SebastianStork/nixos-config
1
0
Fork 0
mirror of https://github.com/SebastianStork/nixos-config.git synced 2026-01-21 15:11:34 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions

Add freshrss nspawn container

Browse source
This commit is contained in:
SebastianStork 2024-09-29 10:49:13 +02:00
parent 946ef625fc
commit ad11056a26
2 changed files with 42 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

38
hosts/stratus/containers/nspawn/freshrss/default.nix Normal file
View file

@ -0,0 +1,38 @@
{ lib, ... }:
let
serviceName = lib.last (lib.splitString "/" (builtins.toString ./.)); # Parent directory name
subdomain = "rss";
in
{
sops.secrets."container/freshrss/admin-password" = { };
containers.${serviceName}.config =
{
config,
domain,
dataDir,
...
}:
let
userName = config.users.users.freshrss.name;
groupName = config.users.groups.freshrss.name;
in
{
systemd.tmpfiles.rules = [
"z /run/secrets/container/freshrss/admin-password - ${userName} ${groupName} -"
];
services.freshrss = {
enable = true;
inherit dataDir;
baseUrl = "https://${subdomain}.${domain}";
defaultUser = "seb";
passwordFile = "/run/secrets/container/freshrss/admin-password";
};
myConfig.tailscale = {
inherit subdomain;
serve = "80";
};
};
}

6
hosts/stratus/secrets.yaml
View file

@ -6,6 +6,8 @@ container:
jwt-secret: ENC[AES256_GCM,data:cLEV5yTwzrcUWjS+RSOy4QGmB+yP24j/Bo51LCS+2yX9fpeeJ+tPAuA=,iv:4R/1YcVQjLTcEKJbQ5oq1/vUM+dc4zBLkFLSgH4wq0w=,tag:i0ub07cM9FwV2ryu+XTLbQ==,type:str] jwt-secret: ENC[AES256_GCM,data:cLEV5yTwzrcUWjS+RSOy4QGmB+yP24j/Bo51LCS+2yX9fpeeJ+tPAuA=,iv:4R/1YcVQjLTcEKJbQ5oq1/vUM+dc4zBLkFLSgH4wq0w=,tag:i0ub07cM9FwV2ryu+XTLbQ==,type:str]
forgejo: forgejo:
admin-password: ENC[AES256_GCM,data:vwFxyLQkU2rzkkgQX7ACEeVHLVbrci9kPUk9L4yD,iv:2gmdO1dImo3fZWRaO3oyt3/IfD3zscHwxgv0iwgAMgQ=,tag:fu1ZYeG183nJH18DqVmTtQ==,type:str] admin-password: ENC[AES256_GCM,data:vwFxyLQkU2rzkkgQX7ACEeVHLVbrci9kPUk9L4yD,iv:2gmdO1dImo3fZWRaO3oyt3/IfD3zscHwxgv0iwgAMgQ=,tag:fu1ZYeG183nJH18DqVmTtQ==,type:str]
freshrss:
admin-password: ENC[AES256_GCM,data:uY6V0+GWzwdRS3JQruLxpnfDqnU4waEs+EaCwwqM,iv:8OdmIKQ3AHGUCE83pslrCWk+/IUVBmnjryfw8KrEBUk=,tag:7WvUPgyLmF+T0F+ZV+uMzg==,type:str]
nextcloud: nextcloud:
admin-password: ENC[AES256_GCM,data:SJxRKv+i+WK8u8f3kqlaxmTqOxmQ7510E9sEpyXV,iv:4Nja7A+VyPPBiJP42fhDTWe93MmBo4/X8IMTR5PGo3s=,tag:Z32bryhJ73IA9ig53epVzQ==,type:str] admin-password: ENC[AES256_GCM,data:SJxRKv+i+WK8u8f3kqlaxmTqOxmQ7510E9sEpyXV,iv:4Nja7A+VyPPBiJP42fhDTWe93MmBo4/X8IMTR5PGo3s=,tag:Z32bryhJ73IA9ig53epVzQ==,type:str]
gmail-password: ENC[AES256_GCM,data:dL1Kag8U5UoNbLOHNbu6dpdJ0GQ=,iv:5oVZRC/L9//pA/vqlk79WNoAdHO+c8CVhywYFRC15eA=,tag:67zXXYMYW7FKR521NM6sYA==,type:str] gmail-password: ENC[AES256_GCM,data:dL1Kag8U5UoNbLOHNbu6dpdJ0GQ=,iv:5oVZRC/L9//pA/vqlk79WNoAdHO+c8CVhywYFRC15eA=,tag:67zXXYMYW7FKR521NM6sYA==,type:str]
@ -39,8 +41,8 @@ sops:
aW00MUpGdXpYam5LYVFUenh2VndzcE0KT6Hfx1CYJFseFaEZxwi4Fds4v1HEFzBo aW00MUpGdXpYam5LYVFUenh2VndzcE0KT6Hfx1CYJFseFaEZxwi4Fds4v1HEFzBo
FdSC6pzpZkfXso8EtSftq0lPx10GfJ6GZXYb+bCB2S9ROvUMPYDH3A== FdSC6pzpZkfXso8EtSftq0lPx10GfJ6GZXYb+bCB2S9ROvUMPYDH3A==
-----END AGE ENCRYPTED FILE----- -----END AGE ENCRYPTED FILE-----
lastmodified: "2024-09-22T15:20:15Z" lastmodified: "2024-09-29T08:44:08Z"
mac: ENC[AES256_GCM,data:vnajGY3wqVFm6i9GwmCklse4o8Q9wQxvFlA3hayLmuqLbDBPkycnx8nTr0xnJzp/HXcTpPMa8CyBpCcL5MAWlAa1ClmgT26MHt0kEGGHZOe7ph8KJSIIja8GiRI/Ik4HL8bGsUyv1P/SWsxXf41sqNAAAMDm0djkYMsf76HsBko=,iv:u0wYU6WDh9Msl7jfFdrTwAYq7h1JPKbKU1cax3A/EHA=,tag:ewSDASC024Hee6eDoZ+MoA==,type:str] mac: ENC[AES256_GCM,data:SnxfcWKVZoqgNGCEbAEovU3mOJJTRHscJko9zpPW831PqeNPjJ35usQef10UOS5lRtazdRsfN1qqoxs4zqPfq53+be4xiaksFHjN8yIfwSuUUATURktnc2iZ3GPBtfmMAcNWqOd0MeWlb+BGGT2J043qK84RkNZosEazLp12/pk=,iv:bjxq1N9hFG03jAWkj1GMoynhPHDbU8/7EivvTvxl6Ug=,tag:m5zYlEkR4Gi6JxLI6eWsNg==,type:str]
pgp: [] pgp: []
unencrypted_suffix: _unencrypted unencrypted_suffix: _unencrypted
version: 3.9.0 version: 3.9.0