fix: piped

fix: invidious password
feat: add invidious
2025-11-03 12:12:14 +01:00 · 2025-11-03 01:38:16 +01:00 · 2025-11-03 00:59:18 +01:00
7 changed files with 230 additions and 41 deletions
--- a/hosts/fw/modules/dnsmasq.nix
+++ b/hosts/fw/modules/dnsmasq.nix
@@ -91,8 +91,9 @@
        "/omada.cloonar.com/${config.networkPrefix}.97.2"
        "/web-02.cloonar.com/${config.networkPrefix}.97.5"
        "/pla.cloonar.com/${config.networkPrefix}.97.5"
-        "/piped.cloonar.com/${config.networkPrefix}.97.5"
-        "/pipedapi.cloonar.com/${config.networkPrefix}.97.5"
+        "/piped.cloonar.com/${config.networkPrefix}.97.5"  # Replaced by Invidious
+        "/pipedapi.cloonar.com/${config.networkPrefix}.97.5"  # Replaced by Invidious
+        "/invidious.cloonar.com/${config.networkPrefix}.97.5"
        "/fivefilters.cloonar.com/${config.networkPrefix}.97.5"
        "/n8n.cloonar.com/${config.networkPrefix}.97.5"
        "/home-assistant.cloonar.com/${config.networkPrefix}.97.20"
--- a/hosts/fw/modules/web/default.nix
+++ b/hosts/fw/modules/web/default.nix
@@ -58,11 +58,12 @@ in {
          # ../../utils/modules/borgbackup.nix

          ./phpldapadmin.nix
-          ./zammad.nix
          ./proxies.nix
-          ./matrix.nix
+          # ./matrix.nix
          ./n8n.nix
-          ./piped.nix
+          ./piped.nix  # Replaced by Invidious
+          # ./invidious.nix
+          # ./invidious-init-user.nix
        ];

        networkPrefix = config.networkPrefix;
--- a/hosts/fw/modules/web/invidious-init-user.nix
+++ b/hosts/fw/modules/web/invidious-init-user.nix
@@ -0,0 +1,64 @@
+{ config, pkgs, ... }:
+
+let
+  pythonWithBcrypt = pkgs.python3.withPackages (ps: [ ps.bcrypt ]);
+in
+{
+  # Invidious admin user initialization
+  # Creates the initial admin user directly in the PostgreSQL database
+
+  # Secret for admin user password
+  sops.secrets."invidious-admin-password" = {
+    sopsFile = ./secrets.yaml;
+  };
+
+  # One-time service to create admin user
+  systemd.services.invidious-init-admin-user = {
+    description = "Initialize Invidious admin user";
+    after = [ "invidious.service" "postgresql.service" ];
+    wants = [ "invidious.service" ];
+    wantedBy = [ "multi-user.target" ];
+
+    serviceConfig = {
+      Type = "oneshot";
+      User = "postgres";
+      RemainAfterExit = true;
+      LoadCredential = [ "admin_password:${config.sops.secrets."invidious-admin-password".path}" ];
+    };
+
+    script = ''
+      # Wait for Invidious to initialize the database schema
+      sleep 5
+
+      # Check if user already exists
+      USER_EXISTS=$(${pkgs.postgresql}/bin/psql -d invidious -tAc "SELECT COUNT(*) FROM users WHERE email = 'admin@cloonar.com';")
+
+      if [ "$USER_EXISTS" -eq "0" ]; then
+        echo "Creating admin user..."
+
+        # Read password from credential and trim whitespace
+        PASSWORD=$(cat $CREDENTIALS_DIRECTORY/admin_password | tr -d '\n\r')
+
+        # Truncate to 55 characters (Invidious password limit)
+        PASSWORD="''${PASSWORD:0:55}"
+
+        # Generate bcrypt hash
+        HASH=$(${pythonWithBcrypt}/bin/python3 -c "import bcrypt; import sys; print(bcrypt.hashpw('$PASSWORD'.encode(), bcrypt.gensalt(rounds=10)).decode())")
+
+        # Generate random token
+        TOKEN=$(head -c 32 /dev/urandom | base64 | tr -d '/+=' | head -c 32)
+
+        # Insert user into database
+        ${pkgs.postgresql}/bin/psql -d invidious <<-SQL
+          INSERT INTO users (email, password, preferences, updated, notifications, subscriptions, watched, token)
+          VALUES ('admin@cloonar.com', '$HASH', '{}', NOW(), ARRAY[]::text[], ARRAY[]::text[], ARRAY[]::text[], '$TOKEN')
+          ON CONFLICT (email) DO NOTHING;
+      SQL
+
+        echo "Admin user created successfully"
+      else
+        echo "Admin user already exists, skipping..."
+      fi
+    '';
+  };
+}
--- a/hosts/fw/modules/web/invidious.nix
+++ b/hosts/fw/modules/web/invidious.nix
@@ -0,0 +1,97 @@
+{ config, pkgs, lib, ... }:
+
+{
+  # Invidious - Privacy-focused YouTube frontend
+  # Replaces Piped with native NixOS service
+
+  # Main Invidious service
+  services.invidious = {
+    enable = true;
+    domain = "invidious.cloonar.com";
+    port = 3000;
+
+    # PostgreSQL database configuration
+    database = {
+      createLocally = true;
+    };
+
+    # Enable nginx reverse proxy with automatic TLS
+    nginx.enable = true;
+
+    # Enable http3-ytproxy for video/image proxying
+    # Handles /videoplayback, /vi/, /ggpht/, /sb/ paths
+    http3-ytproxy.enable = true;
+
+    # Signature helper - crashes with current YouTube player format
+    # sig-helper = {
+    #   enable = true;
+    # };
+
+    # Service settings
+    settings = {
+      # Disable registration - admin user created via init script
+      registration_enabled = false;
+
+      # Disable CAPTCHA (not needed for private instance)
+      captcha_enabled = false;
+
+      # Database configuration
+      check_tables = true;
+      db = {
+        user = "invidious";
+        dbname = "invidious";
+      };
+
+      # Optional: Instance customization
+      default_home = "Popular";
+      feed_menu = [ "Popular" "Trending" "Subscriptions" ];
+
+      # YouTube compatibility settings
+      use_quic = true;
+      force_resolve = "ipv4";
+    };
+  };
+
+  # Override nginx vhost configuration
+  services.nginx.virtualHosts."invidious.cloonar.com" = {
+    acmeRoot = null;
+
+    # Complete http3-ytproxy configuration with proper headers and buffering
+    # This overrides the minimal config from the NixOS module
+    locations."~ (^/videoplayback|^/vi/|^/ggpht/|^/sb/)" = {
+      proxyPass = "http://unix:/run/http3-ytproxy/socket/http-proxy.sock";
+      extraConfig = ''
+        # Enable buffering for large video files
+        proxy_buffering on;
+        proxy_buffers 1024 16k;
+        proxy_buffer_size 128k;
+        proxy_busy_buffers_size 256k;
+
+        # Use HTTP/1.1 with keepalive for better performance
+        proxy_http_version 1.1;
+        proxy_set_header Connection "";
+
+        # Hide headers that might cause issues
+        proxy_hide_header Cache-Control;
+        proxy_hide_header etag;
+        proxy_hide_header "alt-svc";
+
+        # Optimize for large file transfers
+        sendfile on;
+        sendfile_max_chunk 512k;
+        tcp_nopush on;
+
+        # Disable access logging for video traffic
+        access_log off;
+      '';
+    };
+  };
+
+  # Firewall configuration for Invidious
+  # (nginx handles external access on ports 80/443)
+
+  # PostgreSQL backup for Invidious database
+  services.postgresqlBackup = {
+    databases = [ "invidious" ];
+  };
+}
--- a/hosts/fw/modules/web/piped.nix
+++ b/hosts/fw/modules/web/piped.nix
@@ -19,7 +19,7 @@ let
  backendConfig = pkgs.writeText "config.properties" ''
    # Database configuration
    # 10.88.0.1 is the default Podman bridge gateway IP
-    hibernate.connection.url=jdbc:postgresql://10.88.0.1:5432/${dbName}
+    hibernate.connection.url=jdbc:postgresql://10.89.0.1:5432/${dbName}
    hibernate.connection.driver_class=org.postgresql.Driver
    hibernate.dialect=org.hibernate.dialect.PostgreSQLDialect
    hibernate.connection.username=${dbUser}
@@ -126,7 +126,8 @@ in
  services.postgresqlBackup.databases = [ dbName ];

  # Allow Podman containers to connect to PostgreSQL
-  networking.firewall.interfaces."podman0".allowedTCPPorts = [ 5432 ];
+  networking.firewall.interfaces."podman1".allowedTCPPorts = [ 5432 ];
+  networking.firewall.interfaces."podman1".allowedUDPPorts = [ 53 5432 ];

  # Setup database password (runs before containers start)
  systemd.services.piped-db-init = {
@@ -170,6 +171,25 @@ in
  # Use Podman for OCI containers
  virtualisation.oci-containers.backend = "podman";

+  # Create Piped network for container-to-container communication
+  systemd.services.init-piped-network = {
+    description = "Create Podman network for Piped services";
+    wantedBy = [ "multi-user.target" ];
+    before = [
+      "podman-piped-backend.service"
+      "podman-piped-bg-helper.service"
+      "podman-piped-proxy.service"
+    ];
+    serviceConfig = {
+      Type = "oneshot";
+      RemainAfterExit = true;
+    };
+    script = ''
+      ${pkgs.podman}/bin/podman network exists piped-net || \
+      ${pkgs.podman}/bin/podman network create --interface-name=podman1 --subnet=10.89.0.0/24 piped-net
+    '';
+  };
+
  # Piped Backend Podman container (using custom image with iOS compatibility fixes)
  virtualisation.oci-containers.containers.piped-backend = {
    image = "git.cloonar.com/infrastructure/piped-backend:latest";
@@ -179,8 +199,8 @@ in
    ];
    extraOptions = [
      "--pull=newer"
-      # Using default bridge network - connects to PostgreSQL via 10.88.0.1
-      # Also connects to bg-helper via container name resolution
+      "--network=podman"  # Default bridge for PostgreSQL access at 10.88.0.1
+      "--network=piped-net"  # Custom network for DNS resolution to bg-helper
    ];
  };

@@ -196,7 +216,7 @@ in
    ports = [ "127.0.0.1:${toString bgHelperPort}:3000" ];
    extraOptions = [
      "--pull=newer"
-      # Using default bridge network - accessible by backend via container name
+      "--network=piped-net"
    ];
  };

@@ -209,6 +229,7 @@ in
    };
    extraOptions = [
      "--pull=newer"
+      "--network=piped-net"
    ];
  };

--- a/hosts/fw/modules/web/secrets.yaml
+++ b/hosts/fw/modules/web/secrets.yaml
@@ -1,51 +1,53 @@
-borg-passphrase: ENC[AES256_GCM,data:Mmm6dr9UTFAsO/xTgQNQZdPsBiP7dcu8AC5fF36lbNHEmjTOpmHmfGWsLn6KvKh/QKeBoYTFanEtl9dhvmLrt/SS2k0=,iv:jU1Vi1OdYa3XyvR7yxq/86rClinBKZOGiLHCnmMWA3E=,tag:64RboQqNlwVjJMHeq6t+0g==,type:str]
-borg-ssh-key: ENC[AES256_GCM,data:tiBWsZoedrZWqE0qLjYGnXZxqe7xJE3alYxHrxyAOFSF2s1Rxr0qYwS/CveryzDU1QkoDQ788C1fuLic40UzrJWzCQ7NysYmZPr90/xTwPcVG/PkYSa1+Sj920mHiIal0EmlmLFI+bSaHTSIPMUjCXTpFdM50yeMHVbrbNsthXrCjEedO02TvFbVNhMsoEnL5LsgsVkpGhZ9CLVWmP2+tnawut12rYVyqTsvT854uUxmllcKp6ITA9xpHPLP0W1xzsj996BIB+ROyvZq0ORCTwYWWDzRLBZDWeKbBzNtBFvB6I77gIbqwsU8RZGBL6eO4vMEZ27zJWHGmC+GDGXUci/E0nTTH3BAf1IjdnJxaKnR9skb/1Rv4sucJjufzPJHOrAZbjCADgQHJscNfKS5uNgnlxVW7qGYUqtIFni9rs2FWqwaDAdRA6raAtXvsgB4DhBvDR+ocyurS/87Zvg9P9p1R0PZYUEOVrNYmff4Vd+n76A1s3vro4BwoZOCifTg7jfCoSQSpYDhIPJAFSetFPgk88Tng76hA0SyVc+lZ/Id2iYbvRpzNBF9J52dkZBmx0280FSJBY8ENscE2EkP+5GqdgOw1rjV7pvwe2eBHgcs8TQf8PsdhaCYpwPE8TrTuQt+AUuaYHCAWf/806V9+eGuMn2Pk7GWYQEc16J/iiUYYYaYA88sdZOp5qVWwOdvKZxxvuasXWvvloGtBWhE63zweMwZsB3AiTBojezcyvlVKLY1614FplmXOk62Ve7AKg5ZkqTGX8CFSvW72HlUEBbASApjizfSlpFmEmqtckqk2kAhvM7tPagq+MJ7AQsynOEoaXvbIlva+kiHV3ySNSFNgJd7B700NHeQ4GUacG67RPfpNxS7VnT4/BwiMgPUu49klHA6jnaiojF49i1pMC2fcdVOtgqQ6c12GYwwiX2B+5e/5Z6wqlIXZOI2yjW9FwCHmbCL1VATZU+ySDLDYUsWeRhYx4FVdITlOOOZOArMKOS9y/kIbhS7tgR8daLK6mPcTGud+K+oFnUMXOgGER59nj+Ct0jTFQEhF0lQV1EB4M10+BSEsTRzYZzlGDWiLKvS4OUrEe8AiMaCgqne87y8i7z288mnw8WTPPNTKkNTTDZLCnd70Zgx2jgw2RLQB72gO65AzoI+wntbFh/hL8Dkum396vrzVi8YxYEB1O+4g6R4qqlZzQ1duIv0UhnIu/QG6YEkzn7eg/t7vl40suWDhYv3Hbt4W/1B/QdmTiUmhIExf5xsOoj8p99tqKG62F45lRkQAV6zXhHQeyvqZOqYTjumJJbaXI/UX5es3efXLerkHq37RrmblZiaGIYdyKLGl0GYw53NmW92NGTWLkkcf2ctX8rA/YeppB65KEL6stUOIxpjp8Nl8wrh8VzArJhQqyJVoALJK8lpnHhB82VuOn+XTeSKztBHcCfIA1CUQYl9GOTsgS3CnLolqJVH2BwvC09W/xbRP+eAeRzKn8ewvzh3TlHUGw1gX0zaVbSlwrjkv6Dks3/3JEqLL9SZsBVRqPKsPF1BuAATOlkUEzTY1rHN/Vk4e0suN8VJjMwcyoJ5TW8StS4oda2eO4NHvKVAsf8G5m5jRGaUo6jRy9MMORvUtfi/EAxulvCZaE6bYoDv8iNz34DaS6DrWExhLHX/glT7GRxcy1hpvqpYpb7qh1j+jNnkEGeq1CoqFUT3Tl4qNbcE6Wz+1p0N29q/Lhhh0GSDAmLdjwkozibwupB/OM+DZWAiDCtJDkqgry+JR1A/A8pSM9N/8D875WiERfW5GEuYPawp6vkLGuaxqio6c/E1STpul6UjsiAxcEE1kk3Ai5U0thtIMm3hzOq7j+ON9GDY4xV7F+j2/HeVW7eTq7T/Ek9QWbsEYVo5OHhHxvuXlTFT4sUPg8RvYIQdR+x7hBosGo1pY3arm9gkQBzKGmucQet9WQBk/bgSa9nghzctsfZ54SuSdvyhEUk0DK3eete1MCSLujSHAx885BaQG4mhUyuH2eLNtWyA7huYFnNTRVYd8wQfR7/891qxwHnoGfy57oTbLGG4iZOQWEytayiCGHUICpEcqCWPExXeTVChmZNtf5jUIyfP8nSQdLnhMv+tOaYJ9GWKP5oIouNp9W6/P+SSBjRTj4J05F8szj6CgModAFghIJo9LFQIl/VMPyXpLTw2hKel9Hn6FAiKHN+7s6WsM2YnD/4EVKF230HeGZ8cyyWHV8u65dSsyfhGgQ1/P5yoDNLy1devTkG/Npcyn5ZzAR6lifyDo/qA8ws11b0RlFOsned/8f6KR0J/3qfv4uStL4SRBIhQjtg3d5TnZp6SnN2AQDXNEBdIq+Fm7FDb4wnZWeGUWtbzeSh4Mpdv1JTXYVPU4B28+AvxBT5PxvolyR33kBeIi8lq2LzJK1g/3y3jpozoZS3LKEd1bAmODbKVZT/Piv06Apv8IbuA0ZYOVhdA3TeouWTJqtYVvJCoLdhIezMeYHm7Fe6NYOCtrX5yba/Hchb14nneKpUqgux6TyzQHoa/a5cp56cGGwzwKIeFzPN2RM+MNOL7yrlC+JTFE/hWmoT6D0jXrOEaesHesr/0c6BwcMu2E1BYgBHWwAvZpYicx/MVyHfbCik5J8U55QhydYkHHPdw80cNB58r7BxesDfraWscG+76gYu480tn1JmP7CZ5zm1LJbjYAn/2UoxGHtPILUlP0RBLk9UaMkFGyFmkklVA5gD6HqEGAXeayMPzxgjKU1feQmrgbNdnFthb/nwUGD9PH/+Oufqv0pxjDfsjJnLfdbdDmy69llTrkYF6891kgigA/+zg9D91lteLp7ZrEX6lw7uCevN0XeVEFEEYqV0imBw+zt3/P7zGu0Lw+zRAu4Ia7RuNwdetWeJSBfkyyXHZDVp7kwzPN5slMmoPPyebP6zkqEjFO/mfJSblfx+wCXXStxoSG38nbjmjaUKMK/poRim/lvFBBrFTg1RR869qc7Kw+yiXtoVjOGUMqpUBzeNL9I/T4c5n5sG+LTwWIx8FR+MlkA4+DVZ5jEqMx3Ifkmj1mjpKRNQHiUWJ9EJ8SmbDHaTQMy+bMg7pBMNgI1FZea7woClt/GGYJaBgWTnPp7UpwdmxWBFJSBkoqyfICCGBYK8ZZPT53oKcvgMPRO5Cln+RClwolkkPWJ/XDWL2wLVlOVG77+ddJnGEzNrjFRzTaE5dcUgKyJR46bu0aeI5cbwDx+PpR4hSBvmqKjdjuWf/IyTl5E0KrlMn+aER6PbOUrnriqiiEZYIaoyOyTMi2fBOtntO0uJyPkKQ9Qjo30CyW5S3opZeBfCHbb1TVC6dQ7hI2YVZWKv5QS8sz1WhHSMxmZjnW4LDjbZdiVJ4W58r7E3hw8o/W7qfm5tBkGbcNo1xLXDCIEYDqC25UGNvZCv3yg9kbmuoN1lgeZLE5pSDPg878VwHIOeN9A4oJeou+k1i32EUSQ==,iv:QENf4n4DuSfY75SAeJJXjjHXJGFT4aLkLjdzVg9N27s=,tag:e+5tdTAwkwJMfZ038EXlow==,type:str]
-zammad-key-base: ENC[AES256_GCM,data:hJzv99+t/e7QtgxFxh7F/soTQe7V5JgAz3PK6eY/1gm64TyGtTp4HjfDW8LN566OCntl03Wlm0syckvVxl1sUNedbgv+mU1Dt7siGmYG4iB/tWs4QeZ7htNyD4yXmBQWCCdib6BZz7KExlFsmUsHg8VKQUdavbKLXkgmedCZMZc=,iv:BJPfAOaeEp7Mjbylw5umMvvwkMw3GNzWFvG++h0MTwo=,tag:XQ5T7FZASY+6pFjSMtsgWg==,type:str]
-dendrite-private-key: ENC[AES256_GCM,data:GpLC2qiSGh9apu5nTdltuK5/rGbUcJFiyJRUsoZvTsiKfaNShiU97ZYvb80MGNgrlj9Mh5guHu9wPgQbJDj4WDFJAPBEbp4KWXj3KdG4xd4/rKMn8EsjAdTznyfYYkzA7xq5GMuNWZtTpj9LoYUOyOZy3RYzyTRANxaWQvXf/1SBymfrJVg+T/w=,iv:g2zMeqsd6fMFi0H8sjKz0NZue1SvNm830DoRY7a8OOA=,tag:ZXkelXJpquKdBcnOPCEt1w==,type:str]
-matrix-shared-secret: ENC[AES256_GCM,data:Ve6hhuyFAM4VzJmQt/jBvXvMxC2fluuFfry6IvkmGSV7KtXfN6iSIzBq6eAzDrcKMSN0fjlNn/ZAVVGO,iv:3NNRFYKpzB8JYsDuydVX37oEwnS1dPd58DxAIddz3S4=,tag:ymp6ATRTICosEU6kNjowNw==,type:str]
-n8n-env: ENC[AES256_GCM,data:Y/ixe5U/LXpPAHmWWSmL+C4oyh2fprZ4f6zHrMN9ha6lIW4z7gme3NZIWsDu+r2p332ILaaHxn4hB11XgjAQ7w1sdlzdX7WL782OPWbYGSxmPAtUJSDzlpYe76KNJV36BFtko5dLyccuLuVF8/xMjiNYu4p8UtLC9b3Zr9xYG5tkjOi8GmVPAQrPbm8acKcGbBt56xB0atEpidAo9daoF8W4bmwdPobikxXLuuIhIQQnBfoYn47wFoONkgyrwq24DkDkyPj147jjlrbqpjGODmtfiyxjaP+FQ80wumSKWnZi+FGbTndsUfESGnRdNZRPrEOPhLZXznO9CLGMGZEbFtd2DTszuSrCTPUeBGCnmhjk6vzTx+QxGi3yobwYBr8=,iv:EoITvKWYqoF98GP0B5FIcdYO/IYZzEvOM9tyrVsx4WE=,tag:QSYF18LeW3zwHj/8JmfqoQ==,type:str]
-n8n-git-key: ENC[AES256_GCM,data:UVEkyhjhhnOd9AxZ2hA0kVvUh9D2SquEg3KXyLc8KdRZLLO72No6/JdcqXFPhvUBowhPiIPGeWTrgVC4f5TZic/R7KNziyyyPZysQa3KYpTWz+E97AJ1RxRgFUTVkA8+STcAAVVgiMVgiMkNnELQFIlRw+uVwzM2ykecLFEJkRTknJzdW4oEyeMAAE3JaOt5WMn8UzjdEmholjWrMK0n1E87GxyTeXggLnEgadAItvQy1n3U5imrY2eY30F+v0Y7wTxyWGN5x/9zP4JZVTPZBd/5Ir3zVVCjeKnjI+6aRdrHZ32s3WoOKLEeVTdBoIHmD1XFgVMgqFONEba/Q41iyKLl+6t04BKsUodR7kxVv68BNLTpNqyoCrTvFvv0APsIHbAO1CxAHGYiTAdMEeFtdCOVYGhTH7yjx9MQ52/By2Wde8uP8q+X4PzzebiEo00si5vhapMe6Kd+O+UJ2iIxH/Zv1Gh2t/wNLCU579zJWZPqwBlX96x4AhVRQwJHTQbpboD+DrEMm3i/TUyxiil+,iv:t+xD/8vYwBj43t8XeCf2aZo6FBT36E0QoiRQX9xlgHQ=,tag:LJKqbXBzdOv/UsMH/mW5Xg==,type:str]
-phpldapadmin: ENC[AES256_GCM,data:/6Kat9a6NCy6fE2vBhuwVZf2wfV4D7yqHd6mrjifmnJQZSmIq3jZaHyTYXHCA475Sw/lpWML3msgJQLSrQpPr4tm/4p5n+s8+uiRp45i72FsNBowaZzSL0nWeNqAW7pzMQRsu6/UKE6ozHUnMO4r7e0F/92Xohr4yVVX6moj40uQGYU38r9UBCQZpZpcjLzCEnHkN1cSr/AJu2qVK4OaWhZ/epKb9pG89Ht9LoNet57oRTFlI2byfWbGxafvem6N4U+woyfApOpFy3eYJDmPQ041H4S6uMoyQmaMcnLjEfrXFMhF4wq9qUs=,iv:Gu99QryK+8L0e3vK1Xcu9PsglVsdGYzk6Z6iOuc1Tt8=,tag:EBVItohssCRTy8D1G2HjDA==,type:str]
-piped-db-password: ENC[AES256_GCM,data:2b1ZLMGnPgBB/W1VaRROkeNxyF0pBndv577wH0rEiCkgI0yRaCzxUjhGiEY=,iv:Yr/n1eIysGBcJ+0kTXdRgpv1D0yAzL3KNBSzyvqj1Vs=,tag:7VW7RSgYp0oUA3M/ZvRn2g==,type:str]
+borg-passphrase: ENC[AES256_GCM,data:8ufR69AT0KDYCyjlDM8ZteiCaOs9GgTY0GutQIb4zZqGaXmLl8+ZKZfPdISz7s12INIJzQS73Am4L4DSmLt8/Gz0v/Q=,iv:yHE6eSX7E18SthxEpsIsuw3Mab65UvQPSNEDsjQGaGo=,tag:YYC8r9Ci/Ozu+6tqseFn/Q==,type:str]
+borg-ssh-key: ENC[AES256_GCM,data:9YstInAqRioQKUm2AQD1Lm8NNuyjYxfdnbGu8K8wGIaUjNPfQxFe3afv1CndWWzSs0KVZnuV8pja2+F5PwpEvvlEYIV+pdXCcUGTE9VnhmHHcQVrf9bDMgt/yca1bWBmiUJJZnn9SSO1ncUtjWWY0k/thSLylKPhAg6fo94snx8Mo89A9b1xBZfsVTBqi2cgYWZ6VGPmCVcOVv2G89m8qttj8bY1QWFXryGFHiONXwWKLafN0UNmn3++r4h+Dgdm1NX7FNRawt2CbbJ+aXuPNqtPcHJgEL43DA6LQwSK4MB57rh7iUeURBYAfC/HoHnngfPJLl8GHbAZaKlmS4vc/hJW3Or5JpJZIMR6taimYX7kklJys5kHgDoPjUqGucdPh+6d/cVTxFPaBGvIBFStljtgah3IlDyLuHO5bRKjOfZ5qSZpyCg3TZw7+cVN5RHCaIEp8AKlgIKdHTvSsWfXQsnbJ+e3gFe6P+MXC0VARFeRnT4q6ssUTj1hX7X4erwtER9fYD+ogCiDXW981GdJLssWGIy6cIg0F3JP5uOFKmnS/GnmGAyQY3Ukae3b2R3tJiABDjQ4trkBQ0b6KjH85F/KjSAVW43Wx1kO0rUGYdo/RhVVj+8DP3ECnrh2s6CpPT29/kpCSuA7C7bGkiGnDroFt4PbyveqsqlqAR9GQzz0c0u0zowxUZjeTgb76NsFfSSReTmDQ2qZbEBiW6FHe34s+lPZO3wtW6j/Z7aAf1F+EW3uvMqB7Jh9+sbDjarvGgXni5ApQzP+n7T7TOhgDbxU8mql7fb8v6ZGLv4OtQDvpoFAthe0JKY/REN5AQFL4f4oQi+GFVVEh1hZW9zssXZOWHJzlL3jljTTljZFFVBGWOk2livnf/IKs7uV5FWWBRx6MCw3wE/L4Vs3zSIBl6tTDeGOZsRnlGdCGAxIqLkUaM7OGMidyoMYHJbaxyfeLgsY6GJ1pOKIfK1bBYlHibrlq+DARZZTU2G/bdlWZZPsIMpXDo05GgSjMFRWbkL2TBWBLWO+1eaP2tkejZZWaS2Bdv70Zqa+vbJI3vGJN/f2a/kw111sVzhdKHX+F6rDmCuCZBTrxsnmXZIBRW/Kz17OL607zuCHi3s7ruA38WGufnzxacQP+V2qADvkmXtlFB8FkbLxd0RAAKUX+wAQDehN3PWItmdqBakZVXKIOa3Y9sye/tDOUdpMmHqtW9zsHkj+5sL2Zvls9XPzWrwTpR4PL7Vwl84VdeGJqmh+Mpo1wld4/IXX1egBPVABK+h+1A7aD/DKTkcawFDSs6K3o9HWvPZnCSgXhxdoFAQt2bqj9NCxs6ONNc4dQps7hGKMjcjE9UBtacUdlT9twiiGzqoUhqcCJLBqn0hrgt5hg5OQP4vNoNAZJUcZ3LbHBaZcthnSkXAuWVhnuY8gxuBVpZrVq60XQgTeV6ZQHtGBhBc7YYOqfGkudQLQyrysmvaDRoNVbKxE8TqnQfMrvsBBdT3t8iKM/+jZjZ64tMoUXz3O8qWCpChB/mMVB3zEROZptmbCh4foOQuEC4n1/dwWdSFHSNoBjzaApI3CyqQ6taxGM4owuV37RgzAarG4FeUSjSknzGkZUzLynL+3pTtcVKdR+Z7S5leHITZRp1YmLKr8+CTwixDYveSJd0uhy9GITOKS18JHqJPxyP6qrOvopnl+Nm1Oh/eum7hl3KvCHPzn0XT3vgoEzjae3Qct974ACblNMEcY2KTVNMB9ecEkexC/ZoDnacu/VpZx5uVqPpMgdRn59IjutrXPCt48HiEswbKA32kL361/wXKPLuLQ75qbxeNpoBIK95hEIB5SYL47Nz4a7mOTOkBFX6zBoeG1DdPh2jC64pIa7TCg2hk/B9sBg9YdTFp54ngtODSTYoG6tlSEycyR3972KLrpOYFQDMBwh93itxAzr9cHkw+XdHeK86wQXbhAtR6ruerYdbnBNilckFC9VrYQK6TwOJSWzyQMP9EJ4DL3oskh46oodHF/p2OedTd5o/JfI6ctXFFwJPBpQK/k1r8hXRvuSNQHsiey1Urpw1qWMB3l8KyZ7O2rvmr2kRu/QIh/pF4Dlgd0LfYr3MO+0xV7XcIESexZzi/eMdkaVvKeGXjJUmNJhxt6l50Xz6hWJWXFvdfddI9Th6LTUiMHavvMZZNDd8J4+ZD1x4Gk3cEflUiLTiHGPZnKcCbIf4Zra7CNds1VU3+N8jdaB8qjCE/Wdf0A0gcNBbT8hF/4Ypym/iV76NytrNbgF6+1NtH0GQd4+27HLPhnK0QSNkl/tl6UojJh+jy6pVo92GyTY+NEUpfECGfMKcH7OjmkKf8kJXLIzweDRrM6nEXmuEQfN7Zkf1hR/sM38OtMnAw09exZ9OG+uoFG4F0e/myraQaut9nUXGWEdxr+LA4X+ZlJmp0DboURJKrT9jgiy5Kzn++dTXQpeuMpxn0kLMMjzfumS7GdMhj8tpibyku7WeQ61Y7D01cqtzTpHsECiTLhEe3g98RcfH1Zq8DvAKLUnkIXiI0ooo3a3hKBd2m8/tyWijoVLIWhpRUl5ac/DJVwmeEItepKChsQX0ELC4VKAgzuY/a9RyZ0Qd1JUJL0w1aFs4db08ID1cZsq6frY6W/xJGExpZQR2+yzuDeGAPW1rvql8W+I4O97UO4Y4YxiBGgeXbh0ve0lUgm9mORQw+R0hRvcNkvHJC2FC6A/qp4N59OGPNkb2NCBmI/By/iIyFmP+zQKP1X+yktHX+Alez41R68lAlDrGp+5yFEViZTLnnoJoe5AsZBuyz7ij4OIaat8+6TLmeF4hbmiL3rPMAjVKfnumSZoANcPf9gi3hJ3ltKy5jfDUw3+CyVTj9YixPLRTRJjDGgOPWqhKy9UclmAA+wHq+s2D/geEmGmhvuWDw6TrJ9EqrrDNWdd7s4YRe+9C5dgxasP2NtWo5HR0wf+F3SqXyIb9zaj4aalr5Rm7p0fH7GN0Gs7aowoyKfrka6+qe+kXChKT4j+ogyUkn7+pMRnPFdh+652yfle9BADQlbRUssf/a79EUaBDvty1YXrU2BdqKCPR4OxCzyU7/Jfvn7tCPPnPjnLkwMRARwn347dK9T2+7ry8Ik1ezGrKMmGl3+uLcJ1BsNK2nCDZe07mkvRTdq/WI2iS5UGzSurp0nxVe95YzFjOwTy71yDxS5A2tI+/dVynU+McapmJqhBOpPinV8yhVyyAVQSS33iNk0xUhUw8s/MLan1XKjEIra1xgjTpKQWYIMvsza9mwbp8q0rbJv39dgC0L/mZVHbx417BE2HYHrxv3fCwdttuOUOKMZff03v0D1OyKD9X4/bjKPcEfmg3PhL2m004DDkuCpZ4wPZRCSIZ/1qHHk1KVrtnMvplm17tFI654b36TGUf4Ry8zC4iVOYPSpn+WQD+dl02FvfmDkks4TGIVfeav+9h3K14cJEFZKWkiKmELp35a8Yw==,iv:q8vIXAvmoYkvBHItDTiu0e9lUVpxKB0fNhWt2p3x8KU=,tag:m3S47WxDYVCFWxn2HuRN4w==,type:str]
+zammad-key-base: ENC[AES256_GCM,data:rf9yUAaVRLIGapSBa9dWywPbQxOLNNuwB9H2L2eDZ7Hod6YzoOnX2kJmmRN3Q/VoFX4cN1HRBYHnhhaTFSphIlqWt3RMIv29vZAgSBGKqg3l1DAQPiCrXMslQCt1E3BFYMyvfKefscBI14F4C2UDSsyrfUBoEys9hMSU4nsKIXc=,iv:kLJniOc4GwuiOKniS5H2FX89+V2ymN5RClE7hlMKg0s=,tag:+p1dlhgzIMkfOaOvv2gc1w==,type:str]
+invidious-hmac-key: ENC[AES256_GCM,data:6ycC0op/xwFcS07gYupToc4eBpi0+lah1Npv9A==,iv:P8I1rQaaQKM86ykdnp7nR0wVYPV5I2qSe644aqSNews=,tag:L3wD75bTOGxI/aDUpQn86g==,type:str]
+invidious-admin-password: ENC[AES256_GCM,data:nLpb78d3lVb7RkVJQxE+e6kDYvA5+HkvVa0ITaTyBb8+Zap1I6fV9NGohfjrGTPTGg==,iv:0Rsw6kB0pDenltJo65ZVSVq8xvAn6HGsg+X0S5cSRJc=,tag:tGDuhCt8Wtc1ZjVZqhrDFA==,type:str]
+dendrite-private-key: ENC[AES256_GCM,data:I7JRujo8/XeF8zCz6GwOqjqzW/b9ve/+FGiB7GfwRtBF33zAMBoE0kHJNvypvi4sLAB7W+BOiZvSeNU+qTuNlK9poviSbpEoMb8GQH9qL1OBW8gWqc/23h89NVxG/FPNE6eQiERwIcld7jGXuIjnCPu3tSSzrutTMgdgiTiwuMVAO9f0gcnLGWU=,iv:SchQxe8Z/vRzzDSKOJ/IHY+414vZNAyZm26/lhefpuM=,tag:RQpEnlDUuR7dK9Z4xBce+w==,type:str]
+matrix-shared-secret: ENC[AES256_GCM,data:jpgIio7iGrQ8KN5CAgssi2Vufv1CTh74ObOKfwGNAD+odIt+M9fu5LAiByP11tX9X8G3GgNP1zCGSThj,iv:KlAdTN3+3aFlUNbZtHasDfw0Q4D8pIPyxbnkNXuhERw=,tag:otAuKehS/+fMG37lKtqO4w==,type:str]
+n8n-env: ENC[AES256_GCM,data:rKaT9yHFXNNZk2zPPUgcaKWSwL1t8IwsACQYN9nA6uCwZryLgknW9jz57ZQ/YRxHmhARd9ucMZk0uPaHad1Iyf/XZwgUkYsYJYVtL/DU3rb4gRwdU4nvGIKTJH/LdcFMePFd48q3AuZDNXusCd6Haf54XkpJtqKJS8PYv3wbrH+1noTsKf8u4EbBaAwPofdwsFrS6jANbDY+7sf4N5Gvjn9PjaxZza1C5gqqT5Qz3chIBdbAEO8/OY6PZJ/uHtbTcCgxGFZNwzZjIlZdXGbAmzDqOFU+XnESZeW7f1T2OMTBRPdi87AdCvV4mCJVyKi0Sm7oyZKpeUnRwn98xajiEsNpkjzo0gt49w0Hs+EMB08Okg2IXFbCMPFkYX2xCSc=,iv:17jSsSMtLwBmslRN02gz5AXuRonmeA57eCr916h1g9g=,tag:sKyp0ROPB7vliyTwpl8XYQ==,type:str]
+n8n-git-key: ENC[AES256_GCM,data:VUuK35Anwgwh29lGPeBdvKusIlt6Vh96i5aMy+/LVQAGtlrqmFQwK0EmLkMGqMWx924ZpuOlEo5qDriXyvzuue3SBaMlJnSeSETT3UBpDoy+cX+K+KUx5Y8q78l6mD8+uXIZIGqNz3ZQ2HUNtwvcAwlM8jWCpCPvR+e6D3XA51sMICLOMIZjORqE7qqtJpbPiRXrKS7/HL9nR5JcHwx5ukssMUL0iTbHZ9O/AxLW1U/QBFSGluCF0mu2UnvuScCpm05qmLU9COjgDayIh7RHGCDXgTRjol8Kt1pV/bj4WK9h7Nj9kl1sCEhmLn4MMB7CpORfqVY1LX3v10BdDc4o+KQUdRYdKLwWOk7RNbeDzuw1P3hRcwGzcIRusv/xKViEaJv4ju78UuHHU9RoSFxxJP9EqT7VP2hn9F3bhfAZ7DUVXfEqD5bxDwJQOiyLxePuk/JImS3FweAih7/KbPLIqkVuqjcVqH+XUduVmOQks3ZflwskL0C8elJST3zEXEPd8b3Bv0XQD0jMZPFQ+PKg,iv:ZWTWbe4MI8fItYRjxCszBLtLGp1jhO0PrSOmLxfnpok=,tag:C2MxSRYNIEhn06ucRqZkQQ==,type:str]
+phpldapadmin: ENC[AES256_GCM,data:7WSqMdRm6gtndh3LhLQ7H+e32uOwGQLNr3xAVWa3Zsrs4gD6r5QSaqxGJQjwILU/gt3xj8SerDNEQKDOKBooIVm2Oa12tBo/4WAMmJB3rqasmoPuW76wEEaVzPFAV9kxy1inCzcGPnUJlKaxGkF+GNTntiQ6Q/yCkQJHbsPO1j5J7PD18tL7Zm7a3mxp3p1B1uVVPDwKPh/+rguzY33avwjld+MhaBtdrjSv4suRkCsMkJP1YPEP0m3wThd/bVz18x4bF9OkGjiz1qkVbifgKcgW+lY6igLvpC0+u2DkXqNE0pxIlvMdRZM=,iv:id2nNign8ocz+F+e2mU2cL65HIhEPnR6Em6hfzti3PY=,tag:bOyRB4CWxanHVU2pD8xtag==,type:str]
+piped-db-password: ENC[AES256_GCM,data:U6rBTl31hUiuwk9iUtxZ4Gyh1XtloLcDUpXhrfgam7ctwIsHSJLa5knt2LI=,iv:ZfcUmgglfiMmBJz+vzgh8QJ8tGkKbmXWR2ukKlByG0c=,tag:XOSRlBK57WvN6plpZbZr1A==,type:str]
 sops:
    age:
        - recipient: age14grjcxaq4h55yfnjxvnqhtswxhj9sfdcvyas4lwvpa8py27pjy2sv3g6v7
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBFWXVacEMrN1hsaktGMDF4
-            UG9xTU4zL2JydzJsb2xmZ3Fmd0NTV0IzcTM0CmVkeDBvbTFYd0ppeTZhVE9mM1N2
-            QnpESlkyRE1uU3pBZTAwWURsN0xsNDQKLS0tIEgralhjRWxCMVpJZTN6U0h0QkxQ
-            bVkwdlBoME95d2FVUUcyck83c0prR2cKk09TB5GSeFSJEosNZOwKo2kCPj+ka/Dg
-            BzIRnujABAomWkAXqUECAqH3GJfcIIRy0b7m3+gXj77RGic/2so73w==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB6bUR0Q3U1ZldrejRSTE5z
+            dU1IeThPYTZPTWVFTXBrOUo4ckJrZlVac0cwCkJ1ODcxRGdzbG0xMFI1ZlhSNWoz
+            aERRcHRMRXNyYVZOcGxJVzA0UGNHeW8KLS0tIG0vUkJVYk9MeWI3cXRUaEQyTUlD
+            bm4xUWxYaDNoMWRZNmhBeDJCQWgva28KTI0NIhKKwAl+5ERTtd+Uv4Vrc61rQXv8
+            OpuwORiKD2hC+eYmdTTbzdRozRmuhW1ZV+jQsAag5a5QMJ1J/4cQvw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1exny8unxynaw03yu8ppahu5z28uermghr8ag34e7kdqnaduq9stsyettzz
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSB0VGZYL1RyMEdlY25hbWM1
-            dkQ3K2o1SXJmME16cGtXNkZnS201TjdCczFjCjRUQTFnbXN1NmNOdlFRVW1lTkVa
-            ckoyMWJFYm1ZL2NGNk9Cb0FWRzlJa3cKLS0tIEI2c0h0ajZmalRodUFiZTI4SUJU
-            cFcvb09QZHFFK3IxYWh6RytPLys0bE0KzwmDBTy3Xo6gfTlmVvKH5dlZWKeSKlPN
-            GgPLCQglDRXWE5VpKjKfTjI62zmkCWXkW35N+cGO+rMqMvcRrfReJw==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3RDlsR3RQcWZNSnlBRkx3
+            YTFRQ1Z6VytGd3MrdXM1L1BwZ2xIWHdYWFJ3CnFSczJTelh1NitldDhubEZmMngz
+            bUhnOEQ1a3dNZmxKTlhRWVRKbFMyZGMKLS0tIDFja2psQnJmOG95RWpkL0RkeSta
+            clAvTnR3TWJaTXRqNFM3RnhyMnEzcWsKp4iGnlaGqF81vTCtr7QHfT0TF+zeT2fG
+            Xp/fgcUvubAvLWkaLxymF+8DXSZEipKy/M3sikiYEXBUP9WKdL92NA==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1v6p8dan2t3w9h94fz4flldl32082j3s9x6zqq7u5j66keth9aphsd6pvch
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBRaUV2M2tMV0JBbmh2Vzhm
-            WUpwM0tkSTVLMXBWVDRacHNzVDFZOUZJdFI4ClZwQ0pKM1R5bkhhQUZWaFZpRVZJ
-            b21iV1ptTk5KVStZRnhYQzB0SGFtUzQKLS0tIHRhMGZURmxqUVZlNExUTVkxSGEw
-            NWU4amk5WHFJT2JKaFR0SkdPQjQ5cVUKyfQTZUYpxbHS7emkDlVjzR3cEQ5JpMIg
-            COhJJj+QP4bxKH7OmLkveTsqn/WQAWvrtTVfhVZpCkl+Yb0pPxmndA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBhSUI5MHJSajB0MjJUNHhZ
+            L3BLN09aMjRxQTh6Q3MxaktzcGJGSDlVZVRZCloxRW1yWlYwd0hGRVFYNzdidnF2
+            U0EwMnhyY21mT0Z4eUc4Q2VHMmxCTk0KLS0tIFdVeDlVZzB4OWlXY0hBVUJyUnNq
+            U1g1MXRhTlYyTktTOTRhSVN3V1kya0kKTTxtLGwaTsZ2QhZbYeE777Fj3FJJPmbo
+            obE8R5CGiHT+1qrR9TqA/UKWwd7zWNruHQT3O8qhjbWKyurmqUxlqw==
            -----END AGE ENCRYPTED FILE-----
        - recipient: age1gjm4c3swt8u88e36gf2qlg3syxfc0ly94u64c42f2tsf24npw4csa6e4fw
          enc: |
            -----BEGIN AGE ENCRYPTED FILE-----
-            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSA3NHNCL0tEcWZoVWorNytq
-            UnpFZjd2UDFTRUtvaTdmRnkvSVlSVzZzWkF3CkZmV2dyTGFINWlWQ1Z2UVVBaGNM
-            V1NnU0FoWjdEL0Q1bGdPQUhBbEo3STAKLS0tIE5uOVRtcXZ2RVNEcFMvZHltUlBG
-            a01mSERFdE1ycW5HeTRxbWdndC9OQU0KiCd29oWbYBmQe+3ERbdhE0g8UCUjAz1w
-            l8qRhxfcI7HtnROVr0kIIobcb7d6GjQZkhgOrYGCmT60TaBLoMWLNA==
+            YWdlLWVuY3J5cHRpb24ub3JnL3YxCi0+IFgyNTUxOSBHK0JsQ3d1MWt0a1pjVHNT
+            dE52K2IrTyswbTMyYiszbjBvZExvcGNNUGs4CjB2Z0p3WUEyOHU2UFloNHRIcVVa
+            OExQN1p0UzRJaEtMMFhZWjhPZWhOclUKLS0tIGZDb0pTYnZ2ek02S3c1OXhBVjZ1
+            dE9JSGJKd0JKQVE4eXN2UWh5WHVUc2MKWjLJFNm7Ithf1qEOMBb6pxRp91dR1MzP
+            0En9N1BxtK/LP66OVWTl6c7rnmx/domdt5YRQusXuWDL3yg05hEfqA==
            -----END AGE ENCRYPTED FILE-----
-    lastmodified: "2025-11-02T12:57:44Z"
-    mac: ENC[AES256_GCM,data:1npcpm/DoSEurDvRzdzmqe3WEhR9uzW9pz1tDLIiMVZznwvCnltWslVjUcG8xTSzW9wTdV3yxhjy+DDwy/nj9KyHbsd/zwAddYIsXaF9ob/jn38qtA0S1DLUpqBqL9TS8jjqhnYmRyJD7E8x9KH59S5itzZ647yiz6zutGU2rjU=,iv:slLIW/HPhPcfYo6PxO2rBwUK2BwzdJ4vqtPaecOTP+k=,tag:JoiSK4v+FawrKNltU+4eRw==,type:str]
+    lastmodified: "2025-11-03T00:25:45Z"
+    mac: ENC[AES256_GCM,data:pJPxZS3FIXyQuo65ya4osPZCGz09fpQ4FDzl2rVj95Xg5nWokEqFh9HJdp8YgWTa71PsxJEZSguYtpORrTNtn/yp1/GhdzZgf8gZhzl0TZhna/Yc6anrOJpdLE0RICBDUJC78heeWJe9QWguiDu5y+WHn+q8khHG2dyvOOUza68=,iv:Of8DcXBhBxDtEi+tFVYFVy5g3RpgJ2mykAvTsLtL19c=,tag:o4IkNmzHS/qhrMBXt2PMbw==,type:str]
    unencrypted_suffix: _unencrypted
    version: 3.11.0
--- a/hosts/web-arm/modules/blackbox-exporter.nix
+++ b/hosts/web-arm/modules/blackbox-exporter.nix
@@ -32,6 +32,9 @@ in {
        "victoria-server.cloonar.com"
        "updns.cloonar.com"
        "feeds.jordanrannells.com"
+        "invidious.cloonar.com"
+        "piped.cloonar.com"
+        "pipedapi.cloonar.com"
      ];
    };
    # Systemd service for Blackbox Exporter
Author	SHA1	Message	Date
Dominik Polakovics	709a24366a	fix: piped	2025-11-03 12:12:14 +01:00
Dominik Polakovics	63dad8c626	fix: invidious password	2025-11-03 01:38:16 +01:00
Dominik Polakovics	b57342f53e	feat: add invidious	2025-11-03 00:59:18 +01:00