From 43244fd37060ff7f0db15a8af752dfab4b719581 Mon Sep 17 00:00:00 2001 From: sid Date: Tue, 5 May 2026 19:05:06 +0200 Subject: [PATCH] move rss services to sid --- hosts/rx4/services/default.nix | 2 -- hosts/sid/services/default.nix | 2 ++ hosts/{rx4 => sid}/services/rss-bridge.nix | 2 +- hosts/{rx4 => sid}/services/rsshub-oci.nix | 5 +++++ modules/nixos/rsshub-oci/default.nix | 15 +++++++++++++++ 5 files changed, 23 insertions(+), 3 deletions(-) rename hosts/{rx4 => sid}/services/rss-bridge.nix (91%) rename hosts/{rx4 => sid}/services/rsshub-oci.nix (59%) diff --git a/hosts/rx4/services/default.nix b/hosts/rx4/services/default.nix index 385a957..71ead6d 100644 --- a/hosts/rx4/services/default.nix +++ b/hosts/rx4/services/default.nix @@ -18,8 +18,6 @@ ./nginx.nix ./open-webui-oci.nix ./print-server.nix - ./rss-bridge.nix - ./rsshub-oci.nix ./vaultwarden.nix # ./alditalk-extender.nix # FIXME diff --git a/hosts/sid/services/default.nix b/hosts/sid/services/default.nix index c753168..caf4d05 100644 --- a/hosts/sid/services/default.nix +++ b/hosts/sid/services/default.nix @@ -17,6 +17,8 @@ ./netdata.nix ./nginx.nix ./radicale.nix + ./rss-bridge.nix + ./rsshub-oci.nix ./step-ca.nix ]; } diff --git a/hosts/rx4/services/rss-bridge.nix b/hosts/sid/services/rss-bridge.nix similarity index 91% rename from hosts/rx4/services/rss-bridge.nix rename to hosts/sid/services/rss-bridge.nix index d3bd6a3..addd2fe 100644 --- a/hosts/rx4/services/rss-bridge.nix +++ b/hosts/sid/services/rss-bridge.nix @@ -8,7 +8,7 @@ reverseProxy = { enable = true; subdomain = constants.services.rss-bridge.subdomain; - forceSSL = false; + forceSSL = true; }; }; } diff --git a/hosts/rx4/services/rsshub-oci.nix b/hosts/sid/services/rsshub-oci.nix similarity index 59% rename from hosts/rx4/services/rsshub-oci.nix rename to hosts/sid/services/rsshub-oci.nix index 1a1e0dd..5229a31 100644 --- a/hosts/rx4/services/rsshub-oci.nix +++ b/hosts/sid/services/rsshub-oci.nix @@ -10,5 +10,10 @@ services.rsshub-oci = { enable = true; inherit (constants.services.rsshub-oci) port; + reverseProxy = { + enable = true; + subdomain = constants.services.rss-bridge.subdomain; + forceSSL = true; + }; }; } diff --git a/modules/nixos/rsshub-oci/default.nix b/modules/nixos/rsshub-oci/default.nix index 2f3eb4b..730020a 100644 --- a/modules/nixos/rsshub-oci/default.nix +++ b/modules/nixos/rsshub-oci/default.nix @@ -7,6 +7,9 @@ let cfg = config.services.rsshub-oci; + domain = config.networking.domain; + subdomain = cfg.reverseProxy.subdomain; + fqdn = if (cfg.reverseProxy.enable && subdomain != "") then "${subdomain}.${domain}" else domain; images = { # https://github.com/DIYgod/RSSHub/pkgs/container/rsshub @@ -58,6 +61,10 @@ let optional types ; + inherit (lib.utils) + mkReverseProxyOption + mkVirtualHost + ; in { options.services.rsshub-oci = { @@ -77,6 +84,7 @@ in default = null; description = "Environment file for secrets."; }; + reverseProxy = mkReverseProxyOption "RSSHub" "rsshub"; }; config = mkIf cfg.enable { @@ -86,6 +94,13 @@ in dockerCompat = true; }; + services.nginx.virtualHosts = mkIf cfg.reverseProxy.enable { + "${fqdn}" = mkVirtualHost { + port = cfg.config.PORT; + ssl = cfg.reverseProxy.forceSSL; + }; + }; + networking.firewall.interfaces = let matchAll = if !config.networking.nftables.enable then "podman+" else "podman*";