sora/nixconfig
1
0
Fork 1
Code Issues 2 Pull Requests Actions Releases Activity
Files
c456e4cad8d35954f9db441d3ce17f1f0ba5b2c1
nixconfig/modules/server/containers/apps/invidious.nix
soraefir c456e4cad8 Fix env config path
2026-05-15 16:19:18 +02:00

72 lines
2.2 KiB
Nix
Raw Blame History

{ config, containerCfg, pkgs, lib, builder, name, ... }:
let
serverCfg = config.syscfg.server;
patchedInvidious = pkgs.invidious.overrideAttrs (oldAttrs: {
postPatch = (oldAttrs.postPatch or "") + ''
cp ${../data/invidious/login.cr} src/invidious/routes/login.cr
'';
});
image = pkgs.dockerTools.streamLayeredImage {
name = pkgs.invidious.name;
tag = pkgs.invidious.version;
config = {
Entrypoint = [ "${patchedInvidious}/bin/invidious" ];
ExposedPorts = { "3000/tcp" = {}; };
};
};
in {
sops = true;
db = true;
paths = [{
path="${serverCfg.configPath}/invidious";
mode = "0755";
}];
containers = {
server = builder.mkContainer {
subdomain = containerCfg.subdomain;
imageStream = image;
port = 3000;
secret = name;
extraLabels = {
"traefik.http.routers.${containerCfg.subdomain}-login.rule" = "Host(`${containerCfg.subdomain}.${serverCfg.domain}`) && Path(`/login`) ";
"traefik.http.routers.${containerCfg.subdomain}-login.middlewares" = if serverCfg.containers?authentik then "authentik" else "";
"traefik.http.routers.${containerCfg.subdomain}-login.priority" = "100";
"traefik.http.routers.${containerCfg.subdomain}-login.entrypoints" = "web-secure";
"traefik.http.routers.${containerCfg.subdomain}-login.tls" = "true";
};
extraEnv = {
INVIDIOUS_CONFIG_FILE = "/data/config.yml";
};
overrides = {
volumes = [
"${serverCfg.configPath}/invidious:/data:ro"
];
};
};
companion = builder.mkContainer {
image = "quay.io/invidious/invidious-companion:latest";
port = 8282;
secret = name; #SERVER_SECRET_KEY = INVIDIOUS_COMPANION_KEY
extraOptions = [
"--cap-drop=all"
"--security-opt=no-new-privileges"
];
};
};
setup = {
trigger = "server";
envFile = [ config.sops.secrets."INVIDIOUS".path config.sops.secrets."CUSTOM".path ];
script = pkgs.writeShellScript "setup" ''
export DB_HOST=${builder.host}
export INVIDIOUS_DOMAIN=${containerCfg.subdomain}.${serverCfg.domain}
${pkgs.gettext}/bin/envsubst < "${../data/invidious/config.yml}" > "${serverCfg.configPath}/invidious/config.yml"
'';
};
}
Reference in New Issue View Git Blame Copy Permalink