nixos-config/services/miniflux.nix

{ config, ... }:

let
  domain = "news.felschr.com";
  port = 8002;
in {
  age.secrets.miniflux.file = ../secrets/miniflux/admin.age;
  age.secrets.miniflux-oidc = {
    file = ../secrets/miniflux/oidc.age;
    group = "miniflux-secrets";
    mode = "440";
  };

  services.miniflux = {
    enable = true;
    adminCredentialsFile = config.age.secrets.miniflux.path;
    config = {
      LISTEN_ADDR = "localhost:${toString port}";
      BASE_URL = "https://${domain}";
      OAUTH2_PROVIDER = "oidc";
      OAUTH2_CLIENT_ID = "miniflux";
      OAUTH2_CLIENT_SECRET_FILE = config.age.secrets.miniflux-oidc.path;
      OAUTH2_REDIRECT_URL = "https://news.felschr.com/oauth2/oidc/callback";
      OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://auth.felschr.com";
      OAUTH2_USER_CREATION = "1";
    };
  };

  systemd.services.miniflux.serviceConfig.SupplementaryGroups =
    [ "miniflux-secrets" ];

  services.nginx = {
    virtualHosts."news.felschr.com" = {
      enableACME = true;
      forceSSL = true;
      locations."/".proxyPass = "http://localhost:${toString port}";
    };
  };

  users.groups.miniflux-secrets = { };
}
feat(miniflux): set up SSO 2023-12-09 04:08:41 +01:00			`{ config, ... }:`
feat(rpi4): add miniflux 2021-12-11 19:40:53 +01:00
feat(miniflux): set up SSO 2023-12-09 04:08:41 +01:00			`let`
			`domain = "news.felschr.com";`
			`port = 8002;`
feat(rpi4): add miniflux 2021-12-11 19:40:53 +01:00			`in {`
refactor(miniflux): move oidc secret 2023-12-10 15:42:28 +01:00			`age.secrets.miniflux.file = ../secrets/miniflux/admin.age;`
			`age.secrets.miniflux-oidc = {`
			`file = ../secrets/miniflux/oidc.age;`
			`group = "miniflux-secrets";`
			`mode = "440";`
			`};`
fix(secrets): fix permissions Also moves key references into respective configs where they are used. 2022-05-06 03:16:17 +02:00
feat(rpi4): add miniflux 2021-12-11 19:40:53 +01:00			`services.miniflux = {`
			`enable = true;`
feat: set up agenix secrets management 2022-05-04 03:02:47 +02:00			`adminCredentialsFile = config.age.secrets.miniflux.path;`
feat(miniflux): set up SSO 2023-12-09 04:08:41 +01:00			`config = {`
			`LISTEN_ADDR = "localhost:${toString port}";`
			`BASE_URL = "https://${domain}";`
			`OAUTH2_PROVIDER = "oidc";`
			`OAUTH2_CLIENT_ID = "miniflux";`
refactor(miniflux): move oidc secret 2023-12-10 15:42:28 +01:00			`OAUTH2_CLIENT_SECRET_FILE = config.age.secrets.miniflux-oidc.path;`
feat(miniflux): set up SSO 2023-12-09 04:08:41 +01:00			`OAUTH2_REDIRECT_URL = "https://news.felschr.com/oauth2/oidc/callback";`
			`OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://auth.felschr.com";`
			`OAUTH2_USER_CREATION = "1";`
			`};`
feat(rpi4): add miniflux 2021-12-11 19:40:53 +01:00			`};`

refactor(miniflux): move oidc secret 2023-12-10 15:42:28 +01:00			`systemd.services.miniflux.serviceConfig.SupplementaryGroups =`
			`[ "miniflux-secrets" ];`

feat(rpi4): add miniflux 2021-12-11 19:40:53 +01:00			`services.nginx = {`
			`virtualHosts."news.felschr.com" = {`
			`enableACME = true;`
			`forceSSL = true;`
fix(miniflux): fix port stringification 2021-12-12 16:04:58 +01:00			`locations."/".proxyPass = "http://localhost:${toString port}";`
feat(rpi4): add miniflux 2021-12-11 19:40:53 +01:00			`};`
			`};`
refactor(miniflux): move oidc secret 2023-12-10 15:42:28 +01:00
			`users.groups.miniflux-secrets = { };`
feat(rpi4): add miniflux 2021-12-11 19:40:53 +01:00			`}`