From 756f8a4af3f3aea6123ba9ac6f700bff02e547f7 Mon Sep 17 00:00:00 2001 From: Daniel Kempkens Date: Mon, 20 Mar 2023 14:24:04 +0100 Subject: [PATCH] invidious: only listen via tailscale --- agenix/hosts/sail/config.nix | 6 ------ agenix/hosts/sail/invidious/auth.age | 12 ------------ secrets.nix | 1 - system/nixos/invidious.nix | 2 +- 4 files changed, 1 insertion(+), 20 deletions(-) delete mode 100644 agenix/hosts/sail/invidious/auth.age diff --git a/agenix/hosts/sail/config.nix b/agenix/hosts/sail/config.nix index 8edefeb..8df4d1c 100644 --- a/agenix/hosts/sail/config.nix +++ b/agenix/hosts/sail/config.nix @@ -93,12 +93,6 @@ mode = "444"; }; - invidious-auth = { - file = ./invidious/auth.age; - owner = "nginx"; - group = "nginx"; - }; - nitter-config = { file = ./nitter/config.age; mode = "444"; diff --git a/agenix/hosts/sail/invidious/auth.age b/agenix/hosts/sail/invidious/auth.age deleted file mode 100644 index 685e874..0000000 --- a/agenix/hosts/sail/invidious/auth.age +++ /dev/null @@ -1,12 +0,0 @@ ------BEGIN AGE ENCRYPTED FILE----- -YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBUb0JZ -eHpReHFhOHVXS0NFTFBzL3hsR1EwZ3pNZXBLNzR6SEJDcFRUc3drCkFmTEdXeVBp -ZGtER0JsU2ZDOHRtYm1XdGxnVjhHa3BOajBHUWN3TlhsSTQKLT4gc3NoLWVkMjU1 -MTkgTmJWNGh3IEZWR21Ndmo0Z2VPZU1ObHBjd1RpcEpGSytuNi9YQWU1ckIrWFBN -WmowRHMKdlQxdDY4c1U5eE04ZHlaakZiU3ViS085SDY2Zld4Y3VsbGtmYytvVVRG -NAotPiBSZm5bNExBbi1ncmVhc2UgRS9GPwoxaGRFMjVxNkgwakNPU21BY2xsODlz -bExEVEhBay9va0t1Y0NLUQotLS0gUXUyTVdEZHovaEEzK3c0bHh5S2hWYjRGWUNl -dzMvdDdhTVFMTysraENiVQq4fwe+dA0aQXZAGZd3oTKeWsZEoj9rpUiSorWPMiWv -5monAQZHX0TakOLoWCSg6fmEKOGteGJKJ3H7zhIJ9FMF5y69R52buiJ685XOlH+I -lgjR+22m5P6sEDKMjPtS02I5VL+3RiV595sw+9Perfdny2I= ------END AGE ENCRYPTED FILE----- diff --git a/secrets.nix b/secrets.nix index d4eb181..98275a3 100644 --- a/secrets.nix +++ b/secrets.nix @@ -30,7 +30,6 @@ in "agenix/hosts/sail/freshrss/databasePassword.age".publicKeys = sail; "agenix/hosts/sail/invidious/databasePassword.age".publicKeys = sail; - "agenix/hosts/sail/invidious/auth.age".publicKeys = sail; "agenix/hosts/sail/nitter/config.age".publicKeys = sail; "agenix/hosts/sail/nitter/auth.age".publicKeys = sail; diff --git a/system/nixos/invidious.nix b/system/nixos/invidious.nix index 7d6ba23..3cd738f 100644 --- a/system/nixos/invidious.nix +++ b/system/nixos/invidious.nix @@ -41,11 +41,11 @@ in }; services.nginx.virtualHosts."${fqdn}" = { + listenAddresses = [ "100.113.242.85" ]; http3 = true; onlySSL = true; useACMEHost = "daniel.sx"; - basicAuthFile = config.age.secrets.invidious-auth.path; locations."/" = { recommendedProxySettings = true;