invidious: better configuration with example and explanation

watchtower: use trusted-fast label for trusted images (generally my own images)

invidious/invidious-all/.env-abubis.example

@@ -0,0 +1,4 @@
+# ANUBIS
+# Generate it with `openssl rand -hex 32`
+# https://github.com/TecharoHQ/anubis/blob/main/docs/docs/admin/installation.mdx
+ED25519_PRIVATE_KEY_HEX=""

invidious/invidious-all/.env-invidious.example

@@ -0,0 +1,4 @@
+#INVIDIOUS_BANNER=""
+# Fill those 2 environment variables
+INVIDIOUS_INVIDIOUS_COMPANION_KEY=""
+INVIDIOUS_HMAC_KEY=""

invidious/invidious-all/.env-pgbouncer.example

@@ -0,0 +1,10 @@
+# PG_BOUNCER
+# Use `/var/run/postgresql/` if you are passing a local
+# postgresql database running on the host machine
+# Otherwise, you will need to figure it out how to
+# configure this if you want to run a separate
+# postgresql database only for invidious.
+DB_HOST=/var/run/postgresql/
+DB_USER=""
+DB_PASSWORD=""
+DB_NAME=""

invidious/invidious-all/botPolicies.json.example

@@ -0,0 +1,398 @@
+{
+  "bots": [
+    {
+      "name": "amazonbot",
+      "user_agent_regex": "Amazonbot",
+      "action": "DENY"
+    },
+    {
+      "name": "googlebot",
+      "user_agent_regex": "\\+http\\://www\\.google\\.com/bot\\.html",
+      "action": "ALLOW",
+      "remote_addresses": [
+        "2001:4860:4801:10::/64",
+        "2001:4860:4801:11::/64",
+        "2001:4860:4801:12::/64",
+        "2001:4860:4801:13::/64",
+        "2001:4860:4801:14::/64",
+        "2001:4860:4801:15::/64",
+        "2001:4860:4801:16::/64",
+        "2001:4860:4801:17::/64",
+        "2001:4860:4801:18::/64",
+        "2001:4860:4801:19::/64",
+        "2001:4860:4801:1a::/64",
+        "2001:4860:4801:1b::/64",
+        "2001:4860:4801:1c::/64",
+        "2001:4860:4801:1d::/64",
+        "2001:4860:4801:1e::/64",
+        "2001:4860:4801:1f::/64",
+        "2001:4860:4801:20::/64",
+        "2001:4860:4801:21::/64",
+        "2001:4860:4801:22::/64",
+        "2001:4860:4801:23::/64",
+        "2001:4860:4801:24::/64",
+        "2001:4860:4801:25::/64",
+        "2001:4860:4801:26::/64",
+        "2001:4860:4801:27::/64",
+        "2001:4860:4801:28::/64",
+        "2001:4860:4801:29::/64",
+        "2001:4860:4801:2::/64",
+        "2001:4860:4801:2a::/64",
+        "2001:4860:4801:2b::/64",
+        "2001:4860:4801:2c::/64",
+        "2001:4860:4801:2d::/64",
+        "2001:4860:4801:2e::/64",
+        "2001:4860:4801:2f::/64",
+        "2001:4860:4801:31::/64",
+        "2001:4860:4801:32::/64",
+        "2001:4860:4801:33::/64",
+        "2001:4860:4801:34::/64",
+        "2001:4860:4801:35::/64",
+        "2001:4860:4801:36::/64",
+        "2001:4860:4801:37::/64",
+        "2001:4860:4801:38::/64",
+        "2001:4860:4801:39::/64",
+        "2001:4860:4801:3a::/64",
+        "2001:4860:4801:3b::/64",
+        "2001:4860:4801:3c::/64",
+        "2001:4860:4801:3d::/64",
+        "2001:4860:4801:3e::/64",
+        "2001:4860:4801:40::/64",
+        "2001:4860:4801:41::/64",
+        "2001:4860:4801:42::/64",
+        "2001:4860:4801:43::/64",
+        "2001:4860:4801:44::/64",
+        "2001:4860:4801:45::/64",
+        "2001:4860:4801:46::/64",
+        "2001:4860:4801:47::/64",
+        "2001:4860:4801:48::/64",
+        "2001:4860:4801:49::/64",
+        "2001:4860:4801:4a::/64",
+        "2001:4860:4801:4b::/64",
+        "2001:4860:4801:4c::/64",
+        "2001:4860:4801:50::/64",
+        "2001:4860:4801:51::/64",
+        "2001:4860:4801:52::/64",
+        "2001:4860:4801:53::/64",
+        "2001:4860:4801:54::/64",
+        "2001:4860:4801:55::/64",
+        "2001:4860:4801:56::/64",
+        "2001:4860:4801:60::/64",
+        "2001:4860:4801:61::/64",
+        "2001:4860:4801:62::/64",
+        "2001:4860:4801:63::/64",
+        "2001:4860:4801:64::/64",
+        "2001:4860:4801:65::/64",
+        "2001:4860:4801:66::/64",
+        "2001:4860:4801:67::/64",
+        "2001:4860:4801:68::/64",
+        "2001:4860:4801:69::/64",
+        "2001:4860:4801:6a::/64",
+        "2001:4860:4801:6b::/64",
+        "2001:4860:4801:6c::/64",
+        "2001:4860:4801:6d::/64",
+        "2001:4860:4801:6e::/64",
+        "2001:4860:4801:6f::/64",
+        "2001:4860:4801:70::/64",
+        "2001:4860:4801:71::/64",
+        "2001:4860:4801:72::/64",
+        "2001:4860:4801:73::/64",
+        "2001:4860:4801:74::/64",
+        "2001:4860:4801:75::/64",
+        "2001:4860:4801:76::/64",
+        "2001:4860:4801:77::/64",
+        "2001:4860:4801:78::/64",
+        "2001:4860:4801:79::/64",
+        "2001:4860:4801:80::/64",
+        "2001:4860:4801:81::/64",
+        "2001:4860:4801:82::/64",
+        "2001:4860:4801:83::/64",
+        "2001:4860:4801:84::/64",
+        "2001:4860:4801:85::/64",
+        "2001:4860:4801:86::/64",
+        "2001:4860:4801:87::/64",
+        "2001:4860:4801:88::/64",
+        "2001:4860:4801:90::/64",
+        "2001:4860:4801:91::/64",
+        "2001:4860:4801:92::/64",
+        "2001:4860:4801:93::/64",
+        "2001:4860:4801:94::/64",
+        "2001:4860:4801:95::/64",
+        "2001:4860:4801:96::/64",
+        "2001:4860:4801:a0::/64",
+        "2001:4860:4801:a1::/64",
+        "2001:4860:4801:a2::/64",
+        "2001:4860:4801:a3::/64",
+        "2001:4860:4801:a4::/64",
+        "2001:4860:4801:a5::/64",
+        "2001:4860:4801:c::/64",
+        "2001:4860:4801:f::/64",
+        "192.178.5.0/27",
+        "192.178.6.0/27",
+        "192.178.6.128/27",
+        "192.178.6.160/27",
+        "192.178.6.192/27",
+        "192.178.6.32/27",
+        "192.178.6.64/27",
+        "192.178.6.96/27",
+        "34.100.182.96/28",
+        "34.101.50.144/28",
+        "34.118.254.0/28",
+        "34.118.66.0/28",
+        "34.126.178.96/28",
+        "34.146.150.144/28",
+        "34.147.110.144/28",
+        "34.151.74.144/28",
+        "34.152.50.64/28",
+        "34.154.114.144/28",
+        "34.155.98.32/28",
+        "34.165.18.176/28",
+        "34.175.160.64/28",
+        "34.176.130.16/28",
+        "34.22.85.0/27",
+        "34.64.82.64/28",
+        "34.65.242.112/28",
+        "34.80.50.80/28",
+        "34.88.194.0/28",
+        "34.89.10.80/28",
+        "34.89.198.80/28",
+        "34.96.162.48/28",
+        "35.247.243.240/28",
+        "66.249.64.0/27",
+        "66.249.64.128/27",
+        "66.249.64.160/27",
+        "66.249.64.224/27",
+        "66.249.64.32/27",
+        "66.249.64.64/27",
+        "66.249.64.96/27",
+        "66.249.65.0/27",
+        "66.249.65.128/27",
+        "66.249.65.160/27",
+        "66.249.65.192/27",
+        "66.249.65.224/27",
+        "66.249.65.32/27",
+        "66.249.65.64/27",
+        "66.249.65.96/27",
+        "66.249.66.0/27",
+        "66.249.66.128/27",
+        "66.249.66.160/27",
+        "66.249.66.192/27",
+        "66.249.66.224/27",
+        "66.249.66.32/27",
+        "66.249.66.64/27",
+        "66.249.66.96/27",
+        "66.249.68.0/27",
+        "66.249.68.128/27",
+        "66.249.68.32/27",
+        "66.249.68.64/27",
+        "66.249.68.96/27",
+        "66.249.69.0/27",
+        "66.249.69.128/27",
+        "66.249.69.160/27",
+        "66.249.69.192/27",
+        "66.249.69.224/27",
+        "66.249.69.32/27",
+        "66.249.69.64/27",
+        "66.249.69.96/27",
+        "66.249.70.0/27",
+        "66.249.70.128/27",
+        "66.249.70.160/27",
+        "66.249.70.192/27",
+        "66.249.70.224/27",
+        "66.249.70.32/27",
+        "66.249.70.64/27",
+        "66.249.70.96/27",
+        "66.249.71.0/27",
+        "66.249.71.128/27",
+        "66.249.71.160/27",
+        "66.249.71.192/27",
+        "66.249.71.224/27",
+        "66.249.71.32/27",
+        "66.249.71.64/27",
+        "66.249.71.96/27",
+        "66.249.72.0/27",
+        "66.249.72.128/27",
+        "66.249.72.160/27",
+        "66.249.72.192/27",
+        "66.249.72.224/27",
+        "66.249.72.32/27",
+        "66.249.72.64/27",
+        "66.249.72.96/27",
+        "66.249.73.0/27",
+        "66.249.73.128/27",
+        "66.249.73.160/27",
+        "66.249.73.192/27",
+        "66.249.73.224/27",
+        "66.249.73.32/27",
+        "66.249.73.64/27",
+        "66.249.73.96/27",
+        "66.249.74.0/27",
+        "66.249.74.128/27",
+        "66.249.74.160/27",
+        "66.249.74.192/27",
+        "66.249.74.32/27",
+        "66.249.74.64/27",
+        "66.249.74.96/27",
+        "66.249.75.0/27",
+        "66.249.75.128/27",
+        "66.249.75.160/27",
+        "66.249.75.192/27",
+        "66.249.75.224/27",
+        "66.249.75.32/27",
+        "66.249.75.64/27",
+        "66.249.75.96/27",
+        "66.249.76.0/27",
+        "66.249.76.128/27",
+        "66.249.76.160/27",
+        "66.249.76.192/27",
+        "66.249.76.224/27",
+        "66.249.76.32/27",
+        "66.249.76.64/27",
+        "66.249.76.96/27",
+        "66.249.77.0/27",
+        "66.249.77.128/27",
+        "66.249.77.160/27",
+        "66.249.77.192/27",
+        "66.249.77.224/27",
+        "66.249.77.32/27",
+        "66.249.77.64/27",
+        "66.249.77.96/27",
+        "66.249.78.0/27",
+        "66.249.78.32/27",
+        "66.249.79.0/27",
+        "66.249.79.128/27",
+        "66.249.79.160/27",
+        "66.249.79.192/27",
+        "66.249.79.224/27",
+        "66.249.79.32/27",
+        "66.249.79.64/27",
+        "66.249.79.96/27"
+      ]
+    },
+    {
+      "name": "bingbot",
+      "user_agent_regex": "\\+http\\://www\\.bing\\.com/bingbot\\.htm",
+      "action": "ALLOW",
+      "remote_addresses": [
+        "157.55.39.0/24",
+        "207.46.13.0/24",
+        "40.77.167.0/24",
+        "13.66.139.0/24",
+        "13.66.144.0/24",
+        "52.167.144.0/24",
+        "13.67.10.16/28",
+        "13.69.66.240/28",
+        "13.71.172.224/28",
+        "139.217.52.0/28",
+        "191.233.204.224/28",
+        "20.36.108.32/28",
+        "20.43.120.16/28",
+        "40.79.131.208/28",
+        "40.79.186.176/28",
+        "52.231.148.0/28",
+        "20.79.107.240/28",
+        "51.105.67.0/28",
+        "20.125.163.80/28",
+        "40.77.188.0/22",
+        "65.55.210.0/24",
+        "199.30.24.0/23",
+        "40.77.202.0/24",
+        "40.77.139.0/25",
+        "20.74.197.0/28",
+        "20.15.133.160/27",
+        "40.77.177.0/24",
+        "40.77.178.0/23"
+      ]
+    },
+    {
+      "name": "qwantbot",
+      "user_agent_regex": "\\+https\\://help\\.qwant\\.com/bot/",
+      "action": "ALLOW",
+      "remote_addresses": [
+        "91.242.162.0/24"
+      ]
+    },
+    {
+      "name": "kagibot",
+      "user_agent_regex": "\\+https\\://kagi\\.com/bot",
+      "action": "ALLOW",
+      "remote_addresses": [
+        "216.18.205.234/32",
+        "35.212.27.76/32",
+        "104.254.65.50/32",
+        "209.151.156.194/32"
+      ]
+    },
+    {
+      "name": "marginalia",
+      "user_agent_regex": "search\\.marginalia\\.nu",
+      "action": "ALLOW",
+      "remote_addresses": [
+        "193.183.0.162/31",
+        "193.183.0.164/30",
+        "193.183.0.168/30",
+        "193.183.0.172/31",
+        "193.183.0.174/32"
+      ]
+    },
+    {
+      "name": "mojeekbot",
+      "user_agent_regex": "http\\://www\\.mojeek\\.com/bot\\.html",
+      "action": "ALLOW",
+      "remote_addresses": [
+        "5.102.173.71/32"
+      ]
+    },
+    {
+      "name": "us-artificial-intelligence-scraper",
+      "user_agent_regex": "\\+https\\://github\\.com/US-Artificial-Intelligence/scraper",
+      "action": "DENY"
+    },
+    {
+      "name": "well-known",
+      "path_regex": "^/.well-known/.*$",
+      "action": "ALLOW"
+    },
+    {
+      "name": "favicon",
+      "path_regex": "^/favicon.ico$",
+      "action": "ALLOW"
+    },
+    {
+      "name": "robots-txt",
+      "path_regex": "^/robots.txt$",
+      "action": "ALLOW"
+    },
+    {
+      "name": "lightpanda",
+      "user_agent_regex": "^Lightpanda/.*$",
+      "action": "DENY"
+    },
+    {
+      "name": "headless-chrome",
+      "user_agent_regex": "HeadlessChrome",
+      "action": "DENY"
+    },
+    {
+      "name": "headless-chromium",
+      "user_agent_regex": "HeadlessChromium",
+      "action": "DENY"
+    },
+    {
+      "name": "generic-bot-catchall",
+      "user_agent_regex": "(?i:bot|crawler)",
+      "action": "CHALLENGE",
+      "challenge": {
+        "difficulty": 16,
+        "report_as": 4,
+        "algorithm": "slow"
+      }
+    },
+    {
+      "name": "generic-browser",
+      "user_agent_regex": "Mozilla",
+      "action": "CHALLENGE"
+    }
+  ],
+  "dnsbl": false
+}

invidious/invidious-all/config.yml.example

@@ -0,0 +1,90 @@
+# Fill the required fields!
+database_url: postgres://<db_user>:<db_password>@pgbouncer:5432/<db_name>
+# Main domain from where 
+domain: "fill me"
+
+# Sane defaults, leave them like this
+channel_threads: 0
+log_level: Info
+colorize_logs: true
+redis_url: tcp://valkey:6379
+https_only: true
+use_pubsub_feeds: false
+popular_enabled: true
+captcha_enabled: true
+login_enabled: true
+registration_enabled: true
+statistics_enabled: true
+external_port: 443
+cache_annotations: true
+hsts: true
+enable_user_notifications: true
+force_resolve: ipv4
+pool_size: 100
+use_innertube_for_captions: true
+
+# DO NOT CHANGE THIS UNLESS YOU DID A FORK OF MY FORK
+modified_source_code_url: https://git.nadeko.net/Fijxu/invidious
+
+# It's recommended to disable downloads from Invidious to prevent abuse
+disable_proxy: 
+  - downloads
+
+instance_maintainer_email: admin@example.com
+footer_instance_donate_link: ""
+footer_instance_section_custom_fields: 
+  - ["Example1", "https://example.com"]
+  - ["Example2", "https://example.com"]
+
+# inv.nadeko.net only options
+pubsub_domain: https://inv.nadeko.net
+
+# This option only works when Invidious is in use with
+# inv_sig_helper.
+max_dash_resolution: 1080
+
+jobs:
+  refresh_channels:
+    enable: false
+  subscribe_to_feeds:
+    enable: false
+
+default_user_preferences:
+  region: CL
+  dark_mode: dark
+  autoplay: true
+  quality: dash
+  save_player_pos: true
+  extend_desc: true
+  # Leave local like this due to a bug with VideoJS
+  #local: false
+
+invidious_companion:
+    # private_url has to be the same as public_url if 
+    # invidious companion is running on an external server
+  - private_url: "http://companion:8282"
+    public_url: "https://inv-companion.example.com"
+    i2p_public_url: "http://invcluifpcrybsji4imau42raygqc67ex3g65ff2md236gx37cgq.b32.i2p"
+    # Optional
+    note: "(CL)"
+    domain: ["inv1.nadeko.net", "inv1.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion", "nadekoohummkxncchcsylr3eku36ze4waq4kdrhcqupckc3pe5qq.b32.i2p"]
+
+# Cookie used so the user can switch between different
+# companions on if there is more than one invidious_companion
+server_id_cookie_name: "COMPANION_IDD"
+
+# Leave this like this
+# Backend 0 is postgresql
+# Backend 1 is redis
+# Backend 2 is built-in LRU (Not recommeneded, just for development purposes)
+video_cache:
+  enabled: true
+  backend: 1
+
+# This forces videoplayback proxy for all videos preveting 
+# the ip and tokens used on companion being leaked on the frontend
+force_local: true
+
+# Interval on which the invidious companions are being checked.
+# Used to display a status dot next to the selected backend
+check_backends_interval: 30

invidious/invidious-all/docker-compose.yml

@@ -9,19 +9,12 @@ include:
 x-common-invidious-env: &common-invidious-env
     INVIDIOUS_CONFIG_FILE: "/etc/invidious/config.yml"
     INVIDIOUS_REDIS_URL: "tcp://valkey:6379"
-    # TODO: Support I2P
-    INVIDIOUS_ALTERNATIVE_DOMAINS: '["inv.nadeko.net", "inv.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion"]'
-    INVIDIOUS_BACKEND_DOMAINS: '["inv1.nadeko.net", "inv2.nadeko.net", "inv3.nadeko.net", "inv4.nadeko.net", "inv5.nadeko.net", "inv1.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion", "inv2.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion", "inv3.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion", "inv4.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion", "inv5.nadekonw7plitnjuawu6ytjsl7jlglk2t6pyq6eftptmiv3dvqndwvyd.onion"]'
-
-# https://docs.docker.com/reference/compose-file/extension/
-x-common-dep: &common-dep
-    depends_on: ["pgbouncer"]
 
 x-common: &common-invidious
 #hostname: invidious
   env_file:
     # Env file containing INVIDIOUS_* variables
-    - .env
+    - .env-invidious
   image: "git.nadeko.net/fijxu/invidious:latest"
   restart: always
   mem_limit: 780MB
@@ -29,13 +22,14 @@ x-common: &common-invidious
   deploy:
     replicas: 4
   volumes:
-    # Volume is not needed anymore since I use pgbouncer now
+    # Thist postgresql mount is not needed anymore since I use pgbouncer now
+    # which is at the end of this docker compose file
     # - /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432:rw
     - ./config.yml:/etc/invidious/config.yml:ro
   # Watchtower checks in intervals of 60 seconds for fast container updates. 
   # It needs to have a scope or Watchtower will spam docker servers asking 
   # for a new image update therefore rate limiting me
-  labels: [ "com.centurylinklabs.watchtower.scope=invidious" ]
+  labels: [ "com.centurylinklabs.watchtower.scope=trusted-fast" ]
 
 x-common-haproxy: &common-haproxy
   hostname: haproxy
@@ -55,11 +49,18 @@ x-common-anubis: &common-anubis
   image: git.nadeko.net/fijxu/anubis:latest
   restart: always
   env_file:
-    - .env
+    - .env-anubis
   volumes:
     - "./botPolicy.json:/data/cfg/botPolicy.json:ro"
-  labels:
+  labels: [ "com.centurylinklabs.watchtower.scope=trusted-fast" ]
-    - "com.centurylinklabs.watchtower.enable=true"
+
+x-common-valkey: &common-valkey
+    image: valkey/valkey:7.2-alpine
+    hostname: valkey
+    restart: unless-stopped
+    volumes:
+      - ./valkey.conf:/usr/local/etc/valkey/valkey.conf
+    command: "valkey-server /usr/local/etc/valkey/valkey.conf"
 
 services:
 
@@ -68,17 +69,28 @@ services:
     <<: *common-invidious
     environment:
       <<: *common-invidious-env
-    networks: ["invidious"]
+    networks: 
-    depends_on: ["valkey"]
+      - invidious
+    depends_on:
+      - valkey
+      - pgbouncer
+      - haproxy
+      - anubis-inv
+
+  # YTPROXY to proxy images, just for Fijxu's debugging purposes!
+  # ytproxy:
+  #   image: git.nadeko.net/fijxu/http3-ytproxy:latest
+  #   ports:
+  #     - "127.0.0.1:12403:8080/tcp"
 
   # ANUBIS SECTION #
-
   anubis-inv:
     <<: *common-anubis
     environment:
       <<: *common-anubis-env
       TARGET: "http://invidious:3000"
-    networks: ["invidious"]
+    networks: 
+      - invidious
     ports:
       - 127.0.0.1:9051:9090
 
@@ -86,16 +98,24 @@ services:
   haproxy:
     <<: *common-haproxy
     ports:
+      # Port to expose invidious
       - "127.0.0.1:11101:8001"
+      # Port to expose the prometheus metrics
       - "127.0.0.1:11111:8404"
-    networks: ["invidious"]
+    networks:
+      - invidious
+
+  valkey:
+    <<: *common-valkey
+    networks:
+      - invidious
 
   # Pgbouncer to keep connections to the database open
   pgbouncer:
     image: edoburu/pgbouncer
     restart: unless-stopped
     env_file:
-      - .env
+      - .env-pgbouncer
     environment:
       - POOL_MODE=transaction
       # Everything is being done locally
@@ -104,8 +124,25 @@ services:
     mem_limit: "128m"
     volumes:
       - /var/run/postgresql/.s.PGSQL.5432:/var/run/postgresql/.s.PGSQL.5432:rw
-    networks: ["invidious"]
+    networks:
+      - invidious
 
 networks:
   invidious:
     name: invidious
+
+# ⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀⢀⣀⠤⠤⢤⣄⡤⠤⣤⣀⣀⠀⠀⠀⠀⠀⠀⠀⠀⠀⠀
+# ⠀⠀⠀⠀⠀⠀⠀⢀⣠⠤⠀⡴⠋⠀⠀⠀⠀⠀⠉⠒⢌⠉⠛⣽⡲⣄⡀⠀⠀⠀⠀⠀⠀
+# ⠀⠀⠀⠀⠀⣠⠾⠉⠀⠀⠀⠀⣄⠀⠀⠀⠀⠀⢀⣀⠀⣥⡤⠜⠊⣈⢻⣆⠀⠀⠀⠀⠀
+# ⠀⠀⠀⣠⠾⠁⠔⠨⠂⠀⢀⠘⡜⡦⣀⡴⡆⠛⠒⠙⡴⡀⠘⡆⠀⠀⠛⡙⢷⡀⠀⠀⠀
+# ⠀⠀⡴⠃⠀⠀⠀⠀⢀⣠⡼⠟⡏⡏⠙⣇⢸⡄⠀⠀⢹⠏⠁⢹⡳⣤⠀⠘⡌⣷⠀⠀⠀
+# ⠀⣸⠃⠀⡠⠖⢲⠀⠀⣸⠃⢰⡇⡇⠀⢸⣌⣇⢀⠀⣸⣷⣀⡼⢣⡇⠀⠀⢹⣹⠀⠀⠀
+# ⠀⡏⠀⡜⠁⠀⠁⠀⡰⢃⣴⣷⢟⣿⡟⡲⠟⠻⠊⠙⠃⣼⣿⣻⣾⡇⠀⠀⢸⡿⠀⠀⠀
+# ⠀⡇⠰⡇⠀⢀⡠⠞⡗⢩⡟⢸⡏⠀⢹⡇⠀⠀⠀⠀⠀⢸⣿⠉⢱⣿⠠⢤⣟⠁⠀⠀⠀
+# ⠀⣧⠀⠉⠉⠉⠀⢸⠦⡸⡅⢸⣏⠒⣱⠇⠀⠀⠀⠀⠀⠀⢿⣅⡽⠙⢦⠀⢈⣳⡄⠀⠀
+# ⠀⡟⠀⠀⠀⠀⠀⠘⠀⣘⡌⣀⡉⠉⠁⠀⠀⠀⠀⠈⠀⠀⠀⠀⠀⠁⠀⡸⠛⠜⡷⣠⠀
+# ⢸⠃⠀⠀⠀⠀⣀⡫⣿⣮⡀⠀⠀⠀⠀⠀⢠⠤⠶⡦⡤⠀⠀⠀⠀⠀⢠⠇⡀⠸⣧⣤⡆
+# ⡟⠀⠀⠀⠀⠀⠀⡄⢠⠉⢇⠀⡄⠀⠀⠀⠘⢦⣀⡸⠃⠀⠀⠀⢀⡠⠋⠈⠛⢷⡖⠋⠀
+# ⡇⢀⠀⠀⠀⠀⠀⢇⠀⢕⣺⣿⣅⡀⠀⠀⠀⠀⠀⠀⢀⣠⠤⠒⠉⠀⢠⣄⡶⠋⠀⠀⠀
+# ⠻⢾⣼⣦⣀⠀⡄⠈⠓⢦⣼⣿⣍⠉⠻⣄⠀⢈⠏⠉⣿⣦⡀⠀⢀⣠⠾⠀⠀⠀⠀⠀⠀
+# ⠀⠀⠈⠀⠉⠙⠓⠛⣦⡼⠘⣿⣿⣷⣤⣀⣹⠞⢤⣼⣿⣿⠈⢶⡋⠁⠀⠀⠀⠀⠀⠀⠀

invidious/invidious-all/haproxy.cfg

@@ -10,7 +10,7 @@
 # Why I removed `option http-keep-alive`: This is on by default
 
 global
-    # This because haproxy is dumb and likes to use the maxconnection from the kernel and that is super mega huge making haproxy oom
+    # This because haproxy is dumb and likes to use the maxconnection (somaxconn) from the kernel and that is super mega huge making haproxy oom
     maxconn 8192
 
 resolvers docker
@@ -44,15 +44,13 @@ frontend prometheus
 
 frontend invidious
     bind *:8001
+    
+    # Use anubis only for /watch path
     use_backend anubis-inv if { path /watch } || { path_beg /.within.website }
     default_backend invidious
 
 backend anubis-inv
     server srv1 anubis-inv:4000 check resolvers docker init-addr libc,none
-    # server srv2 invidious:3000 check backup resolvers docker init-addr libc,none
-    # server srv2 invidious:3000 check backup resolvers docker init-addr libc,none
-    # server srv2 invidious:3000 check backup resolvers docker init-addr libc,none
-    # server srv2 invidious:3000 check backup resolvers docker init-addr libc,none
 
 backend invidious
     server-template srv 4 invidious:3000 check resolvers docker init-addr libc,none

invidious/invidious-all/valkey.conf

@@ -0,0 +1,7 @@
+maxmemory 2048mb
+maxmemory-policy volatile-lfu
+
+# Disable AOF
+appendonly no
+# Disable RDB
+save ""

synapse/docker-compose.yml

@@ -4,7 +4,7 @@
 services:
   synapse:
     container_name: synapse
-    image: docker.io/matrixdotorg/synapse:latest
+    image: docker.io/matrixdotorg/synapse:1.127.1
     restart: unless-stopped
     environment:
       - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
@@ -18,63 +18,6 @@ services:
       - 127.0.0.1:10022:8008/tcp
       - 127.0.0.1:9183:9183/tcp
 
-  # synapse-generic-worker:
-  #   container_name: synapse-generic-worker
-  #   image: docker.io/matrixdotorg/synapse:latest
-  #   restart: unless-stopped
-  #   command: "run -m synapse.app.generic_worker --config-path=/data/homeserver.yaml --config-path=/data/generic_worker.yaml"
-  #   depends_on: ["synapse"]
-  #   environment:
-  #     - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
-  #     - SYNAPSE_SERVER_NAME=nadeko.net
-  #     - SYNAPSE_REPORT_STATS=no
-  #   volumes:
-  #     - ./synapse_data:/data:rw
-  #     - ./synapse_data/homeserver.yaml:/data/homeserver.yaml:ro
-  #     - ./generic_worker.yaml:/data/generic_worker.yaml:ro
-  #     - /var/run/postgresql/:/run/postgresql:rw
-  #   ports:
-  #     - 127.0.0.1:10022:8008/tcp
-  #     #- 127.0.0.1:9183:9183/tcp
-
-  # synapse-media-worker:
-  #   container_name: synapse-media-worker
-  #   image: docker.io/matrixdotorg/synapse:latest
-  #   restart: unless-stopped
-  #   command: "run -m synapse.app.media_repository --config-path=/data/homeserver.yaml --config-path=/data/media_worker.yaml"
-  #   depends_on: ["synapse"]
-  #   environment:
-  #     - SYNAPSE_CONFIG_PATH=/data/homeserver.yaml
-  #     - SYNAPSE_SERVER_NAME=nadeko.net
-  #     - SYNAPSE_REPORT_STATS=no
-  #   volumes:
-  #     - ./synapse_data:/data:rw
-  #     - ./synapse_data/homeserver.yaml:/data/homeserver.yaml:ro
-  #     - ./media_worker.yaml:/data/media_worker.yaml:ro
-  #     - /var/run/postgresql/:/run/postgresql:rw
-  #     - ./valkey_socket:/tmp
-  #   ports:
-  #     - 127.0.0.1:10023:8009/tcp
-  #     #- 127.0.0.1:9183:9183/tcp
-
-  redis:
-    image: redis:7-alpine
-    restart: unless-stopped
-    volumes:
-      - ./redis_data:/data
-
-  # matrix-auth-service:
-  #   image: ghcr.io/element-hq/matrix-authentication-service:latest
-  #   container_name: matrix-authentication-service
-  #   restart: unless-stopped
-  #   volumes:
-  #     - /var/run/postgresql/:/run/postgresql:rw
-  #     - ./matrix-auth-service/config.yaml:/config.yaml:rw
-  #   ports:
-  #     - 127.0.0.1:10026:8080
-  #   depends_on:
-  #     - synapse
-
   mautrix-telegram:
     image: dock.mau.dev/mautrix/telegram:latest
     container_name: mautrix-telegram
@@ -83,7 +26,8 @@ services:
       - ./mautrix-telegram_data:/data:z
       - /var/run/postgresql/:/run/postgresql:rw
     depends_on:
-      - synapse
+      synapse:
+        condition: service_healthy
 
   mautrix-whatsapp:
     image: dock.mau.dev/mautrix/whatsapp:latest
@@ -93,7 +37,8 @@ services:
       - ./mautrix-whatsapp_data:/data:z
       - /var/run/postgresql/:/run/postgresql:rw
     depends_on:
-      - synapse
+      synapse:
+        condition: service_healthy
 
   element:
     image: vectorim/element-web:latest
@@ -103,9 +48,10 @@ services:
     ports:
       - 127.0.0.1:10024:80/tcp
 
-  # synapse-admin:
+  synapse-admin:
-  #   image: awesometechnologies/synapse-admin
+    image: ghcr.io/etkecc/synapse-admin:latest
-  #   ports:
+    ports:
-  #     - 127.0.0.1:10025:80
+      - 127.0.0.1:10025:80
-  #   restart: unless-stopped
+    restart: unless-stopped
+
 

watchtower/docker-compose.yml

@@ -1,10 +1,11 @@
 services:
-  watchtower-invidious:
+  # Watchtower used for my own OCI images at https://git.nadeko.net/Fijxu/-/packages
+  watchtower-trusted-fast:
     image: containrrr/watchtower
-    container_name: watchtower-invidious
+    container_name: watchtower-trusted-fast
     restart: unless-stopped
     volumes: [ "/var/run/docker.sock:/var/run/docker.sock" ]
-    command: --interval 30 --scope invidious
+    command: --interval 30 --scope trusted-fast
 
   watchtower-trusted:
     image: containrrr/watchtower