apu: add invidious

2025-03-30 20:10:19 +03:00
parent 5c5f3dd964
commit 0ecfaf4d3c
5 changed files with 38 additions and 9 deletions
--- a/hosts/apu/configuration.nix
+++ b/hosts/apu/configuration.nix
@@ -272,18 +272,30 @@
    };
  };

-  services.webserver = {
-    enable = true;
-    acme.dnsChallenge = true;
-    vHosts."koti.repomaa.com" = {
-      proxyBuffering = false;
-      locations."/".proxyPort = 8123;
+  services = {
+    webserver = {
+      enable = true;
+      acme.dnsChallenge = true;
+      vHosts."koti.repomaa.com" = {
+        proxyBuffering = false;
+        locations."/".proxyPort = 8123;
+      };
+    };
+
+    invidious = {
+      enable = true;
+      subdomain = "vid";
    };
  };

-  networking.nftables.enable = true;
-  networking.firewall.enable = true;
-  networking.useDHCP = false;
+  security.acme.defaults.environmentFile = config.age.secrets.hetzner.path;
+
+  networking = {
+    nftables.enable = true;
+    firewall.enable = true;
+    useDHCP = false;
+    domain = "repomaa.com";
+  };

  system.stateVersion = "24.05";
 }
--- a/hosts/apu/default.nix
+++ b/hosts/apu/default.nix
@@ -6,6 +6,7 @@ in
  imports = [
    ./hardware-configuration.nix
    ./configuration.nix
+    ./secrets.nix
    nixos-hardware.nixosModules.pcengines-apu
  ];
 }
--- a/hosts/apu/secrets.nix
+++ b/hosts/apu/secrets.nix
@@ -0,0 +1,15 @@
+{ lib, ... }:
+{
+  age.secrets = lib.listToAttrs (
+    map
+      (secret: {
+        name = secret;
+        value = {
+          file = ../../secrets/${secret}.age;
+        };
+      })
+      [
+        "hetzner"
+      ]
+  );
+}
--- a/secrets/hetzner.age
+++ b/secrets/hetzner.age
--- a/secrets/secrets.nix
+++ b/secrets/secrets.nix
@@ -36,4 +36,5 @@ in
  "mosquitto/mokkimaatti.age".publicKeys = users ++ [ freun-dev ];
  "gitlab-runner/default.age".publicKeys = users ++ [ freun-dev ];
  "gitlab-runner/docker.age".publicKeys = users ++ [ freun-dev ];
+  "hetzner.age".publicKeys = users ++ [ apu ];
 }