Commit 913b3c6

HPCesia <me@hpcesia.com>
2025-07-16 10:21:50
feat(service): add freshrss on pardo
1 parent 2ec8a03
Changed files (3)
hosts
chaser-pardofelis
secrets
hosts/chaser-pardofelis/freshrss.nix
@@ -0,0 +1,17 @@
+{
+  myvars,
+  config,
+  ...
+}: {
+  services.freshrss = {
+    enable = true;
+    baseUrl = "https://rss.hpcesia.com";
+    webserver = "caddy";
+    virtualHost = "rss.hpcesia.com";
+    authType = "form";
+    defaultUser = "admin";
+    passwordFile = config.sops.secrets."freshrss-admin-password".path;
+    language = "zh-cn";
+    database.type = "sqlite";
+  };
+}
secrets/hosts/pardofelis/default.nix
@@ -1,10 +1,36 @@
 {
-  sops.secrets = builtins.listToAttrs (builtins.map (x: {
-    name = "pardofelis-${x}";
-    value = {
-      format = "yaml";
-      sopsFile = ./secrets.yaml;
-      key = x;
-    };
-  }) ["ipv4" "ipv6" "gateway" "gateway6"]);
-}
+  lib,
+  config,
+  ...
+}: let
+  secretFileConf = {
+    format = "yaml";
+    sopsFile = ./secrets.yaml;
+  };
+in
+  lib.mkMerge [
+    {
+      sops.secrets = builtins.listToAttrs (builtins.map (x: {
+        name = "pardofelis-${x}";
+        value =
+          {
+            key = x;
+          }
+          // secretFileConf;
+      }) ["ipv4" "ipv6" "gateway" "gateway6"]);
+    }
+    {
+      sops.secrets."freshrss-admin-password" =
+        lib.mkIf
+        (config.modules.currentHost == "pardofelis")
+        (
+          {
+            key = "services/freshrss/defaultUserPassword";
+            owner = "root";
+            group = "freshrss";
+            mode = "0440";
+          }
+          // secretFileConf
+        );
+    }
+  ]
secrets/hosts/pardofelis/secrets.yaml
@@ -2,6 +2,9 @@ ipv4: ENC[AES256_GCM,data:EOyIUXJxIKZIjLjh,iv:fS6HCVpATCrOCleA+2ZqiJpQD/CqkOeFhR
 ipv6: ENC[AES256_GCM,data:0tuG+y2elv10AmyLdTh6o1wggdSm9A==,iv:BzGoHn8JLlGpk/Ifn5Qtf7qHSMUzM3lXl2UOF7Eilts=,tag:mSnjqis1Z39j9+WWPQvB6g==,type:str]
 gateway: ENC[AES256_GCM,data:ScDchbNjK1DPkc4Zvw==,iv:AyMa6YkTyEJclJKOqIbWCc4bfr9IXyTrRNJ0cCv0LiE=,tag:bPwlivyWgcpKBd70Pp+z5A==,type:str]
 gateway6: ENC[AES256_GCM,data:0kNmpzpfa1Px+b8thcPU524SZWM=,iv:Rw9+fe1DvG/eE369zEiivy82aiWXRGvzTLBXEdd3BVY=,tag:nS1v2h/b169Q/7E7ywvu0A==,type:str]
+services:
+    freshrss:
+        defaultUserPassword: ENC[AES256_GCM,data:go37FcBdkPaI3o9ufWWSe4csncSBXl7Sna1lOU9xCxc=,iv:uslyMRqDLmJp9al4kz+F/f8tcyAzpBtnRHRNaz5E+1U=,tag:cs/laSyPWy0GHN3bMO8FRQ==,type:str]
 sops:
     age:
         - recipient: age1sur93fevme8az4v6txee9uw7gk8xcpz2u0mfzvayavrcx9zkefxsmcpnln
@@ -22,8 +25,8 @@ sops:
             MmVobitCNUxvUGJmRUtWWEhZekdHaEEKcx1nN+bR2wsexYV/B5PC+Pu9Yi9w+KE8
             Kcy2S1Cyu7MEkE8it447yqixIA5l5mbFGRjfTvI8KZXZUGgLecAktQ==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-07-15T14:00:16Z"
-    mac: ENC[AES256_GCM,data:1Ozw1la9CaD9b2neHnxTwZem4WsmrgUymBdUbjvDvgcH01yFVOtMs8FC2nkVus5bFuH7/jfnW30bKyIdclePYiqXXqRs3OS04Q6q9lMH71EZYdrAjlgltDFFDo67Z1WyzB02ePKVeZ7i06lDvBgLq8yq8oHUU+gSslOkP8rREUA=,iv:D5hS4VtKrWuoMx5lL0HU6lNUBTnGPGiqVFhcmCHjXYs=,tag:GcV6UnCuKTrZWd8QxT3zTA==,type:str]
+    lastmodified: "2025-07-16T10:53:59Z"
+    mac: ENC[AES256_GCM,data:EukKdKAbCFYIdQmu57HSwq+hCm4gngThlDZrtiy3t/c/SlmkIPbvMsigTvdHcobV2oWWy55P8Nk9XfrLTBu5RzEIbGc83iyeD/R05DqijkTz7mg3eOcTIrPAlSDsNCxzWP9535A8GZVWmp+QurLBR4Eh57O3VXVJOExs4ennT88=,iv:tKRJjbDsNyTzVrUBIXlhL2z3iJa8p9fv9zXC9ygX0Pc=,tag:v3dYEsRrnkmL59zXcbs5Rw==,type:str]
     pgp:
         - created_at: "2025-07-15T13:47:27Z"
           enc: |-