From cb4783172a35de3d3d599e4b965ac452288332af Mon Sep 17 00:00:00 2001
From: Dmitriy Pleshevskiy <dmitriy@pleshevski.ru>
Date: Sun, 5 May 2024 00:37:06 +0300
Subject: [PATCH] host/tatos: move miniflux from canigou

---
 .agenix_config.nix                            | Bin 5157 -> 5264 bytes
 hosts/tatos/services/default.nix              |   2 +
 hosts/tatos/services/miniflux/default.nix     |  23 ++++++++++
 .../miniflux/miniflux-admin-credentials.age   | Bin 0 -> 1342 bytes
 hosts/tatos/services/nginx.nix                |  41 ++++++++++++++++++
 5 files changed, 66 insertions(+)
 create mode 100644 hosts/tatos/services/miniflux/default.nix
 create mode 100644 hosts/tatos/services/miniflux/miniflux-admin-credentials.age
 create mode 100644 hosts/tatos/services/nginx.nix

diff --git a/.agenix_config.nix b/.agenix_config.nix
index dc5d24bbc948bb17f8f7530a0cde3a92a76b7110..03406f0e154edb204c4eebf09fe51fd4abfc11de 100644
GIT binary patch
literal 5264
zcmV;B6mRPQM@dveQdv+`0FENa$qlIXqiS#}QhqZn-N54V3u3x{h8q#^h)f{~2{|te
zhe#g#+ePxvEEnAM(=(`)#(7RJv~xeo?uo8Z489Db<;b)DRvXW-lu0{%)l}Sh=&mnE
z;D;5rvwpKU$WbFjM{5j?v}oV9AvaO7z0VN-7Y1S%#@J!uCMw_Or$0Im>9Cn^r!Yk;
zybG~^+^Sat9oR6R_oA*M)K`;%RHDx}=gpqL_8(mEf93-~Z4AF7nw+FpHKPxfYq9mX
z#}ADR30%^m8&!P|HAC2%0HCtvG8lA4#D?=CctHp$;*DlPbbQrocC(Qs+?U7d{y2z4
zoIjkq-9f9d!>a75^D@Ci8n|WC+i3WDO>OjZ><N&6kdS;gJu;U5m(MXwmOB<{CvaNP
zq&*k&FXW$ZK@3iN(=#b*h++v00DnfNp*xd&q}4|L!F&L{AMmD#Cm@nUOtc<0i6qj*
zE6V9tlOnx_HN<6+L*r$qW|bdE(;JT$Py@A<HONX=?n3QvY)O+li36MQzj+LIIR-lK
zMDsT}8F;NQkzI#5fll>iHuBAmE?07yhZOR>n#**Q4|Qnx*Qf2Joc;d1Sb37;`9E0X
zN9}1@-Zji7eDU4m^&0xY){8z~)RMf1jW&=d$&bJE2Fn@VucXfXGW|eo1?jH7VcOAm
z*4tQ&J1LCo{E5}gfeXrFK8u}S(ylp8gg*^=RjHRSD^821P=~g+{z`n(qME3eX?N^P
zYwL9RCMC}@>^tjkCVa;Bh{-Mb=q+<Kb`CshdJ~R5r&<<^3&gT1^O6qj)~0#w22!1T
zG$ZGijE+XcE3<P1plw2iC#$%Xa5%uRgY32S!O4ee2SOQSKBUU5)iTZ9hy2Lk7yMj8
z>LtOsx&*dd-m8{xMOMl>y#A(Y{^nT1_P%VJ$D}qCfu}Uh_FoRrNmC~$HTWfMkqeX?
zaIpC(rRn30heACa`T*085N5LOxjE-J)d7&JFx_qz(e;?0;SaQ!Ugf(>i=Wto$waE5
zBLJSja~l}KzW``Gx)y?K9-*(Utn4$v@iyW?jV6MP7^mmL>3{Dm@%mb;zKlR=$~eVK
z)I7=r^zVQ|B&y+l{Hb>x^mDLvy$g_pA@zRXvu-QDlH~TfE|c$GIf}F4ttz6=r#-#N
zDA(;rFy9n&C-rIy*JOng<;-O@FY-86)(Ix0eqQru%iihC_I8H}uT-_ARDoe^=?F>@
zYU+WjN+?s1IRe%Dm>VR!x*WPI-ZJ5^Tmml4GypF;#?(DqjoIxYOb!6Y84(9y-P0{A
zV(udBIa04oP|aiv^>_nSRM^*M2+48PI`mhd-J&I^))ZTN108H5CAlk?Y&R9$g45Fu
zNG{Amc>*$wS5?FAEx$nKer)lX9gxcq?%zdbZ01;d<8rXp=dutRqbJfR->>j<w~e7q
zw*g_rT^OA(MB>lHp4vR}Qi~&pq7EAb3P(pmS^LTiP@CnD93mL-kgy_QRTezD$`%-N
zYan9kb9yD;S8R$A&SoT0jh=4PNIRSaC*0Tc;au}rUm2{M$QixW#|HIt*nrZ>&F5n_
zMRgf(pb`vm(r11Zo-1GH%(i4cz9*=TU2Jtvscq>hY}OT7#l9?zq_+y4m{c7#p4vXs
z`dg3!BRC!3ZIq26tx(FQa1N2t^o2%<S9t&tx|BuK0+ER>q<t=6H7%{FOMZ((X&~$c
z%nWyN)PIl2kH}=A)`+N>Qk;ov@1%@&OS^uPg_%ubi7mD2r&~If3XpC<vshVPV)C9E
zZiDU<eOhAMfE4()vhk)I?(P$1f{x&HD&v82(rG^ncoDY%1_`oHxYKdAT!^h!D0i5%
zo+T~LvJ%I10600J<_CoOAb@O`!G1*`JTr9h$(lvI8Xoa5zml)a^xRx%1_8dX{C~II
zDg9T)j1!0o`spToR4Vq<Ef5FlKs8A$BtLd-2_NWKgHtgeiS&duWHp{Y*%snLtJI__
z*V*n6ncDFbuAAQP&B>qrUGYGyrR@bm>a~m)d}DxXNEH=DRYcuvr-M{CJ`#Jll>?;Q
z!)8~nasc7S-rhg``t1=iG}=8%l=831hvskU=}ZGy9q>ted>b306z15mLXJ8!>SsZ&
zO`K|x4Ur)^7GjgTFTCmpQr@V3;$QZ{>sbivuwpXlmZSCNsIYDXo*A%9+}KBPx|Obm
zSRYr1*oc&pg(8D`t0sp!a-Au+Bjd({5QAEI6)QC1T)k3S?@H%EqCoD1@$=FyoWzh6
z!a$UxNqJR}lm={2E!>F-5q${*He4qn>e%^mG-<%qGTBqnG4LQ>SWHGrhD&;wKq)$|
z4dQ*Fa=AvG)m93#u+(|$|7P(MO$l(we?OgKpmyEWiceYEPkj*)tD-0^;!hySaD&{&
zH-{#^e*!~6N2J7{$w<<dw%IkwI+yHO(vdLiYyx`H28AiMM+?Y?$1H5el+^K?TaLsG
z#_)+<ovbPJ?s@;-<*=(|kKpNcFu;-3z~H^h;)f@&{bH^SrKy@s*)04fb<hUVQz9RW
zm`&MmBTe+8CuZvqho7q8f|$i_NyMfBxbrYMB9-Czn!o?X0VZgtj&V?UXCMwvvZr8>
z007r8R_h6>?~AI-r|o8SpBJc9Sg}Q3ss0k&l=+!4+>!pYG#>mkmIMwT)Y@GjB+R57
zu{cSQ{V~_-JDZOlo#M1&rxGDRj&Q3BHD1l%NqpIR!|DJPml3|enT$aN3u4O{uL8S0
zRNTeDG8mlq(w8zKUJLi=)(gx>KNJQt<J{MXt{Nv}Jfy&PeWYsAUC^vEkQ4)yHJG#^
zuCkD~R{X~x421lJm-e0wcyL@cc(4<LcdVyaW-+8uO9%hYn!Ew{WRp5FZQehtL5UU`
zQ=(mI=8JDyUKQREm*8M#gVejI)qJ|D;ivxNVGnV%m*i?HiBw`MIy|RhC7;2omfFti
zJk*il$Dns4{GvXiQW=EX99|*lQ?Dr}CN=L|!W<FqoO@b~J-hSx&xK{;apWHZj?m|A
zqv_P=(mCm2V-DSy$QqYt%1Th9N|@Sxvk|*J;i%6TpO3uy61vLFD*4*fI_LdVzSB!w
zwU|D*-9oKq*Z?3qNS`uXMEqDi@+&E(WVK$vIY+_I;X6lMYWymDV51`f)KLlq?f3+-
zoRm_@-=v}<4^AKRSotess-+3;^v{^xwjYx~iO%QlUR#oR5tEkv0p7!J$65CbcD@K<
zD^-&N#qpVO<U7)mmafg*ezrb&l>94oFk+C2LXqU%ZG+b+jr{^vPU+o8SiUWxbN@Cm
z_NCE9WU`mot?T4P#2dRr!lzbDnt8L9Y5g|#D88iDI>Qv<Is7MFHqj7AmUU)hBJ<Q%
zE6-<!!FZ0Np3o=E%QtJFDlMQ_R;gUr7ztGUtLs@4-|u@^m5ay7rYN&5Lne6mUwgA{
zFC+z`Ef$=bVAKf!xHLc9&eJoUouSZHyZ^T_7Ac29D@|F<cPpE}isDl?(eALCB)y|O
z>LAmb!MGf4&=ts<%~o9m=1?>`&Y!8$wS}4I<p)_6cb!~Sd643Fc$0#krhmTdFpNU(
z#WwY*kLf<w6{?NNn;HE>v8Rc^pfHtl@+4<r9NkCfaODS~{-TJq=m5*2WGa@TQu|V2
z?!_!eD;C{fBW_TOis%JHJgLW+9dfX~DwbsL#%cfQd*X(0w;o&hxXSs86L*fsFj#tP
z87#jtIA)XQI5*^<H$@BrnNNPyg->(wY+fCr$1wpp0H}nW!_Uygr`4?|O0Fmk)0}@o
z#j0F1xUfccWgwP_$1gD-EAZDI>n4u=P6^Wlb_JHNZXYxDXT|$t&E`PFWE(sQ`g||r
z+=B4@#W4K96RF46k^-okPel@?HtY7#{VT0Y1WTK}i}gT1zsF*&GH$0z<55Rv3z>tI
zwyYp{Hrya}w~JlDdo~9^4OEo{&36_<3wGn4Q`&f-4_(&gXyV<+vT@mQDr*WMAQT@D
zXG%fHhh<Ftkfh1;FM6)gn^?J=;NyvFg=IDIer+K{&gX=$7J9RCeXB!Wbd_h3uTh?K
z!=s7>)mzx9sp67upjbQ@Dy(XI7x%s<%h7OtF)WI&>?9+xti#BX_5XV9t=x3Pih6k6
zxT1FUX6v<{Djk-2iXkJP-weQx*iR@}uV2&=bcQTbvJ=T|r%WU0{m32Ydl5CEs{ktJ
zxBFvQYjw*S=qo7;eqb)jv<$4xKt{vg#;~VN_<l{DQTY%0FAvNGenxR+^sV~^w~@@3
z?6)N%@`0=L2+|DxZgN5KQ+~|PR_C9Y`eTUF<4&_vay-Hy3wlOC8)h}qXVj~MTQn#0
zB@kHFBy`-DuonL$^nIYMxB?+55>Vwqz*h?&c!D)UrUXa#jpuSp<mYr!%MlDDoL{|y
zqIozLkqFPJ*nfM3WZx9<(fa7L5kxPdmwZGAJK4#BAjz>Q#_;4f`rez4A2*bEoTHp^
zICQHcEU5$4qG;C(nVWF)#HTcvARV&8S&6LwzDipE3KddrxAn@S&z@$76Qs=$|2K?M
znV7SX#gR2KrOx3c8;kN%(+K+p6L^R-uk>CWcD=w6e&o6>aP4Q>ky5PRvQB*CrqiT?
z5Mo{iwvE_$nVHAQW{K(i!B9JX^cIRfL*bm%V#0c$v68%bv4$Y`jLFX6Iq}22QGA2d
zsj4ZT2Kk)fFhV3j8LKEyJ@~fKJ4;T%j>JGco|t5l72*}WH$v^N(4{u@00+?%{bW5O
zmC<(@qD3hRKCNSrM0wItx(pDIWI2Sb$kT?yD|-~vE{eptlak>0kmaIPWd&<4XRd|O
z@WW6<S`6osBFXn#`b$@S{ZZZjq<S*Y4UKh2i@cv4PSJ%qCa=ECcKm#dPM)K5a*C={
z%jUC}FDUh<`Ta_yis3cHfH>B^TXt3^@nny5B#f?ju*v=JIu`!HKjk{b#K<z^I9~l%
zfNL<%JC^4Ym)0|-9`R-CcrM{oQvzCn4Limje1g@rNx@rQoj9N7h?>xcS7fwoTod<w
zbP)Un;1ah;*EwrYbSQKZMSKqf2U`RRtW0QN6oID3kE-gd-&5qw(C}~cM*<p$biC*%
z4@uE)Q_{)yz__dfPApKvd42zaB95Q9Le(}WyL5Er5_=g5A<ApElJ!e9Uk@+`mnZr1
zr_@VyR~70<S91FpQLkjr<Lb_}c`f^iaq<!3?r3PB5`kF+qtik&qXAf6-j_-cKX0Pq
zHvV9x&vRrHRH^Nl%0V@Uc-`0tQ}n~1m5+QSij<o;Rm?i*v94347RW`zXlzu&wsI8a
zK;CktkTR5K4BUG9Gwf>TnNv;=+QdSP6QqL5xP=zZR<|=z9>zQwIjanwT*v~Zx0O)N
z06>;6Vr`mzTVL+GH`gp+RP3y1UNzy)IKL|>C_)HaxJ4l$)ROmVw7ZTabvu5PkeQuN
zd4~QB0Q?eJr(>TP22p2i^1kP0BrS0Yl#(cV1#y4<9_HWHDb%UR#O)cq$DZ}Z7=4z-
zTL-M?)R%xysg<@X<~ig#D#F{z-{S9!g1*c;gJAkc+*nK87PzN>s31z#tQ;3Z<+M>_
zxSX)~+~J7fL|Y#R9f(M%z3DVk?rn`nwV<a!hqNmpo`4pk%TUW;PWh+*EAWhwUoLL+
zG{-5h=?gULr~qIS`F$Pa1yG>TONf@x+s9O3IOAseCSoyAKI=QJ%#JDh)W43RxY`+6
zCw$RLa3*Fj%x1g9&%S*_-&}d;a2~AHgV8nv_chOIl%p~cD<uXu(6nQ0lDQ_CvQfm|
zetKYLHi3yC;RBDK$OfJa$L>0)8&8T9JC3rN$!LLo8bWS#Kb7Rs6X3~WYL%C@|5Kwi
zcmV{@Kt<d`(DvyVrnFy^Uk*)}_%-*I-{{<SH|NDRf(<9O-fL6^Ss;SY&k@Xl6T~I<
zN}ost04MqN!)%uR!&?r!Jhg0R5%HVW@mt?<(U0_kL$s393KMhPj@vv@;?4qzlRoQh
zumTLdw0QH=<DKj+tk`i29HLaohyF}13@v!bIGtR21<LUWdid@Af~DE5(YI<G+BfAl
zH*(2)+t&l8_gH4t)@>w{`UAhQekzob)nk6(=Zhv6TW9!!e7?SafSkO0t?G_g>hP{J
znHSLrTG!enbcHCfAI_V_jxeN8GC;aF)yJ^p1(>1*7}g{WM`N0NeUW|!4LHW5@Q!_C
zgPuG4&MshCHc=LPuO}Yy<;+bTye8chWod+`ZH+_p%;F?0yp_;d3z5V1Qp!Q27fgKj
z(dVov;{@bDNx{fR7OZuM^dy783wn%Z|A+sgsC0PL!T0pKq;Uraxrx@Gu~XpAEA&fD
zbQyf*uvi@)zH*A#0Nu>+ppVz^LnrddEYn=Z0Y`0c1qXX7xt;<{;ajg_GMI;8X)R9q
zyV&M3ts?<0#oY5gzz^ViMX9)-@QzRXN#Wg6bYF*W!$F&}+5)Uh0mVk(-~3h&TPXW9
zaK6lj-p_6xKoOE@nK*Pm6&>JkU?7n;0ELJq+7o=(4h7rfTarU2$QvFG4zvKAWG^)F
z=j-k5b=9tx2H^guK1zeOiX0UmhE_&7*#NzmtjDhg-{J$PYZy^!!+hLZwV-Yo*4P%Q
z>9dgjh>L!t>f(jI0|*KnjJ6g8IR>`a`Iqs@A6b(q4kpTIU=z9Xhjx{r$!qbiqv(rM
zM^$ay+;|A5x7~(b5<_V7_y3PV24lU|l!@A?OoJD2&Rjo}@)btx-W1D?4D@U2TRe#+
z9JdS?c$Wepl$M8L1;5gUegf8Pn|~`Nz^9Xm+O~7GI-wzg{lBS6cAR7y>}8~<@ouRC
z`F6&86A-Bzi6QsX&Uo#KIAtvgcf>BU=*@(&%`~y<mtm6JI*WKenW^E>U2fH$ONh_~
z=kmr;`YrI0)40Xd>}jjn;$|~{r&}~!Tr#AlJ_GSf`Hq42I8SS#QHod~TM|875HJ$f
W4Z+~3jCwH1_DVRYQ(ZfT#WmO@J7$~!

literal 5157
zcmV+=6x!<mM@dveQdv+`055eCn{a<fStn3~uWS2?3)^-8NVT_a5;f*OWsS#FS@@NT
zPh1bKIIWoWIp~Ui!jje<Ou%|U(KV5JpKAB@z=BPEzgU)_m7MVg*X*9!+nXufUy}wG
zTM^UUT?>Ki!WYrIQNn6w1xb(F`>uS~*YWuFSHGyU%%CepLa7FEHTi3Ut6q~GMC8A?
zc!z#(bVFaa8p}^g#^=iohmi2-yT&me@JCpX3yMD!Gg-b;pBhL1zbR3~@@f5Veost|
zSvpPgl$`w|o64eRpz0+i%6BgPy75guF2p2?ZXC9y-wR~y;@sog5rkXkRYQ~v<xS3h
znn7qK+pQY)xUdLm_RrOX`=fFXInwwgz#EQFl1s6iOf#J3j9?U$bj&&ModD5n`kSvP
z$16}wvGxWr;wI`8;pKcMcw4nQ|3P~mJQr0^UJxFAp%pa>{KynW=}>aU>7yb?K`L<%
zM35AyD%%--6fO3EK3O;(#f3ePFp$P1{T}h?g+zy{1-<z|INhO!4fOm-VLH&m(E;ud
zS5e5vE@L)*XYhB0^;+ay_}C1709$`<)Qj1Lo_Beyq@g;b6>Fz0B2VU9Ay;;TcQU4}
z)kaN{=@=Iw6&7$kDWZv);NvkVVy6G7bYh-RA2gfD2Fb2X3ulHLB7xL3b>;*R&7){z
zPRvmCCtEw0MVak@CAT4)gh)iy!2kP~g29HF(?3#kc#4XZ&~(V@uQBgGp=(eBy<?{E
z*4N$N%n5n~0H)y9jOUT*_Mzf4qLlcg423Qgjcsav{Abs;1T-|xl;)Sd5_psIwx1s)
zB@C(D2^YcQU=BrStXE?rwt7^*Nxc>^^8T<XYFq#sF9FB$y63ng<ITcWhzV(UK6&bW
z1iAxdzSaz2+&v&<(GXg3U6zCrfk|vpxPbJ6`}&i~eeedJ(80n(k8Elh9pc0Mq6-B>
zKT5_L3QZ*CF~bN63;~3Y^o`GyP>b@)G=%;ySL)t)Zkl>^QS*o;<kovCu@M6a>TV9h
z{8)2$ge2Nhgfw{EXS}*L6-Pk{_^$4EC}JBAMqe4}c&nXP7p#b78B%okG8^vF@>BDF
zD=a=cuCy7}!q+oQ`>=D<yUYf=^=Xkv?59#M3iQFW!p=`?kU@`B8UPI96PU|D0YOy1
z`VhHoxUq>Rodf-~oDJL{`j-{`7pfj48%q!XYk=|Cc9DPj)6B0>Q)QSb8=sCj;t>VU
zSuc%i(>=!K9w_&(9{3qqHZ02UmfVOr9t%F@<n*)xfc@z=w?S2W^g7(qjQ8zEhZq4K
zSVn))@xbkqyxdt5{K1w|mvOVzZhs@f*zgiDYt|RxTf%#ip(qeJgTr}*xw)6tfv4c9
z%Nj>zJ<uCQLZe^xaEzVm)}tl8ZM+cun>bg10hYOTMfm^{`QDLe9MYOPL<5@M#zQ1T
z_)!1n^(mp$yx`v_C{iLmmI_+%5+Cgyeh=RF;ElhlC0qgYsMOA*O^lAS6@F{eub<Kk
z8A0k8PLu%*{O%U+m7%pX6$E7fjE#C^)VY#Us}W!aKE6P?7@cF4ZM^?{dx;Sb1Byds
z`t4I_XwSEI<@xaB1fkbhDh|j!R%$sc)ew=`s^2y*9M{Rd5?Jov=T+k>|4inPzrAqm
z7wBV!d)wgvzzb*z^j8Y;@VBtTSN{jA{9yywwB+J%*;ho@)=b>b9OdjZ`9P3*xShgE
zg%rtv`KjLk$kCfybwo6LW%lBDG6n_Qe_A8!x-JvC5}BT|^qy^EPoDn=#I`4K*BajU
zt=8BaLli@QBy1dodSZiCLp|2O#9uN?K)zv%1wlG^XLxIX!QmBHyY}Ovx^($SnJs(C
z%tUv?6)FxBA*$vp)#=On<iM6*x)%%n2*QO0a+su~^{oz{ZPW_oj!8A+6&}(tLy`rm
zaS;2+pg#Z|Q)@X5P+z}yAxN1tAC)tPt0UcFbo1TSj+XGwV}7Dip`ep=Uou_w^0Zz;
zJxgTx&<sD@&5O2;5X4te`1&2knI(UR?${IYX_UgfFQE~wGll;=lo}2pJ`>McnD>K>
zHIzk>Y_WD!?7Rgl$Rj=|zUxXXKFX$T<gMCzT_@2+>#9`{;SL)=TX-Xp$mCZk>NAYj
zXvzKhaKYYjp3CDjQdlPjp%})cPU3bjV8B(Jk4iMOLTK2!6e|CLAi+5k@EB`OZnt_+
z`7L|9U31FrvGf`4vX*I#{!aE<L~I-0B_G7a;+%Zuy)(MJNr4s}yA?VV8w8m*2b(be
zeg{gDb&WHr7|e~39?SlPURhCalY(;dl28x2%VI!vi%9rh{_;ZUN@`wl=}wm~v!Eci
zbgf+DCACA*JxE$}ae;47020IO^ixuS4@sCHpOHQuizRH$-b24Und5;I<vu&oVgKPn
z7i=b`WJyr1r34bOBDCR*F}1G#y1p~O@P=nt_5yT-b0G?M`_A`Nwsz`O^PKS|2%7oP
zmv%r&_buC5-BBh`&n^HQ4W4uIK_gd`z#D~4s<qoMkn@!ISXaxN4^_pt3bF9J1;>n#
z`i2$RQCssG1H1?)lvS=0@=lH_M>b@_n&g5BPs8}S<%|fvV~e8JUQCF%zFu9}164j0
zqU_3|wYD4Q+yryRQyEKbV{#}?_yzphcbM5x{JauGIs^;UZpKr*oQ1o}*~kZ{(b>z4
zSJ|#O6|Y$tBkONP93-3tK>PE^o%&~S{t%kMnh~7Sn&?`S^E!#*AcnEtg}MbNMjIEX
z8o3BL`L&`yk^mwD8^JXgaRTjQz56zvv0#1UASlDfYOc8b!%GxA$z^!<COG`0C2>%R
z39jtO1Bs3l>g_#S_@@t~I(PLx$UNn&88?i~c~RdKF-$i;*_9q?o-tZP5Ucf@mQKgl
zCpAG5hv<_IV$kG_B|7NHa+4NTsZ;z=k<ab~v5!k6>rFQ#Cd9a>MLZOuD%h9Vp^BVd
z;yS%=mZ%<{eMPKVy{OTDCD@gauyF0#@aG-Ycyj!vJ@d{N1cY{`(Z5wE)QlJ_w)&;J
zlRNI_k#hsx5a^VmzQ@q*%k4+DH$^Q2ck0z6pbdDx1y`!uNf2N0Y<t2<4jz75&{|`2
zx0EGCFaHvXc{vE6!7q6hf=9VM<qU0StJ>3T7Wcn+xYSUFKl@jg2x4`#0YGs1&!9>N
zYCTJ*Lz&lpQ!#9$!wf6quuF>(et-et745`GNx2M*KcQ*`FnEH3kPzl@N>~j$#h90j
zp!V|_`L7%Q<h>h;6Whc<GfLeekT5P~K!sKKd@t*XI^RC7Pe?$Y7yH-34uSpUgG`xE
z<RYN?j~}sUZ$P?zeHsw-=fu>H!sy&93+FSB^Th;GU|bZjEYYQ-_n>h<nuvtYn+wG$
zlbP{GSqj0&saFBybGAk1@9ty)(LBZJ{A7xm5Oc1G`Ah4=IyPGBWMx*BCdrnDP}&W3
z`mS8In0-k9$|>V9(qDoxggxaOgj;`R;+WV>DHJxxtLcR|aRF$qHVG4kGN>5|0EF7N
zO+JARJu3Xuq#M@&f2;&0>+I4V!WJP^ZU^%SsSrQQ9Anw2NO@F`^|bT2qU3a^shlp>
z(5bYH+{qtX2G)Q;n}C$c1$ybFd?6s&xgk8lA&?xM2&{6&fk>qpX#As#L68@Y*gY+1
zP+0(D$~W<qT(H$nsOx2tC<G+sSE?yynSP}yw?piO+iLvNit&v&Hl4NjpWM||n7{N&
z>q-V|v?qVMCk<A8v(NC%BCgsfv_}}O=jtv)rkeU!$|DIdBbdUSFYGbjf<)A<E%XI7
zmq`zO>`ob1hgArk4+w%Q=8Nu>%KH^O@Zt8aD-Iti^Wi=t4(NtO_k=>iespp`YoTO+
zmXd|PsmpB9wM@b-Vps8wO2%D><2^h1x!k&86*j4Ahq5BOq+FHRAK)B=_(7dE@D$?L
z1x;9>>%NZa4JjtgE|+)^7wfK@z2)=YG|FbbAM@2+1z@PXyqvr!*6Pa@8n#yVo&NlR
za9@h~wLUkOM<;PdzD7@D_4i^m<T~LocHQwi+7~#0m;5clbg`H(yBjmb+6pjx+A_~Z
z_GVs8L$D7*{t_|@*ojhE(zSaQHOU#Dp`*|mjHL047p;VJfJ{d$7pxYZl;nEedIR*z
zKn814N9l{AXmIfunQ@DK4lkc-9)=(2Qnm-^X?eASod&q(&!_xZ+ZQs=WbnBr0|J$q
zZc+qLU4lKvcgCxd3(n5$IgNU{Ot*j+xAYqc7&rtC*YayThnhfZD7P5qp>101pJbQ-
z-&FDBA}X!FCX_jewaHu6ItGO>HL#23b}T)hjuCZ;ga1`d)MT(aIC@J3yeu^V99zfV
z4R=9f<Bra91gfy=Ji}z}2omK^o@?wp<(-Mc86eZ{Bj~y*nB`55Ta$S6>?riE+@y?4
zd7H_D9LNl7lrnyl3AeBNhlo$i#Ia%ywamnZgXQBBK1>O7v@!Q+Bvy>mz|YUomnM37
zNlInD(m*g2)pr&(5J3rkI#-6cvXvE(-YoaMr+Isg_4rv2*1nc@v}RdL#Nq5FUKYQ%
zzas}ITkHn*$45BX`1SXaWg(8Uu9UA@P=BlCBbkYHg!+#~ztnLieF?vFRZH^~b!>&3
zm|_q%B650Mq9ZB^3l~hf&f02UWlakb3YHAuQ}nm03bc(>3D_+74#~0$;_C3brkq}`
zpRtLaqSYSh)uJ6(uhIyZ*jt5594J=|Tks>kq*UU&<q=bB#$Hy~K{eG3WDw3_U2RZ<
z0nJ|RLxn?vv|3Yg_9>NYK5wm*U+6hRbsF-|cL@qP@RnkIss>@IhWkCJd9^x7rXL0z
ze_=-ZA&6iACtmJ?OddB7v)}gp1cU=V3$g@3Deb9ZQC0H8R;i4p_v9`SjOd}&=8)f2
zTk)1R6Slxr@2P|I&rd8jN*{3^9a9;%%fBH7hp=6ub=bWmwR#~_cfk%GC7A+k{aEG=
z%5A@_dK4{lbK~0P3bQ!STwna4KcFTc$CvRzag;yWJ(iyY{p|ag0D~UR?I6=+ps6Bh
zyzK4`ucH@2EF4sE%Oeiap!^($@Q+>U6#w3*We}#FQqe{IQ}%&`$V_bXeb;3f9a%k=
zPTmLuiHH=l2t79d7yY<{d4nH~C2P@rkLIsnjMo<XG;Wt=oZnqFUps8<IlOAwV-|ib
zX-#Ahx29r8oolg!V9h@4@kLhQ5Xo(33`Rsvb?{MuS#<$!qAY8)Q&M=kCaNr8)PM&(
z)Fm1U_hTd<Dsc<y@;Z*3#*3TgK7)?<|BTPBMlHH}7nz!-re!uRwBAb0VuETKdhn0{
z0l)(d=l@0%mud~d07Ahb#2nvWX>AwM+BkQ1ap<gm_5*w7Mz`vm+J!!BV{1K%ubo_4
zj93*$;}haBg?;`njjYHQ*IWws2s=H3Oi2p`px`;5XJO(6Oi|8aOUf3UYxhWHxYL2t
zy_!y1m%##xp-w5XwYe#lJ8I=b*;XGj#Z1EsVj(W+Er--k80|O;==3fis>omOfU4$V
zeF@h~XICqz`DY%mYW#W{)bwn{@18RZ1yUNATj4CPs>(yo&$<p^1u3kLly9&isJ_wp
zwKLbFb_#vX1ivKO9u^PnX!`s`($X7{hBopoJfXDw;~g|91_hJ0B=<mB7QeBh*hhN=
z>ie*PvXB)bHqE0C1r);$`VY49?#zlGT^hYvL1%NV>sKm~EW+o#OQIIOp;$rWZ*JD)
zmHq|Gdw4cUu*z~y*SQ7#qQm2}%V~5veM1~-FesD)(Mlf$>Oi`~ffY}j6)Hrf`bdjg
z>*(SEdeTL6Jf>$}ga_!Dda7F;(I|&Zc-hCEbNL)DOVckG2UDBHtno6}Bdvx6=Bm|!
zms0rSo-6(aDqp-0m=&4Rb(6|V$V*%fg-_G87dX9dX3ur9Cw8v-Ko^K|6tz=<l{578
zC5H7a67-vq31^=_E*a2aK`Rt34I#SNY9qG^2}Oy<i@5UAZ2d?;*$1w8u*X0?I1+*t
z4IaIOJ(HLqNSt$0p&#PAAq#6UO|xJS$HSnF!n=O^pbAMiWKtg$WA5<7E3-4@=NQI_
z!}L^qj_Hkp0MD43Wj~<l<`%l^n)0z3qPD04D<UQ*aiLt;c4{5xjT#EBRt_`@7#+wz
z>EFqzzY*i~rgiTCWm+hcJ|a=C4u$)yNZ!1B`Xs^&*e<htdDtQ>Z$LKgceR6t6AFjq
zg|HsKURUuaJl=%a%1y*{VDL#Q(iG^7l4VEL$pG{GxkwfS%=ZLbv7elNyGC|d!F~Rb
zj}3{&O)(+<sHZsm;?4Mm`9XBTGsS*^plRPV)o~nma<{#mWeGL}H77L=nhY%x^(8K^
zf>?SC%F-LewC(BA&J_XE7o^SJa4BnRV<(<T?{W~}Ij@icmhlOyQ=Eo)iKKIK8xWpS
z137{E_FATRMFQ>!-?fICX?6}Ox?eF8qr{ypR(mz?KT>OC+uyN!=kl?=O!z4sJIo9z
zR`uN(qpc)!xMWpCUQY-!n1~}8^>nag#0y&fbEpv)mL!!+VmAD6cb`jieWWj`j;rOH
z0dj~s2@LtX05IuJfa>4izish;zw95XJ==$o18b~TQ1*OI6ffuS`w{p16t0IAPag7B
zgU}1I>pF4`LoX;}M@wQ3^gl~^DAzmyo&rRqkyKj8uv$;FIM!Y*zFS`Lt&vZ*2NC1l
z!FhI5eXQ}SZPDUf%c&tn0N$Z_p2g6@+Ip%=@42%T<q?&MXdmRkSo%2sa?*pRqcg<L
zt=OGI5vyKan=<J6Df|Jr4A_6>=-`$ge!?#Sp+Wek+<SfPlVsa>>EtI~lw0oHMJ~>F
TRG<9S8lrymp$`EIPM;rQ!npJ`

diff --git a/hosts/tatos/services/default.nix b/hosts/tatos/services/default.nix
index 569f148..cd0edc8 100644
--- a/hosts/tatos/services/default.nix
+++ b/hosts/tatos/services/default.nix
@@ -2,7 +2,9 @@
 
 {
   imports = [
+    ./miniflux
     ./wireguard
+    ./nginx.nix
     ./dns.nix
   ];
 }
diff --git a/hosts/tatos/services/miniflux/default.nix b/hosts/tatos/services/miniflux/default.nix
new file mode 100644
index 0000000..6176eb7
--- /dev/null
+++ b/hosts/tatos/services/miniflux/default.nix
@@ -0,0 +1,23 @@
+{ config, pkgs, ... }:
+
+let
+  port = 33001;
+  addr = "127.0.0.1:${toString port}";
+
+in
+{
+  age.secrets.miniflux-admin-credentials.file = ./miniflux-admin-credentials.age;
+
+  services.miniflux = {
+    enable = true;
+    package = pkgs.unstable.miniflux;
+    adminCredentialsFile = config.age.secrets.miniflux-admin-credentials.path;
+    config.LISTEN_ADDR = addr;
+  };
+
+  services.nginx.virtualHosts."miniflux.pleshevski.ru" = {
+    enableACME = true;
+    forceSSL = true;
+    locations."/".proxyPass = "http://${addr}";
+  };
+}
diff --git a/hosts/tatos/services/miniflux/miniflux-admin-credentials.age b/hosts/tatos/services/miniflux/miniflux-admin-credentials.age
new file mode 100644
index 0000000000000000000000000000000000000000..24e0f74072a8cbf66b73bc2100e480afcda7c94e
GIT binary patch
literal 1342
zcmV-E1;P3NM@dveQdv+`0Nv%@mO&bPnJu~L3nJ#i9S(i|V{9xh9zT-+bAI=#cE?!-
z&6gtq{-{Rj#20eCvx0d(;yzRBom!CFpM3{A=KIp78_?~O5^TxA>MERLf5)NJTIFCo
zTW+-NBf<N<;jE23(+=kKZ5S3GREK%JeBFF(Te^4k5;Xn+A1a`6K=+E(7%xZ2E{Zpz
z*<1py{$&GbQY9ur(A>v&Iw?G@L4m<37eH-pmn7Drk+r~rM*pX~2DRUfs!A!dIDail
zaZ-<xyo`U0c2R>pRa)u0PXBur5w6ffu~(4ul1q*>$(#PVn|pBX-3K?(iI=(aL^T|W
z=8on0b=BrrZGXj+)VhTc`UU&ro9LU%uN`kBhzfNxzg`|<&C8UA*X&sCLAGNzMsUxl
z4Ul>T49I;XJ5P}7u~4Y4(RG<btLM!n7bVhujV*vgM}~Bb&dIQy3vc4!9N*ZKK9{t^
z!?hgV*y(B>@`hH2%Rkfq^H!9-AlrYe{4CHg1d<a4FFr}ftsg%5E?RVJxerhY_#~qr
zIR>9Xd4b_FNShxmeoWxGFI`t};6EsA&L7BLCsd2m7(x6`tF!nmG?_D7^7f=EvN0_E
z8ix7*;$DH7&`nz@(C)44>r3N8H5bLhpS}!pMbTOo?98k)iJH#PF4e6Hh$7>zp2(!+
z4?zV2D4h?zo_piry&+zl%ILptgDsqHluwg3swp#ONXo&B=nJE5fV$1V?FN%q4oPT(
zHB!>KVF-$?pE6+0N1Gr4_AL_;!Pf7a1bxPFHR6jlNm70F91$CG8G4q0iZYwQ3?Yev
zZZ>Kp=Mmx3nX7ZWDwBqeM8PEr77A6vrZIhkD*Pf^fQ5_CvT8A~?Ua-%Wca6u4#r=6
zdxS|>;OZ({c7kN^G?G?DhFs9Iv7={$Th!c9NfmMRjlnZ(vs*|ng*&=VJc+n8+qnp3
zFWUhU>e(MeqV_WI*y^_Ru3Ybr<F6+mnSsm@M})}Lq+b{gtD$7)G9MCq1~zDu9#f&s
zg=?*=f=~9l)0k<1|MIBb1@*pk=SUV$j6+O6s;M7rU}Y5EAxL>7)?7I_?-Uk2omD9f
znxhXmf$6m8wP@&k?t?2hEn1w4yxXY6r7a5(CRfx@WCB|m^`w`(yHnH1RllleJF7Cm
zIpkc)zuy0tTUr%NG<;S4D5T<Ue`l$VNQ<hSwWqD)+C~FYd|rHKr-_40=PslqIsOsj
z_0nZp2itEw4LEGi%=eY$ni-%6sg4@_2w+K*$Du9QR8Rt!ina*!V&U`PHvRhtJ0E^o
zYUxgD6^23KuNU<rmV))oEE*!Htp0~H;p7L}Pdr9jW8X)0Ns~|SE4wt^*jFTARJIwO
zyzr+Cobs#ThP7N>X-~jPPM_Bxc}IUDwCJ`-uw?!&@1*8`nt~DKBo^X7s6M=sB4YT0
z(PKzi`C3qsYTvMeHi1zACx`vSNfP1a<3ML24prY3{|&(IHbflnK5u}ppD&(UqYxmc
zw%M5zA*Ai!Nj)>Jy)*AE)cIcLx>@q$+Jr>zJtH`UkG=qEE${hFtY!b)xf<(9FvO!L
zBoOf?EYxzCaM;jb12NjdH%-&kev}$=kuhKCw4<*Lzcn{^TNaW3#N?VjA$nC8qtL3V
zYD#CX%>#e{TQzvy&wI}C0>0`D=|72ueVvk4F6@O<Cqv3jog!uAJ8k5JA9`yvr_5hr
zo;byoMVqjH3O^YN*d`o}Xi5<Re$F}`0EkX@CTE?9#xMTEU{j>qn~Q#Bp4-M;Nv>;|
ATmS$7

literal 0
HcmV?d00001

diff --git a/hosts/tatos/services/nginx.nix b/hosts/tatos/services/nginx.nix
new file mode 100644
index 0000000..9290b25
--- /dev/null
+++ b/hosts/tatos/services/nginx.nix
@@ -0,0 +1,41 @@
+{ ... }:
+
+{
+  networking.firewall.allowedTCPPorts = [ 80 443 ];
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "dmitriy@pleshevski.ru";
+  };
+
+  services.nginx = {
+    enable = true;
+
+    # Use recommended settings
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    appendHttpConfig = ''
+      # Add HSTS header with preloading to HTTPS requests.
+      # Adding this header to HTTP requests is discouraged
+      map $scheme $hsts_header {
+          https   "max-age=31536000; includeSubdomains; preload";
+      }
+      add_header Strict-Transport-Security $hsts_header;
+
+      # Minimize information leaked to other domains
+      add_header 'Referrer-Policy' 'origin-when-cross-origin';
+
+      # Disable embedding as a frame
+      add_header X-Frame-Options DENY;
+
+      # Prevent injection of code in other mime types (XSS Attacks)
+      add_header X-Content-Type-Options nosniff;
+
+      # This might create errors
+      proxy_cookie_path / "/; secure; HttpOnly; SameSite=strict";
+    '';
+  };
+}