From 1426ee4189f7af4657c8d8dc1d35fc165a5c1ce0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Benjamin=20B=C3=A4dorf?= Date: Mon, 6 Nov 2023 17:22:21 +0100 Subject: [PATCH] feat: add invidious --- hosts/nachtigall/apps/invidious.nix | 31 +++++++++++++++++++++++++ hosts/nachtigall/default.nix | 1 + secrets/invidious-database-password.age | 29 +++++++++++++++++++++++ secrets/invidious-extra-settings.age | 28 ++++++++++++++++++++++ secrets/secrets.nix | 3 +++ terraform/dns.tf | 5 ++++ 6 files changed, 97 insertions(+) create mode 100644 hosts/nachtigall/apps/invidious.nix create mode 100644 secrets/invidious-database-password.age create mode 100644 secrets/invidious-extra-settings.age diff --git a/hosts/nachtigall/apps/invidious.nix b/hosts/nachtigall/apps/invidious.nix new file mode 100644 index 0000000..01e65be --- /dev/null +++ b/hosts/nachtigall/apps/invidious.nix @@ -0,0 +1,31 @@ +{ + flake, + config, + ... +}: { + age.secrets.invidious-database-password = { + file = "${flake.self}/secrets/invidious-database-password.age"; + mode = "600"; + owner = "invidious"; + }; + age.secrets.invidious-extra-settings = { + file = "${flake.self}/secrets/invidious-extra-settings.age"; + mode = "600"; + owner = "invidious"; + }; + + services.invidious = { + enable = true; + domain = "tube.pub.solar"; + nginx.enable = true; + + database.passwordFile = config.age.secrets.invidious-database-password.path; + settings = { + db = { + user = "invidious"; + dbname = "invidious"; + }; + }; + extraSettingsFile = config.age.secrets.invidious-extra-settings.path; + }; +} diff --git a/hosts/nachtigall/default.nix b/hosts/nachtigall/default.nix index 9f3aabc..dccedee 100644 --- a/hosts/nachtigall/default.nix +++ b/hosts/nachtigall/default.nix @@ -11,6 +11,7 @@ ./apps/collabora.nix ./apps/forgejo.nix + ./apps/invidious.nix ./apps/keycloak.nix ./apps/mailman.nix ./apps/mastodon.nix diff --git a/secrets/invidious-database-password.age b/secrets/invidious-database-password.age new file mode 100644 index 0000000..2912191 --- /dev/null +++ b/secrets/invidious-database-password.age @@ -0,0 +1,29 @@ +age-encryption.org/v1 +-> ssh-ed25519 iDKjwg p7jggAXuyIk50ge45uJ3LekCOiH9zvfRZXj5SNovs0Q +nBZapSy7/4bRLkh8v7ZIk3WHR5tGUOM140XlIvD9K8Q +-> ssh-ed25519 uYcDNw uYuqv3+0bMtm7Vnimcg0U63mWcCoz+Gx0ivIBGma+jA +rb89GPsKC7IAedggC5XAhdijkH6dI+kiNMyAQqdF+1M +-> ssh-rsa kFDS0A +LHAXPytPbesF+/AI7Zxjy4JdBv+ZLvyzy9c3JrUWWWGpzFNX4SkGfbQqUQ4ilY7O +WoLECqPl0j3HxAjsv+Lr0sSNZ5nQbi+CJ1YnQcHVMKjgHIAwYk2KbOnL4wybO88h +kz79CPEfH013nXwk1e1u5PytPRVLyd9Yb4cxQEHhoAXyq+n1dU+1P6t3Vn1ieGhI +GwvtRhlED9ZYx8sGnwmE6CcoiYs3mnQzSPSNQgTnxHrSYRfVEbfVUcnHle9kMinz +kFhx1UViuAhAM0ISsJY7bv+l9HR3Wr5ZCYIMJqhb62J+So6eW4dHmqWUVoZJod4W +rqmekRT+ex3MM1TUsKNtAOnSvXRQ4g9IJmVfhNZift/s/MhMXnqKNaZEPGoyUiDB +lzTqJIEgvhlDcCxG8exTHGtwzrpQWZigYn77PXpNSs3Oh5CxvvJxsmmm6gZ73glX +Kr0odISVG8LNzWHkNtoFJ/STZ2Ij7iyKDM+GsB8UF5ohvmqsHUVZtMtC/1DJxN3h +3l+XbFhK2qxV3Q4MNGmZQtIsrkthd2Yegi71Xx6AciBFGLpYfX1PgmUAob736Qib +VdksSO774PWGspdrHhA9eMdj3t0F+hSJSCB1rbmCDxgFFHZCkFyM/GTyFIc9dAMZ +WC8IOb+98pZHZpRAu02m3EzXU4CC52PKbcsPFwRVAUw +-> ssh-ed25519 YFSOsg ewcjor0jQHIfRUXkHPaAB4kSLiB7IumiYs/jdgPWaA4 +oWGBH2GrDxfiZs5HNh10KOVCGWXjQ4k0ntDqTs5DM1M +-> ssh-ed25519 iHV63A xmgyajkliaH7IZRrEhBKIkxoeyfpffO3RHTIcAwYGAA +NAHSGl96hfBcK7n/g020l2LFfgqD2Ia9bgU8AGoA5sg +-> ssh-ed25519 BVsyTA KMqATFcF2CP5XWWt+BGfFnF5twAeb61zHup0POFwqEs +s7zyECDDq5iGVanCTO2KHHcs9DMgrbfd9ZZBHCwT7GE +-> c?-grease | f bq* !Gin +Jw+r7o44l6g8tLr/Ooq8zp7UIreJTVzDxr1ljQstc1Aad29h9qBs3PuRPSPpwpx5 +97hCnte/qg +--- L+s1PdpjGHtOk8SahLJwUOC5E/qQgkdhmm3ATw530DE +q) +lte1IFvf{gҕ4}E*hchdZ \ No newline at end of file diff --git a/secrets/invidious-extra-settings.age b/secrets/invidious-extra-settings.age new file mode 100644 index 0000000..4756624 --- /dev/null +++ b/secrets/invidious-extra-settings.age @@ -0,0 +1,28 @@ +age-encryption.org/v1 +-> ssh-ed25519 iDKjwg si7vZyKK9pJnOG3KJb1Dw8avgmV0O4JhCHEKjxEl6EU +iWNDTYfOQAgOBbxpH6utRdG5NssnzzqmRiblnkDXXfU +-> ssh-ed25519 uYcDNw p70448VEqAm0pWuBo990itnegs8CL0rCMSrUHjvsaFI +MQl2NR2rAajDWhpJ8pYjo2WCrhMMDnsh3XDuSJarXX8 +-> ssh-rsa kFDS0A +IF0HiErsklaOOPUCVQvzfQVJZ++FZYjYAAwiEVLrPnQEZbFkz6rz+AMfBGoZ/o+y +5eToVTeCuqlFUvLo1PL65k9noHVPkTRBFcrZEfjxzOEmkin2mHGQDCHdmOuCYExb +W+9zrT+B7oeP9pVkynGm4qeV9UWKtZujKaaCQ6mA8drppRqpuyId7YlEjwvIkz/O +KxTGMCX+OX+fwYf9yE2QbaLikMSJZ45TyvA50vJJ/bEoeqgo/6nk6hlCUlJs/rvM +F251XxcqgicznSg77jaqJ3+AHLzAppIqXcsJ3PrdhtmtwuDlRByqzGeaYIm+fTxv +xrRg20B2kB/kRj/OlS4lg/YMpZvwTWiny66gCxiqoAcDlTWVmdYx+r41SUqmfYo4 +Ka5LTcWuUQKZHfgturqxzhwPVhDiXitB5iYGeyqSx2Mtl0XeEotqXCf0L1wmUL5t +i9MaCsfcUjPl60BZrrcLFkzWUfj67E4red7fJYFlvov+E8AXcRwCGj9N0CM55W2d +ACMTu1S5oO4Q8qbPjCKCbSZVDVDzvGiiZjt68QLmCjovEAjoG7+JOvtNsRwKOh9T +6lAY2tzZO1iwq0+yJCRTVk/hTfQc6qAhZneo3RyeRxxpGMqLTTfSrHO5DltcCfAU +1pHmoD1VMVSeATaFGz30ZDuDHtfvvLWY2OAcYlPQmhc +-> ssh-ed25519 YFSOsg pKCQfsn94Ymf+OEUJou/2uLW/kq5bPLOvHHoTesAYyY +YVTtRYBlGP8tOfMFsiKjOkqkh/8k9wli916rdNQDHOE +-> ssh-ed25519 iHV63A 329hKjiWetnYDPMzzfjcvKbzq+PjfizJlNj6Qfkm/Bg +NnRKpHSJGCoFHETRzfuprqK35bGDPqPxoJ1t+QAnWx4 +-> ssh-ed25519 BVsyTA WKbRFjE0Rljsk2zdvlvOxtSf+aNmwoe2Sk1KAnwBhlA +bHn/YD0CZAKudz63O1pyWJMNxw0aBJuATQO3IQf1gec +-> &4a-grease +r68wGZ/DS7Oithir1pjMQQGgV+8emqCwo77c3BnAYwDdeo0nfBhWzOXEm0YsxosI +3wPVNALurCr1MMt7Knbe +--- 1ofmrBN2UO8Pm7jnZzxYav2MqoIgy91LCxw1sZoF9ao +8Fb F:ԟVQH D +8Z'BJWf sÊQkAEKl| ^?z \ No newline at end of file diff --git a/secrets/secrets.nix b/secrets/secrets.nix index d65cdd1..7e07ac9 100644 --- a/secrets/secrets.nix +++ b/secrets/secrets.nix @@ -43,4 +43,7 @@ in { "nextcloud-admin-pass.age".publicKeys = nachtigallKeys ++ baseKeys; "searx-environment.age".publicKeys = nachtigallKeys ++ baseKeys; + + "invidious-database-password.age".publicKeys = nachtigallKeys ++ baseKeys; + "invidious-extra-settings.age".publicKeys = nachtigallKeys ++ baseKeys; } diff --git a/terraform/dns.tf b/terraform/dns.tf index 79200e1..7e88e82 100644 --- a/terraform/dns.tf +++ b/terraform/dns.tf @@ -123,6 +123,11 @@ resource "namecheap_domain_records" "pub-solar" { type = "CNAME" address = "nachtigall.pub.solar." } + record { + hostname = "tube" + type = "CNAME" + address = "nachtigall.pub.solar." + } record { hostname = "matrix" type = "A"