diff options
Diffstat (limited to 'profiles/miniflux.nix')
| -rw-r--r-- | profiles/miniflux.nix | 32 |
1 files changed, 32 insertions, 0 deletions
diff --git a/profiles/miniflux.nix b/profiles/miniflux.nix new file mode 100644 index 0000000..2d110ad --- /dev/null +++ b/profiles/miniflux.nix @@ -0,0 +1,32 @@ +{ config, ... }: +let + domain = "reader.fcuny.net"; + port = 8002; +in +{ + age.secrets.miniflux-oidc = { + owner = "miniflux"; + file = ../secrets/miniflux-oidc.age; + }; + + services.miniflux = { + enable = true; + config = { + LISTEN_ADDR = "0.0.0.0:${toString port}"; + BASE_URL = "https://${domain}"; + CREATE_ADMIN = 0; + OAUTH2_PROVIDER = "oidc"; + OAUTH2_CLIENT_ID = "miniflux"; + OAUTH2_CLIENT_SECRET_FILE = "/run/credentials/miniflux.service/oauth2-client-secret"; + OAUTH2_REDIRECT_URL = "https://${domain}/oauth2/oidc/callback"; + OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://auth.fcuny.net"; + OAUTH2_USER_CREATION = "1"; + }; + }; + + networking.firewall.allowedTCPPorts = [ 8002 ]; + + systemd.services.miniflux.serviceConfig.LoadCredential = [ + "oauth2-client-secret:${config.age.secrets.miniflux-oidc.path}" + ]; +} |