Compare commits
1 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
fca32d7f5c |
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,4 +1,3 @@
|
||||
installing/temporary_mount_point
|
||||
installing/secrets
|
||||
provisioning/roles/deploy_all/files/secrets
|
||||
.~lock.*
|
||||
|
@ -285,7 +285,7 @@ section "Creating wireguard conf"
|
||||
if [ -n "$wireguard_number" ] ; then
|
||||
run cat >> "$mnt/etc/wireguard/jeancloud.conf" <<EOF
|
||||
[Interface]
|
||||
PrivateKey = $(wg genkey)
|
||||
PrivateKey = $(chroot_run wg genkey)
|
||||
ListenPort = 51812
|
||||
Address = 10.98.1.$wireguard_number/32
|
||||
|
||||
@ -295,7 +295,7 @@ AllowedIPs = 10.98.1.254/32
|
||||
Endpoint = 193.33.56.94:51812
|
||||
PersistentKeepalive = 25
|
||||
EOF
|
||||
wireguard_pubkey="$(cat "$mnt/etc/wireguard/jeancloud.conf" | grep -oP '^PrivateKey = \K.*' | wg pubkey)"
|
||||
wireguard_pubkey="$(cat "$mnt/etc/wireguard/jeancloud.conf" | grep -oP '^PrivateKey = \K.*' | chroot_run wg pubkey)"
|
||||
|
||||
run cat > "$secret_dir/wg_conf_part" <<EOF
|
||||
[Peer] # $hostname
|
||||
|
@ -4,31 +4,4 @@ DO NOT REBOOT IT. it sometimes fails…
|
||||
|
||||
raku :
|
||||
+ ajouter nonfree dans les sources
|
||||
-i firmware-atheros -i firmware-realtek
|
||||
|
||||
cheri :
|
||||
cat > /etc/init.d/autoreboot <<EOF
|
||||
#!/bin/bash
|
||||
### BEGIN INIT INFO
|
||||
# Provides: autoreboot
|
||||
# Required-Start: \$local_fs \$syslog
|
||||
# Required-Stop: \$local_fs \$syslog
|
||||
# Default-Start: 2 3 4 5
|
||||
# Default-Stop: 0 1 6
|
||||
# Short-Description: starts autoreboot
|
||||
# Description: starts autoreboot
|
||||
### END INIT INFO
|
||||
sleep 120
|
||||
ip -4 -o a > /dev/tty1
|
||||
if ! ip a | grep -q 'eth0' ; then
|
||||
echo 'eth0 not found. rebooting' >/dev/tty1
|
||||
sleep 3
|
||||
reboot
|
||||
else
|
||||
echo 'eth0 found' >/dev/tty1
|
||||
sleep 3
|
||||
exit 0
|
||||
fi
|
||||
exit 0
|
||||
EOF
|
||||
chmod +x /etc/init.d/autoreboot
|
||||
-i firmware-atheros
|
||||
|
@ -1,41 +0,0 @@
|
||||
version: '3.1'
|
||||
|
||||
services:
|
||||
|
||||
wp:
|
||||
image: wordpress:5-apache
|
||||
restart: unless-stopped
|
||||
env_file: $DATA_DIR/wordpress.env
|
||||
volumes:
|
||||
- $DATA_DIR/wordpress:/var/www/html
|
||||
- /srv/http/$JC_SERVICE:/var/www/html/static
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.100
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
db:
|
||||
image: mariadb:10.11
|
||||
restart: unless-stopped
|
||||
env_file: $DATA_DIR/wordpress.env
|
||||
volumes:
|
||||
- $DATA_DIR/db:/var/lib/mysql
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.101
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 300M
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
config:
|
||||
- subnet: $NET.0/24
|
||||
|
@ -1,30 +0,0 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
server_name wordpress.$JC_SERVICE www.wordpress.$JC_SERVICE;
|
||||
location / {
|
||||
auth_basic "Mot de passe !";
|
||||
auth_basic_user_file /data/$JC_SERVICE/pass.txt;
|
||||
client_max_body_size 2G;
|
||||
#proxy_set_header X-Real-IP $remote_addr;
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_pass http://$NET.100;
|
||||
proxy_redirect off;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
server_name $JC_SERVICE www.$JC_SERVICE;
|
||||
|
||||
location / {
|
||||
root /srv/http/$JC_SERVICE;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
@ -1,32 +0,0 @@
|
||||
version: '2'
|
||||
|
||||
services:
|
||||
|
||||
coldcms:
|
||||
image: coldcms/coldcms-backend:latest
|
||||
volumes:
|
||||
- $DATA_DIR/coldcms:/srv/build
|
||||
- $DATA_DIR/db:/var/db
|
||||
environment:
|
||||
- DJANGO_SETTINGS_MODULE=coldcms.settings
|
||||
- DB_URL=sqlite:////var/db/database.sqlite3
|
||||
- BUILD_DIR=/srv/build
|
||||
- STATIC_ROOT=/srv/build/static/
|
||||
- ALLOWED_HOSTS=$JC_SERVICE
|
||||
- SECRET_KEY=275bLEjLIsDg19HkIcjjwgdC41zcyTAc1y527VuX23khKUZGRCMybChydeBKFNJVjhD0KMrzIeLbMlS30IxPhfqLAcR2OK0LVxOu4G8dgx3p2pia4SUFm39tOznKZ0Kt9IdbX
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.100
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 500M
|
||||
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
config:
|
||||
- subnet: $NET.0/24
|
@ -1,55 +0,0 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
server_name $JC_SERVICE www.$JC_SERVICE;
|
||||
|
||||
add_header Strict-Transport-Security "max-age=31536000";
|
||||
|
||||
gzip on;
|
||||
gzip_disable "msie6";
|
||||
gzip_types text/plain text/css application/json text/xml application/xml text/javascript application/x-javascript;
|
||||
gzip_min_length 1000;
|
||||
gzip_proxied no-cache no-store private expired auth;
|
||||
gzip_vary on;
|
||||
|
||||
root $HTTP_DIR;
|
||||
|
||||
location / {
|
||||
set $try_files_value '';
|
||||
if ($request_method = GET){
|
||||
set $try_files_value $uri/;
|
||||
}
|
||||
gzip_static on;
|
||||
try_files $try_files_value @uwsgi_backend;
|
||||
}
|
||||
|
||||
|
||||
location @uwsgi_backend {
|
||||
uwsgi_pass $NET.100:8000;
|
||||
include uwsgi_params;
|
||||
client_max_body_size 20m;
|
||||
}
|
||||
|
||||
location /media/ {
|
||||
gzip_static on;
|
||||
expires 100d;
|
||||
add_header Cache-Control public;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location /static/ {
|
||||
gzip_static on;
|
||||
expires 100d;
|
||||
add_header Cache-Control public;
|
||||
access_log off;
|
||||
}
|
||||
|
||||
location /admin/ {
|
||||
uwsgi_pass $NET.100:8000;
|
||||
include uwsgi_params;
|
||||
client_max_body_size 20m;
|
||||
}
|
||||
}
|
||||
|
@ -1 +0,0 @@
|
||||
GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/grapesjs
|
@ -1,3 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO"
|
@ -1,19 +0,0 @@
|
||||
version: '3'
|
||||
services:
|
||||
json_server:
|
||||
image: jeancloud/json-server
|
||||
volumes:
|
||||
- "$DATA_DIR:/usr/lib/json-server"
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.100
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
config:
|
||||
- subnet: $NET.0/24
|
@ -1,35 +0,0 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
server_name grapes.chahut.jean-cloud.net;
|
||||
root $HTTP_DIR;
|
||||
|
||||
# Security headers
|
||||
# We can create a file with the base security headers and include it.
|
||||
# Will it be possible to overload them then ?
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
#add_header Content-Security-Policy "default-src 'self' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ ;frame-ancestors 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ ; img-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ ; base-uri 'self'; form-action 'self';" always;
|
||||
add_header X-Content-Type-Options "nosniff";
|
||||
add_header X-Frame-Options SAMEORIGIN always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
#add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||||
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='https://mailer.jean-cloud.net';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
|
||||
|
||||
auth_basic "Mot de passe !";
|
||||
auth_basic_user_file $DATA_DIR/pass.txt;
|
||||
|
||||
location / {
|
||||
index index.html;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location /projects {
|
||||
proxy_set_header Host $http_host;
|
||||
proxy_set_header X-Forwarded-Proto https;
|
||||
proxy_pass http://$NET.100:3000;
|
||||
proxy_redirect off;
|
||||
|
||||
}
|
||||
}
|
@ -1,19 +0,0 @@
|
||||
TZ=Europe/Paris
|
||||
OMA_DOCKER_VERSION=8
|
||||
WEBSOCKET_PORT=2002
|
||||
TELECOM_SERVER_PORT=3492
|
||||
MUX_SERVER_PORT=9002
|
||||
RADIO_NAME_SIMPLE=paj
|
||||
OMA_CONFIG_NomRadio=paj
|
||||
RADIO_NAME_PRETTY="Paj Radio"
|
||||
RADIO_HOST=paj.oma-radio.fr
|
||||
COMPOSE_NAME=pajoma-radiofr
|
||||
DOCKER_INSTANCES_PREFIX=pajoma-radiofr-
|
||||
DOCKER_INSTANCES_SUFIX=-1
|
||||
DATA_DIR=/data/paj.oma-radio.fr
|
||||
USE_SSL=true
|
||||
PUBLIC_WEBSITE_UPSTREAM=https://static.oma-radio.fr/player-interface/1.3.0
|
||||
MANAGER_WEBSITE_UPSTREAM=https://static.oma-radio.fr/single-manager/1.1.0
|
||||
SYNCTHINGS_API_KEY=425qLiE5QMJmFjgoxUHRgxD2icWNmkdy
|
||||
SYNCTHINGS_LABEL_PREFIX="[oma] [paj] "
|
||||
SYNCTHINGS_PRIVATE_KEY="/keys/Niilos"
|
@ -1,181 +0,0 @@
|
||||
version: '3'
|
||||
services:
|
||||
ambre_mux:
|
||||
image: registry.oma-radio.fr/mux:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
environment:
|
||||
OMA_CONFIG_Client1Url: /paj.ogg
|
||||
volumes:
|
||||
- $DATA_DIR/soundbase/pige:/app/pige
|
||||
ports:
|
||||
- $MUX_SERVER_PORT:9000
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.100
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
|
||||
saphir_telecom_server:
|
||||
image: registry.oma-radio.fr/telecom-server:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
ports:
|
||||
- $TELECOM_SERVER_PORT:3490
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.101
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
anthracite_jukebox:
|
||||
image: registry.oma-radio.fr/jukebox:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
volumes:
|
||||
- $DATA_DIR/soundbase:/app/soundBase
|
||||
- $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.102
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
azurite_jukebox_simulator:
|
||||
image: registry.oma-radio.fr/jukebox-simulator:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
volumes:
|
||||
- $DATA_DIR/soundbase:/app/soundBase
|
||||
restart: unless-stopped
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
|
||||
agate_importer:
|
||||
image: registry.oma-radio.fr/baseimport:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
volumes:
|
||||
- $DATA_DIR/soundbase:/app/soundBase
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.104
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
amarante_webserver:
|
||||
image: registry.oma-radio.fr/webserver:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
environment:
|
||||
OMA_CONFIG_PigeOggConsigne: 5000
|
||||
OMA_CONFIG_PigeOggMax: 5100
|
||||
OMA_CONFIG_PigeOggMaxMax: 5500
|
||||
OMA_CONFIG_PigeTextConsigne: 10000
|
||||
OMA_CONFIG_PigeTextMax: 11000
|
||||
OMA_CONFIG_PigeTextMaxMax: 15000
|
||||
OMA_CONFIG_PodCacheSize: 25 # to fix a webserver bug
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.105
|
||||
volumes:
|
||||
- $DATA_DIR/soundbase:/soundbase
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
rubis_base_mg:
|
||||
image: registry.oma-radio.fr/base-mg:$OMA_DOCKER_VERSION
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.106
|
||||
volumes:
|
||||
- $DATA_DIR/soundbase:/soundbase
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
|
||||
system_api:
|
||||
image: registry.oma-radio.fr/system-api:master
|
||||
env_file: .env
|
||||
environment:
|
||||
UID: 33
|
||||
SOUNDBASE_PATH: /soundbase
|
||||
MOUNT: /api
|
||||
CONFIG_PATH: /config
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.107
|
||||
volumes:
|
||||
- /tmp/uwsgi/$RADIO_HOST:/tmp/uwsgi
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- $DATA_DIR/soundbase:/soundbase
|
||||
- /data/soundbase.oma-radio.fr/Niilos:/keys/Niilos
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
liquidsoap:
|
||||
image: registry.oma-radio.fr/liquidsoap:1.3.7
|
||||
env_file: .env
|
||||
volumes:
|
||||
- $DATA_DIR/secours.ogg:/secours.ogg
|
||||
- ./transcode.liq:/transcode.liq
|
||||
command: /transcode.liq
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.108
|
||||
|
||||
icecast:
|
||||
image: registry.oma-radio.fr/icecast:alpine-2.4.0
|
||||
environment:
|
||||
- ICECAST_SOURCE_PASSWORD=JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f
|
||||
- ICECAST_ADMIN_PASSWORD=STh5LrPMvp876KPoajCPEUpehE98JPqZ6sEixSnzJ42CR2MdyPMBYfzjGpbAzajNgw8jsuLh
|
||||
- ICECAST_RELAY_PASSWORD=r2LgmDocgyYh7DqhSsey8tM99wxdViTpLtyi9tcWHtokC73QnC6kQLRRb58VUy5FXYnStRsG
|
||||
- ICECAST_ADMIN_USERNAME=admin
|
||||
- ICECAST_ADMIN_EMAIL=contact@oma-radio.fr
|
||||
- ICECAST_LOCATION=Rhône-Alpes
|
||||
- TZ=Europe/Paris
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.109
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
config:
|
||||
- subnet: $NET.0/24
|
||||
|
@ -1,187 +0,0 @@
|
||||
# Parameters:
|
||||
# radio name
|
||||
# file path
|
||||
# ws port (local)
|
||||
# wss port (open)
|
||||
# upload service port
|
||||
# ssl certs location
|
||||
|
||||
# TODO
|
||||
# /speedtest-down returns random data
|
||||
# can use : openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero > randomfile.bin
|
||||
# /speedtest-up just eat everything it can
|
||||
|
||||
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
server{
|
||||
listen $WEBSOCKET_PORT ssl;
|
||||
listen [::]:$WEBSOCKET_PORT ssl;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://$NET.105:9000;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_read_timeout 120s;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name $RADIO_HOST www.$RADIO_HOST;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
|
||||
root $DATA_DIR/soundbase/website;
|
||||
index index.html;
|
||||
|
||||
location = /direct.ogg {
|
||||
proxy_pass http://$NET.109:8000/$RADIO_NAME_SIMPLE.ogg;
|
||||
}
|
||||
location = /direct.mp3 {
|
||||
proxy_pass http://$NET.109:8000/$RADIO_NAME_SIMPLE.mp3;
|
||||
}
|
||||
|
||||
location = /api { rewrite ^ /api/; }
|
||||
location ~ /api(/.*) {
|
||||
auth_basic "Entrez votre identifiant et mot de passe";
|
||||
auth_basic_user_file $DATA_DIR/soundbase/users.htpasswd;
|
||||
include uwsgi_params;
|
||||
uwsgi_param PATH_INFO "$1";
|
||||
uwsgi_param SCRIPT_NAME /api;
|
||||
uwsgi_pass unix:/tmp/uwsgi/$RADIO_HOST/uwsgi-api.sock;
|
||||
client_max_body_size 0;
|
||||
proxy_connect_timeout 6000;
|
||||
proxy_send_timeout 60000;
|
||||
proxy_read_timeout 6000;
|
||||
send_timeout 6000;
|
||||
# kill cache
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
if_modified_since off;
|
||||
expires off;
|
||||
etag off;
|
||||
}
|
||||
|
||||
location /pige{
|
||||
alias $DATA_DIR/soundbase/pige;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /pigeMp3{
|
||||
alias $DATA_DIR/soundbase/pigeMp3;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /png {
|
||||
alias $DATA_DIR/soundbase/png;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /jpgL {
|
||||
alias $DATA_DIR/soundbase/jpgL;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /jpgH {
|
||||
alias $DATA_DIR/soundbase/jpgH;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /webpL {
|
||||
alias $DATA_DIR/soundbase/webpL;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /webpH {
|
||||
alias $DATA_DIR/soundbase/webpH;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /ogg {
|
||||
alias $DATA_DIR/soundbase/ogg;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /txt {
|
||||
# kill cache
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
if_modified_since off;
|
||||
expires off;
|
||||
etag off;
|
||||
alias $DATA_DIR/soundbase/txt;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /wavM {
|
||||
# kill cache
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
if_modified_since off;
|
||||
expires off;
|
||||
etag off;
|
||||
alias $DATA_DIR/soundbase/wavM;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /wav {
|
||||
# kill cache
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
if_modified_since off;
|
||||
expires off;
|
||||
etag off;
|
||||
alias $DATA_DIR/soundbase/wav;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /fiches {
|
||||
alias $DATA_DIR/soundbase/fiches;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /prg {
|
||||
# kill cache
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
if_modified_since off;
|
||||
expires off;
|
||||
etag off;
|
||||
alias $DATA_DIR/soundbase/prg;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /listes {
|
||||
# kill cache
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
if_modified_since off;
|
||||
expires off;
|
||||
etag off;
|
||||
alias $DATA_DIR/soundbase/listes;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /statique {
|
||||
alias $DATA_DIR/soundbase/statique;
|
||||
try_files $uri $uri/ =404;
|
||||
# kill cache
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
if_modified_since off;
|
||||
expires off;
|
||||
etag off;
|
||||
}
|
||||
|
||||
# Admin interface
|
||||
location /manager {
|
||||
auth_basic "Entrez votre identifiant et mot de passe";
|
||||
auth_basic_user_file $DATA_DIR/soundbase/users.htpasswd;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location = /favicon.ico {
|
||||
return 301 /favicon.webp;
|
||||
}
|
||||
|
||||
# for js, css, html — dynamic site, players
|
||||
location / {
|
||||
try_files $uri $uri/ =404;
|
||||
add_header Cache-Control 'public must-revalidate';
|
||||
}
|
||||
}
|
@ -1,13 +0,0 @@
|
||||
#!/usr/bin/liquidsoap
|
||||
|
||||
#input1 = mksafe(input.harbor("direct.ogg",port=8000,password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f"))
|
||||
input1 = mksafe(input.http("http://172.29.10.109:8000/paj.ogg"))
|
||||
|
||||
# Direct mp3
|
||||
output.icecast(
|
||||
%mp3(stereo=false),
|
||||
mount="/paj.mp3",
|
||||
host="172.29.10.109", port=8000, password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f",
|
||||
input1)
|
||||
|
||||
|
@ -1,9 +1,13 @@
|
||||
[shlago]
|
||||
#max.jean-cloud.org
|
||||
max.jean-cloud.org
|
||||
tetede.jean-cloud.org
|
||||
raku.jean-cloud.org
|
||||
|
||||
[servers]
|
||||
nougaro.jean-cloud.org
|
||||
montbonnot.jean-cloud.org
|
||||
#max.jean-cloud.org
|
||||
#blatte.jean-cloud.org
|
||||
max.jean-cloud.org
|
||||
tetede.jean-cloud.org
|
||||
raku.jean-cloud.org
|
||||
izzo.jean-cloud.org
|
||||
|
@ -55,14 +55,12 @@ cd "/docker/$service"
|
||||
|
||||
if "$deploy" ; then
|
||||
run mkdir -p "$DATA_DIR" "$HTTP_DIR"
|
||||
run chown $uid "$DATA_DIR" "$HTTP_DIR"
|
||||
run chown $uid "$DATA_DIR"
|
||||
run chmod 751 "$DATA_DIR"
|
||||
run chown $uid:www-data -R "$HTTP_DIR"
|
||||
if [ -d "$SECRET_DIR" ] ; then
|
||||
run chown $uid "$SECRET_DIR" -R
|
||||
run find "$SECRET_DIR" -type d -exec chmod 751 '{}' \;
|
||||
run find "$SECRET_DIR" -type f -exec chmod 700 '{}' \;
|
||||
|
||||
run chmod 751 "$SECRET_DIR" -R
|
||||
fi
|
||||
else
|
||||
[ -d "$HTTP_DIR" ] && rm -r "$HTTP_DIR"
|
||||
|
@ -50,9 +50,6 @@ run chmod 755 /data
|
||||
section "Create new conf directory"
|
||||
run mkdir -p "$new_nginx_conf_path"
|
||||
|
||||
logdir="/var/log/shlaguernetes/"
|
||||
run mkdir -p "$logdir"
|
||||
|
||||
###############################################################################
|
||||
# Deploy services
|
||||
###############################################################################
|
||||
@ -73,14 +70,14 @@ do
|
||||
[[ "$(getent hosts $target)" != "::1 "* ]] && echo 'Not here' && continue
|
||||
|
||||
echo "Deploying"
|
||||
deploy_service.sh "$service" "noreload" &>"$logdir/deploy.$service.$(date +%Y-%m-%d.%Hh-%M-%S)" &
|
||||
deploy_service.sh "$service" "noreload"
|
||||
|
||||
if [ "$?" -ne 0 ] ; then
|
||||
failed="$failed $service"
|
||||
fi
|
||||
|
||||
done < <(grep -v '^#' /docker/services.csv)
|
||||
wait
|
||||
|
||||
restart_nginx.sh
|
||||
|
||||
if [ -n "$failed" ] ; then
|
||||
|
@ -1,72 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
# This script will generate a single config for a given host and privkey
|
||||
|
||||
# Limits:
|
||||
# 253 peers 1 -> 254
|
||||
|
||||
# Lib
|
||||
. /usr/local/bin/driglibash-base
|
||||
|
||||
# Arg parsing
|
||||
if [ "$#" -ne 4 ] ; then
|
||||
die "Usage: $0 <name> <privkey_filepath> <port> <net_prefix>\nNet is a /24"
|
||||
fi
|
||||
|
||||
thisname="$1"
|
||||
privkey="$2"
|
||||
port="$3"
|
||||
net="$4"
|
||||
|
||||
|
||||
# script
|
||||
|
||||
content="$(mktemp)"
|
||||
clean "rm $content"
|
||||
|
||||
while IFS=";" read id name location isp note pubkey ip1 ip2 ip3 ip4 ip5 ; do
|
||||
# Skip header
|
||||
[ "$id" = "id" ] && continue
|
||||
|
||||
# Add local config
|
||||
if [ "$name" = "$thisname" ] ; then
|
||||
cat <<-EOF
|
||||
[Interface] # $name
|
||||
PrivateKey = $(cat "$privkey")
|
||||
ListenPort = $port
|
||||
Address = $net.$id/32
|
||||
|
||||
EOF
|
||||
else
|
||||
# Create list of endpoints
|
||||
endpoints=""
|
||||
for i in $(seq 1 5) ; do
|
||||
varname="ip$i"
|
||||
ip="${!varname}"
|
||||
echo "$ip" | grep -q ':' && ip="[$ip]"
|
||||
if [ -n "$ip" ] ; then
|
||||
endpoints="$endpoints"$'\n'"Endpoint = $ip:$port"
|
||||
fi
|
||||
done
|
||||
|
||||
# Correct endpoint value or add keepalive for endpointless hosts
|
||||
if [ -n "$endpoints" ] ; then
|
||||
endpoints="${endpoints:1}"
|
||||
else
|
||||
endpoints="PersistentKeepalive = 30"
|
||||
fi
|
||||
|
||||
# Peer config
|
||||
cat >> "$content" <<-EOF
|
||||
[Peer] # $name
|
||||
PublicKey = $pubkey
|
||||
AllowedIPs = $net.$id/32
|
||||
$endpoints
|
||||
|
||||
EOF
|
||||
fi
|
||||
done < $DOCKER_DIR/servers.csv
|
||||
|
||||
cat "$content"
|
||||
|
||||
rm "$content"
|
@ -1,59 +1,56 @@
|
||||
#!/bin/bash
|
||||
Help(){
|
||||
echo "
|
||||
NAME
|
||||
git_update.sh
|
||||
SYNOPSIS
|
||||
git_update.sh [-h] [-r ref] [-d dest] [-H] [-a] repository
|
||||
OPTIONS
|
||||
-h prints the help.
|
||||
-r specifies the reference to the commit to be synchronized. It can be a tag or a branch. By default, it is the last commit of branch main.
|
||||
It can be different from the actual branch. CAREFUL, the command git branch will always show the original branch name even though a branch switch has happened.
|
||||
-d specifies the destination of the clone or update. Directory must be empty if a new clone is to be made.
|
||||
If the repository to be cloned is local, and its path is passed as a relative path, the path should start from the destination.
|
||||
To avoid mistakes, absolute paths are advised.
|
||||
-H allows the $HOME directory to be used by git_update.sh. By default, git_update.sh cannot access $HOME to prevent default behavior.
|
||||
If you need the global .gitconfig located in your $HOME to be used, you should supply the -H option.
|
||||
-a specifies that the aggressive option of the git garbage collection must be used. Only advised when changes happen in many different objects. Will slow down the execution.
|
||||
-o ssh options for ssh clone
|
||||
DESCRIPTION
|
||||
This script will replace the destination with the wanted commit of a git repository. The history is not preserved but tags are. Untracked files remain.
|
||||
The git commands have been chosen so as to minimize the memory and bandwidth usages."
|
||||
}
|
||||
|
||||
#variables
|
||||
|
||||
declare -A usage
|
||||
declare -A varia
|
||||
|
||||
summary="$0 [options] <repo>"
|
||||
ref=main
|
||||
dst='.'
|
||||
use_home=false
|
||||
be_aggressive="false"
|
||||
ssh_opts="ssh"
|
||||
|
||||
while getopts ":ho:r:d:H" option; do
|
||||
case $option in
|
||||
h) # display Help
|
||||
Help
|
||||
exit;;
|
||||
r) # desired branch or tag
|
||||
ref="$OPTARG";;
|
||||
d) # destination of clone
|
||||
dst="$OPTARG";;
|
||||
H) # use real home dir
|
||||
use_home="true";;
|
||||
a) #use -a in git gc call
|
||||
be_aggressive="true";;
|
||||
o) # ssh options
|
||||
ssh_opts="$ssh_opts $OPTARG";;
|
||||
\?) # invalid option
|
||||
echo "Error: Invalid option '$option'"
|
||||
exit;;
|
||||
esac
|
||||
done
|
||||
shift $((OPTIND-1))
|
||||
usage[b]="Branch of git repo"
|
||||
varia[b]=branch
|
||||
branch=master
|
||||
|
||||
usage[t]="Tog of git repo"
|
||||
varia[t]=tag
|
||||
tag=
|
||||
|
||||
usage[d]="Destination of clone"
|
||||
varia[d]=dst
|
||||
dst='.'
|
||||
|
||||
usage[i]="privkey used to ssh pull"
|
||||
varia[i]=privkey
|
||||
privkey=''
|
||||
|
||||
usage[N]="Clone to a Non-empty target. Existing files will be overwriten"
|
||||
varia[N]=nonempty_target
|
||||
nonempty_target=false
|
||||
|
||||
usage[K]="Remote host key file (known_hosts) for ssh connections"
|
||||
varia[K]=hostkeyfile
|
||||
hostkeyfile=''
|
||||
|
||||
usage[H]="Use real home dir"
|
||||
varia[H]=use_home
|
||||
use_home=false
|
||||
|
||||
|
||||
. driglibash-args
|
||||
|
||||
|
||||
# Some SSH options
|
||||
ssh_opt='ssh'
|
||||
if [ -n "$privkey" ] ; then
|
||||
ssh_opt="$ssh_opt -i $privkey"
|
||||
fi
|
||||
|
||||
if [ -n "$hostkeyfile" ] ; then
|
||||
ssh_opt="$ssh_opt -o 'UserKnownHostsFile $hostkeyfile'"
|
||||
fi
|
||||
|
||||
repo="$1"
|
||||
if [ -z "$repo" ] ; then
|
||||
exit "$0: Empty repo given\n$summary"
|
||||
die "$0: Empty repo given\n$summary"
|
||||
fi
|
||||
|
||||
if [ ! $use_home ] ; then
|
||||
@ -62,24 +59,44 @@ if [ ! $use_home ] ; then
|
||||
set +a
|
||||
fi
|
||||
|
||||
mkdir -p "$dst"
|
||||
cd "$dst"
|
||||
run mkdir -p "$dst"
|
||||
run cd "$dst"
|
||||
|
||||
|
||||
if [ -d .git ] ; then
|
||||
echo "updating..."
|
||||
git fetch --tags --depth=1 --prune --prune-tags --force origin $ref
|
||||
git reset --hard --recurse-submodules FETCH_HEAD
|
||||
git submodule update --init --recursive --force --depth=1 --remote
|
||||
#garbage collection of anything unreachable at the moment
|
||||
git reflog expire --expire=now --all
|
||||
if "$be_aggressive" ; then
|
||||
git gc --prune=now --aggressive
|
||||
elsels
|
||||
git gc --prune=now
|
||||
|
||||
# Compute git branch and tag
|
||||
tagref=
|
||||
if [ -n "$tag" ] ; then
|
||||
tagref="tags/$tag"
|
||||
fi
|
||||
|
||||
run git fetch origin "$branch" --tags
|
||||
run git checkout --force $tagref -B "$branch"
|
||||
run git reset --hard # TODO we can keep some files?
|
||||
# Preserve existing files in some cases
|
||||
if ! "$nonempty_target" ; then
|
||||
git clean -qffdx
|
||||
fi
|
||||
run git submodule update --init --recursive --force --recommend-shallow
|
||||
run git submodule foreach git fetch
|
||||
run git submodule foreach git checkout --force HEAD
|
||||
run git submodule foreach git reset --hard
|
||||
run git submodule foreach git clean -fdx
|
||||
else
|
||||
echo "cloning..."
|
||||
clone_dst='.'
|
||||
git clone -b "$ref" --recurse-submodules --shallow-submodules --depth 1 --config core.sshCommand="$ssh_opts" "$repo" "$clone_dst"
|
||||
|
||||
# To override an existing dir, we need to clone elsewhere first
|
||||
if "$nonempty_target" ; then
|
||||
clone_dst="$(mktemp -d)"
|
||||
fi
|
||||
|
||||
run git clone -b "$branch" --single-branch --recurse-submodules --shallow-submodules --depth 1 --config core.sshCommand="$ssh_opt" "$repo" "$clone_dst"
|
||||
|
||||
# To override an existing dir, we then move everything to that dir
|
||||
if "$nonempty_target" ; then
|
||||
run mv "$clone_dst/"{*,.*} .
|
||||
run rmdir "$clone_dst"
|
||||
fi
|
||||
fi
|
||||
|
||||
|
@ -17,7 +17,7 @@ run nginx -t
|
||||
|
||||
if [ -z "$(cat /var/run/nginx.pid)" ] ; then
|
||||
section "Start nginx"
|
||||
run systemctl restart nginx
|
||||
run nginx
|
||||
else
|
||||
section "Reload nginx"
|
||||
run nginx -s reload
|
||||
|
@ -1,8 +1,6 @@
|
||||
#!/bin/bash
|
||||
|
||||
#set -euo pipefail
|
||||
# Pipefail will trigger annoying sigpipe on our greps
|
||||
set -eu
|
||||
set -euo pipefail
|
||||
|
||||
if [ "$#" -ne 2 ] ; then
|
||||
echo "Usage: $0 <start|stop|reload|restart> <wgif>"
|
||||
|
Binary file not shown.
@ -54,7 +54,7 @@
|
||||
|
||||
- name: Install some softwares
|
||||
apt:
|
||||
name: ['bind9', 'certbot', 'curl', 'dnsutils', 'git', 'gnupg2', 'htop', 'netcat-openbsd', 'nginx', 'nmap', 'podman', 'rsync', 'screen', 'sshfs', 'sudo', 'traceroute', 'vim', 'wget', 'zip']
|
||||
name: ['bind9', 'certbot', 'curl', 'dnsutils', 'git', 'gnupg2', 'htop', 'hugo', 'netcat-openbsd', 'nginx', 'podman', 'rclone', 'rsync', 'screen', 'sshfs', 'sudo', 'traceroute', 'vim', 'wget', 'zip']
|
||||
state: latest
|
||||
|
||||
# TODO disable certbot and certbot.timer services. We are using our own
|
||||
|
@ -58,11 +58,11 @@ http {
|
||||
#error_page 503 https://jean-cloud.net/503;
|
||||
|
||||
# limit requests
|
||||
#limit_req_status 429;
|
||||
#limit_req_zone $binary_remote_addr zone=defaultlimit:10m rate=30r/s;
|
||||
#limit_req zone=defaultlimit burst=100 nodelay;
|
||||
#limit_conn_zone $request_uri zone=defaultconumber:10m;
|
||||
#limit_conn defaultconumber 20;
|
||||
limit_req_status 429;
|
||||
limit_req_zone $binary_remote_addr zone=defaultlimit:10m rate=30r/s;
|
||||
limit_req zone=defaultlimit burst=100 nodelay;
|
||||
limit_conn_zone $request_uri zone=defaultconumber:10m;
|
||||
limit_conn defaultconumber 20;
|
||||
|
||||
##
|
||||
# Virtual Host Configs
|
||||
|
@ -2,7 +2,7 @@
|
||||
set -euo pipefail
|
||||
|
||||
# Update git repo
|
||||
git_update.sh -d "$HTTP_DIR" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
||||
git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
||||
|
||||
cd "$HTTP_DIR"
|
||||
|
||||
|
@ -1 +0,0 @@
|
||||
GIT_SOURCE_REPO=https://git.jean-cloud.net/eleonore/site_web_karafon.git
|
@ -1,5 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
# Update git repo
|
||||
git_update.sh -b sale -d "$HTTP_DIR" "$GIT_SOURCE_REPO"
|
@ -4,24 +4,21 @@ server {
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
server_name $JC_SERVICE www.$JC_SERVICE;
|
||||
root $HTTP_DIR;
|
||||
root $HTTP_DIR/collectifkarafon.wixsite.com/;
|
||||
|
||||
# Security headers
|
||||
# We can create a file with the base security headers and include it.
|
||||
# Will it be possible to overload them then ?
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self'; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self'; base-uri 'self'; form-action 'self';" always;
|
||||
#add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self'; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self'; base-uri 'self'; form-action 'self';" always;
|
||||
add_header X-Content-Type-Options "nosniff";
|
||||
add_header X-Frame-Options SAMEORIGIN always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||||
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='none';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
|
||||
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='https://mailer.jean-cloud.net';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
|
||||
|
||||
location / {
|
||||
index index.html;
|
||||
index monsite.html;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /.git {
|
||||
return 404;
|
||||
}
|
||||
}
|
||||
|
@ -1,3 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
# For some variables
|
||||
. /etc/jeancloud.env
|
||||
|
||||
apt install -y python3-certbot-dns-rfc2136
|
||||
|
@ -36,5 +36,5 @@ for srv in $(host -t TXT shlago.jean-cloud.org ns.jean-cloud.org | grep -Po 'des
|
||||
server="$srv.jean-cloud.org"
|
||||
[ -n "$(grep "$server" /etc/hosts)" ] && continue
|
||||
echo "-- $server"
|
||||
rsync -avz -e "ssh -i '$DATA_DIR/certs.priv' -p 45985" "$DATA_DIR/certs" "dnscerts.jean-cloud.org@$server:$DATA_DIR/" || true
|
||||
rsync -avz -e "ssh -i '$DATA_DIR/certs.priv' -p 45985" "$DATA_DIR/certs" "certs@$server:$DATA_DIR/" || true
|
||||
done
|
||||
|
@ -1,4 +1,4 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
git_update.sh -d "$HTTP_DIR" -r 2021 "https://git.jean-cloud.net/adrian/feteducourt-static.git"
|
||||
git_update.sh -d "$HTTP_DIR" -b 2021 "https://git.jean-cloud.net/adrian/feteducourt-static.git"
|
||||
|
@ -1,4 +1,4 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
git_update.sh -d "$HTTP_DIR" -r 2020 "https://git.jean-cloud.net/adrian/feteducourt-static.git"
|
||||
git_update.sh -d "$HTTP_DIR" -b 2020 "https://git.jean-cloud.net/adrian/feteducourt-static.git"
|
||||
|
@ -1,5 +1,5 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
git_update.sh -d "$HTTP_DIR" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
||||
git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
||||
|
||||
|
@ -1,7 +1,7 @@
|
||||
version: '3'
|
||||
services:
|
||||
gitea:
|
||||
image: gitea/gitea:1.22
|
||||
image: gitea/gitea:1.21
|
||||
depends_on:
|
||||
- db
|
||||
volumes:
|
||||
|
@ -1,11 +1,8 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
# Do not update website if body is unreachable
|
||||
[ ! -f "$HTTP_DIR/public/index.html" ] && { curl --fail-with-body https://$RADIO_HOST/manager/ >/dev/null || exit 0 ; }
|
||||
|
||||
# Update git repo
|
||||
git_update.sh -d "$HTTP_DIR" -o "-i $SECRET_DIR/gitlab-deploy.sshprivkey" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
||||
git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
||||
|
||||
cd "$HTTP_DIR"
|
||||
|
||||
@ -13,7 +10,7 @@ cd "$HTTP_DIR"
|
||||
rclone_ncloud_publiclink.sh
|
||||
|
||||
# Invalid cache
|
||||
rm -rf "/tmp/hugo_cache_$USER"
|
||||
#rm -rf "/tmp/hugo_cache_$USER"
|
||||
|
||||
# Build website
|
||||
HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo
|
||||
|
@ -1,2 +1 @@
|
||||
GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/jean-cloud_website
|
||||
GIT_BRANCH=master
|
||||
|
@ -1,5 +1,5 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
git_update.sh -d "$HTTP_DIR" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
||||
git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
||||
|
||||
|
@ -6,7 +6,7 @@ fi
|
||||
|
||||
. venv/bin/activate
|
||||
|
||||
git_update.sh -r v1 -d $HTTP_DIR https://git.jean-cloud.net/adrian/mutubot.git
|
||||
git_update.sh -b v1 -d $HTTP_DIR https://git.jean-cloud.net/adrian/mutubot.git
|
||||
|
||||
pip install -r requirements.txt
|
||||
|
||||
|
@ -1,16 +0,0 @@
|
||||
WEBSERVER=.105
|
||||
MUX=.100
|
||||
TELECOM=.101
|
||||
SWEBSOCKET_PORT=2002
|
||||
WEBSOCKET_PORT=2202
|
||||
RADIO_HOST=mux.paj.oma-radio.fr
|
||||
MUX_SERVER_PORT=9002
|
||||
TELECOM_SERVER_PORT=3492
|
||||
SOUNDBASE_DIR=/data/mux.paj.oma-radio.fr/soundbase
|
||||
OMA_DOCKER_VERSION=dev
|
||||
ICECAST=.110
|
||||
SOUNDBASE_IP=10.99.99.7
|
||||
SOUNDBASE_HOST=soundbase.paj.oma-radio.fr
|
||||
COMPOSE_NAME=muxpajoma-radiofr
|
||||
DOCKER_INSTANCES_PREFIX=muxpajoma-radiofr-
|
||||
DOCKER_INSTANCES_SUFIX=-1
|
@ -1,6 +0,0 @@
|
||||
#!/bin/bash
|
||||
mkdir -p "$SOUNDBASE_DIR/pige"
|
||||
chown 10000:10000 "$SOUNDBASE_DIR/pige" -R
|
||||
|
||||
cat "$SECRET_DIR/registry_pass" | docker login --username "$registry_user" --password-stdin registry.gitlab.com
|
||||
|
@ -1,10 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ ! -e "$DATA_DIR/.env" ] ; then
|
||||
cat > "$DATA_DIR/.env" <<EOF
|
||||
ICECAST_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||
ICECAST_ADMIN_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||
ICECAST_RELAY_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||
LIQUIDSOAP_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||
EOF
|
||||
fi
|
@ -1,143 +0,0 @@
|
||||
version: '3'
|
||||
services:
|
||||
ambre_mux:
|
||||
image: registry.gitlab.com/omaradio/core/oma-mux:$OMA_DOCKER_VERSION
|
||||
env_file:
|
||||
- .env
|
||||
- $DATA_DIR/.env
|
||||
environment:
|
||||
OMA_CONFIG_Client1Host: $NET$ICECAST
|
||||
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
|
||||
OMA_CONFIG_LogLevel: 8
|
||||
volumes:
|
||||
- $SOUNDBASE_DIR/pige:/app/pige
|
||||
ports:
|
||||
- $MUX_SERVER_PORT:9000
|
||||
depends_on:
|
||||
- transcode
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET$MUX
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
|
||||
saphir_telecom_server:
|
||||
image: registry.gitlab.com/omaradio/core/oma-telecom-server:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
ports:
|
||||
- $TELECOM_SERVER_PORT:3490
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET$TELECOM
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
amarante_webserver:
|
||||
image: registry.gitlab.com/omaradio/core/oma-webserver:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
environment:
|
||||
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
|
||||
OMA_CONFIG_PigeTxtLoadFic: off
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- $SOUNDBASE_DIR:/soundbase
|
||||
ports:
|
||||
- $WEBSOCKET_PORT:9000
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET$WEBSERVER
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
transcode:
|
||||
image: savonet/liquidsoap:v2.1.4
|
||||
env_file:
|
||||
- .env
|
||||
- $DATA_DIR/.env
|
||||
volumes:
|
||||
- ./liquidsoap.liq:/transcode.liq
|
||||
- $SOUNDBASE_DIR:/soundbase
|
||||
command: /transcode.liq
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.108
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 300M
|
||||
|
||||
#radioking:
|
||||
# image: jeancloud/liquidsoap:1.3.7
|
||||
# env_file: .env
|
||||
# volumes:
|
||||
# - ./radioking.liq:/radioking.liq
|
||||
# command: /radioking.liq
|
||||
# restart: unless-stopped
|
||||
# networks:
|
||||
# default:
|
||||
# ipv4_address: $NET.111
|
||||
|
||||
|
||||
icecast:
|
||||
image: infiniteproject/icecast
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
# echo -n "source:pass" | base64
|
||||
ICECAST_ADMIN_USERNAME: admin
|
||||
ICECAST_ADMIN_EMAIL: contact@oma-radio.fr
|
||||
ICECAST_LOCATION: Rhône-Alpes
|
||||
TZ: Europe/Paris
|
||||
env_file: $DATA_DIR/.env
|
||||
healthcheck:
|
||||
test: "wget http://127.0.0.1:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://127.0.0.1:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'"
|
||||
interval: 1h0m0s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 1m0s
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET$ICECAST
|
||||
|
||||
system_api:
|
||||
image: jeancloud/system-api:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
environment:
|
||||
UID: 33
|
||||
SOUNDBASE_PATH: /soundbase
|
||||
MOUNT: /muxapi
|
||||
CONFIG_PATH: /config
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- $SOUNDBASE_DIR:/soundbase
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.107
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 500M
|
||||
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
config:
|
||||
- subnet: $NET.0/24
|
@ -1,84 +0,0 @@
|
||||
#!/usr/bin/liquidsoap
|
||||
|
||||
# Extract timestamp from pige path
|
||||
def ts_from_filepath (filepath)
|
||||
splitpath = string.split(separator='/', filepath)
|
||||
# Keep only filename
|
||||
filename = list.nth(splitpath,list.length(splitpath)-1)
|
||||
int_of_string(list.hd(string.split(separator='\\.', filename)))
|
||||
end
|
||||
|
||||
# Remove pige from now-1month
|
||||
def rm_pige(ts)
|
||||
filepath = "/soundbase/pige/#{ts}.ogg"
|
||||
if file.exists("#{filepath}") then
|
||||
process.run("rm #{filepath}")
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
# Check that the timestamp starts exactly on a minute
|
||||
def integrity_check(ts)
|
||||
if ts mod 60 != 0 then
|
||||
print("#{ts} is to fix")
|
||||
end
|
||||
end
|
||||
|
||||
# Routine integrity check for each files
|
||||
def clean_and_check (filepath)
|
||||
ts = ts_from_filepath (filepath)
|
||||
|
||||
# Remove if old
|
||||
if ( ts < int_of_float(time()) - 2678400 ) then
|
||||
rm_pige(ts)
|
||||
end
|
||||
|
||||
integrity_check (ts)
|
||||
end
|
||||
|
||||
def clean_and_check_latest (filepath)
|
||||
ts = ts_from_filepath (filepath)
|
||||
rm_pige(ts - 2678400) # ts of one month sooner
|
||||
integrity_check (ts)
|
||||
|
||||
end
|
||||
|
||||
# Exaustive integrity check
|
||||
def clean_and_check_all ()
|
||||
list.iter(clean_and_check, file.ls("/soundbase/pige/"))
|
||||
end
|
||||
|
||||
|
||||
|
||||
# Mux
|
||||
#input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
|
||||
input1 = mksafe(input.http("http://icecast:8000/direct.ogg"))
|
||||
|
||||
# Direct mp3
|
||||
# TODO faire du 44100 pour éviter les trous ?
|
||||
output.icecast(
|
||||
%mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||
mount="/direct.mp3",
|
||||
#host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
||||
host="icecast", port=8000, password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f",
|
||||
input1)
|
||||
|
||||
# Radioking
|
||||
#output.icecast(
|
||||
# %mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||
# mount="/test355",
|
||||
# host="live.radioking.com", port=80, user="", password="",
|
||||
# input)
|
||||
|
||||
# Direct ogg
|
||||
#output.icecast(
|
||||
# %vorbis(samplerate=44100, channels=1, quality=0.2),
|
||||
# mount="/direct.ogg",
|
||||
# host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
||||
# input1)
|
||||
|
||||
# Pige
|
||||
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check_latest)
|
||||
|
||||
# Integrity checks
|
||||
clean_and_check_all()
|
@ -1,119 +0,0 @@
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
server{
|
||||
listen $SWEBSOCKET_PORT ssl;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://$NET$WEBSERVER:9000;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_read_timeout 120s;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name $JC_SERVICE;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://$SOUNDBASE_IP/;
|
||||
proxy_set_header Host '$SOUNDBASE_HOST';
|
||||
proxy_redirect http://$SOUNDBASE_HOST https://$JC_SERVICE;
|
||||
# wait
|
||||
client_max_body_size 0;
|
||||
proxy_connect_timeout 6000;
|
||||
proxy_send_timeout 60000;
|
||||
proxy_read_timeout 6000;
|
||||
send_timeout 6000;
|
||||
|
||||
|
||||
}
|
||||
|
||||
location /pige {
|
||||
alias "$SOUNDBASE_DIR/pige";
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
|
||||
location /direct.ogg {
|
||||
client_max_body_size 0;
|
||||
proxy_pass http://$NET$ICECAST:8000/direct.ogg;
|
||||
# kill cache
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
if_modified_since off;
|
||||
expires off;
|
||||
etag off;
|
||||
}
|
||||
location /direct.mp3 {
|
||||
client_max_body_size 0;
|
||||
proxy_pass http://$NET$ICECAST:8000/direct.mp3;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
}
|
||||
location /style.css {
|
||||
client_max_body_size 0;
|
||||
proxy_pass http://$NET$ICECAST:8000/style.css;
|
||||
}
|
||||
location /status.xsl {
|
||||
client_max_body_size 0;
|
||||
proxy_pass http://$NET$ICECAST:8000/status.xsl;
|
||||
# kill cache
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
if_modified_since off;
|
||||
expires off;
|
||||
etag off;
|
||||
}
|
||||
|
||||
location ~ /muxapi(/.*) {
|
||||
auth_basic "Entrez votre identifiant et mot de passe";
|
||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||
include uwsgi_params;
|
||||
uwsgi_param PATH_INFO "$1";
|
||||
uwsgi_param SCRIPT_NAME /muxapi;
|
||||
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
|
||||
client_max_body_size 0;
|
||||
proxy_connect_timeout 6000;
|
||||
proxy_send_timeout 60000;
|
||||
proxy_read_timeout 6000;
|
||||
send_timeout 6000;
|
||||
# kill cache
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy- revalidate, max-age=0';
|
||||
if_modified_since off;
|
||||
expires off;
|
||||
etag off;
|
||||
}
|
||||
|
||||
|
||||
location ~ /muxapi(/.*) {
|
||||
auth_basic "Entrez votre identifiant et mot de passe";
|
||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||
include uwsgi_params;
|
||||
uwsgi_param PATH_INFO "$1";
|
||||
uwsgi_param SCRIPT_NAME /muxapi;
|
||||
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
|
||||
client_max_body_size 0;
|
||||
proxy_connect_timeout 6000;
|
||||
proxy_send_timeout 60000;
|
||||
proxy_read_timeout 6000;
|
||||
send_timeout 6000;
|
||||
# kill cache
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
if_modified_since off;
|
||||
expires off;
|
||||
etag off;
|
||||
}
|
||||
}
|
@ -1,3 +1,4 @@
|
||||
ENDPOINT=10.29.0.1
|
||||
WEBSERVER=.105
|
||||
MUX=.100
|
||||
TELECOM=.101
|
||||
@ -6,12 +7,7 @@ WEBSOCKET_PORT=2204
|
||||
RADIO_HOST=mux.radiodemo.oma-radio.fr
|
||||
MUX_SERVER_PORT=9004
|
||||
TELECOM_SERVER_PORT=3494
|
||||
SOUNDBASE_DIR=/data/mux.radiodemo.oma-radio.fr/
|
||||
SOUNDBASE_DIR=/data/mux.radiodemo.oma-radio.fr/core/radioDemo
|
||||
OMA_DOCKER_VERSION=dev
|
||||
ICECAST=.110
|
||||
SOUNDBASE_IP=10.99.99.7
|
||||
SOUNDBASE_HOST=soundbase.radiodemo.oma-radio.fr
|
||||
COMPOSE_NAME=muxradiodemooma-radiofr
|
||||
DOCKER_INSTANCES_PREFIX=muxradiodemooma-radiofr-
|
||||
DOCKER_INSTANCES_SUFIX=-1
|
||||
OMA_CONFIG_LogLevel=8
|
||||
WG_NAME_radiodemo=radiodemo
|
||||
|
@ -1,12 +1,10 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ ! -e "$DATA_DIR/.env" ] ; then
|
||||
source_pass="$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 40)"
|
||||
cat > "$DATA_DIR/.env" <<EOF
|
||||
ICECAST_SOURCE_PASSWORD=$source_pass
|
||||
ICECAST_ADMIN_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 40)
|
||||
ICECAST_RELAY_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 40)
|
||||
LIQUIDSOAP_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 40)
|
||||
OMA_CONFIG_Client1EnteteNext="Authorization: Basic $(echo "source:$source_pass" | base64)"
|
||||
ICECAST_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||
ICECAST_ADMIN_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||
ICECAST_RELAY_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||
LIQUIDSOAP_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||
EOF
|
||||
fi
|
||||
|
@ -6,7 +6,7 @@ services:
|
||||
- .env
|
||||
- $DATA_DIR/.env
|
||||
environment:
|
||||
OMA_CONFIG_Client1Host: $NET$ICECAST
|
||||
OMA_CONFIG_Client1Host: $NET.108
|
||||
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
|
||||
OMA_CONFIG_Pige: on
|
||||
volumes:
|
||||
@ -58,7 +58,7 @@ services:
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.5'
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
transcode:
|
||||
@ -103,7 +103,7 @@ services:
|
||||
TZ: Europe/Paris
|
||||
env_file: $DATA_DIR/.env
|
||||
healthcheck:
|
||||
test: "wget http://127.0.0.1:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://127.0.0.1:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'"
|
||||
test: "wget http://localhost:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://localhost:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'"
|
||||
interval: 1h0m0s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
@ -112,28 +112,6 @@ services:
|
||||
default:
|
||||
ipv4_address: $NET$ICECAST
|
||||
|
||||
system_api:
|
||||
image: jeancloud/system-api:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
environment:
|
||||
UID: 33
|
||||
SOUNDBASE_PATH: /soundbase
|
||||
MOUNT: /muxapi
|
||||
CONFIG_PATH: /config
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- $SOUNDBASE_DIR:/soundbase
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.107
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 500M
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
|
@ -1,79 +0,0 @@
|
||||
#!/usr/bin/liquidsoap
|
||||
|
||||
# Extract timestamp from pige path
|
||||
def ts_from_filepath (filepath)
|
||||
splitpath = string.split(separator='/', filepath)
|
||||
# Keep only filename
|
||||
filename = list.nth(splitpath,list.length(splitpath)-1)
|
||||
int_of_string(list.hd(string.split(separator='\\.', filename)))
|
||||
end
|
||||
|
||||
# Remove pige from now-1month
|
||||
def clean_single_old_pige(ts)
|
||||
# ts of one month sooner
|
||||
ts = ts - 2678400
|
||||
filepath = "/soundbase/pige/#{ts}.ogg"
|
||||
if file.exists("#{filepath}") then
|
||||
process.run("rm #{filepath}")
|
||||
end
|
||||
end
|
||||
|
||||
# Remove a pige file if it is too old
|
||||
def clean_if_old(filename)
|
||||
filepath = "/soundbase/pige/#{filename}"
|
||||
if ( ts_from_filepath (filename) < int_of_float(time()) - 2678400 ) then
|
||||
process.run("rm #{filepath}")
|
||||
end
|
||||
end
|
||||
|
||||
# Check that the timestamp starts exactly on a minute
|
||||
def integrity_check(ts)
|
||||
if ts mod 60 != 0 then
|
||||
log.important("#{ts} is to fix")
|
||||
end
|
||||
end
|
||||
|
||||
# Routine integrity check for each files
|
||||
def clean_and_check (filepath)
|
||||
ts = ts_from_filepath (filepath)
|
||||
integrity_check (ts)
|
||||
clean_single_old_pige (ts)
|
||||
end
|
||||
|
||||
# Exaustive integrity check
|
||||
def clean_and_check_all ()
|
||||
#list.iter(clean_if_old, file.ls("/soundbase/pige/"))
|
||||
list.iter(clean_and_check, file.ls("/soundbase/pige/"))
|
||||
end
|
||||
|
||||
|
||||
|
||||
# Mux
|
||||
input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
|
||||
|
||||
# Direct mp3
|
||||
output.icecast(
|
||||
%mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||
mount="/direct.mp3",
|
||||
host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
||||
input1)
|
||||
|
||||
# Radioking
|
||||
#output.icecast(
|
||||
# %mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||
# mount="/test355",
|
||||
# host="live.radioking.com", port=80, user="", password="",
|
||||
# input)
|
||||
|
||||
# Direct ogg
|
||||
output.icecast(
|
||||
%vorbis(samplerate=44100, channels=1, quality=0.2),
|
||||
mount="/direct.ogg",
|
||||
host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
||||
input1)
|
||||
|
||||
# Pige
|
||||
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check)
|
||||
|
||||
# Integrity checks
|
||||
clean_and_check_all()
|
@ -1,80 +0,0 @@
|
||||
#!/usr/bin/liquidsoap
|
||||
|
||||
# Extract timestamp from pige path
|
||||
def ts_from_filepath (filepath)
|
||||
splitpath = string.split(separator='/', filepath)
|
||||
# Keep only filename
|
||||
filename = list.nth(splitpath,list.length(splitpath)-1)
|
||||
int_of_string(list.hd(string.split(separator='\\.', filename)))
|
||||
end
|
||||
|
||||
# Remove pige from now-1month
|
||||
def clean_single_old_pige(ts)
|
||||
# ts of one month sooner
|
||||
ts = ts - 2678400
|
||||
filepath = "/soundbase/pige/#{ts}.ogg"
|
||||
if file.exists("#{filepath}") then
|
||||
process.run("rm #{filepath}")
|
||||
end
|
||||
end
|
||||
|
||||
# Remove a pige file if it is too old
|
||||
def clean_if_old(filename)
|
||||
filepath = "/soundbase/pige/#{filename}"
|
||||
if ( ts_from_filepath (filename) < int_of_float(time()) - 2678400 ) then
|
||||
process.run("rm #{filepath}")
|
||||
end
|
||||
end
|
||||
|
||||
# Check that the timestamp starts exactly on a minute
|
||||
def integrity_check(ts)
|
||||
if ts mod 60 != 0 then
|
||||
log.important("#{ts} is to fix")
|
||||
end
|
||||
end
|
||||
|
||||
# Routine integrity check for each files
|
||||
def clean_and_check (filepath)
|
||||
ts = ts_from_filepath (filepath)
|
||||
integrity_check (ts)
|
||||
clean_single_old_pige (ts)
|
||||
end
|
||||
|
||||
# Exaustive integrity check
|
||||
def clean_and_check_all ()
|
||||
list.iter(clean_if_old, file.ls("/soundbase/pige/"))
|
||||
list.iter(clean_and_check, file.ls("/soundbase/pige/"))
|
||||
end
|
||||
|
||||
|
||||
|
||||
# Mux
|
||||
#input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
|
||||
input1 = mksafe(input.http("http://icecast:8000/direct.ogg"))
|
||||
|
||||
# Direct mp3
|
||||
output.icecast(
|
||||
%mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||
mount="/direct.mp3",
|
||||
host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
||||
input1)
|
||||
|
||||
# Radioking
|
||||
#output.icecast(
|
||||
# %mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||
# mount="/test355",
|
||||
# host="live.radioking.com", port=80, user="", password="",
|
||||
# input)
|
||||
|
||||
# Direct ogg
|
||||
#output.icecast(
|
||||
# %vorbis(samplerate=44100, channels=1, quality=0.2),
|
||||
# mount="/direct.ogg",
|
||||
# host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
||||
# input1)
|
||||
|
||||
# Pige
|
||||
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check)
|
||||
|
||||
# Integrity checks
|
||||
clean_and_check_all()
|
@ -1 +0,0 @@
|
||||
liquidsoap-transcode.liq
|
79
services/mux.radiodemo.oma-radio.fr/liquidsoap.liq
Normal file
79
services/mux.radiodemo.oma-radio.fr/liquidsoap.liq
Normal file
@ -0,0 +1,79 @@
|
||||
#!/usr/bin/liquidsoap
|
||||
|
||||
# Extract timestamp from pige path
|
||||
def ts_from_filepath (filepath)
|
||||
splitpath = string.split(separator='/', filepath)
|
||||
# Keep only filename
|
||||
filename = list.nth(splitpath,list.length(splitpath)-1)
|
||||
int_of_string(list.hd(string.split(separator='\\.', filename)))
|
||||
end
|
||||
|
||||
# Remove pige from now-1month
|
||||
def clean_single_old_pige(ts)
|
||||
# ts of one month sooner
|
||||
ts = ts - 2678400
|
||||
filepath = "/soundbase/pige/#{ts}.ogg"
|
||||
if file.exists("#{filepath}") then
|
||||
process.run("rm #{filepath}")
|
||||
end
|
||||
end
|
||||
|
||||
# Remove a pige file if it is too old
|
||||
def clean_if_old(filename)
|
||||
filepath = "/soundbase/pige/#{filename}"
|
||||
if ( ts_from_filepath (filename) < int_of_float(time()) - 2678400 ) then
|
||||
process.run("rm #{filepath}")
|
||||
end
|
||||
end
|
||||
|
||||
# Check that the timestamp starts exactly on a minute
|
||||
def integrity_check(ts)
|
||||
if ts mod 60 != 0 then
|
||||
log.important("#{ts} is to fix")
|
||||
end
|
||||
end
|
||||
|
||||
# Routine integrity check for each files
|
||||
def clean_and_check (filepath)
|
||||
ts = ts_from_filepath (filepath)
|
||||
integrity_check (ts)
|
||||
clean_single_old_pige (ts)
|
||||
end
|
||||
|
||||
# Exaustive integrity check
|
||||
def clean_and_check_all ()
|
||||
#list.iter(clean_if_old, file.ls("/soundbase/pige/"))
|
||||
list.iter(clean_and_check, file.ls("/soundbase/pige/"))
|
||||
end
|
||||
|
||||
|
||||
|
||||
# Mux
|
||||
input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
|
||||
|
||||
# Direct mp3
|
||||
output.icecast(
|
||||
%mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||
mount="/direct.mp3",
|
||||
host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
||||
input1)
|
||||
|
||||
# Radioking
|
||||
#output.icecast(
|
||||
# %mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||
# mount="/test355",
|
||||
# host="live.radioking.com", port=80, user="", password="",
|
||||
# input)
|
||||
|
||||
# Direct ogg
|
||||
output.icecast(
|
||||
%vorbis(samplerate=44100, channels=1, quality=0.2),
|
||||
mount="/direct.ogg",
|
||||
host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
||||
input1)
|
||||
|
||||
# Pige
|
||||
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check)
|
||||
|
||||
# Integrity checks
|
||||
clean_and_check_all()
|
@ -28,73 +28,25 @@ server {
|
||||
|
||||
location / {
|
||||
client_max_body_size 0;
|
||||
proxy_pass http://$SOUNDBASE_IP/;
|
||||
proxy_set_header Host '$SOUNDBASE_HOST';
|
||||
proxy_redirect http://$SOUNDBASE_HOST https://$JC_SERVICE;
|
||||
# wait
|
||||
client_max_body_size 0;
|
||||
proxy_connect_timeout 6000;
|
||||
proxy_send_timeout 60000;
|
||||
proxy_read_timeout 6000;
|
||||
send_timeout 6000;
|
||||
proxy_pass http://$ENDPOINT/;
|
||||
proxy_set_header Host 'soundbase.radiodemo.oma-radio.fr';
|
||||
proxy_redirect http://soundbase.radiodemo.oma-radio.fr https://$JC_SERVICE;
|
||||
|
||||
|
||||
}
|
||||
|
||||
location /pige {
|
||||
alias "$SOUNDBASE_DIR/pige";
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
|
||||
location /direct.ogg {
|
||||
client_max_body_size 0;
|
||||
proxy_pass http://$NET$ICECAST:8000/direct.ogg;
|
||||
# kill cache
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
if_modified_since off;
|
||||
expires off;
|
||||
etag off;
|
||||
}
|
||||
location /direct.mp3 {
|
||||
client_max_body_size 0;
|
||||
proxy_pass http://$NET$ICECAST:8000/direct.mp3;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
}
|
||||
location /style.css {
|
||||
client_max_body_size 0;
|
||||
proxy_pass http://$NET$ICECAST:8000/style.css;
|
||||
}
|
||||
location /status.xsl {
|
||||
client_max_body_size 0;
|
||||
proxy_pass http://$NET$ICECAST:8000/status.xsl;
|
||||
# kill cache
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
if_modified_since off;
|
||||
expires off;
|
||||
etag off;
|
||||
}
|
||||
|
||||
|
||||
location ~ /muxapi(/.*) {
|
||||
auth_basic "Entrez votre identifiant et mot de passe";
|
||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||
include uwsgi_params;
|
||||
uwsgi_param PATH_INFO "$1";
|
||||
uwsgi_param SCRIPT_NAME /muxapi;
|
||||
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
|
||||
client_max_body_size 0;
|
||||
proxy_connect_timeout 6000;
|
||||
proxy_send_timeout 60000;
|
||||
proxy_read_timeout 6000;
|
||||
send_timeout 6000;
|
||||
# kill cache
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
if_modified_since off;
|
||||
expires off;
|
||||
etag off;
|
||||
}
|
||||
location /logs/ {
|
||||
include /etc/nginx/fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $DOCKER_DIR/server.sh;
|
||||
fastcgi_pass unix:/var/run/fcgiwrap.socket;
|
||||
}
|
||||
}
|
||||
|
7
services/mux.radiodemo.oma-radio.fr/radioking.liq
Normal file
7
services/mux.radiodemo.oma-radio.fr/radioking.liq
Normal file
@ -0,0 +1,7 @@
|
||||
input = mksafe(input.http("http://172.29.0.110:8000/direct.mp3"))
|
||||
output.icecast(
|
||||
%mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||
mount="/test355",
|
||||
host="live.radioking.com", port=80, user="test_test29", password="S9tx3VBhl",
|
||||
input)
|
||||
|
@ -10,7 +10,7 @@ instance=''
|
||||
since=''
|
||||
until=''
|
||||
|
||||
action="$(echo "${REQUEST_URI##*/}" | tr -d '/\;!<>?#[]()"*.' | sed 's/&/\n/g')"
|
||||
action="$(echo "$QUERY_STRING" | tr -d '/\;!<>?#[]()"*.' | sed 's/&/\n/g')"
|
||||
|
||||
while IFS='=' read key value ; do
|
||||
case "$key" in
|
||||
@ -35,9 +35,7 @@ done < <(echo "$action")
|
||||
[ -z "$since" ] && exit 3
|
||||
[ -z "$until" ] && exit 4
|
||||
|
||||
pwd
|
||||
echo docker-compose logs --since "$since" --until "$until" "$instance"
|
||||
docker-compose logs --since "$since" --until "$until" "$instance" 2>&1
|
||||
if [ "$?" -ne 0 ] ; then
|
||||
echo failed
|
||||
fi
|
||||
|
33
services/mux.radiodemo.oma-radio.fr/wg-radiodemo.sh
Executable file
33
services/mux.radiodemo.oma-radio.fr/wg-radiodemo.sh
Executable file
@ -0,0 +1,33 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
. .env
|
||||
|
||||
wgif="$1"
|
||||
|
||||
echo "
|
||||
[Interface]
|
||||
PrivateKey = $(cat $DATA_DIR/privatekey)
|
||||
Address = 10.29.0.254/32
|
||||
ListenPort = 55820
|
||||
|
||||
# packet forwarding
|
||||
PreUp = sysctl -w net.ipv4.ip_forward=1
|
||||
|
||||
# port forwarding
|
||||
#PreUp = iptables -t nat -A PREROUTING -p tcp --dport $MUX_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$MUX_SERVER_PORT
|
||||
#PreUp = iptables -t nat -A PREROUTING -p tcp --dport $TELECOM_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$TELECOM_SERVER_PORT
|
||||
|
||||
#PostDown = iptables -t nat -D PREROUTING -p tcp --dport $MUX_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$MUX_SERVER_PORT
|
||||
#PostDown = iptables -t nat -D PREROUTING -p tcp --dport $TELECOM_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$TELECOM_SERVER_PORT
|
||||
|
||||
# packet masquerading
|
||||
#PreUp = iptables -t nat -A POSTROUTING -o $wgif -j MASQUERADE
|
||||
#PostDown = iptables -t nat -D POSTROUTING -o $wgif -j MASQUERADE
|
||||
|
||||
# remote settings for the private server
|
||||
[Peer]
|
||||
PublicKey = 6/Mlxe9auEw/WQnC6QYNAYtSAo8jAEMhJ1wXaRNy4AE=
|
||||
AllowedIPs = 10.29.0.0/24
|
||||
"
|
@ -1,16 +0,0 @@
|
||||
WEBSERVER=.105
|
||||
MUX=.100
|
||||
TELECOM=.101
|
||||
SWEBSOCKET_PORT=2005
|
||||
WEBSOCKET_PORT=2205
|
||||
RADIO_HOST=mux.radiokipik.org
|
||||
MUX_SERVER_PORT=9005
|
||||
TELECOM_SERVER_PORT=3495
|
||||
SOUNDBASE_DIR=/data/mux.radiokipik.org/soundbase
|
||||
OMA_DOCKER_VERSION=unstable
|
||||
ICECAST=.110
|
||||
SOUNDBASE_IP=10.99.99.7
|
||||
SOUNDBASE_HOST=soundbase.radiokipik.org
|
||||
COMPOSE_NAME=muxradiokipikorg
|
||||
DOCKER_INSTANCES_PREFIX=muxradiokipikorg-
|
||||
DOCKER_INSTANCES_SUFIX=-1
|
@ -1,6 +0,0 @@
|
||||
#!/bin/bash
|
||||
mkdir -p "$SOUNDBASE_DIR/pige"
|
||||
chown 10000:10000 "$SOUNDBASE_DIR/pige" -R
|
||||
|
||||
cat "$SECRET_DIR/registry_pass" | docker login --username "$registry_user" --password-stdin registry.gitlab.com
|
||||
|
@ -1,11 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ ! -e "$DATA_DIR/.env" ] ; then
|
||||
cat > "$DATA_DIR/.env" <<EOF
|
||||
ICECAST_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||
ICECAST_ADMIN_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||
ICECAST_RELAY_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||
LIQUIDSOAP_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||
EOF
|
||||
fi
|
||||
|
@ -1,140 +0,0 @@
|
||||
version: '3'
|
||||
services:
|
||||
ambre_mux:
|
||||
image: registry.gitlab.com/omaradio/core/oma-mux:$OMA_DOCKER_VERSION
|
||||
env_file:
|
||||
- .env
|
||||
- $DATA_DIR/.env
|
||||
environment:
|
||||
OMA_CONFIG_Client1Host: $NET$ICECAST
|
||||
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
|
||||
volumes:
|
||||
- $SOUNDBASE_DIR/pige:/app/pige
|
||||
ports:
|
||||
- $MUX_SERVER_PORT:9000
|
||||
depends_on:
|
||||
- transcode
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET$MUX
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
|
||||
saphir_telecom_server:
|
||||
image: registry.gitlab.com/omaradio/core/oma-telecom-server:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
ports:
|
||||
- $TELECOM_SERVER_PORT:3490
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET$TELECOM
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
amarante_webserver:
|
||||
image: registry.gitlab.com/omaradio/core/oma-webserver:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
environment:
|
||||
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
|
||||
OMA_CONFIG_PigeTxtLoadFic: off
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- $SOUNDBASE_DIR:/soundbase
|
||||
ports:
|
||||
- $WEBSOCKET_PORT:9000
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET$WEBSERVER
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.5'
|
||||
memory: 100M
|
||||
|
||||
transcode:
|
||||
image: savonet/liquidsoap:v2.1.4
|
||||
env_file:
|
||||
- .env
|
||||
- $DATA_DIR/.env
|
||||
volumes:
|
||||
- ./liquidsoap.liq:/transcode.liq
|
||||
- $SOUNDBASE_DIR:/soundbase
|
||||
command: /transcode.liq
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.108
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 300M
|
||||
|
||||
#radioking:
|
||||
# image: jeancloud/liquidsoap:1.3.7
|
||||
# env_file: .env
|
||||
# volumes:
|
||||
# - ./radioking.liq:/radioking.liq
|
||||
# command: /radioking.liq
|
||||
# restart: unless-stopped
|
||||
# networks:
|
||||
# default:
|
||||
# ipv4_address: $NET.111
|
||||
|
||||
|
||||
icecast:
|
||||
image: infiniteproject/icecast
|
||||
restart: unless-stopped
|
||||
environment:
|
||||
# echo -n "source:pass" | base64
|
||||
ICECAST_ADMIN_USERNAME: admin
|
||||
ICECAST_ADMIN_EMAIL: contact@oma-radio.fr
|
||||
ICECAST_LOCATION: Rhône-Alpes
|
||||
TZ: Europe/Paris
|
||||
env_file: $DATA_DIR/.env
|
||||
healthcheck:
|
||||
test: "wget http://127.0.0.1:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://127.0.0.1:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'"
|
||||
interval: 1h0m0s
|
||||
timeout: 10s
|
||||
retries: 3
|
||||
start_period: 1m0s
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET$ICECAST
|
||||
|
||||
system_api:
|
||||
image: jeancloud/system-api:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
environment:
|
||||
UID: 33
|
||||
SOUNDBASE_PATH: /soundbase
|
||||
MOUNT: /muxapi
|
||||
CONFIG_PATH: /config
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- $SOUNDBASE_DIR:/soundbase
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.107
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 500M
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
config:
|
||||
- subnet: $NET.0/24
|
@ -1,84 +0,0 @@
|
||||
#!/usr/bin/liquidsoap
|
||||
|
||||
# Extract timestamp from pige path
|
||||
def ts_from_filepath (filepath)
|
||||
splitpath = string.split(separator='/', filepath)
|
||||
# Keep only filename
|
||||
filename = list.nth(splitpath,list.length(splitpath)-1)
|
||||
int_of_string(list.hd(string.split(separator='\\.', filename)))
|
||||
end
|
||||
|
||||
# Remove pige from now-1month
|
||||
def rm_pige(ts)
|
||||
filepath = "/soundbase/pige/#{ts}.ogg"
|
||||
if file.exists("#{filepath}") then
|
||||
process.run("rm #{filepath}")
|
||||
end
|
||||
end
|
||||
|
||||
|
||||
# Check that the timestamp starts exactly on a minute
|
||||
def integrity_check(ts)
|
||||
if ts mod 60 != 0 then
|
||||
print("#{ts} is to fix")
|
||||
end
|
||||
end
|
||||
|
||||
# Routine integrity check for each files
|
||||
def clean_and_check (filepath)
|
||||
ts = ts_from_filepath (filepath)
|
||||
|
||||
# Remove if old
|
||||
if ( ts < int_of_float(time()) - 2678400 ) then
|
||||
rm_pige(ts)
|
||||
end
|
||||
|
||||
integrity_check (ts)
|
||||
end
|
||||
|
||||
def clean_and_check_latest (filepath)
|
||||
ts = ts_from_filepath (filepath)
|
||||
rm_pige(ts - 2678400) # ts of one month sooner
|
||||
integrity_check (ts)
|
||||
|
||||
end
|
||||
|
||||
# Exaustive integrity check
|
||||
def clean_and_check_all ()
|
||||
list.iter(clean_and_check, file.ls("/soundbase/pige/"))
|
||||
end
|
||||
|
||||
|
||||
|
||||
# Mux
|
||||
#input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
|
||||
input1 = mksafe(input.http("http://icecast:8000/direct.ogg"))
|
||||
|
||||
# Direct mp3
|
||||
# TODO faire du 44100 pour éviter les trous ?
|
||||
output.icecast(
|
||||
%mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||
mount="/direct.mp3",
|
||||
#host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
||||
host="icecast", port=8000, password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f",
|
||||
input1)
|
||||
|
||||
# Radioking
|
||||
#output.icecast(
|
||||
# %mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||
# mount="/test355",
|
||||
# host="live.radioking.com", port=80, user="", password="",
|
||||
# input)
|
||||
|
||||
# Direct ogg
|
||||
#output.icecast(
|
||||
# %vorbis(samplerate=44100, channels=1, quality=0.2),
|
||||
# mount="/direct.ogg",
|
||||
# host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
||||
# input1)
|
||||
|
||||
# Pige
|
||||
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check_latest)
|
||||
|
||||
# Integrity checks
|
||||
clean_and_check_all()
|
@ -1,104 +0,0 @@
|
||||
map $http_upgrade $connection_upgrade {
|
||||
default upgrade;
|
||||
'' close;
|
||||
}
|
||||
|
||||
server{
|
||||
listen $SWEBSOCKET_PORT ssl;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
|
||||
location / {
|
||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
||||
proxy_set_header Host $host;
|
||||
proxy_pass http://$NET$WEBSERVER:9000;
|
||||
proxy_http_version 1.1;
|
||||
proxy_set_header Upgrade $http_upgrade;
|
||||
proxy_set_header Connection "upgrade";
|
||||
proxy_read_timeout 120s;
|
||||
}
|
||||
}
|
||||
|
||||
server {
|
||||
listen 443 ssl;
|
||||
listen [::]:443 ssl;
|
||||
server_name $JC_SERVICE;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
|
||||
location / {
|
||||
proxy_pass http://$SOUNDBASE_IP/;
|
||||
proxy_set_header Host '$SOUNDBASE_HOST';
|
||||
proxy_redirect http://$SOUNDBASE_HOST https://$JC_SERVICE;
|
||||
# kill cache
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
if_modified_since off;
|
||||
expires off;
|
||||
etag off;
|
||||
# wait
|
||||
client_max_body_size 0;
|
||||
proxy_connect_timeout 6000;
|
||||
proxy_send_timeout 60000;
|
||||
proxy_read_timeout 6000;
|
||||
send_timeout 6000;
|
||||
|
||||
}
|
||||
|
||||
location /pige {
|
||||
alias "$SOUNDBASE_DIR/pige";
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
|
||||
location /direct.ogg {
|
||||
client_max_body_size 0;
|
||||
proxy_pass http://$NET$ICECAST:8000/direct.ogg;
|
||||
# kill cache
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
if_modified_since off;
|
||||
expires off;
|
||||
etag off;
|
||||
}
|
||||
location /direct.mp3 {
|
||||
client_max_body_size 0;
|
||||
proxy_pass http://$NET$ICECAST:8000/direct.mp3;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
}
|
||||
location /style.css {
|
||||
client_max_body_size 0;
|
||||
proxy_pass http://$NET$ICECAST:8000/style.css;
|
||||
}
|
||||
location /status.xsl {
|
||||
client_max_body_size 0;
|
||||
proxy_pass http://$NET$ICECAST:8000/status.xsl;
|
||||
# kill cache
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
if_modified_since off;
|
||||
expires off;
|
||||
etag off;
|
||||
}
|
||||
|
||||
|
||||
location ~ /muxapi(/.*) {
|
||||
auth_basic "Entrez votre identifiant et mot de passe";
|
||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||
include uwsgi_params;
|
||||
uwsgi_param PATH_INFO "$1";
|
||||
uwsgi_param SCRIPT_NAME /muxapi;
|
||||
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
|
||||
client_max_body_size 0;
|
||||
proxy_connect_timeout 6000;
|
||||
proxy_send_timeout 60000;
|
||||
proxy_read_timeout 6000;
|
||||
send_timeout 6000;
|
||||
# kill cache
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
if_modified_since off;
|
||||
expires off;
|
||||
etag off;
|
||||
}
|
||||
}
|
@ -1,38 +0,0 @@
|
||||
-----BEGIN OPENSSH PRIVATE KEY-----
|
||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
||||
NhAAAAAwEAAQAAAYEAuKyZzOALRAFq487PSFdSilaUN6wTacncP5XDlVwWr2QBOMPWpOyf
|
||||
DzdhxIGx2ZBofgDE/47bClZR4SvFr6+2Sj5a5fAhOGeBAS2Z/Je7pL5Ar+nvIBNFG5bwv/
|
||||
qEgkfWEjuzjDoEVoY7f6RMrOOnTpZS1F32Y3UB0WiH5FgOwjKWb47q8kxUDSQd0sdZNNKL
|
||||
d7/RWGplNSLtloC87C8YC0Wxi3wHgssgRCw7xD2cpm6zwRh1lvLbk0a0zhZXTOcsR+lBwe
|
||||
fEF4eziZDCrKpYwaPdSjIuP6+dctO+1BTSK0KnvuMftTwfLwInZtn9kxa+oTsMRV27oxyO
|
||||
MiVnx5Gfahh2OQtI299Zm19Lu3ARSzJL0CQc4oDmf9Yhi3SoHwXCMNdyEwRk55iO5b6oA1
|
||||
wilUAe2K+YHuG5eNtLu1UvpREGhN4AqYVYW+TqIdRLNr2PTuMW3GyQlCHxIFfBcKPoVNuY
|
||||
B+sBwhva3IQG+EEwY3ZkqU80J5NXmj36epBe+yxhAAAFkFBSLaVQUi2lAAAAB3NzaC1yc2
|
||||
EAAAGBALismczgC0QBauPOz0hXUopWlDesE2nJ3D+Vw5VcFq9kATjD1qTsnw83YcSBsdmQ
|
||||
aH4AxP+O2wpWUeErxa+vtko+WuXwIThngQEtmfyXu6S+QK/p7yATRRuW8L/6hIJH1hI7s4
|
||||
w6BFaGO3+kTKzjp06WUtRd9mN1AdFoh+RYDsIylm+O6vJMVA0kHdLHWTTSi3e/0VhqZTUi
|
||||
7ZaAvOwvGAtFsYt8B4LLIEQsO8Q9nKZus8EYdZby25NGtM4WV0znLEfpQcHnxBeHs4mQwq
|
||||
yqWMGj3UoyLj+vnXLTvtQU0itCp77jH7U8Hy8CJ2bZ/ZMWvqE7DEVdu6McjjIlZ8eRn2oY
|
||||
djkLSNvfWZtfS7twEUsyS9AkHOKA5n/WIYt0qB8FwjDXchMEZOeYjuW+qANcIpVAHtivmB
|
||||
7huXjbS7tVL6URBoTeAKmFWFvk6iHUSza9j07jFtxskJQh8SBXwXCj6FTbmAfrAcIb2tyE
|
||||
BvhBMGN2ZKlPNCeTV5o9+nqQXvssYQAAAAMBAAEAAAGAATuMD1Mjknsg53VGo4lSaWZMpg
|
||||
h6av1Jbald/6iZthZin6DVXsxl4rgrhcFghSAQYi9ckwawYqiEuZLuWVrAt5h5zVKvOe5H
|
||||
9oARleGEt8FaJLJwj9/uFrpnwdCScnmR8B6pVgnONMFEbBB5nitaTXfi6EYTBStUOSEXgC
|
||||
SmsNzyzEkeDABM0/wSCtCAz665VWYT5XaH48W80QFnFF8UUel1mVYp1R1ptNAdEJoVfShM
|
||||
/7JB5L3T+BAbZpMJMTU65Vgq2QfG1QUd+R9c73Z0J17VaZJivOqzoY+BsvcEwjWn7gxOjx
|
||||
0PYkaZSLiqY6GT6oU5TWNgzIS8F/2ORrMgaxWOKDLBFt2vgQiwf/2T1E8m1jmmPvEeOJ70
|
||||
gmJIk9CKAM0UX2HAYM+il0Na4lOpIKggA6QLszsEWjBkdrHjZPL9HeLRMz1vnFAWCoekPN
|
||||
jemZGhk6mEj6qMRuoDZ/6UWYcMhv64SFX/93YTF5QozbFoMYct1tfE03c9QEX+dV/3AAAA
|
||||
wQDtsDjhtps2NWP8H5V2MY+cQoE16T8abQjxCCo7nX3vfB2+lxg9wyRx1PdtySDnSNgpG+
|
||||
pYjGFUzDlNxCVOqY9+aOA31mzfVn6EH4mG3q6/TL3/QN1ILnLbs4lyNLG4KWP1wT5MocHt
|
||||
PAzWWL2O1j2Y8B/zYZZDdirx+D/0gnZmEghzq4KwIj+zj+ILRFKuM07WD73mNvyzfwuaTb
|
||||
hhV75hEtMcLO6EgjX1NUlsIeZvK5Xht3cta62XFpsXAUY4u0EAAADBAPOxezplUkaxdmnR
|
||||
CVduC7pcDweexJyVJtg753kde65IIizPSxB0QNwA4gqc2Us5PjxfS4tetsupOxRZD+ER0S
|
||||
fEpX7rTedqFdukb8h7QDE6yVOD7C14vVC/kThPu9LI21itp03BFZUw1/FRRMK/xur51Ahj
|
||||
g5F83+CkgQsVmwEo8cZ0b+io76FlXa4OGBUQnVE+mf6TZ+PbMT2zFJ5KAlZ54KxPZJAQOR
|
||||
VJwaND0N6YQLaAkDZEnTJG3KTHyAFt4wAAAMEAwgAbwCPg4aeFXptJLUbBmDB9mGkHZkjM
|
||||
p4SVC2iPSSMahnu8L5vCk/SOQJlv13mJ1JcZ/HplPUugB9cL+9SsLkr7c/r2otnch/x2WP
|
||||
tF7zN6AgECs4/MWSenlxlvmD2HU6TtXaKQHfmP9HK4cIf0m1rTz4OpuZJlbDXNh/QNyzU3
|
||||
8UUAns4EaLLSM5rgSz2pPXYU6XnfSOVGZNotmla/xWbPd8sSrWCFV0VC/O0cBVMJ20QlUo
|
||||
vR0cIiNMZDyQ/rAAAAGHJvb3RAcmFrdS5qZWFuLWNsb3VkLm9yZwEC
|
||||
-----END OPENSSH PRIVATE KEY-----
|
@ -1,4 +0,0 @@
|
||||
key "letsencrypt.key" {
|
||||
algorithm hmac-sha256;
|
||||
secret "d2q77gecXwNQdzJb3tnE5IUGXY7/r0LL3hj+GG2/iTo=";
|
||||
};
|
@ -21,7 +21,7 @@ prepare () {
|
||||
fi
|
||||
|
||||
echo 'Sync the git repo'
|
||||
run sudo -u bind git_update.sh -r main -o "-i $DATA_DIR/gitkey" -d "$debian_bind_confdir" 'ssh://git@git.jean-cloud.net:22529/adrian/dnszones.git'
|
||||
run sudo -u bind git_update.sh -N -b main -i "$DATA_DIR/gitkey" -d "$debian_bind_confdir" 'ssh://git@git.jean-cloud.net:22529/adrian/dnszones.git'
|
||||
cd /etc/bind
|
||||
|
||||
|
||||
|
@ -89,7 +89,6 @@ services:
|
||||
|
||||
collabora:
|
||||
image: collabora/code
|
||||
privileged: true
|
||||
environment:
|
||||
- "dictionaries=fr"
|
||||
- "server_name=office.nuage.jean-cloud.net"
|
||||
|
@ -1,6 +0,0 @@
|
||||
GIT_SOURCE_REPO="https://gitlab.com/omaradio/website"
|
||||
GIT_SOURCE_BRANCH=dev
|
||||
RADIO_HOST=mux.paj.oma-radio.fr
|
||||
USE_SSL=true
|
||||
WEBSOCKET_PORT=2002
|
||||
RADIO_NAME_PRETTY="Paj Radio"
|
@ -1,2 +0,0 @@
|
||||
gitlab.com ssh-dss AAAAB3NzaC1kc3MAAACBAMPKInNPflcRle9F5Qt2j9aI0EZuWQzdXTbYvsl+ChaacqCOWRMiOmXHXqetFz6jD/6Fcqg20ZATxqSskQBaRn97O/mbH+GQk4d3zw9WAEURicE8rKJop3qGtdfFxLzrTuF/PAkKRDMmutT3hwZIOO8CFWOl1BiuUYTncJTeonrfAAAAFQCujauoy3Yy+ul72b/WsTECUPj9yQAAAIBIV2yyF7RZf7IYS8tsWcKP7Y5Bv9eFdbvbtsaxcFCHcmHIGoJQrIdPoueoOb5EUTYz0NgYKsKaZzDZkgFk28GsmLxKvhnPjaw0lJVSKRchEE5xVlamOlabiRMjQ7X/bAdejkBJe96AjZZL3UO4acpwfy3Tnnap0w6YCDeaxoyHpwAAAIAU+dyNaL3Hy15VIV32QwWMekvxeptUY/DW03LNcgZZDoin87TE9xuQhM0qF3pi2i2a2ExuslgdttmYWvrbEz8eW+RFgvT5pKwWpalKWetHvtN3oYZP37ZIO1Y3Hd5A4YVcpYp1ccRayveLlCRwxb4HdGXT2OmYU+lmvimIR8zQ6A==
|
||||
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
|
@ -1,19 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
# Si le site a déjà été build par le passé, curl termine l’exécution du script en cas d’absence sur serveur corps.
|
||||
[ -f "$HTTP_DIR/public/index.html" ] && { curl --head --fail-with-body $RADIO_HOST/fic/_series-_index.fic || exit 0 ; } >/dev/null
|
||||
|
||||
# Update git repo
|
||||
git_update.sh -d "$HTTP_DIR" -o "-i $SECRET_DIR/gitlab-deploy.sshprivkey" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
||||
|
||||
cd "$HTTP_DIR"
|
||||
|
||||
# Get remote content files
|
||||
#rclone_ncloud_publiclink.sh
|
||||
|
||||
# Invalid cache
|
||||
rm -rf "/tmp/hugo_cache_$USER"
|
||||
|
||||
# Build website
|
||||
HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo
|
@ -1,32 +0,0 @@
|
||||
server {
|
||||
listen 443 ssl http2;
|
||||
listen [::]:443 ssl http2;
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
server_name $JC_SERVICE www.$JC_SERVICE;
|
||||
root $HTTP_DIR/public/;
|
||||
|
||||
# Security headers
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
#add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self' 'https://static.jean-cloud.net/player-interface/*' ; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self' 'https://static.jean-cloud.net/player-interface/*' 'https://cdn.jsdelivr.net/npm/*'; base-uri 'self'; form-action 'self';" always;
|
||||
add_header X-Content-Type-Options "nosniff";
|
||||
add_header X-Frame-Options SAMEORIGIN always;
|
||||
add_header X-XSS-Protection "1; mode=block" always;
|
||||
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||||
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
|
||||
|
||||
location / {
|
||||
index index.html;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
location /manager {
|
||||
return 301 $scheme://mux.$JC_SERVICE/manager;
|
||||
}
|
||||
|
||||
location /buildscript/ {
|
||||
include /etc/nginx/fastcgi_params;
|
||||
fastcgi_param SCRIPT_FILENAME $DOCKER_DIR/server.sh;
|
||||
fastcgi_pass unix:/var/run/fcgiwrap.socket;
|
||||
}
|
||||
}
|
@ -1,10 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
echo "Content-type: text/html"
|
||||
echo ""
|
||||
|
||||
. .env
|
||||
|
||||
echo '<pre>'
|
||||
deploy_as "$JC_SERVICE"
|
||||
echo '</pre>'
|
@ -2,7 +2,7 @@
|
||||
set -euo pipefail
|
||||
|
||||
# Update git repo
|
||||
git_update.sh -r "${GIT_BRANCH:main}" -d "$HTTP_DIR" "$GIT_SOURCE_REPO"
|
||||
git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO"
|
||||
|
||||
cd "$HTTP_DIR"
|
||||
|
||||
|
@ -2,4 +2,3 @@ GIT_SOURCE_REPO="git@gitlab.com:omaradio/website.git"
|
||||
RADIO_HOST=mux.radiodemo.oma-radio.fr
|
||||
USE_SSL=true
|
||||
WEBSOCKET_PORT=2004
|
||||
VUE_APP_PUBLIC_WEBSITE=radiodemo.oma-radio.fr
|
||||
|
@ -1,16 +0,0 @@
|
||||
#!/bin/bash
|
||||
set -euo pipefail
|
||||
|
||||
# Si le site a déjà été build par le passé, curl termine l’exécution du script en cas d’absence sur serveur corps.
|
||||
[ -f "$HTTP_DIR/public/index.html" ] && { curl -iI https://$RADIO_HOST/fic/_series-_index.fic >/dev/null || exit 0 ; }
|
||||
|
||||
# Update git repo
|
||||
git_update.sh -d "$HTTP_DIR" -o "-i $SECRET_DIR/gitlab-deploy.sshprivkey" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
||||
|
||||
cd "$HTTP_DIR"
|
||||
|
||||
# Invalid cache
|
||||
rm -rf "/tmp/hugo_cache_$USER"
|
||||
|
||||
# Build website
|
||||
HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo
|
1
services/radiodemo.oma-radio.fr/deploy_user.sh
Symbolic link
1
services/radiodemo.oma-radio.fr/deploy_user.sh
Symbolic link
@ -0,0 +1 @@
|
||||
../hugo/deploy_user.sh
|
@ -1,5 +1,4 @@
|
||||
GIT_SOURCE_REPO="git@gitlab.com:omaradio/website.git"
|
||||
RADIO_HOST=mux.radiokipik.org
|
||||
RADIO_HOST=mux.radiodemo.oma-radio.fr
|
||||
USE_SSL=true
|
||||
WEBSOCKET_PORT=2005
|
||||
RADIO_NAME_PRETTY="Radio Kipik"
|
||||
WEBSOCKET_PORT=2004
|
||||
|
@ -4,7 +4,7 @@ server {
|
||||
ssl_certificate $JC_CERT/fullchain.pem;
|
||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||
server_name $JC_SERVICE www.$JC_SERVICE;
|
||||
root $HTTP_DIR/public;
|
||||
root $HTTP_DIR/;
|
||||
|
||||
# Security headers
|
||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||
|
@ -1,7 +0,0 @@
|
||||
id;nom;lieu;fai;note;wg_pubkey;ip;ip;ip;ip;ip
|
||||
3;max;"Montpellier";red/sfr;"Chez Elisa";wTU3G3tutx2NIBlDDdBQhSnPFmkE5TM8aqcn1gdACF8=;2a02:8434:66e2:e301:a2b3:ccff:fe85:af97;;;
|
||||
4;raku;"Le bessat";red/sfr;"Chez axel et louise";xEKLecqKmr7+VWhi9+LvfYNflVfkkMEe7DXHFDaiqBk=;92.92.34.140;;;
|
||||
6;jeanPinion;"Alençon";;"Librairie de Centime";+goHQ6dBoqrjkPtru9Y1QeSChXNIuUpnv0xnh23jYRs=;
|
||||
7;montbonnot;"Marseille";;"Géré par Nico";S1jpvHJRr2yFh4OB9hLk+zXUNXAycOewNqouoO2Zky4=;
|
||||
8;jeanCheri;"Lyon";;"Épicerie ACTR";5+j+wcrQQAnR8thBRqdoKsamNog0pMZeJG2AONs5OD0=;
|
||||
9;izzo;"Hostinger";"Hostinger";"Serveur hébergé principal";8ulBTjnjbo/dD8pPumpz07TUbDTofZ46+oTdkBb2JWE=;89.116.110.62;2a02:4780:28:a254::1;
|
Can't render this file because it has a wrong number of fields in line 2.
|
@ -26,10 +26,10 @@
|
||||
29;nuage.jean-cloud.net;nuage.jean-cloud.net;izzo.jean-cloud.org
|
||||
30;oma-radio.fr;oma-radio.fr;izzo.jean-cloud.org
|
||||
31;pa1.studios.oma-radio.fr;pa1.studios.oma-radio.fr;tetede.jean-cloud.org
|
||||
32;paj.oma-radio.fr;paj.oma-radio.fr;izzo.jean-cloud.org
|
||||
32;paj.oma-radio.fr;paj.oma-radio.fr;nougaro.jean-cloud.org
|
||||
33;quadrille-elsa.jean-cloud.net;quadrille-elsa.jean-cloud.net;shlago.jean-cloud.org
|
||||
34;radiodemo.oma-radio.fr;radiodemo.oma-radio.fr;raku.jean-cloud.org
|
||||
35;radionimaitre.oma-radio.fr;radionimaitre.oma-radio.fr;izzo.jean-cloud.org
|
||||
35;radionimaitre.oma-radio.fr;radionimaitre.oma-radio.fr;tetede.jean-cloud.org
|
||||
36;raplacgr.jean-cloud.net;raplacgr.jean-cloud.net;izzo.jean-cloud.org
|
||||
37;rimarima.fr;rimarima.fr;raku.jean-cloud.org
|
||||
38;rpnow.jean-cloud.net;rpnow.jean-cloud.net;izzo.jean-cloud.org
|
||||
@ -37,7 +37,7 @@
|
||||
40;static.jean-cloud.net;static.jean-cloud.net;izzo.jean-cloud.org
|
||||
41;velov.jean-cloud.net;velov.jean-cloud.net;shlago.jean-cloud.org
|
||||
42;wiki-cgr.jean-cloud.net;wiki-cgr.jean-cloud.net;izzo.jean-cloud.org
|
||||
43;radio.karnaval.fr;radio.karnaval.fr;izzo.jean-cloud.org
|
||||
43;radio.karnaval.fr;radio.karnaval.fr;tetede.jean-cloud.org
|
||||
44;wordpress.abc.jean-cloud.net;wordpress.abc.jean-cloud.net;raku.jean-cloud.org
|
||||
45;jean-cloud.org;jean-cloud.org;shlago.jean-cloud.org
|
||||
46;soundbase.paj.oma-radio.fr;soundbase.paj.oma-radio.fr;montbonnot.jean-cloud.org
|
||||
@ -55,6 +55,3 @@
|
||||
60;soundbase.radiokipik.org;soundbase.radiokipik.org;montbonnot.jean-cloud.org
|
||||
61;radiokipik.org;radiokipik.org;izzo.jean-cloud.org
|
||||
62;mux.radiokipik.org;mux.radiokipik.org;izzo.jean-cloud.org
|
||||
63;collectif-karafon.fr;collectif-karafon.fr;izzo.jean-cloud.org
|
||||
64;mux.radionimaitre.oma;mux.radionimaitre.oma-radio.fr;raku.jean-cloud.org
|
||||
65;mux.paj.oma-radio.fr;mux.paj.oma-radio.fr;izzo.jean-cloud.org
|
||||
|
|
@ -1,25 +0,0 @@
|
||||
TELECOM=.101
|
||||
ICECAST=.110
|
||||
WEBSERVER=.105
|
||||
SYSTEM_API=.107
|
||||
TZ=Europe/Paris
|
||||
OMA_DOCKER_VERSION=dev
|
||||
WEBSOCKET_PORT=2002
|
||||
TELECOM_SERVER_PORT=3492
|
||||
OMA_CONFIG_TelecommandeHost=mux.paj.oma-radio.fr
|
||||
OMA_CONFIG_TelecommandePort=3492
|
||||
MUX_SERVER_PORT=9002
|
||||
RADIO_NAME_SIMPLE=paj
|
||||
OMA_CONFIG_NomRadio=paj
|
||||
OMA_CONFIG_LogLevel=8
|
||||
RADIO_NAME_PRETTY="Radio Démo"
|
||||
COMPOSE_NAME=soundbasepajoma-radiofr
|
||||
DOCKER_INSTANCES_PREFIX=soundbasepajoma-radiofr-
|
||||
DOCKER_INSTANCES_SUFIX=-1
|
||||
SOUNDBASE_DIR=/data/soundbase.paj.oma-radio.fr/
|
||||
USE_SSL=true
|
||||
MANAGER_WEBSITE_UPSTREAM=https://static.oma-radio.fr/single-manager/1.1.1
|
||||
RADIO_HOST=mux.paj.oma-radio.fr
|
||||
WG_NAME_interco=paj
|
||||
WG_NET=10.29.65
|
||||
WG_PORT=55002
|
@ -1,6 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
git_update.sh -r $OMA_DOCKER_VERSION -d "$HTTP_DIR/manager" https://gitlab.com/omaradio/single-manager.git
|
||||
cd "$HTTP_DIR/manager"
|
||||
npm install
|
||||
npm run build
|
@ -1,137 +0,0 @@
|
||||
version: '3'
|
||||
services:
|
||||
anthracite_jukebox:
|
||||
image: registry.gitlab.com/omaradio/core/oma-jukebox:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
environment:
|
||||
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
||||
OMA_CONFIG_TelecommandePort: $TELECOM_SERVER_PORT
|
||||
OMA_CONFIG_Client1Host: $RADIO_HOST
|
||||
OMA_CONFIG_Client1Port: $MUX_SERVER_PORT
|
||||
volumes:
|
||||
- $DATA_DIR:/app/soundBase
|
||||
- $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.102
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
azurite_jukebox_simulator:
|
||||
image: registry.gitlab.com/omaradio/core/oma-jukebox-simulator:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
environment:
|
||||
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
||||
volumes:
|
||||
- $DATA_DIR:/app/soundBase
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.103
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
# aventurine_transcode:
|
||||
# image: jeancloud/transcode:$OMA_DOCKER_VERSION
|
||||
# env_file: .env
|
||||
# restart: unless-stopped
|
||||
|
||||
|
||||
agate_importer:
|
||||
image: registry.gitlab.com/omaradio/core/oma-baseimport:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
environment:
|
||||
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
||||
volumes:
|
||||
- $DATA_DIR:/app/soundBase
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.104
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 1000M
|
||||
|
||||
|
||||
rubis_base_mg:
|
||||
image: registry.gitlab.com/omaradio/core/oma-base-mg:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
environment:
|
||||
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- $DATA_DIR:/soundbase
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.106
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
|
||||
system_api:
|
||||
image: jeancloud/system-api:dev
|
||||
env_file: .env
|
||||
environment:
|
||||
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
||||
UID: 33
|
||||
SOUNDBASE_PATH: /soundbase
|
||||
MOUNT: /api
|
||||
CONFIG_PATH: /config
|
||||
restart: unless-stopped
|
||||
volumes:
|
||||
- /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi
|
||||
- /var/run/docker.sock:/var/run/docker.sock
|
||||
- $DATA_DIR:/soundbase
|
||||
networks:
|
||||
default:
|
||||
ipv4_address: $NET.107
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '0.50'
|
||||
memory: 500M
|
||||
|
||||
|
||||
#ammolite_mp3_addon:
|
||||
# image: jeancloud/mp3addon:$OMA_DOCKER_VERSION
|
||||
# env_file: .env
|
||||
# environment:
|
||||
# OMA_CONFIG_TelecommandeHost: $NET.101
|
||||
# OMA_CONFIG_PigePrefix: /opt
|
||||
# restart: unless-stopped
|
||||
# volumes:
|
||||
# - $DATA_DIR:/app/soundbase
|
||||
# networks:
|
||||
# default:
|
||||
# ipv4_address: $NET.109
|
||||
# deploy:
|
||||
# resources:
|
||||
# limits:
|
||||
# cpus: '0.05'
|
||||
|
||||
# doxy:
|
||||
# image: qnib/doxy
|
||||
# volumes:
|
||||
# - /tmp/radiodemo.oma-radio.fr/doxy:/tmp/doxy
|
||||
# - /data/radiodemo.oma-radio.fr/doxy.pattern:/etc/doxy.pattern
|
||||
# - /var/run/docker.sock:/var/run/docker.sock
|
||||
# environment:
|
||||
# DOXY_PROXY_SOCKET: /tmp/doxy/doxy.sock
|
||||
|
||||
networks:
|
||||
default:
|
||||
ipam:
|
||||
config:
|
||||
- subnet: $NET.0/24
|
@ -1,119 +0,0 @@
|
||||
# Parameters:
|
||||
# radio name
|
||||
# file path
|
||||
# ws port (local)
|
||||
# wss port (open)
|
||||
# upload service port
|
||||
# ssl certs location
|
||||
|
||||
# TODO
|
||||
# /speedtest-down returns random data
|
||||
# can use : openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero > randomfile.bin
|
||||
# /speedtest-up just eat everything it can
|
||||
|
||||
|
||||
|
||||
|
||||
|
||||
server {
|
||||
listen 80;
|
||||
listen [::]:80;
|
||||
server_name $JC_SERVICE;
|
||||
|
||||
root $HTTP_DIR/manager/dist;
|
||||
index index.html;
|
||||
|
||||
location ~ /api(/.*) {
|
||||
auth_basic "Entrez votre identifiant et mot de passe";
|
||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||
include uwsgi_params;
|
||||
uwsgi_param PATH_INFO "$1";
|
||||
uwsgi_param SCRIPT_NAME /api;
|
||||
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
|
||||
client_max_body_size 0;
|
||||
proxy_connect_timeout 6000;
|
||||
proxy_send_timeout 60000;
|
||||
proxy_read_timeout 6000;
|
||||
send_timeout 6000;
|
||||
# kill cache
|
||||
add_header Last-Modified $date_gmt;
|
||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
||||
if_modified_since off;
|
||||
expires off;
|
||||
etag off;
|
||||
}
|
||||
|
||||
location /pige{
|
||||
alias $SOUNDBASE_DIR/pige;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /png {
|
||||
alias $SOUNDBASE_DIR/png;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /webpL {
|
||||
alias $SOUNDBASE_DIR/webpL;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /webpH {
|
||||
alias $SOUNDBASE_DIR/webpH;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /ogg {
|
||||
alias $SOUNDBASE_DIR/ogg;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /txt {
|
||||
alias $SOUNDBASE_DIR/txt;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /wavM {
|
||||
auth_basic "Entrez votre identifiant et mot de passe";
|
||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||
alias $SOUNDBASE_DIR/wavM;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /import {
|
||||
auth_basic "Entrez votre identifiant et mot de passe";
|
||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||
alias $SOUNDBASE_DIR/import;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /export {
|
||||
auth_basic "Entrez votre identifiant et mot de passe";
|
||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||
alias $SOUNDBASE_DIR/export;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /wav {
|
||||
auth_basic "Entrez votre identifiant et mot de passe";
|
||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||
alias $SOUNDBASE_DIR/wav;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /fic {
|
||||
add_header Cache-Control "must-revalidate, proxy-revalidate";
|
||||
alias $SOUNDBASE_DIR/fic;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /prg {
|
||||
auth_basic "Entrez votre identifiant et mot de passe";
|
||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||
alias $SOUNDBASE_DIR/prg;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /lst {
|
||||
auth_basic "Entrez votre identifiant et mot de passe";
|
||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||
alias $SOUNDBASE_DIR/lst;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
# Admin interface
|
||||
location /manager {
|
||||
alias $HTTP_DIR/manager/dist;
|
||||
auth_basic "Entrez votre identifiant et mot de passe";
|
||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
}
|
@ -1,11 +0,0 @@
|
||||
#!/bin/bash
|
||||
|
||||
if [ -d "$DATA_DIR/core" ] ; then
|
||||
git_update.sh -r dev -o "-i $DATA_DIR/radiodemo-deploy" -d "$DATA_DIR/core" git@gitlab.com:omaradio/core.git
|
||||
fi
|
||||
|
||||
git_update.sh -r dev -d "$HTTP_DIR/manager" git@gitlab.com:omaradio/single-manager.git
|
||||
cd "$HTTP_DIR/manager"
|
||||
npm install
|
||||
npm run build
|
||||
|
@ -11,8 +11,7 @@ services:
|
||||
OMA_CONFIG_Client2Port: 9003
|
||||
volumes:
|
||||
- $SOUNDBASE_DIR:/app/soundBase
|
||||
- $SOUNDBASE_DIR/secours/JingleDemo-Secours.wavM:/app/secours/secours-jingle.wavM
|
||||
|
||||
- $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
@ -20,7 +19,7 @@ services:
|
||||
deploy:
|
||||
resources:
|
||||
limits:
|
||||
cpus: '1'
|
||||
cpus: '0.50'
|
||||
memory: 100M
|
||||
|
||||
azurite_jukebox_simulator:
|
||||
@ -49,7 +48,6 @@ services:
|
||||
env_file: .env
|
||||
volumes:
|
||||
- $SOUNDBASE_DIR:/app/soundBase
|
||||
stop_grace_period: 1m30s
|
||||
restart: unless-stopped
|
||||
networks:
|
||||
default:
|
||||
|
@ -92,7 +92,6 @@ server {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /fic {
|
||||
add_header Cache-Control 'must-revalidate, proxy-revalidate';
|
||||
alias $SOUNDBASE_DIR/fic;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
@ -108,6 +107,10 @@ server {
|
||||
alias $SOUNDBASE_DIR/lst;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /statique {
|
||||
alias $SOUNDBASE_DIR/statique;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
# Admin interface
|
||||
location /manager {
|
||||
|
20
services/soundbase.radiodemo.oma-radio.fr/wg-radiodemo.sh
Executable file
20
services/soundbase.radiodemo.oma-radio.fr/wg-radiodemo.sh
Executable file
@ -0,0 +1,20 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
. .env
|
||||
|
||||
[ -f "$DATA_DIR/radiodemo-soundbase.wgkey" ] || { echo 'No privatekey found' >&2 && exit 1 ; }
|
||||
|
||||
echo "
|
||||
[Interface]
|
||||
PrivateKey = $(cat "$DATA_DIR/radiodemo-soundbase.wgkey")
|
||||
Address = 10.29.0.1/32
|
||||
ListenPort = 55820
|
||||
|
||||
[Peer]
|
||||
PublicKey = iwIsUriF4CT/Jpu29VXlj43hT3bUjG67FeEgCTcQCVc=
|
||||
AllowedIPs = 10.29.0.254/32
|
||||
Endpoint = mux.radiodemo.oma-radio.fr:55820
|
||||
PersistentKeepalive = 30
|
||||
"
|
@ -4,20 +4,21 @@ ICECAST=.110
|
||||
WEBSERVER=.105
|
||||
SYSTEM_API=.107
|
||||
TZ=Europe/Paris
|
||||
OMA_DOCKER_VERSION=unstable
|
||||
WEBSOCKET_PORT=2005
|
||||
TELECOM_SERVER_PORT=3495
|
||||
OMA_CONFIG_TelecommandeHost=mux.radiokipik.org
|
||||
OMA_CONFIG_TelecommandePort=3495
|
||||
MUX_SERVER_PORT=9005
|
||||
RADIO_NAME_SIMPLE=radiokipik
|
||||
OMA_CONFIG_NomRadio=radiokipik
|
||||
RADIO_NAME_PRETTY="Radio Kipik"
|
||||
COMPOSE_NAME=soundbaseradiokipikorg
|
||||
DOCKER_INSTANCES_PREFIX=soundbaseradiokipikorg-
|
||||
OMA_DOCKER_VERSION=dev
|
||||
WEBSOCKET_PORT=2004
|
||||
TELECOM_SERVER_PORT=3494
|
||||
OMA_CONFIG_TelecommandeHost=mux.radiodemo.oma-radio.fr
|
||||
OMA_CONFIG_TelecommandePort=3494
|
||||
MUX_SERVER_PORT=9004
|
||||
RADIO_NAME_SIMPLE=radiodemo
|
||||
OMA_CONFIG_NomRadio=radiodemo
|
||||
OMA_CONFIG_LogLevel=8
|
||||
RADIO_NAME_PRETTY="Radio Démo"
|
||||
COMPOSE_NAME=soundbaseradiodemooma-radiofr
|
||||
DOCKER_INSTANCES_PREFIX=soundbaseradiodemooma-radiofr-
|
||||
DOCKER_INSTANCES_SUFIX=-1
|
||||
SOUNDBASE_DIR=/data/soundbase.radiokipik.org/soundbase/
|
||||
SOUNDBASE_DIR=/data/soundbase.radiodemo.oma-radio.fr/core/radioDemo
|
||||
USE_SSL=true
|
||||
MANAGER_VERSION=3.0.0
|
||||
PUBLIC_WEBSITE_UPSTREAM=https://static.oma-radio.fr/player-interface/1.1.1
|
||||
RADIO_HOST=radiokipik.org
|
||||
RADIO_HOST=radiodemo.oma-radio.fr
|
||||
|
@ -1,3 +1,8 @@
|
||||
#!/bin/bash
|
||||
|
||||
apt install -y nodejs npm
|
||||
#docker run --rm -i -v /srv/http/soundbase.radiodemo.oma-radio.fr:/app node:alpine sh <<EOF
|
||||
#cd /app
|
||||
#npm install --production omaradio-web-manager@~$MANAGER_VERSION
|
||||
#npm update
|
||||
#EOF
|
||||
|
@ -6,9 +6,10 @@
|
||||
|
||||
chmod 700 "$SECRET_DIR/gitlab-deploy.sshprivkey"
|
||||
mkdir -p "$HTTP_DIR/manager"
|
||||
git_update.sh -r 'v3.0' -o "-i $SECRET_DIR/gitlab-deploy.sshprivkey" -d "$HTTP_DIR/manager" git@gitlab.com:omaradio/single-manager.git
|
||||
git_update.sh -b 'v3' -i "$SECRET_DIR/gitlab-deploy.sshprivkey" -d "$HTTP_DIR/manager" git@gitlab.com:omaradio/single-manager.git
|
||||
cd "$HTTP_DIR/manager"
|
||||
npm install
|
||||
#npm audit fix
|
||||
npm run build
|
||||
|
||||
|
||||
|
@ -4,7 +4,7 @@ services:
|
||||
image: registry.gitlab.com/omaradio/core/oma-jukebox:$OMA_DOCKER_VERSION
|
||||
env_file: .env
|
||||
environment:
|
||||
OMA_CONFIG_Client1Host: mux.radiokipik.org
|
||||
OMA_CONFIG_Client1Host: mux.radiodemo.oma-radio.fr
|
||||
OMA_CONFIG_Client1Port: $MUX_SERVER_PORT
|
||||
OMA_CONFIG_Client2: off
|
||||
OMA_CONFIG_Client2Host: radionimaitre.oma-radio.fr
|
||||
@ -76,7 +76,7 @@ services:
|
||||
|
||||
|
||||
system_api:
|
||||
image: jeancloud/system-api:$OMA_DOCKER_VERSION
|
||||
image: jeancloud/system-api:dev
|
||||
env_file: .env
|
||||
environment:
|
||||
UID: 33
|
||||
@ -98,6 +98,30 @@ services:
|
||||
memory: 500M
|
||||
|
||||
|
||||
#ammolite_mp3_addon:
|
||||
# image: jeancloud/mp3addon:$OMA_DOCKER_VERSION
|
||||
# env_file: .env
|
||||
# environment:
|
||||
# OMA_CONFIG_PigePrefix: /opt
|
||||
# restart: unless-stopped
|
||||
# volumes:
|
||||
# - $SOUNDBASE_DIR:/app/soundbase
|
||||
# networks:
|
||||
# default:
|
||||
# ipv4_address: $NET.109
|
||||
# deploy:
|
||||
# resources:
|
||||
# limits:
|
||||
# cpus: '0.05'
|
||||
|
||||
# doxy:
|
||||
# image: qnib/doxy
|
||||
# volumes:
|
||||
# - /tmp/radiodemo.oma-radio.fr/doxy:/tmp/doxy
|
||||
# - /data/radiodemo.oma-radio.fr/doxy.pattern:/etc/doxy.pattern
|
||||
# - /var/run/docker.sock:/var/run/docker.sock
|
||||
# environment:
|
||||
# DOXY_PROXY_SOCKET: /tmp/doxy/doxy.sock
|
||||
|
||||
networks:
|
||||
default:
|
||||
|
@ -92,7 +92,6 @@ server {
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /fic {
|
||||
add_header Cache-Control 'must-revalidate, proxy-revalidate';
|
||||
alias $SOUNDBASE_DIR/fic;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
@ -108,6 +107,10 @@ server {
|
||||
alias $SOUNDBASE_DIR/lst;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
location /statique {
|
||||
alias $SOUNDBASE_DIR/statique;
|
||||
try_files $uri $uri/ =404;
|
||||
}
|
||||
|
||||
# Admin interface
|
||||
location /manager {
|
||||
|
20
services/soundbase.radiokipik.org/wg-radiokipik.sh
Executable file
20
services/soundbase.radiokipik.org/wg-radiokipik.sh
Executable file
@ -0,0 +1,20 @@
|
||||
#!/bin/bash
|
||||
|
||||
set -euo pipefail
|
||||
|
||||
. .env
|
||||
|
||||
[ -f "$DATA_DIR/soundbase.wgkey" ] || { echo 'No privatekey found' >&2 && exit 1 ; }
|
||||
|
||||
echo "
|
||||
[Interface]
|
||||
PrivateKey = $(cat "$DATA_DIR/soundbase.wgkey")
|
||||
Address = 10.29.60.1/32
|
||||
ListenPort = 55860
|
||||
|
||||
[Peer]
|
||||
PublicKey = 3ADrLVxzVqLHV530cT+paM+zNQBvm3KCW0voIN1wVBQ=
|
||||
AllowedIPs = 10.29.60.254/32
|
||||
Endpoint = mux.radiokipik.org:55825
|
||||
PersistentKeepalive = 30
|
||||
"
|
Loading…
Reference in New Issue
Block a user