add rsshub

2026-01-12 04:19:22 +08:00 · 2023-08-14 21:40:01 +08:00
parent d5ad02aa23
commit c83385f63f
3 changed files with 75 additions and 11 deletions
--- a/flake.nix
+++ b/flake.nix
@@ -227,6 +227,7 @@
 											"ng01.mirism.one" = "216.24.188.24";
 											"debug.mirism.one" = "127.0.0.1";
 											"initrd.vps6.chn.moe" = "74.211.99.69";
+											"nix-store.chn.moe" = "127.0.0.1";
 										};
 									};
 								};
@@ -428,6 +429,7 @@
 								snapper = { enable = true; configs.persistent = "/nix/persistent"; };
 								sops = { enable = true; keyPathPrefix = "/nix/persistent"; };
 								sshd.enable = true;
+								rsshub.enable = true;
 							};
 							boot =
 							{
--- a/modules/services/default.nix
+++ b/modules/services/default.nix
@@ -117,6 +117,7 @@ inputs:
 		};
 		fileshelter.enable = mkOption { type = types.bool; default = false; };
 		postgresql.enable = mkOption { type = types.bool; default = false; };
+		rsshub.enable = mkOption { type = types.bool; default = false; };
 	};
 	config =
 		let
@@ -796,11 +797,7 @@ inputs:
 						secretKeyFile = inputs.config.sops.secrets."store/signingKey".path;
 					};
 					sops.secrets."store/signingKey" = {};
-					nixos.services.nginx.httpProxy.${services.nix-serve.hostname} =
-					{
-						upstream = "http://127.0.0.1:5000";
-						rewriteHttps = true;
-					};
+					nixos.services.nginx.httpProxy.${services.nix-serve.hostname}.upstream = "http://127.0.0.1:5000";
 				}
 			)
 			(mkIf services.smartd.enable { services.smartd.enable = true; })
@@ -1002,10 +999,12 @@ inputs:
 						enable = true;
 						package = inputs.pkgs.postgresql_15;
 						enableTCPIP = true;
-						# listen_addresses = '0.0.0.0'
-						# unix_socket_permissions = 0700
-						# shared_buffers = 2048MB
-						# work_mem = 128MB
+						settings =
+						{
+							unix_socket_permissions = "0700";
+							shared_buffers = "2048MB";
+							work_mem = "128MB";
+						};
 						# log_timezone = 'Asia/Shanghai'
 						# datestyle = 'iso, mdy'
 						# timezone = 'Asia/Shanghai'
@@ -1018,5 +1017,60 @@ inputs:
 					};
 				}
 			)
+			(
+				mkIf services.rsshub.enable
+				{
+					virtualisation.oci-containers.containers.rsshub =
+					{
+						image = "diygod/rsshub:chromium-bundled-2023-08-14";
+						imageFile = inputs.pkgs.dockerTools.pullImage
+						{
+							imageName = "diygod/rsshub";
+							imageDigest = "sha256:16d19f68446f6b8915787d691394dd5a1b1b059dab9a8f219a0d42947dfda5d5";
+							sha256 = "02fsqkbzzwjiwd0j82r8qy4hnhz8gz7w72mblzxarc45s121ynxv";
+							finalImageName = "diygod/rsshub";
+							finalImageTag = "chromium-bundled-2023-08-14";
+						};
+						ports = [ "127.0.0.1:5221:5221/tcp" ];
+						extraOptions = [ "--add-host=host.docker.internal:host-gateway" ];
+						environmentFiles = [ inputs.config.sops.templates."rsshub/env".path ];
+					};
+					sops =
+					{
+						templates."rsshub/env".content =
+							let
+								placeholder = inputs.config.sops.placeholder;
+							in stripeTabs
+							''
+								PORT=5221
+								CACHE_TYPE=redis
+								REDIS_URL=redis://:${placeholder."redis/rsshub"}@host.docker.internal:7116
+								PIXIV_REFRESHTOKEN=${placeholder."rsshub/pixiv-refreshtoken"}
+								YOUTUBE_KEY=${placeholder."rsshub/youtube-key"}
+								YOUTUBE_CLIENT_ID=${placeholder."rsshub/youtube-client-id"}
+								YOUTUBE_CLIENT_SECRET=${placeholder."rsshub/youtube-client-secret"}
+								YOUTUBE_REFRESH_TOKEN=${placeholder."rsshub/youtube-refresh-token"}
+							'';
+						secrets = { "redis/rsshub".owner = inputs.config.users.users.redis-rsshub.name; }
+							// (listToAttrs (map (secret: { name = secret; value = {}; })
+							[
+								"rsshub/pixiv-refreshtoken"
+								"rsshub/youtube-key"
+								"rsshub/youtube-client-id"
+								"rsshub/youtube-client-secret"
+								"rsshub/youtube-refresh-token"
+							]));
+					};
+					services.redis.servers.rsshub =
+					{
+						enable = true;
+						bind = null;
+						# unixSocket = null; # bug
+						port = 7116;
+						requirePassFile = inputs.config.sops.secrets."redis/rsshub".path;
+					};
+					nixos.services.nginx.httpProxy."rsshub.chn.moe".upstream = "http://127.0.0.1:5221";
+				}
+			)
 		];
 }
--- a/secrets/chn-PC.yaml
+++ b/secrets/chn-PC.yaml
@@ -8,6 +8,14 @@ store:
    signingKey: ENC[AES256_GCM,data:TsB1nA0Rf2AsYyH59WpUK53pTCX2JdrGQjkJ9A9BfWLLmw3EMnPoaLHG12rv1R2/xRU7rP+iVhXb77g60I/Kn4ehun3ogMmK1oEAKyQcxudBUJFk+SeijaQLr2A=,iv:e2rdGBVOPS1nyC3pXhs5r0WyEkqxcpCnX3eAcBCj93M=,tag:HwccjH2Wms5/TevU2IuzNw==,type:str]
 nginx:
    maxmind-license: ENC[AES256_GCM,data:PVV4VAvB22KoA8EM8Honb+KWYhydXdmTAVlDw/XnTcbaIY+5Km2gGA==,iv:7PfytRbpW4G2iDNqysvZnB0YsQFVUL5Kr1DNsBzuhCA=,tag:z2J14fdD7AUNabN+6kUojA==,type:str]
+redis:
+    rsshub: ENC[AES256_GCM,data:h/o+OOpUybOnVwoPCBf/FCV5hAD3bGSWPVvOS+fiNDJ0OEFkaCYMFd6m/3ZExoFOeCvRNTt4IGgFDrM4FpjIaw==,iv:astAMNwg0nO8qQr1TpRkYXyQCJrIJZVv5m+ZqAgt3cI=,tag:l+z8CR63rMXt5bNqV2iqhg==,type:str]
+rsshub:
+    pixiv-refreshtoken: ENC[AES256_GCM,data:0Lo/H0ZJzgpSNvSy6MxptifsGk655q8LdTFvZPiSuh36ZK8c/t44hKYZzw==,iv:Exxz1JVkb4/Fw0CBRaqR5Izq2MwcVCmkHaob9p8UD3c=,tag:Qkcve5hqjUhc5RLrDmFi9g==,type:str]
+    youtube-key: ENC[AES256_GCM,data:4iOwD0+lSuQARRIGH3dqChpawF5HTV0hJgnQkCTAEM5j+E49lJlw,iv:ksF1f2gR+QcZI7GXhrpySZiEaw3Sb8uBCSdNrhFG0To=,tag:n3t3vh9kgVsOVEOHq55Yiw==,type:str]
+    youtube-client-id: ENC[AES256_GCM,data:kDGaIjJuu1cD2e7VYQ+/0mvy2EqQJoejJTXsxDe20HnA1w/EHVnzbu53aLzZsT/PRSBFim4HcnNzMHOj/WD8QkCFBueqdnJCLw==,iv:YOdcdPx4iaV19cimRqSCD/pjO3Iv9wPw4VykwTUUZaU=,tag:uv4EF/BFb5ZsQ1VJQjwiCA==,type:str]
+    youtube-client-secret: ENC[AES256_GCM,data:hGcBryYh4j2c/4Fqifq4fLZQs9i9N82Y1QYsM+ZSjW/9JIA=,iv:J78gCi3Xtlv6npm2YNnFNCqHhVCSoc6XXmAkz86ix2w=,tag:4uwTLMe+58BopQufREd/jg==,type:str]
+    youtube-refresh-token: ENC[AES256_GCM,data:k0G2EIU3rQ+bXSx8H7pImsvdPOm4CyJzEvbTnzrn4eeeyGaWmsLnwAsMDYEI6Sik8ax8kNGTX+Lm5H60wtK2Yt4rPxdJhELm2I6PeVCq+gI8NWGSvzbWMdDpryFaXBsVdSXqHDNS2g==,iv:qOXwa+Jl6EMjzibsSHFdqMqPJUYPUwDXk8b+uwrFpCc=,tag:TwVyOMGeHEhD9ST2OK1sqA==,type:str]
 sops:
    kms: []
    gcp_kms: []
@@ -32,8 +40,8 @@ sops:
            OUlxNjdQaXdXMkZ6bnV1ek4yZ2dpbkEKpKGOAxo5Eef2jtGrg4iSzmGCeg+vTgvu
            +K8b+O19MIkGMDBm6UbYUPtc/7eqoEZRiTUzNMTmfkLVS4ul5zou9A==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2023-08-14T06:01:02Z"
-    mac: ENC[AES256_GCM,data:3V2Of8EWcZNOM/sypfkrhqhn37U9kJxextY3+8PZ3KHwFn0ohvkgYo9BQZ7QdYa03S0ok47ukeNvCu6G9MxFiG5GFixVbD4QOZZsubnRk6eV+NXy7E7Ph/OpGbnLjYq8unNO/BgxvsY+Vc+Zk0zcOwkjqUSw03yTqtjtbVNjPVk=,iv:YiEgitN0KbjeHW3siR2EmdMxdTJEG379i3WO6hBnBOM=,tag:Wa5KzJKd+GeGBKnZOJ4ZrQ==,type:str]
+    lastmodified: "2023-08-14T13:39:26Z"
+    mac: ENC[AES256_GCM,data:PTu09cAlstjDfTt9nmy7uKYhFaiBsDXoUz9nfK0s0zVGUTzgPDS/OB9xprrWGd8zlTFNcpr6T82FEHy6ARxhxnCEaWpcAuOS2Gkhqrxor1eJ+WgO+mczbmZpfJMJMuLnoCbCzc/X8QwGFmc72kYzldNlPN7ywMrp2HgPu4f8uu4=,iv:c0r8D3BYy3ylGWZqgZGN/zcju+VU+Ajjm/JJtYaeiJs=,tag:rpfcEQglhOh/uLBAIB+6Xg==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.7.3