biotite: move services to new machines and new domain
- related services: forgejo, miniflux, vaultwarden - moved from xinyang.life to xiny.li - clean up modules
This commit is contained in:
parent
947e97ce4e
commit
ad9c205fc5
SSH key fingerprint:
SHA256:UU5pRTl7NiLFJbWJZa+snLylZSXIz5rgHmwjzv8v4oE
18 changed files with 263 additions and 670 deletions
35
machines/biotite/services/miniflux.nix
Normal file
35
machines/biotite/services/miniflux.nix
Normal file
|
|
@ -0,0 +1,35 @@
|
|||
{ config, my-lib, ... }:
|
||||
let
|
||||
inherit (my-lib.settings) idpUrl minifluxUrl;
|
||||
in
|
||||
{
|
||||
sops = {
|
||||
secrets."miniflux/oauth2_secret" = { };
|
||||
};
|
||||
|
||||
services.miniflux = {
|
||||
enable = true;
|
||||
config = {
|
||||
LOG_LEVEL = "debug";
|
||||
LISTEN_ADDR = "127.0.0.1:58173";
|
||||
BASE_URL = "https://rss.xiny.li/";
|
||||
OAUTH2_PROVIDER = "oidc";
|
||||
OAUTH2_CLIENT_ID = "miniflux";
|
||||
OAUTH2_CLIENT_SECRET_FILE = "%d/oauth2_secret";
|
||||
OAUTH2_REDIRECT_URL = "${minifluxUrl}/oauth2/oidc/callback";
|
||||
OAUTH2_OIDC_DISCOVERY_ENDPOINT = "${idpUrl}/oauth2/openid/miniflux";
|
||||
OAUTH2_USER_CREATION = 1;
|
||||
CREATE_ADMIN = 0;
|
||||
};
|
||||
createDatabaseLocally = true;
|
||||
};
|
||||
|
||||
systemd.services.miniflux.serviceConfig.LoadCredential = [
|
||||
"oauth2_secret:${config.sops.secrets."miniflux/oauth2_secret".path}"
|
||||
];
|
||||
|
||||
services.caddy.virtualHosts.${minifluxUrl}.extraConfig = ''
|
||||
reverse_proxy ${config.services.miniflux.config.LISTEN_ADDR}
|
||||
'';
|
||||
|
||||
}
|
||||
Loading…
Add table
Add a link
Reference in a new issue