diff options
-rw-r--r-- | nixos/kanata/configuration.nix | 12 | ||||
-rw-r--r-- | nixos/kanata/secrets/secrets.yaml | 5 |
2 files changed, 15 insertions, 2 deletions
diff --git a/nixos/kanata/configuration.nix b/nixos/kanata/configuration.nix index c575e06..ee0c15a 100644 --- a/nixos/kanata/configuration.nix +++ b/nixos/kanata/configuration.nix @@ -96,6 +96,8 @@ in sops.secrets.grafana-admin-pass = { owner = "grafana"; }; sops.secrets.cf-kusanari-kanata-credentials = { owner = "cloudflared"; }; sops.secrets.nitter-account-jsonl = { }; + # TODO: insecure? + sops.secrets.invidious-hmac = { mode = "0444"; }; boot.kernel.sysctl."net.ipv4.ip_forward" = 1; boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1; @@ -143,6 +145,7 @@ in "dns.kusanari.network" = "http://localhost:4000"; "metrics.kusanari.network" = "http://localhost:4001"; "nitter.kusanari.network" = "http://localhost:4002"; + "invidious.kusanari.network" = "http://localhost:4003"; # Nginx pre-configured routes # NOTE: Routes with port 80 or 443 will NOT create corresponding nginx virtualHosts. @@ -174,6 +177,7 @@ in "jellyfin" "dns" "metrics" + "invidious" ]; }; }; @@ -213,6 +217,14 @@ in realHost = "nitter.kusanari.network"; secrets.nitter-guest-accounts = config.sops.secrets.nitter-account-jsonl.path; }; + + services.invidious = { + enable = true; + + domain = "kusanari.network"; + realHost = "invidious.kusanari.network"; + secrets.invidious-hmac-key = config.sops.secrets.invidious-hmac.path; + }; }; # This option defines the first version of NixOS you have installed on this particular machine, diff --git a/nixos/kanata/secrets/secrets.yaml b/nixos/kanata/secrets/secrets.yaml index c24ab8f..d6ca875 100644 --- a/nixos/kanata/secrets/secrets.yaml +++ b/nixos/kanata/secrets/secrets.yaml @@ -7,6 +7,7 @@ grafana-admin-pass: ENC[AES256_GCM,data:waHiV4NyatwQrvRkws8FQut49/ryh9srNSshUbvm cf-kusanari-kanata-credentials: ENC[AES256_GCM,data:whwnxMT9JS3iDHbGTk2FoeDBiug26JoRWlyA3sOij861PVJZBEvQJubXD2E5hSwJhyoMIUpb8wgnvB/6GhznouwWfsNh7I39wcaxvHArTNkW+LXrAu8m7ra5dtSUHhPUQifLNYB/TsKHsB+TMhc5IMD6hAHs4uraZHmF1cej8PufTDKDLHjwVwDDJSP1ujQaUrRUvp4NUc8ImVCwnG0PYCVv,iv:umi4Yj11E6+BriksGLzvm+YW7NuARmRtvHz2cixILQA=,tag:+LQs2veOW0CmSKCUNtd9KA==,type:str] nitter-account-jsonl: ENC[AES256_GCM,data:a7nSbFcG+E5xXnY4moLAu1ULujjZ8czGGLQNqaLZtFISG5Fc/0mMwRxKdArp9pwdUrteSUWzoKlkeTfsHsoS4TmPMuna/nLKSjBV1bvPdOuBEIi6IP9o6zb9izUvcwTAcMiWPjeRYNyLy5p9tvdIQ0MmRmd5UW9WUILLs7r5dmIK/ssNgYf89jJsdhBRpzOmjOtBbzn2uTA6+3s7ldswSWhAP94654Hrbg1IKxvefAgAqm+/2aNvY1Jxh71bNlWH+/WNBtH7pC24NeNWjiNHKzGhix2UecmcQ5/CEo8DBa6mg4gpe9i+VxzHhl3NJoFrfuicFT2ebTEjv8p7ZXLF3ZRgscXXb9YJ5CjmVILiUh/yYqM2jzSLbGHKIetlNFlmNkAYXN3j+A4w4Jiu4lVA3jwFPVxk92pSHi7hhib5gP3P20Zfbr89zk9tGIBQVDWo4p1LrwumH6aCq+XaIPAHOspFheIteZUJ1q0V2vylrBfkrj+ISDQ94aWgSKC74dynGL4joH4DJ2g6xSh26FMNlvBR7Mwg1PpfmJKx0I3iROoEc3RCPdxaoPiJNL7gpRlHV2a5H+ZCgpuWxcQ=,iv:joZcbUidniBqGu9Lkg6wd+mBdmgU/inbPEOlXewU5U4=,tag:y8Uv4zxuTAsTKB+OB4S6Xw==,type:str] acme-credentials: ENC[AES256_GCM,data:6SIuFH3sRcz/Z855br7VgFKEEA1crztKmhVd3chK7ERJpfG9pTxxX0mAxG3aK5OhXwZpDMp0YkxtEphdkb5m0ZU=,iv:bUMtK0SvtrNwlhuY1k0dNVIOcJgM1OLjmbl+X+Zj01E=,tag:x6kdGrSsImZlpHrPnEAmXA==,type:str] +invidious-hmac: ENC[AES256_GCM,data:uIw4aQm6oYd5heSxrJnt6Nvc+fTPLMSEDtDyZ/ayogl6qx/gPg==,iv:8AVzwO9peE0UC70nLxBxHKzTcitrzvBvy120fdQD1+c=,tag:rr7MOqgOFFxXN8W+9MKvLg==,type:str] sops: kms: [] gcp_kms: [] @@ -31,8 +32,8 @@ sops: YkRGS2ZBbm1keWpUQUFOWDRtTWZVa0EKc+lKEP0L/yoFLx6p1zbWfifPWc7Y9Qqh qccODSyHqzwdriHLxXuw9SCnF+SeA721te6+pDVhJj8vqv2UqHiATw== -----END AGE ENCRYPTED FILE----- - lastmodified: "2024-02-02T18:48:14Z" - mac: ENC[AES256_GCM,data:YOxc3pObGAcGy4tenuxsOTLr8uKMud/z/MarbTTZFv2VKT0DQPOdMVMWL52Ho4B2JcmAPzDjKhtOyLQi9VTA3NAEJyuroqsQri9G2atd8KluCv6puKO+ZjYyDvYlgErCfpAdhUs3xU53HEKKqicqMGc/qg2h+LEdYE4ECW+1/Mk=,iv:B0PcNaedmI+AoQu6nR5TpHi7BjLV3XP5ZLpEERMqw3k=,tag:Dpr7fbK7w6sbMCb8uK9LWA==,type:str] + lastmodified: "2024-02-03T10:47:06Z" + mac: ENC[AES256_GCM,data:CjpuqcU0X7SPnnyomY3+RtdlrJn5UTlJHiizUo6FTdcgv0k23FTw7v9dYbIMOeP+3PUDhykTB9cHwNgc2gsMSQQXJVuRaTD47kPqc7Scxb7gcZ3EURNN7Dwt7gwDVlWRqRWtazKGYX9AIfboDHRI4F1No3LIjTayzaYO1tjXADA=,iv:vP/nOuO0vC5q4g0o8qqHXGLd/Q64X0RGCw6cpeTZ6ik=,tag:0BFv8bXa3JbOZyDSBIaPew==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.8.1 |