apu: add invidious

hosts/apu/configuration.nix

@@ -272,7 +272,8 @@
     };
   };
 
-  services.webserver = {
+  services = {
+    webserver = {
       enable = true;
       acme.dnsChallenge = true;
       vHosts."koti.repomaa.com" = {
@@ -281,9 +282,20 @@
       };
     };
 
-  networking.nftables.enable = true;
+    invidious = {
-  networking.firewall.enable = true;
+      enable = true;
-  networking.useDHCP = false;
+      subdomain = "vid";
+    };
+  };
+
+  security.acme.defaults.environmentFile = config.age.secrets.hetzner.path;
+
+  networking = {
+    nftables.enable = true;
+    firewall.enable = true;
+    useDHCP = false;
+    domain = "repomaa.com";
+  };
 
   system.stateVersion = "24.05";
 }

hosts/apu/default.nix

@@ -6,6 +6,7 @@ in
   imports = [
     ./hardware-configuration.nix
     ./configuration.nix
+    ./secrets.nix
     nixos-hardware.nixosModules.pcengines-apu
   ];
 }

hosts/apu/secrets.nix

@@ -0,0 +1,15 @@
+{ lib, ... }:
+{
+  age.secrets = lib.listToAttrs (
+    map
+      (secret: {
+        name = secret;
+        value = {
+          file = ../../secrets/${secret}.age;
+        };
+      })
+      [
+        "hetzner"
+      ]
+  );
+}

secrets/secrets.nix

@@ -36,4 +36,5 @@ in
   "mosquitto/mokkimaatti.age".publicKeys = users ++ [ freun-dev ];
   "gitlab-runner/default.age".publicKeys = users ++ [ freun-dev ];
   "gitlab-runner/docker.age".publicKeys = users ++ [ freun-dev ];
+  "hetzner.age".publicKeys = users ++ [ apu ];
 }