# {{ ansible_managed }}

version: "3"

services:

  # Gluetun is used to connect container to VPN
  invidious-gluetun:
    image: qmcgaw/gluetun
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      - VPN_ENDPOINT_IP={{ proxy_server_ip }}
      - VPN_ENDPOINT_PORT={{ proxy_server_vpn_port }}
      - WIREGUARD_PUBLIC_KEY={{ vpn_server_pubkey }}
      - WIREGUARD_PRIVATE_KEY={{ invidious_service_privkey }}
      - WIREGUARD_ADDRESSES=10.0.0.3/32
      - FIREWALL_VPN_INPUT_PORTS=3000,5432
    ports:
      - "3000:3000"
    networks:
      invidious:

  invidious:
    network_mode: "service:invidious-gluetun"
    image: quay.io/invidious/invidious:latest
    # image: quay.io/invidious/invidious:latest-arm64 # ARM64/AArch64 devices
    # UID/GID referring to the spool1_invidious user
    user: 1004:1005
      #    port: 3000
      #    external_port: 443
    restart: unless-stopped
    environment:
      # Please read the following file for a comprehensive list of all available
      # configuration options and their associated syntax:
      # https://github.com/iv-org/invidious/blob/master/config/config.example.yml
      INVIDIOUS_CONFIG: |
        db:
          dbname: invidious
          user: invidious
          password: "{{ service_invidious_postgres_password }}"
            #          host: invidious-db
          host: 11.1.0.22
          port: 5432
        check_tables: true
        # external_port:
        # domain:
        # https_only: false
        # statistics_enabled: false
        hmac_key: "{{ service_invidious_postgres_password }}"
    healthcheck:
      test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
      interval: 30s
      timeout: 5s
      retries: 2
    logging:
      options:
        max-size: "1G"
        max-file: "4"
    depends_on:
      - invidious-db

  invidious-db:
    image: docker.io/library/postgres:14
    restart: unless-stopped
    volumes:
      - type: bind
        source: {{ services_directory }}/service_invidious/postgres-data
        target: /var/lib/postgresql/data
      - ./config/sql:/config/sql
      - ./docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh
    environment:
      POSTGRES_DB: invidious
      POSTGRES_USER: invidious
      POSTGRES_PASSWORD: "{{ service_invidious_postgres_password }}"
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
    networks:
      invidious:
       ipv4_address: 11.1.0.22

networks:
  invidious:
    driver: bridge
    driver_opts:
      com.docker.network.bridge.name: invidious
        #      com.docker.network.driver.enable_ip_masquerade: 0
    ipam:
      config:
        - subnet: 11.1.0.0/16
          #          gateway: 11.5.0.1

# volumes:
#  postgresdata: