modules/miniflux: handle oauth2 secret with LoadCredential

2024-08-05 10:52:54 +08:00 · 2024-08-05 10:52:54 +08:00 · 9d44f6eb07
commit 9d44f6eb07
parent 9ffc2ad23d
5 changed files with 44 additions and 8 deletions
--- a/modules/nixos/default.nix
+++ b/modules/nixos/default.nix
@ -12,5 +12,6 @@
    ./ssh-tpm-agent.nix # FIXME: Waiting for upstream merge
    ./forgejo-actions-runner.nix
    ./oidc-agent.nix
+    ./miniflux.nix
  ];
 }
--- a/modules/nixos/miniflux.nix
+++ b/modules/nixos/miniflux.nix
@ -0,0 +1,36 @@
+{ config, pkgs, lib, ... }:
+let
+  inherit (lib) mkEnableOption mkOption types;
+  cfg = config.custom.miniflux;
+in
+{
+  options = {
+    custom.miniflux = {
+      enable = mkEnableOption "miniflux";
+      oauth2SecretFile = mkOption {
+        type = types.path;
+      };
+      environmentFile = mkOption {
+        type = types.path;
+        default = "/dev/null";
+      };
+      environment = mkOption {
+        type = with types; attrsOf (oneOf [ int str ]);
+      };
+    };
+  };
+
+  config = lib.mkIf cfg.enable {
+    services.miniflux = {
+      enable = true;
+      adminCredentialsFile = cfg.environmentFile;
+    };
+    systemd.services.miniflux = {
+      serviceConfig = {
+        LoadCredential = [ "oauth2_secret:${cfg.oauth2SecretFile}" ];
+        EnvironmentFile = [ "%d/oauth2_secret" ];
+      };
+      environment = lib.mapAttrs (_: lib.mkForce) (lib.mapAttrs (_: toString) cfg.environment);
+    };
+  };
+}