Closed Banh-Canh closed 3 weeks ago
INVIDIOUS_DB_HOST
does not exists on Invidious code. You can instead use the INVIDIOUS_CONFIG
env variable to set the configuration plus an external hidden .env
file where all the secrets are stored. I don't know if kubernetes is able to do that, but docker compose can.
Here is an example: https://git.nadeko.net/Fijxu/docker-compose-configs/src/branch/master/invidious/invidious/docker-compose.yml#L26
INVIDIOUS_DB_HOST
does not exists on Invidious code. You can instead use theINVIDIOUS_CONFIG
env variable to set the configuration plus an external hidden.env
file where all the secrets are stored. I don't know if kubernetes is able to do that, but docker compose can. Here is an example: https://git.nadeko.net/Fijxu/docker-compose-configs/src/branch/master/invidious/invidious/docker-compose.yml#L26
I know about the .env. But even then, it's really bad practice to then hide the full config when I only want to hide as a kubernetes secrets/docker secret one value. It's not too flexible this way..
I linked the PR in my opening post, i'm not versed in this language so I can't tell for sure but it did claim to allow configuring Invidious with environment variables. But in practice it didn't work so, the code out there seems dead :/
The environment variables are automatically generated from the names in config.yml
, for instance https_only
becomes INVIDIOUS_HTTPS_ONLY
. Howerver, it only applies to the first level of config options (INVIDIOUS_DB_HOST
does NOT set db:host
).
To provide only the database settings using environment variables, you can either pass the full database URL as a string, like so (don't forget to URL encode your username/password if needed):
environment:
INVIDIOUS_DATABASE_URL: "postgres://user:pass@localhost:5432/invidious"
or pass the db
sub-section as YAML, like you'd do with INVIDIOUS_CONFIG
:
environment:
INVIDIOUS_DB: |
user: kemal
password: kemal
host: localhost
port: 5432
dbname: invidious
I see, i'd like to say that it is not ideal as I would have to store all of the db variables in one secret. I'm hiding them in an hashicorp Vault and it makes it not too confortable.
- command: ['/bin/sh']
args:
- -c
- |
export INVIDIOUS_CONFIG=$(echo "$INVIDIOUS_CONFIG" | sed \
-e "s/__dbname/$INVIDIOUS_DB_DBNAME/" \
-e "s/__user/$INVIDIOUS_DB_USER/" \
-e "s/__password/$INVIDIOUS_DB_PASSWORD/" \
-e "s/__host/$INVIDIOUS_DB_HOST/" \
-e "s/__hmac_key/$INVIDIOUS_HMAC_KEY/")
exec /invidious/invidious
env:
- name: INVIDIOUS_CONFIG
value: |
db:
dbname: __dbname
user: __user
password: __password
host: __host
port: 5432
check_tables: true
hmac_key: __hmac_key
channel_threads: 4
feed_threads: 4
pool_size: 2000
captcha_enabled: false
disable_proxy: false
default_user_preferences:
local: true
quality: dash
quality_dash: auto
anyway i resorted to this to work around all this. I'll close though since INVIDIOUS_DATABASE_URL seems to be the intended way. thanks for your reply
Describe the bug INVIDIOUS_DB_HOST when set doesn't actually set the target db host It should: https://github.com/iv-org/invidious/pull/1702
the code doesn't seem to have changed since then, so i can only assume it never worked ? I need these override env vars to work to hide the postgres password in kubernetes.