No description
- Jinja 90%
- Dockerfile 6.3%
- Shell 3.7%
| defaults | ||
| files | ||
| meta | ||
| tasks | ||
| templates | ||
| .gitignore | ||
| README.md | ||
ansible-roles-invidious
This role will deploy a full root-less podman based invidious instance, with supporting database
Task Configuration
Define invidious_url, this will useful in conjunction with a proxy role such as traefik or nginx
Define invidious_path if the container user has a custom homedir such as something under /srv..
There are several other values that should be defined and secured vial ansible vault
- invidious_hmac_key
- invidious_db_pass
- name: Setup proxy and service
hosts: somehost
become: true
roles:
- role: invidious
invidious_url: invidious.somehost.somewhere
invidious_server_listen: 127.0.0.1:3800
invidious_hmac_key: !vault |
$ANSIBLE_VAULT;1.1;AES256
...
invidious_db_pass: !vault |
$ANSIBLE_VAULT;1.1;AES256
...
- role: traefik
traefik_routes:
- name: invidious
host: "{{ invidious_url }}"
srv: "{{ traefik_host_address }}:3800"
- role: firewalld
firewalld_add:
- name: public
services:
- http
- https
forwards:
- port: 80
to: 8080
- port: 443
to: 8443
Deployment and Removal
Sometimes you need to manually stop the running containers to get a clean run when re-deploying Services must be stopped as the respecitve user or another means to aquire the correct user scope for systemd
systemctl --user stop container-traefik.service
systemctl --user stop container-invidious.service
Deploy
ansible-playbook -i hosts site.yml --tags=firewalld,traefik,invidious --limit=somehost
Remove
ansible-playbook -i hosts site.yml --tags=firewalld,traefik,invidious --extra-vars "container_state=absent firewall_action=remove" --limit=somehost