From b46cf2027341c5faf34b945952eaaa1a578b8910 Mon Sep 17 00:00:00 2001
From: Luke Hoersten <luke@hoersten.org>
Date: Sat, 8 Aug 2020 09:49:57 -0500
Subject: Added miniflux role.

---
 miniflux/templates/miniflux.conf.j2 | 10 ++++++++++
 miniflux/templates/nginx.conf.j2    | 30 ++++++++++++++++++++++++++++++
 miniflux/templates/setup_db.psql.j2 |  5 +++++
 3 files changed, 45 insertions(+)
 create mode 100644 miniflux/templates/miniflux.conf.j2
 create mode 100644 miniflux/templates/nginx.conf.j2
 create mode 100644 miniflux/templates/setup_db.psql.j2

(limited to 'miniflux/templates')

diff --git a/miniflux/templates/miniflux.conf.j2 b/miniflux/templates/miniflux.conf.j2
new file mode 100644
index 0000000..ac9c32f
--- /dev/null
+++ b/miniflux/templates/miniflux.conf.j2
@@ -0,0 +1,10 @@
+# See https://miniflux.app/docs/
+
+LISTEN_ADDR={{miniflux_listen}}
+
+DATABASE_URL=user=miniflux password={{miniflux_db_pass}} dbname=miniflux sslmode=disable
+RUN_MIGRATIONS=1
+
+CREATE_ADMIN=1
+ADMIN_USERNAME=admin
+ADMIN_PASSWORD={{miniflux_admin_pass}}
diff --git a/miniflux/templates/nginx.conf.j2 b/miniflux/templates/nginx.conf.j2
new file mode 100644
index 0000000..b0e4c32
--- /dev/null
+++ b/miniflux/templates/nginx.conf.j2
@@ -0,0 +1,30 @@
+server {
+    listen 80;
+    listen [::]:80;
+    server_name {{nginx_server_name}};
+    return 301 https://$host$request_uri;
+}
+
+server {
+    listen 443 ssl http2;
+    # listen [::]:443 ssl ipv6only=on;
+    server_name {{nginx_server_name}};
+
+    ssl_certificate {{nginx_ssl_cert}};
+    ssl_certificate_key {{nginx_ssl_privkey}};
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    ssl_ecdh_curve X25519:prime256v1:secp384r1:secp521r1;
+    ssl_stapling on;
+    ssl_stapling_verify on;
+
+    location / {
+        proxy_pass {{nginx_proxy_pass}};
+        proxy_redirect off;
+        proxy_set_header Host $host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-Forwarded-Proto $scheme;
+    }
+}
diff --git a/miniflux/templates/setup_db.psql.j2 b/miniflux/templates/setup_db.psql.j2
new file mode 100644
index 0000000..f1867e7
--- /dev/null
+++ b/miniflux/templates/setup_db.psql.j2
@@ -0,0 +1,5 @@
+CREATE USER miniflux WITH ENCRYPTED PASSWORD '{{miniflux_db_pass}}';
+CREATE DATABASE miniflux WITH OWNER miniflux;
+\c miniflux;
+--Extensions made by miniflux that need superuser access
+CREATE EXTENSION IF NOT EXISTS hstore;
-- 
cgit v1.2.3