diff --git a/constants.nix b/constants.nix index 68a1e72..164ef1f 100644 --- a/constants.nix +++ b/constants.nix @@ -35,6 +35,10 @@ rec { subdomain = "rss-bridge"; fqdn = subdomain + "." + domain; }; + rsshub-oci = { + fqdn = "rsshub." + domain; + port = 1200; + }; webdav = { fqdn = "dav.rx4.tail"; port = 8080; diff --git a/hosts/rx4/services/default.nix b/hosts/rx4/services/default.nix index af8789d..356a390 100644 --- a/hosts/rx4/services/default.nix +++ b/hosts/rx4/services/default.nix @@ -18,6 +18,7 @@ ./open-webui-oci.nix ./print-server.nix ./rss-bridge.nix + ./rsshub-oci.nix # ./webdav.nix # FIXME # ./alditalk-extender.nix # FIXME diff --git a/hosts/rx4/services/rsshub-oci.nix b/hosts/rx4/services/rsshub-oci.nix new file mode 100644 index 0000000..8feb36a --- /dev/null +++ b/hosts/rx4/services/rsshub-oci.nix @@ -0,0 +1,14 @@ +{ + outputs, + constants, + ... +}: + +{ + imports = [ outputs.nixosModules.rsshub-oci ]; + + services.rsshub-oci = { + enable = true; + inherit (constants.services.rsshub) port; + }; +} diff --git a/hosts/sid/services/nginx.nix b/hosts/sid/services/nginx.nix index 58b233c..d3aaba8 100644 --- a/hosts/sid/services/nginx.nix +++ b/hosts/sid/services/nginx.nix @@ -50,6 +50,11 @@ in proxyPass = "http://${constants.hosts.rx4.ip}"; }; }; + virtualHosts."${constants.services.rsshub-oci.fqdn}" = mkVirtualHost { + inherit ssl; + address = constants.hosts.rx4.ip; + port = constants.services.rsshub-oci.port; + }; # FIXME # virtualHosts."print.sid.ovh" = { # enableACME = true; diff --git a/modules/nixos/default.nix b/modules/nixos/default.nix index 6739b38..f831ea8 100644 --- a/modules/nixos/default.nix +++ b/modules/nixos/default.nix @@ -6,6 +6,7 @@ forgejo-runner = import ./forgejo-runner; gnome = import ./gnome; monero = import ./monero; + rsshub-oci = import ./rsshub-oci; tailscale = import ./tailscale; xfce = import ./xfce; } diff --git a/modules/nixos/rsshub-oci/default.nix b/modules/nixos/rsshub-oci/default.nix new file mode 100644 index 0000000..79c11d6 --- /dev/null +++ b/modules/nixos/rsshub-oci/default.nix @@ -0,0 +1,185 @@ +{ + config, + lib, + pkgs, + ... +}: + +let + cfg = config.services.rsshub-oci; + + images = { + # https://github.com/DIYgod/RSSHub/pkgs/container/rsshub + rsshub = pkgs.dockerTools.pullImage { + imageName = "ghcr.io/diygod/rsshub"; + imageDigest = "sha256:67e23d9afc6081753c1a51a71f5a58f57d43b12ff927c2263a9f767112ec1819"; + hash = "sha256-vEQi12NCY35dGJ3vKUjwocfRn8xOBp/2inIqg8DNTRE="; + finalImageName = "ghcr.io/diygod/rsshub"; + finalImageTag = "2026-03-07"; + }; + # https://github.com/browserless/browserless/pkgs/container/chromium + browserless = pkgs.dockerTools.pullImage { + imageName = "ghcr.io/browserless/chromium"; + imageDigest = "sha256:71ae7fa09bd1bf78efaa2803d75c837ab5a56e0d7637695bff3077d87248e642"; + hash = "sha256-adu+fvWK1X/nVt2cFLDO0Czq6GA+46VvL1wy9KQ+/tI="; + finalImageName = "ghcr.io/browserless/chromium"; + finalImageTag = "v2.42.0"; + }; + # https://github.com/hyoban/puppeteer-real-browser-hono/pkgs/container/puppeteer-real-browser-hono + real-browser = pkgs.dockerTools.pullImage { + imageName = "ghcr.io/hyoban/puppeteer-real-browser-hono"; + imageDigest = "sha256:21bb4cd27144a61ca2f85eb3b4f555a074165bc6beaee318873ced0eb4046a04"; + hash = "sha256-O8qV8Wfh75rhtEnSAlUBzBUVNGpypNF1sNY2F4zVqZE="; + finalImageName = "ghcr.io/hyoban/puppeteer-real-browser-hono"; + finalImageTag = "sha-6c6cbbc"; + }; + # https://hub.docker.com/_/redis + redis = pkgs.dockerTools.pullImage { + imageName = "redis"; + imageDigest = "sha256:2afba59292f25f5d1af200496db41bea2c6c816b059f57ae74703a50a03a27d0"; + hash = "sha256-t3SFoeUME8Ntz5QdMfJnJ3QYRNAaHHpXngnBvR8LOlg="; + finalImageName = "redis"; + finalImageTag = "8.6.1-alpine"; + }; + }; + + defaultEnv = { + NODE_ENV = "production"; + CACHE_TYPE = "redis"; + REDIS_URL = "redis://127.0.0.1:6379/"; + PUPPETEER_WS_ENDPOINT = "ws://127.0.0.1:3000"; + PUPPETEER_REAL_BROWSER_SERVICE = "http://127.0.0.1:3001"; + }; + + inherit (lib) + mkEnableOption + mkIf + mkOption + mkOverride + optional + types + ; +in +{ + options.services.rsshub-oci = { + enable = mkEnableOption "RSSHub service stack with Podman"; + port = mkOption { + type = types.port; + default = 1200; + description = "The port RSSHub will listen on."; + }; + environment = mkOption { + type = types.attrsOf types.str; + default = { }; + description = "Extra environment variables for RSSHub."; + }; + environmentFile = mkOption { + type = types.nullOr types.path; + default = null; + description = "Environment file for secrets."; + }; + }; + + config = mkIf cfg.enable { + virtualisation.podman = { + enable = true; + autoPrune.enable = true; + dockerCompat = true; + }; + + networking.firewall.interfaces = + let + matchAll = if !config.networking.nftables.enable then "podman+" else "podman*"; + in + { + "${matchAll}".allowedUDPPorts = [ 53 ]; + }; + + virtualisation.oci-containers.backend = "podman"; + + virtualisation.oci-containers.containers = { + rsshub-browserless = { + image = with images.browserless; imageName + ":" + imageTag; + imageFile = images.browserless; + log-driver = "journald"; + extraOptions = [ "--network=host" ]; + }; + + rsshub-real-browser = { + image = with images.real-browser; imageName + ":" + imageTag; + imageFile = images.real-browser; + log-driver = "journald"; + environment = { + PORT = "3001"; + }; + extraOptions = [ "--network=host" ]; + }; + + rsshub-redis = { + image = with images.redis; imageName + ":" + imageTag; + imageFile = images.redis; + volumes = [ "rsshub_redis-data:/data:rw" ]; + log-driver = "journald"; + extraOptions = [ "--network=host" ]; + }; + + rsshub-rsshub = { + image = with images.rsshub; imageName + ":" + imageTag; + imageFile = images.rsshub; + log-driver = "journald"; + environment = + defaultEnv + // cfg.environment + // { + PORT = "${toString cfg.port}"; + }; + environmentFiles = optional (cfg.environmentFile != null) cfg.environmentFile; + extraOptions = [ "--network=host" ]; + }; + }; + + systemd.services = + let + commonServiceCfg = { + serviceConfig.Restart = mkOverride 90 "always"; + partOf = [ "podman-compose-rsshub-root.target" ]; + wantedBy = [ "podman-compose-rsshub-root.target" ]; + }; + in + { + podman-rsshub-browserless = commonServiceCfg; + podman-rsshub-real-browser = commonServiceCfg; + + podman-rsshub-redis = commonServiceCfg // { + after = [ "podman-volume-rsshub_redis-data.service" ]; + requires = [ "podman-volume-rsshub_redis-data.service" ]; + }; + + podman-rsshub-rsshub = commonServiceCfg // { + after = [ + "podman-rsshub-redis.service" + "podman-rsshub-browserless.service" + "podman-rsshub-real-browser.service" + ]; + }; + + podman-volume-rsshub_redis-data = { + path = [ pkgs.podman ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + podman volume inspect rsshub_redis-data || podman volume create rsshub_redis-data + ''; + partOf = [ "podman-compose-rsshub-root.target" ]; + wantedBy = [ "podman-compose-rsshub-root.target" ]; + }; + }; + + systemd.targets."podman-compose-rsshub-root" = { + unitConfig.Description = "Root target for RSSHub services."; + wantedBy = [ "multi-user.target" ]; + }; + }; +}