forked from pub-solar/infra
rss: fix auth build, fix nginx group rights, log to stdout
This commit is contained in:
parent
c59fac512e
commit
13c381ff3d
|
@ -10,9 +10,12 @@ let
|
||||||
webserverGroup = "hakkonaut";
|
webserverGroup = "hakkonaut";
|
||||||
in
|
in
|
||||||
{
|
{
|
||||||
|
users.users.nginx.extraGroups = [
|
||||||
|
webserverGroup
|
||||||
|
];
|
||||||
|
|
||||||
services.nginx = {
|
services.nginx = {
|
||||||
enable = true;
|
enable = true;
|
||||||
group = webserverGroup;
|
|
||||||
enableReload = true;
|
enableReload = true;
|
||||||
proxyCachePath.cache = {
|
proxyCachePath.cache = {
|
||||||
enable = true;
|
enable = true;
|
||||||
|
|
|
@ -12,8 +12,8 @@
|
||||||
hash = "sha256-G6vZBvSWms6s6nHZWsxJjMGuubt/imiBvbp6ykwrZbg=";
|
hash = "sha256-G6vZBvSWms6s6nHZWsxJjMGuubt/imiBvbp6ykwrZbg=";
|
||||||
};
|
};
|
||||||
installPhase = ''
|
installPhase = ''
|
||||||
mkdir -p $out
|
mkdir -p $out/auth_oidc
|
||||||
cp -r * $out
|
cp -r * $out/auth_oidc
|
||||||
'';
|
'';
|
||||||
};
|
};
|
||||||
in {
|
in {
|
||||||
|
@ -48,10 +48,11 @@ in {
|
||||||
virtualHost = "rss.${config.pub-solar-os.networking.domain}";
|
virtualHost = "rss.${config.pub-solar-os.networking.domain}";
|
||||||
selfUrlPath = "https://rss.${config.pub-solar-os.networking.domain}";
|
selfUrlPath = "https://rss.${config.pub-solar-os.networking.domain}";
|
||||||
root = "/var/lib/tt-rss";
|
root = "/var/lib/tt-rss";
|
||||||
|
logDestination = "";
|
||||||
plugins = [
|
plugins = [
|
||||||
"auth_internal"
|
"auth_internal"
|
||||||
"note"
|
"note"
|
||||||
"ttrss-auth-oidc"
|
"auth_oidc"
|
||||||
];
|
];
|
||||||
pluginPackages = [
|
pluginPackages = [
|
||||||
ttrss-auth-oidc
|
ttrss-auth-oidc
|
||||||
|
@ -70,7 +71,7 @@ in {
|
||||||
};
|
};
|
||||||
extraConfig = ''
|
extraConfig = ''
|
||||||
putenv('TTRSS_SMTP_PASSWORD=' . file_get_contents('${config.age.secrets.tt-rss-smtp-password.path}'));
|
putenv('TTRSS_SMTP_PASSWORD=' . file_get_contents('${config.age.secrets.tt-rss-smtp-password.path}'));
|
||||||
putenv('TTRSS_AUTH_OIDC_NAME=Keycloak');
|
putenv('TTRSS_AUTH_OIDC_NAME=pub.solar ID');
|
||||||
putenv('TTRSS_AUTH_OIDC_URL=https://auth.${config.pub-solar-os.networking.domain}/realms/${config.pub-solar-os.auth.realm}/');
|
putenv('TTRSS_AUTH_OIDC_URL=https://auth.${config.pub-solar-os.networking.domain}/realms/${config.pub-solar-os.auth.realm}/');
|
||||||
putenv('TTRSS_AUTH_OIDC_CLIENT_ID=tt-rss');
|
putenv('TTRSS_AUTH_OIDC_CLIENT_ID=tt-rss');
|
||||||
putenv('TTRSS_AUTH_OIDC_CLIENT_SECRET=' . file_get_contents('${config.age.secrets.tt-rss-keycloak-client-secret.path}'));
|
putenv('TTRSS_AUTH_OIDC_CLIENT_SECRET=' . file_get_contents('${config.age.secrets.tt-rss-keycloak-client-secret.path}'));
|
||||||
|
|
Loading…
Reference in a new issue