From 61183015c28c0fbb75b32e97b3b563dedfde7cb7 Mon Sep 17 00:00:00 2001
From: Christoph Heiss <christoph@c8h4.io>
Date: Fri, 28 Mar 2025 08:47:33 +0100
Subject: [PATCH 1/5] yarr: 2.4 -> 2.5

Signed-off-by: Christoph Heiss <christoph@c8h4.io>
---
 pkgs/by-name/ya/yarr/package.nix | 11 +++--------
 1 file changed, 3 insertions(+), 8 deletions(-)

diff --git a/pkgs/by-name/ya/yarr/package.nix b/pkgs/by-name/ya/yarr/package.nix
index e8f39fb3cc1a..85a5b0f95274 100644
--- a/pkgs/by-name/ya/yarr/package.nix
+++ b/pkgs/by-name/ya/yarr/package.nix
@@ -8,19 +8,17 @@
 
 buildGoModule rec {
   pname = "yarr";
-  version = "2.4";
+  version = "2.5";
 
   src = fetchFromGitHub {
     owner = "nkanaev";
     repo = "yarr";
     rev = "v${version}";
-    hash = "sha256-ZMQ+IX8dZuxyxQhD/eWAe4bGGCVcaCeVgF+Wqs79G+k=";
+    hash = "sha256-yII0KV4AKIS1Tfhvj588O631JDArnr0/30rNynTSwzk=";
   };
 
   vendorHash = null;
 
-  subPackages = [ "src" ];
-
   ldflags = [
     "-s"
     "-w"
@@ -30,12 +28,9 @@ buildGoModule rec {
 
   tags = [
     "sqlite_foreign_keys"
-    "release"
+    "sqlite_json"
   ];
 
-  postInstall = ''
-    mv $out/bin/{src,yarr}
-  '';
 
   passthru.tests.version = testers.testVersion {
     package = yarr;

From 3590df4d9fba7f8dc45b4c60486fd82880b21f16 Mon Sep 17 00:00:00 2001
From: Christoph Heiss <christoph@c8h4.io>
Date: Fri, 28 Mar 2025 08:47:59 +0100
Subject: [PATCH 2/5] yarr: switch to versionCheckHook

Signed-off-by: Christoph Heiss <christoph@c8h4.io>
---
 pkgs/by-name/ya/yarr/package.nix | 11 ++++-------
 1 file changed, 4 insertions(+), 7 deletions(-)

diff --git a/pkgs/by-name/ya/yarr/package.nix b/pkgs/by-name/ya/yarr/package.nix
index 85a5b0f95274..1329b2556e5a 100644
--- a/pkgs/by-name/ya/yarr/package.nix
+++ b/pkgs/by-name/ya/yarr/package.nix
@@ -2,8 +2,7 @@
   lib,
   buildGoModule,
   fetchFromGitHub,
-  testers,
-  yarr,
+  versionCheckHook,
 }:
 
 buildGoModule rec {
@@ -31,11 +30,9 @@ buildGoModule rec {
     "sqlite_json"
   ];
 
-
-  passthru.tests.version = testers.testVersion {
-    package = yarr;
-    version = "v${version}";
-  };
+  doInstallCheck = true;
+  nativeInstallCheckInputs = [ versionCheckHook ];
+  versionCheckProgramArg = "--version";
 
   meta = with lib; {
     description = "Yet another rss reader";

From 200377f502f59998a8403f74b3bbe3ad824e85c3 Mon Sep 17 00:00:00 2001
From: Christoph Heiss <christoph@c8h4.io>
Date: Fri, 28 Mar 2025 08:48:26 +0100
Subject: [PATCH 3/5] yarr: add `passthru.updateScript`

Signed-off-by: Christoph Heiss <christoph@c8h4.io>
---
 pkgs/by-name/ya/yarr/package.nix | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/pkgs/by-name/ya/yarr/package.nix b/pkgs/by-name/ya/yarr/package.nix
index 1329b2556e5a..b54d2f69f91a 100644
--- a/pkgs/by-name/ya/yarr/package.nix
+++ b/pkgs/by-name/ya/yarr/package.nix
@@ -3,6 +3,7 @@
   buildGoModule,
   fetchFromGitHub,
   versionCheckHook,
+  nix-update-script,
 }:
 
 buildGoModule rec {
@@ -34,6 +35,8 @@ buildGoModule rec {
   nativeInstallCheckInputs = [ versionCheckHook ];
   versionCheckProgramArg = "--version";
 
+  passthru.updateScript = nix-update-script { };
+
   meta = with lib; {
     description = "Yet another rss reader";
     mainProgram = "yarr";

From 8b4a849da3e0e0dd5b61750e1c0e61684441585c Mon Sep 17 00:00:00 2001
From: Christoph Heiss <christoph@c8h4.io>
Date: Fri, 28 Mar 2025 08:49:20 +0100
Subject: [PATCH 4/5] yarr: add myself as maintainer

I'm using the package actively and care about it, maintaining it
properly.

Signed-off-by: Christoph Heiss <christoph@c8h4.io>
---
 pkgs/by-name/ya/yarr/package.nix | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/pkgs/by-name/ya/yarr/package.nix b/pkgs/by-name/ya/yarr/package.nix
index b54d2f69f91a..8afed9689fbe 100644
--- a/pkgs/by-name/ya/yarr/package.nix
+++ b/pkgs/by-name/ya/yarr/package.nix
@@ -43,6 +43,9 @@ buildGoModule rec {
     homepage = "https://github.com/nkanaev/yarr";
     changelog = "https://github.com/nkanaev/yarr/blob/v${version}/doc/changelog.txt";
     license = licenses.mit;
-    maintainers = with maintainers; [ sikmir ];
+    maintainers = with maintainers; [
+      sikmir
+      christoph-heiss
+    ];
   };
 }

From ba3fecf0ef5f063197943dbbed748595996cbdbf Mon Sep 17 00:00:00 2001
From: Christoph Heiss <christoph@c8h4.io>
Date: Tue, 22 Apr 2025 22:08:33 +0200
Subject: [PATCH 5/5] nixos/yarr: init

Signed-off-by: Christoph Heiss <christoph@c8h4.io>
---
 .../manual/release-notes/rl-2505.section.md   |   2 +
 nixos/modules/module-list.nix                 |   1 +
 nixos/modules/services/misc/yarr.nix          | 118 ++++++++++++++++++
 nixos/tests/all-tests.nix                     |   1 +
 nixos/tests/yarr.nix                          |  19 +++
 pkgs/by-name/ya/yarr/package.nix              |   7 +-
 6 files changed, 147 insertions(+), 1 deletion(-)
 create mode 100644 nixos/modules/services/misc/yarr.nix
 create mode 100644 nixos/tests/yarr.nix

diff --git a/nixos/doc/manual/release-notes/rl-2505.section.md b/nixos/doc/manual/release-notes/rl-2505.section.md
index 6e0e1ef517b9..680d3ffb55be 100644
--- a/nixos/doc/manual/release-notes/rl-2505.section.md
+++ b/nixos/doc/manual/release-notes/rl-2505.section.md
@@ -160,6 +160,8 @@
 
 - [GlitchTip](https://glitchtip.com/), an open source Sentry API compatible error tracking platform. Available as [services.glitchtip](#opt-services.glitchtip.enable).
 
+- [`yarr`](https://github.com/nkanaev/yarr), a small, web-based feed aggregator and RSS reader. Available as [services.yarr](#opt-services.yarr.enable).
+
 - [Stash](https://github.com/stashapp/stash), An organizer for your adult videos/images, written in Go. Available as [services.stash](#opt-services.stash.enable).
 
 - [vsmartcard-vpcd](https://frankmorgner.github.io/vsmartcard/virtualsmartcard/README.html), a virtual smart card driver. Available as [services.vsmartcard-vpcd](#opt-services.vsmartcard-vpcd.enable).
diff --git a/nixos/modules/module-list.nix b/nixos/modules/module-list.nix
index 8ecc712feb87..b59b1ad415cc 100644
--- a/nixos/modules/module-list.nix
+++ b/nixos/modules/module-list.nix
@@ -929,6 +929,7 @@
   ./services/misc/weechat.nix
   ./services/misc/workout-tracker.nix
   ./services/misc/xmrig.nix
+  ./services/misc/yarr.nix
   ./services/misc/ytdl-sub.nix
   ./services/misc/zoneminder.nix
   ./services/misc/zookeeper.nix
diff --git a/nixos/modules/services/misc/yarr.nix b/nixos/modules/services/misc/yarr.nix
new file mode 100644
index 000000000000..62cc54b9de19
--- /dev/null
+++ b/nixos/modules/services/misc/yarr.nix
@@ -0,0 +1,118 @@
+{
+  config,
+  lib,
+  pkgs,
+  ...
+}:
+
+let
+  inherit (lib)
+    types
+    mkIf
+    mkOption
+    mkEnableOption
+    mkPackageOption
+    optionalString
+    ;
+
+  cfg = config.services.yarr;
+in
+{
+  meta.maintainers = with lib.maintainers; [ christoph-heiss ];
+
+  options.services.yarr = {
+    enable = mkEnableOption "Yet another rss reader";
+
+    package = mkPackageOption pkgs "yarr" { };
+
+    environmentFile = mkOption {
+      type = types.nullOr types.path;
+      default = null;
+      description = ''
+        Environment file for specifying additional settings such as secrets.
+
+        See `yarr -help` for all available options.
+      '';
+    };
+
+    address = mkOption {
+      type = types.str;
+      default = "localhost";
+      description = "Address to run server on.";
+    };
+
+    port = mkOption {
+      type = types.port;
+      default = 7070;
+      description = "Port to run server on.";
+    };
+
+    baseUrl = mkOption {
+      type = types.nullOr types.str;
+      default = null;
+      description = "Base path of the service url.";
+    };
+
+    authFilePath = mkOption {
+      type = types.nullOr types.path;
+      default = null;
+      description = "Path to a file containing username:password. `null` means no authentication required to use the service.";
+    };
+  };
+
+  config = mkIf cfg.enable {
+    systemd.services.yarr = {
+      description = "Yet another rss reader";
+      after = [ "network-online.target" ];
+      wants = [ "network-online.target" ];
+      wantedBy = [ "multi-user.target" ];
+
+      environment.XDG_CONFIG_HOME = "/var/lib/yarr/.config";
+
+      serviceConfig = {
+        Type = "simple";
+        Restart = "on-failure";
+
+        StateDirectory = "yarr";
+        StateDirectoryMode = "0700";
+        WorkingDirectory = "/var/lib/yarr";
+        EnvironmentFile = cfg.environmentFile;
+
+        LoadCredential = mkIf (cfg.authFilePath != null) "authfile:${cfg.authFilePath}";
+
+        DynamicUser = true;
+        DevicePolicy = "closed";
+        LockPersonality = "yes";
+        MemoryDenyWriteExecute = true;
+        NoNewPrivileges = true;
+        PrivateDevices = true;
+        PrivateMounts = true;
+        PrivateTmp = true;
+        ProcSubset = "pid";
+        ProtectClock = true;
+        ProtectControlGroups = true;
+        ProtectHome = true;
+        ProtectHostname = true;
+        ProtectKernelLogs = true;
+        ProtectKernelModules = true;
+        ProtectKernelTunables = true;
+        ProtectProc = "invisible";
+        ProtectSystem = "strict";
+        RemoveIPC = true;
+        RestrictAddressFamilies = "AF_INET AF_INET6";
+        RestrictNamespaces = true;
+        RestrictRealtime = true;
+        RestrictSUIDSGID = true;
+        UMask = "0077";
+
+        ExecStart = ''
+          ${lib.getExe cfg.package} \
+            -db storage.db \
+            -addr "${cfg.address}:${toString cfg.port}" \
+            ${optionalString (cfg.baseUrl != null) "-base ${cfg.baseUrl}"} \
+            ${optionalString (cfg.authFilePath != null) "-auth-file /run/credentials/yarr.service/authfile"}
+        '';
+      };
+    };
+  };
+}
diff --git a/nixos/tests/all-tests.nix b/nixos/tests/all-tests.nix
index 5f9ae823011f..78cc8b6c3d68 100644
--- a/nixos/tests/all-tests.nix
+++ b/nixos/tests/all-tests.nix
@@ -1478,6 +1478,7 @@ in
   xterm = runTest ./xterm.nix;
   xxh = runTest ./xxh.nix;
   yabar = runTest ./yabar.nix;
+  yarr = runTest ./yarr.nix;
   ydotool = handleTest ./ydotool.nix { };
   yggdrasil = runTest ./yggdrasil.nix;
   your_spotify = runTest ./your_spotify.nix;
diff --git a/nixos/tests/yarr.nix b/nixos/tests/yarr.nix
new file mode 100644
index 000000000000..a35d574a5af1
--- /dev/null
+++ b/nixos/tests/yarr.nix
@@ -0,0 +1,19 @@
+{ lib, pkgs, ... }:
+
+{
+  name = "yarr";
+  meta.maintainers = with lib.maintainers; [ christoph-heiss ];
+
+  nodes.machine =
+    { pkgs, ... }:
+    {
+      services.yarr.enable = true;
+    };
+
+  testScript = ''
+    machine.start()
+    machine.wait_for_unit("yarr.service")
+    machine.wait_for_open_port(7070)
+    machine.succeed("curl -sSf http://localhost:7070 | grep '<title>yarr!</title>'")
+  '';
+}
diff --git a/pkgs/by-name/ya/yarr/package.nix b/pkgs/by-name/ya/yarr/package.nix
index 8afed9689fbe..cc3a5581b56a 100644
--- a/pkgs/by-name/ya/yarr/package.nix
+++ b/pkgs/by-name/ya/yarr/package.nix
@@ -1,9 +1,11 @@
 {
   lib,
+  stdenv,
   buildGoModule,
   fetchFromGitHub,
   versionCheckHook,
   nix-update-script,
+  nixosTests,
 }:
 
 buildGoModule rec {
@@ -35,7 +37,10 @@ buildGoModule rec {
   nativeInstallCheckInputs = [ versionCheckHook ];
   versionCheckProgramArg = "--version";
 
-  passthru.updateScript = nix-update-script { };
+  passthru = {
+    updateScript = nix-update-script { };
+    tests = lib.optionalAttrs stdenv.hostPlatform.isLinux nixosTests.yarr;
+  };
 
   meta = with lib; {
     description = "Yet another rss reader";