From ad11056a262bb55e291f4aace4600934d62f9bc2 Mon Sep 17 00:00:00 2001 From: SebastianStork Date: Sun, 29 Sep 2024 10:49:13 +0200 Subject: [PATCH] Add freshrss nspawn container --- .../containers/nspawn/freshrss/default.nix | 38 +++++++++++++++++++ hosts/stratus/secrets.yaml | 6 ++- 2 files changed, 42 insertions(+), 2 deletions(-) create mode 100644 hosts/stratus/containers/nspawn/freshrss/default.nix diff --git a/hosts/stratus/containers/nspawn/freshrss/default.nix b/hosts/stratus/containers/nspawn/freshrss/default.nix new file mode 100644 index 0000000..2f5e9d2 --- /dev/null +++ b/hosts/stratus/containers/nspawn/freshrss/default.nix @@ -0,0 +1,38 @@ +{ lib, ... }: +let + serviceName = lib.last (lib.splitString "/" (builtins.toString ./.)); # Parent directory name + subdomain = "rss"; +in +{ + sops.secrets."container/freshrss/admin-password" = { }; + + containers.${serviceName}.config = + { + config, + domain, + dataDir, + ... + }: + let + userName = config.users.users.freshrss.name; + groupName = config.users.groups.freshrss.name; + in + { + systemd.tmpfiles.rules = [ + "z /run/secrets/container/freshrss/admin-password - ${userName} ${groupName} -" + ]; + + services.freshrss = { + enable = true; + inherit dataDir; + baseUrl = "https://${subdomain}.${domain}"; + defaultUser = "seb"; + passwordFile = "/run/secrets/container/freshrss/admin-password"; + }; + + myConfig.tailscale = { + inherit subdomain; + serve = "80"; + }; + }; +} diff --git a/hosts/stratus/secrets.yaml b/hosts/stratus/secrets.yaml index a0a375d..6b3d435 100644 --- a/hosts/stratus/secrets.yaml +++ b/hosts/stratus/secrets.yaml @@ -6,6 +6,8 @@ container: jwt-secret: ENC[AES256_GCM,data:cLEV5yTwzrcUWjS+RSOy4QGmB+yP24j/Bo51LCS+2yX9fpeeJ+tPAuA=,iv:4R/1YcVQjLTcEKJbQ5oq1/vUM+dc4zBLkFLSgH4wq0w=,tag:i0ub07cM9FwV2ryu+XTLbQ==,type:str] forgejo: admin-password: ENC[AES256_GCM,data:vwFxyLQkU2rzkkgQX7ACEeVHLVbrci9kPUk9L4yD,iv:2gmdO1dImo3fZWRaO3oyt3/IfD3zscHwxgv0iwgAMgQ=,tag:fu1ZYeG183nJH18DqVmTtQ==,type:str] + freshrss: + admin-password: ENC[AES256_GCM,data:uY6V0+GWzwdRS3JQruLxpnfDqnU4waEs+EaCwwqM,iv:8OdmIKQ3AHGUCE83pslrCWk+/IUVBmnjryfw8KrEBUk=,tag:7WvUPgyLmF+T0F+ZV+uMzg==,type:str] nextcloud: admin-password: ENC[AES256_GCM,data:SJxRKv+i+WK8u8f3kqlaxmTqOxmQ7510E9sEpyXV,iv:4Nja7A+VyPPBiJP42fhDTWe93MmBo4/X8IMTR5PGo3s=,tag:Z32bryhJ73IA9ig53epVzQ==,type:str] gmail-password: ENC[AES256_GCM,data:dL1Kag8U5UoNbLOHNbu6dpdJ0GQ=,iv:5oVZRC/L9//pA/vqlk79WNoAdHO+c8CVhywYFRC15eA=,tag:67zXXYMYW7FKR521NM6sYA==,type:str] @@ -39,8 +41,8 @@ sops: aW00MUpGdXpYam5LYVFUenh2VndzcE0KT6Hfx1CYJFseFaEZxwi4Fds4v1HEFzBo FdSC6pzpZkfXso8EtSftq0lPx10GfJ6GZXYb+bCB2S9ROvUMPYDH3A== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-09-22T15:20:15Z" - mac: ENC[AES256_GCM,data:vnajGY3wqVFm6i9GwmCklse4o8Q9wQxvFlA3hayLmuqLbDBPkycnx8nTr0xnJzp/HXcTpPMa8CyBpCcL5MAWlAa1ClmgT26MHt0kEGGHZOe7ph8KJSIIja8GiRI/Ik4HL8bGsUyv1P/SWsxXf41sqNAAAMDm0djkYMsf76HsBko=,iv:u0wYU6WDh9Msl7jfFdrTwAYq7h1JPKbKU1cax3A/EHA=,tag:ewSDASC024Hee6eDoZ+MoA==,type:str] + lastmodified: "2024-09-29T08:44:08Z" + mac: ENC[AES256_GCM,data:SnxfcWKVZoqgNGCEbAEovU3mOJJTRHscJko9zpPW831PqeNPjJ35usQef10UOS5lRtazdRsfN1qqoxs4zqPfq53+be4xiaksFHjN8yIfwSuUUATURktnc2iZ3GPBtfmMAcNWqOd0MeWlb+BGGT2J043qK84RkNZosEazLp12/pk=,iv:bjxq1N9hFG03jAWkj1GMoynhPHDbU8/7EivvTvxl6Ug=,tag:m5zYlEkR4Gi6JxLI6eWsNg==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.0