miniflux: setup service

This commit is contained in:
Antoine Martin 2021-01-30 21:14:27 +01:00
parent 8b037b16a4
commit 297eb0a6f9
5 changed files with 78 additions and 2 deletions

1
.gitignore vendored
View file

@ -1 +1,2 @@
borg-backup-repo borg-backup-repo
miniflux-admin-credentials

View file

@ -80,13 +80,20 @@
]; ];
exclude = []; exclude = [];
}; };
miniflux = {
enable = true;
adminCredentialsFile = "${./miniflux-admin-credentials}";
privatePort = 8080;
};
matrix.enable = true;
monitoring = { monitoring = {
enable = true; enable = true;
useACME = true; useACME = true;
domain = "monitoring.${config.networking.domain}"; domain = "monitoring.${config.networking.domain}";
}; };
matrix.enable = true;
}; };
security.acme.acceptTerms = true; security.acme.acceptTerms = true;

View file

@ -0,0 +1,2 @@
ADMIN_USERNAME=admin
ADMIN_PASSWORD=password

View file

@ -4,6 +4,7 @@
imports = [ imports = [
./borg-backup.nix ./borg-backup.nix
./matrix.nix ./matrix.nix
./miniflux.nix
./monitoring.nix ./monitoring.nix
]; ];
} }

65
services/miniflux.nix Normal file
View file

@ -0,0 +1,65 @@
{ config, lib, pkgs, ... }:
with lib;
let
cfg = config.my.services.miniflux;
domain = config.networking.domain;
in {
options.my.services.miniflux = {
enable = mkEnableOption "Serve a Miniflux instance";
adminCredentialsFile = mkOption {
type = types.str;
default = null;
example = "./secrets/miniflux-admin-credentials";
description = "File containing ADMIN_USERNAME= and ADMIN_PASSWORD=";
};
privatePort = mkOption {
type = types.int;
default = 8080;
example = 8080;
description = "Port to serve the app";
};
};
config = mkIf cfg.enable {
# services.postgresql is automatically enabled by services.miniflux, let's
# back it up
services.postgresqlBackup = {
databases = [ "miniflux" ];
};
services.miniflux = {
enable = true;
adminCredentialsFile = cfg.adminCredentialsFile;
# TODO: setup metrics collection
config = {
LISTEN_ADDR = "127.0.0.1:${toString cfg.privatePort}";
BASE_URL = "https://reader.${domain}/";
};
};
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedTlsSettings = true;
recommendedProxySettings = true;
virtualHosts = {
"reader.${domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
proxyPass = "http://127.0.0.1:${toString cfg.privatePort}";
};
};
};
};
};
}