From fe05235570c252ce14fb0f8cc4f47e8ce17c602f Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Fri, 11 Nov 2022 00:32:54 +0100 Subject: [PATCH 01/15] jellyfin: localhost -> 127.0.0.1 to avoid ipv6 --- hosts/architect/jellyfin.nix | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/hosts/architect/jellyfin.nix b/hosts/architect/jellyfin.nix index 60af115..aca2a2f 100644 --- a/hosts/architect/jellyfin.nix +++ b/hosts/architect/jellyfin.nix @@ -25,7 +25,7 @@ in { ''; locations."/" = { - proxyPass = "http://localhost:8096"; + proxyPass = "http://127.0.0.1:8096"; # extraConfig = '' # allow 10.0.0.0/24; # allow 10.3.0.0/24; @@ -34,7 +34,7 @@ in { }; locations."/socket" = { - proxyPass = "http://localhost:8096"; + proxyPass = "http://127.0.0.1:8096"; proxyWebsockets = true; # extraConfig = '' # allow 10.0.0.0/24; From 0ac62bb2ae5c8f7d082ff97da1fff7a86903cf4f Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Fri, 11 Nov 2022 00:33:06 +0100 Subject: [PATCH 02/15] reddit: localhost -> 127.0.0.1 to avoid ipv6 --- hosts/architect/libreddit.nix | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/hosts/architect/libreddit.nix b/hosts/architect/libreddit.nix index 7d5572c..7e153ce 100644 --- a/hosts/architect/libreddit.nix +++ b/hosts/architect/libreddit.nix @@ -3,7 +3,8 @@ let domain = "reddit.giugl.io"; network = import ./network.nix; -in { +in +{ services = { libreddit = { enable = true; @@ -13,7 +14,7 @@ in { nginx.virtualHosts.${domain} = { forceSSL = true; enableACME = true; - locations."/" = { proxyPass = "http://localhost:9090"; }; + locations."/" = { proxyPass = "http://127.0.0.1:9090"; }; }; }; From 8118462f592bd460272035bda5f0eb9e23262fc3 Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Fri, 11 Nov 2022 19:08:00 +0100 Subject: [PATCH 03/15] openid: Force nginx app, allow to change only access_role --- hosts/architect/openid.nix | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/hosts/architect/openid.nix b/hosts/architect/openid.nix index caf865b..fa11dbd 100644 --- a/hosts/architect/openid.nix +++ b/hosts/architect/openid.nix @@ -2,12 +2,12 @@ { openresty_oidc_block = - { realm, client_id, client_secret, redirect_uri, access_role ? "" }: '' + { access_role ? "" }: '' access_by_lua_block { local opts = { - discovery = "https://auth.giugl.io/realms/${realm}/.well-known/openid-configuration", - client_id = "${client_id}", - client_secret = "${client_secret}", + discovery = "https://auth.giugl.io/realms/master/.well-known/openid-configuration", + client_id = "nginx", + client_secret = "9C6BYxPhTbrRS4DIwd3Smk7e11ABmnt8", logout_path = "/logout", redirect_after_logout_uri = "/", redirect_uri = "/redirect_uri", From bf117df5312c732b8d4fc139460efa1785b76b32 Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Fri, 11 Nov 2022 19:08:57 +0100 Subject: [PATCH 04/15] bazarr, lidarr, deluge, sonarr, radarr: Switch to nginx client for openid --- hosts/architect/bazarr.nix | 12 +++++------- hosts/architect/deluge.nix | 11 ++++------- hosts/architect/lidarr.nix | 9 +++------ hosts/architect/radarr.nix | 9 +++------ hosts/architect/sonarr.nix | 9 +++------ 5 files changed, 18 insertions(+), 32 deletions(-) diff --git a/hosts/architect/bazarr.nix b/hosts/architect/bazarr.nix index 706ef3b..c6429a0 100644 --- a/hosts/architect/bazarr.nix +++ b/hosts/architect/bazarr.nix @@ -3,8 +3,9 @@ let domain = "htbaz.giugl.io"; network = import ./network.nix; - auth_block = (import ./openid.nix).openresty_oidc_block; -in { + auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block; +in +{ services = { bazarr = { enable = true; @@ -15,12 +16,9 @@ in { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://localhost:6767"; + proxyPass = "http://127.0.0.1:6767"; extraConfig = auth_block { - realm = "master"; - client_id = "bazarr"; - client_secret = "OPn4Mmto2m3dDPji1cjPfHy9W55M9JFq"; - redirect_uri = "https://${domain}"; + access_role = "bazarr"; }; }; }; diff --git a/hosts/architect/deluge.nix b/hosts/architect/deluge.nix index a3ef01d..ee5dbfa 100644 --- a/hosts/architect/deluge.nix +++ b/hosts/architect/deluge.nix @@ -3,7 +3,7 @@ let domain = "htdel.giugl.io"; network = import ./network.nix; - auth_block = (import ./openid.nix).openresty_oidc_block; + auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block; in { services = { deluge = { @@ -22,7 +22,7 @@ in { max_active_seeding = 100; max_connections_global = 1000; max_active_limit = 100; - max_active_downloading = 100; + max_active_downloading = 100; listen_ports = [ 51413 51414 ]; random_port = false; enabled_plugins = [ "Label" "Extractor" ]; @@ -37,12 +37,9 @@ in { enableACME = true; locations."/" = { - proxyPass = "http://localhost:8112"; + proxyPass = "http://127.0.0.1:8112"; extraConfig = auth_block { - realm = "master"; - client_id = "deluge"; - client_secret = "AGa1U9S1zkaM3TJVxtyx4Er76DBk1APR"; - redirect_uri = "https://${domain}"; + access_role = "deluge"; }; }; }; diff --git a/hosts/architect/lidarr.nix b/hosts/architect/lidarr.nix index c07fed5..028ab63 100644 --- a/hosts/architect/lidarr.nix +++ b/hosts/architect/lidarr.nix @@ -3,7 +3,7 @@ let domain = "htlid.giugl.io"; network = import ./network.nix; - auth_block = (import ./openid.nix).openresty_oidc_block; + auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block; in { services = { lidarr = { @@ -15,12 +15,9 @@ in { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://localhost:8686"; + proxyPass = "http://127.0.0.1:8686"; extraConfig = auth_block { - realm = "master"; - client_id = "lidarr"; - client_secret = "7s4dd1SEi84F4fUFsqRaQmSSucZhyTco"; - redirect_uri = "https://${domain}"; + access_role = "lidarr"; }; }; }; diff --git a/hosts/architect/radarr.nix b/hosts/architect/radarr.nix index f0dda97..dd3f51e 100644 --- a/hosts/architect/radarr.nix +++ b/hosts/architect/radarr.nix @@ -3,7 +3,7 @@ let domain = "htrad.giugl.io"; network = import ./network.nix; - auth_block = (import ./openid.nix).openresty_oidc_block; + auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block; in { services = { radarr = { @@ -15,12 +15,9 @@ in { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://localhost:7878"; + proxyPass = "http://127.0.0.1:7878"; extraConfig = auth_block { - realm = "master"; - client_id = "radarr"; - client_secret = "DCoeN4PwqGrAoG6Mqw73orrUjojJ1fmn"; - redirect_uri = "https://${domain}"; + access_role = "radarr"; }; }; }; diff --git a/hosts/architect/sonarr.nix b/hosts/architect/sonarr.nix index 5bccd50..d8ae0d2 100644 --- a/hosts/architect/sonarr.nix +++ b/hosts/architect/sonarr.nix @@ -3,7 +3,7 @@ let domain = "htson.giugl.io"; network = import ./network.nix; - auth_block = (import ./openid.nix).openresty_oidc_block; + auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block; in { services = { sonarr = { @@ -15,12 +15,9 @@ in { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://localhost:8989"; + proxyPass = "http://127.0.0.1:8989"; extraConfig = auth_block { - realm = "master"; - client_id = "sonarr"; - client_secret = "d36ehMSPCI3xLfOGNcnSUKZWQblyGumi"; - redirect_uri = "https://${domain}"; + access_role = "sonarr"; }; }; }; From 3eaf974a5e920a5b27eec86d52b091946d1fc21a Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Fri, 11 Nov 2022 19:09:21 +0100 Subject: [PATCH 05/15] nzbget: Switch to nginx client for openid --- hosts/architect/nzbget.nix | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) diff --git a/hosts/architect/nzbget.nix b/hosts/architect/nzbget.nix index 27fcb67..e58830f 100644 --- a/hosts/architect/nzbget.nix +++ b/hosts/architect/nzbget.nix @@ -3,7 +3,7 @@ let domain = "htnzb.giugl.io"; network = import ./network.nix; - auth_block = (import ./openid.nix).openresty_oidc_block; + auth_block = (import ./openid.nix { inherit lib; }).openresty_oidc_block; in { services = { nzbget = { @@ -15,12 +15,9 @@ in { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://localhost:6789"; + proxyPass = "http://127.0.0.1:6789"; extraConfig = auth_block { - realm = "master"; - client_id = "nzbget"; - client_secret = "tkjzdqnUoWTlGUYah5tgMqVPFMlOUvk9"; - redirect_uri = "https://${domain}"; + access_role = "nzbget"; }; }; }; From 7adfedb7c5c4b30bea71cda809e184781b2a497d Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Fri, 11 Nov 2022 19:10:02 +0100 Subject: [PATCH 06/15] plex: Use 127.0.0.1 instead of localhost, avoiding ipv6 listening adddress --- hosts/architect/plex.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/architect/plex.nix b/hosts/architect/plex.nix index b09a4c8..a06ec5e 100644 --- a/hosts/architect/plex.nix +++ b/hosts/architect/plex.nix @@ -77,7 +77,7 @@ in { proxy_redirect off; proxy_buffering off; ''; - locations."/" = { proxyPass = "http://localhost:32400"; }; + locations."/" = { proxyPass = "http://127.0.0.1:32400"; }; }; }; From 4d8742c087786d5052d2e62d06016ed537a9d01a Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Fri, 11 Nov 2022 19:10:17 +0100 Subject: [PATCH 07/15] transmission: Use 127.0.0.1 instead of localhost, avoiding ipv6 listening adddress --- hosts/architect/transmission.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/architect/transmission.nix b/hosts/architect/transmission.nix index 50a7b1d..3a068f1 100644 --- a/hosts/architect/transmission.nix +++ b/hosts/architect/transmission.nix @@ -24,7 +24,7 @@ in { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://localhost:9091"; + proxyPass = "http://127.0.0.1:9091"; extraConfig = '' allow 10.0.0.0/24; ${lib.concatMapStrings (x: "allow ${x};") network.gdevices-wg} From fac89375719510d373f7448161c908749832a316 Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Fri, 11 Nov 2022 19:10:38 +0100 Subject: [PATCH 08/15] prowlarr: Use 127.0.0.1 instead of localhost, avoiding ipv6 listening adddress --- hosts/architect/prowlarr.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/architect/prowlarr.nix b/hosts/architect/prowlarr.nix index 9120239..89deda2 100644 --- a/hosts/architect/prowlarr.nix +++ b/hosts/architect/prowlarr.nix @@ -11,7 +11,7 @@ in { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://localhost:9696"; + proxyPass = "http://127.0.0.1:9696"; extraConfig = '' allow 10.0.0.0/24; ${lib.concatMapStrings (x: "allow ${x};") network.gdevices-wg} From e17d9f5a455910f661390feb5a645eca1a7b389d Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Fri, 11 Nov 2022 19:12:24 +0100 Subject: [PATCH 09/15] calibre, gitea, invidious, matrix, minio, navidrome, nitter: Use 127.0.0.1 instead of localhost, avoiding ipv6 listening adddress --- hosts/architect/calibre.nix | 2 +- hosts/architect/gitea.nix | 2 +- hosts/architect/invidious.nix | 2 +- hosts/architect/matrix.nix | 4 ++-- hosts/architect/minio.nix | 2 +- hosts/architect/navidrome.nix | 2 +- hosts/architect/nitter.nix | 2 +- 7 files changed, 8 insertions(+), 8 deletions(-) diff --git a/hosts/architect/calibre.nix b/hosts/architect/calibre.nix index c10603b..c50d8ca 100644 --- a/hosts/architect/calibre.nix +++ b/hosts/architect/calibre.nix @@ -18,7 +18,7 @@ in { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://localhost:8083"; + proxyPass = "http://127.0.0.1:8083"; extraConfig = '' client_max_body_size 500M; ''; diff --git a/hosts/architect/gitea.nix b/hosts/architect/gitea.nix index 45bc128..9dc0902 100644 --- a/hosts/architect/gitea.nix +++ b/hosts/architect/gitea.nix @@ -18,7 +18,7 @@ in { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://localhost:3000"; + proxyPass = "http://127.0.0.1:3000"; extraConfig = '' allow 127.0.0.1; allow 10.0.0.0/24; diff --git a/hosts/architect/invidious.nix b/hosts/architect/invidious.nix index eaf9d64..e2249a8 100644 --- a/hosts/architect/invidious.nix +++ b/hosts/architect/invidious.nix @@ -13,7 +13,7 @@ in { nginx.virtualHosts.${domain} = { forceSSL = true; enableACME = true; - locations."/" = { proxyPass = "http://localhost:9092"; }; + locations."/" = { proxyPass = "http://127.0.0.1:9092"; }; }; }; diff --git a/hosts/architect/matrix.nix b/hosts/architect/matrix.nix index 49d5f66..38d24b2 100644 --- a/hosts/architect/matrix.nix +++ b/hosts/architect/matrix.nix @@ -25,7 +25,7 @@ in { ]; listeners = [{ port = 8008; - bind_addresses = [ "::1" ]; + bind_addresses = [ "127.0.0.1" ]; type = "http"; tls = false; x_forwarded = true; @@ -86,7 +86,7 @@ in { # forward all Matrix API calls to the synapse Matrix homeserver locations."/_matrix" = { - proxyPass = "http://[::1]:8008"; # without a trailing / + proxyPass = "http://127.0.0.1:8008"; # without a trailing / }; }; diff --git a/hosts/architect/minio.nix b/hosts/architect/minio.nix index 8b2a760..a4fc127 100644 --- a/hosts/architect/minio.nix +++ b/hosts/architect/minio.nix @@ -11,7 +11,7 @@ in { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://localhost:9000"; + proxyPass = "http://127.0.0.1:9000"; extraConfig = '' allow 10.0.0.0/24; ${lib.concatMapStrings (x: "allow ${x};") network.gdevices-wg} diff --git a/hosts/architect/navidrome.nix b/hosts/architect/navidrome.nix index 2803c1a..9d417bb 100644 --- a/hosts/architect/navidrome.nix +++ b/hosts/architect/navidrome.nix @@ -26,7 +26,7 @@ in { forceSSL = true; enableACME = true; locations."/" = { - proxyPass = "http://localhost:4533"; + proxyPass = "http://127.0.0.1:4533"; # extraConfig = '' # allow 10.0.0.0/24; # ${lib.concatMapStrings (x: "allow ${x};") network.gdevices-wg} diff --git a/hosts/architect/nitter.nix b/hosts/architect/nitter.nix index 980bccc..5742c76 100644 --- a/hosts/architect/nitter.nix +++ b/hosts/architect/nitter.nix @@ -21,7 +21,7 @@ in { nginx.virtualHosts.${domain} = { forceSSL = true; enableACME = true; - locations."/" = { proxyPass = "http://localhost:9093"; }; + locations."/" = { proxyPass = "http://127.0.0.1:9093"; }; }; }; From 60018c6a9e05e9da44a585798cc18a9124a72a13 Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Fri, 11 Nov 2022 19:16:42 +0100 Subject: [PATCH 10/15] architect/default: Removed unused modules, removed cudatoolkit, changed tmpOnTmpfs size, removed node from unsafe packages --- hosts/architect/default.nix | 24 +++++++----------------- 1 file changed, 7 insertions(+), 17 deletions(-) diff --git a/hosts/architect/default.nix b/hosts/architect/default.nix index 5a5a59d..1b8cff3 100644 --- a/hosts/architect/default.nix +++ b/hosts/architect/default.nix @@ -23,27 +23,24 @@ in { ./matrix.nix ./fail2ban.nix ./dns.nix - # ./minecraft.nix + ./minecraft.nix ./prowlarr.nix - # ./plex.nix - #./githubrunner.nix ./libreddit.nix ./invidious.nix ./nitter.nix - ./ccache.nix ./lidarr.nix -# ./navidrome.nix + ./navidrome.nix ./jellyfin.nix ./prosody.nix ./deluge.nix - # ./calibre.nix + ./calibre.nix ../../cachix.nix ./docker.nix + ./keycloak.nix ]; - nixpkgs.config.permittedInsecurePackages = [ "nodejs-12.22.12" ]; time.timeZone = "Europe/Rome"; - system.stateVersion = "21.11"; # Did you read the comment? + system.stateVersion = "21.11"; users.users.giulio.openssh.authorizedKeys.keys = pubkeys; boot = { initrd = { @@ -56,13 +53,6 @@ in { hostKeys = [ /secrets/ssh_host_rsa_key ]; authorizedKeys = pubkeys; }; - - # postCommands = '' - # zpool import backedpool -f - # zpool import zpool -f - - # echo "zfs load-key -ar; killall zfs" >> /root/.profile - # ''; }; }; }; @@ -88,7 +78,7 @@ in { supportedFilesystems = [ "zfs" ]; zfs.requestEncryptionCredentials = true; - tmpOnTmpfsSize = "80%"; + tmpOnTmpfsSize = "50%"; }; networking = { @@ -133,7 +123,7 @@ in { ''; }; - environment.systemPackages = with pkgs; [ cudatoolkit cachix ]; + environment.systemPackages = with pkgs; [ cachix ]; hardware = { opengl.enable = true; From 84f2d5fc6b3dca9f3ab9ea7040dc80698e419518 Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Fri, 11 Nov 2022 19:17:05 +0100 Subject: [PATCH 11/15] Remove hardware.nix.bk --- hosts/architect/hardware.nix.bk | 50 --------------------------------- 1 file changed, 50 deletions(-) delete mode 100644 hosts/architect/hardware.nix.bk diff --git a/hosts/architect/hardware.nix.bk b/hosts/architect/hardware.nix.bk deleted file mode 100644 index 6f331cb..0000000 --- a/hosts/architect/hardware.nix.bk +++ /dev/null @@ -1,50 +0,0 @@ -# Do not modify this file! It was generated by ‘nixos-generate-config’ -# and may be overwritten by future invocations. Please make changes -# to /etc/nixos/configuration.nix instead. -{ config, lib, pkgs, modulesPath, ... }: - -{ - imports = [ (modulesPath + "/installer/scan/not-detected.nix") ]; - - boot.initrd.availableKernelModules = - [ "nvme" "xhci_pci" "ahci" "usbhid" "usb_storage" "sd_mod" ]; - boot.initrd.kernelModules = [ ]; - boot.kernelModules = [ "kvm-amd" ]; - boot.extraModulePackages = [ ]; - - fileSystems."/" = { - device = "zpool/nixos/root"; - fsType = "zfs"; - }; - - fileSystems."/home" = { - device = "zpool/data/home"; - fsType = "zfs"; - }; - - fileSystems."/media" = { - device = "datapool/media"; - fsType = "zfs"; - }; - - fileSystems."/secrets" = { - device = "backedpool/secrets"; - fsType = "zfs"; - }; - - fileSystems."/var/lib" = { - device = "backedpool/services"; - fsType = "zfs"; - }; - - fileSystems."/boot" = { - device = "/dev/disk/by-uuid/AF19-5616"; - fsType = "vfat"; - }; - -# swapDevices = [{ -# device = "/dev/sdc1"; -# size = 10000; -# }]; - -} From 2e1d374c0bb0515895e432e6290b4f9ec4278030 Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Fri, 11 Nov 2022 19:17:25 +0100 Subject: [PATCH 12/15] docker: Enable module contents --- hosts/architect/docker.nix | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/hosts/architect/docker.nix b/hosts/architect/docker.nix index 9d1a8f9..6e294da 100644 --- a/hosts/architect/docker.nix +++ b/hosts/architect/docker.nix @@ -1,10 +1,10 @@ { -# virtualisation.docker = { -# enable = true; -# extraOptions = '' -# --dns 127.0.0.1 --dns 10.0.0.250 --data-root /docker -# ''; -# enableOnBoot = false; -# }; + virtualisation.docker = { + enable = true; + extraOptions = '' + --dns 127.0.0.1 --dns 10.0.0.250 --data-root /docker + ''; + enableOnBoot = false; + }; users.users.giulio.extraGroups = [ "docker" ]; } From 1a6c6a53519c5d95479416adbad5ea1c531a43d5 Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Fri, 11 Nov 2022 19:17:40 +0100 Subject: [PATCH 13/15] nextcloud: Bump to NC 25 --- hosts/architect/nextcloud.nix | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/hosts/architect/nextcloud.nix b/hosts/architect/nextcloud.nix index e6bb13b..0ddcf39 100644 --- a/hosts/architect/nextcloud.nix +++ b/hosts/architect/nextcloud.nix @@ -23,7 +23,7 @@ in { enable = true; hostName = domain; https = true; - package = pkgs.unstable.nextcloud24; + package = pkgs.unstable.nextcloud25; caching = { redis = true; From 9259ec098ed1985aadc813653645e4b087d3415a Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Fri, 11 Nov 2022 19:25:33 +0100 Subject: [PATCH 14/15] nitter: Dont use redis (conflict with Nextcloud) --- hosts/architect/nitter.nix | 1 + 1 file changed, 1 insertion(+) diff --git a/hosts/architect/nitter.nix b/hosts/architect/nitter.nix index 5742c76..29a0da9 100644 --- a/hosts/architect/nitter.nix +++ b/hosts/architect/nitter.nix @@ -7,6 +7,7 @@ in { services = { nitter = { enable = true; + redisCreateLocally = false; server = { port = 9093; hostname = domain; From d9ef1939b2d9456a80a32ec55c7ea083762c499c Mon Sep 17 00:00:00 2001 From: Giulio De Pasquale Date: Sun, 13 Nov 2022 22:04:27 +0100 Subject: [PATCH 15/15] invidious: Use unstable package --- hosts/architect/invidious.nix | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/hosts/architect/invidious.nix b/hosts/architect/invidious.nix index e2249a8..8c5a7e2 100644 --- a/hosts/architect/invidious.nix +++ b/hosts/architect/invidious.nix @@ -1,13 +1,15 @@ -{ lib, ... }: +{ lib, pkgs, ... }: let domain = "tube.giugl.io"; network = import ./network.nix; -in { +in +{ services = { invidious = { enable = true; port = 9092; + package = pkgs.unstable.invidious; }; nginx.virtualHosts.${domain} = {