From 0ecfaf4d3cc4ecef4215a4dc143820ec9dad3e40 Mon Sep 17 00:00:00 2001
From: Joakim Repomaa <joakim.repomaa@mocoapp.com>
Date: Sun, 30 Mar 2025 20:10:19 +0300
Subject: [PATCH] apu: add invidious

---
 hosts/apu/configuration.nix |  30 +++++++++++++++++++++---------
 hosts/apu/default.nix       |   1 +
 hosts/apu/secrets.nix       |  15 +++++++++++++++
 secrets/hetzner.age         | Bin 0 -> 481 bytes
 secrets/secrets.nix         |   1 +
 5 files changed, 38 insertions(+), 9 deletions(-)
 create mode 100644 hosts/apu/secrets.nix
 create mode 100644 secrets/hetzner.age

diff --git a/hosts/apu/configuration.nix b/hosts/apu/configuration.nix
index 4978492..fffeb44 100644
--- a/hosts/apu/configuration.nix
+++ b/hosts/apu/configuration.nix
@@ -272,18 +272,30 @@
     };
   };
 
-  services.webserver = {
-    enable = true;
-    acme.dnsChallenge = true;
-    vHosts."koti.repomaa.com" = {
-      proxyBuffering = false;
-      locations."/".proxyPort = 8123;
+  services = {
+    webserver = {
+      enable = true;
+      acme.dnsChallenge = true;
+      vHosts."koti.repomaa.com" = {
+        proxyBuffering = false;
+        locations."/".proxyPort = 8123;
+      };
+    };
+
+    invidious = {
+      enable = true;
+      subdomain = "vid";
     };
   };
 
-  networking.nftables.enable = true;
-  networking.firewall.enable = true;
-  networking.useDHCP = false;
+  security.acme.defaults.environmentFile = config.age.secrets.hetzner.path;
+
+  networking = {
+    nftables.enable = true;
+    firewall.enable = true;
+    useDHCP = false;
+    domain = "repomaa.com";
+  };
 
   system.stateVersion = "24.05";
 }
diff --git a/hosts/apu/default.nix b/hosts/apu/default.nix
index 9e36e42..e0c359d 100644
--- a/hosts/apu/default.nix
+++ b/hosts/apu/default.nix
@@ -6,6 +6,7 @@ in
   imports = [
     ./hardware-configuration.nix
     ./configuration.nix
+    ./secrets.nix
     nixos-hardware.nixosModules.pcengines-apu
   ];
 }
diff --git a/hosts/apu/secrets.nix b/hosts/apu/secrets.nix
new file mode 100644
index 0000000..4e51070
--- /dev/null
+++ b/hosts/apu/secrets.nix
@@ -0,0 +1,15 @@
+{ lib, ... }:
+{
+  age.secrets = lib.listToAttrs (
+    map
+      (secret: {
+        name = secret;
+        value = {
+          file = ../../secrets/${secret}.age;
+        };
+      })
+      [
+        "hetzner"
+      ]
+  );
+}
diff --git a/secrets/hetzner.age b/secrets/hetzner.age
new file mode 100644
index 0000000000000000000000000000000000000000..abf0b52e360ad5901c638d5573cb78cf59da91dd
GIT binary patch
literal 481
zcmYdHPt{G$OD?J`D9Oyv)5|YP*Do{V(zR14F3!+RO))YxHMCU7FZOqia#Tpl&M!<X
z&CSTROx1S^uJAJS_6v6MNDpz$Hz*6q$_VhV^fxRpGc~DlD&}&|3-Z=4&QEbJ@yRVt
z_A)Q@EhsO^@Gj5NcJ|1r$g?a7$TiH*kFw0O$Va!$#Vs>GBT&J@-Ob<II3(Y@(9F<4
z+p91wUE44+I4vOCJwGT--#p#Gygb7#**(0tGMTF^%CFGLvLM&by)rGxH!00O+#;{4
z#4s_*EYT<3FkL&*DK9zOq&zC3G8x^r@=!AiBS!@<uj24zeUn@hb7x<D6N?--XD7pa
zUl)_iVne?yQ=`PPB-d1n2yeskKvyp9)J#hYv&2+`@*Kx>?|k3F#3W;LPj}~nvP{FW
zFf(KGh|1uyWPhXld|xhIU0sEu%KYLy<NUDnlmJ&(_hgqWce4POq{PDV%Cac!pv(%7
z#E9}lSHp@_|7<REDYY&oE^XeeQDt*au^gN7PEs_kaM!VEwM&%^gdXZKh`TRLjhVTD
xbHntU%J1=S-+Z%sp3IW>{3+Y=87j4&cjrX0Z$IbQd{oZk@eiF-Qx*5F1_06IrO*HX

literal 0
HcmV?d00001

diff --git a/secrets/secrets.nix b/secrets/secrets.nix
index 93dfb23..b91c80c 100644
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -36,4 +36,5 @@ in
   "mosquitto/mokkimaatti.age".publicKeys = users ++ [ freun-dev ];
   "gitlab-runner/default.age".publicKeys = users ++ [ freun-dev ];
   "gitlab-runner/docker.age".publicKeys = users ++ [ freun-dev ];
+  "hetzner.age".publicKeys = users ++ [ apu ];
 }