blob: a1d202cb032da8b48c2218e68b2f5b8a5d4447ea (
plain) (
tree)
|
|
{
config,
lib,
pkgs,
...
}: let
cfg = config.services.invidious;
in {
services.invidious = {
enable = true;
database = {
createLocally = true;
};
domain = "invidious.vhack.eu";
nginx.enable = true;
extraSettingsFile = "$CREDENTIALS_DIRECTORY/hmac";
settings = {
check_tables = true;
};
};
systemd.services.invidious.serviceConfig = {
LoadCredential = "hmac:${config.age.secrets.invidiousHmac.path}";
ExecStart = let
# taken from the invidious module
settingsFormat = pkgs.formats.json {};
settingsFile = settingsFormat.generate "invidious-settings" cfg.settings;
jqFilter =
"."
+ lib.optionalString (cfg.database.host != null) "[0].db.password = \"'\"'\"$(cat ${lib.escapeShellArg cfg.database.passwordFile})\"'\"'\""
+ " | .[0]"
+ lib.optionalString (cfg.extraSettingsFile != null) " * .[1]";
# don't escape extraSettingsFile, to allow variable substitution
jqFiles =
settingsFile
+ lib.optionalString (cfg.extraSettingsFile != null) " \"${cfg.extraSettingsFile}\"";
in
lib.mkForce (pkgs.writeScript "start-invidious" ''
#! ${pkgs.dash}/bin/dash
export INVIDIOUS_CONFIG="$(${pkgs.jq}/bin/jq -s "${jqFilter}" ${jqFiles})"
exec ${cfg.package}/bin/invidious
'');
};
}
|