CLean up searxng and invidious configuration to be production ready, re-enable all VPN tunnels

ansible_resources/hosts

@@ -1,6 +0,0 @@
-# {{ ansible_managed }}
-
-all:
-  hosts:
-    {{ proxy_server_hostname }}:
-    {{ proxy_server_hostname }}-defaultport:

prox-server-hosts-generate.yml

@@ -1,10 +0,0 @@
-- hosts: localhost
-  tasks:
-    - name: Generate hosts file
-      template:
-        src: "ansible_resources/hosts"
-        dest: "hosts"
-        mode: '0777'
-    - name: Debug Finish message
-      debug:
-        msg: Ansible playbook has finished!

proxy_resources/etc/wireguard/wg0.conf

@@ -18,29 +18,29 @@ PublicKey = {{ git_service_pubkey }}
 AllowedIPs = 10.0.0.3/32
 
 # Invidious Service
-#[Peer]
+[Peer]
-#PublicKey = {{ invidious_service_pubkey }}
+PublicKey = {{ invidious_service_pubkey }}
-#AllowedIPs = 10.0.0.3/32
+AllowedIPs = 10.0.0.3/32
 
 # Searxng Service
-#[Peer]
+[Peer]
-#PublicKey = {{ searxng_service_pubkey }}
+PublicKey = {{ searxng_service_pubkey }}
-#AllowedIPs = 10.0.0.4/32
+AllowedIPs = 10.0.0.4/32
 
 # Nextcloud Service
-#[Peer]
+[Peer]
-#PublicKey = {{ nextcloud_service_pubkey }}
+PublicKey = {{ nextcloud_service_pubkey }}
-#AllowedIPs = 10.0.0.5/32
+AllowedIPs = 10.0.0.5/32
 
 # Chat Service
-#[Peer]
+[Peer]
-#PublicKey = {{ chat_service_pubkey }}
+PublicKey = {{ chat_service_pubkey }}
-#AllowedIPs = 10.0.0.6/32
+AllowedIPs = 10.0.0.6/32
 
 # Minecraft Service
-#[Peer]
+[Peer]
-#PublicKey = {{ minecraft_service_pubkey }}
+PublicKey = {{ minecraft_service_pubkey }}
-#AllowedIPs = 10.0.0.7/32
+AllowedIPs = 10.0.0.7/32
 
 
 # Connection to backend server for icinga2

services/service_invidious/deploy-service.yml

@@ -10,12 +10,12 @@
         group: service_invidious
         state: directory
       loop:
-        - "{{ services_directory }}/service_invidious/invidious"
+        - "{{ services_directory }}/service_invidious/"
-        - "{{ services_directory }}/service_invidious/postgresdata"
+        - "{{ services_directory }}/service_invidious/postgres-data"
     - name: Copy docker compose config and other invidious files
       ansible.builtin.template:
         src: "{{ item }}" 
-        dest: "{{ services_directory }}/service_invidious/invidious/{{ item }}"
+        dest: "{{ services_directory }}/service_invidious/{{ item }}"
         owner: service_invidious
         group: service_invidious
       loop:
@@ -25,11 +25,17 @@
       ansible.builtin.template:
         src: "{{ item }}" 
         dest: "{{ services_directory }}/service_invidious/postgres-data/{{ item }}"
-        owner: systemd-coredump
+        owner: service_invidious
-        group: systemd-coredump
+        group: service_invidious
       loop:
         - postgresql.conf 
 
+    # Note: Currently the repository has to be cloned, this is because the init-invidious-db.sh file and the config/sql directory have to be mounted to the postgres container. This "problem" will be solved in the future.
+    - name: Clone invidious git repository
+      ansible.builtin.git:
+        repo: https://github.com/iv-org/invidious.git
+        dest: "{{ services_directory }}/service_invidious/invidious-git"
+
 
     - name: Debug Finish message
       debug:

services/service_invidious/docker-compose.yml

@@ -1,7 +1,5 @@
 # {{ ansible_managed }}
 
-version: "3"
-
 services:
 
   # Gluetun is used to connect container to VPN
@@ -23,9 +21,10 @@ services:
     networks:
       invidious:
     deploy:
-      limits:
+      resources:
-        cpus: '0.10'
+        limits:
-        memory: 512M
+          cpus: '0.10'
+          memory: 512M
 
   invidious:
     network_mode: "service:invidious-gluetun"
@@ -66,19 +65,20 @@ services:
     depends_on:
       - invidious-db
     deploy:
-      limits:
+      resources:
-        cpus: '0.25'
+        limits:
-        memory: 512M
+          cpus: '0.25'
+          memory: 512M
 
   invidious-db:
-    image: docker.io/library/postgres:14
+    image: docker.io/library/postgres:16-alpine
     restart: unless-stopped
     volumes:
       - type: bind
         source: {{ services_directory }}/service_invidious/postgres-data
         target: /var/lib/postgresql/data
-      - ./config/sql:/config/sql
+      - ./invidious-git/config/sql:/config/sql
-      - ./docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh
+      - ./invidious-git/docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh
     environment:
       POSTGRES_DB: invidious
       POSTGRES_USER: invidious
@@ -89,9 +89,10 @@ services:
       invidious:
        ipv4_address: 11.1.0.22
     deploy:
-      limits:
+      resources:
-        cpus: '0.10'
+        limits:
-        memory: 128M
+          cpus: '0.10'
+          memory: 128M
 
 networks:
   invidious:

services/service_invidious/servicesecrets.example

@@ -1,2 +1,2 @@
 # Example service secrets for invidious docker service, to be encrypted with ansible vault and called servicesecrets.enc
-service_invidious_postgres_pass: ***
+service_invidious_postgres_password: ***

services/service_searxng/docker-compose.yml

@@ -1,7 +1,5 @@
 # {{ ansible_managed }}
 
-version: '3.7'
-
 services:
 
   # Gluetun is used to connect container to VPN
@@ -21,9 +19,10 @@ services:
     ports:
       - "8080:8080"
     deploy:
-      limits:
+      resources:
-        cpus: '0.10'
+        limits:
-        memory: 512M
+          cpus: '0.10'
+          memory: 512M
 
   searxng-redis:
     network_mode: "service:searxng-gluetun"
@@ -39,9 +38,10 @@ services:
       - SETUID
       - DAC_OVERRIDE
     deploy:
-      limits:
+      resources:
-        cpus: '0.10'
+        limits:
-        memory: 128M
+          cpus: '0.10'
+          memory: 128M
 
   # If you want to change container listen port from default 8080 https://github.com/searxng/searxng-docker/issues/20
   # Set environment variable BIND_ADDRESS, example:
@@ -72,6 +72,7 @@ services:
         max-size: "1m"
         max-file: "1"
     deploy:
-      limits:
+      resources:
-        cpus: '0.25'
+        limits:
-        memory: 512M
+          cpus: '0.25'
+          memory: 512M