gensokyo-zone/infrastructure
1
0
Fork 0
mirror of https://github.com/gensokyo-zone/infrastructure.git synced 2026-02-09 20:39:18 -08:00
Code Issues Projects Releases Packages Wiki Activity Actions
infrastructure/nixos/invidious.nix
arcnmx 4d96e07d0e fix(invidious): domain cookies
2024-02-19 15:20:16 -08:00

42 lines
1.1 KiB
Nix
Raw Blame History

{ config, lib, ... }: let
inherit (lib.modules) mkForce;
cfg = config.services.invidious;
in {
sops.secrets = let
commonSecret = {
sopsFile = ./secrets/invidious.yaml;
owner = "invidious";
}; in {
invidious_db_password = commonSecret;
invidious_hmac_key = commonSecret;
};
networking.firewall.interfaces.local.allowedTCPPorts = [ cfg.port ];
users.groups.invidious = {};
users.users.invidious = {
isSystemUser = true;
group = "invidious";
};
systemd.services.invidious.serviceConfig = {
DynamicUser = mkForce false;
User = "invidious";
};
services.invidious = {
enable = true;
hmacKeyFile = config.sops.secrets.invidious_hmac_key.path;
settings = {
domain = "yt.${config.networking.domain}";
external_port = 443;
hsts = false;
db = {
user = "invidious";
dbname = "invidious";
};
};
database = {
host = "postgresql.local.${config.networking.domain}";
passwordFile = config.sops.secrets.invidious_db_password.path;
createLocally = false;
};
};
}
Reference in a new issue View git blame Copy permalink