diff --git a/hosts/server/configuration.nix b/hosts/server/configuration.nix index b05308e..5db08e7 100644 --- a/hosts/server/configuration.nix +++ b/hosts/server/configuration.nix @@ -23,6 +23,7 @@ ../../server-modules/mazanoke.nix ../../server-modules/nginx.nix ../../server-modules/fail2ban.nix + ../../server-modules/freshrss.nix # You should let those lines as is ./hardware-configuration.nix diff --git a/hosts/server/secrets/secrets.yaml b/hosts/server/secrets/secrets.yaml index 35f5ffa..f474101 100644 --- a/hosts/server/secrets/secrets.yaml +++ b/hosts/server/secrets/secrets.yaml @@ -1,3 +1,4 @@ +freshrss: ENC[AES256_GCM,data:xJzlm5cOQVl/bZA=,iv:DgZN6EInXfkA8nhPeIPH1T+x0z7X3WlHGcoRDF3dpI4=,tag:YqUhltbHAq2kmmdiffn4tQ==,type:str] sshconfig: ENC[AES256_GCM,data:R54HVxqAyj9yGO/AYL8p6cnXgYxkQKW9XveHlBMTnDXBJ7r/4HgnefdymprnXmdlbNWcWrRqmaLEuzJs/0BfixXfMvmGTUrmJ0ASVuDrz9k6rOLADAKFikQh0dib7NU4JmPgmUzMncXc2WuCd3BCG3kwBQ==,iv:Ro9FA+MzTAp+ERQMT88z8ioCox/dTj2vWcqCDOSLag4=,tag:5XiXIyz5/pjGFOB5ZjdOVg==,type:str] github-key: ENC[AES256_GCM,data:NRYhcBIwGJEV13+YECLR+2IErsn/7clbnkx0Mltr7dQajSb5WHZ3QDH0KQPylEHhplE5IVS0h4I0z+Pb1B0UteCxFmJ5wZq+2BKZkvE7G3dojqBpgHcVqJV2GLEJkRjlHfRgsbq/OBe8xcsPh20P1KUyP0WIwVbpt+9dFWGxEGYkp2uSyuBIJ98kElt0zuVgl7WcYoDO7v5WmGzZfla+yZwURvMk8zcM3gopo+4KL6YnYUs+UA3VlBBn6VK4Nvbqy6X0R0+ZA5HHAXg+OFgGmfWnENZmsyQJHXEchGGgEldzThkQ4r8yMkgN/ax+AGouLyzbITapGE4sE11FFgL6Hmp4pSXxl3UAGF+cvV5pIujbb28CXmSPRMyYpoNxI93PSYz/txAzE6Cr2dgwxR4zpMelv4i6IaGnY8NgpY8jp2Y6C0uuJxJCN0RtnjQw1rM2uRnm7vMGyU7XXz9DEVfGnYpTWnykXsEjHE5DVGy80ejYQlc6dtmf3vdTWpt+YYdCPw8/cd0PIx2D6geh1c28,iv:wl+RG24mXYMklD8CBGXVD36DMhlWT/7zh8ZMvr7vgOk=,tag:OJhqF8PoXotr7IsyFW6q1g==,type:str] adguard-pwd: ENC[AES256_GCM,data:QavwLWENAURnRrFwiLntkiM=,iv:bxdQfBxNL5rwUr7CEKbwXtv5mUUXZHhvyqQL2KoPwEY=,tag:T+cSyzbGeo7E5smSsuFlHw==,type:str] @@ -17,7 +18,7 @@ sops: TEc5d01RaVFGNXc3dlljM0FTTHpENjQKOqwI+pl8UxVIVl43glnOYvW660/PsDGY yefODJGVtHrOm3yeXC2xlTi3sFW+c5wUl2yPqddbvcBt5Ud/yd4iXQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2026-01-04T23:46:09Z" - mac: ENC[AES256_GCM,data:naRZouoaaabUEEYIvpMayzGZ63cHu7zWUbHA6HmoqrkH5MvLDsUrdKymsj5an38egsBoOcoONTIA5sicZel6LmpN6BdNNvMr2UX1GEzJ6k0XZHW0K78MiQ1PYesrlvzNZ7pFN0kqL/u/Ed+E90TVB566p44lUkHh0oHr9WuUIBI=,iv:nnwl2NgYOS7HOHzJ9B9Qt0oDiE8cjE/jWEYTAx+Ugxc=,tag:cHeg7TR7dGcnxXxcVaEvew==,type:str] + lastmodified: "2026-02-16T21:21:02Z" + mac: ENC[AES256_GCM,data:TEDhaEvzVEB6KjdTeeA8/ZGx71hWJKmkpj7DiwcaOzhLsRSVFqv36zEJ6Xtb5HojGE0G0ALNl4K5+rav8u9fL4YCO6bPBYtZgbSNBOILbV2FldFZKRErMMGDIpnQd8oaUfB/48VYTSMmhT5AwRaqdRYDomnv8wKtY8grTFhzkoA=,iv:9MDb5CovWWqHmbDHejZA3tSSHeSTGkoPuZQGMnOtd9k=,tag:e/ZMvAFdu+ICGeQUSrJx8g==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/server-modules/freshrss.nix b/server-modules/freshrss.nix new file mode 100644 index 0000000..2dab2f6 --- /dev/null +++ b/server-modules/freshrss.nix @@ -0,0 +1,31 @@ +{ + pkgs, + config, + ... +}: let + user = config.var.username; +in { + sops.secrets = { + freshrss = { + owner = "freshrss"; + mode = "0600"; + }; + }; + + services.freshrss = { + enable = true; + defaultUser = user; + passwordFile = config.sops.secrets.freshrss.path; + user = "freshrss"; + baseUrl = "https://rss.hadi.diy"; + webserver = "nginx"; + + extensions = with pkgs.freshrss-extensions; [ + youtube + title-wrap + reading-time + ]; + }; + + services.cloudflared.tunnels."f7c8f777-a36c-4b9a-b6e3-6a112bd43e73".ingress."rss.hadi.diy" = "http://localhost:80"; +}