gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 12:29:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: invidious?

Browse source
This commit is contained in:
Kat Inskip 2024-02-18 19:19:52 -08:00
parent 32650ba33d
commit aa59293596
Signed by: kat
GPG key ID: 465E64DECEA8CF0F
2 changed files with 24 additions and 10 deletions
Download patch file Download diff file Expand all files Collapse all files

28
nixos/invidious.nix
View file

@ -1,17 +1,31 @@
{ config, ... }: {
sops.secrets = {
invidious_db_password = {
{ config, lib, ... }: let
inherit (lib.modules) mkForce;
in {
sops.secrets = let
commonSecret = {
sopsFile = ./secrets/invidious.yaml;
};
invidious_hmac_key = {
sopsFile = ./secrets/invidious.yaml;
};
owner = "invidious";
}; in {
invidious_db_password = commonSecret;
invidious_hmac_key = commonSecret;
};
networking.firewall.allowedTCPPorts = [ 3000 ];
users.groups.invidious = {};
users.users.invidious = {
isSystemUser = true;
group = "invidious";
};
systemd.services.invidious.serviceConfig = {
DynamicUser = mkForce false;
User = "invidious";
};
services.invidious = {
enable = true;
hmacKeyFile = config.sops.secrets.invidious_hmac_key.path;
settings = {
domain = "yt.gensokyo.zone";
external_port = 443;
hsts = false;
db = {
user = "kemal";

6
nixos/secrets/invidious.yaml
View file

@ -1,5 +1,5 @@
invidious_db_password: ENC[AES256_GCM,data:Gbn+SylFlWnmYMECoafeAADas/73tSNZjyc/Bg249Hk=,iv:KL+hK93OY+OJJ/muYKY9yGy9tzZMw5CFC8SWLi7N/wY=,tag:ZhQu+kR9p69QV6GezHh+VQ==,type:str]
invidious_hmac_key: ENC[AES256_GCM,data:DYcQGVrokhta0mLjRqnRoqU1sz4=,iv:BMP1epRdLM95leWHuivPhvsB8JrfxHnzwl7ERlo6rOo=,tag:qhsuH/jLNPapJrcgHmXVWw==,type:str]
invidious_hmac_key: ENC[AES256_GCM,data:rk7zi/8EVNLXuB1peF3IX9nVh+692ap6ILp00RcKy3iYOOFyj3NO,iv:CUcv7qAgLR1yskM9Rxp7Iq8ggorhqsCfm0MfaxW3wAc=,tag:w8kEZ8a5UCEHdklU+LO2tg==,type:str]
sops:
shamir_threshold: 1
kms: []
@ -52,8 +52,8 @@ sops:
VFBGYURkMlZoYzB3b0tGOGViMzRiM1EKgic/koesbVYaFrResfFMFlS9Q5xcrg4t
ePxYvz6AuP/AAYdvRUgKAP/kmD4yhIiTMxRJ4F0GH8/toHO6kgESbQ==
-----END AGE ENCRYPTED FILE-----
lastmodified: "2024-02-18T20:36:57Z"
mac: ENC[AES256_GCM,data:MZhK+8aBNymB569jhgnxj8pJTg/0yg/JxLHjsFmlZxqtg5qXY1fOfMy8R7lvAMhcaG458DATwUNduS4z7KpN3y5g1bXpw5qKsOmzzPYpTjcluLA4d+kci6frHZkBiTcSWjcQZ8UJ/iW4VdFWjcHhTBpgGQQ0yrY6d/UfRlBCro8=,iv:sK1UyP+pJJiV6tKU1x9ZKEPZMUMI84Z/rwnx6o1BNek=,tag:17HveiT+h3+V4ofiiOIiIA==,type:str]
lastmodified: "2024-02-19T03:08:36Z"
mac: ENC[AES256_GCM,data:i/MaGACLwIXapTXpqNVAF4lsZ3sYehIF236PNEmYTqQp5mvJgD1dwcM8W1JL2sWqS+8g2cl4be48iUzYaepKz5wPEdhqlpxN0UHaHk4O72HFJy1kdOEKqomqNa/UGMMVJp65oEB5GoT9Ab8r2BPgcxRjqf8KvH2mPNqCQrUAeIk=,iv:zLW0i8+fUaO0nk5KEtbsqiPy40K+MMEU5oc9whps4lM=,tag:CKLe2JGn+ZnRAJzv6+2NMA==,type:str]
pgp:
- created_at: "2024-02-18T19:52:52Z"
enc: |-