Migrate from Wallabag to Readeck

configuration.nix

@@ -226,13 +226,16 @@ with pkgs;
       owner = "acme";
       group = "nginx";
     };
-    secrets.wallabag.file = secrets/wallabag.age;
-    secrets.wallabag-postgres.file = secrets/wallabag-postgres.age;
     secrets.microbin = {
       file = secrets/microbin.age;
       owner = "63026";
       group = "63026";
     };
+    secrets.readeck = {
+      file = secrets/readeck.age;
+      owner = "63026";
+      group = "63026";
+    };
     identityPaths = [ "/etc/ssh/id_ed25519" ];
   };
 

modules/containers.nix

@@ -44,31 +44,9 @@
           ports = [ "127.0.0.1:9090:8080" ];
           volumes = [ "/vault/opodsync:/var/www/server/data" ];
         };
-        # Wallabag
-        wallabag = {
-          image = "wallabag/wallabag@sha256:0d6602bbca0b0393f04f491788031e43b075e57b3eaec1873b17a136b662edaa";
-          environmentFiles = [ config.age.secrets.wallabag.path ];
-          dependsOn = [ "postgresql" ];
-          extraOptions = [ "--pod=wallabag-pod" ];
-        };
-        # Wallabag database
-        postgresql = {
-          image = "postgres:16.8@sha256:e95b0cb95f719e0ce156c2bc5545c89fbd98a1a692845a5331ddc79ea61f1b1e";
-          environmentFiles = [ config.age.secrets.wallabag-postgres.path ];
-          extraOptions = [ "--pod=wallabag-pod" ];
-          volumes = [ "/var/lib/postgresql-wallabag:/var/lib/postgresql/data" ];
-        };
       };
     };
   };
-  # Allow networking between Wallabag and Postgresql
-  systemd.services.create-wallabag-pod = {
-    serviceConfig.Type = "oneshot";
-    wantedBy = [ "podman-postgresql.service" ];
-    script = with pkgs; ''
-      ${podman}/bin/podman pod exists wallabag-pod || ${podman}/bin/podman pod create -n wallabag-pod -p '127.0.0.1:8090:80'
-    '';
-  };
 
   # Start services after ZFS mount
   systemd.services.podman-mqtt2prometheus.unitConfig.RequiresMountsFor = [ /vault/mqtt2prometheus ];

modules/information.nix

@@ -24,4 +24,21 @@
     };
   };
 
+  # Readeck configuration
+  services.readeck = {
+    enable = true;
+    settings = {
+      server = {
+        host = "127.0.0.1";
+        port = 9092;
+        allowed_hosts = [ "read.psydnd.org" ];
+        trusted_proxies = [ "127.0.0.1" ];
+        environmentFile = config.age.secrets.readeck.path;
+      };
+    };
+  };
+
+  # NOTE Load credentials using environment variables
+  systemd.services.readeck.serviceConfig.EnvironmentFile = config.age.secrets.readeck.path;
+
 }

modules/webstack.nix

@@ -134,18 +134,6 @@
           };
         };
       };
-      "wallabag.psydnd.org" = {
-        useACMEHost = "psydnd.org";
-        forceSSL = true;
-        locations."/" = {
-          proxyPass = "http://localhost:8090/";
-          extraConfig = ''
-            proxy_set_header X-Forwarded-Host $server_name;
-            proxy_set_header X-Forwarded-Proto https;
-            proxy_set_header X-Forwarded-For $remote_addr;
-          '';
-        };
-      };
       "books.psydnd.org" = {
         useACMEHost = "psydnd.org";
         forceSSL = true;
@@ -176,6 +164,11 @@
         forceSSL = true;
         locations."/".proxyPass = "http://localhost:9091/";
       };
+      "read.psydnd.org" = {
+        useACMEHost = "psydnd.org";
+        forceSSL = true;
+        locations."/".proxyPass = "http://localhost:9092/";
+      };
     };
   };
 

secrets/secrets.nix

@@ -19,7 +19,6 @@ in
   "inadyn-porkbun.age".publicKeys = [ zion ];
   "acme-duckdns.age".publicKeys = [ zion ];
   "acme-porkbun.age".publicKeys = [ zion ];
-  "wallabag.age".publicKeys = [ zion ];
-  "wallabag-postgres.age".publicKeys = [ zion ];
   "microbin.age".publicKeys = [ zion ];
+  "readeck.age".publicKeys = [ zion ];
 }