diff --git a/provisioning/inventory.ini b/provisioning/inventory.ini index 63e1da1..62804fc 100644 --- a/provisioning/inventory.ini +++ b/provisioning/inventory.ini @@ -7,7 +7,7 @@ raku.jean-cloud.org #nougaro.jean-cloud.org #carcasse.jean-cloud.org #benevoles.karnaval.fr -#montbonnot.jean-cloud.org +montbonnot.jean-cloud.org #blatte.jean-cloud.org max.jean-cloud.org tetede.jean-cloud.org diff --git a/provisioning/roles/deploy_all/files/bin/deploy_service.sh b/provisioning/roles/deploy_all/files/bin/deploy_service.sh index 3d52a81..f518bbc 100755 --- a/provisioning/roles/deploy_all/files/bin/deploy_service.sh +++ b/provisioning/roles/deploy_all/files/bin/deploy_service.sh @@ -11,11 +11,11 @@ deploy=true service= if [ "$#" -ge 2 ] && [ "$2" = noreload ] ; then noreload=true -elif [ "$#" -ge 3 ] && [ "$3" = undeploy ] ; then - deploy=false -else - die "Usage: $0 [no]reload [un]deploy" fi +if [ "$#" -ge 3 ] && [ "$3" = undeploy ] ; then + deploy=false +fi +# die "Usage: $0 [no]reload [un]deploy" if [ -d "/docker/$1" ] ; then @@ -27,7 +27,7 @@ else fi if [ ! -d "$new_nginx_conf_path" ] ; then - die "Can’t deploy service in degraded state. $new_nginx_conf_path dir is missing, please run deployer.sh first" + die "Can’t deploy service in degraded state. $new_nginx_conf_path dir is missing, please run deployall.sh first" fi @@ -91,6 +91,7 @@ fi if ! "$deploy" ; then section "Remove stray containers" while read container ; do + [ -z "$container" ] && continue || true echo "Removing $container" run docker rm "$container" done <<< "$(docker ps | grep "$docker_service" | cut -d ' ' -f 1)" diff --git a/provisioning/roles/deploy_all/files/bin/deployall.sh b/provisioning/roles/deploy_all/files/bin/deployall.sh index c58ba5d..1ecabde 100755 --- a/provisioning/roles/deploy_all/files/bin/deployall.sh +++ b/provisioning/roles/deploy_all/files/bin/deployall.sh @@ -67,8 +67,9 @@ deploy_service.sh deployer.jean-cloud.org noreload while read line ; do read -r service target <<<$(echo "$line") - # Ignore _ prefixed directories + # Ignore _ and # prefixed services [ "${service::1}" == '_' ] && continue + [ "${service::1}" == '#' ] && continue echo -n "$service -> " [ ! -d "/docker/$service" ] && die "/docker/$service directory not found" diff --git a/provisioning/roles/deploy_all/files/bin/gen_env.sh b/provisioning/roles/deploy_all/files/bin/gen_env.sh index 8ed3047..dcafd27 100755 --- a/provisioning/roles/deploy_all/files/bin/gen_env.sh +++ b/provisioning/roles/deploy_all/files/bin/gen_env.sh @@ -25,4 +25,5 @@ for dir in /docker/* ; do line_in_file "DATA_DIR='/data/$service'" "/docker/$service/.env" line_in_file "DOCKER_DIR='/docker/$service'" "/docker/$service/.env" line_in_file "JC_SERVICE='$service'" "/docker/$service/.env" + line_in_file "JC_CERT='/data/dnscerts.jean-cloud.org/certs/live/$service'" "/docker/$service/.env" done diff --git a/services/copaines.jean-cloud.net/nginx_server.conf b/services/copaines.jean-cloud.net/nginx_server.conf index d96d7fe..69da486 100755 --- a/services/copaines.jean-cloud.net/nginx_server.conf +++ b/services/copaines.jean-cloud.net/nginx_server.conf @@ -1,8 +1,8 @@ #server { # listen 443 ssl http2; # listen [::]:443 ssl http2; -# ssl_certificate /etc/letsencrypt/live/copaines.jean-cloud.net/fullchain.pem; -# ssl_certificate_key /etc/letsencrypt/live/copaines.jean-cloud.net/privkey.pem; +# ssl_certificate $JC_CERT/fullchain.pem; +# ssl_certificate_key $JC_CERT/privkey.pem; # server_name wordpress.copaines.jean-cloud.net www.wordpress.copaines.jean-cloud.net; # location / { # auth_basic "Mot de passe !"; @@ -19,8 +19,8 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - ssl_certificate /etc/letsencrypt/live/copaines.jean-cloud.net/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/copaines.jean-cloud.net/privkey.pem; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; server_name copaines.jean-cloud.net www.copaines.jean-cloud.net; location / { diff --git a/services/cousinades.jean-cloud.net/nginx_server.conf b/services/cousinades.jean-cloud.net/nginx_server.conf index 3f25723..11fe749 100755 --- a/services/cousinades.jean-cloud.net/nginx_server.conf +++ b/services/cousinades.jean-cloud.net/nginx_server.conf @@ -1,8 +1,8 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - ssl_certificate /etc/letsencrypt/live/cousinades.jean-cloud.net/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/cousinades.jean-cloud.net/privkey.pem; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; server_name cousinades.jean-cloud.net www.cousinades.jean-cloud.net; index index.php; diff --git a/services/dnscerts.jean-cloud.org/run.sh b/services/dnscerts.jean-cloud.org/run.sh index 37a0f3c..176c1f3 100755 --- a/services/dnscerts.jean-cloud.org/run.sh +++ b/services/dnscerts.jean-cloud.org/run.sh @@ -5,4 +5,4 @@ set -euo pipefail . driglibash-base here="$(where)" -sudo -u bind bash -c "$here/run_bind.sh $@" +sudo -u certs bash -c "$here/run_as.sh $@" diff --git a/services/dnscerts.jean-cloud.org/run_bind.sh b/services/dnscerts.jean-cloud.org/run_as.sh similarity index 81% rename from services/dnscerts.jean-cloud.org/run_bind.sh rename to services/dnscerts.jean-cloud.org/run_as.sh index 2c8d645..d55b5aa 100755 --- a/services/dnscerts.jean-cloud.org/run_bind.sh +++ b/services/dnscerts.jean-cloud.org/run_as.sh @@ -29,10 +29,13 @@ echo "For each service, read all possible domains" while read line ; do read -r service target < <(echo "$line") - # TODO remove - ( [ "$service" = collectif-arthadie.fr ] || [[ "$service" == *oma-radio.fr ]] ) && continue + # Auto letsencrypt + [ "$target" = vandamme.jean-cloud.org ] && continue - # removo dummy cert + # TODO remove + #( [ "$service" = collectif-arthadie.fr ] || [[ "$service" == *oma-radio.fr ]] ) && continue + + # remove dummy cert dummy_cert.sh "$service" remove [ -d "$DATA_DIR/certs/live/$service" ] && echo "Already exists, thats a job for renew : $service" && continue @@ -47,6 +50,7 @@ done < "$servicefile" echo "Push certs to other servers" for srv in $(host -t TXT shlago.jean-cloud.org ns.jean-cloud.org | grep -Po 'descriptive text "\K[^"]+' | tr ',' ' ' | tr ' ' '\n') ; do server="$srv.jean-cloud.org" + [ -n "$(grep "$server" /etc/hosts)" ] && continue echo "-- $server" - rsync -avz -e "ssh -i '$DATA_DIR/certs.priv' -p 45985" "$DATA_DIR/certs" "certs@$server:$DATA_DIR/certs" + rsync -avz -e "ssh -i '$DATA_DIR/certs.priv' -p 45985" "$DATA_DIR/certs" "certs@$server:$DATA_DIR/" done diff --git a/services/etrevivant.net/deploy_http.sh b/services/etrevivant.net/deploy_http.sh index e7e51da..ff3fc0f 100755 --- a/services/etrevivant.net/deploy_http.sh +++ b/services/etrevivant.net/deploy_http.sh @@ -6,9 +6,24 @@ webdav_url="$(echo "$NC_SHARE_LINK" | sed 's#/s/.*#/public.php/webdav/#')" webdav_user="$(echo "$NC_SHARE_LINK" |sed 's#.*/s/##')" webdav_pass="$(rclone obscure "$NC_SHARE_PASSWORD")" +# Get website files git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO" +# Get content from nextcloud rclone sync --webdav-url="$webdav_url" --webdav-user="$webdav_user" --webdav-pass="$webdav_pass" --webdav-vendor=nextcloud :webdav: "$HTTP_DIR/$CLOUD_LOCAL_PATH" +# Go to website cd "$HTTP_DIR" + +# Rename .attachement dirs created by nextcloud +while read filename ; do + oldname="$(basename "$filename")" + newname="${oldname:1}" + path="$(dirname "$filename")" + # And rename their references in md files + find -type f -iname '*.md' -exec sed -i "s/$oldname/$newname/g" {} \; + mv "$path/$oldname" "$path/$newname" +done < <(find -type d -name '.attachments.*') + +# Build the website hugo diff --git a/services/etrevivant.net/nginx_server.conf b/services/etrevivant.net/nginx_server.conf index 2cb04ff..dba721b 100755 --- a/services/etrevivant.net/nginx_server.conf +++ b/services/etrevivant.net/nginx_server.conf @@ -1,8 +1,8 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - ssl_certificate /etc/letsencrypt/live/$JC_SERVICE/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/$JC_SERVICE/privkey.pem; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; server_name $JC_SERVICE www.$JC_SERVICE; root $HTTP_DIR/public/; diff --git a/services/feteducourt.jean-cloud.net/nginx_server.conf b/services/feteducourt.jean-cloud.net/nginx_server.conf index 1ca7e07..ee1b173 100755 --- a/services/feteducourt.jean-cloud.net/nginx_server.conf +++ b/services/feteducourt.jean-cloud.net/nginx_server.conf @@ -1,8 +1,8 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - ssl_certificate /etc/letsencrypt/live/$JC_SERVICE/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/$JC_SERVICE/privkey.pem; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; server_name $JC_SERVICE www.$JC_SERVICE; location / { root $HTTP_DIR; diff --git a/services/feteducourt2020.jean-cloud.net/nginx_server.conf b/services/feteducourt2020.jean-cloud.net/nginx_server.conf index 1ca7e07..ee1b173 100755 --- a/services/feteducourt2020.jean-cloud.net/nginx_server.conf +++ b/services/feteducourt2020.jean-cloud.net/nginx_server.conf @@ -1,8 +1,8 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - ssl_certificate /etc/letsencrypt/live/$JC_SERVICE/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/$JC_SERVICE/privkey.pem; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; server_name $JC_SERVICE www.$JC_SERVICE; location / { root $HTTP_DIR; diff --git a/services/jean-cloud.net/nginx_server.conf b/services/jean-cloud.net/nginx_server.conf index 1043fb7..bb0505b 100755 --- a/services/jean-cloud.net/nginx_server.conf +++ b/services/jean-cloud.net/nginx_server.conf @@ -1,8 +1,8 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - ssl_certificate /etc/letsencrypt/live/jean-cloud.net/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/jean-cloud.net/privkey.pem; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; server_name jean-cloud.net www.jean-cloud.net jean-cloud.org www.jean-cloud.org; root $HTTP_DIR/output; diff --git a/services/lexicographe.jean-cloud.net/nginx_server.conf b/services/lexicographe.jean-cloud.net/nginx_server.conf index 627a382..cd00e3c 100755 --- a/services/lexicographe.jean-cloud.net/nginx_server.conf +++ b/services/lexicographe.jean-cloud.net/nginx_server.conf @@ -1,8 +1,8 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - ssl_certificate /etc/letsencrypt/live/lexicographe.jean-cloud.net/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/lexicographe.jean-cloud.net/privkey.pem; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; server_name lexicographe.jean-cloud.net; root $HTTP_DIR/output; diff --git a/services/metamorphosemagazine.fr/nginx_server.conf b/services/metamorphosemagazine.fr/nginx_server.conf index 60c6ab0..ef32fd9 100755 --- a/services/metamorphosemagazine.fr/nginx_server.conf +++ b/services/metamorphosemagazine.fr/nginx_server.conf @@ -1,8 +1,8 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - ssl_certificate /etc/letsencrypt/live/metamorphosemagazine.fr/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/metamorphosemagazine.fr/privkey.pem; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; server_name $JC_SERVICE www.$JC_SERVICE; location / { add_header Content-language fr; diff --git a/services/ns1.jean-cloud.org/deploy.sh b/services/ns1.jean-cloud.org/deploy.sh index d0706e4..ad2fd0d 100755 --- a/services/ns1.jean-cloud.org/deploy.sh +++ b/services/ns1.jean-cloud.org/deploy.sh @@ -38,7 +38,7 @@ runthis () { fi prepare - primary_ips="$primary_ips$(fakeresolve_ip_list raku)" + primary_ips="$primary_ips$(fakeresolve_ip_list tetede)" secondary_ips="$secondary_ips$(fakeresolve_ip_list shlago)" line_in_file "primary_ips=\"$primary_ips\"" "$DOCKER_DIR/.env" diff --git a/services/ns1.jean-cloud.org/helper_functions.sh b/services/ns1.jean-cloud.org/helper_functions.sh index 60ba95f..057c317 100644 --- a/services/ns1.jean-cloud.org/helper_functions.sh +++ b/services/ns1.jean-cloud.org/helper_functions.sh @@ -6,7 +6,7 @@ fakeresolve_ip_list () { if [ "$#" -ne 1 ] ; then die "Usage: fakeresolve_ip_list " fi - grep -oP "^$1[[:space:]]+IN[[:space:]]+A{1,4}[[:space:]]+\K[^;\s]+" "$debian_bind_confdir/$server_zone_file" | tr '\n' ';' + grep -oP "^$1[[:space:]]+(IN)?[[:space:]]+A{1,4}[[:space:]]+\K[^;\s]+" "$debian_bind_confdir/$server_zone_file" | tr '\n' ';' } prepare () { @@ -57,7 +57,7 @@ fakeresolve () { shortname="$(echo "$name" | grep -Po '^.*(?=\.[^\.]+\.[^\.]+$)' || true)" fi - grep -v -e '^[[:space:]]*;' "$zonefile" |grep -oP "^[[:space:]]*$shortname\K[[:space:]]*IN[[:space:]]*A{1,4}[[:space:]]*[\S;]+" | sed 's/^/@/' + grep -v -e '^[[:space:]]*;' "$zonefile" |grep -oP "^[[:space:]]*$shortname\K[[:space:]]*(IN)?[[:space:]]*A{1,4}[[:space:]]*[\S;]+" | sed 's/^/@/' } @@ -95,7 +95,7 @@ addbindline () { line_in_file "$line" "$bindfile" done < <(fakeresolve "$target") else - line_in_file "$shortname IN CNAME $target." "$bindfile" + line_in_file "$shortname CNAME $target." "$bindfile" fi } @@ -119,11 +119,11 @@ create_primary_files () { # Set serial serial="$(date '+%s')" - sed -i "s/\(@ IN SOA [^(]*( \)[0-9]\+/\1$serial/" "$new_db_file" + sed -i "s/\(@ SOA [^(]*( \)[0-9]\+/\1$serial/" "$new_db_file" # If no NS record in the db file - if [ -z "$(grep '[^;].*IN.*NS' "$new_db_file")" ] ; then - echo "@ IN NS $default_dns_name" >> "$new_db_file" + if [ -z "$(grep '[^;].*(IN)?.*NS' "$new_db_file")" ] ; then + echo "@ NS $default_dns_name" >> "$new_db_file" fi # Populate named.conf.local diff --git a/services/oma-radio.fr/nginx_server.conf b/services/oma-radio.fr/nginx_server.conf index 694532b..5a7753b 100755 --- a/services/oma-radio.fr/nginx_server.conf +++ b/services/oma-radio.fr/nginx_server.conf @@ -1,8 +1,8 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - ssl_certificate /etc/letsencrypt/live/oma-radio.fr/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/oma-radio.fr/privkey.pem; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; server_name oma-radio.fr www.oma-radio.fr; root /data/oma-radio.fr; diff --git a/services/quadrille-elsa.jean-cloud.net/.env b/services/quadrille-elsa.jean-cloud.net/.env new file mode 100644 index 0000000..4b6c136 --- /dev/null +++ b/services/quadrille-elsa.jean-cloud.net/.env @@ -0,0 +1,2 @@ +GIT_SOURCE_REPO="https://git.jean-cloud.net/adrian/quadrille-elsa.fr/" + diff --git a/services/quadrille-elsa.jean-cloud.net/deploy_http.sh b/services/quadrille-elsa.jean-cloud.net/deploy_http.sh new file mode 100755 index 0000000..d1297b6 --- /dev/null +++ b/services/quadrille-elsa.jean-cloud.net/deploy_http.sh @@ -0,0 +1,16 @@ +#!/bin/bash +set -euo pipefail + +#. "$DATA_DIR/.env" +#webdav_url="$(echo "$NC_SHARE_LINK" | sed 's#/s/.*#/public.php/webdav/#')" +#webdav_user="$(echo "$NC_SHARE_LINK" |sed 's#.*/s/##')" +#webdav_pass="$(rclone obscure "$NC_SHARE_PASSWORD")" + +#wget -qO- "https://github.com/zhaohuabing/hugo-theme-cleanwhite/archive/refs/tags/2.0.0.tar.gz" | tar xvz -C "$HTTP_DIR" + +git_update.sh -b main -d "$HTTP_DIR" "$GIT_SOURCE_REPO" + +#rclone sync --webdav-url="$webdav_url" --webdav-user="$webdav_user" --webdav-pass="$webdav_pass" --webdav-vendor=nextcloud :webdav: "$HTTP_DIR/$CLOUD_LOCAL_PATH" + +cd "$HTTP_DIR" +hugo diff --git a/services/quadrille-elsa.jean-cloud.net/nginx_server.conf b/services/quadrille-elsa.jean-cloud.net/nginx_server.conf new file mode 100755 index 0000000..8167448 --- /dev/null +++ b/services/quadrille-elsa.jean-cloud.net/nginx_server.conf @@ -0,0 +1,22 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; + server_name $JC_SERVICE; + root $HTTP_DIR/public/; + + # Security headers +# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; +# add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self'; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self'; base-uri 'self'; form-action 'self';" always; +# add_header X-Content-Type-Options "nosniff"; +# add_header X-Frame-Options SAMEORIGIN always; +# add_header X-XSS-Protection "1; mode=block" always; +# add_header Referrer-Policy "strict-origin-when-cross-origin"; + add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';"; + + location / { + index index.html; + try_files $uri $uri/ =404; + } +} diff --git a/services/radiodemo-back.oma-radio.fr/.env b/services/radiodemo-back.oma-radio.fr/.env index 4053245..a5f59fe 100644 --- a/services/radiodemo-back.oma-radio.fr/.env +++ b/services/radiodemo-back.oma-radio.fr/.env @@ -1,4 +1,4 @@ -NET=172.29.0 +NET=10.29.0 TELECOM=.101 MUX=.100 ICECAST=.110 @@ -21,3 +21,4 @@ SOUNDBASE_DIR=/home/data/radiodemo-back.oma-radio.fr/core/radioDemo USE_SSL=true PUBLIC_WEBSITE_UPSTREAM=https://static.oma-radio.fr/player-interface/1.5.0 MANAGER_WEBSITE_UPSTREAM=https://static.oma-radio.fr/single-manager/1.1.1 +RADIO_HOST=radiodemo.oma-radio.fr diff --git a/services/radiodemo-back.oma-radio.fr/docker-compose.yml b/services/radiodemo-back.oma-radio.fr/docker-compose.yml index 0a1cb07..1f15f22 100644 --- a/services/radiodemo-back.oma-radio.fr/docker-compose.yml +++ b/services/radiodemo-back.oma-radio.fr/docker-compose.yml @@ -1,47 +1,13 @@ version: '3' services: - ambre_mux: - image: jeancloud/mux:$OMA_DOCKER_VERSION - env_file: .env - environment: - OMA_CONFIG_Client1Host: $NET.108 - OMA_CONFIG_TelecommandeHost: $NET$TELECOM - volumes: - - $SOUNDBASE_DIR/pige:/app/pige - ports: - - $MUX_SERVER_PORT:9000 - restart: unless-stopped - networks: - default: - ipv4_address: $NET$MUX - deploy: - resources: - limits: - cpus: '0.50' - memory: 100M - - - saphir_telecom_server: - image: jeancloud/telecom-server:$OMA_DOCKER_VERSION - env_file: .env - ports: - - $TELECOM_SERVER_PORT:3490 - restart: unless-stopped - networks: - default: - ipv4_address: $NET$TELECOM - deploy: - resources: - limits: - cpus: '0.50' - memory: 100M - anthracite_jukebox: image: jeancloud/jukebox:$OMA_DOCKER_VERSION env_file: .env environment: - OMA_CONFIG_TelecommandeHost: $NET$TELECOM - OMA_CONFIG_Client1Host: $NET$MUX + OMA_CONFIG_TelecommandeHost: $RADIO_HOST + OMA_CONFIG_TelecommandePort: $TELECOM_SERVER_PORT + OMA_CONFIG_Client1Host: $RADIO_HOST + OMA_CONFIG_Client1Port: $MUX_SERVER_PORT volumes: - $SOUNDBASE_DIR:/app/soundBase - $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM @@ -59,7 +25,7 @@ services: image: jeancloud/jukebox-simulator:$OMA_DOCKER_VERSION env_file: .env environment: - OMA_CONFIG_TelecommandeHost: $NET$TELECOM + OMA_CONFIG_TelecommandeHost: $RADIO_HOST volumes: - $SOUNDBASE_DIR:/app/soundBase restart: unless-stopped @@ -82,7 +48,7 @@ services: image: jeancloud/baseimport:$OMA_DOCKER_VERSION env_file: .env environment: - OMA_CONFIG_TelecommandeHost: $NET$TELECOM + OMA_CONFIG_TelecommandeHost: $RADIO_HOST volumes: - $SOUNDBASE_DIR:/app/soundBase restart: unless-stopped @@ -95,29 +61,12 @@ services: cpus: '0.50' memory: 500M - amarante_webserver: - image: jeancloud/webserver:$OMA_DOCKER_VERSION - env_file: .env - environment: - OMA_CONFIG_TelecommandeHost: $NET$TELECOM - OMA_CONFIG_PigeTxtLoadFic: off - restart: unless-stopped - volumes: - - $SOUNDBASE_DIR:/soundbase - networks: - default: - ipv4_address: $NET$WEBSERVER - deploy: - resources: - limits: - cpus: '0.50' - memory: 100M rubis_base_mg: image: jeancloud/base-mg:$OMA_DOCKER_VERSION env_file: .env environment: - OMA_CONFIG_TelecommandeHost: $NET$TELECOM + OMA_CONFIG_TelecommandeHost: $RADIO_HOST restart: unless-stopped volumes: - $SOUNDBASE_DIR:/soundbase @@ -135,7 +84,7 @@ services: image: jeancloud/system-api:dev env_file: .env environment: - OMA_CONFIG_TelecommandeHost: $NET$TELECOM + OMA_CONFIG_TelecommandeHost: $RADIO_HOST UID: 33 SOUNDBASE_PATH: /soundbase MOUNT: /api @@ -154,28 +103,6 @@ services: cpus: '0.50' memory: 500M - transcode: - image: savonet/liquidsoap:v2.1.4 - env_file: .env - volumes: - - ./icecast.liq:/transcode.liq - - $SOUNDBASE_DIR:/soundbase - command: /transcode.liq - restart: unless-stopped - networks: - default: - ipv4_address: $NET.108 - - #radioking: - # image: jeancloud/liquidsoap:1.3.7 - # env_file: .env - # volumes: - # - ./radioking.liq:/radioking.liq - # command: /radioking.liq - # restart: unless-stopped - # networks: - # default: - # ipv4_address: $NET.111 #ammolite_mp3_addon: # image: jeancloud/mp3addon:$OMA_DOCKER_VERSION @@ -203,28 +130,6 @@ services: # environment: # DOXY_PROXY_SOCKET: /tmp/doxy/doxy.sock - icecast: - image: infiniteproject/icecast - restart: unless-stopped - environment: - # echo -n "source:pass" | base64 - ICECAST_SOURCE_PASSWORD: JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f - ICECAST_ADMIN_PASSWORD: STh5LrPMvp876KPoajCPEUpehE98JPqZ6sEixSnzJ42CR2MdyPMBYfzjGpbAzajNgw8jsuLh - ICECAST_RELAY_PASSWORD: r2LgmDocgyYh7DqhSsey8tM99wxdViTpLtyi9tcWHtokC73QnC6kQLRRb58VUy5FXYnStRsG - ICECAST_ADMIN_USERNAME: admin - ICECAST_ADMIN_EMAIL: contact@oma-radio.fr - ICECAST_LOCATION: Rhône-Alpes - TZ: Europe/Paris - healthcheck: - test: "wget http://localhost:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://localhost:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'" - interval: 5m0s - timeout: 10s - retries: 3 - start_period: 1m0s - networks: - default: - ipv4_address: $NET$ICECAST - networks: default: ipam: diff --git a/services/radiodemo-back.oma-radio.fr/wg-radiodemo.sh b/services/radiodemo-back.oma-radio.fr/wg-radiodemo.sh deleted file mode 100755 index a52bc61..0000000 --- a/services/radiodemo-back.oma-radio.fr/wg-radiodemo.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -. .env - -[ -f "$DATA_DIR/privatekey" ] || { echo 'No privatekey found' && exit 1 ; } - -echo " -[Interface] -PrivateKey = $(cat "$DATA_DIR/privatekey") -Address = 10.29.0.1/32 -ListenPort = 55820 - -[Peer] -PublicKey = iwIsUriF4CT/Jpu29VXlj43hT3bUjG67FeEgCTcQCVc= -AllowedIPs = 10.29.0.254/32 -Endpoint = radiodemo.oma-radio.fr:55820 -PersistentKeepalive = 30 -" diff --git a/services/radiodemo.oma-radio.fr/.env b/services/radiodemo.oma-radio.fr/.env index 3b5c284..a80964a 100644 --- a/services/radiodemo.oma-radio.fr/.env +++ b/services/radiodemo.oma-radio.fr/.env @@ -7,3 +7,6 @@ WEBSOCKET_PORT=2004 RADIO_HOST=radiodemo.oma-radio.fr MUX_SERVER_PORT=9004 TELECOM_SERVER_PORT=3494 +SOUNDBASE_DIR=/data/radiodemo.oma-radio.fr/soundbase +OMA_DOCKER_VERSION=dev +ICECAST=.110 diff --git a/services/radiodemo.oma-radio.fr/docker-compose.yml b/services/radiodemo.oma-radio.fr/docker-compose.yml new file mode 100644 index 0000000..cc9baa9 --- /dev/null +++ b/services/radiodemo.oma-radio.fr/docker-compose.yml @@ -0,0 +1,107 @@ +version: '3' +services: + ambre_mux: + image: jeancloud/mux:$OMA_DOCKER_VERSION + env_file: .env + environment: + OMA_CONFIG_Client1Host: $NET.108 + OMA_CONFIG_TelecommandeHost: $NET$TELECOM + volumes: + - $SOUNDBASE_DIR/pige:/app/pige + ports: + - $MUX_SERVER_PORT:9000 + restart: unless-stopped + networks: + default: + ipv4_address: $NET$MUX + deploy: + resources: + limits: + cpus: '0.50' + memory: 100M + + + saphir_telecom_server: + image: jeancloud/telecom-server:$OMA_DOCKER_VERSION + env_file: .env + ports: + - $TELECOM_SERVER_PORT:3490 + restart: unless-stopped + networks: + default: + ipv4_address: $NET$TELECOM + deploy: + resources: + limits: + cpus: '0.50' + memory: 100M + + amarante_webserver: + image: jeancloud/webserver:$OMA_DOCKER_VERSION + env_file: .env + environment: + OMA_CONFIG_TelecommandeHost: $NET$TELECOM + OMA_CONFIG_PigeTxtLoadFic: off + restart: unless-stopped + volumes: + - $SOUNDBASE_DIR:/soundbase + networks: + default: + ipv4_address: $NET$WEBSERVER + deploy: + resources: + limits: + cpus: '0.50' + memory: 100M + + transcode: + image: savonet/liquidsoap:v2.1.4 + env_file: .env + volumes: + - ./icecast.liq:/transcode.liq + - $SOUNDBASE_DIR:/soundbase + command: /transcode.liq + restart: unless-stopped + networks: + default: + ipv4_address: $NET.108 + + #radioking: + # image: jeancloud/liquidsoap:1.3.7 + # env_file: .env + # volumes: + # - ./radioking.liq:/radioking.liq + # command: /radioking.liq + # restart: unless-stopped + # networks: + # default: + # ipv4_address: $NET.111 + + + icecast: + image: infiniteproject/icecast + restart: unless-stopped + environment: + # echo -n "source:pass" | base64 + ICECAST_SOURCE_PASSWORD: JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f + ICECAST_ADMIN_PASSWORD: STh5LrPMvp876KPoajCPEUpehE98JPqZ6sEixSnzJ42CR2MdyPMBYfzjGpbAzajNgw8jsuLh + ICECAST_RELAY_PASSWORD: r2LgmDocgyYh7DqhSsey8tM99wxdViTpLtyi9tcWHtokC73QnC6kQLRRb58VUy5FXYnStRsG + ICECAST_ADMIN_USERNAME: admin + ICECAST_ADMIN_EMAIL: contact@oma-radio.fr + ICECAST_LOCATION: Rhône-Alpes + TZ: Europe/Paris + healthcheck: + test: "wget http://localhost:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://localhost:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'" + interval: 5m0s + timeout: 10s + retries: 3 + start_period: 1m0s + networks: + default: + ipv4_address: $NET$ICECAST + +networks: + default: + ipam: + config: + - subnet: $NET.0/24 diff --git a/services/radiodemo-back.oma-radio.fr/icecast.liq b/services/radiodemo.oma-radio.fr/icecast.liq similarity index 84% rename from services/radiodemo-back.oma-radio.fr/icecast.liq rename to services/radiodemo.oma-radio.fr/icecast.liq index bf00601..dd8fd7b 100644 --- a/services/radiodemo-back.oma-radio.fr/icecast.liq +++ b/services/radiodemo.oma-radio.fr/icecast.liq @@ -1,12 +1,18 @@ #!/usr/bin/liquidsoap -# -def integrity_check(filename) - log.important("Integrity check of #{filename}.") + +def clean_and_check (filename) ts = string.split(separator='/', filename) ts = int_of_string(list.hd(string.split(separator='\.', list.nth(ts, list.length(ts)-1)))) - if ts mod 60 == 0 then - log.important("#{filename} is ok") - else + integrity_check (ts) + clean_old_pige (ts) +end + +def clean_and_check (filename) + +end + +def integrity_check(filename) + if ts mod 60 != 0 then log.important("#{filename} is to fix") end end @@ -36,5 +42,5 @@ output.icecast( input1) # Pige -output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=integrity_check) +output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check) diff --git a/services/radiodemo.oma-radio.fr/wg-radiodemo.sh b/services/radiodemo.oma-radio.fr/wg-radiodemo.sh deleted file mode 100755 index fd69ddb..0000000 --- a/services/radiodemo.oma-radio.fr/wg-radiodemo.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -. .env - -wgif="$1" - -echo " -[Interface] -PrivateKey = $(cat $DATA_DIR/privatekey) -Address = 10.29.0.254/32 -ListenPort = 55820 - -# packet forwarding -PreUp = sysctl -w net.ipv4.ip_forward=1 - -# port forwarding -PreUp = iptables -t nat -A PREROUTING -p tcp --dport $MUX_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$MUX_SERVER_PORT -PreUp = iptables -t nat -A PREROUTING -p tcp --dport $TELECOM_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$TELECOM_SERVER_PORT - -PostDown = iptables -t nat -D PREROUTING -p tcp --dport $MUX_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$MUX_SERVER_PORT -PostDown = iptables -t nat -D PREROUTING -p tcp --dport $TELECOM_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$TELECOM_SERVER_PORT - -# packet masquerading -PreUp = iptables -t nat -A POSTROUTING -o $wgif -j MASQUERADE -PostDown = iptables -t nat -D POSTROUTING -o $wgif -j MASQUERADE - -# remote settings for the private server -[Peer] -PublicKey = 1YIpMhZGrZRnZPlrTjtCfjvXXGk8j0Ug2AfcHEtN/hE= -AllowedIPs = 10.29.0.1/32,$NET.0/24 -" diff --git a/services/services.txt b/services/services.txt index 8c93f00..e5325ab 100644 --- a/services/services.txt +++ b/services/services.txt @@ -15,20 +15,23 @@ gypsylyonfestival.com max.jean-cloud.org inurbe.fr max.jean-cloud.org jean-cloud.net shlago.jean-cloud.org leida.fr vandamme.jean-cloud.org -letsencrypt.jean-cloud.org max.jean-cloud.org +dnscerts.jean-cloud.org max.jean-cloud.org lexicographe.jean-cloud.net shlago.jean-cloud.org metamorphosemagazine.fr shlago.jean-cloud.org nc-backup.jean-cloud.net raku.jean-cloud.org -ns1.jean-cloud.org raku.jean-cloud.org +ns1.jean-cloud.org tetede.jean-cloud.org ns.jean-cloud.org shlago.jean-cloud.org nuage.jean-cloud.net vandamme.jean-cloud.org pa1.studios.oma-radio.fr tetede.jean-cloud.org paj.oma-radio.fr nougaro.jean-cloud.org +quadrille-elsa.jean-cloud.net shlago.jean-cloud.org radiodemo-back.oma-radio.fr montbonnot.jean-cloud.org radiodemo.oma-radio.fr tetede.jean-cloud.org radionimaitre.oma-radio.fr tetede.jean-cloud.org raplacgr.jean-cloud.net tetede.jean-cloud.org rpnow.jean-cloud.net vandamme.jean-cloud.org -sftp.jean-cloud.net max.jean-cloud.org +sftp.jean-cloud.net raku.jean-cloud.org velov.jean-cloud.net shlago.jean-cloud.org wiki-cgr.jean-cloud.net vandamme.jean-cloud.org +static.jean-cloud.net vandamme.jean-cloud.org +oma-radio.fr vandamme.jean-cloud.org diff --git a/services/velov.jean-cloud.net/nginx_server.conf b/services/velov.jean-cloud.net/nginx_server.conf index 341726e..a2024a1 100755 --- a/services/velov.jean-cloud.net/nginx_server.conf +++ b/services/velov.jean-cloud.net/nginx_server.conf @@ -1,8 +1,8 @@ server { listen 443 ssl http2; listen [::]:443 ssl http2; - ssl_certificate /etc/letsencrypt/live/velov.jean-cloud.net/fullchain.pem; - ssl_certificate_key /etc/letsencrypt/live/velov.jean-cloud.net/privkey.pem; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; server_name velov.jean-cloud.net www.velov.jean-cloud.net; root $HTTP_DIR;