Merge pull request #193 from anarion80/upgrade_invidious

⬆️ Upgrade invidious
anarion80 · Oct 11, 2024 · 2d19bca · 2d19bca
2 parents 4c32ada + 7c86e22
commit 2d19bca
Show file tree

Hide file tree

Showing 4 changed files with 104 additions and 2 deletions.
diff --git a/roles/invidious/defaults/main.yml b/roles/invidious/defaults/main.yml
@@ -13,6 +13,7 @@ invidious_network_name: "invidious"
 # specs
 invidious_memory: 1g
 invidious_postgres_memory: 1g
+invidious_sig_helper_memory: 1g
 
 # docker
 invidious_container_name: invidious
@@ -21,6 +22,9 @@ invidious_image_name: "quay.io/invidious/invidious"
 invidious_image_version: latest
 invidious_postgres_image_name: "docker.io/library/postgres"
 invidious_postgres_image_version: "13"
+invidious_sig_helper_container_name: invidious-sig-helper
+invidious_sig_helper_image_name: "quay.io/invidious/inv-sig-helper"
+invidious_sig_helper_image_version: latest
 invidious_user_id: "1000"
 invidious_group_id: "1000"
 
@@ -29,6 +33,10 @@ invidious_db_name: "invidious"
 invidious_db_username: "invidious"
 invidious_db_password: "secure"
 invidious_hmac_key: "CHANGE ME!!!"
+invidious_sig_helper_log_level: "info"
+# invidious_visitor_data: ""
+# invidious_po_token: ""
+invidious_docker_youtube_generator_image: quay.io/invidious/youtube-trusted-session-generator
 invidious_config: |
   channel_threads: 1
   check_tables: true
@@ -39,6 +47,9 @@ invidious_config: |
     password: {{ invidious_db_password }}
     host: {{ invidious_postgres_container_name }}
     port: 5432
+  signature_server: {{ invidious_sig_helper_container_name }}:12999
+  visitor_data: dummy_visitor_data
+  po_token: dummy_po_token
   full_refresh: false
   https_only: true
   popular_enabled: true

diff --git a/roles/invidious/molecule/default/verify.yml b/roles/invidious/molecule/default/verify.yml
@@ -12,6 +12,11 @@
         name: "{{ invidious_postgres_container_name }}"
       register: result_db
 
+    - name: Get invidious sig helper container state
+      community.docker.docker_container:
+        name: "{{ invidious_sig_helper_container_name }}"
+      register: result_sig_helper
+
     - name: Get invidious container state
       community.docker.docker_container:
         name: "{{ invidious_container_name }}"
@@ -22,5 +27,7 @@
         that:
           - result_db.container['State']['Status'] == "running"
           - result_db.container['State']['Restarting'] == false
+          - result_sig_helper.container['State']['Status'] == "running"
+          - result_sig_helper.container['State']['Restarting'] == false
           - result.container['State']['Status'] == "running"
           - result.container['State']['Restarting'] == false
diff --git a/roles/invidious/molecule/default/verify_stopped.yml b/roles/invidious/molecule/default/verify_stopped.yml
@@ -13,6 +13,12 @@
         state: absent
       register: result_db
 
+    - name: Try and stop and remove invidious sig helper
+      community.docker.docker_container:
+        name: "{{ invidious_sig_helper_container_name }}"
+        state: absent
+      register: result_sig_helper
+
     - name: Try and stop and remove invidious
       community.docker.docker_container:
         name: "{{ invidious_container_name }}"
@@ -23,4 +29,5 @@
       ansible.builtin.assert:
         that:
           - not result_db.changed
+          - not result_sig_helper.changed
           - not result.changed
diff --git a/roles/invidious/tasks/main.yml b/roles/invidious/tasks/main.yml
@@ -36,6 +36,56 @@
       community.docker.docker_network:
         name: "{{ invidious_network_name }}"
 
+    - name: Check if we already have visitor_data and po_token cached
+      ansible.builtin.stat:
+        path: /tmp/visitor_data_po_token_cache.json
+      register: cache_check
+
+    - name: Run Docker container and capture visitor_data and po_token (if cache not present)
+      community.docker.docker_container:
+        name: youtube-session-generator
+        image: "{{ invidious_docker_youtube_generator_image }}"
+        detach: false
+        cleanup: true
+      register: container_output
+      when: not cache_check.stat.exists
+
+    - name: Extract visitor_data and po_token (if cache not present)
+      ansible.builtin.set_fact:
+        visitor_data: "{{ container_output.container['Output'] | regex_search('visitor_data: (.+?)\\n', '\\1') | first}}"
+        po_token: "{{ container_output.container['Output'] | regex_search('po_token: (.+?)\\n', '\\1') | first }}"
+      when: not cache_check.stat.exists
+
+    - name: Cache visitor_data and po_token in a file
+      ansible.builtin.copy:
+        content: |
+          {
+            "visitor_data": "{{ visitor_data }}",
+            "po_token": "{{ po_token }}"
+          }
+        dest: /tmp/visitor_data_po_token_cache.json
+      when: not cache_check.stat.exists
+
+    - name: Load cached visitor_data and po_token (if cache exists)
+      ansible.builtin.slurp:
+        src: /tmp/visitor_data_po_token_cache.json
+      register: cached_data
+      when: cache_check.stat.exists
+
+    - name: Set facts from cached data
+      ansible.builtin.set_fact:
+        visitor_data: "{{ cached_data.content | b64decode | from_json | json_query('visitor_data') }}"
+        po_token: "{{ cached_data.content | b64decode | from_json | json_query('po_token') }}"
+      when: cache_check.stat.exists
+      # tags: molecule-idempotence-notest
+
+    - name: Display captured variables
+      ansible.builtin.debug:
+        msg:
+          - "visitor_data: {{ visitor_data }}"
+          - "po_token: {{ po_token }}"
+          - "invidious_config: {{ invidious_config }}"
+
     - name: Create Invidious Postgress Docker Container
       community.docker.docker_container:
         name: "{{ invidious_postgres_container_name }}"
@@ -65,6 +115,28 @@
           retries: 5
           timeout: 5s
 
+    - name: Create Invidious Sig Helper Docker Container
+      community.docker.docker_container:
+        container_default_behavior: no_defaults
+        name: "{{ invidious_sig_helper_container_name }}"
+        image: "{{ invidious_sig_helper_image_name }}:{{ invidious_sig_helper_image_version }}"
+        pull: true
+        networks:
+          - name: "{{ invidious_network_name }}"
+        network_mode: "{{ invidious_network_name }}"
+        command: ["--tcp", "0.0.0.0:12999"]
+        env:
+          RUST_LOG: "{{ invidious_sig_helper_log_level }}"
+        restart_policy: unless-stopped
+        cap_drop:
+          - ALL
+        read_only: true
+        security_opts:
+          - no-new-privileges:true
+        memory: "{{ invidious_sig_helper_memory }}"
+        labels:
+          traefik.enable: "false"
+
     - name: Create Invidious Docker Container
       community.docker.docker_container:
         container_default_behavior: no_defaults
@@ -82,7 +154,7 @@
           TZ: "{{ ansible_nas_timezone }}"
           PUID: "{{ invidious_user_id | quote }}"
           PGID: "{{ invidious_group_id | quote }}"
-          INVIDIOUS_CONFIG: "{{ invidious_config }}"
+          INVIDIOUS_CONFIG: "{{ invidious_config | replace('dummy_visitor_data', visitor_data) | replace('dummy_po_token', po_token) }}"
         restart_policy: unless-stopped
         memory: "{{ invidious_memory }}"
         labels:
@@ -93,7 +165,7 @@
           traefik.http.routers.invidious.tls.domains[0].sans: "*.{{ ansible_nas_domain }}"
           traefik.http.services.invidious.loadbalancer.server.port: "3000"
         healthcheck:
-          test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
+          test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1
           interval: 30s
           timeout: 5s
           retries: 2
@@ -106,6 +178,11 @@
         name: "{{ invidious_postgres_container_name }}"
         state: absent
 
+    - name: Stop invidious sig helper
+      community.docker.docker_container:
+        name: "{{ invidious_sig_helper_container_name }}"
+        state: absent
+
     - name: Stop invidious
       community.docker.docker_container:
         name: "{{ invidious_container_name }}"