mirror of
https://gitea.invidious.io/iv-org/infrastructure.git
synced 2024-08-15 00:53:31 +00:00
Add new VPS deployment
This commit is contained in:
parent
da07039169
commit
6f5fec98d3
13 changed files with 200 additions and 8 deletions
2
.ansible-lint
Normal file
2
.ansible-lint
Normal file
|
@ -0,0 +1,2 @@
|
||||||
|
exclude_paths:
|
||||||
|
- roles
|
|
@ -8,6 +8,12 @@ This repository contains the invidious infrastructure.
|
||||||
2. Install requirements: `ansible-galaxy install -r requirements.yml -p roles`
|
2. Install requirements: `ansible-galaxy install -r requirements.yml -p roles`
|
||||||
|
|
||||||
## Hosts
|
## Hosts
|
||||||
### invidious.io
|
### invidious.io (old)
|
||||||
|
|
||||||
|
Install old requirements: `ansible-galaxy install -r requirements-old.yml -p roles`
|
||||||
|
|
||||||
`ansible-playbook main.yml -i inventory.yml --ask-vault-pass`
|
`ansible-playbook main.yml -i inventory.yml --ask-vault-pass`
|
||||||
|
|
||||||
|
### tin.invidious.io
|
||||||
|
|
||||||
|
`ansible-playbook tin.yml -i inventory.yml`
|
||||||
|
|
|
@ -12,7 +12,6 @@ apt_packages:
|
||||||
- net-tools
|
- net-tools
|
||||||
- python3-setuptools
|
- python3-setuptools
|
||||||
- jq
|
- jq
|
||||||
- prometheus-node-exporter
|
|
||||||
|
|
||||||
pip_install_packages:
|
pip_install_packages:
|
||||||
- name: docker
|
- name: docker
|
||||||
|
|
3
host_vars/tin.invidious.io/main.yml
Normal file
3
host_vars/tin.invidious.io/main.yml
Normal file
|
@ -0,0 +1,3 @@
|
||||||
|
---
|
||||||
|
docker_compose_version: "1.29.2"
|
||||||
|
caddy_config: "{{ lookup('template', 'templates/tin-Caddyfile.j2') }}"
|
|
@ -4,4 +4,4 @@ all:
|
||||||
main:
|
main:
|
||||||
hosts:
|
hosts:
|
||||||
invidious.io:
|
invidious.io:
|
||||||
ansible_host: 188.34.196.170
|
tin.invidious.io:
|
||||||
|
|
10
requirements-old.yml
Normal file
10
requirements-old.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
roles:
|
||||||
|
- name: jnv.unattended-upgrades
|
||||||
|
version: v1.10.0
|
||||||
|
- name: geerlingguy.pip
|
||||||
|
version: 2.0.0
|
||||||
|
- name: geerlingguy.docker
|
||||||
|
version: 3.0.0
|
||||||
|
- name: caddy_ansible.caddy_ansible
|
||||||
|
- name: cloudalchemy.prometheus
|
||||||
|
- name: cloudalchemy.grafana
|
|
@ -1,10 +1,11 @@
|
||||||
roles:
|
roles:
|
||||||
- name: jnv.unattended-upgrades
|
- name: jnv.unattended-upgrades
|
||||||
version: v1.10.0
|
# from github because version missing on galaxy, https://github.com/jnv/ansible-role-unattended-upgrades/issues/89
|
||||||
|
src: https://github.com/jnv/ansible-role-unattended-upgrades
|
||||||
|
version: v1.12.1
|
||||||
- name: geerlingguy.pip
|
- name: geerlingguy.pip
|
||||||
version: 2.0.0
|
version: 2.1.0
|
||||||
- name: geerlingguy.docker
|
- name: geerlingguy.docker
|
||||||
version: 3.0.0
|
version: 4.1.1
|
||||||
- name: caddy_ansible.caddy_ansible
|
- name: caddy_ansible.caddy_ansible
|
||||||
- name: cloudalchemy.prometheus
|
version: v3.0.4
|
||||||
- name: cloudalchemy.grafana
|
|
||||||
|
|
18
tasks/compose.yml
Normal file
18
tasks/compose.yml
Normal file
|
@ -0,0 +1,18 @@
|
||||||
|
---
|
||||||
|
- name: Create compose folders
|
||||||
|
file:
|
||||||
|
path: "/root/compose/{{ app }}"
|
||||||
|
state: directory
|
||||||
|
recurse: true
|
||||||
|
mode: 0755
|
||||||
|
|
||||||
|
- name: Template compose files
|
||||||
|
template:
|
||||||
|
src: "compose/{{ app }}.yml"
|
||||||
|
dest: "/root/compose/{{ app }}/docker-compose.yml"
|
||||||
|
mode: 0600
|
||||||
|
|
||||||
|
- name: Compose app
|
||||||
|
community.docker.docker_compose:
|
||||||
|
project_src: "/root/compose/{{ app }}"
|
||||||
|
pull: true
|
7
templates/compose/instances-api.yml
Normal file
7
templates/compose/instances-api.yml
Normal file
|
@ -0,0 +1,7 @@
|
||||||
|
---
|
||||||
|
services:
|
||||||
|
api:
|
||||||
|
image: quay.io/invidious/instances:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
ports:
|
||||||
|
- "127.0.0.1:3000:3000"
|
10
templates/compose/redirect.yml
Normal file
10
templates/compose/redirect.yml
Normal file
|
@ -0,0 +1,10 @@
|
||||||
|
---
|
||||||
|
services:
|
||||||
|
redirect:
|
||||||
|
image: quay.io/invidious/invidious-redirect:latest
|
||||||
|
restart: unless-stopped
|
||||||
|
ports:
|
||||||
|
- "127.0.0.1:8080:80"
|
||||||
|
# disable (spammy logs)
|
||||||
|
logging:
|
||||||
|
driver: "none"
|
75
templates/tin-Caddyfile.j2
Normal file
75
templates/tin-Caddyfile.j2
Normal file
|
@ -0,0 +1,75 @@
|
||||||
|
# {{ ansible_managed }}
|
||||||
|
|
||||||
|
(common) {
|
||||||
|
encode gzip
|
||||||
|
respond /robots.txt 200 {
|
||||||
|
body "User-agent: *
|
||||||
|
Disallow: /
|
||||||
|
"
|
||||||
|
}
|
||||||
|
log {
|
||||||
|
output file /var/log/caddy/access.log {
|
||||||
|
roll_size 500mb
|
||||||
|
roll_keep 5
|
||||||
|
}
|
||||||
|
format filter {
|
||||||
|
wrap json
|
||||||
|
fields {
|
||||||
|
common_log delete
|
||||||
|
request>remote_addr ip_mask {
|
||||||
|
ipv4 24
|
||||||
|
ipv6 32
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
www.invidio.us {
|
||||||
|
import common
|
||||||
|
redir https://invidious.io{uri}
|
||||||
|
}
|
||||||
|
#invidious.io {
|
||||||
|
# import common
|
||||||
|
# root * /var/www/invidious.io
|
||||||
|
# file_server
|
||||||
|
#}
|
||||||
|
git.invidious.io {
|
||||||
|
import common
|
||||||
|
redir https://github.com/iv-org/invidious
|
||||||
|
}
|
||||||
|
|
||||||
|
invidio.us {
|
||||||
|
import common
|
||||||
|
redir https://redirect.invidious.io{uri}
|
||||||
|
header /api* content-type "application/json"
|
||||||
|
respond /api* "{\"error\":\"This server no longer hosts the Invidious API.\"}" 410
|
||||||
|
}
|
||||||
|
redirect.invidious.io {
|
||||||
|
import common
|
||||||
|
reverse_proxy http://127.0.0.1:8080
|
||||||
|
}
|
||||||
|
|
||||||
|
instances.invidio.us {
|
||||||
|
import common
|
||||||
|
redir https://api.invidious.io{uri}
|
||||||
|
}
|
||||||
|
api.invidious.io {
|
||||||
|
import common
|
||||||
|
reverse_proxy http://127.0.0.1:3000
|
||||||
|
header /static* Cache-Control "max-age=86400"
|
||||||
|
}
|
||||||
|
|
||||||
|
uptime.invidio.us {
|
||||||
|
import common
|
||||||
|
redir https://stats.uptimerobot.com/89VnzSKAn{uri}
|
||||||
|
}
|
||||||
|
uptime.invidious.io {
|
||||||
|
import common
|
||||||
|
redir https://stats.uptimerobot.com/89VnzSKAn{uri}
|
||||||
|
}
|
||||||
|
|
||||||
|
#docs.invidious.io {
|
||||||
|
# import common
|
||||||
|
# reverse_proxy http://127.0.0.1:3001
|
||||||
|
#}
|
61
tin.yml
Normal file
61
tin.yml
Normal file
|
@ -0,0 +1,61 @@
|
||||||
|
---
|
||||||
|
- hosts: tin.invidious.io
|
||||||
|
handlers:
|
||||||
|
- name: restart ssh
|
||||||
|
systemd:
|
||||||
|
name: sshd
|
||||||
|
state: restarted
|
||||||
|
|
||||||
|
tasks:
|
||||||
|
- name: SSH config
|
||||||
|
template:
|
||||||
|
src: sshd_config.j2
|
||||||
|
dest: /etc/ssh/sshd_config
|
||||||
|
mode: 0644
|
||||||
|
notify: restart ssh
|
||||||
|
tags: [ssh, base]
|
||||||
|
|
||||||
|
- name: SSH keys
|
||||||
|
template:
|
||||||
|
src: authorized_keys.j2
|
||||||
|
dest: /root/.ssh/authorized_keys
|
||||||
|
mode: 0600
|
||||||
|
tags: [ssh, base]
|
||||||
|
|
||||||
|
- name: Install packages
|
||||||
|
apt:
|
||||||
|
name: "{{ apt_packages }}"
|
||||||
|
update_cache: true
|
||||||
|
tags: [apt, base]
|
||||||
|
|
||||||
|
- name: unattended-upgrades
|
||||||
|
import_role:
|
||||||
|
name: jnv.unattended-upgrades
|
||||||
|
tags: [unattended-upgrades]
|
||||||
|
|
||||||
|
- name: pip
|
||||||
|
import_role:
|
||||||
|
name: geerlingguy.pip
|
||||||
|
tags: [pip,docker]
|
||||||
|
|
||||||
|
- name: docker
|
||||||
|
import_role:
|
||||||
|
name: geerlingguy.docker
|
||||||
|
tags: [dockerd, docker]
|
||||||
|
|
||||||
|
- name: Deploy invidious api
|
||||||
|
import_tasks: tasks/compose.yml
|
||||||
|
vars:
|
||||||
|
app: instances-api
|
||||||
|
tags: [instances-api, api, docker]
|
||||||
|
|
||||||
|
- name: Deploy invidious api
|
||||||
|
import_tasks: tasks/compose.yml
|
||||||
|
vars:
|
||||||
|
app: redirect
|
||||||
|
tags: [redirect, docker]
|
||||||
|
|
||||||
|
- name: caddy
|
||||||
|
import_role:
|
||||||
|
name: caddy_ansible.caddy_ansible
|
||||||
|
tags: [caddy]
|
Loading…
Reference in a new issue