invidious: only listen via tailscale

agenix/hosts/sail/config.nix

@@ -93,12 +93,6 @@
       mode = "444";
     };
 
-    invidious-auth = {
-      file = ./invidious/auth.age;
-      owner = "nginx";
-      group = "nginx";
-    };
-
     nitter-config = {
       file = ./nitter/config.age;
       mode = "444";

agenix/hosts/sail/invidious/auth.age

@@ -1,12 +0,0 @@
------BEGIN AGE ENCRYPTED FILE-----
-YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IHNzaC1lZDI1NTE5IE10R3A2ZyBUb0JZ
-eHpReHFhOHVXS0NFTFBzL3hsR1EwZ3pNZXBLNzR6SEJDcFRUc3drCkFmTEdXeVBp
-ZGtER0JsU2ZDOHRtYm1XdGxnVjhHa3BOajBHUWN3TlhsSTQKLT4gc3NoLWVkMjU1
-MTkgTmJWNGh3IEZWR21Ndmo0Z2VPZU1ObHBjd1RpcEpGSytuNi9YQWU1ckIrWFBN
-WmowRHMKdlQxdDY4c1U5eE04ZHlaakZiU3ViS085SDY2Zld4Y3VsbGtmYytvVVRG
-NAotPiBSZm5bNExBbi1ncmVhc2UgRS9GPwoxaGRFMjVxNkgwakNPU21BY2xsODlz
-bExEVEhBay9va0t1Y0NLUQotLS0gUXUyTVdEZHovaEEzK3c0bHh5S2hWYjRGWUNl
-dzMvdDdhTVFMTysraENiVQq4fwe+dA0aQXZAGZd3oTKeWsZEoj9rpUiSorWPMiWv
-5monAQZHX0TakOLoWCSg6fmEKOGteGJKJ3H7zhIJ9FMF5y69R52buiJ685XOlH+I
-lgjR+22m5P6sEDKMjPtS02I5VL+3RiV595sw+9Perfdny2I=
------END AGE ENCRYPTED FILE-----

secrets.nix

@@ -30,7 +30,6 @@ in
   "agenix/hosts/sail/freshrss/databasePassword.age".publicKeys = sail;
 
   "agenix/hosts/sail/invidious/databasePassword.age".publicKeys = sail;
-  "agenix/hosts/sail/invidious/auth.age".publicKeys = sail;
 
   "agenix/hosts/sail/nitter/config.age".publicKeys = sail;
   "agenix/hosts/sail/nitter/auth.age".publicKeys = sail;

system/nixos/invidious.nix

@@ -41,11 +41,11 @@ in
   };
 
   services.nginx.virtualHosts."${fqdn}" = {
+    listenAddresses = [ "100.113.242.85" ];
     http3 = true;
 
     onlySSL = true;
     useACMEHost = "daniel.sx";
-    basicAuthFile = config.age.secrets.invidious-auth.path;
 
     locations."/" = {
       recommendedProxySettings = true;