blob: de072092ba8304b07e6142efb6c310a0eb8a899e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
{ config, lib, pkgs, ... }:
let
filter-file = ./filter.yml;
pkg = with pkgs.python3Packages;buildPythonPackage rec {
version = "d16ce227dc68c9f60f6dd06e6835bab7cdfdf61b";
pname = "ebk-notify";
propagatedBuildInputs = [
docopt
pyyaml
requests
beautifulsoup4
dateutil
feedgen
];
src = pkgs.fetchgit {
url = "http://cgit.euer.krebsco.de/ebk-notify";
rev = version;
sha256 = "15dlhp17alm01fw7mzdyh2z9zwz8psrs489lxs3hgg1p5wa0kzsp";
};
};
domain = "feed.euer.krebsco.de";
path = "/var/www/feed.euer.krebsco.de";
in
{
systemd.tmpfiles.rules = [
"d ${path} nginx nogroup - -"
];
krebs.secret.files.ebknotify = {
path = "/etc/ebk-notify.yml";
owner.name = "nginx";
source-path = "${<secrets/ebk-notify.yml>}";
};
systemd.services.ebk-notify = {
startAt = "*:0/10";
serviceConfig = {
User = "nginx"; # TODO better permission setting
# PrivateTmp = true;
ExecStart = "${pkg}/bin/ebk-notify --atom --outdir ${path} --config /etc/ebk-notify.yml --cache /tmp/ebk-cache.json --filter ${filter-file} --wait 30";
};
};
systemd.timers.ebk-notify.timerConfig.RandomizedDelaySec = "120";
services.nginx = {
virtualHosts."${domain}" = {
forceSSL = true;
enableACME = true;
locations."/" = {
root = path;
index = "root.atom";
};
};
};
}
|