blob: 6c587b33d63293702fd434f13569d5f44c5b344b (
plain) (
blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
|
{
config,
lib,
pkgs,
...
}: let
cfg = config.services.invidious;
in {
services.invidious = {
enable = true;
database = {
createLocally = true;
};
domain = "invidious.vhack.eu";
nginx.enable = true;
extraSettingsFile = "$CREDENTIALS_DIRECTORY/hmac";
settings = {
check_tables = true;
db = {
dbname = "invidious";
user = "invidious";
};
};
};
systemd.services.invidious.serviceConfig = {
LoadCredential = "hmac:${config.age.secrets.invidiousHmac.path}";
ExecStart = let
# taken from the invidious module
settingsFormat = pkgs.formats.json {};
settingsFile = settingsFormat.generate "invidious-settings" cfg.settings;
jqFilter =
"."
+ lib.optionalString (cfg.database.host != null) "[0].db.password = \"'\"'\"$(cat ${lib.escapeShellArg cfg.database.passwordFile})\"'\"'\""
+ " | .[0]"
+ lib.optionalString (cfg.extraSettingsFile != null) " * .[1]";
# don't escape extraSettingsFile, to allow variable substitution
jqFiles =
settingsFile
+ lib.optionalString (cfg.extraSettingsFile != null) " \"${cfg.extraSettingsFile}\"";
in
lib.mkForce (pkgs.writeScript "start-invidious" ''
#! ${pkgs.dash}/bin/dash
export INVIDIOUS_CONFIG="$(${pkgs.jq}/bin/jq -s "${jqFilter}" ${jqFiles})"
exec ${cfg.package}/bin/invidious
'');
};
}
|