id.420129/companion-setup
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Update some stuff

Browse source
This commit is contained in:
Minecon724 2025-04-12 10:53:39 +02:00
commit b8a5ade273
Signed by: Minecon724
GPG key ID: A02E6E67AB961189
8 changed files with 86 additions and 24 deletions
Download patch file Download diff file Expand all files Collapse all files

6
.env
View file

@ -7,3 +7,9 @@ IPV6_SUBNET=2001:db8::/32
# IPv6 brackets are not needed!
NGINX_IPV4=203.0.113.1
NGINX_IPV6=2001:db8::1
# The hostname under which companion (well, nginx) is served
DOMAIN=example.com
# Note that you still need to uncomment the lines in docker-compose.yml
GLUETUN=false

24
README.md
View file

@ -1,27 +1,19 @@
1. `git clone --recursive`
1. `./init.sh`
2. Fill in `.env`
3. How do you want to connect to YouTube?
3. Set the companion secret key in `config.toml`
4. How do you want to connect to YouTube?
- If you want to rotate IPv6, consult `.env`
- This rotates your ipv6 to bypass ratelimits. It's only effective with subnets larger than /64, the larger the better.
- You must also install `pyroute2`. It's on pypi or `apt install python3-pyroute2` on debian
- If you want to use gluetun, uncomment everything below `gluetun:` and the two lines `network_mode` and `depends_on`
- If you want to use gluetun:
- uncomment everything below `gluetun:` and the two lines `network_mode` and `depends_on`
- Put `wg0.conf` in the root directory
- If something else, you should know what you're doing
4. Set the companion secret key in `config.toml`
5. cd to `nginx/` and:
- `openssl dhparam -out dhparam.pem 3072` (takes up to a few minutes, you can do other steps in the meantime)
- `openssl req -new -x509 -days 365 -noenc -out snakeoil.pem -keyout snakeoil.key` (keep pressing Enter)
- Edit `conf.d/companion.conf`
6. cd back and `./reset.sh`
7. [Issue a certificate, steps here](/Minecon724/dream-setup/src/branch/master/CERTIFICATE.md)
8. **Schedule `reset.sh`**. This rotates your IP, updates containers, and it's generally a good practice to auto restart. \
5. `./reset.sh`
6. `./issue_cert.sh`
7. **Schedule `reset.sh`**. This rotates your IP, updates containers, and it's generally a good practice to auto restart. \
This restarts every hour:00. You can change it, if you want to. /
If you have multiple companions, you should make them restart at different times.
```
@reboot sleep 30s && cd /opt/invidious-companion/reset.sh
0 * * * * cd /opt/invidious-companion/reset.sh
```
**TODOs**:
- Automate all (well, almost) above
- `reset.sh` only when companion up, currently it brings up no matter what

14
init.sh Executable file
View file

@ -0,0 +1,14 @@
#!/bin/bash
cd "$(dirname "$0")"
. .env
git submodule update --init
echo "Please wait, this will take a few minutes"
openssl dhparam -out nginx/dhparam.pem 3072
openssl req -new -x509 -days 365 -noenc -out nginx/snakeoil.pem -keyout nginx/snakeoil.key -subj "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd"
apt install -y python3-pyroute2
if [ $? -ne 0 ]; then
echo -e "\033[0;31mCouldn't install pyroute2. You must install it manually.\033[0m"
fi

32
issue_cert.sh Executable file
View file

@ -0,0 +1,32 @@
#!/bin/bash
cd "$(dirname "$0")"
. .env
if [ -z "$DOMAIN" ]; then
echo "DOMAIN not set"
exit 1
fi
if (( $(docker compose ps nginx | wc -l) < 2 )); then
echo "Nginx is not running. Did you ./reset.sh?"
exit 1
fi
if (( $(docker compose ps acme | wc -l) < 2 )); then
echo "acme.sh is not running. Did you ./reset.sh?"
exit 1
fi
CERT_DIR=/etc/ssl/$DOMAIN
docker compose exec acme mkdir $CERT_DIR
docker compose exec acme openssl req -new -x509 -days 365 -noenc -out $CERT_DIR/fullchain.pem -keyout $CERT_DIR/key.pem -subj "/C=AU/ST=Some-State/O=Internet Widgits Pty Ltd"
docker compose exec nginx nginx -s reload
docker compose exec acme --issue --server letsencrypt -d $DOMAIN --webroot /var/www/html/$DOMAIN
docker compose exec acme --install-cert -d $DOMAIN --key-file $CERT_DIR/key.pem --fullchain-file $CERT_DIR/fullchain.pem
docker compose exec nginx nginx -s reload
echo "Done, certificate installed"

7
nginx/conf.d/a-vars.conf.tmpl Normal file
View file

@ -0,0 +1,7 @@
# Do not edit this file
set $DOMAIN $PDOMAIN
upstream cu {
server http://$UPST:8282;
}

7
nginx/conf.d/companion.conf
View file

@ -1,10 +1,3 @@
set $DOMAIN example.com # replace this of course
upstream cu {
# s/companion/gluetun if using gluetun
server http://companion:8282;
}
server {
listen 443 ssl;
listen 443 quic;

2
nginx/nginx.conf
View file

@ -13,7 +13,7 @@ http {
default_type application/octet-stream;
# Comment those to enable logging
access_log /dev/null main;
access_log /dev/null;
error_log /dev/null; # most errors are insignificant
server_tokens off;

18
reset.sh
View file

@ -2,11 +2,29 @@
cd "$(dirname "$0")"
. .env
echo "Updating config"
if [ "$GLUETUN" = true ]; then
UPST=gluetun
else
UPST=companion
fi
PDOMAIN=$DOMAIN
envsubst '$PDOMAIN,$UPST' < nginx/conf.d/a-vars.conf.tmpl > nginx/conf.d/a-vars.conf
if [ -n $IPV6_SUBNET ]; then
echo "Rotating IP..."
python3 smart-ipv6-rotator/smart-ipv6-rotator.py run --ipv6range=$IPV6_SUBNET
if [ $? -ne 0 ]; then
echo "Failed to rotate IP, trying again..."
python3 smart-ipv6-rotator/smart-ipv6-rotator.py run --ipv6range=$IPV6_SUBNET
fi
fi
# TODO think about a way to restart only if running
echo "Updating..."
docker compose pull