Replace TT-RSS with FreshRSS
This commit is contained in:
parent
5114ff2482
commit
12853d9e08
|
@ -22,6 +22,7 @@
|
||||||
./services/data-share
|
./services/data-share
|
||||||
./services/docker
|
./services/docker
|
||||||
./services/docker-mailserver
|
./services/docker-mailserver
|
||||||
|
./services/freshrss
|
||||||
./services/gitea
|
./services/gitea
|
||||||
./services/grav
|
./services/grav
|
||||||
./services/haproxy
|
./services/haproxy
|
||||||
|
@ -48,7 +49,6 @@
|
||||||
./services/syslog
|
./services/syslog
|
||||||
./services/telegram-notifications
|
./services/telegram-notifications
|
||||||
./services/tlp
|
./services/tlp
|
||||||
./services/ttrss-postgres
|
|
||||||
./services/virtualbox-guest
|
./services/virtualbox-guest
|
||||||
];
|
];
|
||||||
}
|
}
|
||||||
|
|
|
@ -0,0 +1,108 @@
|
||||||
|
{ config, inputs, lib, pkgs, ... }:
|
||||||
|
let
|
||||||
|
cfg = config.services.az-freshrss;
|
||||||
|
in
|
||||||
|
{
|
||||||
|
options = {
|
||||||
|
services.az-freshrss.enable = lib.mkEnableOption "Enable FreshRSS.";
|
||||||
|
};
|
||||||
|
|
||||||
|
config = lib.mkIf cfg.enable {
|
||||||
|
|
||||||
|
age.secrets.freshrss_db_pass = {
|
||||||
|
file = "${inputs.self}/scrts/freshrss_db_pass.age";
|
||||||
|
mode = "600";
|
||||||
|
owner = config.services.freshrss.user;
|
||||||
|
group = config.services.freshrss.user;
|
||||||
|
};
|
||||||
|
age.secrets.freshrss_user_pass = {
|
||||||
|
file = "${inputs.self}/scrts/freshrss_user_pass.age";
|
||||||
|
mode = "600";
|
||||||
|
owner = config.services.freshrss.user;
|
||||||
|
group = config.services.freshrss.user;
|
||||||
|
};
|
||||||
|
|
||||||
|
networking.firewall.allowedTCPPorts = [
|
||||||
|
80
|
||||||
|
443
|
||||||
|
];
|
||||||
|
security.acme = {
|
||||||
|
acceptTerms = true;
|
||||||
|
defaults.email = "admin+acme@zweili.ch";
|
||||||
|
};
|
||||||
|
|
||||||
|
services = {
|
||||||
|
az-data-share.enable = true;
|
||||||
|
freshrss = {
|
||||||
|
enable = true;
|
||||||
|
baseUrl = "https://rss.zweili.org";
|
||||||
|
database = {
|
||||||
|
passFile = config.age.secrets.freshrss_db_pass.path;
|
||||||
|
port = 3306;
|
||||||
|
type = "mysql";
|
||||||
|
};
|
||||||
|
defaultUser = "thedoctor";
|
||||||
|
passwordFile = config.age.secrets.freshrss_user_pass.path;
|
||||||
|
virtualHost = "rss.zweili.org";
|
||||||
|
};
|
||||||
|
mysql = {
|
||||||
|
enable = true;
|
||||||
|
package = pkgs.mariadb;
|
||||||
|
ensureUsers = [
|
||||||
|
{
|
||||||
|
name = "freshrss";
|
||||||
|
ensurePermissions = {
|
||||||
|
"freshrss.*" = "ALL PRIVILEGES";
|
||||||
|
};
|
||||||
|
}
|
||||||
|
];
|
||||||
|
initialDatabases = [{ name = "freshrss"; }];
|
||||||
|
settings = {
|
||||||
|
mysqld = {
|
||||||
|
innodb_file_per_table = 1;
|
||||||
|
innodb_buffer_pool_size = "2G";
|
||||||
|
read_rnd_buffer_size = "4M";
|
||||||
|
sort_buffer_size = "4M";
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
nginx = {
|
||||||
|
appendHttpConfig = ''
|
||||||
|
# Disable embedding as a frame
|
||||||
|
add_header X-Frame-Options DENY;
|
||||||
|
'';
|
||||||
|
commonHttpConfig = ''
|
||||||
|
# Add HSTS header with preloading to HTTPS requests.
|
||||||
|
# Adding this header to HTTP requests is discouraged
|
||||||
|
map $scheme $hsts_header {
|
||||||
|
https "max-age=63072000; includeSubdomains; preload";
|
||||||
|
}
|
||||||
|
add_header Strict-Transport-Security $hsts_header;
|
||||||
|
|
||||||
|
# Enable CSP for your services.
|
||||||
|
#add_header Content-Security-Policy "script-src 'self'; object-src 'none'; base-uri 'none';" always;
|
||||||
|
|
||||||
|
# Minimize information leaked to other domains
|
||||||
|
add_header 'Referrer-Policy' 'origin-when-cross-origin';
|
||||||
|
|
||||||
|
# Prevent injection of code in other mime types (XSS Attacks)
|
||||||
|
add_header X-Content-Type-Options nosniff;
|
||||||
|
|
||||||
|
# Enable XSS protection of the browser.
|
||||||
|
# May be unnecessary when CSP is configured properly (see above)
|
||||||
|
add_header X-XSS-Protection "1; mode=block";
|
||||||
|
|
||||||
|
# This might create errors
|
||||||
|
proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
|
||||||
|
'';
|
||||||
|
recommendedOptimisation = true;
|
||||||
|
recommendedTlsSettings = true;
|
||||||
|
virtualHosts."rss.zweili.org" = {
|
||||||
|
enableACME = true;
|
||||||
|
forceSSL = true;
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
};
|
||||||
|
}
|
||||||
|
|
|
@ -38,9 +38,8 @@ in
|
||||||
redirect scheme https code 301 if { hdr(host) -i git.2li.ch } !{ ssl_fc }
|
redirect scheme https code 301 if { hdr(host) -i git.2li.ch } !{ ssl_fc }
|
||||||
redirect scheme https code 301 if { hdr(host) -i heimdall.2li.ch } !{ ssl_fc }
|
redirect scheme https code 301 if { hdr(host) -i heimdall.2li.ch } !{ ssl_fc }
|
||||||
redirect scheme https code 301 if { hdr(host) -i nextcloud.2li.ch } !{ ssl_fc }
|
redirect scheme https code 301 if { hdr(host) -i nextcloud.2li.ch } !{ ssl_fc }
|
||||||
redirect scheme https code 301 if { hdr(host) -i ttrss.2li.ch } !{ ssl_fc }
|
redirect scheme https code 301 if { hdr(host) -i rss.zweili.org } !{ ssl_fc }
|
||||||
redirect scheme https code 301 if { hdr(host) -i webmail.2li.ch } !{ ssl_fc }
|
redirect scheme https code 301 if { hdr(host) -i rss-bridge.zweili.org } !{ ssl_fc }
|
||||||
redirect scheme https code 301 if { hdr(host) -i rss-bridge.2li.ch } !{ ssl_fc }
|
|
||||||
redirect scheme https code 301 if { hdr(host) -i www.2li.ch } !{ ssl_fc }
|
redirect scheme https code 301 if { hdr(host) -i www.2li.ch } !{ ssl_fc }
|
||||||
redirect scheme https code 301 if { hdr_dom(host) -i 2li.ch } !{ ssl_fc }
|
redirect scheme https code 301 if { hdr_dom(host) -i 2li.ch } !{ ssl_fc }
|
||||||
|
|
||||||
|
@ -57,8 +56,8 @@ in
|
||||||
use_backend proxy if { req_ssl_sni -i heimdall.2li.ch }
|
use_backend proxy if { req_ssl_sni -i heimdall.2li.ch }
|
||||||
use_backend mail_server if { req_ssl_sni -i mail.zweili.org }
|
use_backend mail_server if { req_ssl_sni -i mail.zweili.org }
|
||||||
use_backend nextcloud_server if { req_ssl_sni -i nextcloud.2li.ch }
|
use_backend nextcloud_server if { req_ssl_sni -i nextcloud.2li.ch }
|
||||||
use_backend ttrss_server if { req_ssl_sni -i ttrss.2li.ch }
|
use_backend rss_server if { req_ssl_sni -i rss.zweili.org }
|
||||||
use_backend ttrss_server if { req_ssl_sni -i rss-bridge.2li.ch }
|
use_backend rss_server if { req_ssl_sni -i rss-bridge.zweili.org }
|
||||||
use_backend proxy if { req_ssl_sni -i www.2li.ch }
|
use_backend proxy if { req_ssl_sni -i www.2li.ch }
|
||||||
use_backend proxy if { req_ssl_sni -i 2li.ch }
|
use_backend proxy if { req_ssl_sni -i 2li.ch }
|
||||||
|
|
||||||
|
@ -71,7 +70,7 @@ in
|
||||||
backend nextcloud_server
|
backend nextcloud_server
|
||||||
mode tcp
|
mode tcp
|
||||||
server server1 10.7.89.103:443 check
|
server server1 10.7.89.103:443 check
|
||||||
backend ttrss_server
|
backend rss_server
|
||||||
mode tcp
|
mode tcp
|
||||||
server server1 10.7.89.115:443 check
|
server server1 10.7.89.115:443 check
|
||||||
backend mail_server
|
backend mail_server
|
||||||
|
|
|
@ -1,123 +0,0 @@
|
||||||
{ config, inputs, lib, ... }:
|
|
||||||
let
|
|
||||||
cfg = config.services.az-ttrss-postgres;
|
|
||||||
ttrssEnvironment = {
|
|
||||||
TZ = "Europe/Zurich";
|
|
||||||
TTRSS_DB_USER = "ttrss";
|
|
||||||
TTRSS_DB_NAME = "ttrssdb";
|
|
||||||
TTRSS_DB_HOST = "host.docker.internal";
|
|
||||||
TTRSS_SELF_URL_PATH = "https://${cfg.domain}/tt-rss";
|
|
||||||
TTRSS_SESSION_COOKIE_LIFETIME = "604800";
|
|
||||||
TTRSS_PLUGINS = "af_comics, af_readability, auth_internal, hotkeys_swap_jk, nginx_xaccel";
|
|
||||||
};
|
|
||||||
# https://github.com/Nebucatnetzer/tt-rss-aarch64/pkgs/container/tt-rss-aarch64%2Fttrss-fpm-pgsql-static/versions
|
|
||||||
ttrssImage = "ghcr.io/nebucatnetzer/tt-rss-aarch64/ttrss-fpm-pgsql-static@sha256:917984de936a1b2d734d6b8a05ecbd741a46a05d5220c45ea0929da67c8738df";
|
|
||||||
ttrssService = "${config.virtualisation.oci-containers.backend}-ttrss";
|
|
||||||
in
|
|
||||||
{
|
|
||||||
options = {
|
|
||||||
services.az-ttrss-postgres = {
|
|
||||||
enable = lib.mkEnableOption "Enable TTRSS";
|
|
||||||
domain = lib.mkOption {
|
|
||||||
type = lib.types.str;
|
|
||||||
description = "The domain TTRSS is being run from.";
|
|
||||||
};
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
config = lib.mkIf cfg.enable {
|
|
||||||
age.secrets.ttrssEnv.file = "${inputs.self}/scrts/ttrss_env.age";
|
|
||||||
|
|
||||||
services = {
|
|
||||||
az-docker.enable = true;
|
|
||||||
az-nginx-fpm = {
|
|
||||||
enable = true;
|
|
||||||
dataDir = "/var/lib/ttrss/html";
|
|
||||||
domain = cfg.domain;
|
|
||||||
};
|
|
||||||
az-postgresql.enable = true;
|
|
||||||
nginx.virtualHosts."${cfg.domain}".locations = {
|
|
||||||
"/".extraConfig = ''
|
|
||||||
try_files $uri $uri/ = 404;
|
|
||||||
'';
|
|
||||||
"/tt-rss/cache".extraConfig = ''
|
|
||||||
aio threads;
|
|
||||||
internal;
|
|
||||||
'';
|
|
||||||
"/tt-rss/backups".extraConfig = ''
|
|
||||||
internal;
|
|
||||||
'';
|
|
||||||
};
|
|
||||||
postgresql = {
|
|
||||||
authentication = "host ttrssdb ttrss 172.16.0.0/12 scram-sha-256";
|
|
||||||
ensureDatabases = [ "ttrssdb" ];
|
|
||||||
ensureUsers = [{
|
|
||||||
name = "ttrss";
|
|
||||||
ensurePermissions = {
|
|
||||||
"DATABASE ttrssdb " = "ALL PRIVILEGES";
|
|
||||||
};
|
|
||||||
}];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
virtualisation.oci-containers = {
|
|
||||||
backend = "docker";
|
|
||||||
containers."ttrss" = {
|
|
||||||
image = ttrssImage;
|
|
||||||
autoStart = true;
|
|
||||||
environment = ttrssEnvironment;
|
|
||||||
environmentFiles = [ config.age.secrets.ttrssEnv.path ];
|
|
||||||
ports = [
|
|
||||||
"9000:9000"
|
|
||||||
];
|
|
||||||
volumes = [
|
|
||||||
"/var/lib/ttrss/html:/var/www/html"
|
|
||||||
"/etc/localtime:/etc/localtime:ro"
|
|
||||||
];
|
|
||||||
extraOptions = [
|
|
||||||
"--add-host=host.docker.internal:host-gateway"
|
|
||||||
"--log-opt=tag='ttrss'"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
containers."backup" = {
|
|
||||||
image = ttrssImage;
|
|
||||||
autoStart = true;
|
|
||||||
environment = ttrssEnvironment;
|
|
||||||
environmentFiles = [ config.age.secrets.ttrssEnv.path ];
|
|
||||||
volumes = [
|
|
||||||
"/var/lib/ttrss/html:/var/www/html"
|
|
||||||
"/var/lib/ttrss/backup:/backup"
|
|
||||||
"/etc/localtime:/etc/localtime:ro"
|
|
||||||
];
|
|
||||||
cmd = [ "/opt/tt-rss/dcron.sh" "-f" ];
|
|
||||||
extraOptions = [
|
|
||||||
"--add-host=host.docker.internal:host-gateway"
|
|
||||||
"--log-opt=tag='ttrss-backup'"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
containers."updater" = {
|
|
||||||
image = ttrssImage;
|
|
||||||
autoStart = true;
|
|
||||||
environment = ttrssEnvironment;
|
|
||||||
environmentFiles = [ config.age.secrets.ttrssEnv.path ];
|
|
||||||
volumes = [
|
|
||||||
"/var/lib/ttrss/html:/var/www/html"
|
|
||||||
"/etc/localtime:/etc/localtime:ro"
|
|
||||||
];
|
|
||||||
cmd = [ "/opt/tt-rss/updater.sh" ];
|
|
||||||
dependsOn = [ "ttrss" ];
|
|
||||||
extraOptions = [
|
|
||||||
"--add-host=host.docker.internal:host-gateway"
|
|
||||||
"--log-opt=tag='ttrss-updater'"
|
|
||||||
];
|
|
||||||
};
|
|
||||||
};
|
|
||||||
|
|
||||||
systemd.services.${ttrssService}.after = [ "nginx.service" ];
|
|
||||||
systemd.services.postgresql.after = [ "${ttrssService}.service" ];
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,37 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-rsa 7S8lxw
|
||||||
|
Tj0HzEBICajGuM776Pi19+VktT2/QXLlJKGwhPK7uUIIjXSB1C/DvOv6A1pltxjB
|
||||||
|
hQPkkvBdt6zCUbPBoqCF0obKm+PJxvYXspWlbUraY1i3H9mmq128SBnn1hn8O3nl
|
||||||
|
xMW3hBSxt64Hy1JqJQ9pg+hzvuNMYXXtaKeXmp7vkuqguL/6Cb4TcoZAWMkyp2Vg
|
||||||
|
iyhhkguHbCQ5AhS9parNRCvlCPWndI9ZfZ0UJwrsJrMVoScyzffEI+/ch8ghTv5L
|
||||||
|
WZLbTnyrtFwXpFeRUsDy5OH8xLsZ+SJbVd4ugJQqg1SJp88vDj9PhCjhnM4ymYfQ
|
||||||
|
wnCj795dv/mK393oBDRB7f6HBEfkvpqP1HUVgrnohftcMNsrGr3GCCnR6YoJENsF
|
||||||
|
4dhFDkUzoZO7ZV6g1P5S8FE3NA1MUOiAS4EevtFfWUEwazwVbOR7cTpeluLN6GhB
|
||||||
|
cFFrTLCoSgyR8//RkwXbfHg38nlJ6QZZCVoMMcFyLvUIImHjFTsFGaSpZVbtHhH+
|
||||||
|
|
||||||
|
-> ssh-rsa Ws+JZA
|
||||||
|
RjOZ8aZVXzZ2X7Xj5GkgZPoBInvV87zZ5j5P/RpZb0CdDWY33Pn48NCANPfJ+/Kj
|
||||||
|
EUAQktF8Is9RTMx9jlD3eitHS6Ef4RWdm0R4HEMPP9OtsFgKSj7vwedDUPhQo6rA
|
||||||
|
XR1ZB7K5Qj2c2F04IABAh2mXFr17EzicNLPao6bhh6QykHMaOibFbuomTdCT3I8E
|
||||||
|
bEtWVxr+KreiPMO2hph2dBQpcsGKteTn2bjfiXZF08FCar85zIwb9+TQM7anWFhJ
|
||||||
|
umEqFIqgc9J+nIS/KW4dyjNMm5t4s+DwL3/oyG6u7lEGpOCl+skrOmm/N9CNdpyr
|
||||||
|
MDEMpH8A660evBKgUYDdmS4zsIzs3jEYxZodF5MwZQIZbbZsnKK/gJFJBZzZlBU+
|
||||||
|
XhB4p5HCnSVG6vxM9utUac0VOYHbd7+8zDHpld0rp7UEH3nS2E/1Vevbe6uiteSj
|
||||||
|
xVC9k+yvPPd/hF3qTkKmlq1W5xlNZYUadr50LrGJneC75HxT08yZ9euKv7vAUsc8
|
||||||
|
|
||||||
|
-> ssh-ed25519 skmU/w OiQbxJUvx2S/8RXREeiC/qa7XaKy8kDuHCV2WWBtQBQ
|
||||||
|
MYaPQRNRFUkPcYEkmoQRJiZEiqFJiADs066WbzHccN0
|
||||||
|
-> ssh-ed25519 IjdJGQ 3bIQASlVHoNmor1rekf8NRgo4fJ7WvIqMw1zgiqZNQM
|
||||||
|
jNSi6IRovlg5tCnHnOIA3LQbHi8VO+9kbEhNSpewdIQ
|
||||||
|
-> ssh-ed25519 KXqA9w a0kw2i+TIqrL83h0NLEwVNZRlsLLufx++d51jHPHJC4
|
||||||
|
tGzwEIiZo/290lT6E5If6VZP1cFaQJErU2fAWFFcU0U
|
||||||
|
-> ssh-ed25519 O6+Deg pOlPH/k7bDElSWFPwNUBNAbAj73oHkzMg4W534HVg1A
|
||||||
|
NvOUColy0xshhJ0L/5y8h3gyhTOqP4ifLNlaFTZE8nw
|
||||||
|
-> ssh-ed25519 NNd1zQ y7VAwdFlqUcQIkyUfE2GAHiQngEumFwyxHuglYVVYSg
|
||||||
|
8BuelHXeEVxn97BbgNsUBM7cwBfrpG10dQnSMLjR36w
|
||||||
|
-> a+hD-grease 8i{c;z; G _CI^;
|
||||||
|
0e6ZcLxVrqKcAA9N6pLRwVaZMbr5k6S09oz62js47dw
|
||||||
|
--- 2N/hOA3Vln9Y1hu/5YghOZSB+DccQtPedDC1MWeJLfY
|
||||||
|
óî<14>º¤GC~e'
|
||||||
|
°&û6
|
||||||
|
£PÖ}(è8<C3A8>(+¯)ÿ´N'Ô<>ÍŸ+ñÇ(LG²É[Örî–¼ðE"…¥Ö
|
|
@ -0,0 +1,35 @@
|
||||||
|
age-encryption.org/v1
|
||||||
|
-> ssh-rsa 7S8lxw
|
||||||
|
hzXk5l07rI7WEV1ntXuNUrp5w46rpoSV4OsKrE8uZ2LlK7Kf5QRcRk11uNTOQWI3
|
||||||
|
fiuoJdQAH6Z2jdl3qmUHG1kidnRaT7wYfGVtXkBWihRV8uy6GZVd2D1cd2qIAGzp
|
||||||
|
FC1RnhQMoqBhLqormRVMqH63otwYYv0J+RrxS1pwyYaOyXWH7VnXpoxHgvkx54tp
|
||||||
|
MpZWKHEAgYPhgnSQCxGofK3WChMfhkpsATkExFCJflv8BYjXUUhFIUCK6wtFJQar
|
||||||
|
MoOTOzl6+v0n3i1+1YSychu+CEtqBbB9jBYd1t6MzKapoSTRPFcMGUEy2sYEcOKc
|
||||||
|
CaGxHFqxRDNBgHS11YFxy+H7H55CbaI2ILMY9Gg+cByVEHEB9v4HiPSfhozsPi04
|
||||||
|
i/Rk5Xl7BVAH/YvMvsfFnoYjEXO4mNqQiIAZ/IfiryxOqaB+2MJdCHSezuOHa78h
|
||||||
|
Cjhn6r232fBbX/mr6ZsH4AeoxZB+cIFjqVVkZbxtsYZd1Olu/rCnKJ7AH/arpEfT
|
||||||
|
|
||||||
|
-> ssh-rsa Ws+JZA
|
||||||
|
sbny3J/0ZtHRqXQ75NGKmdSayFm9+6uh+RiIzS/DxL56HV39QyQQwnfMEL5fPTy6
|
||||||
|
XbQzQ0zi9SlgKPikVc3hVYU4wJXPOx0UF5fQUR5EDfMzRmEeBtmDgOZUXEyD02EL
|
||||||
|
IJUl+x58GpeHEQrLJhysg2QrEXpGDUwKqSPb/wkMPwxeqyv1o/ROTBSlvv2KtOZU
|
||||||
|
PKoc3fUWmVEUKnjGk3U6GfU96Um8DqE/625MbqrxB1rKXaufAYqJEHORqVUSJJGt
|
||||||
|
Ir9M7cXXF5NtGl9AfxDUkJOStEq9tIM70PKOZCsTd3yzhbEx1pRgZ3yUd7hrI+FG
|
||||||
|
RzpK004Bp88VETh1K89AiIPfl3Qsbr4EQpUoovSIA4uye/nBiv7fWcd16WHuzStq
|
||||||
|
u4T+G7KO79M3BtVh4+GtFSRJHUwoXpxpL1R1Ip/g3lk8tOdDBe/3N6TW/h/2PPbK
|
||||||
|
leBCnog5OseqfiFvE4yrP2J+a7bW/QMpoz23KNQJuUhlsB5bDe7ZEdFiSrdBhY8y
|
||||||
|
|
||||||
|
-> ssh-ed25519 skmU/w vkFWaSxEAyY15OFlHRUCl9gD3zcioHhCtZU4Zt1ScxE
|
||||||
|
IfSElDAsWZ1I+KCP3aGpqlvngjoVMdr8KwY5wYa/AM4
|
||||||
|
-> ssh-ed25519 IjdJGQ 7JCqyuBuHOEWP+BMHhkV+xILx1jCibkT3mK5+En/VHM
|
||||||
|
et1E8yWRltlFhQSZ9dNZTol6auGNDVFQnM8zRk8WX78
|
||||||
|
-> ssh-ed25519 KXqA9w X7SbzoO3VoVKrLlxpLDRn6WOhYEqUT5BhsfCs2xL0h0
|
||||||
|
j2eS8jfR4p4gEjoZISZ79j9p7O+nukQghv217G369qM
|
||||||
|
-> ssh-ed25519 O6+Deg MxP6gjy49oxPmCkQ3q/8HDJu9Jdvw6sZlw+yuP8S0GQ
|
||||||
|
SMRI5W8CpYSv36z9F5N50m0kQx6F1ymCIXp4efjBRaY
|
||||||
|
-> ssh-ed25519 NNd1zQ Eq/TBtKBZeUAu+rcyagW71v5UxvdiODRZiZKC08vCjw
|
||||||
|
jwp23eWcIH9AzpKx88iDW2OK+3FLo5jYwxtH7xbtjAM
|
||||||
|
-> f-grease
|
||||||
|
XqArEpZJ
|
||||||
|
--- otuHrontDMhvdXryLukT2JXB9man78BJeGZxAjpmdWw
|
||||||
|
k!¦ê`Ž=‚à½JœÈô…¥ý<C2A5>€êª…¯>øü²Ds§M«<>Òú4Î.Vb”œBkGŽíÐ?ßwù`ÆLô
|
|
@ -35,6 +35,8 @@ in
|
||||||
{
|
{
|
||||||
"dkim_2li.ch.age".publicKeys = defaultKeys ++ [ mail ];
|
"dkim_2li.ch.age".publicKeys = defaultKeys ++ [ mail ];
|
||||||
"dkim_zweili.ch.age".publicKeys = defaultKeys ++ [ mail ];
|
"dkim_zweili.ch.age".publicKeys = defaultKeys ++ [ mail ];
|
||||||
|
"freshrss_db_pass.age".publicKeys = defaultKeys ++ [ ttrss ];
|
||||||
|
"freshrss_user_pass.age".publicKeys = defaultKeys ++ [ ttrss ];
|
||||||
"gitea_env.age".publicKeys = defaultKeys ++ [ git ];
|
"gitea_env.age".publicKeys = defaultKeys ++ [ git ];
|
||||||
"infomaniak_env.age".publicKeys = all;
|
"infomaniak_env.age".publicKeys = all;
|
||||||
"nextcloud_env.age".publicKeys = defaultKeys ++ [ nextcloud ];
|
"nextcloud_env.age".publicKeys = defaultKeys ++ [ nextcloud ];
|
||||||
|
@ -42,7 +44,6 @@ in
|
||||||
"plex_claim.age".publicKeys = defaultKeys ++ [ plex ];
|
"plex_claim.age".publicKeys = defaultKeys ++ [ plex ];
|
||||||
"restic.key.age".publicKeys = all;
|
"restic.key.age".publicKeys = all;
|
||||||
"telegram_notify_env.age".publicKeys = all;
|
"telegram_notify_env.age".publicKeys = all;
|
||||||
"ttrss_env.age".publicKeys = defaultKeys ++ [ ttrss ];
|
|
||||||
"webdav_andreas.age".publicKeys = defaultKeys;
|
"webdav_andreas.age".publicKeys = defaultKeys;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Binary file not shown.
|
@ -1,4 +1,4 @@
|
||||||
{ hostname }: { inputs, pkgs, ... }:
|
{ hostname }: { config, inputs, pkgs, ... }:
|
||||||
{
|
{
|
||||||
hardware = {
|
hardware = {
|
||||||
az-raspi4-ethernet = {
|
az-raspi4-ethernet = {
|
||||||
|
@ -11,19 +11,15 @@
|
||||||
services = {
|
services = {
|
||||||
az-nginx-proxy = {
|
az-nginx-proxy = {
|
||||||
enable = true;
|
enable = true;
|
||||||
domain = "rss-bridge.2li.ch";
|
domain = "rss-bridge.zweili.org";
|
||||||
port = 8082;
|
port = 8082;
|
||||||
};
|
};
|
||||||
az-restic-client-server-postgres = {
|
az-restic-client-server-mysql = {
|
||||||
enable = true;
|
enable = true;
|
||||||
path = "/var/lib/ttrss";
|
path = config.services.freshrss.dataDir;
|
||||||
tag = "tt-rss";
|
|
||||||
time = "23:00";
|
time = "23:00";
|
||||||
};
|
};
|
||||||
az-rss-bridge.enable = true;
|
az-rss-bridge.enable = true;
|
||||||
az-ttrss-postgres = {
|
az-freshrss.enable = true;
|
||||||
enable = true;
|
|
||||||
domain = "ttrss.2li.ch";
|
|
||||||
};
|
|
||||||
};
|
};
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue