From 9ac31f00fab7c5d1252fd327f3aa9d6736fa0564 Mon Sep 17 00:00:00 2001
From: Lu Wang <rebmit@rebmit.moe>
Date: Tue, 17 Dec 2024 16:32:59 +0800
Subject: [PATCH] services/miniflux: init

---
 nixos/hosts/suwako-vie0/default.nix          |  1 +
 nixos/modules/networking/ports.nix           |  1 +
 nixos/profiles/services/miniflux/default.nix | 23 ++++++++++++++++++++
 zones/rebmit.moe.nix                         |  1 +
 4 files changed, 26 insertions(+)
 create mode 100644 nixos/profiles/services/miniflux/default.nix

diff --git a/nixos/hosts/suwako-vie0/default.nix b/nixos/hosts/suwako-vie0/default.nix
index 1e2bd73..bb7184e 100644
--- a/nixos/hosts/suwako-vie0/default.nix
+++ b/nixos/hosts/suwako-vie0/default.nix
@@ -10,6 +10,7 @@
     ++ (with profiles; [
       services.caddy
       services.keycloak
+      services.miniflux
       services.ntfy
       services.postgresql
     ])
diff --git a/nixos/modules/networking/ports.nix b/nixos/modules/networking/ports.nix
index 20b5cac..aee5c7b 100644
--- a/nixos/modules/networking/ports.nix
+++ b/nixos/modules/networking/ports.nix
@@ -18,6 +18,7 @@ in
       enthalpy-gost = 3000;
       ntfy = 4000;
       keycloak = 4010;
+      miniflux = 4020;
 
       # public ports
       enthalpy-ipsec = 13000;
diff --git a/nixos/profiles/services/miniflux/default.nix b/nixos/profiles/services/miniflux/default.nix
new file mode 100644
index 0000000..69abbd4
--- /dev/null
+++ b/nixos/profiles/services/miniflux/default.nix
@@ -0,0 +1,23 @@
+{ config, ... }:
+{
+  services.miniflux = {
+    enable = true;
+    config = rec {
+      BASE_URL = "https://miniflux.rebmit.moe";
+      LISTEN_ADDR = "127.0.0.1:${toString config.networking.ports.miniflux}";
+      CREATE_ADMIN = 0;
+      OAUTH2_PROVIDER = "oidc";
+      OAUTH2_CLIENT_ID = "miniflux";
+      OAUTH2_REDIRECT_URL = "${BASE_URL}/oauth2/oidc/callback";
+      OAUTH2_OIDC_PROVIDER_NAME = "keycloak.rebmit.moe";
+      OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://keycloak.rebmit.moe/realms/rebmit";
+      OAUTH2_USER_CREATION = 1;
+    };
+  };
+
+  services.caddy.virtualHosts."miniflux.rebmit.moe" = {
+    extraConfig = ''
+      reverse_proxy ${config.services.miniflux.config.LISTEN_ADDR}
+    '';
+  };
+}
diff --git a/zones/rebmit.moe.nix b/zones/rebmit.moe.nix
index 5085232..54364b1 100644
--- a/zones/rebmit.moe.nix
+++ b/zones/rebmit.moe.nix
@@ -23,6 +23,7 @@ dns.lib.toString "rebmit.moe" {
   subdomains = {
     keycloak.CNAME = [ "suwako-vie0.rebmit.link." ];
     matrix.CNAME = [ "suwako-vie0.rebmit.link." ];
+    miniflux.CNAME = [ "suwako-vie0.rebmit.link." ];
     ntfy.CNAME = [ "suwako-vie0.rebmit.link." ];
   };
 }