From ece3fe111d9a0ad8a39ee094c896b75ceb73c9e8 Mon Sep 17 00:00:00 2001
From: "Trez.One" <charish.patel@trez.wtf>
Date: Mon, 17 Feb 2025 19:38:48 -0500
Subject: [PATCH] Adjustments/fixes for Invidious.

---
 docker-compose.yml | 20 ++++++++++++++++++--
 1 file changed, 18 insertions(+), 2 deletions(-)

diff --git a/docker-compose.yml b/docker-compose.yml
index ca8eedb8..b7bfaf62 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -1821,15 +1821,16 @@ services:
         db:
           dbname: invidious
           user: kemal
-          password: ${INVID_PG_DB_PASSWORD}
+          password: $${INVID_PG_DB_PASSWORD}
           host: invidious-db
           port: 5432
         check_tables: true
+        signature_server: invidious-sig-helper:12999
         # external_port:
         # domain:
         # https_only: false
         # statistics_enabled: false
-        hmac_key: "8Qyuvl9TWYdkvVo8BJ14qM4HBshKieR3KvDc3vsECx1L4OR51i-EtW2K74MmAVHeNPmJetM67T0M-9FIm7b-MA"
+        hmac_key: "$${INVID_HMAC_KEY}"
     healthcheck:
       interval: 30s
       retries: 2
@@ -1856,6 +1857,21 @@ services:
         published: "3007"
         target: 3000
     restart: unless-stopped
+  invidious-sig-helper:
+    cap_drop:
+      - ALL
+    command: ["--tcp", "0.0.0.0:12999"]
+    container_name: invidious-sig-helper
+    image: quay.io/invidious/inv-sig-helper:latest
+    init: true
+    environment:
+      RUST_LOG: info
+    expose:
+      - 12999
+    restart: unless-stopped
+    read_only: true
+    security_opt:
+      - no-new-privileges:true
   invidious-db:
     container_name: invidious-db
     environment: