miniflux: use OIDC auth

modules/services/miniflux.nix

@@ -1,20 +1,23 @@
 { config, pkgs, ... }:
 
 {
+
   services.miniflux = {
     enable = true;
     createDatabaseLocally = true;
-    adminCredentialsFile = pkgs.writeText "miniflux-admin-credentials" ''
-      ADMIN_USERNAME=admin
-      ADMIN_PASSWORD=adminadmin
-    '';
+
+    # Really, really janky, but include
+    # OAUTH2_CLIENT_ID = "<client ID>";
+    # OAUTH2_CLIENT_SECRET = "<client secret>";
+    # https://pocket-id.org/docs/client-examples/miniflux/
+    adminCredentialsFile = /var/lib/miniflux/oidc;
 
     config = {
       LISTEN_ADDR = "0.0.0.0:8021";
       BASE_URL = "http://rss.${config.homelab.domain}";
       CLEANUP_FREQUENCY = 48;
 
-      CREATE_ADMIN = 1;
+      CREATE_ADMIN = 0;
 
       CLEANUP_ARCHIVE_BATCH_SIZE = 100000;
       CLEANUP_ARCHIVE_READ_DAYS = -1;
@@ -31,6 +34,13 @@
 
       FORCE_REFRESH_INTERVAL = 30;
       POLLING_FREQUENCY = 60;
+
+      OAUTH2_PROVIDER = "oidc";
+      OAUTH2_REDIRECT_URL = "https://rss.${config.homelab.domain}/oauth2/oidc/callback";
+      OAUTH2_OIDC_DISCOVERY_ENDPOINT = "https://auth.${config.homelab.domain}";
+      OAUTH2_OIDC_PROVIDER_NAME = "PocketID";
+      OAUTH2_USER_CREATION = 1;
+      DISABLE_LOCAL_AUTH = 1;
     };
   };