diff --git a/.github/workflows/piped.yml b/.github/workflows/piped.yml deleted file mode 100644 index 45dcb98..0000000 --- a/.github/workflows/piped.yml +++ /dev/null @@ -1,47 +0,0 @@ -name: deploy-piped - -on: - push: - paths: - - '.github/workflows/piped.yml' - - 'piped/**' - branches: [main] - workflow_dispatch: - -jobs: - deploy: - runs-on: ubuntu-latest - environment: - name: piped - url: https://piped.aosus.link - steps: - - name: checkout - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Tailscale - uses: tailscale/github-action@7a0b30ed3517c2244d1330e39467b95f067a33bd - with: - oauth-client-id: ${{ secrets.TAILSCALE_CLIENT_ID }} - oauth-secret: ${{ secrets.TAILSCALE_SECRET }} - tags: tag:deploy-ci - hostname: Github-actions - version: ${{ vars.TAILSCALE_VERSION }} - - - name: Add secrets to config files - env: - POSTGRES_PASSWORD: ${{ secrets.piped_postgres_password }} - run: | - sed -i "s|(piped_postgres_password)|$POSTGRES_PASSWORD|g" $GITHUB_WORKSPACE/piped/config.properties - sed -i "s|(piped_postgres_password)|$POSTGRES_PASSWORD|g" $GITHUB_WORKSPACE/piped/docker-compose.yml - - - name: Start Deployment - uses: FarisZR/docker-compose-gitops-action@v1.0.1 - with: - remote_docker_host: ${{ secrets.server_address }} - tailscale_ssh: true # no need for manual private and public keys - upload_directory: true # upload docker directory - docker_compose_directory: piped # directory to upload - compose_file_path: piped/docker-compose.yml - args: -p piped up -d --remove-orphans \ No newline at end of file diff --git a/caddy/configs/piped.caddyfile b/caddy/configs/piped.caddyfile deleted file mode 100644 index 9035c66..0000000 --- a/caddy/configs/piped.caddyfile +++ /dev/null @@ -1,83 +0,0 @@ -(piped-global) { - header { - # disable FLoC tracking - Permissions-Policy interest-cohort=() - - # enable HSTS - Strict-Transport-Security max-age=31536000; - - # keep referrer data off - Referrer-Policy no-referrer - } -} - -piped.aosus.link { - # aosus settings - respond /robots.txt 200 { - body "User-agent: * -Disallow: /" - } - handle_errors { - # handle_errors is only triggerd on erros from Caddy and not the proxy, that's why we don't specifiy any errors here. - rewrite * /proxy_error_page.html - file_server { - root /srv/ - } - } - header { - X-Robots-Tag "noindex, noarchive, nofollow, nosnippet" - X-XSS-Protection "1; mode=block" - } - # end aosus settings - reverse_proxy pipedfrontend:80 - import piped-global - encode zstd gzip -} - -api.piped.aosus.link { - # aosus settings - respond /robots.txt 200 { - body "User-agent: * -Disallow: /" - } - header { - X-Robots-Tag "noindex, noarchive, nofollow, nosnippet" - X-XSS-Protection "1; mode=block" - } - # end aosus settings - reverse_proxy piped-nginx:80 - import piped-global - encode zstd gzip -} - -proxy.piped.aosus.link { - @ytproxy path /videoplayback* /api/v4/* /api/manifest/* - import piped-global - # aosus settings - respond /robots.txt 200 { - body "User-agent: * -Disallow: /" - } - header { - X-Robots-Tag "noindex, noarchive, nofollow, nosnippet" - X-XSS-Protection "1; mode=block" - } - # end aosus settings - route { - header @ytproxy { - Cache-Control private always - } - - header / { - Cache-Control "public, max-age=604800" - } - - reverse_proxy unix//var/run/ytproxy/actix.sock { - header_up -CF-Connecting-IP - header_up -X-Forwarded-For - header_down -etag - header_down -alt-svc - } - } - encode zstd gzip -} diff --git a/piped/config.properties b/piped/config.properties deleted file mode 100644 index 5a2475e..0000000 --- a/piped/config.properties +++ /dev/null @@ -1,41 +0,0 @@ -# The port to Listen on. -PORT: 8080 - -# The number of workers to use for the server -HTTP_WORKERS: 8 - -# Proxy -PROXY_PART: https://proxy.piped.aosus.link - -# Outgoing HTTP Proxy - eg: 127.0.0.1:8118 -#HTTP_PROXY: 127.0.0.1:8118 - -# Captcha Parameters -#CAPTCHA_BASE_URL: https://api.capmonster.cloud/ -#CAPTCHA_API_KEY: INSERT_HERE - -# Public API URL -API_URL: https://api.piped.aosus.link - -# Public Frontend URL -FRONTEND_URL: https://piped.aosus.link - -# Enable haveibeenpwned compromised password API -COMPROMISED_PASSWORD_CHECK: true - -# Disable Registration -DISABLE_REGISTRATION: false - -# Feed Retention Time in Days -FEED_RETENTION: 30 - -# Hibernate properties -hibernate.connection.url: jdbc:postgresql://postgres:5432/piped -hibernate.connection.driver_class: org.postgresql.Driver -hibernate.dialect: org.hibernate.dialect.PostgreSQLDialect -hibernate.connection.username: piped -hibernate.connection.password: (piped_postgres_password) - -# Frontend configuration -frontend.statusPageUrl:https://status.aosus.org -frontend.donationUrl:https://opencollective.com/aosus \ No newline at end of file diff --git a/piped/config/nginx.conf b/piped/config/nginx.conf deleted file mode 100644 index a4cfa4f..0000000 --- a/piped/config/nginx.conf +++ /dev/null @@ -1,31 +0,0 @@ -user root; -worker_processes auto; - -error_log /var/log/nginx/error.log notice; -pid /var/run/nginx.pid; - - -events { - worker_connections 1024; -} - - -http { - include /etc/nginx/mime.types; - default_type application/octet-stream; - - log_format main '$remote_addr - $remote_user [$time_local] "$request" ' - '$status $body_bytes_sent "$http_referer" ' - '"$http_user_agent" "$http_x_forwarded_for"'; - - access_log /var/log/nginx/access.log main; - - sendfile on; - tcp_nodelay on; - - keepalive_timeout 65; - - resolver 127.0.0.11 ipv6=off valid=10s; - - include /etc/nginx/conf.d/*.conf; -} diff --git a/piped/config/pipedapi.conf b/piped/config/pipedapi.conf deleted file mode 100644 index 1f673f3..0000000 --- a/piped/config/pipedapi.conf +++ /dev/null @@ -1,15 +0,0 @@ -proxy_cache_path /tmp/pipedapi_cache levels=1:2 keys_zone=pipedapi:4m max_size=2g inactive=60m use_temp_path=off; - -server { - listen 80; - server_name api.piped.aosus.link; - - set $backend "http://piped:8080"; - - location / { - proxy_cache pipedapi; - proxy_pass $backend; - proxy_http_version 1.1; - proxy_set_header Connection "keep-alive"; - } -} diff --git a/piped/config/pipedfrontend.conf b/piped/config/pipedfrontend.conf deleted file mode 100644 index bd1d0b7..0000000 --- a/piped/config/pipedfrontend.conf +++ /dev/null @@ -1,12 +0,0 @@ -server { - listen 80; - server_name piped.aosus.link; - - set $backend "http://pipedfrontend:80"; - - location / { - proxy_pass $backend; - proxy_http_version 1.1; - proxy_set_header Connection "keep-alive"; - } -} diff --git a/piped/config/pipedproxy.conf b/piped/config/pipedproxy.conf deleted file mode 100644 index 53fd217..0000000 --- a/piped/config/pipedproxy.conf +++ /dev/null @@ -1,14 +0,0 @@ -server { - listen 80; - server_name proxy.piped.aosus.link; - - location ~ (/videoplayback|/api/v4/|/api/manifest/) { - include snippets/ytproxy.conf; - add_header Cache-Control private always; - } - - location / { - include snippets/ytproxy.conf; - add_header Cache-Control "public, max-age=604800"; - } -} diff --git a/piped/config/ytproxy.conf b/piped/config/ytproxy.conf deleted file mode 100644 index 4fd36f1..0000000 --- a/piped/config/ytproxy.conf +++ /dev/null @@ -1,18 +0,0 @@ -proxy_buffering on; -proxy_buffers 1024 16k; -proxy_set_header X-Forwarded-For ""; -proxy_set_header CF-Connecting-IP ""; -proxy_hide_header "alt-svc"; -sendfile on; -sendfile_max_chunk 512k; -tcp_nopush on; -aio threads=default; -aio_write on; -directio 16m; -proxy_hide_header Cache-Control; -proxy_hide_header etag; -proxy_http_version 1.1; -proxy_set_header Connection keep-alive; -proxy_max_temp_file_size 32m; -access_log off; -proxy_pass http://unix:/var/run/ytproxy/actix.sock; diff --git a/piped/docker-compose.yml b/piped/docker-compose.yml deleted file mode 100644 index f946161..0000000 --- a/piped/docker-compose.yml +++ /dev/null @@ -1,116 +0,0 @@ -networks: - default: - enable_ipv6: true - ipam: - config: - - subnet: 2001:db8:2::/64 - web: - external: true - -services: - pipedfrontend: - image: 1337kavin/piped-frontend:latest@sha256:0debb99c760ca3a875fb5656e73570ad6a30c3b036969386d410d888d50d1706 - restart: always - container_name: pipedfrontend - depends_on: - - piped - entrypoint: ash -c 'sed -i s/pipedapi.kavin.rocks/api.piped.aosus.link/g /usr/share/nginx/html/assets/* && /docker-entrypoint.sh && nginx -g "daemon off;"' - networks: - web: - - piped-proxy: - image: 1337kavin/piped-proxy:latest@sha256:3f71c7976dbbf498469ecd2ace6b67a68591ac898f128169a0163d6f3604d1f2 - container_name: piped-proxy - restart: always - environment: - - UDS=1 - volumes: - - piped-proxy:/app/socket - - piped: - image: 1337kavin/piped:latest@sha256:e9938cdda0745c4986d4add0f255777d3989849b851f290d94a4ab2b21c25384 - container_name: piped - restart: always - configs: - - source: piped - target: /app/config.properties - depends_on: - - postgres - - nginx: - image: nginx:mainline-alpine@sha256:a5127daff3d6f4606be3100a252419bfa84fd6ee5cd74d0feaca1a5068f97dcf - restart: always - container_name: piped-nginx - volumes: - - piped-proxy:/var/run/ytproxy - configs: - - source: nginx - target: /etc/nginx/nginx.conf - - source: pipedapi - target: /etc/nginx/conf.d/pipedapi.conf - - source: pipedproxy - target: /etc/nginx/conf.d/pipedproxy.conf - - source: pipedfrontend - target: /etc/nginx/conf.d/pipedfrontend.conf - - source: ytproxy - target: /etc/nginx/snippets/ytproxy.conf - depends_on: - - piped - - piped-proxy - - pipedfrontend - networks: - - default - - web - - postgres: - image: postgres:15.8-alpine@sha256:620dc79c45816cff4f38f0b49c71f15a3bc6bab9439ba1eea3a76d23ebcf1e4d - container_name: piped-postgres - restart: always - volumes: - - postgres:/var/lib/postgresql/data:rw - environment: - - POSTGRES_DB=piped - - POSTGRES_USER=piped - - POSTGRES_PASSWORD=(piped_postgres_password) - -# schedule ipv6 rotations - ofelia: - image: mcuadros/ofelia:latest@sha256:8687b188a076ee93662b16d77486ea8ad476158fa178fdeaae8c2ef3198d18e9 - configs: - - source: ofelia - target: /etc/ofelia.ini - command: daemon --config=/etc/ofelia.ini - volumes: - - /var/run/docker.sock:/var/run/docker.sock:ro - -# automatically rotate IPV6 address used to comunicate with google - smart-ipv6-rotator: - image: quay.io/invidious/smart-ipv6-rotator@sha256:140250d7ff223d573535a153146e9dda5837e44eb47bd22fec4f7837a0e64322 - container_name: smart-ipv6-rotator - privileged: true - userns_mode: host - network_mode: host - volumes: - - /home/aosus/piped/ipv6-rotator:/tmp:rw - command: run --ipv6range=2a03:4000:5d:b9::/64 - -volumes: - postgres: - piped-proxy: - - -configs: - nginx: - file: /home/aosus/piped/config/nginx.conf - pipedapi: - file: /home/aosus/piped/config/pipedapi.conf - pipedproxy: - file: /home/aosus/piped/config/pipedproxy.conf - pipedfrontend: - file: /home/aosus/piped/config/pipedfrontend.conf - ytproxy: - file: /home/aosus/piped/config/ytproxy.conf - piped: - file: /home/aosus/piped/config.properties - ofelia: - file: /home/aosus/piped/ofelia.ini \ No newline at end of file diff --git a/piped/ofelia.ini b/piped/ofelia.ini deleted file mode 100644 index edb0302..0000000 --- a/piped/ofelia.ini +++ /dev/null @@ -1,4 +0,0 @@ -[job-run "rotate-v6-address-piped"] -schedule = @every 2h -container = smart-ipv6-rotator -command = run --ipv6range=2a03:4000:5d:b9::/64 \ No newline at end of file