Commit 913b3c6
Changed files (3)
hosts
chaser-pardofelis
secrets
hosts
pardofelis
hosts/chaser-pardofelis/freshrss.nix
@@ -0,0 +1,17 @@
+{
+ myvars,
+ config,
+ ...
+}: {
+ services.freshrss = {
+ enable = true;
+ baseUrl = "https://rss.hpcesia.com";
+ webserver = "caddy";
+ virtualHost = "rss.hpcesia.com";
+ authType = "form";
+ defaultUser = "admin";
+ passwordFile = config.sops.secrets."freshrss-admin-password".path;
+ language = "zh-cn";
+ database.type = "sqlite";
+ };
+}
secrets/hosts/pardofelis/default.nix
@@ -1,10 +1,36 @@
{
- sops.secrets = builtins.listToAttrs (builtins.map (x: {
- name = "pardofelis-${x}";
- value = {
- format = "yaml";
- sopsFile = ./secrets.yaml;
- key = x;
- };
- }) ["ipv4" "ipv6" "gateway" "gateway6"]);
-}
+ lib,
+ config,
+ ...
+}: let
+ secretFileConf = {
+ format = "yaml";
+ sopsFile = ./secrets.yaml;
+ };
+in
+ lib.mkMerge [
+ {
+ sops.secrets = builtins.listToAttrs (builtins.map (x: {
+ name = "pardofelis-${x}";
+ value =
+ {
+ key = x;
+ }
+ // secretFileConf;
+ }) ["ipv4" "ipv6" "gateway" "gateway6"]);
+ }
+ {
+ sops.secrets."freshrss-admin-password" =
+ lib.mkIf
+ (config.modules.currentHost == "pardofelis")
+ (
+ {
+ key = "services/freshrss/defaultUserPassword";
+ owner = "root";
+ group = "freshrss";
+ mode = "0440";
+ }
+ // secretFileConf
+ );
+ }
+ ]
secrets/hosts/pardofelis/secrets.yaml
@@ -2,6 +2,9 @@ ipv4: ENC[AES256_GCM,data:EOyIUXJxIKZIjLjh,iv:fS6HCVpATCrOCleA+2ZqiJpQD/CqkOeFhR
ipv6: ENC[AES256_GCM,data:0tuG+y2elv10AmyLdTh6o1wggdSm9A==,iv:BzGoHn8JLlGpk/Ifn5Qtf7qHSMUzM3lXl2UOF7Eilts=,tag:mSnjqis1Z39j9+WWPQvB6g==,type:str]
gateway: ENC[AES256_GCM,data:ScDchbNjK1DPkc4Zvw==,iv:AyMa6YkTyEJclJKOqIbWCc4bfr9IXyTrRNJ0cCv0LiE=,tag:bPwlivyWgcpKBd70Pp+z5A==,type:str]
gateway6: ENC[AES256_GCM,data:0kNmpzpfa1Px+b8thcPU524SZWM=,iv:Rw9+fe1DvG/eE369zEiivy82aiWXRGvzTLBXEdd3BVY=,tag:nS1v2h/b169Q/7E7ywvu0A==,type:str]
+services:
+ freshrss:
+ defaultUserPassword: ENC[AES256_GCM,data:go37FcBdkPaI3o9ufWWSe4csncSBXl7Sna1lOU9xCxc=,iv:uslyMRqDLmJp9al4kz+F/f8tcyAzpBtnRHRNaz5E+1U=,tag:cs/laSyPWy0GHN3bMO8FRQ==,type:str]
sops:
age:
- recipient: age1sur93fevme8az4v6txee9uw7gk8xcpz2u0mfzvayavrcx9zkefxsmcpnln
@@ -22,8 +25,8 @@ sops:
MmVobitCNUxvUGJmRUtWWEhZekdHaEEKcx1nN+bR2wsexYV/B5PC+Pu9Yi9w+KE8
Kcy2S1Cyu7MEkE8it447yqixIA5l5mbFGRjfTvI8KZXZUGgLecAktQ==
-----END AGE ENCRYPTED FILE-----
- lastmodified: "2025-07-15T14:00:16Z"
- mac: ENC[AES256_GCM,data:1Ozw1la9CaD9b2neHnxTwZem4WsmrgUymBdUbjvDvgcH01yFVOtMs8FC2nkVus5bFuH7/jfnW30bKyIdclePYiqXXqRs3OS04Q6q9lMH71EZYdrAjlgltDFFDo67Z1WyzB02ePKVeZ7i06lDvBgLq8yq8oHUU+gSslOkP8rREUA=,iv:D5hS4VtKrWuoMx5lL0HU6lNUBTnGPGiqVFhcmCHjXYs=,tag:GcV6UnCuKTrZWd8QxT3zTA==,type:str]
+ lastmodified: "2025-07-16T10:53:59Z"
+ mac: ENC[AES256_GCM,data:EukKdKAbCFYIdQmu57HSwq+hCm4gngThlDZrtiy3t/c/SlmkIPbvMsigTvdHcobV2oWWy55P8Nk9XfrLTBu5RzEIbGc83iyeD/R05DqijkTz7mg3eOcTIrPAlSDsNCxzWP9535A8GZVWmp+QurLBR4Eh57O3VXVJOExs4ennT88=,iv:tKRJjbDsNyTzVrUBIXlhL2z3iJa8p9fv9zXC9ygX0Pc=,tag:v3dYEsRrnkmL59zXcbs5Rw==,type:str]
pgp:
- created_at: "2025-07-15T13:47:27Z"
enc: |-