nixos-config/machines/renge/services/invidious/default.nix
Simon Bruder 00bada7b12
renge: Fix invidious
The patch is already in upstream, but for multiple reasons, I decided to
only apply the patch and not update.
2024-03-31 19:57:09 +02:00

71 lines
2.1 KiB
Nix

# SPDX-FileCopyrightText: 2021-2023 Simon Bruder <simon@sbruder.de>
#
# SPDX-License-Identifier: AGPL-3.0-or-later
{ config, lib, pkgs, ... }:
{
sops.secrets.invidious-extra-settings = {
sopsFile = ../../secrets.yaml;
group = "keys"; # not ideal, but required since the invidious user is dynamic
mode = "440";
};
systemd.services.invidious.serviceConfig.SupplementaryGroups = [ "keys" ];
services.invidious = {
enable = true;
package = pkgs.unstable.invidious.overrideAttrs (o: o // {
patches = (o.patches or [ ]) ++ [
./0001-Prefer-opus-audio-streams-in-listen-mode.patch
(pkgs.fetchpatch {
name = "0002-Update-shorts-params.patch";
url = "https://github.com/iv-org/invidious/commit/1a2d408d38fd0baef9a5538f3971fb7ac9abd147.patch";
hash = "sha256-uyAsILwxf77OZwJoTkvZ7m79w4WncTAyAr1cZbU6mhM=";
})
];
});
nginx.enable = true;
domain = "iv.sbruder.xyz";
settings = {
host_binding = "127.0.0.1";
log_level = "Warn";
default_user_preferences = {
# allow higher qualities
quality = "dash";
quality_dash = "auto";
# humane volume
volume = 50;
# no “popular” content
feed_menu = [ "Subscriptions" "Playlists" ];
default_home = ""; # search on /
};
disable_proxy = [ "downloads" ]; # legal precaution
local = true; # no external requests
use_pubsub_feeds = true;
modified_source_code_url = "https://github.com/sbruder/invidious/tree/patches";
https_only = lib.mkForce true;
};
extraSettingsFile = config.sops.secrets.invidious-extra-settings.path;
};
systemd.services.invidious.serviceConfig = {
Restart = "on-failure";
};
services.nginx.virtualHosts."iv.sbruder.xyz" = {
enableACME = false;
forceSSL = false;
extraConfig = ''
allow ${config.sbruder.wireguard.home.subnet};
deny all;
'';
locations = {
"/robots.txt".return = "200 'User-agent: *\\nDisallow: /'";
"/privacy".return = "301 'https://sbruder.xyz/#privacy'";
"/feed/popular".return = "403"; # leaks data about its users
};
};
}