5 changed files with 222 additions and 0 deletions
@ -0,0 +1,53 @@
|
||||
tt-rss_vm.nix |
||||
------------ |
||||
|
||||
A Nix configuration for a VM to run Tiny Tiny RSS (TT-RSS). |
||||
|
||||
It is intended as an example of building a VM that builds TT-RSS for testing |
||||
and evaluation purposes. I does not represent a production or secure |
||||
deployment. |
||||
|
||||
To use this file: |
||||
|
||||
**Build with:** |
||||
|
||||
.. code:: bash |
||||
|
||||
$ nix-build '<nixpkgs/nixos>' -A vm --arg configuration ./tt-rss_vm.nix |
||||
|
||||
|
||||
**Export** these variables, adjusting to suit yourself: |
||||
|
||||
.. code:: bash |
||||
|
||||
$ export QEMU_OPTS="-m 4192" |
||||
$ export QEMU_NET_OPTS="hostfwd=tcp::18080-:80,hostfwd=tcp::10022-:22" |
||||
|
||||
**Launch** the VM with: |
||||
|
||||
.. code:: bash |
||||
|
||||
$ ./result/bin/run-tt-rss-vm |
||||
|
||||
You should now be able to: |
||||
|
||||
* Login via the shell |
||||
* Login via ssh: :code:`ssh nixos@localhost -p 10022` |
||||
* Login via the web: `http://localhost:18080/`_ |
||||
|
||||
The default user for TT-RSS is "admin" and the default password is "password". |
||||
|
||||
.. _http://localhost:18080/: http://localhost:18080/ |
||||
|
||||
tt-rss_for_VM_testing.nix |
||||
------------------------ |
||||
|
||||
This file describes the TT-RSS configuration to be deployed. As such it |
||||
represents a deployment only suitable to testing purposes and should not be |
||||
used as an example of a production deployment. |
||||
|
||||
|
||||
tt-rss_for_NixOps.nix |
||||
-------------------- |
||||
|
||||
This provides an example of a production deployment of TT-RSS via NixOps. |
@ -0,0 +1,50 @@
|
||||
# NixOps configuration for the hosts running Tiny Tiny RSS (TT-RSS) |
||||
# |
||||
# Will need to be used with an appropriate secrets file. See: ../secrets.nix |
||||
|
||||
{ config, pkgs, lib, ... }: |
||||
|
||||
{ |
||||
|
||||
services.tt-rss = { |
||||
enable = true; # Enable TT-RSS |
||||
database = { # Configure the database |
||||
type = "pgsql"; # Database type |
||||
passwordFile = "/run/keys/tt-rss-dbpass"; # Where to find the password |
||||
}; |
||||
email = { |
||||
fromAddress = "news@mydomain"; # Address for outgoing email |
||||
fromName = "News at mydomain"; # Display name for outgoing email |
||||
}; |
||||
selfUrlPath = "https://news.mydomain/"; # Root web URL |
||||
virtualHost = "news.mydomain"; # Setup a virtualhost |
||||
}; |
||||
|
||||
services.postgresql = { |
||||
enable = true; # Ensure postgresql is enabled |
||||
authentication = '' |
||||
local tt_rss all ident map=tt_rss-users |
||||
''; |
||||
identMap = # Map the tt-rss user to postgresql |
||||
'' |
||||
tt_rss-users tt_rss tt_rss |
||||
''; |
||||
}; |
||||
|
||||
services.nginx = { |
||||
enable = true; # Enable Nginx |
||||
recommendedGzipSettings = true; |
||||
recommendedOptimisation = true; |
||||
recommendedProxySettings = true; |
||||
recommendedTlsSettings = true; |
||||
virtualHosts."news.mydomain" = { # TT-RSS hostname |
||||
enableACME = true; # Use ACME certs |
||||
forceSSL = true; # Force SSL |
||||
}; |
||||
}; |
||||
|
||||
security.acme.certs = { |
||||
"news.mydomain".email = "email@mydomain"; |
||||
}; |
||||
|
||||
} |
@ -0,0 +1,46 @@
|
||||
# Nix configuration for the VMs running Tiny Tiny RSS (TT-RSS) |
||||
# |
||||
# This file is intended to be imported into a file that defines the host, such |
||||
# as tt-rss_vm.nix in this directory. It is for playing with / testing TT-RSS |
||||
# and should not be used as an example of a production deployment. |
||||
# |
||||
# This is very basic TT-RSS setup. |
||||
|
||||
{ config, pkgs, lib, ... }: |
||||
|
||||
{ |
||||
|
||||
services.tt-rss = { |
||||
enable = true; # Enable TT-RSS |
||||
database = { # Configure the database |
||||
type = "pgsql"; # Database type |
||||
password = "tt-rss"; # Set the database password |
||||
}; |
||||
email = { |
||||
fromAddress = "news@mydomain"; # Address for outgoing email |
||||
fromName = "News at mydomain"; # Display name for outgoing email |
||||
}; |
||||
selfUrlPath = "http://localhost:18080/"; # Root web URL |
||||
virtualHost = "news.mydomain"; # Setup an Nginx virtualhost |
||||
}; |
||||
|
||||
services.postgresql = { |
||||
enable = true; # Ensure postgresql is enabled |
||||
authentication = '' |
||||
local tt_rss all ident map=tt_rss-users |
||||
''; |
||||
identMap = # Map the tt-rss user to postgresql |
||||
'' |
||||
tt_rss-users tt_rss tt_rss |
||||
''; |
||||
}; |
||||
|
||||
services.nginx = { |
||||
enable = true; # Enable Nginx |
||||
recommendedGzipSettings = true; |
||||
recommendedOptimisation = true; |
||||
recommendedProxySettings = true; |
||||
recommendedTlsSettings = true; |
||||
}; |
||||
|
||||
} |
@ -0,0 +1,64 @@
|
||||
# Nix configuration for a VM to run Tiny Tiny RSS (TT-RSS) |
||||
# |
||||
# It is intended as an example of building a VM that builds TT-RSS for testing |
||||
# and evaluation purposes. I does not represent a production or secure |
||||
# deployment. |
||||
|
||||
{ config, pkgs, lib, ... }: |
||||
|
||||
{ |
||||
|
||||
imports = |
||||
[ |
||||
./tt-rss_for_VM_testing.nix |
||||
]; |
||||
|
||||
networking.hostName = "tt-rss"; # Define your hostname. |
||||
|
||||
system.stateVersion = "19.03"; # The version of NixOS originally installed |
||||
|
||||
# Set security options: |
||||
security = { |
||||
sudo = { |
||||
enable = true; # Enable sudo |
||||
wheelNeedsPassword = false; # Allow wheel members to run sudo without a passowrd |
||||
}; |
||||
}; |
||||
|
||||
networking.firewall.allowedTCPPorts = [ 80 ]; |
||||
|
||||
# List services that you want to enable: |
||||
services.openssh = { |
||||
enable = true; # Enable the OpenSSH daemon. |
||||
#permitRootLogin = "yes"; # Probably want to change this in production |
||||
#challengeResponseAuthentication = true; # Probably want to change this in production |
||||
#passwordAuthentication = true; # Probably want to change this in production |
||||
openFirewall = true; |
||||
hostKeys = [ |
||||
{ |
||||
path = "/etc/ssh/ssh_host_ed25519_key"; # Generate a key for the vm |
||||
type = "ed25519"; # Use the current best key type |
||||
} |
||||
]; |
||||
}; |
||||
|
||||
# Users of the TT-RSS VM: |
||||
users.mutableUsers = false; # Remove any users not defined in here |
||||
|
||||
users.users.root = { |
||||
password = "123456"; # Probably want to change this in production |
||||
}; |
||||
|
||||
# Misc groups: |
||||
users.groups.nixos.gid = 1000; |
||||
|
||||
# NixOS users |
||||
users.users.nixos = { |
||||
isNormalUser = true; |
||||
uid = 1000; |
||||
group = "nixos"; |
||||
extraGroups = [ "wheel" ]; |
||||
password = "123456"; # Probably want to change this in production |
||||
}; |
||||
|
||||
} |
Loading…
Reference in new issue