From 61c141dca60d8f6b71b69ea5557ceeffcfbbdcd2 Mon Sep 17 00:00:00 2001 From: Dmitriy Pleshevskiy Date: Thu, 22 Jun 2023 17:12:06 +0300 Subject: [PATCH] canigou: add miniflux service --- .agenix_config.nix | Bin 4505 -> 4605 bytes nixos/hosts/canigou/default.nix | 1 + nixos/hosts/canigou/services/miniflux.nix | 19 +++++++++++++++++++ nixos/hosts/magenta/default.nix | 7 +------ nixos/shared/acme.nix | 8 ++++++++ secrets/miniflux-admin-credentials.age | Bin 0 -> 1465 bytes 6 files changed, 29 insertions(+), 6 deletions(-) create mode 100644 nixos/hosts/canigou/services/miniflux.nix create mode 100644 nixos/shared/acme.nix create mode 100644 secrets/miniflux-admin-credentials.age diff --git a/.agenix_config.nix b/.agenix_config.nix index a674f2235111a3e130306cff6d92cc82f82b1343..69aa4dce88c8283b79715ab23645cfca7db548b5 100644 GIT binary patch literal 4605 zcmV zL;p`%iE%`^lYwFOADIgD?ANf}m>W-Wc<#=%0^ET2)B};moI^$9N-vzF2JW?pLQD5j zH~`OMI*3>kQa|XaeGb0bWEK!*D3l#k{?0a>JPk-l^WMZjoNMNii4~^m6#+HPk}eO+ zr@~(C;w}dluOSc^wT{Q_lPCREXdTdPA+PwkZB0vUl~{OkJEdWM(HCL@@6hkk6KFyr zc^3yb76o0M5ZrqeDaz}bl|f<>Wooy>SjQlw?J?TY6{Y#BIv|hA@0zH08l2t6QRZp7j0AowWA~uW?dWOdd7Zk2~3L zH0Z?lG`aEif7^z!^woR9t!0mwAdD{=E0e1IiB;ZYrKzOENpHfY90qcJMJH=!k+7Ze zieFYkISmt6TFPedK$03`P!9x?&=?<&!`(bk58;P6sMw@+! z!>IOqge46s5swErb4}kZZZ06MXh5DD_l)diXpaqRN*X*d-5J2CVn21pF#zbz_g@?0 zMqU@fIACa>an(AkRgU0^S-&N!x{GVG)tAeGEZ=WIQYCT@d=QJWg?R?YhRq%e283m- z+p#n?i(ZyMCNTvgl93el;dI>19Bt)kj(21LVDc_oA91p~e@=0gIjdJl`4oV%vrk53 zu6RWe?s`Y#U+W`ULG_x=FeWc3`(gJx)znhwZd9_cIqwbzPe|$hA%|O2Bxm-ZiVzNvaN%FA=B!~gzG_^hI;TgR z0LO?Y)H19lKz?_CGhpu=>t3ce-b<|%a;1i606{SyO~3uFjISVVq75D=lhKl{JJ+QM zPG)QmF5YqmGC_KARalj_gfY8fJ<8{EvK4hiSELY}!-v@W*K?cvt!L2oF^}7<(GY89 z3^cAOIjO5z7pN_tmU(EgFA2CF;<&hsp9IVj?b+ZZNRCA7S#DiMKoSL!Psd%*CO#^j z4$hBqP!C>h;UY?AteyOo;tTc3h2ehW9Rb!r^3wzEfEbIK$g%ZyB7yY>`iFKJ4>{SG zdo6Xcg`!d>9H``B*0STZInBRPmX8(TZzUJ;>R##vF5xcod%nu0_g%Zv``>F~N=2t4 z=o^?K?iQ-Bf{Ge!(}9EuG-aEt3U1qx`xvrebir5R9vbeH=24=v5lP56qOvVo#}M4Y z=Q9Hv@R)Lc$ySt?B^`zu&@Wp~bG+;f<_TT5H|r*rBwGZ!Gqs$U{ zDQD0*^HpnJpWIDBNwx_h?>qvu$`7!uecxdC+nsRAH&iGb$wOvbjD9M(#Zr^ECaOwar zRxAnkr_vrTL1ReKEPZ>+Js>fz+vB;M2~iJM=4|@`Wwfn$`#&ei=NLAHey0CF)E?&cfu88n_!Y9MS76!}~L;`)siM{zy7ZO27d$f zFxDW#?{itJHBBfqt5M!&<{sgI!CsJ~qLM=0kT(fMz{IDMXKG6c#>WBjYZ|(g>`0)0 z*t{!eV52<=G|XnLYzI&uHWsbx|G}C+ahKoi9rOBlgVov>^SV>9x_Yt_wzPqO_R6#r z5Zi#jgljadEWgW_Rw5%Xi2E6*mKiaX*XfX#V|M@9`mfz_yV_ojR2~W`&7eTDQakr+ zfyVgQ$?T7ln6&NZExdp**9EcEN_#>;c(Gkk&-M=CWq~ODgvTkI{v+w?M`r7me?rV; zr-9!%9jUYla+fEKiB&NP+t&JA40YhM_RK=2%jNdPX((WR7KR9w`pEXK z?eiau^DJ_X=4$`7dnl4pbt~cLWM*ieRY();>}$-3HS^>+47VZV7hUzPR3_ zO)g8FY|;qO!2k=uDBLpy@T8NbPPgLZHROXHU_1BvY6*;&p^aG2tY{Y>$Sorod6(&v zBCEtR!rGVQT9;WR;6?rOo=gPcfGenTiO|6UE5gra_e4$GKhS7kw$OQU99e(bG$282 zZ%)-WI{}FeLP#st_b%^zY3V0u$lyBTL32%`l8eMNqR(A9>m~SpNs7LJtmY8nt`%I! z*1SzPB$ypQ#l@jTS+5Rd|1CQZ`gc80nW0G}K*kw{AIQYlf#q$9&VC-XYydo9UEG4561mRh>z956U1-@m$_tOT? zwGouzuPN!66Vp=OOLwFFk>7ScvZUZHiq4)zu*=zV0>X_9rHv||*`Yi$P{V!C8LOmV z0sPPxyZzW8FjM}t0kee(^g$@A3q!L3{zIYI&%H@*Ll}4;LV5^sr9!T0ky=Asy8EmV zL_-pxYqhNr6x-n2aU>7v*SQM*HDGJ6g9M!EHK$EyP}C1rFteK}86Lqek2wEWHM3$J zZsNO9D}syd-c;8KU%zbz68$u+1Sq_bIn(;0#;JZj>E{~wrylaRxQ4w0S z6(USKnqfUcxAEE5SdGDHu8_7WI*%K%$boh&j(>Z4D6Y+Ek0o1~_eW*CCA6tAVErBmzwn zoXkqPmDs(zuS?kwLbNZkf?f|2)Ey!D*3Iz@NOxy&@mJ&G9yjeN?Xn#&d^=mM);Yo# z6Ii)CSS$%!NuxY*jtV4l9qLxp*S!ANM=Hc*09~(t_`8=-$tbLN9W_IysIT%6ZQa?-rOo4LZkhvD2HTdC|JPqaV1z;d%7L9Yp~qK_P1;! zaJ0h$l#-bq@vYt#<+t56sd<506p3*p!mf}>Jr3)NnnB8zMqLmly*7CDDGXvK%l(dh zmRjjzC%fWFvhH?&K1;moCJ$W!9Cx#qYPO(VxpdRX*$KuRI^++{B%kiq2x&c6!+R!7M{kVnxo z(V*UWYsD6i!r59&eW>2np_+o*R}xrw<4Y1T(+F1?7K^rZnx!T(oIff`C;}8+c*wf-j%vng$9iA$+1xCMcX_mn4qaHuvU;i42o zD2{Gin<4hU5znGztRw9vvkl_K!~%WCwZEf5(yunuz&4e%gf4CpkW>`+7!t~c;8?^zQ?2{8`yP=fb>y?-L87k0>^< zQ%-@*K|WePTbG64OkTc(wywH6YH`JJ2hUX&eSoqV_KLdQKw)TDDGuf->bNPD`dz{- zux`8RAXN;H+9q3cM=v5qtxt%hx&MaC=zLG(w^?EGmbNTfbu54x z8}WgfJ%xFhlvjL4p+ciK_aRl+>P{RoA%G5y&-CKeQR8yDdq9Iv{N!sA2)FK%Z2h&2 zPgtQv90!BVDMx5$Hnt%Ihq*skLUaRQ8dZb6x4?XfPFp60tLNfdLDQ=wbNzZqz`vYwVWWj5Z|}h`mVSh6013EGZYIo6 zgKmBu+_*m;T8T*Y%+;!xi%_EXQmY0{KPVC%R~~`Tb0`CKc-p)6QzZ*=gW5w4gjEEj zsyB~uZkSex;;bo+0~pFu=5L_C^-BN_dXh>1pfrvEJmf5p5KA{vUvzUFG#|1%Ng%dv7ewIR_fCT9uU{T$@ zuuy*i62-Lqk8BouBW@2 zQPqb<0P;{<^TEgs3msj&L8~s?vmtD8sqKZwLU(|_Ae`9`uOTqHP}j4-EZ`DDa-6a0 zxBU5=xw!u`#If)FcX{YFu-Plzw2SJ%MXzFMR*N)Tx!V>EHr!~gUwfo0$ zEvUCD&-r%o)7Lhs+lDx}ZM|Evg$B<4S;2~cMlrcf;{x4_%INohtSg1fC;RTDymv?~ z^dlz9{yf>mbA?m1=RDlxy+pB{%J3jxg~b%1pC-$iMxhn%!C(b(WlxYgu-}tOH~c zY;APz?EwK7FO z2JL3*rOVHv&2smf*Rh6hU;LuEI!AlW{mtq*c_>u^UXg>K`h8~K8;6Gi`pdHA*ujkm zMR`bAOczyq+XI`s0TZRYY*OX%O2Ih(Ai$uy5xJMUE|lDTY(^ooy7Lk=IzpJ}Zc n43*=knkA{zP=K-6L9MdHPi`N@$kWd#Hg67>UaZx)uFbtLKGo+8 literal 4505 zcmV;K5oYcHM@dveQdv+`04$@p!e3wrM%+6!hxmPga&#%7V;*9-!{4AZ7dvo$o=R02 z6E~gFb z8f&Pn?ubcoP3aFm3p$3Q3wx@#GR3wyT7FL>()C^Sl8$sd^fbXAIFL_~#A!-L4#7%T)>DET~Xnk63U~luA z)&v?KOx%r3Y+<&=LD5?1I%Oa|yKHk|k7_P8NJn{mIEGu{Bn*7Qirwm~=5AiKUlSh; z+^`kFVPdmm4HBeQv~g>evE4nb`7OrJY2GJD#hJJ%;P3;wE!Qn6M0fI4-Kq_>i&6&RDgHdTSVN&P_k~EF@pE3l*Y1>Qhfm=s9%iu9XRUBdXq#CBn&E7Syd4 zHx*>WpO?H|;%P6qP3Vq#sGUvtns_0Iu=)`Ny-}8RDR$uFX(|2(M=1D3{+8lG?;9cZ zcV#~Gw!|@0oE7uoGcV`g3sl$CFB2*z0BrJ@?>BclR2auP_(5g? zN0|1q4jyy&I=}Kjqe6*Q4(_m3OC;-DfAMW|>!;?M)%|gT+*?Gt>VyfSg#vsz<4HY`GZwB zBsW4bG%^u7{R<>y9Bx%^iiO@yCKojS$yVlxO%}s}3u9hBB!|L74bLM4pC+ZU=#f&< zFz7@MtHMNMBggUCcQU1q(Uz(K>2~qI>{?Xl>0?M6oR)Q8K07&=fT{@Q_FS!$T`Hk% z^6!aP|2mw2En^G1mQXtdz>wjC#htr$F-3e>=F<*f%?k_4z7>y;JGc>ydE{PX^x}`bo2-M|aTQ+zEt|i1)lXXB%CpU~-42F` zzv&#YsofH^P50IZo3=0$LYF7v_l0EXAGVhIxll1Egj5-qU~a8`eSA%R?O65v$$xvQxZm`KME=%m#@K6dCW z@0l~!fQp2@f~wWXqK;i=G& zW8HrmirNTF$Tx3(KA*Np(#j9tukTO{&`2B%)XF&t?a>BOoMtM~6VaCN@3SvsDLqF| zoc-O-+UYCe9?H&Ge9F++?k;__A`&99v@|`TdfD;`bRoq^9Ys_NHX|~4)z(=3)L49d z8>x?u_zO9K#k_g%n$;?3i$$jW-ce=Za#2 z-MYzc?u^=#$F4UT)!L(wNTtg?gb-YwGi$+0a1Z0b#@&oZb(5wpnfjxAo?kaG3K6(1C5^aT@KxF@tjI!HF)&`p{E-yv>O_Dl+-klna*Wa~o2IagDQzc)&PAMmZj)NlR^ELGkI0B>+y1IV(?xMs>Y zHK%F+-R?j$SEPgySeSEO6PyOu`p5L6PsDl~jwr)ijV}SbR_eN@RdJe2o@T%p56Q~& zi^9*oy+(5XT8mYvT!EyB$SyeBI(^<>XpR|yNG&yIGn?8`FlrMHEjCT*2pgk_SuNYv zVqzEPvpse)P(b3nN-otfttV9`+9c%I8POO^=uY`ET4!=Kt;XUsw-~ncb>CV;%;O6J zr91mohA-fy!KQeyB;$2R_YXQG(Stm=7o}_}70+TGv~Y?xO=S<2b^)=y81HZg0Wd^( z9aXzG@T8Ahe)MChUUiv%v7=M1>^be+v19pGzf|Z95guj}V_q#8>4kxhK}dY8g#5KN zCUKivATOgnDt7fET3pe*C?KH_^F+L}S2+OYZgpPZB)1ceO$Uyw8lzyZwjnakEji*U zd0q`=$W6zz(`nJEDGncQ8a&&*iiviQ?exqM%ef9)9z0GQr@FC``IJnSHQ^2X)rdlC zm%mu<<{8oA@d=MbC^oZj`Wp`Kwu1>HMW%i^N#GlI=90cKMuZiAgwklQ?|yJ$e)v3H zxCrq^bZtH@IDqCXA1zXN@Yee_mz&dde+GkW9GgFRa*F5c;JRtdG8Th4>eT0trKRJRH?lfF~eX zqtt{hCFp~|KS#dk>zQg@7HL@iZ@%wz)#$!_%|m^;7JOaHPGOBM)N^*joUDwiAJK+^tFjxje3ZzCr3DXb4 z`=>7xD$VC1w75_hTyHy zf-{9U=bQ1{c>#a?GQy0}k^ferD%%<*;!7@W0Yjv;(pwOZM>@ zH5|8*PC5H+AsCYY$R4)BJI4W{;P)uj1F1MTv$qhZw@MMCmNYKnjczTPu%(1wvN^b8 zIotyU$;zK5!QU~6bY{veN8)vnkIor^2D=w@1>N%bTJf+>_n!QNG}G5l&nLwidElCydg0XE?z0DA^K+C z<%VF&jno5Z`Qx5Vit5cV;n=bp`s?Iaa?-^3k(qZf^*~3H$#(6gDUV?bA1&-cUBGkw zep383h}u~QqmK=!-=SPl8K92*-sjAIRUvR*ygKUCDoQV0c!Ij$v(@WFVDU==JGl(s zQ_Vc_7tMrG z;Li_Z%em!Os)93aW9pyC!?DLc#er0#SJbDlOE-(X6Od_wS|R#-Yvv$1J)%I(W~%ya zwuUz6gD>$P%3M@EaQjyP;BD4s1Wq7oER#c_&>8tnFL`;TmV|^X02PtaZG`ytqltto zped7~gqUts?+>%J^ph1`z`n~33$)jMlDU@(!Zz~s;eT`zoW;=+wc)?yd`1Bs;%SWq(PRcoBl z0+E)T8h@9pYwYE2#*{3QAquscGe4XGErKfDtlF$b@^PAcZafGRN$mvbex-XqKc%|q z(rN4X0hRaNc+2=1l>YJrYh-tP2aisX-Ww#u%Hx5>c#G*+WW9~4GZiXO<>+sTkm^25 zEzkr$7jnQ+L+L+^ynQn-I+5*8CkAf%vwLjS0xtrP4hB(f&)-kD9lL27&H_tg3o$$W zq_O$cMxQq@aNp$iU)8xRX;XQ|hj0-)GpbZC^4T9rKtVdA{MC`;LLlPx@XR#RllQEi ztrR>-t`cR59_ zc)F%nNk#ulsI@Bi8apH5+6n@8_xEkWxBp*$qe$?MkV_cLh@s0k zuK)b1EM~w6TEKE*d>^?mmqBgT!H8M2yX-lsrS?C%0Gz~TnO{dZ_%3SI)t+rQ0RjCp z{%T1eicv>!wy$T-^b?I}ywFm06P|+II<_uUH{lj`LH*F&E~R8SP{3#9T!o}Bl<^;7 zPLhJt4u2A`eOx`Vu7H$L&vIFGmW>-dmhpE+*P)3E1N-x)R`CN3cTUvK#ke z!ecl6*~CJ@@P<`URurbDkqbk-6NjC@QJt*(@*@ggyK~-h%F(Ia*yfxXz7VM8PWv&? zGAL3LssS2wRaUH{Ll_UPejePGaJvugsL-bdhsBJOIckTjbme-3{zl$~kZc!vTi$ox z3pd5trx`@dDcb-&{So}-!nL|7)oCx;rHmwkwG#!+j^`K)y?hyA7R_fmw$j}Q;O|aN zhiy?rOH$)p2Oy~CX`ilYb+QSHvv!e#X)+MC0zhV8NPz;G_4?l~>AKW8QDE7M z=Yned?mnLqNmy~pdWGYCSmY)s5-&FlGxqlyTe^Ke-oixd8IGagE|299qlVQ5C87^l zdJY}zizc^3K$)0%9IKpAx1ODM)>TQN%P_ol5$k)$-O&bZ7w?X#x@_fY1ger;vz=YRJ3-Q zSw>`xkjH!@UV7Vc)q&W$L8m^-{sff^$cxB9O~I5Pb+IygeQC57vxIXu4w^eer7v?y zqE&V~FNDYEV8|2xOIg8xS?Jw_-p+S~f;9kfIe%`hTKqpIr|o!qehz~Y##I=tdU!x{bnfzXaP{eFRg3NZn1h30}Jb$Cu*^NTXLw`(jZ&E>MG3D>Bm$N z=}CP!L(oNPB%!{~X(a{*O`zhRKi7>3R-rE}w~2yF%0lHwj$XAHhAJ+p$}R>G#fBTp zoTyxwB`?p4G>;kwF53rZf~Go$!LfIVK3?d_3OvtXj6Cj3x#!@2N+kw9b1jF-@EK%| z95+(q3Li18TZr@yZdj3+uG8t|QoqZZ``8MWU-!Ivc2LL)(uKG5u0uZzKWY^vXElGG zoIJZt#Zi>C=e7XVm2@X(keg`X>ZV)~h|Zed3{Vq`wMWIwivp@GnhWFjc&^ r65ds&g1{fYIjB41LM*aKxF*ycOd!8E)@S0dEj9V!$>WP=sa+V*{^+Mr diff --git a/nixos/hosts/canigou/default.nix b/nixos/hosts/canigou/default.nix index b777590..f0a91ca 100644 --- a/nixos/hosts/canigou/default.nix +++ b/nixos/hosts/canigou/default.nix @@ -15,6 +15,7 @@ in ../../shared/docker-swarm.nix ./services/wireguard.nix + ./services/miniflux.nix ]; boot.kernelPackages = pkgs.linuxPackages_6_1; diff --git a/nixos/hosts/canigou/services/miniflux.nix b/nixos/hosts/canigou/services/miniflux.nix new file mode 100644 index 0000000..45fb002 --- /dev/null +++ b/nixos/hosts/canigou/services/miniflux.nix @@ -0,0 +1,19 @@ +{ config, ... }: + +let + port = 33001; + addr = "0.0.0.0:${toString port}"; +in +{ + services.miniflux = { + enable = true; + adminCredentialsFile = config.age.secrets.miniflux-admin-credentials.path; + config = { + LISTEN_ADDR = addr; + }; + }; + + age.secrets.miniflux-admin-credentials.file = ../../../../secrets/miniflux-admin-credentials.age; + + networking.firewall.allowedTCPPorts = [ port ]; +} diff --git a/nixos/hosts/magenta/default.nix b/nixos/hosts/magenta/default.nix index 2ac1d82..68b74fd 100644 --- a/nixos/hosts/magenta/default.nix +++ b/nixos/hosts/magenta/default.nix @@ -13,6 +13,7 @@ in ../../shared/fail2ban ../../shared/garbage-collector.nix ../../shared/docker-swarm.nix + ../../shared/acme.nix ./services/mailserver.nix ./services/gitea.nix @@ -29,10 +30,4 @@ in services.openssh.enable = true; users.users.root.openssh.authorizedKeys.keys = data.publicKeys.users.jan; - - security.acme = { - acceptTerms = true; - defaults.email = "dmitriy@pleshevski.ru"; - }; - } diff --git a/nixos/shared/acme.nix b/nixos/shared/acme.nix new file mode 100644 index 0000000..7c3e822 --- /dev/null +++ b/nixos/shared/acme.nix @@ -0,0 +1,8 @@ +{ ... }: + +{ + security.acme = { + acceptTerms = true; + defaults.email = "dmitriy@pleshevski.ru"; + }; +} diff --git a/secrets/miniflux-admin-credentials.age b/secrets/miniflux-admin-credentials.age new file mode 100644 index 0000000000000000000000000000000000000000..237927ab6eb6ab2d53d5608f9f5d20a3200176de GIT binary patch literal 1465 zcmV;q1xES+M@dveQdv+`07zO?vJ-@9^&nd$>L+djpM0p{wIr(@{Nit4Hf6QGk{sGL z5f(Wus4%?SGTt`>y)O_kZLQQ6c5cxMLZ( z6f4$~n^DO8bZm76CV*(h+90!)-3&n|Ij1AZ+o65b(whO&IkEQ?fl*$H z!s>SB9?aLJ=sX{0dhwQC6b?!;pFEELM89XdI&PQl$Knr2mVHNsOK!NBwB}I1KKBRB~-ie&cF%=DaLScc|IM6lcr?lRU{qlYO zC+KJyQ#e%*Xm{SA=R9&Eq;2SHfZrXSPGWT+mDu$Ha`KvJ;lG*_oumVlcv?L5NjV8aJziLu!$DP1ZBpgmG2Pa_ZyujfsoqvloYC;WeWLwLJBa zlo=ut1b1ZExkGOA$Ch1YZ`PqLW2D}yJMeR?`F_R_VtOt-3@21r@8=T{aBanOiObuc z(0@PwcJ{v}p~VWW+Qfzv@-2$FZ#fncvKf^QU`w>hvoO_P0f4ab<}@ugDU=7WXvKo+ zr(A4gGv_g4j24+GqYJzjPWJyU9B`w5h7sv}fU@iqRb0%4F$n*q@XMydihp9Xy#(to z5RF<&39=Nw6P#JXORR5y|4idcYRMRal;9wY+G1cH+Hr>g0jSVjfgcq;Fbf#56C)oc zTNyf=Adjij}MQ}R~CCl znZ;2#}f>aOdw$>LQaq#r^0DR*@KMh(H4J~iHXvv?UYa5x4&>r zZ8zbS3~F_=*Zwi^?0`4_Z_tRno%EO#!O2n=3G5Un{l58}EAaI-nGtgdGB&PR|Ljcv z%wY#I4B{BaDomW28Y-Lh7*5b{q_ygQl&H%)`ihd@*gsnCgyASUx)$+x5v~lXL-i|Q z*dL4k*}z(dwj9Ek{(s|`NB`Pz3kP308Ym2Il8VZ7R}9xAQWHU6m2^VseZWEn<}MKp zD|b=IoQ4L0VS1u7F1ECG@vNT^z682vBR0}U