gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 20:39:18 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions
infrastructure/nixos/invidious.nix
arcnmx 80a5404d45 feat(postgresql): int access
2024-03-25 17:20:55 -07:00

48 lines
1.2 KiB
Nix
Raw Blame History

{
config,
lib,
...
}: let
inherit (lib.modules) mkIf mkDefault mkForce;
cfg = config.services.invidious;
in {
sops.secrets = let
commonSecret = {
sopsFile = ./secrets/invidious.yaml;
owner = "invidious";
};
in {
invidious_db_password = commonSecret;
invidious_hmac_key = commonSecret;
};
networking.firewall.interfaces.local.allowedTCPPorts = [cfg.port];
users.groups.invidious = {};
users.users.invidious = {
isSystemUser = true;
group = "invidious";
};
systemd.services.invidious.serviceConfig = {
DynamicUser = mkForce false;
User = "invidious";
};
services.invidious = {
enable = mkDefault true;
address = mkIf config.networking.enableIPv6 (mkDefault "::");
hmacKeyFile = config.sops.secrets.invidious_hmac_key.path;
settings = {
domain = "yt.${config.networking.domain}";
external_port = 443;
hsts = false;
db = {
user = "invidious";
dbname = "invidious";
};
};
database = {
host = "postgresql.int.${config.networking.domain}";
passwordFile = config.sops.secrets.invidious_db_password.path;
createLocally = false;
};
};
}
Reference in a new issue View git blame Copy permalink