55 lines
1.8 KiB
Nix
55 lines
1.8 KiB
Nix
{ config, secret, ... }:
|
|
|
|
{
|
|
services.freshrss = {
|
|
enable = true;
|
|
|
|
inherit (secret.freshrss) defaultUser;
|
|
passwordFile = config.age.secrets.freshrss-user-password.path;
|
|
|
|
inherit (secret.freshrss) baseUrl;
|
|
virtualHost = null; # Disable auto-generated nginx entry
|
|
|
|
database = {
|
|
type = "pgsql";
|
|
host = "10.99.99.3";
|
|
port = 5432;
|
|
user = "freshrss";
|
|
passFile = config.age.secrets.freshrss-database-password.path;
|
|
};
|
|
};
|
|
|
|
# Based on: https://github.com/NixOS/nixpkgs/blob/nixos-unstable/nixos/modules/services/web-apps/freshrss.nix
|
|
services.nginx.virtualHosts."${secret.freshrss.virtualHost}" = {
|
|
quic = true;
|
|
http3 = true;
|
|
|
|
root = "${config.services.freshrss.package}/p";
|
|
forceSSL = true;
|
|
useACMEHost = "kempkens.io";
|
|
|
|
extraConfig = ''
|
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" always;
|
|
'';
|
|
|
|
# php files handling
|
|
# this regex is mandatory because of the API
|
|
locations."~ ^.+?\.php(/.*)?$".extraConfig = ''
|
|
fastcgi_pass unix:${config.services.phpfpm.pools.${config.services.freshrss.pool}.socket};
|
|
fastcgi_split_path_info ^(.+\.php)(/.*)$;
|
|
# By default, the variable PATH_INFO is not set under PHP-FPM
|
|
# But FreshRSS API greader.php need it. If you have a “Bad Request” error, double check this var!
|
|
# NOTE: the separate $path_info variable is required. For more details, see:
|
|
# https://trac.nginx.org/nginx/ticket/321
|
|
set $path_info $fastcgi_path_info;
|
|
fastcgi_param PATH_INFO $path_info;
|
|
include ${config.services.nginx.package}/conf/fastcgi_params;
|
|
include ${config.services.nginx.package}/conf/fastcgi.conf;
|
|
'';
|
|
|
|
locations."/" = {
|
|
tryFiles = "$uri $uri/ index.php";
|
|
index = "index.php index.html index.htm";
|
|
};
|
|
};
|
|
}
|