Simon Bruder
00bada7b12
The patch is already in upstream, but for multiple reasons, I decided to only apply the patch and not update.
71 lines
2.1 KiB
Nix
71 lines
2.1 KiB
Nix
# SPDX-FileCopyrightText: 2021-2023 Simon Bruder <simon@sbruder.de>
|
|
#
|
|
# SPDX-License-Identifier: AGPL-3.0-or-later
|
|
|
|
{ config, lib, pkgs, ... }:
|
|
|
|
{
|
|
sops.secrets.invidious-extra-settings = {
|
|
sopsFile = ../../secrets.yaml;
|
|
group = "keys"; # not ideal, but required since the invidious user is dynamic
|
|
mode = "440";
|
|
};
|
|
systemd.services.invidious.serviceConfig.SupplementaryGroups = [ "keys" ];
|
|
|
|
services.invidious = {
|
|
enable = true;
|
|
package = pkgs.unstable.invidious.overrideAttrs (o: o // {
|
|
patches = (o.patches or [ ]) ++ [
|
|
./0001-Prefer-opus-audio-streams-in-listen-mode.patch
|
|
(pkgs.fetchpatch {
|
|
name = "0002-Update-shorts-params.patch";
|
|
url = "https://github.com/iv-org/invidious/commit/1a2d408d38fd0baef9a5538f3971fb7ac9abd147.patch";
|
|
hash = "sha256-uyAsILwxf77OZwJoTkvZ7m79w4WncTAyAr1cZbU6mhM=";
|
|
})
|
|
];
|
|
});
|
|
nginx.enable = true;
|
|
domain = "iv.sbruder.xyz";
|
|
settings = {
|
|
host_binding = "127.0.0.1";
|
|
log_level = "Warn";
|
|
default_user_preferences = {
|
|
# allow higher qualities
|
|
quality = "dash";
|
|
quality_dash = "auto";
|
|
|
|
# humane volume
|
|
volume = 50;
|
|
|
|
# no “popular” content
|
|
feed_menu = [ "Subscriptions" "Playlists" ];
|
|
default_home = ""; # search on /
|
|
};
|
|
disable_proxy = [ "downloads" ]; # legal precaution
|
|
local = true; # no external requests
|
|
use_pubsub_feeds = true;
|
|
modified_source_code_url = "https://github.com/sbruder/invidious/tree/patches";
|
|
https_only = lib.mkForce true;
|
|
};
|
|
extraSettingsFile = config.sops.secrets.invidious-extra-settings.path;
|
|
};
|
|
|
|
systemd.services.invidious.serviceConfig = {
|
|
Restart = "on-failure";
|
|
};
|
|
|
|
services.nginx.virtualHosts."iv.sbruder.xyz" = {
|
|
enableACME = false;
|
|
forceSSL = false;
|
|
extraConfig = ''
|
|
allow ${config.sbruder.wireguard.home.subnet};
|
|
deny all;
|
|
'';
|
|
locations = {
|
|
"/robots.txt".return = "200 'User-agent: *\\nDisallow: /'";
|
|
"/privacy".return = "301 'https://sbruder.xyz/#privacy'";
|
|
"/feed/popular".return = "403"; # leaks data about its users
|
|
};
|
|
};
|
|
}
|