canigou: add miniflux service

nixos/hosts/canigou/default.nix

@@ -15,6 +15,7 @@ in
     ../../shared/docker-swarm.nix
 
     ./services/wireguard.nix
+    ./services/miniflux.nix
   ];
 
   boot.kernelPackages = pkgs.linuxPackages_6_1;

nixos/hosts/canigou/services/miniflux.nix

@@ -0,0 +1,19 @@
+{ config, ... }:
+
+let
+  port = 33001;
+  addr = "0.0.0.0:${toString port}";
+in
+{
+  services.miniflux = {
+    enable = true;
+    adminCredentialsFile = config.age.secrets.miniflux-admin-credentials.path;
+    config = {
+      LISTEN_ADDR = addr;
+    };
+  };
+
+  age.secrets.miniflux-admin-credentials.file = ../../../../secrets/miniflux-admin-credentials.age;
+
+  networking.firewall.allowedTCPPorts = [ port ];
+}

nixos/hosts/magenta/default.nix

@@ -13,6 +13,7 @@ in
     ../../shared/fail2ban
     ../../shared/garbage-collector.nix
     ../../shared/docker-swarm.nix
+    ../../shared/acme.nix
 
     ./services/mailserver.nix
     ./services/gitea.nix
@@ -29,10 +30,4 @@ in
 
   services.openssh.enable = true;
   users.users.root.openssh.authorizedKeys.keys = data.publicKeys.users.jan;
-
-  security.acme = {
-    acceptTerms = true;
-    defaults.email = "dmitriy@pleshevski.ru";
-  };
-
 }

nixos/shared/acme.nix

@@ -0,0 +1,8 @@
+{ ... }:
+
+{
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "dmitriy@pleshevski.ru";
+  };
+}