amr/infrastructure
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

revert: restore infrastructure.org to before Tube Archivist changes

Browse Source
This commit is contained in:
Hermes
2026-05-16 22:55:13 +00:00
parent 90806408b3
commit 37f891c923
1 changed files with 1 additions and 112 deletions
Download Patch File Download Diff File Expand all files Collapse all files

113
infrastructure.org
View File

@@ -588,18 +588,6 @@ http:
- security-headers@file
- traefik-bouncer@file
tubearchivist:
rule: "Host(`tubearchivist.gharbeia.net`)"
service: tubearchivist-internal
entryPoints:
- secureweb
tls:
certResolver: letsencrypt
middlewares:
- authentik-forwardauth@file
- security-headers@file
- traefik-bouncer@file
guacamole:
rule: "Host(`guacamole.gharbeia.net`)"
service: guacamole-internal
@@ -725,10 +713,6 @@ http:
loadBalancer:
servers:
- url: http://audiobookshelf:13378
tubearchivist-internal:
loadBalancer:
servers:
- url: http://tubearchivist:8000
guacamole-internal:
loadBalancer:
servers:
@@ -876,12 +860,11 @@ include:
- services/stash.yaml
- services/tdarr.yaml
- services/tdarr-node.yaml
- services/tubearchivist.yaml
- services/audiobookshelf.yaml
- services/whisparr.yaml
#+END_SRC
All 44 services are organized alphabetically by category in the include list.
All 43 services are organized alphabetically by category in the include list.
The order matters for startup dependencies: infrastructure services (gluetun,
postgresql, valkey, authentik, traefik) come first.
@@ -1200,90 +1183,6 @@ services:
- /docker/appdata/unbound/unbound.conf:/opt/unbound/etc/unbound/unbound.conf:ro
#+END_SRC
** Tube Archivist — YouTube Archiving
Tube Archivist downloads and indexes YouTube channels, playlists, and
videos. It provides full-text search, metadata browsing, and automatic
subscription updates via a web UI. The stack has three containers:
- =tubearchivist= (main app) — Django-based web UI on port 8000
- =tubearchivist-es= — Elasticsearch 8.17 for metadata storage + search
- =tubearchivist-redis= — Redis for Celery task queue
Tube Archivist does NOT need VPN routing (it reaches YouTube directly).
#+BEGIN_SRC yaml :tangle /docker/compose/services/tubearchivist.yaml
services:
tubearchivist:
image: bbilly1/tubearchivist:latest
container_name: tubearchivist
restart: unless-stopped
networks:
- networking
ports:
- ${WEBUI_PORT_TUBEARCHIVIST:-8000}:8000
environment:
- TZ=${TIMEZONE:?err}
- TA_USERNAME=${TA_USERNAME:?err}
- TA_PASSWORD=${TA_PASSWORD:?err}
- ES_URL=http://tubearchivist-es:9200
- REDIS_CON=redis://tubearchivist-redis:6379
- HOST_UID=${PUID:?err}
- HOST_GID=${PGID:?err}
- ELASTIC_PASSWORD=tubearchivist
- TA_HOST=tubearchivist.gharbeia.net
volumes:
- ${FOLDER_FOR_DATA:?err}/tubearchivist/media:/youtube
- ${FOLDER_FOR_DATA:?err}/tubearchivist/cache:/cache
depends_on:
tubearchivist-es:
condition: service_healthy
tubearchivist-redis:
condition: service_healthy
labels:
- traefik.enable=true
- traefik.http.routers.tubearchivist.service=tubearchivist
- traefik.http.routers.tubearchivist.rule=Host(`tubearchivist.${CLOUDFLARE_DNS_ZONE:?err}`)
- traefik.http.routers.tubearchivist.entrypoints=tunnel
- traefik.http.routers.tubearchivist.middlewares=authentik-forwardauth@file,security-headers@file,traefik-bouncer@file
- traefik.http.services.tubearchivist.loadbalancer.server.scheme=http
- traefik.http.services.tubearchivist.loadbalancer.server.port=8000
tubearchivist-es:
image: docker.elastic.co/elasticsearch/elasticsearch:8.17.0
container_name: tubearchivist-es
restart: unless-stopped
networks:
- networking
environment:
- discovery.type=single-node
- ES_JAVA_OPTS=-Xms512m -Xmx512m
- xpack.security.enabled=false
- path_repo=/usr/share/elasticsearch/data/snapshot
volumes:
- ${FOLDER_FOR_DATA:?err}/tubearchivist/es:/usr/share/elasticsearch/data
healthcheck:
test: curl -s http://localhost:9200/_cluster/health | grep -vq '"status":"red"'
interval: 30s
timeout: 10s
retries: 3
tubearchivist-redis:
image: redis:7-alpine
container_name: tubearchivist-redis
restart: unless-stopped
networks:
- networking
command: --save 60 1 --loglevel warning
volumes:
- ${FOLDER_FOR_DATA:?err}/tubearchivist/redis:/data
healthcheck:
test: redis-cli ping | grep PONG
interval: 30s
timeout: 10s
retries: 3
#+END_SRC
** Remaining Services
The following services follow the same pattern as those documented above.
@@ -1310,7 +1209,6 @@ definition, environment, volumes, and Traefik labels.
- =qbittorrent.yaml, sabnzbd.yaml= — Torrent and usenet clients
- =stash.yaml= — Adult content library manager
- =tdarr.yaml, tdarr-node.yaml= — Media transcoding automation
- =tubearchivist.yaml= — YouTube archiving (Tube Archivist)
- =audiobookshelf.yaml= — Audiobook and podcast server
* .env Configuration
@@ -1323,18 +1221,9 @@ Key variables:
- =CLOUDFLARE_DNS_ZONE= (=gharbeia.net=) is used in all Traefik routes
- =PUID= and =PGID= control file ownership (1000:1000)
- =TUNNEL_TOKEN= is the Cloudflare tunnel auth token (managed externally)
- =TA_USERNAME= and =TA_PASSWORD= — Tube Archivist admin credentials
* LOGBOOK
** [2026-05-16 Sat 21:40] Tube Archivist added to infrastructure
- Added tubearchivist.yaml service fragment (3 containers: tubearchivist + ES 7.17 + Redis)
- Added Traefik secureweb router + service entry in traefik-internal.yaml
- Added tunnel router via Docker labels for external access through Cloudflare
- Added to master compose include list (service #44)
- Added TA_USERNAME and TA_PASSWORD to .env reference
- NOTE: traefik-internal-noauth.yaml must be updated manually on production-1
** [2026-05-15 Thu 09:30] Jellyfin SSO fixed — KnownProxies and Two-Step Flow
- Root cause: Jellyfin's empty KnownProxies caused SSO plugin to use HTTP
base URL, breaking the JavaScript two-step auth flow (iframe/POST/redirect)