gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 04:19:19 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions
infrastructure/nixos/invidious.nix
arcnmx 4c07a6ed1b fix(invidious): listen on ipv6
2024-02-23 13:28:39 -08:00

43 lines
1.2 KiB
Nix
Raw Blame History

{ config, lib, ... }: let
inherit (lib.modules) mkIf mkDefault mkForce;
cfg = config.services.invidious;
in {
sops.secrets = let
commonSecret = {
sopsFile = ./secrets/invidious.yaml;
owner = "invidious";
}; in {
invidious_db_password = commonSecret;
invidious_hmac_key = commonSecret;
};
networking.firewall.interfaces.local.allowedTCPPorts = [ cfg.port ];
users.groups.invidious = {};
users.users.invidious = {
isSystemUser = true;
group = "invidious";
};
systemd.services.invidious.serviceConfig = {
DynamicUser = mkForce false;
User = "invidious";
};
services.invidious = {
enable = mkDefault true;
address = mkIf config.networking.enableIPv6 (mkDefault "::");
hmacKeyFile = config.sops.secrets.invidious_hmac_key.path;
settings = {
domain = "yt.${config.networking.domain}";
external_port = 443;
hsts = false;
db = {
user = "invidious";
dbname = "invidious";
};
};
database = {
host = "postgresql.local.${config.networking.domain}";
passwordFile = config.sops.secrets.invidious_db_password.path;
createLocally = false;
};
};
}
Reference in a new issue View git blame Copy permalink