general overhaul

2025-02-27 17:33:29 +01:00 · 2025-02-27 17:33:29 +01:00 · d0a9427fd0
commit d0a9427fd0
parent 39fb8c64dc
26 changed files with 657 additions and 2871 deletions
--- a/modules/nixos/virtualisation/podman/invidious/config/config.yml
+++ b/modules/nixos/virtualisation/podman/invidious/config/config.yml
@ -0,0 +1,246 @@
+#########################################
+#
+#  Database and other external servers
+#
+#########################################
+
+##
+## Database configuration with separate parameters.
+## This setting is MANDATORY, unless 'database_url' is used.
+##
+db:
+  user: philipp
+  password: s3cr3tp4ssw0rd
+  host: invidious-db
+  port: 5432
+  dbname: invidious
+
+##
+## Enable automatic table integrity check. This will create
+## the required tables and columns if anything is missing.
+##
+## Accepted values: true, false
+## Default: false
+##
+check_tables: true
+
+
+##
+## Path to an external signature resolver, used to emulate
+## the Youtube client's Javascript. If no such server is
+## available, some videos will not be playable.
+##
+## Accepted values: a path to a UNIX socket or "<IP>:<Port>"
+## Default: <none>
+##
+signature_server: signature-helper:12999
+
+
+#########################################
+#
+#  Server config
+#
+#########################################
+
+# -----------------------------
+#  Network (inbound)
+# -----------------------------
+
+##
+## Port to listen on for incoming connections.
+##
+## Note: Ports lower than 1024 requires either root privileges
+## (not recommended) or the "CAP_NET_BIND_SERVICE" capability
+## (See https://stackoverflow.com/a/414258 and `man capabilities`)
+##
+## Accepted values: 1-65535
+## Default: 3000
+##
+port: 3000
+
+##
+## Interface address to listen on for incoming connections.
+##
+## Accepted values: a valid IPv4 or IPv6 address.
+## default: 0.0.0.0  (listen on all interfaces)
+##
+host_binding: 0.0.0.0
+
+##
+## Domain name under which this instance is hosted. This is
+## used to craft absolute URLs to the instance (e.g in the API).
+## The domain MUST be defined if your instance is accessed from
+## a domain name (like 'example.com').
+##
+## Accepted values: a fully qualified domain name (FQDN)
+## Default: <none>
+##
+domain: inv.monapona.dev
+
+##
+## Tell Invidious that it is behind a proxy that provides only
+## HTTPS, so all links must use the https:// scheme. This
+## setting MUST be set to true if invidious is behind a
+## reverse proxy serving HTTPs.
+##
+## Accepted values: true, false
+## Default: false
+##
+https_only: true
+
+
+# -----------------------------
+#  Network (outbound)
+# -----------------------------
+
+
+##
+## Send Google session informations. This is useful when Invidious is blocked
+## by the message "This helps protect our community."
+## See https://github.com/iv-org/invidious/issues/4734.
+##
+## Warning: These strings gives much more identifiable information to Google!
+##
+## Accepted values: String
+## Default: <none>
+##
+po_token: ""
+visitor_data: ""
+
+# -----------------------------
+#  Users and accounts
+# -----------------------------
+
+##
+## Enable/Disable the captcha challenge on the login page.
+##
+## Note: this is a basic captcha challenge that doesn't
+## depend on any third parties.
+##
+## Accepted values: true, false
+## Default: true
+##
+captcha_enabled: false
+
+##
+## List of usernames that will be granted administrator rights.
+## A user with administrator rights will be able to change the
+## server configuration options listed below in /preferences,
+## in addition to the usual user preferences.
+##
+## Server-wide settings:
+##   - popular_enabled
+##   - captcha_enabled
+##   - login_enabled
+##   - registration_enabled
+##   - statistics_enabled
+## Default user preferences:
+##   - default_home
+##   - feed_menu
+##
+## Accepted values: an array of strings
+## Default: [""]
+##
+admins: ["spaenny"]
+
+##
+## Note: This parameter is mandatory and should be a random string.
+## Such random string can be generated on linux with the following
+## command: `pwgen 20 1`
+##
+## Accepted values: a string
+## Default: <none>
+##
+hmac_key: "gNcPHs+DWI4TTZLtHh3EbXWeISHsgUgBFnGpgW4yU9Q="
+
+
+#########################################
+#
+#  Default user preferences
+#
+#########################################
+
+default_user_preferences:
+
+  ##
+  ## Default geographical location for content.
+  ##
+  ## Accepted values:
+  ##   AE, AR, AT, AU, AZ, BA, BD, BE, BG, BH, BO, BR, BY, CA, CH, CL, CO, CR,
+  ##   CY, CZ, DE, DK, DO, DZ, EC, EE, EG, ES, FI, FR, GB, GE, GH, GR, GT, HK,
+  ##   HN, HR, HU, ID, IE, IL, IN, IQ, IS, IT, JM, JO, JP, KE, KR, KW, KZ, LB,
+  ##   LI, LK, LT, LU, LV, LY, MA, ME, MK, MT, MX, MY, NG, NI, NL, NO, NP, NZ,
+  ##   OM, PA, PE, PG, PH, PK, PL, PR, PT, PY, QA, RO, RS, RU, SA, SE, SG, SI,
+  ##   SK, SN, SV, TH, TN, TR, TW, TZ, UA, UG, US, UY, VE, VN, YE, ZA, ZW
+  ##
+  ## Default: US
+  ##
+  region: DE
+
+  ##
+  ## Default feed to display on the home page.
+  ##
+  ## Note: setting this option to "Popular" has no
+  ## effect when 'popular_enabled' is set to false.
+  ##
+  ## Accepted values: Popular, Trending, Subscriptions, Playlists, <none>
+  ## Default: Popular
+  ##
+  default_home: Subscriptions
+
+  # -----------------------------
+  #  Video player behavior
+  # -----------------------------
+
+  ##
+  ## Automatically play videos on page load.
+  ##
+  ## Accepted values: true, false
+  ## Default: false
+  ##
+  autoplay: true
+
+  ##
+  ## Automatically load the "next" video (either next in
+  ## playlist or proposed) when the current video ends.
+  ##
+  ## Accepted values: true, false
+  ## Default: false
+  ##
+  continue: true
+
+
+  # -----------------------------
+  #  Video playback settings
+  # -----------------------------
+
+  ##
+  ## Default video quality.
+  ##
+  ## Accepted values: dash, hd720, medium, small
+  ## Default: hd720
+  ##
+  quality: dash
+
+  ##
+  ## Default dash video quality.
+  ##
+  ## Note: this setting only takes effet if the
+  ## 'quality' parameter is set to "dash".
+  ##
+  ## Accepted values:
+  ##    auto, best, 4320p, 2160p, 1440p, 1080p,
+  ##    720p, 480p, 360p, 240p, 144p, worst
+  ## Default: auto
+  ##
+  quality_dash: best
+
+  ##
+  ## Save the playback position
+  ## Allow to continue watching at the previous position when
+  ## watching the same video.
+  ##
+  ## Accepted values: true, false
+  ## Default: false
+  ##
+  save_player_pos: true
--- a/modules/nixos/virtualisation/podman/invidious/config/db.env
+++ b/modules/nixos/virtualisation/podman/invidious/config/db.env
@ -0,0 +1,3 @@
+POSTGRES_USER=philipp
+POSTGRES_PASSWORD=s3cr3tp4ssw0rd
+POSTGRES_DB=invidious
--- a/modules/nixos/virtualisation/podman/invidious/config/sql/annotations.sql
+++ b/modules/nixos/virtualisation/podman/invidious/config/sql/annotations.sql
@ -0,0 +1,12 @@
+-- Table: public.annotations
+
+-- DROP TABLE public.annotations;
+
+CREATE TABLE IF NOT EXISTS public.annotations
+(
+  id text NOT NULL,
+  annotations xml,
+  CONSTRAINT annotations_id_key UNIQUE (id)
+);
+
+GRANT ALL ON TABLE public.annotations TO current_user;
--- a/modules/nixos/virtualisation/podman/invidious/config/sql/channel_videos.sql
+++ b/modules/nixos/virtualisation/podman/invidious/config/sql/channel_videos.sql
@ -0,0 +1,30 @@
+-- Table: public.channel_videos
+
+-- DROP TABLE public.channel_videos;
+
+CREATE TABLE IF NOT EXISTS public.channel_videos
+(
+  id text NOT NULL,
+  title text,
+  published timestamp with time zone,
+  updated timestamp with time zone,
+  ucid text,
+  author text,
+  length_seconds integer,
+  live_now boolean,
+  premiere_timestamp timestamp with time zone,
+  views bigint,
+  CONSTRAINT channel_videos_id_key UNIQUE (id)
+);
+
+GRANT ALL ON TABLE public.channel_videos TO current_user;
+
+-- Index: public.channel_videos_ucid_idx
+
+-- DROP INDEX public.channel_videos_ucid_idx;
+
+CREATE INDEX IF NOT EXISTS channel_videos_ucid_idx
+  ON public.channel_videos
+  USING btree
+  (ucid COLLATE pg_catalog."default");
+
--- a/modules/nixos/virtualisation/podman/invidious/config/sql/channels.sql
+++ b/modules/nixos/virtualisation/podman/invidious/config/sql/channels.sql
@ -0,0 +1,25 @@
+-- Table: public.channels
+
+-- DROP TABLE public.channels;
+
+CREATE TABLE IF NOT EXISTS public.channels
+(
+  id text NOT NULL,
+  author text,
+  updated timestamp with time zone,
+  deleted boolean,
+  subscribed timestamp with time zone,
+  CONSTRAINT channels_id_key UNIQUE (id)
+);
+
+GRANT ALL ON TABLE public.channels TO current_user;
+
+-- Index: public.channels_id_idx
+
+-- DROP INDEX public.channels_id_idx;
+
+CREATE INDEX IF NOT EXISTS channels_id_idx
+  ON public.channels
+  USING btree
+  (id COLLATE pg_catalog."default");
+
--- a/modules/nixos/virtualisation/podman/invidious/config/sql/nonces.sql
+++ b/modules/nixos/virtualisation/podman/invidious/config/sql/nonces.sql
@ -0,0 +1,22 @@
+-- Table: public.nonces
+
+-- DROP TABLE public.nonces;
+
+CREATE TABLE IF NOT EXISTS public.nonces
+(
+  nonce text,
+  expire timestamp with time zone,
+  CONSTRAINT nonces_id_key UNIQUE (nonce)
+);
+
+GRANT ALL ON TABLE public.nonces TO current_user;
+
+-- Index: public.nonces_nonce_idx
+
+-- DROP INDEX public.nonces_nonce_idx;
+
+CREATE INDEX IF NOT EXISTS nonces_nonce_idx
+  ON public.nonces
+  USING btree
+  (nonce COLLATE pg_catalog."default");
+
--- a/modules/nixos/virtualisation/podman/invidious/config/sql/playlist_videos.sql
+++ b/modules/nixos/virtualisation/podman/invidious/config/sql/playlist_videos.sql
@ -0,0 +1,19 @@
+-- Table: public.playlist_videos
+
+-- DROP TABLE public.playlist_videos;
+
+CREATE TABLE IF NOT EXISTS public.playlist_videos
+(
+    title text,
+    id text,
+    author text,
+    ucid text,
+    length_seconds integer,
+    published timestamptz,
+    plid text references playlists(id),
+    index int8,
+    live_now boolean,
+    PRIMARY KEY (index,plid)
+);
+
+GRANT ALL ON TABLE public.playlist_videos TO current_user;
--- a/modules/nixos/virtualisation/podman/invidious/config/sql/playlists.sql
+++ b/modules/nixos/virtualisation/podman/invidious/config/sql/playlists.sql
@ -0,0 +1,29 @@
+-- Type: public.privacy
+
+-- DROP TYPE public.privacy;
+
+CREATE TYPE public.privacy AS ENUM
+(
+    'Public',
+    'Unlisted',
+    'Private'
+);
+
+-- Table: public.playlists
+
+-- DROP TABLE public.playlists;
+
+CREATE TABLE IF NOT EXISTS public.playlists
+(
+    title text,
+    id text primary key,
+    author text,
+    description text,
+    video_count integer,
+    created timestamptz,
+    updated timestamptz,
+    privacy privacy,
+    index int8[]
+);
+
+GRANT ALL ON public.playlists TO current_user;
--- a/modules/nixos/virtualisation/podman/invidious/config/sql/session_ids.sql
+++ b/modules/nixos/virtualisation/podman/invidious/config/sql/session_ids.sql
@ -0,0 +1,23 @@
+-- Table: public.session_ids
+
+-- DROP TABLE public.session_ids;
+
+CREATE TABLE IF NOT EXISTS public.session_ids
+(
+  id text NOT NULL,
+  email text,
+  issued timestamp with time zone,
+  CONSTRAINT session_ids_pkey PRIMARY KEY (id)
+);
+
+GRANT ALL ON TABLE public.session_ids TO current_user;
+
+-- Index: public.session_ids_id_idx
+
+-- DROP INDEX public.session_ids_id_idx;
+
+CREATE INDEX IF NOT EXISTS session_ids_id_idx
+  ON public.session_ids
+  USING btree
+  (id COLLATE pg_catalog."default");
+
--- a/modules/nixos/virtualisation/podman/invidious/config/sql/users.sql
+++ b/modules/nixos/virtualisation/podman/invidious/config/sql/users.sql
@ -0,0 +1,29 @@
+-- Table: public.users
+
+-- DROP TABLE public.users;
+
+CREATE TABLE IF NOT EXISTS public.users
+(
+  updated timestamp with time zone,
+  notifications text[],
+  subscriptions text[],
+  email text NOT NULL,
+  preferences text,
+  password text,
+  token text,
+  watched text[],
+  feed_needs_update boolean,
+  CONSTRAINT users_email_key UNIQUE (email)
+);
+
+GRANT ALL ON TABLE public.users TO current_user;
+
+-- Index: public.email_unique_idx
+
+-- DROP INDEX public.email_unique_idx;
+
+CREATE UNIQUE INDEX IF NOT EXISTS email_unique_idx
+  ON public.users
+  USING btree
+  (lower(email) COLLATE pg_catalog."default");
+
--- a/modules/nixos/virtualisation/podman/invidious/config/sql/videos.sql
+++ b/modules/nixos/virtualisation/podman/invidious/config/sql/videos.sql
@ -0,0 +1,23 @@
+-- Table: public.videos
+
+-- DROP TABLE public.videos;
+
+CREATE UNLOGGED TABLE IF NOT EXISTS public.videos
+(
+  id text NOT NULL,
+  info text,
+  updated timestamp with time zone,
+  CONSTRAINT videos_pkey PRIMARY KEY (id)
+);
+
+GRANT ALL ON TABLE public.videos TO current_user;
+
+-- Index: public.id_idx
+
+-- DROP INDEX public.id_idx;
+
+CREATE UNIQUE INDEX IF NOT EXISTS id_idx
+  ON public.videos
+  USING btree
+  (id COLLATE pg_catalog."default");
+
--- a/modules/nixos/virtualisation/podman/invidious/default.nix
+++ b/modules/nixos/virtualisation/podman/invidious/default.nix
@ -0,0 +1,71 @@
+{
+  lib,
+  pkgs,
+  config,
+  namespace,
+  ...
+}:
+with lib;
+with lib.${namespace};
+let
+  cfg = config.${namespace}.container.invidious;
+in
+{
+  options.${namespace}.container.invidious = {
+    enable = mkEnableOption "Invidious";
+  };
+
+  config = mkIf cfg.enable {
+    security.unprivilegedUsernsClone = true;
+
+    virtualisation = {
+      podman = {
+        enable = true;
+        autoPrune = {
+          enable = true;
+          dates = "weekly";
+          flags = [ "--all" ];
+        };
+        defaultNetwork.settings = {
+          dns_enabled = true;
+        };
+      };
+    };
+
+    virtualisation.oci-containers.containers = {
+      invidious = {
+        image = "quay.io/invidious/invidious:latest-arm64";
+        hostname = "invidious";
+        volumes = [
+          "/home/philipp/nix-config/modules/nixos/virtualisation/podman/invidious/config/config.yml:/invidious/config/config.yml"
+        ];
+        ports = [
+          "192.168.1.202:3000:3000"
+          "[fd00:192:168:1::202]:3000:3000"
+        ];
+        dependsOn = [ "invidious-db" ];
+      };
+      signature-helper = {
+        image = "quay.io/invidious/inv-sig-helper:latest";
+        hostname = "signature-helper";
+        cmd = [
+          "--tcp"
+          "0.0.0.0:12999"
+        ];
+      };
+      invidious-db = {
+        image = "docker.io/library/postgres:14";
+        hostname = "invidious-db";
+        volumes = [
+          "postgresdata:/var/lib/postgresql/data"
+          "/home/philipp/nix-config/modules/nixos/virtualisation/podman/invidious/config/sql:/config/sql"
+          "/home/philipp/nix-config/modules/nixos/virtualisation/podman/invidious/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh"
+        ];
+        environmentFiles = [
+          /home/philipp/nix-config/modules/nixos/virtualisation/podman/invidious/config/db.env
+        ];
+      };
+    };
+  };
+
+}
--- a/modules/nixos/virtualisation/podman/invidious/init-invidious-db.sh
+++ b/modules/nixos/virtualisation/podman/invidious/init-invidious-db.sh
@ -0,0 +1,12 @@
+#!/bin/bash
+set -eou pipefail
+
+psql --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" < config/sql/channels.sql
+psql --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" < config/sql/videos.sql
+psql --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" < config/sql/channel_videos.sql
+psql --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" < config/sql/users.sql
+psql --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" < config/sql/session_ids.sql
+psql --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" < config/sql/nonces.sql
+psql --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" < config/sql/annotations.sql
+psql --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" < config/sql/playlists.sql
+psql --username "$POSTGRES_USER" --dbname "$POSTGRES_DB" < config/sql/playlist_videos.sql