From 6a3fbf2d80e4d66e0dd7abfaf7f181ce3034929b Mon Sep 17 00:00:00 2001
From: coolneng <akasroua@gmail.com>
Date: Mon, 2 Jun 2025 17:14:44 +0200
Subject: [PATCH] Migrate from Wallabag to Readeck

---
 configuration.nix       |   7 +++++--
 modules/containers.nix  |  22 ----------------------
 modules/information.nix |  17 +++++++++++++++++
 modules/webstack.nix    |  17 +++++------------
 secrets/readeck.age     | Bin 0 -> 554 bytes
 secrets/secrets.nix     |   3 +--
 6 files changed, 28 insertions(+), 38 deletions(-)
 create mode 100644 secrets/readeck.age

diff --git a/configuration.nix b/configuration.nix
index 13dfa75..8267443 100644
--- a/configuration.nix
+++ b/configuration.nix
@@ -226,13 +226,16 @@ with pkgs;
       owner = "acme";
       group = "nginx";
     };
-    secrets.wallabag.file = secrets/wallabag.age;
-    secrets.wallabag-postgres.file = secrets/wallabag-postgres.age;
     secrets.microbin = {
       file = secrets/microbin.age;
       owner = "63026";
       group = "63026";
     };
+    secrets.readeck = {
+      file = secrets/readeck.age;
+      owner = "63026";
+      group = "63026";
+    };
     identityPaths = [ "/etc/ssh/id_ed25519" ];
   };
 
diff --git a/modules/containers.nix b/modules/containers.nix
index 4ac78e4..2ab51d2 100644
--- a/modules/containers.nix
+++ b/modules/containers.nix
@@ -44,31 +44,9 @@
           ports = [ "127.0.0.1:9090:8080" ];
           volumes = [ "/vault/opodsync:/var/www/server/data" ];
         };
-        # Wallabag
-        wallabag = {
-          image = "wallabag/wallabag@sha256:0d6602bbca0b0393f04f491788031e43b075e57b3eaec1873b17a136b662edaa";
-          environmentFiles = [ config.age.secrets.wallabag.path ];
-          dependsOn = [ "postgresql" ];
-          extraOptions = [ "--pod=wallabag-pod" ];
-        };
-        # Wallabag database
-        postgresql = {
-          image = "postgres:16.8@sha256:e95b0cb95f719e0ce156c2bc5545c89fbd98a1a692845a5331ddc79ea61f1b1e";
-          environmentFiles = [ config.age.secrets.wallabag-postgres.path ];
-          extraOptions = [ "--pod=wallabag-pod" ];
-          volumes = [ "/var/lib/postgresql-wallabag:/var/lib/postgresql/data" ];
-        };
       };
     };
   };
-  # Allow networking between Wallabag and Postgresql
-  systemd.services.create-wallabag-pod = {
-    serviceConfig.Type = "oneshot";
-    wantedBy = [ "podman-postgresql.service" ];
-    script = with pkgs; ''
-      ${podman}/bin/podman pod exists wallabag-pod || ${podman}/bin/podman pod create -n wallabag-pod -p '127.0.0.1:8090:80'
-    '';
-  };
 
   # Start services after ZFS mount
   systemd.services.podman-mqtt2prometheus.unitConfig.RequiresMountsFor = [ /vault/mqtt2prometheus ];
diff --git a/modules/information.nix b/modules/information.nix
index e873a5a..ccff052 100644
--- a/modules/information.nix
+++ b/modules/information.nix
@@ -24,4 +24,21 @@
     };
   };
 
+  # Readeck configuration
+  services.readeck = {
+    enable = true;
+    settings = {
+      server = {
+        host = "127.0.0.1";
+        port = 9092;
+        allowed_hosts = [ "read.psydnd.org" ];
+        trusted_proxies = [ "127.0.0.1" ];
+        environmentFile = config.age.secrets.readeck.path;
+      };
+    };
+  };
+
+  # NOTE Load credentials using environment variables
+  systemd.services.readeck.serviceConfig.EnvironmentFile = config.age.secrets.readeck.path;
+
 }
diff --git a/modules/webstack.nix b/modules/webstack.nix
index fe7142a..b194f91 100644
--- a/modules/webstack.nix
+++ b/modules/webstack.nix
@@ -134,18 +134,6 @@
           };
         };
       };
-      "wallabag.psydnd.org" = {
-        useACMEHost = "psydnd.org";
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://localhost:8090/";
-          extraConfig = ''
-            proxy_set_header X-Forwarded-Host $server_name;
-            proxy_set_header X-Forwarded-Proto https;
-            proxy_set_header X-Forwarded-For $remote_addr;
-          '';
-        };
-      };
       "books.psydnd.org" = {
         useACMEHost = "psydnd.org";
         forceSSL = true;
@@ -176,6 +164,11 @@
         forceSSL = true;
         locations."/".proxyPass = "http://localhost:9091/";
       };
+      "read.psydnd.org" = {
+        useACMEHost = "psydnd.org";
+        forceSSL = true;
+        locations."/".proxyPass = "http://localhost:9092/";
+      };
     };
   };
 
diff --git a/secrets/readeck.age b/secrets/readeck.age
new file mode 100644
index 0000000000000000000000000000000000000000..074f7031ea8156afc430c2f224ef81557fb39958
GIT binary patch
literal 554
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU73{4DjPggMTaf+yl
z$|^BP$|_E=OfN1g3`)yQb<TDV2@Nw%Hg~Zoi_8ejHTDipx8REOE>4fqFHEd-^)K;^
z407>tOmhv&@hD2M2+Ye0DvHpL$_k3qb~cF$aplt0)m5l03Ug2QO4oJ{2-Nm=Ep;l$
z45;ujitu-@EDrb0igY*g3=cKUcT4dt3FOk$dD0=<H1S8&t^DbH!F9nZH#Lg`csf(I
z9KG~?AHSj0@js84*ngWnGh6=Te#=>@iVDxG9Q%LFo_}!PA1QA8kFPCGI~)v<Si0``
zG0R7Lm>f8i_HEr)x-ZlCFvEsl1|07drpKyJb!GjdJad-lt-E=9D|mGOYMOdTtvqh_
zFFa^kN#+-;`Rfl!UsRZuEzO&E;Odloeuar9uMa&;-a9RG_hYeN$sc}MT%1?4Ib1fK
zFK+jVMUj`n_qT67|Hpoh_DO!8DnFm6H(J^J{wj(jJ~N1!^^B!z|E`=HN~=yTnkYGa
z^0iqW&kJkfUVoBe`w|(V^l{?8AJ!#Nv&27&XRe)*`##~{^*8H|8~<NrwZ(oy)GkJ&
zLd&y@4Xy`RukTxUqA_;oC83E)S!$lT%^$X%et3DgL~@<tqFEX`3;$$zwuCW1`z{~6
zkGX&&>HS*4n|-scM%A21ef>AzB=xka&Vik_=hJotBq}NYyn0Dxm4uvE+9qZ9P%TE~
K@aY1o9)|&To%Ff@

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 40560d2..1a6b1cd 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -19,7 +19,6 @@ in
   "inadyn-porkbun.age".publicKeys = [ zion ];
   "acme-duckdns.age".publicKeys = [ zion ];
   "acme-porkbun.age".publicKeys = [ zion ];
-  "wallabag.age".publicKeys = [ zion ];
-  "wallabag-postgres.age".publicKeys = [ zion ];
   "microbin.age".publicKeys = [ zion ];
+  "readeck.age".publicKeys = [ zion ];
 }