{
name = "FreshRSS";
description = ''
RSS reader and sync server
'';
traefikRoutes =
{
host,
...
}:
let
hostname = host.hostname;
config = host.config.freshrss;
in
[
{
name = "${hostname}-freshrss";
rule = "Host(`${config.domain}`)";
target = "http://${host.ip}:1342";
}
];
nixosModule =
{
lib,
config,
pkgs,
dockerImages,
...
}:
{
options.freshrss = {
domain = lib.mkOption {
type = lib.types.str;
};
adminUser = lib.mkOption {
type = lib.types.str;
};
};
config =
let
appDir = "/cephfs/appdata/freshrss";
dataDir = "${appDir}/data";
in
{
networking.firewall.allowedTCPPorts = [
1342 # Freshrss
];
sops.secrets = {
"freshrss/client_id" = {
owner = "freshrss";
};
"freshrss/client_secret" = {
owner = "freshrss";
};
};
sops.templates."freshrss-secret.env" = {
owner = "freshrss";
content = ''
OIDC_CLIENT_ID=${config.sops.placeholder."freshrss/client_id"}
OIDC_CLIENT_SECRET=${config.sops.placeholder."freshrss/client_secret"}
'';
};
# Set up user to run freshrss
users.users."freshrss" = {
isSystemUser = true;
group = "freshrss";
};
users.groups."freshrss" = { };
systemd.tmpfiles.rules = [
"d '${appDir}' 0750 freshrss freshrss - -"
"d '${dataDir}' 0750 freshrss freshrss - -"
"d '${appDir}/extensions' 0750 freshrss freshrss - -"
];
# Create the database
postgres.databases = [ "freshrss" ];
podman.containers = {
"freshrss" = {
imageMetadata = dockerImages.freshrss;
autoStart = true;
environment = {
TZ = "Europe/Amsterdam";
CRON_MIN = "3,33";
OIDC_ENABLED = "1";
OIDC_PROVIDER_METADATA_URL = "https://auth.kallestruik.nl/application/o/freshrss/.well-known/openid-configuration";
OIDC_X_FORWARDED_HEADERS = "X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host";
OIDC_SCOPES = "openid email profile";
};
environmentFiles = [
config.sops.templates."freshrss-secret.env".path
];
volumes = [
"${dataDir}:/var/www/FreshRSS/data"
"${appDir}/extensions:/var/www/FreshRSS/extensions"
];
ports = [
"1342:80"
];
};
};
};
};
}