From 7c303fd8f277e12f549c00fdad8b3610dfb0d758 Mon Sep 17 00:00:00 2001 From: Romain Paquet Date: Fri, 31 Jan 2025 22:55:37 +0100 Subject: [PATCH] add freshrss on genepi --- hosts/genepi/default.nix | 1 + hosts/genepi/dns.nix | 23 ++++++++++++++--------- hosts/genepi/freshrss.nix | 26 ++++++++++++++++++++++++++ secrets/freshrss.age | 8 ++++++++ secrets/secrets.nix | 3 +++ 5 files changed, 52 insertions(+), 9 deletions(-) create mode 100644 hosts/genepi/freshrss.nix create mode 100644 secrets/freshrss.age diff --git a/hosts/genepi/default.nix b/hosts/genepi/default.nix index 349b1d9..8cb86dd 100644 --- a/hosts/genepi/default.nix +++ b/hosts/genepi/default.nix @@ -13,6 +13,7 @@ ./boot.nix ./disk.nix ./dns.nix + ./freshrss.nix ./hardware.nix ./immich.nix ./monitoring.nix diff --git a/hosts/genepi/dns.nix b/hosts/genepi/dns.nix index f1de58f..7f3d96c 100644 --- a/hosts/genepi/dns.nix +++ b/hosts/genepi/dns.nix @@ -1,4 +1,15 @@ -{ config, ... }: +{ config, lib, ... }: +let + domain = "home.rpqt.fr"; + genepi = { + ip = "100.83.123.79"; + subdomains = [ + "grafana" + "images" + "rss" + ]; + }; +in { networking.firewall.interfaces."${config.services.tailscale.interfaceName}" = { allowedTCPPorts = [ 53 ]; @@ -14,14 +25,8 @@ interface = [ "${config.services.tailscale.interfaceName}" ]; access-control = [ "100.0.0.0/8 allow" ]; - local-zone = [ - ''"grafana.home.rpqt.fr." redirect'' - ''"images.home.rpqt.fr" redirect'' - ]; - local-data = [ - ''"grafana.home.rpqt.fr. IN A 100.83.123.79"'' - ''"images.home.rpqt.fr. IN A 100.83.123.79"'' - ]; + local-zone = lib.map (subdomain: ''"${subdomain}.${domain}." redirect'') genepi.subdomains; + local-data = lib.map (subdomain: ''"${subdomain}.${domain}. IN A ${genepi.ip}"'') genepi.subdomains; }; }; }; diff --git a/hosts/genepi/freshrss.nix b/hosts/genepi/freshrss.nix new file mode 100644 index 0000000..9797ece --- /dev/null +++ b/hosts/genepi/freshrss.nix @@ -0,0 +1,26 @@ +{ config, ... }: +let + domain = "home.rpqt.fr"; + subdomain = "rss.${domain}"; +in +{ + age.secrets.freshrss = { + file = ../../secrets/freshrss.age; + mode = "700"; + owner = config.services.freshrss.user; + }; + + services.freshrss = { + enable = true; + baseUrl = "https://${subdomain}"; + virtualHost = "${subdomain}"; + + defaultUser = "rpqt"; + passwordFile = config.age.secrets.freshrss.path; + }; + + services.nginx.virtualHosts.${config.services.freshrss.virtualHost} = { + forceSSL = true; + useACMEHost = "${domain}"; + }; +} diff --git a/secrets/freshrss.age b/secrets/freshrss.age new file mode 100644 index 0000000..bec4a3d --- /dev/null +++ b/secrets/freshrss.age @@ -0,0 +1,8 @@ +age-encryption.org/v1 +-> ssh-ed25519 ELMcHw e1XlBpnFTEjcVaiz2ogDRQlrkvEK98pJb2iDaP3fAF8 +W9li/7spMyPzwaCSFkOdPOL9ZNuaGCnJxm0uB/vLyS8 +-> ssh-ed25519 8TpKTA 3HeKYAD1Y9UGfCmTWdgfVRMXy/q+R2fH/rrDdCnmBgc +S2pjlFKodLcx06HqrkghUUQB8QgyxkhPean6EV7GsXM +--- g6mHVMs7rkgyIus4NGuw8h+Hai3ME0FbuIpvA2KOOYQ +–=Ï2#¯–Þ¸<+ïí +vàÙúœÂŒL¼3î@Zè,Ü…M9,C$»aèr zuO>Ç͇° \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index 861f255..2d796fb 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -14,4 +14,7 @@ in # Restic repository key "restic-genepi-storagebox-key.age".publicKeys = keysForGenepi; + + # Password of the default user + "freshrss.age".publicKeys = keysForGenepi; }