Unverified Commit ba3fecf0 authored by Christoph Heiss's avatar Christoph Heiss
Browse files

nixos/yarr: init 



Signed-off-by: default avatarChristoph Heiss <christoph@c8h4.io>
parent 8b4a849d

nixos/doc/manual/release-notes/rl-2505.section.md

+2 −0
Original line number Diff line number Diff line
@@ -160,6 +160,8 @@ 


- [GlitchTip](https://glitchtip.com/), an open source Sentry API compatible error tracking platform. Available as [services.glitchtip](#opt-services.glitchtip.enable).



- [`yarr`](https://github.com/nkanaev/yarr), a small, web-based feed aggregator and RSS reader. Available as [services.yarr](#opt-services.yarr.enable).



- [Stash](https://github.com/stashapp/stash), An organizer for your adult videos/images, written in Go. Available as [services.stash](#opt-services.stash.enable).



- [vsmartcard-vpcd](https://frankmorgner.github.io/vsmartcard/virtualsmartcard/README.html), a virtual smart card driver. Available as [services.vsmartcard-vpcd](#opt-services.vsmartcard-vpcd.enable).

nixos/modules/module-list.nix

+1 −0
Original line number Diff line number Diff line
@@ -929,6 +929,7 @@ 
  ./services/misc/weechat.nix

  ./services/misc/workout-tracker.nix

  ./services/misc/xmrig.nix

  ./services/misc/yarr.nix

  ./services/misc/ytdl-sub.nix

  ./services/misc/zoneminder.nix

  ./services/misc/zookeeper.nix

nixos/modules/services/misc/yarr.nix

0 → 100644
+118 −0
Original line number Diff line number Diff line 
{

  config,

  lib,

  pkgs,

  ...

}:



let

  inherit (lib)

    types

    mkIf

    mkOption

    mkEnableOption

    mkPackageOption

    optionalString

    ;



  cfg = config.services.yarr;

in

{

  meta.maintainers = with lib.maintainers; [ christoph-heiss ];



  options.services.yarr = {

    enable = mkEnableOption "Yet another rss reader";



    package = mkPackageOption pkgs "yarr" { };



    environmentFile = mkOption {

      type = types.nullOr types.path;

      default = null;

      description = ''

        Environment file for specifying additional settings such as secrets.



        See `yarr -help` for all available options.

      '';

    };



    address = mkOption {

      type = types.str;

      default = "localhost";

      description = "Address to run server on.";

    };



    port = mkOption {

      type = types.port;

      default = 7070;

      description = "Port to run server on.";

    };



    baseUrl = mkOption {

      type = types.nullOr types.str;

      default = null;

      description = "Base path of the service url.";

    };



    authFilePath = mkOption {

      type = types.nullOr types.path;

      default = null;

      description = "Path to a file containing username:password. `null` means no authentication required to use the service.";

    };

  };



  config = mkIf cfg.enable {

    systemd.services.yarr = {

      description = "Yet another rss reader";

      after = [ "network-online.target" ];

      wants = [ "network-online.target" ];

      wantedBy = [ "multi-user.target" ];



      environment.XDG_CONFIG_HOME = "/var/lib/yarr/.config";



      serviceConfig = {

        Type = "simple";

        Restart = "on-failure";



        StateDirectory = "yarr";

        StateDirectoryMode = "0700";

        WorkingDirectory = "/var/lib/yarr";

        EnvironmentFile = cfg.environmentFile;



        LoadCredential = mkIf (cfg.authFilePath != null) "authfile:${cfg.authFilePath}";



        DynamicUser = true;

        DevicePolicy = "closed";

        LockPersonality = "yes";

        MemoryDenyWriteExecute = true;

        NoNewPrivileges = true;

        PrivateDevices = true;

        PrivateMounts = true;

        PrivateTmp = true;

        ProcSubset = "pid";

        ProtectClock = true;

        ProtectControlGroups = true;

        ProtectHome = true;

        ProtectHostname = true;

        ProtectKernelLogs = true;

        ProtectKernelModules = true;

        ProtectKernelTunables = true;

        ProtectProc = "invisible";

        ProtectSystem = "strict";

        RemoveIPC = true;

        RestrictAddressFamilies = "AF_INET AF_INET6";

        RestrictNamespaces = true;

        RestrictRealtime = true;

        RestrictSUIDSGID = true;

        UMask = "0077";



        ExecStart = ''

          ${lib.getExe cfg.package} \

            -db storage.db \

            -addr "${cfg.address}:${toString cfg.port}" \

            ${optionalString (cfg.baseUrl != null) "-base ${cfg.baseUrl}"} \

            ${optionalString (cfg.authFilePath != null) "-auth-file /run/credentials/yarr.service/authfile"}

        '';

      };

    };

  };

}

nixos/tests/all-tests.nix

+1 −0
Original line number Diff line number Diff line
@@ -1478,6 +1478,7 @@ in 
  xterm = runTest ./xterm.nix;

  xxh = runTest ./xxh.nix;

  yabar = runTest ./yabar.nix;

  yarr = runTest ./yarr.nix;

  ydotool = handleTest ./ydotool.nix { };

  yggdrasil = runTest ./yggdrasil.nix;

  your_spotify = runTest ./your_spotify.nix;

nixos/tests/yarr.nix

0 → 100644
+19 −0
Original line number Diff line number Diff line 
{ lib, pkgs, ... }:



{

  name = "yarr";

  meta.maintainers = with lib.maintainers; [ christoph-heiss ];



  nodes.machine =

    { pkgs, ... }:

    {

      services.yarr.enable = true;

    };



  testScript = ''

    machine.start()

    machine.wait_for_unit("yarr.service")

    machine.wait_for_open_port(7070)

    machine.succeed("curl -sSf http://localhost:7070 | grep '<title>yarr!</title>'")

  '';

}