1 files changed, 12 insertions, 0 deletions

diff --git a/nixos/kanata/configuration.nix b/nixos/kanata/configuration.nix
index c575e06..ee0c15a 100644
--- a/nixos/kanata/configuration.nix
+++ b/nixos/kanata/configuration.nix
@@ -96,6 +96,8 @@ in
   sops.secrets.grafana-admin-pass = { owner = "grafana"; };
   sops.secrets.cf-kusanari-kanata-credentials = { owner = "cloudflared"; };
   sops.secrets.nitter-account-jsonl = { };
+  # TODO: insecure?
+  sops.secrets.invidious-hmac = { mode = "0444"; };
 
   boot.kernel.sysctl."net.ipv4.ip_forward" = 1;
   boot.kernel.sysctl."net.ipv6.conf.all.forwarding" = 1;
@@ -143,6 +145,7 @@ in
         "dns.kusanari.network" = "http://localhost:4000";
         "metrics.kusanari.network" = "http://localhost:4001";
         "nitter.kusanari.network" = "http://localhost:4002";
+        "invidious.kusanari.network" = "http://localhost:4003";
 
         # Nginx pre-configured routes
         # NOTE: Routes with port 80 or 443 will NOT create corresponding nginx virtualHosts.
@@ -174,6 +177,7 @@ in
             "jellyfin"
             "dns"
             "metrics"
+            "invidious"
           ];
         };
       };
@@ -213,6 +217,14 @@ in
       realHost = "nitter.kusanari.network";
       secrets.nitter-guest-accounts = config.sops.secrets.nitter-account-jsonl.path;
     };
+
+    services.invidious = {
+      enable = true;
+
+      domain = "kusanari.network";
+      realHost = "invidious.kusanari.network";
+      secrets.invidious-hmac-key = config.sops.secrets.invidious-hmac.path;
+    };
   };
 
   # This option defines the first version of NixOS you have installed on this particular machine,