{ config, containerCfg, pkgs, lib, builder, name, ... }: let serverCfg = config.syscfg.server; patchedInvidious = pkgs.invidious.overrideAttrs (oldAttrs: { postPatch = (oldAttrs.postPatch or "") + '' cp ${../data/invidious/login.cr} src/invidious/routes/login.cr ''; }); image = pkgs.dockerTools.streamLayeredImage { name = pkgs.invidious.name; tag = pkgs.invidious.version; config = { Entrypoint = [ "${patchedInvidious}/bin/invidious" ]; Cmd = [ "--config" "/etc/invidious/config.yml" ]; ExposedPorts = { "3000/tcp" = {}; }; }; }; in { sops = true; db = true; containers = { server = builder.mkContainer { subdomain = containerCfg.subdomain; imageStream = invidiousImage; port = 3000; secret = name; extraEnv = { INVIDIOUS_DATABASE_URL = "postgres://invidious_user:\${DB_PASS}@${builder.host}/invidious_db"; INVIDIOUS_HMAC_KEY = "\${HMAC_KEY}"; INVIDIOUS_COMPANION_URL = "http://invidious-companion:8282/companion"; INVIDIOUS_PO_TOKEN = "\${PO_TOKEN}"; INVIDIOUS_VISITOR_DATA = "\${VISITOR_DATA}"; INVIDIOUS_PORT = "3000"; INVIDIOUS_COMPANION_KEY = "\${INVIDIOUS_KEY}"; INVIDIOUS_DOMAIN = "${containerCfg.subdomain}.${serverCfg.domain}"; # INVIDIOUS_CONFIG: | # channel_threads: 1 # check_tables: true # feed_threads: 1 # hmac_key: 1058f1474503055f8663dd99dbae561b9a5b3f1e # db: # dbname: invidious # user: kemal # password: xXrmHRHXcZLF2yDhF2ER4LhZ7FDgW5fb # host: postgres_inv # port: 5432 # full_refresh: false # https_only: true # domain: yt.helcel.net # external_port: 80 # invidious_companion: # - private_url: "http://invidious-companion:8282/companion" # invidious_companion_key: "fee4cai" # visitor_data: CgtzS3RSVUN # po_token: MnR6UWTyMu4mYnppjHRmSLk #registration_enabled: false }; }; companion = builder.mkContainer { image = "quay.io/invidious/invidious-companion:latest"; port = 8282; # - SERVER_SECRET_KEY=fee4caePhoVohjei # cap_drop: # - ALL # security_opt: # - no-new-privileges:true }; }; }