From 0b420bbbbf2466662519071076f6b9faefc16cae Mon Sep 17 00:00:00 2001 From: root Date: Mon, 7 Apr 2025 16:52:14 -0400 Subject: [PATCH] invidious: better configuration with example and explanation watchtower: use trusted-fast label for trusted images (generally my own images) --- invidious/invidious-all/.env-abubis.example | 4 + .../invidious-all/.env-invidious.example | 4 + .../invidious-all/.env-pgbouncer.example | 10 + .../invidious-all/botPolicies.json.example | 398 ++++++++++++++++++ invidious/invidious-all/config.yml.example | 90 ++++ invidious/invidious-all/docker-compose.yml | 77 +++- invidious/invidious-all/haproxy.cfg | 8 +- invidious/invidious-all/valkey.conf | 7 + synapse/docker-compose.yml | 76 +--- watchtower/docker-compose.yml | 7 +- 10 files changed, 588 insertions(+), 93 deletions(-) create mode 100644 invidious/invidious-all/.env-abubis.example create mode 100644 invidious/invidious-all/.env-invidious.example create mode 100644 invidious/invidious-all/.env-pgbouncer.example create mode 100644 invidious/invidious-all/botPolicies.json.example create mode 100644 invidious/invidious-all/config.yml.example create mode 100644 invidious/invidious-all/valkey.conf diff --git a/invidious/invidious-all/.env-abubis.example b/invidious/invidious-all/.env-abubis.example new file mode 100644 index 0000000..64d7cd0 --- /dev/null +++ b/invidious/invidious-all/.env-abubis.example @@ -0,0 +1,4 @@ +# ANUBIS +# Generate it with `openssl rand -hex 32` +# https://github.com/TecharoHQ/anubis/blob/main/docs/docs/admin/installation.mdx +ED25519_PRIVATE_KEY_HEX="" diff --git a/invidious/invidious-all/.env-invidious.example b/invidious/invidious-all/.env-invidious.example new file mode 100644 index 0000000..15d070a --- /dev/null +++ b/invidious/invidious-all/.env-invidious.example @@ -0,0 +1,4 @@ +#INVIDIOUS_BANNER="" +# Fill those 2 environment variables +INVIDIOUS_INVIDIOUS_COMPANION_KEY="" +INVIDIOUS_HMAC_KEY="" diff --git a/invidious/invidious-all/.env-pgbouncer.example b/invidious/invidious-all/.env-pgbouncer.example new file mode 100644 index 0000000..147e106 --- /dev/null +++ b/invidious/invidious-all/.env-pgbouncer.example @@ -0,0 +1,10 @@ +# PG_BOUNCER +# Use `/var/run/postgresql/` if you are passing a local +# postgresql database running on the host machine +# Otherwise, you will need to figure it out how to +# configure this if you want to run a separate +# postgresql database only for invidious. +DB_HOST=/var/run/postgresql/ +DB_USER="" +DB_PASSWORD="" +DB_NAME="" diff --git a/invidious/invidious-all/botPolicies.json.example b/invidious/invidious-all/botPolicies.json.example new file mode 100644 index 0000000..d0e27a2 --- /dev/null +++ b/invidious/invidious-all/botPolicies.json.example @@ -0,0 +1,398 @@ +{ + "bots": [ + { + "name": "amazonbot", + "user_agent_regex": "Amazonbot", + "action": "DENY" + }, + { + "name": "googlebot", + "user_agent_regex": "\\+http\\://www\\.google\\.com/bot\\.html", + "action": "ALLOW", + "remote_addresses": [ + "2001:4860:4801:10::/64", + "2001:4860:4801:11::/64", + "2001:4860:4801:12::/64", + "2001:4860:4801:13::/64", + "2001:4860:4801:14::/64", + "2001:4860:4801:15::/64", + "2001:4860:4801:16::/64", + "2001:4860:4801:17::/64", + "2001:4860:4801:18::/64", + "2001:4860:4801:19::/64", + "2001:4860:4801:1a::/64", + "2001:4860:4801:1b::/64", + "2001:4860:4801:1c::/64", + "2001:4860:4801:1d::/64", + "2001:4860:4801:1e::/64", + "2001:4860:4801:1f::/64", + "2001:4860:4801:20::/64", + "2001:4860:4801:21::/64", + "2001:4860:4801:22::/64", + "2001:4860:4801:23::/64", + "2001:4860:4801:24::/64", + "2001:4860:4801:25::/64", + "2001:4860:4801:26::/64", + "2001:4860:4801:27::/64", + "2001:4860:4801:28::/64", + "2001:4860:4801:29::/64", + "2001:4860:4801:2::/64", + "2001:4860:4801:2a::/64", + "2001:4860:4801:2b::/64", + "2001:4860:4801:2c::/64", + "2001:4860:4801:2d::/64", + "2001:4860:4801:2e::/64", + "2001:4860:4801:2f::/64", + "2001:4860:4801:31::/64", + "2001:4860:4801:32::/64", + "2001:4860:4801:33::/64", + "2001:4860:4801:34::/64", + "2001:4860:4801:35::/64", + "2001:4860:4801:36::/64", + "2001:4860:4801:37::/64", + "2001:4860:4801:38::/64", + "2001:4860:4801:39::/64", + "2001:4860:4801:3a::/64", + "2001:4860:4801:3b::/64", + "2001:4860:4801:3c::/64", + "2001:4860:4801:3d::/64", + "2001:4860:4801:3e::/64", + "2001:4860:4801:40::/64", + "2001:4860:4801:41::/64", + "2001:4860:4801:42::/64", + "2001:4860:4801:43::/64", + "2001:4860:4801:44::/64", + "2001:4860:4801:45::/64", + "2001:4860:4801:46::/64", + "2001:4860:4801:47::/64", + "2001:4860:4801:48::/64", + "2001:4860:4801:49::/64", + "2001:4860:4801:4a::/64", + "2001:4860:4801:4b::/64", + "2001:4860:4801:4c::/64", + "2001:4860:4801:50::/64", + "2001:4860:4801:51::/64", + "2001:4860:4801:52::/64", + "2001:4860:4801:53::/64", + "2001:4860:4801:54::/64", + "2001:4860:4801:55::/64", + "2001:4860:4801:56::/64", + "2001:4860:4801:60::/64", + "2001:4860:4801:61::/64", + "2001:4860:4801:62::/64", + "2001:4860:4801:63::/64", + "2001:4860:4801:64::/64", + "2001:4860:4801:65::/64", + "2001:4860:4801:66::/64", + "2001:4860:4801:67::/64", + "2001:4860:4801:68::/64", + "2001:4860:4801:69::/64", + "2001:4860:4801:6a::/64", + "2001:4860:4801:6b::/64", + "2001:4860:4801:6c::/64", + "2001:4860:4801:6d::/64", + "2001:4860:4801:6e::/64", + "2001:4860:4801:6f::/64", + "2001:4860:4801:70::/64", + "2001:4860:4801:71::/64", + "2001:4860:4801:72::/64", + "2001:4860:4801:73::/64", + "2001:4860:4801:74::/64", + "2001:4860:4801:75::/64", + "2001:4860:4801:76::/64", + "2001:4860:4801:77::/64", + "2001:4860:4801:78::/64", + "2001:4860:4801:79::/64", + "2001:4860:4801:80::/64", + "2001:4860:4801:81::/64", + "2001:4860:4801:82::/64", + "2001:4860:4801:83::/64", + "2001:4860:4801:84::/64", + "2001:4860:4801:85::/64", + "2001:4860:4801:86::/64", + "2001:4860:4801:87::/64", + "2001:4860:4801:88::/64", + "2001:4860:4801:90::/64", + "2001:4860:4801:91::/64", + "2001:4860:4801:92::/64", + "2001:4860:4801:93::/64", + "2001:4860:4801:94::/64", + "2001:4860:4801:95::/64", + "2001:4860:4801:96::/64", + "2001:4860:4801:a0::/64", + "2001:4860:4801:a1::/64", + "2001:4860:4801:a2::/64", + "2001:4860:4801:a3::/64", + "2001:4860:4801:a4::/64", + "2001:4860:4801:a5::/64", + "2001:4860:4801:c::/64", + "2001:4860:4801:f::/64", + "192.178.5.0/27", + "192.178.6.0/27", + "192.178.6.128/27", + "192.178.6.160/27", + "192.178.6.192/27", + "192.178.6.32/27", + "192.178.6.64/27", + "192.178.6.96/27", + "34.100.182.96/28", + "34.101.50.144/28", + "34.118.254.0/28", + "34.118.66.0/28", + "34.126.178.96/28", + "34.146.150.144/28", + "34.147.110.144/28", + "34.151.74.144/28", + "34.152.50.64/28", + "34.154.114.144/28", + "34.155.98.32/28", + "34.165.18.176/28", + "34.175.160.64/28", + "34.176.130.16/28", + "34.22.85.0/27", + "34.64.82.64/28", + "34.65.242.112/28", + "34.80.50.80/28", + "34.88.194.0/28", + "34.89.10.80/28", + "34.89.198.80/28", + "34.96.162.48/28", + "35.247.243.240/28", + "66.249.64.0/27", + "66.249.64.128/27", + "66.249.64.160/27", + "66.249.64.224/27", + "66.249.64.32/27", + "66.249.64.64/27", + "66.249.64.96/27", + "66.249.65.0/27", + "66.249.65.128/27", + "66.249.65.160/27", + "66.249.65.192/27", + "66.249.65.224/27", + "66.249.65.32/27", + "66.249.65.64/27", + "66.249.65.96/27", + "66.249.66.0/27", + "66.249.66.128/27", + "66.249.66.160/27", + "66.249.66.192/27", + "66.249.66.224/27", + "66.249.66.32/27", + "66.249.66.64/27", + "66.249.66.96/27", + "66.249.68.0/27", + "66.249.68.128/27", + "66.249.68.32/27", + "66.249.68.64/27", + "66.249.68.96/27", + "66.249.69.0/27", + "66.249.69.128/27", + "66.249.69.160/27", + "66.249.69.192/27", + "66.249.69.224/27", + "66.249.69.32/27", + "66.249.69.64/27", + "66.249.69.96/27", + "66.249.70.0/27", + "66.249.70.128/27", + "66.249.70.160/27", + "66.249.70.192/27", + "66.249.70.224/27", + "66.249.70.32/27", + "66.249.70.64/27", + "66.249.70.96/27", + "66.249.71.0/27", + "66.249.71.128/27", + "66.249.71.160/27", + "66.249.71.192/27", + "66.249.71.224/27", + "66.249.71.32/27", + "66.249.71.64/27", + "66.249.71.96/27", + "66.249.72.0/27", + "66.249.72.128/27", + "66.249.72.160/27", + "66.249.72.192/27", + "66.249.72.224/27", + "66.249.72.32/27", + "66.249.72.64/27", + "66.249.72.96/27", + "66.249.73.0/27", + "66.249.73.128/27", + "66.249.73.160/27", + "66.249.73.192/27", + "66.249.73.224/27", + "66.249.73.32/27", + "66.249.73.64/27", + "66.249.73.96/27", + "66.249.74.0/27", + "66.249.74.128/27", + "66.249.74.160/27", + "66.249.74.192/27", + "66.249.74.32/27", + "66.249.74.64/27", + "66.249.74.96/27", + "66.249.75.0/27", + "66.249.75.128/27", + "66.249.75.160/27", + "66.249.75.192/27", + "66.249.75.224/27", + "66.249.75.32/27", + "66.249.75.64/27", + "66.249.75.96/27", + "66.249.76.0/27", + "66.249.76.128/27", + "66.249.76.160/27", + "66.249.76.192/27", + "66.249.76.224/27", + "66.249.76.32/27", + "66.249.76.64/27", + "66.249.76.96/27", + "66.249.77.0/27", + "66.249.77.128/27", + "66.249.77.160/27", + "66.249.77.192/27", + "66.249.77.224/27", + "66.249.77.32/27", + "66.249.77.64/27", + "66.249.77.96/27", + "66.249.78.0/27", + "66.249.78.32/27", + "66.249.79.0/27", + "66.249.79.128/27", + "66.249.79.160/27", + "66.249.79.192/27", + "66.249.79.224/27", + "66.249.79.32/27", + "66.249.79.64/27", + "66.249.79.96/27" + ] + }, + { + "name": "bingbot", + "user_agent_regex": "\\+http\\://www\\.bing\\.com/bingbot\\.htm", + "action": "ALLOW", + "remote_addresses": [ + "157.55.39.0/24", + "207.46.13.0/24", + "40.77.167.0/24", + "13.66.139.0/24", + "13.66.144.0/24", + "52.167.144.0/24", + "13.67.10.16/28", + "13.69.66.240/28", + "13.71.172.224/28", + "139.217.52.0/28", + "191.233.204.224/28", + "20.36.108.32/28", + "20.43.120.16/28", + "40.79.131.208/28", + "40.79.186.176/28", + "52.231.148.0/28", + "20.79.107.240/28", + "51.105.67.0/28", + "20.125.163.80/28", + "40.77.188.0/22", + "65.55.210.0/24", + "199.30.24.0/23", + "40.77.202.0/24", + "40.77.139.0/25", + "20.74.197.0/28", + "20.15.133.160/27", + "40.77.177.0/24", + "40.77.178.0/23" + ] + }, + { + "name": "qwantbot", + "user_agent_regex": "\\+https\\://help\\.qwant\\.com/bot/", + "action": "ALLOW", + "remote_addresses": [ + "91.242.162.0/24" + ] + }, + { + "name": "kagibot", + "user_agent_regex": "\\+https\\://kagi\\.com/bot", + "action": "ALLOW", + "remote_addresses": [ + "216.18.205.234/32", + "35.212.27.76/32", + "104.254.65.50/32", + "209.151.156.194/32" + ] + }, + { + "name": "marginalia", + "user_agent_regex": "search\\.marginalia\\.nu", + "action": "ALLOW", + "remote_addresses": [ + "193.183.0.162/31", + "193.183.0.164/30", + "193.183.0.168/30", + "193.183.0.172/31", + "193.183.0.174/32" + ] + }, + { + "name": "mojeekbot", + "user_agent_regex": "http\\://www\\.mojeek\\.com/bot\\.html", + "action": "ALLOW", + "remote_addresses": [ + "5.102.173.71/32" + ] + }, + { + "name": "us-artificial-intelligence-scraper", + "user_agent_regex": "\\+https\\://github\\.com/US-Artificial-Intelligence/scraper", + "action": "DENY" + }, + { + "name": "well-known", + "path_regex": "^/.well-known/.*$", + "action": "ALLOW" + }, + { + "name": "favicon", + "path_regex": "^/favicon.ico$", + "action": "ALLOW" + }, + { + "name": "robots-txt", + "path_regex": "^/robots.txt$", + "action": "ALLOW" + }, + { + "name": "lightpanda", + "user_agent_regex": "^Lightpanda/.*$", + "action": "DENY" + }, + { + "name": "headless-chrome", + "user_agent_regex": "HeadlessChrome", + "action": "DENY" + }, + { + "name": "headless-chromium", + "user_agent_regex": "HeadlessChromium", + "action": "DENY" + }, + { + "name": "generic-bot-catchall", + "user_agent_regex": "(?i:bot|crawler)", + "action": "CHALLENGE", + "challenge": { + "difficulty": 16, + "report_as": 4, + "algorithm": "slow" + } + }, + { + "name": "generic-browser", + "user_agent_regex": "Mozilla", + "action": "CHALLENGE" + } + ], + "dnsbl": false +} \ No newline at end of file diff --git a/invidious/invidious-all/config.yml.example b/invidious/invidious-all/config.yml.example new file mode 100644 index 0000000..5e156bb --- /dev/null +++ b/invidious/invidious-all/config.yml.example @@ -0,0 +1,90 @@ +# Fill the required fields! +database_url: postgres://:@pgbouncer:5432/ +# Main domain from where +domain: "fill me" + +# Sane defaults, leave them like this +channel_threads: 0 +log_level: Info +colorize_logs: true +redis_url: tcp://valkey:6379 +https_only: true +use_pubsub_feeds: false +popular_enabled: true +captcha_enabled: true +login_enabled: true +registration_enabled: true +statistics_enabled: true +external_port: 443 +cache_annotations: true +hsts: true +enable_user_notifications: true +force_resolve: ipv4 +pool_size: 100 +use_innertube_for_captions: true + +# DO NOT CHANGE THIS UNLESS YOU DID A FORK OF MY FORK +modified_source_code_url: https://git.nadeko.net/Fijxu/invidious + +# It's recommended to disable downloads from Invidious to prevent abuse +disable_proxy: + - downloads + +instance_maintainer_email: admin@example.com +footer_instance_donate_link: "" +footer_instance_section_custom_fields: + - ["Example1", "https://example.com"] + - ["Example2", "https://example.com"] + +# inv.nadeko.net only options +pubsub_domain: https://inv.nadeko.net + +# This option only works when Invidious is in use with +# inv_sig_helper. +max_dash_resolution: 1080 + +jobs: + refresh_channels: + enable: false + subscribe_to_feeds: + enable: false + +default_user_preferences: + region: CL + dark_mode: dark + autoplay: true + quality: dash + save_player_pos: true + extend_desc: true + # Leave local like this due to a bug with VideoJS + #local: false + +invidious_companion: + # private_url has to be the same as public_url if + # invidious companion is running on an external server + - private_url: "http://companion:8282" + public_url: "https://inv-companion.example.com" + i2p_public_url: "http://invcluifpcrybsji4imau42raygqc67ex3g65ff2md236gx37cgq.b32.i2p" + # Optional + note: "(CL)" + domain: ["inv1.nadeko.net", "inv1.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion", "nadekoohummkxncchcsylr3eku36ze4waq4kdrhcqupckc3pe5qq.b32.i2p"] + +# Cookie used so the user can switch between different +# companions on if there is more than one invidious_companion +server_id_cookie_name: "COMPANION_IDD" + +# Leave this like this +# Backend 0 is postgresql +# Backend 1 is redis +# Backend 2 is built-in LRU (Not recommeneded, just for development purposes) +video_cache: + enabled: true + backend: 1 + +# This forces videoplayback proxy for all videos preveting +# the ip and tokens used on companion being leaked on the frontend +force_local: true + +# Interval on which the invidious companions are being checked. +# Used to display a status dot next to the selected backend +check_backends_interval: 30 diff --git a/invidious/invidious-all/docker-compose.yml b/invidious/invidious-all/docker-compose.yml index 849ec2e..b2b0ef6 100644 --- a/invidious/invidious-all/docker-compose.yml +++ b/invidious/invidious-all/docker-compose.yml @@ -9,19 +9,12 @@ include: x-common-invidious-env: &common-invidious-env INVIDIOUS_CONFIG_FILE: "/etc/invidious/config.yml" INVIDIOUS_REDIS_URL: "tcp://valkey:6379" - # TODO: Support I2P - INVIDIOUS_ALTERNATIVE_DOMAINS: '["inv.nadeko.net", "inv.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion"]' - INVIDIOUS_BACKEND_DOMAINS: '["inv1.nadeko.net", "inv2.nadeko.net", "inv3.nadeko.net", "inv4.nadeko.net", "inv5.nadeko.net", "inv1.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion", "inv2.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion", "inv3.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion", "inv4.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion", "inv5.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion"]' - -# https://docs.docker.com/reference/compose-file/extension/ -x-common-dep: &common-dep - depends_on: ["pgbouncer"] x-common: &common-invidious #hostname: invidious env_file: # Env file containing INVIDIOUS_* variables - - .env + - .env-invidious image: "git.nadeko.net/fijxu/invidious:latest" restart: always mem_limit: 780MB @@ -29,13 +22,14 @@ x-common: &common-invidious deploy: replicas: 4 volumes: - # Volume is not needed anymore since I use pgbouncer now + # Thist postgresql mount is not needed anymore since I use pgbouncer now + # which is at the end of this docker compose file # - /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432:rw - ./config.yml:/etc/invidious/config.yml:ro # Watchtower checks in intervals of 60 seconds for fast container updates. # It needs to have a scope or Watchtower will spam docker servers asking # for a new image update therefore rate limiting me - labels: [ "com.centurylinklabs.watchtower.scope=invidious" ] + labels: [ "com.centurylinklabs.watchtower.scope=trusted-fast" ] x-common-haproxy: &common-haproxy hostname: haproxy @@ -55,11 +49,18 @@ x-common-anubis: &common-anubis image: git.nadeko.net/fijxu/anubis:latest restart: always env_file: - - .env + - .env-anubis volumes: - "./botPolicy.json:/data/cfg/botPolicy.json:ro" - labels: - - "com.centurylinklabs.watchtower.enable=true" + labels: [ "com.centurylinklabs.watchtower.scope=trusted-fast" ] + +x-common-valkey: &common-valkey + image: valkey/valkey:7.2-alpine + hostname: valkey + restart: unless-stopped + volumes: + - ./valkey.conf:/usr/local/etc/valkey/valkey.conf + command: "valkey-server /usr/local/etc/valkey/valkey.conf" services: @@ -68,17 +69,28 @@ services: <<: *common-invidious environment: <<: *common-invidious-env - networks: ["invidious"] - depends_on: ["valkey"] + networks: + - invidious + depends_on: + - valkey + - pgbouncer + - haproxy + - anubis-inv + + # YTPROXY to proxy images, just for Fijxu's debugging purposes! + # ytproxy: + # image: git.nadeko.net/fijxu/http3-ytproxy:latest + # ports: + # - "127.0.0.1:12403:8080/tcp" # ANUBIS SECTION # - anubis-inv: <<: *common-anubis environment: <<: *common-anubis-env TARGET: "http://invidious:3000" - networks: ["invidious"] + networks: + - invidious ports: - 127.0.0.1:9051:9090 @@ -86,16 +98,24 @@ services: haproxy: <<: *common-haproxy ports: + # Port to expose invidious - "127.0.0.1:11101:8001" + # Port to expose the prometheus metrics - "127.0.0.1:11111:8404" - networks: ["invidious"] + networks: + - invidious + + valkey: + <<: *common-valkey + networks: + - invidious # Pgbouncer to keep connections to the database open pgbouncer: image: edoburu/pgbouncer restart: unless-stopped env_file: - - .env + - .env-pgbouncer environment: - POOL_MODE=transaction # Everything is being done locally @@ -104,8 +124,25 @@ services: mem_limit: "128m" volumes: - /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432:rw - networks: ["invidious"] + networks: + - invidious networks: invidious: name: invidious + +# ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⠤⠤⢤⣄⡤⠤⣤⣀⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀ +# ⠀⠀⠀⠀⠀⠀⠀⢀⣠⠤⠀⡴⠋⠀⠀⠀⠀⠀⠉⠒⢌⠉⠛⣽⡲⣄⡀⠀⠀⠀⠀⠀⠀ +# ⠀⠀⠀⠀⠀⣠⠾⠉⠀⠀⠀⠀⣄⠀⠀⠀⠀⠀⢀⣀⠀⣥⡤⠜⠊⣈⢻⣆⠀⠀⠀⠀⠀ +# ⠀⠀⠀⣠⠾⠁⠔⠨⠂⠀⢀⠘⡜⡦⣀⡴⡆⠛⠒⠙⡴⡀⠘⡆⠀⠀⠛⡙⢷⡀⠀⠀⠀ +# ⠀⠀⡴⠃⠀⠀⠀⠀⢀⣠⡼⠟⡏⡏⠙⣇⢸⡄⠀⠀⢹⠏⠁⢹⡳⣤⠀⠘⡌⣷⠀⠀⠀ +# ⠀⣸⠃⠀⡠⠖⢲⠀⠀⣸⠃⢰⡇⡇⠀⢸⣌⣇⢀⠀⣸⣷⣀⡼⢣⡇⠀⠀⢹⣹⠀⠀⠀ +# ⠀⡏⠀⡜⠁⠀⠁⠀⡰⢃⣴⣷⢟⣿⡟⡲⠟⠻⠊⠙⠃⣼⣿⣻⣾⡇⠀⠀⢸⡿⠀⠀⠀ +# ⠀⡇⠰⡇⠀⢀⡠⠞⡗⢩⡟⢸⡏⠀⢹⡇⠀⠀⠀⠀⠀⢸⣿⠉⢱⣿⠠⢤⣟⠁⠀⠀⠀ +# ⠀⣧⠀⠉⠉⠉⠀⢸⠦⡸⡅⢸⣏⠒⣱⠇⠀⠀⠀⠀⠀⠀⢿⣅⡽⠙⢦⠀⢈⣳⡄⠀⠀ +# ⠀⡟⠀⠀⠀⠀⠀⠘⠀⣘⡌⣀⡉⠉⠁⠀⠀⠀⠀⠈⠀⠀⠀⠀⠀⠁⠀⡸⠛⠜⡷⣠⠀ +# ⢸⠃⠀⠀⠀⠀⣀⡫⣿⣮⡀⠀⠀⠀⠀⠀⢠⠤⠶⡦⡤⠀⠀⠀⠀⠀⢠⠇⡀⠸⣧⣤⡆ +# ⡟⠀⠀⠀⠀⠀⠀⡄⢠⠉⢇⠀⡄⠀⠀⠀⠘⢦⣀⡸⠃⠀⠀⠀⢀⡠⠋⠈⠛⢷⡖⠋⠀ +# ⡇⢀⠀⠀⠀⠀⠀⢇⠀⢕⣺⣿⣅⡀⠀⠀⠀⠀⠀⠀⢀⣠⠤⠒⠉⠀⢠⣄⡶⠋⠀⠀⠀ +# ⠻⢾⣼⣦⣀⠀⡄⠈⠓⢦⣼⣿⣍⠉⠻⣄⠀⢈⠏⠉⣿⣦⡀⠀⢀⣠⠾⠀⠀⠀⠀⠀⠀ +# ⠀⠀⠈⠀⠉⠙⠓⠛⣦⡼⠘⣿⣿⣷⣤⣀⣹⠞⢤⣼⣿⣿⠈⢶⡋⠁⠀⠀⠀⠀⠀⠀⠀ diff --git a/invidious/invidious-all/haproxy.cfg b/invidious/invidious-all/haproxy.cfg index b7ed05c..267f2a1 100644 --- a/invidious/invidious-all/haproxy.cfg +++ b/invidious/invidious-all/haproxy.cfg @@ -10,7 +10,7 @@ # Why I removed `option http-keep-alive`: This is on by default global - # This because haproxy is dumb and likes to use the maxconnection from the kernel and that is super mega huge making haproxy oom + # This because haproxy is dumb and likes to use the maxconnection (somaxconn) from the kernel and that is super mega huge making haproxy oom maxconn 8192 resolvers docker @@ -44,15 +44,13 @@ frontend prometheus frontend invidious bind *:8001 + + # Use anubis only for /watch path use_backend anubis-inv if { path /watch } || { path_beg /.within.website } default_backend invidious backend anubis-inv server srv1 anubis-inv:4000 check resolvers docker init-addr libc,none - # server srv2 invidious:3000 check backup resolvers docker init-addr libc,none - # server srv2 invidious:3000 check backup resolvers docker init-addr libc,none - # server srv2 invidious:3000 check backup resolvers docker init-addr libc,none - # server srv2 invidious:3000 check backup resolvers docker init-addr libc,none backend invidious server-template srv 4 invidious:3000 check resolvers docker init-addr libc,none diff --git a/invidious/invidious-all/valkey.conf b/invidious/invidious-all/valkey.conf new file mode 100644 index 0000000..e10f096 --- /dev/null +++ b/invidious/invidious-all/valkey.conf @@ -0,0 +1,7 @@ +maxmemory 2048mb +maxmemory-policy volatile-lfu + +# Disable AOF +appendonly no +# Disable RDB +save "" diff --git a/synapse/docker-compose.yml b/synapse/docker-compose.yml index 626794f..aa9e482 100644 --- a/synapse/docker-compose.yml +++ b/synapse/docker-compose.yml @@ -4,7 +4,7 @@ services: synapse: container_name: synapse - image: docker.io/matrixdotorg/synapse:latest + image: docker.io/matrixdotorg/synapse:1.127.1 restart: unless-stopped environment: - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml @@ -18,63 +18,6 @@ services: - 127.0.0.1:10022:8008/tcp - 127.0.0.1:9183:9183/tcp - # synapse-generic-worker: - # container_name: synapse-generic-worker - # image: docker.io/matrixdotorg/synapse:latest - # restart: unless-stopped - # command: "run -m synapse.app.generic_worker --config-path=/data/homeserver.yaml --config-path=/data/generic_worker.yaml" - # depends_on: ["synapse"] - # environment: - # - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml - # - SYNAPSE_SERVER_NAME=nadeko.net - # - SYNAPSE_REPORT_STATS=no - # volumes: - # - ./synapse_data:/data:rw - # - ./synapse_data/homeserver.yaml:/data/homeserver.yaml:ro - # - ./generic_worker.yaml:/data/generic_worker.yaml:ro - # - /var/run/postgresql/:/run/postgresql:rw - # ports: - # - 127.0.0.1:10022:8008/tcp - # #- 127.0.0.1:9183:9183/tcp - - # synapse-media-worker: - # container_name: synapse-media-worker - # image: docker.io/matrixdotorg/synapse:latest - # restart: unless-stopped - # command: "run -m synapse.app.media_repository --config-path=/data/homeserver.yaml --config-path=/data/media_worker.yaml" - # depends_on: ["synapse"] - # environment: - # - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml - # - SYNAPSE_SERVER_NAME=nadeko.net - # - SYNAPSE_REPORT_STATS=no - # volumes: - # - ./synapse_data:/data:rw - # - ./synapse_data/homeserver.yaml:/data/homeserver.yaml:ro - # - ./media_worker.yaml:/data/media_worker.yaml:ro - # - /var/run/postgresql/:/run/postgresql:rw - # - ./valkey_socket:/tmp - # ports: - # - 127.0.0.1:10023:8009/tcp - # #- 127.0.0.1:9183:9183/tcp - - redis: - image: redis:7-alpine - restart: unless-stopped - volumes: - - ./redis_data:/data - - # matrix-auth-service: - # image: ghcr.io/element-hq/matrix-authentication-service:latest - # container_name: matrix-authentication-service - # restart: unless-stopped - # volumes: - # - /var/run/postgresql/:/run/postgresql:rw - # - ./matrix-auth-service/config.yaml:/config.yaml:rw - # ports: - # - 127.0.0.1:10026:8080 - # depends_on: - # - synapse - mautrix-telegram: image: dock.mau.dev/mautrix/telegram:latest container_name: mautrix-telegram @@ -83,7 +26,8 @@ services: - ./mautrix-telegram_data:/data:z - /var/run/postgresql/:/run/postgresql:rw depends_on: - - synapse + synapse: + condition: service_healthy mautrix-whatsapp: image: dock.mau.dev/mautrix/whatsapp:latest @@ -93,7 +37,8 @@ services: - ./mautrix-whatsapp_data:/data:z - /var/run/postgresql/:/run/postgresql:rw depends_on: - - synapse + synapse: + condition: service_healthy element: image: vectorim/element-web:latest @@ -103,9 +48,10 @@ services: ports: - 127.0.0.1:10024:80/tcp - # synapse-admin: - # image: awesometechnologies/synapse-admin - # ports: - # - 127.0.0.1:10025:80 - # restart: unless-stopped + synapse-admin: + image: ghcr.io/etkecc/synapse-admin:latest + ports: + - 127.0.0.1:10025:80 + restart: unless-stopped + diff --git a/watchtower/docker-compose.yml b/watchtower/docker-compose.yml index e03f1e0..82a8a3a 100644 --- a/watchtower/docker-compose.yml +++ b/watchtower/docker-compose.yml @@ -1,10 +1,11 @@ services: - watchtower-invidious: + # Watchtower used for my own OCI images at https://git.nadeko.net/Fijxu/-/packages + watchtower-trusted-fast: image: containrrr/watchtower - container_name: watchtower-invidious + container_name: watchtower-trusted-fast restart: unless-stopped volumes: [ "/var/run/docker.sock:/var/run/docker.sock" ] - command: --interval 30 --scope invidious + command: --interval 30 --scope trusted-fast watchtower-trusted: image: containrrr/watchtower