Browse Source

Added examples for Tiny Tiny RSS (TT-RSS)

master
Craige McWhirter 11 months ago
parent
commit
29013bc7ab
Signed by: craige <craige@mcwhirter.com.au> GPG Key ID: A4122FF3971B6865
5 changed files with 222 additions and 0 deletions
  1. +9
    -0
      secrets.nix
  2. +53
    -0
      servers/README.rst
  3. +50
    -0
      servers/tt-rss_for_NixOps.nix
  4. +46
    -0
      servers/tt-rss_for_VM_testing.nix
  5. +64
    -0
      servers/tt-rss_vm.nix

+ 9
- 0
secrets.nix View File

@@ -14,5 +14,14 @@
group = "wheel"; # Group to own the key file
permissions = "0640"; # Key file permissions
};

# Database key for TT-RSS
tt-rss-dbpass = {
text = "vaetohH{u9Veegh3caechish"; # Password, generated using pwgen -yB 24
user = "tt_rss"; # User to own the key file
group = "wheel"; # Group to own the key file
permissions = "0640"; # Key file permissions
};

};
}

+ 53
- 0
servers/README.rst View File

@@ -0,0 +1,53 @@
tt-rss_vm.nix
------------

A Nix configuration for a VM to run Tiny Tiny RSS (TT-RSS).

It is intended as an example of building a VM that builds TT-RSS for testing
and evaluation purposes. I does not represent a production or secure
deployment.

To use this file:

**Build with:**

.. code:: bash

$ nix-build '<nixpkgs/nixos>' -A vm --arg configuration ./tt-rss_vm.nix


**Export** these variables, adjusting to suit yourself:

.. code:: bash

$ export QEMU_OPTS="-m 4192"
$ export QEMU_NET_OPTS="hostfwd=tcp::18080-:80,hostfwd=tcp::10022-:22"

**Launch** the VM with:

.. code:: bash

$ ./result/bin/run-tt-rss-vm

You should now be able to:

* Login via the shell
* Login via ssh: :code:`ssh nixos@localhost -p 10022`
* Login via the web: `http://localhost:18080/`_

The default user for TT-RSS is "admin" and the default password is "password".

.. _http://localhost:18080/: http://localhost:18080/

tt-rss_for_VM_testing.nix
------------------------

This file describes the TT-RSS configuration to be deployed. As such it
represents a deployment only suitable to testing purposes and should not be
used as an example of a production deployment.


tt-rss_for_NixOps.nix
--------------------

This provides an example of a production deployment of TT-RSS via NixOps.

+ 50
- 0
servers/tt-rss_for_NixOps.nix View File

@@ -0,0 +1,50 @@
# NixOps configuration for the hosts running Tiny Tiny RSS (TT-RSS)
#
# Will need to be used with an appropriate secrets file. See: ../secrets.nix

{ config, pkgs, lib, ... }:

{

services.tt-rss = {
enable = true; # Enable TT-RSS
database = { # Configure the database
type = "pgsql"; # Database type
passwordFile = "/run/keys/tt-rss-dbpass"; # Where to find the password
};
email = {
fromAddress = "news@mydomain"; # Address for outgoing email
fromName = "News at mydomain"; # Display name for outgoing email
};
selfUrlPath = "https://news.mydomain/"; # Root web URL
virtualHost = "news.mydomain"; # Setup a virtualhost
};

services.postgresql = {
enable = true; # Ensure postgresql is enabled
authentication = ''
local tt_rss all ident map=tt_rss-users
'';
identMap = # Map the tt-rss user to postgresql
''
tt_rss-users tt_rss tt_rss
'';
};

services.nginx = {
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."news.mydomain" = { # TT-RSS hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
};
};

security.acme.certs = {
"news.mydomain".email = "email@mydomain";
};

}

+ 46
- 0
servers/tt-rss_for_VM_testing.nix View File

@@ -0,0 +1,46 @@
# Nix configuration for the VMs running Tiny Tiny RSS (TT-RSS)
#
# This file is intended to be imported into a file that defines the host, such
# as tt-rss_vm.nix in this directory. It is for playing with / testing TT-RSS
# and should not be used as an example of a production deployment.
#
# This is very basic TT-RSS setup.

{ config, pkgs, lib, ... }:

{

services.tt-rss = {
enable = true; # Enable TT-RSS
database = { # Configure the database
type = "pgsql"; # Database type
password = "tt-rss"; # Set the database password
};
email = {
fromAddress = "news@mydomain"; # Address for outgoing email
fromName = "News at mydomain"; # Display name for outgoing email
};
selfUrlPath = "http://localhost:18080/"; # Root web URL
virtualHost = "news.mydomain"; # Setup an Nginx virtualhost
};

services.postgresql = {
enable = true; # Ensure postgresql is enabled
authentication = ''
local tt_rss all ident map=tt_rss-users
'';
identMap = # Map the tt-rss user to postgresql
''
tt_rss-users tt_rss tt_rss
'';
};

services.nginx = {
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};

}

+ 64
- 0
servers/tt-rss_vm.nix View File

@@ -0,0 +1,64 @@
# Nix configuration for a VM to run Tiny Tiny RSS (TT-RSS)
#
# It is intended as an example of building a VM that builds TT-RSS for testing
# and evaluation purposes. I does not represent a production or secure
# deployment.

{ config, pkgs, lib, ... }:

{

imports =
[
./tt-rss_for_VM_testing.nix
];

networking.hostName = "tt-rss"; # Define your hostname.

system.stateVersion = "19.03"; # The version of NixOS originally installed

# Set security options:
security = {
sudo = {
enable = true; # Enable sudo
wheelNeedsPassword = false; # Allow wheel members to run sudo without a passowrd
};
};

networking.firewall.allowedTCPPorts = [ 80 ];

# List services that you want to enable:
services.openssh = {
enable = true; # Enable the OpenSSH daemon.
#permitRootLogin = "yes"; # Probably want to change this in production
#challengeResponseAuthentication = true; # Probably want to change this in production
#passwordAuthentication = true; # Probably want to change this in production
openFirewall = true;
hostKeys = [
{
path = "/etc/ssh/ssh_host_ed25519_key"; # Generate a key for the vm
type = "ed25519"; # Use the current best key type
}
];
};

# Users of the TT-RSS VM:
users.mutableUsers = false; # Remove any users not defined in here

users.users.root = {
password = "123456"; # Probably want to change this in production
};

# Misc groups:
users.groups.nixos.gid = 1000;

# NixOS users
users.users.nixos = {
isNormalUser = true;
uid = 1000;
group = "nixos";
extraGroups = [ "wheel" ];
password = "123456"; # Probably want to change this in production
};

}

Loading…
Cancel
Save