diff --git a/.gitignore b/.gitignore index e7e7931..fa455f0 100644 --- a/.gitignore +++ b/.gitignore @@ -1,3 +1,4 @@ installing/temporary_mount_point installing/secrets provisioning/roles/deploy_all/files/secrets +.~lock.* diff --git a/installing/notes b/installing/notes index 216e221..2fec2df 100644 --- a/installing/notes +++ b/installing/notes @@ -4,4 +4,31 @@ DO NOT REBOOT IT. it sometimes fails… raku : + ajouter nonfree dans les sources --i firmware-atheros +-i firmware-atheros -i firmware-realtek + +cheri : +cat > /etc/init.d/autoreboot < /dev/tty1 +if ! ip a | grep -q 'eth0' ; then + echo 'eth0 not found. rebooting' >/dev/tty1 + sleep 3 + reboot +else + echo 'eth0 found' >/dev/tty1 + sleep 3 + exit 0 +fi +exit 0 +EOF +chmod +x /etc/init.d/autoreboot diff --git a/old_services/chahut.jean-cloud.net/docker-compose.yml b/old_services/chahut.jean-cloud.net/docker-compose.yml new file mode 100644 index 0000000..b960be4 --- /dev/null +++ b/old_services/chahut.jean-cloud.net/docker-compose.yml @@ -0,0 +1,41 @@ +version: '3.1' + +services: + + wp: + image: wordpress:5-apache + restart: unless-stopped + env_file: $DATA_DIR/wordpress.env + volumes: + - $DATA_DIR/wordpress:/var/www/html + - /srv/http/$JC_SERVICE:/var/www/html/static + networks: + default: + ipv4_address: $NET.100 + deploy: + resources: + limits: + cpus: '0.50' + memory: 100M + + db: + image: mariadb:10.11 + restart: unless-stopped + env_file: $DATA_DIR/wordpress.env + volumes: + - $DATA_DIR/db:/var/lib/mysql + networks: + default: + ipv4_address: $NET.101 + deploy: + resources: + limits: + cpus: '0.50' + memory: 300M + +networks: + default: + ipam: + config: + - subnet: $NET.0/24 + diff --git a/old_services/chahut.jean-cloud.net/nginx_server.conf b/old_services/chahut.jean-cloud.net/nginx_server.conf new file mode 100755 index 0000000..a26e2c7 --- /dev/null +++ b/old_services/chahut.jean-cloud.net/nginx_server.conf @@ -0,0 +1,30 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; + server_name wordpress.$JC_SERVICE www.wordpress.$JC_SERVICE; + location / { + auth_basic "Mot de passe !"; + auth_basic_user_file /data/$JC_SERVICE/pass.txt; + client_max_body_size 2G; + #proxy_set_header X-Real-IP $remote_addr; + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Proto https; + proxy_pass http://$NET.100; + proxy_redirect off; + } +} + +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; + server_name $JC_SERVICE www.$JC_SERVICE; + + location / { + root /srv/http/$JC_SERVICE; + try_files $uri $uri/ =404; + } +} diff --git a/old_services/coldcms.chahut.jean-cloud.net/docker-compose.yml b/old_services/coldcms.chahut.jean-cloud.net/docker-compose.yml new file mode 100644 index 0000000..75b2e3a --- /dev/null +++ b/old_services/coldcms.chahut.jean-cloud.net/docker-compose.yml @@ -0,0 +1,32 @@ +version: '2' + +services: + + coldcms: + image: coldcms/coldcms-backend:latest + volumes: + - $DATA_DIR/coldcms:/srv/build + - $DATA_DIR/db:/var/db + environment: + - DJANGO_SETTINGS_MODULE=coldcms.settings + - DB_URL=sqlite:////var/db/database.sqlite3 + - BUILD_DIR=/srv/build + - STATIC_ROOT=/srv/build/static/ + - ALLOWED_HOSTS=$JC_SERVICE + - SECRET_KEY=275bLEjLIsDg19HkIcjjwgdC41zcyTAc1y527VuX23khKUZGRCMybChydeBKFNJVjhD0KMrzIeLbMlS30IxPhfqLAcR2OK0LVxOu4G8dgx3p2pia4SUFm39tOznKZ0Kt9IdbX + restart: unless-stopped + networks: + default: + ipv4_address: $NET.100 + deploy: + resources: + limits: + cpus: '0.50' + memory: 500M + + +networks: + default: + ipam: + config: + - subnet: $NET.0/24 diff --git a/old_services/coldcms.chahut.jean-cloud.net/nginx_server.conf b/old_services/coldcms.chahut.jean-cloud.net/nginx_server.conf new file mode 100644 index 0000000..ddee107 --- /dev/null +++ b/old_services/coldcms.chahut.jean-cloud.net/nginx_server.conf @@ -0,0 +1,55 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; + server_name $JC_SERVICE www.$JC_SERVICE; + + add_header Strict-Transport-Security "max-age=31536000"; + + gzip on; + gzip_disable "msie6"; + gzip_types text/plain text/css application/json text/xml application/xml text/javascript application/x-javascript; + gzip_min_length 1000; + gzip_proxied no-cache no-store private expired auth; + gzip_vary on; + + root $HTTP_DIR; + + location / { + set $try_files_value ''; + if ($request_method = GET){ + set $try_files_value $uri/; + } + gzip_static on; + try_files $try_files_value @uwsgi_backend; + } + + + location @uwsgi_backend { + uwsgi_pass $NET.100:8000; + include uwsgi_params; + client_max_body_size 20m; + } + + location /media/ { + gzip_static on; + expires 100d; + add_header Cache-Control public; + access_log off; + } + + location /static/ { + gzip_static on; + expires 100d; + add_header Cache-Control public; + access_log off; + } + + location /admin/ { + uwsgi_pass $NET.100:8000; + include uwsgi_params; + client_max_body_size 20m; + } +} + diff --git a/old_services/grapes.chahut.jean-cloud.net/.env b/old_services/grapes.chahut.jean-cloud.net/.env new file mode 100644 index 0000000..2438616 --- /dev/null +++ b/old_services/grapes.chahut.jean-cloud.net/.env @@ -0,0 +1 @@ +GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/grapesjs diff --git a/old_services/grapes.chahut.jean-cloud.net/deploy_user.sh b/old_services/grapes.chahut.jean-cloud.net/deploy_user.sh new file mode 100755 index 0000000..93db870 --- /dev/null +++ b/old_services/grapes.chahut.jean-cloud.net/deploy_user.sh @@ -0,0 +1,3 @@ +#!/bin/bash + +git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO" diff --git a/old_services/grapes.chahut.jean-cloud.net/docker-compose.yml b/old_services/grapes.chahut.jean-cloud.net/docker-compose.yml new file mode 100755 index 0000000..f1a3a1c --- /dev/null +++ b/old_services/grapes.chahut.jean-cloud.net/docker-compose.yml @@ -0,0 +1,19 @@ +version: '3' +services: + json_server: + image: jeancloud/json-server + volumes: + - "$DATA_DIR:/usr/lib/json-server" + networks: + default: + ipv4_address: $NET.100 + deploy: + resources: + limits: + cpus: '0.50' + memory: 100M +networks: + default: + ipam: + config: + - subnet: $NET.0/24 diff --git a/old_services/grapes.chahut.jean-cloud.net/nginx_server.conf b/old_services/grapes.chahut.jean-cloud.net/nginx_server.conf new file mode 100755 index 0000000..193e24f --- /dev/null +++ b/old_services/grapes.chahut.jean-cloud.net/nginx_server.conf @@ -0,0 +1,35 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; + server_name grapes.chahut.jean-cloud.net; + root $HTTP_DIR; + + # Security headers + # We can create a file with the base security headers and include it. + # Will it be possible to overload them then ? + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + #add_header Content-Security-Policy "default-src 'self' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ ;frame-ancestors 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ ; img-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ ; base-uri 'self'; form-action 'self';" always; + add_header X-Content-Type-Options "nosniff"; + add_header X-Frame-Options SAMEORIGIN always; + add_header X-XSS-Protection "1; mode=block" always; + #add_header Referrer-Policy "strict-origin-when-cross-origin"; + add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='https://mailer.jean-cloud.net';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';"; + + auth_basic "Mot de passe !"; + auth_basic_user_file $DATA_DIR/pass.txt; + + location / { + index index.html; + try_files $uri $uri/ =404; + } + + location /projects { + proxy_set_header Host $http_host; + proxy_set_header X-Forwarded-Proto https; + proxy_pass http://$NET.100:3000; + proxy_redirect off; + + } +} diff --git a/old_services/paj.oma-radio.fr/.env b/old_services/paj.oma-radio.fr/.env new file mode 100644 index 0000000..123b9a4 --- /dev/null +++ b/old_services/paj.oma-radio.fr/.env @@ -0,0 +1,19 @@ +TZ=Europe/Paris +OMA_DOCKER_VERSION=8 +WEBSOCKET_PORT=2002 +TELECOM_SERVER_PORT=3492 +MUX_SERVER_PORT=9002 +RADIO_NAME_SIMPLE=paj +OMA_CONFIG_NomRadio=paj +RADIO_NAME_PRETTY="Paj Radio" +RADIO_HOST=paj.oma-radio.fr +COMPOSE_NAME=pajoma-radiofr +DOCKER_INSTANCES_PREFIX=pajoma-radiofr- +DOCKER_INSTANCES_SUFIX=-1 +DATA_DIR=/data/paj.oma-radio.fr +USE_SSL=true +PUBLIC_WEBSITE_UPSTREAM=https://static.oma-radio.fr/player-interface/1.3.0 +MANAGER_WEBSITE_UPSTREAM=https://static.oma-radio.fr/single-manager/1.1.0 +SYNCTHINGS_API_KEY=425qLiE5QMJmFjgoxUHRgxD2icWNmkdy +SYNCTHINGS_LABEL_PREFIX="[oma] [paj] " +SYNCTHINGS_PRIVATE_KEY="/keys/Niilos" diff --git a/old_services/paj.oma-radio.fr/docker-compose.yml b/old_services/paj.oma-radio.fr/docker-compose.yml new file mode 100644 index 0000000..27a4958 --- /dev/null +++ b/old_services/paj.oma-radio.fr/docker-compose.yml @@ -0,0 +1,181 @@ +version: '3' +services: + ambre_mux: + image: registry.oma-radio.fr/mux:$OMA_DOCKER_VERSION + env_file: .env + environment: + OMA_CONFIG_Client1Url: /paj.ogg + volumes: + - $DATA_DIR/soundbase/pige:/app/pige + ports: + - $MUX_SERVER_PORT:9000 + restart: unless-stopped + networks: + default: + ipv4_address: $NET.100 + deploy: + resources: + limits: + cpus: '0.50' + memory: 100M + + + saphir_telecom_server: + image: registry.oma-radio.fr/telecom-server:$OMA_DOCKER_VERSION + env_file: .env + ports: + - $TELECOM_SERVER_PORT:3490 + restart: unless-stopped + networks: + default: + ipv4_address: $NET.101 + deploy: + resources: + limits: + cpus: '0.50' + memory: 100M + + anthracite_jukebox: + image: registry.oma-radio.fr/jukebox:$OMA_DOCKER_VERSION + env_file: .env + volumes: + - $DATA_DIR/soundbase:/app/soundBase + - $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM + restart: unless-stopped + networks: + default: + ipv4_address: $NET.102 + deploy: + resources: + limits: + cpus: '0.50' + memory: 100M + + azurite_jukebox_simulator: + image: registry.oma-radio.fr/jukebox-simulator:$OMA_DOCKER_VERSION + env_file: .env + volumes: + - $DATA_DIR/soundbase:/app/soundBase + restart: unless-stopped + deploy: + resources: + limits: + cpus: '0.50' + memory: 100M + + + agate_importer: + image: registry.oma-radio.fr/baseimport:$OMA_DOCKER_VERSION + env_file: .env + volumes: + - $DATA_DIR/soundbase:/app/soundBase + restart: unless-stopped + networks: + default: + ipv4_address: $NET.104 + deploy: + resources: + limits: + cpus: '0.50' + memory: 100M + + amarante_webserver: + image: registry.oma-radio.fr/webserver:$OMA_DOCKER_VERSION + env_file: .env + environment: + OMA_CONFIG_PigeOggConsigne: 5000 + OMA_CONFIG_PigeOggMax: 5100 + OMA_CONFIG_PigeOggMaxMax: 5500 + OMA_CONFIG_PigeTextConsigne: 10000 + OMA_CONFIG_PigeTextMax: 11000 + OMA_CONFIG_PigeTextMaxMax: 15000 + OMA_CONFIG_PodCacheSize: 25 # to fix a webserver bug + restart: unless-stopped + networks: + default: + ipv4_address: $NET.105 + volumes: + - $DATA_DIR/soundbase:/soundbase + deploy: + resources: + limits: + cpus: '0.50' + memory: 100M + + rubis_base_mg: + image: registry.oma-radio.fr/base-mg:$OMA_DOCKER_VERSION + restart: unless-stopped + networks: + default: + ipv4_address: $NET.106 + volumes: + - $DATA_DIR/soundbase:/soundbase + deploy: + resources: + limits: + cpus: '0.50' + memory: 100M + + + system_api: + image: registry.oma-radio.fr/system-api:master + env_file: .env + environment: + UID: 33 + SOUNDBASE_PATH: /soundbase + MOUNT: /api + CONFIG_PATH: /config + restart: unless-stopped + networks: + default: + ipv4_address: $NET.107 + volumes: + - /tmp/uwsgi/$RADIO_HOST:/tmp/uwsgi + - /var/run/docker.sock:/var/run/docker.sock + - $DATA_DIR/soundbase:/soundbase + - /data/soundbase.oma-radio.fr/Niilos:/keys/Niilos + deploy: + resources: + limits: + cpus: '0.50' + memory: 100M + + liquidsoap: + image: registry.oma-radio.fr/liquidsoap:1.3.7 + env_file: .env + volumes: + - $DATA_DIR/secours.ogg:/secours.ogg + - ./transcode.liq:/transcode.liq + command: /transcode.liq + restart: unless-stopped + networks: + default: + ipv4_address: $NET.108 + + icecast: + image: registry.oma-radio.fr/icecast:alpine-2.4.0 + environment: + - ICECAST_SOURCE_PASSWORD=JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f + - ICECAST_ADMIN_PASSWORD=STh5LrPMvp876KPoajCPEUpehE98JPqZ6sEixSnzJ42CR2MdyPMBYfzjGpbAzajNgw8jsuLh + - ICECAST_RELAY_PASSWORD=r2LgmDocgyYh7DqhSsey8tM99wxdViTpLtyi9tcWHtokC73QnC6kQLRRb58VUy5FXYnStRsG + - ICECAST_ADMIN_USERNAME=admin + - ICECAST_ADMIN_EMAIL=contact@oma-radio.fr + - ICECAST_LOCATION=Rhône-Alpes + - TZ=Europe/Paris + restart: unless-stopped + networks: + default: + ipv4_address: $NET.109 + deploy: + resources: + limits: + cpus: '0.50' + memory: 100M + + +networks: + default: + ipam: + config: + - subnet: $NET.0/24 + diff --git a/old_services/paj.oma-radio.fr/nginx_server.conf b/old_services/paj.oma-radio.fr/nginx_server.conf new file mode 100644 index 0000000..f11bc44 --- /dev/null +++ b/old_services/paj.oma-radio.fr/nginx_server.conf @@ -0,0 +1,187 @@ +# Parameters: +# radio name +# file path +# ws port (local) +# wss port (open) +# upload service port +# ssl certs location + +# TODO +# /speedtest-down returns random data +# can use : openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero > randomfile.bin +# /speedtest-up just eat everything it can + + +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +server{ + listen $WEBSOCKET_PORT ssl; + listen [::]:$WEBSOCKET_PORT ssl; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; + + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_pass http://$NET.105:9000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 120s; + } +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name $RADIO_HOST www.$RADIO_HOST; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; + + root $DATA_DIR/soundbase/website; + index index.html; + + location = /direct.ogg { + proxy_pass http://$NET.109:8000/$RADIO_NAME_SIMPLE.ogg; + } + location = /direct.mp3 { + proxy_pass http://$NET.109:8000/$RADIO_NAME_SIMPLE.mp3; + } + + location = /api { rewrite ^ /api/; } + location ~ /api(/.*) { + auth_basic "Entrez votre identifiant et mot de passe"; + auth_basic_user_file $DATA_DIR/soundbase/users.htpasswd; + include uwsgi_params; + uwsgi_param PATH_INFO "$1"; + uwsgi_param SCRIPT_NAME /api; + uwsgi_pass unix:/tmp/uwsgi/$RADIO_HOST/uwsgi-api.sock; + client_max_body_size 0; + proxy_connect_timeout 6000; + proxy_send_timeout 60000; + proxy_read_timeout 6000; + send_timeout 6000; + # kill cache + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + } + + location /pige{ + alias $DATA_DIR/soundbase/pige; + try_files $uri $uri/ =404; + } + location /pigeMp3{ + alias $DATA_DIR/soundbase/pigeMp3; + try_files $uri $uri/ =404; + } + location /png { + alias $DATA_DIR/soundbase/png; + try_files $uri $uri/ =404; + } + location /jpgL { + alias $DATA_DIR/soundbase/jpgL; + try_files $uri $uri/ =404; + } + location /jpgH { + alias $DATA_DIR/soundbase/jpgH; + try_files $uri $uri/ =404; + } + location /webpL { + alias $DATA_DIR/soundbase/webpL; + try_files $uri $uri/ =404; + } + location /webpH { + alias $DATA_DIR/soundbase/webpH; + try_files $uri $uri/ =404; + } + location /ogg { + alias $DATA_DIR/soundbase/ogg; + try_files $uri $uri/ =404; + } + location /txt { + # kill cache + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + alias $DATA_DIR/soundbase/txt; + try_files $uri $uri/ =404; + } + location /wavM { + # kill cache + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + alias $DATA_DIR/soundbase/wavM; + try_files $uri $uri/ =404; + } + location /wav { + # kill cache + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + alias $DATA_DIR/soundbase/wav; + try_files $uri $uri/ =404; + } + location /fiches { + alias $DATA_DIR/soundbase/fiches; + try_files $uri $uri/ =404; + } + location /prg { + # kill cache + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + alias $DATA_DIR/soundbase/prg; + try_files $uri $uri/ =404; + } + location /listes { + # kill cache + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + alias $DATA_DIR/soundbase/listes; + try_files $uri $uri/ =404; + } + location /statique { + alias $DATA_DIR/soundbase/statique; + try_files $uri $uri/ =404; + # kill cache + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + } + + # Admin interface + location /manager { + auth_basic "Entrez votre identifiant et mot de passe"; + auth_basic_user_file $DATA_DIR/soundbase/users.htpasswd; + try_files $uri $uri/ =404; + } + location = /favicon.ico { + return 301 /favicon.webp; + } + + # for js, css, html — dynamic site, players + location / { + try_files $uri $uri/ =404; + add_header Cache-Control 'public must-revalidate'; + } +} diff --git a/old_services/paj.oma-radio.fr/transcode.liq b/old_services/paj.oma-radio.fr/transcode.liq new file mode 100644 index 0000000..c53c096 --- /dev/null +++ b/old_services/paj.oma-radio.fr/transcode.liq @@ -0,0 +1,13 @@ +#!/usr/bin/liquidsoap + +#input1 = mksafe(input.harbor("direct.ogg",port=8000,password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f")) +input1 = mksafe(input.http("http://172.29.10.109:8000/paj.ogg")) + +# Direct mp3 +output.icecast( + %mp3(stereo=false), + mount="/paj.mp3", + host="172.29.10.109", port=8000, password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f", + input1) + + diff --git a/provisioning/inventory.ini b/provisioning/inventory.ini index d8d7981..46201fe 100644 --- a/provisioning/inventory.ini +++ b/provisioning/inventory.ini @@ -1,13 +1,9 @@ [shlago] -max.jean-cloud.org -tetede.jean-cloud.org +#max.jean-cloud.org raku.jean-cloud.org [servers] -nougaro.jean-cloud.org montbonnot.jean-cloud.org -#blatte.jean-cloud.org -max.jean-cloud.org -tetede.jean-cloud.org +#max.jean-cloud.org raku.jean-cloud.org izzo.jean-cloud.org diff --git a/provisioning/roles/deploy_all/files/bin/deploy_service.sh b/provisioning/roles/deploy_all/files/bin/deploy_service.sh index 410c5d4..c24adbe 100755 --- a/provisioning/roles/deploy_all/files/bin/deploy_service.sh +++ b/provisioning/roles/deploy_all/files/bin/deploy_service.sh @@ -55,12 +55,14 @@ cd "/docker/$service" if "$deploy" ; then run mkdir -p "$DATA_DIR" "$HTTP_DIR" - run chown $uid "$DATA_DIR" + run chown $uid "$DATA_DIR" "$HTTP_DIR" run chmod 751 "$DATA_DIR" run chown $uid:www-data -R "$HTTP_DIR" if [ -d "$SECRET_DIR" ] ; then run chown $uid "$SECRET_DIR" -R - run chmod 751 "$SECRET_DIR" -R + run find "$SECRET_DIR" -type d -exec chmod 751 '{}' \; + run find "$SECRET_DIR" -type f -exec chmod 700 '{}' \; + fi else [ -d "$HTTP_DIR" ] && rm -r "$HTTP_DIR" diff --git a/provisioning/roles/deploy_all/files/bin/deployall.sh b/provisioning/roles/deploy_all/files/bin/deployall.sh index 1983b6c..c286d17 100755 --- a/provisioning/roles/deploy_all/files/bin/deployall.sh +++ b/provisioning/roles/deploy_all/files/bin/deployall.sh @@ -50,6 +50,9 @@ run chmod 755 /data section "Create new conf directory" run mkdir -p "$new_nginx_conf_path" +logdir="/var/log/shlaguernetes/" +run mkdir -p "$logdir" + ############################################################################### # Deploy services ############################################################################### @@ -70,14 +73,14 @@ do [[ "$(getent hosts $target)" != "::1 "* ]] && echo 'Not here' && continue echo "Deploying" - deploy_service.sh "$service" "noreload" + deploy_service.sh "$service" "noreload" &>"$logdir/deploy.$service.$(date +%Y-%m-%d.%Hh-%M-%S)" & if [ "$?" -ne 0 ] ; then failed="$failed $service" fi done < <(grep -v '^#' /docker/services.csv) - +wait restart_nginx.sh if [ -n "$failed" ] ; then diff --git a/provisioning/roles/deploy_all/files/bin/gen_wgconf.sh b/provisioning/roles/deploy_all/files/bin/gen_wgconf.sh new file mode 100755 index 0000000..c19d9f0 --- /dev/null +++ b/provisioning/roles/deploy_all/files/bin/gen_wgconf.sh @@ -0,0 +1,72 @@ +#!/bin/bash + +# This script will generate a single config for a given host and privkey + +# Limits: +# 253 peers 1 -> 254 + +# Lib +. /usr/local/bin/driglibash-base + +# Arg parsing +if [ "$#" -ne 4 ] ; then + die "Usage: $0 \nNet is a /24" +fi + +thisname="$1" +privkey="$2" +port="$3" +net="$4" + + +# script + +content="$(mktemp)" +clean "rm $content" + +while IFS=";" read id name location isp note pubkey ip1 ip2 ip3 ip4 ip5 ; do + # Skip header + [ "$id" = "id" ] && continue + + # Add local config + if [ "$name" = "$thisname" ] ; then + cat <<-EOF + [Interface] # $name + PrivateKey = $(cat "$privkey") + ListenPort = $port + Address = $net.$id/32 + + EOF + else + # Create list of endpoints + endpoints="" + for i in $(seq 1 5) ; do + varname="ip$i" + ip="${!varname}" + echo "$ip" | grep -q ':' && ip="[$ip]" + if [ -n "$ip" ] ; then + endpoints="$endpoints"$'\n'"Endpoint = $ip:$port" + fi + done + + # Correct endpoint value or add keepalive for endpointless hosts + if [ -n "$endpoints" ] ; then + endpoints="${endpoints:1}" + else + endpoints="PersistentKeepalive = 30" + fi + + # Peer config + cat >> "$content" <<-EOF + [Peer] # $name + PublicKey = $pubkey + AllowedIPs = $net.$id/32 + $endpoints + + EOF + fi +done < $DOCKER_DIR/servers.csv + +cat "$content" + +rm "$content" diff --git a/provisioning/roles/deploy_all/files/bin/git_update.sh b/provisioning/roles/deploy_all/files/bin/git_update.sh index 6c9e645..51d7206 100755 --- a/provisioning/roles/deploy_all/files/bin/git_update.sh +++ b/provisioning/roles/deploy_all/files/bin/git_update.sh @@ -1,61 +1,59 @@ #!/bin/bash +Help(){ + echo " +NAME + git_update.sh +SYNOPSIS + git_update.sh [-h] [-r ref] [-d dest] [-H] [-a] repository +OPTIONS + -h prints the help. + -r specifies the reference to the commit to be synchronized. It can be a tag or a branch. By default, it is the last commit of branch main. + It can be different from the actual branch. CAREFUL, the command git branch will always show the original branch name even though a branch switch has happened. + -d specifies the destination of the clone or update. Directory must be empty if a new clone is to be made. + If the repository to be cloned is local, and its path is passed as a relative path, the path should start from the destination. + To avoid mistakes, absolute paths are advised. + -H allows the $HOME directory to be used by git_update.sh. By default, git_update.sh cannot access $HOME to prevent default behavior. + If you need the global .gitconfig located in your $HOME to be used, you should supply the -H option. + -a specifies that the aggressive option of the git garbage collection must be used. Only advised when changes happen in many different objects. Will slow down the execution. + -o ssh options for ssh clone +DESCRIPTION + This script will replace the destination with the wanted commit of a git repository. The history is not preserved but tags are. Untracked files remain. + The git commands have been chosen so as to minimize the memory and bandwidth usages." +} -# Clone un dépôt git au bon endroit -# Stocker un minum de données (et donc nettoyer) -# Télécharger un minimum de données -# En cas de conflit donner raison au remote (on écrase les versions locales) - - -declare -A usage -declare -A varia - +#variables summary="$0 [options] " - -usage[b]="Branch of git repo" -varia[b]=branch -branch=master - -usage[t]="Tog of git repo" -varia[t]=tag -tag= - -usage[d]="Destination of clone" -varia[d]=dst +ref=main dst='.' - -usage[i]="privkey used to ssh pull" -varia[i]=privkey -privkey='' - -usage[N]="Clone to a Non-empty target. Existing files will be overwriten" -varia[N]=nonempty_target -nonempty_target=false - -usage[K]="Remote host key file (known_hosts) for ssh connections" -varia[K]=hostkeyfile -hostkeyfile='' - -usage[H]="Use real home dir" -varia[H]=use_home use_home=false +be_aggressive="false" +ssh_opts="ssh" - -. driglibash-args - - -# Some SSH options -ssh_opt='ssh' -if [ -n "$privkey" ] ; then - ssh_opt="$ssh_opt -i $privkey" -fi - -if [ -n "$hostkeyfile" ] ; then - ssh_opt="$ssh_opt -o 'UserKnownHostsFile $hostkeyfile'" -fi +while getopts ":ho:r:d:H" option; do + case $option in + h) # display Help + Help + exit;; + r) # desired branch or tag + ref="$OPTARG";; + d) # destination of clone + dst="$OPTARG";; + H) # use real home dir + use_home="true";; + a) #use -a in git gc call + be_aggressive="true";; + o) # ssh options + ssh_opts="$ssh_opts $OPTARG";; + \?) # invalid option + echo "Error: Invalid option '$option'" + exit;; + esac +done +shift $((OPTIND-1)) repo="$1" if [ -z "$repo" ] ; then - die "$0: Empty repo given\n$summary" + exit "$0: Empty repo given\n$summary" fi if [ ! $use_home ] ; then @@ -64,44 +62,24 @@ if [ ! $use_home ] ; then set +a fi -run mkdir -p "$dst" -run cd "$dst" - +mkdir -p "$dst" +cd "$dst" if [ -d .git ] ; then - - # Compute git branch and tag - tagref= - if [ -n "$tag" ] ; then - tagref="tags/$tag" - fi - - run git fetch origin "$branch" --tags -f - run git checkout --force $tagref -B "$branch" - run git reset --hard # TODO we can keep some files? - # Preserve existing files in some cases - if ! "$nonempty_target" ; then - git clean -qffdx + echo "updating..." + git fetch --tags --depth=1 --prune --prune-tags --force origin $ref + git reset --hard --recurse-submodules FETCH_HEAD + git submodule update --init --recursive --force --depth=1 --remote + #garbage collection of anything unreachable at the moment + git reflog expire --expire=now --all + if "$be_aggressive" ; then + git gc --prune=now --aggressive + elsels + git gc --prune=now fi - run git submodule update --init --recursive --force --recommend-shallow - run git submodule foreach git fetch - run git submodule foreach git checkout --force HEAD - run git submodule foreach git reset --hard - run git submodule foreach git clean -fdx else +echo "cloning..." clone_dst='.' - - # To override an existing dir, we need to clone elsewhere first - if "$nonempty_target" ; then - clone_dst="$(mktemp -d)" - fi - - run git clone -b "$branch" --single-branch --recurse-submodules --shallow-submodules --depth 1 --config core.sshCommand="$ssh_opt" "$repo" "$clone_dst" - - # To override an existing dir, we then move everything to that dir - if "$nonempty_target" ; then - run mv "$clone_dst/"{*,.*} . - run rmdir "$clone_dst" - fi + git clone -b "$ref" --recurse-submodules --shallow-submodules --depth 1 --config core.sshCommand="$ssh_opts" "$repo" "$clone_dst" fi diff --git a/provisioning/roles/deploy_all/files/bin/restart_nginx.sh b/provisioning/roles/deploy_all/files/bin/restart_nginx.sh index 843581d..3635321 100755 --- a/provisioning/roles/deploy_all/files/bin/restart_nginx.sh +++ b/provisioning/roles/deploy_all/files/bin/restart_nginx.sh @@ -17,7 +17,7 @@ run nginx -t if [ -z "$(cat /var/run/nginx.pid)" ] ; then section "Start nginx" - run nginx + run systemctl restart nginx else section "Reload nginx" run nginx -s reload diff --git a/provisioning/roles/deploy_all/files/bin/startwg.sh b/provisioning/roles/deploy_all/files/bin/startwg.sh index 15431df..c59178d 100755 --- a/provisioning/roles/deploy_all/files/bin/startwg.sh +++ b/provisioning/roles/deploy_all/files/bin/startwg.sh @@ -1,6 +1,8 @@ #!/bin/bash -set -euo pipefail +#set -euo pipefail +# Pipefail will trigger annoying sigpipe on our greps +set -eu if [ "$#" -ne 2 ] ; then echo "Usage: $0 " diff --git a/provisioning/roles/deploy_all/files/secrets.volume b/provisioning/roles/deploy_all/files/secrets.volume index 559bcf6..d2f5a16 100644 Binary files a/provisioning/roles/deploy_all/files/secrets.volume and b/provisioning/roles/deploy_all/files/secrets.volume differ diff --git a/provisioning/roles/jean-cloud-common/tasks/main.yml b/provisioning/roles/jean-cloud-common/tasks/main.yml index 8b3575d..c0f2cc9 100644 --- a/provisioning/roles/jean-cloud-common/tasks/main.yml +++ b/provisioning/roles/jean-cloud-common/tasks/main.yml @@ -54,7 +54,7 @@ - name: Install some softwares apt: - name: ['bind9', 'certbot', 'curl', 'dnsutils', 'git', 'gnupg2', 'htop', 'hugo', 'netcat-openbsd', 'nginx', 'podman', 'rclone', 'rsync', 'screen', 'sshfs', 'sudo', 'traceroute', 'vim', 'wget', 'zip'] + name: ['bind9', 'certbot', 'curl', 'dnsutils', 'git', 'gnupg2', 'htop', 'netcat-openbsd', 'nginx', 'nmap', 'podman', 'rsync', 'screen', 'sshfs', 'sudo', 'traceroute', 'vim', 'wget', 'zip'] state: latest # TODO disable certbot and certbot.timer services. We are using our own diff --git a/services/_proxy/nginx.conf b/services/_proxy/nginx.conf index ab5cc87..c67c486 100755 --- a/services/_proxy/nginx.conf +++ b/services/_proxy/nginx.conf @@ -58,11 +58,11 @@ http { #error_page 503 https://jean-cloud.net/503; # limit requests - limit_req_status 429; - limit_req_zone $binary_remote_addr zone=defaultlimit:10m rate=30r/s; - limit_req zone=defaultlimit burst=100 nodelay; - limit_conn_zone $request_uri zone=defaultconumber:10m; - limit_conn defaultconumber 20; + #limit_req_status 429; + #limit_req_zone $binary_remote_addr zone=defaultlimit:10m rate=30r/s; + #limit_req zone=defaultlimit burst=100 nodelay; + #limit_conn_zone $request_uri zone=defaultconumber:10m; + #limit_conn defaultconumber 20; ## # Virtual Host Configs diff --git a/services/association-chahut.fr/deploy_user.sh b/services/association-chahut.fr/deploy_user.sh index d3fbb6a..3913cfa 100755 --- a/services/association-chahut.fr/deploy_user.sh +++ b/services/association-chahut.fr/deploy_user.sh @@ -2,7 +2,7 @@ set -euo pipefail # Update git repo -git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO" +git_update.sh -d "$HTTP_DIR" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO" cd "$HTTP_DIR" diff --git a/services/collectif-karafon.fr/.env b/services/collectif-karafon.fr/.env new file mode 100644 index 0000000..889a0d9 --- /dev/null +++ b/services/collectif-karafon.fr/.env @@ -0,0 +1 @@ +GIT_SOURCE_REPO=https://git.jean-cloud.net/eleonore/site_web_karafon.git diff --git a/services/collectif-karafon.fr/deploy_user.sh b/services/collectif-karafon.fr/deploy_user.sh new file mode 100755 index 0000000..1dcddee --- /dev/null +++ b/services/collectif-karafon.fr/deploy_user.sh @@ -0,0 +1,5 @@ +#!/bin/bash +set -euo pipefail + +# Update git repo +git_update.sh -b sale -d "$HTTP_DIR" "$GIT_SOURCE_REPO" diff --git a/services/collectif-karafon.fr/nginx_server.conf b/services/collectif-karafon.fr/nginx_server.conf index fe21f0a..7a4e91c 100755 --- a/services/collectif-karafon.fr/nginx_server.conf +++ b/services/collectif-karafon.fr/nginx_server.conf @@ -4,21 +4,24 @@ server { ssl_certificate $JC_CERT/fullchain.pem; ssl_certificate_key $JC_CERT/privkey.pem; server_name $JC_SERVICE www.$JC_SERVICE; - root $HTTP_DIR/collectifkarafon.wixsite.com/; + root $HTTP_DIR; # Security headers # We can create a file with the base security headers and include it. # Will it be possible to overload them then ? add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; - #add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self'; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self'; base-uri 'self'; form-action 'self';" always; + add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self'; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self'; base-uri 'self'; form-action 'self';" always; add_header X-Content-Type-Options "nosniff"; add_header X-Frame-Options SAMEORIGIN always; add_header X-XSS-Protection "1; mode=block" always; add_header Referrer-Policy "strict-origin-when-cross-origin"; - add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='https://mailer.jean-cloud.net';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';"; + add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='none';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';"; location / { - index monsite.html; + index index.html; try_files $uri $uri/ =404; } + location /.git { + return 404; + } } diff --git a/services/dnscerts.jean-cloud.org/deploy.sh b/services/dnscerts.jean-cloud.org/deploy.sh index b0055e3..e679562 100755 --- a/services/dnscerts.jean-cloud.org/deploy.sh +++ b/services/dnscerts.jean-cloud.org/deploy.sh @@ -1,8 +1,3 @@ #!/bin/bash -set -euo pipefail - -# For some variables -. /etc/jeancloud.env - apt install -y python3-certbot-dns-rfc2136 diff --git a/services/dnscerts.jean-cloud.org/deploy_user.sh b/services/dnscerts.jean-cloud.org/deploy_user.sh index c319706..3041b06 100755 --- a/services/dnscerts.jean-cloud.org/deploy_user.sh +++ b/services/dnscerts.jean-cloud.org/deploy_user.sh @@ -36,5 +36,5 @@ for srv in $(host -t TXT shlago.jean-cloud.org ns.jean-cloud.org | grep -Po 'des server="$srv.jean-cloud.org" [ -n "$(grep "$server" /etc/hosts)" ] && continue echo "-- $server" - rsync -avz -e "ssh -i '$DATA_DIR/certs.priv' -p 45985" "$DATA_DIR/certs" "certs@$server:$DATA_DIR/" || true + rsync -avz -e "ssh -i '$DATA_DIR/certs.priv' -p 45985" "$DATA_DIR/certs" "dnscerts.jean-cloud.org@$server:$DATA_DIR/" || true done diff --git a/services/feteducourt.jean-cloud.net/deploy_user.sh b/services/feteducourt.jean-cloud.net/deploy_user.sh index 4c221b6..67417f8 100755 --- a/services/feteducourt.jean-cloud.net/deploy_user.sh +++ b/services/feteducourt.jean-cloud.net/deploy_user.sh @@ -1,4 +1,4 @@ #!/bin/bash set -euo pipefail -git_update.sh -d "$HTTP_DIR" -b 2021 "https://git.jean-cloud.net/adrian/feteducourt-static.git" +git_update.sh -d "$HTTP_DIR" -r 2021 "https://git.jean-cloud.net/adrian/feteducourt-static.git" diff --git a/services/feteducourt2020.jean-cloud.net/deploy_user.sh b/services/feteducourt2020.jean-cloud.net/deploy_user.sh index c9ce0d7..2504c99 100755 --- a/services/feteducourt2020.jean-cloud.net/deploy_user.sh +++ b/services/feteducourt2020.jean-cloud.net/deploy_user.sh @@ -1,4 +1,4 @@ #!/bin/bash set -euo pipefail -git_update.sh -d "$HTTP_DIR" -b 2020 "https://git.jean-cloud.net/adrian/feteducourt-static.git" +git_update.sh -d "$HTTP_DIR" -r 2020 "https://git.jean-cloud.net/adrian/feteducourt-static.git" diff --git a/services/gaia.jean-cloud.net/deploy_user.sh b/services/gaia.jean-cloud.net/deploy_user.sh index c010fd4..4eb52e9 100755 --- a/services/gaia.jean-cloud.net/deploy_user.sh +++ b/services/gaia.jean-cloud.net/deploy_user.sh @@ -1,5 +1,5 @@ #!/bin/bash set -euo pipefail -git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO" +git_update.sh -d "$HTTP_DIR" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO" diff --git a/services/git.jean-cloud.net/docker-compose.yml b/services/git.jean-cloud.net/docker-compose.yml index 6103c96..02adf73 100755 --- a/services/git.jean-cloud.net/docker-compose.yml +++ b/services/git.jean-cloud.net/docker-compose.yml @@ -1,7 +1,7 @@ version: '3' services: gitea: - image: gitea/gitea:1.21 + image: gitea/gitea:1.22 depends_on: - db volumes: diff --git a/services/hugo/deploy_user.sh b/services/hugo/deploy_user.sh index c35ffd6..3b3ff0e 100755 --- a/services/hugo/deploy_user.sh +++ b/services/hugo/deploy_user.sh @@ -1,8 +1,11 @@ #!/bin/bash set -euo pipefail +# Do not update website if body is unreachable +[ ! -f "$HTTP_DIR/public/index.html" ] && { curl --fail-with-body https://$RADIO_HOST/manager/ >/dev/null || exit 0 ; } + # Update git repo -git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO" +git_update.sh -d "$HTTP_DIR" -o "-i $SECRET_DIR/gitlab-deploy.sshprivkey" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO" cd "$HTTP_DIR" @@ -10,7 +13,7 @@ cd "$HTTP_DIR" rclone_ncloud_publiclink.sh # Invalid cache -#rm -rf "/tmp/hugo_cache_$USER" +rm -rf "/tmp/hugo_cache_$USER" # Build website HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo diff --git a/services/jean-cloud.net/.env b/services/jean-cloud.net/.env index 7a87fd0..e26d94b 100644 --- a/services/jean-cloud.net/.env +++ b/services/jean-cloud.net/.env @@ -1 +1,2 @@ GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/jean-cloud_website +GIT_BRANCH=master diff --git a/services/metamorphosemagazine.fr/deploy_user.sh b/services/metamorphosemagazine.fr/deploy_user.sh index c010fd4..4eb52e9 100755 --- a/services/metamorphosemagazine.fr/deploy_user.sh +++ b/services/metamorphosemagazine.fr/deploy_user.sh @@ -1,5 +1,5 @@ #!/bin/bash set -euo pipefail -git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO" +git_update.sh -d "$HTTP_DIR" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO" diff --git a/services/mutubot.jean-cloud.net/deploy_user.sh.old b/services/mutubot.jean-cloud.net/deploy_user.sh.old index cb8f8d9..84c3f99 100644 --- a/services/mutubot.jean-cloud.net/deploy_user.sh.old +++ b/services/mutubot.jean-cloud.net/deploy_user.sh.old @@ -6,7 +6,7 @@ fi . venv/bin/activate -git_update.sh -b v1 -d $HTTP_DIR https://git.jean-cloud.net/adrian/mutubot.git +git_update.sh -r v1 -d $HTTP_DIR https://git.jean-cloud.net/adrian/mutubot.git pip install -r requirements.txt diff --git a/services/mux.paj.oma-radio.fr/.env b/services/mux.paj.oma-radio.fr/.env new file mode 100644 index 0000000..ba5550d --- /dev/null +++ b/services/mux.paj.oma-radio.fr/.env @@ -0,0 +1,16 @@ +WEBSERVER=.105 +MUX=.100 +TELECOM=.101 +SWEBSOCKET_PORT=2002 +WEBSOCKET_PORT=2202 +RADIO_HOST=mux.paj.oma-radio.fr +MUX_SERVER_PORT=9002 +TELECOM_SERVER_PORT=3492 +SOUNDBASE_DIR=/data/mux.paj.oma-radio.fr/soundbase +OMA_DOCKER_VERSION=dev +ICECAST=.110 +SOUNDBASE_IP=10.99.99.7 +SOUNDBASE_HOST=soundbase.paj.oma-radio.fr +COMPOSE_NAME=muxpajoma-radiofr +DOCKER_INSTANCES_PREFIX=muxpajoma-radiofr- +DOCKER_INSTANCES_SUFIX=-1 diff --git a/services/mux.paj.oma-radio.fr/deploy.sh b/services/mux.paj.oma-radio.fr/deploy.sh new file mode 100755 index 0000000..f0f4f28 --- /dev/null +++ b/services/mux.paj.oma-radio.fr/deploy.sh @@ -0,0 +1,6 @@ +#!/bin/bash +mkdir -p "$SOUNDBASE_DIR/pige" +chown 10000:10000 "$SOUNDBASE_DIR/pige" -R + +cat "$SECRET_DIR/registry_pass" | docker login --username "$registry_user" --password-stdin registry.gitlab.com + diff --git a/services/mux.paj.oma-radio.fr/deploy_user.sh b/services/mux.paj.oma-radio.fr/deploy_user.sh new file mode 100755 index 0000000..67f095a --- /dev/null +++ b/services/mux.paj.oma-radio.fr/deploy_user.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +if [ ! -e "$DATA_DIR/.env" ] ; then + cat > "$DATA_DIR/.env" <&1 | grep '200 OK' && wget http://127.0.0.1:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'" + interval: 1h0m0s + timeout: 10s + retries: 3 + start_period: 1m0s + networks: + default: + ipv4_address: $NET$ICECAST + + system_api: + image: jeancloud/system-api:$OMA_DOCKER_VERSION + env_file: .env + environment: + UID: 33 + SOUNDBASE_PATH: /soundbase + MOUNT: /muxapi + CONFIG_PATH: /config + restart: unless-stopped + volumes: + - /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi + - /var/run/docker.sock:/var/run/docker.sock + - $SOUNDBASE_DIR:/soundbase + + networks: + default: + ipv4_address: $NET.107 + deploy: + resources: + limits: + cpus: '0.50' + memory: 500M + + +networks: + default: + ipam: + config: + - subnet: $NET.0/24 diff --git a/services/mux.paj.oma-radio.fr/liquidsoap.liq b/services/mux.paj.oma-radio.fr/liquidsoap.liq new file mode 100644 index 0000000..cdc0513 --- /dev/null +++ b/services/mux.paj.oma-radio.fr/liquidsoap.liq @@ -0,0 +1,84 @@ +#!/usr/bin/liquidsoap + +# Extract timestamp from pige path +def ts_from_filepath (filepath) + splitpath = string.split(separator='/', filepath) + # Keep only filename + filename = list.nth(splitpath,list.length(splitpath)-1) + int_of_string(list.hd(string.split(separator='\\.', filename))) +end + +# Remove pige from now-1month +def rm_pige(ts) + filepath = "/soundbase/pige/#{ts}.ogg" + if file.exists("#{filepath}") then + process.run("rm #{filepath}") + end +end + + +# Check that the timestamp starts exactly on a minute +def integrity_check(ts) + if ts mod 60 != 0 then + print("#{ts} is to fix") + end +end + +# Routine integrity check for each files +def clean_and_check (filepath) + ts = ts_from_filepath (filepath) + + # Remove if old + if ( ts < int_of_float(time()) - 2678400 ) then + rm_pige(ts) + end + + integrity_check (ts) +end + +def clean_and_check_latest (filepath) + ts = ts_from_filepath (filepath) + rm_pige(ts - 2678400) # ts of one month sooner + integrity_check (ts) + +end + +# Exaustive integrity check +def clean_and_check_all () + list.iter(clean_and_check, file.ls("/soundbase/pige/")) +end + + + +# Mux +#input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD"))) +input1 = mksafe(input.http("http://icecast:8000/direct.ogg")) + +# Direct mp3 +# TODO faire du 44100 pour éviter les trous ? +output.icecast( + %mp3(bitrate=128, samplerate=22050, stereo=false), + mount="/direct.mp3", + #host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"), + host="icecast", port=8000, password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f", + input1) + +# Radioking +#output.icecast( +# %mp3(bitrate=128, samplerate=22050, stereo=false), +# mount="/test355", +# host="live.radioking.com", port=80, user="", password="", +# input) + +# Direct ogg +#output.icecast( +# %vorbis(samplerate=44100, channels=1, quality=0.2), +# mount="/direct.ogg", +# host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"), +# input1) + +# Pige +output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check_latest) + +# Integrity checks +clean_and_check_all() diff --git a/services/mux.paj.oma-radio.fr/nginx_server.conf b/services/mux.paj.oma-radio.fr/nginx_server.conf new file mode 100644 index 0000000..aaa83ed --- /dev/null +++ b/services/mux.paj.oma-radio.fr/nginx_server.conf @@ -0,0 +1,119 @@ +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +server{ + listen $SWEBSOCKET_PORT ssl; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; + + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_pass http://$NET$WEBSERVER:9000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 120s; + } +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name $JC_SERVICE; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; + + location / { + proxy_pass http://$SOUNDBASE_IP/; + proxy_set_header Host '$SOUNDBASE_HOST'; + proxy_redirect http://$SOUNDBASE_HOST https://$JC_SERVICE; + # wait + client_max_body_size 0; + proxy_connect_timeout 6000; + proxy_send_timeout 60000; + proxy_read_timeout 6000; + send_timeout 6000; + + + } + + location /pige { + alias "$SOUNDBASE_DIR/pige"; + try_files $uri $uri/ =404; + } + + + location /direct.ogg { + client_max_body_size 0; + proxy_pass http://$NET$ICECAST:8000/direct.ogg; + # kill cache + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + } + location /direct.mp3 { + client_max_body_size 0; + proxy_pass http://$NET$ICECAST:8000/direct.mp3; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + } + location /style.css { + client_max_body_size 0; + proxy_pass http://$NET$ICECAST:8000/style.css; + } + location /status.xsl { + client_max_body_size 0; + proxy_pass http://$NET$ICECAST:8000/status.xsl; + # kill cache + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + } + + location ~ /muxapi(/.*) { + auth_basic "Entrez votre identifiant et mot de passe"; + auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd; + include uwsgi_params; + uwsgi_param PATH_INFO "$1"; + uwsgi_param SCRIPT_NAME /muxapi; + uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock; + client_max_body_size 0; + proxy_connect_timeout 6000; + proxy_send_timeout 60000; + proxy_read_timeout 6000; + send_timeout 6000; + # kill cache + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy- revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + } + + + location ~ /muxapi(/.*) { + auth_basic "Entrez votre identifiant et mot de passe"; + auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd; + include uwsgi_params; + uwsgi_param PATH_INFO "$1"; + uwsgi_param SCRIPT_NAME /muxapi; + uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock; + client_max_body_size 0; + proxy_connect_timeout 6000; + proxy_send_timeout 60000; + proxy_read_timeout 6000; + send_timeout 6000; + # kill cache + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + } +} diff --git a/services/mux.radiodemo.oma-radio.fr/.env b/services/mux.radiodemo.oma-radio.fr/.env index a4c4cbc..3ea1179 100644 --- a/services/mux.radiodemo.oma-radio.fr/.env +++ b/services/mux.radiodemo.oma-radio.fr/.env @@ -1,4 +1,3 @@ -ENDPOINT=10.29.0.1 WEBSERVER=.105 MUX=.100 TELECOM=.101 @@ -7,7 +6,12 @@ WEBSOCKET_PORT=2204 RADIO_HOST=mux.radiodemo.oma-radio.fr MUX_SERVER_PORT=9004 TELECOM_SERVER_PORT=3494 -SOUNDBASE_DIR=/data/mux.radiodemo.oma-radio.fr/core/radioDemo +SOUNDBASE_DIR=/data/mux.radiodemo.oma-radio.fr/ OMA_DOCKER_VERSION=dev ICECAST=.110 -WG_NAME_radiodemo=radiodemo +SOUNDBASE_IP=10.99.99.7 +SOUNDBASE_HOST=soundbase.radiodemo.oma-radio.fr +COMPOSE_NAME=muxradiodemooma-radiofr +DOCKER_INSTANCES_PREFIX=muxradiodemooma-radiofr- +DOCKER_INSTANCES_SUFIX=-1 +OMA_CONFIG_LogLevel=8 diff --git a/services/mux.radiodemo.oma-radio.fr/deploy_user.sh b/services/mux.radiodemo.oma-radio.fr/deploy_user.sh index a178430..c906f23 100755 --- a/services/mux.radiodemo.oma-radio.fr/deploy_user.sh +++ b/services/mux.radiodemo.oma-radio.fr/deploy_user.sh @@ -1,10 +1,12 @@ #!/bin/bash if [ ! -e "$DATA_DIR/.env" ] ; then + source_pass="$(LC_ALL=C tr -dc A-Za-z0-9 "$DATA_DIR/.env" <&1 | grep '200 OK' && wget http://localhost:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'" + test: "wget http://127.0.0.1:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://127.0.0.1:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'" interval: 1h0m0s timeout: 10s retries: 3 @@ -112,6 +112,28 @@ services: default: ipv4_address: $NET$ICECAST + system_api: + image: jeancloud/system-api:$OMA_DOCKER_VERSION + env_file: .env + environment: + UID: 33 + SOUNDBASE_PATH: /soundbase + MOUNT: /muxapi + CONFIG_PATH: /config + restart: unless-stopped + volumes: + - /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi + - /var/run/docker.sock:/var/run/docker.sock + - $SOUNDBASE_DIR:/soundbase + networks: + default: + ipv4_address: $NET.107 + deploy: + resources: + limits: + cpus: '0.50' + memory: 500M + networks: default: ipam: diff --git a/services/mux.radiodemo.oma-radio.fr/liquidsoap-mux.liq b/services/mux.radiodemo.oma-radio.fr/liquidsoap-mux.liq new file mode 100644 index 0000000..9164805 --- /dev/null +++ b/services/mux.radiodemo.oma-radio.fr/liquidsoap-mux.liq @@ -0,0 +1,79 @@ +#!/usr/bin/liquidsoap + +# Extract timestamp from pige path +def ts_from_filepath (filepath) + splitpath = string.split(separator='/', filepath) + # Keep only filename + filename = list.nth(splitpath,list.length(splitpath)-1) + int_of_string(list.hd(string.split(separator='\\.', filename))) +end + +# Remove pige from now-1month +def clean_single_old_pige(ts) + # ts of one month sooner + ts = ts - 2678400 + filepath = "/soundbase/pige/#{ts}.ogg" + if file.exists("#{filepath}") then + process.run("rm #{filepath}") + end +end + +# Remove a pige file if it is too old +def clean_if_old(filename) + filepath = "/soundbase/pige/#{filename}" + if ( ts_from_filepath (filename) < int_of_float(time()) - 2678400 ) then + process.run("rm #{filepath}") + end +end + +# Check that the timestamp starts exactly on a minute +def integrity_check(ts) + if ts mod 60 != 0 then + log.important("#{ts} is to fix") + end +end + +# Routine integrity check for each files +def clean_and_check (filepath) + ts = ts_from_filepath (filepath) + integrity_check (ts) + clean_single_old_pige (ts) +end + +# Exaustive integrity check +def clean_and_check_all () + #list.iter(clean_if_old, file.ls("/soundbase/pige/")) + list.iter(clean_and_check, file.ls("/soundbase/pige/")) +end + + + +# Mux +input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD"))) + +# Direct mp3 +output.icecast( + %mp3(bitrate=128, samplerate=22050, stereo=false), + mount="/direct.mp3", + host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"), + input1) + +# Radioking +#output.icecast( +# %mp3(bitrate=128, samplerate=22050, stereo=false), +# mount="/test355", +# host="live.radioking.com", port=80, user="", password="", +# input) + +# Direct ogg +output.icecast( + %vorbis(samplerate=44100, channels=1, quality=0.2), + mount="/direct.ogg", + host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"), + input1) + +# Pige +output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check) + +# Integrity checks +clean_and_check_all() diff --git a/services/mux.radiodemo.oma-radio.fr/liquidsoap-transcode.liq b/services/mux.radiodemo.oma-radio.fr/liquidsoap-transcode.liq new file mode 100644 index 0000000..cfc018d --- /dev/null +++ b/services/mux.radiodemo.oma-radio.fr/liquidsoap-transcode.liq @@ -0,0 +1,80 @@ +#!/usr/bin/liquidsoap + +# Extract timestamp from pige path +def ts_from_filepath (filepath) + splitpath = string.split(separator='/', filepath) + # Keep only filename + filename = list.nth(splitpath,list.length(splitpath)-1) + int_of_string(list.hd(string.split(separator='\\.', filename))) +end + +# Remove pige from now-1month +def clean_single_old_pige(ts) + # ts of one month sooner + ts = ts - 2678400 + filepath = "/soundbase/pige/#{ts}.ogg" + if file.exists("#{filepath}") then + process.run("rm #{filepath}") + end +end + +# Remove a pige file if it is too old +def clean_if_old(filename) + filepath = "/soundbase/pige/#{filename}" + if ( ts_from_filepath (filename) < int_of_float(time()) - 2678400 ) then + process.run("rm #{filepath}") + end +end + +# Check that the timestamp starts exactly on a minute +def integrity_check(ts) + if ts mod 60 != 0 then + log.important("#{ts} is to fix") + end +end + +# Routine integrity check for each files +def clean_and_check (filepath) + ts = ts_from_filepath (filepath) + integrity_check (ts) + clean_single_old_pige (ts) +end + +# Exaustive integrity check +def clean_and_check_all () + list.iter(clean_if_old, file.ls("/soundbase/pige/")) + list.iter(clean_and_check, file.ls("/soundbase/pige/")) +end + + + +# Mux +#input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD"))) +input1 = mksafe(input.http("http://icecast:8000/direct.ogg")) + +# Direct mp3 +output.icecast( + %mp3(bitrate=128, samplerate=22050, stereo=false), + mount="/direct.mp3", + host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"), + input1) + +# Radioking +#output.icecast( +# %mp3(bitrate=128, samplerate=22050, stereo=false), +# mount="/test355", +# host="live.radioking.com", port=80, user="", password="", +# input) + +# Direct ogg +#output.icecast( +# %vorbis(samplerate=44100, channels=1, quality=0.2), +# mount="/direct.ogg", +# host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"), +# input1) + +# Pige +output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check) + +# Integrity checks +clean_and_check_all() diff --git a/services/mux.radiodemo.oma-radio.fr/liquidsoap.liq b/services/mux.radiodemo.oma-radio.fr/liquidsoap.liq deleted file mode 100644 index 9164805..0000000 --- a/services/mux.radiodemo.oma-radio.fr/liquidsoap.liq +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/liquidsoap - -# Extract timestamp from pige path -def ts_from_filepath (filepath) - splitpath = string.split(separator='/', filepath) - # Keep only filename - filename = list.nth(splitpath,list.length(splitpath)-1) - int_of_string(list.hd(string.split(separator='\\.', filename))) -end - -# Remove pige from now-1month -def clean_single_old_pige(ts) - # ts of one month sooner - ts = ts - 2678400 - filepath = "/soundbase/pige/#{ts}.ogg" - if file.exists("#{filepath}") then - process.run("rm #{filepath}") - end -end - -# Remove a pige file if it is too old -def clean_if_old(filename) - filepath = "/soundbase/pige/#{filename}" - if ( ts_from_filepath (filename) < int_of_float(time()) - 2678400 ) then - process.run("rm #{filepath}") - end -end - -# Check that the timestamp starts exactly on a minute -def integrity_check(ts) - if ts mod 60 != 0 then - log.important("#{ts} is to fix") - end -end - -# Routine integrity check for each files -def clean_and_check (filepath) - ts = ts_from_filepath (filepath) - integrity_check (ts) - clean_single_old_pige (ts) -end - -# Exaustive integrity check -def clean_and_check_all () - #list.iter(clean_if_old, file.ls("/soundbase/pige/")) - list.iter(clean_and_check, file.ls("/soundbase/pige/")) -end - - - -# Mux -input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD"))) - -# Direct mp3 -output.icecast( - %mp3(bitrate=128, samplerate=22050, stereo=false), - mount="/direct.mp3", - host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"), - input1) - -# Radioking -#output.icecast( -# %mp3(bitrate=128, samplerate=22050, stereo=false), -# mount="/test355", -# host="live.radioking.com", port=80, user="", password="", -# input) - -# Direct ogg -output.icecast( - %vorbis(samplerate=44100, channels=1, quality=0.2), - mount="/direct.ogg", - host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"), - input1) - -# Pige -output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check) - -# Integrity checks -clean_and_check_all() diff --git a/services/mux.radiodemo.oma-radio.fr/liquidsoap.liq b/services/mux.radiodemo.oma-radio.fr/liquidsoap.liq new file mode 120000 index 0000000..9c3f58b --- /dev/null +++ b/services/mux.radiodemo.oma-radio.fr/liquidsoap.liq @@ -0,0 +1 @@ +liquidsoap-transcode.liq \ No newline at end of file diff --git a/services/mux.radiodemo.oma-radio.fr/nginx_server.conf b/services/mux.radiodemo.oma-radio.fr/nginx_server.conf index a882ae3..e2c4d76 100644 --- a/services/mux.radiodemo.oma-radio.fr/nginx_server.conf +++ b/services/mux.radiodemo.oma-radio.fr/nginx_server.conf @@ -28,25 +28,73 @@ server { location / { client_max_body_size 0; - proxy_pass http://$ENDPOINT/; - proxy_set_header Host 'soundbase.radiodemo.oma-radio.fr'; - proxy_redirect http://soundbase.radiodemo.oma-radio.fr https://$JC_SERVICE; + proxy_pass http://$SOUNDBASE_IP/; + proxy_set_header Host '$SOUNDBASE_HOST'; + proxy_redirect http://$SOUNDBASE_HOST https://$JC_SERVICE; + # wait + client_max_body_size 0; + proxy_connect_timeout 6000; + proxy_send_timeout 60000; + proxy_read_timeout 6000; + send_timeout 6000; + + } + + location /pige { + alias "$SOUNDBASE_DIR/pige"; + try_files $uri $uri/ =404; } location /direct.ogg { client_max_body_size 0; proxy_pass http://$NET$ICECAST:8000/direct.ogg; + # kill cache + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; } location /direct.mp3 { client_max_body_size 0; proxy_pass http://$NET$ICECAST:8000/direct.mp3; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; } - - location /logs/ { - include /etc/nginx/fastcgi_params; - fastcgi_param SCRIPT_FILENAME $DOCKER_DIR/server.sh; - fastcgi_pass unix:/var/run/fcgiwrap.socket; + location /style.css { + client_max_body_size 0; + proxy_pass http://$NET$ICECAST:8000/style.css; } + location /status.xsl { + client_max_body_size 0; + proxy_pass http://$NET$ICECAST:8000/status.xsl; + # kill cache + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + } + + + location ~ /muxapi(/.*) { + auth_basic "Entrez votre identifiant et mot de passe"; + auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd; + include uwsgi_params; + uwsgi_param PATH_INFO "$1"; + uwsgi_param SCRIPT_NAME /muxapi; + uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock; + client_max_body_size 0; + proxy_connect_timeout 6000; + proxy_send_timeout 60000; + proxy_read_timeout 6000; + send_timeout 6000; + # kill cache + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + } } diff --git a/services/mux.radiodemo.oma-radio.fr/radioking.liq b/services/mux.radiodemo.oma-radio.fr/radioking.liq deleted file mode 100644 index 2bd23f4..0000000 --- a/services/mux.radiodemo.oma-radio.fr/radioking.liq +++ /dev/null @@ -1,7 +0,0 @@ -input = mksafe(input.http("http://172.29.0.110:8000/direct.mp3")) -output.icecast( - %mp3(bitrate=128, samplerate=22050, stereo=false), - mount="/test355", - host="live.radioking.com", port=80, user="test_test29", password="S9tx3VBhl", - input) - diff --git a/services/mux.radiodemo.oma-radio.fr/server.sh b/services/mux.radiodemo.oma-radio.fr/server.sh index dbf589f..7723f2e 100755 --- a/services/mux.radiodemo.oma-radio.fr/server.sh +++ b/services/mux.radiodemo.oma-radio.fr/server.sh @@ -10,7 +10,7 @@ instance='' since='' until='' -action="$(echo "$QUERY_STRING" | tr -d '/\;!<>?#[]()"*.' | sed 's/&/\n/g')" +action="$(echo "${REQUEST_URI##*/}" | tr -d '/\;!<>?#[]()"*.' | sed 's/&/\n/g')" while IFS='=' read key value ; do case "$key" in @@ -35,7 +35,9 @@ done < <(echo "$action") [ -z "$since" ] && exit 3 [ -z "$until" ] && exit 4 +pwd echo docker-compose logs --since "$since" --until "$until" "$instance" +docker-compose logs --since "$since" --until "$until" "$instance" 2>&1 if [ "$?" -ne 0 ] ; then echo failed fi diff --git a/services/mux.radiodemo.oma-radio.fr/wg-radiodemo.sh b/services/mux.radiodemo.oma-radio.fr/wg-radiodemo.sh deleted file mode 100755 index e3fa895..0000000 --- a/services/mux.radiodemo.oma-radio.fr/wg-radiodemo.sh +++ /dev/null @@ -1,33 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -. .env - -wgif="$1" - -echo " -[Interface] -PrivateKey = $(cat $DATA_DIR/privatekey) -Address = 10.29.0.254/32 -ListenPort = 55820 - -# packet forwarding -PreUp = sysctl -w net.ipv4.ip_forward=1 - -# port forwarding -#PreUp = iptables -t nat -A PREROUTING -p tcp --dport $MUX_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$MUX_SERVER_PORT -#PreUp = iptables -t nat -A PREROUTING -p tcp --dport $TELECOM_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$TELECOM_SERVER_PORT - -#PostDown = iptables -t nat -D PREROUTING -p tcp --dport $MUX_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$MUX_SERVER_PORT -#PostDown = iptables -t nat -D PREROUTING -p tcp --dport $TELECOM_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$TELECOM_SERVER_PORT - -# packet masquerading -#PreUp = iptables -t nat -A POSTROUTING -o $wgif -j MASQUERADE -#PostDown = iptables -t nat -D POSTROUTING -o $wgif -j MASQUERADE - -# remote settings for the private server -[Peer] -PublicKey = 6/Mlxe9auEw/WQnC6QYNAYtSAo8jAEMhJ1wXaRNy4AE= -AllowedIPs = 10.29.0.0/24 -" diff --git a/services/mux.radiokipik.org/.env b/services/mux.radiokipik.org/.env new file mode 100644 index 0000000..93dfb74 --- /dev/null +++ b/services/mux.radiokipik.org/.env @@ -0,0 +1,16 @@ +WEBSERVER=.105 +MUX=.100 +TELECOM=.101 +SWEBSOCKET_PORT=2005 +WEBSOCKET_PORT=2205 +RADIO_HOST=mux.radiokipik.org +MUX_SERVER_PORT=9005 +TELECOM_SERVER_PORT=3495 +SOUNDBASE_DIR=/data/mux.radiokipik.org/soundbase +OMA_DOCKER_VERSION=unstable +ICECAST=.110 +SOUNDBASE_IP=10.99.99.7 +SOUNDBASE_HOST=soundbase.radiokipik.org +COMPOSE_NAME=muxradiokipikorg +DOCKER_INSTANCES_PREFIX=muxradiokipikorg- +DOCKER_INSTANCES_SUFIX=-1 diff --git a/services/mux.radiokipik.org/deploy.sh b/services/mux.radiokipik.org/deploy.sh new file mode 100755 index 0000000..f0f4f28 --- /dev/null +++ b/services/mux.radiokipik.org/deploy.sh @@ -0,0 +1,6 @@ +#!/bin/bash +mkdir -p "$SOUNDBASE_DIR/pige" +chown 10000:10000 "$SOUNDBASE_DIR/pige" -R + +cat "$SECRET_DIR/registry_pass" | docker login --username "$registry_user" --password-stdin registry.gitlab.com + diff --git a/services/mux.radiokipik.org/deploy_user.sh b/services/mux.radiokipik.org/deploy_user.sh new file mode 100755 index 0000000..959561f --- /dev/null +++ b/services/mux.radiokipik.org/deploy_user.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +if [ ! -e "$DATA_DIR/.env" ] ; then + cat > "$DATA_DIR/.env" <&1 | grep '200 OK' && wget http://127.0.0.1:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'" + interval: 1h0m0s + timeout: 10s + retries: 3 + start_period: 1m0s + networks: + default: + ipv4_address: $NET$ICECAST + + system_api: + image: jeancloud/system-api:$OMA_DOCKER_VERSION + env_file: .env + environment: + UID: 33 + SOUNDBASE_PATH: /soundbase + MOUNT: /muxapi + CONFIG_PATH: /config + restart: unless-stopped + volumes: + - /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi + - /var/run/docker.sock:/var/run/docker.sock + - $SOUNDBASE_DIR:/soundbase + networks: + default: + ipv4_address: $NET.107 + deploy: + resources: + limits: + cpus: '0.50' + memory: 500M + +networks: + default: + ipam: + config: + - subnet: $NET.0/24 diff --git a/services/mux.radiokipik.org/liquidsoap.liq b/services/mux.radiokipik.org/liquidsoap.liq new file mode 100644 index 0000000..cdc0513 --- /dev/null +++ b/services/mux.radiokipik.org/liquidsoap.liq @@ -0,0 +1,84 @@ +#!/usr/bin/liquidsoap + +# Extract timestamp from pige path +def ts_from_filepath (filepath) + splitpath = string.split(separator='/', filepath) + # Keep only filename + filename = list.nth(splitpath,list.length(splitpath)-1) + int_of_string(list.hd(string.split(separator='\\.', filename))) +end + +# Remove pige from now-1month +def rm_pige(ts) + filepath = "/soundbase/pige/#{ts}.ogg" + if file.exists("#{filepath}") then + process.run("rm #{filepath}") + end +end + + +# Check that the timestamp starts exactly on a minute +def integrity_check(ts) + if ts mod 60 != 0 then + print("#{ts} is to fix") + end +end + +# Routine integrity check for each files +def clean_and_check (filepath) + ts = ts_from_filepath (filepath) + + # Remove if old + if ( ts < int_of_float(time()) - 2678400 ) then + rm_pige(ts) + end + + integrity_check (ts) +end + +def clean_and_check_latest (filepath) + ts = ts_from_filepath (filepath) + rm_pige(ts - 2678400) # ts of one month sooner + integrity_check (ts) + +end + +# Exaustive integrity check +def clean_and_check_all () + list.iter(clean_and_check, file.ls("/soundbase/pige/")) +end + + + +# Mux +#input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD"))) +input1 = mksafe(input.http("http://icecast:8000/direct.ogg")) + +# Direct mp3 +# TODO faire du 44100 pour éviter les trous ? +output.icecast( + %mp3(bitrate=128, samplerate=22050, stereo=false), + mount="/direct.mp3", + #host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"), + host="icecast", port=8000, password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f", + input1) + +# Radioking +#output.icecast( +# %mp3(bitrate=128, samplerate=22050, stereo=false), +# mount="/test355", +# host="live.radioking.com", port=80, user="", password="", +# input) + +# Direct ogg +#output.icecast( +# %vorbis(samplerate=44100, channels=1, quality=0.2), +# mount="/direct.ogg", +# host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"), +# input1) + +# Pige +output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check_latest) + +# Integrity checks +clean_and_check_all() diff --git a/services/mux.radiokipik.org/nginx_server.conf b/services/mux.radiokipik.org/nginx_server.conf new file mode 100644 index 0000000..778fda6 --- /dev/null +++ b/services/mux.radiokipik.org/nginx_server.conf @@ -0,0 +1,104 @@ +map $http_upgrade $connection_upgrade { + default upgrade; + '' close; +} + +server{ + listen $SWEBSOCKET_PORT ssl; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; + + location / { + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header Host $host; + proxy_pass http://$NET$WEBSERVER:9000; + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "upgrade"; + proxy_read_timeout 120s; + } +} + +server { + listen 443 ssl; + listen [::]:443 ssl; + server_name $JC_SERVICE; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; + + location / { + proxy_pass http://$SOUNDBASE_IP/; + proxy_set_header Host '$SOUNDBASE_HOST'; + proxy_redirect http://$SOUNDBASE_HOST https://$JC_SERVICE; + # kill cache + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + # wait + client_max_body_size 0; + proxy_connect_timeout 6000; + proxy_send_timeout 60000; + proxy_read_timeout 6000; + send_timeout 6000; + + } + + location /pige { + alias "$SOUNDBASE_DIR/pige"; + try_files $uri $uri/ =404; + } + + + location /direct.ogg { + client_max_body_size 0; + proxy_pass http://$NET$ICECAST:8000/direct.ogg; + # kill cache + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + } + location /direct.mp3 { + client_max_body_size 0; + proxy_pass http://$NET$ICECAST:8000/direct.mp3; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + } + location /style.css { + client_max_body_size 0; + proxy_pass http://$NET$ICECAST:8000/style.css; + } + location /status.xsl { + client_max_body_size 0; + proxy_pass http://$NET$ICECAST:8000/status.xsl; + # kill cache + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + } + + + location ~ /muxapi(/.*) { + auth_basic "Entrez votre identifiant et mot de passe"; + auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd; + include uwsgi_params; + uwsgi_param PATH_INFO "$1"; + uwsgi_param SCRIPT_NAME /muxapi; + uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock; + client_max_body_size 0; + proxy_connect_timeout 6000; + proxy_send_timeout 60000; + proxy_read_timeout 6000; + send_timeout 6000; + # kill cache + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + } +} diff --git a/services/mux.radiokipik.org/ns1.jean-cloud.org/gitkey b/services/mux.radiokipik.org/ns1.jean-cloud.org/gitkey new file mode 100755 index 0000000..9d1bed9 --- /dev/null +++ b/services/mux.radiokipik.org/ns1.jean-cloud.org/gitkey @@ -0,0 +1,38 @@ +-----BEGIN OPENSSH PRIVATE KEY----- +b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn +NhAAAAAwEAAQAAAYEAuKyZzOALRAFq487PSFdSilaUN6wTacncP5XDlVwWr2QBOMPWpOyf +DzdhxIGx2ZBofgDE/47bClZR4SvFr6+2Sj5a5fAhOGeBAS2Z/Je7pL5Ar+nvIBNFG5bwv/ +qEgkfWEjuzjDoEVoY7f6RMrOOnTpZS1F32Y3UB0WiH5FgOwjKWb47q8kxUDSQd0sdZNNKL +d7/RWGplNSLtloC87C8YC0Wxi3wHgssgRCw7xD2cpm6zwRh1lvLbk0a0zhZXTOcsR+lBwe +fEF4eziZDCrKpYwaPdSjIuP6+dctO+1BTSK0KnvuMftTwfLwInZtn9kxa+oTsMRV27oxyO +MiVnx5Gfahh2OQtI299Zm19Lu3ARSzJL0CQc4oDmf9Yhi3SoHwXCMNdyEwRk55iO5b6oA1 +wilUAe2K+YHuG5eNtLu1UvpREGhN4AqYVYW+TqIdRLNr2PTuMW3GyQlCHxIFfBcKPoVNuY +B+sBwhva3IQG+EEwY3ZkqU80J5NXmj36epBe+yxhAAAFkFBSLaVQUi2lAAAAB3NzaC1yc2 +EAAAGBALismczgC0QBauPOz0hXUopWlDesE2nJ3D+Vw5VcFq9kATjD1qTsnw83YcSBsdmQ +aH4AxP+O2wpWUeErxa+vtko+WuXwIThngQEtmfyXu6S+QK/p7yATRRuW8L/6hIJH1hI7s4 +w6BFaGO3+kTKzjp06WUtRd9mN1AdFoh+RYDsIylm+O6vJMVA0kHdLHWTTSi3e/0VhqZTUi +7ZaAvOwvGAtFsYt8B4LLIEQsO8Q9nKZus8EYdZby25NGtM4WV0znLEfpQcHnxBeHs4mQwq +yqWMGj3UoyLj+vnXLTvtQU0itCp77jH7U8Hy8CJ2bZ/ZMWvqE7DEVdu6McjjIlZ8eRn2oY +djkLSNvfWZtfS7twEUsyS9AkHOKA5n/WIYt0qB8FwjDXchMEZOeYjuW+qANcIpVAHtivmB +7huXjbS7tVL6URBoTeAKmFWFvk6iHUSza9j07jFtxskJQh8SBXwXCj6FTbmAfrAcIb2tyE +BvhBMGN2ZKlPNCeTV5o9+nqQXvssYQAAAAMBAAEAAAGAATuMD1Mjknsg53VGo4lSaWZMpg +h6av1Jbald/6iZthZin6DVXsxl4rgrhcFghSAQYi9ckwawYqiEuZLuWVrAt5h5zVKvOe5H +9oARleGEt8FaJLJwj9/uFrpnwdCScnmR8B6pVgnONMFEbBB5nitaTXfi6EYTBStUOSEXgC +SmsNzyzEkeDABM0/wSCtCAz665VWYT5XaH48W80QFnFF8UUel1mVYp1R1ptNAdEJoVfShM +/7JB5L3T+BAbZpMJMTU65Vgq2QfG1QUd+R9c73Z0J17VaZJivOqzoY+BsvcEwjWn7gxOjx +0PYkaZSLiqY6GT6oU5TWNgzIS8F/2ORrMgaxWOKDLBFt2vgQiwf/2T1E8m1jmmPvEeOJ70 +gmJIk9CKAM0UX2HAYM+il0Na4lOpIKggA6QLszsEWjBkdrHjZPL9HeLRMz1vnFAWCoekPN +jemZGhk6mEj6qMRuoDZ/6UWYcMhv64SFX/93YTF5QozbFoMYct1tfE03c9QEX+dV/3AAAA +wQDtsDjhtps2NWP8H5V2MY+cQoE16T8abQjxCCo7nX3vfB2+lxg9wyRx1PdtySDnSNgpG+ +pYjGFUzDlNxCVOqY9+aOA31mzfVn6EH4mG3q6/TL3/QN1ILnLbs4lyNLG4KWP1wT5MocHt +PAzWWL2O1j2Y8B/zYZZDdirx+D/0gnZmEghzq4KwIj+zj+ILRFKuM07WD73mNvyzfwuaTb +hhV75hEtMcLO6EgjX1NUlsIeZvK5Xht3cta62XFpsXAUY4u0EAAADBAPOxezplUkaxdmnR +CVduC7pcDweexJyVJtg753kde65IIizPSxB0QNwA4gqc2Us5PjxfS4tetsupOxRZD+ER0S +fEpX7rTedqFdukb8h7QDE6yVOD7C14vVC/kThPu9LI21itp03BFZUw1/FRRMK/xur51Ahj +g5F83+CkgQsVmwEo8cZ0b+io76FlXa4OGBUQnVE+mf6TZ+PbMT2zFJ5KAlZ54KxPZJAQOR +VJwaND0N6YQLaAkDZEnTJG3KTHyAFt4wAAAMEAwgAbwCPg4aeFXptJLUbBmDB9mGkHZkjM +p4SVC2iPSSMahnu8L5vCk/SOQJlv13mJ1JcZ/HplPUugB9cL+9SsLkr7c/r2otnch/x2WP +tF7zN6AgECs4/MWSenlxlvmD2HU6TtXaKQHfmP9HK4cIf0m1rTz4OpuZJlbDXNh/QNyzU3 +8UUAns4EaLLSM5rgSz2pPXYU6XnfSOVGZNotmla/xWbPd8sSrWCFV0VC/O0cBVMJ20QlUo +vR0cIiNMZDyQ/rAAAAGHJvb3RAcmFrdS5qZWFuLWNsb3VkLm9yZwEC +-----END OPENSSH PRIVATE KEY----- diff --git a/services/mux.radiokipik.org/ns1.jean-cloud.org/letsencrypt.key b/services/mux.radiokipik.org/ns1.jean-cloud.org/letsencrypt.key new file mode 100644 index 0000000..1a8650e --- /dev/null +++ b/services/mux.radiokipik.org/ns1.jean-cloud.org/letsencrypt.key @@ -0,0 +1,4 @@ +key "letsencrypt.key" { + algorithm hmac-sha256; + secret "d2q77gecXwNQdzJb3tnE5IUGXY7/r0LL3hj+GG2/iTo="; +}; diff --git a/services/ns1.jean-cloud.org/helper_functions.sh b/services/ns1.jean-cloud.org/helper_functions.sh index 7de2268..32d2d53 100644 --- a/services/ns1.jean-cloud.org/helper_functions.sh +++ b/services/ns1.jean-cloud.org/helper_functions.sh @@ -21,7 +21,7 @@ prepare () { fi echo 'Sync the git repo' - run sudo -u bind git_update.sh -N -b main -i "$DATA_DIR/gitkey" -d "$debian_bind_confdir" 'ssh://git@git.jean-cloud.net:22529/adrian/dnszones.git' + run sudo -u bind git_update.sh -r main -o "-i $DATA_DIR/gitkey" -d "$debian_bind_confdir" 'ssh://git@git.jean-cloud.net:22529/adrian/dnszones.git' cd /etc/bind diff --git a/services/nuage.jean-cloud.net/docker-compose.yml b/services/nuage.jean-cloud.net/docker-compose.yml index fb7fcfc..393c1b8 100755 --- a/services/nuage.jean-cloud.net/docker-compose.yml +++ b/services/nuage.jean-cloud.net/docker-compose.yml @@ -89,6 +89,7 @@ services: collabora: image: collabora/code + privileged: true environment: - "dictionaries=fr" - "server_name=office.nuage.jean-cloud.net" diff --git a/services/paj.oma-radio.fr/.env b/services/paj.oma-radio.fr/.env new file mode 100644 index 0000000..8f41d0c --- /dev/null +++ b/services/paj.oma-radio.fr/.env @@ -0,0 +1,6 @@ +GIT_SOURCE_REPO="https://gitlab.com/omaradio/website" +GIT_SOURCE_BRANCH=dev +RADIO_HOST=mux.paj.oma-radio.fr +USE_SSL=true +WEBSOCKET_PORT=2002 +RADIO_NAME_PRETTY="Paj Radio" diff --git a/services/paj.oma-radio.fr/.known_hosts b/services/paj.oma-radio.fr/.known_hosts new file mode 100644 index 0000000..ce5c099 --- /dev/null +++ b/services/paj.oma-radio.fr/.known_hosts @@ -0,0 +1,2 @@ +gitlab.com ssh-dss AAAAB3NzaC1kc3MAAACBAMPKInNPflcRle9F5Qt2j9aI0EZuWQzdXTbYvsl+ChaacqCOWRMiOmXHXqetFz6jD/6Fcqg20ZATxqSskQBaRn97O/mbH+GQk4d3zw9WAEURicE8rKJop3qGtdfFxLzrTuF/PAkKRDMmutT3hwZIOO8CFWOl1BiuUYTncJTeonrfAAAAFQCujauoy3Yy+ul72b/WsTECUPj9yQAAAIBIV2yyF7RZf7IYS8tsWcKP7Y5Bv9eFdbvbtsaxcFCHcmHIGoJQrIdPoueoOb5EUTYz0NgYKsKaZzDZkgFk28GsmLxKvhnPjaw0lJVSKRchEE5xVlamOlabiRMjQ7X/bAdejkBJe96AjZZL3UO4acpwfy3Tnnap0w6YCDeaxoyHpwAAAIAU+dyNaL3Hy15VIV32QwWMekvxeptUY/DW03LNcgZZDoin87TE9xuQhM0qF3pi2i2a2ExuslgdttmYWvrbEz8eW+RFgvT5pKwWpalKWetHvtN3oYZP37ZIO1Y3Hd5A4YVcpYp1ccRayveLlCRwxb4HdGXT2OmYU+lmvimIR8zQ6A== +gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9 diff --git a/services/paj.oma-radio.fr/deploy_user.sh b/services/paj.oma-radio.fr/deploy_user.sh new file mode 100755 index 0000000..c0bf6d6 --- /dev/null +++ b/services/paj.oma-radio.fr/deploy_user.sh @@ -0,0 +1,19 @@ +#!/bin/bash +set -euo pipefail + +# Si le site a déjà été build par le passé, curl termine l’exécution du script en cas d’absence sur serveur corps. +[ -f "$HTTP_DIR/public/index.html" ] && { curl --head --fail-with-body $RADIO_HOST/fic/_series-_index.fic || exit 0 ; } >/dev/null + +# Update git repo +git_update.sh -d "$HTTP_DIR" -o "-i $SECRET_DIR/gitlab-deploy.sshprivkey" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO" + +cd "$HTTP_DIR" + +# Get remote content files +#rclone_ncloud_publiclink.sh + +# Invalid cache +rm -rf "/tmp/hugo_cache_$USER" + +# Build website +HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo diff --git a/services/paj.oma-radio.fr/nginx_server.conf b/services/paj.oma-radio.fr/nginx_server.conf new file mode 100755 index 0000000..6f5482a --- /dev/null +++ b/services/paj.oma-radio.fr/nginx_server.conf @@ -0,0 +1,32 @@ +server { + listen 443 ssl http2; + listen [::]:443 ssl http2; + ssl_certificate $JC_CERT/fullchain.pem; + ssl_certificate_key $JC_CERT/privkey.pem; + server_name $JC_SERVICE www.$JC_SERVICE; + root $HTTP_DIR/public/; + + # Security headers + add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; + #add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self' 'https://static.jean-cloud.net/player-interface/*' ; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self' 'https://static.jean-cloud.net/player-interface/*' 'https://cdn.jsdelivr.net/npm/*'; base-uri 'self'; form-action 'self';" always; + add_header X-Content-Type-Options "nosniff"; + add_header X-Frame-Options SAMEORIGIN always; + add_header X-XSS-Protection "1; mode=block" always; + add_header Referrer-Policy "strict-origin-when-cross-origin"; + add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';"; + + location / { + index index.html; + try_files $uri $uri/ =404; + } + + location /manager { + return 301 $scheme://mux.$JC_SERVICE/manager; + } + + location /buildscript/ { + include /etc/nginx/fastcgi_params; + fastcgi_param SCRIPT_FILENAME $DOCKER_DIR/server.sh; + fastcgi_pass unix:/var/run/fcgiwrap.socket; + } +} diff --git a/services/paj.oma-radio.fr/server.sh b/services/paj.oma-radio.fr/server.sh new file mode 100755 index 0000000..fcdb650 --- /dev/null +++ b/services/paj.oma-radio.fr/server.sh @@ -0,0 +1,10 @@ +#!/bin/bash + +echo "Content-type: text/html" +echo "" + +. .env + +echo '
'
+deploy_as "$JC_SERVICE"
+echo '
' diff --git a/services/pelican/deploy_user.sh b/services/pelican/deploy_user.sh index 6466e45..0c22e16 100755 --- a/services/pelican/deploy_user.sh +++ b/services/pelican/deploy_user.sh @@ -2,7 +2,7 @@ set -euo pipefail # Update git repo -git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO" +git_update.sh -r "${GIT_BRANCH:main}" -d "$HTTP_DIR" "$GIT_SOURCE_REPO" cd "$HTTP_DIR" diff --git a/services/radiodemo.oma-radio.fr/.env b/services/radiodemo.oma-radio.fr/.env index 6e58864..7a79b0c 100644 --- a/services/radiodemo.oma-radio.fr/.env +++ b/services/radiodemo.oma-radio.fr/.env @@ -2,3 +2,4 @@ GIT_SOURCE_REPO="git@gitlab.com:omaradio/website.git" RADIO_HOST=mux.radiodemo.oma-radio.fr USE_SSL=true WEBSOCKET_PORT=2004 +VUE_APP_PUBLIC_WEBSITE=radiodemo.oma-radio.fr diff --git a/services/radiodemo.oma-radio.fr/deploy_user.sh b/services/radiodemo.oma-radio.fr/deploy_user.sh deleted file mode 120000 index e723ae7..0000000 --- a/services/radiodemo.oma-radio.fr/deploy_user.sh +++ /dev/null @@ -1 +0,0 @@ -../hugo/deploy_user.sh \ No newline at end of file diff --git a/services/radiodemo.oma-radio.fr/deploy_user.sh b/services/radiodemo.oma-radio.fr/deploy_user.sh new file mode 100755 index 0000000..1ad3676 --- /dev/null +++ b/services/radiodemo.oma-radio.fr/deploy_user.sh @@ -0,0 +1,16 @@ +#!/bin/bash +set -euo pipefail + +# Si le site a déjà été build par le passé, curl termine l’exécution du script en cas d’absence sur serveur corps. +[ -f "$HTTP_DIR/public/index.html" ] && { curl -iI https://$RADIO_HOST/fic/_series-_index.fic >/dev/null || exit 0 ; } + +# Update git repo +git_update.sh -d "$HTTP_DIR" -o "-i $SECRET_DIR/gitlab-deploy.sshprivkey" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO" + +cd "$HTTP_DIR" + +# Invalid cache +rm -rf "/tmp/hugo_cache_$USER" + +# Build website +HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo diff --git a/services/radiokipik.org/.env b/services/radiokipik.org/.env index 6e58864..e38d45b 100644 --- a/services/radiokipik.org/.env +++ b/services/radiokipik.org/.env @@ -1,4 +1,5 @@ GIT_SOURCE_REPO="git@gitlab.com:omaradio/website.git" -RADIO_HOST=mux.radiodemo.oma-radio.fr +RADIO_HOST=mux.radiokipik.org USE_SSL=true -WEBSOCKET_PORT=2004 +WEBSOCKET_PORT=2005 +RADIO_NAME_PRETTY="Radio Kipik" diff --git a/services/radiokipik.org/deploy_user.sh.bak b/services/radiokipik.org/deploy_user.sh similarity index 100% rename from services/radiokipik.org/deploy_user.sh.bak rename to services/radiokipik.org/deploy_user.sh diff --git a/services/radiokipik.org/nginx_server.conf b/services/radiokipik.org/nginx_server.conf index 07af231..78ae46b 100755 --- a/services/radiokipik.org/nginx_server.conf +++ b/services/radiokipik.org/nginx_server.conf @@ -4,7 +4,7 @@ server { ssl_certificate $JC_CERT/fullchain.pem; ssl_certificate_key $JC_CERT/privkey.pem; server_name $JC_SERVICE www.$JC_SERVICE; - root $HTTP_DIR/; + root $HTTP_DIR/public; # Security headers add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always; diff --git a/services/servers.csv b/services/servers.csv new file mode 100644 index 0000000..c1b0319 --- /dev/null +++ b/services/servers.csv @@ -0,0 +1,7 @@ +id;nom;lieu;fai;note;wg_pubkey;ip;ip;ip;ip;ip +3;max;"Montpellier";red/sfr;"Chez Elisa";wTU3G3tutx2NIBlDDdBQhSnPFmkE5TM8aqcn1gdACF8=;2a02:8434:66e2:e301:a2b3:ccff:fe85:af97;;; +4;raku;"Le bessat";red/sfr;"Chez axel et louise";xEKLecqKmr7+VWhi9+LvfYNflVfkkMEe7DXHFDaiqBk=;92.92.34.140;;; +6;jeanPinion;"Alençon";;"Librairie de Centime";+goHQ6dBoqrjkPtru9Y1QeSChXNIuUpnv0xnh23jYRs=; +7;montbonnot;"Marseille";;"Géré par Nico";S1jpvHJRr2yFh4OB9hLk+zXUNXAycOewNqouoO2Zky4=; +8;jeanCheri;"Lyon";;"Épicerie ACTR";5+j+wcrQQAnR8thBRqdoKsamNog0pMZeJG2AONs5OD0=; +9;izzo;"Hostinger";"Hostinger";"Serveur hébergé principal";8ulBTjnjbo/dD8pPumpz07TUbDTofZ46+oTdkBb2JWE=;89.116.110.62;2a02:4780:28:a254::1; diff --git a/services/services.csv b/services/services.csv index 7f83c25..c6c1e3a 100644 --- a/services/services.csv +++ b/services/services.csv @@ -26,10 +26,10 @@ 29;nuage.jean-cloud.net;nuage.jean-cloud.net;izzo.jean-cloud.org 30;oma-radio.fr;oma-radio.fr;izzo.jean-cloud.org 31;pa1.studios.oma-radio.fr;pa1.studios.oma-radio.fr;tetede.jean-cloud.org -32;paj.oma-radio.fr;paj.oma-radio.fr;nougaro.jean-cloud.org +32;paj.oma-radio.fr;paj.oma-radio.fr;izzo.jean-cloud.org 33;quadrille-elsa.jean-cloud.net;quadrille-elsa.jean-cloud.net;shlago.jean-cloud.org 34;radiodemo.oma-radio.fr;radiodemo.oma-radio.fr;raku.jean-cloud.org -35;radionimaitre.oma-radio.fr;radionimaitre.oma-radio.fr;tetede.jean-cloud.org +35;radionimaitre.oma-radio.fr;radionimaitre.oma-radio.fr;izzo.jean-cloud.org 36;raplacgr.jean-cloud.net;raplacgr.jean-cloud.net;izzo.jean-cloud.org 37;rimarima.fr;rimarima.fr;raku.jean-cloud.org 38;rpnow.jean-cloud.net;rpnow.jean-cloud.net;izzo.jean-cloud.org @@ -37,7 +37,7 @@ 40;static.jean-cloud.net;static.jean-cloud.net;izzo.jean-cloud.org 41;velov.jean-cloud.net;velov.jean-cloud.net;shlago.jean-cloud.org 42;wiki-cgr.jean-cloud.net;wiki-cgr.jean-cloud.net;izzo.jean-cloud.org -43;radio.karnaval.fr;radio.karnaval.fr;tetede.jean-cloud.org +43;radio.karnaval.fr;radio.karnaval.fr;izzo.jean-cloud.org 44;wordpress.abc.jean-cloud.net;wordpress.abc.jean-cloud.net;raku.jean-cloud.org 45;jean-cloud.org;jean-cloud.org;shlago.jean-cloud.org 46;soundbase.paj.oma-radio.fr;soundbase.paj.oma-radio.fr;montbonnot.jean-cloud.org @@ -55,3 +55,6 @@ 60;soundbase.radiokipik.org;soundbase.radiokipik.org;montbonnot.jean-cloud.org 61;radiokipik.org;radiokipik.org;izzo.jean-cloud.org 62;mux.radiokipik.org;mux.radiokipik.org;izzo.jean-cloud.org +63;collectif-karafon.fr;collectif-karafon.fr;izzo.jean-cloud.org +64;mux.radionimaitre.oma;mux.radionimaitre.oma-radio.fr;raku.jean-cloud.org +65;mux.paj.oma-radio.fr;mux.paj.oma-radio.fr;izzo.jean-cloud.org diff --git a/services/soundbase.paj.oma-radio.fr/.env b/services/soundbase.paj.oma-radio.fr/.env new file mode 100644 index 0000000..d708be0 --- /dev/null +++ b/services/soundbase.paj.oma-radio.fr/.env @@ -0,0 +1,25 @@ +TELECOM=.101 +ICECAST=.110 +WEBSERVER=.105 +SYSTEM_API=.107 +TZ=Europe/Paris +OMA_DOCKER_VERSION=dev +WEBSOCKET_PORT=2002 +TELECOM_SERVER_PORT=3492 +OMA_CONFIG_TelecommandeHost=mux.paj.oma-radio.fr +OMA_CONFIG_TelecommandePort=3492 +MUX_SERVER_PORT=9002 +RADIO_NAME_SIMPLE=paj +OMA_CONFIG_NomRadio=paj +OMA_CONFIG_LogLevel=8 +RADIO_NAME_PRETTY="Radio Démo" +COMPOSE_NAME=soundbasepajoma-radiofr +DOCKER_INSTANCES_PREFIX=soundbasepajoma-radiofr- +DOCKER_INSTANCES_SUFIX=-1 +SOUNDBASE_DIR=/data/soundbase.paj.oma-radio.fr/ +USE_SSL=true +MANAGER_WEBSITE_UPSTREAM=https://static.oma-radio.fr/single-manager/1.1.1 +RADIO_HOST=mux.paj.oma-radio.fr +WG_NAME_interco=paj +WG_NET=10.29.65 +WG_PORT=55002 diff --git a/services/soundbase.paj.oma-radio.fr/deploy_user.sh b/services/soundbase.paj.oma-radio.fr/deploy_user.sh new file mode 100755 index 0000000..8d15bf0 --- /dev/null +++ b/services/soundbase.paj.oma-radio.fr/deploy_user.sh @@ -0,0 +1,6 @@ +#!/bin/bash + +git_update.sh -r $OMA_DOCKER_VERSION -d "$HTTP_DIR/manager" https://gitlab.com/omaradio/single-manager.git +cd "$HTTP_DIR/manager" +npm install +npm run build diff --git a/services/soundbase.paj.oma-radio.fr/docker-compose.yml b/services/soundbase.paj.oma-radio.fr/docker-compose.yml new file mode 100644 index 0000000..eb0ff3c --- /dev/null +++ b/services/soundbase.paj.oma-radio.fr/docker-compose.yml @@ -0,0 +1,137 @@ +version: '3' +services: + anthracite_jukebox: + image: registry.gitlab.com/omaradio/core/oma-jukebox:$OMA_DOCKER_VERSION + env_file: .env + environment: + OMA_CONFIG_TelecommandeHost: $RADIO_HOST + OMA_CONFIG_TelecommandePort: $TELECOM_SERVER_PORT + OMA_CONFIG_Client1Host: $RADIO_HOST + OMA_CONFIG_Client1Port: $MUX_SERVER_PORT + volumes: + - $DATA_DIR:/app/soundBase + - $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM + restart: unless-stopped + networks: + default: + ipv4_address: $NET.102 + deploy: + resources: + limits: + cpus: '0.50' + memory: 100M + + azurite_jukebox_simulator: + image: registry.gitlab.com/omaradio/core/oma-jukebox-simulator:$OMA_DOCKER_VERSION + env_file: .env + environment: + OMA_CONFIG_TelecommandeHost: $RADIO_HOST + volumes: + - $DATA_DIR:/app/soundBase + restart: unless-stopped + networks: + default: + ipv4_address: $NET.103 + deploy: + resources: + limits: + cpus: '0.50' + memory: 100M + + # aventurine_transcode: + # image: jeancloud/transcode:$OMA_DOCKER_VERSION + # env_file: .env + # restart: unless-stopped + + + agate_importer: + image: registry.gitlab.com/omaradio/core/oma-baseimport:$OMA_DOCKER_VERSION + env_file: .env + environment: + OMA_CONFIG_TelecommandeHost: $RADIO_HOST + volumes: + - $DATA_DIR:/app/soundBase + restart: unless-stopped + networks: + default: + ipv4_address: $NET.104 + deploy: + resources: + limits: + cpus: '0.50' + memory: 1000M + + + rubis_base_mg: + image: registry.gitlab.com/omaradio/core/oma-base-mg:$OMA_DOCKER_VERSION + env_file: .env + environment: + OMA_CONFIG_TelecommandeHost: $RADIO_HOST + restart: unless-stopped + volumes: + - $DATA_DIR:/soundbase + networks: + default: + ipv4_address: $NET.106 + deploy: + resources: + limits: + cpus: '0.50' + memory: 100M + + + system_api: + image: jeancloud/system-api:dev + env_file: .env + environment: + OMA_CONFIG_TelecommandeHost: $RADIO_HOST + UID: 33 + SOUNDBASE_PATH: /soundbase + MOUNT: /api + CONFIG_PATH: /config + restart: unless-stopped + volumes: + - /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi + - /var/run/docker.sock:/var/run/docker.sock + - $DATA_DIR:/soundbase + networks: + default: + ipv4_address: $NET.107 + deploy: + resources: + limits: + cpus: '0.50' + memory: 500M + + + #ammolite_mp3_addon: + # image: jeancloud/mp3addon:$OMA_DOCKER_VERSION + # env_file: .env + # environment: + # OMA_CONFIG_TelecommandeHost: $NET.101 + # OMA_CONFIG_PigePrefix: /opt + # restart: unless-stopped + # volumes: + # - $DATA_DIR:/app/soundbase + # networks: + # default: + # ipv4_address: $NET.109 + # deploy: + # resources: + # limits: + # cpus: '0.05' + + # doxy: + # image: qnib/doxy + # volumes: + # - /tmp/radiodemo.oma-radio.fr/doxy:/tmp/doxy + # - /data/radiodemo.oma-radio.fr/doxy.pattern:/etc/doxy.pattern + # - /var/run/docker.sock:/var/run/docker.sock + # environment: + # DOXY_PROXY_SOCKET: /tmp/doxy/doxy.sock + +networks: + default: + ipam: + config: + - subnet: $NET.0/24 diff --git a/services/soundbase.paj.oma-radio.fr/nginx_server.conf b/services/soundbase.paj.oma-radio.fr/nginx_server.conf new file mode 100644 index 0000000..2761cf8 --- /dev/null +++ b/services/soundbase.paj.oma-radio.fr/nginx_server.conf @@ -0,0 +1,119 @@ +# Parameters: +# radio name +# file path +# ws port (local) +# wss port (open) +# upload service port +# ssl certs location + +# TODO +# /speedtest-down returns random data +# can use : openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero > randomfile.bin +# /speedtest-up just eat everything it can + + + + + +server { + listen 80; + listen [::]:80; + server_name $JC_SERVICE; + + root $HTTP_DIR/manager/dist; + index index.html; + + location ~ /api(/.*) { + auth_basic "Entrez votre identifiant et mot de passe"; + auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd; + include uwsgi_params; + uwsgi_param PATH_INFO "$1"; + uwsgi_param SCRIPT_NAME /api; + uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock; + client_max_body_size 0; + proxy_connect_timeout 6000; + proxy_send_timeout 60000; + proxy_read_timeout 6000; + send_timeout 6000; + # kill cache + add_header Last-Modified $date_gmt; + add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0'; + if_modified_since off; + expires off; + etag off; + } + + location /pige{ + alias $SOUNDBASE_DIR/pige; + try_files $uri $uri/ =404; + } + location /png { + alias $SOUNDBASE_DIR/png; + try_files $uri $uri/ =404; + } + location /webpL { + alias $SOUNDBASE_DIR/webpL; + try_files $uri $uri/ =404; + } + location /webpH { + alias $SOUNDBASE_DIR/webpH; + try_files $uri $uri/ =404; + } + location /ogg { + alias $SOUNDBASE_DIR/ogg; + try_files $uri $uri/ =404; + } + location /txt { + alias $SOUNDBASE_DIR/txt; + try_files $uri $uri/ =404; + } + location /wavM { + auth_basic "Entrez votre identifiant et mot de passe"; + auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd; + alias $SOUNDBASE_DIR/wavM; + try_files $uri $uri/ =404; + } + location /import { + auth_basic "Entrez votre identifiant et mot de passe"; + auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd; + alias $SOUNDBASE_DIR/import; + try_files $uri $uri/ =404; + } + location /export { + auth_basic "Entrez votre identifiant et mot de passe"; + auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd; + alias $SOUNDBASE_DIR/export; + try_files $uri $uri/ =404; + } + location /wav { + auth_basic "Entrez votre identifiant et mot de passe"; + auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd; + alias $SOUNDBASE_DIR/wav; + try_files $uri $uri/ =404; + } + location /fic { + add_header Cache-Control "must-revalidate, proxy-revalidate"; + alias $SOUNDBASE_DIR/fic; + try_files $uri $uri/ =404; + } + location /prg { + auth_basic "Entrez votre identifiant et mot de passe"; + auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd; + alias $SOUNDBASE_DIR/prg; + try_files $uri $uri/ =404; + } + location /lst { + auth_basic "Entrez votre identifiant et mot de passe"; + auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd; + alias $SOUNDBASE_DIR/lst; + try_files $uri $uri/ =404; + } + + # Admin interface + location /manager { + alias $HTTP_DIR/manager/dist; + auth_basic "Entrez votre identifiant et mot de passe"; + auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd; + try_files $uri $uri/ =404; + } +} diff --git a/services/soundbase.radiodemo.oma-radio.fr/deploy_user.sh b/services/soundbase.radiodemo.oma-radio.fr/deploy_user.sh new file mode 100755 index 0000000..6b583b8 --- /dev/null +++ b/services/soundbase.radiodemo.oma-radio.fr/deploy_user.sh @@ -0,0 +1,11 @@ +#!/bin/bash + +if [ -d "$DATA_DIR/core" ] ; then + git_update.sh -r dev -o "-i $DATA_DIR/radiodemo-deploy" -d "$DATA_DIR/core" git@gitlab.com:omaradio/core.git +fi + +git_update.sh -r dev -d "$HTTP_DIR/manager" git@gitlab.com:omaradio/single-manager.git +cd "$HTTP_DIR/manager" +npm install +npm run build + diff --git a/services/soundbase.radiodemo.oma-radio.fr/docker-compose.yml b/services/soundbase.radiodemo.oma-radio.fr/docker-compose.yml index f336c82..9980ea6 100644 --- a/services/soundbase.radiodemo.oma-radio.fr/docker-compose.yml +++ b/services/soundbase.radiodemo.oma-radio.fr/docker-compose.yml @@ -11,7 +11,8 @@ services: OMA_CONFIG_Client2Port: 9003 volumes: - $SOUNDBASE_DIR:/app/soundBase - - $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM + - $SOUNDBASE_DIR/secours/JingleDemo-Secours.wavM:/app/secours/secours-jingle.wavM + restart: unless-stopped networks: default: @@ -19,7 +20,7 @@ services: deploy: resources: limits: - cpus: '0.50' + cpus: '1' memory: 100M azurite_jukebox_simulator: @@ -48,6 +49,7 @@ services: env_file: .env volumes: - $SOUNDBASE_DIR:/app/soundBase + stop_grace_period: 1m30s restart: unless-stopped networks: default: diff --git a/services/soundbase.radiodemo.oma-radio.fr/nginx_server.conf b/services/soundbase.radiodemo.oma-radio.fr/nginx_server.conf index bdeb359..6a687f7 100644 --- a/services/soundbase.radiodemo.oma-radio.fr/nginx_server.conf +++ b/services/soundbase.radiodemo.oma-radio.fr/nginx_server.conf @@ -92,6 +92,7 @@ server { try_files $uri $uri/ =404; } location /fic { + add_header Cache-Control 'must-revalidate, proxy-revalidate'; alias $SOUNDBASE_DIR/fic; try_files $uri $uri/ =404; } @@ -107,10 +108,6 @@ server { alias $SOUNDBASE_DIR/lst; try_files $uri $uri/ =404; } - location /statique { - alias $SOUNDBASE_DIR/statique; - try_files $uri $uri/ =404; - } # Admin interface location /manager { diff --git a/services/soundbase.radiodemo.oma-radio.fr/wg-radiodemo.sh b/services/soundbase.radiodemo.oma-radio.fr/wg-radiodemo.sh deleted file mode 100755 index a283bd3..0000000 --- a/services/soundbase.radiodemo.oma-radio.fr/wg-radiodemo.sh +++ /dev/null @@ -1,20 +0,0 @@ -#!/bin/bash - -set -euo pipefail - -. .env - -[ -f "$DATA_DIR/radiodemo-soundbase.wgkey" ] || { echo 'No privatekey found' >&2 && exit 1 ; } - -echo " -[Interface] -PrivateKey = $(cat "$DATA_DIR/radiodemo-soundbase.wgkey") -Address = 10.29.0.1/32 -ListenPort = 55820 - -[Peer] -PublicKey = iwIsUriF4CT/Jpu29VXlj43hT3bUjG67FeEgCTcQCVc= -AllowedIPs = 10.29.0.254/32 -Endpoint = mux.radiodemo.oma-radio.fr:55820 -PersistentKeepalive = 30 -" diff --git a/services/soundbase.radiokipik.org/.env b/services/soundbase.radiokipik.org/.env index 60f8276..b648d3d 100644 --- a/services/soundbase.radiokipik.org/.env +++ b/services/soundbase.radiokipik.org/.env @@ -4,21 +4,20 @@ ICECAST=.110 WEBSERVER=.105 SYSTEM_API=.107 TZ=Europe/Paris -OMA_DOCKER_VERSION=dev -WEBSOCKET_PORT=2004 -TELECOM_SERVER_PORT=3494 -OMA_CONFIG_TelecommandeHost=mux.radiodemo.oma-radio.fr -OMA_CONFIG_TelecommandePort=3494 -MUX_SERVER_PORT=9004 -RADIO_NAME_SIMPLE=radiodemo -OMA_CONFIG_NomRadio=radiodemo -OMA_CONFIG_LogLevel=8 -RADIO_NAME_PRETTY="Radio Démo" -COMPOSE_NAME=soundbaseradiodemooma-radiofr -DOCKER_INSTANCES_PREFIX=soundbaseradiodemooma-radiofr- +OMA_DOCKER_VERSION=unstable +WEBSOCKET_PORT=2005 +TELECOM_SERVER_PORT=3495 +OMA_CONFIG_TelecommandeHost=mux.radiokipik.org +OMA_CONFIG_TelecommandePort=3495 +MUX_SERVER_PORT=9005 +RADIO_NAME_SIMPLE=radiokipik +OMA_CONFIG_NomRadio=radiokipik +RADIO_NAME_PRETTY="Radio Kipik" +COMPOSE_NAME=soundbaseradiokipikorg +DOCKER_INSTANCES_PREFIX=soundbaseradiokipikorg- DOCKER_INSTANCES_SUFIX=-1 -SOUNDBASE_DIR=/data/soundbase.radiodemo.oma-radio.fr/core/radioDemo +SOUNDBASE_DIR=/data/soundbase.radiokipik.org/soundbase/ USE_SSL=true MANAGER_VERSION=3.0.0 PUBLIC_WEBSITE_UPSTREAM=https://static.oma-radio.fr/player-interface/1.1.1 -RADIO_HOST=radiodemo.oma-radio.fr +RADIO_HOST=radiokipik.org diff --git a/services/soundbase.radiokipik.org/deploy.sh b/services/soundbase.radiokipik.org/deploy.sh index f4948f2..e56279b 100755 --- a/services/soundbase.radiokipik.org/deploy.sh +++ b/services/soundbase.radiokipik.org/deploy.sh @@ -1,8 +1,3 @@ #!/bin/bash apt install -y nodejs npm -#docker run --rm -i -v /srv/http/soundbase.radiodemo.oma-radio.fr:/app node:alpine sh <&2 && exit 1 ; } - -echo " -[Interface] -PrivateKey = $(cat "$DATA_DIR/soundbase.wgkey") -Address = 10.29.60.1/32 -ListenPort = 55860 - -[Peer] -PublicKey = 3ADrLVxzVqLHV530cT+paM+zNQBvm3KCW0voIN1wVBQ= -AllowedIPs = 10.29.60.254/32 -Endpoint = mux.radiokipik.org:55825 -PersistentKeepalive = 30 -"