63 lines
1.7 KiB
Nix
63 lines
1.7 KiB
Nix
{ config, containerCfg, pkgs, lib, builder, name, ... }:
|
|
let
|
|
serverCfg = config.syscfg.server;
|
|
|
|
patchedInvidious = pkgs.invidious.overrideAttrs (oldAttrs: {
|
|
postPatch = (oldAttrs.postPatch or "") + ''
|
|
cp ${../data/invidious/login.cr} src/invidious/routes/login.cr
|
|
'';
|
|
});
|
|
|
|
image = pkgs.dockerTools.streamLayeredImage {
|
|
name = pkgs.invidious.name;
|
|
tag = pkgs.invidious.version;
|
|
config = {
|
|
Entrypoint = [ "${patchedInvidious}/bin/invidious" ];
|
|
ExposedPorts = { "3000/tcp" = {}; };
|
|
};
|
|
};
|
|
|
|
in {
|
|
sops = true;
|
|
db = true;
|
|
paths = [{
|
|
path="${serverCfg.configPath}/invidious";
|
|
mode = "0755";
|
|
}];
|
|
|
|
containers = {
|
|
server = builder.mkContainer {
|
|
subdomain = containerCfg.subdomain;
|
|
imageStream = image;
|
|
port = 3000;
|
|
secret = name;
|
|
overrides = {
|
|
cmd = [ "--config" "/data/config.yml" ];
|
|
volumes = [
|
|
"${serverCfg.configPath}/invidious:/data:ro"
|
|
];
|
|
};
|
|
};
|
|
|
|
companion = builder.mkContainer {
|
|
image = "quay.io/invidious/invidious-companion:latest";
|
|
port = 8282;
|
|
secret = name; #SERVER_SECRET_KEY = INVIDIOUS_COMPANION_KEY
|
|
extraOptions = [
|
|
"--cap-drop=all"
|
|
"--security-opt=no-new-privileges"
|
|
];
|
|
};
|
|
};
|
|
|
|
setup = {
|
|
trigger = "server";
|
|
envFile = [ config.sops.secrets."INVIDIOUS".path config.sops.secrets."CUSTOM".path ];
|
|
script = pkgs.writeShellScript "setup" ''
|
|
export DB_HOST=${builder.host}
|
|
export INVIDIOUS_DOMAIN=${containerCfg.subdomain}.${serverCfg.domain}
|
|
|
|
${pkgs.gettext}/bin/envsubst < "${../data/invidious/config.yml}" > "${serverCfg.configPath}/invidious/config.yml"
|
|
'';
|
|
};
|
|
} |