1
0
Fork 0

invidious: init

This commit is contained in:
Daniel Kempkens 2023-03-20 13:49:46 +01:00
parent d13a393d2a
commit 06ebe75eb1
Signed by: daniel
SSH key fingerprint: SHA256:Ks/MyhQYcPRQiwMKLAKquWCdCPe3JXlb1WttgnAoSeM
6 changed files with 94 additions and 0 deletions

View file

@ -88,6 +88,16 @@
group = "freshrss";
};
invidious-database-password = {
file = ./invidious/databasePassword.age;
};
invidious-auth = {
file = ./invidious/auth.age;
owner = "nginx";
group = "nginx";
};
nitter-config = {
file = ./nitter/config.age;
mode = "444";

View file

@ -0,0 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBUb0JZ
eHpReHFhOHVXS0NFTFBzL3hsR1EwZ3pNZXBLNzR6SEJDcFRUc3drCkFmTEdXeVBp
ZGtER0JsU2ZDOHRtYm1XdGxnVjhHa3BOajBHUWN3TlhsSTQKLT4gc3NoLWVkMjU1
MTkgTmJWNGh3IEZWR21Ndmo0Z2VPZU1ObHBjd1RpcEpGSytuNi9YQWU1ckIrWFBN
WmowRHMKdlQxdDY4c1U5eE04ZHlaakZiU3ViS085SDY2Zld4Y3VsbGtmYytvVVRG
NAotPiBSZm5bNExBbi1ncmVhc2UgRS9GPwoxaGRFMjVxNkgwakNPU21BY2xsODlz
bExEVEhBay9va0t1Y0NLUQotLS0gUXUyTVdEZHovaEEzK3c0bHh5S2hWYjRGWUNl
dzMvdDdhTVFMTysraENiVQq4fwe+dA0aQXZAGZd3oTKeWsZEoj9rpUiSorWPMiWv
5monAQZHX0TakOLoWCSg6fmEKOGteGJKJ3H7zhIJ9FMF5y69R52buiJ685XOlH+I
lgjR+22m5P6sEDKMjPtS02I5VL+3RiV595sw+9Perfdny2I=
-----END AGE ENCRYPTED FILE-----

View file

@ -0,0 +1,12 @@
-----BEGIN AGE ENCRYPTED FILE-----
YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBDZnJ6
dzJPOENmN3RzTHpaZ2ZQYWFWcnpvZTdFMDYvNGFWWnhOSExZQ2x3CnVNWlMzeE8x
TnF0WFpsMEZBYTZsZHgxWXRRMUJQaVhFd3M4YzBtOTZyTUEKLT4gc3NoLWVkMjU1
MTkgTmJWNGh3IFBkSU1pdEg4azBiMSttd3hjamszY0gxZ1V2MzJoNld1NW1vUEJQ
akp0aHcKenVrVEVCUGVKU1NHampmVHJFSUxTLzg1blJTSjhHVHloVUJhVk0wOGxH
bwotPiBeIzZdJ1w/LWdyZWFzZSAsY1A8IH05IDg6fCAnazsKSndsWTZiNXhIS0U4
RVprYWljUERTbmU3YmhEdG5zWlZDK0tqdlpGREhRRzRpdGREOG5lSnorVDhURitQ
RkZ2YwpIaWh1R0EKLS0tIGN0dk9jbW5NQjB6RVFmVTAvV0tjc3NVeFUxVG1ad3Zi
QkpiTnhNZ24rL1EKOHbV6kpVX0mHPs26by8JewBSR9qNYIsPb2WIVMWlPBMBCITZ
AZpWceKeWUW+28372rADqJJanFbM5VQjX036QzYoGOD8QpCf1g==
-----END AGE ENCRYPTED FILE-----

View file

@ -29,6 +29,9 @@ in
"agenix/hosts/sail/freshrss/userPassword.age".publicKeys = sail;
"agenix/hosts/sail/freshrss/databasePassword.age".publicKeys = sail;
"agenix/hosts/sail/invidious/databasePassword.age".publicKeys = sail;
"agenix/hosts/sail/invidious/auth.age".publicKeys = sail;
"agenix/hosts/sail/nitter/config.age".publicKeys = sail;
"agenix/hosts/sail/nitter/auth.age".publicKeys = sail;

View file

@ -23,6 +23,8 @@ in
(import ../nixos/freshrss.nix (args // { inherit secret; }))
../nixos/invidious.nix
(import ../nixos/libreddit.nix (args // { inherit secret; }))
(import ../nixos/mastodon.nix (args // { inherit secret; }))

View file

@ -0,0 +1,55 @@
{ config, ... }:
let
fqdn = "yt.daniel.sx";
in
{
services.invidious = {
enable = true;
domain = fqdn;
port = 8007;
database = {
createLocally = false;
host = "10.99.99.3";
port = 5432;
passwordFile = config.age.secrets.invidious-database-password.path;
};
settings = {
db = {
user = "invidious";
dbname = "invidious";
};
host_binding = "127.0.0.1";
https_only = true;
statistics_enabled = false;
registration_enabled = true;
login_enabled = true;
captcha_enabled = false;
admins = [ "daniel" ];
use_pubsub_feeds = false;
};
nginx.enable = false;
};
services.nginx.virtualHosts."${fqdn}" = {
http3 = true;
onlySSL = true;
useACMEHost = "daniel.sx";
basicAuthFile = config.age.secrets.invidious-auth.path;
locations."/" = {
recommendedProxySettings = true;
proxyPass = "http://127.0.0.1:8007";
};
};
}