150 lines
3.3 KiB
YAML
150 lines
3.3 KiB
YAML
---
|
|
|
|
- name: install certs
|
|
copy:
|
|
src: "/usr/local/etc/letsencrypt/live/{{ item }}"
|
|
dest: "/usr/local/etc/certs/"
|
|
owner: root
|
|
group: root
|
|
mode: 0755
|
|
tags:
|
|
- letsencrypt-certs
|
|
notify: reload nginx
|
|
with_items:
|
|
- "{{ invidious_url }}"
|
|
vars:
|
|
prediff_cmd: echo
|
|
|
|
- name: create log dir
|
|
file:
|
|
state: directory
|
|
path: /var/log/invidious
|
|
owner: root
|
|
group: 1000
|
|
mode: 0775
|
|
|
|
- name: template nginx vhost
|
|
template:
|
|
src: 01-invidious.conf.j2
|
|
dest: /etc/nginx/sites-enabled/01-invidious.conf
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
tags:
|
|
- nginx
|
|
- invidious-nginx
|
|
notify: reload nginx
|
|
|
|
- name: postgresql user
|
|
postgresql_user:
|
|
name: "{{ systemuserlist.invidious.username }}"
|
|
password: "{{ systemuserlist.invidious.postgres_passwd }}"
|
|
encrypted: true
|
|
state: present
|
|
become_user: postgres
|
|
tags:
|
|
- users
|
|
- postgresql
|
|
- postgresql-users
|
|
|
|
- name: postgresql database
|
|
postgresql_db:
|
|
name: "{{ systemuserlist.invidious.username }}"
|
|
encoding: UTF8
|
|
template: template0
|
|
state: present
|
|
lc_ctype: "C"
|
|
lc_collate: "C"
|
|
become_user: postgres
|
|
tags:
|
|
- users
|
|
- postgresql
|
|
- postgresql-users
|
|
|
|
- name: start container
|
|
docker_container:
|
|
name: invidious
|
|
image: quay.io/invidious/invidious:latest
|
|
restart_policy: "unless-stopped"
|
|
auto_remove: false
|
|
detach: true
|
|
pull: true
|
|
state: started
|
|
container_default_behavior: compatibility
|
|
# user: " systemuserlist.invidious.uid : systemuserlist.invidious.gid "
|
|
networks_cli_compatible: false
|
|
network_mode: bridgewithdns
|
|
networks:
|
|
- name: bridgewithdns
|
|
ipv4_address: "{{ bridgewithdns.invidious }}"
|
|
mounts:
|
|
- type: bind
|
|
source: /var/log/invidious
|
|
target: /var/log/invidious
|
|
healthcheck:
|
|
interval: 30s
|
|
timeout: 3s
|
|
start_period: 1m
|
|
test: "wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1"
|
|
env:
|
|
INVIDIOUS_CONFIG: |
|
|
channel_threads: 1
|
|
check_tables: true
|
|
feed_threads: 1
|
|
db:
|
|
dbname: invidious
|
|
user: invidious
|
|
password: {{ systemuserlist.invidious.postgres_passwd }}
|
|
host: 172.17.0.1
|
|
port: 5432
|
|
admins:
|
|
- {{ invidious_admin }}
|
|
full_refresh: false
|
|
https_only: true
|
|
domain: {{ invidious_url }}
|
|
external_port: 443
|
|
statistics_enabled: true
|
|
registration_enabled: false
|
|
popular_enabled: false
|
|
default_home: Subscriptions
|
|
output: /var/log/invidious/invidious.log
|
|
log_level: info
|
|
tags:
|
|
- invidious-container
|
|
- docker-containers
|
|
|
|
- name: template psql backup script
|
|
template:
|
|
src: invidious-postgres-backup.sh.j2
|
|
dest: /usr/local/bin/invidious-postgres-backup.sh
|
|
mode: 0750
|
|
owner: invidious
|
|
group: invidious
|
|
tags:
|
|
- backup
|
|
|
|
- name: cron file
|
|
template:
|
|
src: invidious-cron.j2
|
|
dest: /etc/cron.d/invidious
|
|
mode: 0600
|
|
owner: root
|
|
group: root
|
|
tags:
|
|
- backup
|
|
- cron
|
|
|
|
- name: template filebeat configs
|
|
template:
|
|
src: "filebeat-{{ item }}.yml.j2"
|
|
dest: "/etc/filebeat/inputs.d/{{ item }}.yml"
|
|
owner: root
|
|
group: root
|
|
mode: 0644
|
|
with_items:
|
|
- invidious
|
|
tags:
|
|
- filebeat
|
|
- filebeat-input
|
|
notify: restart filebeat
|