Tt-rss: Difference between revisions
description and link |
Added Caddy web server configuration (hopefully I’ll be able to upstream this at some point) |
||
| Line 14: | Line 14: | ||
selfUrlPath = "https://example.com/tt-rss"; | selfUrlPath = "https://example.com/tt-rss"; | ||
}; | }; | ||
</syntaxhighlight> | |||
=== Using Caddy as web server instead of nginx === | |||
As of NixOS 24.11 the following configuration works, future versions of NixOS may expose this as native Caddy support for Tiny Tiny RSS instead:<syntaxhighlight lang="nix"> | |||
{ config, pkgs, lib, ... }: | |||
let | |||
hostNames = [ | |||
"tt-rss.example.com" | |||
]; | |||
in { | |||
services.tt-rss = { | |||
enable = true; | |||
# Address at which Tiny Tiny RSS is publically exposed | |||
selfUrlPath = "https://${lib.lists.head hostNames}/"; | |||
# Disable nginx integration as it will conflict with Caddy | |||
virtualHost = null; | |||
}; | |||
# Caddy reverse proxy configuration | |||
services.caddy.virtualHosts.tt-rss = { | |||
hostName = lib.lists.head hostNames; | |||
serverAliases = lib.lists.tail hostNames; | |||
extraConfig = '' | |||
root * ${config.services.tt-rss.root}/www | |||
php_fastcgi * unix/${config.services.phpfpm.pools.${config.services.tt-rss.pool}.socket} { | |||
capture_stderr | |||
} | |||
file_server { | |||
browse | |||
} | |||
''; | |||
}; | |||
# Workaround: Create PHP-FPM socket with Caddy user instead of non-existing nginx | |||
services.phpfpm.pools."${config.services.tt-rss.pool}".settings = { | |||
"listen.owner" = config.services.caddy.user; | |||
"listen.group" = config.services.caddy.group; | |||
}; | |||
} | |||
</syntaxhighlight> | </syntaxhighlight> | ||
Latest revision as of 12:57, 18 May 2025
Tiny Tiny RSS is a free and open source web-based news feed (RSS/Atom) reader and aggregator.
Install
services.tt-rss = {
enable = true;
# to configure a nginx virtual host directly:
virtualHost = "tt-rss.example.com";
selfUrlPath = "https://tt-rss.example.com";
# or for hosting on sub-path:
selfUrlPath = "https://example.com/tt-rss";
};
Using Caddy as web server instead of nginx
As of NixOS 24.11 the following configuration works, future versions of NixOS may expose this as native Caddy support for Tiny Tiny RSS instead:
{ config, pkgs, lib, ... }:
let
hostNames = [
"tt-rss.example.com"
];
in {
services.tt-rss = {
enable = true;
# Address at which Tiny Tiny RSS is publically exposed
selfUrlPath = "https://${lib.lists.head hostNames}/";
# Disable nginx integration as it will conflict with Caddy
virtualHost = null;
};
# Caddy reverse proxy configuration
services.caddy.virtualHosts.tt-rss = {
hostName = lib.lists.head hostNames;
serverAliases = lib.lists.tail hostNames;
extraConfig = ''
root * ${config.services.tt-rss.root}/www
php_fastcgi * unix/${config.services.phpfpm.pools.${config.services.tt-rss.pool}.socket} {
capture_stderr
}
file_server {
browse
}
'';
};
# Workaround: Create PHP-FPM socket with Caddy user instead of non-existing nginx
services.phpfpm.pools."${config.services.tt-rss.pool}".settings = {
"listen.owner" = config.services.caddy.user;
"listen.group" = config.services.caddy.group;
};
}
Configuration
By default tt-rss creates an admin user with password password. After logging in for the first time, do not forget to change it!
Disabling the admin user completely
After installing and creating a new user, you can disable the admin by setting its access level to -2 [1].
Either manually by running:
sudo -u tt_rss nix-shell -p php \
--run 'php /var/lib/tt-rss/www/update.php --user-set-access-level "admin:-2"'
You can even automate this to ensure it is always set to -2 by e.g. utilising a PreStart snippet:
systemd.services.tt-rss.preStart = lib.mkAfter ''
${pkgs.php}/bin/php ${config.services.tt-rss.root}/www/update.php \
--user-set-access-level "admin:-2"
'';
Enabling TLS for nginx virtual host
Assuming you have ACME set-up for example.com:
services.nginx.virtualHosts."${config.services.tt-rss.virtualHost}" = {
forceSSL = true;
useACMEHost = "example.com"
};