homelab-docs/scripts/invidious/docker-compose.yml

# Шаблон для /opt/invidious/docker-compose.yml на CT 107
# Секреты в .env (генерируется deploy-invidious-credentials.sh из Vaultwarden).
# .env не коммитить.

services:
  invidious:
    image: quay.io/invidious/invidious:latest
    restart: unless-stopped
    ports:
      - "3000:3000"
    env_file: .env
    environment:
      INVIDIOUS_CONFIG: |
        db:
          dbname: invidious
          user: ${POSTGRES_USER}
          password: ${POSTGRES_PASSWORD}
          host: invidious-db
          port: 5432
          check_tables: true
        invidious_companion:
          - private_url: "http://companion:8282/companion"
        invidious_companion_key: "${INVIDIOUS_COMPANION_KEY}"
        external_port: 443
        domain: "video.katykhin.ru"
        https_only: true
        use_pubsub_feeds: true
        use_innertube_for_captions: true
        hmac_key: "${HMAC_KEY}"
        default_user_preferences:
          default_home: Popular
          dark_mode: "light"
          player_style: "youtube"
          vr_mode: false
          automatic_instance_redirect: false
    healthcheck:
      test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/stats || exit 1
      interval: 30s
      timeout: 5s
      retries: 2
    logging:
      options:
        max-size: "1G"
        max-file: "4"
    depends_on:
      invidious-db:
        condition: service_healthy

  companion:
    image: quay.io/invidious/invidious-companion:latest
    env_file: .env
    environment:
      SERVER_SECRET_KEY: ${INVIDIOUS_COMPANION_KEY}
    restart: unless-stopped
    logging:
      options:
        max-size: "1G"
        max-file: "4"
    cap_drop:
      - ALL
    read_only: true
    volumes:
      - companioncache:/var/tmp/youtubei.js:rw
    security_opt:
      - no-new-privileges:true

  invidious-db:
    image: docker.io/library/postgres:14
    restart: unless-stopped
    volumes:
      - postgresdata:/var/lib/postgresql/data
      - ./config/sql:/config/sql
      - ./docker/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh
    env_file: .env
    environment:
      POSTGRES_DB: invidious
      POSTGRES_USER: ${POSTGRES_USER}
      POSTGRES_PASSWORD: ${POSTGRES_PASSWORD}
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]

volumes:
  postgresdata:
  companioncache: