diff --git a/config-tasks/4get.yaml b/config-tasks/4get.yaml index 3361acb..69df458 100644 --- a/config-tasks/4get.yaml +++ b/config-tasks/4get.yaml @@ -4,4 +4,13 @@ dest: "{{ docker_dir }}/4get/config.php" owner: 1000 group: 1000 - mode: 0755 \ No newline at end of file + mode: 0755 + +# - name: 4get cron +# cron: +# name: "Restart 4get hourly" +# special_time: "hourly" +# job: 'docker restart 4get' +# user: root +# become: true +# when: "'oracle' in group_names or 'cloudcompute' in group_names" diff --git a/config-tasks/gitea-netrc.yaml b/config-tasks/gitea-netrc.yaml index 891257c..94a26c8 100644 --- a/config-tasks/gitea-netrc.yaml +++ b/config-tasks/gitea-netrc.yaml @@ -1,15 +1,19 @@ +# Define the location of the gnupg folder +vars: + gnupg_folder: "/home/{{ control_user }}/.gnupg" + # ---------------------------------------------------------------------------------------------------- # Store git credentials with GPG and .netrc because SSH is too complicated for Gitea on Docker - name: Remove existing .netrc file: - path: "/home/{{ control_user }}/.netrc" + path: "{{ gnupg_folder }}/.netrc" state: absent delegate_to: "{{ control_host }}" - name: Remove existing .netrc.gpg file: - path: "/home/{{ control_user }}/.netrc.gpg" + path: "{{ gnupg_folder }}/.netrc.gpg" state: absent delegate_to: "{{ control_host }}" @@ -23,25 +27,25 @@ - name: Set up .netrc template: src: "conf/.netrc.j2" - dest: "/home/{{ control_user }}/.netrc" + dest: "{{ gnupg_folder }}/.netrc" owner: 1000 group: 1000 mode: 0600 delegate_to: "{{ control_host }}" - name: Encrypt .netrc - command: gpg -e -r opnxng@tuta.io /home/{{ control_user }}/.netrc + command: gpg -e -r opnxng@tuta.io {{ gnupg_folder }}/.netrc delegate_to: "{{ control_host }}" - name: Clear .netrc copy: content: '# Clear' - dest: "/home/{{ control_user }}/.netrc" + dest: "{{ gnupg_folder }}/.netrc" delegate_to: "{{ control_host }}" - name: Remove .netrc file: - path: "/home/{{ control_user }}/.netrc" + path: "{{ gnupg_folder }}/.netrc" state: absent delegate_to: "{{ control_host }}" @@ -52,16 +56,21 @@ become: true - name: Set git-credential-netrc permissions - command: chmod 755 /usr/bin/git-credential-netrc - become: true + file: + path: "/usr/bin/git-credential-netrc" + state: touch + mode: '0755' + owner: 1000 + group: 1000 delegate_to: "{{ control_host }}" + become: true - name: Use git-credential-netrc - command: git config --global credential.helper "/usr/bin/git-credential-netrc -f ~/.netrc.gpg -v" + command: git config --global credential.helper "/usr/bin/git-credential-netrc -f {{ gnupg_folder }}/.netrc.gpg -v" delegate_to: "{{ control_host }}" - name: Add pinentry-program to gpg-agent.conf on control host lineinfile: - path: /home/{{ user }}/.gnupg/gpg-agent.conf + path: "{{ gnupg_folder }}/gpg-agent.conf" line: 'pinentry-program /usr/bin/pinentry-gnome3' delegate_to: "{{ control_host }}" diff --git a/config-tasks/invidious.yaml b/config-tasks/invidious.yaml new file mode 100644 index 0000000..9c3dcf1 --- /dev/null +++ b/config-tasks/invidious.yaml @@ -0,0 +1,77 @@ + - name: Clone source repo + ansible.builtin.git: + repo: https://github.com/iv-org/invidious.git + dest: "{{ docker_dir }}/invidious" + single_branch: yes + version: master + + - name: Generate HMAC key + command: openssl rand -hex 32 + register: invidious_hmac_key_result + - set_fact: + invidious_hmac_key: "{{ invidious_hmac_key_result.stdout }}" + + - name: Set up invidious config.yml + template: + src: "conf/config.yml.j2" + dest: "{{ docker_dir }}/invidious/config.yml" + owner: 1000 + group: 1000 + mode: 0755 + + - name: Set up invidious nginx.conf + template: + src: "conf/nginx.conf.j2" + dest: "{{ docker_dir }}/invidious/nginx.conf" + owner: 1000 + group: 1000 + mode: 0755 + + - name: Create ytproxy directory + file: + path: "{{ docker_dir }}/invidious/opt" + state: directory + owner: 33 + group: 33 + mode: 0755 + become: true + + - name: Create ytproxy directory + file: + path: "{{ docker_dir }}/invidious/opt/http3-ytproxy" + state: directory + owner: 33 + group: 33 + mode: 0755 + become: true + +# - name: vultr cron on reboot +# cron: +# name: "Rotating IPv6 address on Invidious" +# special_time: "reboot" +# job: 'sleep 30s && docker run --rm --privileged --name smart-ipv6-rotator --network host quay.io/invidious/smart-ipv6-rotator:latest run --ipv6range=2001:19f0:4400:2e62::/64 && curl -H prio:low -d "Rotate IPv6 address successful" https://ntfy.opnxng.com/cron || curl -H tags:warning -H prio:high -d "Rotate IPv6 address failed!" https://ntfy.opnxng.com/cron;' +# user: root +# become: true +# when: +# - inventory_hostname == 'vultr' +# +# - name: vultr cron twice a day +# cron: +# name: "Rotating IPv6 address on Invidious" +# minute: "0" +# hour: "*/12" +# job: 'sleep 30s && docker run --rm --privileged --name smart-ipv6-rotator --network host quay.io/invidious/smart-ipv6-rotator:latest run --ipv6range=2001:19f0:4400:2e62::/64 && curl -H prio:low -d "Rotate IPv6 address successful" https://ntfy.opnxng.com/cron || curl -H tags:warning -H prio:high -d "Rotate IPv6 address failed!" https://ntfy.opnxng.com/cron;' +# user: root +# become: true +# when: +# - inventory_hostname == 'vultr' +# +# - name: vultr cron +# cron: +# name: "Restart Invidious hourly" +# special_time: "hourly" +# job: 'docker restart invidious' +# user: root +# become: true +# when: +# - inventory_hostname == 'vultr' diff --git a/files/gitea/data/custom/public/assests/css/theme-github.css b/files/gitea/data/custom/public/assets/css/theme-github.css similarity index 100% rename from files/gitea/data/custom/public/assests/css/theme-github.css rename to files/gitea/data/custom/public/assets/css/theme-github.css diff --git a/templates/compose/invidious.yaml.j2 b/templates/compose/invidious.yaml.j2 new file mode 100644 index 0000000..bc3bccd --- /dev/null +++ b/templates/compose/invidious.yaml.j2 @@ -0,0 +1,109 @@ +# {{ ansible_managed }} +version: '3.3' +services: + invidious: +# deploy: +# mode: replicated +# replicas: 6 + image: quay.io/invidious/invidious:latest + #image: quay.io/invidious/invidious:latest-arm64 + container_name: invidious + security_opt: + - no-new-privileges + environment: + - PUID=1000 + - PGID=1000 + - TZ=Asia/Singapore + healthcheck: + test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1 + interval: 30s + timeout: 5s + retries: 2 + logging: + options: + max-size: "1G" + max-file: "4" + depends_on: + - invidious-db + volumes: + - {{ docker_dir }}/invidious/config.yml:/invidious/config/config.yml + restart: unless-stopped + networks: + - invidious + + invidious-db: + image: docker.io/library/postgres:14 + container_name: invidious-db + restart: unless-stopped + volumes: + - {{ docker_dir }}/invidious/postgres/data:/var/lib/postgresql/data + - {{ docker_dir }}/invidious/config/sql:/config/sql + - {{ docker_dir }}/invidious/docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh + security_opt: + - no-new-privileges + environment: + - PUID=1000 + - PGID=1000 + - TZ=Asia/Singapore + - POSTGRES_DB=invidious + - POSTGRES_USER={{ invidious_db_user }} + - POSTGRES_PASSWORD={{ invidious_db_pass }} + healthcheck: + test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"] + networks: + - invidious + + invidious-nginx: + image: nginx:latest + container_name: invidious-nginx + restart: unless-stopped + security_opt: + - no-new-privileges + environment: + - PUID=1000 + - PGID=1000 + - TZ=Asia/Singapore + volumes: + - {{ docker_dir }}/invidious/nginx.conf:/etc/nginx/nginx.conf:ro + - {{ docker_dir }}/invidious/opt/http3-ytproxy:/opt/http3-ytproxy + depends_on: + - invidious + ports: + - '8911:3000' + networks: + - invidious + + invidious-ytproxy: + image: 1337kavin/ytproxy:latest + container_name: invidious-ytproxy + restart: unless-stopped + user: "33:33" + network_mode: "host" + environment: + - TZ=Asia/Singapore + - DISABLE_WEBP=1 + volumes: + - {{ docker_dir }}/invidious/opt/http3-ytproxy:/app/socket + + invidious-smart-ipv6-rotator: + command: tail -f /dev/null # Just to keep the image in the system + image: quay.io/invidious/smart-ipv6-rotator:latest + container_name: invidious-smart-ipv6-rotator + environment: + - PUID=1000 + - PGID=1000 + - TZ=Asia/Singapore + restart: unless-stopped + logging: + driver: none + networks: + - invidious + +networks: + invidious: + name: invidious + enable_ipv6: true + ipam: + config: + - subnet: fd01:db8:a::/64 + gateway: fd01:db8:a::1 diff --git a/templates/compose/watchtower.yaml.j2 b/templates/compose/watchtower.yaml.j2 index 5f31b98..82c0a23 100644 --- a/templates/compose/watchtower.yaml.j2 +++ b/templates/compose/watchtower.yaml.j2 @@ -16,4 +16,4 @@ services: - /var/run/docker.sock:/var/run/docker.sock command: --schedule "0 0 1 * * *" restart: unless-stopped - network_mode: bridge \ No newline at end of file + network_mode: bridge diff --git a/templates/conf/Caddyfile.j2 b/templates/conf/Caddyfile.j2 index 89a2e91..9de9d81 100755 --- a/templates/conf/Caddyfile.j2 +++ b/templates/conf/Caddyfile.j2 @@ -544,29 +544,29 @@ } } -# @4g host 4g.{$HOSTNAME} -# handle @4g { -# encode zstd gzip -# @notstatic { -# not path /static/* /android-chrome* /favicon* /robots.txt /banner/* /site.webmanifest -# } -# rate_limit @notstatic {remote.ip} 2r/s 60000 500 -# rate_limit @notstatic {remote.ip} 45r/m 300000 500 -# reverse_proxy { -# to {{ oracle1_private_ip }}:8907 -# to {{ oracle2_private_ip }}:8907 -# to {{ oracle3_private_ip }}:8907 -# to {{ oracle4_private_ip }}:8907 -# lb_policy ip_hash -# lb_try_duration 5s -# lb_try_interval 1s -# fail_duration 30s -# max_fails 3 -# } -# header { -# X-Robots-Tag "noindex, noimageindex, nosnippet, notranslate, noarchive, nofollow" -# } -# } + @4g host 4g.{$HOSTNAME} + handle @4g { + encode zstd gzip + @notstatic { + not path /static/* /android-chrome* /favicon* /robots.txt /banner/* /site.webmanifest + } + rate_limit @notstatic {remote.ip} 2r/s 60000 500 + rate_limit @notstatic {remote.ip} 45r/m 300000 500 + reverse_proxy { + to {{ oracle1_private_ip }}:8907 + to {{ oracle2_private_ip }}:8907 + to {{ oracle3_private_ip }}:8907 + to {{ oracle4_private_ip }}:8907 + lb_policy ip_hash + lb_try_duration 5s + lb_try_interval 1s + fail_duration 30s + max_fails 3 + } + header { + X-Robots-Tag "noindex, noimageindex, nosnippet, notranslate, noarchive, nofollow" + } + } @ig host ig.{$HOSTNAME} handle @ig { @@ -615,6 +615,15 @@ } } + @y host y.{$HOSTNAME} + handle @y { + encode zstd gzip + reverse_proxy {{ vultr_private_ip }}:8911 + header { + X-Robots-Tag "noindex, noimageindex, nosnippet, notranslate, noarchive, nofollow" + } + } + } # ---------------------------------------------------------------------------------------------------- diff --git a/templates/conf/config.yml.j2 b/templates/conf/config.yml.j2 new file mode 100644 index 0000000..f212ae6 --- /dev/null +++ b/templates/conf/config.yml.j2 @@ -0,0 +1,921 @@ +######################################### +# +# Database configuration +# +######################################### + +## +## Database configuration with separate parameters. +## This setting is MANDATORY, unless 'database_url' is used. +## +db: + user: {{ invidious_db_user }} + password: {{ invidious_db_pass }} + host: invidious-db + port: 5432 + dbname: invidious + +## +## Database configuration using a single URI. This is an +## alternative to the 'db' parameter above. If both forms +## are used, then only database_url is used. +## This setting is MANDATORY, unless 'db' is used. +## +## Note: The 'database_url' setting allows the use of UNIX +## sockets. To do so, remove the IP address (or FQDN) and port +## and append the 'host' parameter. E.g: +## postgres://kemal:kemal@/invidious?host=/var/run/postgresql +## +## Accepted values: a postgres:// URI +## Default: postgres://kemal:kemal@localhost:5432/invidious +## +#database_url: postgres://kemal:kemal@localhost:5432/invidious + +## +## Enable automatic table integrity check. This will create +## the required tables and columns if anything is missing. +## +## Accepted values: true, false +## Default: false +## +check_tables: true + + + +######################################### +# +# Server config +# +######################################### + +# ----------------------------- +# Network (inbound) +# ----------------------------- + +## +## Port to listen on for incoming connections. +## +## Note: Ports lower than 1024 requires either root privileges +## (not recommended) or the "CAP_NET_BIND_SERVICE" capability +## (See https://stackoverflow.com/a/414258 and `man capabilities`) +## +## Accepted values: 1-65535 +## Default: 3000 +## +#port: 3000 + +## +## When the invidious instance is behind a proxy, and the proxy +## listens on a different port than the instance does, this lets +## invidious know about it. This is used to craft absolute URLs +## to the instance (e.g in the API). +## +## Note: This setting is MANDATORY if invidious is behind a +## reverse proxy. +## +## Accepted values: 1-65535 +## Default: +## +#external_port: + +## +## Interface address to listen on for incoming connections. +## +## Accepted values: a valid IPv4 or IPv6 address. +## default: 0.0.0.0 (listen on all interfaces) +## +#host_binding: 0.0.0.0 + +## +## Domain name under which this instance is hosted. This is +## used to craft absolute URLs to the instance (e.g in the API). +## The domain MUST be defined if your instance is accessed from +## a domain name (like 'example.com'). +## +## Accepted values: a fully qualified domain name (FQDN) +## Default: +## +domain: y.opnxng.com + +## +## Tell Invidious that it is behind a proxy that provides only +## HTTPS, so all links must use the https:// scheme. This +## setting MUST be set to true if invidious is behind a +## reverse proxy serving HTTPs. +## +## Accepted values: true, false +## Default: false +## +https_only: true + +## +## Enable/Disable 'Strict-Transport-Security'. Make sure that +## the domain specified under 'domain' is served securely. +## +## Accepted values: true, false +## Default: true +## +#hsts: true + + +# ----------------------------- +# Network (outbound) +# ----------------------------- + +## +## Disable proxying server-wide. Can be disable as a whole, or +## only for a single function. +## +## Accepted values: true, false, dash, livestreams, downloads, local +## Default: false +## +disable_proxy: true + +## +## Size of the HTTP pool used to connect to youtube. Each +## domain ('youtube.com', 'ytimg.com', ...) has its own pool. +## +## Accepted values: a positive integer +## Default: 100 +## +#pool_size: 100 + + +## +## Additional cookies to be sent when requesting the youtube API. +## +## Accepted values: a string in the format "name1=value1; name2=value2..." +## Default: +## +#cookies: + +## +## Force connection to youtube over a specific IP family. +## +## Note: This may sometimes resolve issues involving rate-limiting. +## See https://github.com/ytdl-org/youtube-dl/issues/21729. +## +## Accepted values: ipv4, ipv6 +## Default: +## +#force_resolve: +force_resolve: ipv6 + +## +## Use Innertube's transcripts API instead of timedtext for closed captions +## +## Useful for larger instances as InnerTube is **not ratelimited**. See https://github.com/iv-org/invidious/issues/2567 +## +## Subtitle experience may differ slightly on Invidious. +## +## Accepted values: true, false +## Default: false +## +# use_innertube_for_captions: false + + +# ----------------------------- +# Logging +# ----------------------------- + +## +## Path to log file. Can be absolute or relative to the invidious +## binary. This is overridden if "-o OUTPUT" or "--output=OUTPUT" +## are passed on the command line. +## +## Accepted values: a filesystem path or 'STDOUT' +## Default: STDOUT +## +#output: STDOUT + +## +## Logging Verbosity. This is overridden if "-l LEVEL" or +## "--log-level=LEVEL" are passed on the command line. +## +## Accepted values: All, Trace, Debug, Info, Warn, Error, Fatal, Off +## Default: Info +## +#log_level: Info + + +# ----------------------------- +# Features +# ----------------------------- + +## +## Enable/Disable the "Popular" tab on the main page. +## +## Accepted values: true, false +## Default: true +## +popular_enabled: false + +## +## Enable/Disable statstics (available at /api/v1/stats). +## The following data is available: +## - Software name ("invidious") and version+branch (same data as +## displayed in the footer, e.g: "2021.05.13-75e5b49" / "master") +## - The value of the 'registration_enabled' config (true/false) +## - Number of currently registered users +## - Number of registered users who connected in the last month +## - Number of registered users who connected in the last 6 months +## - Timestamp of the last server restart +## - Timestamp of the last "Channel Refresh" job execution +## +## Warning: This setting MUST be set to true if you plan to run +## a public instance. It is used by api.invidious.io to refresh +## your instance's status. +## +## Accepted values: true, false +## Default: false +## +statistics_enabled: true + + +# ----------------------------- +# Users and accounts +# ----------------------------- + +## +## Allow/Forbid Invidious (local) account creation. Invidious +## accounts allow users to subscribe to channels and to create +## playlists without a Google account. +## +## Accepted values: true, false +## Default: true +## +registration_enabled: false + +## +## Allow/Forbid users to log-in. +## +## Accepted values: true, false +## Default: true +## +login_enabled: false + +## Enable/Disable the captcha challenge on the login page. +## +## Note: this is a basic captcha challenge that doesn't +## depend on any third parties. +## +## Accepted values: true, false +## Default: true +## +captcha_enabled: false + +## +## List of usernames that will be granted administrator rights. +## A user with administrator rights will be able to change the +## server configuration options listed below in /preferences, +## in addition to the usual user preferences. +## +## Server-wide settings: +## - popular_enabled +## - captcha_enabled +## - login_enabled +## - registration_enabled +## - statistics_enabled +## Default user preferences: +## - default_home +## - feed_menu +## +## Accepted values: an array of strings +## Default: [""] +## +#admins: [""] + +## +## Enable/Disable the user notifications for all users +## +## Note: On large instances, it is recommended to set this option to 'false' +## in order to reduce the amount of data written to the database, and hence +## improve the overall performance of the instance. +## +## Accepted values: true, false +## Default: true +## +#enable_user_notifications: true + +# ----------------------------- +# Background jobs +# ----------------------------- + +## +## Number of threads to use when crawling channel videos (during +## subscriptions update). +## +## Notes: This setting is overridden if either "-c THREADS" or +## "--channel-threads=THREADS" is passed on the command line. +## +## Accepted values: a positive integer +## Default: 1 +## +channel_threads: 0 + +## +## Time interval between two executions of the job that crawls +## channel videos (subscriptions update). +## +## Accepted values: a valid time interval (like 1h30m or 90m) +## Default: 30m +## +#channel_refresh_interval: 30m + +## +## Forcefully dump and re-download the entire list of uploaded +## videos when crawling channel (during subscriptions update). +## +## Accepted values: true, false +## Default: false +## +full_refresh: false + +## +## Number of threads to use when updating RSS feeds. +## +## Notes: This setting is overridden if either "-f THREADS" or +## "--feed-threads=THREADS" is passed on the command line. +## +## Accepted values: a positive integer +## Default: 1 +## +feed_threads: 0 + +## +## Enable/Disable the polling job that keeps the decryption +## function (for "secured" videos) up to date. +## +## Note: This part of the code generate a small amount of data every minute. +## This may not be desired if you have bandwidth limits set by your ISP. +## +## Note 2: This part of the code is currently broken, so changing +## this setting has no impact. +## +## Accepted values: true, false +## Default: false +## +#decrypt_polling: false + + +jobs: + + ## Options for the database cleaning job + clear_expired_items: + + ## Enable/Disable job + ## + ## Accepted values: true, false + ## Default: true + ## + enable: true + + ## Options for the channels updater job + refresh_channels: + + ## Enable/Disable job + ## + ## Accepted values: true, false + ## Default: true + ## + enable: true + + ## Options for the RSS feeds updater job + refresh_feeds: + + ## Enable/Disable job + ## + ## Accepted values: true, false + ## Default: true + ## + enable: true + + +# ----------------------------- +# Captcha API +# ----------------------------- + +## +## URL of the captcha solving service. +## +## Accepted values: any URL +## Default: https://api.anti-captcha.com +## +#captcha_api_url: https://api.anti-captcha.com + +## +## API key for the captcha solving service. +## +## Accepted values: a string +## Default: +## +#captcha_key: + + +# ----------------------------- +# Miscellaneous +# ----------------------------- + +## +## custom banner displayed at the top of every page. This can +## used for instance announcements, e.g. +## +## Accepted values: any string. HTML is accepted. +## Default: +## +#banner: + +## +## Subscribe to channels using PubSubHub (Google PubSubHubbub service). +## PubSubHub allows Invidious to be instantly notified when a new video +## is published on any subscribed channels. When PubSubHub is not used, +## Invidious will check for new videos every minute. +## +## Note: This setting is recommended for public instances. +## +## Note 2: +## - Requires a public instance (it uses /feed/webhook/v1) +## - Requires 'domain' and 'hmac_key' to be set. +## - Setting this parameter to any number greater than zero will +## enable channel subscriptions via PubSubHub, but will limit the +## amount of concurrent subscriptions. +## +## Accepted values: true, false, a positive integer +## Default: false +## +#use_pubsub_feeds: false + +## +## HMAC signing key used for CSRF tokens, cookies and pubsub +## subscriptions verification. +## +## Note: This parameter is mandatory and should be a random string. +## Such random string can be generated on linux with the following +## command: `pwgen 20 1` +## +## Accepted values: a string +## Default: +## +hmac_key: "{{ invidious_hmac_key }}" + +## +## List of video IDs where the "download" widget must be +## disabled, in order to comply with DMCA requests. +## +## Accepted values: an array of string +## Default: +## +#dmca_content: + +## +## Cache video annotations in the database. +## +## Warning: empty annotations or annotations that only contain +## cards won't be cached. +## +## Accepted values: true, false +## Default: false +## +#cache_annotations: false + +## +## Source code URL. If your instance is running a modified source +## code, you MUST publish it somewhere and set this option. +## +## Accepted values: a string +## Default: +## +#modified_source_code_url: "" + +## +## Maximum custom playlist length limit. +## +## Accepted values: Integer +## Default: 500 +## +#playlist_length_limit: 500 + +######################################### +# +# Default user preferences +# +######################################### + +## +## NOTE: All the settings below define the default user +## preferences. They will apply to ALL users connecting +## without a preferences cookie (so either on the first +## connection to the instance or after clearing the +## browser's cookies). +## + +default_user_preferences: + + # ----------------------------- + # Internationalization + # ----------------------------- + + ## + ## Default user interface language (locale). + ## + ## Note: When hosting a public instance, overriding the + ## default (english) is not recommended, as it may + ## people using other languages. + ## + ## Accepted values: + ## ar (Arabic) + ## da (Danish) + ## de (German) + ## en-US (english, US) + ## el (Greek) + ## eo (Esperanto) + ## es (Spanish) + ## fa (Persian) + ## fi (Finnish) + ## fr (French) + ## he (Hebrew) + ## hr (Hungarian) + ## id (Indonesian) + ## is (Icelandic) + ## it (Italian) + ## ja (Japanese) + ## nb-NO (Norwegian, Bokmål) + ## nl (Dutch) + ## pl (Polish) + ## pt-BR (Portuguese, Brazil) + ## pt-PT (Portuguese, Portugal) + ## ro (Romanian) + ## ru (Russian) + ## sv (Swedish) + ## tr (Turkish) + ## uk (Ukrainian) + ## zh-CN (Chinese, China) (a.k.a "Simplified Chinese") + ## zh-TW (Chinese, Taiwan) (a.k.a "Traditional Chinese") + ## + ## Default: en-US + ## + #locale: en-US + + ## + ## Default geographical location for content. + ## + ## Accepted values: + ## AE, AR, AT, AU, AZ, BA, BD, BE, BG, BH, BO, BR, BY, CA, CH, CL, CO, CR, + ## CY, CZ, DE, DK, DO, DZ, EC, EE, EG, ES, FI, FR, GB, GE, GH, GR, GT, HK, + ## HN, HR, HU, ID, IE, IL, IN, IQ, IS, IT, JM, JO, JP, KE, KR, KW, KZ, LB, + ## LI, LK, LT, LU, LV, LY, MA, ME, MK, MT, MX, MY, NG, NI, NL, NO, NP, NZ, + ## OM, PA, PE, PG, PH, PK, PL, PR, PT, PY, QA, RO, RS, RU, SA, SE, SG, SI, + ## SK, SN, SV, TH, TN, TR, TW, TZ, UA, UG, US, UY, VE, VN, YE, ZA, ZW + ## + ## Default: US + ## + #region: US + + ## + ## Top 3 preferred languages for video captions. + ## + ## Note: overriding the default (no preferred + ## caption language) is not recommended, in order + ## to not penalize people using other languages. + ## + ## Accepted values: a three-entries array. + ## Each entry can be one of: + ## "English", "English (auto-generated)", + ## "Afrikaans", "Albanian", "Amharic", "Arabic", + ## "Armenian", "Azerbaijani", "Bangla", "Basque", + ## "Belarusian", "Bosnian", "Bulgarian", "Burmese", + ## "Catalan", "Cebuano", "Chinese (Simplified)", + ## "Chinese (Traditional)", "Corsican", "Croatian", + ## "Czech", "Danish", "Dutch", "Esperanto", "Estonian", + ## "Filipino", "Finnish", "French", "Galician", "Georgian", + ## "German", "Greek", "Gujarati", "Haitian Creole", "Hausa", + ## "Hawaiian", "Hebrew", "Hindi", "Hmong", "Hungarian", + ## "Icelandic", "Igbo", "Indonesian", "Irish", "Italian", + ## "Japanese", "Javanese", "Kannada", "Kazakh", "Khmer", + ## "Korean", "Kurdish", "Kyrgyz", "Lao", "Latin", "Latvian", + ## "Lithuanian", "Luxembourgish", "Macedonian", + ## "Malagasy", "Malay", "Malayalam", "Maltese", "Maori", + ## "Marathi", "Mongolian", "Nepali", "Norwegian Bokmål", + ## "Nyanja", "Pashto", "Persian", "Polish", "Portuguese", + ## "Punjabi", "Romanian", "Russian", "Samoan", + ## "Scottish Gaelic", "Serbian", "Shona", "Sindhi", + ## "Sinhala", "Slovak", "Slovenian", "Somali", + ## "Southern Sotho", "Spanish", "Spanish (Latin America)", + ## "Sundanese", "Swahili", "Swedish", "Tajik", "Tamil", + ## "Telugu", "Thai", "Turkish", "Ukrainian", "Urdu", + ## "Uzbek", "Vietnamese", "Welsh", "Western Frisian", + ## "Xhosa", "Yiddish", "Yoruba", "Zulu" + ## + ## Default: ["", "", ""] + ## + #captions: ["", "", ""] + + + # ----------------------------- + # Interface + # ----------------------------- + + ## + ## Enable/Disable dark mode. + ## + ## Accepted values: "dark", "light", "auto" + ## Default: "auto" + ## + #dark_mode: "auto" + + ## + ## Enable/Disable thin mode (no video thumbnails). + ## + ## Accepted values: true, false + ## Default: false + ## + #thin_mode: false + + ## + ## List of feeds available on the home page. + ## + ## Note: "Subscriptions" and "Playlists" are only visible + ## when the user is logged in. + ## + ## Accepted values: A list of strings + ## Each entry can be one of: "Popular", "Trending", + ## "Subscriptions", "Playlists" + ## + ## Default: ["Popular", "Trending", "Subscriptions", "Playlists"] (show all feeds) + ## + feed_menu: ["Subscriptions", "Playlists"] + + ## + ## Default feed to display on the home page. + ## + ## Note: setting this option to "Popular" has no + ## effect when 'popular_enabled' is set to false. + ## + ## Accepted values: Popular, Trending, Subscriptions, Playlists, + ## Default: Popular + ## + default_home: + + ## + ## Default number of results to display per page. + ## + ## Note: this affects invidious-generated pages only, such + ## as watch history and subscription feeds. Playlists, search + ## results and channel videos depend on the data returned by + ## the Youtube API. + ## + ## Accepted values: any positive integer + ## Default: 40 + ## + #max_results: 40 + + ## + ## Show/hide annotations. + ## + ## Accepted values: true, false + ## Default: false + ## + #annotations: false + + ## + ## Show/hide annotation. + ## + ## Accepted values: true, false + ## Default: false + ## + #annotations_subscribed: false + + ## + ## Type of comments to display below video. + ## + ## Accepted values: a two-entries array. + ## Each entry can be one of: "youtube", "reddit", "" + ## + ## Default: ["youtube", ""] + ## + #comments: ["youtube", ""] + + ## + ## Default player style. + ## + ## Accepted values: invidious, youtube + ## Default: invidious + ## + #player_style: invidious + + ## + ## Show/Hide the "related videos" sidebar when + ## watching a video. + ## + ## Accepted values: true, false + ## Default: true + ## + #related_videos: true + + + # ----------------------------- + # Video player behavior + # ----------------------------- + + ## + ## Automatically play videos on page load. + ## + ## Accepted values: true, false + ## Default: false + ## + #autoplay: false + + ## + ## Automatically load the "next" video (either next in + ## playlist or proposed) when the current video ends. + ## + ## Accepted values: true, false + ## Default: false + ## + #continue: false + + ## + ## Autoplay next video by default. + ## + ## Note: Only effective if 'continue' is set to true. + ## + ## Accepted values: true, false + ## Default: true + ## + #continue_autoplay: true + + ## + ## Play videos in Audio-only mode by default. + ## + ## Accepted values: true, false + ## Default: false + ## + #listen: false + + ## + ## Loop videos automatically. + ## + ## Accepted values: true, false + ## Default: false + ## + #video_loop: false + + + # ----------------------------- + # Video playback settings + # ----------------------------- + + ## + ## Default video quality. + ## + ## Accepted values: dash, hd720, medium, small + ## Default: hd720 + ## + #quality: hd720 + + ## + ## Default dash video quality. + ## + ## Note: this setting only takes effet if the + ## 'quality' parameter is set to "dash". + ## + ## Accepted values: + ## auto, best, 4320p, 2160p, 1440p, 1080p, + ## 720p, 480p, 360p, 240p, 144p, worst + ## Default: auto + ## + #quality_dash: auto + + ## + ## Default video playback speed. + ## + ## Accepted values: 0.25, 0.5, 0.75, 1.0, 1.25, 1.5, 1.75, 2.0 + ## Default: 1.0 + ## + #speed: 1.0 + + ## + ## Default volume. + ## + ## Accepted values: 0-100 + ## Default: 100 + ## + #volume: 100 + + ## + ## Allow 360° videos to be played. + ## + ## Note: This feature requires a WebGL-enabled browser. + ## + ## Accepted values: true, false + ## Default: true + ## + #vr_mode: true + + ## + ## Save the playback position + ## Allow to continue watching at the previous position when + ## watching the same video. + ## + ## Accepted values: true, false + ## Default: false + ## + #save_player_pos: false + + # ----------------------------- + # Subscription feed + # ----------------------------- + + ## + ## In the "Subscription" feed, only show the latest video + ## of each channel the user is subscribed to. + ## + ## Note: when combined with 'unseen_only', the latest unseen + ## video of each channel will be displayed instead of the + ## latest by date. + ## + ## Accepted values: true, false + ## Default: false + ## + #latest_only: false + + ## + ## Enable/Disable user subscriptions desktop notifications. + ## + ## Accepted values: true, false + ## Default: false + ## + #notifications_only: false + + ## + ## In the "Subscription" feed, Only show the videos that the + ## user haven't watched yet (i.e which are not in their watch + ## history). + ## + ## Accepted values: true, false + ## Default: false + ## + #unseen_only: false + + ## + ## Default sorting parameter for subscription feeds. + ## + ## Accepted values: + ## 'alphabetically' + ## 'alphabetically - reverse' + ## 'channel name' + ## 'channel name - reverse' + ## 'published' + ## 'published - reverse' + ## + ## Default: published + ## + #sort: published + + + # ----------------------------- + # Miscellaneous + # ----------------------------- + + ## + ## Proxy videos through instance by default. + ## + ## Warning: As most users won't change this setting in their + ## preferences, defaulting to true will significantly + ## increase the instance's network usage, so make sure that + ## your server's connection can handle it. + ## + ## Accepted values: true, false + ## Default: false + ## + #local: false + + ## + ## Show the connected user's nick at the top right. + ## + ## Accepted values: true, false + ## Default: true + ## + #show_nick: true + + ## + ## Automatically redirect to a random instance when the user uses + ## any "switch invidious instance" link (For videos, it's the plane + ## icon, next to "watch on youtube" and "listen"). When set to false, + ## the user is sent to https://redirect.invidious.io instead, where + ## they can manually select an instance. + ## + ## Accepted values: true, false + ## Default: false + ## + #automatic_instance_redirect: false + + ## + ## Show the entire video description by default (when set to 'false', + ## only the first few lines of the description are shown and a + ## "show more" button allows to expand it). + ## + ## Accepted values: true, false + ## Default: false + ## + #extend_desc: false diff --git a/templates/conf/nginx.conf.j2 b/templates/conf/nginx.conf.j2 new file mode 100755 index 0000000..5a695fd --- /dev/null +++ b/templates/conf/nginx.conf.j2 @@ -0,0 +1,39 @@ +user www-data; +events { + worker_connections 1000; +} +http { + server { + listen 3000; + listen [::]:3000; + access_log off; + location / { + resolver 127.0.0.11; + set $backend "invidious"; + proxy_pass http://$backend:3000; + proxy_http_version 1.1; # to keep alive + proxy_set_header Connection ""; # to keep alive + location ~ (^/videoplayback|^/vi/|^/ggpht/|^/sb/) { + proxy_buffering on; + proxy_buffers 1024 16k; + proxy_set_header X-Forwarded-For ""; + proxy_set_header CF-Connecting-IP ""; + proxy_hide_header "alt-svc"; + sendfile on; + sendfile_max_chunk 512k; + tcp_nopush on; + aio threads=default; + aio_write on; + directio 16m; + proxy_hide_header Cache-Control; + proxy_hide_header etag; + proxy_http_version 1.1; + proxy_set_header Connection keep-alive; + proxy_max_temp_file_size 32m; + access_log off; + proxy_pass http://unix:/opt/http3-ytproxy/http-proxy.sock; + add_header Cache-Control private always; + } + } + } +} diff --git a/templates/conf/nitter.conf.j2 b/templates/conf/nitter.conf.j2 index 367bb2b..45330a3 100755 --- a/templates/conf/nitter.conf.j2 +++ b/templates/conf/nitter.conf.j2 @@ -40,7 +40,7 @@ tokenCount = 10 [Preferences] theme = "auto_(Twitter)" replaceTwitter = "n.opnxng.com" -replaceYouTube = "vid.priv.au" +replaceYouTube = "invidious.fdn.fr" replaceReddit = "i.opnxng.com" replaceInstagram = "" proxyVideos = true diff --git a/templates/conf/settings.yml.j2 b/templates/conf/settings.yml.j2 index 0e60992..c749eab 100755 --- a/templates/conf/settings.yml.j2 +++ b/templates/conf/settings.yml.j2 @@ -214,14 +214,14 @@ enabled_plugins: # hostname_replace: '(.*\.)?music.youtube\.com$': 'beatbump.io' - '(.*\.)?youtube\.com$': 'vid.priv.au' - '(.*\.)?youtu\.be$': 'vid.priv.au' - '(.*\.)?youtube-noocookie\.com$': 'vid.priv.au' - '(.*\.)?reddit\.com$': 'i.opnxng.com' - '(.*\.)?redd\.it$': 'i.opnxng.com' - '(.*\.)?libi.opnxng\.com$': 'l.opnxng.com' -# '(.*\.)?reddit\.com$': 'old.reddit.com' -# '(.*\.)?redd\.it$': 'old.reddit.com' + '(.*\.)?youtube\.com$': 'invidious.fdn.fr' + '(.*\.)?youtu\.be$': 'invidious.fdn.fr' + '(.*\.)?youtube-noocookie\.com$': 'invidious.fdn.fr' +# '(.*\.)?reddit\.com$': 'i.opnxng.com' +# '(.*\.)?redd\.it$': 'i.opnxng.com' +# '(.*\.)?libi.opnxng\.com$': 'l.opnxng.com' + '(.*\.)?reddit\.com$': 'old.reddit.com' + '(.*\.)?redd\.it$': 'old.reddit.com' '(.*\.)?medium\.com$': 'm.opnxng.com' 'fandom\.com$': 'z.opnxng.com' '(.*\.)?imgur\.com$': 'r.opnxng.com' @@ -2540,4 +2540,4 @@ doi_resolvers: default_doi_resolver: 'oadoi.org' -{% endraw %} \ No newline at end of file +{% endraw %} diff --git a/vars/secrets.example.yaml b/vars/secrets.example.yaml index 64b8c56..241afe5 100644 --- a/vars/secrets.example.yaml +++ b/vars/secrets.example.yaml @@ -22,12 +22,15 @@ authelia_password: geoipupdate_account_id: geoipupdate_license_key: +invidious_db_user: +invidious_db_pass: + etherpad_db_user: etherpad_db_pass: etherpad_admin_password: cloudflare_api_token: -allow_countries: +allow_countries: twitterminator_url: gitea_access_token: @@ -39,4 +42,4 @@ docker_host: gitea_runner_registration_token: runner_uuid: runner_token: -runner_id: \ No newline at end of file +runner_id: diff --git a/vars/services.yaml b/vars/services.yaml index ab57a6a..1933495 100644 --- a/vars/services.yaml +++ b/vars/services.yaml @@ -1,17 +1,31 @@ +config: + oracle1: + - 4get + oracle2: + - 4get + oracle3: + - 4get + oracle4: + - 4get + - caddy + compose: oracle1: - - photon + - 4get oracle2: - - photon + - 4get oracle3: - - photon + - 4get oracle4: - - photon + - 4get + - caddy # ---------------------------------------------------------------------------------------------------- deployed-compose: vultr: + - invidious + #################### - teddit - libreddit - imgin @@ -125,6 +139,8 @@ deployed-compose: # ---------------------------------------------------------------------------------------------------- deployed-config: + vultr: + - invidious oracle1: - 4get - anonymousoverflow