From a324cae62f04bc32e3a8902dfc191fa79461bb45 Mon Sep 17 00:00:00 2001 From: aggarwalakshun Date: Wed, 7 May 2025 01:34:23 +0530 Subject: [PATCH] use inv-sig-helper instead of inv-companion --- cluster/apps/invidious/invidious-config.yml | 20 ++---- cluster/apps/invidious/invidious-helper.yml | 66 +++---------------- cluster/apps/invidious/invidious-svc.yml | 49 +++++++------- cluster/apps/invidious/invidious.yml | 10 +-- .../secrets/invidious-secrets-sealed.yml | 11 ++-- 5 files changed, 45 insertions(+), 111 deletions(-) diff --git a/cluster/apps/invidious/invidious-config.yml b/cluster/apps/invidious/invidious-config.yml index 2171ff8..2ec04c7 100644 --- a/cluster/apps/invidious/invidious-config.yml +++ b/cluster/apps/invidious/invidious-config.yml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: ConfigMap metadata: @@ -8,19 +9,12 @@ data: db: dbname: invidious user: kemal - password: "${INVIDIOUS_DB_PASSWORD}" + password: ${INVIDIOUS_DB_PASSWORD} host: invidious-db-service port: 5432 check_tables: true - invidious_companion: - - private_url: "http://invidious-companion-service:8282" - - public_url: "https://companion.akshub-lab.uk" - invidious_companion_key: "${INVIDIOUS_COMPANION_KEY}" - hmac_key: "${INVIDIOUS_HMAC_KEY}" - external_port: 443 - domain: invidious.akshub-lab.uk - http_proxy: - user: akshun - password: "${INVIDIOUS_HTTP_PROXY_PASSWORD}" - host: gluetun-service - port: 8888 + signature_server: inv-sig-helper:12999 + visitor_data: ${VISITOR_DATA} + po_token: ${PO_TOKEN} + port: 3000 + hmac_key: ${INVIDIOUS_HMAC_KEY} diff --git a/cluster/apps/invidious/invidious-helper.yml b/cluster/apps/invidious/invidious-helper.yml index 2f5b15c..7eefbec 100644 --- a/cluster/apps/invidious/invidious-helper.yml +++ b/cluster/apps/invidious/invidious-helper.yml @@ -2,77 +2,29 @@ apiVersion: apps/v1 kind: Deployment metadata: - name: invidious-companion + name: inv-sig-helper namespace: default spec: replicas: 1 selector: matchLabels: - app: invidious-companion + app: inv-sig-helper template: metadata: labels: - app: invidious-companion + app: inv-sig-helper spec: - initContainers: - - name: vpn - restartPolicy: Always - image: qmcgaw/gluetun:v3.40.0 - securityContext: - capabilities: - add: - - NET_ADMIN - env: - - name: OPENVPN_PASSWORD - valueFrom: - secretKeyRef: - name: openvpn-secrets - key: OPENVPN_PASSWORD - - name: OPENVPN_USER - valueFrom: - secretKeyRef: - name: openvpn-secrets - key: OPENVPN_USER - - name: VPN_SERVICE_PROVIDER - value: "surfshark" - - name: SERVER_COUNTRIES - value: "Netherlands" - - name: FIREWALL_INPUT_PORTS - value: "8282" - - name: FIREWALL_VPN_INPUT_PORTS - value: "8282" - - name: FIREWALL_OUTBOUND_SUBNETS - value: "192.168.1.0/24" - - name: DOT - value: "on" - - name: DNS_ADDRESS - value: "8.8.8.8" - volumeMounts: - - name: companion-cache - mountPath: /var/tmp/youtubei.js - subPath: youtubei.js containers: - - name: invidious-companion - image: quay.io/invidious/invidious-companion@sha256:ac8fba6123adca367bf6fec18da788d420dd9b1167e8a3911375df42e88a1952 + - name: inv-sig-helper + image: quay.io/invidious/inv-sig-helper@sha256:b5466c9add729e82e4e3ee5515c30b69df02d78ebb2486dbc9c63e456f29083d + args: ["--tcp", "0.0.0.0:12999"] env: - - name: SERVER_SECRET_KEY - valueFrom: - secretKeyRef: - name: invidious-secrets - key: SERVER_SECRET_KEY + - name: RUST_LOG + value: "info" ports: - - containerPort: 8282 + - containerPort: 12999 securityContext: - allowPrivilegeEscalation: false readOnlyRootFilesystem: true capabilities: drop: - ALL - volumeMounts: - - name: companion-cache - mountPath: /var/tmp/youtubei.js - subPath: youtubei.js - volumes: - - name: companion-cache - persistentVolumeClaim: - claimName: longhorn-invidious-cache diff --git a/cluster/apps/invidious/invidious-svc.yml b/cluster/apps/invidious/invidious-svc.yml index 7680bd4..1f91374 100644 --- a/cluster/apps/invidious/invidious-svc.yml +++ b/cluster/apps/invidious/invidious-svc.yml @@ -1,3 +1,4 @@ +--- apiVersion: v1 kind: Service metadata: @@ -7,23 +8,37 @@ spec: selector: app: invidious-db ports: - - protocol: TCP - port: 5432 - targetPort: 5432 + - protocol: TCP + port: 5432 + targetPort: 5432 --- apiVersion: v1 kind: Service metadata: - name: invidious-companion-service + name: invidious namespace: default spec: selector: - app: invidious-companion + app: invidious ports: - - protocol: TCP - port: 8282 - targetPort: 8282 + - protocol: TCP + port: 3000 + targetPort: 3000 + +--- +apiVersion: v1 +kind: Service +metadata: + name: inv-sig-helper + namespace: default +spec: + selector: + app: inv-sig-helper + ports: + - protocol: TCP + port: 12999 + targetPort: 12999 --- apiVersion: v1 @@ -39,20 +54,4 @@ spec: - port: 3000 targetPort: 3000 nodePort: 3111 - protocol: TCP - ---- -apiVersion: v1 -kind: Service -metadata: - name: invidious-companion-ext-service - namespace: default -spec: - type: NodePort - selector: - app: invidious-companion - ports: - - port: 8282 - targetPort: 8282 - nodePort: 30082 - protocol: TCP + protocol: TCP \ No newline at end of file diff --git a/cluster/apps/invidious/invidious.yml b/cluster/apps/invidious/invidious.yml index 7db8677..cb497d6 100644 --- a/cluster/apps/invidious/invidious.yml +++ b/cluster/apps/invidious/invidious.yml @@ -21,7 +21,7 @@ spec: - sh - -c - | - until nc -z -v -w30 invidious-companion-service 8282; do + until nc -z -v -w30 inv-sig-helper 12999; do echo "Waiting for companion to be ready..." sleep 2 done @@ -65,14 +65,6 @@ spec: value: "3000" ports: - containerPort: 3000 - livenessProbe: - httpGet: - path: /api/v1/trending - port: 3000 - initialDelaySeconds: 30 - periodSeconds: 30 - timeoutSeconds: 5 - failureThreshold: 2 volumeMounts: - name: logging mountPath: /var/log/invidious diff --git a/cluster/config/secrets/invidious-secrets-sealed.yml b/cluster/config/secrets/invidious-secrets-sealed.yml index 358cc8a..66a4312 100644 --- a/cluster/config/secrets/invidious-secrets-sealed.yml +++ b/cluster/config/secrets/invidious-secrets-sealed.yml @@ -2,19 +2,16 @@ apiVersion: bitnami.com/v1alpha1 kind: SealedSecret metadata: - creationTimestamp: null name: invidious-secrets namespace: default spec: encryptedData: - INVIDIOUS_COMPANION_KEY: AgBbhZ1CF1SA7r6k2Zt6T9EvtBjilwPdmA4JhVV+gddPIiZOYOPSlzrhdvIWxqcb0p4Bv+ivuKoNjCcCQyrNGa0fatRjZgolO960+LeM6saDak19D0enscXbA8mtTW0e/uRCuf+x5QMAVmBIzKuUfn7skZDSQCWbVv0ai5mdy31UAvsWVE/kdsiii+WjsWUoPSvyJlic+wZGxIYGZvOM8g3HovzWafO951zJiBVZG4pfTsmlqgtth73tuXJKBJ/aOXqk2yjNYW/6KAUmbR6CVffgSuMp275y7BtbhbDhhxsXEHJNHNRgJ5DqGtv5yBJiCr9a9adxz0C/nJmnfuaTGXsXCi579Ro8tkqUMB8i6RmcB1zOv9xWkBJFBF0/4faWLqxjItfuhUJb7jz9p4k2E8hs1oM3d08+z/B6jiKzbW3uP3+Ic+zTKtDd6wcHYiOumcj2LWeEJOvRjoTo9PGI1wy16TBFTWtpd51aSwASq0ByORR0Ln4ZWwp+qGyG0SGVybUsVN72qnJ/1R+TSXXmGIhhf+GYP/vg+U7SAgwMKDLfWNf2DfPTFJZtZf7p2vnzugauPtU1rXt/Oxux0yLF7ZUOUdgM+AbGPAr5tV404ym8OfYJI39RRl5Zy525bbb73FEBRLPSaQNioCp3vc4voqnl2V9DC0a4PT4pCJgfR1+lcPZe8hs9FKxGMh5o40otfaOHFFwhcDDLnsueXe2ZGjNX - INVIDIOUS_DB_PASSWORD: AgB9K27GuOjq8b5TUwv93giHb9vOWO1U/D0nKKr3FCfoPYSiyBnQ5VI6N3P2wd4EiFD8PpyHlx77b066IQm6d0rn53x3i1hRlHhKItUX0TVFMBpGq+Rapt6fXi0cLK+JJKRbKcsB+ZdGMktjMJuQ2dsLLCgfH7uBSDg6a1pemzrdfUOmqT9b5gKrBlxjDMZdUlq7BMaKs+UaYoJKVksy1s+mgloMcY2nr4PCHhl8Y4g5vtqFW8fkPaKz/Y4BhKWxChC9QTb33xrrB1B303taYSKN3LJZLlle0j75738a9HGJ7M+YJYVIFiQKj8XILFeUaNjDEuIAPd/YRlk7mFyofNA1JytZLuEKcnWJfSlpIlMmoVHnu+7JhACk0DjYIET/v7EdQ9J1/P5q05AlxPVvd+zrpCNCb/1K2M0J0graC36wlVDfLxo8+a0StMRQ5hrq1BcIssb6cjU/vwwyMfwbvwepm555xk26osGfCZE+gCHwRkVxrPIuy1dqJXqw5H/Af+2Wxm2PNlwRrUsIS1+UXCnXxRxAxDLUtfKttkI32Kxay8/bA6Yr6zEc7zoE0BDboCIZnNmUcE4S+y3ghYRdN2YsndEzr1j+wtMNlEJVOW8Akf36aeIGh8/LNEf3XzJT+XhKMyRE39Nptir38cA5oyzvLaBopTm52QAMygQOV3QA66KLz5nvQEnBdBk1mO1PtazIXyOmMupzy71g0w== - INVIDIOUS_HMAC_KEY: AgDUFnkGlxIrGo9nHtdGb8d08eNurx6jhfgeHQ5H58rpLHLuvwblrOfGakSbMR0kPE2Z7Mvc8/Hiaih+kFE722bnaFup+VUovv++Pk2hHe/F5pP7Sxd/M8DclWlEX9xWhvcoNPN4ULcHsCZrbb6f5VFW2LTP+cxce5rXRCdwreKvyNrMZCtDW1AxGy43LCntmmaMwkV46xucKfFK/lS/VYfVJJiVeAJltbci5IQRfcCBwTzfKBvMlrURWaaUs4Z8oLqLVHxu1x2vb/2X8bM7a/otibyNE+ZY3AnlweEeN81taSCLzaNtVSw1HceQwljYso8c2D9OrvolS9w9UdDYjEgrD7T/X0h2qTOy9qssnIJVhszZEDF89W7xh+Tv4/xfq1d5qKcSpzgAGCmrwola+xI0i+YzIYbj/KCiKlvGna/+EH+1CK+vJMfAXdITawAusTzJgAxtPOEjFC+jhPvMSggHt7Nt73HWiQrewrMXoUKebYctD0WX6S0ownKB0PuQhI4eBu7Phi5yWNXSDVEfOjDlpq/sW4tCIOijD3cGu1ERrZ1iTR9Cxf/LznFm/iGyasvimmKE9kZieNJWsWIjsEV00wwWeLSAbLcC8z/e9rV+HnVVvNMcs0ZggB9eogF8wvWmJLrzb2JcIxD1fwHsEgmrf2KOy/5Xu7fUhG9ZWaQuX3X0+B2yx1zl4hkR+uopu9eD2ODgChtj76ql4ZgDzhme - INVIDIOUS_HTTP_PROXY_PASSWORD: AgATZABUoDCCkhMHkwqSiIN98lx+IBPdp6LssPl+KDoXYnvOr6jNf+yv79to58oAtwwsyP6ohV3Xo8PFCJwxSwdNkrisfqETjwyfyiD/X6+14Hc1Iel10rA8lLsnwQK4g60qJQYCEzPi30OAkhKcvNT254acP1o2n/SUVpBajG3QUG8omTNKCTDWd6MwlSeCuDdHSS5IojhdzfSZTcSyDcD9unPjan5OAtZdPIipf/lrHFBcPvMcNe1VZJCLNFuWK7V3INiz3mh1e4kwb/CE+W9VxR3pXeVJK4FMAksw5TbO2u4km7R+07ixqlqPHsLqQjDHzvNhKgpcB9+a/bWIMzfQvmMhSz6TTlue2nTc8NgPtjGjciR4k674mLXICvdemyHe6BcePm4N1JsJpB339Wuzsxu/7d8leLyCUc7t8cCF3gb2FwhPwS89jc+Ha6TmXMeN2gf/VESbTH8HRCRWEl6qGFDh8aZNLWU1haIHjEuMWg+7hKu0z+R41MzBgmyTrZwoS8pSEKcdKjFTKMZHRHuk0cSR5fzXVB7FRec+hbFA1wpRRWUppDV01y6OPK9fE2hUmdRLS7Ff/RZWO+21VqRc+RLq2s2HtAknKTKLkwMK0CZa63onkHhjyKR9fVc9i15seMhD4LDKoeEpgqfbT/+U6L4dAf0rB78f+K1nJLSZzIeZyPc3+9RbL0WMOIxhCiGQDziScWwlcdOq - SERVER_SECRET_KEY: AgC9NfljVQ1zx5r5h8Dbg1+quoBKoK/TiJXWIN79oaAzijv84gXyqWC/n0pEjdAkOFUImtBlrvb3gC8BpkWZD2Ptq6sFla5vep/SpevccRfocq51A/MME5jMwn/W+p1n0H3t9asosC3hQuBBCCqyNDlhMujbrWqI1fx7il1nxJfOmxoY2pgHpiXnGlNuay9RS2rm043J+jBlCr4Sfbj6qYvgZF+blTFTRLA1+k4Gs0PVDx64EBu6G8gZ21H2xfHtua3P1Rm92RueQNTKfq+YPtK2Z0wtwJLJATbf/D4NGnhx4WueZvgu2CeBwKFcPV1BBrnj9QYeOhAOLqhccC9RVO3ZIKwryShAq3gPj/h01M/lDEZTwbZ0lbgzO9gFC47l+I/zNYyY+6TFCnX8/gVMn64aypBWXQj/q+Pp/EfqrT3EYnHalqnvW14daAl1bBBDOWbxzSC49X1UhWn6GHJ07eqll0ws1zs3Pq4vNBOA/cgY/J3EQkQx4/Ws37m9Jc400w+9C5ZYDyJVf+Rzj4lDC+yhsdM+K3s7y+rg59r2+3oumkFbjWQMPpDmEvg/6L0y1mtI4OT3lC2fFXtNcvHmMIz0frbnROSBY+toCzv8vzGd35eOx1cVpu4da9Fp61Clrxh/kBhg61wCA3jWK3x5wpcuUyqF7afUlUfsZzf4cb75RRGlVdsekO4Pef+u989kmb1ejrbAEtyLyDWdDQ8w85sN + INVIDIOUS_DB_PASSWORD: AgCDFwDZAoudbkZwCj0IX7ydkpe0MQyrNXx/FpQyckgNKkN+3km2fotUEX+evZ9C7CRYF9AJvEdUXr7bvSVnflKxlHhuhLpqlWBASDmi/+SReVbp1/r5Ndzg8b8GMrGP4ipiiFTB3d/GhklXGqGVsDeLJds2EHDBzZ03jz4yfYMNiFPqwzxNX1xyphZUuM+l27VfHlGgHBQooQyQmTCJVpUtzAZ6cdWpADgLymxgTfuMRR5HE6knG0poHuBspEHpuyYm1pgGa8BiYJ4g8NpgDX1aEDWtPkx7YUrIiLaf0jiSR1UIttmiN2prF3LBfFA8f/A1sHF/KLFc4p55E/MSD0YF6gpiv/JllgEcpEBwlJE5Xp1lk0Q4J4OWlI1vw/fadIAD1jS/RwiW4fd9gRARJ4RAgEGkJ39HPPXAHVgBgdyv+vRC/Dp7/67nYyRvVM/h0kBl/FWN0y7sF6EeKZg5xM1hpOfpoJPhJr9mDCavMkjQvO6NG5O/MrkzFg8+pFsxDpKGXX/pA/O4faLNsDe9B0M7mt/ikwbB7jy6A/9StQ32/Wv0PFkvYTVvhNyK56adOnY70CGRmRDOsHBNnqr9sDfFf6QaWi06AnKaZuZbvTIGZKGDZSkyA1ZpPjcXLnwqt8FGqZX4pS+ur/cMvujB2/vlzPJ8tQjs3Lga/1HewPUlq8XfhmzKOt5DUYq7voiGg/YmfCDLjoZuhWWfkg== + INVIDIOUS_HMAC_KEY: AgC9/Oi2iU843ZGFIZb5y4Ickkw6jitB8djc4RTyjFqxZDGrUuv5uM5mlcqmYTsUZP+dLA/BdyTlhOFq5Rx2RGc0knBCzqY0a9P1z24ITdHsRgEO2lg6qN9Li0r6roLutBluFku1GyQIi8qiAXYbcphW59ZCy5x/OEtsamLRsajP/PX9toXokyhI4MTXpduw7w1U+ARg/N7Kt3+gCidXjNzDkuiMDoeMKVkJFTgXkN7ISn2FELzFe0023subXAk5YYKvd3R/wtLvnljWXDqTNywPz92O9pUlRutcygvCVxADSKt125IVHUfz8SkTAwHyC9y06SLsRCLS+fnaT9gTXood08d64EKfhnqWLMesMzI66Extdiv+jpsMupJtBYzsDKJpiVxrsBISLjkcoc996MrUTPadUs1VHZJYkQO2joYacT8LeUyNN5km0D2lca5TuqqWXRe4xJ2cGl7eaoBkKwT5R1U6DeVdGr59Wkw5gPm32NrM0FgXZHJSFfhgTQwSNO1+wljokuFSAX7PrcmqA0OPIvWvPXHlx7Tbh5Ak0miUOzOfDPLfTJi8sw59KWoy/nNIiWf2weAAN8RxiQqL00XhK6kJxOZ8+lkjRl18SejRJjKcTgDgqFmW+D8w3+02m8ftvAXAdgQhg678f9rl0enjWec+xbUH6LiHX57VjnLtEcq/I/ebhPjeofIZfcMJP+JMEY8wE3DvjkvBYvF3iWe4 + PO_TOKEN: AgA9rJB1ZERNCSa9yoPv1SU6QbLudfghCaEDGxkFLp8RMoibjrhiK7tu79jMk1ItuQo7leJxpf1XMQIFry+8u7v/BU8fDIJ0tS+ozRuLJUMKm3vTJj90wAef4l7KaU3TAQVwPwp25XGFSfZk9UFZq1y0hTVY8TyPMNMSfiSYGt66rH4chC1yG8sSs/7LlFD2vdnHvbKs01mWZa4FlS+YXcteg50EnGNtJ5GQSTC2M+/GFSUrDpa4YA6r4BG4UDvzgPrFTOnBn8XfcsqvsXRnCEsCENMy/e6Fguv8qRz8Z4KbECGkjZBHFX4zJxmc+SI/cESU8J9QD7en3jNCvn9RDL1hgSYAoBJ9eXG1YNFJghnO8oCmx+uQ84iJe9tsDDcifyi8ymZkHWhGd3RWSy/TSNRO155cW9Mrdsb7uVd22zIUYDf2Vjkygq1xX9nMkCSDVltxSGUcQ084vxObuYwAMcGedsQegKzIyq+KuKzRoKFNfS6xBpQeOaeth6+oQj0OlSNFHeuVT1CkB5rnLm3/p2Ex0iJ+W5rMg/F4oGuafUPeKbV2KLwY6UFyr3y8WsUHlkJKhFRRSd5pJpLqNg+olXYUeYcjmnkJ0lx7xHXLXNTuChgu/gjuIOG7oJHU+T45izvvS+s9EhdbSu+J9vXqid9OMJigj3yxhz6Gh4qWfSKdTaazHvPdIAVXGPMoMQdFfE2lKbtoQFCqB6VnP+QgTDcrVYeeg/AOxkSjQIn4Eso6BZtdGHKWuKKXIaVZsv50aeLExxXK/vV1tZGvTtZeIweOK0c7hq+n95jjvcNiOp8GnKFnz0U/WtLgDiYjVEALAY2fOrAdx5Hk0MXB/8xrGISx7xEIZCVo0xT8c2owHdflx9+wUKTQKG8qTtfbFs2GXbdi1VGgrAnqJCSq5xs3P3bI + VISITOR_DATA: AgA6slGkIXiIUwObx0AgxbAdp8hYVUrhiD5OWNRVxNOqdFNDWDHls47WJTg/9hTV5fG3X6tHQb7EoITda9mobKKkoH8rhe/1J5dfkBIjI8buJAq+5Zi898mPsKW7yc9rRq65nWhH55wmYK/WG9b/xaVvggjgEaFgqu8Qob+dVzDTTJN2fo1ALJQ9ZBE8tG/QgBfJNKCu9dZILIOxXHAhQsEqYqIebkjtNcJRhdIYo4HIokK0z55AU5PQ+jXsaSX3juhMUnPc8YlpBbZv+afyKPRw/vcmcleAzejCrKy572JkbvgudumHApyTvjkpNzg6U5umicmuMN7gRHiJzMGAQB+PsvGeb4G5FLRDAVC0AOMCYvTjimwREz5bSt7VhQBZJpNJDRAqZtSoOPJ42gwaT+1LKvj6IwMf5Iic/Vt1XFxGFGGxrZrJwSOMAi+9socDgjBHZtJGjIUUMKrd8T+fhds5n17Gom0xF91+xunclkttZfsG/X+jzzZMqXX/dOQsWDPxHjDbDct6legOg2Aftumg0QIizIae23kmJFtcEBQQzg5+V8eN5x5egVzBGizf1btLKkmY9ZALfafBxXXZXzbxZcLmOvIzFagSNkP25NLzgaYJnS2NY18PJEXIE7IQyFtDPSOC44XdaTttu7SEuIlLzAx76WtE4HnK+beuPZuHXZGYSyPPsGTuQ39fgzjcACH7SL6E7Zjn27bZA/KrlQoyLFZwEu6qZKeAz7ojUJcR+Zm5F2l9jljnDJyWfzHDc9Y= template: metadata: - creationTimestamp: null name: invidious-secrets namespace: default type: Opaque