Client-Ansible-Setup/services/service_invidious/docker-compose.yml

# {{ ansible_managed }}

services:

  # Gluetun is used to connect container to VPN
  invidious-gluetun:
    image: qmcgaw/gluetun
    cap_add:
      - NET_ADMIN
    environment:
      - VPN_SERVICE_PROVIDER=custom
      - VPN_TYPE=wireguard
      - VPN_ENDPOINT_IP={{ proxy_server_ip }}
      - VPN_ENDPOINT_PORT={{ proxy_server_vpn_port }}
      - WIREGUARD_PUBLIC_KEY={{ vpn_server_pubkey }}
      - WIREGUARD_PRIVATE_KEY={{ invidious_service_privkey }}
      - WIREGUARD_ADDRESSES=10.0.0.9/32
      - FIREWALL_VPN_INPUT_PORTS=3000,5432
    ports:
      - "3000:3000"
    networks:
      invidious:
    deploy:
      resources:
        limits:
          cpus: '0.10'
          memory: 512M

  invidious:
    network_mode: "service:invidious-gluetun"
    image: quay.io/invidious/invidious:master
    # image: quay.io/invidious/invidious:latest-arm64 # ARM64/AArch64 devices
    # UID/GID referring to the spool1_invidious user
    user: 1004:1005
      #    port: 3000
      #    external_port: 443
    restart: unless-stopped
    environment:
      # Please read the following file for a comprehensive list of all available
      # configuration options and their associated syntax:
      # https://github.com/iv-org/invidious/blob/master/config/config.example.yml
      INVIDIOUS_CONFIG: |
        db:
          dbname: invidious
          user: invidious
          password: "{{ service_invidious_postgres_password }}"
            #          host: invidious-db
          host: 11.1.0.22
          port: 5432
        check_tables: true
        signature_server: 11.1.0.23:12999
        visitor_data: "{{ service_invidious_visitor_data }}"
        po_token: "{{ service_invidious_po_token }}"
        external_port: 443
        domain: invidious.{{ domain_name }}
        https_only: true
        # statistics_enabled: false
        hmac_key: "{{ service_invidious_postgres_password }}"        
    healthcheck:
      test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
      interval: 30s
      timeout: 5s
      retries: 2
    logging:
      options:
        max-size: "1G"
        max-file: "4"
    depends_on:
      - invidious-db
    deploy:
      resources:
        limits:
          cpus: '0.25'
          memory: 512M

  invidious-signature-helper:
    image: quay.io/invidious/inv-sig-helper:latest
    init: true
    command: ["--tcp", "0.0.0.0:12999"]
    environment:
      - RUST_LOG=info
    restart: unless-stopped
    cap_drop:
      - ALL
    read_only: true
    security_opt:
      - no-new-privileges:true
    networks:
      invidious:
        ipv4_address: 11.1.0.23
    deploy:
      resources:
        limits:
          cpus: '0.10'
          memory: 128M

  invidious-db:
    image: docker.io/library/postgres:16-alpine
    restart: unless-stopped
    volumes:
      - type: bind
        source: {{ services_directory }}/service_invidious/postgres-data
        target: /var/lib/postgresql/data
      - ./invidious-git/config/sql:/config/sql
      - ./invidious-git/docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh
    environment:
      POSTGRES_DB: invidious
      POSTGRES_USER: invidious
      POSTGRES_PASSWORD: "{{ service_invidious_postgres_password }}"
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
    networks:
      invidious:
       ipv4_address: 11.1.0.22
    deploy:
      resources:
        limits:
          cpus: '0.10'
          memory: 128M

networks:
  invidious:
    driver: bridge
    driver_opts:
      com.docker.network.bridge.name: invidious
        #      com.docker.network.driver.enable_ip_masquerade: 0
    ipam:
      config:
        - subnet: 11.1.0.0/16
          #          gateway: 11.5.0.1

# volumes:
#  postgresdata: