Last active
May 7, 2024 20:03
-
-
Save RomeoV/ba43ab24401dba2023e5096950375c30 to your computer and use it in GitHub Desktop.
Setup invidious on NixOS
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| { config, lib, pkgs, ... }: { | |
| networking.hostName = "mycloud-nixos"; | |
| services.tailscale = { | |
| enable = true; | |
| }; | |
| services.invidious = { | |
| enable = true; | |
| port = 8090; | |
| }; | |
| networking.firewall = { | |
| enable = true; | |
| trustedInterfaces = [ | |
| "tailscale0" | |
| ]; | |
| }; | |
| ## OPTIONAL: Expose to internet via nginx; automatic HTTPS cert fetching and renewal. | |
| services.nginx = { | |
| enable = true; | |
| recommendedProxySettings = true; | |
| recommendedTlsSettings = true; | |
| clientMaxBodySize = "40M"; | |
| virtualHosts = { | |
| "invidious.romeov.me" = { | |
| forceSSL = true; | |
| enableACME = true; | |
| proxyPass = "http://127.0.0.1:${toString config.services.invidious.port}"; | |
| }; | |
| }; | |
| }; | |
| networking.firewall.allowedTCPPorts = [ # necessar for https certs | |
| 80 | |
| 443 | |
| ]; | |
| security.acme = { | |
| acceptTerms = true; | |
| defaults.email = "contact@romeov.me"; | |
| }; | |
| }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment