Compare commits
2 commits
0571d801ed
...
ed495148c1
| Author | SHA1 | Date | |
|---|---|---|---|
ed495148c1
|
|||
|
a0175f565b
|
4 changed files with 138 additions and 1 deletions
|
|
@ -34,7 +34,8 @@ in {
|
|||
++ [ mcentire-host ];
|
||||
"secrets/darwin-policies-json.age".publicKeys = system-administrators
|
||||
++ [ corianne-host ];
|
||||
"secrets/freshrss.toml.age".publicKeys = system-administrators
|
||||
++ [ mcentire-host ];
|
||||
"secrets/network-information.age".publicKeys = system-administrators
|
||||
++ [ bosephus-host ];
|
||||
"secrets/pihole.age".publicKeys = system-administrators ++ [ bosephus-host ];
|
||||
}
|
||||
|
|
|
|||
BIN
secrets/freshrss.toml.age
Normal file
BIN
secrets/freshrss.toml.age
Normal file
Binary file not shown.
Binary file not shown.
136
services/freshrss.nix
Normal file
136
services/freshrss.nix
Normal file
|
|
@ -0,0 +1,136 @@
|
|||
{ config, pkgs, home-manager-quadlet-nix, ... }:
|
||||
|
||||
let
|
||||
user = "freshrss";
|
||||
port = "37374";
|
||||
stateDirectory = "/var/lib/freshrss";
|
||||
serviceContainer = "freshrss";
|
||||
stateSubDir = subDir: "${stateDirectory}/${subDir}";
|
||||
createTmpfilesRule = subDir: "d ${stateSubDir subDir} 1755 ${user} ${user}";
|
||||
volumeMount = subDir: bindDir: "${stateDirectory}/${subDir}:${bindDir}:U";
|
||||
|
||||
dbDirectories = [ "database" ];
|
||||
serviceDirectories = [ ];
|
||||
in {
|
||||
age.secrets = {
|
||||
"freshrss.toml" = {
|
||||
file = ./../secrets/freshrss.toml.age;
|
||||
owner = "${user}";
|
||||
};
|
||||
};
|
||||
|
||||
millironx.podman-secrets.freshrss = {
|
||||
user = "${user}";
|
||||
secrets-files = [ config.age.secrets."freshrss.toml".path ];
|
||||
};
|
||||
|
||||
services.caddy.virtualHosts."feeds.millironx.com".extraConfig = ''
|
||||
reverse_proxy http://127.0.0.1:${port}
|
||||
'';
|
||||
|
||||
systemd.tmpfiles.rules = builtins.map createTmpfilesRule
|
||||
([ stateDirectory ] ++ dbDirectories ++ serviceDirectories);
|
||||
|
||||
services.borgmatic.configurations."${config.networking.hostName}" = {
|
||||
source_directories = builtins.map stateSubDir dbDirectories;
|
||||
|
||||
name = serviceContainer;
|
||||
psql_command =
|
||||
"/run/wrappers/bin/sudo -iu ${user} ${pkgs.podman}/bin/podman exec ${serviceContainer}-db psql --username=${user}";
|
||||
pg_dump_command =
|
||||
"/run/wrappers/bin/sudo -iu ${user} ${pkgs.podman}/bin/podman exec ${serviceContainer}-db pg_dump --username=${user}";
|
||||
pg_restore_command =
|
||||
"/run/wrappers/bin/sudo -iu ${user} ${pkgs.podman}/bin/podman exec ${serviceContainer}-db pg_restore --username=${user}";
|
||||
};
|
||||
|
||||
users.users."${user}" = {
|
||||
group = "${user}";
|
||||
isNormalUser = true;
|
||||
home = "${stateDirectory}";
|
||||
createHome = true;
|
||||
linger = true;
|
||||
autoSubUidGidRange = true;
|
||||
};
|
||||
users.groups."${user}" = { };
|
||||
|
||||
home-manager.users."${user}" = { config, osConfig, ... }: {
|
||||
imports = [ home-manager-quadlet-nix ];
|
||||
|
||||
home.stateVersion = "25.05";
|
||||
|
||||
virtualisation.quadlet = let
|
||||
inherit (config.virtualisation.quadlet) containers;
|
||||
inherit (config.virtualisation.quadlet) networks;
|
||||
secrets = osConfig.millironx.podman-secrets.freshrss;
|
||||
|
||||
in {
|
||||
containers = {
|
||||
"${serviceContainer}-db" = {
|
||||
autoStart = true;
|
||||
containerConfig = {
|
||||
image = "docker.io/library/postgres:16";
|
||||
environments = {
|
||||
POSTGRES_DB = "${user}";
|
||||
POSTGRES_USER = "${user}";
|
||||
};
|
||||
secrets = [
|
||||
"POSTGRES_PASSWORD,type=env"
|
||||
"POSTGRES_PASSWORD,type=env,target=PGPASSWORD"
|
||||
];
|
||||
healthCmd = "pg_isready -d $\${POSTGRES_DB} -U $\${POSTGRES_USER}";
|
||||
healthInterval = "30s";
|
||||
healthRetries = 5;
|
||||
healthStartPeriod = "20s";
|
||||
volumes = pkgs.lib.imap0 (i: sub:
|
||||
volumeMount sub
|
||||
(builtins.elemAt [ "/var/lib/postgresql/data" ] i)) dbDirectories;
|
||||
networks = [ networks."${serviceContainer}".ref ];
|
||||
};
|
||||
unitConfig.Requires = [ secrets.ref ];
|
||||
unitConfig.After = [ secrets.ref ];
|
||||
};
|
||||
|
||||
"${serviceContainer}" = {
|
||||
autoStart = true;
|
||||
containerConfig = {
|
||||
image = "docker.io/freshrss/freshrss:1";
|
||||
environments = {
|
||||
TZ = osConfig.time.timeZone;
|
||||
CRON_MIN = "2,32";
|
||||
LISTEN = "0.0.0.0:${port}";
|
||||
OIDC_ENABLED = "1";
|
||||
FRESHRSS_INSTALL = ''
|
||||
--api-enabled
|
||||
--base-url
|
||||
--db-base $''${DB_BASE}
|
||||
--db-host $''${DB_HOST}
|
||||
--db-password $''${DB_PASSWORD}
|
||||
--db-type pgsql
|
||||
--db-user $''${DB_USER}
|
||||
--default-user admin
|
||||
--language en
|
||||
'';
|
||||
};
|
||||
secrets = [
|
||||
"FRESHRSS_INSTALL,type=env"
|
||||
"FRESHRSS_USER,type=env"
|
||||
];
|
||||
healthCmd = "cli/health.php";
|
||||
healthTimeout = "10s";
|
||||
healthStartPeriod = "60s";
|
||||
healthStartupInterval = "11s";
|
||||
healthInterval = "75s";
|
||||
healthRetries = 3;
|
||||
networks = [networks."${serviceContainer}".ref];
|
||||
};
|
||||
unitConfig.Requires = [ containers."${serviceContainer}-db".ref ];
|
||||
unitConfig.After = [ containers."${serviceContainer}-db".ref ];
|
||||
};
|
||||
};
|
||||
|
||||
networks."${serviceContainer}" = {};
|
||||
|
||||
autoUpdate.enable = true;
|
||||
};
|
||||
};
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue