Commit Graph

44 Commits (5a59bd99984e65776f4bfd9ce258e306488eb404)

Author SHA1 Message Date
Maykin-99 a0fe229c7a
make assets, config and locales readable only
Maykin-99 f876cd5a6a
Revert "Set correct permissions in Dockerfile"
Maykin-99 074df7637b
Set correct permissions in Dockerfile
When having a `umask` of `xx7` (e.g. `027`) on the host machine then the directories `assets`, `config` and `locales` don't become readable to the `invidious` user inside the Docker container since the `COPY` commands result in files owned by `root` with the same file permissions like on the host (`640` in my case).

By adding `--chown=invidious` to the `COPY` command we ensure the `invidious` user can read these files.
Perflyst c0063ea09b
Add yaml-static as build dependency
Emilien Devos 3035f0119f Revert "Bump dependencies"
This reverts commit abe283b38e.
saltycrys abe283b38e Bump dependencies
saltycrys 689795e8bc Update to Crystal 0.36.1
saltycrys 5311683d43 Update to Crystal 0.36.0
Crystal versions below `0.36.0` are no longer supported.
saltycrys c5136ca4d6 Download liblsquic.a from iv-org/liblsquic-static-alpine
This only affects Docker installs.
Regular builds still use the binary shipped with `lsquic.cr`.
Slinky-Wrangle-Punch a291b29c6f
add EXPOSE port command in Dockerfile ()
added EXPOSE (see https://docs.docker.com/engine/reference/builder/#expose) in the Dockerfile. With this the reverse proxy Traefik can detect the port automatically.
saltycrys b566c4ba1a
Untrack config.yml ()
* Untrack config.yml

`config/config.yml` has been untracked and moved to `config/config.example.yml`.

The Dockerfile has been updated to copy all `config/config.*` files and to try
to move `config/config.example.yml` to `config/config.yml`. If a user supplied
`config/config.yml` exists it is not overwritten.

* Update Dockerfile to use `shard.lock`

* Fix tests
resttime ccbbe81141 Use bash in the shebang
Sandro Jäckel e16d951da0
Create postgres user to avoid fatal warning
Sandro Jäckel 7b2b19b4ba
Remove empty Dockerfile
Sandro Jäckel 8ebfaed546
Remove no longer needed POSTGRES_HOST_AUTH_METHOD
Sandro Jäckel 0b52d52f4a
Use inbuilt init script
Sandro Jäckel 6901d10d54
Set magic ENV varialbes for user, default DB
instead of doing it ourselves
Omar Roth b73c6e94c0
Bump docker dependencies
Sandro bf2bd519eb
Switch to official crystallang alpine image ()
* Switch to official crystal-lang alpine image
Omar Roth 8305af8f10
Update docker build
tleydxdy bd2c7e3bb9
Verify download, fix invidious file permission ()
* Fix docker
Omar Roth 61150c74d2
Move privacy type into playlists.sql
leonklingele c80c5631f0
docker: do not require password for PostgreSQL superuser, docker,kubernetes: create "privacy" type before using it, travis: do not run "docker-compose up" in detached mode ()
* docker: do not require password for PostgreSQL superuser

A password is now required by the postgres Docker image which makes
initial setup (and our CI build) fail with the following error:

    postgres_1   | Error: Database is uninitialized and superuser password is not specified.
    postgres_1   |        You must specify POSTGRES_PASSWORD for the superuser. Use
    postgres_1   |        "-e POSTGRES_PASSWORD=password" to set it in "docker run".
    postgres_1   |
    postgres_1   |        You may also use POSTGRES_HOST_AUTH_METHOD=trust to allow all connections
    postgres_1   |        without a password. This is *not* recommended. See PostgreSQL
    postgres_1   |        documentation about "trust":
    postgres_1   |        https://www.postgresql.org/docs/current/auth-trust.html

See https://github.com/docker-library/postgres/issues/681.

* docker,kubernetes: create PostgreSQL "privacy" type before using it

Fixes the following error when setting up the database:

    postgres_1   | 2020-02-21 01:01:22.371 UTC [172] ERROR:  type "privacy" does not exist at character 200
    postgres_1   | 2020-02-21 01:01:22.371 UTC [172] STATEMENT:  CREATE TABLE public.playlists
    postgres_1   | 	(
    postgres_1   | 	    title text,
    postgres_1   | 	    id text primary key,
    postgres_1   | 	    author text,
    postgres_1   | 	    description text,
    postgres_1   | 	    video_count integer,
    postgres_1   | 	    created timestamptz,
    postgres_1   | 	    updated timestamptz,
    postgres_1   | 	    privacy privacy,
    postgres_1   | 	    index int8[]
    postgres_1   | 	);
    postgres_1   | ERROR:  type "privacy" does not exist
    postgres_1   | LINE 10:     privacy privacy,

* travis: do not run "docker-compose up" in detached mode

Rather, allow database to finish its setup procedure and grant
Invidious time to launch.
Omar Roth 9de57021a3
Update postgres setup
Omar Roth 28669d940a
Remove --release from dockerfile
tleydxdy ae24360c02
Proper fix for docker build
return to static linking
Omar Roth d46b26e3bc
Use QUIC for connections to YouTube
tleydxdy 37766347a5
Fix docker build for now
Omar Roth f776d67c03
Update sed replace in Dockerfile
Omar Roth 0f3c477ff3
Remove dependency on ImageMagick (replace with rsvg-convert)
Omar Roth 039cc30c07
Fix host replace in Dockerfile
Tommy d82f86dcd9 Update entrypoint.postgres.sh ()
* Update entrypoint.postgres.sh
Leon Klingele b25013c4a2
docker,travis: fail build on any warning
gnomus 3c40c0be6b Update Package Repository for Install
tleydxdy b902880a05 fix docker build ()
Leon Klingele 567cda4cd3
docker: use alpine:edge base image for building
This fixes currently failing Docker builds.
kemalcr/kemal in version 0.26.0 requires Crystal 0.30.0 which is not
yet available on Alpine 3.10 (previously used as the Docker base image).
Leon Klingele ea39bb4334
docker: various improvements to Dockerfile
This includes the following changes:

- Use multi-stage build to run application in an optimized environment, see
  https://docs.docker.com/develop/develop-images/multistage-build/
- Run application on alpine instead of archlinux to further reduce image size
- Build Crystal application with --release for improved runtime performance
- Run application as non-root user for better security, see
  https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user
- Only rebuild Docker layers when required
Omar Roth e3f37c14db Add glibc to Docker dependencies
Omar Roth 3bcb98e644 Add config option to cache annotations from IA
Omar Roth c5001f3620 Add role to psql scripts
Omar Roth 2a643e86bc Update dockerfile
Omar Roth a384f6e5fd Add migrate script and update README
Omar Roth 4c77908bb4 Update postgres entrypoint for docker image
flourgaz 71a99542fe basic docker-compose cluster