init

news-postgres-backup.volume

@@ -0,0 +1,2 @@
+[Volume]
+Label="backup=true"

news-postgres.backup

@@ -0,0 +1,6 @@
+#!/bin/sh
+# podman exec -it systemd-news-postgres psql -U postgres -f /backup/dump.sql
+
+echo 'news-postgres: creating backup'
+podman exec systemd-news-postgres pg_dumpall -U postgres -f /backup/dump.sql
+echo 'news-postgres: finished'

news-postgres.container

@@ -0,0 +1,24 @@
+[Container]
+Image=docker.io/postgres:16-alpine
+AutoUpdate=registry
+Network=news.network
+
+# environment
+Secret=news-postgres-password,target=POSTGRES_PASSWORD,type=env
+
+# storage
+VolatileTmp=true
+Volume=news-postgres.volume:/var/lib/postgresql/data
+Volume=news-postgres-backup.volume:/backup
+
+# security
+ReadOnly=true
+NoNewPrivileges=true
+DropCapability=ALL
+AddCapability=CHOWN DAC_OVERRIDE FOWNER SETGID SETUID
+
+[Service]
+Restart=always
+
+[Install]
+WantedBy=multi-user.target default.target

news.caddy

@@ -0,0 +1,6 @@
+news.plabble.org {
+        reverse_proxy systemd-news:8080
+        encode zstd gzip
+	log access
+        import default-headers
+}

news.container

@@ -0,0 +1,29 @@
+[Container]
+Image=docker.io/miniflux/miniflux:latest
+AutoUpdate=registry
+Network=news.network
+
+# environment
+Environment=RUN_MIGRATIONS=1
+Environment=CREATE_ADMIN=1
+Environment=ADMIN_USERNAME=admin
+Secret=news-adminpass,target=ADMIN_PASSWORD,type=env
+Secret=news-connectionstr,target=DATABASE_URL,type=env
+
+# storage
+VolatileTmp=true
+
+# security
+ReadOnly=true
+NoNewPrivileges=true
+DropCapability=ALL
+AddCapability=CHOWN DAC_OVERRIDE FOWNER SETGID SETUID
+
+[Service]
+Restart=always
+
+[Unit]
+After=news-postgres.service
+
+[Install]
+WantedBy=multi-user.target default.target

news.network

@@ -0,0 +1,2 @@
+[Network]
+Label="caddy=true"