diff --git a/config/hosts/imxyy-nix-server/rss.nix b/config/hosts/imxyy-nix-server/rss.nix new file mode 100644 index 0000000..f37c6dd --- /dev/null +++ b/config/hosts/imxyy-nix-server/rss.nix @@ -0,0 +1,54 @@ +{ config, secrets, ... }: +let + redisUrl = config.services.redis.servers.rsshub.unixSocket; +in +{ + sops.secrets.rsshub-env = { + sopsFile = secrets.rsshub; + format = "dotenv"; + }; + users.users.rsshub = { + home = "/var/empty"; + group = "rsshub"; + isSystemUser = true; + }; + users.groups.rsshub.members = [ "rsshub" ]; + services.redis.servers.rsshub = { + enable = true; + user = "rsshub"; + }; + virtualisation.oci-containers.containers.rsshub = { + image = "diygod/rsshub"; + volumes = [ + "${redisUrl}:${redisUrl}" + ]; + ports = [ "8100:1200" ]; + networks = [ "podman" ]; + environment = { + CACHE_TYPE = "redis"; + REDIS_URL = "${redisUrl}"; + }; + environmentFiles = [ config.sops.secrets.rsshub-env.path ]; + }; + services.caddy.virtualHosts."rss.imxyy.top" = { + extraConfig = '' + reverse_proxy :8100 + ''; + }; + services.frp.settings.proxies = [ + { + name = "rsshub-http"; + type = "http"; + localIP = "127.0.0.1"; + localPort = 80; + customDomains = [ "rss.imxyy.top" ]; + } + { + name = "rsshub-https"; + type = "https"; + localIP = "127.0.0.1"; + localPort = 443; + customDomains = [ "rss.imxyy.top" ]; + } + ]; +} diff --git a/secrets/rsshub.env b/secrets/rsshub.env new file mode 100644 index 0000000..22b2e57 --- /dev/null +++ b/secrets/rsshub.env @@ -0,0 +1,11 @@ +ACCESS_KEY=ENC[AES256_GCM,data:rRG2zweAkl1ikM/hK1CmQh8YbISEpyFY++E4PRZSdyxKcrvAd3FY2c3237f9,iv:QJKkIo+1IgH9kc6bxRQbmLw9l26wyIg+wWiSHZduVi4=,tag:r6tLB77L8hP8OLt7gPr1Rg==,type:str] +sops_age__list_0__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IDltTWRrUSBIQ0V3\nVXQ1ZEJhcTFENXVoQ0gzM2R2YW9vZEdPOHlCcFFyeE9hMmJRSVhJCnZWNWZIWkJC\nc2NWYjc0ZmRiUTB0UkxqZmNzaVUyV0RoNEZmenVZSy84ZUUKLS0tIGFzR1JZNjhs\nSDhUVFFNbnRHWW5HWUljQWRvM1hCdHNSSEVpM28yTGhkdXcKsMg5hQ8TDOP/3+Qk\npXYkYTCfc/CR7y5xFLarFJ3A/VrUgXhSw7yK+OSqDLp24cocjN4xLAJvfplPmD6g\n+ILq9Q==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_0__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIOEFLUkyeaK8ZPPZdVNEmtx8zvoxi7xqS2Z6oxRBuUPO +sops_age__list_1__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IHJNY1d1ZyA1WGVR\nODY1QWFabUV6L3hJd3lkSk5obVhnbW95Z0V3OUVNL0dqblJBTWxBCmFaaU56YndO\namxQcE1yc2VKdTJ2d2FjR0I2VHN6V2syb0YwNTRrWHBTYU0KLS0tIDA2enF5S0pt\nQmlpMVdkbG9lcktSOXFmSjd2R3J6YVFOSVg0SXptTGhZYmMKXHX7Z98cecXqEdOW\nwMsZBdid+oq7NSXWsW8Mi3869p9WNgZXYYi0v9rt0yp0e7J7OyaUzLhf8m+Ffm+8\n0Ka+Zw==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_1__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIB28jpN+h5euh3NtdN+A+EtqgIatC22e4i1TPTioKire +sops_age__list_2__map_enc=-----BEGIN AGE ENCRYPTED FILE-----\nYWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IFhGYmtrZyBtMUxD\nOGlLZDVDSk5tVFB4c3JCcDdKTEVrNGwxc0JPMGNibjZZVWo3d0FBCkdFK3NRUWVS\nL0w3UmF2SnNaNllZMWdZSVJSVHNDWERDNG1wSHlhM2VGeGMKLS0tIGNKcjBxenFY\nYk1mamN1UWdWZG5aNU9aSktWc09KcnYyZnR6UHUxZGJPYm8KF/ZgLLfsGbQKUCyo\nMffW7XiWz1I0lJIxFrmweB1cT3D7QUmDNmHthAnTvH2edesbysicRNqa2+JQPOJA\nC8+u3Q==\n-----END AGE ENCRYPTED FILE-----\n +sops_age__list_2__map_recipient=ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAIMb5G/ieEYBOng66YeyttBQLThyM6W//z2POsNyq4Rw/ +sops_lastmodified=2025-12-07T06:57:17Z +sops_mac=ENC[AES256_GCM,data:jUVuop66h271qcZrbGIOTIIAUtvocjco5MIVtvSuzbhog4c6+O0Gvmg1L2brvwySnyn/A5hvVXYG2s94zCoA6SCeSm0xKcU5GQFuqwCwMNQqrOVfq7KIkHxiJ3rOXiZ+mXMIDW13q6LcePSlhCfhc5HGvmwoGYXfvTQaLnZVOSs=,iv:RTS5XnscTs/QZ6nug3A3tQHb4iX6V8dFJoIgMCNLu1E=,tag:Vu/6a4zweQhl6q21IwMeig==,type:str] +sops_unencrypted_suffix=_unencrypted +sops_version=3.11.0