Add modules/server/containers/apps/freshrss.nix

2026-06-01 17:16:50 +02:00
parent 036cd1a5de
commit bd8c9210c9
1 changed files with 54 additions and 0 deletions
--- a/modules/server/containers/apps/freshrss.nix
+++ b/modules/server/containers/apps/freshrss.nix
@@ -0,0 +1,54 @@
+{ config, containerCfg, pkgs, lib, builder, name, ... }:
+let
+  version = "latest";
+  serverCfg = config.syscfg.server;
+in {
+  sops = true;
+  db = true;
+  paths = [
+    {
+      path = "${serverCfg.configPath}/freshrss";
+      owner = "1000:1000";
+      mode = "0755";
+    }
+  ];
+
+  containers = {
+    server = builder.mkContainer {
+      subdomain = containerCfg.subdomain;
+      image = "ghcr.io/freshrss/freshrss:${version}";
+      port = 80;
+      secret = name;
+      
+      extraEnv = {
+        CRON_MIN = "5,35";
+        PUID = "1000";
+        PGID = "1000";
+        TRUSTED_PROXY = "10.0.0.0/8 192.168.0.1/16";
+        PUBLISHED_PORT = "80";
+        ADMIN_PASSWORD = "admin"; # Change this to a secure password in production!
+        ADMIN_API_PASSWORD = "admin"; # Change this to a secure password in production!
+        BASE_URL = "https://${containerCfg.subdomain}.${serverCfg.domain}";
+        SERVER_DNS = "${containerCfg.subdomain}.${serverCfg.domain}";
+        DB_HOST = "${builder.host}";
+        DB_BASE = "freshrss_db";
+        DB_USER = "freshrss_user";
+      };
+
+      overrides = {
+        volumes = [
+          "${serverCfg.configPath}/freshrss:/config"
+        ];
+      };
+    };
+  };
+
+  setup = {
+    trigger = "server"; # Triggers atomic environment verification on main controller
+    envFile = config.sops.secrets."FRESHRSS".path;
+    script = pkgs.writeShellScript "setup-freshrss" ''
+      RSS_URL="https://${containerCfg.subdomain}.${serverCfg.domain}"
+      ${pkgs.curl}/bin/curl -s -X POST "$RSS_URL/i/index.php?step=0" -H "Content-Type: application/x-www-form-urlencoded" --data-raw "language=en"
+    '';
+  };
+}