miniflux

Author: ildoc

ansible/db.yml

@@ -14,8 +14,8 @@
         authentik: "cross/data/apps/authentik:postgres_password"
         matrix: "cross/data/apps/matrix:postgres_password"
         sonarqube: "cross/data/apps/sonarqube:postgres_password"
-        kestra: "cross/data/apps/kestra:postgres_password"
         immich: "cross/data/apps/immich:postgres_password"
+        miniflux: "cross/data/apps/miniflux:postgres_password"
 
   tasks:
     - name: Include vault secrets loading task

ansible/inventory/host_vars/db.yml

@@ -33,12 +33,6 @@ db:
         lc_collate: en_US.UTF-8
         lc_ctype: en_US.UTF-8
 
-      - name: kestra_db
-        owner: kestra_user
-        encoding: UTF8
-        lc_collate: en_US.UTF-8
-        lc_ctype: en_US.UTF-8
-
       - name: immich_db
         owner: immich_user
         encoding: UTF8
@@ -49,6 +43,12 @@ db:
           - cube
           - earthdistance
 
+      - name: miniflux_db
+        owner: miniflux_user
+        encoding: UTF8
+        lc_collate: en_US.UTF-8
+        lc_ctype: en_US.UTF-8
+
     users:
       - name: invidious_user
         password: "{{ _secrets.postgres_users.invidious }}"
@@ -82,18 +82,18 @@ db:
         table_privs: ALL
         sequence_privs: ALL
 
-      - name: kestra_user
-        password: "{{ _secrets.postgres_users.kestra }}"
+      - name: immich_user
+        password: "{{ _secrets.postgres_users.immich }}"
         databases:
-          - kestra_db
+          - immich_db
         privileges: ALL
         table_privs: ALL
         sequence_privs: ALL
 
-      - name: immich_user
-        password: "{{ _secrets.postgres_users.immich }}"
+      - name: miniflux_user
+        password: "{{ _secrets.postgres_users.miniflux }}"
         databases:
-          - immich_db
+          - miniflux_db
         privileges: ALL
         table_privs: ALL
         sequence_privs: ALL

ansible/inventory/host_vars/pihole.yml

@@ -46,6 +46,7 @@ pihole:
     - { ip: 192.168.0.81, domain: "tools.local.ildoc.it"}
     - { ip: 192.168.0.81, domain: "immich.local.ildoc.it"}
     - { ip: 192.168.0.81, domain: "pdf.local.ildoc.it"}
+    - { ip: 192.168.0.81, domain: "miniflux.local.ildoc.it"}
 
     - { ip: 192.168.0.81, domain: "pocmanager.local.ildoc.it"}
     - { ip: 192.168.0.81, domain: "pocsender.local.ildoc.it"}

kubernetes/applications/miniflux/deployment.yaml

@@ -0,0 +1,98 @@
+---
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: miniflux
+  namespace: apps
+  annotations:
+    argocd.argoproj.io/sync-wave: "4"
+spec:
+  selector:
+    matchLabels:
+      app: miniflux
+  strategy:
+    type: Recreate
+  revisionHistoryLimit: 3
+  template:
+    metadata:
+      labels:
+        app: miniflux
+    spec:
+      initContainers:
+        - name: prepare-env
+          image: busybox:latest
+          command:
+            - /bin/sh
+            - -c
+            - |
+              echo "postgres://miniflux:${POSTGRES_PASSWORD}@192.168.0.30/miniflux?sslmode=disable" > /shared/database_url
+              echo "✓ DATABASE_URL prepared"
+          env:
+            - name: POSTGRES_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: miniflux-cross-secrets
+                  key: postgres-password
+          volumeMounts:
+            - name: shared-env
+              mountPath: /shared
+      
+      containers:
+        - name: miniflux
+          image: miniflux/miniflux:latest
+          command:
+            - /bin/sh
+            - -c
+            - |
+              # Legge la DATABASE_URL dal file scritto dall'initContainer
+              export DATABASE_URL=$(cat /shared/database_url)
+              # Esegue il comando originale di Miniflux (l'immagine ha già un entrypoint)
+              exec miniflux
+          env:
+            - name: RUN_MIGRATIONS
+              value: "1"
+            - name: CREATE_ADMIN
+              value: "1"
+            - name: ADMIN_USERNAME
+              value: "miniflux_user"
+            - name: ADMIN_PASSWORD
+              valueFrom:
+                secretKeyRef:
+                  name: miniflux-k8s-secrets
+                  key: admin-password
+          ports:
+            - containerPort: 8080
+              name: http
+              protocol: TCP
+          volumeMounts:
+            - name: shared-env
+              mountPath: /shared
+              readOnly: true
+          resources:
+            limits:
+              cpu: 500m
+              memory: 512Mi
+            requests:
+              cpu: 100m
+              memory: 128Mi
+          livenessProbe:
+            httpGet:
+              path: /healthcheck
+              port: http
+            initialDelaySeconds: 30
+            periodSeconds: 30
+            timeoutSeconds: 5
+            failureThreshold: 3
+          readinessProbe:
+            httpGet:
+              path: /healthcheck
+              port: http
+            initialDelaySeconds: 10
+            periodSeconds: 10
+            timeoutSeconds: 5
+            failureThreshold: 3
+      
+      volumes:
+        - name: shared-env
+          emptyDir: {}
+

kubernetes/applications/miniflux/httproute.yaml

@@ -0,0 +1,21 @@
+---
+apiVersion: gateway.networking.k8s.io/v1
+kind: HTTPRoute
+metadata:
+  name: miniflux-route
+  namespace: apps
+spec:
+  parentRefs:
+    - name: cilium-gateway
+      namespace: kube-system
+      sectionName: https
+  hostnames:
+    - "miniflux.local.ildoc.it"
+  rules:
+    - matches:
+        - path:
+            type: PathPrefix
+            value: /
+      backendRefs:
+        - name: miniflux
+          port: 8080

kubernetes/applications/miniflux/secrets.yaml

@@ -0,0 +1,44 @@
+---
+# Secret condivisi (PostgreSQL) dal path cross/
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: vault-miniflux-cross-secrets
+  namespace: apps
+spec:
+  refreshInterval: "1h"
+  secretStoreRef:
+    name: vault-cross-secret-store
+    kind: ClusterSecretStore
+  target:
+    name: miniflux-cross-secrets
+    creationPolicy: Owner
+  data:
+  - secretKey: postgres-password
+    remoteRef:
+      key: cross/data/apps/miniflux
+      property: postgres_password
+
+---
+# Secret specifici Kubernetes (admin password, etc.)
+apiVersion: external-secrets.io/v1
+kind: ExternalSecret
+metadata:
+  name: vault-miniflux-k8s-secrets
+  namespace: apps
+  annotations:
+    argocd.argoproj.io/sync-wave: "1"
+spec:
+  refreshInterval: "1h"
+  secretStoreRef:
+    name: vault-kubernetes-secret-store
+    kind: ClusterSecretStore
+  target:
+    name: miniflux-k8s-secrets
+    creationPolicy: Owner
+  data:
+  - secretKey: admin-password
+    remoteRef:
+      key: kubernetes/data/apps/miniflux
+      property: admin_password
+

kubernetes/applications/miniflux/service.yaml

@@ -0,0 +1,18 @@
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: miniflux
+  namespace: apps
+  annotations:
+    argocd.argoproj.io/sync-wave: "4"
+spec:
+  type: ClusterIP
+  ports:
+    - port: 8080
+      targetPort: 8080
+      protocol: TCP
+      name: http
+  selector:
+    app: miniflux
+