server-configs/machines/gerd/services/miniflux.nix

{ config, lib, pkgs, ... }:

let
  svc_domain = "miniflux.${config.mine.shared.settings.domain}";
  port = 6466;

  listenOn = "localhost:${builtins.toString port}";
  httpListenOn = "http://${listenOn}";
in {
  services.miniflux = {
    enable = true;

    config = {
      # listen only on localhost
      LISTEN_ADDR = listenOn;

      # setup the correct baseurl
      BASE_URL = "https://${svc_domain}";

      # disable admin account, disable local auth
      CREATE_ADMIN = 0;
      DISABLE_LOCAL_AUTH = "true";

      # use auth proxy
      AUTH_PROXY_HEADER = config.mine.shared.lib.authelia.protectedHeaders.username;
      AUTH_PROXY_USER_CREATION = "true";

      # For privacy, proxy images instead of hotlinking
      MEDIA_PROXY_RESOURCE_TYPES = "image,audio,video";
      MEDIA_PROXY_MODE = "all";
    };
  };

  # nginx
  services.nginx.virtualHosts."${svc_domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite {
    forceSSL = true;
    enableACME = true;
    
    locations."/" = config.mine.shared.lib.authelia.mkProtectedLocation {
      proxyPass = httpListenOn;
    };

    # allow API for mobile apps etc.
    locations."/v1".proxyPass = httpListenOn;

    # allow sharing
    locations."/share".proxyPass = httpListenOn;

    # used for sharing
    # TODO: would be nice if nginx could serve this instead
    locations."~* \.(js|jpg|png|css)$".proxyPass = httpListenOn;
  };

  # meta
  mine.shared.meta.miniflux = {
    name = "Miniflux";
    description = "We host our own miniflux, use it to read all your feeds!";
    url = "https://${svc_domain}";

    package = let
      pkg = config.services.miniflux.package;
    in {
      name = pkg.pname;
      version = pkg.version;
      meta = pkg.meta;
    };
  };
}
miniflux: initialised 2024-12-30 21:53:22 +00:00			`{ config, lib, pkgs, ... }:`

			`let`
			`svc_domain = "miniflux.${config.mine.shared.settings.domain}";`
			`port = 6466;`
miniflux: add ability to share content 2025-01-20 17:29:17 +00:00
			`listenOn = "localhost:${builtins.toString port}";`
			`httpListenOn = "http://${listenOn}";`
miniflux: initialised 2024-12-30 21:53:22 +00:00			`in {`
			`services.miniflux = {`
			`enable = true;`

			`config = {`
services.miniflux: set base_url correctly 2024-12-31 12:37:52 +00:00			`# listen only on localhost`
miniflux: add ability to share content 2025-01-20 17:29:17 +00:00			`LISTEN_ADDR = listenOn;`
miniflux: initialised 2024-12-30 21:53:22 +00:00
services.miniflux: set base_url correctly 2024-12-31 12:37:52 +00:00			`# setup the correct baseurl`
			`BASE_URL = "https://${svc_domain}";`

miniflux: initialised 2024-12-30 21:53:22 +00:00			`# disable admin account, disable local auth`
			`CREATE_ADMIN = 0;`
			`DISABLE_LOCAL_AUTH = "true";`

			`# use auth proxy`
authelia.nginx: add auth proxy headers to shared info 2025-01-02 16:18:31 +00:00			`AUTH_PROXY_HEADER = config.mine.shared.lib.authelia.protectedHeaders.username;`
miniflux: initialised 2024-12-30 21:53:22 +00:00			`AUTH_PROXY_USER_CREATION = "true";`
miniflux: proxy images 2025-01-09 17:24:32 +00:00
			`# For privacy, proxy images instead of hotlinking`
miniflux: proxy all media 2025-01-09 19:55:45 +00:00			`MEDIA_PROXY_RESOURCE_TYPES = "image,audio,video";`
miniflux: proxy images 2025-01-09 17:24:32 +00:00			`MEDIA_PROXY_MODE = "all";`
miniflux: initialised 2024-12-30 21:53:22 +00:00			`};`
			`};`

			`# nginx`
			`services.nginx.virtualHosts."${svc_domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite {`
			`forceSSL = true;`
			`enableACME = true;`

			`locations."/" = config.mine.shared.lib.authelia.mkProtectedLocation {`
miniflux: add ability to share content 2025-01-20 17:29:17 +00:00			`proxyPass = httpListenOn;`
miniflux: initialised 2024-12-30 21:53:22 +00:00			`};`
services.miniflux: disable authelia for API endpoint 2024-12-31 12:37:18 +00:00
miniflux: add ability to share content 2025-01-20 17:29:17 +00:00			`# allow API for mobile apps etc.`
			`locations."/v1".proxyPass = httpListenOn;`

			`# allow sharing`
			`locations."/share".proxyPass = httpListenOn;`
miniflux: added TODO 2025-01-20 17:35:42 +00:00
			`# used for sharing`
			`# TODO: would be nice if nginx could serve this instead`
miniflux: add ability to share content 2025-01-20 17:29:17 +00:00			`locations."~* \.(js\|jpg\|png\|css)$".proxyPass = httpListenOn;`
miniflux: initialised 2024-12-30 21:53:22 +00:00			`};`

			`# meta`
			`mine.shared.meta.miniflux = {`
			`name = "Miniflux";`
			`description = "We host our own miniflux, use it to read all your feeds!";`
			`url = "https://${svc_domain}";`

			`package = let`
			`pkg = config.services.miniflux.package;`
			`in {`
			`name = pkg.pname;`
			`version = pkg.version;`
			`meta = pkg.meta;`
			`};`
			`};`
			`}`