mirror of
https://github.com/nickolaj-jepsen/nixos.git
synced 2026-01-22 08:06:50 +01:00
54 lines
1.1 KiB
Nix
54 lines
1.1 KiB
Nix
{
|
|
config,
|
|
lib,
|
|
...
|
|
}:
|
|
lib.mkIf config.fireproof.homelab.enable (let
|
|
domain = "freshrss.nickolaj.com";
|
|
in {
|
|
services.freshrss = {
|
|
enable = true;
|
|
baseUrl = "https://${domain}";
|
|
virtualHost = domain;
|
|
database = {
|
|
type = "pgsql";
|
|
host = "/var/run/postgresql/";
|
|
user = "freshrss";
|
|
name = "freshrss";
|
|
};
|
|
authType = "http_auth";
|
|
defaultUser = "nickolaj1177@gmail.com";
|
|
};
|
|
|
|
services.postgresql = {
|
|
ensureDatabases = ["freshrss"];
|
|
ensureUsers = [
|
|
{
|
|
name = "freshrss";
|
|
ensureDBOwnership = true;
|
|
ensureClauses.login = true;
|
|
}
|
|
];
|
|
};
|
|
|
|
services.oauth2-proxy.nginx.virtualHosts = {
|
|
"${domain}" = {
|
|
allowed_groups = ["default"];
|
|
};
|
|
};
|
|
|
|
services.nginx.virtualHosts."${domain}" = {
|
|
enableACME = true;
|
|
forceSSL = true;
|
|
locations."~ ^.+?\\.php(/.*)?$" = {
|
|
extraConfig = lib.mkAfter ''
|
|
auth_request_set $email $upstream_http_x_auth_request_email;
|
|
fastcgi_param REMOTE_USER $email;
|
|
'';
|
|
};
|
|
};
|
|
|
|
services.restic.backups.homelab.paths = [
|
|
"/var/lib/freshrss"
|
|
];
|
|
})
|