diff --git a/modules/services/default.nix b/modules/services/default.nix index 9604b24f..3d44d62a 100644 --- a/modules/services/default.nix +++ b/modules/services/default.nix @@ -24,6 +24,7 @@ inputs: ./mariadb.nix ./photoprism.nix ./nextcloud.nix + ./freshrss.nix ]; options.nixos.services = let inherit (inputs.lib) mkOption types; in { diff --git a/modules/services/freshrss.nix b/modules/services/freshrss.nix new file mode 100644 index 00000000..e96c5d81 --- /dev/null +++ b/modules/services/freshrss.nix @@ -0,0 +1,37 @@ +inputs: +{ + options.nixos.services.freshrss = let inherit (inputs.lib) mkOption types; in + { + enable = mkOption { type = types.bool; default = false; }; + hostname = mkOption { type = types.str; default = "freshrss.chn.moe"; }; + }; + config = + let + inherit (inputs.config.nixos.services) freshrss; + inherit (inputs.lib) mkIf; + in mkIf freshrss.enable + { + services.freshrss = + { + enable = true; + baseUrl = "https://${freshrss.hostname}"; + defaultUser = "chn"; + passwordFile = inputs.config.sops.secrets."freshrss/chn".path; + database = + { + type = "mysql"; + passFile = inputs.config.sops.secrets."freshrss/mysql".path; + }; + }; + sops.secrets = + { + "freshrss/chn".owner = inputs.config.users.users.freshrss.name; + "freshrss/db" = + { + owner = inputs.config.users.users.freshrss.name; + key = "mariadb/freshrss"; + }; + }; + nixos.mariadb = { enable = true; instances.freshrss = {}; }; + }; +} diff --git a/secrets/vps7.yaml b/secrets/vps7.yaml index ae0bf1df..b10a6cd1 100644 --- a/secrets/vps7.yaml +++ b/secrets/vps7.yaml @@ -41,10 +41,13 @@ vaultwarden: admin_token: ENC[AES256_GCM,data:muavuOY88Lm4rSEoCp4IIPp7Z+sqf36VwpnPgf+K6IwwFkUgYM1GO80ogReYWqqUM6ij1Yzl5D9ncUbq+aGTKQ==,iv:jA4MRJlz71CMmPnWjb2tGbbIoMkEsESUowhXDckKKMI=,tag:l0HaJmnU29YeFUxjOgN3Kg==,type:str] mariadb: photoprism: ENC[AES256_GCM,data:TF1SZVFnvzyE+7vrHYYUS4Juqhbiw9QcJx7p3Xj88xyBFcTqS1YjzAKs/9GQ1PuzdBrt6hXm/XtJILHiuktnSg==,iv:sd9sQEuIePL6LzUYbFtmdecJ57sMrkF0coalBf8KFqQ=,tag:P/knaKYTJ+aXu4l6IixISA==,type:str] + freshrss: ENC[AES256_GCM,data:ydqCbj3UbsLC1e++p5ixb5Kpmk2BsYd0urcfw8T51Is5N1/gQ7P0zgR33AOteAxw2oj85WQZhxu3eAN7BCXV5A==,iv:1oiMo1wwFNXiTZLsf4UPZSJfKFIWLI3h947TC06CVy4=,tag:Otq1oeKBnWXhqNilfsywPQ==,type:str] photoprism: adminPassword: ENC[AES256_GCM,data:gB81joOfS8h05BNy2YmD/N0cpLPa/vAduDcQBeHiY/WkcnvqSXnXsOfnvbP74KQfoP4W35oFkfyGVPUBSB83tg==,iv:AkN2NoqMXVHQA9fHTTR7xbEapEqy/D61mHn7O23hyYk=,tag:WV+siDA3VnRkOYnP4Z9Qhw==,type:str] nextcloud: admin: ENC[AES256_GCM,data:1rglLrLtRf3yXQwfHDMZLewk8ueIbMFOC+1mtoAyLKnDmcQAoEQZ1vHw/hpKkFXJQ+QyX3sP8eUjRXuBEIVl3A==,iv:lfEGPEw9ybSdOYLDdaGCLXKgCvgRxn3k9eIy2DJHDYU=,tag:j4qRexbEAgK5HAGhr/wxfA==,type:str] +freshrss: + chn: ENC[AES256_GCM,data:XGcgfuRozJ/xowtmFPSW,iv:yZ9LTuVE8dGyrtE3vxLA2jLErvmt67XC0jefl1njiOM=,tag:J5d+oGFWhfXEFwVOnsJ2iA==,type:str] sops: kms: [] gcp_kms: [] @@ -69,8 +72,8 @@ sops: SnFHS1Z0SXUzTFdEd29KTy9DU3Y3R0UKfhh+rUmWDrf+UGjclP57dHipPLFoXSqy HdelmfV6q4/c7ppx2E+oZw3VNgoZCsrxxzYZfwxHJiZb+5vkE0D8iA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-10-04T07:35:42Z" - mac: ENC[AES256_GCM,data:fa8ZjjFpm+j+HJtT1yv9Oyhdw7o9fQji6p9rAf+kBx7hR5mzVFO7hnH5a2Lbuw/cWuow8jSJjrVf1eg1ChXaL02GM38r8bnJy6Xwp/Yqg2crddrEIwzlS3yjkWWB1L/tPcd6VqWHmfKtPHaUpBtpOX6QarBTJ5xhh28E913im4U=,iv:v7CT8PiLpddOJvs44aRxsJ5iIgjOdOCKHD/FHsF2sII=,tag:R1PaS1g3yNk+yjMjXisqBA==,type:str] + lastmodified: "2023-11-06T10:12:43Z" + mac: ENC[AES256_GCM,data:6sRi0s/9DwOggm3bCsGV4D5eiR6GxiShaSXMefrQSwDJc81NBQ6j3oLeZAUg20Rf0Mvvhhnep7cxZaKKtzBXPoisdEwn3uPDiOCmxfty/0X8zzrkDAvuKtLsvW1/s2ndn/csAJwC330pH1Ti/I6nIqPOJddrkQn/sqjRIbRHS9Q=,iv:f41KhA9EtWJKVkA1nLOmAEhUfuVfHHNQhW11tNrTPKs=,tag:DKq7Ux0lUtXvnZZN4lmtFg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3