Arion: Add ttrss feed

2024-03-15 21:32:09 +01:00 · 2024-03-15 21:32:09 +01:00 · c5b0d3966c
commit c5b0d3966c
parent e806b77315
5 changed files with 89 additions and 14 deletions
--- a/hosts/franz/arion/feed/arion-compose.nix
+++ b/hosts/franz/arion/feed/arion-compose.nix
@ -0,0 +1,45 @@
+{pkgs, ...}: {
+  project.name = "feed";
+
+  networks.dmz = {
+    name = "dmz";
+    external = true;
+  };
+
+  networks.transport = {};
+
+  services = {
+    ttrss.service = {
+      image = "wangqiru/ttrss:latest";
+      container_name = "ttrss";
+      ports = [
+        "181:80"
+      ];
+      environment = {
+        PUID = 1000;
+        PGID = 1000;
+        DB_HOST = "db";
+      };
+      env_file = [
+        "/home/ghoscht/.docker/feed/ttrss.env"
+      ];
+      restart = "always";
+      networks = [
+        "dmz"
+      ];
+    };
+  };
+  db.service = {
+    image = "postgres:13-alpine";
+    volumes = [
+      "/home/ghoscht/.docker/feed/ttrss_db:/var/lib/postgresql/data"
+    ];
+    env_file = [
+      "/home/ghoscht/.docker/feed/ttrss.env"
+    ];
+    restart = "always";
+    networks = [
+      "dmz"
+    ];
+  };
+}
--- a/hosts/franz/arion/feed/arion-pkgs.nix
+++ b/hosts/franz/arion/feed/arion-pkgs.nix
@ -0,0 +1,6 @@
+# Instead of pinning Nixpkgs, we can opt to use the one in NIX_PATH
+import <nixpkgs> {
+  # We specify the architecture explicitly. Use a Linux remote builder when
+  # calling arion from other platforms.
+  system = "x86_64-linux";
+}
--- a/hosts/franz/arion/feed/default.nix
+++ b/hosts/franz/arion/feed/default.nix
@ -0,0 +1,22 @@
+{config, ...}: let
+  vars = import ../../../../vars.nix;
+in {
+  virtualisation.arion = {
+    projects.feed.settings = {
+      imports = [./arion-compose.nix];
+    };
+  };
+
+  sops.secrets."ttrs/db_password" = {
+    owner = vars.user;
+  };
+
+  sops.templates."ttrss.env" = {
+    path = "/home/${vars.user}/.docker/feed/ttrss.env";
+    owner = vars.user;
+    mode = "0775";
+    content = ''
+      DB_PASS="${config.sops.placeholder."ttrss/db_password"}"
+    '';
+  };
+}
--- a/hosts/franz/arion/infrastructure/arion-compose.nix
+++ b/hosts/franz/arion/infrastructure/arion-compose.nix
@ -43,18 +43,18 @@
        "dmz"
      ];
    };
-    cloudflared.service = {
-      image = "cloudflare/cloudflared:latest";
-      container_name = "cloudflared";
-      env_file = [
-        "/home/ghoscht/.docker/infrastructure/cloudflared.env"
-      ];
-      restart = "always";
-      command = "tunnel --no-autoupdate --protocol http2 run";
-      networks = [
-        "dmz"
-      ];
-    };
+    # cloudflared.service = {
+    #   image = "cloudflare/cloudflared:latest";
+    #   container_name = "cloudflared";
+    #   env_file = [
+    #     "/home/ghoscht/.docker/infrastructure/cloudflared.env"
+    #   ];
+    #   restart = "always";
+    #   command = "tunnel --no-autoupdate --protocol http2 run";
+    #   networks = [
+    #     "dmz"
+    #   ];
+    # };
    scrutiny.service = {
      image = "ghcr.io/analogj/scrutiny:master-omnibus";
      container_name = "scrutiny";
--- a/secrets/franz.yaml
+++ b/secrets/franz.yaml
@ -25,6 +25,8 @@ unpackerr:
    sonarr_api_key: ENC[AES256_GCM,data:iENKLrYT7xbRrFAxN58VItZWhGfWjX1Nbu8zpFWA2ZI=,iv:WGFPGGoCvT993t9ROg1cRVPg8+qlDE92VpKfm9PNfpo=,tag:KBMggYqcUEhTg7yVaytysg==,type:str]
    radarr_api_key: ENC[AES256_GCM,data:zFMPIFc682n0wj/UOI6BUag2wVVys3EXCcYNqatExJA=,iv:NwRUIHolFyw9P0iiNrgm6EV+GAp5sSLho1NEwv5DaHw=,tag:TpapILDy8Oad5XzudcXaeQ==,type:str]
    lidarr_api_key: ENC[AES256_GCM,data:WZzb/Is7qdIq9qPEYt0FFXSucUx3qCv/isWwUyxDrB0=,iv:k0CFPUU4UmTmW0R/5sWgptbsfdLlglKze3EAyNi6t1E=,tag:aXUZd43krL9qKvs1uvJ4AA==,type:str]
+ttrss:
+    db_password: ENC[AES256_GCM,data:Yp44TDA=,iv:3eurDNE37mf2qDunCJczIyq26ttWwX9J6OhxMydEiq4=,tag:+Ce6sV40xn3VzgacEAY5NQ==,type:str]
 sops:
    kms: []
    gcp_kms: []
@ -40,8 +42,8 @@ sops:
            VUUxcEhvYi8zeXlCUUViUTl0eWdhcU0KXOfbnDc+zc8lnBcyEAV5EiJSjcSU6AgI
            EfeRw8qVqwChrYn1agslcNnDbE0WQsOCBuA6cE4V3kRofp9HU949ig==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2024-03-06T15:02:59Z"
-    mac: ENC[AES256_GCM,data:jWfGV2lKFoDEX+1OUzbnzYE0zqzh6+GX/X9IsZ1igg6xMW7T1sfQwKrRBHUnRO6HTDd9ppcIsRkZo/tL76mmLRiOlMrsoWD8quzkSjJrW6whxQn0acyqVhIw3KZmmet8+ICV4lIuI006zr3vffPVkDAizhrl3jXnuLBO+8yADHs=,iv:cxozu5kuLU1wXWiu0RfxYJgYUkoMyEUSmfHXrrfCMhc=,tag:rUbr/h3FKmil6zRBSG4RSw==,type:str]
+    lastmodified: "2024-03-15T20:30:02Z"
+    mac: ENC[AES256_GCM,data:sdxHWMIA4KwVNVSBe/oh5LrR4W11NES3qt5HVlAvVqmpEnLfSRMXCtGXnyBk0eN8O9hW6Zi135ZBQeyrVIQlsXU55LXLfQeWBK6VdLIfLScVDmJJ5MAMMl9ExhDr7XZ5tfmMkHsLnUSz7AM0tXmmbj5uwC40NDlyXZgOxo1fV8g=,iv:c0SaijwURfAJ1k0u/hed7jtBIV+4dqHSs8cGftEOmNU=,tag:sGBse6Um0LgUbOF207ZZCQ==,type:str]
    pgp: []
    unencrypted_suffix: _unencrypted
    version: 3.8.1