Simplify

README.md

@@ -1,16 +1,10 @@
-1. `./init.sh`
-2. Fill in `.env`
-3. Set the companion secret key in `config.toml`
-4. How do you want to connect to YouTube?
-   - If you want to rotate IPv6, consult `.env`
-     - This rotates your ipv6 to bypass ratelimits. It's only effective with subnets larger than /64, the larger the better.
-   - If you want to use gluetun:
-     - uncomment everything below `gluetun:` and the two lines `network_mode` and `depends_on`
-     - Put `wg0.conf` in the root directory
-   - If something else, you should know what you're doing
-5. `./reset.sh`
-6. `./issue_cert.sh`
-7. **Schedule `reset.sh`**. This rotates your IP, updates containers, and it's generally a good practice to auto restart. \
+1. Fill in `.env`
+2. If you want to use gluetun:
+   - in `docker-compose.yml`, uncomment everything under `gluetun:` and the two lines `network_mode` and `depends_on`
+    - Put `wg0.conf` in the root directory
+3. Set up nameservers (records pointing to companion) and wait until it's live
+4. `./install.sh`
+5. **Schedule `reset.sh`**. This rotates your IP, updates containers, and it's generally a good practice to auto restart. \
    This restarts every hour:00. You can change it, if you want to. /
    If you have multiple companions, you should make them restart at different times.
    ```

install.sh

@@ -1,5 +1,6 @@
 #!/bin/bash
 cd "$(dirname "$0")"
+. .env
 
 git submodule update --init
 
@@ -11,3 +12,23 @@ apt install -y python3-pyroute2
 if [ $? -ne 0 ]; then
   echo -e "\033[0;31mCouldn't install pyroute2. You must install it manually.\033[0m"
 fi
+
+echo "Issuing certificate..."
+
+CERT_DIR=/etc/ssl/$DOMAIN
+
+docker compose up -d acme
+
+docker compose exec acme mkdir $CERT_DIR
+docker compose exec acme ln -s /etc/nginx/snakeoil.key $CERT_DIR/key.pem
+docker compose exec acme ln -s /etc/nginx/snakeoil.pem $CERT_DIR/fullchain.pem
+
+docker compose up -d nginx
+
+./scripts/issue_cert.sh
+
+docker compose down
+
+echo "Setup done"
+
+./reset.sh

issue_cert.sh

@@ -1,32 +0,0 @@
-#!/bin/bash
-cd "$(dirname "$0")"
-. .env
-
-if [ -z "$DOMAIN" ]; then
-  echo "DOMAIN not set"
-  exit 1
-fi
-
-if (( $(docker compose ps nginx | wc -l) < 2 )); then
-  echo "Nginx is not running. Did you ./reset.sh?"
-  exit 1
-fi
-
-if (( $(docker compose ps acme | wc -l) < 2 )); then
-  echo "acme.sh is not running. Did you ./reset.sh?"
-  exit 1
-fi
-
-
-CERT_DIR=/etc/ssl/$DOMAIN
-
-docker compose exec acme mkdir $CERT_DIR
-
-docker compose exec acme openssl req -new -x509 -days 365 -noenc -out $CERT_DIR/fullchain.pem -keyout $CERT_DIR/key.pem -subj "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd"
-docker compose exec nginx nginx -s reload
-
-docker compose exec acme --issue --server letsencrypt -d $DOMAIN --webroot /var/www/html/$DOMAIN
-docker compose exec acme --install-cert -d $DOMAIN --key-file $CERT_DIR/key.pem --fullchain-file $CERT_DIR/fullchain.pem
-docker compose exec nginx nginx -s reload
-
-echo "Done, certificate installed"

nginx/conf.d/a-vars.conf.tmpl

@@ -1,7 +0,0 @@
-# Do not edit this file
-
-set $DOMAIN $PDOMAIN
-
-upstream cu {
-    server http://$UPST:8282;
-}

nginx/conf.d/companion.conf.tmpl

@@ -12,7 +12,7 @@ server {
     proxy_max_temp_file_size 0; 
 
     location / {
-        proxy_pass http://cu;
+        proxy_pass http://$UPSTREAM:8282;
         proxy_set_header X-Forwarded-For $remote_addr;
         proxy_set_header Host $host;    # so Invidious knows domain
         proxy_http_version 1.1;
@@ -21,7 +21,7 @@ server {
     }
 
     location /youtubei/v1/player {
-        proxy_pass http://cu;
+        proxy_pass http://$UPSTREAM:8282;
     }
 
     location /.well-known/acme-challenge {

reset.sh

@@ -5,13 +5,14 @@ cd "$(dirname "$0")"
 echo "Updating config"
 
 if [ "$GLUETUN" = true ]; then
-  UPST=gluetun
+  export UPSTREAM=gluetun
 else
-  UPST=companion
+  export UPSTREAM=companion
 fi
 
-PDOMAIN=$DOMAIN
-envsubst '$PDOMAIN,$UPST' < nginx/conf.d/a-vars.conf.tmpl > nginx/conf.d/a-vars.conf
+echo -e "# Don't edit this file. Edit the .tmpl file\n\n" > nginx/conf.d/companion.conf
+DOMAIN=$DOMAIN envsubst '$DOMAIN,$UPSTREAM' < nginx/conf.d/companion.conf.tmpl >> nginx/conf.d/companion.conf
+
 
 
 if [ -n "$IPV6_SUBNET" ]; then

scripts/issue_cert.sh

@@ -0,0 +1,11 @@
+#!/bin/bash
+cd "$(dirname "$0")"
+. ../.env
+
+CERT_DIR=/etc/ssl/$DOMAIN
+
+docker compose exec acme --issue --server letsencrypt -d $DOMAIN --webroot /var/www/html/$DOMAIN
+docker compose exec acme --install-cert -d $DOMAIN --key-file $CERT_DIR/key.pem --fullchain-file $CERT_DIR/fullchain.pem
+docker compose exec nginx nginx -s reload
+
+echo "Certificate installed"