2022-10-14 04:49:54 +00:00
|
|
|
# import feeds with e.g.
|
2022-10-15 08:41:53 +00:00
|
|
|
# ```console
|
|
|
|
# $ nix build '.#nixpkgs.freshrss'
|
|
|
|
# $ sudo -u freshrss -g freshrss FRESHRSS_DATA_PATH=/var/lib/freshrss ./result/cli/import-for-user.php --user admin --filename /home/colin/.config/newsflashFeeds.opml
|
|
|
|
# ```
|
|
|
|
#
|
|
|
|
# export feeds with
|
|
|
|
# ```console
|
|
|
|
# $ sudo -u freshrss -g freshrss FRESHRSS_DATA_PATH=/var/lib/freshrss ./result/cli/export-opml-for-user.php --user admin
|
|
|
|
# ```
|
2022-10-14 04:49:54 +00:00
|
|
|
|
2023-01-08 05:24:56 +00:00
|
|
|
{ config, lib, pkgs, sane-lib, ... }:
|
2022-10-14 00:52:43 +00:00
|
|
|
{
|
2023-01-19 23:23:41 +00:00
|
|
|
sops.secrets."freshrss_passwd" = {
|
2022-10-14 00:52:43 +00:00
|
|
|
owner = config.users.users.freshrss.name;
|
2023-01-04 07:14:54 +00:00
|
|
|
mode = "0400";
|
2022-10-14 00:52:43 +00:00
|
|
|
};
|
2023-01-06 11:29:13 +00:00
|
|
|
sane.persist.sys.plaintext = [
|
2022-10-14 04:49:54 +00:00
|
|
|
{ user = "freshrss"; group = "freshrss"; directory = "/var/lib/freshrss"; }
|
|
|
|
];
|
2022-10-14 00:52:43 +00:00
|
|
|
|
|
|
|
services.freshrss.enable = true;
|
|
|
|
services.freshrss.baseUrl = "https://rss.uninsane.org";
|
|
|
|
services.freshrss.virtualHost = "rss.uninsane.org";
|
|
|
|
services.freshrss.passwordFile = config.sops.secrets.freshrss_passwd.path;
|
2022-10-15 08:41:53 +00:00
|
|
|
|
|
|
|
systemd.services.freshrss-import-feeds =
|
|
|
|
let
|
2023-01-08 05:27:45 +00:00
|
|
|
feeds = sane-lib.feeds;
|
2022-10-15 08:41:53 +00:00
|
|
|
fresh = config.systemd.services.freshrss-config;
|
2023-01-08 05:27:45 +00:00
|
|
|
all-feeds = config.sane.feeds;
|
|
|
|
wanted-feeds = feeds.filterByFormat ["text" "image"] all-feeds;
|
|
|
|
opml = pkgs.writeText "sane-freshrss.opml" (feeds.feedsToOpml wanted-feeds);
|
2022-10-15 08:41:53 +00:00
|
|
|
in {
|
|
|
|
inherit (fresh) wantedBy environment;
|
|
|
|
serviceConfig = {
|
|
|
|
inherit (fresh.serviceConfig) Type User Group StateDirectory WorkingDirectory
|
|
|
|
# hardening options
|
|
|
|
CapabilityBoundingSet DeviceAllow LockPersonality NoNewPrivileges PrivateDevices PrivateTmp PrivateUsers ProcSubset ProtectClock ProtectControlGroups ProtectHome ProtectHostname ProtectKernelLogs ProtectKernelModules ProtectKernelTunables ProtectProc ProtectSystem RemoveIPC RestrictNamespaces RestrictRealtime RestrictSUIDSGID SystemCallArchitectures SystemCallFilter UMask;
|
|
|
|
};
|
|
|
|
description = "import sane RSS feed list";
|
|
|
|
after = [ "freshrss-config.service" ];
|
|
|
|
script = ''
|
2023-01-21 03:50:27 +00:00
|
|
|
# easiest way to preserve feeds: delete the user, recreate it, import feeds
|
|
|
|
${pkgs.freshrss}/cli/delete-user.php --user colin || true
|
|
|
|
${pkgs.freshrss}/cli/create-user.php --user colin --password "$(cat ${config.services.freshrss.passwordFile})" || true
|
|
|
|
${pkgs.freshrss}/cli/import-for-user.php --user colin --filename ${opml}
|
2022-10-15 08:41:53 +00:00
|
|
|
'';
|
|
|
|
};
|
2022-11-11 08:48:48 +00:00
|
|
|
|
|
|
|
# the default ("*:0/5") is to run every 5 minutes.
|
|
|
|
# `systemctl list-timers` to show
|
|
|
|
systemd.services.freshrss-updater.startAt = lib.mkForce "*:3/30";
|
2022-12-17 00:52:48 +00:00
|
|
|
|
|
|
|
services.nginx.virtualHosts."rss.uninsane.org" = {
|
|
|
|
addSSL = true;
|
|
|
|
enableACME = true;
|
|
|
|
# inherit kTLS;
|
|
|
|
# the routing is handled by services.freshrss.virtualHost
|
|
|
|
};
|
2022-12-17 01:29:12 +00:00
|
|
|
|
2023-01-02 13:23:52 +00:00
|
|
|
sane.services.trust-dns.zones."uninsane.org".inet.CNAME."rss" = "native";
|
2022-10-14 00:52:43 +00:00
|
|
|
}
|