Bruno BELANYI
906299a1ef
TODO: * Look at for more inspiration https://github.com/nix-community/impermanence/pull/108 * Do home-manager * Common files https://github.com/nix-community/impermanence/issues/10
72 lines
1.7 KiB
Nix
72 lines
1.7 KiB
Nix
# A minimalist, opinionated feed reader
|
|
{ config, lib, ... }:
|
|
let
|
|
cfg = config.my.services.miniflux;
|
|
in
|
|
{
|
|
options.my.services.miniflux = with lib; {
|
|
enable = mkEnableOption "Miniflux feed reader";
|
|
|
|
credentialsFiles = mkOption {
|
|
type = types.str;
|
|
example = "/var/lib/miniflux/creds.env";
|
|
description = ''
|
|
Credential file as an 'EnvironmentFile' (see `systemd.exec(5)`)
|
|
'';
|
|
};
|
|
|
|
port = mkOption {
|
|
type = types.port;
|
|
default = 9876;
|
|
example = 8080;
|
|
description = "Internal port for webui";
|
|
};
|
|
};
|
|
|
|
config = lib.mkIf cfg.enable {
|
|
# The service automatically sets up the DB
|
|
services.miniflux = {
|
|
enable = true;
|
|
|
|
adminCredentialsFile = cfg.credentialsFiles;
|
|
|
|
config = {
|
|
# Virtual hosts settings
|
|
BASE_URL = "https://reader.${config.networking.domain}";
|
|
LISTEN_ADDR = "localhost:${toString cfg.port}";
|
|
# I want fast updates
|
|
POLLING_FREQUENCY = "30";
|
|
BATCH_SIZE = "50";
|
|
# I am a hoarder
|
|
CLEANUP_ARCHIVE_UNREAD_DAYS = "-1";
|
|
CLEANUP_ARCHIVE_READ_DAYS = "-1";
|
|
};
|
|
};
|
|
|
|
my.services.nginx.virtualHosts = {
|
|
reader = {
|
|
inherit (cfg) port;
|
|
};
|
|
};
|
|
|
|
# FIXME: backup
|
|
# FIXME: persistence
|
|
|
|
services.fail2ban.jails = {
|
|
miniflux = ''
|
|
enabled = true
|
|
filter = miniflux
|
|
port = http,https
|
|
'';
|
|
};
|
|
|
|
environment.etc = {
|
|
"fail2ban/filter.d/miniflux.conf".text = ''
|
|
[Definition]
|
|
failregex = ^.*msg="[^"]*(Incorrect|Invalid) username or password[^"]*".*client_ip=<ADDR>
|
|
journalmatch = _SYSTEMD_UNIT=miniflux.service
|
|
'';
|
|
};
|
|
};
|
|
}
|