Added examples for Tiny Tiny RSS (TT-RSS)

3 years ago · 29013bc7ab
5 changed files with 222 additions and 0 deletions
--- a/secrets.nix
+++ b/secrets.nix
@ -14,5 +14,14 @@
      group       = "wheel";                      # Group to own the key file
      permissions = "0640";                       # Key file permissions
    };
+
+    # Database key for TT-RSS
+    tt-rss-dbpass = {
+      text        = "vaetohH{u9Veegh3caechish";   # Password, generated using pwgen -yB 24
+      user        = "tt_rss";                     # User to own the key file
+      group       = "wheel";                      # Group to own the key file
+      permissions = "0640";                       # Key file permissions
+    };
+
  };
 }
--- a/servers/README.rst
+++ b/servers/README.rst
@ -0,0 +1,53 @@
+tt-rss_vm.nix
+------------
+
+A Nix configuration for a VM to run Tiny Tiny RSS (TT-RSS).
+
+It is intended as an example of building a VM that builds TT-RSS for testing
+and evaluation purposes. I does not represent a production or secure
+deployment.
+
+To use this file:
+
+**Build with:**
+
+.. code:: bash
+
+  $ nix-build '<nixpkgs/nixos>' -A vm --arg configuration ./tt-rss_vm.nix
+
+
+**Export** these variables, adjusting to suit yourself:
+
+.. code:: bash
+
+  $ export QEMU_OPTS="-m 4192"
+  $ export QEMU_NET_OPTS="hostfwd=tcp::18080-:80,hostfwd=tcp::10022-:22"
+
+**Launch** the VM with:
+
+.. code:: bash
+
+  $ ./result/bin/run-tt-rss-vm
+
+You should now be able to:
+
+* Login via the shell
+* Login via ssh: :code:`ssh nixos@localhost -p 10022`
+* Login via the web: `http://localhost:18080/`_
+
+The default user for TT-RSS is  "admin" and the default password is "password".
+
+.. _http://localhost:18080/: http://localhost:18080/
+
+tt-rss_for_VM_testing.nix
+------------------------
+
+This file describes the TT-RSS configuration to be deployed. As such it
+represents a deployment only suitable to testing purposes and should not be
+used as an example of a production deployment.
+
+
+tt-rss_for_NixOps.nix
+--------------------
+
+This provides an example of a production deployment of TT-RSS via NixOps.
--- a/servers/tt-rss_for_NixOps.nix
+++ b/servers/tt-rss_for_NixOps.nix
@ -0,0 +1,50 @@
+# NixOps configuration for the hosts running Tiny Tiny RSS (TT-RSS)
+#
+# Will need to be used with an appropriate secrets file. See: ../secrets.nix
+
+{ config, pkgs, lib, ... }:
+
+{
+
+  services.tt-rss = {
+    enable = true;                                # Enable TT-RSS
+    database = {                                  # Configure the database
+      type = "pgsql";                             # Database type
+      passwordFile = "/run/keys/tt-rss-dbpass";   # Where to find the password
+    };
+    email = {
+      fromAddress = "news@mydomain";              # Address for outgoing email
+      fromName = "News at mydomain";              # Display name for outgoing email
+    };
+    selfUrlPath = "https://news.mydomain/";       # Root web URL
+    virtualHost = "news.mydomain";                # Setup a virtualhost
+  };
+
+  services.postgresql = {
+    enable = true;                # Ensure postgresql is enabled
+    authentication = ''
+      local tt_rss all ident map=tt_rss-users
+    '';
+    identMap =                    # Map the tt-rss user to postgresql
+      ''
+        tt_rss-users tt_rss tt_rss
+      '';
+  };
+
+  services.nginx = {
+    enable = true;                                          # Enable Nginx
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+    virtualHosts."news.mydomain" = {                        # TT-RSS hostname
+      enableACME = true;                                    # Use ACME certs
+      forceSSL = true;                                      # Force SSL
+    };
+  };
+
+  security.acme.certs = {
+      "news.mydomain".email = "email@mydomain";
+  };
+
+}
--- a/servers/tt-rss_for_VM_testing.nix
+++ b/servers/tt-rss_for_VM_testing.nix
@ -0,0 +1,46 @@
+# Nix configuration for the VMs running Tiny Tiny RSS (TT-RSS)
+#
+# This file is intended to be imported into a file that defines the host, such
+# as tt-rss_vm.nix in this directory. It is for playing with / testing TT-RSS
+# and should not be used as an example of a production deployment.
+#
+# This is very basic TT-RSS setup.
+
+{ config, pkgs, lib, ... }:
+
+{
+
+  services.tt-rss = {
+    enable = true;                                # Enable TT-RSS
+    database = {                                  # Configure the database
+      type = "pgsql";                             # Database type
+      password = "tt-rss";                        # Set the database password
+    };
+    email = {
+      fromAddress = "news@mydomain";              # Address for outgoing email
+      fromName = "News at mydomain";              # Display name for outgoing email
+    };
+    selfUrlPath = "http://localhost:18080/";      # Root web URL
+    virtualHost = "news.mydomain";                # Setup an Nginx virtualhost
+  };
+
+  services.postgresql = {
+    enable = true;                # Ensure postgresql is enabled
+    authentication = ''
+      local tt_rss all ident map=tt_rss-users
+    '';
+    identMap =                    # Map the tt-rss user to postgresql
+      ''
+        tt_rss-users tt_rss tt_rss
+      '';
+  };
+
+  services.nginx = {
+    enable = true;                # Enable Nginx
+    recommendedGzipSettings = true;
+    recommendedOptimisation = true;
+    recommendedProxySettings = true;
+    recommendedTlsSettings = true;
+  };
+
+}
--- a/servers/tt-rss_vm.nix
+++ b/servers/tt-rss_vm.nix
@ -0,0 +1,64 @@
+# Nix configuration for a VM to run Tiny Tiny RSS (TT-RSS)
+#
+# It is intended as an example of building a VM that builds TT-RSS for testing
+# and evaluation purposes. I does not represent a production or secure
+# deployment.
+
+{ config, pkgs, lib, ... }:
+
+{
+
+  imports =
+    [
+      ./tt-rss_for_VM_testing.nix
+    ];
+
+  networking.hostName = "tt-rss";   # Define your hostname.
+
+  system.stateVersion = "19.03";    # The version of NixOS originally installed
+
+  # Set security options:
+  security = {
+    sudo = {
+      enable = true;                # Enable sudo
+      wheelNeedsPassword = false;   # Allow wheel members to run sudo without a passowrd
+    };
+  };
+
+  networking.firewall.allowedTCPPorts = [ 80 ];
+
+  # List services that you want to enable:
+  services.openssh = {
+    enable = true;                             # Enable the OpenSSH daemon.
+    #permitRootLogin = "yes";                  # Probably want to change this in production
+    #challengeResponseAuthentication = true;   # Probably want to change this in production
+    #passwordAuthentication = true;            # Probably want to change this in production
+    openFirewall = true;
+    hostKeys = [
+      {
+        path = "/etc/ssh/ssh_host_ed25519_key";   # Generate a key for the vm
+        type = "ed25519";                         # Use the current best key type
+      }
+    ];
+  };
+
+  # Users of the TT-RSS VM:
+  users.mutableUsers = false;        # Remove any users not defined in here
+
+  users.users.root = {
+    password = "123456";             # Probably want to change this in production
+  };
+
+  # Misc groups:
+  users.groups.nixos.gid = 1000;
+
+  # NixOS users
+  users.users.nixos = {
+    isNormalUser = true;
+    uid = 1000;
+    group = "nixos";
+    extraGroups = [ "wheel" ];
+    password = "123456";             # Probably want to change this in production
+  };
+
+}