diff --git a/hosts/fw/modules/dnsmasq.nix b/hosts/fw/modules/dnsmasq.nix index 5dd311d..70d5ef9 100644 --- a/hosts/fw/modules/dnsmasq.nix +++ b/hosts/fw/modules/dnsmasq.nix @@ -91,8 +91,9 @@ "/omada.cloonar.com/${config.networkPrefix}.97.2" "/web-02.cloonar.com/${config.networkPrefix}.97.5" "/pla.cloonar.com/${config.networkPrefix}.97.5" - "/piped.cloonar.com/${config.networkPrefix}.97.5" - "/pipedapi.cloonar.com/${config.networkPrefix}.97.5" + "/piped.cloonar.com/${config.networkPrefix}.97.5" # Replaced by Invidious + "/pipedapi.cloonar.com/${config.networkPrefix}.97.5" # Replaced by Invidious + "/invidious.cloonar.com/${config.networkPrefix}.97.5" "/fivefilters.cloonar.com/${config.networkPrefix}.97.5" "/n8n.cloonar.com/${config.networkPrefix}.97.5" "/home-assistant.cloonar.com/${config.networkPrefix}.97.20" diff --git a/hosts/fw/modules/web/default.nix b/hosts/fw/modules/web/default.nix index dea9281..de51256 100644 --- a/hosts/fw/modules/web/default.nix +++ b/hosts/fw/modules/web/default.nix @@ -58,11 +58,12 @@ in { # ../../utils/modules/borgbackup.nix ./phpldapadmin.nix - ./zammad.nix ./proxies.nix - ./matrix.nix + # ./matrix.nix ./n8n.nix - ./piped.nix + ./piped.nix # Replaced by Invidious + # ./invidious.nix + # ./invidious-init-user.nix ]; networkPrefix = config.networkPrefix; diff --git a/hosts/fw/modules/web/invidious-init-user.nix b/hosts/fw/modules/web/invidious-init-user.nix new file mode 100644 index 0000000..69a5e45 --- /dev/null +++ b/hosts/fw/modules/web/invidious-init-user.nix @@ -0,0 +1,64 @@ +{ config, pkgs, ... }: + +let + pythonWithBcrypt = pkgs.python3.withPackages (ps: [ ps.bcrypt ]); +in +{ + # Invidious admin user initialization + # Creates the initial admin user directly in the PostgreSQL database + + # Secret for admin user password + sops.secrets."invidious-admin-password" = { + sopsFile = ./secrets.yaml; + }; + + # One-time service to create admin user + systemd.services.invidious-init-admin-user = { + description = "Initialize Invidious admin user"; + after = [ "invidious.service" "postgresql.service" ]; + wants = [ "invidious.service" ]; + wantedBy = [ "multi-user.target" ]; + + serviceConfig = { + Type = "oneshot"; + User = "postgres"; + RemainAfterExit = true; + LoadCredential = [ "admin_password:${config.sops.secrets."invidious-admin-password".path}" ]; + }; + + script = '' + # Wait for Invidious to initialize the database schema + sleep 5 + + # Check if user already exists + USER_EXISTS=$(${pkgs.postgresql}/bin/psql -d invidious -tAc "SELECT COUNT(*) FROM users WHERE email = 'admin@cloonar.com';") + + if [ "$USER_EXISTS" -eq "0" ]; then + echo "Creating admin user..." + + # Read password from credential and trim whitespace + PASSWORD=$(cat $CREDENTIALS_DIRECTORY/admin_password | tr -d '\n\r') + + # Truncate to 55 characters (Invidious password limit) + PASSWORD="''${PASSWORD:0:55}" + + # Generate bcrypt hash + HASH=$(${pythonWithBcrypt}/bin/python3 -c "import bcrypt; import sys; print(bcrypt.hashpw('$PASSWORD'.encode(), bcrypt.gensalt(rounds=10)).decode())") + + # Generate random token + TOKEN=$(head -c 32 /dev/urandom | base64 | tr -d '/+=' | head -c 32) + + # Insert user into database + ${pkgs.postgresql}/bin/psql -d invidious <<-SQL + INSERT INTO users (email, password, preferences, updated, notifications, subscriptions, watched, token) + VALUES ('admin@cloonar.com', '$HASH', '{}', NOW(), ARRAY[]::text[], ARRAY[]::text[], ARRAY[]::text[], '$TOKEN') + ON CONFLICT (email) DO NOTHING; + SQL + + echo "Admin user created successfully" + else + echo "Admin user already exists, skipping..." + fi + ''; + }; +} diff --git a/hosts/fw/modules/web/invidious.nix b/hosts/fw/modules/web/invidious.nix new file mode 100644 index 0000000..72b7114 --- /dev/null +++ b/hosts/fw/modules/web/invidious.nix @@ -0,0 +1,97 @@ +{ config, pkgs, lib, ... }: + +{ + # Invidious - Privacy-focused YouTube frontend + # Replaces Piped with native NixOS service + + # Main Invidious service + services.invidious = { + enable = true; + domain = "invidious.cloonar.com"; + port = 3000; + + # PostgreSQL database configuration + database = { + createLocally = true; + }; + + # Enable nginx reverse proxy with automatic TLS + nginx.enable = true; + + # Enable http3-ytproxy for video/image proxying + # Handles /videoplayback, /vi/, /ggpht/, /sb/ paths + http3-ytproxy.enable = true; + + # Signature helper - crashes with current YouTube player format + # sig-helper = { + # enable = true; + # }; + + # Service settings + settings = { + # Disable registration - admin user created via init script + registration_enabled = false; + + # Disable CAPTCHA (not needed for private instance) + captcha_enabled = false; + + # Database configuration + check_tables = true; + db = { + user = "invidious"; + dbname = "invidious"; + }; + + # Optional: Instance customization + default_home = "Popular"; + feed_menu = [ "Popular" "Trending" "Subscriptions" ]; + + # YouTube compatibility settings + use_quic = true; + force_resolve = "ipv4"; + }; + }; + + # Override nginx vhost configuration + services.nginx.virtualHosts."invidious.cloonar.com" = { + acmeRoot = null; + + # Complete http3-ytproxy configuration with proper headers and buffering + # This overrides the minimal config from the NixOS module + locations."~ (^/videoplayback|^/vi/|^/ggpht/|^/sb/)" = { + proxyPass = "http://unix:/run/http3-ytproxy/socket/http-proxy.sock"; + extraConfig = '' + # Enable buffering for large video files + proxy_buffering on; + proxy_buffers 1024 16k; + proxy_buffer_size 128k; + proxy_busy_buffers_size 256k; + + # Use HTTP/1.1 with keepalive for better performance + proxy_http_version 1.1; + proxy_set_header Connection ""; + + # Hide headers that might cause issues + proxy_hide_header Cache-Control; + proxy_hide_header etag; + proxy_hide_header "alt-svc"; + + # Optimize for large file transfers + sendfile on; + sendfile_max_chunk 512k; + tcp_nopush on; + + # Disable access logging for video traffic + access_log off; + ''; + }; + }; + + # Firewall configuration for Invidious + # (nginx handles external access on ports 80/443) + + # PostgreSQL backup for Invidious database + services.postgresqlBackup = { + databases = [ "invidious" ]; + }; +} diff --git a/hosts/fw/modules/web/piped.nix b/hosts/fw/modules/web/piped.nix index 146579b..b35f9f8 100644 --- a/hosts/fw/modules/web/piped.nix +++ b/hosts/fw/modules/web/piped.nix @@ -19,7 +19,7 @@ let backendConfig = pkgs.writeText "config.properties" '' # Database configuration # 10.88.0.1 is the default Podman bridge gateway IP - hibernate.connection.url=jdbc:postgresql://10.88.0.1:5432/${dbName} + hibernate.connection.url=jdbc:postgresql://10.89.0.1:5432/${dbName} hibernate.connection.driver_class=org.postgresql.Driver hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect hibernate.connection.username=${dbUser} @@ -126,7 +126,8 @@ in services.postgresqlBackup.databases = [ dbName ]; # Allow Podman containers to connect to PostgreSQL - networking.firewall.interfaces."podman0".allowedTCPPorts = [ 5432 ]; + networking.firewall.interfaces."podman1".allowedTCPPorts = [ 5432 ]; + networking.firewall.interfaces."podman1".allowedUDPPorts = [ 53 5432 ]; # Setup database password (runs before containers start) systemd.services.piped-db-init = { @@ -170,6 +171,25 @@ in # Use Podman for OCI containers virtualisation.oci-containers.backend = "podman"; + # Create Piped network for container-to-container communication + systemd.services.init-piped-network = { + description = "Create Podman network for Piped services"; + wantedBy = [ "multi-user.target" ]; + before = [ + "podman-piped-backend.service" + "podman-piped-bg-helper.service" + "podman-piped-proxy.service" + ]; + serviceConfig = { + Type = "oneshot"; + RemainAfterExit = true; + }; + script = '' + ${pkgs.podman}/bin/podman network exists piped-net || \ + ${pkgs.podman}/bin/podman network create --interface-name=podman1 --subnet=10.89.0.0/24 piped-net + ''; + }; + # Piped Backend Podman container (using custom image with iOS compatibility fixes) virtualisation.oci-containers.containers.piped-backend = { image = "git.cloonar.com/infrastructure/piped-backend:latest"; @@ -179,8 +199,8 @@ in ]; extraOptions = [ "--pull=newer" - # Using default bridge network - connects to PostgreSQL via 10.88.0.1 - # Also connects to bg-helper via container name resolution + "--network=podman" # Default bridge for PostgreSQL access at 10.88.0.1 + "--network=piped-net" # Custom network for DNS resolution to bg-helper ]; }; @@ -196,7 +216,7 @@ in ports = [ "127.0.0.1:${toString bgHelperPort}:3000" ]; extraOptions = [ "--pull=newer" - # Using default bridge network - accessible by backend via container name + "--network=piped-net" ]; }; @@ -209,6 +229,7 @@ in }; extraOptions = [ "--pull=newer" + "--network=piped-net" ]; }; diff --git a/hosts/fw/modules/web/secrets.yaml b/hosts/fw/modules/web/secrets.yaml index 22480ae..b4ed1cc 100644 --- a/hosts/fw/modules/web/secrets.yaml +++ b/hosts/fw/modules/web/secrets.yaml @@ -1,51 +1,53 @@ -borg-passphrase: ENC[AES256_GCM,data:Mmm6dr9UTFAsO/xTgQNQZdPsBiP7dcu8AC5fF36lbNHEmjTOpmHmfGWsLn6KvKh/QKeBoYTFanEtl9dhvmLrt/SS2k0=,iv:jU1Vi1OdYa3XyvR7yxq/86rClinBKZOGiLHCnmMWA3E=,tag:64RboQqNlwVjJMHeq6t+0g==,type:str] -borg-ssh-key: ENC[AES256_GCM,data:tiBWsZoedrZWqE0qLjYGnXZxqe7xJE3alYxHrxyAOFSF2s1Rxr0qYwS/CveryzDU1QkoDQ788C1fuLic40UzrJWzCQ7NysYmZPr90/xTwPcVG/PkYSa1+Sj920mHiIal0EmlmLFI+bSaHTSIPMUjCXTpFdM50yeMHVbrbNsthXrCjEedO02TvFbVNhMsoEnL5LsgsVkpGhZ9CLVWmP2+tnawut12rYVyqTsvT854uUxmllcKp6ITA9xpHPLP0W1xzsj996BIB+ROyvZq0ORCTwYWWDzRLBZDWeKbBzNtBFvB6I77gIbqwsU8RZGBL6eO4vMEZ27zJWHGmC+GDGXUci/E0nTTH3BAf1IjdnJxaKnR9skb/1Rv4sucJjufzPJHOrAZbjCADgQHJscNfKS5uNgnlxVW7qGYUqtIFni9rs2FWqwaDAdRA6raAtXvsgB4DhBvDR+ocyurS/87Zvg9P9p1R0PZYUEOVrNYmff4Vd+n76A1s3vro4BwoZOCifTg7jfCoSQSpYDhIPJAFSetFPgk88Tng76hA0SyVc+lZ/Id2iYbvRpzNBF9J52dkZBmx0280FSJBY8ENscE2EkP+5GqdgOw1rjV7pvwe2eBHgcs8TQf8PsdhaCYpwPE8TrTuQt+AUuaYHCAWf/806V9+eGuMn2Pk7GWYQEc16J/iiUYYYaYA88sdZOp5qVWwOdvKZxxvuasXWvvloGtBWhE63zweMwZsB3AiTBojezcyvlVKLY1614FplmXOk62Ve7AKg5ZkqTGX8CFSvW72HlUEBbASApjizfSlpFmEmqtckqk2kAhvM7tPagq+MJ7AQsynOEoaXvbIlva+kiHV3ySNSFNgJd7B700NHeQ4GUacG67RPfpNxS7VnT4/BwiMgPUu49klHA6jnaiojF49i1pMC2fcdVOtgqQ6c12GYwwiX2B+5e/5Z6wqlIXZOI2yjW9FwCHmbCL1VATZU+ySDLDYUsWeRhYx4FVdITlOOOZOArMKOS9y/kIbhS7tgR8daLK6mPcTGud+K+oFnUMXOgGER59nj+Ct0jTFQEhF0lQV1EB4M10+BSEsTRzYZzlGDWiLKvS4OUrEe8AiMaCgqne87y8i7z288mnw8WTPPNTKkNTTDZLCnd70Zgx2jgw2RLQB72gO65AzoI+wntbFh/hL8Dkum396vrzVi8YxYEB1O+4g6R4qqlZzQ1duIv0UhnIu/QG6YEkzn7eg/t7vl40suWDhYv3Hbt4W/1B/QdmTiUmhIExf5xsOoj8p99tqKG62F45lRkQAV6zXhHQeyvqZOqYTjumJJbaXI/UX5es3efXLerkHq37RrmblZiaGIYdyKLGl0GYw53NmW92NGTWLkkcf2ctX8rA/YeppB65KEL6stUOIxpjp8Nl8wrh8VzArJhQqyJVoALJK8lpnHhB82VuOn+XTeSKztBHcCfIA1CUQYl9GOTsgS3CnLolqJVH2BwvC09W/xbRP+eAeRzKn8ewvzh3TlHUGw1gX0zaVbSlwrjkv6Dks3/3JEqLL9SZsBVRqPKsPF1BuAATOlkUEzTY1rHN/Vk4e0suN8VJjMwcyoJ5TW8StS4oda2eO4NHvKVAsf8G5m5jRGaUo6jRy9MMORvUtfi/EAxulvCZaE6bYoDv8iNz34DaS6DrWExhLHX/glT7GRxcy1hpvqpYpb7qh1j+jNnkEGeq1CoqFUT3Tl4qNbcE6Wz+1p0N29q/Lhhh0GSDAmLdjwkozibwupB/OM+DZWAiDCtJDkqgry+JR1A/A8pSM9N/8D875WiERfW5GEuYPawp6vkLGuaxqio6c/E1STpul6UjsiAxcEE1kk3Ai5U0thtIMm3hzOq7j+ON9GDY4xV7F+j2/HeVW7eTq7T/Ek9QWbsEYVo5OHhHxvuXlTFT4sUPg8RvYIQdR+x7hBosGo1pY3arm9gkQBzKGmucQet9WQBk/bgSa9nghzctsfZ54SuSdvyhEUk0DK3eete1MCSLujSHAx885BaQG4mhUyuH2eLNtWyA7huYFnNTRVYd8wQfR7/891qxwHnoGfy57oTbLGG4iZOQWEytayiCGHUICpEcqCWPExXeTVChmZNtf5jUIyfP8nSQdLnhMv+tOaYJ9GWKP5oIouNp9W6/P+SSBjRTj4J05F8szj6CgModAFghIJo9LFQIl/VMPyXpLTw2hKel9Hn6FAiKHN+7s6WsM2YnD/4EVKF230HeGZ8cyyWHV8u65dSsyfhGgQ1/P5yoDNLy1devTkG/Npcyn5ZzAR6lifyDo/qA8ws11b0RlFOsned/8f6KR0J/3qfv4uStL4SRBIhQjtg3d5TnZp6SnN2AQDXNEBdIq+Fm7FDb4wnZWeGUWtbzeSh4Mpdv1JTXYVPU4B28+AvxBT5PxvolyR33kBeIi8lq2LzJK1g/3y3jpozoZS3LKEd1bAmODbKVZT/Piv06Apv8IbuA0ZYOVhdA3TeouWTJqtYVvJCoLdhIezMeYHm7Fe6NYOCtrX5yba/Hchb14nneKpUqgux6TyzQHoa/a5cp56cGGwzwKIeFzPN2RM+MNOL7yrlC+JTFE/hWmoT6D0jXrOEaesHesr/0c6BwcMu2E1BYgBHWwAvZpYicx/MVyHfbCik5J8U55QhydYkHHPdw80cNB58r7BxesDfraWscG+76gYu480tn1JmP7CZ5zm1LJbjYAn/2UoxGHtPILUlP0RBLk9UaMkFGyFmkklVA5gD6HqEGAXeayMPzxgjKU1feQmrgbNdnFthb/nwUGD9PH/+Oufqv0pxjDfsjJnLfdbdDmy69llTrkYF6891kgigA/+zg9D91lteLp7ZrEX6lw7uCevN0XeVEFEEYqV0imBw+zt3/P7zGu0Lw+zRAu4Ia7RuNwdetWeJSBfkyyXHZDVp7kwzPN5slMmoPPyebP6zkqEjFO/mfJSblfx+wCXXStxoSG38nbjmjaUKMK/poRim/lvFBBrFTg1RR869qc7Kw+yiXtoVjOGUMqpUBzeNL9I/T4c5n5sG+LTwWIx8FR+MlkA4+DVZ5jEqMx3Ifkmj1mjpKRNQHiUWJ9EJ8SmbDHaTQMy+bMg7pBMNgI1FZea7woClt/GGYJaBgWTnPp7UpwdmxWBFJSBkoqyfICCGBYK8ZZPT53oKcvgMPRO5Cln+RClwolkkPWJ/XDWL2wLVlOVG77+ddJnGEzNrjFRzTaE5dcUgKyJR46bu0aeI5cbwDx+PpR4hSBvmqKjdjuWf/IyTl5E0KrlMn+aER6PbOUrnriqiiEZYIaoyOyTMi2fBOtntO0uJyPkKQ9Qjo30CyW5S3opZeBfCHbb1TVC6dQ7hI2YVZWKv5QS8sz1WhHSMxmZjnW4LDjbZdiVJ4W58r7E3hw8o/W7qfm5tBkGbcNo1xLXDCIEYDqC25UGNvZCv3yg9kbmuoN1lgeZLE5pSDPg878VwHIOeN9A4oJeou+k1i32EUSQ==,iv:QENf4n4DuSfY75SAeJJXjjHXJGFT4aLkLjdzVg9N27s=,tag:e+5tdTAwkwJMfZ038EXlow==,type:str] -zammad-key-base: ENC[AES256_GCM,data:hJzv99+t/e7QtgxFxh7F/soTQe7V5JgAz3PK6eY/1gm64TyGtTp4HjfDW8LN566OCntl03Wlm0syckvVxl1sUNedbgv+mU1Dt7siGmYG4iB/tWs4QeZ7htNyD4yXmBQWCCdib6BZz7KExlFsmUsHg8VKQUdavbKLXkgmedCZMZc=,iv:BJPfAOaeEp7Mjbylw5umMvvwkMw3GNzWFvG++h0MTwo=,tag:XQ5T7FZASY+6pFjSMtsgWg==,type:str] -dendrite-private-key: ENC[AES256_GCM,data:GpLC2qiSGh9apu5nTdltuK5/rGbUcJFiyJRUsoZvTsiKfaNShiU97ZYvb80MGNgrlj9Mh5guHu9wPgQbJDj4WDFJAPBEbp4KWXj3KdG4xd4/rKMn8EsjAdTznyfYYkzA7xq5GMuNWZtTpj9LoYUOyOZy3RYzyTRANxaWQvXf/1SBymfrJVg+T/w=,iv:g2zMeqsd6fMFi0H8sjKz0NZue1SvNm830DoRY7a8OOA=,tag:ZXkelXJpquKdBcnOPCEt1w==,type:str] -matrix-shared-secret: ENC[AES256_GCM,data:Ve6hhuyFAM4VzJmQt/jBvXvMxC2fluuFfry6IvkmGSV7KtXfN6iSIzBq6eAzDrcKMSN0fjlNn/ZAVVGO,iv:3NNRFYKpzB8JYsDuydVX37oEwnS1dPd58DxAIddz3S4=,tag:ymp6ATRTICosEU6kNjowNw==,type:str] -n8n-env: ENC[AES256_GCM,data:Y/ixe5U/LXpPAHmWWSmL+C4oyh2fprZ4f6zHrMN9ha6lIW4z7gme3NZIWsDu+r2p332ILaaHxn4hB11XgjAQ7w1sdlzdX7WL782OPWbYGSxmPAtUJSDzlpYe76KNJV36BFtko5dLyccuLuVF8/xMjiNYu4p8UtLC9b3Zr9xYG5tkjOi8GmVPAQrPbm8acKcGbBt56xB0atEpidAo9daoF8W4bmwdPobikxXLuuIhIQQnBfoYn47wFoONkgyrwq24DkDkyPj147jjlrbqpjGODmtfiyxjaP+FQ80wumSKWnZi+FGbTndsUfESGnRdNZRPrEOPhLZXznO9CLGMGZEbFtd2DTszuSrCTPUeBGCnmhjk6vzTx+QxGi3yobwYBr8=,iv:EoITvKWYqoF98GP0B5FIcdYO/IYZzEvOM9tyrVsx4WE=,tag:QSYF18LeW3zwHj/8JmfqoQ==,type:str] -n8n-git-key: ENC[AES256_GCM,data:UVEkyhjhhnOd9AxZ2hA0kVvUh9D2SquEg3KXyLc8KdRZLLO72No6/JdcqXFPhvUBowhPiIPGeWTrgVC4f5TZic/R7KNziyyyPZysQa3KYpTWz+E97AJ1RxRgFUTVkA8+STcAAVVgiMVgiMkNnELQFIlRw+uVwzM2ykecLFEJkRTknJzdW4oEyeMAAE3JaOt5WMn8UzjdEmholjWrMK0n1E87GxyTeXggLnEgadAItvQy1n3U5imrY2eY30F+v0Y7wTxyWGN5x/9zP4JZVTPZBd/5Ir3zVVCjeKnjI+6aRdrHZ32s3WoOKLEeVTdBoIHmD1XFgVMgqFONEba/Q41iyKLl+6t04BKsUodR7kxVv68BNLTpNqyoCrTvFvv0APsIHbAO1CxAHGYiTAdMEeFtdCOVYGhTH7yjx9MQ52/By2Wde8uP8q+X4PzzebiEo00si5vhapMe6Kd+O+UJ2iIxH/Zv1Gh2t/wNLCU579zJWZPqwBlX96x4AhVRQwJHTQbpboD+DrEMm3i/TUyxiil+,iv:t+xD/8vYwBj43t8XeCf2aZo6FBT36E0QoiRQX9xlgHQ=,tag:LJKqbXBzdOv/UsMH/mW5Xg==,type:str] -phpldapadmin: ENC[AES256_GCM,data:/6Kat9a6NCy6fE2vBhuwVZf2wfV4D7yqHd6mrjifmnJQZSmIq3jZaHyTYXHCA475Sw/lpWML3msgJQLSrQpPr4tm/4p5n+s8+uiRp45i72FsNBowaZzSL0nWeNqAW7pzMQRsu6/UKE6ozHUnMO4r7e0F/92Xohr4yVVX6moj40uQGYU38r9UBCQZpZpcjLzCEnHkN1cSr/AJu2qVK4OaWhZ/epKb9pG89Ht9LoNet57oRTFlI2byfWbGxafvem6N4U+woyfApOpFy3eYJDmPQ041H4S6uMoyQmaMcnLjEfrXFMhF4wq9qUs=,iv:Gu99QryK+8L0e3vK1Xcu9PsglVsdGYzk6Z6iOuc1Tt8=,tag:EBVItohssCRTy8D1G2HjDA==,type:str] -piped-db-password: ENC[AES256_GCM,data:2b1ZLMGnPgBB/W1VaRROkeNxyF0pBndv577wH0rEiCkgI0yRaCzxUjhGiEY=,iv:Yr/n1eIysGBcJ+0kTXdRgpv1D0yAzL3KNBSzyvqj1Vs=,tag:7VW7RSgYp0oUA3M/ZvRn2g==,type:str] +borg-passphrase: ENC[AES256_GCM,data:8ufR69AT0KDYCyjlDM8ZteiCaOs9GgTY0GutQIb4zZqGaXmLl8+ZKZfPdISz7s12INIJzQS73Am4L4DSmLt8/Gz0v/Q=,iv:yHE6eSX7E18SthxEpsIsuw3Mab65UvQPSNEDsjQGaGo=,tag:YYC8r9Ci/Ozu+6tqseFn/Q==,type:str] +borg-ssh-key: ENC[AES256_GCM,data:9YstInAqRioQKUm2AQD1Lm8NNuyjYxfdnbGu8K8wGIaUjNPfQxFe3afv1CndWWzSs0KVZnuV8pja2+F5PwpEvvlEYIV+pdXCcUGTE9VnhmHHcQVrf9bDMgt/yca1bWBmiUJJZnn9SSO1ncUtjWWY0k/thSLylKPhAg6fo94snx8Mo89A9b1xBZfsVTBqi2cgYWZ6VGPmCVcOVv2G89m8qttj8bY1QWFXryGFHiONXwWKLafN0UNmn3++r4h+Dgdm1NX7FNRawt2CbbJ+aXuPNqtPcHJgEL43DA6LQwSK4MB57rh7iUeURBYAfC/HoHnngfPJLl8GHbAZaKlmS4vc/hJW3Or5JpJZIMR6taimYX7kklJys5kHgDoPjUqGucdPh+6d/cVTxFPaBGvIBFStljtgah3IlDyLuHO5bRKjOfZ5qSZpyCg3TZw7+cVN5RHCaIEp8AKlgIKdHTvSsWfXQsnbJ+e3gFe6P+MXC0VARFeRnT4q6ssUTj1hX7X4erwtER9fYD+ogCiDXW981GdJLssWGIy6cIg0F3JP5uOFKmnS/GnmGAyQY3Ukae3b2R3tJiABDjQ4trkBQ0b6KjH85F/KjSAVW43Wx1kO0rUGYdo/RhVVj+8DP3ECnrh2s6CpPT29/kpCSuA7C7bGkiGnDroFt4PbyveqsqlqAR9GQzz0c0u0zowxUZjeTgb76NsFfSSReTmDQ2qZbEBiW6FHe34s+lPZO3wtW6j/Z7aAf1F+EW3uvMqB7Jh9+sbDjarvGgXni5ApQzP+n7T7TOhgDbxU8mql7fb8v6ZGLv4OtQDvpoFAthe0JKY/REN5AQFL4f4oQi+GFVVEh1hZW9zssXZOWHJzlL3jljTTljZFFVBGWOk2livnf/IKs7uV5FWWBRx6MCw3wE/L4Vs3zSIBl6tTDeGOZsRnlGdCGAxIqLkUaM7OGMidyoMYHJbaxyfeLgsY6GJ1pOKIfK1bBYlHibrlq+DARZZTU2G/bdlWZZPsIMpXDo05GgSjMFRWbkL2TBWBLWO+1eaP2tkejZZWaS2Bdv70Zqa+vbJI3vGJN/f2a/kw111sVzhdKHX+F6rDmCuCZBTrxsnmXZIBRW/Kz17OL607zuCHi3s7ruA38WGufnzxacQP+V2qADvkmXtlFB8FkbLxd0RAAKUX+wAQDehN3PWItmdqBakZVXKIOa3Y9sye/tDOUdpMmHqtW9zsHkj+5sL2Zvls9XPzWrwTpR4PL7Vwl84VdeGJqmh+Mpo1wld4/IXX1egBPVABK+h+1A7aD/DKTkcawFDSs6K3o9HWvPZnCSgXhxdoFAQt2bqj9NCxs6ONNc4dQps7hGKMjcjE9UBtacUdlT9twiiGzqoUhqcCJLBqn0hrgt5hg5OQP4vNoNAZJUcZ3LbHBaZcthnSkXAuWVhnuY8gxuBVpZrVq60XQgTeV6ZQHtGBhBc7YYOqfGkudQLQyrysmvaDRoNVbKxE8TqnQfMrvsBBdT3t8iKM/+jZjZ64tMoUXz3O8qWCpChB/mMVB3zEROZptmbCh4foOQuEC4n1/dwWdSFHSNoBjzaApI3CyqQ6taxGM4owuV37RgzAarG4FeUSjSknzGkZUzLynL+3pTtcVKdR+Z7S5leHITZRp1YmLKr8+CTwixDYveSJd0uhy9GITOKS18JHqJPxyP6qrOvopnl+Nm1Oh/eum7hl3KvCHPzn0XT3vgoEzjae3Qct974ACblNMEcY2KTVNMB9ecEkexC/ZoDnacu/VpZx5uVqPpMgdRn59IjutrXPCt48HiEswbKA32kL361/wXKPLuLQ75qbxeNpoBIK95hEIB5SYL47Nz4a7mOTOkBFX6zBoeG1DdPh2jC64pIa7TCg2hk/B9sBg9YdTFp54ngtODSTYoG6tlSEycyR3972KLrpOYFQDMBwh93itxAzr9cHkw+XdHeK86wQXbhAtR6ruerYdbnBNilckFC9VrYQK6TwOJSWzyQMP9EJ4DL3oskh46oodHF/p2OedTd5o/JfI6ctXFFwJPBpQK/k1r8hXRvuSNQHsiey1Urpw1qWMB3l8KyZ7O2rvmr2kRu/QIh/pF4Dlgd0LfYr3MO+0xV7XcIESexZzi/eMdkaVvKeGXjJUmNJhxt6l50Xz6hWJWXFvdfddI9Th6LTUiMHavvMZZNDd8J4+ZD1x4Gk3cEflUiLTiHGPZnKcCbIf4Zra7CNds1VU3+N8jdaB8qjCE/Wdf0A0gcNBbT8hF/4Ypym/iV76NytrNbgF6+1NtH0GQd4+27HLPhnK0QSNkl/tl6UojJh+jy6pVo92GyTY+NEUpfECGfMKcH7OjmkKf8kJXLIzweDRrM6nEXmuEQfN7Zkf1hR/sM38OtMnAw09exZ9OG+uoFG4F0e/myraQaut9nUXGWEdxr+LA4X+ZlJmp0DboURJKrT9jgiy5Kzn++dTXQpeuMpxn0kLMMjzfumS7GdMhj8tpibyku7WeQ61Y7D01cqtzTpHsECiTLhEe3g98RcfH1Zq8DvAKLUnkIXiI0ooo3a3hKBd2m8/tyWijoVLIWhpRUl5ac/DJVwmeEItepKChsQX0ELC4VKAgzuY/a9RyZ0Qd1JUJL0w1aFs4db08ID1cZsq6frY6W/xJGExpZQR2+yzuDeGAPW1rvql8W+I4O97UO4Y4YxiBGgeXbh0ve0lUgm9mORQw+R0hRvcNkvHJC2FC6A/qp4N59OGPNkb2NCBmI/By/iIyFmP+zQKP1X+yktHX+Alez41R68lAlDrGp+5yFEViZTLnnoJoe5AsZBuyz7ij4OIaat8+6TLmeF4hbmiL3rPMAjVKfnumSZoANcPf9gi3hJ3ltKy5jfDUw3+CyVTj9YixPLRTRJjDGgOPWqhKy9UclmAA+wHq+s2D/geEmGmhvuWDw6TrJ9EqrrDNWdd7s4YRe+9C5dgxasP2NtWo5HR0wf+F3SqXyIb9zaj4aalr5Rm7p0fH7GN0Gs7aowoyKfrka6+qe+kXChKT4j+ogyUkn7+pMRnPFdh+652yfle9BADQlbRUssf/a79EUaBDvty1YXrU2BdqKCPR4OxCzyU7/Jfvn7tCPPnPjnLkwMRARwn347dK9T2+7ry8Ik1ezGrKMmGl3+uLcJ1BsNK2nCDZe07mkvRTdq/WI2iS5UGzSurp0nxVe95YzFjOwTy71yDxS5A2tI+/dVynU+McapmJqhBOpPinV8yhVyyAVQSS33iNk0xUhUw8s/MLan1XKjEIra1xgjTpKQWYIMvsza9mwbp8q0rbJv39dgC0L/mZVHbx417BE2HYHrxv3fCwdttuOUOKMZff03v0D1OyKD9X4/bjKPcEfmg3PhL2m004DDkuCpZ4wPZRCSIZ/1qHHk1KVrtnMvplm17tFI654b36TGUf4Ry8zC4iVOYPSpn+WQD+dl02FvfmDkks4TGIVfeav+9h3K14cJEFZKWkiKmELp35a8Yw==,iv:q8vIXAvmoYkvBHItDTiu0e9lUVpxKB0fNhWt2p3x8KU=,tag:m3S47WxDYVCFWxn2HuRN4w==,type:str] +zammad-key-base: ENC[AES256_GCM,data:rf9yUAaVRLIGapSBa9dWywPbQxOLNNuwB9H2L2eDZ7Hod6YzoOnX2kJmmRN3Q/VoFX4cN1HRBYHnhhaTFSphIlqWt3RMIv29vZAgSBGKqg3l1DAQPiCrXMslQCt1E3BFYMyvfKefscBI14F4C2UDSsyrfUBoEys9hMSU4nsKIXc=,iv:kLJniOc4GwuiOKniS5H2FX89+V2ymN5RClE7hlMKg0s=,tag:+p1dlhgzIMkfOaOvv2gc1w==,type:str] +invidious-hmac-key: ENC[AES256_GCM,data:6ycC0op/xwFcS07gYupToc4eBpi0+lah1Npv9A==,iv:P8I1rQaaQKM86ykdnp7nR0wVYPV5I2qSe644aqSNews=,tag:L3wD75bTOGxI/aDUpQn86g==,type:str] +invidious-admin-password: ENC[AES256_GCM,data:nLpb78d3lVb7RkVJQxE+e6kDYvA5+HkvVa0ITaTyBb8+Zap1I6fV9NGohfjrGTPTGg==,iv:0Rsw6kB0pDenltJo65ZVSVq8xvAn6HGsg+X0S5cSRJc=,tag:tGDuhCt8Wtc1ZjVZqhrDFA==,type:str] +dendrite-private-key: ENC[AES256_GCM,data:I7JRujo8/XeF8zCz6GwOqjqzW/b9ve/+FGiB7GfwRtBF33zAMBoE0kHJNvypvi4sLAB7W+BOiZvSeNU+qTuNlK9poviSbpEoMb8GQH9qL1OBW8gWqc/23h89NVxG/FPNE6eQiERwIcld7jGXuIjnCPu3tSSzrutTMgdgiTiwuMVAO9f0gcnLGWU=,iv:SchQxe8Z/vRzzDSKOJ/IHY+414vZNAyZm26/lhefpuM=,tag:RQpEnlDUuR7dK9Z4xBce+w==,type:str] +matrix-shared-secret: ENC[AES256_GCM,data:jpgIio7iGrQ8KN5CAgssi2Vufv1CTh74ObOKfwGNAD+odIt+M9fu5LAiByP11tX9X8G3GgNP1zCGSThj,iv:KlAdTN3+3aFlUNbZtHasDfw0Q4D8pIPyxbnkNXuhERw=,tag:otAuKehS/+fMG37lKtqO4w==,type:str] +n8n-env: ENC[AES256_GCM,data:rKaT9yHFXNNZk2zPPUgcaKWSwL1t8IwsACQYN9nA6uCwZryLgknW9jz57ZQ/YRxHmhARd9ucMZk0uPaHad1Iyf/XZwgUkYsYJYVtL/DU3rb4gRwdU4nvGIKTJH/LdcFMePFd48q3AuZDNXusCd6Haf54XkpJtqKJS8PYv3wbrH+1noTsKf8u4EbBaAwPofdwsFrS6jANbDY+7sf4N5Gvjn9PjaxZza1C5gqqT5Qz3chIBdbAEO8/OY6PZJ/uHtbTcCgxGFZNwzZjIlZdXGbAmzDqOFU+XnESZeW7f1T2OMTBRPdi87AdCvV4mCJVyKi0Sm7oyZKpeUnRwn98xajiEsNpkjzo0gt49w0Hs+EMB08Okg2IXFbCMPFkYX2xCSc=,iv:17jSsSMtLwBmslRN02gz5AXuRonmeA57eCr916h1g9g=,tag:sKyp0ROPB7vliyTwpl8XYQ==,type:str] +n8n-git-key: ENC[AES256_GCM,data:VUuK35Anwgwh29lGPeBdvKusIlt6Vh96i5aMy+/LVQAGtlrqmFQwK0EmLkMGqMWx924ZpuOlEo5qDriXyvzuue3SBaMlJnSeSETT3UBpDoy+cX+K+KUx5Y8q78l6mD8+uXIZIGqNz3ZQ2HUNtwvcAwlM8jWCpCPvR+e6D3XA51sMICLOMIZjORqE7qqtJpbPiRXrKS7/HL9nR5JcHwx5ukssMUL0iTbHZ9O/AxLW1U/QBFSGluCF0mu2UnvuScCpm05qmLU9COjgDayIh7RHGCDXgTRjol8Kt1pV/bj4WK9h7Nj9kl1sCEhmLn4MMB7CpORfqVY1LX3v10BdDc4o+KQUdRYdKLwWOk7RNbeDzuw1P3hRcwGzcIRusv/xKViEaJv4ju78UuHHU9RoSFxxJP9EqT7VP2hn9F3bhfAZ7DUVXfEqD5bxDwJQOiyLxePuk/JImS3FweAih7/KbPLIqkVuqjcVqH+XUduVmOQks3ZflwskL0C8elJST3zEXEPd8b3Bv0XQD0jMZPFQ+PKg,iv:ZWTWbe4MI8fItYRjxCszBLtLGp1jhO0PrSOmLxfnpok=,tag:C2MxSRYNIEhn06ucRqZkQQ==,type:str] +phpldapadmin: ENC[AES256_GCM,data:7WSqMdRm6gtndh3LhLQ7H+e32uOwGQLNr3xAVWa3Zsrs4gD6r5QSaqxGJQjwILU/gt3xj8SerDNEQKDOKBooIVm2Oa12tBo/4WAMmJB3rqasmoPuW76wEEaVzPFAV9kxy1inCzcGPnUJlKaxGkF+GNTntiQ6Q/yCkQJHbsPO1j5J7PD18tL7Zm7a3mxp3p1B1uVVPDwKPh/+rguzY33avwjld+MhaBtdrjSv4suRkCsMkJP1YPEP0m3wThd/bVz18x4bF9OkGjiz1qkVbifgKcgW+lY6igLvpC0+u2DkXqNE0pxIlvMdRZM=,iv:id2nNign8ocz+F+e2mU2cL65HIhEPnR6Em6hfzti3PY=,tag:bOyRB4CWxanHVU2pD8xtag==,type:str] +piped-db-password: ENC[AES256_GCM,data:U6rBTl31hUiuwk9iUtxZ4Gyh1XtloLcDUpXhrfgam7ctwIsHSJLa5knt2LI=,iv:ZfcUmgglfiMmBJz+vzgh8QJ8tGkKbmXWR2ukKlByG0c=,tag:XOSRlBK57WvN6plpZbZr1A==,type:str] sops: age: - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7 enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWXVacEMrN1hsaktGMDF4 - UG9xTU4zL2JydzJsb2xmZ3Fmd0NTV0IzcTM0CmVkeDBvbTFYd0ppeTZhVE9mM1N2 - QnpESlkyRE1uU3pBZTAwWURsN0xsNDQKLS0tIEgralhjRWxCMVpJZTN6U0h0QkxQ - bVkwdlBoME95d2FVUUcyck83c0prR2cKk09TB5GSeFSJEosNZOwKo2kCPj+ka/Dg - BzIRnujABAomWkAXqUECAqH3GJfcIIRy0b7m3+gXj77RGic/2so73w== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6bUR0Q3U1ZldrejRSTE5z + dU1IeThPYTZPTWVFTXBrOUo4ckJrZlVac0cwCkJ1ODcxRGdzbG0xMFI1ZlhSNWoz + aERRcHRMRXNyYVZOcGxJVzA0UGNHeW8KLS0tIG0vUkJVYk9MeWI3cXRUaEQyTUlD + bm4xUWxYaDNoMWRZNmhBeDJCQWgva28KTI0NIhKKwAl+5ERTtd+Uv4Vrc61rQXv8 + OpuwORiKD2hC+eYmdTTbzdRozRmuhW1ZV+jQsAag5a5QMJ1J/4cQvw== -----END AGE ENCRYPTED FILE----- - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0VGZYL1RyMEdlY25hbWM1 - dkQ3K2o1SXJmME16cGtXNkZnS201TjdCczFjCjRUQTFnbXN1NmNOdlFRVW1lTkVa - ckoyMWJFYm1ZL2NGNk9Cb0FWRzlJa3cKLS0tIEI2c0h0ajZmalRodUFiZTI4SUJU - cFcvb09QZHFFK3IxYWh6RytPLys0bE0KzwmDBTy3Xo6gfTlmVvKH5dlZWKeSKlPN - GgPLCQglDRXWE5VpKjKfTjI62zmkCWXkW35N+cGO+rMqMvcRrfReJw== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3RDlsR3RQcWZNSnlBRkx3 + YTFRQ1Z6VytGd3MrdXM1L1BwZ2xIWHdYWFJ3CnFSczJTelh1NitldDhubEZmMngz + bUhnOEQ1a3dNZmxKTlhRWVRKbFMyZGMKLS0tIDFja2psQnJmOG95RWpkL0RkeSta + clAvTnR3TWJaTXRqNFM3RnhyMnEzcWsKp4iGnlaGqF81vTCtr7QHfT0TF+zeT2fG + Xp/fgcUvubAvLWkaLxymF+8DXSZEipKy/M3sikiYEXBUP9WKdL92NA== -----END AGE ENCRYPTED FILE----- - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRaUV2M2tMV0JBbmh2Vzhm - WUpwM0tkSTVLMXBWVDRacHNzVDFZOUZJdFI4ClZwQ0pKM1R5bkhhQUZWaFZpRVZJ - b21iV1ptTk5KVStZRnhYQzB0SGFtUzQKLS0tIHRhMGZURmxqUVZlNExUTVkxSGEw - NWU4amk5WHFJT2JKaFR0SkdPQjQ5cVUKyfQTZUYpxbHS7emkDlVjzR3cEQ5JpMIg - COhJJj+QP4bxKH7OmLkveTsqn/WQAWvrtTVfhVZpCkl+Yb0pPxmndA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhSUI5MHJSajB0MjJUNHhZ + L3BLN09aMjRxQTh6Q3MxaktzcGJGSDlVZVRZCloxRW1yWlYwd0hGRVFYNzdidnF2 + U0EwMnhyY21mT0Z4eUc4Q2VHMmxCTk0KLS0tIFdVeDlVZzB4OWlXY0hBVUJyUnNq + U1g1MXRhTlYyTktTOTRhSVN3V1kya0kKTTxtLGwaTsZ2QhZbYeE777Fj3FJJPmbo + obE8R5CGiHT+1qrR9TqA/UKWwd7zWNruHQT3O8qhjbWKyurmqUxlqw== -----END AGE ENCRYPTED FILE----- - recipient: age1gjm4c3swt8u88e36gf2qlg3syxfc0ly94u64c42f2tsf24npw4csa6e4fw enc: | -----BEGIN AGE ENCRYPTED FILE----- - YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3NHNCL0tEcWZoVWorNytq - UnpFZjd2UDFTRUtvaTdmRnkvSVlSVzZzWkF3CkZmV2dyTGFINWlWQ1Z2UVVBaGNM - V1NnU0FoWjdEL0Q1bGdPQUhBbEo3STAKLS0tIE5uOVRtcXZ2RVNEcFMvZHltUlBG - a01mSERFdE1ycW5HeTRxbWdndC9OQU0KiCd29oWbYBmQe+3ERbdhE0g8UCUjAz1w - l8qRhxfcI7HtnROVr0kIIobcb7d6GjQZkhgOrYGCmT60TaBLoMWLNA== + YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHK0JsQ3d1MWt0a1pjVHNT + dE52K2IrTyswbTMyYiszbjBvZExvcGNNUGs4CjB2Z0p3WUEyOHU2UFloNHRIcVVa + OExQN1p0UzRJaEtMMFhZWjhPZWhOclUKLS0tIGZDb0pTYnZ2ek02S3c1OXhBVjZ1 + dE9JSGJKd0JKQVE4eXN2UWh5WHVUc2MKWjLJFNm7Ithf1qEOMBb6pxRp91dR1MzP + 0En9N1BxtK/LP66OVWTl6c7rnmx/domdt5YRQusXuWDL3yg05hEfqA== -----END AGE ENCRYPTED FILE----- - lastmodified: "2025-11-02T12:57:44Z" - mac: ENC[AES256_GCM,data:1npcpm/DoSEurDvRzdzmqe3WEhR9uzW9pz1tDLIiMVZznwvCnltWslVjUcG8xTSzW9wTdV3yxhjy+DDwy/nj9KyHbsd/zwAddYIsXaF9ob/jn38qtA0S1DLUpqBqL9TS8jjqhnYmRyJD7E8x9KH59S5itzZ647yiz6zutGU2rjU=,iv:slLIW/HPhPcfYo6PxO2rBwUK2BwzdJ4vqtPaecOTP+k=,tag:JoiSK4v+FawrKNltU+4eRw==,type:str] + lastmodified: "2025-11-03T00:25:45Z" + mac: ENC[AES256_GCM,data:pJPxZS3FIXyQuo65ya4osPZCGz09fpQ4FDzl2rVj95Xg5nWokEqFh9HJdp8YgWTa71PsxJEZSguYtpORrTNtn/yp1/GhdzZgf8gZhzl0TZhna/Yc6anrOJpdLE0RICBDUJC78heeWJe9QWguiDu5y+WHn+q8khHG2dyvOOUza68=,iv:Of8DcXBhBxDtEi+tFVYFVy5g3RpgJ2mykAvTsLtL19c=,tag:o4IkNmzHS/qhrMBXt2PMbw==,type:str] unencrypted_suffix: _unencrypted version: 3.11.0 diff --git a/hosts/web-arm/modules/blackbox-exporter.nix b/hosts/web-arm/modules/blackbox-exporter.nix index 6ba61c9..b9741ea 100644 --- a/hosts/web-arm/modules/blackbox-exporter.nix +++ b/hosts/web-arm/modules/blackbox-exporter.nix @@ -32,6 +32,9 @@ in { "victoria-server.cloonar.com" "updns.cloonar.com" "feeds.jordanrannells.com" + "invidious.cloonar.com" + "piped.cloonar.com" + "pipedapi.cloonar.com" ]; }; # Systemd service for Blackbox Exporter