diff --git a/flake.lock b/flake.lock
index d78098f..00dfea1 100644
--- a/flake.lock
+++ b/flake.lock
@@ -143,11 +143,11 @@
         ]
       },
       "locked": {
-        "lastModified": 1722476581,
-        "narHash": "sha256-dCNcvjaOTu+cPin3VUym9pglsghWYJe5oUpKTuAgiiU=",
+        "lastModified": 1722562293,
+        "narHash": "sha256-JLhM5xSbx5Isjyfz8+WhCfJ9hgEJ4VYRivTOANYZVWM=",
         "owner": "nix-community",
         "repo": "nix-vscode-extensions",
-        "rev": "1fe57eaf074d28246ec310486fe3db4ae44d0451",
+        "rev": "2056dac5adce82433b1dae711868b1c22e5ed07e",
         "type": "github"
       },
       "original": {
@@ -174,11 +174,11 @@
     },
     "nixpkgs": {
       "locked": {
-        "lastModified": 1722489601,
-        "narHash": "sha256-sB37J92AwEcmzg0GgxdI1TU6M+psUpbo0iYLFJBmsfo=",
+        "lastModified": 1722578639,
+        "narHash": "sha256-yge4OI8r8JBFtoajezauguXwYJ7M+Enwb3ZGbJF4YKA=",
         "owner": "xinyangli",
         "repo": "nixpkgs",
-        "rev": "eee3d54e62749dfd0f263e3903ca0ec1ebdbe72b",
+        "rev": "4c71f761584bd9f9a4c4ba090c353c7f3e65c430",
         "type": "github"
       },
       "original": {
@@ -190,11 +190,11 @@
     },
     "nixpkgs-stable": {
       "locked": {
-        "lastModified": 1722221733,
-        "narHash": "sha256-sga9SrrPb+pQJxG1ttJfMPheZvDOxApFfwXCFO0H9xw=",
+        "lastModified": 1722372011,
+        "narHash": "sha256-B2xRiC3NEJy/82ugtareBkRqEkPGpMyjaLxaR8LBxNs=",
         "owner": "nixos",
         "repo": "nixpkgs",
-        "rev": "12bf09802d77264e441f48e25459c10c93eada2e",
+        "rev": "cf05eeada35e122770c5c14add958790fcfcbef5",
         "type": "github"
       },
       "original": {
@@ -222,11 +222,11 @@
     },
     "nur": {
       "locked": {
-        "lastModified": 1722485061,
-        "narHash": "sha256-opkrX6noshjk2V3PKBiksA8+M6K7cu3EuiuAWL04pNs=",
+        "lastModified": 1722577920,
+        "narHash": "sha256-+Nilyq9pr3f13pNqE3UaJ/zxB69fQ8MmkA5xu6oYtIs=",
         "owner": "nix-community",
         "repo": "NUR",
-        "rev": "3bf06551d5922d420607091f5a3321e712ece307",
+        "rev": "a3f8a8853ee2e17c2efd5a33a5c91c1d79bc9c49",
         "type": "github"
       },
       "original": {
diff --git a/machines/massicot/default.nix b/machines/massicot/default.nix
index 2e7597f..ab45a34 100644
--- a/machines/massicot/default.nix
+++ b/machines/massicot/default.nix
@@ -7,7 +7,7 @@
     ./networking.nix
     ./services.nix
   ];
-  
+
   sops = {
     defaultSopsFile = ./secrets.yaml;
     age.sshKeyPaths = [ "/etc/ssh/ssh_host_ed25519_key" ];
@@ -28,6 +28,9 @@
       grafana_oauth_secret = {
         owner = "grafana";
       };
+      miniflux_oauth_secret = {
+        owner = "miniflux";
+      };
     };
   };
 
@@ -42,7 +45,7 @@
   fileSystems."/mnt/storage" = {
     device = "//u380335-sub1.your-storagebox.de/u380335-sub1";
     fsType = "cifs";
-    options = ["credentials=${config.sops.secrets.storage_box_mount.path}"];
+    options = [ "credentials=${config.sops.secrets.storage_box_mount.path}" ];
   };
 
   environment.systemPackages = with pkgs; [
@@ -51,7 +54,7 @@
   ];
 
   system.stateVersion = "22.11";
-  
+
   networking = {
     hostName = "massicot";
   };
@@ -67,9 +70,9 @@
   };
 
   security.sudo = {
-      execWheelOnly = true;
-      wheelNeedsPassword = false;
-    };
+    execWheelOnly = true;
+    wheelNeedsPassword = false;
+  };
 
   services.openssh = {
     enable = true;
@@ -83,6 +86,6 @@
   };
   services.fail2ban.enable = true;
   programs.mosh.enable = true;
-  
+
   systemd.services.sshd.wantedBy = pkgs.lib.mkForce [ "multi-user.target" ];
 }
diff --git a/machines/massicot/kanidm-provision.nix b/machines/massicot/kanidm-provision.nix
index 3bbf1ca..374fb69 100644
--- a/machines/massicot/kanidm-provision.nix
+++ b/machines/massicot/kanidm-provision.nix
@@ -32,13 +32,16 @@
     grafana-users = {
       members = [ "xin" ];
     };
+    miniflux-users = {
+      members = [ "xin" ];
+    };
   };
   persons = {
     xin = {
       displayName = "Xinyang Li";
       mailAddresses = [ "lixinyang411@gmail.com" ];
     };
-    
+
     zhuo = {
       displayName = "Zhuo";
       mailAddresses = [ "13681104320@163.com" ];
@@ -92,6 +95,13 @@
         immich-users = [ "openid" "email" "profile" ];
       };
     };
+    miniflux = {
+      displayName = "Miniflux";
+      originUrl = "https://rss.xinyang.life/";
+      scopeMaps = {
+        miniflux-users = [ "openid" "email" "profile" ];
+      };
+    };
     grafana = {
       displayName = "Grafana";
       originUrl = "https://grafana.xinyang.life/";
@@ -110,4 +120,4 @@
       };
     };
   };
-}
\ No newline at end of file
+}
diff --git a/machines/massicot/services.nix b/machines/massicot/services.nix
index 2db1118..b16d42d 100644
--- a/machines/massicot/services.nix
+++ b/machines/massicot/services.nix
@@ -1,4 +1,4 @@
-{ config, pkgs, ... }:
+{ config, pkgs, lib, ... }:
 let
   kanidm_listen_port = 5324;
 in
@@ -85,6 +85,21 @@ in
     };
     provision = import ./kanidm-provision.nix;
   };
+
+  services.miniflux = {
+    enable = true;
+    config = {
+      LISTEN_ADDR = "127.0.0.1:58173";
+      OAUTH2_PROVIDER = "oidc";
+      OAUTH2_CLIEND_ID = "miniflux";
+      OAUTH2_REDIRECT_URL = "https://rss.xinyang.life/oauth2/oidc/callback";
+      OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://auth.xinyang.life/oauth2/openid/miniflux";
+      OAUTH2_USER_CREATION = 1;
+      CREATE_ADMIN = lib.mkForce "";
+    };
+    adminCredentialsFile = config.sops.secrets.miniflux_oauth_secret;
+  };
+
   services.matrix-conduit = {
     enable = true;
     # package = inputs.conduit.packages.${pkgs.system}.default;
@@ -238,6 +253,11 @@ in
           }
       }
     '';
+
+    virtualHosts."https://rss.xinyang.life".extraConfig = ''
+      reverse_proxy ${config.services.miniflux.config.LISTEN_ADDR}
+    '';
+
     virtualHosts."https://ntfy.xinyang.life".extraConfig = ''
       reverse_proxy unix/${config.services.ntfy-sh.settings.listen-unix}
       @httpget {