root
/
apps


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132
							{% import "macros/config.sh" as config_macro %}

{% set tpl = ix_lib.base.render.Render(values) %}

{% set sig_helper = namespace(x=None) %}
{% set c1 = tpl.add_container(values.consts.invidious_container_name, "image") %}
{% set db_fetch = tpl.add_container(values.consts.db_seed_fetch_container_name, "git_image") %}
{% set db_seed = tpl.add_container(values.consts.db_seed_apply_container_name, values.invidious.postgres_image_selector) %}
{% set config = tpl.add_container(values.consts.config_container_name, "yq_image") %}
{% set perm_container = tpl.deps.perms(values.consts.perms_container_name) %}

{% set pg_config = {
  "user": values.consts.db_user,
  "password": values.invidious.db_password,
  "database": values.consts.db_name,
  "volume": values.storage.postgres_data,
} %}
{% set postgres = tpl.deps.postgres(
  values.consts.postgres_container_name,
  values.invidious.postgres_image_selector,
  pg_config, perm_container
) %}

{% set perms_config = {"uid": values.consts.run_as_user, "gid": values.consts.run_as_group} %}

{% do c1.set_user(values.consts.run_as_user, values.consts.run_as_group) %}
{% do c1.healthcheck.set_test("netcat", {"port": values.network.web_port.port_number}) %}
{% do c1.environment.add_env("INVIDIOUS_CONFIG_FILE", "%s/config.yaml"|format(values.consts.config_path)) %}
{% do c1.environment.add_user_envs(values.invidious.additional_envs) %}

{% do c1.depends.add_dependency(values.consts.postgres_container_name, "service_healthy") %}
{% do c1.depends.add_dependency(values.consts.config_container_name, "service_completed_successfully") %}

{% do c1.add_port(values.network.web_port) %}

{% do db_fetch.set_user(values.consts.run_as_user, values.consts.run_as_group) %}
{% do db_fetch.healthcheck.disable() %}
{% do db_fetch.restart.set_policy("on-failure", 1) %}
{% do db_fetch.deploy.resources.set_profile("low") %}
{% do db_fetch.configs.add("fetch_db_seed.sh", config_macro.fetch_db_seed(values=values), "/fetch_db_seed.sh", "0755") %}
{% do db_fetch.set_entrypoint(["/fetch_db_seed.sh"]) %}

{% do db_seed.set_user(values.consts.run_as_user, values.consts.run_as_group) %}
{% do db_seed.healthcheck.disable() %}
{% do db_seed.restart.set_policy("on-failure", 1) %}
{% do db_seed.deploy.resources.set_profile("low") %}
{% do db_seed.configs.add("apply_db_seed.sh", config_macro.apply_db_seed(values=values), "/apply_db_seed.sh", "0755") %}
{% do db_seed.set_entrypoint(["/apply_db_seed.sh"]) %}
{% do db_seed.depends.add_dependency(values.consts.postgres_container_name, "service_healthy") %}
{% do db_seed.depends.add_dependency(values.consts.db_seed_fetch_container_name, "service_completed_successfully") %}
{% do db_seed.environment.add_env("POSTGRES_USER", values.consts.db_user) %}
{% do db_seed.environment.add_env("POSTGRES_DB", values.consts.db_name) %}
{% do db_seed.environment.add_env("PGPASSWORD", values.invidious.db_password) %}
{% do db_seed.environment.add_env("PGHOST", values.consts.postgres_container_name) %}
{% do db_seed.environment.add_env("PGPORT", 5432) %}

{% set cfg = namespace(x=[
  {"check_tables": true},
  {"database_url": postgres.get_url("postgres")},
  {"db.user": values.consts.db_user},
  {"db.password": values.invidious.db_password},
  {"db.dbname": values.consts.db_name},
  {"db.host": values.consts.postgres_container_name},
  {"db.port": 5432},
  {"hmac_key": values.invidious.hmac_secret},
  {"host_binding": "0.0.0.0"},
  {"port": values.network.web_port.port_number},
  {"admins": values.invidious.admins},
  {"registration_enabled": values.invidious.registration_enabled},
  {"login_enabled": values.invidious.login_enabled},
  {"captcha_enabled": values.invidious.captcha_enabled},
]) %}

{% if values.invidious.enable_inv_sig_helper %}
  {% do cfg.x.append({"signature_server": "%s:%d" | format(values.consts.sig_helper_container_name, values.consts.internal_sig_helper_port)}) %}
{% endif %}
{% if values.invidious.po_token %}
  {% do cfg.x.append({"po_token": values.invidious.po_token}) %}
{% endif %}
{% if values.invidious.visitor_data %}
  {% do cfg.x.append({"visitor_data": values.invidious.visitor_data}) %}
{% endif %}

{% do config.set_user(values.consts.run_as_user, values.consts.run_as_group) %}
{% do config.healthcheck.disable() %}
{% do config.restart.set_policy("on-failure", 1) %}
{% do config.deploy.resources.set_profile("low") %}
{% do config.configs.add("config.sh", config_macro.config(values=values, cfg=cfg.x), "/setup/config.sh", "0755") %}
{% do config.set_entrypoint(["/setup/config.sh"]) %}
{% do config.depends.add_dependency(values.consts.db_seed_apply_container_name, "service_completed_successfully") %}

{% set shared_volume_config = {"type": "temporary", "volume_config": {"volume_name": "shared"}} %}
{% do db_fetch.add_storage("/shared", shared_volume_config) %}
{% do db_seed.add_storage("/shared", shared_volume_config) %}
{% do config.add_storage("/shared", shared_volume_config) %}
{% do perm_container.add_or_skip_action("shared", shared_volume_config, perms_config) %}

{% do c1.add_storage(values.consts.config_path, values.storage.config) %}
{% do db_fetch.add_storage(values.consts.config_path, values.storage.config) %}
{% do db_seed.add_storage(values.consts.config_path, values.storage.config) %}
{% do config.add_storage(values.consts.config_path, values.storage.config) %}
{% do perm_container.add_or_skip_action("config", values.storage.config, perms_config) %}

{% for store in values.storage.additional_storage %}
  {% do c1.add_storage(store.mount_path, values.storage.config) %}
  {% do perm_container.add_or_skip_action(store.mount_path, store, perms_config) %}
{% endfor %}

{% if values.invidious.enable_inv_sig_helper %}
  {% set sig_helper.x = tpl.add_container(values.consts.sig_helper_container_name, "sig_helper_image") %}
  {% do sig_helper.x.set_user(values.consts.inv_sig_helper_run_as_user, values.consts.inv_sig_helper_run_as_group) %}
  {% do sig_helper.x.environment.add_env("RUST_LOG", "info") %}
  {% do sig_helper.x.set_init(true) %}
  {% do sig_helper.x.set_read_only(true) %}
  {% do sig_helper.x.healthcheck.disable() %}
  {% do sig_helper.x.set_command(["--tcp", "0.0.0.0:%d"|format(values.consts.internal_sig_helper_port)]) %}

  {% do c1.depends.add_dependency(values.consts.sig_helper_container_name, "service_started") %}
{% endif %}

{% if perm_container.has_actions() %}
  {% do perm_container.activate() %}
  {% do c1.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
  {% do db_fetch.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
  {% do db_seed.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
  {% do config.depends.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
  {% do postgres.add_dependency(values.consts.perms_container_name, "service_completed_successfully") %}
{% endif %}

{% do tpl.portals.add(values.network.web_port) %}

{{ tpl.render() | tojson }}