2019-09-15 23:00:34 +00:00
|
|
|
# NixOps configuration for the hosts running Tiny Tiny RSS (TT-RSS)
|
|
|
|
{
|
2022-03-07 14:26:15 +00:00
|
|
|
config,
|
|
|
|
pkgs,
|
|
|
|
lib,
|
|
|
|
...
|
|
|
|
}: {
|
2019-09-15 23:00:34 +00:00
|
|
|
services.tt-rss = {
|
2021-11-16 04:57:23 +00:00
|
|
|
enable = true; # Enable TT-RSS
|
2022-03-07 14:26:15 +00:00
|
|
|
database = {
|
|
|
|
# Configure the database
|
2021-11-16 04:57:23 +00:00
|
|
|
type = "pgsql"; # Database type
|
|
|
|
passwordFile = "/run/keys/tt-rss-dbpass"; # Where to find the password
|
2019-09-15 23:00:34 +00:00
|
|
|
};
|
|
|
|
email = {
|
2021-11-16 04:57:23 +00:00
|
|
|
fromAddress = "news@mcwhirter.io"; # Address for outgoing email
|
|
|
|
fromName = "News at mcwhirter.io"; # Display name for outgoing email
|
2019-09-15 23:00:34 +00:00
|
|
|
};
|
2021-11-16 04:57:23 +00:00
|
|
|
selfUrlPath = "https://news.mcwhirter.io/"; # Root web URL
|
|
|
|
virtualHost = "news.mcwhirter.io"; # Setup a virtualhost
|
2019-09-15 23:00:34 +00:00
|
|
|
};
|
|
|
|
|
|
|
|
services.postgresql = {
|
2021-11-16 04:57:23 +00:00
|
|
|
enable = true; # Ensure postgresql is enabled
|
2019-09-15 23:00:34 +00:00
|
|
|
authentication = ''
|
|
|
|
local tt_rss all ident map=tt_rss-users
|
|
|
|
'';
|
2022-03-07 14:26:15 +00:00
|
|
|
identMap =
|
|
|
|
# Map the tt-rss user to postgresql
|
2019-09-15 23:00:34 +00:00
|
|
|
''
|
|
|
|
tt_rss-users tt_rss tt_rss
|
|
|
|
'';
|
2022-03-07 14:26:15 +00:00
|
|
|
ensureDatabases = ["tt_rss"]; # Ensure the database persists
|
|
|
|
ensureUsers = [
|
|
|
|
{
|
|
|
|
name = "tt_rss"; # Ensure the database user persists
|
|
|
|
ensurePermissions = {
|
|
|
|
# Ensure the database permissions persist
|
|
|
|
"DATABASE tt_rss" = "ALL PRIVILEGES";
|
|
|
|
"ALL TABLES IN SCHEMA public" = "ALL PRIVILEGES";
|
|
|
|
};
|
|
|
|
}
|
|
|
|
];
|
2019-09-15 23:00:34 +00:00
|
|
|
};
|
|
|
|
|
2022-06-22 22:50:22 +00:00
|
|
|
services.postgresqlBackup.databases = ["tt_rss"];
|
|
|
|
|
2019-09-15 23:00:34 +00:00
|
|
|
services.nginx = {
|
2021-11-16 04:57:23 +00:00
|
|
|
enable = true; # Enable Nginx
|
2019-09-15 23:00:34 +00:00
|
|
|
recommendedGzipSettings = true;
|
|
|
|
recommendedOptimisation = true;
|
|
|
|
recommendedProxySettings = true;
|
|
|
|
recommendedTlsSettings = true;
|
2022-03-07 14:26:15 +00:00
|
|
|
virtualHosts."news.mcwhirter.io" = {
|
|
|
|
# TT-RSS hostname
|
2021-11-16 04:57:23 +00:00
|
|
|
enableACME = true; # Use ACME certs
|
|
|
|
forceSSL = true; # Force SSL
|
2019-09-15 23:00:34 +00:00
|
|
|
};
|
|
|
|
};
|
|
|
|
|
2022-03-07 14:26:15 +00:00
|
|
|
security.acme.certs = {"news.mcwhirter.io".email = "craige@mcwhirter.io";};
|
2019-11-05 04:33:59 +00:00
|
|
|
|
2022-03-07 14:26:15 +00:00
|
|
|
users.groups.keys.members = ["tt_rss"]; # Required due to NixOps issue #1204
|
2019-09-15 23:00:34 +00:00
|
|
|
}
|