQ4VTJlMFg3SHFaNWlM
|
||||
cDJxU0ZsSE9SVzhmMXZJZEdXRlBGazgKLS0tIDdmVXdteUhSR21hTkYyOS9yMVBW
|
||||
WmUwcDV2YlpGbXJydlgzKzRNSVFwSlEK0Atv2OnAaJGFi0lk+xt9K4Yf4TBsIOsJ
|
||||
rIUW2UCpEW+XtvMTXt24X0RqNpgZ9cNHz+O5VX/DBgoaB+ncHHynWA==
|
||||
-----END AGE ENCRYPTED FILE-----
|
||||
lastmodified: "2023-11-11T23:18:32Z"
|
||||
mac: ENC[AES256_GCM,data:mD03I8vLrkOhlYKetnsx5bs1GiqkzA2owfXg/02jE3t5Ujm5iSJY+WGJQYiv+dNdE8Ys99Wq5YMs8+WISrtJInSTJ1U5SMDOx8OmuEiU9+HIBdwkLceTp9s+cVDUVkQej19hBtBV5XTs6/LAHVqgOn8w15VfAwnztodBjZCdLxQ=,iv:VI7Qdim0vs96gc36Tf2rppzyh2PeFNtxsgEovZqr+34=,tag:l3mwCjvAWfn4MVmSLjKxlQ==,type:str]
|
||||
pgp: []
|
||||
unencrypted_suffix: _unencrypted
|
||||
version: 3.7.3
|
Loading…
Reference in a new issue