Setup Invidious

2023-09-17

Podman 

git clone https://github.com/iv-org/invidious
vim docker-compose.yml

Edit the docker-compose.yml file:

version: "3"
services:

  invidious:
    image: quay.io/invidious/invidious:latest
    restart: always
    ports:
      - "127.0.0.1:10421:3000"
    environment:
      INVIDIOUS_CONFIG: |
        db:
          dbname: invidious
          user: invidious
          password: change this
          host: invidious-db
          port: 5432
        check_tables: true
        external_port: 443
        domain: yt.hyperreal.coffee
        https_only: true
        statistics_enabled: true
        hmac_key: "change this" # run `openssl rand -hex 24'        
    healthcheck:
      test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/comments/jNQXAC9IVRw || exit 1
      interval: 30s
      timeout: 5s
      retries: 2
    depends_on:
      - invidious-db

  invidious-db:
    image: docker.io/library/postgres:13
    restart: always
    volumes:
      - postgresdata:/var/lib/postgresql/data:Z
      - ./config/sql:/config/sql:Z
      - ./docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh:Z
    environment:
      POSTGRES_DB: invidious
      POSTGRES_USER: invidious
      POSTGRES_PASSWORD: invidious
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]

volumes:
  postgresdata:
podman-compose up -d

Get the names of the containers created by podman-compose:

podman container list

Generate systemd unit files for those containers:

podman generate systemd -f --new -n invidious_invidious-db_1
podman generate systemd -f --new -n invidious_invidious_1
cp -v container-invidious*.service ~/.config/systemd/user/

Enable the generated systemd services:

podman-compose down
systemctl --user enable --now container-invidious_invidious-db_1.service
systemctl --user enable --now container-invidious_invidious_1.service

Regular installation 

sudo dnf install -y openssl-devel libevent-devel libxml2-devel libyaml-devel gmp-devel readline-devel postgresql librsvg2-devel sqlite-devel zlib-devel gcc

Install Crystal 

dnf config-manager --add-repo https://download.opensuse.org/repositories/devel:languages:crystal/Fedora_38/devel:languages:crystal.repo
dnf install -y crystal

Create invidious user 

useradd -m invidious
su - invidious
git clone https://github.com/iv-org/invidious
exit

Setup PostgreSQL 

systemctl enable --now postgresql
su - postgres
psql
CREATE USER invidious CREATEDB;
ALTER USER invidious WITH PASSWORD 'password';

Ensure the encryption is set to 'scram-sha-256':

SELECT rolpassword FROM pg_authid WHERE rolname = 'invidious';
exit
cd /var/lib/pgsql/data
vim pg_hba.conf
# IPv4 local connections:
host    all   all  127.0.0.1/32    scram-sha-256

# IPv6 local connections:
host    all   all  ::1/128         scram-sha-256
su - invidious
createdb -O invidious invidious
cd invidious
make
cp -v config/config.example.yml config/config.yml
./invidious --migrate
exit

SELinux 

vim invidious.te
module invidious 1.0;

require {
        type user_home_t;
        type init_t;
        type postgresql_port_t;
        type user_tmp_t;
        class tcp_socket name_connect;
        class file { append create open };
}

#============= init_t ==============

allow init_t postgresql_port_t:tcp_socket name_connect;
allow init_t user_home_t:file { append create };
allow init_t user_tmp_t:file open;
checkmodule -M -m -o invidious.mod invidious.te
semodule_package -o invidious.pp -m invidious.mod
semodule -i invidious.pp

Start services 

cp -v /home/invidious/invidious/invidious.service /etc/systemd/system/
systemctl restart postgresql.service
systemctl enable --now invidious.service

Tags: #invidious #nojs #privacy #selfhosting

Enter your instance's address