version: "3.7"
services:
  invidious:
    container_name: invidious
    image: quay.io/invidious/invidious:latest
    restart: unless-stopped
    ports:
      - "${APP_PORT}:3000"
    environment:
      # Please read the following file for a comprehensive list of all available
      # configuration options and their associated syntax:
      # https://github.com/iv-org/invidious/blob/master/config/config.example.yml
      INVIDIOUS_CONFIG: |
        db:
          dbname: invidious
          user: tipi
          password: tipi
          host: invidious-db
          port: 5432
        check_tables: true
        hmac_key: ${INVIDIOUS_HMAC_KEY}
        use_innertube_for_captions: true
        domain: ${APP_DOMAIN}
        external_port: ${INVIDIOUS_EXTERNAL_PORT}
        https_only: ${INVIDIOUS_HTTPS_ONLY}
    healthcheck:
      test: wget -nv --tries=1 --spider http://127.0.0.1:3000/api/v1/trending || exit 1
      interval: 30s
      timeout: 5s
      retries: 2
    networks:
      - tipi_main_network
    labels:
      # Main
      traefik.enable: true
      traefik.http.middlewares.invidious-web-redirect.redirectscheme.scheme: https
      traefik.http.services.invidious.loadbalancer.server.port: 3000
      # Web
      traefik.http.routers.invidious-insecure.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.invidious-insecure.entrypoints: web
      traefik.http.routers.invidious-insecure.service: invidious
      traefik.http.routers.invidious-insecure.middlewares: invidious-web-redirect
      # Websecure
      traefik.http.routers.invidious.rule: Host(`${APP_DOMAIN}`)
      traefik.http.routers.invidious.entrypoints: websecure
      traefik.http.routers.invidious.service: invidious
      traefik.http.routers.invidious.tls.certresolver: myresolver
      # Local domain
      traefik.http.routers.invidious-local-insecure.rule: Host(`invidious.${LOCAL_DOMAIN}`)
      traefik.http.routers.invidious-local-insecure.entrypoints: web
      traefik.http.routers.invidious-local-insecure.service: invidious
      traefik.http.routers.invidious-local-insecure.middlewares: invidious-web-redirect
      # Local domain secure
      traefik.http.routers.invidious-local.rule: Host(`invidious.${LOCAL_DOMAIN}`)
      traefik.http.routers.invidious-local.entrypoints: websecure
      traefik.http.routers.invidious-local.service: invidious
      traefik.http.routers.invidious-local.tls: true

  invidious-db:
    container_name: invidious-db
    image: postgres:14
    restart: unless-stopped
    volumes:
      - ${APP_DATA_DIR}/data/postgres:/var/lib/postgresql/data
      - ${APP_DATA_DIR}/data/init/sql:/config/sql
      - ${APP_DATA_DIR}/data/init/init-invidious-db.sh:/docker-entrypoint-initdb.d/init-invidious-db.sh
    environment:
      POSTGRES_DB: invidious
      POSTGRES_USER: tipi
      POSTGRES_PASSWORD: tipi
    healthcheck:
      test: ["CMD-SHELL", "pg_isready -U $$POSTGRES_USER -d $$POSTGRES_DB"]
    networks:
      - tipi_main_network