server-configs/machines/gerd/services/miniflux.nix

{ config, lib, pkgs, ... }:

let
  svc_domain = "miniflux.${config.mine.shared.settings.domain}";
  port = 6466;
in {
  services.miniflux = {
    enable = true;

    config = {
      LISTEN_ADDR = "localhost:${builtins.toString port}";

      # disable admin account, disable local auth
      CREATE_ADMIN = 0;
      DISABLE_LOCAL_AUTH = "true";

      # use auth proxy
      # TODO: This should be configureable
      AUTH_PROXY_HEADER = "Remote-User";
      AUTH_PROXY_USER_CREATION = "true";
    };
  };

  # nginx
  services.nginx.virtualHosts."${svc_domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite {
    forceSSL = true;
    enableACME = true;
    
    locations."/" = config.mine.shared.lib.authelia.mkProtectedLocation {
      proxyPass = "http://localhost:${builtins.toString port}";
    };
  };

  # meta
  mine.shared.meta.miniflux = {
    name = "Miniflux";
    description = "We host our own miniflux, use it to read all your feeds!";
    url = "https://${svc_domain}";

    package = let
      pkg = config.services.miniflux.package;
    in {
      name = pkg.pname;
      version = pkg.version;
      meta = pkg.meta;
    };
  };
}
miniflux: initialised 2024-12-30 21:53:22 +00:00			`{ config, lib, pkgs, ... }:`

			`let`
			`svc_domain = "miniflux.${config.mine.shared.settings.domain}";`
			`port = 6466;`
			`in {`
			`services.miniflux = {`
			`enable = true;`

			`config = {`
			`LISTEN_ADDR = "localhost:${builtins.toString port}";`

			`# disable admin account, disable local auth`
			`CREATE_ADMIN = 0;`
			`DISABLE_LOCAL_AUTH = "true";`

			`# use auth proxy`
			`# TODO: This should be configureable`
			`AUTH_PROXY_HEADER = "Remote-User";`
			`AUTH_PROXY_USER_CREATION = "true";`
			`};`
			`};`

			`# nginx`
			`services.nginx.virtualHosts."${svc_domain}" = config.mine.shared.lib.authelia.mkProtectedWebsite {`
			`forceSSL = true;`
			`enableACME = true;`

			`locations."/" = config.mine.shared.lib.authelia.mkProtectedLocation {`
			`proxyPass = "http://localhost:${builtins.toString port}";`
			`};`
			`};`

			`# meta`
			`mine.shared.meta.miniflux = {`
			`name = "Miniflux";`
			`description = "We host our own miniflux, use it to read all your feeds!";`
			`url = "https://${svc_domain}";`

			`package = let`
			`pkg = config.services.miniflux.package;`
			`in {`
			`name = pkg.pname;`
			`version = pkg.version;`
			`meta = pkg.meta;`
			`};`
			`};`
			`}`