feat: freshrss and minor adjustments

Swarsel · Dec 16, 2024 · 4d14a50 · 4d14a50
1 parent 3e48a93
commit 4d14a50
Show file tree

Hide file tree

Showing 10 changed files with 105 additions and 41 deletions.
diff --git a/SwarselSystems.org b/SwarselSystems.org
@@ -1396,6 +1396,7 @@ My work machine. Built for more security, this is the gold standard of my config
       isLaptop = true;
       isNixos = true;
       isBtrfs = true;
+      flakePath = "/home/swarsel/.dotfiles";
       # temperatureHwmon = {
       #   isAbsolutePath = true;
       #   path = "/sys/devices/platform/thinkpad_hwmon/hwmon/";
@@ -1596,6 +1597,7 @@ My work machine. Built for more security, this is the gold standard of my config
         transmission = true;
         syncthing = true;
         monitoring = true;
+        freshrss = true;
       };
     };
 
@@ -2842,6 +2844,7 @@ I usually use =mutableUsers = false= in my NixOS configuration. However, on a ne
     options.swarselsystems.server.emacs = lib.mkEnableOption "enable emacs server on server";
     options.swarselsystems.server.forgejo = lib.mkEnableOption "enable forgejo on server";
     options.swarselsystems.server.ankisync = lib.mkEnableOption "enable ankisync on server";
+    options.swarselsystems.server.freshrss = lib.mkEnableOption "enable freshrss on server";
   }
 #+end_src
 
@@ -3130,6 +3133,10 @@ These are some extra options that will be used if the machine also runs NixOS. F
 #+begin_src nix :noweb yes :tangle modules/home/nixos.nix
   { lib, config, ... }:
   {
+    options.swarselsystems.flakePath = lib.mkOption {
+      type = lib.types.str;
+      default = "";
+    };
     options.swarselsystems.isNixos = lib.mkEnableOption "nixos host";
     config.swarselsystems.startup = lib.mkIf (!config.swarselsystems.isNixos) [
       {
@@ -6606,20 +6613,43 @@ Here we just define some aliases for rebuilding the system, and we allow some in
         startWithGraphical = false;
       };
 
+    };
+
+  }
+#+end_src
+
+**** FreshRSS
+
+#+begin_src nix :tangle profiles/server/nixos/freshrss.nix
+  { lib, config, ... }:
+  {
+    config = lib.mkIf config.swarselsystems.server.freshrss {
+
+      users.users.freshrss = {
+        extraGroups = [ "users" ];
+        group = "freshrss";
+        isSystemUser = true;
+      };
+
+      users.groups.freshrss = {};
+
+      sops.secrets.fresh = { owner = "freshrss"; };
+
+      services.freshrss = {
+        enable = true;
+        virtualHost = "signpost.swarsel.win";
+        baseUrl = "https://signpost.swarsel.win";
+        dataDir = "/Vault/data/tt-rss";
+        defaultUser = "Swarsel";
+        passwordFile = config.sops.secrets.fresh.path;
+      };
+
       services.nginx = {
         virtualHosts = {
           "signpost.swarsel.win" = {
-            enableACME = false;
-            forceSSL = false;
+            enableACME = true;
+            forceSSL = true;
             acmeRoot = null;
-            locations = {
-              "/" = {
-                proxyPass = "http://localhost:9812";
-                extraConfig = ''
-                  client_max_body_size 0;
-                '';
-              };
-            };
           };
         };
       };
@@ -7744,13 +7774,16 @@ Sets environment variables. Here I am only setting the EDITOR variable, most var
 This section is for programs that require no further configuration. zsh Integration is enabled by default for these.
 
 #+begin_src nix :tangle profiles/common/home/programs.nix
-  _:
+  { pkgs, ... }:
   {
     programs = {
       bottom.enable = true;
       imv.enable = true;
       sioyek.enable = true;
-      bat.enable = true;
+      bat = {
+        enable = true;
+        extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ];
+      };
       carapace.enable = true;
       wlogout.enable = true;
       swayr.enable = true;
@@ -8085,10 +8118,9 @@ Here we set some aliases (some of them should be shellApplications instead) as w
     shellAliases = lib.recursiveUpdate
       {
         hg = "history | grep";
-        hmswitch = "cd ~/.dotfiles; home-manager --flake .#$(whoami)@$(hostname) switch; cd -;";
-        nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;";
-        nswitch-stay = "cd ~/.dotfiles; git restore flake.lock; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;";
-        edithome = "e -w ~/.dotfiles/SwarselSystems.org";
+        hmswitch = "home-manager --flake ${config.swarselsystems.flakePath}#$(whoami)@$(hostname) switch";
+        nswitch = "sudo nixos-rebuild --flake ${config.swarselsystems.flakePath}#$(hostname) switch";
+        nboot = "sudo nixos-rebuild --flake ${config.swarselsystems.flakePath}#$(hostname) boot";
         magit = "emacsclient -nc -e \"(magit-status)\"";
         config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME";
         g = "git";
@@ -8097,6 +8129,8 @@ Here we set some aliases (some of them should be shellApplications instead) as w
         passpull = "cd ~/.local/share/password-store; git pull; cd -;";
         hotspot = "nmcli connection up local; nmcli device wifi hotspot;";
         cd = "z";
+        cd-orig = "cd";
+        cat-orig = "cat";
         cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\"";
         nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd";
         fs-diff = "sudo mount -o subvol=/ /dev/mapper/cryptroot /mnt ; fs-diff";

diff --git a/hosts/nixos/nbl-imba-2/default.nix b/hosts/nixos/nbl-imba-2/default.nix
@@ -90,6 +90,7 @@ in
     isLaptop = true;
     isNixos = true;
     isBtrfs = true;
+    flakePath = "/home/swarsel/.dotfiles";
     # temperatureHwmon = {
     #   isAbsolutePath = true;
     #   path = "/sys/devices/platform/thinkpad_hwmon/hwmon/";

diff --git a/hosts/nixos/winters/default.nix b/hosts/nixos/winters/default.nix
@@ -63,6 +63,7 @@ in
       transmission = true;
       syncthing = true;
       monitoring = true;
+      freshrss = true;
     };
   };
 

diff --git a/modules/home/nixos.nix b/modules/home/nixos.nix
@@ -1,5 +1,9 @@
 { lib, config, ... }:
 {
+  options.swarselsystems.flakePath = lib.mkOption {
+    type = lib.types.str;
+    default = "";
+  };
   options.swarselsystems.isNixos = lib.mkEnableOption "nixos host";
   config.swarselsystems.startup = lib.mkIf (!config.swarselsystems.isNixos) [
     {

diff --git a/modules/nixos/setup.nix b/modules/nixos/setup.nix
@@ -31,4 +31,5 @@ in
   options.swarselsystems.server.emacs = lib.mkEnableOption "enable emacs server on server";
   options.swarselsystems.server.forgejo = lib.mkEnableOption "enable forgejo on server";
   options.swarselsystems.server.ankisync = lib.mkEnableOption "enable ankisync on server";
+  options.swarselsystems.server.freshrss = lib.mkEnableOption "enable freshrss on server";
 }
diff --git a/profiles/common/home/programs.nix b/profiles/common/home/programs.nix
@@ -1,10 +1,13 @@
-_:
+{ pkgs, ... }:
 {
   programs = {
     bottom.enable = true;
     imv.enable = true;
     sioyek.enable = true;
-    bat.enable = true;
+    bat = {
+      enable = true;
+      extraPackages = with pkgs.bat-extras; [ batdiff batman batgrep batwatch ];
+    };
     carapace.enable = true;
     wlogout.enable = true;
     swayr.enable = true;

diff --git a/profiles/common/home/zsh.nix b/profiles/common/home/zsh.nix
@@ -5,10 +5,9 @@
     shellAliases = lib.recursiveUpdate
       {
         hg = "history | grep";
-        hmswitch = "cd ~/.dotfiles; home-manager --flake .#$(whoami)@$(hostname) switch; cd -;";
-        nswitch = "cd ~/.dotfiles; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;";
-        nswitch-stay = "cd ~/.dotfiles; git restore flake.lock; sudo nixos-rebuild --flake .#$(hostname) switch; cd -;";
-        edithome = "e -w ~/.dotfiles/SwarselSystems.org";
+        hmswitch = "home-manager --flake ${config.swarselsystems.flakePath}#$(whoami)@$(hostname) switch";
+        nswitch = "sudo nixos-rebuild --flake ${config.swarselsystems.flakePath}#$(hostname) switch";
+        nboot = "sudo nixos-rebuild --flake ${config.swarselsystems.flakePath}#$(hostname) boot";
         magit = "emacsclient -nc -e \"(magit-status)\"";
         config = "git --git-dir=$HOME/.cfg/ --work-tree=$HOME";
         g = "git";
@@ -17,6 +16,8 @@
         passpull = "cd ~/.local/share/password-store; git pull; cd -;";
         hotspot = "nmcli connection up local; nmcli device wifi hotspot;";
         cd = "z";
+        cd-orig = "cd";
+        cat-orig = "cat";
         cdr = "cd \"$( (find /home/swarsel/Documents/GitHub -maxdepth 1 && echo /home/swarsel/.dotfiles) | fzf )\"";
         nix-ldd = "LD_LIBRARY_PATH=$NIX_LD_LIBRARY_PATH ldd";
         fs-diff = "sudo mount -o subvol=/ /dev/mapper/cryptroot /mnt ; fs-diff";

diff --git a/profiles/server/nixos/emacs.nix b/profiles/server/nixos/emacs.nix
@@ -10,23 +10,6 @@
       startWithGraphical = false;
     };
 
-    services.nginx = {
-      virtualHosts = {
-        "signpost.swarsel.win" = {
-          enableACME = false;
-          forceSSL = false;
-          acmeRoot = null;
-          locations = {
-            "/" = {
-              proxyPass = "http://localhost:9812";
-              extraConfig = ''
-                client_max_body_size 0;
-              '';
-            };
-          };
-        };
-      };
-    };
   };
 
 }
diff --git a/profiles/server/nixos/freshrss.nix b/profiles/server/nixos/freshrss.nix
@@ -0,0 +1,35 @@
+{ lib, config, ... }:
+{
+  config = lib.mkIf config.swarselsystems.server.freshrss {
+
+    users.users.freshrss = {
+      extraGroups = [ "users" ];
+      group = "freshrss";
+      isSystemUser = true;
+    };
+
+    users.groups.freshrss = { };
+
+    sops.secrets.fresh = { owner = "freshrss"; };
+
+    services.freshrss = {
+      enable = true;
+      virtualHost = "signpost.swarsel.win";
+      baseUrl = "https://signpost.swarsel.win";
+      dataDir = "/Vault/data/tt-rss";
+      defaultUser = "Swarsel";
+      passwordFile = config.sops.secrets.fresh.path;
+    };
+
+    services.nginx = {
+      virtualHosts = {
+        "signpost.swarsel.win" = {
+          enableACME = true;
+          forceSSL = true;
+          acmeRoot = null;
+        };
+      };
+    };
+  };
+
+}
diff --git a/secrets/sync/secrets.yaml b/secrets/sync/secrets.yaml
@@ -1,6 +1,7 @@
 swarsel: ENC[AES256_GCM,data:WzMlNzg5iAu823s=,iv:U8ZutlrzBqq7z445kSnvluejtta4X/0YMIIOdcQuftg=,tag:IE0WMuXlNwnBHzXtrbVHKA==,type:str]
 dnstokenfull: ENC[AES256_GCM,data:hxgxSm6pcXOEHZHdSwQkfZryFccQXrCu9idULJhWK/tQ44FyRIU4Yg==,iv:ObKf1M1qkgCltkKJX+URaPSiK5Itd3xlfBXPjf1iVak=,tag:PASR0pgBdcDYjdTZ2eEUCg==,type:str]
 swarseluser: ENC[AES256_GCM,data:e/p76dBuM7eLIrO0HBeJMs8eMCAGAklGcA==,iv:r+e9GGMDCCjh1eWnB4AJMFdMuXbVXxoLMefooq0SOlE=,tag:auRo+JnwH+EardJQbKek0A==,type:str]
+fresh: ENC[AES256_GCM,data:nBOGgSKPh1SgdJc=,iv:y3eX0UfB0bWvETbS4sieSdTbrHZIQajXNxEjewGqdG4=,tag:6zCtZxuFAxT7qof4v1FhUw==,type:str]
 sops:
     kms: []
     gcp_kms: []
@@ -16,8 +17,8 @@ sops:
             ckc3MmZZTVFyRGFaTVlVM29ra3JkbzQKNYhBd9oMS/jn2Oqyx9LpqJjQUx2mEZ/B
             aUNbenlCRr8KCc+yBXuTyI31LPXJ3YHsI1cfp1K/LGzCY2F0uk4rSw==
             -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-12-15T16:12:07Z"
-    mac: ENC[AES256_GCM,data:hMx5qjmUgTS6cOzO2e0tFB3DwJzbruwPn0J1TIa6XbmgvcDThiOAxsfKRQUrc/uWd/1Ehke+VPdt77d8hgUoe+NuUQY592Lx78DhfdaVQkwR62MfKf1Y3unRjjGjILIK935qcesTPXm10hRUenxf8r0eXGMlYnFn3pLTTVOD7mw=,iv:FGdr2xJCRYGAlNt0r0Zkt/Abre/pCXebM6o+VkTcB7I=,tag:aeRgsVSNH4QE6S69sgUXCQ==,type:str]
+    lastmodified: "2024-12-16T14:19:00Z"
+    mac: ENC[AES256_GCM,data:muRO5vJFFgsj1b12pDrrqM1ddydpKl87OIgXPWfU6hBOu4ddo5h1alr1zd5i8T4x0FcrJ0Yb5FiPVa54Dv/nDvhY0q/+I/gaNMreMDtwSdtm50vMutU4zWTCKkO6gs7ca9m8QajbLyDmiwFWUdLyd9rbgPdiGm6Wxsq6GoH7GJo=,iv:nLuHlLzxKGHznuiW7hwzYFzc3l7kCzbT1/KsloOGT9k=,tag:nEOFQfmNOrSf+68d6+wFbg==,type:str]
     pgp:
         - created_at: "2024-02-01T01:06:36Z"
           enc: |-