mio-ops/profiles/tt-rss.nix

67 lines
1.7 KiB
Nix
Raw Permalink Normal View History

# NixOps configuration for the hosts running Tiny Tiny RSS (TT-RSS)
{
2022-03-07 14:26:15 +00:00
config,
pkgs,
lib,
...
}: {
2024-08-24 09:22:00 +00:00
age.secrets = {
tt-rss-dbpass = {
file = ../secrets/tt-rss-dbpass.age;
owner = "tt_rss";
group = "tt_rss";
mode = "0640";
};
};
services.tt-rss = {
2021-11-16 04:57:23 +00:00
enable = true; # Enable TT-RSS
2022-03-07 14:26:15 +00:00
database = {
# Configure the database
2021-11-16 04:57:23 +00:00
type = "pgsql"; # Database type
2024-08-25 12:42:46 +00:00
passwordFile = "${config.age.secrets.tt-rss-dbpass.path}"; # Where to find the password
};
email = {
2021-11-16 04:57:23 +00:00
fromAddress = "news@mcwhirter.io"; # Address for outgoing email
fromName = "News at mcwhirter.io"; # Display name for outgoing email
};
2021-11-16 04:57:23 +00:00
selfUrlPath = "https://news.mcwhirter.io/"; # Root web URL
virtualHost = "news.mcwhirter.io"; # Setup a virtualhost
};
services.postgresql = {
2021-11-16 04:57:23 +00:00
enable = true; # Ensure postgresql is enabled
authentication = ''
local tt_rss all ident map=tt_rss-users
'';
2022-03-07 14:26:15 +00:00
identMap =
# Map the tt-rss user to postgresql
''
tt_rss-users tt_rss tt_rss
'';
2022-03-07 14:26:15 +00:00
ensureDatabases = ["tt_rss"]; # Ensure the database persists
ensureUsers = [
{
name = "tt_rss"; # Ensure the database user persists
2024-02-06 16:24:53 +00:00
ensureDBOwnership = true;
2022-03-07 14:26:15 +00:00
}
];
};
2022-06-22 22:50:22 +00:00
services.postgresqlBackup.databases = ["tt_rss"];
services.nginx = {
2021-11-16 04:57:23 +00:00
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
2022-03-07 14:26:15 +00:00
virtualHosts."news.mcwhirter.io" = {
# TT-RSS hostname
2021-11-16 04:57:23 +00:00
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
};
};
2022-03-07 14:26:15 +00:00
security.acme.certs = {"news.mcwhirter.io".email = "craige@mcwhirter.io";};
}