Replace tt-rss with freshrss

ansible/main.yml

@@ -73,6 +73,7 @@
     - baby_buddy
     - bsky
     - immich
+    - freshrss
 
 - hosts: ingress
   roles:

ansible/roles/freshrss/files/docker-compose.yml

@@ -0,0 +1,38 @@
+services:
+  freshrss:
+    image: freshrss/freshrss:latest
+    restart: unless-stopped
+    environment:
+      - TZ=Europe/London
+      - OIDC_ENABLED=1
+      - OIDC_PROVIDER_METADATA_URL=https://auth.jakehoward.tech/.well-known/openid-configuration
+      - OIDC_CLIENT_ID={{ vault_oidc_client_id }}
+      - OIDC_CLIENT_SECRET={{ vault_oidc_client_secret }}
+      - OIDC_SCOPES=openid profile email
+      - OIDC_X_FORWARDED_HEADERS=X-Forwarded-Proto X-Forwarded-Host
+      - CRON_MIN=*/15
+    labels:
+      - traefik.enable=true
+      - traefik.http.routers.freshrss.rule=Host(`freshrss.jakehoward.tech`)
+      - traefik.http.routers.freshrss.middlewares=tailscale-only@file
+    volumes:
+      - "{{ app_data_dir }}/freshrss:/var/www/FreshRSS/data"
+      - ./extensions:/var/www/FreshRSS/extensions
+    depends_on:
+      - db
+    networks:
+      - default
+      - traefik
+
+  db:
+    image: postgres:14-alpine
+    restart: unless-stopped
+    volumes:
+      - /mnt/speed/dbs/postgres/freshrss:/var/lib/postgresql/data
+    environment:
+      - POSTGRES_PASSWORD=freshrss
+      - POSTGRES_USER=freshrss
+
+networks:
+  traefik:
+    external: true

ansible/roles/freshrss/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: restart freshrss
+  shell:
+    chdir: /opt/freshrss
+    cmd: "{{ docker_update_command }}"

ansible/roles/freshrss/tasks/main.yml

@@ -0,0 +1,35 @@
+- name: Include vault
+  include_vars: vault.yml
+
+- name: Create install directory
+  file:
+    path: /opt/freshrss
+    state: directory
+    owner: "{{ docker_user.name }}"
+    mode: "{{ docker_compose_directory_mask }}"
+
+- name: Create extensions directory
+  file:
+    path: /opt/freshrss/extensions
+    state: directory
+    owner: www-data
+    mode: "{{ docker_compose_directory_mask }}"
+  register: extensions_dir
+
+- name: Install compose file
+  template:
+    src: files/docker-compose.yml
+    dest: /opt/freshrss/docker-compose.yml
+    mode: "{{ docker_compose_file_mask }}"
+    owner: "{{ docker_user.name }}"
+    validate: docker-compose -f %s config
+  notify: restart freshrss
+
+- name: Install three panes extension
+  git:
+    repo: https://framagit.org/nicofrand/xextension-threepanesview
+    dest: "{{ extensions_dir.path }}/xextension-threepanesview"
+    depth: 1
+  become: true
+  become_user: www-data
+  notify: restart freshrss

ansible/roles/freshrss/vars/vault.yml

@@ -0,0 +1,11 @@
+$ANSIBLE_VAULT;1.1;AES256
+63323639343139643530393939613035623633336236326364653239386133386261623837346664
+3562383630313232663036663730316237386662373130630a623532666465633161383832316535
+30643939303966323962343331336565306665613831656232316339303862666332353938313239
+6437666438333963300a393136646465633531643135313736313666613637303038313333396561
+30313432646631623463376135613963326134363837343766623262336263613939616134373631
+37336364323134656432376236613766636635373736656263666661323866306532656231306665
+36333033663961303838363039363832663638633664333036306532386336353232386637393862
+32613437303637333034343433396665323665663136396637303533663834633663663630323839
+38323964663131306230376334323936326533316132316531303363303338383639616331383433
+3033313234666632653663646230633766656339373866363735

ansible/roles/pve_docker/files/tt-rss/docker-compose.yml

@@ -1,66 +0,0 @@
-x-app: &app
-  image: cthulhoo/ttrss-fpm-pgsql-static:latest
-  restart: unless-stopped
-  environment:
-    - TTRSS_DB_USER=tt-rss
-    - TTRSS_DB_NAME=tt-rss
-    - TTRSS_DB_PASS=tt-rss
-    - TTRSS_SELF_URL_PATH=https://tt-rss.jakehoward.tech
-    - TTRSS_ENABLE_REGISTRATION=false
-    - TTRSS_CHECK_FOR_UPDATES=false
-    - TTRSS_ENABLE_GZIP_OUTPUT=true
-    - TTRSS_NO_STARTUP_PLUGIN_UPDATES=true
-    - OWNER_UID={{ docker_user.id }}
-    - OWNER_GID={{ docker_user.id }}
-    - PHP_WORKER_MAX_CHILDREN=50
-    - PHP_WORKER_MEMORY_LIMIT=512M
-    - APP_WEB_ROOT=/var/www/html/tt-rss
-    - APP_BASE=
-  volumes:
-    - ./tt-rss:/var/www/html
-    - "{{ app_data_dir }}/tt-rss/feed-icons:/var/www/html/tt-rss/feed-icons"
-    - ./plugins:/var/www/html/tt-rss/plugins.local
-
-services:
-  nginx:
-    image: cthulhoo/ttrss-web-nginx:latest
-    restart: unless-stopped
-    labels:
-      - traefik.enable=true
-      - traefik.http.routers.tt-rss.rule=Host(`tt-rss.jakehoward.tech`)
-      - traefik.http.middlewares.add-ttrss.addprefix.prefix=/tt-rss
-      - traefik.http.middlewares.remove-ttrss.stripprefix.prefixes=/tt-rss
-      - traefik.http.routers.tt-rss.middlewares=remove-ttrss,add-ttrss
-    volumes:
-      - ./tt-rss:/var/www/html
-      - "{{ app_data_dir }}/tt-rss/feed-icons:/var/www/html/tt-rss/feed-icons:ro"
-      - ./plugins:/var/www/html/tt-rss/plugins.local
-    depends_on:
-      - app
-    networks:
-      - default
-      - traefik
-
-  app:
-    <<: *app
-    depends_on:
-      - db
-
-  updater:
-    <<: *app
-    command: /opt/tt-rss/updater.sh
-    depends_on:
-      - app
-
-  db:
-    image: postgres:14-alpine
-    restart: unless-stopped
-    volumes:
-      - /mnt/speed/dbs/postgres/tt-rss:/var/lib/postgresql/data
-    environment:
-      - POSTGRES_PASSWORD=tt-rss
-      - POSTGRES_USER=tt-rss
-
-networks:
-  traefik:
-    external: true

ansible/roles/pve_docker/tasks/main.yml

@@ -13,9 +13,6 @@
 - name: Install synapse
   include_tasks: synapse.yml
 
-- name: Install tt-rss
-  include_tasks: tt-rss.yml
-
 - name: Install wallabag
   include_tasks: wallabag.yml
 

ansible/roles/pve_docker/tasks/tt-rss.yml

@@ -1,47 +0,0 @@
-- name: Create tt-rss directory
-  file:
-    path: /opt/tt-rss
-    state: directory
-    owner: "{{ docker_user.name }}"
-    mode: "{{ docker_compose_directory_mask }}"
-
-- name: Create tt-rss plugins directory
-  file:
-    path: /opt/tt-rss/plugins
-    state: directory
-    owner: "{{ docker_user.name }}"
-    mode: "{{ docker_compose_directory_mask }}"
-  register: plugins_dir
-
-- name: Install tt-rss compose file
-  template:
-    src: files/tt-rss/docker-compose.yml
-    dest: /opt/tt-rss/docker-compose.yml
-    mode: "{{ docker_compose_file_mask }}"
-    owner: "{{ docker_user.name }}"
-    validate: docker-compose -f %s config
-  register: compose_file
-
-- name: Install fever plugin
-  git:
-    repo: https://github.com/DigitalDJ/tinytinyrss-fever-plugin
-    dest: "{{ plugins_dir.path }}/fever"
-    depth: 1
-  register: fever_plugin
-  become: true
-  become_user: "{{ docker_user.name }}"
-
-- name: Ensure plugins are owned by {{ docker_user.name }}
-  file:
-    path: "{{ plugins_dir.path }}"
-    state: directory
-    owner: "{{ docker_user.name }}"
-    mode: u=rwX,g=rwX,o=rX
-    recurse: true
-  when: fever_plugin.changed
-
-- name: restart tt-rss
-  shell:
-    chdir: /opt/tt-rss
-    cmd: "{{ docker_update_command }}"
-  when: compose_file.changed or fever_plugin.changed

terraform/jakehoward.tech.tf

@@ -73,16 +73,6 @@ resource "gandi_livedns_record" "jakehowardtech_wallabag" {
   ]
 }
 
-resource "gandi_livedns_record" "jakehowardtech_ttrss" {
-  zone = data.gandi_livedns_domain.jakehowardtech.id
-  name = "tt-rss"
-  type = "CNAME"
-  ttl  = 3600
-  values = [
-    "${gandi_livedns_record.sys_domain_pve.name}.${gandi_livedns_record.sys_domain_pve.zone}."
-  ]
-}
-
 resource "gandi_livedns_record" "jakehowardtech_speed" {
   zone = data.gandi_livedns_domain.jakehowardtech.id
   name = "speed"
@@ -353,6 +343,16 @@ resource "gandi_livedns_record" "jakehowardtech_photos" {
   ]
 }
 
+resource "gandi_livedns_record" "jakehowardtech_freshrss" {
+  zone = data.gandi_livedns_domain.jakehowardtech.id
+  name = "freshrss"
+  type = "CNAME"
+  ttl  = 3600
+  values = [
+    "${gandi_livedns_record.sys_domain_pve_private.name}.${gandi_livedns_record.sys_domain_pve_private.zone}."
+  ]
+}
+
 resource "gandi_livedns_record" "jakehowardtech_caa" {
   zone = data.gandi_livedns_domain.jakehowardtech.id
   name = "@"