Jump to content

FreshRSS: Difference between revisions

From Official NixOS Wiki
Arnecc (talk | contribs)
created initial page
 
Arnecc (talk | contribs)
m formatting fix for note on password file
 
Line 64: Line 64:
}}
}}


{{note|code=This password is only used for initial user creation. After first login, you should change it through the FreshRSS web interface. If you wish to stick with a password file, [https://github.com/ryantm/agenix agenix] or [https://github.com/mic92/sops-nix sops] should be used instead.}}
{{note|code=|This password is only used for initial user creation. After first login, you should change it through the FreshRSS web interface. If you wish to stick with a password file, [https://github.com/ryantm/agenix agenix] or [https://github.com/mic92/sops-nix sops] should be used instead.}}


=== Caddy ===
=== Caddy ===

Latest revision as of 15:23, 13 July 2026

FreshRSS is a self-hosted RSS and Atom feed aggregator. It is lightweight, multi-user, and supports custom tags, an API for mobile clients (Google Reader API and Fever API), WebSub push notifications, XPath-based web scraping (for generating feeds from websites that have no RSS/Atom feed published), OPML import/export, themes, and extensions.

Installation

Enable the FreshRSS module in your configuration:

services.freshrss.enable = true;

This creates a PHP-FPM pool and an nginx virtual host automatically.

Configuration

Basic setup

services.freshrss = {
    enable = true;
    virtualHost = "freshrss.example.com";
    baseUrl = "https://freshrss.example.com";
    webserver = "nginx";
    defaultUser = "desired-user-name";
    passwordFile = "/etc/secrets/freshrss";
  };

Unlike some NixOS service modules, FreshRSS does not automatically create the database, so you must set it up yourself, e.g. using PostgreSQL:

services.postgresql = {
    enable = true;
    ensureDatabases = [ "freshrss" ];
    ensureUsers = [
      {
        name = "freshrss";
        ensureDBOwnership = true;
      }
    ];
  };

The module sets up the root and locations for the virtual host automatically. You are responsible for adding TLS settings (forceSSL, enableACME or useACMEHost) to the virtual host.

services.nginx.virtualHosts."freshrss.example.com" = {
    forceSSL = true;
    enableACME = true;
  };

Password file

The passwordFile must contain the plaintext password and be readable by the freshrss user:

≡︎ /etc/secrets/freshrss
your-password

Create the file with correct permissions:

$ sudo echo "your-password" | sudo tee /etc/secrets/freshrss
$ sudo chown freshrss:freshrss /etc/secrets/freshrss
$ sudo chmod 400 /etc/secrets/freshrss
Note: This password is only used for initial user creation. After first login, you should change it through the FreshRSS web interface. If you wish to stick with a password file, agenix or sops should be used instead.

Caddy

The module supports Caddy as an alternative to nginx via the services.freshrss.webserver option:

services.freshrss = {
    webserver = "caddy";
  };

Caddy handles TLS automatically. Further customization can be done via services.caddy.virtualHosts.

Mobile API

To enable the Google Reader and Fever APIs for mobile clients:

services.freshrss.api.enable = true;

Users must then set individual API passwords in their profile settings.

See also

  • Tt-rss — an alternative self-hosted RSS reader with a NixOS module
  • RSSHub — an RSS feed generator for sites that do not natively provide feeds

References