atlas: start hosting miniflux

5 files changed, 74 insertions, 1 deletions

diff --git a/hosts/atlas/default.nix b/hosts/atlas/default.nix
index 50fa986..220592d 100644
--- a/hosts/atlas/default.nix
+++ b/hosts/atlas/default.nix
@@ -5,6 +5,8 @@
 }: {
   imports = [
     ./hardware-configuration.nix
+    ./miniflux.nix
+    ./nginx.nix
     ./prometheus.nix
   ];
 
@@ -22,7 +24,11 @@
     loader.efi.canTouchEfiVariables = true;
   };
 
-  networking.hostName = "atlas";
+  networking = {
+    domain = "mydadleft.me";
+    hostName = "atlas";
+  };
+
   system.stateVersion = "22.11";
 
   users.users = let
diff --git a/hosts/atlas/miniflux.nix b/hosts/atlas/miniflux.nix
new file mode 100644
index 0000000..a7886e6
--- /dev/null
+++ b/hosts/atlas/miniflux.nix
@@ -0,0 +1,20 @@
+{
+  config,
+  self,
+  ...
+}: {
+  config = {
+    age.secrets = {
+      miniflux.file = "${self}/secrets/hosts/${config.networking.hostName}/miniflux.age";
+    };
+
+    services.miniflux = {
+      enable = true;
+      adminCredentialsFile = config.age.secrets.miniflux.path;
+      config = {
+        BASE_URL = "https://miniflux.${config.networking.domain}";
+        LISTEN_ADDR = "localhost:7000";
+      };
+    };
+  };
+}
diff --git a/hosts/atlas/nginx.nix b/hosts/atlas/nginx.nix
new file mode 100644
index 0000000..1fcfd45
--- /dev/null
+++ b/hosts/atlas/nginx.nix
@@ -0,0 +1,32 @@
+{config, ...}: {
+  networking.firewall.allowedTCPPorts = [80 443];
+
+  security.acme = {
+    acceptTerms = true;
+    defaults.email = "[email protected]";
+  };
+
+  services.nginx = {
+    enable = true;
+
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+
+    virtualHosts = let
+      mkProxy = endpoint: port: {
+        "${endpoint}" = {
+          proxyPass = "http://127.0.0.1:${port}";
+          proxyWebsockets = true;
+        };
+      };
+      inherit (config.networking) domain;
+    in {
+      "miniflux.${domain}" = {
+        enableACME = true;
+        locations = mkProxy "/" "7000";
+      };
+    };
+  };
+}
diff --git a/secrets/hosts/atlas/miniflux.age b/secrets/hosts/atlas/miniflux.age
new file mode 100644
index 0000000..6b959fb
--- /dev/null
+++ b/secrets/hosts/atlas/miniflux.age
@@ -0,0 +1,14 @@
+-----BEGIN AGE ENCRYPTED FILE-----
+YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IEk5MkEzUSBxU1pH
+SXBMZTB0VzRYWnpyekUwcVRYQWwrRk52KzIxTDAvMGFBY0Rremw4CnNablY2NWdp
+YjArZWo4blRuL1hrREZRTEE0NDl5TnNUdzhCdnptUzdlWkkKLT4gc3NoLWVkMjU1
+MTkgbFdJVUZRIFZZLzFia3E1cXBWTGhyS2lieXN3QlRmU2dld3dPaTdvQ1NXOUdJ
+RVlrMWsKaUJkM1J4S29GLzJRR1BwM0V2MVc5YmJQMUJvbnpDeHZBNERtUDE4aWZL
+ZwotPiBzc2gtZWQyNTUxOSAycm0zd2cgekIzeTg5b2c5TDluVzRhMjd3NmFSQTdI
+c0EwUUttWVl1cElBNmJybTBHMAo2cTJPUnZLcFk5Q3hwei9QcDBLdkxJNndmTFl0
+UTlxQzNIQklLQUFraHo0Ci0+IEIuV1RTMjZsLWdyZWFzZSBZIHdBCjgrOWNCSXRo
+SS9SWnNTQWVUeWtDaVFneGVJT210TzMyR2piRlpZeDNYaktVN0NxVDBJawotLS0g
+K2N3T1lzSHJNckdkYnRTa0R2K3ZaWXFpWDZ3WStOaFkrMHZPMUpBOG5iZwobupQB
+nhJx+2NGtntf3OoNRFyOYdrshIaZwemHoJCKJoewj2lJf2Q1n2L48a7Y0ORussw3
+TJ0OFmFrMKHJQbsTXiggdvM67CEKXou5B4CnV6vsr1SVP7z7
+-----END AGE ENCRYPTED FILE-----
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index a7602ab..b917292 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -15,6 +15,7 @@ in {
   "hosts/atlas/binaryCache.age".publicKeys = keys;
   "hosts/atlas/clusterToken.age".publicKeys = keys;
   "hosts/atlas/secretsJson.age".publicKeys = keys;
+  "hosts/atlas/miniflux.age".publicKeys = keys;
 
   "hosts/p-body/rootPassword.age".publicKeys = keys;
   "hosts/p-body/userPassword.age".publicKeys = keys;