Browse Source

Added examples for Tiny Tiny RSS (TT-RSS)

master
Craige McWhirter 2 years ago
parent
commit
29013bc7ab
Signed by: craige GPG Key ID: A4122FF3971B6865
  1. 9
      secrets.nix
  2. 53
      servers/README.rst
  3. 50
      servers/tt-rss_for_NixOps.nix
  4. 46
      servers/tt-rss_for_VM_testing.nix
  5. 64
      servers/tt-rss_vm.nix

9
secrets.nix

@ -14,5 +14,14 @@
group = "wheel"; # Group to own the key file
permissions = "0640"; # Key file permissions
};
# Database key for TT-RSS
tt-rss-dbpass = {
text = "vaetohH{u9Veegh3caechish"; # Password, generated using pwgen -yB 24
user = "tt_rss"; # User to own the key file
group = "wheel"; # Group to own the key file
permissions = "0640"; # Key file permissions
};
};
}

53
servers/README.rst

@ -0,0 +1,53 @@
tt-rss_vm.nix
------------
A Nix configuration for a VM to run Tiny Tiny RSS (TT-RSS).
It is intended as an example of building a VM that builds TT-RSS for testing
and evaluation purposes. I does not represent a production or secure
deployment.
To use this file:
**Build with:**
.. code:: bash
$ nix-build '<nixpkgs/nixos>' -A vm --arg configuration ./tt-rss_vm.nix
**Export** these variables, adjusting to suit yourself:
.. code:: bash
$ export QEMU_OPTS="-m 4192"
$ export QEMU_NET_OPTS="hostfwd=tcp::18080-:80,hostfwd=tcp::10022-:22"
**Launch** the VM with:
.. code:: bash
$ ./result/bin/run-tt-rss-vm
You should now be able to:
* Login via the shell
* Login via ssh: :code:`ssh nixos@localhost -p 10022`
* Login via the web: `http://localhost:18080/`_
The default user for TT-RSS is "admin" and the default password is "password".
.. _http://localhost:18080/: http://localhost:18080/
tt-rss_for_VM_testing.nix
------------------------
This file describes the TT-RSS configuration to be deployed. As such it
represents a deployment only suitable to testing purposes and should not be
used as an example of a production deployment.
tt-rss_for_NixOps.nix
--------------------
This provides an example of a production deployment of TT-RSS via NixOps.

50
servers/tt-rss_for_NixOps.nix

@ -0,0 +1,50 @@
# NixOps configuration for the hosts running Tiny Tiny RSS (TT-RSS)
#
# Will need to be used with an appropriate secrets file. See: ../secrets.nix
{ config, pkgs, lib, ... }:
{
services.tt-rss = {
enable = true; # Enable TT-RSS
database = { # Configure the database
type = "pgsql"; # Database type
passwordFile = "/run/keys/tt-rss-dbpass"; # Where to find the password
};
email = {
fromAddress = "news@mydomain"; # Address for outgoing email
fromName = "News at mydomain"; # Display name for outgoing email
};
selfUrlPath = "https://news.mydomain/"; # Root web URL
virtualHost = "news.mydomain"; # Setup a virtualhost
};
services.postgresql = {
enable = true; # Ensure postgresql is enabled
authentication = ''
local tt_rss all ident map=tt_rss-users
'';
identMap = # Map the tt-rss user to postgresql
''
tt_rss-users tt_rss tt_rss
'';
};
services.nginx = {
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
virtualHosts."news.mydomain" = { # TT-RSS hostname
enableACME = true; # Use ACME certs
forceSSL = true; # Force SSL
};
};
security.acme.certs = {
"news.mydomain".email = "email@mydomain";
};
}

46
servers/tt-rss_for_VM_testing.nix

@ -0,0 +1,46 @@
# Nix configuration for the VMs running Tiny Tiny RSS (TT-RSS)
#
# This file is intended to be imported into a file that defines the host, such
# as tt-rss_vm.nix in this directory. It is for playing with / testing TT-RSS
# and should not be used as an example of a production deployment.
#
# This is very basic TT-RSS setup.
{ config, pkgs, lib, ... }:
{
services.tt-rss = {
enable = true; # Enable TT-RSS
database = { # Configure the database
type = "pgsql"; # Database type
password = "tt-rss"; # Set the database password
};
email = {
fromAddress = "news@mydomain"; # Address for outgoing email
fromName = "News at mydomain"; # Display name for outgoing email
};
selfUrlPath = "http://localhost:18080/"; # Root web URL
virtualHost = "news.mydomain"; # Setup an Nginx virtualhost
};
services.postgresql = {
enable = true; # Ensure postgresql is enabled
authentication = ''
local tt_rss all ident map=tt_rss-users
'';
identMap = # Map the tt-rss user to postgresql
''
tt_rss-users tt_rss tt_rss
'';
};
services.nginx = {
enable = true; # Enable Nginx
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
};
}

64
servers/tt-rss_vm.nix

@ -0,0 +1,64 @@
# Nix configuration for a VM to run Tiny Tiny RSS (TT-RSS)
#
# It is intended as an example of building a VM that builds TT-RSS for testing
# and evaluation purposes. I does not represent a production or secure
# deployment.
{ config, pkgs, lib, ... }:
{
imports =
[
./tt-rss_for_VM_testing.nix
];
networking.hostName = "tt-rss"; # Define your hostname.
system.stateVersion = "19.03"; # The version of NixOS originally installed
# Set security options:
security = {
sudo = {
enable = true; # Enable sudo
wheelNeedsPassword = false; # Allow wheel members to run sudo without a passowrd
};
};
networking.firewall.allowedTCPPorts = [ 80 ];
# List services that you want to enable:
services.openssh = {
enable = true; # Enable the OpenSSH daemon.
#permitRootLogin = "yes"; # Probably want to change this in production
#challengeResponseAuthentication = true; # Probably want to change this in production
#passwordAuthentication = true; # Probably want to change this in production
openFirewall = true;
hostKeys = [
{
path = "/etc/ssh/ssh_host_ed25519_key"; # Generate a key for the vm
type = "ed25519"; # Use the current best key type
}
];
};
# Users of the TT-RSS VM:
users.mutableUsers = false; # Remove any users not defined in here
users.users.root = {
password = "123456"; # Probably want to change this in production
};
# Misc groups:
users.groups.nixos.gid = 1000;
# NixOS users
users.users.nixos = {
isNormalUser = true;
uid = 1000;
group = "nixos";
extraGroups = [ "wheel" ];
password = "123456"; # Probably want to change this in production
};
}
Loading…
Cancel
Save