adrian/jean-cloud-services
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

update

Browse Source
This commit is contained in:
Adrian Amaglio 2023-09-29 09:51:22 +02:00
parent 88e8e2fc76
commit 8e04aa4f13
30 changed files with 242 additions and 208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
provisioning/inventory.ini
View File

@ -7,7 +7,7 @@ raku.jean-cloud.org
#nougaro.jean-cloud.org #nougaro.jean-cloud.org
#carcasse.jean-cloud.org #carcasse.jean-cloud.org
#benevoles.karnaval.fr #benevoles.karnaval.fr
#montbonnot.jean-cloud.org montbonnot.jean-cloud.org
#blatte.jean-cloud.org #blatte.jean-cloud.org
max.jean-cloud.org max.jean-cloud.org
tetede.jean-cloud.org tetede.jean-cloud.org

11
provisioning/roles/deploy_all/files/bin/deploy_service.sh
View File

@ -11,11 +11,11 @@ deploy=true
service= service=
if [ "$#" -ge 2 ] && [ "$2" = noreload ] ; then if [ "$#" -ge 2 ] && [ "$2" = noreload ] ; then
noreload=true noreload=true
elif [ "$#" -ge 3 ] && [ "$3" = undeploy ] ; then
deploy=false
else
die "Usage: $0 <service> [no]reload [un]deploy"
fi fi
if [ "$#" -ge 3 ] && [ "$3" = undeploy ] ; then
deploy=false
fi
# die "Usage: $0 <service> [no]reload [un]deploy"
if [ -d "/docker/$1" ] ; then if [ -d "/docker/$1" ] ; then
@ -27,7 +27,7 @@ else
fi fi
if [ ! -d "$new_nginx_conf_path" ] ; then if [ ! -d "$new_nginx_conf_path" ] ; then
die "Cant deploy service in degraded state. $new_nginx_conf_path dir is missing, please run deployer.sh first" die "Cant deploy service in degraded state. $new_nginx_conf_path dir is missing, please run deployall.sh first"
fi fi
@ -91,6 +91,7 @@ fi
if ! "$deploy" ; then if ! "$deploy" ; then
section "Remove stray containers" section "Remove stray containers"
while read container ; do while read container ; do
[ -z "$container" ] && continue || true
echo "Removing $container" echo "Removing $container"
run docker rm "$container" run docker rm "$container"
done <<< "$(docker ps | grep "$docker_service" | cut -d ' ' -f 1)" done <<< "$(docker ps | grep "$docker_service" | cut -d ' ' -f 1)"

3
provisioning/roles/deploy_all/files/bin/deployall.sh
View File

@ -67,8 +67,9 @@ deploy_service.sh deployer.jean-cloud.org noreload
while read line ; do while read line ; do
read -r service target <<<$(echo "$line") read -r service target <<<$(echo "$line")
# Ignore _ prefixed directories # Ignore _ and # prefixed services
[ "${service::1}" == '_' ] && continue [ "${service::1}" == '_' ] && continue
[ "${service::1}" == '#' ] && continue
echo -n "$service -> " echo -n "$service -> "
[ ! -d "/docker/$service" ] && die "/docker/$service directory not found" [ ! -d "/docker/$service" ] && die "/docker/$service directory not found"

1
provisioning/roles/deploy_all/files/bin/gen_env.sh
View File

@ -25,4 +25,5 @@ for dir in /docker/* ; do
line_in_file "DATA_DIR='/data/$service'" "/docker/$service/.env" line_in_file "DATA_DIR='/data/$service'" "/docker/$service/.env"
line_in_file "DOCKER_DIR='/docker/$service'" "/docker/$service/.env" line_in_file "DOCKER_DIR='/docker/$service'" "/docker/$service/.env"
line_in_file "JC_SERVICE='$service'" "/docker/$service/.env" line_in_file "JC_SERVICE='$service'" "/docker/$service/.env"
line_in_file "JC_CERT='/data/dnscerts.jean-cloud.org/certs/live/$service'" "/docker/$service/.env"
done done

8
services/copaines.jean-cloud.net/nginx_server.conf
View File

@ -1,8 +1,8 @@
#server { #server {
# listen 443 ssl http2; # listen 443 ssl http2;
# listen [::]:443 ssl http2; # listen [::]:443 ssl http2;
# ssl_certificate /etc/letsencrypt/live/copaines.jean-cloud.net/fullchain.pem; # ssl_certificate $JC_CERT/fullchain.pem;
# ssl_certificate_key /etc/letsencrypt/live/copaines.jean-cloud.net/privkey.pem; # ssl_certificate_key $JC_CERT/privkey.pem;
# server_name wordpress.copaines.jean-cloud.net www.wordpress.copaines.jean-cloud.net; # server_name wordpress.copaines.jean-cloud.net www.wordpress.copaines.jean-cloud.net;
# location / { # location / {
# auth_basic "Mot de passe !"; # auth_basic "Mot de passe !";
@ -19,8 +19,8 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/copaines.jean-cloud.net/fullchain.pem; ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/copaines.jean-cloud.net/privkey.pem; ssl_certificate_key $JC_CERT/privkey.pem;
server_name copaines.jean-cloud.net www.copaines.jean-cloud.net; server_name copaines.jean-cloud.net www.copaines.jean-cloud.net;
location / { location / {

4
services/cousinades.jean-cloud.net/nginx_server.conf
View File

@ -1,8 +1,8 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/cousinades.jean-cloud.net/fullchain.pem; ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/cousinades.jean-cloud.net/privkey.pem; ssl_certificate_key $JC_CERT/privkey.pem;
server_name cousinades.jean-cloud.net www.cousinades.jean-cloud.net; server_name cousinades.jean-cloud.net www.cousinades.jean-cloud.net;
index index.php; index index.php;

2
services/dnscerts.jean-cloud.org/run.sh
View File

@ -5,4 +5,4 @@ set -euo pipefail
. driglibash-base . driglibash-base
here="$(where)" here="$(where)"
sudo -u bind bash -c "$here/run_bind.sh $@" sudo -u certs bash -c "$here/run_as.sh $@"

12
services/dnscerts.jean-cloud.org/run_bind.sh → services/dnscerts.jean-cloud.org/run_as.sh
View File

@ -29,10 +29,13 @@ echo "For each service, read all possible domains"
while read line ; do while read line ; do
read -r service target < <(echo "$line") read -r service target < <(echo "$line")
# TODO remove # Auto letsencrypt
( [ "$service" = collectif-arthadie.fr ] || [[ "$service" == *oma-radio.fr ]] ) && continue [ "$target" = vandamme.jean-cloud.org ] && continue
# removo dummy cert # TODO remove
#( [ "$service" = collectif-arthadie.fr ] || [[ "$service" == *oma-radio.fr ]] ) && continue
# remove dummy cert
dummy_cert.sh "$service" remove dummy_cert.sh "$service" remove
[ -d "$DATA_DIR/certs/live/$service" ] && echo "Already exists, thats a job for renew : $service" && continue [ -d "$DATA_DIR/certs/live/$service" ] && echo "Already exists, thats a job for renew : $service" && continue
@ -47,6 +50,7 @@ done < "$servicefile"
echo "Push certs to other servers" echo "Push certs to other servers"
for srv in $(host -t TXT shlago.jean-cloud.org ns.jean-cloud.org | grep -Po 'descriptive text "\K[^"]+' | tr ',' ' ' | tr ' ' '\n') ; do for srv in $(host -t TXT shlago.jean-cloud.org ns.jean-cloud.org | grep -Po 'descriptive text "\K[^"]+' | tr ',' ' ' | tr ' ' '\n') ; do
server="$srv.jean-cloud.org" server="$srv.jean-cloud.org"
[ -n "$(grep "$server" /etc/hosts)" ] && continue
echo "-- $server" echo "-- $server"
rsync -avz -e "ssh -i '$DATA_DIR/certs.priv' -p 45985" "$DATA_DIR/certs" "certs@$server:$DATA_DIR/certs" rsync -avz -e "ssh -i '$DATA_DIR/certs.priv' -p 45985" "$DATA_DIR/certs" "certs@$server:$DATA_DIR/"
done done

15
services/etrevivant.net/deploy_http.sh
View File

@ -6,9 +6,24 @@ webdav_url="$(echo "$NC_SHARE_LINK" | sed 's#/s/.*#/public.php/webdav/#')"
webdav_user="$(echo "$NC_SHARE_LINK" |sed 's#.*/s/##')" webdav_user="$(echo "$NC_SHARE_LINK" |sed 's#.*/s/##')"
webdav_pass="$(rclone obscure "$NC_SHARE_PASSWORD")" webdav_pass="$(rclone obscure "$NC_SHARE_PASSWORD")"
# Get website files
git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO" git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO"
# Get content from nextcloud
rclone sync --webdav-url="$webdav_url" --webdav-user="$webdav_user" --webdav-pass="$webdav_pass" --webdav-vendor=nextcloud :webdav: "$HTTP_DIR/$CLOUD_LOCAL_PATH" rclone sync --webdav-url="$webdav_url" --webdav-user="$webdav_user" --webdav-pass="$webdav_pass" --webdav-vendor=nextcloud :webdav: "$HTTP_DIR/$CLOUD_LOCAL_PATH"
# Go to website
cd "$HTTP_DIR" cd "$HTTP_DIR"
# Rename .attachement dirs created by nextcloud
while read filename ; do
oldname="$(basename "$filename")"
newname="${oldname:1}"
path="$(dirname "$filename")"
# And rename their references in md files
find -type f -iname '*.md' -exec sed -i "s/$oldname/$newname/g" {} \;
mv "$path/$oldname" "$path/$newname"
done < <(find -type d -name '.attachments.*')
# Build the website
hugo hugo

4
services/etrevivant.net/nginx_server.conf
View File

@ -1,8 +1,8 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/$JC_SERVICE/fullchain.pem; ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$JC_SERVICE/privkey.pem; ssl_certificate_key $JC_CERT/privkey.pem;
server_name $JC_SERVICE www.$JC_SERVICE; server_name $JC_SERVICE www.$JC_SERVICE;
root $HTTP_DIR/public/; root $HTTP_DIR/public/;

4
services/feteducourt.jean-cloud.net/nginx_server.conf
View File

@ -1,8 +1,8 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/$JC_SERVICE/fullchain.pem; ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$JC_SERVICE/privkey.pem; ssl_certificate_key $JC_CERT/privkey.pem;
server_name $JC_SERVICE www.$JC_SERVICE; server_name $JC_SERVICE www.$JC_SERVICE;
location / { location / {
root $HTTP_DIR; root $HTTP_DIR;

4
services/feteducourt2020.jean-cloud.net/nginx_server.conf
View File

@ -1,8 +1,8 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/$JC_SERVICE/fullchain.pem; ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/$JC_SERVICE/privkey.pem; ssl_certificate_key $JC_CERT/privkey.pem;
server_name $JC_SERVICE www.$JC_SERVICE; server_name $JC_SERVICE www.$JC_SERVICE;
location / { location / {
root $HTTP_DIR; root $HTTP_DIR;

4
services/jean-cloud.net/nginx_server.conf
View File

@ -1,8 +1,8 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/jean-cloud.net/fullchain.pem; ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/jean-cloud.net/privkey.pem; ssl_certificate_key $JC_CERT/privkey.pem;
server_name jean-cloud.net www.jean-cloud.net jean-cloud.org www.jean-cloud.org; server_name jean-cloud.net www.jean-cloud.net jean-cloud.org www.jean-cloud.org;
root $HTTP_DIR/output; root $HTTP_DIR/output;

4
services/lexicographe.jean-cloud.net/nginx_server.conf
View File

@ -1,8 +1,8 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/lexicographe.jean-cloud.net/fullchain.pem; ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/lexicographe.jean-cloud.net/privkey.pem; ssl_certificate_key $JC_CERT/privkey.pem;
server_name lexicographe.jean-cloud.net; server_name lexicographe.jean-cloud.net;
root $HTTP_DIR/output; root $HTTP_DIR/output;

4
services/metamorphosemagazine.fr/nginx_server.conf
View File

@ -1,8 +1,8 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/metamorphosemagazine.fr/fullchain.pem; ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/metamorphosemagazine.fr/privkey.pem; ssl_certificate_key $JC_CERT/privkey.pem;
server_name $JC_SERVICE www.$JC_SERVICE; server_name $JC_SERVICE www.$JC_SERVICE;
location / { location / {
add_header Content-language fr; add_header Content-language fr;

2
services/ns1.jean-cloud.org/deploy.sh
View File

@ -38,7 +38,7 @@ runthis () {
fi fi
prepare prepare
primary_ips="$primary_ips$(fakeresolve_ip_list raku)" primary_ips="$primary_ips$(fakeresolve_ip_list tetede)"
secondary_ips="$secondary_ips$(fakeresolve_ip_list shlago)" secondary_ips="$secondary_ips$(fakeresolve_ip_list shlago)"
line_in_file "primary_ips=\"$primary_ips\"" "$DOCKER_DIR/.env" line_in_file "primary_ips=\"$primary_ips\"" "$DOCKER_DIR/.env"

12
services/ns1.jean-cloud.org/helper_functions.sh
View File

@ -6,7 +6,7 @@ fakeresolve_ip_list () {
if [ "$#" -ne 1 ] ; then if [ "$#" -ne 1 ] ; then
die "Usage: fakeresolve_ip_list <name>" die "Usage: fakeresolve_ip_list <name>"
fi fi
grep -oP "^$1[[:space:]]+IN[[:space:]]+A{1,4}[[:space:]]+\K[^;\s]+" "$debian_bind_confdir/$server_zone_file" | tr '\n' ';' grep -oP "^$1[[:space:]]+(IN)?[[:space:]]+A{1,4}[[:space:]]+\K[^;\s]+" "$debian_bind_confdir/$server_zone_file" | tr '\n' ';'
} }
prepare () { prepare () {
@ -57,7 +57,7 @@ fakeresolve () {
shortname="$(echo "$name" | grep -Po '^.*(?=\.[^\.]+\.[^\.]+$)' || true)" shortname="$(echo "$name" | grep -Po '^.*(?=\.[^\.]+\.[^\.]+$)' || true)"
fi fi
grep -v -e '^[[:space:]]*;' "$zonefile" |grep -oP "^[[:space:]]*$shortname\K[[:space:]]*IN[[:space:]]*A{1,4}[[:space:]]*[\S;]+" | sed 's/^/@/' grep -v -e '^[[:space:]]*;' "$zonefile" |grep -oP "^[[:space:]]*$shortname\K[[:space:]]*(IN)?[[:space:]]*A{1,4}[[:space:]]*[\S;]+" | sed 's/^/@/'
} }
@ -95,7 +95,7 @@ addbindline () {
line_in_file "$line" "$bindfile" line_in_file "$line" "$bindfile"
done < <(fakeresolve "$target") done < <(fakeresolve "$target")
else else
line_in_file "$shortname IN CNAME $target." "$bindfile" line_in_file "$shortname CNAME $target." "$bindfile"
fi fi
} }
@ -119,11 +119,11 @@ create_primary_files () {
# Set serial # Set serial
serial="$(date '+%s')" serial="$(date '+%s')"
sed -i "s/\(@ IN SOA [^(]*( \)[0-9]\+/\1$serial/" "$new_db_file" sed -i "s/\(@ SOA [^(]*( \)[0-9]\+/\1$serial/" "$new_db_file"
# If no NS record in the db file # If no NS record in the db file
if [ -z "$(grep '[^;].*IN.*NS' "$new_db_file")" ] ; then if [ -z "$(grep '[^;].*(IN)?.*NS' "$new_db_file")" ] ; then
echo "@ IN NS $default_dns_name" >> "$new_db_file" echo "@ NS $default_dns_name" >> "$new_db_file"
fi fi
# Populate named.conf.local # Populate named.conf.local

4
services/oma-radio.fr/nginx_server.conf
View File

@ -1,8 +1,8 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/oma-radio.fr/fullchain.pem; ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/oma-radio.fr/privkey.pem; ssl_certificate_key $JC_CERT/privkey.pem;
server_name oma-radio.fr www.oma-radio.fr; server_name oma-radio.fr www.oma-radio.fr;
root /data/oma-radio.fr; root /data/oma-radio.fr;

2
services/quadrille-elsa.jean-cloud.net/.env Normal file
View File

@ -0,0 +1,2 @@
GIT_SOURCE_REPO="https://git.jean-cloud.net/adrian/quadrille-elsa.fr/"

16
services/quadrille-elsa.jean-cloud.net/deploy_http.sh Executable file
View File

@ -0,0 +1,16 @@
#!/bin/bash
set -euo pipefail
#. "$DATA_DIR/.env"
#webdav_url="$(echo "$NC_SHARE_LINK" | sed 's#/s/.*#/public.php/webdav/#')"
#webdav_user="$(echo "$NC_SHARE_LINK" |sed 's#.*/s/##')"
#webdav_pass="$(rclone obscure "$NC_SHARE_PASSWORD")"
#wget -qO- "https://github.com/zhaohuabing/hugo-theme-cleanwhite/archive/refs/tags/2.0.0.tar.gz" | tar xvz -C "$HTTP_DIR"
git_update.sh -b main -d "$HTTP_DIR" "$GIT_SOURCE_REPO"
#rclone sync --webdav-url="$webdav_url" --webdav-user="$webdav_user" --webdav-pass="$webdav_pass" --webdav-vendor=nextcloud :webdav: "$HTTP_DIR/$CLOUD_LOCAL_PATH"
cd "$HTTP_DIR"
hugo

22
services/quadrille-elsa.jean-cloud.net/nginx_server.conf Executable file
View File

@ -0,0 +1,22 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name $JC_SERVICE;
root $HTTP_DIR/public/;
# Security headers
# add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self'; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self'; base-uri 'self'; form-action 'self';" always;
# add_header X-Content-Type-Options "nosniff";
# add_header X-Frame-Options SAMEORIGIN always;
# add_header X-XSS-Protection "1; mode=block" always;
# add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
location / {
index index.html;
try_files $uri $uri/ =404;
}
}

3
services/radiodemo-back.oma-radio.fr/.env
View File

@ -1,4 +1,4 @@
NET=172.29.0 NET=10.29.0
TELECOM=.101 TELECOM=.101
MUX=.100 MUX=.100
ICECAST=.110 ICECAST=.110
@ -21,3 +21,4 @@ SOUNDBASE_DIR=/home/data/radiodemo-back.oma-radio.fr/core/radioDemo
USE_SSL=true USE_SSL=true
PUBLIC_WEBSITE_UPSTREAM=https://static.oma-radio.fr/player-interface/1.5.0 PUBLIC_WEBSITE_UPSTREAM=https://static.oma-radio.fr/player-interface/1.5.0
MANAGER_WEBSITE_UPSTREAM=https://static.oma-radio.fr/single-manager/1.1.1 MANAGER_WEBSITE_UPSTREAM=https://static.oma-radio.fr/single-manager/1.1.1
RADIO_HOST=radiodemo.oma-radio.fr

111
services/radiodemo-back.oma-radio.fr/docker-compose.yml
View File

@ -1,47 +1,13 @@
version: '3' version: '3'
services: services:
ambre_mux:
image: jeancloud/mux:$OMA_DOCKER_VERSION
env_file: .env
environment:
OMA_CONFIG_Client1Host: $NET.108
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
volumes:
- $SOUNDBASE_DIR/pige:/app/pige
ports:
- $MUX_SERVER_PORT:9000
restart: unless-stopped
networks:
default:
ipv4_address: $NET$MUX
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
saphir_telecom_server:
image: jeancloud/telecom-server:$OMA_DOCKER_VERSION
env_file: .env
ports:
- $TELECOM_SERVER_PORT:3490
restart: unless-stopped
networks:
default:
ipv4_address: $NET$TELECOM
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
anthracite_jukebox: anthracite_jukebox:
image: jeancloud/jukebox:$OMA_DOCKER_VERSION image: jeancloud/jukebox:$OMA_DOCKER_VERSION
env_file: .env env_file: .env
environment: environment:
OMA_CONFIG_TelecommandeHost: $NET$TELECOM OMA_CONFIG_TelecommandeHost: $RADIO_HOST
OMA_CONFIG_Client1Host: $NET$MUX OMA_CONFIG_TelecommandePort: $TELECOM_SERVER_PORT
OMA_CONFIG_Client1Host: $RADIO_HOST
OMA_CONFIG_Client1Port: $MUX_SERVER_PORT
volumes: volumes:
- $SOUNDBASE_DIR:/app/soundBase - $SOUNDBASE_DIR:/app/soundBase
- $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM - $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM
@ -59,7 +25,7 @@ services:
image: jeancloud/jukebox-simulator:$OMA_DOCKER_VERSION image: jeancloud/jukebox-simulator:$OMA_DOCKER_VERSION
env_file: .env env_file: .env
environment: environment:
OMA_CONFIG_TelecommandeHost: $NET$TELECOM OMA_CONFIG_TelecommandeHost: $RADIO_HOST
volumes: volumes:
- $SOUNDBASE_DIR:/app/soundBase - $SOUNDBASE_DIR:/app/soundBase
restart: unless-stopped restart: unless-stopped
@ -82,7 +48,7 @@ services:
image: jeancloud/baseimport:$OMA_DOCKER_VERSION image: jeancloud/baseimport:$OMA_DOCKER_VERSION
env_file: .env env_file: .env
environment: environment:
OMA_CONFIG_TelecommandeHost: $NET$TELECOM OMA_CONFIG_TelecommandeHost: $RADIO_HOST
volumes: volumes:
- $SOUNDBASE_DIR:/app/soundBase - $SOUNDBASE_DIR:/app/soundBase
restart: unless-stopped restart: unless-stopped
@ -95,29 +61,12 @@ services:
cpus: '0.50' cpus: '0.50'
memory: 500M memory: 500M
amarante_webserver:
image: jeancloud/webserver:$OMA_DOCKER_VERSION
env_file: .env
environment:
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
OMA_CONFIG_PigeTxtLoadFic: off
restart: unless-stopped
volumes:
- $SOUNDBASE_DIR:/soundbase
networks:
default:
ipv4_address: $NET$WEBSERVER
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
rubis_base_mg: rubis_base_mg:
image: jeancloud/base-mg:$OMA_DOCKER_VERSION image: jeancloud/base-mg:$OMA_DOCKER_VERSION
env_file: .env env_file: .env
environment: environment:
OMA_CONFIG_TelecommandeHost: $NET$TELECOM OMA_CONFIG_TelecommandeHost: $RADIO_HOST
restart: unless-stopped restart: unless-stopped
volumes: volumes:
- $SOUNDBASE_DIR:/soundbase - $SOUNDBASE_DIR:/soundbase
@ -135,7 +84,7 @@ services:
image: jeancloud/system-api:dev image: jeancloud/system-api:dev
env_file: .env env_file: .env
environment: environment:
OMA_CONFIG_TelecommandeHost: $NET$TELECOM OMA_CONFIG_TelecommandeHost: $RADIO_HOST
UID: 33 UID: 33
SOUNDBASE_PATH: /soundbase SOUNDBASE_PATH: /soundbase
MOUNT: /api MOUNT: /api
@ -154,28 +103,6 @@ services:
cpus: '0.50' cpus: '0.50'
memory: 500M memory: 500M
transcode:
image: savonet/liquidsoap:v2.1.4
env_file: .env
volumes:
- ./icecast.liq:/transcode.liq
- $SOUNDBASE_DIR:/soundbase
command: /transcode.liq
restart: unless-stopped
networks:
default:
ipv4_address: $NET.108
#radioking:
# image: jeancloud/liquidsoap:1.3.7
# env_file: .env
# volumes:
# - ./radioking.liq:/radioking.liq
# command: /radioking.liq
# restart: unless-stopped
# networks:
# default:
# ipv4_address: $NET.111
#ammolite_mp3_addon: #ammolite_mp3_addon:
# image: jeancloud/mp3addon:$OMA_DOCKER_VERSION # image: jeancloud/mp3addon:$OMA_DOCKER_VERSION
@ -203,28 +130,6 @@ services:
# environment: # environment:
# DOXY_PROXY_SOCKET: /tmp/doxy/doxy.sock # DOXY_PROXY_SOCKET: /tmp/doxy/doxy.sock
icecast:
image: infiniteproject/icecast
restart: unless-stopped
environment:
# echo -n "source:pass" | base64
ICECAST_SOURCE_PASSWORD: JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f
ICECAST_ADMIN_PASSWORD: STh5LrPMvp876KPoajCPEUpehE98JPqZ6sEixSnzJ42CR2MdyPMBYfzjGpbAzajNgw8jsuLh
ICECAST_RELAY_PASSWORD: r2LgmDocgyYh7DqhSsey8tM99wxdViTpLtyi9tcWHtokC73QnC6kQLRRb58VUy5FXYnStRsG
ICECAST_ADMIN_USERNAME: admin
ICECAST_ADMIN_EMAIL: contact@oma-radio.fr
ICECAST_LOCATION: Rhône-Alpes
TZ: Europe/Paris
healthcheck:
test: "wget http://localhost:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://localhost:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'"
interval: 5m0s
timeout: 10s
retries: 3
start_period: 1m0s
networks:
default:
ipv4_address: $NET$ICECAST
networks: networks:
default: default:
ipam: ipam:

20
services/radiodemo-back.oma-radio.fr/wg-radiodemo.sh
View File

@ -1,20 +0,0 @@
#!/bin/bash
set -euo pipefail
. .env
[ -f "$DATA_DIR/privatekey" ] || { echo 'No privatekey found' && exit 1 ; }
echo "
[Interface]
PrivateKey = $(cat "$DATA_DIR/privatekey")
Address = 10.29.0.1/32
ListenPort = 55820
[Peer]
PublicKey = iwIsUriF4CT/Jpu29VXlj43hT3bUjG67FeEgCTcQCVc=
AllowedIPs = 10.29.0.254/32
Endpoint = radiodemo.oma-radio.fr:55820
PersistentKeepalive = 30
"

3
services/radiodemo.oma-radio.fr/.env
View File

@ -7,3 +7,6 @@ WEBSOCKET_PORT=2004
RADIO_HOST=radiodemo.oma-radio.fr RADIO_HOST=radiodemo.oma-radio.fr
MUX_SERVER_PORT=9004 MUX_SERVER_PORT=9004
TELECOM_SERVER_PORT=3494 TELECOM_SERVER_PORT=3494
SOUNDBASE_DIR=/data/radiodemo.oma-radio.fr/soundbase
OMA_DOCKER_VERSION=dev
ICECAST=.110

107
services/radiodemo.oma-radio.fr/docker-compose.yml Normal file
View File

@ -0,0 +1,107 @@
version: '3'
services:
ambre_mux:
image: jeancloud/mux:$OMA_DOCKER_VERSION
env_file: .env
environment:
OMA_CONFIG_Client1Host: $NET.108
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
volumes:
- $SOUNDBASE_DIR/pige:/app/pige
ports:
- $MUX_SERVER_PORT:9000
restart: unless-stopped
networks:
default:
ipv4_address: $NET$MUX
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
saphir_telecom_server:
image: jeancloud/telecom-server:$OMA_DOCKER_VERSION
env_file: .env
ports:
- $TELECOM_SERVER_PORT:3490
restart: unless-stopped
networks:
default:
ipv4_address: $NET$TELECOM
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
amarante_webserver:
image: jeancloud/webserver:$OMA_DOCKER_VERSION
env_file: .env
environment:
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
OMA_CONFIG_PigeTxtLoadFic: off
restart: unless-stopped
volumes:
- $SOUNDBASE_DIR:/soundbase
networks:
default:
ipv4_address: $NET$WEBSERVER
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
transcode:
image: savonet/liquidsoap:v2.1.4
env_file: .env
volumes:
- ./icecast.liq:/transcode.liq
- $SOUNDBASE_DIR:/soundbase
command: /transcode.liq
restart: unless-stopped
networks:
default:
ipv4_address: $NET.108
#radioking:
# image: jeancloud/liquidsoap:1.3.7
# env_file: .env
# volumes:
# - ./radioking.liq:/radioking.liq
# command: /radioking.liq
# restart: unless-stopped
# networks:
# default:
# ipv4_address: $NET.111
icecast:
image: infiniteproject/icecast
restart: unless-stopped
environment:
# echo -n "source:pass" | base64
ICECAST_SOURCE_PASSWORD: JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f
ICECAST_ADMIN_PASSWORD: STh5LrPMvp876KPoajCPEUpehE98JPqZ6sEixSnzJ42CR2MdyPMBYfzjGpbAzajNgw8jsuLh
ICECAST_RELAY_PASSWORD: r2LgmDocgyYh7DqhSsey8tM99wxdViTpLtyi9tcWHtokC73QnC6kQLRRb58VUy5FXYnStRsG
ICECAST_ADMIN_USERNAME: admin
ICECAST_ADMIN_EMAIL: contact@oma-radio.fr
ICECAST_LOCATION: Rhône-Alpes
TZ: Europe/Paris
healthcheck:
test: "wget http://localhost:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://localhost:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'"
interval: 5m0s
timeout: 10s
retries: 3
start_period: 1m0s
networks:
default:
ipv4_address: $NET$ICECAST
networks:
default:
ipam:
config:
- subnet: $NET.0/24

20
services/radiodemo-back.oma-radio.fr/icecast.liq → services/radiodemo.oma-radio.fr/icecast.liq
View File

@ -1,12 +1,18 @@
#!/usr/bin/liquidsoap #!/usr/bin/liquidsoap
#
def integrity_check(filename) def clean_and_check (filename)
log.important("Integrity check of #{filename}.")
ts = string.split(separator='/', filename) ts = string.split(separator='/', filename)
ts = int_of_string(list.hd(string.split(separator='\.', list.nth(ts, list.length(ts)-1)))) ts = int_of_string(list.hd(string.split(separator='\.', list.nth(ts, list.length(ts)-1))))
if ts mod 60 == 0 then integrity_check (ts)
log.important("#{filename} is ok") clean_old_pige (ts)
else end
def clean_and_check (filename)
end
def integrity_check(filename)
if ts mod 60 != 0 then
log.important("#{filename} is to fix") log.important("#{filename} is to fix")
end end
end end
@ -36,5 +42,5 @@ output.icecast(
input1) input1)
# Pige # Pige
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=integrity_check) output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check)

33
services/radiodemo.oma-radio.fr/wg-radiodemo.sh
View File

@ -1,33 +0,0 @@
#!/bin/bash
set -euo pipefail
. .env
wgif="$1"
echo "
[Interface]
PrivateKey = $(cat $DATA_DIR/privatekey)
Address = 10.29.0.254/32
ListenPort = 55820
# packet forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1
# port forwarding
PreUp = iptables -t nat -A PREROUTING -p tcp --dport $MUX_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$MUX_SERVER_PORT
PreUp = iptables -t nat -A PREROUTING -p tcp --dport $TELECOM_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$TELECOM_SERVER_PORT
PostDown = iptables -t nat -D PREROUTING -p tcp --dport $MUX_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$MUX_SERVER_PORT
PostDown = iptables -t nat -D PREROUTING -p tcp --dport $TELECOM_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$TELECOM_SERVER_PORT
# packet masquerading
PreUp = iptables -t nat -A POSTROUTING -o $wgif -j MASQUERADE
PostDown = iptables -t nat -D POSTROUTING -o $wgif -j MASQUERADE
# remote settings for the private server
[Peer]
PublicKey = 1YIpMhZGrZRnZPlrTjtCfjvXXGk8j0Ug2AfcHEtN/hE=
AllowedIPs = 10.29.0.1/32,$NET.0/24
"

9
services/services.txt
View File

@ -15,20 +15,23 @@ gypsylyonfestival.com max.jean-cloud.org
inurbe.fr max.jean-cloud.org inurbe.fr max.jean-cloud.org
jean-cloud.net shlago.jean-cloud.org jean-cloud.net shlago.jean-cloud.org
leida.fr vandamme.jean-cloud.org leida.fr vandamme.jean-cloud.org
letsencrypt.jean-cloud.org max.jean-cloud.org dnscerts.jean-cloud.org max.jean-cloud.org
lexicographe.jean-cloud.net shlago.jean-cloud.org lexicographe.jean-cloud.net shlago.jean-cloud.org
metamorphosemagazine.fr shlago.jean-cloud.org metamorphosemagazine.fr shlago.jean-cloud.org
nc-backup.jean-cloud.net raku.jean-cloud.org nc-backup.jean-cloud.net raku.jean-cloud.org
ns1.jean-cloud.org raku.jean-cloud.org ns1.jean-cloud.org tetede.jean-cloud.org
ns.jean-cloud.org shlago.jean-cloud.org ns.jean-cloud.org shlago.jean-cloud.org
nuage.jean-cloud.net vandamme.jean-cloud.org nuage.jean-cloud.net vandamme.jean-cloud.org
pa1.studios.oma-radio.fr tetede.jean-cloud.org pa1.studios.oma-radio.fr tetede.jean-cloud.org
paj.oma-radio.fr nougaro.jean-cloud.org paj.oma-radio.fr nougaro.jean-cloud.org
quadrille-elsa.jean-cloud.net shlago.jean-cloud.org
radiodemo-back.oma-radio.fr montbonnot.jean-cloud.org radiodemo-back.oma-radio.fr montbonnot.jean-cloud.org
radiodemo.oma-radio.fr tetede.jean-cloud.org radiodemo.oma-radio.fr tetede.jean-cloud.org
radionimaitre.oma-radio.fr tetede.jean-cloud.org radionimaitre.oma-radio.fr tetede.jean-cloud.org
raplacgr.jean-cloud.net tetede.jean-cloud.org raplacgr.jean-cloud.net tetede.jean-cloud.org
rpnow.jean-cloud.net vandamme.jean-cloud.org rpnow.jean-cloud.net vandamme.jean-cloud.org
sftp.jean-cloud.net max.jean-cloud.org sftp.jean-cloud.net raku.jean-cloud.org
velov.jean-cloud.net shlago.jean-cloud.org velov.jean-cloud.net shlago.jean-cloud.org
wiki-cgr.jean-cloud.net vandamme.jean-cloud.org wiki-cgr.jean-cloud.net vandamme.jean-cloud.org
static.jean-cloud.net vandamme.jean-cloud.org
oma-radio.fr vandamme.jean-cloud.org

4
services/velov.jean-cloud.net/nginx_server.conf
View File

@ -1,8 +1,8 @@
server { server {
listen 443 ssl http2; listen 443 ssl http2;
listen [::]:443 ssl http2; listen [::]:443 ssl http2;
ssl_certificate /etc/letsencrypt/live/velov.jean-cloud.net/fullchain.pem; ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/velov.jean-cloud.net/privkey.pem; ssl_certificate_key $JC_CERT/privkey.pem;
server_name velov.jean-cloud.net www.velov.jean-cloud.net; server_name velov.jean-cloud.net www.velov.jean-cloud.net;
root $HTTP_DIR; root $HTTP_DIR;