thary/nixos-config
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
main
nixos-config/hosts/cepheus/miniflux.nix
Thary 2dec42d487 Initial commit
2025-08-20 18:24:02 +03:00

77 lines
2.2 KiB
Nix
Raw Permalink Blame History

{ config, pkgs, lib, ... }: {
age.secrets.kanidm-oauth2-miniflux = lib.mkSecret "kanidm";
services.kanidm.provision = {
groups."miniflux.access" = {};
systems.oauth2.miniflux = {
displayName = "miniflux";
originUrl = "https://rss.nothing.run/oauth2/oidc/callback";
originLanding = "https://rss.nothing.run/";
basicSecretFile = config.age.secrets.kanidm-oauth2-miniflux.path;
scopeMaps."miniflux.access" = [
"openid"
"email"
"profile"
];
allowInsecureClientDisablePkce = true;
preferShortUsername = true;
};
};
age.secrets.miniflux-admin-credentials = {
generator.script = _: ''
echo "ADMIN_USERNAME = 'admin_fmA4ei32f'"
echo "ADMIN_PASSWORD = '$(head -c 32 /dev/urandom | base64)'"
'';
group = "kanidm";
mode = "444";
};
containers.miniflux = {
autoStart = true;
bindMounts = {
"/run/postgresql" = { hostPath = "/nix/persist/services/miniflux"; isReadOnly = false; };
"/run/agenix" = { hostPath = "/run/agenix"; isReadOnly = false; };
};
hostAddress = "192.168.103.10";
localAddress = "192.168.103.11";
privateNetwork = true;
config = { ... }: {
imports = [ ../../modules/global/dnscrypt-proxy.nix ];
users.groups.kanidm = {};
users.users.postgres.extraGroups = [ "kanidm" ];
services.miniflux = {
enable = true;
createDatabaseLocally = true;
adminCredentialsFile = config.age.secrets.miniflux-admin-credentials.path;
config = {
LISTEN_ADDR = "192.168.103.11:8080";
CREATE_ADMIN = 1;
OAUTH2_PROVIDER = "oidc";
OAUTH2_CLIENT_ID = "miniflux";
OAUTH2_CLIENT_SECRET = config.age.secrets.kanidm-oauth2-miniflux.path;
OAUTH2_REDIRECT_URL = "https://rss.nothing.run/oauth2/oidc/callback";
OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://idm.nothing.run/oauth2/openid/miniflux";
OAUTH2_USER_CREATION = 1;
};
};
networking.firewall = {
enable = true;
allowedTCPPorts = [ 8080 ];
};
system.stateVersion = "25.05";
};
};
services.caddy.virtualHosts = {
"rss.nothing.run".extraConfig = ''
reverse_proxy http://192.168.103.11:8080
'';
};
}
Reference in New Issue View Git Blame Copy Permalink