opnxng/opnxng-deploy-playbook
0
0
Fork 0
Code

Added Invidious + SearXNG settings

Browse Source
This commit is contained in:
Opnxng 2023-11-16 19:23:33 +08:00
parent 358e8c2e32
commit d4de848641
13 changed files with 1243 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
config-tasks/4get.yaml
View File

@ -4,4 +4,13 @@
dest: "{{ docker_dir }}/4get/config.php"
owner: 1000
group: 1000
mode: 0755
mode: 0755
# - name: 4get cron
# cron:
# name: "Restart 4get hourly"
# special_time: "hourly"
# job: 'docker restart 4get'
# user: root
# become: true
# when: "'oracle' in group_names or 'cloudcompute' in group_names"

29
config-tasks/gitea-netrc.yaml
View File

@ -1,15 +1,19 @@
# Define the location of the gnupg folder
vars:
gnupg_folder: "/home/{{ control_user }}/.gnupg"
# ----------------------------------------------------------------------------------------------------
# Store git credentials with GPG and .netrc because SSH is too complicated for Gitea on Docker
- name: Remove existing .netrc
file:
path: "/home/{{ control_user }}/.netrc"
path: "{{ gnupg_folder }}/.netrc"
state: absent
delegate_to: "{{ control_host }}"
- name: Remove existing .netrc.gpg
file:
path: "/home/{{ control_user }}/.netrc.gpg"
path: "{{ gnupg_folder }}/.netrc.gpg"
state: absent
delegate_to: "{{ control_host }}"
@ -23,25 +27,25 @@
- name: Set up .netrc
template:
src: "conf/.netrc.j2"
dest: "/home/{{ control_user }}/.netrc"
dest: "{{ gnupg_folder }}/.netrc"
owner: 1000
group: 1000
mode: 0600
delegate_to: "{{ control_host }}"
- name: Encrypt .netrc
command: gpg -e -r opnxng@tuta.io /home/{{ control_user }}/.netrc
command: gpg -e -r opnxng@tuta.io {{ gnupg_folder }}/.netrc
delegate_to: "{{ control_host }}"
- name: Clear .netrc
copy:
content: '# Clear'
dest: "/home/{{ control_user }}/.netrc"
dest: "{{ gnupg_folder }}/.netrc"
delegate_to: "{{ control_host }}"
- name: Remove .netrc
file:
path: "/home/{{ control_user }}/.netrc"
path: "{{ gnupg_folder }}/.netrc"
state: absent
delegate_to: "{{ control_host }}"
@ -52,16 +56,21 @@
become: true
- name: Set git-credential-netrc permissions
command: chmod 755 /usr/bin/git-credential-netrc
become: true
file:
path: "/usr/bin/git-credential-netrc"
state: touch
mode: '0755'
owner: 1000
group: 1000
delegate_to: "{{ control_host }}"
become: true
- name: Use git-credential-netrc
command: git config --global credential.helper "/usr/bin/git-credential-netrc -f ~/.netrc.gpg -v"
command: git config --global credential.helper "/usr/bin/git-credential-netrc -f {{ gnupg_folder }}/.netrc.gpg -v"
delegate_to: "{{ control_host }}"
- name: Add pinentry-program to gpg-agent.conf on control host
lineinfile:
path: /home/{{ user }}/.gnupg/gpg-agent.conf
path: "{{ gnupg_folder }}/gpg-agent.conf"
line: 'pinentry-program /usr/bin/pinentry-gnome3'
delegate_to: "{{ control_host }}"

77
config-tasks/invidious.yaml Normal file
View File

@ -0,0 +1,77 @@
- name: Clone source repo
ansible.builtin.git:
repo: https://github.com/iv-org/invidious.git
dest: "{{ docker_dir }}/invidious"
single_branch: yes
version: master
- name: Generate HMAC key
command: openssl rand -hex 32
register: invidious_hmac_key_result
- set_fact:
invidious_hmac_key: "{{ invidious_hmac_key_result.stdout }}"
- name: Set up invidious config.yml
template:
src: "conf/config.yml.j2"
dest: "{{ docker_dir }}/invidious/config.yml"
owner: 1000
group: 1000
mode: 0755
- name: Set up invidious nginx.conf
template:
src: "conf/nginx.conf.j2"
dest: "{{ docker_dir }}/invidious/nginx.conf"
owner: 1000
group: 1000
mode: 0755
- name: Create ytproxy directory
file:
path: "{{ docker_dir }}/invidious/opt"
state: directory
owner: 33
group: 33
mode: 0755
become: true
- name: Create ytproxy directory
file:
path: "{{ docker_dir }}/invidious/opt/http3-ytproxy"
state: directory
owner: 33
group: 33
mode: 0755
become: true
# - name: vultr cron on reboot
# cron:
# name: "Rotating IPv6 address on Invidious"
# special_time: "reboot"
# job: 'sleep 30s && docker run --rm --privileged --name smart-ipv6-rotator --network host quay.io/invidious/smart-ipv6-rotator:latest run --ipv6range=2001:19f0:4400:2e62::/64 && curl -H prio:low -d "Rotate IPv6 address successful" https://ntfy.opnxng.com/cron || curl -H tags:warning -H prio:high -d "Rotate IPv6 address failed!" https://ntfy.opnxng.com/cron;'
# user: root
# become: true
# when:
# - inventory_hostname == 'vultr'
#
# - name: vultr cron twice a day
# cron:
# name: "Rotating IPv6 address on Invidious"
# minute: "0"
# hour: "*/12"
# job: 'sleep 30s && docker run --rm --privileged --name smart-ipv6-rotator --network host quay.io/invidious/smart-ipv6-rotator:latest run --ipv6range=2001:19f0:4400:2e62::/64 && curl -H prio:low -d "Rotate IPv6 address successful" https://ntfy.opnxng.com/cron || curl -H tags:warning -H prio:high -d "Rotate IPv6 address failed!" https://ntfy.opnxng.com/cron;'
# user: root
# become: true
# when:
# - inventory_hostname == 'vultr'
#
# - name: vultr cron
# cron:
# name: "Restart Invidious hourly"
# special_time: "hourly"
# job: 'docker restart invidious'
# user: root
# become: true
# when:
# - inventory_hostname == 'vultr'

0
files/gitea/data/custom/public/assests/css/theme-github.css → files/gitea/data/custom/public/assets/css/theme-github.css
View File

109
templates/compose/invidious.yaml.j2 Normal file
View File

@ -0,0 +1,109 @@
# {{ ansible_managed }}
version: '3.3'
services:
invidious:
# deploy:
# mode: replicated
# replicas: 6
image: quay.io/invidious/invidious:latest
#image: quay.io/invidious/invidious:latest-arm64
container_name: invidious
security_opt:
- no-new-privileges
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Singapore
healthcheck:
test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
interval: 30s
timeout: 5s
retries: 2
logging:
options:
max-size: "1G"
max-file: "4"
depends_on:
- invidious-db
volumes:
- {{ docker_dir }}/invidious/config.yml:/invidious/config/config.yml
restart: unless-stopped
networks:
- invidious
invidious-db:
image: docker.io/library/postgres:14
container_name: invidious-db
restart: unless-stopped
volumes:
- {{ docker_dir }}/invidious/postgres/data:/var/lib/postgresql/data
- {{ docker_dir }}/invidious/config/sql:/config/sql
- {{ docker_dir }}/invidious/docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh
security_opt:
- no-new-privileges
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Singapore
- POSTGRES_DB=invidious
- POSTGRES_USER={{ invidious_db_user }}
- POSTGRES_PASSWORD={{ invidious_db_pass }}
healthcheck:
test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
networks:
- invidious
invidious-nginx:
image: nginx:latest
container_name: invidious-nginx
restart: unless-stopped
security_opt:
- no-new-privileges
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Singapore
volumes:
- {{ docker_dir }}/invidious/nginx.conf:/etc/nginx/nginx.conf:ro
- {{ docker_dir }}/invidious/opt/http3-ytproxy:/opt/http3-ytproxy
depends_on:
- invidious
ports:
- '8911:3000'
networks:
- invidious
invidious-ytproxy:
image: 1337kavin/ytproxy:latest
container_name: invidious-ytproxy
restart: unless-stopped
user: "33:33"
network_mode: "host"
environment:
- TZ=Asia/Singapore
- DISABLE_WEBP=1
volumes:
- {{ docker_dir }}/invidious/opt/http3-ytproxy:/app/socket
invidious-smart-ipv6-rotator:
command: tail -f /dev/null # Just to keep the image in the system
image: quay.io/invidious/smart-ipv6-rotator:latest
container_name: invidious-smart-ipv6-rotator
environment:
- PUID=1000
- PGID=1000
- TZ=Asia/Singapore
restart: unless-stopped
logging:
driver: none
networks:
- invidious
networks:
invidious:
name: invidious
enable_ipv6: true
ipam:
config:
- subnet: fd01:db8:a::/64
gateway: fd01:db8:a::1

2
templates/compose/watchtower.yaml.j2
View File

@ -16,4 +16,4 @@ services:
- /var/run/docker.sock:/var/run/docker.sock
command: --schedule "0 0 1 * * *"
restart: unless-stopped
network_mode: bridge
network_mode: bridge

55
templates/conf/Caddyfile.j2
View File

@ -544,29 +544,29 @@
}
}
# @4g host 4g.{$HOSTNAME}
# handle @4g {
# encode zstd gzip
# @notstatic {
# not path /static/* /android-chrome* /favicon* /robots.txt /banner/* /site.webmanifest
# }
# rate_limit @notstatic {remote.ip} 2r/s 60000 500
# rate_limit @notstatic {remote.ip} 45r/m 300000 500
# reverse_proxy {
# to {{ oracle1_private_ip }}:8907
# to {{ oracle2_private_ip }}:8907
# to {{ oracle3_private_ip }}:8907
# to {{ oracle4_private_ip }}:8907
# lb_policy ip_hash
# lb_try_duration 5s
# lb_try_interval 1s
# fail_duration 30s
# max_fails 3
# }
# header {
# X-Robots-Tag "noindex, noimageindex, nosnippet, notranslate, noarchive, nofollow"
# }
# }
@4g host 4g.{$HOSTNAME}
handle @4g {
encode zstd gzip
@notstatic {
not path /static/* /android-chrome* /favicon* /robots.txt /banner/* /site.webmanifest
}
rate_limit @notstatic {remote.ip} 2r/s 60000 500
rate_limit @notstatic {remote.ip} 45r/m 300000 500
reverse_proxy {
to {{ oracle1_private_ip }}:8907
to {{ oracle2_private_ip }}:8907
to {{ oracle3_private_ip }}:8907
to {{ oracle4_private_ip }}:8907
lb_policy ip_hash
lb_try_duration 5s
lb_try_interval 1s
fail_duration 30s
max_fails 3
}
header {
X-Robots-Tag "noindex, noimageindex, nosnippet, notranslate, noarchive, nofollow"
}
}
@ig host ig.{$HOSTNAME}
handle @ig {
@ -615,6 +615,15 @@
}
}
@y host y.{$HOSTNAME}
handle @y {
encode zstd gzip
reverse_proxy {{ vultr_private_ip }}:8911
header {
X-Robots-Tag "noindex, noimageindex, nosnippet, notranslate, noarchive, nofollow"
}
}
}
# ----------------------------------------------------------------------------------------------------

921
templates/conf/config.yml.j2 Normal file
View File

@ -0,0 +1,921 @@
#########################################
#
# Database configuration
#
#########################################
##
## Database configuration with separate parameters.
## This setting is MANDATORY, unless 'database_url' is used.
##
db:
user: {{ invidious_db_user }}
password: {{ invidious_db_pass }}
host: invidious-db
port: 5432
dbname: invidious
##
## Database configuration using a single URI. This is an
## alternative to the 'db' parameter above. If both forms
## are used, then only database_url is used.
## This setting is MANDATORY, unless 'db' is used.
##
## Note: The 'database_url' setting allows the use of UNIX
## sockets. To do so, remove the IP address (or FQDN) and port
## and append the 'host' parameter. E.g:
## postgres://kemal:kemal@/invidious?host=/var/run/postgresql
##
## Accepted values: a postgres:// URI
## Default: postgres://kemal:kemal@localhost:5432/invidious
##
#database_url: postgres://kemal:kemal@localhost:5432/invidious
##
## Enable automatic table integrity check. This will create
## the required tables and columns if anything is missing.
##
## Accepted values: true, false
## Default: false
##
check_tables: true
#########################################
#
# Server config
#
#########################################
# -----------------------------
# Network (inbound)
# -----------------------------
##
## Port to listen on for incoming connections.
##
## Note: Ports lower than 1024 requires either root privileges
## (not recommended) or the "CAP_NET_BIND_SERVICE" capability
## (See https://stackoverflow.com/a/414258 and `man capabilities`)
##
## Accepted values: 1-65535
## Default: 3000
##
#port: 3000
##
## When the invidious instance is behind a proxy, and the proxy
## listens on a different port than the instance does, this lets
## invidious know about it. This is used to craft absolute URLs
## to the instance (e.g in the API).
##
## Note: This setting is MANDATORY if invidious is behind a
## reverse proxy.
##
## Accepted values: 1-65535
## Default: <none>
##
#external_port:
##
## Interface address to listen on for incoming connections.
##
## Accepted values: a valid IPv4 or IPv6 address.
## default: 0.0.0.0 (listen on all interfaces)
##
#host_binding: 0.0.0.0
##
## Domain name under which this instance is hosted. This is
## used to craft absolute URLs to the instance (e.g in the API).
## The domain MUST be defined if your instance is accessed from
## a domain name (like 'example.com').
##
## Accepted values: a fully qualified domain name (FQDN)
## Default: <none>
##
domain: y.opnxng.com
##
## Tell Invidious that it is behind a proxy that provides only
## HTTPS, so all links must use the https:// scheme. This
## setting MUST be set to true if invidious is behind a
## reverse proxy serving HTTPs.
##
## Accepted values: true, false
## Default: false
##
https_only: true
##
## Enable/Disable 'Strict-Transport-Security'. Make sure that
## the domain specified under 'domain' is served securely.
##
## Accepted values: true, false
## Default: true
##
#hsts: true
# -----------------------------
# Network (outbound)
# -----------------------------
##
## Disable proxying server-wide. Can be disable as a whole, or
## only for a single function.
##
## Accepted values: true, false, dash, livestreams, downloads, local
## Default: false
##
disable_proxy: true
##
## Size of the HTTP pool used to connect to youtube. Each
## domain ('youtube.com', 'ytimg.com', ...) has its own pool.
##
## Accepted values: a positive integer
## Default: 100
##
#pool_size: 100
##
## Additional cookies to be sent when requesting the youtube API.
##
## Accepted values: a string in the format "name1=value1; name2=value2..."
## Default: <none>
##
#cookies:
##
## Force connection to youtube over a specific IP family.
##
## Note: This may sometimes resolve issues involving rate-limiting.
## See https://github.com/ytdl-org/youtube-dl/issues/21729.
##
## Accepted values: ipv4, ipv6
## Default: <none>
##
#force_resolve:
force_resolve: ipv6
##
## Use Innertube's transcripts API instead of timedtext for closed captions
##
## Useful for larger instances as InnerTube is **not ratelimited**. See https://github.com/iv-org/invidious/issues/2567
##
## Subtitle experience may differ slightly on Invidious.
##
## Accepted values: true, false
## Default: false
##
# use_innertube_for_captions: false
# -----------------------------
# Logging
# -----------------------------
##
## Path to log file. Can be absolute or relative to the invidious
## binary. This is overridden if "-o OUTPUT" or "--output=OUTPUT"
## are passed on the command line.
##
## Accepted values: a filesystem path or 'STDOUT'
## Default: STDOUT
##
#output: STDOUT
##
## Logging Verbosity. This is overridden if "-l LEVEL" or
## "--log-level=LEVEL" are passed on the command line.
##
## Accepted values: All, Trace, Debug, Info, Warn, Error, Fatal, Off
## Default: Info
##
#log_level: Info
# -----------------------------
# Features
# -----------------------------
##
## Enable/Disable the "Popular" tab on the main page.
##
## Accepted values: true, false
## Default: true
##
popular_enabled: false
##
## Enable/Disable statstics (available at /api/v1/stats).
## The following data is available:
## - Software name ("invidious") and version+branch (same data as
## displayed in the footer, e.g: "2021.05.13-75e5b49" / "master")
## - The value of the 'registration_enabled' config (true/false)
## - Number of currently registered users
## - Number of registered users who connected in the last month
## - Number of registered users who connected in the last 6 months
## - Timestamp of the last server restart
## - Timestamp of the last "Channel Refresh" job execution
##
## Warning: This setting MUST be set to true if you plan to run
## a public instance. It is used by api.invidious.io to refresh
## your instance's status.
##
## Accepted values: true, false
## Default: false
##
statistics_enabled: true
# -----------------------------
# Users and accounts
# -----------------------------
##
## Allow/Forbid Invidious (local) account creation. Invidious
## accounts allow users to subscribe to channels and to create
## playlists without a Google account.
##
## Accepted values: true, false
## Default: true
##
registration_enabled: false
##
## Allow/Forbid users to log-in.
##
## Accepted values: true, false
## Default: true
##
login_enabled: false
## Enable/Disable the captcha challenge on the login page.
##
## Note: this is a basic captcha challenge that doesn't
## depend on any third parties.
##
## Accepted values: true, false
## Default: true
##
captcha_enabled: false
##
## List of usernames that will be granted administrator rights.
## A user with administrator rights will be able to change the
## server configuration options listed below in /preferences,
## in addition to the usual user preferences.
##
## Server-wide settings:
## - popular_enabled
## - captcha_enabled
## - login_enabled
## - registration_enabled
## - statistics_enabled
## Default user preferences:
## - default_home
## - feed_menu
##
## Accepted values: an array of strings
## Default: [""]
##
#admins: [""]
##
## Enable/Disable the user notifications for all users
##
## Note: On large instances, it is recommended to set this option to 'false'
## in order to reduce the amount of data written to the database, and hence
## improve the overall performance of the instance.
##
## Accepted values: true, false
## Default: true
##
#enable_user_notifications: true
# -----------------------------
# Background jobs
# -----------------------------
##
## Number of threads to use when crawling channel videos (during
## subscriptions update).
##
## Notes: This setting is overridden if either "-c THREADS" or
## "--channel-threads=THREADS" is passed on the command line.
##
## Accepted values: a positive integer
## Default: 1
##
channel_threads: 0
##
## Time interval between two executions of the job that crawls
## channel videos (subscriptions update).
##
## Accepted values: a valid time interval (like 1h30m or 90m)
## Default: 30m
##
#channel_refresh_interval: 30m
##
## Forcefully dump and re-download the entire list of uploaded
## videos when crawling channel (during subscriptions update).
##
## Accepted values: true, false
## Default: false
##
full_refresh: false
##
## Number of threads to use when updating RSS feeds.
##
## Notes: This setting is overridden if either "-f THREADS" or
## "--feed-threads=THREADS" is passed on the command line.
##
## Accepted values: a positive integer
## Default: 1
##
feed_threads: 0
##
## Enable/Disable the polling job that keeps the decryption
## function (for "secured" videos) up to date.
##
## Note: This part of the code generate a small amount of data every minute.
## This may not be desired if you have bandwidth limits set by your ISP.
##
## Note 2: This part of the code is currently broken, so changing
## this setting has no impact.
##
## Accepted values: true, false
## Default: false
##
#decrypt_polling: false
jobs:
## Options for the database cleaning job
clear_expired_items:
## Enable/Disable job
##
## Accepted values: true, false
## Default: true
##
enable: true
## Options for the channels updater job
refresh_channels:
## Enable/Disable job
##
## Accepted values: true, false
## Default: true
##
enable: true
## Options for the RSS feeds updater job
refresh_feeds:
## Enable/Disable job
##
## Accepted values: true, false
## Default: true
##
enable: true
# -----------------------------
# Captcha API
# -----------------------------
##
## URL of the captcha solving service.
##
## Accepted values: any URL
## Default: https://api.anti-captcha.com
##
#captcha_api_url: https://api.anti-captcha.com
##
## API key for the captcha solving service.
##
## Accepted values: a string
## Default: <none>
##
#captcha_key:
# -----------------------------
# Miscellaneous
# -----------------------------
##
## custom banner displayed at the top of every page. This can
## used for instance announcements, e.g.
##
## Accepted values: any string. HTML is accepted.
## Default: <none>
##
#banner:
##
## Subscribe to channels using PubSubHub (Google PubSubHubbub service).
## PubSubHub allows Invidious to be instantly notified when a new video
## is published on any subscribed channels. When PubSubHub is not used,
## Invidious will check for new videos every minute.
##
## Note: This setting is recommended for public instances.
##
## Note 2:
## - Requires a public instance (it uses /feed/webhook/v1)
## - Requires 'domain' and 'hmac_key' to be set.
## - Setting this parameter to any number greater than zero will
## enable channel subscriptions via PubSubHub, but will limit the
## amount of concurrent subscriptions.
##
## Accepted values: true, false, a positive integer
## Default: false
##
#use_pubsub_feeds: false
##
## HMAC signing key used for CSRF tokens, cookies and pubsub
## subscriptions verification.
##
## Note: This parameter is mandatory and should be a random string.
## Such random string can be generated on linux with the following
## command: `pwgen 20 1`
##
## Accepted values: a string
## Default: <none>
##
hmac_key: "{{ invidious_hmac_key }}"
##
## List of video IDs where the "download" widget must be
## disabled, in order to comply with DMCA requests.
##
## Accepted values: an array of string
## Default: <none>
##
#dmca_content:
##
## Cache video annotations in the database.
##
## Warning: empty annotations or annotations that only contain
## cards won't be cached.
##
## Accepted values: true, false
## Default: false
##
#cache_annotations: false
##
## Source code URL. If your instance is running a modified source
## code, you MUST publish it somewhere and set this option.
##
## Accepted values: a string
## Default: <none>
##
#modified_source_code_url: ""
##
## Maximum custom playlist length limit.
##
## Accepted values: Integer
## Default: 500
##
#playlist_length_limit: 500
#########################################
#
# Default user preferences
#
#########################################
##
## NOTE: All the settings below define the default user
## preferences. They will apply to ALL users connecting
## without a preferences cookie (so either on the first
## connection to the instance or after clearing the
## browser's cookies).
##
default_user_preferences:
# -----------------------------
# Internationalization
# -----------------------------
##
## Default user interface language (locale).
##
## Note: When hosting a public instance, overriding the
## default (english) is not recommended, as it may
## people using other languages.
##
## Accepted values:
## ar (Arabic)
## da (Danish)
## de (German)
## en-US (english, US)
## el (Greek)
## eo (Esperanto)
## es (Spanish)
## fa (Persian)
## fi (Finnish)
## fr (French)
## he (Hebrew)
## hr (Hungarian)
## id (Indonesian)
## is (Icelandic)
## it (Italian)
## ja (Japanese)
## nb-NO (Norwegian, Bokmål)
## nl (Dutch)
## pl (Polish)
## pt-BR (Portuguese, Brazil)
## pt-PT (Portuguese, Portugal)
## ro (Romanian)
## ru (Russian)
## sv (Swedish)
## tr (Turkish)
## uk (Ukrainian)
## zh-CN (Chinese, China) (a.k.a "Simplified Chinese")
## zh-TW (Chinese, Taiwan) (a.k.a "Traditional Chinese")
##
## Default: en-US
##
#locale: en-US
##
## Default geographical location for content.
##
## Accepted values:
## AE, AR, AT, AU, AZ, BA, BD, BE, BG, BH, BO, BR, BY, CA, CH, CL, CO, CR,
## CY, CZ, DE, DK, DO, DZ, EC, EE, EG, ES, FI, FR, GB, GE, GH, GR, GT, HK,
## HN, HR, HU, ID, IE, IL, IN, IQ, IS, IT, JM, JO, JP, KE, KR, KW, KZ, LB,
## LI, LK, LT, LU, LV, LY, MA, ME, MK, MT, MX, MY, NG, NI, NL, NO, NP, NZ,
## OM, PA, PE, PG, PH, PK, PL, PR, PT, PY, QA, RO, RS, RU, SA, SE, SG, SI,
## SK, SN, SV, TH, TN, TR, TW, TZ, UA, UG, US, UY, VE, VN, YE, ZA, ZW
##
## Default: US
##
#region: US
##
## Top 3 preferred languages for video captions.
##
## Note: overriding the default (no preferred
## caption language) is not recommended, in order
## to not penalize people using other languages.
##
## Accepted values: a three-entries array.
## Each entry can be one of:
## "English", "English (auto-generated)",
## "Afrikaans", "Albanian", "Amharic", "Arabic",
## "Armenian", "Azerbaijani", "Bangla", "Basque",
## "Belarusian", "Bosnian", "Bulgarian", "Burmese",
## "Catalan", "Cebuano", "Chinese (Simplified)",
## "Chinese (Traditional)", "Corsican", "Croatian",
## "Czech", "Danish", "Dutch", "Esperanto", "Estonian",
## "Filipino", "Finnish", "French", "Galician", "Georgian",
## "German", "Greek", "Gujarati", "Haitian Creole", "Hausa",
## "Hawaiian", "Hebrew", "Hindi", "Hmong", "Hungarian",
## "Icelandic", "Igbo", "Indonesian", "Irish", "Italian",
## "Japanese", "Javanese", "Kannada", "Kazakh", "Khmer",
## "Korean", "Kurdish", "Kyrgyz", "Lao", "Latin", "Latvian",
## "Lithuanian", "Luxembourgish", "Macedonian",
## "Malagasy", "Malay", "Malayalam", "Maltese", "Maori",
## "Marathi", "Mongolian", "Nepali", "Norwegian Bokmål",
## "Nyanja", "Pashto", "Persian", "Polish", "Portuguese",
## "Punjabi", "Romanian", "Russian", "Samoan",
## "Scottish Gaelic", "Serbian", "Shona", "Sindhi",
## "Sinhala", "Slovak", "Slovenian", "Somali",
## "Southern Sotho", "Spanish", "Spanish (Latin America)",
## "Sundanese", "Swahili", "Swedish", "Tajik", "Tamil",
## "Telugu", "Thai", "Turkish", "Ukrainian", "Urdu",
## "Uzbek", "Vietnamese", "Welsh", "Western Frisian",
## "Xhosa", "Yiddish", "Yoruba", "Zulu"
##
## Default: ["", "", ""]
##
#captions: ["", "", ""]
# -----------------------------
# Interface
# -----------------------------
##
## Enable/Disable dark mode.
##
## Accepted values: "dark", "light", "auto"
## Default: "auto"
##
#dark_mode: "auto"
##
## Enable/Disable thin mode (no video thumbnails).
##
## Accepted values: true, false
## Default: false
##
#thin_mode: false
##
## List of feeds available on the home page.
##
## Note: "Subscriptions" and "Playlists" are only visible
## when the user is logged in.
##
## Accepted values: A list of strings
## Each entry can be one of: "Popular", "Trending",
## "Subscriptions", "Playlists"
##
## Default: ["Popular", "Trending", "Subscriptions", "Playlists"] (show all feeds)
##
feed_menu: ["Subscriptions", "Playlists"]
##
## Default feed to display on the home page.
##
## Note: setting this option to "Popular" has no
## effect when 'popular_enabled' is set to false.
##
## Accepted values: Popular, Trending, Subscriptions, Playlists, <none>
## Default: Popular
##
default_home:
##
## Default number of results to display per page.
##
## Note: this affects invidious-generated pages only, such
## as watch history and subscription feeds. Playlists, search
## results and channel videos depend on the data returned by
## the Youtube API.
##
## Accepted values: any positive integer
## Default: 40
##
#max_results: 40
##
## Show/hide annotations.
##
## Accepted values: true, false
## Default: false
##
#annotations: false
##
## Show/hide annotation.
##
## Accepted values: true, false
## Default: false
##
#annotations_subscribed: false
##
## Type of comments to display below video.
##
## Accepted values: a two-entries array.
## Each entry can be one of: "youtube", "reddit", ""
##
## Default: ["youtube", ""]
##
#comments: ["youtube", ""]
##
## Default player style.
##
## Accepted values: invidious, youtube
## Default: invidious
##
#player_style: invidious
##
## Show/Hide the "related videos" sidebar when
## watching a video.
##
## Accepted values: true, false
## Default: true
##
#related_videos: true
# -----------------------------
# Video player behavior
# -----------------------------
##
## Automatically play videos on page load.
##
## Accepted values: true, false
## Default: false
##
#autoplay: false
##
## Automatically load the "next" video (either next in
## playlist or proposed) when the current video ends.
##
## Accepted values: true, false
## Default: false
##
#continue: false
##
## Autoplay next video by default.
##
## Note: Only effective if 'continue' is set to true.
##
## Accepted values: true, false
## Default: true
##
#continue_autoplay: true
##
## Play videos in Audio-only mode by default.
##
## Accepted values: true, false
## Default: false
##
#listen: false
##
## Loop videos automatically.
##
## Accepted values: true, false
## Default: false
##
#video_loop: false
# -----------------------------
# Video playback settings
# -----------------------------
##
## Default video quality.
##
## Accepted values: dash, hd720, medium, small
## Default: hd720
##
#quality: hd720
##
## Default dash video quality.
##
## Note: this setting only takes effet if the
## 'quality' parameter is set to "dash".
##
## Accepted values:
## auto, best, 4320p, 2160p, 1440p, 1080p,
## 720p, 480p, 360p, 240p, 144p, worst
## Default: auto
##
#quality_dash: auto
##
## Default video playback speed.
##
## Accepted values: 0.25, 0.5, 0.75, 1.0, 1.25, 1.5, 1.75, 2.0
## Default: 1.0
##
#speed: 1.0
##
## Default volume.
##
## Accepted values: 0-100
## Default: 100
##
#volume: 100
##
## Allow 360° videos to be played.
##
## Note: This feature requires a WebGL-enabled browser.
##
## Accepted values: true, false
## Default: true
##
#vr_mode: true
##
## Save the playback position
## Allow to continue watching at the previous position when
## watching the same video.
##
## Accepted values: true, false
## Default: false
##
#save_player_pos: false
# -----------------------------
# Subscription feed
# -----------------------------
##
## In the "Subscription" feed, only show the latest video
## of each channel the user is subscribed to.
##
## Note: when combined with 'unseen_only', the latest unseen
## video of each channel will be displayed instead of the
## latest by date.
##
## Accepted values: true, false
## Default: false
##
#latest_only: false
##
## Enable/Disable user subscriptions desktop notifications.
##
## Accepted values: true, false
## Default: false
##
#notifications_only: false
##
## In the "Subscription" feed, Only show the videos that the
## user haven't watched yet (i.e which are not in their watch
## history).
##
## Accepted values: true, false
## Default: false
##
#unseen_only: false
##
## Default sorting parameter for subscription feeds.
##
## Accepted values:
## 'alphabetically'
## 'alphabetically - reverse'
## 'channel name'
## 'channel name - reverse'
## 'published'
## 'published - reverse'
##
## Default: published
##
#sort: published
# -----------------------------
# Miscellaneous
# -----------------------------
##
## Proxy videos through instance by default.
##
## Warning: As most users won't change this setting in their
## preferences, defaulting to true will significantly
## increase the instance's network usage, so make sure that
## your server's connection can handle it.
##
## Accepted values: true, false
## Default: false
##
#local: false
##
## Show the connected user's nick at the top right.
##
## Accepted values: true, false
## Default: true
##
#show_nick: true
##
## Automatically redirect to a random instance when the user uses
## any "switch invidious instance" link (For videos, it's the plane
## icon, next to "watch on youtube" and "listen"). When set to false,
## the user is sent to https://redirect.invidious.io instead, where
## they can manually select an instance.
##
## Accepted values: true, false
## Default: false
##
#automatic_instance_redirect: false
##
## Show the entire video description by default (when set to 'false',
## only the first few lines of the description are shown and a
## "show more" button allows to expand it).
##
## Accepted values: true, false
## Default: false
##
#extend_desc: false

39
templates/conf/nginx.conf.j2 Executable file
View File

@ -0,0 +1,39 @@
user www-data;
events {
worker_connections 1000;
}
http {
server {
listen 3000;
listen [::]:3000;
access_log off;
location / {
resolver 127.0.0.11;
set $backend "invidious";
proxy_pass http://$backend:3000;
proxy_http_version 1.1; # to keep alive
proxy_set_header Connection ""; # to keep alive
location ~ (^/videoplayback|^/vi/|^/ggpht/|^/sb/) {
proxy_buffering on;
proxy_buffers 1024 16k;
proxy_set_header X-Forwarded-For "";
proxy_set_header CF-Connecting-IP "";
proxy_hide_header "alt-svc";
sendfile on;
sendfile_max_chunk 512k;
tcp_nopush on;
aio threads=default;
aio_write on;
directio 16m;
proxy_hide_header Cache-Control;
proxy_hide_header etag;
proxy_http_version 1.1;
proxy_set_header Connection keep-alive;
proxy_max_temp_file_size 32m;
access_log off;
proxy_pass http://unix:/opt/http3-ytproxy/http-proxy.sock;
add_header Cache-Control private always;
}
}
}
}

2
templates/conf/nitter.conf.j2
View File

@ -40,7 +40,7 @@ tokenCount = 10
[Preferences]
theme = "auto_(Twitter)"
replaceTwitter = "n.opnxng.com"
replaceYouTube = "vid.priv.au"
replaceYouTube = "invidious.fdn.fr"
replaceReddit = "i.opnxng.com"
replaceInstagram = ""
proxyVideos = true

18
templates/conf/settings.yml.j2
View File

@ -214,14 +214,14 @@ enabled_plugins:
#
hostname_replace:
'(.*\.)?music.youtube\.com$': 'beatbump.io'
'(.*\.)?youtube\.com$': 'vid.priv.au'
'(.*\.)?youtu\.be$': 'vid.priv.au'
'(.*\.)?youtube-noocookie\.com$': 'vid.priv.au'
'(.*\.)?reddit\.com$': 'i.opnxng.com'
'(.*\.)?redd\.it$': 'i.opnxng.com'
'(.*\.)?libi.opnxng\.com$': 'l.opnxng.com'
# '(.*\.)?reddit\.com$': 'old.reddit.com'
# '(.*\.)?redd\.it$': 'old.reddit.com'
'(.*\.)?youtube\.com$': 'invidious.fdn.fr'
'(.*\.)?youtu\.be$': 'invidious.fdn.fr'
'(.*\.)?youtube-noocookie\.com$': 'invidious.fdn.fr'
# '(.*\.)?reddit\.com$': 'i.opnxng.com'
# '(.*\.)?redd\.it$': 'i.opnxng.com'
# '(.*\.)?libi.opnxng\.com$': 'l.opnxng.com'
'(.*\.)?reddit\.com$': 'old.reddit.com'
'(.*\.)?redd\.it$': 'old.reddit.com'
'(.*\.)?medium\.com$': 'm.opnxng.com'
'fandom\.com$': 'z.opnxng.com'
'(.*\.)?imgur\.com$': 'r.opnxng.com'
@ -2540,4 +2540,4 @@ doi_resolvers:
default_doi_resolver: 'oadoi.org'
{% endraw %}
{% endraw %}

7
vars/secrets.example.yaml
View File

@ -22,12 +22,15 @@ authelia_password:
geoipupdate_account_id:
geoipupdate_license_key:
invidious_db_user:
invidious_db_pass:
etherpad_db_user:
etherpad_db_pass:
etherpad_admin_password:
cloudflare_api_token:
allow_countries:
allow_countries:
twitterminator_url:
gitea_access_token:
@ -39,4 +42,4 @@ docker_host:
gitea_runner_registration_token:
runner_uuid:
runner_token:
runner_id:
runner_id:

24
vars/services.yaml
View File

@ -1,17 +1,31 @@
config:
oracle1:
- 4get
oracle2:
- 4get
oracle3:
- 4get
oracle4:
- 4get
- caddy
compose:
oracle1:
- photon
- 4get
oracle2:
- photon
- 4get
oracle3:
- photon
- 4get
oracle4:
- photon
- 4get
- caddy
# ----------------------------------------------------------------------------------------------------
deployed-compose:
vultr:
- invidious
####################
- teddit
- libreddit
- imgin
@ -125,6 +139,8 @@ deployed-compose:
# ----------------------------------------------------------------------------------------------------
deployed-config:
vultr:
- invidious
oracle1:
- 4get
- anonymousoverflow