From 1759d2c7c3722a82bda2d58aecb8dfe8fd92d05f Mon Sep 17 00:00:00 2001
From: aleidk <ale.navarro.parra@gmail.com>
Date: Wed, 11 Dec 2024 16:46:20 -0300
Subject: [PATCH] feat: replace fresh rss for miniflux

---
 files/docker/rss/docker-stack.yaml | 69 +++++++++++++++++++-----------
 files/docker/rss/env.yaml          | 55 ++++++++++++++++++++++++
 playbooks/docker/services.yaml     | 62 +++------------------------
 3 files changed, 107 insertions(+), 79 deletions(-)
 create mode 100644 files/docker/rss/env.yaml

diff --git a/files/docker/rss/docker-stack.yaml b/files/docker/rss/docker-stack.yaml
index c7089d0..94801a8 100644
--- a/files/docker/rss/docker-stack.yaml
+++ b/files/docker/rss/docker-stack.yaml
@@ -1,39 +1,34 @@
 networks:
   reverse-proxy:
     external: true
+  miniflux:
 
 volumes:
-  fresh_rss_data:
-  fresh_rss_extensions:
   linkding_data:
+  miniflux_db:
 
 services:
-  freshrss:
-    image: freshrss/freshrss:latest
-    container_name: freshrss
-    hostname: freshrss
+  miniflux:
+    image: miniflux/miniflux:latest
     restart: unless-stopped
+    depends_on:
+      - miniflux_db
     networks:
-        - reverse-proxy
-    logging:
-      options:
-        max-size: 10m
-    volumes:
-      - fresh_rss_data:/var/www/FreshRSS/data
-      - fresh_rss_extensions:/var/www/FreshRSS/extensions
+      - miniflux
+      - reverse-proxy
     environment:
-      TZ: America/Santiago
-      CRON_MIN: '3,33'
-      TRUSTED_PROXY: 10.0.10.0/24
+      DATABASE_URL: postgres://${MF_DB_USER}:${MF_DB_PASS}@miniflux_db/miniflux?sslmode=disable
+      RUN_MIGRATIONS: 1
+      BASE_URL: https://rss.alecodes.page
 
       OIDC_ENABLED: 1
-      OIDC_PROVIDER_METADATA_URL: https://auth.alecodes.page/.well-known/openid-configuration
-      OIDC_CLIENT_ID: ${FR_OIDC_CLIENT_ID}
-      OIDC_CLIENT_SECRET: ${FR_OIDC_CLIENT_SECRET}
-      OIDC_CLIENT_CRYPTO_KEY: ${FR_OIDC_CLIENT_CRYPTO_KEY}
-      OIDC_REMOTE_USER_CLAIM: preferred_username
-      OIDC_SCOPES: openid groups email profile
-      OIDC_X_FORWARDED_HEADERS: X-Forwarded-Host X-Forwarded-Port X-Forwarded-Proto
+      DISABLE_LOCAL_AUTH: 1
+      OAUTH2_USER_CREATION: 1
+      OAUTH2_PROVIDER: oidc
+      OAUTH2_OIDC_DISCOVERY_ENDPOINT: https://auth.alecodes.page
+      OAUTH2_REDIRECT_URL: https://rss.alecodes.page/oauth2/oidc/callback
+      OAUTH2_CLIENT_ID: ${MF_OIDC_CLIENT_ID}
+      OAUTH2_CLIENT_SECRET: ${MF_OIDC_CLIENT_SECRET}
 
     deploy:
       rollback_config:
@@ -48,7 +43,33 @@ services:
       labels:
         - traefik.enable=true
         - traefik.http.routers.freshrss.rule=Host(`rss.alecodes.page`)
-        - traefik.http.services.freshrss.loadbalancer.server.port=80
+        - traefik.http.services.freshrss.loadbalancer.server.port=8080
+
+  miniflux_db:
+    image: postgres:15
+    networks:
+      - miniflux
+    environment:
+      - POSTGRES_USER=${MF_DB_USER}
+      - POSTGRES_PASSWORD=${MF_DB_PASS}
+      - POSTGRES_DB=miniflux
+    volumes:
+      - miniflux_db:/var/lib/postgresql/data
+    healthcheck:
+      test: ["CMD", "pg_isready", "-U", "miniflux"]
+      interval: 10s
+      start_period: 30s
+    deploy:
+      rollback_config:
+        failure_action: continue
+      update_config:
+        delay: 2s
+        failure_action: rollback
+        order: start-first
+      placement:
+        constraints:
+          - node.labels.services_kind==${SERVICE_KIND:-common}
+
   linkding:
     image: sissbruecker/linkding:latest
     restart: unless-stopped
diff --git a/files/docker/rss/env.yaml b/files/docker/rss/env.yaml
new file mode 100644
index 0000000..8adade9
--- /dev/null
+++ b/files/docker/rss/env.yaml
@@ -0,0 +1,55 @@
+SERVICE_KIND: common
+MF_OIDC_CLIENT_ID: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  64373465396361306338353037613339383136643235633433396436313265343565343335386439
+  6364653962636630393031326266626631353163656364620a366663306633623163306631323836
+  31666165343039613838656236333232336631373139626230633266306134613665366135363763
+  6239303930306435390a326263653938343931323962343935323136386633376437666231333163
+  62623366393664643136393638323665313263383934646565366331663163653862386635333562
+  63396636646663326637333563303734313336653038323334646164306336393562313030353063
+  61643537393062336438623762633331666562303335393434666437336636613935626435363631
+  33386337336365353733
+MF_OIDC_CLIENT_SECRET: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  31666165626661336330303635343437313563343234383966383862653735643734633130626631
+  3335656237326535333132666432646563386131303636350a626534653338343236313636623234
+  34323364333834376334383431323434643634363336363333306634383232393132316662333134
+  6266653032646635380a313633363439613637303636316436383030636132356233306661323734
+  35663535373663373364616130333334613366616432616162323961666136383236353466373831
+  61386464313533643464323762333639316631393364393062666566666233623364376334376139
+  31366363376564353135646134396666373166386461376162656231323335396539323533643734
+  39306533333436363361
+MF_DB_USER: miniflux
+MF_DB_PASS: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  34646261613038636238336165356531383461326435376662613865613030396364326438396531
+  3833303736653266653134326132386433303131356136630a623732303863646337326563383939
+  34653961306431626565393933323863346262386666333432373135623130376530663930646561
+  6166316462336162660a366562316333383264336133353434326165363165353138336162316461
+  31643962306561396632396663363565386666393531313064353633633138333838616666333438
+  62396465636436353136393939633638326435646161313561373038636364626562373561616663
+  36613061663764636466386637356533623131303762303436393532633035323162623063643231
+  38356364613530393766363636663637373735306664376166613934633561653466393065653535
+  30646634333863353332376166663836653331393462336337306566346565626133343065376534
+  30356633323139653332366234643034613465323139663764613938333165626137663138626661
+  323164373034316262646265326565303638
+LD_OIDC_CLIENT_ID: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  32386332636132656536326132666138336230393965333637336234656663393531366266653037
+  6365386466343938303532353361626335346335353965660a313132623532343063393565393136
+  62363735373661333539396531663338343637363836666635626562363761613738303231636637
+  3431356534326662320a663130363739643538643031643534613835363737666662303138313737
+  32366361313137306334323965333066656164393830656334303038356461363530303731653161
+  33633832626335376263616430306565633664626163396430376239353838313364386364353037
+  64323765653835343263353739353938373133363464326566346162343536353437623261643139
+  36383363636464613138
+LD_OIDC_CLIENT_SECRET: !vault |
+  $ANSIBLE_VAULT;1.1;AES256
+  33343032383063343035316333613033646538643564386337396336623134656333393962386262
+  3936383566346433623766306666363165323562353561330a613333656264626337396666666136
+  35343638326334343539616462646338643066303138616162623964383363393361366563653737
+  6539333565313438300a653733613535643264386532333830343264626665363234653834343036
+  66393935653363633837363534383365303166313061306532613366656132663264306530666133
+  37306462336534393436373836656137663566623031646165376262633535383462373663363166
+  31366234373764373031373161653736383336613336646631333562333864663639653263333762
+  61343031656664636431
diff --git a/playbooks/docker/services.yaml b/playbooks/docker/services.yaml
index 8265459..ff8a244 100644
--- a/playbooks/docker/services.yaml
+++ b/playbooks/docker/services.yaml
@@ -21,64 +21,16 @@
       #     name: "{{ project_name + '_db_password'}}"
       #     secret: "{{ random_hash.stdout }}"
 
+      - name: Load environment variables
+        include_vars:
+          file: ../../files/docker/rss/env.yaml
+          name: env_vars
+
       - name: Deploy RSS Feed
-        environment:
-          SERVICE_KIND: common
-          FR_OIDC_CLIENT_ID: !vault |
-            $ANSIBLE_VAULT;1.1;AES256
-            64373465396361306338353037613339383136643235633433396436313265343565343335386439
-            6364653962636630393031326266626631353163656364620a366663306633623163306631323836
-            31666165343039613838656236333232336631373139626230633266306134613665366135363763
-            6239303930306435390a326263653938343931323962343935323136386633376437666231333163
-            62623366393664643136393638323665313263383934646565366331663163653862386635333562
-            63396636646663326637333563303734313336653038323334646164306336393562313030353063
-            61643537393062336438623762633331666562303335393434666437336636613935626435363631
-            33386337336365353733
-          FR_OIDC_CLIENT_SECRET: !vault |
-            $ANSIBLE_VAULT;1.1;AES256
-            31666165626661336330303635343437313563343234383966383862653735643734633130626631
-            3335656237326535333132666432646563386131303636350a626534653338343236313636623234
-            34323364333834376334383431323434643634363336363333306634383232393132316662333134
-            6266653032646635380a313633363439613637303636316436383030636132356233306661323734
-            35663535373663373364616130333334613366616432616162323961666136383236353466373831
-            61386464313533643464323762333639316631393364393062666566666233623364376334376139
-            31366363376564353135646134396666373166386461376162656231323335396539323533643734
-            39306533333436363361
-          FR_OIDC_CLIENT_CRYPTO_KEY: !vault |
-            $ANSIBLE_VAULT;1.1;AES256
-            65353837666236363262613131653664633166646236363133356335636263363361373934626166
-            3935346135393061346566326130643134383363323433370a316131376666626139373430393135
-            65653464646336316135323965363734306131313430646164363533343465633231363865333062
-            3061383330383435650a363338666164336663383462333130623963376332333964306565326262
-            30616562333734363938373739636262363461313636386634373565373236383835383336376435
-            31633938643738303464633133363365316365376237313237376436393835623366346665303964
-            38323132643665613361643565636130303166386339363264306234616366313462616461316632
-            34633339613264353632303232633962303361343630653633383234663536323361646639383933
-            37333837383538613866663564616334636330636431663936373238613862316239663566333737
-            65333264666234643765623636393832363763343339386266316365623331333132303361336566
-            613766343761383861323138623536366431
-          LD_OIDC_CLIENT_ID: !vault |
-            $ANSIBLE_VAULT;1.1;AES256
-            32386332636132656536326132666138336230393965333637336234656663393531366266653037
-            6365386466343938303532353361626335346335353965660a313132623532343063393565393136
-            62363735373661333539396531663338343637363836666635626562363761613738303231636637
-            3431356534326662320a663130363739643538643031643534613835363737666662303138313737
-            32366361313137306334323965333066656164393830656334303038356461363530303731653161
-            33633832626335376263616430306565633664626163396430376239353838313364386364353037
-            64323765653835343263353739353938373133363464326566346162343536353437623261643139
-            36383363636464613138
-          LD_OIDC_CLIENT_SECRET: !vault |
-            $ANSIBLE_VAULT;1.1;AES256
-            33343032383063343035316333613033646538643564386337396336623134656333393962386262
-            3936383566346433623766306666363165323562353561330a613333656264626337396666666136
-            35343638326334343539616462646338643066303138616162623964383363393361366563653737
-            6539333565313438300a653733613535643264386532333830343264626665363234653834343036
-            66393935653363633837363534383365303166313061306532613366656132663264306530666133
-            37306462336534393436373836656137663566623031646165376262633535383462373663363166
-            31366234373764373031373161653736383336613336646631333562333864663639653263333762
-            61343031656664636431
+        environment: "{{ env_vars }}"
         community.docker.docker_stack:
           state: present
+          prune: true
           name: "{{ project_name }}"
           compose:
             - "{{ lookup('file', '../../files/docker/rss/docker-stack.yaml') | from_yaml }}"