{ name = "FreshRSS"; description = '' RSS reader and sync server ''; traefikRoutes = { host, ... }: let hostname = host.hostname; config = host.config.freshrss; in [ { name = "${hostname}-freshrss"; rule = "Host(`${config.domain}`)"; target = "http://${host.ip}:80"; } ]; nixosModule = { lib, config, ... }: { options.freshrss = { domain = lib.mkOption { type = lib.types.str; }; adminUser = lib.mkOption { type = lib.types.str; }; }; config = let cfg = config.freshrss; secrets = config.sops.secrets; in { networking.firewall.allowedTCPPorts = [ 80 # Nginx running freshrss ]; sops.secrets = { "freshrss/db_pass" = { owner = "freshrss"; }; "freshrss/admin_pass" = { owner = "freshrss"; }; }; systemd.tmpfiles.rules = [ "d '${config.services.freshrss.dataDir}/cache' 0750 ${config.services.freshrss.user} ${config.services.freshrss.user} - -" "d '${config.services.freshrss.dataDir}/users' 0750 ${config.services.freshrss.user} ${config.services.freshrss.user} - -" "d '${config.services.freshrss.dataDir}/favicons' 0750 ${config.services.freshrss.user} ${config.services.freshrss.user} - -" ]; # Create the database postgres.databases = [ "freshrss" ]; # Enable and configure the service services.freshrss = { enable = true; baseUrl = "https://${cfg.domain}"; virtualHost = cfg.domain; dataDir = "/cephfs/appdata/freshrss"; defaultUser = cfg.adminUser; passwordFile = secrets."freshrss/admin_pass".path; database = { type = "pgsql"; passFile = secrets."freshrss/db_pass".path; }; }; }; }; }