finally finish rsshub

2026-01-12 05:29:23 +08:00 · 2023-08-23 13:34:58 +08:00
parent 6b2f088cad
commit c6638965b2
4 changed files with 109 additions and 61 deletions
--- a/local/pkgs/rsshub/default.nix
+++ b/local/pkgs/rsshub/default.nix
@@ -37,7 +37,7 @@ let
 	startScript = writeShellScript "rsshub"
 	''
 		cd ${rsshub-unwrapped}
-		export CHROMIUM_EXECUTABLE_PATH=$${chromium}/bin/chromium
+		export CHROMIUM_EXECUTABLE_PATH=${chromium}/bin/chromium
 		${nodejs.pkgs.pnpm}/bin/pnpm start
 	'';
 in stdenv.mkDerivation rec
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -3,6 +3,8 @@ inputs:
 	imports = inputs.localLib.mkModules
 	[
 		./postgresql.nix
+		./redis.nix
+		./rsshub.nix
 		# ./docker.nix
 	];
 	options.nixos.services = let inherit (inputs.lib) mkOption types; in
@@ -120,7 +122,6 @@ inputs:
 			};
 		};
 		fileshelter.enable = mkOption { type = types.bool; default = false; };
-		rsshub.enable = mkOption { type = types.bool; default = false; };
 		wallabag.enable = mkOption { type = types.bool; default = false; };
 	};
 	config =
@@ -1113,65 +1114,6 @@ inputs:
 					)
 				])
 			)
-			(
-				mkIf services.rsshub.enable
-				{
-					virtualisation.oci-containers.containers.rsshub =
-					{
-						image = "diygod/rsshub:chromium-bundled-2023-08-14";
-						imageFile = inputs.pkgs.dockerTools.pullImage
-						{
-							imageName = "diygod/rsshub";
-							imageDigest = "sha256:16d19f68446f6b8915787d691394dd5a1b1b059dab9a8f219a0d42947dfda5d5";
-							sha256 = "02fsqkbzzwjiwd0j82r8qy4hnhz8gz7w72mblzxarc45s121ynxv";
-							finalImageName = "diygod/rsshub";
-							finalImageTag = "chromium-bundled-2023-08-14";
-						};
-						ports = [ "127.0.0.1:5221:5221/tcp" ];
-						extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
-						environmentFiles = [ inputs.config.sops.templates."rsshub/env".path ];
-					};
-					sops =
-					{
-						templates."rsshub/env".content =
-							let
-								placeholder = inputs.config.sops.placeholder;
-							in stripeTabs
-							''
-								PORT=5221
-								CACHE_TYPE=redis
-								REDIS_URL=redis://:${placeholder."redis/rsshub"}@host.docker.internal:7116
-								PIXIV_REFRESHTOKEN=${placeholder."rsshub/pixiv-refreshtoken"}
-								YOUTUBE_KEY=${placeholder."rsshub/youtube-key"}
-								YOUTUBE_CLIENT_ID=${placeholder."rsshub/youtube-client-id"}
-								YOUTUBE_CLIENT_SECRET=${placeholder."rsshub/youtube-client-secret"}
-								YOUTUBE_REFRESH_TOKEN=${placeholder."rsshub/youtube-refresh-token"}
-							'';
-						secrets = { "redis/rsshub".owner = inputs.config.users.users.redis-rsshub.name; }
-							// (listToAttrs (map (secret: { name = secret; value = {}; })
-							[
-								"rsshub/pixiv-refreshtoken"
-								"rsshub/youtube-key"
-								"rsshub/youtube-client-id"
-								"rsshub/youtube-client-secret"
-								"rsshub/youtube-refresh-token"
-							]));
-					};
-					services.redis.servers.rsshub =
-					{
-						enable = true;
-						bind = null;
-						# unixSocket = null; # bug
-						port = 7116;
-						requirePassFile = inputs.config.sops.secrets."redis/rsshub".path;
-					};
-					nixos =
-					{
-						services.nginx = { enable = true; httpProxy."rsshub.chn.moe".upstream = "http://127.0.0.1:5221"; };
-						virtualization.docker.enable = true;
-					};
-				}
-			)
 			(
 				mkIf services.wallabag.enable
 				{
--- a/modules/services/redis.nix
+++ b/modules/services/redis.nix
@@ -0,0 +1,45 @@
+inputs:
+{
+	options.nixos.services.redis = let inherit (inputs.lib) mkOption types; in
+	{
+		instances = mkOption
+		{
+			type = types.attrsOf (types.submodule (submoduleInputs: { options =
+			{
+				user = mkOption { type = types.nonEmptyStr; default = submoduleInputs.config._module.args.name; };
+				passwordFile = mkOption { type = types.nullOr types.nonEmptyStr; default = null; };
+				port = mkOption { type = types.ints.unsigned; };
+			};}));
+			default = {};
+		};
+	};
+	config =
+		let
+			inherit (inputs.config.nixos.services) redis;
+			inherit (inputs.localLib) attrsToList;
+			inherit (builtins) map listToAttrs filter;
+		in
+		{
+			services.redis.servers = listToAttrs (map
+				(server:
+				{
+					inherit (server) name;
+					value =
+					{
+						enable = true;
+						bind = null;
+						port = server.value.port;
+						user = server.value.user;
+						# unixSocket = null; # bug
+						unixSocketPerm = 600;
+						requirePassFile =
+							if server.value.passwordFile == null then inputs.config.sops.secrets."redis/${server.name}".path
+							else server.value.passwordFile;
+					};
+				})
+				(attrsToList redis.instances));
+			sops.secrets = listToAttrs (map
+				(server: { name = "redis/${server.name}"; value.owner = inputs.config.users.users.${server.name}.name; })
+				(filter (server: server.value.passwordFile == null) (attrsToList redis.instances)));
+		};
+}
--- a/modules/services/rsshub.nix
+++ b/modules/services/rsshub.nix
@@ -0,0 +1,61 @@
+inputs:
+{
+	options.nixos.services.rsshub = let inherit (inputs.lib) mkOption types; in
+	{
+		enable = mkOption { type = types.bool; default = false; };
+		port = mkOption { type = types.ints.unsigned; default = 5221; };
+		hostname = mkOption { type = types.str; default = "rsshub.chn.moe"; };
+	};
+	config =
+		let
+			inherit (inputs.config.nixos.services) rsshub;
+			inherit (inputs.localLib) stripeTabs;
+			inherit (inputs.lib) mkIf;
+			inherit (builtins) map listToAttrs toString;
+		in mkIf rsshub.enable
+		{
+			systemd.services.rsshub =
+			{
+				description = "rsshub";
+				after = [ "network.target" "redis-rsshub.service" ];
+				requires = [ "redis-rsshub.service" ];
+				wantedBy = [ "multi-user.target" ];
+				serviceConfig =
+				{
+					User = inputs.config.users.users.rsshub.name;
+					Group = inputs.config.users.users.rsshub.group;
+					EnvironmentFile = inputs.config.sops.templates."rsshub/env".path;
+					ExecStart = "${inputs.pkgs.localPackages.rsshub}/bin/rsshub";
+				};
+			};
+			sops =
+			{
+				templates."rsshub/env".content =
+					let
+						placeholder = inputs.config.sops.placeholder;
+						redis = inputs.config.nixos.services.redis.instances.rsshub;
+					in stripeTabs
+					''
+						PORT=${toString rsshub.port}
+						CACHE_TYPE=redis
+						REDIS_URL=redis://:${placeholder."redis/rsshub"}@127.0.0.1:${toString redis.port}
+						PIXIV_REFRESHTOKEN=${placeholder."rsshub/pixiv-refreshtoken"}
+						YOUTUBE_KEY=${placeholder."rsshub/youtube-key"}
+						YOUTUBE_CLIENT_ID=${placeholder."rsshub/youtube-client-id"}
+						YOUTUBE_CLIENT_SECRET=${placeholder."rsshub/youtube-client-secret"}
+						YOUTUBE_REFRESH_TOKEN=${placeholder."rsshub/youtube-refresh-token"}
+					'';
+				secrets = (listToAttrs (map (secret: { name = "rsshub/${secret}"; value = {}; })
+				[
+					"pixiv-refreshtoken"
+					"youtube-key" "youtube-client-id" "youtube-client-secret" "youtube-refresh-token"
+				]));
+			};
+			users = { users.rsshub = { isSystemUser = true; group = "rsshub"; }; groups.rsshub = {}; };
+			nixos.services =
+			{
+				redis.instances.rsshub.port = 7116;
+				nginx = { enable = true; httpProxy.${rsshub.hostname}.upstream = "http://127.0.0.1:${toString rsshub.port}"; };
+			};
+		};
+}