diff options
6 files changed, 127 insertions, 14 deletions
diff --git a/files/etc/cron.d/invidious.invidious_server b/files/etc/cron.d/invidious.invidious_server index 89fa336..7e4da0b 100644 --- a/files/etc/cron.d/invidious.invidious_server +++ b/files/etc/cron.d/invidious.invidious_server @@ -1,2 +1,3 @@ MAILTO=root -0 3 * * * root /usr/local/libexec/invidious-update -q ${invidious_local_username} ${invidious_repo_dir} +0 3 * * * root /usr/local/libexec/invidious-update -q ${invidious_local_username} ${invidious_repo_dir} +30 3 * * * root /usr/local/libexec/invidious-sighelper-update -q ${invidious_local_username} ${invidious_sighelper_repo_dir} diff --git a/files/usr/local/etc/rc.d/inv_sig_helper.invidious_server b/files/usr/local/etc/rc.d/inv_sig_helper.invidious_server new file mode 100644 index 0000000..5d46919 --- /dev/null +++ b/files/usr/local/etc/rc.d/inv_sig_helper.invidious_server @@ -0,0 +1,42 @@ +#!/bin/sh + +# PROVIDE: inv_sig_helper +# REQUIRE: NETWORKING +# KEYWORD: shutdown + +. /etc/rc.subr + +name=inv_sig_helper +rcvar=inv_sig_helper_enable + +load_rc_config "$name" + +: ${inv_sig_helper_enable:='NO'} +: ${inv_sig_helper_dir:='/usr/local/invidious/inv_sig_helper.git'} +: ${inv_sig_helper_user='www'} +: ${inv_sig_helper_syslog_priority:='info'} +: ${inv_sig_helper_syslog_facility:='daemon'} +: ${inv_sig_helper_socket:='/var/run/invidious/inv_sig_helper.sock'} + +inv_sig_helper_syslog_tag=inv_sig_helper + +inv_sig_helper_chdir=$inv_sig_helper_dir +pidfile=/var/run/invidious/inv_sig_helper.pid +command=/usr/sbin/daemon + +command_args="-f \ +-s ${inv_sig_helper_syslog_priority} \ +-l ${inv_sig_helper_syslog_facility} \ +-T ${inv_sig_helper_syslog_tag} \ +-p ${pidfile} \ +-t inv_sig_helper \ +${inv_sig_helper_dir}/target/release/inv_sig_helper_rust ${inv_sig_helper_socket}" + +procname="${inv_sig_helper_dir}/target/release/inv_sig_helper_rust" +start_precmd=inv_sig_helper_prestart + +inv_sig_helper_prestart(){ + install -d -m 0755 -o ${inv_sig_helper_user} /var/run/invidious +} + +run_rc_command "$1" diff --git a/files/usr/local/etc/rc.d/invidious.invidious_server b/files/usr/local/etc/rc.d/invidious.invidious_server index 44acbad..720c437 100644 --- a/files/usr/local/etc/rc.d/invidious.invidious_server +++ b/files/usr/local/etc/rc.d/invidious.invidious_server @@ -1,7 +1,7 @@ #!/bin/sh # PROVIDE: invidious -# REQUIRE: NETWORKING +# REQUIRE: NETWORKING inv_sig_helper # KEYWORD: shutdown . /etc/rc.subr diff --git a/files/usr/local/libexec/invidious-sighelper-update.invidious_server b/files/usr/local/libexec/invidious-sighelper-update.invidious_server new file mode 100644 index 0000000..0aacbb1 --- /dev/null +++ b/files/usr/local/libexec/invidious-sighelper-update.invidious_server @@ -0,0 +1,48 @@ +#!/bin/sh + +set -eu -o pipefail + +prog=$(basename "$(readlink -f "$0")") +usage="${prog} [-q] INVIDIOUS_USER SIGHELPER_SRCDIR" + +die() { + printf '%s: %s\n' "$prog" "$*" 1>&2 + exit 1 +} + +usage(){ + printf 'usage: %s\n' "$usage" 1>&2 + exit 2 +} + +as_invidious(){ + su -m "$invidious_user" -c "HOME=$(dirname "$sighelper_dir") ${@}" +} + +while getopts hq opt; do + case $opt in + h) usage ;; + q) exec 1>/dev/null ;; + esac +done +shift $((OPTIND - 1)) + +[ $# -eq 2 ] || usage + +invidious_user=$1 +sighelper_dir=$2 + +cd "$sighelper_dir" + +as_invidious 'git fetch' +local_rev=$(as_invidious 'git rev-parse HEAD') +upstream_rev=$(as_invidious 'git rev-parse "@{u}"') + +if [ "$local_rev" != "$upstream_rev" ]; then + echo "updating inv_sig_helper to rev ${upstream_rev}" + as_invidious 'git pull --ff-only && cargo build --release' +else + echo "inv_sig_helper already up to date at rev ${local_rev}" +fi + +service inv_sig_helper status 2>/dev/null && service inv_sig_helper restart diff --git a/files/usr/local/libexec/invidious-update.invidious_server b/files/usr/local/libexec/invidious-update.invidious_server index b89b4bf..bbc5e72 100644 --- a/files/usr/local/libexec/invidious-update.invidious_server +++ b/files/usr/local/libexec/invidious-update.invidious_server @@ -34,7 +34,7 @@ invidious_dir=$2 cd "$invidious_dir" -su -m "$invidious_user" -c 'git fetch' +as_invidious 'git fetch' local_rev=$(as_invidious 'git rev-parse HEAD') upstream_rev=$(as_invidious 'git rev-parse "@{u}"') @@ -45,4 +45,4 @@ else echo "invidious already up to date at rev ${local_rev}" fi -service invidious restart +service invidious status 2>/dev/null && service invidious restart diff --git a/scripts/hostclass/invidious_server b/scripts/hostclass/invidious_server index c93aa17..74dc23e 100644 --- a/scripts/hostclass/invidious_server +++ b/scripts/hostclass/invidious_server @@ -1,28 +1,28 @@ #!/bin/sh -# Note: does not work. inv_sig_helper does not build on FreeBSD... - # Generate using: https://github.com/iv-org/youtube-trusted-session-generator : ${invidious_po_token:='changeme'} : ${invidious_visitor_data:='changeme'} - +: ${invidious_hmac_key:='changemeeeeeeeeeeee'} : ${invidious_username:='s-invidious'} : ${invidious_password:='changeme'} -: ${invidious_hmac_key:='changemeeeeeeeeeeee'} : ${invidious_dbname:='invidious'} : ${invidious_dbhost:="$postgres_host"} : ${invidious_fqdn:="$fqdn"} : ${invidious_repo='https://github.com/iv-org/invidious'} : ${invidious_branch='master'} +: ${invidious_sighelper_repo='https://github.com/cullumsmith/inv_sig_helper'} +: ${invidious_sighelper_branch='fix-build-on-freebsd'} invidious_dn="uid=${invidious_username},${robots_basedn}" invidious_local_username=$nginx_user invidious_home=/usr/local/invidious invidious_port=8080 invidious_repo_dir="${invidious_home}/invidious.git" +invidious_sighelper_repo_dir="${invidious_home}/inv_sig_helper.git" invidious_https_cert="${nginx_conf_dir}/invidious.crt" invidious_https_key="${nginx_conf_dir}/invidious.key" -invidious_signature_sock=/tmp/inv_sig_helper.sock +invidious_signature_sock=/var/run/invidious/inv_sig_helper.sock # Install required packages. pkg install -y \ @@ -50,11 +50,27 @@ ldap_passwd "$invidious_dn" "$invidious_password" postgres_create_role "$invidious_dbhost" "$invidious_username" postgres_create_database "$invidious_dbhost" "$invidious_dbname" "$invidious_username" -# Clone git repo. +# Create invidious home directory. install_directory -o "$invidious_local_username" -g "$invidious_local_username" -m 0775 "$invidious_home" -[ -d "${invidious_repo_dir}" ] || su -m "$invidious_local_username" -c "git clone ${invidious_repo} ${invidious_repo_dir}" -# Update git repo. +# Clone sighelper git repo. +[ -d "${invidious_sighelper_repo_dir}" ] || su -m "$invidious_local_username" -c \ + "git clone ${invidious_sighelper_repo} ${invidious_sighelper_repo_dir}" + +# Update sighelper git repo. +su -m "$invidious_local_username" -c "git -C ${invidious_sighelper_repo_dir} pull --ff-only" +su -m "$invidious_local_username" -c "git -C ${invidious_sighelper_repo_dir} switch ${invidious_sighelper_branch}" + +# Build sighelper. +( cd "$invidious_sighelper_repo_dir" + su -m "$invidious_local_username" -c "HOME=${invidious_home} cargo build --release" +) + +# Clone invidious git repo. +[ -d "${invidious_repo_dir}" ] || su -m "$invidious_local_username" -c \ + "git clone ${invidious_repo} ${invidious_repo_dir}" + +# Update invidious git repo. su -m "$invidious_local_username" -c "git -C ${invidious_repo_dir} pull --ff-only" su -m "$invidious_local_username" -c "git -C ${invidious_repo_dir} switch ${invidious_branch}" @@ -68,7 +84,9 @@ su -m "$invidious_local_username" -c "git -C ${invidious_repo_dir} switch ${invi install_template -o "$invidious_local_username" -g "$invidious_local_username" -m 0600 "${invidious_repo_dir}/config/config.yml" # Copy invidious rc script. -install_file -m 0555 /usr/local/etc/rc.d/invidious +install_file -m 0555 \ + /usr/local/etc/rc.d/invidious \ + /usr/local/etc/rc.d/inv_sig_helper # Copy TLS certificate for nginx. install_certificate invidious "$invidious_https_cert" @@ -82,11 +100,15 @@ install_file -m 0644 /etc/newsyslog.conf.d/nginx.conf # Start daemons. sysrc -v \ + inv_sig_helper_enable=YES \ invidious_enable=YES \ nginx_enable=YES +service inv_sig_helper restart service invidious restart service nginx restart # Copy invidous auto-update script. -install_file -m 0555 /usr/local/libexec/invidious-update +install_file -m 0555 \ + /usr/local/libexec/invidious-update \ + /usr/local/libexec/invidious-sighelper-update install_template -m 0644 /etc/cron.d/invidious |