diff options
| author | Cullum Smith <cullum@sacredheartsc.com> | 2026-02-14 17:20:11 -0500 |
|---|---|---|
| committer | Cullum Smith <cullum@sacredheartsc.com> | 2026-02-14 17:20:11 -0500 |
| commit | 41d97691b31908209fa0400d7d60a3ddc221d8ab (patch) | |
| tree | e46548e92ead7cb90feb0193e153ef57c2ff9320 | |
| parent | bc19ce16e4c897c6886587e429c31c8758e84994 (diff) | |
| download | infrastructure-41d97691b31908209fa0400d7d60a3ddc221d8ab.tar.gz | |
get invidious working
15 files changed, 206 insertions, 127 deletions
diff --git a/files/etc/cron.d/invidious.invidious_server b/files/etc/cron.d/invidious.invidious_server index ad35f3a..93aaf84 100644 --- a/files/etc/cron.d/invidious.invidious_server +++ b/files/etc/cron.d/invidious.invidious_server @@ -1,4 +1,4 @@ MAILTO=root 0 3 * * * root /usr/local/libexec/invidious-update -q ${invidious_local_username} ${invidious_repo_dir} -30 3 * * * root /usr/local/libexec/invidious-sighelper-update -q ${invidious_local_username} ${invidious_sighelper_repo_dir} +30 3 * * * root /usr/local/libexec/invidious-companion-update -q ${invidious_local_username} ${invidious_companion_repo_dir} 0 4 * * * root service invidious status > /dev/null && service invidious restart > /dev/null diff --git a/files/usr/local/etc/nginx/vhosts.conf.invidious_server b/files/usr/local/etc/nginx/vhosts.conf.invidious_server index 35947dc..499e1fb 100644 --- a/files/usr/local/etc/nginx/vhosts.conf.invidious_server +++ b/files/usr/local/etc/nginx/vhosts.conf.invidious_server @@ -8,15 +8,19 @@ server { add_header Strict-Transport-Security "max-age=63072000" always; - location / { - proxy_http_version 1.1; - proxy_set_header Connection ""; + proxy_http_version 1.1; + proxy_set_header Connection ""; - proxy_set_header Host \$host; - proxy_set_header X-Real-IP \$remote_addr; - proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; - proxy_set_header X-Forwarded-Proto \$scheme; + proxy_set_header Host \$host; + proxy_set_header X-Real-IP \$remote_addr; + proxy_set_header X-Forwarded-For \$proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto \$scheme; + location / { proxy_pass http://127.0.0.1:${invidious_port}; } + + location /companion { + proxy_pass http://127.0.0.1:${invidious_companion_port}; + } } diff --git a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository index 17b49be..b75dbec 100644 --- a/files/usr/local/etc/poudriere.d/pkglist.pkg_repository +++ b/files/usr/local/etc/poudriere.d/pkglist.pkg_repository @@ -175,6 +175,7 @@ textproc/py-markdown textproc/py-pygments www/authelia www/chromium +www/deno www/element-web www/fcgiwrap www/firefox diff --git a/files/usr/local/etc/rc.d/inv_sig_helper.invidious_server b/files/usr/local/etc/rc.d/inv_sig_helper.invidious_server deleted file mode 100644 index 5d46919..0000000 --- a/files/usr/local/etc/rc.d/inv_sig_helper.invidious_server +++ /dev/null @@ -1,42 +0,0 @@ -#!/bin/sh - -# PROVIDE: inv_sig_helper -# REQUIRE: NETWORKING -# KEYWORD: shutdown - -. /etc/rc.subr - -name=inv_sig_helper -rcvar=inv_sig_helper_enable - -load_rc_config "$name" - -: ${inv_sig_helper_enable:='NO'} -: ${inv_sig_helper_dir:='/usr/local/invidious/inv_sig_helper.git'} -: ${inv_sig_helper_user='www'} -: ${inv_sig_helper_syslog_priority:='info'} -: ${inv_sig_helper_syslog_facility:='daemon'} -: ${inv_sig_helper_socket:='/var/run/invidious/inv_sig_helper.sock'} - -inv_sig_helper_syslog_tag=inv_sig_helper - -inv_sig_helper_chdir=$inv_sig_helper_dir -pidfile=/var/run/invidious/inv_sig_helper.pid -command=/usr/sbin/daemon - -command_args="-f \ --s ${inv_sig_helper_syslog_priority} \ --l ${inv_sig_helper_syslog_facility} \ --T ${inv_sig_helper_syslog_tag} \ --p ${pidfile} \ --t inv_sig_helper \ -${inv_sig_helper_dir}/target/release/inv_sig_helper_rust ${inv_sig_helper_socket}" - -procname="${inv_sig_helper_dir}/target/release/inv_sig_helper_rust" -start_precmd=inv_sig_helper_prestart - -inv_sig_helper_prestart(){ - install -d -m 0755 -o ${inv_sig_helper_user} /var/run/invidious -} - -run_rc_command "$1" diff --git a/files/usr/local/etc/rc.d/invidious.invidious_server b/files/usr/local/etc/rc.d/invidious.invidious_server index 720c437..7c602e7 100644 --- a/files/usr/local/etc/rc.d/invidious.invidious_server +++ b/files/usr/local/etc/rc.d/invidious.invidious_server @@ -1,7 +1,7 @@ #!/bin/sh # PROVIDE: invidious -# REQUIRE: NETWORKING inv_sig_helper +# REQUIRE: NETWORKING invidious_companion # KEYWORD: shutdown . /etc/rc.subr @@ -33,9 +33,27 @@ ${invidious_dir}/invidious" procname="${invidious_dir}/invidious" start_precmd=invidious_prestart +stop_postcmd=invidious_poststop invidious_prestart(){ install -d -m 0755 -o ${invidious_user} /var/run/invidious } +invidious_poststop(){ + # This should not be necessary, but there appears to be a bug in pwait (?!) + # When restarting this daemon, pwait returns even though the companion PID is + # still running, causing the start job to fail. + # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293183 + for i in $(seq 5); do + pid=$(check_pidfile "$pidfile" "$procname") + + if [ -z "$pid" ]; then + return + else + echo "pwait bug..." + sleep 1 + fi + done +} + run_rc_command "$1" diff --git a/files/usr/local/etc/rc.d/invidious_companion.invidious_server b/files/usr/local/etc/rc.d/invidious_companion.invidious_server new file mode 100644 index 0000000..0505201 --- /dev/null +++ b/files/usr/local/etc/rc.d/invidious_companion.invidious_server @@ -0,0 +1,61 @@ +#!/bin/sh + +# PROVIDE: invidious_companion +# REQUIRE: NETWORKING +# KEYWORD: shutdown + +. /etc/rc.subr + +name=invidious_companion +rcvar=invidious_companion_enable + +load_rc_config "$name" + +: ${invidious_companion_enable:='NO'} +: ${invidious_companion_dir:='/usr/local/invidious/invidious-companion.git'} +: ${invidious_companion_user='www'} +: ${invidious_companion_syslog_priority:='info'} +: ${invidious_companion_syslog_facility:='daemon'} +: ${invidious_companion_cache_dir:='/var/db/invidious-companion'} + +invidious_companion_syslog_tag=invidious_companion + +invidious_companion_chdir=$invidious_companion_dir +pidfile=/var/run/invidious-companion/invidious_companion.pid +command=/usr/sbin/daemon + +command_args="-f \ +-s ${invidious_companion_syslog_priority} \ +-l ${invidious_companion_syslog_facility} \ +-T ${invidious_companion_syslog_tag} \ +-p ${pidfile} \ +-t invidious_companion \ +${invidious_companion_dir}/invidious_companion" + +procname="${invidious_companion_dir}/invidious_companion" +start_precmd=invidious_companion_prestart +stop_postcmd=invidious_companion_poststop + +invidious_companion_prestart(){ + install -d -m 0755 -o ${invidious_companion_user} /var/run/invidious-companion + install -d -m 0755 -o ${invidious_companion_user} "$invidious_companion_cache_dir" +} + +invidious_companion_poststop(){ + # This should not be necessary, but there appears to be a bug in pwait (?!) + # When restarting this daemon, pwait returns even though the companion PID is + # still running, causing the start job to fail. + # https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=293182 + for i in $(seq 5); do + pid=$(check_pidfile "$pidfile" "$procname") + + if [ -z "$pid" ]; then + return + else + echo "pwait bug..." + sleep 1 + fi + done +} + +run_rc_command "$1" diff --git a/files/usr/local/invidious/invidious-companion.git/config/config.toml.invidious_server b/files/usr/local/invidious/invidious-companion.git/config/config.toml.invidious_server new file mode 100644 index 0000000..14861a0 --- /dev/null +++ b/files/usr/local/invidious/invidious-companion.git/config/config.toml.invidious_server @@ -0,0 +1,9 @@ +[server] +port = ${invidious_companion_port} +host = "127.0.0.1" +base_path = "/companion" +secret_key = "${invidious_companion_secret_key}" + +[cache] +enabled = true +directory = "${invidious_companion_cache_dir}" diff --git a/files/usr/local/invidious/invidious.git/config/config.yml.invidious_server b/files/usr/local/invidious/invidious.git/config/config.yml.invidious_server index fb7fe54..2aa1ca5 100644 --- a/files/usr/local/invidious/invidious.git/config/config.yml.invidious_server +++ b/files/usr/local/invidious/invidious.git/config/config.yml.invidious_server @@ -14,9 +14,10 @@ popular_enabled: false captcha_enabled: false check_tables: true cache_annotations: true -po_token: ${invidious_po_token} -visitor_data: ${invidious_visitor_data} -signature_server: ${invidious_signature_sock} +invidious_companion: + - private_url: "http://127.0.0.1:${invidious_companion_port}/companion" + - public_url: "https://${invidious_fqdn}/companion" +invidious_companion_key: ${invidious_companion_secret_key} default_user_preferences: dark_mode: auto diff --git a/files/usr/local/libexec/invidious-companion-build.invidious_server b/files/usr/local/libexec/invidious-companion-build.invidious_server new file mode 100644 index 0000000..70a711a --- /dev/null +++ b/files/usr/local/libexec/invidious-companion-build.invidious_server @@ -0,0 +1,20 @@ +#!/bin/sh + +export HOME=${invidious_home} +export XDG_CACHE_HOME=${invidious_home}/.cache + +cd "$invidious_companion_repo_dir" + +deno compile \\ + --include ./src/lib/helpers/youtubePlayerReq.ts \\ + --include ./src/lib/helpers/getFetchClient.ts \\ + --output invidious_companion \\ + --allow-import=github.com:443,jsr.io:443,cdn.jsdelivr.net:443,esm.sh:443,deno.land:443 \\ + --allow-net \\ + --allow-env \\ + --allow-read \\ + --allow-sys=hostname \\ + --allow-write="/tmp/invidious-companion.sock,${invidious_companion_cache_dir}/youtubei.js" \\ + src/main.ts \\ + --_version_date="\$(git log -1 --format=%ci | awk '{print \$1}' | sed s/-/./g)" \\ + --_version_commit="\$(git rev-list HEAD --max-count=1 --abbrev-commit)" diff --git a/files/usr/local/libexec/invidious-companion-update.invidious_server b/files/usr/local/libexec/invidious-companion-update.invidious_server new file mode 100644 index 0000000..70efc38 --- /dev/null +++ b/files/usr/local/libexec/invidious-companion-update.invidious_server @@ -0,0 +1,51 @@ +#!/bin/sh + +set -eu -o pipefail + +prog=$(basename "$(readlink -f "$0")") +usage="${prog} [-q] INVIDIOUS_USER COMPANION_SRCDIR" + +die() { + printf '%s: %s\n' "$prog" "$*" 1>&2 + exit 1 +} + +usage(){ + printf 'usage: %s\n' "$usage" 1>&2 + exit 2 +} + +as_invidious(){ + invidious_home=$(dirname "$companion_dir") + su -m "$invidious_user" -c "HOME=${invidious_home} XDG_CACHE_HOME=${invidious_home}/.cache ${*}" +} + +while getopts hq opt; do + case $opt in + h) usage ;; + q) exec 1>/dev/null ;; + esac +done +shift $((OPTIND - 1)) + +[ $# -eq 2 ] || usage + +invidious_user=$1 +companion_dir=$2 + +cd "$companion_dir" + +as_invidious 'git fetch' +local_rev=$(as_invidious 'git rev-parse HEAD') +upstream_rev=$(as_invidious 'git rev-parse "@{u}"') + +if [ "$local_rev" != "$upstream_rev" ]; then + echo "updating invidious-companion to rev ${upstream_rev}" + as_invidious 'git pull --ff-only' + as_invidious /usr/local/libexec/invidious-companion-build + service invidious_companion status 2>/dev/null && service invidious_companion restart + service invidious status 2>/dev/null && service invidious restart +else + echo "invidious-companion already up to date at rev ${local_rev}" +fi + diff --git a/files/usr/local/libexec/invidious-sighelper-update.invidious_server b/files/usr/local/libexec/invidious-sighelper-update.invidious_server deleted file mode 100644 index 99b305a..0000000 --- a/files/usr/local/libexec/invidious-sighelper-update.invidious_server +++ /dev/null @@ -1,50 +0,0 @@ -#!/bin/sh - -set -eu -o pipefail - -prog=$(basename "$(readlink -f "$0")") -usage="${prog} [-q] INVIDIOUS_USER SIGHELPER_SRCDIR" - -die() { - printf '%s: %s\n' "$prog" "$*" 1>&2 - exit 1 -} - -usage(){ - printf 'usage: %s\n' "$usage" 1>&2 - exit 2 -} - -as_invidious(){ - su -m "$invidious_user" -c "HOME=$(dirname "$sighelper_dir") ${@}" -} - -while getopts hq opt; do - case $opt in - h) usage ;; - q) exec 1>/dev/null ;; - esac -done -shift $((OPTIND - 1)) - -[ $# -eq 2 ] || usage - -invidious_user=$1 -sighelper_dir=$2 - -cd "$sighelper_dir" - -as_invidious 'git fetch' -local_rev=$(as_invidious 'git rev-parse HEAD') -upstream_rev=$(as_invidious 'git rev-parse "@{u}"') - -if [ "$local_rev" != "$upstream_rev" ]; then - echo "updating inv_sig_helper to rev ${upstream_rev}" - as_invidious 'git pull --ff-only' - as_invidious 'cargo build --release' - service inv_sig_helper status 2>/dev/null && service inv_sig_helper restart - service invidious status 2>/dev/null && service invidious restart -else - echo "inv_sig_helper already up to date at rev ${local_rev}" -fi - diff --git a/files/usr/local/libexec/invidious-update.invidious_server b/files/usr/local/libexec/invidious-update.invidious_server index 3a444ad..351f9f5 100644 --- a/files/usr/local/libexec/invidious-update.invidious_server +++ b/files/usr/local/libexec/invidious-update.invidious_server @@ -16,7 +16,7 @@ usage(){ } as_invidious(){ - su -m "$invidious_user" -c "HOME=$(dirname "$invidious_dir") ${@}" + su -m "$invidious_user" -c "HOME=$(dirname "$invidious_dir") SSL_CERT_DIR=/etc/ssl/certs ${@}" } while getopts hq opt; do @@ -41,7 +41,6 @@ upstream_rev=$(as_invidious 'git rev-parse "@{u}"') if [ "$local_rev" != "$upstream_rev" ]; then echo "updating invidious to rev ${upstream_rev}" as_invidious 'git pull --ff-only' - as_invidious 'shards install --production' as_invidious 'crystal build src/invidious.cr --release' service invidious status 2>/dev/null && service invidious restart else diff --git a/scripts/hostclass/invidious_server b/scripts/hostclass/invidious_server index 6ba4bcf..95384c8 100644 --- a/scripts/hostclass/invidious_server +++ b/scripts/hostclass/invidious_server @@ -11,18 +11,20 @@ : ${invidious_fqdn:="$fqdn"} : ${invidious_repo='https://github.com/iv-org/invidious'} : ${invidious_branch='master'} -: ${invidious_sighelper_repo='https://github.com/iv-org/inv_sig_helper'} -: ${invidious_sighelper_branch='master'} +: ${invidious_companion_repo='https://github.com/iv-org/invidious-companion'} +: ${invidious_companion_branch='master'} +: ${invidious_companion_port='8282'} +: ${invidious_companion_secret_key='changeme'} invidious_dn="uid=${invidious_username},${robots_basedn}" invidious_local_username=$nginx_user invidious_home=/usr/local/invidious invidious_port=8080 invidious_repo_dir="${invidious_home}/invidious.git" -invidious_sighelper_repo_dir="${invidious_home}/inv_sig_helper.git" +invidious_companion_repo_dir="${invidious_home}/invidious-companion.git" +invidious_companion_cache_dir=/var/db/invidious-companion invidious_https_cert="${nginx_conf_dir}/invidious.crt" invidious_https_key="${nginx_conf_dir}/invidious.key" -invidious_signature_sock=/var/run/invidious/inv_sig_helper.sock # Install required packages. pkg install -y \ @@ -33,7 +35,8 @@ pkg install -y \ sqlite3 \ nginx \ postgresql${postgresql_version}-client \ - rust + deno \ + gmake # Create invidious user account. ldap_add "$invidious_dn" <<EOF @@ -53,17 +56,20 @@ postgres_create_database "$invidious_dbhost" "$invidious_dbname" "$invidious_use # Create invidious home directory. install_directory -o "$invidious_local_username" -g "$invidious_local_username" -m 0775 "$invidious_home" -# Clone sighelper git repo. -[ -d "${invidious_sighelper_repo_dir}" ] || su -m "$invidious_local_username" -c \ - "git clone ${invidious_sighelper_repo} ${invidious_sighelper_repo_dir}" +# Clone invidious-companion git repo. +[ -d "${invidious_companion_repo_dir}" ] || su -m "$invidious_local_username" -c \ + "git clone ${invidious_companion_repo} ${invidious_companion_repo_dir}" -# Update sighelper git repo. -su -m "$invidious_local_username" -c "git -C ${invidious_sighelper_repo_dir} pull --ff-only" -su -m "$invidious_local_username" -c "git -C ${invidious_sighelper_repo_dir} switch ${invidious_sighelper_branch}" +# Update invidious-companion git repo. +su -m "$invidious_local_username" -c "git -C ${invidious_companion_repo_dir} pull --ff-only" +su -m "$invidious_local_username" -c "git -C ${invidious_companion_repo_dir} switch ${invidious_companion_branch}" -# Build sighelper. -( cd "$invidious_sighelper_repo_dir" - su -m "$invidious_local_username" -c "HOME=${invidious_home} cargo build --release" +# Build invidious-companion. +# `deno task` is busted on FreeBSD, so we must hardcode the build incantation into a custom script +# https://github.com/denoland/deno/issues/31087 +install_template -m 0555 /usr/local/libexec/invidious-companion-build +( cd "$invidious_companion_repo_dir" + su -m "$invidious_local_username" -c /usr/local/libexec/invidious-companion-build ) # Clone invidious git repo. @@ -76,17 +82,17 @@ su -m "$invidious_local_username" -c "git -C ${invidious_repo_dir} switch ${invi # Build invidious. ( cd "$invidious_repo_dir" - su -m "$invidious_local_username" -c "HOME=${invidious_home} shards install --production" - su -m "$invidious_local_username" -c "HOME=${invidious_home} crystal build src/invidious.cr --release" + su -m "$invidious_local_username" -c "HOME=${invidious_home} SSL_CERT_DIR=/etc/ssl/certs gmake" ) # Copy invidious configuration. install_template -o "$invidious_local_username" -g "$invidious_local_username" -m 0600 "${invidious_repo_dir}/config/config.yml" +install_template -o "$invidious_local_username" -g "$invidious_local_username" -m 0600 "${invidious_companion_repo_dir}/config/config.toml" # Copy invidious rc script. install_file -m 0555 \ /usr/local/etc/rc.d/invidious \ - /usr/local/etc/rc.d/inv_sig_helper + /usr/local/etc/rc.d/invidious_companion # Copy TLS certificate for nginx. install_certificate invidious "$invidious_https_cert" @@ -100,15 +106,16 @@ install_file -m 0644 /etc/newsyslog.conf.d/nginx.conf # Start daemons. sysrc -v \ - inv_sig_helper_enable=YES \ + invidious_companion_enable=YES \ invidious_enable=YES \ + invidious_env="SSL_CERT_DIR=/etc/ssl/certs" \ nginx_enable=YES -service inv_sig_helper restart +service invidious_companion restart service invidious restart service nginx restart # Copy invidous auto-update script. install_file -m 0555 \ /usr/local/libexec/invidious-update \ - /usr/local/libexec/invidious-sighelper-update + /usr/local/libexec/invidious-companion-update install_template -m 0644 /etc/cron.d/invidious diff --git a/scripts/hostclass/pkg_repository b/scripts/hostclass/pkg_repository index 054d2ef..f05d483 100644 --- a/scripts/hostclass/pkg_repository +++ b/scripts/hostclass/pkg_repository @@ -6,7 +6,7 @@ : ${poudriere_dataset:="${state_dataset:-zroot}"} : ${poudriere_make_jobs_number:='4'} : ${poudriere_priority_boost:='gcc* llvm* rust'} -: ${poudriere_allow_make_jobs_packages:='ImageMagick* bitwarden-cli cargo-c *chromium* cmake cmake-core digikam eclipse electron* ffmpeg firefox thunderbird gcc* gnutls gtk3* icu libreoffice* llvm* mongodb* mariadb*-client mariadb*-server mysql*-client mysql*-server node* openjdk8 openjdk18 openjdk19 openjdk2* openssl pkg plasma6-plasma-workspace postgresql* plasma*-kwin qt*-webengine qt*-declarative rust webkit* wine vaultwarden'} +: ${poudriere_allow_make_jobs_packages:='ImageMagick* bitwarden-cli cargo-c *chromium* cmake cmake-core deno digikam eclipse electron* ffmpeg firefox thunderbird gcc* gnutls gtk3* icu libreoffice* llvm* mongodb* mariadb*-client mariadb*-server mysql*-client mysql*-server node* openjdk8 openjdk18 openjdk19 openjdk2* openssl pkg plasma6-plasma-workspace postgresql* plasma*-kwin qt*-webengine qt*-declarative rust webkit* wine vaultwarden'} : ${poudriere_ccache_size:='50.0G'} : ${poudriere_default_versions:="mysql=${mariadb_version}m"} diff --git a/site b/site -Subproject 8ba0fe510e3502c2ab32d62fc6b841736092923 +Subproject cf9380d9ed1b2f58d48a2a75d0ef4fd4f29c568 |