diff --git a/roles/invidious/defaults/main.yml b/roles/invidious/defaults/main.yml index 106f060f94..5c916f7011 100644 --- a/roles/invidious/defaults/main.yml +++ b/roles/invidious/defaults/main.yml @@ -13,6 +13,7 @@ invidious_network_name: "invidious" # specs invidious_memory: 1g invidious_postgres_memory: 1g +invidious_sig_helper_memory: 1g # docker invidious_container_name: invidious @@ -21,6 +22,9 @@ invidious_image_name: "quay.io/invidious/invidious" invidious_image_version: latest invidious_postgres_image_name: "docker.io/library/postgres" invidious_postgres_image_version: "13" +invidious_sig_helper_container_name: invidious-sig-helper +invidious_sig_helper_image_name: "quay.io/invidious/inv-sig-helper" +invidious_sig_helper_image_version: latest invidious_user_id: "1000" invidious_group_id: "1000" @@ -29,6 +33,10 @@ invidious_db_name: "invidious" invidious_db_username: "invidious" invidious_db_password: "secure" invidious_hmac_key: "CHANGE ME!!!" +invidious_sig_helper_log_level: "info" +# invidious_visitor_data: "" +# invidious_po_token: "" +invidious_docker_youtube_generator_image: quay.io/invidious/youtube-trusted-session-generator invidious_config: | channel_threads: 1 check_tables: true @@ -39,6 +47,9 @@ invidious_config: | password: {{ invidious_db_password }} host: {{ invidious_postgres_container_name }} port: 5432 + signature_server: {{ invidious_sig_helper_container_name }}:12999 + visitor_data: dummy_visitor_data + po_token: dummy_po_token full_refresh: false https_only: true popular_enabled: true diff --git a/roles/invidious/molecule/default/verify.yml b/roles/invidious/molecule/default/verify.yml index 196b839cb3..8f2e9cf37e 100644 --- a/roles/invidious/molecule/default/verify.yml +++ b/roles/invidious/molecule/default/verify.yml @@ -12,6 +12,11 @@ name: "{{ invidious_postgres_container_name }}" register: result_db + - name: Get invidious sig helper container state + community.docker.docker_container: + name: "{{ invidious_sig_helper_container_name }}" + register: result_sig_helper + - name: Get invidious container state community.docker.docker_container: name: "{{ invidious_container_name }}" @@ -22,5 +27,7 @@ that: - result_db.container['State']['Status'] == "running" - result_db.container['State']['Restarting'] == false + - result_sig_helper.container['State']['Status'] == "running" + - result_sig_helper.container['State']['Restarting'] == false - result.container['State']['Status'] == "running" - result.container['State']['Restarting'] == false diff --git a/roles/invidious/molecule/default/verify_stopped.yml b/roles/invidious/molecule/default/verify_stopped.yml index 5b5d3d513f..2124fa6fec 100644 --- a/roles/invidious/molecule/default/verify_stopped.yml +++ b/roles/invidious/molecule/default/verify_stopped.yml @@ -13,6 +13,12 @@ state: absent register: result_db + - name: Try and stop and remove invidious sig helper + community.docker.docker_container: + name: "{{ invidious_sig_helper_container_name }}" + state: absent + register: result_sig_helper + - name: Try and stop and remove invidious community.docker.docker_container: name: "{{ invidious_container_name }}" @@ -23,4 +29,5 @@ ansible.builtin.assert: that: - not result_db.changed + - not result_sig_helper.changed - not result.changed diff --git a/roles/invidious/tasks/main.yml b/roles/invidious/tasks/main.yml index 46208571e7..1c690191e5 100644 --- a/roles/invidious/tasks/main.yml +++ b/roles/invidious/tasks/main.yml @@ -36,6 +36,56 @@ community.docker.docker_network: name: "{{ invidious_network_name }}" + - name: Check if we already have visitor_data and po_token cached + ansible.builtin.stat: + path: /tmp/visitor_data_po_token_cache.json + register: cache_check + + - name: Run Docker container and capture visitor_data and po_token (if cache not present) + community.docker.docker_container: + name: youtube-session-generator + image: "{{ invidious_docker_youtube_generator_image }}" + detach: false + cleanup: true + register: container_output + when: not cache_check.stat.exists + + - name: Extract visitor_data and po_token (if cache not present) + ansible.builtin.set_fact: + visitor_data: "{{ container_output.container['Output'] | regex_search('visitor_data: (.+?)\\n', '\\1') | first}}" + po_token: "{{ container_output.container['Output'] | regex_search('po_token: (.+?)\\n', '\\1') | first }}" + when: not cache_check.stat.exists + + - name: Cache visitor_data and po_token in a file + ansible.builtin.copy: + content: | + { + "visitor_data": "{{ visitor_data }}", + "po_token": "{{ po_token }}" + } + dest: /tmp/visitor_data_po_token_cache.json + when: not cache_check.stat.exists + + - name: Load cached visitor_data and po_token (if cache exists) + ansible.builtin.slurp: + src: /tmp/visitor_data_po_token_cache.json + register: cached_data + when: cache_check.stat.exists + + - name: Set facts from cached data + ansible.builtin.set_fact: + visitor_data: "{{ cached_data.content | b64decode | from_json | json_query('visitor_data') }}" + po_token: "{{ cached_data.content | b64decode | from_json | json_query('po_token') }}" + when: cache_check.stat.exists + # tags: molecule-idempotence-notest + + - name: Display captured variables + ansible.builtin.debug: + msg: + - "visitor_data: {{ visitor_data }}" + - "po_token: {{ po_token }}" + - "invidious_config: {{ invidious_config }}" + - name: Create Invidious Postgress Docker Container community.docker.docker_container: name: "{{ invidious_postgres_container_name }}" @@ -65,6 +115,28 @@ retries: 5 timeout: 5s + - name: Create Invidious Sig Helper Docker Container + community.docker.docker_container: + container_default_behavior: no_defaults + name: "{{ invidious_sig_helper_container_name }}" + image: "{{ invidious_sig_helper_image_name }}:{{ invidious_sig_helper_image_version }}" + pull: true + networks: + - name: "{{ invidious_network_name }}" + network_mode: "{{ invidious_network_name }}" + command: ["--tcp", "0.0.0.0:12999"] + env: + RUST_LOG: "{{ invidious_sig_helper_log_level }}" + restart_policy: unless-stopped + cap_drop: + - ALL + read_only: true + security_opts: + - no-new-privileges:true + memory: "{{ invidious_sig_helper_memory }}" + labels: + traefik.enable: "false" + - name: Create Invidious Docker Container community.docker.docker_container: container_default_behavior: no_defaults @@ -82,7 +154,7 @@ TZ: "{{ ansible_nas_timezone }}" PUID: "{{ invidious_user_id | quote }}" PGID: "{{ invidious_group_id | quote }}" - INVIDIOUS_CONFIG: "{{ invidious_config }}" + INVIDIOUS_CONFIG: "{{ invidious_config | replace('dummy_visitor_data', visitor_data) | replace('dummy_po_token', po_token) }}" restart_policy: unless-stopped memory: "{{ invidious_memory }}" labels: @@ -93,7 +165,7 @@ traefik.http.routers.invidious.tls.domains[0].sans: "*.{{ ansible_nas_domain }}" traefik.http.services.invidious.loadbalancer.server.port: "3000" healthcheck: - test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1 + test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1 interval: 30s timeout: 5s retries: 2 @@ -106,6 +178,11 @@ name: "{{ invidious_postgres_container_name }}" state: absent + - name: Stop invidious sig helper + community.docker.docker_container: + name: "{{ invidious_sig_helper_container_name }}" + state: absent + - name: Stop invidious community.docker.docker_container: name: "{{ invidious_container_name }}"