diff --git a/home/david/configurations/Tytonidae/default.nix b/home/david/configurations/Tytonidae/default.nix index 5fc0522..5f85b46 100644 --- a/home/david/configurations/Tytonidae/default.nix +++ b/home/david/configurations/Tytonidae/default.nix @@ -80,6 +80,5 @@ fd viu just - android-tools ]; } diff --git a/nixos/configurations/Cape/default.nix b/nixos/configurations/Cape/default.nix index 78f6f69..fd99b1e 100644 --- a/nixos/configurations/Cape/default.nix +++ b/nixos/configurations/Cape/default.nix @@ -10,7 +10,6 @@ ./hardware-configuration.nix ./users ./disko-config.nix - ./miniflux.nix ]; youthlic = { diff --git a/nixos/configurations/Cape/miniflux.nix b/nixos/configurations/Cape/miniflux.nix deleted file mode 100644 index 5828ac1..0000000 --- a/nixos/configurations/Cape/miniflux.nix +++ /dev/null @@ -1,17 +0,0 @@ -{ config, ... }: -{ - sops.secrets."miniflux" = { - }; - youthlic.containers.miniflux = { - enable = true; - interface = "ens3"; - adminCredentialsFile = config.sops.secrets."miniflux".path; - }; - services.caddy.virtualHosts = { - "miniflux.${config.youthlic.programs.caddy.baseDomain}" = { - extraConfig = '' - reverse_proxy 10.231.137.102:8485 - ''; - }; - }; -} diff --git a/nixos/modules/containers/default.nix b/nixos/modules/containers/default.nix index 40ed077..88f8d6d 100644 --- a/nixos/modules/containers/default.nix +++ b/nixos/modules/containers/default.nix @@ -2,6 +2,5 @@ { imports = [ ./forgejo.nix - ./miniflux.nix ]; } diff --git a/nixos/modules/containers/miniflux.nix b/nixos/modules/containers/miniflux.nix deleted file mode 100644 index bf8b2ab..0000000 --- a/nixos/modules/containers/miniflux.nix +++ /dev/null @@ -1,107 +0,0 @@ -{ config, lib, ... }: -let - cfg = config.youthlic.containers.miniflux; -in -{ - options = { - youthlic.containers.miniflux = { - enable = lib.mkEnableOption "miniflux container"; - adminCredentialsFile = lib.mkOption { - type = lib.types.nonEmptyStr; - }; - interface = lib.mkOption { - type = lib.types.nonEmptyStr; - example = "ens3"; - }; - }; - }; - config = lib.mkIf cfg.enable { - networking.nat = { - enable = true; - internalInterfaces = [ "ve-+" ]; - externalInterface = cfg.interface; - enableIPv6 = true; - }; - containers."miniflux" = { - ephemeral = true; - autoStart = true; - privateNetwork = true; - hostAddress = "10.231.137.1"; - localAddress = "10.231.137.102"; - bindMounts = { - "/var/lib/miniflux" = { - hostPath = "/mnt/containers/miniflux/state"; - isReadOnly = false; - }; - "/var/lib/postgresql" = { - hostPath = "/mnt/containers/miniflux/database"; - isReadOnly = false; - }; - "${cfg.adminCredentialsFile}" = { - isReadOnly = true; - }; - }; - forwardPorts = [ - { - containerPort = 8485; - hostPort = 8485; - protocol = "tcp"; - } - { - containerPort = 8485; - hostPort = 8485; - protocol = "udp"; - } - ]; - - config = - { lib, ... }: - { - imports = [ - ./../programs/miniflux.nix - ./../programs/postgresql.nix - ]; - - systemd.tmpfiles.rules = [ - "d /var/lib/miniflux 770 miniflux miniflux -" - "d /var/lib/postgresql 770 postgres postgres -" - "d /run/secrets 770 root miniflux -" - ]; - - youthlic.programs = { - miniflux = { - enable = true; - database = { - user = "miniflux"; - }; - adminCredentialsFile = cfg.adminCredentialsFile; - }; - postgresql = { - enable = true; - database = "miniflux"; - auth_method = "peer"; - version = "17"; - }; - }; - - systemd.services.miniflux = { - wants = [ "postgresql.service" ]; - requires = [ "postgresql.service" ]; - after = [ "postgresql.service" ]; - wantedBy = [ "default.target" ]; - }; - - networking = { - firewall = { - enable = true; - allowedTCPPorts = [ 8485 ]; - allowedUDPPorts = [ 8485 ]; - }; - useHostResolvConf = lib.mkForce false; - }; - services.resolved.enable = true; - system.stateVersion = "24.11"; - }; - }; - }; -} diff --git a/nixos/modules/programs/default.nix b/nixos/modules/programs/default.nix index 1a06f8c..98433b2 100644 --- a/nixos/modules/programs/default.nix +++ b/nixos/modules/programs/default.nix @@ -19,6 +19,5 @@ ./conduwuit.nix ./nix-ld.nix ./juicity - ./miniflux.nix ]; } diff --git a/nixos/modules/programs/miniflux.nix b/nixos/modules/programs/miniflux.nix deleted file mode 100644 index 5dc701f..0000000 --- a/nixos/modules/programs/miniflux.nix +++ /dev/null @@ -1,48 +0,0 @@ -{ lib, config, ... }: -let - cfg = config.youthlic.programs.miniflux; -in -{ - options = { - youthlic.programs.miniflux = { - enable = lib.mkEnableOption "miniflux"; - adminCredentialsFile = lib.mkOption { - type = lib.types.path; - }; - database = { - user = lib.mkOption { - type = lib.types.nonEmptyStr; - example = "miniflux"; - }; - socket = lib.mkOption { - type = lib.types.nonEmptyStr; - default = "/run/postgresql"; - }; - }; - }; - }; - config = lib.mkMerge [ - (lib.mkIf cfg.enable { - services.miniflux = { - enable = true; - config = { - LISTEN_ADDR = "0.0.0.0:8485"; - DATABASE_URL = "user=${cfg.database.user} host=${cfg.database.socket} dbname=miniflux"; - CREATE_ADMIN = 1; - WATCHDOG = 1; - }; - createDatabaseLocally = false; - adminCredentialsFile = cfg.adminCredentialsFile; - }; - }) - (lib.mkIf (cfg.enable && config.youthlic.programs.caddy.enable) { - services.caddy.virtualHosts = { - "miniflux.${config.youthlic.programs.caddy.baseDomain}" = { - extraConfig = '' - reverse_proxy 127.0.0.1:8485 - ''; - }; - }; - }) - ]; -} diff --git a/secrets/general.yaml b/secrets/general.yaml index 3b0c6b7..688d698 100644 --- a/secrets/general.yaml +++ b/secrets/general.yaml @@ -1,7 +1,6 @@ rustypaste: auth: ENC[AES256_GCM,data:DORM12zY0wQQxqBNFYG3oYodhevUJXNjdqJcnyOnuPnZQIsUdEtm4TyNHokUKYoc30s8c6INOFoAB+7210y0dQE3hfg=,iv:Kms90lNPaL5fvQjD31+DZGJf+YQU/tTGLTxrqkvsbDY=,tag:5voNZlwGf2adVQoVqgyRqA==,type:str] delete: ENC[AES256_GCM,data:fbhJiJhh4YSMZQ6/dfquesJE0sNSn2PUkbjtJmisj5qHtsM=,iv:M1R7giNyLhbj98iiCPENQy44Ixqnie1PHlNcsVs5TLs=,tag:zdBbZ4NR7D4HxsxCizTliw==,type:str] -miniflux: ENC[AES256_GCM,data:8u9ElF2LAsIZmq7U8oZJM367y6EAy0si4ZXhpdisYa/PjV70SybUWhrahBft86QB71l8KtLUVuF3Ins=,iv:q7vJzxZICGNv/IaHKDpV50Pc9P4rIwcvfz2+uS1AnyI=,tag:ycwVU3RqfBoXRZQMv653xQ==,type:str] atuin-key: ENC[AES256_GCM,data:e3K7/7BaeXuR+vHJdtO79UQp3XRvROcD8ISkuCp3KGCSlBKUM3GuCwhIeFoIl0fOUqVYOzcCAcjsH2nBRqcXhtS8jhM=,iv:Mh3jsu6mdj0VOLSIoNz/0awyydVf7q3/E7iB7CJi+UA=,tag:xuHhUmK/J2stdjRrtbhQSw==,type:str] access-tokens: ENC[AES256_GCM,data:TBg9y2xdVmLNQV3JzGRSbYSrqtYQxakWNPF+OBShqCP6Z/M9H8of6zbgevOudfAPXUbcDv55tBo58U/Z2VIMJysYuUDbbmO9WoqEB2AQNjFgbxBbSwGOEVz8fwKItj01f15r3gAfQVQl0T8Vaf5+VIVXpzG1h7O7,iv:IQw7ddpTuj5vzT6MEvqUiHEsd/Sekl8wVe+A8uibsEw=,tag:I4oyeM1j2LJ++5omk4Ao2A==,type:str] matrix-telegram-bot: ENC[AES256_GCM,data:4G9JSR4l3043SM63gvJr0xBFuS11eoesi9rrobTxN9HpEGNklYDWHH/+Bm7P/2Bxnye3CiO/Z8KffvbjH8slRHLtbSpo8lRsfi9uRAbeMl7aXe/nTjpN078QSN3WXXc9XqYq0sxwNKPrnW3bmPQsHUiykZ3Go5A9Qw1iIPvPpXITyNbeD0gA+2CBB7PIURI7X0PIgSfUtMFZvl2J9znqCnlfC41bj6aC3sywsEkpuFJiMEojrwl+XmVS/u4eNMq8KiofVn9QlGx5gdGZ9LfZZdc+8E6u5GovqP2JTwwfaeZPzdwdZ2YsdoAvmgAusMfjCNZvHF7msLsOyNJW4592ZC7+fHhRbkKnVKc3OwA4ILWd9Jl0p0BoS0Ckn3V5nUQFgxVJ2O0yd/FLFaEqbeBLHNqC6u9CTYk82Uy23ilXQYKIc9h2wQkM329E6j9Mk0f9uavoYVPkpz6ahLzcni2W26FUkeaZ7PkrHmHWfJvvvi32GB4+q1m0phPmcd3cKVhXhbhLXiBcx2Rj7Q==,iv:Br0w0SiYajFr8p5CZEg47x3KpJ+AOleHthsEc3ho4YI=,tag:k+wptcSnNzfefF66Ug824Q==,type:str] @@ -55,8 +54,8 @@ sops: a1Y1NU9CK2h1SS83VW42bzBMa01yMXMKI1DBtgNlkNCrxUQvnD6a45mQKNfg5gM4 Zb5buo9Jofj4dn/HFwng3T3gxKTrP2Dh74CAH4L0M5yrF9fzk5TCcQ== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-03-04T06:22:13Z" - mac: ENC[AES256_GCM,data:nQ3ZmOL0MOxL3/dEY0TGsI0003O/ZNjqilSojikn0oN2OyR2chYcpbRDKpPtoZwoJ+QfMH+etnxt9lo+tPKr+hF8a4rQeWK4oErZTAemPoGPPsYgf9TLqjjQ7pUQI/wzLX0OaBJSbITNBiC4I1wUtA3NPyRPhGYNA0st7Mz2fP0=,iv:SkYgbhWrlyQAZer5ZeLExwMdOmnxRQ3mwxsdLtA7DYI=,tag:NAPlZ7UYRT0XXRLSigHfWA==,type:str] + lastmodified: "2025-02-25T05:46:18Z" + mac: ENC[AES256_GCM,data:QjSjc0QPNxOkKAIjLPdg5G/QQc+lcGbIhDHp4vWXLUrTrH9YRXVRSp6+qn8VJRAUuDz21A4VBLTq4Ar6CBxC8wlaoNLeYxXuY26rvajfSXTjY8Reg6j7hsbYnW26/zlrO3VwSQdTcxB+rJYr9pKSVwJvq+Q0gucw7qj1vGigui8=,iv:CEC2T6f9RsPJAbvAhxLpiF4SryhUvEJPVmOWZPBRl10=,tag:EgBhg7EU087pEvWdDGKF5w==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.9.4