Skip to content

Commit

Permalink
nixos/invidious: add option to configure http3-ytproxy for invidious
Browse files Browse the repository at this point in the history
  • Loading branch information
@999eagle
999eagle committed Nov 24, 2023
1 parent 6ae0bab commit ccfda51
Show file tree
Hide file tree
Showing 2 changed files with 67 additions and 0 deletions.
45 changes: 45 additions & 0 deletions nixos/modules/services/web-apps/invidious.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -171,6 +171,34 @@ let
};
};

ytproxyConfig = lib.mkIf cfg.http3-ytproxy.enable {
systemd.services.http3-ytproxy = {
description = "HTTP3 ytproxy for Invidious";
wants = [ "network-online.target" ];
after = [ "network-online.target" ];
wantedBy = [ "multi-user.target" ];

script = ''
mkdir -p socket
exec ${lib.getExe cfg.http3-ytproxy.package};
'';

serviceConfig = {
RestartSec = "2s";
DynamicUser = true;
User = lib.mkIf cfg.nginx.enable config.services.nginx.user;
RuntimeDirectory = "http3-ytproxy";
WorkingDirectory = "/run/http3-ytproxy";
};
};

services.nginx.virtualHosts.${cfg.domain} = lib.mkIf cfg.nginx.enable {
locations."~ (^/videoplayback|^/vi/|^/ggpht/|^/sb/)" = {
proxyPass = "http://unix:/run/http3-ytproxy/socket/http-proxy.sock";
};
};
};

nginxConfig = lib.mkIf cfg.nginx.enable {
services.invidious.settings = {
https_only = config.services.nginx.virtualHosts.${cfg.domain}.forceSSL;
Expand Down Expand Up @@ -353,11 +381,28 @@ in
which can also be used to disable AMCE and TLS.
'';
};

http3-ytproxy = {
enable = lib.mkOption {
type = lib.types.bool;
default = false;
description = lib.mdDoc ''
Whether to enable http3-ytproxy for faster loading of images and video playback.
If {option}`services.invidious.nginx.enable` is used, nginx will be configured automatically. If not, you
need to configure a reverse proxy yourself according to
https://docs.invidious.io/improve-public-instance/#3-speed-up-video-playback-with-http3-ytproxy.
'';
};

package = lib.mkPackageOptionMD pkgs "http3-ytproxy" { };
};
};

config = lib.mkIf cfg.enable (lib.mkMerge [
serviceConfig
localDatabaseConfig
nginxConfig
ytproxyConfig
]);
}
22 changes: 22 additions & 0 deletions nixos/tests/invidious.nix
View file
Original file line number Diff line number Diff line change
Expand Up @@ -53,6 +53,19 @@ import ./make-test-python.nix ({ pkgs, ... }: {
};
networking.hosts."127.0.0.1" = [ "invidious.example.com" ];
};
nginx-scale-ytproxy.configuration = {
services.invidious = {
nginx.enable = true;
http3-ytproxy.enable = true;
domain = "invidious.example.com";
serviceScale = 3;
};
services.nginx.virtualHosts."invidious.example.com" = {
forceSSL = false;
enableACME = false;
};
networking.hosts."127.0.0.1" = [ "invidious.example.com" ];
};
postgres-tcp.configuration = {
services.invidious = {
database = {
Expand Down Expand Up @@ -98,6 +111,15 @@ import ./make-test-python.nix ({ pkgs, ... }: {
machine.succeed("journalctl -eu invidious-1.service | grep -o '200 GET /search'")
machine.succeed("journalctl -eu invidious-2.service | grep -o '200 GET /search'")
activate_specialisation("nginx-scale-ytproxy")
machine.wait_for_unit("http3-ytproxy.service")
machine.wait_for_open_port(80)
machine.wait_until_succeeds("ls /run/http3-ytproxy/socket/http-proxy.sock")
curl_assert_status_code("http://invidious.example.com/search", 200)
# this should error out as no internet connectivity is available in the test
curl_assert_status_code("http://invidious.example.com/vi/dQw4w9WgXcQ/mqdefault.jpg", 502)
machine.succeed("journalctl -eu http3-ytproxy.service | grep -o 'dQw4w9WgXcQ'")
postgres_tcp.wait_for_unit("postgresql.service")
activate_specialisation("postgres-tcp")
machine.wait_for_open_port(port)
Expand Down

0 comments on commit ccfda51

Please sign in to comment.