From 7d04597408c45e83d8982a48793e039a1cde457f Mon Sep 17 00:00:00 2001
From: Henri Dohmen <henridohmen@posteo.com>
Date: Sat, 11 Apr 2026 21:01:09 +0200
Subject: [PATCH] miniflux

---
 host/roam/default.nix                 |  1 +
 host/roam/rss.nix                     | 34 +++++++++++++++++++++++++++
 secrets.nix                           |  1 +
 secrets/roam/miniflux-admin-creds.age | 11 +++++++++
 var/default.nix                       |  1 +
 5 files changed, 48 insertions(+)
 create mode 100644 host/roam/rss.nix
 create mode 100644 secrets/roam/miniflux-admin-creds.age

diff --git a/host/roam/default.nix b/host/roam/default.nix
index c79989e..6942f14 100644
--- a/host/roam/default.nix
+++ b/host/roam/default.nix
@@ -14,6 +14,7 @@
     ./mail.nix
     ./networking.nix
     ./nextcloud.nix
+    ./rss.nix
     ./services.nix
     ./syncthing.nix
     ./torrent.nix
diff --git a/host/roam/rss.nix b/host/roam/rss.nix
new file mode 100644
index 0000000..cbe62ba
--- /dev/null
+++ b/host/roam/rss.nix
@@ -0,0 +1,34 @@
+{
+  secrets,
+  config,
+  ...
+}:
+{
+  services.miniflux = {
+    enable = true;
+    adminCredentialsFile = config.age.secrets.miniflux-admin-creds.path;
+    config = {
+      BASE_URL = "https://rss.lan";
+      LISTEN_ADDR = "127.0.0.1:8055";
+    };
+  };
+
+  services.nginx.privateVirtualHosts."rss.lan" = {
+    locations."/" = {
+      proxyPass = "http://${config.services.miniflux.config.LISTEN_ADDR}";
+    };
+  };
+
+  users.users.miniflux = {
+    isSystemUser = true;
+    group = "miniflux";
+  };
+  users.groups.miniflux = { };
+
+  age.secrets.miniflux-admin-creds = {
+    file = secrets.roam."miniflux-admin-creds.age";
+    mode = "440";
+    owner = "miniflux";
+    group = "miniflux";
+  };
+}
diff --git a/secrets.nix b/secrets.nix
index c25ca67..95410cf 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -10,6 +10,7 @@ let
     "roam/firefox-sync-secret"
     "roam/forgejo-mailer-password"
     "roam/mullvad-vpn-key"
+    "roam/miniflux-admin-creds"
     "roam/nextcloud-admin-password"
     "roam/rclone-conf"
     "tlskey"
diff --git a/secrets/roam/miniflux-admin-creds.age b/secrets/roam/miniflux-admin-creds.age
new file mode 100644
index 0000000..ba3c74e
--- /dev/null
+++ b/secrets/roam/miniflux-admin-creds.age
@@ -0,0 +1,11 @@
+age-encryption.org/v1
+-> ssh-ed25519 ydxpSQ WCqd5S6fXEgPHfe6PjcIGtu4BjF0X7MVe6Z3gfzl2lc
+6u3na95T5WUOonvKiPwmV9jaheZ8zVdoqwfshI7+ZWM
+-> ssh-ed25519 IbE9zA KD31Ephk84sV7tyscGVOHYCU+MAWc9G9AeefPxTt6UU
+I50rElHyBLfpKpIh1in1TdWQoIVmQu5VI4N1hViGasM
+-> ssh-ed25519 gbs8eg +KS4cQSPdYEGbIJuyiddnZsuu2qBB9r0Mx7gCedMb1o
+IqiYlGUeynCSiivYgZd3zJrAaRrmeG9Y241gKGvWPOo
+-> ssh-ed25519 FTMbvw NBRl3eYsEcrLKVBQS8wu/voZbBc8VgbCT9G6wQNpfnE
+pkVYWMx7MXM6XwQt1G0gG3OQwyetG7H6gum1xwO6xFg
+--- XgOAaXQzH02/7egh+Md0luFtk9Mtl9eaSoqjva5JFzE
+ªå¹ŽdÞàëD:ØCG¦ëü*ÆŠiöÄ8É£,•òC!h#TÝÐøé¯7[tJËëŸŒÎçÁ€\Ãl¡µ¸r°	¯”ë­RB»Ñ²@ñT/Î'³âût‹9ˆó%
\ No newline at end of file
diff --git a/var/default.nix b/var/default.nix
index b3f1748..9f0bdcc 100644
--- a/var/default.nix
+++ b/var/default.nix
@@ -38,6 +38,7 @@ let
       "git.lan" = wg-ips.roam;
       "syncthing.roam.lan" = wg-ips.roam;
       "qbt.lan" = wg-ips.roam;
+      "rss.lan" = wg-ips.roam;
     };
 
   syncthing-managed = lib.mapAttrs (_: id: { inherit id; }) syncthing-hashes;