2022-10-14 04:49:54 +00:00
|
|
|
# import feeds with e.g.
|
2022-10-15 08:41:53 +00:00
|
|
|
# ```console
|
|
|
|
# $ nix build '.#nixpkgs.freshrss'
|
|
|
|
# $ sudo -u freshrss -g freshrss FRESHRSS_DATA_PATH=/var/lib/freshrss ./result/cli/import-for-user.php --user admin --filename /home/colin/.config/newsflashFeeds.opml
|
|
|
|
# ```
|
|
|
|
#
|
|
|
|
# export feeds with
|
|
|
|
# ```console
|
|
|
|
# $ sudo -u freshrss -g freshrss FRESHRSS_DATA_PATH=/var/lib/freshrss ./result/cli/export-opml-for-user.php --user admin
|
|
|
|
# ```
|
2022-10-14 04:49:54 +00:00
|
|
|
|
2022-10-15 08:41:53 +00:00
|
|
|
{ config, lib, pkgs, ... }:
|
2022-10-14 00:52:43 +00:00
|
|
|
{
|
|
|
|
sops.secrets.freshrss_passwd = {
|
|
|
|
sopsFile = ../../../secrets/servo.yaml;
|
|
|
|
owner = config.users.users.freshrss.name;
|
|
|
|
mode = "400";
|
|
|
|
};
|
2022-10-14 04:49:54 +00:00
|
|
|
sane.impermanence.service-dirs = [
|
|
|
|
{ user = "freshrss"; group = "freshrss"; directory = "/var/lib/freshrss"; }
|
|
|
|
];
|
2022-10-14 00:52:43 +00:00
|
|
|
|
|
|
|
users.users.freshrss.uid = config.sane.allocations.freshrss-uid;
|
|
|
|
users.groups.freshrss.gid = config.sane.allocations.freshrss-gid;
|
|
|
|
services.freshrss.enable = true;
|
|
|
|
services.freshrss.baseUrl = "https://rss.uninsane.org";
|
|
|
|
services.freshrss.virtualHost = "rss.uninsane.org";
|
|
|
|
services.freshrss.passwordFile = config.sops.secrets.freshrss_passwd.path;
|
2022-10-15 08:41:53 +00:00
|
|
|
|
|
|
|
systemd.services.freshrss-import-feeds =
|
|
|
|
let
|
|
|
|
fresh = config.systemd.services.freshrss-config;
|
2022-11-22 04:29:17 +00:00
|
|
|
feeds = import ../../../modules/home-manager/feeds.nix { inherit lib; };
|
2022-10-15 08:41:53 +00:00
|
|
|
opml = pkgs.writeText "sane-freshrss.opml" (feeds.feedsToOpml feeds.all);
|
|
|
|
in {
|
|
|
|
inherit (fresh) wantedBy environment;
|
|
|
|
serviceConfig = {
|
|
|
|
inherit (fresh.serviceConfig) Type User Group StateDirectory WorkingDirectory
|
|
|
|
# hardening options
|
|
|
|
CapabilityBoundingSet DeviceAllow LockPersonality NoNewPrivileges PrivateDevices PrivateTmp PrivateUsers ProcSubset ProtectClock ProtectControlGroups ProtectHome ProtectHostname ProtectKernelLogs ProtectKernelModules ProtectKernelTunables ProtectProc ProtectSystem RemoveIPC RestrictNamespaces RestrictRealtime RestrictSUIDSGID SystemCallArchitectures SystemCallFilter UMask;
|
|
|
|
};
|
|
|
|
description = "import sane RSS feed list";
|
|
|
|
after = [ "freshrss-config.service" ];
|
|
|
|
script = ''
|
|
|
|
${pkgs.freshrss}/cli/import-for-user.php --user admin --filename ${opml}
|
|
|
|
'';
|
|
|
|
};
|
2022-11-11 08:48:48 +00:00
|
|
|
|
|
|
|
# the default ("*:0/5") is to run every 5 minutes.
|
|
|
|
# `systemctl list-timers` to show
|
|
|
|
systemd.services.freshrss-updater.startAt = lib.mkForce "*:3/30";
|
2022-12-17 00:52:48 +00:00
|
|
|
|
|
|
|
services.nginx.virtualHosts."rss.uninsane.org" = {
|
|
|
|
addSSL = true;
|
|
|
|
enableACME = true;
|
|
|
|
# inherit kTLS;
|
|
|
|
# the routing is handled by services.freshrss.virtualHost
|
|
|
|
};
|
2022-12-17 01:29:12 +00:00
|
|
|
|
2022-12-19 04:38:41 +00:00
|
|
|
sane.services.trust-dns.zones."uninsane.org".inet.CNAME."rss" = [ "native" ];
|
2022-10-14 00:52:43 +00:00
|
|
|
}
|