save
This commit is contained in:
parent
ae7358e6f1
commit
ba02d06729
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,3 +1,4 @@
|
|||||||
installing/temporary_mount_point
|
installing/temporary_mount_point
|
||||||
installing/secrets
|
installing/secrets
|
||||||
provisioning/roles/deploy_all/files/secrets
|
provisioning/roles/deploy_all/files/secrets
|
||||||
|
.~lock.*
|
||||||
|
@ -4,4 +4,31 @@ DO NOT REBOOT IT. it sometimes fails…
|
|||||||
|
|
||||||
raku :
|
raku :
|
||||||
+ ajouter nonfree dans les sources
|
+ ajouter nonfree dans les sources
|
||||||
-i firmware-atheros
|
-i firmware-atheros -i firmware-realtek
|
||||||
|
|
||||||
|
cheri :
|
||||||
|
cat > /etc/init.d/autoreboot <<EOF
|
||||||
|
#!/bin/bash
|
||||||
|
### BEGIN INIT INFO
|
||||||
|
# Provides: autoreboot
|
||||||
|
# Required-Start: \$local_fs \$syslog
|
||||||
|
# Required-Stop: \$local_fs \$syslog
|
||||||
|
# Default-Start: 2 3 4 5
|
||||||
|
# Default-Stop: 0 1 6
|
||||||
|
# Short-Description: starts autoreboot
|
||||||
|
# Description: starts autoreboot
|
||||||
|
### END INIT INFO
|
||||||
|
sleep 120
|
||||||
|
ip -4 -o a > /dev/tty1
|
||||||
|
if ! ip a | grep -q 'eth0' ; then
|
||||||
|
echo 'eth0 not found. rebooting' >/dev/tty1
|
||||||
|
sleep 3
|
||||||
|
reboot
|
||||||
|
else
|
||||||
|
echo 'eth0 found' >/dev/tty1
|
||||||
|
sleep 3
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
exit 0
|
||||||
|
EOF
|
||||||
|
chmod +x /etc/init.d/autoreboot
|
||||||
|
41
old_services/chahut.jean-cloud.net/docker-compose.yml
Normal file
41
old_services/chahut.jean-cloud.net/docker-compose.yml
Normal file
@ -0,0 +1,41 @@
|
|||||||
|
version: '3.1'
|
||||||
|
|
||||||
|
services:
|
||||||
|
|
||||||
|
wp:
|
||||||
|
image: wordpress:5-apache
|
||||||
|
restart: unless-stopped
|
||||||
|
env_file: $DATA_DIR/wordpress.env
|
||||||
|
volumes:
|
||||||
|
- $DATA_DIR/wordpress:/var/www/html
|
||||||
|
- /srv/http/$JC_SERVICE:/var/www/html/static
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.100
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 100M
|
||||||
|
|
||||||
|
db:
|
||||||
|
image: mariadb:10.11
|
||||||
|
restart: unless-stopped
|
||||||
|
env_file: $DATA_DIR/wordpress.env
|
||||||
|
volumes:
|
||||||
|
- $DATA_DIR/db:/var/lib/mysql
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.101
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 300M
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipam:
|
||||||
|
config:
|
||||||
|
- subnet: $NET.0/24
|
||||||
|
|
30
old_services/chahut.jean-cloud.net/nginx_server.conf
Executable file
30
old_services/chahut.jean-cloud.net/nginx_server.conf
Executable file
@ -0,0 +1,30 @@
|
|||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
|
server_name wordpress.$JC_SERVICE www.wordpress.$JC_SERVICE;
|
||||||
|
location / {
|
||||||
|
auth_basic "Mot de passe !";
|
||||||
|
auth_basic_user_file /data/$JC_SERVICE/pass.txt;
|
||||||
|
client_max_body_size 2G;
|
||||||
|
#proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
proxy_pass http://$NET.100;
|
||||||
|
proxy_redirect off;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
|
server_name $JC_SERVICE www.$JC_SERVICE;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
root /srv/http/$JC_SERVICE;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,32 @@
|
|||||||
|
version: '2'
|
||||||
|
|
||||||
|
services:
|
||||||
|
|
||||||
|
coldcms:
|
||||||
|
image: coldcms/coldcms-backend:latest
|
||||||
|
volumes:
|
||||||
|
- $DATA_DIR/coldcms:/srv/build
|
||||||
|
- $DATA_DIR/db:/var/db
|
||||||
|
environment:
|
||||||
|
- DJANGO_SETTINGS_MODULE=coldcms.settings
|
||||||
|
- DB_URL=sqlite:////var/db/database.sqlite3
|
||||||
|
- BUILD_DIR=/srv/build
|
||||||
|
- STATIC_ROOT=/srv/build/static/
|
||||||
|
- ALLOWED_HOSTS=$JC_SERVICE
|
||||||
|
- SECRET_KEY=275bLEjLIsDg19HkIcjjwgdC41zcyTAc1y527VuX23khKUZGRCMybChydeBKFNJVjhD0KMrzIeLbMlS30IxPhfqLAcR2OK0LVxOu4G8dgx3p2pia4SUFm39tOznKZ0Kt9IdbX
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.100
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 500M
|
||||||
|
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipam:
|
||||||
|
config:
|
||||||
|
- subnet: $NET.0/24
|
55
old_services/coldcms.chahut.jean-cloud.net/nginx_server.conf
Normal file
55
old_services/coldcms.chahut.jean-cloud.net/nginx_server.conf
Normal file
@ -0,0 +1,55 @@
|
|||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
|
server_name $JC_SERVICE www.$JC_SERVICE;
|
||||||
|
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000";
|
||||||
|
|
||||||
|
gzip on;
|
||||||
|
gzip_disable "msie6";
|
||||||
|
gzip_types text/plain text/css application/json text/xml application/xml text/javascript application/x-javascript;
|
||||||
|
gzip_min_length 1000;
|
||||||
|
gzip_proxied no-cache no-store private expired auth;
|
||||||
|
gzip_vary on;
|
||||||
|
|
||||||
|
root $HTTP_DIR;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
set $try_files_value '';
|
||||||
|
if ($request_method = GET){
|
||||||
|
set $try_files_value $uri/;
|
||||||
|
}
|
||||||
|
gzip_static on;
|
||||||
|
try_files $try_files_value @uwsgi_backend;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
location @uwsgi_backend {
|
||||||
|
uwsgi_pass $NET.100:8000;
|
||||||
|
include uwsgi_params;
|
||||||
|
client_max_body_size 20m;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /media/ {
|
||||||
|
gzip_static on;
|
||||||
|
expires 100d;
|
||||||
|
add_header Cache-Control public;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /static/ {
|
||||||
|
gzip_static on;
|
||||||
|
expires 100d;
|
||||||
|
add_header Cache-Control public;
|
||||||
|
access_log off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /admin/ {
|
||||||
|
uwsgi_pass $NET.100:8000;
|
||||||
|
include uwsgi_params;
|
||||||
|
client_max_body_size 20m;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
1
old_services/grapes.chahut.jean-cloud.net/.env
Normal file
1
old_services/grapes.chahut.jean-cloud.net/.env
Normal file
@ -0,0 +1 @@
|
|||||||
|
GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/grapesjs
|
3
old_services/grapes.chahut.jean-cloud.net/deploy_user.sh
Executable file
3
old_services/grapes.chahut.jean-cloud.net/deploy_user.sh
Executable file
@ -0,0 +1,3 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO"
|
19
old_services/grapes.chahut.jean-cloud.net/docker-compose.yml
Executable file
19
old_services/grapes.chahut.jean-cloud.net/docker-compose.yml
Executable file
@ -0,0 +1,19 @@
|
|||||||
|
version: '3'
|
||||||
|
services:
|
||||||
|
json_server:
|
||||||
|
image: jeancloud/json-server
|
||||||
|
volumes:
|
||||||
|
- "$DATA_DIR:/usr/lib/json-server"
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.100
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 100M
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipam:
|
||||||
|
config:
|
||||||
|
- subnet: $NET.0/24
|
35
old_services/grapes.chahut.jean-cloud.net/nginx_server.conf
Executable file
35
old_services/grapes.chahut.jean-cloud.net/nginx_server.conf
Executable file
@ -0,0 +1,35 @@
|
|||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
|
server_name grapes.chahut.jean-cloud.net;
|
||||||
|
root $HTTP_DIR;
|
||||||
|
|
||||||
|
# Security headers
|
||||||
|
# We can create a file with the base security headers and include it.
|
||||||
|
# Will it be possible to overload them then ?
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
|
#add_header Content-Security-Policy "default-src 'self' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ ;frame-ancestors 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ ; img-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ ; base-uri 'self'; form-action 'self';" always;
|
||||||
|
add_header X-Content-Type-Options "nosniff";
|
||||||
|
add_header X-Frame-Options SAMEORIGIN always;
|
||||||
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
|
#add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||||||
|
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='https://mailer.jean-cloud.net';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
|
||||||
|
|
||||||
|
auth_basic "Mot de passe !";
|
||||||
|
auth_basic_user_file $DATA_DIR/pass.txt;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
index index.html;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /projects {
|
||||||
|
proxy_set_header Host $http_host;
|
||||||
|
proxy_set_header X-Forwarded-Proto https;
|
||||||
|
proxy_pass http://$NET.100:3000;
|
||||||
|
proxy_redirect off;
|
||||||
|
|
||||||
|
}
|
||||||
|
}
|
19
old_services/paj.oma-radio.fr/.env
Normal file
19
old_services/paj.oma-radio.fr/.env
Normal file
@ -0,0 +1,19 @@
|
|||||||
|
TZ=Europe/Paris
|
||||||
|
OMA_DOCKER_VERSION=8
|
||||||
|
WEBSOCKET_PORT=2002
|
||||||
|
TELECOM_SERVER_PORT=3492
|
||||||
|
MUX_SERVER_PORT=9002
|
||||||
|
RADIO_NAME_SIMPLE=paj
|
||||||
|
OMA_CONFIG_NomRadio=paj
|
||||||
|
RADIO_NAME_PRETTY="Paj Radio"
|
||||||
|
RADIO_HOST=paj.oma-radio.fr
|
||||||
|
COMPOSE_NAME=pajoma-radiofr
|
||||||
|
DOCKER_INSTANCES_PREFIX=pajoma-radiofr-
|
||||||
|
DOCKER_INSTANCES_SUFIX=-1
|
||||||
|
DATA_DIR=/data/paj.oma-radio.fr
|
||||||
|
USE_SSL=true
|
||||||
|
PUBLIC_WEBSITE_UPSTREAM=https://static.oma-radio.fr/player-interface/1.3.0
|
||||||
|
MANAGER_WEBSITE_UPSTREAM=https://static.oma-radio.fr/single-manager/1.1.0
|
||||||
|
SYNCTHINGS_API_KEY=425qLiE5QMJmFjgoxUHRgxD2icWNmkdy
|
||||||
|
SYNCTHINGS_LABEL_PREFIX="[oma] [paj] "
|
||||||
|
SYNCTHINGS_PRIVATE_KEY="/keys/Niilos"
|
181
old_services/paj.oma-radio.fr/docker-compose.yml
Normal file
181
old_services/paj.oma-radio.fr/docker-compose.yml
Normal file
@ -0,0 +1,181 @@
|
|||||||
|
version: '3'
|
||||||
|
services:
|
||||||
|
ambre_mux:
|
||||||
|
image: registry.oma-radio.fr/mux:$OMA_DOCKER_VERSION
|
||||||
|
env_file: .env
|
||||||
|
environment:
|
||||||
|
OMA_CONFIG_Client1Url: /paj.ogg
|
||||||
|
volumes:
|
||||||
|
- $DATA_DIR/soundbase/pige:/app/pige
|
||||||
|
ports:
|
||||||
|
- $MUX_SERVER_PORT:9000
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.100
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 100M
|
||||||
|
|
||||||
|
|
||||||
|
saphir_telecom_server:
|
||||||
|
image: registry.oma-radio.fr/telecom-server:$OMA_DOCKER_VERSION
|
||||||
|
env_file: .env
|
||||||
|
ports:
|
||||||
|
- $TELECOM_SERVER_PORT:3490
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.101
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 100M
|
||||||
|
|
||||||
|
anthracite_jukebox:
|
||||||
|
image: registry.oma-radio.fr/jukebox:$OMA_DOCKER_VERSION
|
||||||
|
env_file: .env
|
||||||
|
volumes:
|
||||||
|
- $DATA_DIR/soundbase:/app/soundBase
|
||||||
|
- $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.102
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 100M
|
||||||
|
|
||||||
|
azurite_jukebox_simulator:
|
||||||
|
image: registry.oma-radio.fr/jukebox-simulator:$OMA_DOCKER_VERSION
|
||||||
|
env_file: .env
|
||||||
|
volumes:
|
||||||
|
- $DATA_DIR/soundbase:/app/soundBase
|
||||||
|
restart: unless-stopped
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 100M
|
||||||
|
|
||||||
|
|
||||||
|
agate_importer:
|
||||||
|
image: registry.oma-radio.fr/baseimport:$OMA_DOCKER_VERSION
|
||||||
|
env_file: .env
|
||||||
|
volumes:
|
||||||
|
- $DATA_DIR/soundbase:/app/soundBase
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.104
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 100M
|
||||||
|
|
||||||
|
amarante_webserver:
|
||||||
|
image: registry.oma-radio.fr/webserver:$OMA_DOCKER_VERSION
|
||||||
|
env_file: .env
|
||||||
|
environment:
|
||||||
|
OMA_CONFIG_PigeOggConsigne: 5000
|
||||||
|
OMA_CONFIG_PigeOggMax: 5100
|
||||||
|
OMA_CONFIG_PigeOggMaxMax: 5500
|
||||||
|
OMA_CONFIG_PigeTextConsigne: 10000
|
||||||
|
OMA_CONFIG_PigeTextMax: 11000
|
||||||
|
OMA_CONFIG_PigeTextMaxMax: 15000
|
||||||
|
OMA_CONFIG_PodCacheSize: 25 # to fix a webserver bug
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.105
|
||||||
|
volumes:
|
||||||
|
- $DATA_DIR/soundbase:/soundbase
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 100M
|
||||||
|
|
||||||
|
rubis_base_mg:
|
||||||
|
image: registry.oma-radio.fr/base-mg:$OMA_DOCKER_VERSION
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.106
|
||||||
|
volumes:
|
||||||
|
- $DATA_DIR/soundbase:/soundbase
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 100M
|
||||||
|
|
||||||
|
|
||||||
|
system_api:
|
||||||
|
image: registry.oma-radio.fr/system-api:master
|
||||||
|
env_file: .env
|
||||||
|
environment:
|
||||||
|
UID: 33
|
||||||
|
SOUNDBASE_PATH: /soundbase
|
||||||
|
MOUNT: /api
|
||||||
|
CONFIG_PATH: /config
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.107
|
||||||
|
volumes:
|
||||||
|
- /tmp/uwsgi/$RADIO_HOST:/tmp/uwsgi
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
- $DATA_DIR/soundbase:/soundbase
|
||||||
|
- /data/soundbase.oma-radio.fr/Niilos:/keys/Niilos
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 100M
|
||||||
|
|
||||||
|
liquidsoap:
|
||||||
|
image: registry.oma-radio.fr/liquidsoap:1.3.7
|
||||||
|
env_file: .env
|
||||||
|
volumes:
|
||||||
|
- $DATA_DIR/secours.ogg:/secours.ogg
|
||||||
|
- ./transcode.liq:/transcode.liq
|
||||||
|
command: /transcode.liq
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.108
|
||||||
|
|
||||||
|
icecast:
|
||||||
|
image: registry.oma-radio.fr/icecast:alpine-2.4.0
|
||||||
|
environment:
|
||||||
|
- ICECAST_SOURCE_PASSWORD=JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f
|
||||||
|
- ICECAST_ADMIN_PASSWORD=STh5LrPMvp876KPoajCPEUpehE98JPqZ6sEixSnzJ42CR2MdyPMBYfzjGpbAzajNgw8jsuLh
|
||||||
|
- ICECAST_RELAY_PASSWORD=r2LgmDocgyYh7DqhSsey8tM99wxdViTpLtyi9tcWHtokC73QnC6kQLRRb58VUy5FXYnStRsG
|
||||||
|
- ICECAST_ADMIN_USERNAME=admin
|
||||||
|
- ICECAST_ADMIN_EMAIL=contact@oma-radio.fr
|
||||||
|
- ICECAST_LOCATION=Rhône-Alpes
|
||||||
|
- TZ=Europe/Paris
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.109
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 100M
|
||||||
|
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipam:
|
||||||
|
config:
|
||||||
|
- subnet: $NET.0/24
|
||||||
|
|
187
old_services/paj.oma-radio.fr/nginx_server.conf
Normal file
187
old_services/paj.oma-radio.fr/nginx_server.conf
Normal file
@ -0,0 +1,187 @@
|
|||||||
|
# Parameters:
|
||||||
|
# radio name
|
||||||
|
# file path
|
||||||
|
# ws port (local)
|
||||||
|
# wss port (open)
|
||||||
|
# upload service port
|
||||||
|
# ssl certs location
|
||||||
|
|
||||||
|
# TODO
|
||||||
|
# /speedtest-down returns random data
|
||||||
|
# can use : openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero > randomfile.bin
|
||||||
|
# /speedtest-up just eat everything it can
|
||||||
|
|
||||||
|
|
||||||
|
map $http_upgrade $connection_upgrade {
|
||||||
|
default upgrade;
|
||||||
|
'' close;
|
||||||
|
}
|
||||||
|
|
||||||
|
server{
|
||||||
|
listen $WEBSOCKET_PORT ssl;
|
||||||
|
listen [::]:$WEBSOCKET_PORT ssl;
|
||||||
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_pass http://$NET.105:9000;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_read_timeout 120s;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
listen [::]:443 ssl;
|
||||||
|
server_name $RADIO_HOST www.$RADIO_HOST;
|
||||||
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
|
|
||||||
|
root $DATA_DIR/soundbase/website;
|
||||||
|
index index.html;
|
||||||
|
|
||||||
|
location = /direct.ogg {
|
||||||
|
proxy_pass http://$NET.109:8000/$RADIO_NAME_SIMPLE.ogg;
|
||||||
|
}
|
||||||
|
location = /direct.mp3 {
|
||||||
|
proxy_pass http://$NET.109:8000/$RADIO_NAME_SIMPLE.mp3;
|
||||||
|
}
|
||||||
|
|
||||||
|
location = /api { rewrite ^ /api/; }
|
||||||
|
location ~ /api(/.*) {
|
||||||
|
auth_basic "Entrez votre identifiant et mot de passe";
|
||||||
|
auth_basic_user_file $DATA_DIR/soundbase/users.htpasswd;
|
||||||
|
include uwsgi_params;
|
||||||
|
uwsgi_param PATH_INFO "$1";
|
||||||
|
uwsgi_param SCRIPT_NAME /api;
|
||||||
|
uwsgi_pass unix:/tmp/uwsgi/$RADIO_HOST/uwsgi-api.sock;
|
||||||
|
client_max_body_size 0;
|
||||||
|
proxy_connect_timeout 6000;
|
||||||
|
proxy_send_timeout 60000;
|
||||||
|
proxy_read_timeout 6000;
|
||||||
|
send_timeout 6000;
|
||||||
|
# kill cache
|
||||||
|
add_header Last-Modified $date_gmt;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
if_modified_since off;
|
||||||
|
expires off;
|
||||||
|
etag off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /pige{
|
||||||
|
alias $DATA_DIR/soundbase/pige;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /pigeMp3{
|
||||||
|
alias $DATA_DIR/soundbase/pigeMp3;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /png {
|
||||||
|
alias $DATA_DIR/soundbase/png;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /jpgL {
|
||||||
|
alias $DATA_DIR/soundbase/jpgL;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /jpgH {
|
||||||
|
alias $DATA_DIR/soundbase/jpgH;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /webpL {
|
||||||
|
alias $DATA_DIR/soundbase/webpL;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /webpH {
|
||||||
|
alias $DATA_DIR/soundbase/webpH;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /ogg {
|
||||||
|
alias $DATA_DIR/soundbase/ogg;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /txt {
|
||||||
|
# kill cache
|
||||||
|
add_header Last-Modified $date_gmt;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
if_modified_since off;
|
||||||
|
expires off;
|
||||||
|
etag off;
|
||||||
|
alias $DATA_DIR/soundbase/txt;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /wavM {
|
||||||
|
# kill cache
|
||||||
|
add_header Last-Modified $date_gmt;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
if_modified_since off;
|
||||||
|
expires off;
|
||||||
|
etag off;
|
||||||
|
alias $DATA_DIR/soundbase/wavM;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /wav {
|
||||||
|
# kill cache
|
||||||
|
add_header Last-Modified $date_gmt;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
if_modified_since off;
|
||||||
|
expires off;
|
||||||
|
etag off;
|
||||||
|
alias $DATA_DIR/soundbase/wav;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /fiches {
|
||||||
|
alias $DATA_DIR/soundbase/fiches;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /prg {
|
||||||
|
# kill cache
|
||||||
|
add_header Last-Modified $date_gmt;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
if_modified_since off;
|
||||||
|
expires off;
|
||||||
|
etag off;
|
||||||
|
alias $DATA_DIR/soundbase/prg;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /listes {
|
||||||
|
# kill cache
|
||||||
|
add_header Last-Modified $date_gmt;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
if_modified_since off;
|
||||||
|
expires off;
|
||||||
|
etag off;
|
||||||
|
alias $DATA_DIR/soundbase/listes;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /statique {
|
||||||
|
alias $DATA_DIR/soundbase/statique;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
# kill cache
|
||||||
|
add_header Last-Modified $date_gmt;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
if_modified_since off;
|
||||||
|
expires off;
|
||||||
|
etag off;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Admin interface
|
||||||
|
location /manager {
|
||||||
|
auth_basic "Entrez votre identifiant et mot de passe";
|
||||||
|
auth_basic_user_file $DATA_DIR/soundbase/users.htpasswd;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location = /favicon.ico {
|
||||||
|
return 301 /favicon.webp;
|
||||||
|
}
|
||||||
|
|
||||||
|
# for js, css, html — dynamic site, players
|
||||||
|
location / {
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
add_header Cache-Control 'public must-revalidate';
|
||||||
|
}
|
||||||
|
}
|
13
old_services/paj.oma-radio.fr/transcode.liq
Normal file
13
old_services/paj.oma-radio.fr/transcode.liq
Normal file
@ -0,0 +1,13 @@
|
|||||||
|
#!/usr/bin/liquidsoap
|
||||||
|
|
||||||
|
#input1 = mksafe(input.harbor("direct.ogg",port=8000,password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f"))
|
||||||
|
input1 = mksafe(input.http("http://172.29.10.109:8000/paj.ogg"))
|
||||||
|
|
||||||
|
# Direct mp3
|
||||||
|
output.icecast(
|
||||||
|
%mp3(stereo=false),
|
||||||
|
mount="/paj.mp3",
|
||||||
|
host="172.29.10.109", port=8000, password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f",
|
||||||
|
input1)
|
||||||
|
|
||||||
|
|
@ -1,13 +1,9 @@
|
|||||||
[shlago]
|
[shlago]
|
||||||
max.jean-cloud.org
|
#max.jean-cloud.org
|
||||||
tetede.jean-cloud.org
|
|
||||||
raku.jean-cloud.org
|
raku.jean-cloud.org
|
||||||
|
|
||||||
[servers]
|
[servers]
|
||||||
nougaro.jean-cloud.org
|
|
||||||
montbonnot.jean-cloud.org
|
montbonnot.jean-cloud.org
|
||||||
#blatte.jean-cloud.org
|
#max.jean-cloud.org
|
||||||
max.jean-cloud.org
|
|
||||||
tetede.jean-cloud.org
|
|
||||||
raku.jean-cloud.org
|
raku.jean-cloud.org
|
||||||
izzo.jean-cloud.org
|
izzo.jean-cloud.org
|
||||||
|
@ -55,12 +55,14 @@ cd "/docker/$service"
|
|||||||
|
|
||||||
if "$deploy" ; then
|
if "$deploy" ; then
|
||||||
run mkdir -p "$DATA_DIR" "$HTTP_DIR"
|
run mkdir -p "$DATA_DIR" "$HTTP_DIR"
|
||||||
run chown $uid "$DATA_DIR"
|
run chown $uid "$DATA_DIR" "$HTTP_DIR"
|
||||||
run chmod 751 "$DATA_DIR"
|
run chmod 751 "$DATA_DIR"
|
||||||
run chown $uid:www-data -R "$HTTP_DIR"
|
run chown $uid:www-data -R "$HTTP_DIR"
|
||||||
if [ -d "$SECRET_DIR" ] ; then
|
if [ -d "$SECRET_DIR" ] ; then
|
||||||
run chown $uid "$SECRET_DIR" -R
|
run chown $uid "$SECRET_DIR" -R
|
||||||
run chmod 751 "$SECRET_DIR" -R
|
run find "$SECRET_DIR" -type d -exec chmod 751 '{}' \;
|
||||||
|
run find "$SECRET_DIR" -type f -exec chmod 700 '{}' \;
|
||||||
|
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
[ -d "$HTTP_DIR" ] && rm -r "$HTTP_DIR"
|
[ -d "$HTTP_DIR" ] && rm -r "$HTTP_DIR"
|
||||||
|
@ -50,6 +50,9 @@ run chmod 755 /data
|
|||||||
section "Create new conf directory"
|
section "Create new conf directory"
|
||||||
run mkdir -p "$new_nginx_conf_path"
|
run mkdir -p "$new_nginx_conf_path"
|
||||||
|
|
||||||
|
logdir="/var/log/shlaguernetes/"
|
||||||
|
run mkdir -p "$logdir"
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Deploy services
|
# Deploy services
|
||||||
###############################################################################
|
###############################################################################
|
||||||
@ -70,14 +73,14 @@ do
|
|||||||
[[ "$(getent hosts $target)" != "::1 "* ]] && echo 'Not here' && continue
|
[[ "$(getent hosts $target)" != "::1 "* ]] && echo 'Not here' && continue
|
||||||
|
|
||||||
echo "Deploying"
|
echo "Deploying"
|
||||||
deploy_service.sh "$service" "noreload"
|
deploy_service.sh "$service" "noreload" &>"$logdir/deploy.$service.$(date +%Y-%m-%d.%Hh-%M-%S)" &
|
||||||
|
|
||||||
if [ "$?" -ne 0 ] ; then
|
if [ "$?" -ne 0 ] ; then
|
||||||
failed="$failed $service"
|
failed="$failed $service"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
done < <(grep -v '^#' /docker/services.csv)
|
done < <(grep -v '^#' /docker/services.csv)
|
||||||
|
wait
|
||||||
restart_nginx.sh
|
restart_nginx.sh
|
||||||
|
|
||||||
if [ -n "$failed" ] ; then
|
if [ -n "$failed" ] ; then
|
||||||
|
72
provisioning/roles/deploy_all/files/bin/gen_wgconf.sh
Executable file
72
provisioning/roles/deploy_all/files/bin/gen_wgconf.sh
Executable file
@ -0,0 +1,72 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
# This script will generate a single config for a given host and privkey
|
||||||
|
|
||||||
|
# Limits:
|
||||||
|
# 253 peers 1 -> 254
|
||||||
|
|
||||||
|
# Lib
|
||||||
|
. /usr/local/bin/driglibash-base
|
||||||
|
|
||||||
|
# Arg parsing
|
||||||
|
if [ "$#" -ne 4 ] ; then
|
||||||
|
die "Usage: $0 <name> <privkey_filepath> <port> <net_prefix>\nNet is a /24"
|
||||||
|
fi
|
||||||
|
|
||||||
|
thisname="$1"
|
||||||
|
privkey="$2"
|
||||||
|
port="$3"
|
||||||
|
net="$4"
|
||||||
|
|
||||||
|
|
||||||
|
# script
|
||||||
|
|
||||||
|
content="$(mktemp)"
|
||||||
|
clean "rm $content"
|
||||||
|
|
||||||
|
while IFS=";" read id name location isp note pubkey ip1 ip2 ip3 ip4 ip5 ; do
|
||||||
|
# Skip header
|
||||||
|
[ "$id" = "id" ] && continue
|
||||||
|
|
||||||
|
# Add local config
|
||||||
|
if [ "$name" = "$thisname" ] ; then
|
||||||
|
cat <<-EOF
|
||||||
|
[Interface] # $name
|
||||||
|
PrivateKey = $(cat "$privkey")
|
||||||
|
ListenPort = $port
|
||||||
|
Address = $net.$id/32
|
||||||
|
|
||||||
|
EOF
|
||||||
|
else
|
||||||
|
# Create list of endpoints
|
||||||
|
endpoints=""
|
||||||
|
for i in $(seq 1 5) ; do
|
||||||
|
varname="ip$i"
|
||||||
|
ip="${!varname}"
|
||||||
|
echo "$ip" | grep -q ':' && ip="[$ip]"
|
||||||
|
if [ -n "$ip" ] ; then
|
||||||
|
endpoints="$endpoints"$'\n'"Endpoint = $ip:$port"
|
||||||
|
fi
|
||||||
|
done
|
||||||
|
|
||||||
|
# Correct endpoint value or add keepalive for endpointless hosts
|
||||||
|
if [ -n "$endpoints" ] ; then
|
||||||
|
endpoints="${endpoints:1}"
|
||||||
|
else
|
||||||
|
endpoints="PersistentKeepalive = 30"
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Peer config
|
||||||
|
cat >> "$content" <<-EOF
|
||||||
|
[Peer] # $name
|
||||||
|
PublicKey = $pubkey
|
||||||
|
AllowedIPs = $net.$id/32
|
||||||
|
$endpoints
|
||||||
|
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
done < $DOCKER_DIR/servers.csv
|
||||||
|
|
||||||
|
cat "$content"
|
||||||
|
|
||||||
|
rm "$content"
|
@ -1,61 +1,59 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
Help(){
|
||||||
|
echo "
|
||||||
|
NAME
|
||||||
|
git_update.sh
|
||||||
|
SYNOPSIS
|
||||||
|
git_update.sh [-h] [-r ref] [-d dest] [-H] [-a] repository
|
||||||
|
OPTIONS
|
||||||
|
-h prints the help.
|
||||||
|
-r specifies the reference to the commit to be synchronized. It can be a tag or a branch. By default, it is the last commit of branch main.
|
||||||
|
It can be different from the actual branch. CAREFUL, the command git branch will always show the original branch name even though a branch switch has happened.
|
||||||
|
-d specifies the destination of the clone or update. Directory must be empty if a new clone is to be made.
|
||||||
|
If the repository to be cloned is local, and its path is passed as a relative path, the path should start from the destination.
|
||||||
|
To avoid mistakes, absolute paths are advised.
|
||||||
|
-H allows the $HOME directory to be used by git_update.sh. By default, git_update.sh cannot access $HOME to prevent default behavior.
|
||||||
|
If you need the global .gitconfig located in your $HOME to be used, you should supply the -H option.
|
||||||
|
-a specifies that the aggressive option of the git garbage collection must be used. Only advised when changes happen in many different objects. Will slow down the execution.
|
||||||
|
-o ssh options for ssh clone
|
||||||
|
DESCRIPTION
|
||||||
|
This script will replace the destination with the wanted commit of a git repository. The history is not preserved but tags are. Untracked files remain.
|
||||||
|
The git commands have been chosen so as to minimize the memory and bandwidth usages."
|
||||||
|
}
|
||||||
|
|
||||||
# Clone un dépôt git au bon endroit
|
#variables
|
||||||
# Stocker un minum de données (et donc nettoyer)
|
|
||||||
# Télécharger un minimum de données
|
|
||||||
# En cas de conflit donner raison au remote (on écrase les versions locales)
|
|
||||||
|
|
||||||
|
|
||||||
declare -A usage
|
|
||||||
declare -A varia
|
|
||||||
|
|
||||||
summary="$0 [options] <repo>"
|
summary="$0 [options] <repo>"
|
||||||
|
ref=main
|
||||||
usage[b]="Branch of git repo"
|
|
||||||
varia[b]=branch
|
|
||||||
branch=master
|
|
||||||
|
|
||||||
usage[t]="Tog of git repo"
|
|
||||||
varia[t]=tag
|
|
||||||
tag=
|
|
||||||
|
|
||||||
usage[d]="Destination of clone"
|
|
||||||
varia[d]=dst
|
|
||||||
dst='.'
|
dst='.'
|
||||||
|
|
||||||
usage[i]="privkey used to ssh pull"
|
|
||||||
varia[i]=privkey
|
|
||||||
privkey=''
|
|
||||||
|
|
||||||
usage[N]="Clone to a Non-empty target. Existing files will be overwriten"
|
|
||||||
varia[N]=nonempty_target
|
|
||||||
nonempty_target=false
|
|
||||||
|
|
||||||
usage[K]="Remote host key file (known_hosts) for ssh connections"
|
|
||||||
varia[K]=hostkeyfile
|
|
||||||
hostkeyfile=''
|
|
||||||
|
|
||||||
usage[H]="Use real home dir"
|
|
||||||
varia[H]=use_home
|
|
||||||
use_home=false
|
use_home=false
|
||||||
|
be_aggressive="false"
|
||||||
|
ssh_opts="ssh"
|
||||||
|
|
||||||
|
while getopts ":ho:r:d:H" option; do
|
||||||
. driglibash-args
|
case $option in
|
||||||
|
h) # display Help
|
||||||
|
Help
|
||||||
# Some SSH options
|
exit;;
|
||||||
ssh_opt='ssh'
|
r) # desired branch or tag
|
||||||
if [ -n "$privkey" ] ; then
|
ref="$OPTARG";;
|
||||||
ssh_opt="$ssh_opt -i $privkey"
|
d) # destination of clone
|
||||||
fi
|
dst="$OPTARG";;
|
||||||
|
H) # use real home dir
|
||||||
if [ -n "$hostkeyfile" ] ; then
|
use_home="true";;
|
||||||
ssh_opt="$ssh_opt -o 'UserKnownHostsFile $hostkeyfile'"
|
a) #use -a in git gc call
|
||||||
fi
|
be_aggressive="true";;
|
||||||
|
o) # ssh options
|
||||||
|
ssh_opts="$ssh_opts $OPTARG";;
|
||||||
|
\?) # invalid option
|
||||||
|
echo "Error: Invalid option '$option'"
|
||||||
|
exit;;
|
||||||
|
esac
|
||||||
|
done
|
||||||
|
shift $((OPTIND-1))
|
||||||
|
|
||||||
repo="$1"
|
repo="$1"
|
||||||
if [ -z "$repo" ] ; then
|
if [ -z "$repo" ] ; then
|
||||||
die "$0: Empty repo given\n$summary"
|
exit "$0: Empty repo given\n$summary"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! $use_home ] ; then
|
if [ ! $use_home ] ; then
|
||||||
@ -64,44 +62,24 @@ if [ ! $use_home ] ; then
|
|||||||
set +a
|
set +a
|
||||||
fi
|
fi
|
||||||
|
|
||||||
run mkdir -p "$dst"
|
mkdir -p "$dst"
|
||||||
run cd "$dst"
|
cd "$dst"
|
||||||
|
|
||||||
|
|
||||||
if [ -d .git ] ; then
|
if [ -d .git ] ; then
|
||||||
|
echo "updating..."
|
||||||
# Compute git branch and tag
|
git fetch --tags --depth=1 --prune --prune-tags --force origin $ref
|
||||||
tagref=
|
git reset --hard --recurse-submodules FETCH_HEAD
|
||||||
if [ -n "$tag" ] ; then
|
git submodule update --init --recursive --force --depth=1 --remote
|
||||||
tagref="tags/$tag"
|
#garbage collection of anything unreachable at the moment
|
||||||
|
git reflog expire --expire=now --all
|
||||||
|
if "$be_aggressive" ; then
|
||||||
|
git gc --prune=now --aggressive
|
||||||
|
elsels
|
||||||
|
git gc --prune=now
|
||||||
fi
|
fi
|
||||||
|
|
||||||
run git fetch origin "$branch" --tags -f
|
|
||||||
run git checkout --force $tagref -B "$branch"
|
|
||||||
run git reset --hard # TODO we can keep some files?
|
|
||||||
# Preserve existing files in some cases
|
|
||||||
if ! "$nonempty_target" ; then
|
|
||||||
git clean -qffdx
|
|
||||||
fi
|
|
||||||
run git submodule update --init --recursive --force --recommend-shallow
|
|
||||||
run git submodule foreach git fetch
|
|
||||||
run git submodule foreach git checkout --force HEAD
|
|
||||||
run git submodule foreach git reset --hard
|
|
||||||
run git submodule foreach git clean -fdx
|
|
||||||
else
|
else
|
||||||
|
echo "cloning..."
|
||||||
clone_dst='.'
|
clone_dst='.'
|
||||||
|
git clone -b "$ref" --recurse-submodules --shallow-submodules --depth 1 --config core.sshCommand="$ssh_opts" "$repo" "$clone_dst"
|
||||||
# To override an existing dir, we need to clone elsewhere first
|
|
||||||
if "$nonempty_target" ; then
|
|
||||||
clone_dst="$(mktemp -d)"
|
|
||||||
fi
|
|
||||||
|
|
||||||
run git clone -b "$branch" --single-branch --recurse-submodules --shallow-submodules --depth 1 --config core.sshCommand="$ssh_opt" "$repo" "$clone_dst"
|
|
||||||
|
|
||||||
# To override an existing dir, we then move everything to that dir
|
|
||||||
if "$nonempty_target" ; then
|
|
||||||
run mv "$clone_dst/"{*,.*} .
|
|
||||||
run rmdir "$clone_dst"
|
|
||||||
fi
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -17,7 +17,7 @@ run nginx -t
|
|||||||
|
|
||||||
if [ -z "$(cat /var/run/nginx.pid)" ] ; then
|
if [ -z "$(cat /var/run/nginx.pid)" ] ; then
|
||||||
section "Start nginx"
|
section "Start nginx"
|
||||||
run nginx
|
run systemctl restart nginx
|
||||||
else
|
else
|
||||||
section "Reload nginx"
|
section "Reload nginx"
|
||||||
run nginx -s reload
|
run nginx -s reload
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
set -euo pipefail
|
#set -euo pipefail
|
||||||
|
# Pipefail will trigger annoying sigpipe on our greps
|
||||||
|
set -eu
|
||||||
|
|
||||||
if [ "$#" -ne 2 ] ; then
|
if [ "$#" -ne 2 ] ; then
|
||||||
echo "Usage: $0 <start|stop|reload|restart> <wgif>"
|
echo "Usage: $0 <start|stop|reload|restart> <wgif>"
|
||||||
|
Binary file not shown.
@ -54,7 +54,7 @@
|
|||||||
|
|
||||||
- name: Install some softwares
|
- name: Install some softwares
|
||||||
apt:
|
apt:
|
||||||
name: ['bind9', 'certbot', 'curl', 'dnsutils', 'git', 'gnupg2', 'htop', 'hugo', 'netcat-openbsd', 'nginx', 'podman', 'rclone', 'rsync', 'screen', 'sshfs', 'sudo', 'traceroute', 'vim', 'wget', 'zip']
|
name: ['bind9', 'certbot', 'curl', 'dnsutils', 'git', 'gnupg2', 'htop', 'netcat-openbsd', 'nginx', 'nmap', 'podman', 'rsync', 'screen', 'sshfs', 'sudo', 'traceroute', 'vim', 'wget', 'zip']
|
||||||
state: latest
|
state: latest
|
||||||
|
|
||||||
# TODO disable certbot and certbot.timer services. We are using our own
|
# TODO disable certbot and certbot.timer services. We are using our own
|
||||||
|
@ -58,11 +58,11 @@ http {
|
|||||||
#error_page 503 https://jean-cloud.net/503;
|
#error_page 503 https://jean-cloud.net/503;
|
||||||
|
|
||||||
# limit requests
|
# limit requests
|
||||||
limit_req_status 429;
|
#limit_req_status 429;
|
||||||
limit_req_zone $binary_remote_addr zone=defaultlimit:10m rate=30r/s;
|
#limit_req_zone $binary_remote_addr zone=defaultlimit:10m rate=30r/s;
|
||||||
limit_req zone=defaultlimit burst=100 nodelay;
|
#limit_req zone=defaultlimit burst=100 nodelay;
|
||||||
limit_conn_zone $request_uri zone=defaultconumber:10m;
|
#limit_conn_zone $request_uri zone=defaultconumber:10m;
|
||||||
limit_conn defaultconumber 20;
|
#limit_conn defaultconumber 20;
|
||||||
|
|
||||||
##
|
##
|
||||||
# Virtual Host Configs
|
# Virtual Host Configs
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
# Update git repo
|
# Update git repo
|
||||||
git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
git_update.sh -d "$HTTP_DIR" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
||||||
|
|
||||||
cd "$HTTP_DIR"
|
cd "$HTTP_DIR"
|
||||||
|
|
||||||
|
1
services/collectif-karafon.fr/.env
Normal file
1
services/collectif-karafon.fr/.env
Normal file
@ -0,0 +1 @@
|
|||||||
|
GIT_SOURCE_REPO=https://git.jean-cloud.net/eleonore/site_web_karafon.git
|
5
services/collectif-karafon.fr/deploy_user.sh
Executable file
5
services/collectif-karafon.fr/deploy_user.sh
Executable file
@ -0,0 +1,5 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
# Update git repo
|
||||||
|
git_update.sh -b sale -d "$HTTP_DIR" "$GIT_SOURCE_REPO"
|
@ -4,21 +4,24 @@ server {
|
|||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
server_name $JC_SERVICE www.$JC_SERVICE;
|
server_name $JC_SERVICE www.$JC_SERVICE;
|
||||||
root $HTTP_DIR/collectifkarafon.wixsite.com/;
|
root $HTTP_DIR;
|
||||||
|
|
||||||
# Security headers
|
# Security headers
|
||||||
# We can create a file with the base security headers and include it.
|
# We can create a file with the base security headers and include it.
|
||||||
# Will it be possible to overload them then ?
|
# Will it be possible to overload them then ?
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
#add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self'; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self'; base-uri 'self'; form-action 'self';" always;
|
add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self'; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self'; base-uri 'self'; form-action 'self';" always;
|
||||||
add_header X-Content-Type-Options "nosniff";
|
add_header X-Content-Type-Options "nosniff";
|
||||||
add_header X-Frame-Options SAMEORIGIN always;
|
add_header X-Frame-Options SAMEORIGIN always;
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||||||
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='https://mailer.jean-cloud.net';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
|
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='none';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
index monsite.html;
|
index index.html;
|
||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
|
location /.git {
|
||||||
|
return 404;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,8 +1,3 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
# For some variables
|
|
||||||
. /etc/jeancloud.env
|
|
||||||
|
|
||||||
apt install -y python3-certbot-dns-rfc2136
|
apt install -y python3-certbot-dns-rfc2136
|
||||||
|
@ -36,5 +36,5 @@ for srv in $(host -t TXT shlago.jean-cloud.org ns.jean-cloud.org | grep -Po 'des
|
|||||||
server="$srv.jean-cloud.org"
|
server="$srv.jean-cloud.org"
|
||||||
[ -n "$(grep "$server" /etc/hosts)" ] && continue
|
[ -n "$(grep "$server" /etc/hosts)" ] && continue
|
||||||
echo "-- $server"
|
echo "-- $server"
|
||||||
rsync -avz -e "ssh -i '$DATA_DIR/certs.priv' -p 45985" "$DATA_DIR/certs" "certs@$server:$DATA_DIR/" || true
|
rsync -avz -e "ssh -i '$DATA_DIR/certs.priv' -p 45985" "$DATA_DIR/certs" "dnscerts.jean-cloud.org@$server:$DATA_DIR/" || true
|
||||||
done
|
done
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
git_update.sh -d "$HTTP_DIR" -b 2021 "https://git.jean-cloud.net/adrian/feteducourt-static.git"
|
git_update.sh -d "$HTTP_DIR" -r 2021 "https://git.jean-cloud.net/adrian/feteducourt-static.git"
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
git_update.sh -d "$HTTP_DIR" -b 2020 "https://git.jean-cloud.net/adrian/feteducourt-static.git"
|
git_update.sh -d "$HTTP_DIR" -r 2020 "https://git.jean-cloud.net/adrian/feteducourt-static.git"
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
git_update.sh -d "$HTTP_DIR" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
version: '3'
|
version: '3'
|
||||||
services:
|
services:
|
||||||
gitea:
|
gitea:
|
||||||
image: gitea/gitea:1.21
|
image: gitea/gitea:1.22
|
||||||
depends_on:
|
depends_on:
|
||||||
- db
|
- db
|
||||||
volumes:
|
volumes:
|
||||||
|
@ -1,8 +1,11 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
|
# Do not update website if body is unreachable
|
||||||
|
[ ! -f "$HTTP_DIR/public/index.html" ] && { curl --fail-with-body https://$RADIO_HOST/manager/ >/dev/null || exit 0 ; }
|
||||||
|
|
||||||
# Update git repo
|
# Update git repo
|
||||||
git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
git_update.sh -d "$HTTP_DIR" -o "-i $SECRET_DIR/gitlab-deploy.sshprivkey" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
||||||
|
|
||||||
cd "$HTTP_DIR"
|
cd "$HTTP_DIR"
|
||||||
|
|
||||||
@ -10,7 +13,7 @@ cd "$HTTP_DIR"
|
|||||||
rclone_ncloud_publiclink.sh
|
rclone_ncloud_publiclink.sh
|
||||||
|
|
||||||
# Invalid cache
|
# Invalid cache
|
||||||
#rm -rf "/tmp/hugo_cache_$USER"
|
rm -rf "/tmp/hugo_cache_$USER"
|
||||||
|
|
||||||
# Build website
|
# Build website
|
||||||
HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo
|
HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo
|
||||||
|
@ -1 +1,2 @@
|
|||||||
GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/jean-cloud_website
|
GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/jean-cloud_website
|
||||||
|
GIT_BRANCH=master
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
git_update.sh -d "$HTTP_DIR" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
||||||
|
|
||||||
|
@ -6,7 +6,7 @@ fi
|
|||||||
|
|
||||||
. venv/bin/activate
|
. venv/bin/activate
|
||||||
|
|
||||||
git_update.sh -b v1 -d $HTTP_DIR https://git.jean-cloud.net/adrian/mutubot.git
|
git_update.sh -r v1 -d $HTTP_DIR https://git.jean-cloud.net/adrian/mutubot.git
|
||||||
|
|
||||||
pip install -r requirements.txt
|
pip install -r requirements.txt
|
||||||
|
|
||||||
|
16
services/mux.paj.oma-radio.fr/.env
Normal file
16
services/mux.paj.oma-radio.fr/.env
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
WEBSERVER=.105
|
||||||
|
MUX=.100
|
||||||
|
TELECOM=.101
|
||||||
|
SWEBSOCKET_PORT=2002
|
||||||
|
WEBSOCKET_PORT=2202
|
||||||
|
RADIO_HOST=mux.paj.oma-radio.fr
|
||||||
|
MUX_SERVER_PORT=9002
|
||||||
|
TELECOM_SERVER_PORT=3492
|
||||||
|
SOUNDBASE_DIR=/data/mux.paj.oma-radio.fr/soundbase
|
||||||
|
OMA_DOCKER_VERSION=dev
|
||||||
|
ICECAST=.110
|
||||||
|
SOUNDBASE_IP=10.99.99.7
|
||||||
|
SOUNDBASE_HOST=soundbase.paj.oma-radio.fr
|
||||||
|
COMPOSE_NAME=muxpajoma-radiofr
|
||||||
|
DOCKER_INSTANCES_PREFIX=muxpajoma-radiofr-
|
||||||
|
DOCKER_INSTANCES_SUFIX=-1
|
6
services/mux.paj.oma-radio.fr/deploy.sh
Executable file
6
services/mux.paj.oma-radio.fr/deploy.sh
Executable file
@ -0,0 +1,6 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
mkdir -p "$SOUNDBASE_DIR/pige"
|
||||||
|
chown 10000:10000 "$SOUNDBASE_DIR/pige" -R
|
||||||
|
|
||||||
|
cat "$SECRET_DIR/registry_pass" | docker login --username "$registry_user" --password-stdin registry.gitlab.com
|
||||||
|
|
10
services/mux.paj.oma-radio.fr/deploy_user.sh
Executable file
10
services/mux.paj.oma-radio.fr/deploy_user.sh
Executable file
@ -0,0 +1,10 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if [ ! -e "$DATA_DIR/.env" ] ; then
|
||||||
|
cat > "$DATA_DIR/.env" <<EOF
|
||||||
|
ICECAST_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||||
|
ICECAST_ADMIN_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||||
|
ICECAST_RELAY_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||||
|
LIQUIDSOAP_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||||
|
EOF
|
||||||
|
fi
|
143
services/mux.paj.oma-radio.fr/docker-compose.yml
Normal file
143
services/mux.paj.oma-radio.fr/docker-compose.yml
Normal file
@ -0,0 +1,143 @@
|
|||||||
|
version: '3'
|
||||||
|
services:
|
||||||
|
ambre_mux:
|
||||||
|
image: registry.gitlab.com/omaradio/core/oma-mux:$OMA_DOCKER_VERSION
|
||||||
|
env_file:
|
||||||
|
- .env
|
||||||
|
- $DATA_DIR/.env
|
||||||
|
environment:
|
||||||
|
OMA_CONFIG_Client1Host: $NET$ICECAST
|
||||||
|
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
|
||||||
|
OMA_CONFIG_LogLevel: 8
|
||||||
|
volumes:
|
||||||
|
- $SOUNDBASE_DIR/pige:/app/pige
|
||||||
|
ports:
|
||||||
|
- $MUX_SERVER_PORT:9000
|
||||||
|
depends_on:
|
||||||
|
- transcode
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET$MUX
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 100M
|
||||||
|
|
||||||
|
|
||||||
|
saphir_telecom_server:
|
||||||
|
image: registry.gitlab.com/omaradio/core/oma-telecom-server:$OMA_DOCKER_VERSION
|
||||||
|
env_file: .env
|
||||||
|
ports:
|
||||||
|
- $TELECOM_SERVER_PORT:3490
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET$TELECOM
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 100M
|
||||||
|
|
||||||
|
amarante_webserver:
|
||||||
|
image: registry.gitlab.com/omaradio/core/oma-webserver:$OMA_DOCKER_VERSION
|
||||||
|
env_file: .env
|
||||||
|
environment:
|
||||||
|
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
|
||||||
|
OMA_CONFIG_PigeTxtLoadFic: off
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- $SOUNDBASE_DIR:/soundbase
|
||||||
|
ports:
|
||||||
|
- $WEBSOCKET_PORT:9000
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET$WEBSERVER
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 100M
|
||||||
|
|
||||||
|
transcode:
|
||||||
|
image: savonet/liquidsoap:v2.1.4
|
||||||
|
env_file:
|
||||||
|
- .env
|
||||||
|
- $DATA_DIR/.env
|
||||||
|
volumes:
|
||||||
|
- ./liquidsoap.liq:/transcode.liq
|
||||||
|
- $SOUNDBASE_DIR:/soundbase
|
||||||
|
command: /transcode.liq
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.108
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 300M
|
||||||
|
|
||||||
|
#radioking:
|
||||||
|
# image: jeancloud/liquidsoap:1.3.7
|
||||||
|
# env_file: .env
|
||||||
|
# volumes:
|
||||||
|
# - ./radioking.liq:/radioking.liq
|
||||||
|
# command: /radioking.liq
|
||||||
|
# restart: unless-stopped
|
||||||
|
# networks:
|
||||||
|
# default:
|
||||||
|
# ipv4_address: $NET.111
|
||||||
|
|
||||||
|
|
||||||
|
icecast:
|
||||||
|
image: infiniteproject/icecast
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
# echo -n "source:pass" | base64
|
||||||
|
ICECAST_ADMIN_USERNAME: admin
|
||||||
|
ICECAST_ADMIN_EMAIL: contact@oma-radio.fr
|
||||||
|
ICECAST_LOCATION: Rhône-Alpes
|
||||||
|
TZ: Europe/Paris
|
||||||
|
env_file: $DATA_DIR/.env
|
||||||
|
healthcheck:
|
||||||
|
test: "wget http://127.0.0.1:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://127.0.0.1:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'"
|
||||||
|
interval: 1h0m0s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 3
|
||||||
|
start_period: 1m0s
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET$ICECAST
|
||||||
|
|
||||||
|
system_api:
|
||||||
|
image: jeancloud/system-api:$OMA_DOCKER_VERSION
|
||||||
|
env_file: .env
|
||||||
|
environment:
|
||||||
|
UID: 33
|
||||||
|
SOUNDBASE_PATH: /soundbase
|
||||||
|
MOUNT: /muxapi
|
||||||
|
CONFIG_PATH: /config
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
- $SOUNDBASE_DIR:/soundbase
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.107
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 500M
|
||||||
|
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipam:
|
||||||
|
config:
|
||||||
|
- subnet: $NET.0/24
|
84
services/mux.paj.oma-radio.fr/liquidsoap.liq
Normal file
84
services/mux.paj.oma-radio.fr/liquidsoap.liq
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
#!/usr/bin/liquidsoap
|
||||||
|
|
||||||
|
# Extract timestamp from pige path
|
||||||
|
def ts_from_filepath (filepath)
|
||||||
|
splitpath = string.split(separator='/', filepath)
|
||||||
|
# Keep only filename
|
||||||
|
filename = list.nth(splitpath,list.length(splitpath)-1)
|
||||||
|
int_of_string(list.hd(string.split(separator='\\.', filename)))
|
||||||
|
end
|
||||||
|
|
||||||
|
# Remove pige from now-1month
|
||||||
|
def rm_pige(ts)
|
||||||
|
filepath = "/soundbase/pige/#{ts}.ogg"
|
||||||
|
if file.exists("#{filepath}") then
|
||||||
|
process.run("rm #{filepath}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
# Check that the timestamp starts exactly on a minute
|
||||||
|
def integrity_check(ts)
|
||||||
|
if ts mod 60 != 0 then
|
||||||
|
print("#{ts} is to fix")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Routine integrity check for each files
|
||||||
|
def clean_and_check (filepath)
|
||||||
|
ts = ts_from_filepath (filepath)
|
||||||
|
|
||||||
|
# Remove if old
|
||||||
|
if ( ts < int_of_float(time()) - 2678400 ) then
|
||||||
|
rm_pige(ts)
|
||||||
|
end
|
||||||
|
|
||||||
|
integrity_check (ts)
|
||||||
|
end
|
||||||
|
|
||||||
|
def clean_and_check_latest (filepath)
|
||||||
|
ts = ts_from_filepath (filepath)
|
||||||
|
rm_pige(ts - 2678400) # ts of one month sooner
|
||||||
|
integrity_check (ts)
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
|
# Exaustive integrity check
|
||||||
|
def clean_and_check_all ()
|
||||||
|
list.iter(clean_and_check, file.ls("/soundbase/pige/"))
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Mux
|
||||||
|
#input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
|
||||||
|
input1 = mksafe(input.http("http://icecast:8000/direct.ogg"))
|
||||||
|
|
||||||
|
# Direct mp3
|
||||||
|
# TODO faire du 44100 pour éviter les trous ?
|
||||||
|
output.icecast(
|
||||||
|
%mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||||
|
mount="/direct.mp3",
|
||||||
|
#host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
||||||
|
host="icecast", port=8000, password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f",
|
||||||
|
input1)
|
||||||
|
|
||||||
|
# Radioking
|
||||||
|
#output.icecast(
|
||||||
|
# %mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||||
|
# mount="/test355",
|
||||||
|
# host="live.radioking.com", port=80, user="", password="",
|
||||||
|
# input)
|
||||||
|
|
||||||
|
# Direct ogg
|
||||||
|
#output.icecast(
|
||||||
|
# %vorbis(samplerate=44100, channels=1, quality=0.2),
|
||||||
|
# mount="/direct.ogg",
|
||||||
|
# host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
||||||
|
# input1)
|
||||||
|
|
||||||
|
# Pige
|
||||||
|
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check_latest)
|
||||||
|
|
||||||
|
# Integrity checks
|
||||||
|
clean_and_check_all()
|
119
services/mux.paj.oma-radio.fr/nginx_server.conf
Normal file
119
services/mux.paj.oma-radio.fr/nginx_server.conf
Normal file
@ -0,0 +1,119 @@
|
|||||||
|
map $http_upgrade $connection_upgrade {
|
||||||
|
default upgrade;
|
||||||
|
'' close;
|
||||||
|
}
|
||||||
|
|
||||||
|
server{
|
||||||
|
listen $SWEBSOCKET_PORT ssl;
|
||||||
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_pass http://$NET$WEBSERVER:9000;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_read_timeout 120s;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
listen [::]:443 ssl;
|
||||||
|
server_name $JC_SERVICE;
|
||||||
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://$SOUNDBASE_IP/;
|
||||||
|
proxy_set_header Host '$SOUNDBASE_HOST';
|
||||||
|
proxy_redirect http://$SOUNDBASE_HOST https://$JC_SERVICE;
|
||||||
|
# wait
|
||||||
|
client_max_body_size 0;
|
||||||
|
proxy_connect_timeout 6000;
|
||||||
|
proxy_send_timeout 60000;
|
||||||
|
proxy_read_timeout 6000;
|
||||||
|
send_timeout 6000;
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
location /pige {
|
||||||
|
alias "$SOUNDBASE_DIR/pige";
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
location /direct.ogg {
|
||||||
|
client_max_body_size 0;
|
||||||
|
proxy_pass http://$NET$ICECAST:8000/direct.ogg;
|
||||||
|
# kill cache
|
||||||
|
add_header Last-Modified $date_gmt;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
if_modified_since off;
|
||||||
|
expires off;
|
||||||
|
etag off;
|
||||||
|
}
|
||||||
|
location /direct.mp3 {
|
||||||
|
client_max_body_size 0;
|
||||||
|
proxy_pass http://$NET$ICECAST:8000/direct.mp3;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
}
|
||||||
|
location /style.css {
|
||||||
|
client_max_body_size 0;
|
||||||
|
proxy_pass http://$NET$ICECAST:8000/style.css;
|
||||||
|
}
|
||||||
|
location /status.xsl {
|
||||||
|
client_max_body_size 0;
|
||||||
|
proxy_pass http://$NET$ICECAST:8000/status.xsl;
|
||||||
|
# kill cache
|
||||||
|
add_header Last-Modified $date_gmt;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
if_modified_since off;
|
||||||
|
expires off;
|
||||||
|
etag off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location ~ /muxapi(/.*) {
|
||||||
|
auth_basic "Entrez votre identifiant et mot de passe";
|
||||||
|
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||||
|
include uwsgi_params;
|
||||||
|
uwsgi_param PATH_INFO "$1";
|
||||||
|
uwsgi_param SCRIPT_NAME /muxapi;
|
||||||
|
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
|
||||||
|
client_max_body_size 0;
|
||||||
|
proxy_connect_timeout 6000;
|
||||||
|
proxy_send_timeout 60000;
|
||||||
|
proxy_read_timeout 6000;
|
||||||
|
send_timeout 6000;
|
||||||
|
# kill cache
|
||||||
|
add_header Last-Modified $date_gmt;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy- revalidate, max-age=0';
|
||||||
|
if_modified_since off;
|
||||||
|
expires off;
|
||||||
|
etag off;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
location ~ /muxapi(/.*) {
|
||||||
|
auth_basic "Entrez votre identifiant et mot de passe";
|
||||||
|
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||||
|
include uwsgi_params;
|
||||||
|
uwsgi_param PATH_INFO "$1";
|
||||||
|
uwsgi_param SCRIPT_NAME /muxapi;
|
||||||
|
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
|
||||||
|
client_max_body_size 0;
|
||||||
|
proxy_connect_timeout 6000;
|
||||||
|
proxy_send_timeout 60000;
|
||||||
|
proxy_read_timeout 6000;
|
||||||
|
send_timeout 6000;
|
||||||
|
# kill cache
|
||||||
|
add_header Last-Modified $date_gmt;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
if_modified_since off;
|
||||||
|
expires off;
|
||||||
|
etag off;
|
||||||
|
}
|
||||||
|
}
|
@ -1,4 +1,3 @@
|
|||||||
ENDPOINT=10.29.0.1
|
|
||||||
WEBSERVER=.105
|
WEBSERVER=.105
|
||||||
MUX=.100
|
MUX=.100
|
||||||
TELECOM=.101
|
TELECOM=.101
|
||||||
@ -7,7 +6,12 @@ WEBSOCKET_PORT=2204
|
|||||||
RADIO_HOST=mux.radiodemo.oma-radio.fr
|
RADIO_HOST=mux.radiodemo.oma-radio.fr
|
||||||
MUX_SERVER_PORT=9004
|
MUX_SERVER_PORT=9004
|
||||||
TELECOM_SERVER_PORT=3494
|
TELECOM_SERVER_PORT=3494
|
||||||
SOUNDBASE_DIR=/data/mux.radiodemo.oma-radio.fr/core/radioDemo
|
SOUNDBASE_DIR=/data/mux.radiodemo.oma-radio.fr/
|
||||||
OMA_DOCKER_VERSION=dev
|
OMA_DOCKER_VERSION=dev
|
||||||
ICECAST=.110
|
ICECAST=.110
|
||||||
WG_NAME_radiodemo=radiodemo
|
SOUNDBASE_IP=10.99.99.7
|
||||||
|
SOUNDBASE_HOST=soundbase.radiodemo.oma-radio.fr
|
||||||
|
COMPOSE_NAME=muxradiodemooma-radiofr
|
||||||
|
DOCKER_INSTANCES_PREFIX=muxradiodemooma-radiofr-
|
||||||
|
DOCKER_INSTANCES_SUFIX=-1
|
||||||
|
OMA_CONFIG_LogLevel=8
|
||||||
|
@ -1,10 +1,12 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
if [ ! -e "$DATA_DIR/.env" ] ; then
|
if [ ! -e "$DATA_DIR/.env" ] ; then
|
||||||
|
source_pass="$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 40)"
|
||||||
cat > "$DATA_DIR/.env" <<EOF
|
cat > "$DATA_DIR/.env" <<EOF
|
||||||
ICECAST_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
ICECAST_SOURCE_PASSWORD=$source_pass
|
||||||
ICECAST_ADMIN_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
ICECAST_ADMIN_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 40)
|
||||||
ICECAST_RELAY_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
ICECAST_RELAY_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 40)
|
||||||
LIQUIDSOAP_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
LIQUIDSOAP_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 40)
|
||||||
|
OMA_CONFIG_Client1EnteteNext="Authorization: Basic $(echo "source:$source_pass" | base64)"
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
|
@ -6,7 +6,7 @@ services:
|
|||||||
- .env
|
- .env
|
||||||
- $DATA_DIR/.env
|
- $DATA_DIR/.env
|
||||||
environment:
|
environment:
|
||||||
OMA_CONFIG_Client1Host: $NET.108
|
OMA_CONFIG_Client1Host: $NET$ICECAST
|
||||||
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
|
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
|
||||||
OMA_CONFIG_Pige: on
|
OMA_CONFIG_Pige: on
|
||||||
volumes:
|
volumes:
|
||||||
@ -58,7 +58,7 @@ services:
|
|||||||
deploy:
|
deploy:
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpus: '0.50'
|
cpus: '0.5'
|
||||||
memory: 100M
|
memory: 100M
|
||||||
|
|
||||||
transcode:
|
transcode:
|
||||||
@ -103,7 +103,7 @@ services:
|
|||||||
TZ: Europe/Paris
|
TZ: Europe/Paris
|
||||||
env_file: $DATA_DIR/.env
|
env_file: $DATA_DIR/.env
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: "wget http://localhost:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://localhost:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'"
|
test: "wget http://127.0.0.1:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://127.0.0.1:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'"
|
||||||
interval: 1h0m0s
|
interval: 1h0m0s
|
||||||
timeout: 10s
|
timeout: 10s
|
||||||
retries: 3
|
retries: 3
|
||||||
@ -112,6 +112,28 @@ services:
|
|||||||
default:
|
default:
|
||||||
ipv4_address: $NET$ICECAST
|
ipv4_address: $NET$ICECAST
|
||||||
|
|
||||||
|
system_api:
|
||||||
|
image: jeancloud/system-api:$OMA_DOCKER_VERSION
|
||||||
|
env_file: .env
|
||||||
|
environment:
|
||||||
|
UID: 33
|
||||||
|
SOUNDBASE_PATH: /soundbase
|
||||||
|
MOUNT: /muxapi
|
||||||
|
CONFIG_PATH: /config
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
- $SOUNDBASE_DIR:/soundbase
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.107
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 500M
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
default:
|
default:
|
||||||
ipam:
|
ipam:
|
||||||
|
79
services/mux.radiodemo.oma-radio.fr/liquidsoap-mux.liq
Normal file
79
services/mux.radiodemo.oma-radio.fr/liquidsoap-mux.liq
Normal file
@ -0,0 +1,79 @@
|
|||||||
|
#!/usr/bin/liquidsoap
|
||||||
|
|
||||||
|
# Extract timestamp from pige path
|
||||||
|
def ts_from_filepath (filepath)
|
||||||
|
splitpath = string.split(separator='/', filepath)
|
||||||
|
# Keep only filename
|
||||||
|
filename = list.nth(splitpath,list.length(splitpath)-1)
|
||||||
|
int_of_string(list.hd(string.split(separator='\\.', filename)))
|
||||||
|
end
|
||||||
|
|
||||||
|
# Remove pige from now-1month
|
||||||
|
def clean_single_old_pige(ts)
|
||||||
|
# ts of one month sooner
|
||||||
|
ts = ts - 2678400
|
||||||
|
filepath = "/soundbase/pige/#{ts}.ogg"
|
||||||
|
if file.exists("#{filepath}") then
|
||||||
|
process.run("rm #{filepath}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Remove a pige file if it is too old
|
||||||
|
def clean_if_old(filename)
|
||||||
|
filepath = "/soundbase/pige/#{filename}"
|
||||||
|
if ( ts_from_filepath (filename) < int_of_float(time()) - 2678400 ) then
|
||||||
|
process.run("rm #{filepath}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Check that the timestamp starts exactly on a minute
|
||||||
|
def integrity_check(ts)
|
||||||
|
if ts mod 60 != 0 then
|
||||||
|
log.important("#{ts} is to fix")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Routine integrity check for each files
|
||||||
|
def clean_and_check (filepath)
|
||||||
|
ts = ts_from_filepath (filepath)
|
||||||
|
integrity_check (ts)
|
||||||
|
clean_single_old_pige (ts)
|
||||||
|
end
|
||||||
|
|
||||||
|
# Exaustive integrity check
|
||||||
|
def clean_and_check_all ()
|
||||||
|
#list.iter(clean_if_old, file.ls("/soundbase/pige/"))
|
||||||
|
list.iter(clean_and_check, file.ls("/soundbase/pige/"))
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Mux
|
||||||
|
input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
|
||||||
|
|
||||||
|
# Direct mp3
|
||||||
|
output.icecast(
|
||||||
|
%mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||||
|
mount="/direct.mp3",
|
||||||
|
host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
||||||
|
input1)
|
||||||
|
|
||||||
|
# Radioking
|
||||||
|
#output.icecast(
|
||||||
|
# %mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||||
|
# mount="/test355",
|
||||||
|
# host="live.radioking.com", port=80, user="", password="",
|
||||||
|
# input)
|
||||||
|
|
||||||
|
# Direct ogg
|
||||||
|
output.icecast(
|
||||||
|
%vorbis(samplerate=44100, channels=1, quality=0.2),
|
||||||
|
mount="/direct.ogg",
|
||||||
|
host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
||||||
|
input1)
|
||||||
|
|
||||||
|
# Pige
|
||||||
|
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check)
|
||||||
|
|
||||||
|
# Integrity checks
|
||||||
|
clean_and_check_all()
|
80
services/mux.radiodemo.oma-radio.fr/liquidsoap-transcode.liq
Normal file
80
services/mux.radiodemo.oma-radio.fr/liquidsoap-transcode.liq
Normal file
@ -0,0 +1,80 @@
|
|||||||
|
#!/usr/bin/liquidsoap
|
||||||
|
|
||||||
|
# Extract timestamp from pige path
|
||||||
|
def ts_from_filepath (filepath)
|
||||||
|
splitpath = string.split(separator='/', filepath)
|
||||||
|
# Keep only filename
|
||||||
|
filename = list.nth(splitpath,list.length(splitpath)-1)
|
||||||
|
int_of_string(list.hd(string.split(separator='\\.', filename)))
|
||||||
|
end
|
||||||
|
|
||||||
|
# Remove pige from now-1month
|
||||||
|
def clean_single_old_pige(ts)
|
||||||
|
# ts of one month sooner
|
||||||
|
ts = ts - 2678400
|
||||||
|
filepath = "/soundbase/pige/#{ts}.ogg"
|
||||||
|
if file.exists("#{filepath}") then
|
||||||
|
process.run("rm #{filepath}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Remove a pige file if it is too old
|
||||||
|
def clean_if_old(filename)
|
||||||
|
filepath = "/soundbase/pige/#{filename}"
|
||||||
|
if ( ts_from_filepath (filename) < int_of_float(time()) - 2678400 ) then
|
||||||
|
process.run("rm #{filepath}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Check that the timestamp starts exactly on a minute
|
||||||
|
def integrity_check(ts)
|
||||||
|
if ts mod 60 != 0 then
|
||||||
|
log.important("#{ts} is to fix")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Routine integrity check for each files
|
||||||
|
def clean_and_check (filepath)
|
||||||
|
ts = ts_from_filepath (filepath)
|
||||||
|
integrity_check (ts)
|
||||||
|
clean_single_old_pige (ts)
|
||||||
|
end
|
||||||
|
|
||||||
|
# Exaustive integrity check
|
||||||
|
def clean_and_check_all ()
|
||||||
|
list.iter(clean_if_old, file.ls("/soundbase/pige/"))
|
||||||
|
list.iter(clean_and_check, file.ls("/soundbase/pige/"))
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Mux
|
||||||
|
#input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
|
||||||
|
input1 = mksafe(input.http("http://icecast:8000/direct.ogg"))
|
||||||
|
|
||||||
|
# Direct mp3
|
||||||
|
output.icecast(
|
||||||
|
%mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||||
|
mount="/direct.mp3",
|
||||||
|
host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
||||||
|
input1)
|
||||||
|
|
||||||
|
# Radioking
|
||||||
|
#output.icecast(
|
||||||
|
# %mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||||
|
# mount="/test355",
|
||||||
|
# host="live.radioking.com", port=80, user="", password="",
|
||||||
|
# input)
|
||||||
|
|
||||||
|
# Direct ogg
|
||||||
|
#output.icecast(
|
||||||
|
# %vorbis(samplerate=44100, channels=1, quality=0.2),
|
||||||
|
# mount="/direct.ogg",
|
||||||
|
# host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
||||||
|
# input1)
|
||||||
|
|
||||||
|
# Pige
|
||||||
|
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check)
|
||||||
|
|
||||||
|
# Integrity checks
|
||||||
|
clean_and_check_all()
|
@ -1,79 +0,0 @@
|
|||||||
#!/usr/bin/liquidsoap
|
|
||||||
|
|
||||||
# Extract timestamp from pige path
|
|
||||||
def ts_from_filepath (filepath)
|
|
||||||
splitpath = string.split(separator='/', filepath)
|
|
||||||
# Keep only filename
|
|
||||||
filename = list.nth(splitpath,list.length(splitpath)-1)
|
|
||||||
int_of_string(list.hd(string.split(separator='\\.', filename)))
|
|
||||||
end
|
|
||||||
|
|
||||||
# Remove pige from now-1month
|
|
||||||
def clean_single_old_pige(ts)
|
|
||||||
# ts of one month sooner
|
|
||||||
ts = ts - 2678400
|
|
||||||
filepath = "/soundbase/pige/#{ts}.ogg"
|
|
||||||
if file.exists("#{filepath}") then
|
|
||||||
process.run("rm #{filepath}")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Remove a pige file if it is too old
|
|
||||||
def clean_if_old(filename)
|
|
||||||
filepath = "/soundbase/pige/#{filename}"
|
|
||||||
if ( ts_from_filepath (filename) < int_of_float(time()) - 2678400 ) then
|
|
||||||
process.run("rm #{filepath}")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Check that the timestamp starts exactly on a minute
|
|
||||||
def integrity_check(ts)
|
|
||||||
if ts mod 60 != 0 then
|
|
||||||
log.important("#{ts} is to fix")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Routine integrity check for each files
|
|
||||||
def clean_and_check (filepath)
|
|
||||||
ts = ts_from_filepath (filepath)
|
|
||||||
integrity_check (ts)
|
|
||||||
clean_single_old_pige (ts)
|
|
||||||
end
|
|
||||||
|
|
||||||
# Exaustive integrity check
|
|
||||||
def clean_and_check_all ()
|
|
||||||
#list.iter(clean_if_old, file.ls("/soundbase/pige/"))
|
|
||||||
list.iter(clean_and_check, file.ls("/soundbase/pige/"))
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Mux
|
|
||||||
input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
|
|
||||||
|
|
||||||
# Direct mp3
|
|
||||||
output.icecast(
|
|
||||||
%mp3(bitrate=128, samplerate=22050, stereo=false),
|
|
||||||
mount="/direct.mp3",
|
|
||||||
host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
|
||||||
input1)
|
|
||||||
|
|
||||||
# Radioking
|
|
||||||
#output.icecast(
|
|
||||||
# %mp3(bitrate=128, samplerate=22050, stereo=false),
|
|
||||||
# mount="/test355",
|
|
||||||
# host="live.radioking.com", port=80, user="", password="",
|
|
||||||
# input)
|
|
||||||
|
|
||||||
# Direct ogg
|
|
||||||
output.icecast(
|
|
||||||
%vorbis(samplerate=44100, channels=1, quality=0.2),
|
|
||||||
mount="/direct.ogg",
|
|
||||||
host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
|
||||||
input1)
|
|
||||||
|
|
||||||
# Pige
|
|
||||||
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check)
|
|
||||||
|
|
||||||
# Integrity checks
|
|
||||||
clean_and_check_all()
|
|
1
services/mux.radiodemo.oma-radio.fr/liquidsoap.liq
Symbolic link
1
services/mux.radiodemo.oma-radio.fr/liquidsoap.liq
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
liquidsoap-transcode.liq
|
@ -28,25 +28,73 @@ server {
|
|||||||
|
|
||||||
location / {
|
location / {
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
proxy_pass http://$ENDPOINT/;
|
proxy_pass http://$SOUNDBASE_IP/;
|
||||||
proxy_set_header Host 'soundbase.radiodemo.oma-radio.fr';
|
proxy_set_header Host '$SOUNDBASE_HOST';
|
||||||
proxy_redirect http://soundbase.radiodemo.oma-radio.fr https://$JC_SERVICE;
|
proxy_redirect http://$SOUNDBASE_HOST https://$JC_SERVICE;
|
||||||
|
# wait
|
||||||
|
client_max_body_size 0;
|
||||||
|
proxy_connect_timeout 6000;
|
||||||
|
proxy_send_timeout 60000;
|
||||||
|
proxy_read_timeout 6000;
|
||||||
|
send_timeout 6000;
|
||||||
|
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
location /pige {
|
||||||
|
alias "$SOUNDBASE_DIR/pige";
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
location /direct.ogg {
|
location /direct.ogg {
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
proxy_pass http://$NET$ICECAST:8000/direct.ogg;
|
proxy_pass http://$NET$ICECAST:8000/direct.ogg;
|
||||||
|
# kill cache
|
||||||
|
add_header Last-Modified $date_gmt;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
if_modified_since off;
|
||||||
|
expires off;
|
||||||
|
etag off;
|
||||||
}
|
}
|
||||||
location /direct.mp3 {
|
location /direct.mp3 {
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
proxy_pass http://$NET$ICECAST:8000/direct.mp3;
|
proxy_pass http://$NET$ICECAST:8000/direct.mp3;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
}
|
||||||
|
location /style.css {
|
||||||
|
client_max_body_size 0;
|
||||||
|
proxy_pass http://$NET$ICECAST:8000/style.css;
|
||||||
|
}
|
||||||
|
location /status.xsl {
|
||||||
|
client_max_body_size 0;
|
||||||
|
proxy_pass http://$NET$ICECAST:8000/status.xsl;
|
||||||
|
# kill cache
|
||||||
|
add_header Last-Modified $date_gmt;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
if_modified_since off;
|
||||||
|
expires off;
|
||||||
|
etag off;
|
||||||
}
|
}
|
||||||
|
|
||||||
location /logs/ {
|
|
||||||
include /etc/nginx/fastcgi_params;
|
location ~ /muxapi(/.*) {
|
||||||
fastcgi_param SCRIPT_FILENAME $DOCKER_DIR/server.sh;
|
auth_basic "Entrez votre identifiant et mot de passe";
|
||||||
fastcgi_pass unix:/var/run/fcgiwrap.socket;
|
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||||
|
include uwsgi_params;
|
||||||
|
uwsgi_param PATH_INFO "$1";
|
||||||
|
uwsgi_param SCRIPT_NAME /muxapi;
|
||||||
|
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
|
||||||
|
client_max_body_size 0;
|
||||||
|
proxy_connect_timeout 6000;
|
||||||
|
proxy_send_timeout 60000;
|
||||||
|
proxy_read_timeout 6000;
|
||||||
|
send_timeout 6000;
|
||||||
|
# kill cache
|
||||||
|
add_header Last-Modified $date_gmt;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
if_modified_since off;
|
||||||
|
expires off;
|
||||||
|
etag off;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,7 +0,0 @@
|
|||||||
input = mksafe(input.http("http://172.29.0.110:8000/direct.mp3"))
|
|
||||||
output.icecast(
|
|
||||||
%mp3(bitrate=128, samplerate=22050, stereo=false),
|
|
||||||
mount="/test355",
|
|
||||||
host="live.radioking.com", port=80, user="test_test29", password="S9tx3VBhl",
|
|
||||||
input)
|
|
||||||
|
|
@ -10,7 +10,7 @@ instance=''
|
|||||||
since=''
|
since=''
|
||||||
until=''
|
until=''
|
||||||
|
|
||||||
action="$(echo "$QUERY_STRING" | tr -d '/\;!<>?#[]()"*.' | sed 's/&/\n/g')"
|
action="$(echo "${REQUEST_URI##*/}" | tr -d '/\;!<>?#[]()"*.' | sed 's/&/\n/g')"
|
||||||
|
|
||||||
while IFS='=' read key value ; do
|
while IFS='=' read key value ; do
|
||||||
case "$key" in
|
case "$key" in
|
||||||
@ -35,7 +35,9 @@ done < <(echo "$action")
|
|||||||
[ -z "$since" ] && exit 3
|
[ -z "$since" ] && exit 3
|
||||||
[ -z "$until" ] && exit 4
|
[ -z "$until" ] && exit 4
|
||||||
|
|
||||||
|
pwd
|
||||||
echo docker-compose logs --since "$since" --until "$until" "$instance"
|
echo docker-compose logs --since "$since" --until "$until" "$instance"
|
||||||
|
docker-compose logs --since "$since" --until "$until" "$instance" 2>&1
|
||||||
if [ "$?" -ne 0 ] ; then
|
if [ "$?" -ne 0 ] ; then
|
||||||
echo failed
|
echo failed
|
||||||
fi
|
fi
|
||||||
|
@ -1,33 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
. .env
|
|
||||||
|
|
||||||
wgif="$1"
|
|
||||||
|
|
||||||
echo "
|
|
||||||
[Interface]
|
|
||||||
PrivateKey = $(cat $DATA_DIR/privatekey)
|
|
||||||
Address = 10.29.0.254/32
|
|
||||||
ListenPort = 55820
|
|
||||||
|
|
||||||
# packet forwarding
|
|
||||||
PreUp = sysctl -w net.ipv4.ip_forward=1
|
|
||||||
|
|
||||||
# port forwarding
|
|
||||||
#PreUp = iptables -t nat -A PREROUTING -p tcp --dport $MUX_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$MUX_SERVER_PORT
|
|
||||||
#PreUp = iptables -t nat -A PREROUTING -p tcp --dport $TELECOM_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$TELECOM_SERVER_PORT
|
|
||||||
|
|
||||||
#PostDown = iptables -t nat -D PREROUTING -p tcp --dport $MUX_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$MUX_SERVER_PORT
|
|
||||||
#PostDown = iptables -t nat -D PREROUTING -p tcp --dport $TELECOM_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$TELECOM_SERVER_PORT
|
|
||||||
|
|
||||||
# packet masquerading
|
|
||||||
#PreUp = iptables -t nat -A POSTROUTING -o $wgif -j MASQUERADE
|
|
||||||
#PostDown = iptables -t nat -D POSTROUTING -o $wgif -j MASQUERADE
|
|
||||||
|
|
||||||
# remote settings for the private server
|
|
||||||
[Peer]
|
|
||||||
PublicKey = 6/Mlxe9auEw/WQnC6QYNAYtSAo8jAEMhJ1wXaRNy4AE=
|
|
||||||
AllowedIPs = 10.29.0.0/24
|
|
||||||
"
|
|
16
services/mux.radiokipik.org/.env
Normal file
16
services/mux.radiokipik.org/.env
Normal file
@ -0,0 +1,16 @@
|
|||||||
|
WEBSERVER=.105
|
||||||
|
MUX=.100
|
||||||
|
TELECOM=.101
|
||||||
|
SWEBSOCKET_PORT=2005
|
||||||
|
WEBSOCKET_PORT=2205
|
||||||
|
RADIO_HOST=mux.radiokipik.org
|
||||||
|
MUX_SERVER_PORT=9005
|
||||||
|
TELECOM_SERVER_PORT=3495
|
||||||
|
SOUNDBASE_DIR=/data/mux.radiokipik.org/soundbase
|
||||||
|
OMA_DOCKER_VERSION=unstable
|
||||||
|
ICECAST=.110
|
||||||
|
SOUNDBASE_IP=10.99.99.7
|
||||||
|
SOUNDBASE_HOST=soundbase.radiokipik.org
|
||||||
|
COMPOSE_NAME=muxradiokipikorg
|
||||||
|
DOCKER_INSTANCES_PREFIX=muxradiokipikorg-
|
||||||
|
DOCKER_INSTANCES_SUFIX=-1
|
6
services/mux.radiokipik.org/deploy.sh
Executable file
6
services/mux.radiokipik.org/deploy.sh
Executable file
@ -0,0 +1,6 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
mkdir -p "$SOUNDBASE_DIR/pige"
|
||||||
|
chown 10000:10000 "$SOUNDBASE_DIR/pige" -R
|
||||||
|
|
||||||
|
cat "$SECRET_DIR/registry_pass" | docker login --username "$registry_user" --password-stdin registry.gitlab.com
|
||||||
|
|
11
services/mux.radiokipik.org/deploy_user.sh
Executable file
11
services/mux.radiokipik.org/deploy_user.sh
Executable file
@ -0,0 +1,11 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if [ ! -e "$DATA_DIR/.env" ] ; then
|
||||||
|
cat > "$DATA_DIR/.env" <<EOF
|
||||||
|
ICECAST_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||||
|
ICECAST_ADMIN_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||||
|
ICECAST_RELAY_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||||
|
LIQUIDSOAP_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||||
|
EOF
|
||||||
|
fi
|
||||||
|
|
140
services/mux.radiokipik.org/docker-compose.yml
Normal file
140
services/mux.radiokipik.org/docker-compose.yml
Normal file
@ -0,0 +1,140 @@
|
|||||||
|
version: '3'
|
||||||
|
services:
|
||||||
|
ambre_mux:
|
||||||
|
image: registry.gitlab.com/omaradio/core/oma-mux:$OMA_DOCKER_VERSION
|
||||||
|
env_file:
|
||||||
|
- .env
|
||||||
|
- $DATA_DIR/.env
|
||||||
|
environment:
|
||||||
|
OMA_CONFIG_Client1Host: $NET$ICECAST
|
||||||
|
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
|
||||||
|
volumes:
|
||||||
|
- $SOUNDBASE_DIR/pige:/app/pige
|
||||||
|
ports:
|
||||||
|
- $MUX_SERVER_PORT:9000
|
||||||
|
depends_on:
|
||||||
|
- transcode
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET$MUX
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 100M
|
||||||
|
|
||||||
|
|
||||||
|
saphir_telecom_server:
|
||||||
|
image: registry.gitlab.com/omaradio/core/oma-telecom-server:$OMA_DOCKER_VERSION
|
||||||
|
env_file: .env
|
||||||
|
ports:
|
||||||
|
- $TELECOM_SERVER_PORT:3490
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET$TELECOM
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 100M
|
||||||
|
|
||||||
|
amarante_webserver:
|
||||||
|
image: registry.gitlab.com/omaradio/core/oma-webserver:$OMA_DOCKER_VERSION
|
||||||
|
env_file: .env
|
||||||
|
environment:
|
||||||
|
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
|
||||||
|
OMA_CONFIG_PigeTxtLoadFic: off
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- $SOUNDBASE_DIR:/soundbase
|
||||||
|
ports:
|
||||||
|
- $WEBSOCKET_PORT:9000
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET$WEBSERVER
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.5'
|
||||||
|
memory: 100M
|
||||||
|
|
||||||
|
transcode:
|
||||||
|
image: savonet/liquidsoap:v2.1.4
|
||||||
|
env_file:
|
||||||
|
- .env
|
||||||
|
- $DATA_DIR/.env
|
||||||
|
volumes:
|
||||||
|
- ./liquidsoap.liq:/transcode.liq
|
||||||
|
- $SOUNDBASE_DIR:/soundbase
|
||||||
|
command: /transcode.liq
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.108
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 300M
|
||||||
|
|
||||||
|
#radioking:
|
||||||
|
# image: jeancloud/liquidsoap:1.3.7
|
||||||
|
# env_file: .env
|
||||||
|
# volumes:
|
||||||
|
# - ./radioking.liq:/radioking.liq
|
||||||
|
# command: /radioking.liq
|
||||||
|
# restart: unless-stopped
|
||||||
|
# networks:
|
||||||
|
# default:
|
||||||
|
# ipv4_address: $NET.111
|
||||||
|
|
||||||
|
|
||||||
|
icecast:
|
||||||
|
image: infiniteproject/icecast
|
||||||
|
restart: unless-stopped
|
||||||
|
environment:
|
||||||
|
# echo -n "source:pass" | base64
|
||||||
|
ICECAST_ADMIN_USERNAME: admin
|
||||||
|
ICECAST_ADMIN_EMAIL: contact@oma-radio.fr
|
||||||
|
ICECAST_LOCATION: Rhône-Alpes
|
||||||
|
TZ: Europe/Paris
|
||||||
|
env_file: $DATA_DIR/.env
|
||||||
|
healthcheck:
|
||||||
|
test: "wget http://127.0.0.1:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://127.0.0.1:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'"
|
||||||
|
interval: 1h0m0s
|
||||||
|
timeout: 10s
|
||||||
|
retries: 3
|
||||||
|
start_period: 1m0s
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET$ICECAST
|
||||||
|
|
||||||
|
system_api:
|
||||||
|
image: jeancloud/system-api:$OMA_DOCKER_VERSION
|
||||||
|
env_file: .env
|
||||||
|
environment:
|
||||||
|
UID: 33
|
||||||
|
SOUNDBASE_PATH: /soundbase
|
||||||
|
MOUNT: /muxapi
|
||||||
|
CONFIG_PATH: /config
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
- $SOUNDBASE_DIR:/soundbase
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.107
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 500M
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipam:
|
||||||
|
config:
|
||||||
|
- subnet: $NET.0/24
|
84
services/mux.radiokipik.org/liquidsoap.liq
Normal file
84
services/mux.radiokipik.org/liquidsoap.liq
Normal file
@ -0,0 +1,84 @@
|
|||||||
|
#!/usr/bin/liquidsoap
|
||||||
|
|
||||||
|
# Extract timestamp from pige path
|
||||||
|
def ts_from_filepath (filepath)
|
||||||
|
splitpath = string.split(separator='/', filepath)
|
||||||
|
# Keep only filename
|
||||||
|
filename = list.nth(splitpath,list.length(splitpath)-1)
|
||||||
|
int_of_string(list.hd(string.split(separator='\\.', filename)))
|
||||||
|
end
|
||||||
|
|
||||||
|
# Remove pige from now-1month
|
||||||
|
def rm_pige(ts)
|
||||||
|
filepath = "/soundbase/pige/#{ts}.ogg"
|
||||||
|
if file.exists("#{filepath}") then
|
||||||
|
process.run("rm #{filepath}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
# Check that the timestamp starts exactly on a minute
|
||||||
|
def integrity_check(ts)
|
||||||
|
if ts mod 60 != 0 then
|
||||||
|
print("#{ts} is to fix")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Routine integrity check for each files
|
||||||
|
def clean_and_check (filepath)
|
||||||
|
ts = ts_from_filepath (filepath)
|
||||||
|
|
||||||
|
# Remove if old
|
||||||
|
if ( ts < int_of_float(time()) - 2678400 ) then
|
||||||
|
rm_pige(ts)
|
||||||
|
end
|
||||||
|
|
||||||
|
integrity_check (ts)
|
||||||
|
end
|
||||||
|
|
||||||
|
def clean_and_check_latest (filepath)
|
||||||
|
ts = ts_from_filepath (filepath)
|
||||||
|
rm_pige(ts - 2678400) # ts of one month sooner
|
||||||
|
integrity_check (ts)
|
||||||
|
|
||||||
|
end
|
||||||
|
|
||||||
|
# Exaustive integrity check
|
||||||
|
def clean_and_check_all ()
|
||||||
|
list.iter(clean_and_check, file.ls("/soundbase/pige/"))
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Mux
|
||||||
|
#input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
|
||||||
|
input1 = mksafe(input.http("http://icecast:8000/direct.ogg"))
|
||||||
|
|
||||||
|
# Direct mp3
|
||||||
|
# TODO faire du 44100 pour éviter les trous ?
|
||||||
|
output.icecast(
|
||||||
|
%mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||||
|
mount="/direct.mp3",
|
||||||
|
#host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
||||||
|
host="icecast", port=8000, password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f",
|
||||||
|
input1)
|
||||||
|
|
||||||
|
# Radioking
|
||||||
|
#output.icecast(
|
||||||
|
# %mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||||
|
# mount="/test355",
|
||||||
|
# host="live.radioking.com", port=80, user="", password="",
|
||||||
|
# input)
|
||||||
|
|
||||||
|
# Direct ogg
|
||||||
|
#output.icecast(
|
||||||
|
# %vorbis(samplerate=44100, channels=1, quality=0.2),
|
||||||
|
# mount="/direct.ogg",
|
||||||
|
# host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
||||||
|
# input1)
|
||||||
|
|
||||||
|
# Pige
|
||||||
|
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check_latest)
|
||||||
|
|
||||||
|
# Integrity checks
|
||||||
|
clean_and_check_all()
|
104
services/mux.radiokipik.org/nginx_server.conf
Normal file
104
services/mux.radiokipik.org/nginx_server.conf
Normal file
@ -0,0 +1,104 @@
|
|||||||
|
map $http_upgrade $connection_upgrade {
|
||||||
|
default upgrade;
|
||||||
|
'' close;
|
||||||
|
}
|
||||||
|
|
||||||
|
server{
|
||||||
|
listen $SWEBSOCKET_PORT ssl;
|
||||||
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||||
|
proxy_set_header Host $host;
|
||||||
|
proxy_pass http://$NET$WEBSERVER:9000;
|
||||||
|
proxy_http_version 1.1;
|
||||||
|
proxy_set_header Upgrade $http_upgrade;
|
||||||
|
proxy_set_header Connection "upgrade";
|
||||||
|
proxy_read_timeout 120s;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 443 ssl;
|
||||||
|
listen [::]:443 ssl;
|
||||||
|
server_name $JC_SERVICE;
|
||||||
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
|
|
||||||
|
location / {
|
||||||
|
proxy_pass http://$SOUNDBASE_IP/;
|
||||||
|
proxy_set_header Host '$SOUNDBASE_HOST';
|
||||||
|
proxy_redirect http://$SOUNDBASE_HOST https://$JC_SERVICE;
|
||||||
|
# kill cache
|
||||||
|
add_header Last-Modified $date_gmt;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
if_modified_since off;
|
||||||
|
expires off;
|
||||||
|
etag off;
|
||||||
|
# wait
|
||||||
|
client_max_body_size 0;
|
||||||
|
proxy_connect_timeout 6000;
|
||||||
|
proxy_send_timeout 60000;
|
||||||
|
proxy_read_timeout 6000;
|
||||||
|
send_timeout 6000;
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
location /pige {
|
||||||
|
alias "$SOUNDBASE_DIR/pige";
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
location /direct.ogg {
|
||||||
|
client_max_body_size 0;
|
||||||
|
proxy_pass http://$NET$ICECAST:8000/direct.ogg;
|
||||||
|
# kill cache
|
||||||
|
add_header Last-Modified $date_gmt;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
if_modified_since off;
|
||||||
|
expires off;
|
||||||
|
etag off;
|
||||||
|
}
|
||||||
|
location /direct.mp3 {
|
||||||
|
client_max_body_size 0;
|
||||||
|
proxy_pass http://$NET$ICECAST:8000/direct.mp3;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
}
|
||||||
|
location /style.css {
|
||||||
|
client_max_body_size 0;
|
||||||
|
proxy_pass http://$NET$ICECAST:8000/style.css;
|
||||||
|
}
|
||||||
|
location /status.xsl {
|
||||||
|
client_max_body_size 0;
|
||||||
|
proxy_pass http://$NET$ICECAST:8000/status.xsl;
|
||||||
|
# kill cache
|
||||||
|
add_header Last-Modified $date_gmt;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
if_modified_since off;
|
||||||
|
expires off;
|
||||||
|
etag off;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
location ~ /muxapi(/.*) {
|
||||||
|
auth_basic "Entrez votre identifiant et mot de passe";
|
||||||
|
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||||
|
include uwsgi_params;
|
||||||
|
uwsgi_param PATH_INFO "$1";
|
||||||
|
uwsgi_param SCRIPT_NAME /muxapi;
|
||||||
|
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
|
||||||
|
client_max_body_size 0;
|
||||||
|
proxy_connect_timeout 6000;
|
||||||
|
proxy_send_timeout 60000;
|
||||||
|
proxy_read_timeout 6000;
|
||||||
|
send_timeout 6000;
|
||||||
|
# kill cache
|
||||||
|
add_header Last-Modified $date_gmt;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
if_modified_since off;
|
||||||
|
expires off;
|
||||||
|
etag off;
|
||||||
|
}
|
||||||
|
}
|
38
services/mux.radiokipik.org/ns1.jean-cloud.org/gitkey
Executable file
38
services/mux.radiokipik.org/ns1.jean-cloud.org/gitkey
Executable file
@ -0,0 +1,38 @@
|
|||||||
|
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||||
|
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
||||||
|
NhAAAAAwEAAQAAAYEAuKyZzOALRAFq487PSFdSilaUN6wTacncP5XDlVwWr2QBOMPWpOyf
|
||||||
|
DzdhxIGx2ZBofgDE/47bClZR4SvFr6+2Sj5a5fAhOGeBAS2Z/Je7pL5Ar+nvIBNFG5bwv/
|
||||||
|
qEgkfWEjuzjDoEVoY7f6RMrOOnTpZS1F32Y3UB0WiH5FgOwjKWb47q8kxUDSQd0sdZNNKL
|
||||||
|
d7/RWGplNSLtloC87C8YC0Wxi3wHgssgRCw7xD2cpm6zwRh1lvLbk0a0zhZXTOcsR+lBwe
|
||||||
|
fEF4eziZDCrKpYwaPdSjIuP6+dctO+1BTSK0KnvuMftTwfLwInZtn9kxa+oTsMRV27oxyO
|
||||||
|
MiVnx5Gfahh2OQtI299Zm19Lu3ARSzJL0CQc4oDmf9Yhi3SoHwXCMNdyEwRk55iO5b6oA1
|
||||||
|
wilUAe2K+YHuG5eNtLu1UvpREGhN4AqYVYW+TqIdRLNr2PTuMW3GyQlCHxIFfBcKPoVNuY
|
||||||
|
B+sBwhva3IQG+EEwY3ZkqU80J5NXmj36epBe+yxhAAAFkFBSLaVQUi2lAAAAB3NzaC1yc2
|
||||||
|
EAAAGBALismczgC0QBauPOz0hXUopWlDesE2nJ3D+Vw5VcFq9kATjD1qTsnw83YcSBsdmQ
|
||||||
|
aH4AxP+O2wpWUeErxa+vtko+WuXwIThngQEtmfyXu6S+QK/p7yATRRuW8L/6hIJH1hI7s4
|
||||||
|
w6BFaGO3+kTKzjp06WUtRd9mN1AdFoh+RYDsIylm+O6vJMVA0kHdLHWTTSi3e/0VhqZTUi
|
||||||
|
7ZaAvOwvGAtFsYt8B4LLIEQsO8Q9nKZus8EYdZby25NGtM4WV0znLEfpQcHnxBeHs4mQwq
|
||||||
|
yqWMGj3UoyLj+vnXLTvtQU0itCp77jH7U8Hy8CJ2bZ/ZMWvqE7DEVdu6McjjIlZ8eRn2oY
|
||||||
|
djkLSNvfWZtfS7twEUsyS9AkHOKA5n/WIYt0qB8FwjDXchMEZOeYjuW+qANcIpVAHtivmB
|
||||||
|
7huXjbS7tVL6URBoTeAKmFWFvk6iHUSza9j07jFtxskJQh8SBXwXCj6FTbmAfrAcIb2tyE
|
||||||
|
BvhBMGN2ZKlPNCeTV5o9+nqQXvssYQAAAAMBAAEAAAGAATuMD1Mjknsg53VGo4lSaWZMpg
|
||||||
|
h6av1Jbald/6iZthZin6DVXsxl4rgrhcFghSAQYi9ckwawYqiEuZLuWVrAt5h5zVKvOe5H
|
||||||
|
9oARleGEt8FaJLJwj9/uFrpnwdCScnmR8B6pVgnONMFEbBB5nitaTXfi6EYTBStUOSEXgC
|
||||||
|
SmsNzyzEkeDABM0/wSCtCAz665VWYT5XaH48W80QFnFF8UUel1mVYp1R1ptNAdEJoVfShM
|
||||||
|
/7JB5L3T+BAbZpMJMTU65Vgq2QfG1QUd+R9c73Z0J17VaZJivOqzoY+BsvcEwjWn7gxOjx
|
||||||
|
0PYkaZSLiqY6GT6oU5TWNgzIS8F/2ORrMgaxWOKDLBFt2vgQiwf/2T1E8m1jmmPvEeOJ70
|
||||||
|
gmJIk9CKAM0UX2HAYM+il0Na4lOpIKggA6QLszsEWjBkdrHjZPL9HeLRMz1vnFAWCoekPN
|
||||||
|
jemZGhk6mEj6qMRuoDZ/6UWYcMhv64SFX/93YTF5QozbFoMYct1tfE03c9QEX+dV/3AAAA
|
||||||
|
wQDtsDjhtps2NWP8H5V2MY+cQoE16T8abQjxCCo7nX3vfB2+lxg9wyRx1PdtySDnSNgpG+
|
||||||
|
pYjGFUzDlNxCVOqY9+aOA31mzfVn6EH4mG3q6/TL3/QN1ILnLbs4lyNLG4KWP1wT5MocHt
|
||||||
|
PAzWWL2O1j2Y8B/zYZZDdirx+D/0gnZmEghzq4KwIj+zj+ILRFKuM07WD73mNvyzfwuaTb
|
||||||
|
hhV75hEtMcLO6EgjX1NUlsIeZvK5Xht3cta62XFpsXAUY4u0EAAADBAPOxezplUkaxdmnR
|
||||||
|
CVduC7pcDweexJyVJtg753kde65IIizPSxB0QNwA4gqc2Us5PjxfS4tetsupOxRZD+ER0S
|
||||||
|
fEpX7rTedqFdukb8h7QDE6yVOD7C14vVC/kThPu9LI21itp03BFZUw1/FRRMK/xur51Ahj
|
||||||
|
g5F83+CkgQsVmwEo8cZ0b+io76FlXa4OGBUQnVE+mf6TZ+PbMT2zFJ5KAlZ54KxPZJAQOR
|
||||||
|
VJwaND0N6YQLaAkDZEnTJG3KTHyAFt4wAAAMEAwgAbwCPg4aeFXptJLUbBmDB9mGkHZkjM
|
||||||
|
p4SVC2iPSSMahnu8L5vCk/SOQJlv13mJ1JcZ/HplPUugB9cL+9SsLkr7c/r2otnch/x2WP
|
||||||
|
tF7zN6AgECs4/MWSenlxlvmD2HU6TtXaKQHfmP9HK4cIf0m1rTz4OpuZJlbDXNh/QNyzU3
|
||||||
|
8UUAns4EaLLSM5rgSz2pPXYU6XnfSOVGZNotmla/xWbPd8sSrWCFV0VC/O0cBVMJ20QlUo
|
||||||
|
vR0cIiNMZDyQ/rAAAAGHJvb3RAcmFrdS5qZWFuLWNsb3VkLm9yZwEC
|
||||||
|
-----END OPENSSH PRIVATE KEY-----
|
@ -0,0 +1,4 @@
|
|||||||
|
key "letsencrypt.key" {
|
||||||
|
algorithm hmac-sha256;
|
||||||
|
secret "d2q77gecXwNQdzJb3tnE5IUGXY7/r0LL3hj+GG2/iTo=";
|
||||||
|
};
|
@ -21,7 +21,7 @@ prepare () {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
echo 'Sync the git repo'
|
echo 'Sync the git repo'
|
||||||
run sudo -u bind git_update.sh -N -b main -i "$DATA_DIR/gitkey" -d "$debian_bind_confdir" 'ssh://git@git.jean-cloud.net:22529/adrian/dnszones.git'
|
run sudo -u bind git_update.sh -r main -o "-i $DATA_DIR/gitkey" -d "$debian_bind_confdir" 'ssh://git@git.jean-cloud.net:22529/adrian/dnszones.git'
|
||||||
cd /etc/bind
|
cd /etc/bind
|
||||||
|
|
||||||
|
|
||||||
|
@ -89,6 +89,7 @@ services:
|
|||||||
|
|
||||||
collabora:
|
collabora:
|
||||||
image: collabora/code
|
image: collabora/code
|
||||||
|
privileged: true
|
||||||
environment:
|
environment:
|
||||||
- "dictionaries=fr"
|
- "dictionaries=fr"
|
||||||
- "server_name=office.nuage.jean-cloud.net"
|
- "server_name=office.nuage.jean-cloud.net"
|
||||||
|
6
services/paj.oma-radio.fr/.env
Normal file
6
services/paj.oma-radio.fr/.env
Normal file
@ -0,0 +1,6 @@
|
|||||||
|
GIT_SOURCE_REPO="https://gitlab.com/omaradio/website"
|
||||||
|
GIT_SOURCE_BRANCH=dev
|
||||||
|
RADIO_HOST=mux.paj.oma-radio.fr
|
||||||
|
USE_SSL=true
|
||||||
|
WEBSOCKET_PORT=2002
|
||||||
|
RADIO_NAME_PRETTY="Paj Radio"
|
2
services/paj.oma-radio.fr/.known_hosts
Normal file
2
services/paj.oma-radio.fr/.known_hosts
Normal file
@ -0,0 +1,2 @@
|
|||||||
|
gitlab.com ssh-dss AAAAB3NzaC1kc3MAAACBAMPKInNPflcRle9F5Qt2j9aI0EZuWQzdXTbYvsl+ChaacqCOWRMiOmXHXqetFz6jD/6Fcqg20ZATxqSskQBaRn97O/mbH+GQk4d3zw9WAEURicE8rKJop3qGtdfFxLzrTuF/PAkKRDMmutT3hwZIOO8CFWOl1BiuUYTncJTeonrfAAAAFQCujauoy3Yy+ul72b/WsTECUPj9yQAAAIBIV2yyF7RZf7IYS8tsWcKP7Y5Bv9eFdbvbtsaxcFCHcmHIGoJQrIdPoueoOb5EUTYz0NgYKsKaZzDZkgFk28GsmLxKvhnPjaw0lJVSKRchEE5xVlamOlabiRMjQ7X/bAdejkBJe96AjZZL3UO4acpwfy3Tnnap0w6YCDeaxoyHpwAAAIAU+dyNaL3Hy15VIV32QwWMekvxeptUY/DW03LNcgZZDoin87TE9xuQhM0qF3pi2i2a2ExuslgdttmYWvrbEz8eW+RFgvT5pKwWpalKWetHvtN3oYZP37ZIO1Y3Hd5A4YVcpYp1ccRayveLlCRwxb4HdGXT2OmYU+lmvimIR8zQ6A==
|
||||||
|
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
|
19
services/paj.oma-radio.fr/deploy_user.sh
Executable file
19
services/paj.oma-radio.fr/deploy_user.sh
Executable file
@ -0,0 +1,19 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
# Si le site a déjà été build par le passé, curl termine l’exécution du script en cas d’absence sur serveur corps.
|
||||||
|
[ -f "$HTTP_DIR/public/index.html" ] && { curl --head --fail-with-body $RADIO_HOST/fic/_series-_index.fic || exit 0 ; } >/dev/null
|
||||||
|
|
||||||
|
# Update git repo
|
||||||
|
git_update.sh -d "$HTTP_DIR" -o "-i $SECRET_DIR/gitlab-deploy.sshprivkey" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
||||||
|
|
||||||
|
cd "$HTTP_DIR"
|
||||||
|
|
||||||
|
# Get remote content files
|
||||||
|
#rclone_ncloud_publiclink.sh
|
||||||
|
|
||||||
|
# Invalid cache
|
||||||
|
rm -rf "/tmp/hugo_cache_$USER"
|
||||||
|
|
||||||
|
# Build website
|
||||||
|
HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo
|
32
services/paj.oma-radio.fr/nginx_server.conf
Executable file
32
services/paj.oma-radio.fr/nginx_server.conf
Executable file
@ -0,0 +1,32 @@
|
|||||||
|
server {
|
||||||
|
listen 443 ssl http2;
|
||||||
|
listen [::]:443 ssl http2;
|
||||||
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
|
server_name $JC_SERVICE www.$JC_SERVICE;
|
||||||
|
root $HTTP_DIR/public/;
|
||||||
|
|
||||||
|
# Security headers
|
||||||
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
|
#add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self' 'https://static.jean-cloud.net/player-interface/*' ; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self' 'https://static.jean-cloud.net/player-interface/*' 'https://cdn.jsdelivr.net/npm/*'; base-uri 'self'; form-action 'self';" always;
|
||||||
|
add_header X-Content-Type-Options "nosniff";
|
||||||
|
add_header X-Frame-Options SAMEORIGIN always;
|
||||||
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
|
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||||||
|
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
|
||||||
|
|
||||||
|
location / {
|
||||||
|
index index.html;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /manager {
|
||||||
|
return 301 $scheme://mux.$JC_SERVICE/manager;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /buildscript/ {
|
||||||
|
include /etc/nginx/fastcgi_params;
|
||||||
|
fastcgi_param SCRIPT_FILENAME $DOCKER_DIR/server.sh;
|
||||||
|
fastcgi_pass unix:/var/run/fcgiwrap.socket;
|
||||||
|
}
|
||||||
|
}
|
10
services/paj.oma-radio.fr/server.sh
Executable file
10
services/paj.oma-radio.fr/server.sh
Executable file
@ -0,0 +1,10 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
echo "Content-type: text/html"
|
||||||
|
echo ""
|
||||||
|
|
||||||
|
. .env
|
||||||
|
|
||||||
|
echo '<pre>'
|
||||||
|
deploy_as "$JC_SERVICE"
|
||||||
|
echo '</pre>'
|
@ -2,7 +2,7 @@
|
|||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
# Update git repo
|
# Update git repo
|
||||||
git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO"
|
git_update.sh -r "${GIT_BRANCH:main}" -d "$HTTP_DIR" "$GIT_SOURCE_REPO"
|
||||||
|
|
||||||
cd "$HTTP_DIR"
|
cd "$HTTP_DIR"
|
||||||
|
|
||||||
|
@ -2,3 +2,4 @@ GIT_SOURCE_REPO="git@gitlab.com:omaradio/website.git"
|
|||||||
RADIO_HOST=mux.radiodemo.oma-radio.fr
|
RADIO_HOST=mux.radiodemo.oma-radio.fr
|
||||||
USE_SSL=true
|
USE_SSL=true
|
||||||
WEBSOCKET_PORT=2004
|
WEBSOCKET_PORT=2004
|
||||||
|
VUE_APP_PUBLIC_WEBSITE=radiodemo.oma-radio.fr
|
||||||
|
@ -1 +0,0 @@
|
|||||||
../hugo/deploy_user.sh
|
|
16
services/radiodemo.oma-radio.fr/deploy_user.sh
Executable file
16
services/radiodemo.oma-radio.fr/deploy_user.sh
Executable file
@ -0,0 +1,16 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
# Si le site a déjà été build par le passé, curl termine l’exécution du script en cas d’absence sur serveur corps.
|
||||||
|
[ -f "$HTTP_DIR/public/index.html" ] && { curl -iI https://$RADIO_HOST/fic/_series-_index.fic >/dev/null || exit 0 ; }
|
||||||
|
|
||||||
|
# Update git repo
|
||||||
|
git_update.sh -d "$HTTP_DIR" -o "-i $SECRET_DIR/gitlab-deploy.sshprivkey" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
||||||
|
|
||||||
|
cd "$HTTP_DIR"
|
||||||
|
|
||||||
|
# Invalid cache
|
||||||
|
rm -rf "/tmp/hugo_cache_$USER"
|
||||||
|
|
||||||
|
# Build website
|
||||||
|
HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo
|
@ -1,4 +1,5 @@
|
|||||||
GIT_SOURCE_REPO="git@gitlab.com:omaradio/website.git"
|
GIT_SOURCE_REPO="git@gitlab.com:omaradio/website.git"
|
||||||
RADIO_HOST=mux.radiodemo.oma-radio.fr
|
RADIO_HOST=mux.radiokipik.org
|
||||||
USE_SSL=true
|
USE_SSL=true
|
||||||
WEBSOCKET_PORT=2004
|
WEBSOCKET_PORT=2005
|
||||||
|
RADIO_NAME_PRETTY="Radio Kipik"
|
||||||
|
@ -4,7 +4,7 @@ server {
|
|||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
server_name $JC_SERVICE www.$JC_SERVICE;
|
server_name $JC_SERVICE www.$JC_SERVICE;
|
||||||
root $HTTP_DIR/;
|
root $HTTP_DIR/public;
|
||||||
|
|
||||||
# Security headers
|
# Security headers
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
|
7
services/servers.csv
Normal file
7
services/servers.csv
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
id;nom;lieu;fai;note;wg_pubkey;ip;ip;ip;ip;ip
|
||||||
|
3;max;"Montpellier";red/sfr;"Chez Elisa";wTU3G3tutx2NIBlDDdBQhSnPFmkE5TM8aqcn1gdACF8=;2a02:8434:66e2:e301:a2b3:ccff:fe85:af97;;;
|
||||||
|
4;raku;"Le bessat";red/sfr;"Chez axel et louise";xEKLecqKmr7+VWhi9+LvfYNflVfkkMEe7DXHFDaiqBk=;92.92.34.140;;;
|
||||||
|
6;jeanPinion;"Alençon";;"Librairie de Centime";+goHQ6dBoqrjkPtru9Y1QeSChXNIuUpnv0xnh23jYRs=;
|
||||||
|
7;montbonnot;"Marseille";;"Géré par Nico";S1jpvHJRr2yFh4OB9hLk+zXUNXAycOewNqouoO2Zky4=;
|
||||||
|
8;jeanCheri;"Lyon";;"Épicerie ACTR";5+j+wcrQQAnR8thBRqdoKsamNog0pMZeJG2AONs5OD0=;
|
||||||
|
9;izzo;"Hostinger";"Hostinger";"Serveur hébergé principal";8ulBTjnjbo/dD8pPumpz07TUbDTofZ46+oTdkBb2JWE=;89.116.110.62;2a02:4780:28:a254::1;
|
Can't render this file because it has a wrong number of fields in line 2.
|
@ -26,10 +26,10 @@
|
|||||||
29;nuage.jean-cloud.net;nuage.jean-cloud.net;izzo.jean-cloud.org
|
29;nuage.jean-cloud.net;nuage.jean-cloud.net;izzo.jean-cloud.org
|
||||||
30;oma-radio.fr;oma-radio.fr;izzo.jean-cloud.org
|
30;oma-radio.fr;oma-radio.fr;izzo.jean-cloud.org
|
||||||
31;pa1.studios.oma-radio.fr;pa1.studios.oma-radio.fr;tetede.jean-cloud.org
|
31;pa1.studios.oma-radio.fr;pa1.studios.oma-radio.fr;tetede.jean-cloud.org
|
||||||
32;paj.oma-radio.fr;paj.oma-radio.fr;nougaro.jean-cloud.org
|
32;paj.oma-radio.fr;paj.oma-radio.fr;izzo.jean-cloud.org
|
||||||
33;quadrille-elsa.jean-cloud.net;quadrille-elsa.jean-cloud.net;shlago.jean-cloud.org
|
33;quadrille-elsa.jean-cloud.net;quadrille-elsa.jean-cloud.net;shlago.jean-cloud.org
|
||||||
34;radiodemo.oma-radio.fr;radiodemo.oma-radio.fr;raku.jean-cloud.org
|
34;radiodemo.oma-radio.fr;radiodemo.oma-radio.fr;raku.jean-cloud.org
|
||||||
35;radionimaitre.oma-radio.fr;radionimaitre.oma-radio.fr;tetede.jean-cloud.org
|
35;radionimaitre.oma-radio.fr;radionimaitre.oma-radio.fr;izzo.jean-cloud.org
|
||||||
36;raplacgr.jean-cloud.net;raplacgr.jean-cloud.net;izzo.jean-cloud.org
|
36;raplacgr.jean-cloud.net;raplacgr.jean-cloud.net;izzo.jean-cloud.org
|
||||||
37;rimarima.fr;rimarima.fr;raku.jean-cloud.org
|
37;rimarima.fr;rimarima.fr;raku.jean-cloud.org
|
||||||
38;rpnow.jean-cloud.net;rpnow.jean-cloud.net;izzo.jean-cloud.org
|
38;rpnow.jean-cloud.net;rpnow.jean-cloud.net;izzo.jean-cloud.org
|
||||||
@ -37,7 +37,7 @@
|
|||||||
40;static.jean-cloud.net;static.jean-cloud.net;izzo.jean-cloud.org
|
40;static.jean-cloud.net;static.jean-cloud.net;izzo.jean-cloud.org
|
||||||
41;velov.jean-cloud.net;velov.jean-cloud.net;shlago.jean-cloud.org
|
41;velov.jean-cloud.net;velov.jean-cloud.net;shlago.jean-cloud.org
|
||||||
42;wiki-cgr.jean-cloud.net;wiki-cgr.jean-cloud.net;izzo.jean-cloud.org
|
42;wiki-cgr.jean-cloud.net;wiki-cgr.jean-cloud.net;izzo.jean-cloud.org
|
||||||
43;radio.karnaval.fr;radio.karnaval.fr;tetede.jean-cloud.org
|
43;radio.karnaval.fr;radio.karnaval.fr;izzo.jean-cloud.org
|
||||||
44;wordpress.abc.jean-cloud.net;wordpress.abc.jean-cloud.net;raku.jean-cloud.org
|
44;wordpress.abc.jean-cloud.net;wordpress.abc.jean-cloud.net;raku.jean-cloud.org
|
||||||
45;jean-cloud.org;jean-cloud.org;shlago.jean-cloud.org
|
45;jean-cloud.org;jean-cloud.org;shlago.jean-cloud.org
|
||||||
46;soundbase.paj.oma-radio.fr;soundbase.paj.oma-radio.fr;montbonnot.jean-cloud.org
|
46;soundbase.paj.oma-radio.fr;soundbase.paj.oma-radio.fr;montbonnot.jean-cloud.org
|
||||||
@ -55,3 +55,6 @@
|
|||||||
60;soundbase.radiokipik.org;soundbase.radiokipik.org;montbonnot.jean-cloud.org
|
60;soundbase.radiokipik.org;soundbase.radiokipik.org;montbonnot.jean-cloud.org
|
||||||
61;radiokipik.org;radiokipik.org;izzo.jean-cloud.org
|
61;radiokipik.org;radiokipik.org;izzo.jean-cloud.org
|
||||||
62;mux.radiokipik.org;mux.radiokipik.org;izzo.jean-cloud.org
|
62;mux.radiokipik.org;mux.radiokipik.org;izzo.jean-cloud.org
|
||||||
|
63;collectif-karafon.fr;collectif-karafon.fr;izzo.jean-cloud.org
|
||||||
|
64;mux.radionimaitre.oma;mux.radionimaitre.oma-radio.fr;raku.jean-cloud.org
|
||||||
|
65;mux.paj.oma-radio.fr;mux.paj.oma-radio.fr;izzo.jean-cloud.org
|
||||||
|
|
25
services/soundbase.paj.oma-radio.fr/.env
Normal file
25
services/soundbase.paj.oma-radio.fr/.env
Normal file
@ -0,0 +1,25 @@
|
|||||||
|
TELECOM=.101
|
||||||
|
ICECAST=.110
|
||||||
|
WEBSERVER=.105
|
||||||
|
SYSTEM_API=.107
|
||||||
|
TZ=Europe/Paris
|
||||||
|
OMA_DOCKER_VERSION=dev
|
||||||
|
WEBSOCKET_PORT=2002
|
||||||
|
TELECOM_SERVER_PORT=3492
|
||||||
|
OMA_CONFIG_TelecommandeHost=mux.paj.oma-radio.fr
|
||||||
|
OMA_CONFIG_TelecommandePort=3492
|
||||||
|
MUX_SERVER_PORT=9002
|
||||||
|
RADIO_NAME_SIMPLE=paj
|
||||||
|
OMA_CONFIG_NomRadio=paj
|
||||||
|
OMA_CONFIG_LogLevel=8
|
||||||
|
RADIO_NAME_PRETTY="Radio Démo"
|
||||||
|
COMPOSE_NAME=soundbasepajoma-radiofr
|
||||||
|
DOCKER_INSTANCES_PREFIX=soundbasepajoma-radiofr-
|
||||||
|
DOCKER_INSTANCES_SUFIX=-1
|
||||||
|
SOUNDBASE_DIR=/data/soundbase.paj.oma-radio.fr/
|
||||||
|
USE_SSL=true
|
||||||
|
MANAGER_WEBSITE_UPSTREAM=https://static.oma-radio.fr/single-manager/1.1.1
|
||||||
|
RADIO_HOST=mux.paj.oma-radio.fr
|
||||||
|
WG_NAME_interco=paj
|
||||||
|
WG_NET=10.29.65
|
||||||
|
WG_PORT=55002
|
6
services/soundbase.paj.oma-radio.fr/deploy_user.sh
Executable file
6
services/soundbase.paj.oma-radio.fr/deploy_user.sh
Executable file
@ -0,0 +1,6 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
git_update.sh -r $OMA_DOCKER_VERSION -d "$HTTP_DIR/manager" https://gitlab.com/omaradio/single-manager.git
|
||||||
|
cd "$HTTP_DIR/manager"
|
||||||
|
npm install
|
||||||
|
npm run build
|
137
services/soundbase.paj.oma-radio.fr/docker-compose.yml
Normal file
137
services/soundbase.paj.oma-radio.fr/docker-compose.yml
Normal file
@ -0,0 +1,137 @@
|
|||||||
|
version: '3'
|
||||||
|
services:
|
||||||
|
anthracite_jukebox:
|
||||||
|
image: registry.gitlab.com/omaradio/core/oma-jukebox:$OMA_DOCKER_VERSION
|
||||||
|
env_file: .env
|
||||||
|
environment:
|
||||||
|
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
||||||
|
OMA_CONFIG_TelecommandePort: $TELECOM_SERVER_PORT
|
||||||
|
OMA_CONFIG_Client1Host: $RADIO_HOST
|
||||||
|
OMA_CONFIG_Client1Port: $MUX_SERVER_PORT
|
||||||
|
volumes:
|
||||||
|
- $DATA_DIR:/app/soundBase
|
||||||
|
- $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.102
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 100M
|
||||||
|
|
||||||
|
azurite_jukebox_simulator:
|
||||||
|
image: registry.gitlab.com/omaradio/core/oma-jukebox-simulator:$OMA_DOCKER_VERSION
|
||||||
|
env_file: .env
|
||||||
|
environment:
|
||||||
|
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
||||||
|
volumes:
|
||||||
|
- $DATA_DIR:/app/soundBase
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.103
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 100M
|
||||||
|
|
||||||
|
# aventurine_transcode:
|
||||||
|
# image: jeancloud/transcode:$OMA_DOCKER_VERSION
|
||||||
|
# env_file: .env
|
||||||
|
# restart: unless-stopped
|
||||||
|
|
||||||
|
|
||||||
|
agate_importer:
|
||||||
|
image: registry.gitlab.com/omaradio/core/oma-baseimport:$OMA_DOCKER_VERSION
|
||||||
|
env_file: .env
|
||||||
|
environment:
|
||||||
|
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
||||||
|
volumes:
|
||||||
|
- $DATA_DIR:/app/soundBase
|
||||||
|
restart: unless-stopped
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.104
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 1000M
|
||||||
|
|
||||||
|
|
||||||
|
rubis_base_mg:
|
||||||
|
image: registry.gitlab.com/omaradio/core/oma-base-mg:$OMA_DOCKER_VERSION
|
||||||
|
env_file: .env
|
||||||
|
environment:
|
||||||
|
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- $DATA_DIR:/soundbase
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.106
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 100M
|
||||||
|
|
||||||
|
|
||||||
|
system_api:
|
||||||
|
image: jeancloud/system-api:dev
|
||||||
|
env_file: .env
|
||||||
|
environment:
|
||||||
|
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
||||||
|
UID: 33
|
||||||
|
SOUNDBASE_PATH: /soundbase
|
||||||
|
MOUNT: /api
|
||||||
|
CONFIG_PATH: /config
|
||||||
|
restart: unless-stopped
|
||||||
|
volumes:
|
||||||
|
- /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi
|
||||||
|
- /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
- $DATA_DIR:/soundbase
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipv4_address: $NET.107
|
||||||
|
deploy:
|
||||||
|
resources:
|
||||||
|
limits:
|
||||||
|
cpus: '0.50'
|
||||||
|
memory: 500M
|
||||||
|
|
||||||
|
|
||||||
|
#ammolite_mp3_addon:
|
||||||
|
# image: jeancloud/mp3addon:$OMA_DOCKER_VERSION
|
||||||
|
# env_file: .env
|
||||||
|
# environment:
|
||||||
|
# OMA_CONFIG_TelecommandeHost: $NET.101
|
||||||
|
# OMA_CONFIG_PigePrefix: /opt
|
||||||
|
# restart: unless-stopped
|
||||||
|
# volumes:
|
||||||
|
# - $DATA_DIR:/app/soundbase
|
||||||
|
# networks:
|
||||||
|
# default:
|
||||||
|
# ipv4_address: $NET.109
|
||||||
|
# deploy:
|
||||||
|
# resources:
|
||||||
|
# limits:
|
||||||
|
# cpus: '0.05'
|
||||||
|
|
||||||
|
# doxy:
|
||||||
|
# image: qnib/doxy
|
||||||
|
# volumes:
|
||||||
|
# - /tmp/radiodemo.oma-radio.fr/doxy:/tmp/doxy
|
||||||
|
# - /data/radiodemo.oma-radio.fr/doxy.pattern:/etc/doxy.pattern
|
||||||
|
# - /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
# environment:
|
||||||
|
# DOXY_PROXY_SOCKET: /tmp/doxy/doxy.sock
|
||||||
|
|
||||||
|
networks:
|
||||||
|
default:
|
||||||
|
ipam:
|
||||||
|
config:
|
||||||
|
- subnet: $NET.0/24
|
119
services/soundbase.paj.oma-radio.fr/nginx_server.conf
Normal file
119
services/soundbase.paj.oma-radio.fr/nginx_server.conf
Normal file
@ -0,0 +1,119 @@
|
|||||||
|
# Parameters:
|
||||||
|
# radio name
|
||||||
|
# file path
|
||||||
|
# ws port (local)
|
||||||
|
# wss port (open)
|
||||||
|
# upload service port
|
||||||
|
# ssl certs location
|
||||||
|
|
||||||
|
# TODO
|
||||||
|
# /speedtest-down returns random data
|
||||||
|
# can use : openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero > randomfile.bin
|
||||||
|
# /speedtest-up just eat everything it can
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
server {
|
||||||
|
listen 80;
|
||||||
|
listen [::]:80;
|
||||||
|
server_name $JC_SERVICE;
|
||||||
|
|
||||||
|
root $HTTP_DIR/manager/dist;
|
||||||
|
index index.html;
|
||||||
|
|
||||||
|
location ~ /api(/.*) {
|
||||||
|
auth_basic "Entrez votre identifiant et mot de passe";
|
||||||
|
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||||
|
include uwsgi_params;
|
||||||
|
uwsgi_param PATH_INFO "$1";
|
||||||
|
uwsgi_param SCRIPT_NAME /api;
|
||||||
|
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
|
||||||
|
client_max_body_size 0;
|
||||||
|
proxy_connect_timeout 6000;
|
||||||
|
proxy_send_timeout 60000;
|
||||||
|
proxy_read_timeout 6000;
|
||||||
|
send_timeout 6000;
|
||||||
|
# kill cache
|
||||||
|
add_header Last-Modified $date_gmt;
|
||||||
|
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||||
|
if_modified_since off;
|
||||||
|
expires off;
|
||||||
|
etag off;
|
||||||
|
}
|
||||||
|
|
||||||
|
location /pige{
|
||||||
|
alias $SOUNDBASE_DIR/pige;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /png {
|
||||||
|
alias $SOUNDBASE_DIR/png;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /webpL {
|
||||||
|
alias $SOUNDBASE_DIR/webpL;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /webpH {
|
||||||
|
alias $SOUNDBASE_DIR/webpH;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /ogg {
|
||||||
|
alias $SOUNDBASE_DIR/ogg;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /txt {
|
||||||
|
alias $SOUNDBASE_DIR/txt;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /wavM {
|
||||||
|
auth_basic "Entrez votre identifiant et mot de passe";
|
||||||
|
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||||
|
alias $SOUNDBASE_DIR/wavM;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /import {
|
||||||
|
auth_basic "Entrez votre identifiant et mot de passe";
|
||||||
|
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||||
|
alias $SOUNDBASE_DIR/import;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /export {
|
||||||
|
auth_basic "Entrez votre identifiant et mot de passe";
|
||||||
|
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||||
|
alias $SOUNDBASE_DIR/export;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /wav {
|
||||||
|
auth_basic "Entrez votre identifiant et mot de passe";
|
||||||
|
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||||
|
alias $SOUNDBASE_DIR/wav;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /fic {
|
||||||
|
add_header Cache-Control "must-revalidate, proxy-revalidate";
|
||||||
|
alias $SOUNDBASE_DIR/fic;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /prg {
|
||||||
|
auth_basic "Entrez votre identifiant et mot de passe";
|
||||||
|
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||||
|
alias $SOUNDBASE_DIR/prg;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
location /lst {
|
||||||
|
auth_basic "Entrez votre identifiant et mot de passe";
|
||||||
|
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||||
|
alias $SOUNDBASE_DIR/lst;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
|
||||||
|
# Admin interface
|
||||||
|
location /manager {
|
||||||
|
alias $HTTP_DIR/manager/dist;
|
||||||
|
auth_basic "Entrez votre identifiant et mot de passe";
|
||||||
|
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
}
|
11
services/soundbase.radiodemo.oma-radio.fr/deploy_user.sh
Executable file
11
services/soundbase.radiodemo.oma-radio.fr/deploy_user.sh
Executable file
@ -0,0 +1,11 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
if [ -d "$DATA_DIR/core" ] ; then
|
||||||
|
git_update.sh -r dev -o "-i $DATA_DIR/radiodemo-deploy" -d "$DATA_DIR/core" git@gitlab.com:omaradio/core.git
|
||||||
|
fi
|
||||||
|
|
||||||
|
git_update.sh -r dev -d "$HTTP_DIR/manager" git@gitlab.com:omaradio/single-manager.git
|
||||||
|
cd "$HTTP_DIR/manager"
|
||||||
|
npm install
|
||||||
|
npm run build
|
||||||
|
|
@ -11,7 +11,8 @@ services:
|
|||||||
OMA_CONFIG_Client2Port: 9003
|
OMA_CONFIG_Client2Port: 9003
|
||||||
volumes:
|
volumes:
|
||||||
- $SOUNDBASE_DIR:/app/soundBase
|
- $SOUNDBASE_DIR:/app/soundBase
|
||||||
- $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM
|
- $SOUNDBASE_DIR/secours/JingleDemo-Secours.wavM:/app/secours/secours-jingle.wavM
|
||||||
|
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
default:
|
default:
|
||||||
@ -19,7 +20,7 @@ services:
|
|||||||
deploy:
|
deploy:
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpus: '0.50'
|
cpus: '1'
|
||||||
memory: 100M
|
memory: 100M
|
||||||
|
|
||||||
azurite_jukebox_simulator:
|
azurite_jukebox_simulator:
|
||||||
@ -48,6 +49,7 @@ services:
|
|||||||
env_file: .env
|
env_file: .env
|
||||||
volumes:
|
volumes:
|
||||||
- $SOUNDBASE_DIR:/app/soundBase
|
- $SOUNDBASE_DIR:/app/soundBase
|
||||||
|
stop_grace_period: 1m30s
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
default:
|
default:
|
||||||
|
@ -92,6 +92,7 @@ server {
|
|||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
location /fic {
|
location /fic {
|
||||||
|
add_header Cache-Control 'must-revalidate, proxy-revalidate';
|
||||||
alias $SOUNDBASE_DIR/fic;
|
alias $SOUNDBASE_DIR/fic;
|
||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
@ -107,10 +108,6 @@ server {
|
|||||||
alias $SOUNDBASE_DIR/lst;
|
alias $SOUNDBASE_DIR/lst;
|
||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
location /statique {
|
|
||||||
alias $SOUNDBASE_DIR/statique;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Admin interface
|
# Admin interface
|
||||||
location /manager {
|
location /manager {
|
||||||
|
@ -1,20 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
. .env
|
|
||||||
|
|
||||||
[ -f "$DATA_DIR/radiodemo-soundbase.wgkey" ] || { echo 'No privatekey found' >&2 && exit 1 ; }
|
|
||||||
|
|
||||||
echo "
|
|
||||||
[Interface]
|
|
||||||
PrivateKey = $(cat "$DATA_DIR/radiodemo-soundbase.wgkey")
|
|
||||||
Address = 10.29.0.1/32
|
|
||||||
ListenPort = 55820
|
|
||||||
|
|
||||||
[Peer]
|
|
||||||
PublicKey = iwIsUriF4CT/Jpu29VXlj43hT3bUjG67FeEgCTcQCVc=
|
|
||||||
AllowedIPs = 10.29.0.254/32
|
|
||||||
Endpoint = mux.radiodemo.oma-radio.fr:55820
|
|
||||||
PersistentKeepalive = 30
|
|
||||||
"
|
|
@ -4,21 +4,20 @@ ICECAST=.110
|
|||||||
WEBSERVER=.105
|
WEBSERVER=.105
|
||||||
SYSTEM_API=.107
|
SYSTEM_API=.107
|
||||||
TZ=Europe/Paris
|
TZ=Europe/Paris
|
||||||
OMA_DOCKER_VERSION=dev
|
OMA_DOCKER_VERSION=unstable
|
||||||
WEBSOCKET_PORT=2004
|
WEBSOCKET_PORT=2005
|
||||||
TELECOM_SERVER_PORT=3494
|
TELECOM_SERVER_PORT=3495
|
||||||
OMA_CONFIG_TelecommandeHost=mux.radiodemo.oma-radio.fr
|
OMA_CONFIG_TelecommandeHost=mux.radiokipik.org
|
||||||
OMA_CONFIG_TelecommandePort=3494
|
OMA_CONFIG_TelecommandePort=3495
|
||||||
MUX_SERVER_PORT=9004
|
MUX_SERVER_PORT=9005
|
||||||
RADIO_NAME_SIMPLE=radiodemo
|
RADIO_NAME_SIMPLE=radiokipik
|
||||||
OMA_CONFIG_NomRadio=radiodemo
|
OMA_CONFIG_NomRadio=radiokipik
|
||||||
OMA_CONFIG_LogLevel=8
|
RADIO_NAME_PRETTY="Radio Kipik"
|
||||||
RADIO_NAME_PRETTY="Radio Démo"
|
COMPOSE_NAME=soundbaseradiokipikorg
|
||||||
COMPOSE_NAME=soundbaseradiodemooma-radiofr
|
DOCKER_INSTANCES_PREFIX=soundbaseradiokipikorg-
|
||||||
DOCKER_INSTANCES_PREFIX=soundbaseradiodemooma-radiofr-
|
|
||||||
DOCKER_INSTANCES_SUFIX=-1
|
DOCKER_INSTANCES_SUFIX=-1
|
||||||
SOUNDBASE_DIR=/data/soundbase.radiodemo.oma-radio.fr/core/radioDemo
|
SOUNDBASE_DIR=/data/soundbase.radiokipik.org/soundbase/
|
||||||
USE_SSL=true
|
USE_SSL=true
|
||||||
MANAGER_VERSION=3.0.0
|
MANAGER_VERSION=3.0.0
|
||||||
PUBLIC_WEBSITE_UPSTREAM=https://static.oma-radio.fr/player-interface/1.1.1
|
PUBLIC_WEBSITE_UPSTREAM=https://static.oma-radio.fr/player-interface/1.1.1
|
||||||
RADIO_HOST=radiodemo.oma-radio.fr
|
RADIO_HOST=radiokipik.org
|
||||||
|
@ -1,8 +1,3 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
apt install -y nodejs npm
|
apt install -y nodejs npm
|
||||||
#docker run --rm -i -v /srv/http/soundbase.radiodemo.oma-radio.fr:/app node:alpine sh <<EOF
|
|
||||||
#cd /app
|
|
||||||
#npm install --production omaradio-web-manager@~$MANAGER_VERSION
|
|
||||||
#npm update
|
|
||||||
#EOF
|
|
||||||
|
@ -6,10 +6,9 @@
|
|||||||
|
|
||||||
chmod 700 "$SECRET_DIR/gitlab-deploy.sshprivkey"
|
chmod 700 "$SECRET_DIR/gitlab-deploy.sshprivkey"
|
||||||
mkdir -p "$HTTP_DIR/manager"
|
mkdir -p "$HTTP_DIR/manager"
|
||||||
git_update.sh -b 'v3' -i "$SECRET_DIR/gitlab-deploy.sshprivkey" -d "$HTTP_DIR/manager" git@gitlab.com:omaradio/single-manager.git
|
git_update.sh -r 'v3.0' -o "-i $SECRET_DIR/gitlab-deploy.sshprivkey" -d "$HTTP_DIR/manager" git@gitlab.com:omaradio/single-manager.git
|
||||||
cd "$HTTP_DIR/manager"
|
cd "$HTTP_DIR/manager"
|
||||||
npm install
|
npm install
|
||||||
#npm audit fix
|
|
||||||
npm run build
|
npm run build
|
||||||
|
|
||||||
|
|
||||||
|
@ -4,7 +4,7 @@ services:
|
|||||||
image: registry.gitlab.com/omaradio/core/oma-jukebox:$OMA_DOCKER_VERSION
|
image: registry.gitlab.com/omaradio/core/oma-jukebox:$OMA_DOCKER_VERSION
|
||||||
env_file: .env
|
env_file: .env
|
||||||
environment:
|
environment:
|
||||||
OMA_CONFIG_Client1Host: mux.radiodemo.oma-radio.fr
|
OMA_CONFIG_Client1Host: mux.radiokipik.org
|
||||||
OMA_CONFIG_Client1Port: $MUX_SERVER_PORT
|
OMA_CONFIG_Client1Port: $MUX_SERVER_PORT
|
||||||
OMA_CONFIG_Client2: off
|
OMA_CONFIG_Client2: off
|
||||||
OMA_CONFIG_Client2Host: radionimaitre.oma-radio.fr
|
OMA_CONFIG_Client2Host: radionimaitre.oma-radio.fr
|
||||||
@ -76,7 +76,7 @@ services:
|
|||||||
|
|
||||||
|
|
||||||
system_api:
|
system_api:
|
||||||
image: jeancloud/system-api:dev
|
image: jeancloud/system-api:$OMA_DOCKER_VERSION
|
||||||
env_file: .env
|
env_file: .env
|
||||||
environment:
|
environment:
|
||||||
UID: 33
|
UID: 33
|
||||||
@ -98,30 +98,6 @@ services:
|
|||||||
memory: 500M
|
memory: 500M
|
||||||
|
|
||||||
|
|
||||||
#ammolite_mp3_addon:
|
|
||||||
# image: jeancloud/mp3addon:$OMA_DOCKER_VERSION
|
|
||||||
# env_file: .env
|
|
||||||
# environment:
|
|
||||||
# OMA_CONFIG_PigePrefix: /opt
|
|
||||||
# restart: unless-stopped
|
|
||||||
# volumes:
|
|
||||||
# - $SOUNDBASE_DIR:/app/soundbase
|
|
||||||
# networks:
|
|
||||||
# default:
|
|
||||||
# ipv4_address: $NET.109
|
|
||||||
# deploy:
|
|
||||||
# resources:
|
|
||||||
# limits:
|
|
||||||
# cpus: '0.05'
|
|
||||||
|
|
||||||
# doxy:
|
|
||||||
# image: qnib/doxy
|
|
||||||
# volumes:
|
|
||||||
# - /tmp/radiodemo.oma-radio.fr/doxy:/tmp/doxy
|
|
||||||
# - /data/radiodemo.oma-radio.fr/doxy.pattern:/etc/doxy.pattern
|
|
||||||
# - /var/run/docker.sock:/var/run/docker.sock
|
|
||||||
# environment:
|
|
||||||
# DOXY_PROXY_SOCKET: /tmp/doxy/doxy.sock
|
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
default:
|
default:
|
||||||
|
@ -92,6 +92,7 @@ server {
|
|||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
location /fic {
|
location /fic {
|
||||||
|
add_header Cache-Control 'must-revalidate, proxy-revalidate';
|
||||||
alias $SOUNDBASE_DIR/fic;
|
alias $SOUNDBASE_DIR/fic;
|
||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
@ -107,10 +108,6 @@ server {
|
|||||||
alias $SOUNDBASE_DIR/lst;
|
alias $SOUNDBASE_DIR/lst;
|
||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
location /statique {
|
|
||||||
alias $SOUNDBASE_DIR/statique;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Admin interface
|
# Admin interface
|
||||||
location /manager {
|
location /manager {
|
||||||
|
@ -1,20 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
. .env
|
|
||||||
|
|
||||||
[ -f "$DATA_DIR/soundbase.wgkey" ] || { echo 'No privatekey found' >&2 && exit 1 ; }
|
|
||||||
|
|
||||||
echo "
|
|
||||||
[Interface]
|
|
||||||
PrivateKey = $(cat "$DATA_DIR/soundbase.wgkey")
|
|
||||||
Address = 10.29.60.1/32
|
|
||||||
ListenPort = 55860
|
|
||||||
|
|
||||||
[Peer]
|
|
||||||
PublicKey = 3ADrLVxzVqLHV530cT+paM+zNQBvm3KCW0voIN1wVBQ=
|
|
||||||
AllowedIPs = 10.29.60.254/32
|
|
||||||
Endpoint = mux.radiokipik.org:55825
|
|
||||||
PersistentKeepalive = 30
|
|
||||||
"
|
|
Loading…
Reference in New Issue
Block a user