Cloonar/nixos
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat: add invidious

Browse Source
This commit is contained in:
Dominik Polakovics Polakovics
2025-11-03 00:59:18 +01:00
parent 7cefa3a650
commit b57342f53e
5 changed files with 161 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
hosts/fw/modules/web/invidious-init-user.nix Normal file
View File

@@ -0,0 +1,61 @@
{ config, pkgs, ... }:
let
pythonWithBcrypt = pkgs.python3.withPackages (ps: [ ps.bcrypt ]);
in
{
# Invidious admin user initialization
# Creates the initial admin user directly in the PostgreSQL database
# Secret for admin user password
sops.secrets."invidious-admin-password" = {
sopsFile = ./secrets.yaml;
};
# One-time service to create admin user
systemd.services.invidious-init-admin-user = {
description = "Initialize Invidious admin user";
after = [ "invidious.service" "postgresql.service" ];
wants = [ "invidious.service" ];
wantedBy = [ "multi-user.target" ];
serviceConfig = {
Type = "oneshot";
User = "postgres";
RemainAfterExit = true;
LoadCredential = [ "admin_password:${config.sops.secrets."invidious-admin-password".path}" ];
};
script = ''
# Wait for Invidious to initialize the database schema
sleep 5
# Check if user already exists
USER_EXISTS=$(${pkgs.postgresql}/bin/psql -d invidious -tAc "SELECT COUNT(*) FROM users WHERE email = 'admin@cloonar.com';")
if [ "$USER_EXISTS" -eq "0" ]; then
echo "Creating admin user..."
# Read password from credential
PASSWORD=$(cat $CREDENTIALS_DIRECTORY/admin_password)
# Generate bcrypt hash
HASH=$(${pythonWithBcrypt}/bin/python3 -c "import bcrypt; import sys; print(bcrypt.hashpw('$PASSWORD'.encode(), bcrypt.gensalt(rounds=10)).decode())")
# Generate random token
TOKEN=$(head -c 32 /dev/urandom | base64 | tr -d '/+=' | head -c 32)
# Insert user into database
${pkgs.postgresql}/bin/psql -d invidious <<-SQL
INSERT INTO users (email, password, preferences, updated, notifications, subscriptions, watched, token)
VALUES ('admin@cloonar.com', '$HASH', '{}', NOW(), ARRAY[]::text[], ARRAY[]::text[], ARRAY[]::text[], '$TOKEN')
ON CONFLICT (email) DO NOTHING;
SQL
echo "Admin user created successfully"
else
echo "Admin user already exists, skipping..."
fi
'';
};
}