rss: fix auth build, fix nginx group rights, log to stdout

This commit is contained in:
Benjamin Yule Bädorf 2024-07-17 18:50:06 +02:00
parent c59fac512e
commit 13c381ff3d
Signed by untrusted user: b12f
GPG key ID: 729956E1124F8F26
2 changed files with 9 additions and 5 deletions

View file

@ -10,9 +10,12 @@ let
webserverGroup = "hakkonaut"; webserverGroup = "hakkonaut";
in in
{ {
users.users.nginx.extraGroups = [
webserverGroup
];
services.nginx = { services.nginx = {
enable = true; enable = true;
group = webserverGroup;
enableReload = true; enableReload = true;
proxyCachePath.cache = { proxyCachePath.cache = {
enable = true; enable = true;

View file

@ -12,8 +12,8 @@
hash = "sha256-G6vZBvSWms6s6nHZWsxJjMGuubt/imiBvbp6ykwrZbg="; hash = "sha256-G6vZBvSWms6s6nHZWsxJjMGuubt/imiBvbp6ykwrZbg=";
}; };
installPhase = '' installPhase = ''
mkdir -p $out mkdir -p $out/auth_oidc
cp -r * $out cp -r * $out/auth_oidc
''; '';
}; };
in { in {
@ -48,10 +48,11 @@ in {
virtualHost = "rss.${config.pub-solar-os.networking.domain}"; virtualHost = "rss.${config.pub-solar-os.networking.domain}";
selfUrlPath = "https://rss.${config.pub-solar-os.networking.domain}"; selfUrlPath = "https://rss.${config.pub-solar-os.networking.domain}";
root = "/var/lib/tt-rss"; root = "/var/lib/tt-rss";
logDestination = "";
plugins = [ plugins = [
"auth_internal" "auth_internal"
"note" "note"
"ttrss-auth-oidc" "auth_oidc"
]; ];
pluginPackages = [ pluginPackages = [
ttrss-auth-oidc ttrss-auth-oidc
@ -70,7 +71,7 @@ in {
}; };
extraConfig = '' extraConfig = ''
putenv('TTRSS_SMTP_PASSWORD=' . file_get_contents('${config.age.secrets.tt-rss-smtp-password.path}')); putenv('TTRSS_SMTP_PASSWORD=' . file_get_contents('${config.age.secrets.tt-rss-smtp-password.path}'));
putenv('TTRSS_AUTH_OIDC_NAME=Keycloak'); putenv('TTRSS_AUTH_OIDC_NAME=pub.solar ID');
putenv('TTRSS_AUTH_OIDC_URL=https://auth.${config.pub-solar-os.networking.domain}/realms/${config.pub-solar-os.auth.realm}/'); putenv('TTRSS_AUTH_OIDC_URL=https://auth.${config.pub-solar-os.networking.domain}/realms/${config.pub-solar-os.auth.realm}/');
putenv('TTRSS_AUTH_OIDC_CLIENT_ID=tt-rss'); putenv('TTRSS_AUTH_OIDC_CLIENT_ID=tt-rss');
putenv('TTRSS_AUTH_OIDC_CLIENT_SECRET=' . file_get_contents('${config.age.secrets.tt-rss-keycloak-client-secret.path}')); putenv('TTRSS_AUTH_OIDC_CLIENT_SECRET=' . file_get_contents('${config.age.secrets.tt-rss-keycloak-client-secret.path}'));