Sanitized mirror from private repository - 2026-03-11 06:48:12 UTC

hosts/physical/concord-nuc/invidious/docker/init-invidious-db.sh

@@ -0,0 +1,13 @@
+#!/bin/bash
+# Invidious DB initialisation script
+# Runs once on first container start (docker-entrypoint-initdb.d).
+#
+# Adds a pg_hba.conf rule allowing connections from any Docker subnet
+# using trust auth. Without this, PostgreSQL rejects the invidious
+# container when the Docker network is assigned a different subnet after
+# a recreate (the default pg_hba.conf only covers localhost).
+
+set -e
+
+# Allow connections from any host on the Docker bridge network
+echo "host all all 0.0.0.0/0 trust" >> /var/lib/postgresql/data/pg_hba.conf

hosts/physical/concord-nuc/invidious/invidious.yaml

@@ -0,0 +1,115 @@
+version: "3"
+
+configs:
+  materialious_nginx:
+    content: |
+      events { worker_connections 1024; }
+      http {
+          default_type application/octet-stream;
+          include /etc/nginx/mime.types;
+          server {
+              listen 80;
+
+              # The video player passes dashUrl as a relative path that resolves
+              # to this origin — proxy Invidious API/media paths to local service.
+              # (in.vish.gg resolves to the external IP which is unreachable via
+              #  hairpin NAT from inside Docker; invidious:3000 is on same network)
+              location ~ ^/(api|companion|vi|ggpht|videoplayback|sb|s_p|ytc|storyboards) {
+                  proxy_pass http://invidious:3000;
+                  proxy_set_header Host $$host;
+                  proxy_set_header X-Real-IP $$remote_addr;
+                  proxy_set_header X-Forwarded-For $$proxy_add_x_forwarded_for;
+              }
+
+              location / {
+                  root /usr/share/nginx/html;
+                  try_files $$uri /index.html;
+              }
+          }
+      }
+
+services:
+
+  invidious:
+    image: quay.io/invidious/invidious:latest
+    platform: linux/amd64
+    restart: unless-stopped
+    ports:
+      - "3000:3000"
+    environment:
+      INVIDIOUS_CONFIG: |
+        db:
+          dbname: invidious
+          user: kemal
+          password: "REDACTED_PASSWORD"
+          host: invidious-db
+          port: 5432
+        check_tables: true
+        invidious_companion:
+          - private_url: "http://companion:8282/companion"
+        invidious_companion_key: "pha6nuser7ecei1E"
+        hmac_key: "Kai5eexiewohchei"
+    healthcheck:
+      test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1
+      interval: 30s
+      timeout: 5s
+      retries: 2
+    logging:
+      options:
+        max-size: "1G"
+        max-file: "4"
+    depends_on:
+      - invidious-db
+      - companion
+
+  companion:
+    image: quay.io/invidious/invidious-companion:latest
+    platform: linux/amd64
+    environment:
+      - SERVER_SECRET_KEY=pha6nuser7ecei1E
+    restart: unless-stopped
+    cap_drop:
+      - ALL
+    read_only: true
+    volumes:
+      - companioncache:/var/tmp/youtubei.js:rw
+    security_opt:
+      - no-new-privileges:true
+    logging:
+      options:
+        max-size: "1G"
+        max-file: "4"
+
+  invidious-db:
+    image: postgres:14
+    restart: unless-stopped
+    environment:
+      POSTGRES_DB: invidious
+      POSTGRES_USER: kemal
+      POSTGRES_PASSWORD: "REDACTED_PASSWORD"  # pragma: allowlist secret
+    volumes:
+      - postgresdata:/var/lib/postgresql/data
+      - ./config/sql:/config/sql
+      - ./docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
+
+  materialious:
+    image: wardpearce/materialious:latest
+    container_name: materialious
+    restart: unless-stopped
+    environment:
+      VITE_DEFAULT_INVIDIOUS_INSTANCE: "https://in.vish.gg"
+    configs:
+      - source: materialious_nginx
+        target: /etc/nginx/nginx.conf
+    ports:
+      - "3001:80"
+    logging:
+      options:
+        max-size: "1G"
+        max-file: "4"
+
+volumes:
+  postgresdata:
+  companioncache:

hosts/physical/concord-nuc/invidious/invidious_notes.txt

@@ -0,0 +1,4 @@
+vish@vish-concord-nuc:~/invidious/invidious$ pwgen 16 1 # for Invidious (HMAC_KEY)
+Kai5eexiewohchei
+vish@vish-concord-nuc:~/invidious/invidious$ pwgen 16 1 # for Invidious companion (invidious_companion_key)
+pha6nuser7ecei1E

hosts/physical/concord-nuc/invidious/invidious_old/invidious.yaml

@@ -0,0 +1,65 @@
+version: "3.8"  # Upgrade to a newer version for better features and support
+
+services:
+  invidious:
+    image: quay.io/invidious/invidious:latest
+    restart: unless-stopped
+    ports:
+      - "3000:3000"
+    environment:
+      INVIDIOUS_CONFIG: |
+        db:
+          dbname: invidious
+          user: kemal
+          password: "REDACTED_PASSWORD"
+          host: invidious-db
+          port: 5432
+        check_tables: true
+        signature_server: inv_sig_helper:12999
+        visitor_data: ""
+        po_token: "REDACTED_TOKEN"=="
+        hmac_key: "9Uncxo4Ws54s7dr0i3t8"
+    healthcheck:
+      test: ["CMD", "wget", "-nv", "--tries=1", "--spider", "http://127.0.0.1:3000/api/v1/trending"]
+      interval: 30s
+      timeout: 5s
+      retries: 2
+    logging:
+      options:
+        max-size: "1G"
+        max-file: "4"
+    depends_on:
+      - invidious-db
+
+  inv_sig_helper:
+    image: quay.io/invidious/inv-sig-helper:latest
+    init: true
+    command: ["--tcp", "0.0.0.0:12999"]
+    environment:
+      - RUST_LOG=info
+    restart: unless-stopped
+    cap_drop:
+      - ALL
+    read_only: true
+    security_opt:
+      - no-new-privileges:true
+
+  invidious-db:
+    image: docker.io/library/postgres:14
+    restart: unless-stopped
+    volumes:
+      - postgresdata:/var/lib/postgresql/data
+      - ./config/sql:/config/sql
+      - ./docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh
+    environment:
+      POSTGRES_DB: invidious
+      POSTGRES_USER: kemal
+      POSTGRES_PASSWORD: "REDACTED_PASSWORD"
+    healthcheck:
+      test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
+      interval: 30s
+      timeout: 5s
+      retries: 3
+
+volumes:
+  postgresdata:

hosts/physical/concord-nuc/invidious/invidious_old/invidious_restart_script.txt

@@ -0,0 +1,2 @@
+docker all in one
+docker-compose down --volumes --remove-orphans && docker-compose pull && docker-compose up -d