gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 20:39:18 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions
infrastructure/services/tt-rss.nix

80 lines
2.3 KiB
Nix
Raw Blame History

{ config, pkgs, lib, tf, ... }: with lib; {
secrets.variables = mapListToAttrs
(field:
nameValuePair "ttrss-${field}" {
path = "secrets/ttrss";
inherit field;
}) [ "password" "ldap" ];
secrets.files = {
ttrss-ldap-password = {
text = tf.variables.ttrss-ldap.ref;
owner = "tt_rss";
group = "tt_rss";
};
};
secrets.files = {
ttrss-db-password = {
text = tf.variables.ttrss-password.ref;
owner = "tt_rss";
group = "tt_rss";
};
};
deploy.tf.dns.records.services_ttrss = {
inherit (config.network.dns) zone;
domain = "rss";
cname = { inherit (config.network.addresses.public) target; };
};
services.tt-rss = {
enable = true;
virtualHost = "rss.kittywit.ch";
selfUrlPath = "https://rss.kittywit.ch";
pluginPackages = [
pkgs.tt-rss-plugin-auth-ldap
];
themePackages = [
pkgs.tt-rss-theme-feedly
];
plugins = [
"auth_internal"
"auth_ldap"
"note"
"updater"
"api_feedreader"
];
database = {
createLocally = true;
type = "pgsql";
host = "/run/postgresql";
};
extraConfig = ''
putenv('LDAP_DB_PASS=' . file_get_contents("${config.secrets.files.ttrss-db-password.path}"));
define('LDAP_AUTH_SERVER_URI', 'ldap://127.0.0.1:389/');
define('LDAP_AUTH_USETLS', FALSE); // Enable TLS Support for ldaps://
define('LDAP_AUTH_ALLOW_UNTRUSTED_CERT', FALSE); // Allows untrusted certificate
define('LDAP_AUTH_BINDDN', 'cn=root,dc=kittywit,dc=ch');
define('LDAP_AUTH_BINDPW', file_get_contents('${config.secrets.files.ttrss-ldap-password.path}'));
define('LDAP_AUTH_BASEDN', 'ou=users,dc=kittywit,dc=ch');
define('LDAP_AUTH_LOGIN_ATTRIB', 'mail');
define('LDAP_AUTH_ANONYMOUSBEFOREBIND', FALSE);
// ??? will be replaced with the entered username(escaped) at login
define('LDAP_AUTH_SEARCHFILTER', '(&(objectClass=inetOrgPerson)(|(mail=???)(uid=???)))');
// Optional configuration
define('LDAP_AUTH_LOG_ATTEMPTS', TRUE);
// Enable Debug Logging
define('LDAP_AUTH_DEBUG', TRUE);
'';
};
services.nginx = {
virtualHosts."rss.kittywit.ch" = {
enableACME = true;
forceSSL = true;
};
};
}
Reference in a new issue View git blame Copy permalink