78 lines
2 KiB
Nix
78 lines
2 KiB
Nix
{
|
|
lib,
|
|
config,
|
|
namespace,
|
|
...
|
|
}:
|
|
with lib;
|
|
with lib.${namespace};
|
|
let
|
|
cfg = config.${namespace}.container.invidious;
|
|
in
|
|
{
|
|
options.${namespace}.container.invidious = {
|
|
enable = mkEnableOption "Invidious";
|
|
};
|
|
|
|
config = mkIf cfg.enable {
|
|
sops.secrets.invidious-db = {
|
|
format = "dotenv";
|
|
sopsFile = ../../../../../secrets/invidious-db.env;
|
|
key = "";
|
|
};
|
|
|
|
sops.secrets.invidious-config = {
|
|
format = "yaml";
|
|
sopsFile = ../../../../../secrets/invidious-config.yaml;
|
|
key = "";
|
|
};
|
|
|
|
security.unprivilegedUsernsClone = true;
|
|
|
|
virtualisation = {
|
|
podman = {
|
|
enable = true;
|
|
autoPrune = {
|
|
enable = true;
|
|
dates = "weekly";
|
|
flags = [ "--all" ];
|
|
};
|
|
defaultNetwork.settings = {
|
|
dns_enabled = true;
|
|
};
|
|
};
|
|
};
|
|
|
|
virtualisation.oci-containers.containers = {
|
|
invidious = {
|
|
image = "quay.io/invidious/invidious:latest-arm64";
|
|
hostname = "invidious";
|
|
volumes = [ "/run/secrets/invidious-config:/invidious/config/config.yml" ];
|
|
ports = [
|
|
"192.168.1.202:3000:3000"
|
|
"[fd00:192:168:1::202]:3000:3000"
|
|
];
|
|
dependsOn = [ "invidious-db" ];
|
|
};
|
|
signature-helper = {
|
|
image = "quay.io/invidious/inv-sig-helper:latest";
|
|
hostname = "signature-helper";
|
|
cmd = [
|
|
"--tcp"
|
|
"0.0.0.0:12999"
|
|
];
|
|
};
|
|
invidious-db = {
|
|
image = "docker.io/library/postgres:14";
|
|
hostname = "invidious-db";
|
|
volumes = [
|
|
"postgresdata:/var/lib/postgresql/data"
|
|
"/home/philipp/nix-config/modules/nixos/virtualisation/podman/invidious/config/sql:/config/sql"
|
|
"/home/philipp/nix-config/modules/nixos/virtualisation/podman/invidious/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh"
|
|
];
|
|
environmentFiles = [ /run/secrets/invidious-db ];
|
|
};
|
|
};
|
|
};
|
|
|
|
}
|