1
0
Fork 0
dotfiles/system/nixos/freshrss.nix

56 lines
1.8 KiB
Nix
Raw Permalink Normal View History

2023-01-24 13:33:54 +00:00
{ config, secret, ... }:
{
services.freshrss = {
enable = true;
inherit (secret.freshrss) defaultUser;
2023-02-05 16:52:42 +00:00
passwordFile = config.age.secrets.freshrss-user-password.path;
2023-01-24 13:33:54 +00:00
inherit (secret.freshrss) baseUrl;
virtualHost = null; # Disable auto-generated nginx entry
2023-01-24 13:33:54 +00:00
database = {
type = "pgsql";
host = "10.99.99.3";
port = 5432;
2023-02-05 17:06:51 +00:00
user = "freshrss";
passFile = config.age.secrets.freshrss-database-password.path;
2023-01-24 13:33:54 +00:00
};
};
# Based on: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/web-apps/freshrss.nix
2023-03-06 17:23:32 +00:00
services.nginx.virtualHosts."${secret.freshrss.virtualHost}" = {
2023-04-03 13:03:52 +00:00
quic = true;
2023-03-06 17:23:32 +00:00
http3 = true;
root = "${config.services.freshrss.package}/p";
forceSSL = true;
useACMEHost = "kempkens.io";
2023-03-06 22:39:49 +00:00
extraConfig = ''
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
'';
2023-03-06 17:23:32 +00:00
# php files handling
# this regex is mandatory because of the API
locations."~ ^.+?\.php(/.*)?$".extraConfig = ''
fastcgi_pass unix:${config.services.phpfpm.pools.${config.services.freshrss.pool}.socket};
fastcgi_split_path_info ^(.+\.php)(/.*)$;
# By default, the variable PATH_INFO is not set under PHP-FPM
# But FreshRSS API greader.php need it. If you have a “Bad Request” error, double check this var!
# NOTE: the separate $path_info variable is required. For more details, see:
# https://trac.nginx.org/nginx/ticket/321
set $path_info $fastcgi_path_info;
fastcgi_param PATH_INFO $path_info;
include ${config.services.nginx.package}/conf/fastcgi_params;
include ${config.services.nginx.package}/conf/fastcgi.conf;
'';
locations."/" = {
tryFiles = "$uri $uri/ index.php";
index = "index.php index.html index.htm";
};
};
2023-01-24 13:33:54 +00:00
}