From 69af06d78add3198b53e0345c7a356e5ec02912a Mon Sep 17 00:00:00 2001 From: Natsu Kagami Date: Tue, 17 Oct 2023 07:58:25 +0200 Subject: [PATCH] Set up invidious --- nki-personal-do/configuration.nix | 1 + nki-personal-do/invidious.nix | 72 ++++++++++++++++++++++++++++ nki-personal-do/secrets/secrets.yaml | 6 ++- 3 files changed, 77 insertions(+), 2 deletions(-) create mode 100644 nki-personal-do/invidious.nix diff --git a/nki-personal-do/configuration.nix b/nki-personal-do/configuration.nix index ff15470..179c74b 100644 --- a/nki-personal-do/configuration.nix +++ b/nki-personal-do/configuration.nix @@ -20,6 +20,7 @@ ./writefreely.nix ./synapse.nix ./phanpy.nix + ./invidious.nix ]; common.linux.enable = false; # Don't enable the "common linux" module, this is a special machine. diff --git a/nki-personal-do/invidious.nix b/nki-personal-do/invidious.nix new file mode 100644 index 0000000..f53ee53 --- /dev/null +++ b/nki-personal-do/invidious.nix @@ -0,0 +1,72 @@ +{ config, pkgs, lib, ... }: +let + ipv6-rotator = + let + src = pkgs.fetchFromGitHub { + owner = "iv-org"; + repo = "smart-ipv6-rotator"; + rev = "61c019c2b14304c2a111a6db4c492d10ab2308cf"; + hash = "sha256-a4BQH2D7La51vdPqMQSlZB73twX9Zcjq8mxbT5SdCpo="; + }; + in + pkgs.writeShellApplication { + name = "smart-ipv6-rotator"; + runtimeInputs = [ (pkgs.python3.withPackages (p: with p; [ pyroute2 requests ])) ]; + text = '' + if [ -z "$IPV6_ROTATOR_RANGE" ]; then + echo "Range required" + exit 1 + fi + python3 ${src}/smart-ipv6-rotator.py "$@" --ipv6range="$IPV6_ROTATOR_RANGE" + ''; + }; +in +{ + sops.secrets."invidious" = { mode = "0444"; }; + sops.secrets."invidious-rotator-env" = { mode = "0444"; }; + cloud.postgresql.databases = [ "invidious" ]; + cloud.traefik.hosts.invidious = { host = "invi.dtth.ch"; port = 61191; }; + services.invidious = { + enable = true; + package = pkgs.unstable.invidious; + domain = "invi.dtth.ch"; + port = 61191; + extraSettingsFile = config.sops.secrets.invidious.path; + settings = { + db.user = "invidious"; + db.dbname = "invidious"; + + external_port = 443; + https_only = true; + hsts = false; + + registration_enabled = true; + login_enabled = true; + admins = [ "nki" ]; + # video_loop = false; + # autoplay = true; + # continue = true; + # continue_autoplay = true; + # listen = false; + # quality = "hd720"; + # comments = [ "youtube" ]; + # captions = [ "en" "vi" "de" "fr" ]; + }; + }; + systemd.timers.smart-ipv6-rotator = { + description = "Rotate ipv6 routes to Google"; + timerConfig = { OnCalendar = "*-*-* 00,06,12,18:00:00"; }; + wantedBy = [ "invidious.service" ]; + unitConfig = { }; + }; + systemd.services.smart-ipv6-rotator = { + serviceConfig = { + Type = "oneshot"; + ExecStart = "${ipv6-rotator}/bin/smart-ipv6-rotator run"; + EnvironmentFile = [ + config.sops.secrets.invidious-rotator-env.path + ]; + }; + }; +} + diff --git a/nki-personal-do/secrets/secrets.yaml b/nki-personal-do/secrets/secrets.yaml index 62bfb91..51de559 100644 --- a/nki-personal-do/secrets/secrets.yaml +++ b/nki-personal-do/secrets/secrets.yaml @@ -36,6 +36,8 @@ matrix-synapse-dtth: appservice-discord: ENC[AES256_GCM,data:lAAEa6ltXi29+POrG87bMAvv8du3DiGYl8f7npqW0ga3YgrvofgYnC8QJUyznIQ3Ye9yWxzjzaClu7viFgkN0yIXlpENIOcSTrdlMgg5mdJ8f9elltp/VPiwVimubPa8QnpLNRy/NAEVpDFygw9VOM+Fu203M/pofK0qX6NfO9PeQGma1iKQeMKrV/6RwjF+70rnTMEhO0PCyTl2PEwZiDtkxgI7Yyl37p8bUuJ4YZ5MhZN94lODb+toPaN29BZT4q23VrJmxiW3VEeJj+tEmx4X+KeCO5AArtPl9YOkoRt/uSRKljsf109AIiclRj0wITqOx/QL2qntFuAidxTm8MoJQ6eoq/bwQp/BUpPubIMeY+z2b8XIgZGZSPZMdaObvaqDFdMLq7GW61GxYKFgNxHYA4uhndbE5VDNkcFkw4FEC5x40fwqGaunmqvAdb3p4I9EhlQ28e5S+hX1FFrMHjsJWlnjSySDRjCodJMtep19J+qVVgyf5A==,iv:PBo7+OSqBGxI7DzUpclcGWEFwTpcNqySRJzqHu7medU=,tag:fi06xru3e92WfqOJxHXd2w==,type:str] #ENC[AES256_GCM,data:iOzQ7k/EJPjMhjdl4do0VZ0UblYW/oKzGHfdghJ7BR/QiLD5QVfwPmN7gctVftD1wAveOvdAl9s93cDBLAF5eVCi/gfTBrXJ3MKvAZ8vCEVQtdlZl37GrDCsV54EHt7I3d6F6nX9EAG0cF/pT25JyFqGDRgFUJVDPUVG7x8tr+q38BjWgNHRXQ==,iv:VOwPsPU/9jx6MAnnnS1d1JAAfKfdFqq5G64AHqJuG9A=,tag:iw11y5UXxEPxeGhykoHVkw==,type:comment] vaultwarden-env: ENC[AES256_GCM,data:Cj1CWuPB8Tc/8E1suAoAw5MK8egzy5KLTIyIAkRuVVRNmjiBq0wEw23m4/VKz4Pq/FmUj6BGyLD0zXTp9AMlGugaDDlyihmCTt0FJOCaG3g0vrLfTY5jGnZCNR1B3fX3kf/yI/nvQsl8OqsKkTf66YznzUWtetKGa0KZICmvq/HW9Cjh+Q==,iv:Q2zGh84hPwthPeMsZbYgpZu2br2rWtaG6rcsKjtlUvQ=,tag:IllbcJz91qg08IFU1vnMWA==,type:str] +invidious: ENC[AES256_GCM,data:pCRlBaHRJyOHj2t04V6DkGVAPuAc8hz+Sn24nQ3IvcXNIdaYijpy,iv:ZPrP6guN7oyOfys7tmIAX1M86cpHUwp9wh3OSHdPSHM=,tag:oxo2TZk/UOB0xKlpapNCVg==,type:str] +invidious-rotator-env: ENC[AES256_GCM,data:Q5c/sga+Nn0C7bKkTphob3tWNvKE1Zz0CIbXIayc73cfEsUgOIZdrm8BlAW7,iv:f0ccZsjNJ9UQCcfN/lZQdtxSg9ADFuykb8qw07c1xFI=,tag:4mUzgOHOE16FPhSTlbx+Rw==,type:str] sops: kms: [] gcp_kms: [] @@ -69,8 +71,8 @@ sops: by9kZFlTRVdCZFkxYTVVb0RIRk8zUlkKCqMw9oL9RaYBV5Hhy3o8Nm5xmGrPH8Sd hv36sxRFFNZT/DCKaHaSRbT3mfpBZSTXJt1dgl4nZe6whH54t/1KmA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2023-08-09T07:39:16Z" - mac: ENC[AES256_GCM,data:xljlzQbsRf+JRlL/N/DEW6rta392Yk/DzKN5goyJlMuAZq56E1GQYSflS2bKQQlEIKv+y/jzsFPQpe2qeIdNhvjb2c6G/WjvBiodYZ4O5tnih9Aou86H1zr3qdtc55ovgOg3WwzKJhe1KAeAPXn7T+7xSpZ3ATrN0Pe0r+r/IjY=,iv:EmpuS5jv8jBXouwsDH8MpmeRvhJoF1rDDdc79/euzYg=,tag:II4M1FrS6foUiKe55cOpfQ==,type:str] + lastmodified: "2023-10-15T20:36:24Z" + mac: ENC[AES256_GCM,data:zdcVJ+DQANfuQIu+i1gh+Y+mTGU6sY4Uqt6TZtHQvrPu2M+I0kP2j34UCy8buRIr0vM0bpCG6WVVnYzsT5h/WHTf640oFvDXjYcowDXrGIEmJjay4sPqTx62u/KEz1VKvINNk2woJ4K5th5EVXF3JPXJfxnACfxab0FLDpNNqtY=,iv:Hj1+lCmHU9teZsLN2fif814XrWTd3aqGNaIUWiEIeds=,tag:8HhunlHljvAxO5aiB/7w5Q==,type:str] pgp: [] unencrypted_suffix: _unencrypted version: 3.7.3