xin/nixos-config
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

massicot/miniflux: added with kanidm provision

Browse source
This commit is contained in:
xinyangli 2024-08-05 09:57:11 +08:00
parent 0743f74527
commit 9ffc2ad23d
Signed by: xin
SSH key fingerprint: SHA256:qZ/tzd8lYRtUFSrfBDBMcUqV4GHKxqeqRA3huItgvbk
4 changed files with 55 additions and 22 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

24
flake.lock
View file

@ -143,11 +143,11 @@
] ]
}, },
"locked": { "locked": {
"lastModified": 1722476581, "lastModified": 1722562293,
"narHash": "sha256-dCNcvjaOTu+cPin3VUym9pglsghWYJe5oUpKTuAgiiU=", "narHash": "sha256-JLhM5xSbx5Isjyfz8+WhCfJ9hgEJ4VYRivTOANYZVWM=",
"owner": "nix-community", "owner": "nix-community",
"repo": "nix-vscode-extensions", "repo": "nix-vscode-extensions",
"rev": "1fe57eaf074d28246ec310486fe3db4ae44d0451", "rev": "2056dac5adce82433b1dae711868b1c22e5ed07e",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -174,11 +174,11 @@
}, },
"nixpkgs": { "nixpkgs": {
"locked": { "locked": {
"lastModified": 1722489601, "lastModified": 1722578639,
"narHash": "sha256-sB37J92AwEcmzg0GgxdI1TU6M+psUpbo0iYLFJBmsfo=", "narHash": "sha256-yge4OI8r8JBFtoajezauguXwYJ7M+Enwb3ZGbJF4YKA=",
"owner": "xinyangli", "owner": "xinyangli",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "eee3d54e62749dfd0f263e3903ca0ec1ebdbe72b", "rev": "4c71f761584bd9f9a4c4ba090c353c7f3e65c430",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -190,11 +190,11 @@
}, },
"nixpkgs-stable": { "nixpkgs-stable": {
"locked": { "locked": {
"lastModified": 1722221733, "lastModified": 1722372011,
"narHash": "sha256-sga9SrrPb+pQJxG1ttJfMPheZvDOxApFfwXCFO0H9xw=", "narHash": "sha256-B2xRiC3NEJy/82ugtareBkRqEkPGpMyjaLxaR8LBxNs=",
"owner": "nixos", "owner": "nixos",
"repo": "nixpkgs", "repo": "nixpkgs",
"rev": "12bf09802d77264e441f48e25459c10c93eada2e", "rev": "cf05eeada35e122770c5c14add958790fcfcbef5",
"type": "github" "type": "github"
}, },
"original": { "original": {
@ -222,11 +222,11 @@
}, },
"nur": { "nur": {
"locked": { "locked": {
"lastModified": 1722485061, "lastModified": 1722577920,
"narHash": "sha256-opkrX6noshjk2V3PKBiksA8+M6K7cu3EuiuAWL04pNs=", "narHash": "sha256-+Nilyq9pr3f13pNqE3UaJ/zxB69fQ8MmkA5xu6oYtIs=",
"owner": "nix-community", "owner": "nix-community",
"repo": "NUR", "repo": "NUR",
"rev": "3bf06551d5922d420607091f5a3321e712ece307", "rev": "a3f8a8853ee2e17c2efd5a33a5c91c1d79bc9c49",
"type": "github" "type": "github"
}, },
"original": { "original": {

11
machines/massicot/default.nix
View file

@ -28,6 +28,9 @@
grafana_oauth_secret = { grafana_oauth_secret = {
owner = "grafana"; owner = "grafana";
}; };
miniflux_oauth_secret = {
owner = "miniflux";
};
}; };
}; };
@ -42,7 +45,7 @@
fileSystems."/mnt/storage" = { fileSystems."/mnt/storage" = {
device = "//u380335-sub1.your-storagebox.de/u380335-sub1"; device = "//u380335-sub1.your-storagebox.de/u380335-sub1";
fsType = "cifs"; fsType = "cifs";
options = ["credentials=${config.sops.secrets.storage_box_mount.path}"]; options = [ "credentials=${config.sops.secrets.storage_box_mount.path}" ];
}; };
environment.systemPackages = with pkgs; [ environment.systemPackages = with pkgs; [
@ -67,9 +70,9 @@
}; };
security.sudo = { security.sudo = {
execWheelOnly = true; execWheelOnly = true;
wheelNeedsPassword = false; wheelNeedsPassword = false;
}; };
services.openssh = { services.openssh = {
enable = true; enable = true;

10
machines/massicot/kanidm-provision.nix
View file

@ -32,6 +32,9 @@
grafana-users = { grafana-users = {
members = [ "xin" ]; members = [ "xin" ];
}; };
miniflux-users = {
members = [ "xin" ];
};
}; };
persons = { persons = {
xin = { xin = {
@ -92,6 +95,13 @@
immich-users = [ "openid" "email" "profile" ]; immich-users = [ "openid" "email" "profile" ];
}; };
}; };
miniflux = {
displayName = "Miniflux";
originUrl = "https://rss.xinyang.life/";
scopeMaps = {
miniflux-users = [ "openid" "email" "profile" ];
};
};
grafana = { grafana = {
displayName = "Grafana"; displayName = "Grafana";
originUrl = "https://grafana.xinyang.life/"; originUrl = "https://grafana.xinyang.life/";

22
machines/massicot/services.nix
View file

@ -1,4 +1,4 @@
{ config, pkgs, ... }: { config, pkgs, lib, ... }:
let let
kanidm_listen_port = 5324; kanidm_listen_port = 5324;
in in
@ -85,6 +85,21 @@ in
}; };
provision = import ./kanidm-provision.nix; provision = import ./kanidm-provision.nix;
}; };
services.miniflux = {
enable = true;
config = {
LISTEN_ADDR = "127.0.0.1:58173";
OAUTH2_PROVIDER = "oidc";
OAUTH2_CLIEND_ID = "miniflux";
OAUTH2_REDIRECT_URL = "https://rss.xinyang.life/oauth2/oidc/callback";
OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://auth.xinyang.life/oauth2/openid/miniflux";
OAUTH2_USER_CREATION = 1;
CREATE_ADMIN = lib.mkForce "";
};
adminCredentialsFile = config.sops.secrets.miniflux_oauth_secret;
};
services.matrix-conduit = { services.matrix-conduit = {
enable = true; enable = true;
# package = inputs.conduit.packages.${pkgs.system}.default; # package = inputs.conduit.packages.${pkgs.system}.default;
@ -238,6 +253,11 @@ in
} }
} }
''; '';
virtualHosts."https://rss.xinyang.life".extraConfig = ''
reverse_proxy ${config.services.miniflux.config.LISTEN_ADDR}
'';
virtualHosts."https://ntfy.xinyang.life".extraConfig = '' virtualHosts."https://ntfy.xinyang.life".extraConfig = ''
reverse_proxy unix/${config.services.ntfy-sh.settings.listen-unix} reverse_proxy unix/${config.services.ntfy-sh.settings.listen-unix}
@httpget { @httpget {