nixos/modules/homelab/freshrss.nix

{
  config,
  lib,
  ...
}:
lib.mkIf config.fireproof.homelab.enable (let
  domain = "freshrss.nickolaj.com";
in {
  services.freshrss = {
    enable = true;
    baseUrl = "https://${domain}";
    virtualHost = domain;
    database = {
      type = "pgsql";
      host = "/var/run/postgresql/";
      user = "freshrss";
      name = "freshrss";
    };
    authType = "http_auth";
    defaultUser = "nickolaj1177@gmail.com";
  };

  services.postgresql = {
    ensureDatabases = ["freshrss"];
    ensureUsers = [
      {
        name = "freshrss";
        ensureDBOwnership = true;
        ensureClauses.login = true;
      }
    ];
  };

  services.oauth2-proxy.nginx.virtualHosts = {
    "${domain}" = {
      allowed_groups = ["default"];
    };
  };

  services.nginx.virtualHosts."${domain}" = {
    enableACME = true;
    forceSSL = true;
    locations."~ ^.+?\\.php(/.*)?$" = {
      extraConfig = lib.mkAfter ''
        auth_request_set $email  $upstream_http_x_auth_request_email;
        fastcgi_param REMOTE_USER $email;
      '';
    };
  };

  services.restic.backups.homelab.paths = [
    "/var/lib/freshrss"
  ];
})
feat: add freshrss 2026-01-11 21:30:27 +01:00			`{`
			`config,`
			`lib,`
			`...`
			`}:`
			`lib.mkIf config.fireproof.homelab.enable (let`
			`domain = "freshrss.nickolaj.com";`
			`in {`
			`services.freshrss = {`
			`enable = true;`
			`baseUrl = "https://${domain}";`
			`virtualHost = domain;`
			`database = {`
			`type = "pgsql";`
			`host = "/var/run/postgresql/";`
			`user = "freshrss";`
			`name = "freshrss";`
			`};`
			`authType = "http_auth";`
			`defaultUser = "nickolaj1177@gmail.com";`
			`};`

			`services.postgresql = {`
			`ensureDatabases = ["freshrss"];`
			`ensureUsers = [`
			`{`
			`name = "freshrss";`
			`ensureDBOwnership = true;`
			`ensureClauses.login = true;`
			`}`
			`];`
			`};`

			`services.oauth2-proxy.nginx.virtualHosts = {`
			`"${domain}" = {`
			`allowed_groups = ["default"];`
			`};`
			`};`

			`services.nginx.virtualHosts."${domain}" = {`
			`enableACME = true;`
			`forceSSL = true;`
			`locations."~ ^.+?\\.php(/.*)?$" = {`
			`extraConfig = lib.mkAfter ''`
			`auth_request_set $email $upstream_http_x_auth_request_email;`
			`fastcgi_param REMOTE_USER $email;`
			`'';`
			`};`
			`};`

			`services.restic.backups.homelab.paths = [`
			`"/var/lib/freshrss"`
			`];`
			`})`