{ name = "FreshRSS"; description = '' RSS reader and sync server ''; traefikRoutes = { host, ... }: let hostname = host.hostname; config = host.config.freshrss; in [ { name = "${hostname}-freshrss"; rule = "Host(`${config.domain}`)"; target = "http://${host.ip}:1342"; } ]; nixosModule = { lib, config, pkgs, dockerImages, ... }: { options.freshrss = { domain = lib.mkOption { type = lib.types.str; }; adminUser = lib.mkOption { type = lib.types.str; }; }; config = let appDir = "/cephfs/appdata/freshrss"; dataDir = "${appDir}/data"; in { networking.firewall.allowedTCPPorts = [ 1342 # Freshrss ]; sops.secrets = { "freshrss/client_id" = { owner = "freshrss"; }; "freshrss/client_secret" = { owner = "freshrss"; }; }; sops.templates."freshrss-secret.env" = { owner = "freshrss"; content = '' OIDC_CLIENT_ID=${config.sops.placeholder."freshrss/client_id"} OIDC_CLIENT_SECRET=${config.sops.placeholder."freshrss/client_secret"} ''; }; # Set up user to run freshrss users.users."freshrss" = { isSystemUser = true; group = "freshrss"; }; users.groups."freshrss" = { }; systemd.tmpfiles.rules = [ "d '${appDir}' 0750 freshrss freshrss - -" "d '${dataDir}' 0750 freshrss freshrss - -" "d '${appDir}/extensions' 0750 freshrss freshrss - -" ]; # Create the database postgres.databases = [ "freshrss" ]; podman.containers = { "freshrss" = { imageMetadata = dockerImages.freshrss; autoStart = true; environment = { TZ = "Europe/Amsterdam"; CRON_MIN = "3,33"; OIDC_ENABLED = "1"; OIDC_PROVIDER_METADATA_URL = "https://auth.kallestruik.nl/application/o/freshrss/.well-known/openid-configuration"; OIDC_X_FORWARDED_HEADERS = "X-Forwarded-Port X-Forwarded-Proto X-Forwarded-Host"; OIDC_SCOPES = "openid email profile"; }; environmentFiles = [ config.sops.templates."freshrss-secret.env".path ]; volumes = [ "${dataDir}:/var/www/FreshRSS/data" "${appDir}/extensions:/var/www/FreshRSS/extensions" ]; ports = [ "1342:80" ]; }; }; }; }; }