mirror of
https://github.com/iv-org/infrastructure.git
synced 2024-11-26 23:20:32 +00:00
commit
6b6b77b749
@ -8,12 +8,7 @@ This repository contains the invidious infrastructure.
|
||||
2. Install requirements: `ansible-galaxy install -r requirements.yml -p roles`
|
||||
|
||||
## Hosts
|
||||
### invidious.io (old)
|
||||
|
||||
Install old requirements: `ansible-galaxy install -r requirements-old.yml -p roles`
|
||||
### dia.invidious.io
|
||||
|
||||
`ansible-playbook main.yml -i inventory.yml --ask-vault-pass`
|
||||
|
||||
### tin.invidious.io
|
||||
|
||||
`ansible-playbook tin.yml -i inventory.yml`
|
||||
`ansible-playbook dia.yml -i inventory.yml`
|
||||
|
@ -1,36 +0,0 @@
|
||||
---
|
||||
prometheus_web_listen_address: "127.0.0.1:9090"
|
||||
prometheus_scrape_configs:
|
||||
- job_name: "prometheus"
|
||||
static_configs:
|
||||
- targets: ['localhost:9090']
|
||||
- job_name: "node"
|
||||
static_configs:
|
||||
- targets: ['localhost:9100']
|
||||
- job_name: "caddy"
|
||||
static_configs:
|
||||
- targets: ['127.0.0.1:2019']
|
||||
|
||||
grafana_url: "https://grafana.invidious.io"
|
||||
grafana_domain: grafana.invidious.io
|
||||
grafana_address: 127.0.0.1
|
||||
grafana_port: 2000
|
||||
grafana_security:
|
||||
admin_user: admin
|
||||
admin_password: "{{ vault_grafana_admin_password }}"
|
||||
disable_gravatar: true
|
||||
cookie_secure: true
|
||||
grafana_auth:
|
||||
anonymous:
|
||||
enabled: true
|
||||
grafana_datasources:
|
||||
- name: Prometheus
|
||||
type: prometheus
|
||||
url: http://localhost:9090
|
||||
grafana_dashboards:
|
||||
- dashboard_id: '1860'
|
||||
revision_id: '22'
|
||||
datasource: 'Prometheus'
|
||||
- dashboard_id: '13460'
|
||||
revision_id: '2'
|
||||
datasource: 'Prometheus'
|
@ -1,13 +0,0 @@
|
||||
$ANSIBLE_VAULT;1.1;AES256
|
||||
39303330616163326665373337326635386164616335626366333638653464303532643530333762
|
||||
6636626430613433623534373263633663303431316339640a613930623530623336373663323038
|
||||
34666363393733363736323166343138656364373439366332623930633635616631386533306533
|
||||
3666663833353931360a636163646163363661666330633636353532323333386432633037653131
|
||||
65343530643931303834633961633934613037396336646439663163326635656238623936343165
|
||||
66386165653839323231333761343663613965326538303032363935643433306366643763393665
|
||||
30333033626162356564393439643866356266393362643664646365373535613764366130346438
|
||||
33313330613163623339386130653032333962343235653135653431376165656163336531663162
|
||||
61653763663162663933373236326365343365653233643830613237626639316666386530386434
|
||||
33633136393637343863306261396334333533643233633236353531663066613637653236316632
|
||||
31333435333835346364663638656266643230303163656362336566653638633361373532653834
|
||||
34396162656135333337
|
@ -1,3 +0,0 @@
|
||||
---
|
||||
docker_compose_version: "1.29.2"
|
||||
caddy_config: "{{ lookup('template', 'templates/tin-Caddyfile.j2') }}"
|
@ -3,6 +3,4 @@ all:
|
||||
children:
|
||||
main:
|
||||
hosts:
|
||||
invidious.io:
|
||||
tin.invidious.io:
|
||||
dia.invidious.io:
|
||||
|
107
main.yml
107
main.yml
@ -1,107 +0,0 @@
|
||||
---
|
||||
- hosts: main
|
||||
handlers:
|
||||
- name: restart ssh
|
||||
systemd:
|
||||
name: sshd
|
||||
state: restarted
|
||||
|
||||
tasks:
|
||||
- name: SSH config
|
||||
template:
|
||||
src: sshd_config.j2
|
||||
dest: /etc/ssh/sshd_config
|
||||
mode: 0644
|
||||
notify: restart ssh
|
||||
tags: [ssh,base]
|
||||
|
||||
- name: SSH keys
|
||||
template:
|
||||
src: authorized_keys.j2
|
||||
dest: /root/.ssh/authorized_keys
|
||||
mode: 0600
|
||||
tags: [ssh,base]
|
||||
|
||||
- name: Install packages
|
||||
apt:
|
||||
name: "{{ apt_packages }}"
|
||||
tags: [apt,base]
|
||||
|
||||
- name: Bind node exporter to localhost
|
||||
ansible.builtin.lineinfile:
|
||||
path: /etc/default/prometheus-node-exporter
|
||||
regexp: '^ARGS='
|
||||
line: ARGS=--web.listen-address=localhost:9100
|
||||
tags: [apt,base]
|
||||
|
||||
- name: unattended-upgrades
|
||||
import_role:
|
||||
name: jnv.unattended-upgrades
|
||||
tags: [unattended-upgrades]
|
||||
|
||||
- name: prometheus
|
||||
import_role:
|
||||
name: cloudalchemy.prometheus
|
||||
tags: [prometheus]
|
||||
|
||||
- name: grafana
|
||||
import_role:
|
||||
name: cloudalchemy.grafana
|
||||
tags: [grafana]
|
||||
|
||||
- name: pip
|
||||
import_role:
|
||||
name: geerlingguy.pip
|
||||
tags: [pip,docker]
|
||||
|
||||
- name: docker
|
||||
import_role:
|
||||
name: geerlingguy.docker
|
||||
tags: [dockerd,docker]
|
||||
|
||||
- name: Create Invidious API container
|
||||
community.docker.docker_container:
|
||||
name: api
|
||||
image: quay.io/invidious/instances:latest
|
||||
pull: true
|
||||
restart_policy: unless-stopped
|
||||
published_ports:
|
||||
- "127.0.0.1:3000:3000"
|
||||
tags: [api,instances,docker]
|
||||
|
||||
- name: Create Invidious redirect container
|
||||
community.docker.docker_container:
|
||||
name: redirect
|
||||
image: quay.io/invidious/invidious-redirect:latest
|
||||
pull: true
|
||||
restart_policy: unless-stopped
|
||||
log_driver: none
|
||||
published_ports:
|
||||
- "127.0.0.1:8080:80"
|
||||
tags: [redirect,docker]
|
||||
|
||||
- name: Create wikijs compose folder
|
||||
file:
|
||||
path: /root/compose/wikijs/
|
||||
state: directory
|
||||
recurse: true
|
||||
mode: 0755
|
||||
tags: [wikijs,docker]
|
||||
|
||||
- name: Template wikijs docker compose
|
||||
template:
|
||||
src: docker-compose-wikijs.yml
|
||||
dest: /root/compose/wikijs/docker-compose.yml
|
||||
mode: 0600
|
||||
tags: [wikijs,docker]
|
||||
|
||||
- name: Compose wikijs
|
||||
community.docker.docker_compose:
|
||||
project_src: /root/compose/wikijs
|
||||
pull: true
|
||||
tags: [wikijs,docker]
|
||||
|
||||
- name: caddy
|
||||
import_role:
|
||||
name: caddy_ansible.caddy_ansible
|
||||
tags: [ caddy ]
|
@ -1,10 +0,0 @@
|
||||
roles:
|
||||
- name: jnv.unattended-upgrades
|
||||
version: v1.10.0
|
||||
- name: geerlingguy.pip
|
||||
version: 2.0.0
|
||||
- name: geerlingguy.docker
|
||||
version: 3.0.0
|
||||
- name: caddy_ansible.caddy_ansible
|
||||
- name: cloudalchemy.prometheus
|
||||
- name: cloudalchemy.grafana
|
@ -1,80 +0,0 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
(common) {
|
||||
encode gzip
|
||||
respond /robots.txt 200 {
|
||||
body "User-agent: *
|
||||
Disallow: /
|
||||
"
|
||||
}
|
||||
log {
|
||||
output file /var/log/caddy/access.log {
|
||||
roll_size 500mb
|
||||
roll_keep 5
|
||||
}
|
||||
format filter {
|
||||
wrap json
|
||||
fields {
|
||||
common_log delete
|
||||
request>remote_addr ip_mask {
|
||||
ipv4 24
|
||||
ipv6 32
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
www.invidio.us {
|
||||
import common
|
||||
redir https://invidious.io{uri}
|
||||
}
|
||||
invidious.io {
|
||||
import common
|
||||
root * /var/www/invidious.io
|
||||
file_server
|
||||
}
|
||||
git.invidious.io {
|
||||
import common
|
||||
redir https://github.com/iv-org/invidious
|
||||
}
|
||||
|
||||
invidio.us {
|
||||
import common
|
||||
redir https://redirect.invidious.io{uri}
|
||||
header /api* content-type "application/json"
|
||||
respond /api* "{\"error\":\"This server no longer hosts the Invidious API.\"}" 410
|
||||
}
|
||||
redirect.invidious.io {
|
||||
import common
|
||||
reverse_proxy http://127.0.0.1:8080
|
||||
}
|
||||
|
||||
instances.invidio.us {
|
||||
import common
|
||||
redir https://api.invidious.io{uri}
|
||||
}
|
||||
api.invidious.io {
|
||||
import common
|
||||
reverse_proxy http://127.0.0.1:3000
|
||||
header /static* Cache-Control "max-age=86400"
|
||||
}
|
||||
|
||||
uptime.invidio.us {
|
||||
import common
|
||||
redir https://stats.uptimerobot.com/89VnzSKAn{uri}
|
||||
}
|
||||
uptime.invidious.io {
|
||||
import common
|
||||
redir https://stats.uptimerobot.com/89VnzSKAn{uri}
|
||||
}
|
||||
|
||||
docs.invidious.io {
|
||||
import common
|
||||
reverse_proxy http://127.0.0.1:3001
|
||||
}
|
||||
|
||||
grafana.invidious.io {
|
||||
import common
|
||||
reverse_proxy http://127.0.0.1:2000
|
||||
}
|
@ -1,32 +0,0 @@
|
||||
version: "3"
|
||||
services:
|
||||
|
||||
db:
|
||||
image: docker.io/postgres:11-alpine
|
||||
environment:
|
||||
POSTGRES_DB: wikijs
|
||||
POSTGRES_PASSWORD: "{{ vault_wikijs_db_password }}"
|
||||
POSTGRES_USER: wikijs
|
||||
logging:
|
||||
driver: "none"
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- db-data:/var/lib/postgresql/data
|
||||
|
||||
wiki:
|
||||
image: requarks/wiki:2.5
|
||||
depends_on:
|
||||
- db
|
||||
environment:
|
||||
DB_TYPE: postgres
|
||||
DB_HOST: db
|
||||
DB_PORT: 5432
|
||||
DB_USER: wikijs
|
||||
DB_PASS: "{{ vault_wikijs_db_password }}"
|
||||
DB_NAME: wikijs
|
||||
restart: unless-stopped
|
||||
ports:
|
||||
- "127.0.0.1:3001:3000"
|
||||
|
||||
volumes:
|
||||
db-data:
|
@ -1,102 +0,0 @@
|
||||
# {{ ansible_managed }}
|
||||
|
||||
(common) {
|
||||
encode gzip
|
||||
log {
|
||||
output file /var/log/caddy/access.log {
|
||||
roll_size 500mb
|
||||
roll_keep 5
|
||||
}
|
||||
format filter {
|
||||
wrap json
|
||||
fields {
|
||||
common_log delete
|
||||
request>remote_addr ip_mask {
|
||||
ipv4 24
|
||||
ipv6 32
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
(block-robots) {
|
||||
respond /robots.txt 200 {
|
||||
body "User-agent: *
|
||||
Disallow: /
|
||||
"
|
||||
}
|
||||
}
|
||||
|
||||
www.invidio.us {
|
||||
import common
|
||||
import block-robots
|
||||
redir https://invidious.io{uri}
|
||||
}
|
||||
invidious.io {
|
||||
import common
|
||||
reverse_proxy http://127.0.0.1:8081
|
||||
}
|
||||
|
||||
git.invidious.io {
|
||||
import common
|
||||
import block-robots
|
||||
redir https://github.com/iv-org/invidious
|
||||
}
|
||||
gitea.invidious.io {
|
||||
import common
|
||||
import block-robots
|
||||
reverse_proxy http://127.0.0.1:3200
|
||||
}
|
||||
|
||||
invidio.us {
|
||||
import common
|
||||
import block-robots
|
||||
redir https://redirect.invidious.io{uri}
|
||||
header /api* content-type "application/json"
|
||||
respond /api* "{\"error\":\"This server no longer hosts the Invidious API.\"}" 410
|
||||
}
|
||||
redirect.invidious.io {
|
||||
import common
|
||||
import block-robots
|
||||
reverse_proxy http://127.0.0.1:8080
|
||||
}
|
||||
|
||||
instances.invidio.us {
|
||||
import common
|
||||
import block-robots
|
||||
redir https://api.invidious.io{uri}
|
||||
}
|
||||
api.invidious.io {
|
||||
import common
|
||||
import block-robots
|
||||
reverse_proxy http://127.0.0.1:3000
|
||||
header /static* Cache-Control "max-age=86400"
|
||||
}
|
||||
|
||||
uptime.invidio.us {
|
||||
import common
|
||||
import block-robots
|
||||
redir https://stats.uptimerobot.com/89VnzSKAn{uri}
|
||||
}
|
||||
uptime.invidious.io {
|
||||
import common
|
||||
import block-robots
|
||||
redir https://stats.uptimerobot.com/89VnzSKAn{uri}
|
||||
}
|
||||
|
||||
docs.invidious.io {
|
||||
import common
|
||||
reverse_proxy http://127.0.0.1:8082
|
||||
}
|
||||
|
||||
instances.invidious.io {
|
||||
import common
|
||||
redir https://docs.invidious.io/instances/
|
||||
}
|
||||
|
||||
todo.invidious.io {
|
||||
import common
|
||||
import block-robots
|
||||
redir https://github.com/orgs/iv-org/projects
|
||||
}
|
79
tin.yml
79
tin.yml
@ -1,79 +0,0 @@
|
||||
---
|
||||
- hosts: tin.invidious.io
|
||||
handlers:
|
||||
- name: restart ssh
|
||||
systemd:
|
||||
name: sshd
|
||||
state: restarted
|
||||
|
||||
tasks:
|
||||
- name: SSH config
|
||||
template:
|
||||
src: sshd_config.j2
|
||||
dest: /etc/ssh/sshd_config
|
||||
mode: 0644
|
||||
notify: restart ssh
|
||||
tags: [ssh, base]
|
||||
|
||||
- name: SSH keys
|
||||
template:
|
||||
src: authorized_keys.j2
|
||||
dest: /root/.ssh/authorized_keys
|
||||
mode: 0600
|
||||
tags: [ssh, base]
|
||||
|
||||
- name: Install packages
|
||||
apt:
|
||||
name: "{{ apt_packages }}"
|
||||
update_cache: true
|
||||
tags: [apt, base]
|
||||
|
||||
- name: unattended-upgrades
|
||||
import_role:
|
||||
name: jnv.unattended-upgrades
|
||||
tags: [unattended-upgrades]
|
||||
|
||||
- name: pip
|
||||
import_role:
|
||||
name: geerlingguy.pip
|
||||
tags: [pip,docker]
|
||||
|
||||
- name: docker
|
||||
import_role:
|
||||
name: geerlingguy.docker
|
||||
tags: [dockerd, docker]
|
||||
|
||||
- name: Deploy invidious api
|
||||
import_tasks: tasks/compose.yml
|
||||
vars:
|
||||
app: instances-api
|
||||
tags: [instances-api, api, docker]
|
||||
|
||||
- name: Deploy invidious redirect
|
||||
import_tasks: tasks/compose.yml
|
||||
vars:
|
||||
app: redirect
|
||||
tags: [redirect, docker]
|
||||
|
||||
- name: Deploy invidious website
|
||||
import_tasks: tasks/compose.yml
|
||||
vars:
|
||||
app: invidious.io
|
||||
tags: [website, docker]
|
||||
|
||||
- name: Deploy gitea
|
||||
import_tasks: tasks/compose.yml
|
||||
vars:
|
||||
app: gitea
|
||||
tags: [gitea, docker]
|
||||
|
||||
- name: Deploy docs
|
||||
import_tasks: tasks/compose.yml
|
||||
vars:
|
||||
app: "docs.invidious.io"
|
||||
tags: [docs, docker]
|
||||
|
||||
- name: caddy
|
||||
import_role:
|
||||
name: caddy_ansible.caddy_ansible
|
||||
tags: [caddy]
|
Loading…
Reference in New Issue
Block a user