From 5a1f04ff164880a51a39cd7d6d10cb36720fb80d Mon Sep 17 00:00:00 2001
From: William <baduhai@proton.me>
Date: Thu, 9 Apr 2026 11:14:49 -0300
Subject: [PATCH] alexandria: replace FreshRSS with Miniflux

- Add miniflux service listening on Unix socket at /run/miniflux/miniflux.sock
- Remove FreshRSS configuration and data directory
- Update nginx to reverse proxy to miniflux socket
- Update secrets to use miniflux-admincreds.age
---
 aspects/hosts/_alexandria/freshrss.nix |  34 ----------------------
 aspects/hosts/_alexandria/miniflux.nix |  38 +++++++++++++++++++++++++
 data/services.nix                      |   2 +-
 secrets/freshrss-adminpass.age         | Bin 465 -> 0 bytes
 secrets/miniflux-admincreds.age        |   9 ++++++
 secrets/secrets.nix                    |   2 +-
 6 files changed, 49 insertions(+), 36 deletions(-)
 delete mode 100644 aspects/hosts/_alexandria/freshrss.nix
 create mode 100644 aspects/hosts/_alexandria/miniflux.nix
 delete mode 100644 secrets/freshrss-adminpass.age
 create mode 100644 secrets/miniflux-admincreds.age

diff --git a/aspects/hosts/_alexandria/freshrss.nix b/aspects/hosts/_alexandria/freshrss.nix
deleted file mode 100644
index b5880d5..0000000
--- a/aspects/hosts/_alexandria/freshrss.nix
+++ /dev/null
@@ -1,34 +0,0 @@
-{
-  config,
-  lib,
-  inputs,
-  ...
-}:
-
-let
-  mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
-in
-
-{
-  services = {
-    freshrss = {
-      enable = true;
-      defaultUser = "admin";
-      passwordFile = config.age.secrets.freshrss-adminpass.path;
-      baseUrl = "https://rss.baduhai.dev";
-      dataDir = "/data/freshrss";
-      webserver = "nginx";
-      virtualHost = "rss.baduhai.dev";
-    };
-
-    nginx.virtualHosts = mkNginxVHosts {
-      domains."rss.baduhai.dev" = { };
-    };
-  };
-
-  age.secrets.freshrss-adminpass = {
-    file = "${inputs.self}/secrets/freshrss-adminpass.age";
-    owner = "freshrss";
-    group = "freshrss";
-  };
-}
diff --git a/aspects/hosts/_alexandria/miniflux.nix b/aspects/hosts/_alexandria/miniflux.nix
new file mode 100644
index 0000000..ca68492
--- /dev/null
+++ b/aspects/hosts/_alexandria/miniflux.nix
@@ -0,0 +1,38 @@
+{
+  config,
+  lib,
+  inputs,
+  ...
+}:
+
+let
+  mkNginxVHosts = inputs.self.lib.mkNginxVHosts;
+in
+
+{
+  services = {
+    miniflux = {
+      enable = true;
+      config = {
+        LISTEN_ADDR = "/run/miniflux/miniflux.sock";
+        CREATE_ADMIN = 1;
+      };
+      adminCredentialsFile = config.age.secrets.miniflux-admincreds.path;
+      createDatabaseLocally = true;
+    };
+
+    nginx.virtualHosts = mkNginxVHosts {
+      domains."rss.baduhai.dev" = {
+        locations."/".proxyPass = "http://unix:/run/miniflux/miniflux.sock:/";
+      };
+    };
+  };
+
+  users.users.nginx.extraGroups = [ "miniflux" ];
+
+  age.secrets.miniflux-admincreds = {
+    file = "${inputs.self}/secrets/miniflux-admincreds.age";
+    owner = "miniflux";
+    group = "miniflux";
+  };
+}
diff --git a/data/services.nix b/data/services.nix
index b3eddf5..9f04d89 100644
--- a/data/services.nix
+++ b/data/services.nix
@@ -34,7 +34,7 @@
       host = "alexandria";
     }
     {
-      name = "freshrss";
+      name = "miniflux";
       domain = "rss.baduhai.dev";
       host = "alexandria";
     }
diff --git a/secrets/freshrss-adminpass.age b/secrets/freshrss-adminpass.age
deleted file mode 100644
index b7d7c90338af1af856faa24afa72b32c400e8f6e..0000000000000000000000000000000000000000
GIT binary patch
literal 0
HcmV?d00001

literal 465
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCUlPD{zlPgk(8v<NHp
ztSU6f@lTIP_i#z^4K#DMNJ(_{@d^n^NjEG^bIvhOuL$zU^W^e%cFZj(O1AWM_9{+F
zEl$pkjI#8zbTqHbG;k`&iPSF4_DpmvEOaf+@kO`IA~M)9vs@uB+bPT^GqbQbqaay3
zI5^2H$J8Uo-^<9W+{HUF#o4hq$t&5^ucX-ABa|ztNZ%#Q!_3pU#IHETE5b6$Bs3{I
zD9<vfDy%FhDm^GTM?cBcP&*{B*c070FSC-c5J!c8Ds!*GDD$*Xuk_T6L~VEdte^^y
ztnwraOMf#nQx^;Kf@C+h2p7lfbXTsdau3g<C?mh(e0R?jFJDK;%3KS5w^Z${yrghP
z$7ClHN9~{h_q=e=%w#TIU0sE+<SOq#_sG&p<Er5NLZ_lo=dAolgLL=o<gyCOOz)u3
z^725xG;hBEZBH&Wfw#^&+$Q$QMglww?kt@5&eFyvNWrry)2HkB-Y=~ee!lt?>AJz<
f7*po{?5#B~idmh^b2S+5FR|`kCsD%RelH#X-)Nk!

diff --git a/secrets/miniflux-admincreds.age b/secrets/miniflux-admincreds.age
new file mode 100644
index 0000000..f5269f0
--- /dev/null
+++ b/secrets/miniflux-admincreds.age
@@ -0,0 +1,9 @@
+age-encryption.org/v1
+-> ssh-ed25519 Kfdnog QEq4A011oVny6vo1+wOcQNnpkf77216PZXJqK4rGTGY
+FPeASmXRirxeF2T2jXhA/tEaO0p1CZJ6D3lv3p2KTX0
+-> ssh-ed25519 8YSAiw gxuXAt2nG6qXhWwAAiFwNCNYJV2VGKnDNkjU61NOJ2o
+xncp+M4lVixiTmXQU5QrtdQ860t/1JpvOcO4YXAy3to
+-> ssh-ed25519 J6tVTA Mr0XrEFP/o7nFWBKal+ehzMiejWpVDIBiiMqWzdOzEM
+0DTqm2LyMMlVZlTk67Y3hTiVjcJG9gprnXj6QjYxrJw
+--- FXUNp6O7vuibJj0RI3SZN3IBK1Hx5ouUij2ah05lCYA
+ÔX*÷“µ¬0¬²øÇBŒ3Îð«jbœÍS§VÿÎ€Äb¹BcÈi—øD.ïÇ5\é`&`è¶Š-Ui"gÐ¥ÈŠ`OÒ µGcõ¥øÊæ'»Î=îºø«@qn[
\ No newline at end of file
diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 277d880..d052896 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -32,7 +32,7 @@ in
     rotterdam-user
     trantor
   ];
-  "freshrss-adminpass.age".publicKeys = [
+  "miniflux-admincreds.age".publicKeys = [
     io-user
     rotterdam-user
     alexandria