pub-solar/infra
7
1
Fork 3
Code Issues 16 Pull requests 9 Actions Packages Projects 1 Releases Wiki Activity

tt-rss: fix secret paths, add plugin sha

Browse source
This commit is contained in:
Benjamin Yule Bädorf 2024-07-17 15:22:25 +02:00
parent 8ce50bb73b
commit 68be6b9303
Signed by: b12f
GPG key ID: 729956E1124F8F26
1 changed files with 9 additions and 12 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

21
modules/tt-rss/default.nix
View file

@ -1,17 +1,20 @@
{ {
flake, flake,
config, config,
lib,
pkgs, pkgs,
... ...
}: let }: let
ttrss-auth-oidc = pkgs.stdenv.mkDerivation { ttrss-auth-oidc = pkgs.stdenv.mkDerivation {
name = "ttrss-auth-oidc"; name = "ttrss-auth-oidc";
version = "7ebfbc91e92bb133beb907c6bde79279ee5156df"; version = "7ebfbc91e92bb133beb907c6bde79279ee5156df";
src = fetchGit { src = pkgs.fetchgit {
url = "https://gitlab.tt-rss.org/tt-rss/plugins/ttrss-auth-oidc.git"; url = "https://gitlab.tt-rss.org/tt-rss/plugins/ttrss-auth-oidc.git";
hash = ""; hash = "sha256-G6vZBvSWms6s6nHZWsxJjMGuubt/imiBvbp6ykwrZbg=";
}; };
installPhase = ''
mkdir -p $out
cp -r * $out
'';
}; };
in { in {
age.secrets.tt-rss-database-password = { age.secrets.tt-rss-database-password = {
@ -38,17 +41,11 @@ in {
services.nginx.virtualHosts."rss.${config.pub-solar-os.networking.domain}" = { services.nginx.virtualHosts."rss.${config.pub-solar-os.networking.domain}" = {
enableACME = true; enableACME = true;
forceSSL = true; forceSSL = true;
locations."/".extraConfig = ''
uwsgi_pass unix:/run/searx/searx.sock;
'';
}; };
users.users.nginx.extraGroups = [ "searx" ];
services.tt-rss = { services.tt-rss = {
enable = true; enable = true;
feedCryptKey = ""; virtualHost = "rss.${config.pub-solar-os.networking.domain}";
selfUrlPath = "https://rss.${config.pub-solar-os.networking.domain}"; selfUrlPath = "https://rss.${config.pub-solar-os.networking.domain}";
root = "/var/lib/tt-rss"; root = "/var/lib/tt-rss";
plugins = [ plugins = [
@ -76,8 +73,8 @@ in {
putenv('TTRSS_AUTH_OIDC_NAME=Keycloak'); putenv('TTRSS_AUTH_OIDC_NAME=Keycloak');
putenv('TTRSS_AUTH_OIDC_URL=https://auth.${config.pub-solar-os.networking.domain}/realms/${config.pub-solar-os.auth.realm}/'); putenv('TTRSS_AUTH_OIDC_URL=https://auth.${config.pub-solar-os.networking.domain}/realms/${config.pub-solar-os.auth.realm}/');
putenv('TTRSS_AUTH_OIDC_CLIENT_ID=tt-rss'); putenv('TTRSS_AUTH_OIDC_CLIENT_ID=tt-rss');
putenv('TTRSS_AUTH_OIDC_CLIENT_SECRET=' . file_get_contents('${config.age.secrets.tt-rss-keycloak-client-secret}')); putenv('TTRSS_AUTH_OIDC_CLIENT_SECRET=' . file_get_contents('${config.age.secrets.tt-rss-keycloak-client-secret.path}'));
putenv('TTRSS_FEED_CRYPT_KEY=' . file_get_contents('${config.age.secrets.tt-rss-feed-crypt-key}')); putenv('TTRSS_FEED_CRYPT_KEY=' . file_get_contents('${config.age.secrets.tt-rss-feed-crypt-key.path}'));
''; '';
}; };
} }