From 5e259e0b426584f7fa9f56962b9e307c80f5ea07 Mon Sep 17 00:00:00 2001
From: Dominik Polakovics <dominik.polakovics@cloonar.com>
Date: Mon, 13 Oct 2025 13:23:13 +0200
Subject: [PATCH] feat: add fivefilters

---
 hosts/fw/configuration.nix       |  1 +
 hosts/fw/modules/dnsmasq.nix     |  1 +
 hosts/fw/modules/fivefilters.nix | 32 ++++++++++++++++++++++++++++++++
 hosts/fw/modules/web/proxies.nix |  8 ++++++++
 4 files changed, 42 insertions(+)
 create mode 100644 hosts/fw/modules/fivefilters.nix

diff --git a/hosts/fw/configuration.nix b/hosts/fw/configuration.nix
index fc86cd6..b9e4a9a 100644
--- a/hosts/fw/configuration.nix
+++ b/hosts/fw/configuration.nix
@@ -48,6 +48,7 @@
     ./modules/ha-customers
 
     ./modules/firefox-sync.nix
+    ./modules/fivefilters.nix
     
     # home assistant
     ./modules/home-assistant
diff --git a/hosts/fw/modules/dnsmasq.nix b/hosts/fw/modules/dnsmasq.nix
index a855244..1e5e48d 100644
--- a/hosts/fw/modules/dnsmasq.nix
+++ b/hosts/fw/modules/dnsmasq.nix
@@ -91,6 +91,7 @@
         "/omada.cloonar.com/${config.networkPrefix}.97.2"
         "/web-02.cloonar.com/${config.networkPrefix}.97.5"
         "/pla.cloonar.com/${config.networkPrefix}.97.5"
+        "/fivefilters.cloonar.com/${config.networkPrefix}.97.10"
         "/home-assistant.cloonar.com/${config.networkPrefix}.97.20"
         "/mopidy.cloonar.com/${config.networkPrefix}.97.21"
         "/snapcast.cloonar.com/${config.networkPrefix}.97.21"
diff --git a/hosts/fw/modules/fivefilters.nix b/hosts/fw/modules/fivefilters.nix
new file mode 100644
index 0000000..cc46f3b
--- /dev/null
+++ b/hosts/fw/modules/fivefilters.nix
@@ -0,0 +1,32 @@
+{ config, pkgs, ... }: {
+  users.users.fivefilters = {
+    isSystemUser = true;
+    group = "omada";
+    home = "/var/lib/fivefilters";
+    createHome = true;
+  };
+  users.groups.fivefilters = { };
+
+  systemd.tmpfiles.rules = [
+    # parent is created by createHome already, but harmless to repeat
+    "d /var/lib/fivefilters 0755 fivefilters fivefilters - -"
+    "d /var/lib/fivefilters/cache 0755 fivefilters fivefilters - -"
+  ];
+
+  # TODO: check if we can run docker service as other user than root
+  virtualisation = {
+    oci-containers.containers = {
+      fivefilters = {
+        autoStart = true;
+        image = "heussd/fivefilters-full-text-rss:3.8.1";
+        volumes = [
+          "/var/lib/fivefilters/cache:/var/www/html/cache"
+        ];
+        extraOptions = [
+          "--network=server"
+          "--ip=${config.networkPrefix}.97.10"
+        ];
+      };
+    };
+  };
+}
diff --git a/hosts/fw/modules/web/proxies.nix b/hosts/fw/modules/web/proxies.nix
index 44f1b99..87878cd 100644
--- a/hosts/fw/modules/web/proxies.nix
+++ b/hosts/fw/modules/web/proxies.nix
@@ -25,4 +25,12 @@
       recommendedProxySettings = true;
     };
   };
+  services.nginx.virtualHosts."fivefilters.cloonar.com" = {
+    forceSSL = true;
+    enableACME = true;
+    acmeRoot = null;
+    locations."/" = {
+      proxyPass = "http://${config.networkPrefix}.97.10";
+    };
+  };
 }