From f2201789fe442282c7ec17c225a9a78dd1973a09 Mon Sep 17 00:00:00 2001
From: Mynacol <Mynacol@users.noreply.github.com>
Date: Sat, 30 Dec 2023 00:09:48 +0100
Subject: [PATCH 1/4] rss-bridge: add config option

This allows managing rss-bridge's config with nix.
It leverages the environment variable way of setting the config options,
introduced quite [some time ago](https://github.com/RSS-Bridge/rss-bridge/pull/2100)
It is the only existing way to set config options independent of the
document root, and upstream is [hesitant](https://github.com/RSS-Bridge/rss-bridge/pull/3842)
to change the config loading methods.

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
---
 .../modules/services/web-apps/rss-bridge.nix  | 37 ++++++++++++++++++-
 1 file changed, 36 insertions(+), 1 deletion(-)

diff --git a/nixos/modules/services/web-apps/rss-bridge.nix b/nixos/modules/services/web-apps/rss-bridge.nix
index 1a710f4a6a67..c263a179421c 100644
--- a/nixos/modules/services/web-apps/rss-bridge.nix
+++ b/nixos/modules/services/web-apps/rss-bridge.nix
@@ -72,6 +72,29 @@ in
           Use `[ "*" ]` to whitelist all.
         '';
       };
+
+      config = mkOption {
+        type = with types; attrsOf (attrsOf (oneOf [ bool int str (listOf str) ]));
+        default = {};
+        defaultText = options.literalExpression "FileCache.path = \"\${config.services.rss-bridge.dataDir}/cache/\"";
+        example = options.literalExpression ''
+          {
+            system.enabled_bridges = [ "*" ];
+            error = {
+              output = "http";
+              report_limit = 5;
+            };
+            FileCache = {
+              enable_purge = true;
+            };
+          }
+        '';
+        description = lib.mdDoc ''
+          Attribute set of arbitrary config options.
+          Please consult the documentation at the [wiki](https://rss-bridge.github.io/rss-bridge/For_Hosts/Custom_Configuration.html)
+          and [sample config](https://github.com/RSS-Bridge/rss-bridge/blob/master/config.default.ini.php) to see a list of available options.
+        '';
+      };
     };
   };
 
@@ -109,13 +132,25 @@ in
             tryFiles = "$uri /index.php$is_args$args";
           };
 
-          locations."~ ^/index.php(/|$)" = {
+          locations."~ ^/index.php(/|$)" = let
+              cfgHalf = lib.mapAttrsRecursive (path: value: let
+                envName = lib.toUpper ("RSSBRIDGE_" + lib.concatStringsSep "_" path);
+                envValue = if lib.isList value then
+                  lib.concatStringsSep "," value
+                else if lib.isBool value then
+                  lib.boolToString value
+                else
+                  toString value;
+              in "fastcgi_param \"${envName}\" \"${envValue}\";") cfg.config;
+              cfgEnv = lib.concatStringsSep "\n" (lib.collect lib.isString cfgHalf);
+            in {
             extraConfig = ''
               include ${config.services.nginx.package}/conf/fastcgi_params;
               fastcgi_split_path_info ^(.+\.php)(/.+)$;
               fastcgi_pass unix:${config.services.phpfpm.pools.${cfg.pool}.socket};
               fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
               fastcgi_param RSSBRIDGE_DATA ${cfg.dataDir};
+              ${cfgEnv}
             '';
           };
         };

From a949f4b6e22f9207281accb60f487719463dc458 Mon Sep 17 00:00:00 2001
From: Mynacol <Mynacol@users.noreply.github.com>
Date: Sat, 30 Dec 2023 01:15:50 +0100
Subject: [PATCH 2/4] rss-bridge: Integrate filecache path with config

Preserve the default value for the filecache path, but also allow
modifying it, adapting the tmpfiles rule to create the directory with
the right permissions.

Co-authored-by: Sandro <sandro.jaeckel@gmail.com>
---
 .../modules/services/web-apps/rss-bridge.nix  | 27 ++++++++++---------
 1 file changed, 14 insertions(+), 13 deletions(-)

diff --git a/nixos/modules/services/web-apps/rss-bridge.nix b/nixos/modules/services/web-apps/rss-bridge.nix
index c263a179421c..dc93454440ce 100644
--- a/nixos/modules/services/web-apps/rss-bridge.nix
+++ b/nixos/modules/services/web-apps/rss-bridge.nix
@@ -7,6 +7,18 @@ let
 
   whitelist = pkgs.writeText "rss-bridge_whitelist.txt"
     (concatStringsSep "\n" cfg.whitelist);
+
+  configAttr = lib.recursiveUpdate { FileCache.path = "${cfg.dataDir}/cache/"; } cfg.config;
+  cfgHalf = lib.mapAttrsRecursive (path: value: let
+    envName = lib.toUpper ("RSSBRIDGE_" + lib.concatStringsSep "_" path);
+    envValue = if lib.isList value then
+      lib.concatStringsSep "," value
+    else if lib.isBool value then
+      lib.boolToString value
+    else
+      toString value;
+  in "fastcgi_param \"${envName}\" \"${envValue}\";") configAttr;
+  cfgEnv = lib.concatStringsSep "\n" (lib.collect lib.isString cfgHalf);
 in
 {
   options = {
@@ -117,7 +129,7 @@ in
       };
     };
     systemd.tmpfiles.rules = [
-      "d '${cfg.dataDir}/cache' 0750 ${cfg.user} ${cfg.group} - -"
+      "d '${configAttr.FileCache.path}' 0750 ${cfg.user} ${cfg.group} - -"
       (mkIf (cfg.whitelist != []) "L+ ${cfg.dataDir}/whitelist.txt - - - - ${whitelist}")
       "z '${cfg.dataDir}/config.ini.php' 0750 ${cfg.user} ${cfg.group} - -"
     ];
@@ -132,18 +144,7 @@ in
             tryFiles = "$uri /index.php$is_args$args";
           };
 
-          locations."~ ^/index.php(/|$)" = let
-              cfgHalf = lib.mapAttrsRecursive (path: value: let
-                envName = lib.toUpper ("RSSBRIDGE_" + lib.concatStringsSep "_" path);
-                envValue = if lib.isList value then
-                  lib.concatStringsSep "," value
-                else if lib.isBool value then
-                  lib.boolToString value
-                else
-                  toString value;
-              in "fastcgi_param \"${envName}\" \"${envValue}\";") cfg.config;
-              cfgEnv = lib.concatStringsSep "\n" (lib.collect lib.isString cfgHalf);
-            in {
+          locations."~ ^/index.php(/|$)" = {
             extraConfig = ''
               include ${config.services.nginx.package}/conf/fastcgi_params;
               fastcgi_split_path_info ^(.+\.php)(/.+)$;

From f7a6e75b42a052345a9b7853ef31c7388712c88d Mon Sep 17 00:00:00 2001
From: Mynacol <Mynacol@users.noreply.github.com>
Date: Sat, 30 Dec 2023 00:34:49 +0100
Subject: [PATCH 3/4] rss-bridge: Move whitelist option to general config

Prefer setting the whitelisted bridges through the generic configuration
method. Removes the need for a whitelist.txt file.

Preserves backwards compatibility by taking the same values and
essentially just renaming the config option.
---
 .../modules/services/web-apps/rss-bridge.nix  | 25 +++----------------
 1 file changed, 4 insertions(+), 21 deletions(-)

diff --git a/nixos/modules/services/web-apps/rss-bridge.nix b/nixos/modules/services/web-apps/rss-bridge.nix
index dc93454440ce..87ef1b4da171 100644
--- a/nixos/modules/services/web-apps/rss-bridge.nix
+++ b/nixos/modules/services/web-apps/rss-bridge.nix
@@ -5,9 +5,6 @@ let
 
   poolName = "rss-bridge";
 
-  whitelist = pkgs.writeText "rss-bridge_whitelist.txt"
-    (concatStringsSep "\n" cfg.whitelist);
-
   configAttr = lib.recursiveUpdate { FileCache.path = "${cfg.dataDir}/cache/"; } cfg.config;
   cfgHalf = lib.mapAttrsRecursive (path: value: let
     envName = lib.toUpper ("RSSBRIDGE_" + lib.concatStringsSep "_" path);
@@ -21,6 +18,10 @@ let
   cfgEnv = lib.concatStringsSep "\n" (lib.collect lib.isString cfgHalf);
 in
 {
+  imports = [
+    (mkRenamedOptionModule [ "services" "rss-bridge" "whitelist" ] [ "services" "rss-bridge" "config" "system" "enabled_bridges" ])
+  ];
+
   options = {
     services.rss-bridge = {
       enable = mkEnableOption (lib.mdDoc "rss-bridge");
@@ -68,23 +69,6 @@ in
         '';
       };
 
-      whitelist = mkOption {
-        type = types.listOf types.str;
-        default = [];
-        example = options.literalExpression ''
-          [
-            "Facebook"
-            "Instagram"
-            "Twitter"
-          ]
-        '';
-        description = lib.mdDoc ''
-          List of bridges to be whitelisted.
-          If the list is empty, rss-bridge will use whitelist.default.txt.
-          Use `[ "*" ]` to whitelist all.
-        '';
-      };
-
       config = mkOption {
         type = with types; attrsOf (attrsOf (oneOf [ bool int str (listOf str) ]));
         default = {};
@@ -130,7 +114,6 @@ in
     };
     systemd.tmpfiles.rules = [
       "d '${configAttr.FileCache.path}' 0750 ${cfg.user} ${cfg.group} - -"
-      (mkIf (cfg.whitelist != []) "L+ ${cfg.dataDir}/whitelist.txt - - - - ${whitelist}")
       "z '${cfg.dataDir}/config.ini.php' 0750 ${cfg.user} ${cfg.group} - -"
     ];
 

From 84f41005203d66b328328da1ee17094c74db5f39 Mon Sep 17 00:00:00 2001
From: Mynacol <Mynacol@users.noreply.github.com>
Date: Wed, 14 Feb 2024 18:44:37 +0100
Subject: [PATCH 4/4] rss-bridge: Use new tmpfiles syntax

---
 nixos/modules/services/web-apps/rss-bridge.nix | 14 ++++++++++----
 1 file changed, 10 insertions(+), 4 deletions(-)

diff --git a/nixos/modules/services/web-apps/rss-bridge.nix b/nixos/modules/services/web-apps/rss-bridge.nix
index 87ef1b4da171..0d344753de67 100644
--- a/nixos/modules/services/web-apps/rss-bridge.nix
+++ b/nixos/modules/services/web-apps/rss-bridge.nix
@@ -112,10 +112,16 @@ in
         };
       };
     };
-    systemd.tmpfiles.rules = [
-      "d '${configAttr.FileCache.path}' 0750 ${cfg.user} ${cfg.group} - -"
-      "z '${cfg.dataDir}/config.ini.php' 0750 ${cfg.user} ${cfg.group} - -"
-    ];
+    systemd.tmpfiles.settings.rss-bridge = let
+      perm = {
+        mode = "0750";
+        user = cfg.user;
+        group = cfg.group;
+      };
+    in {
+      "${configAttr.FileCache.path}".d = perm;
+      "${cfg.dataDir}/config.ini.php".z = perm;
+    };
 
     services.nginx = mkIf (cfg.virtualHost != null) {
       enable = true;