hosts/weird-row-server/miniflux.nix at main · wiro.world/dotfiles

wiro.world / dotfiles
yep, more dotfiles
dotfiles / hosts / weird-row-server / miniflux.nix
at main 1.5 kB view raw
 1{ config
 2, ...
 3}:
 4
 5let
 6  miniflux-port = 3012;
 7  miniflux-hostname = "news.wiro.world";
 8in
 9{
10  config = {
11    users.users.miniflux = { isSystemUser = true; group = "miniflux"; };
12    users.groups.miniflux = { };
13    age.secrets.miniflux-oidc-secret = { file = secrets/miniflux-oidc-secret.age; owner = "miniflux"; };
14    services.miniflux = {
15      enable = true;
16
17      createDatabaseLocally = true;
18      config = {
19        BASE_URL = "https://${miniflux-hostname}/";
20        LISTEN_ADDR = "127.0.0.1:${toString miniflux-port}";
21        CREATE_ADMIN = 0;
22
23        METRICS_COLLECTOR = 1;
24
25        OAUTH2_PROVIDER = "oidc";
26        OAUTH2_OIDC_PROVIDER_NAME = "wiro.world SSO";
27        OAUTH2_CLIENT_ID = "miniflux";
28        OAUTH2_CLIENT_SECRET_FILE = config.age.secrets.miniflux-oidc-secret.path;
29        OAUTH2_REDIRECT_URL = "https://${miniflux-hostname}/oauth2/oidc/callback";
30        OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://auth.wiro.world";
31        OAUTH2_USER_CREATION = 1;
32        DISABLE_LOCAL_AUTH = 1;
33
34        RUN_MIGRATIONS = 1;
35
36        # NetNewsWire is a very good iOS oss client that integrates well
37        # https://b.j4.lc/2025/05/05/setting-up-netnewswire-with-miniflux/
38      };
39    };
40
41    services.prometheus.scrapeConfigs = [{
42      job_name = "miniflux";
43      static_configs = [{ targets = [ "localhost:${toString miniflux-port}" ]; }];
44    }];
45
46    services.caddy = {
47      virtualHosts.${miniflux-hostname}.extraConfig = ''
48        reverse_proxy http://localhost:${toString miniflux-port}
49      '';
50    };
51  };
52}