Add new VPS deployment

.ansible-lint

@@ -0,0 +1,2 @@
+exclude_paths:
+  - roles

README.md

@@ -8,6 +8,12 @@ This repository contains the invidious infrastructure.
 2. Install requirements: `ansible-galaxy install -r requirements.yml -p roles`
 
 ## Hosts
-### invidious.io
+### invidious.io (old)
+
+Install old requirements: `ansible-galaxy install -r requirements-old.yml -p roles`  
 
 `ansible-playbook main.yml -i inventory.yml --ask-vault-pass`
+
+### tin.invidious.io
+
+`ansible-playbook tin.yml -i inventory.yml`

group_vars/main/main.yml

@@ -12,7 +12,6 @@ apt_packages:
   - net-tools
   - python3-setuptools
   - jq
-  - prometheus-node-exporter
 
 pip_install_packages:
   - name: docker

host_vars/tin.invidious.io/main.yml

@@ -0,0 +1,3 @@
+---
+docker_compose_version: "1.29.2"
+caddy_config: "{{ lookup('template', 'templates/tin-Caddyfile.j2') }}"

inventory.yml

@@ -4,4 +4,4 @@ all:
     main:
       hosts:
         invidious.io:
-          ansible_host: 188.34.196.170
+        tin.invidious.io:

requirements-old.yml

@@ -0,0 +1,10 @@
+roles:
+  - name: jnv.unattended-upgrades
+    version: v1.10.0
+  - name: geerlingguy.pip
+    version: 2.0.0
+  - name: geerlingguy.docker
+    version: 3.0.0
+  - name: caddy_ansible.caddy_ansible
+  - name: cloudalchemy.prometheus
+  - name: cloudalchemy.grafana

requirements.yml

@@ -1,10 +1,11 @@
 roles:
   - name: jnv.unattended-upgrades
-    version: v1.10.0
+    # from github because version missing on galaxy, https://github.com/jnv/ansible-role-unattended-upgrades/issues/89
+    src: https://github.com/jnv/ansible-role-unattended-upgrades
+    version: v1.12.1
   - name: geerlingguy.pip
-    version: 2.0.0
+    version: 2.1.0
   - name: geerlingguy.docker
-    version: 3.0.0
+    version: 4.1.1
   - name: caddy_ansible.caddy_ansible
-  - name: cloudalchemy.prometheus
-  - name: cloudalchemy.grafana
+    version: v3.0.4

tasks/compose.yml

@@ -0,0 +1,18 @@
+---
+- name: Create compose folders
+  file:
+    path: "/root/compose/{{ app }}"
+    state: directory
+    recurse: true
+    mode: 0755
+
+- name: Template compose files
+  template:
+    src: "compose/{{ app }}.yml"
+    dest: "/root/compose/{{ app }}/docker-compose.yml"
+    mode: 0600
+
+- name: Compose app
+  community.docker.docker_compose:
+    project_src: "/root/compose/{{ app }}"
+    pull: true

templates/compose/instances-api.yml

@@ -0,0 +1,7 @@
+---
+services:
+  api:
+    image: quay.io/invidious/instances:latest
+    restart: unless-stopped
+    ports:
+      - "127.0.0.1:3000:3000"

templates/compose/redirect.yml

@@ -0,0 +1,10 @@
+---
+services:
+  redirect:
+    image: quay.io/invidious/invidious-redirect:latest
+    restart: unless-stopped
+    ports:
+      - "127.0.0.1:8080:80"
+    # disable (spammy logs)
+    logging:
+      driver: "none"

templates/tin-Caddyfile.j2

@@ -0,0 +1,75 @@
+# {{ ansible_managed }}
+
+(common) {
+  encode gzip
+  respond /robots.txt 200 {
+    body "User-agent: *
+Disallow: /
+"
+}
+  log {
+    output file /var/log/caddy/access.log {
+      roll_size 500mb
+      roll_keep 5
+    }
+    format filter {
+      wrap json
+      fields {
+        common_log delete
+        request>remote_addr ip_mask {
+          ipv4 24
+          ipv6 32
+        }
+      }
+    }
+  }
+}
+
+www.invidio.us {
+  import common
+  redir https://invidious.io{uri}
+}
+#invidious.io {
+#  import common
+#  root * /var/www/invidious.io
+#  file_server
+#}
+git.invidious.io {
+  import common
+  redir https://github.com/iv-org/invidious
+}
+
+invidio.us {
+  import common
+  redir https://redirect.invidious.io{uri}
+  header /api* content-type "application/json"
+  respond /api* "{\"error\":\"This server no longer hosts the Invidious API.\"}" 410
+}
+redirect.invidious.io {
+  import common
+  reverse_proxy http://127.0.0.1:8080
+}
+
+instances.invidio.us {
+  import common
+  redir https://api.invidious.io{uri}
+}
+api.invidious.io {
+  import common
+  reverse_proxy http://127.0.0.1:3000
+  header /static* Cache-Control "max-age=86400"
+}
+
+uptime.invidio.us {
+  import common
+  redir https://stats.uptimerobot.com/89VnzSKAn{uri}
+}
+uptime.invidious.io {
+  import common
+  redir https://stats.uptimerobot.com/89VnzSKAn{uri}
+}
+
+#docs.invidious.io {
+#  import common
+#  reverse_proxy http://127.0.0.1:3001
+#}

tin.yml

@@ -0,0 +1,61 @@
+---
+- hosts: tin.invidious.io
+  handlers:
+    - name: restart ssh
+      systemd:
+        name: sshd
+        state: restarted
+
+  tasks:
+    - name: SSH config
+      template:
+        src: sshd_config.j2
+        dest: /etc/ssh/sshd_config
+        mode: 0644
+      notify: restart ssh
+      tags: [ssh, base]
+
+    - name: SSH keys
+      template:
+        src: authorized_keys.j2
+        dest: /root/.ssh/authorized_keys
+        mode: 0600
+      tags: [ssh, base]
+
+    - name: Install packages
+      apt:
+        name: "{{ apt_packages }}"
+        update_cache: true
+      tags: [apt, base]
+
+    - name: unattended-upgrades
+      import_role:
+        name: jnv.unattended-upgrades
+      tags: [unattended-upgrades]
+
+    - name: pip
+      import_role:
+        name: geerlingguy.pip
+      tags: [pip,docker]
+
+    - name: docker
+      import_role:
+        name: geerlingguy.docker
+      tags: [dockerd, docker]
+
+    - name: Deploy invidious api
+      import_tasks: tasks/compose.yml
+      vars:
+        app: instances-api
+      tags: [instances-api, api, docker]
+
+    - name: Deploy invidious api
+      import_tasks: tasks/compose.yml
+      vars:
+        app: redirect
+      tags: [redirect, docker]
+
+    - name: caddy
+      import_role:
+        name: caddy_ansible.caddy_ansible
+      tags: [caddy]