Fijxu/docker-compose-configs
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

invidious: better configuration with example and explanation

Browse source 
watchtower: use trusted-fast label for trusted images (generally my own images)
This commit is contained in:
root 2025-04-07 16:52:14 -04:00
parent afba0731b1
commit 0b420bbbbf
10 changed files with 588 additions and 93 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
invidious/invidious-all/.env-abubis.example Normal file
View file

@ -0,0 +1,4 @@
# ANUBIS
# Generate it with `openssl rand -hex 32`
# https://github.com/TecharoHQ/anubis/blob/main/docs/docs/admin/installation.mdx
ED25519_PRIVATE_KEY_HEX=""

4
invidious/invidious-all/.env-invidious.example Normal file
View file

@ -0,0 +1,4 @@
#INVIDIOUS_BANNER=""
# Fill those 2 environment variables
INVIDIOUS_INVIDIOUS_COMPANION_KEY=""
INVIDIOUS_HMAC_KEY=""

10
invidious/invidious-all/.env-pgbouncer.example Normal file
View file

@ -0,0 +1,10 @@
# PG_BOUNCER
# Use `/var/run/postgresql/` if you are passing a local
# postgresql database running on the host machine
# Otherwise, you will need to figure it out how to
# configure this if you want to run a separate
# postgresql database only for invidious.
DB_HOST=/var/run/postgresql/
DB_USER=""
DB_PASSWORD=""
DB_NAME=""

398
invidious/invidious-all/botPolicies.json.example Normal file
View file

@ -0,0 +1,398 @@
{
"bots": [
{
"name": "amazonbot",
"user_agent_regex": "Amazonbot",
"action": "DENY"
},
{
"name": "googlebot",
"user_agent_regex": "\\+http\\://www\\.google\\.com/bot\\.html",
"action": "ALLOW",
"remote_addresses": [
"2001:4860:4801:10::/64",
"2001:4860:4801:11::/64",
"2001:4860:4801:12::/64",
"2001:4860:4801:13::/64",
"2001:4860:4801:14::/64",
"2001:4860:4801:15::/64",
"2001:4860:4801:16::/64",
"2001:4860:4801:17::/64",
"2001:4860:4801:18::/64",
"2001:4860:4801:19::/64",
"2001:4860:4801:1a::/64",
"2001:4860:4801:1b::/64",
"2001:4860:4801:1c::/64",
"2001:4860:4801:1d::/64",
"2001:4860:4801:1e::/64",
"2001:4860:4801:1f::/64",
"2001:4860:4801:20::/64",
"2001:4860:4801:21::/64",
"2001:4860:4801:22::/64",
"2001:4860:4801:23::/64",
"2001:4860:4801:24::/64",
"2001:4860:4801:25::/64",
"2001:4860:4801:26::/64",
"2001:4860:4801:27::/64",
"2001:4860:4801:28::/64",
"2001:4860:4801:29::/64",
"2001:4860:4801:2::/64",
"2001:4860:4801:2a::/64",
"2001:4860:4801:2b::/64",
"2001:4860:4801:2c::/64",
"2001:4860:4801:2d::/64",
"2001:4860:4801:2e::/64",
"2001:4860:4801:2f::/64",
"2001:4860:4801:31::/64",
"2001:4860:4801:32::/64",
"2001:4860:4801:33::/64",
"2001:4860:4801:34::/64",
"2001:4860:4801:35::/64",
"2001:4860:4801:36::/64",
"2001:4860:4801:37::/64",
"2001:4860:4801:38::/64",
"2001:4860:4801:39::/64",
"2001:4860:4801:3a::/64",
"2001:4860:4801:3b::/64",
"2001:4860:4801:3c::/64",
"2001:4860:4801:3d::/64",
"2001:4860:4801:3e::/64",
"2001:4860:4801:40::/64",
"2001:4860:4801:41::/64",
"2001:4860:4801:42::/64",
"2001:4860:4801:43::/64",
"2001:4860:4801:44::/64",
"2001:4860:4801:45::/64",
"2001:4860:4801:46::/64",
"2001:4860:4801:47::/64",
"2001:4860:4801:48::/64",
"2001:4860:4801:49::/64",
"2001:4860:4801:4a::/64",
"2001:4860:4801:4b::/64",
"2001:4860:4801:4c::/64",
"2001:4860:4801:50::/64",
"2001:4860:4801:51::/64",
"2001:4860:4801:52::/64",
"2001:4860:4801:53::/64",
"2001:4860:4801:54::/64",
"2001:4860:4801:55::/64",
"2001:4860:4801:56::/64",
"2001:4860:4801:60::/64",
"2001:4860:4801:61::/64",
"2001:4860:4801:62::/64",
"2001:4860:4801:63::/64",
"2001:4860:4801:64::/64",
"2001:4860:4801:65::/64",
"2001:4860:4801:66::/64",
"2001:4860:4801:67::/64",
"2001:4860:4801:68::/64",
"2001:4860:4801:69::/64",
"2001:4860:4801:6a::/64",
"2001:4860:4801:6b::/64",
"2001:4860:4801:6c::/64",
"2001:4860:4801:6d::/64",
"2001:4860:4801:6e::/64",
"2001:4860:4801:6f::/64",
"2001:4860:4801:70::/64",
"2001:4860:4801:71::/64",
"2001:4860:4801:72::/64",
"2001:4860:4801:73::/64",
"2001:4860:4801:74::/64",
"2001:4860:4801:75::/64",
"2001:4860:4801:76::/64",
"2001:4860:4801:77::/64",
"2001:4860:4801:78::/64",
"2001:4860:4801:79::/64",
"2001:4860:4801:80::/64",
"2001:4860:4801:81::/64",
"2001:4860:4801:82::/64",
"2001:4860:4801:83::/64",
"2001:4860:4801:84::/64",
"2001:4860:4801:85::/64",
"2001:4860:4801:86::/64",
"2001:4860:4801:87::/64",
"2001:4860:4801:88::/64",
"2001:4860:4801:90::/64",
"2001:4860:4801:91::/64",
"2001:4860:4801:92::/64",
"2001:4860:4801:93::/64",
"2001:4860:4801:94::/64",
"2001:4860:4801:95::/64",
"2001:4860:4801:96::/64",
"2001:4860:4801:a0::/64",
"2001:4860:4801:a1::/64",
"2001:4860:4801:a2::/64",
"2001:4860:4801:a3::/64",
"2001:4860:4801:a4::/64",
"2001:4860:4801:a5::/64",
"2001:4860:4801:c::/64",
"2001:4860:4801:f::/64",
"192.178.5.0/27",
"192.178.6.0/27",
"192.178.6.128/27",
"192.178.6.160/27",
"192.178.6.192/27",
"192.178.6.32/27",
"192.178.6.64/27",
"192.178.6.96/27",
"34.100.182.96/28",
"34.101.50.144/28",
"34.118.254.0/28",
"34.118.66.0/28",
"34.126.178.96/28",
"34.146.150.144/28",
"34.147.110.144/28",
"34.151.74.144/28",
"34.152.50.64/28",
"34.154.114.144/28",
"34.155.98.32/28",
"34.165.18.176/28",
"34.175.160.64/28",
"34.176.130.16/28",
"34.22.85.0/27",
"34.64.82.64/28",
"34.65.242.112/28",
"34.80.50.80/28",
"34.88.194.0/28",
"34.89.10.80/28",
"34.89.198.80/28",
"34.96.162.48/28",
"35.247.243.240/28",
"66.249.64.0/27",
"66.249.64.128/27",
"66.249.64.160/27",
"66.249.64.224/27",
"66.249.64.32/27",
"66.249.64.64/27",
"66.249.64.96/27",
"66.249.65.0/27",
"66.249.65.128/27",
"66.249.65.160/27",
"66.249.65.192/27",
"66.249.65.224/27",
"66.249.65.32/27",
"66.249.65.64/27",
"66.249.65.96/27",
"66.249.66.0/27",
"66.249.66.128/27",
"66.249.66.160/27",
"66.249.66.192/27",
"66.249.66.224/27",
"66.249.66.32/27",
"66.249.66.64/27",
"66.249.66.96/27",
"66.249.68.0/27",
"66.249.68.128/27",
"66.249.68.32/27",
"66.249.68.64/27",
"66.249.68.96/27",
"66.249.69.0/27",
"66.249.69.128/27",
"66.249.69.160/27",
"66.249.69.192/27",
"66.249.69.224/27",
"66.249.69.32/27",
"66.249.69.64/27",
"66.249.69.96/27",
"66.249.70.0/27",
"66.249.70.128/27",
"66.249.70.160/27",
"66.249.70.192/27",
"66.249.70.224/27",
"66.249.70.32/27",
"66.249.70.64/27",
"66.249.70.96/27",
"66.249.71.0/27",
"66.249.71.128/27",
"66.249.71.160/27",
"66.249.71.192/27",
"66.249.71.224/27",
"66.249.71.32/27",
"66.249.71.64/27",
"66.249.71.96/27",
"66.249.72.0/27",
"66.249.72.128/27",
"66.249.72.160/27",
"66.249.72.192/27",
"66.249.72.224/27",
"66.249.72.32/27",
"66.249.72.64/27",
"66.249.72.96/27",
"66.249.73.0/27",
"66.249.73.128/27",
"66.249.73.160/27",
"66.249.73.192/27",
"66.249.73.224/27",
"66.249.73.32/27",
"66.249.73.64/27",
"66.249.73.96/27",
"66.249.74.0/27",
"66.249.74.128/27",
"66.249.74.160/27",
"66.249.74.192/27",
"66.249.74.32/27",
"66.249.74.64/27",
"66.249.74.96/27",
"66.249.75.0/27",
"66.249.75.128/27",
"66.249.75.160/27",
"66.249.75.192/27",
"66.249.75.224/27",
"66.249.75.32/27",
"66.249.75.64/27",
"66.249.75.96/27",
"66.249.76.0/27",
"66.249.76.128/27",
"66.249.76.160/27",
"66.249.76.192/27",
"66.249.76.224/27",
"66.249.76.32/27",
"66.249.76.64/27",
"66.249.76.96/27",
"66.249.77.0/27",
"66.249.77.128/27",
"66.249.77.160/27",
"66.249.77.192/27",
"66.249.77.224/27",
"66.249.77.32/27",
"66.249.77.64/27",
"66.249.77.96/27",
"66.249.78.0/27",
"66.249.78.32/27",
"66.249.79.0/27",
"66.249.79.128/27",
"66.249.79.160/27",
"66.249.79.192/27",
"66.249.79.224/27",
"66.249.79.32/27",
"66.249.79.64/27",
"66.249.79.96/27"
]
},
{
"name": "bingbot",
"user_agent_regex": "\\+http\\://www\\.bing\\.com/bingbot\\.htm",
"action": "ALLOW",
"remote_addresses": [
"157.55.39.0/24",
"207.46.13.0/24",
"40.77.167.0/24",
"13.66.139.0/24",
"13.66.144.0/24",
"52.167.144.0/24",
"13.67.10.16/28",
"13.69.66.240/28",
"13.71.172.224/28",
"139.217.52.0/28",
"191.233.204.224/28",
"20.36.108.32/28",
"20.43.120.16/28",
"40.79.131.208/28",
"40.79.186.176/28",
"52.231.148.0/28",
"20.79.107.240/28",
"51.105.67.0/28",
"20.125.163.80/28",
"40.77.188.0/22",
"65.55.210.0/24",
"199.30.24.0/23",
"40.77.202.0/24",
"40.77.139.0/25",
"20.74.197.0/28",
"20.15.133.160/27",
"40.77.177.0/24",
"40.77.178.0/23"
]
},
{
"name": "qwantbot",
"user_agent_regex": "\\+https\\://help\\.qwant\\.com/bot/",
"action": "ALLOW",
"remote_addresses": [
"91.242.162.0/24"
]
},
{
"name": "kagibot",
"user_agent_regex": "\\+https\\://kagi\\.com/bot",
"action": "ALLOW",
"remote_addresses": [
"216.18.205.234/32",
"35.212.27.76/32",
"104.254.65.50/32",
"209.151.156.194/32"
]
},
{
"name": "marginalia",
"user_agent_regex": "search\\.marginalia\\.nu",
"action": "ALLOW",
"remote_addresses": [
"193.183.0.162/31",
"193.183.0.164/30",
"193.183.0.168/30",
"193.183.0.172/31",
"193.183.0.174/32"
]
},
{
"name": "mojeekbot",
"user_agent_regex": "http\\://www\\.mojeek\\.com/bot\\.html",
"action": "ALLOW",
"remote_addresses": [
"5.102.173.71/32"
]
},
{
"name": "us-artificial-intelligence-scraper",
"user_agent_regex": "\\+https\\://github\\.com/US-Artificial-Intelligence/scraper",
"action": "DENY"
},
{
"name": "well-known",
"path_regex": "^/.well-known/.*$",
"action": "ALLOW"
},
{
"name": "favicon",
"path_regex": "^/favicon.ico$",
"action": "ALLOW"
},
{
"name": "robots-txt",
"path_regex": "^/robots.txt$",
"action": "ALLOW"
},
{
"name": "lightpanda",
"user_agent_regex": "^Lightpanda/.*$",
"action": "DENY"
},
{
"name": "headless-chrome",
"user_agent_regex": "HeadlessChrome",
"action": "DENY"
},
{
"name": "headless-chromium",
"user_agent_regex": "HeadlessChromium",
"action": "DENY"
},
{
"name": "generic-bot-catchall",
"user_agent_regex": "(?i:bot|crawler)",
"action": "CHALLENGE",
"challenge": {
"difficulty": 16,
"report_as": 4,
"algorithm": "slow"
}
},
{
"name": "generic-browser",
"user_agent_regex": "Mozilla",
"action": "CHALLENGE"
}
],
"dnsbl": false
}

90
invidious/invidious-all/config.yml.example Normal file
View file

@ -0,0 +1,90 @@
# Fill the required fields!
database_url: postgres://<db_user>:<db_password>@pgbouncer:5432/<db_name>
# Main domain from where
domain: "fill me"
# Sane defaults, leave them like this
channel_threads: 0
log_level: Info
colorize_logs: true
redis_url: tcp://valkey:6379
https_only: true
use_pubsub_feeds: false
popular_enabled: true
captcha_enabled: true
login_enabled: true
registration_enabled: true
statistics_enabled: true
external_port: 443
cache_annotations: true
hsts: true
enable_user_notifications: true
force_resolve: ipv4
pool_size: 100
use_innertube_for_captions: true
# DO NOT CHANGE THIS UNLESS YOU DID A FORK OF MY FORK
modified_source_code_url: https://git.nadeko.net/Fijxu/invidious
# It's recommended to disable downloads from Invidious to prevent abuse
disable_proxy:
- downloads
instance_maintainer_email: admin@example.com
footer_instance_donate_link: ""
footer_instance_section_custom_fields:
- ["Example1", "https://example.com"]
- ["Example2", "https://example.com"]
# inv.nadeko.net only options
pubsub_domain: https://inv.nadeko.net
# This option only works when Invidious is in use with
# inv_sig_helper.
max_dash_resolution: 1080
jobs:
refresh_channels:
enable: false
subscribe_to_feeds:
enable: false
default_user_preferences:
region: CL
dark_mode: dark
autoplay: true
quality: dash
save_player_pos: true
extend_desc: true
# Leave local like this due to a bug with VideoJS
#local: false
invidious_companion:
# private_url has to be the same as public_url if
# invidious companion is running on an external server
- private_url: "http://companion:8282"
public_url: "https://inv-companion.example.com"
i2p_public_url: "http://invcluifpcrybsji4imau42raygqc67ex3g65ff2md236gx37cgq.b32.i2p"
# Optional
note: "(CL)"
domain: ["inv1.nadeko.net", "inv1.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion", "nadekoohummkxncchcsylr3eku36ze4waq4kdrhcqupckc3pe5qq.b32.i2p"]
# Cookie used so the user can switch between different
# companions on if there is more than one invidious_companion
server_id_cookie_name: "COMPANION_IDD"
# Leave this like this
# Backend 0 is postgresql
# Backend 1 is redis
# Backend 2 is built-in LRU (Not recommeneded, just for development purposes)
video_cache:
enabled: true
backend: 1
# This forces videoplayback proxy for all videos preveting
# the ip and tokens used on companion being leaked on the frontend
force_local: true
# Interval on which the invidious companions are being checked.
# Used to display a status dot next to the selected backend
check_backends_interval: 30

77
invidious/invidious-all/docker-compose.yml
View file

@ -9,19 +9,12 @@ include:
x-common-invidious-env: &common-invidious-env
INVIDIOUS_CONFIG_FILE: "/etc/invidious/config.yml"
INVIDIOUS_REDIS_URL: "tcp://valkey:6379"
# TODO: Support I2P
INVIDIOUS_ALTERNATIVE_DOMAINS: '["inv.nadeko.net", "inv.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion"]'
INVIDIOUS_BACKEND_DOMAINS: '["inv1.nadeko.net", "inv2.nadeko.net", "inv3.nadeko.net", "inv4.nadeko.net", "inv5.nadeko.net", "inv1.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion", "inv2.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion", "inv3.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion", "inv4.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion", "inv5.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion"]'
# https://docs.docker.com/reference/compose-file/extension/
x-common-dep: &common-dep
depends_on: ["pgbouncer"]
x-common: &common-invidious
#hostname: invidious
env_file:
# Env file containing INVIDIOUS_* variables
- .env
- .env-invidious
image: "git.nadeko.net/fijxu/invidious:latest"
restart: always
mem_limit: 780MB
@ -29,13 +22,14 @@ x-common: &common-invidious
deploy:
replicas: 4
volumes:
# Volume is not needed anymore since I use pgbouncer now
# Thist postgresql mount is not needed anymore since I use pgbouncer now
# which is at the end of this docker compose file
# - /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432:rw
- ./config.yml:/etc/invidious/config.yml:ro
# Watchtower checks in intervals of 60 seconds for fast container updates.
# It needs to have a scope or Watchtower will spam docker servers asking
# for a new image update therefore rate limiting me
labels: [ "com.centurylinklabs.watchtower.scope=invidious" ]
labels: [ "com.centurylinklabs.watchtower.scope=trusted-fast" ]
x-common-haproxy: &common-haproxy
hostname: haproxy
@ -55,11 +49,18 @@ x-common-anubis: &common-anubis
image: git.nadeko.net/fijxu/anubis:latest
restart: always
env_file:
- .env
- .env-anubis
volumes:
- "./botPolicy.json:/data/cfg/botPolicy.json:ro"
labels:
- "com.centurylinklabs.watchtower.enable=true"
labels: [ "com.centurylinklabs.watchtower.scope=trusted-fast" ]
x-common-valkey: &common-valkey
image: valkey/valkey:7.2-alpine
hostname: valkey
restart: unless-stopped
volumes:
- ./valkey.conf:/usr/local/etc/valkey/valkey.conf
command: "valkey-server /usr/local/etc/valkey/valkey.conf"
services:
@ -68,17 +69,28 @@ services:
<<: *common-invidious
environment:
<<: *common-invidious-env
networks: ["invidious"]
depends_on: ["valkey"]
networks:
- invidious
depends_on:
- valkey
- pgbouncer
- haproxy
- anubis-inv
# YTPROXY to proxy images, just for Fijxu's debugging purposes!
# ytproxy:
# image: git.nadeko.net/fijxu/http3-ytproxy:latest
# ports:
# - "127.0.0.1:12403:8080/tcp"
# ANUBIS SECTION #
anubis-inv:
<<: *common-anubis
environment:
<<: *common-anubis-env
TARGET: "http://invidious:3000"
networks: ["invidious"]
networks:
- invidious
ports:
- 127.0.0.1:9051:9090
@ -86,16 +98,24 @@ services:
haproxy:
<<: *common-haproxy
ports:
# Port to expose invidious
- "127.0.0.1:11101:8001"
# Port to expose the prometheus metrics
- "127.0.0.1:11111:8404"
networks: ["invidious"]
networks:
- invidious
valkey:
<<: *common-valkey
networks:
- invidious
# Pgbouncer to keep connections to the database open
pgbouncer:
image: edoburu/pgbouncer
restart: unless-stopped
env_file:
- .env
- .env-pgbouncer
environment:
- POOL_MODE=transaction
# Everything is being done locally
@ -104,8 +124,25 @@ services:
mem_limit: "128m"
volumes:
- /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432:rw
networks: ["invidious"]
networks:
- invidious
networks:
invidious:
name: invidious
# ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⠤⠤⢤⣄⡤⠤⣤⣀⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
# ⠀⠀⠀⠀⠀⠀⠀⢀⣠⠤⠀⡴⠋⠀⠀⠀⠀⠀⠉⠒⢌⠉⠛⣽⡲⣄⡀⠀⠀⠀⠀⠀⠀
# ⠀⠀⠀⠀⠀⣠⠾⠉⠀⠀⠀⠀⣄⠀⠀⠀⠀⠀⢀⣀⠀⣥⡤⠜⠊⣈⢻⣆⠀⠀⠀⠀⠀
# ⠀⠀⠀⣠⠾⠁⠔⠨⠂⠀⢀⠘⡜⡦⣀⡴⡆⠛⠒⠙⡴⡀⠘⡆⠀⠀⠛⡙⢷⡀⠀⠀⠀
# ⠀⠀⡴⠃⠀⠀⠀⠀⢀⣠⡼⠟⡏⡏⠙⣇⢸⡄⠀⠀⢹⠏⠁⢹⡳⣤⠀⠘⡌⣷⠀⠀⠀
# ⠀⣸⠃⠀⡠⠖⢲⠀⠀⣸⠃⢰⡇⡇⠀⢸⣌⣇⢀⠀⣸⣷⣀⡼⢣⡇⠀⠀⢹⣹⠀⠀⠀
# ⠀⡏⠀⡜⠁⠀⠁⠀⡰⢃⣴⣷⢟⣿⡟⡲⠟⠻⠊⠙⠃⣼⣿⣻⣾⡇⠀⠀⢸⡿⠀⠀⠀
# ⠀⡇⠰⡇⠀⢀⡠⠞⡗⢩⡟⢸⡏⠀⢹⡇⠀⠀⠀⠀⠀⢸⣿⠉⢱⣿⠠⢤⣟⠁⠀⠀⠀
# ⠀⣧⠀⠉⠉⠉⠀⢸⠦⡸⡅⢸⣏⠒⣱⠇⠀⠀⠀⠀⠀⠀⢿⣅⡽⠙⢦⠀⢈⣳⡄⠀⠀
# ⠀⡟⠀⠀⠀⠀⠀⠘⠀⣘⡌⣀⡉⠉⠁⠀⠀⠀⠀⠈⠀⠀⠀⠀⠀⠁⠀⡸⠛⠜⡷⣠⠀
# ⢸⠃⠀⠀⠀⠀⣀⡫⣿⣮⡀⠀⠀⠀⠀⠀⢠⠤⠶⡦⡤⠀⠀⠀⠀⠀⢠⠇⡀⠸⣧⣤⡆
# ⡟⠀⠀⠀⠀⠀⠀⡄⢠⠉⢇⠀⡄⠀⠀⠀⠘⢦⣀⡸⠃⠀⠀⠀⢀⡠⠋⠈⠛⢷⡖⠋⠀
# ⡇⢀⠀⠀⠀⠀⠀⢇⠀⢕⣺⣿⣅⡀⠀⠀⠀⠀⠀⠀⢀⣠⠤⠒⠉⠀⢠⣄⡶⠋⠀⠀⠀
# ⠻⢾⣼⣦⣀⠀⡄⠈⠓⢦⣼⣿⣍⠉⠻⣄⠀⢈⠏⠉⣿⣦⡀⠀⢀⣠⠾⠀⠀⠀⠀⠀⠀
# ⠀⠀⠈⠀⠉⠙⠓⠛⣦⡼⠘⣿⣿⣷⣤⣀⣹⠞⢤⣼⣿⣿⠈⢶⡋⠁⠀⠀⠀⠀⠀⠀⠀

8
invidious/invidious-all/haproxy.cfg
View file

@ -10,7 +10,7 @@
# Why I removed `option http-keep-alive`: This is on by default
global
# This because haproxy is dumb and likes to use the maxconnection from the kernel and that is super mega huge making haproxy oom
# This because haproxy is dumb and likes to use the maxconnection (somaxconn) from the kernel and that is super mega huge making haproxy oom
maxconn 8192
resolvers docker
@ -44,15 +44,13 @@ frontend prometheus
frontend invidious
bind *:8001
# Use anubis only for /watch path
use_backend anubis-inv if { path /watch } || { path_beg /.within.website }
default_backend invidious
backend anubis-inv
server srv1 anubis-inv:4000 check resolvers docker init-addr libc,none
# server srv2 invidious:3000 check backup resolvers docker init-addr libc,none
# server srv2 invidious:3000 check backup resolvers docker init-addr libc,none
# server srv2 invidious:3000 check backup resolvers docker init-addr libc,none
# server srv2 invidious:3000 check backup resolvers docker init-addr libc,none
backend invidious
server-template srv 4 invidious:3000 check resolvers docker init-addr libc,none

7
invidious/invidious-all/valkey.conf Normal file
View file

@ -0,0 +1,7 @@
maxmemory 2048mb
maxmemory-policy volatile-lfu
# Disable AOF
appendonly no
# Disable RDB
save ""

76
synapse/docker-compose.yml
View file

@ -4,7 +4,7 @@
services:
synapse:
container_name: synapse
image: docker.io/matrixdotorg/synapse:latest
image: docker.io/matrixdotorg/synapse:1.127.1
restart: unless-stopped
environment:
- SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
@ -18,63 +18,6 @@ services:
- 127.0.0.1:10022:8008/tcp
- 127.0.0.1:9183:9183/tcp
# synapse-generic-worker:
# container_name: synapse-generic-worker
# image: docker.io/matrixdotorg/synapse:latest
# restart: unless-stopped
# command: "run -m synapse.app.generic_worker --config-path=/data/homeserver.yaml --config-path=/data/generic_worker.yaml"
# depends_on: ["synapse"]
# environment:
# - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
# - SYNAPSE_SERVER_NAME=nadeko.net
# - SYNAPSE_REPORT_STATS=no
# volumes:
# - ./synapse_data:/data:rw
# - ./synapse_data/homeserver.yaml:/data/homeserver.yaml:ro
# - ./generic_worker.yaml:/data/generic_worker.yaml:ro
# - /var/run/postgresql/:/run/postgresql:rw
# ports:
# - 127.0.0.1:10022:8008/tcp
# #- 127.0.0.1:9183:9183/tcp
# synapse-media-worker:
# container_name: synapse-media-worker
# image: docker.io/matrixdotorg/synapse:latest
# restart: unless-stopped
# command: "run -m synapse.app.media_repository --config-path=/data/homeserver.yaml --config-path=/data/media_worker.yaml"
# depends_on: ["synapse"]
# environment:
# - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
# - SYNAPSE_SERVER_NAME=nadeko.net
# - SYNAPSE_REPORT_STATS=no
# volumes:
# - ./synapse_data:/data:rw
# - ./synapse_data/homeserver.yaml:/data/homeserver.yaml:ro
# - ./media_worker.yaml:/data/media_worker.yaml:ro
# - /var/run/postgresql/:/run/postgresql:rw
# - ./valkey_socket:/tmp
# ports:
# - 127.0.0.1:10023:8009/tcp
# #- 127.0.0.1:9183:9183/tcp
redis:
image: redis:7-alpine
restart: unless-stopped
volumes:
- ./redis_data:/data
# matrix-auth-service:
# image: ghcr.io/element-hq/matrix-authentication-service:latest
# container_name: matrix-authentication-service
# restart: unless-stopped
# volumes:
# - /var/run/postgresql/:/run/postgresql:rw
# - ./matrix-auth-service/config.yaml:/config.yaml:rw
# ports:
# - 127.0.0.1:10026:8080
# depends_on:
# - synapse
mautrix-telegram:
image: dock.mau.dev/mautrix/telegram:latest
container_name: mautrix-telegram
@ -83,7 +26,8 @@ services:
- ./mautrix-telegram_data:/data:z
- /var/run/postgresql/:/run/postgresql:rw
depends_on:
- synapse
synapse:
condition: service_healthy
mautrix-whatsapp:
image: dock.mau.dev/mautrix/whatsapp:latest
@ -93,7 +37,8 @@ services:
- ./mautrix-whatsapp_data:/data:z
- /var/run/postgresql/:/run/postgresql:rw
depends_on:
- synapse
synapse:
condition: service_healthy
element:
image: vectorim/element-web:latest
@ -103,9 +48,10 @@ services:
ports:
- 127.0.0.1:10024:80/tcp
# synapse-admin:
# image: awesometechnologies/synapse-admin
# ports:
# - 127.0.0.1:10025:80
# restart: unless-stopped
synapse-admin:
image: ghcr.io/etkecc/synapse-admin:latest
ports:
- 127.0.0.1:10025:80
restart: unless-stopped

7
watchtower/docker-compose.yml
View file

@ -1,10 +1,11 @@
services:
watchtower-invidious:
# Watchtower used for my own OCI images at https://git.nadeko.net/Fijxu/-/packages
watchtower-trusted-fast:
image: containrrr/watchtower
container_name: watchtower-invidious
container_name: watchtower-trusted-fast
restart: unless-stopped
volumes: [ "/var/run/docker.sock:/var/run/docker.sock" ]
command: --interval 30 --scope invidious
command: --interval 30 --scope trusted-fast
watchtower-trusted:
image: containrrr/watchtower