57 lines
1.1 KiB
Nix
57 lines
1.1 KiB
Nix
{ config, ... }:
|
|
|
|
let
|
|
fqdn = "yt.daniel.sx";
|
|
in
|
|
{
|
|
services.invidious = {
|
|
enable = true;
|
|
|
|
domain = fqdn;
|
|
port = 8007;
|
|
|
|
database = {
|
|
createLocally = false;
|
|
host = "10.99.99.3";
|
|
port = 5432;
|
|
passwordFile = "%d/databasePassword";
|
|
};
|
|
|
|
settings = {
|
|
db = {
|
|
user = "invidious";
|
|
dbname = "invidious";
|
|
};
|
|
|
|
host_binding = "127.0.0.1";
|
|
|
|
https_only = true;
|
|
|
|
statistics_enabled = false;
|
|
|
|
registration_enabled = true;
|
|
login_enabled = true;
|
|
captcha_enabled = false;
|
|
admins = [ "daniel" ];
|
|
|
|
use_pubsub_feeds = false;
|
|
};
|
|
|
|
nginx.enable = false;
|
|
};
|
|
|
|
systemd.services.invidious.serviceConfig.LoadCredential = "databasePassword:${config.age.secrets.invidious-database-password.path}";
|
|
|
|
services.nginx.virtualHosts."${fqdn}" = {
|
|
http3 = true;
|
|
|
|
onlySSL = true;
|
|
useACMEHost = "daniel.sx";
|
|
basicAuthFile = config.age.secrets.invidious-auth.path;
|
|
|
|
locations."/" = {
|
|
recommendedProxySettings = true;
|
|
proxyPass = "http://127.0.0.1:8007";
|
|
};
|
|
};
|
|
}
|