From a7ef7eeb90738556fb71443911bdd6abe5de5672 Mon Sep 17 00:00:00 2001
From: Oliver Davies <oliver@oliverdavies.uk>
Date: Tue, 4 Nov 2025 20:09:36 +0000
Subject: [PATCH] nixedo: re-add FreshRSS

Signed-off-by: Oliver Davies <oliver@oliverdavies.uk>
---
 hosts/nixedo/homelab.nix           |  1 +
 hosts/nixedo/modules/acme.nix      |  1 +
 hosts/nixedo/modules/default.nix   |  1 +
 hosts/nixedo/modules/freshrss.nix  | 45 ++++++++++++++++++++++++++++++
 hosts/nixedo/secrets.nix           |  1 +
 secrets.nix                        |  5 ++++
 secrets/freshrss-password-file.age | 17 +++++++++++
 7 files changed, 71 insertions(+)
 create mode 100644 hosts/nixedo/modules/freshrss.nix
 create mode 100644 secrets/freshrss-password-file.age

diff --git a/hosts/nixedo/homelab.nix b/hosts/nixedo/homelab.nix
index e752e874..b3a44381 100644
--- a/hosts/nixedo/homelab.nix
+++ b/hosts/nixedo/homelab.nix
@@ -10,6 +10,7 @@
       audiobookshelf.enable = true;
       home-assistant.enable = true;
       homepage-dashboard.enable = true;
+      freshrss.enable = true;
       paperless.enable = true;
       peertube.enable = true;
       tubearchivist.enable = true;
diff --git a/hosts/nixedo/modules/acme.nix b/hosts/nixedo/modules/acme.nix
index 33979e9c..f1ffa533 100644
--- a/hosts/nixedo/modules/acme.nix
+++ b/hosts/nixedo/modules/acme.nix
@@ -26,6 +26,7 @@
                 "code"
                 "eric"
                 "florida-drupalcamp-tailwind-css"
+                "freshrss"
                 "home"
                 "jellyfin"
                 "luke"
diff --git a/hosts/nixedo/modules/default.nix b/hosts/nixedo/modules/default.nix
index aaef0087..21e7fc5c 100644
--- a/hosts/nixedo/modules/default.nix
+++ b/hosts/nixedo/modules/default.nix
@@ -23,6 +23,7 @@ with lib;
     ./cloudflared.nix
     ./containers
     ./forgejo.nix
+    ./freshrss.nix
     ./home-assistant.nix
     ./immich.nix
     ./jellyfin.nix
diff --git a/hosts/nixedo/modules/freshrss.nix b/hosts/nixedo/modules/freshrss.nix
new file mode 100644
index 00000000..65d68794
--- /dev/null
+++ b/hosts/nixedo/modules/freshrss.nix
@@ -0,0 +1,45 @@
+{
+  config,
+  lib,
+  ...
+}:
+
+let
+  inherit (lib)
+    mkEnableOption
+    mkIf
+    mkOption
+    types
+    ;
+
+  cfg = homelab.services.${service};
+  homelab = config.homelab;
+  service = "freshrss";
+in
+{
+  options.homelab.services.${service} = {
+    enable = mkEnableOption "Enable ${service}";
+
+    url = mkOption {
+      default = "freshrss.${homelab.domain}";
+      type = types.str;
+    };
+  };
+
+  config = mkIf cfg.enable {
+    services = {
+      ${service} = {
+        enable = true;
+
+        baseUrl = "https://${cfg.url}";
+        passwordFile = config.age.secrets.freshrss-password-file.path;
+        virtualHost = cfg.url;
+      };
+
+      nginx.virtualHosts.${cfg.url} = {
+        useACMEHost = homelab.domain;
+        forceSSL = true;
+      };
+    };
+  };
+}
diff --git a/hosts/nixedo/secrets.nix b/hosts/nixedo/secrets.nix
index 6c55583f..853a4958 100644
--- a/hosts/nixedo/secrets.nix
+++ b/hosts/nixedo/secrets.nix
@@ -2,5 +2,6 @@
   age.secrets = {
     cloudflare.file = ../../secrets/cloudflare.age;
     cloudflared.file = ../../secrets/cloudflared-credentials.age;
+    freshrss-password-file.file = ../../secrets/freshrss-password-file.age;
   };
 }
diff --git a/secrets.nix b/secrets.nix
index 23e41540..465ce7ee 100644
--- a/secrets.nix
+++ b/secrets.nix
@@ -25,6 +25,11 @@ in
   ]
   ++ [ users.opdavies ];
 
+  "secrets/freshrss-password-file.age".publicKeys = [
+    hosts.nixedo
+  ]
+  ++ [ users.opdavies ];
+
   "secrets/peertube-env.age".publicKeys = [
     hosts.nixedo
   ]
diff --git a/secrets/freshrss-password-file.age b/secrets/freshrss-password-file.age
new file mode 100644
index 00000000..16e7baba
--- /dev/null
+++ b/secrets/freshrss-password-file.age
@@ -0,0 +1,17 @@
+age-encryption.org/v1
+-> ssh-ed25519 IsVD3g qUcQuqnQVqFEa3pMKA4MCAGvBdkU55wUc9QL+CV7bEg
+xFsrPc+7aZBg4AQscuf4uI+NkjHW+iDtx9+lIFGhwvM
+-> ssh-rsa +vTWQw
+ZsahI21WKpNepuhJFCxRLJmfJaY8ZarIlLXTyhEzPwZ8OISpHfJ4gkgk42AMFZrq
+s+Pr1zYx74EZ/VhfuxkvLCTekhW5aT9fk+NsGOZwuddywTjkgoKg8JzaMTXcTJxp
+uFYNfGlIUgn94SrnisJP/sNztdjluGz4fEhBo99WJb6KabHtWLllUwEkzwDeKbT4
+hFvCp3ZupjHi/8bb2faAu5CJ82C1bAuHGqhlgJvhdFgi+VMinGl9zUYkQNY12O+O
+z8zo5KxtNofzhkM3+Z8Xcnz1C5VaZNHtzvIDXVwA7CTuhc0H1a5uEN8keqBhN0dR
+YdU4WiINZcDBq0+A6Aou+TxBZE+IQ+hLQJVuZMch6oBznP6IigD3ugbrVoQtzDGf
+mdw87IXFB/tDMMSaT567XJoN7hECoZVqVc6pZKZgGZpmsScBpJBBAqSo6TLpzbsy
+/u5AhuiWBZZylaJlX6OrNAwobAbs07scJyufdEJ48ga8dVQI0OHiBphJbq92nGKt
+iBHW6nzjgfb4fe93LXaSAT66ffM3j5DOTx6DUkMZnHg0OqUIikWwRLBrLs1bC2oL
+1YXJICCbRdA0cW1DnTGtsjBTYwv3IKk3jvYD6XEJYpBXKJC8Uqx3pV/dxuwFrrLV
+Rk9U+RmwKmJasqiYFHuYJhEdPbxWT4YPgDwcHpD3vA4
+--- kD476dnm+Q4VMK9oHU4wIz6JciDtOS7LKik6Q2JgDdA
+˜Õb'H±n±?w°²ë@½—D-7Ê‚F"Aj üxUâ{4dšâò6âý¥¹O¯P5
\ No newline at end of file