felixalb/nixos-config
felixalb/nixos-config
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

morn: add miniflux

Browse Source
This commit is contained in:
Felix Albrigtsen 2025-07-06 23:59:16 +02:00
parent c9efb5c1dd
commit eb4b58bed7
5 changed files with 71 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
.sops.yaml
View File

@ -2,7 +2,7 @@ keys:
- &host_burnham age12cgkgx8xac77q0rwakp6zrfrzp45mhk7wj6t3y8s0xurt3k879usnm66ct
- &host_challenger age1j43eqpnq5hy6zt3gmdtzdnne2yfvccd832kpt69qavst44leec6sj2l773
- &host_defiant age128md9emufxu35kgww3a90sw40vvc60f5xul9n9ndvw4lfnj3ndaqq44u64
- &host_voyager age14jzavfeg47pgnrstea6yzvh3s3a578nj8hkk8g79vxyzpn86gslscp23qu
- &host_morn age14ar8q5454khxxf5ur2nxwk533nzycz2lh3635qwz35wh8yq0jpqskj2ksx
- &user_felixalb_sisko age1phc4fkt25n4wtzg88sg3fhvmy6tv8pguyxp5c9js83ae3z374adsxfpqkl
- &user_felixalb_worf age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
@ -35,3 +35,10 @@ creation_rules:
- *host_defiant
- *user_felixalb_sisko
- *user_felixalb_worf
- path_regex: secrets/morn/[^/]+\.yaml$
key_groups:
- age:
- *host_morn
- *user_felixalb_sisko
- *user_felixalb_worf

5
hosts/morn/configuration.nix
View File

@ -8,8 +8,9 @@
../../common/auto-upgrade.nix
./hardware-configuration.nix
./services/nginx.nix
./services/glance
./services/miniflux.nix
./services/nginx.nix
];
networking = {
@ -23,7 +24,7 @@
hostId = "89b7722d";
};
sops.defaultSopsFile = ../../secrets/burnham/burnham.yaml;
sops.defaultSopsFile = ../../secrets/morn/morn.yaml;
environment.variables = { EDITOR = "vim"; };

23
hosts/morn/services/miniflux.nix Normal file
View File

@ -0,0 +1,23 @@
{ config, pkgs, lib, ... }:
let
domain = "rss.home.feal.no";
listen_addr = "127.0.1.2:5051";
in {
sops.secrets."miniflux/env" = { };
services.miniflux = {
enable = true;
adminCredentialsFile = config.sops.secrets."miniflux/env".path;
config = {
CREATE_ADMIN = "1";
LISTEN_ADDR = listen_addr;
BASE_URL = "http://${domain}";
};
};
services.nginx.virtualHosts."${domain}" = {
locations."/".proxyPass = "http://${listen_addr}";
};
}

35
secrets/morn/morn.yaml Normal file
View File

@ -0,0 +1,35 @@
miniflux:
env: ENC[AES256_GCM,data:JnpUwtRDT92u+GZFsBu3Igw13GXYu1NhfWyEDacP7LshfgP9zxclYipCbdzbMDdSf7Ml715b7jRUoKpnSCQcdW9H/c4t,iv:KxfehvNVq1UFp7v6gE95m0bKT2+0dde6wdyNtGiH7UE=,tag:NFbqJlz+wFd+R2EBG8BWKg==,type:str]
sops:
age:
- recipient: age14ar8q5454khxxf5ur2nxwk533nzycz2lh3635qwz35wh8yq0jpqskj2ksx
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSAvMzBkNUlHM1NENVA1aDcz
MnVvbWZWNnB2SVVUeElJNGdFYjNycmRGd2lvCldvL1pwcjZqQklSZ2pINC9Hd1RJ
RnJHcHUrRVpBeHhER1hhQUsyZTRmaHcKLS0tIHB1ZzlvdE9CMFI5ZGl1cVA3Q3d2
dm9WS1hkV1VidFFUdUxKMkpFZ050d2sKySDZkjDii9zc2Im3uT0kaTILvB6Ya6/B
DC7NMt1E0UFz8HYNdJ+Go2icNWSyJeilBisTPaLQkMxfgHfNVwdAZw==
-----END AGE ENCRYPTED FILE-----
- recipient: age1phc4fkt25n4wtzg88sg3fhvmy6tv8pguyxp5c9js83ae3z374adsxfpqkl
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBLZjdVcmFIUDdLTjhqVnV4
UHRUUTg0Ni9JTUx6bnh5emltTHhDSlozdFRZCllhZTVjZWRjVzhLanRuYzVpWWw5
SEtiNlBhRmVRK1FYaHg2SW9MNWNpczQKLS0tIEVGeTM5TGI2SGttdEhPOXgxRXNU
dWxKOXN4d2VUNG9YZGNPZW9jc1l2T1UKxeEn1BTTkxNK5gmyg/AkN0XUIA5+7bsh
G4mbFMw8Ypaiyq+Gc5qP+GgMbTX7lu/UXyFSeW6DToIVjaxk94uyAA==
-----END AGE ENCRYPTED FILE-----
- recipient: age1nj7ju6f3jfvzw4c0sxywthjmztwp7rwqceun8xw2tlfrt7qymatser4vqf
enc: |
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBneDQ0SGcrbDUwK211WVBs
QXZneEVkK0drQkNMOHAxR1k4cVIzUHhaZmt3Cm5CaHdubFFSbjNNRnhBYmQ3b01s
ODRoNHdBQ1dmTzBaWFJZS0pxNnRCTzAKLS0tIDE4c2xtQk1PRGg0NkFKT3Z5ZHJ2
Sy94cTA1d280YUZpUy8xd2F4RG56elkK90ZHB/0UlmwnzJTv9R01xx+MRTsJMIqJ
1wc8f8sng/g8kKbmUv0z9hXkOyrShfI4ZRiwoi2JXvwdDTArgz00Hg==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2025-07-06T21:55:46Z"
mac: ENC[AES256_GCM,data:GQ6c/T5eEXmN/exfzi7YJx8GIpN9hAPL1obJ/RSs2UEOhPKhzp5wrsUYAVMmowMDMswjJ995GhonWcMoBfw2tXymBeZ4lcutqtu3i8awTRAV3VrdXmk2Hvi2Kv6bNYh+rZtKKU5a9rAmZAENBomjOM8C/u7ykWG2Iqk46bc/UuM=,iv:hoaYUguhuECsDjYQQ9tHugoIiBvjP8PlQV4+IjgnfSQ=,tag:u+W7P8MzYOx8/OD7K/Lh7w==,type:str]
unencrypted_suffix: _unencrypted
version: 3.10.2

3
shell.nix
View File

@ -1,8 +1,9 @@
{ pkgs ? import <nixpkgs> {} }:
pkgs.mkShell {
nativeBuildInputs = with pkgs; [
sops
gnupg
sops
ssh-to-age
];
}