Compare commits
1 Commits
Author | SHA1 | Date | |
---|---|---|---|
|
fca32d7f5c |
1
.gitignore
vendored
1
.gitignore
vendored
@ -1,4 +1,3 @@
|
|||||||
installing/temporary_mount_point
|
installing/temporary_mount_point
|
||||||
installing/secrets
|
installing/secrets
|
||||||
provisioning/roles/deploy_all/files/secrets
|
provisioning/roles/deploy_all/files/secrets
|
||||||
.~lock.*
|
|
||||||
|
@ -285,7 +285,7 @@ section "Creating wireguard conf"
|
|||||||
if [ -n "$wireguard_number" ] ; then
|
if [ -n "$wireguard_number" ] ; then
|
||||||
run cat >> "$mnt/etc/wireguard/jeancloud.conf" <<EOF
|
run cat >> "$mnt/etc/wireguard/jeancloud.conf" <<EOF
|
||||||
[Interface]
|
[Interface]
|
||||||
PrivateKey = $(wg genkey)
|
PrivateKey = $(chroot_run wg genkey)
|
||||||
ListenPort = 51812
|
ListenPort = 51812
|
||||||
Address = 10.98.1.$wireguard_number/32
|
Address = 10.98.1.$wireguard_number/32
|
||||||
|
|
||||||
@ -295,7 +295,7 @@ AllowedIPs = 10.98.1.254/32
|
|||||||
Endpoint = 193.33.56.94:51812
|
Endpoint = 193.33.56.94:51812
|
||||||
PersistentKeepalive = 25
|
PersistentKeepalive = 25
|
||||||
EOF
|
EOF
|
||||||
wireguard_pubkey="$(cat "$mnt/etc/wireguard/jeancloud.conf" | grep -oP '^PrivateKey = \K.*' | wg pubkey)"
|
wireguard_pubkey="$(cat "$mnt/etc/wireguard/jeancloud.conf" | grep -oP '^PrivateKey = \K.*' | chroot_run wg pubkey)"
|
||||||
|
|
||||||
run cat > "$secret_dir/wg_conf_part" <<EOF
|
run cat > "$secret_dir/wg_conf_part" <<EOF
|
||||||
[Peer] # $hostname
|
[Peer] # $hostname
|
||||||
|
@ -4,31 +4,4 @@ DO NOT REBOOT IT. it sometimes fails…
|
|||||||
|
|
||||||
raku :
|
raku :
|
||||||
+ ajouter nonfree dans les sources
|
+ ajouter nonfree dans les sources
|
||||||
-i firmware-atheros -i firmware-realtek
|
-i firmware-atheros
|
||||||
|
|
||||||
cheri :
|
|
||||||
cat > /etc/init.d/autoreboot <<EOF
|
|
||||||
#!/bin/bash
|
|
||||||
### BEGIN INIT INFO
|
|
||||||
# Provides: autoreboot
|
|
||||||
# Required-Start: \$local_fs \$syslog
|
|
||||||
# Required-Stop: \$local_fs \$syslog
|
|
||||||
# Default-Start: 2 3 4 5
|
|
||||||
# Default-Stop: 0 1 6
|
|
||||||
# Short-Description: starts autoreboot
|
|
||||||
# Description: starts autoreboot
|
|
||||||
### END INIT INFO
|
|
||||||
sleep 120
|
|
||||||
ip -4 -o a > /dev/tty1
|
|
||||||
if ! ip a | grep -q 'eth0' ; then
|
|
||||||
echo 'eth0 not found. rebooting' >/dev/tty1
|
|
||||||
sleep 3
|
|
||||||
reboot
|
|
||||||
else
|
|
||||||
echo 'eth0 found' >/dev/tty1
|
|
||||||
sleep 3
|
|
||||||
exit 0
|
|
||||||
fi
|
|
||||||
exit 0
|
|
||||||
EOF
|
|
||||||
chmod +x /etc/init.d/autoreboot
|
|
||||||
|
@ -1,41 +0,0 @@
|
|||||||
version: '3.1'
|
|
||||||
|
|
||||||
services:
|
|
||||||
|
|
||||||
wp:
|
|
||||||
image: wordpress:5-apache
|
|
||||||
restart: unless-stopped
|
|
||||||
env_file: $DATA_DIR/wordpress.env
|
|
||||||
volumes:
|
|
||||||
- $DATA_DIR/wordpress:/var/www/html
|
|
||||||
- /srv/http/$JC_SERVICE:/var/www/html/static
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.100
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 100M
|
|
||||||
|
|
||||||
db:
|
|
||||||
image: mariadb:10.11
|
|
||||||
restart: unless-stopped
|
|
||||||
env_file: $DATA_DIR/wordpress.env
|
|
||||||
volumes:
|
|
||||||
- $DATA_DIR/db:/var/lib/mysql
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.101
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 300M
|
|
||||||
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipam:
|
|
||||||
config:
|
|
||||||
- subnet: $NET.0/24
|
|
||||||
|
|
@ -1,30 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
|
||||||
server_name wordpress.$JC_SERVICE www.wordpress.$JC_SERVICE;
|
|
||||||
location / {
|
|
||||||
auth_basic "Mot de passe !";
|
|
||||||
auth_basic_user_file /data/$JC_SERVICE/pass.txt;
|
|
||||||
client_max_body_size 2G;
|
|
||||||
#proxy_set_header X-Real-IP $remote_addr;
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
proxy_set_header X-Forwarded-Proto https;
|
|
||||||
proxy_pass http://$NET.100;
|
|
||||||
proxy_redirect off;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
|
||||||
server_name $JC_SERVICE www.$JC_SERVICE;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
root /srv/http/$JC_SERVICE;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,32 +0,0 @@
|
|||||||
version: '2'
|
|
||||||
|
|
||||||
services:
|
|
||||||
|
|
||||||
coldcms:
|
|
||||||
image: coldcms/coldcms-backend:latest
|
|
||||||
volumes:
|
|
||||||
- $DATA_DIR/coldcms:/srv/build
|
|
||||||
- $DATA_DIR/db:/var/db
|
|
||||||
environment:
|
|
||||||
- DJANGO_SETTINGS_MODULE=coldcms.settings
|
|
||||||
- DB_URL=sqlite:////var/db/database.sqlite3
|
|
||||||
- BUILD_DIR=/srv/build
|
|
||||||
- STATIC_ROOT=/srv/build/static/
|
|
||||||
- ALLOWED_HOSTS=$JC_SERVICE
|
|
||||||
- SECRET_KEY=275bLEjLIsDg19HkIcjjwgdC41zcyTAc1y527VuX23khKUZGRCMybChydeBKFNJVjhD0KMrzIeLbMlS30IxPhfqLAcR2OK0LVxOu4G8dgx3p2pia4SUFm39tOznKZ0Kt9IdbX
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.100
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 500M
|
|
||||||
|
|
||||||
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipam:
|
|
||||||
config:
|
|
||||||
- subnet: $NET.0/24
|
|
@ -1,55 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
|
||||||
server_name $JC_SERVICE www.$JC_SERVICE;
|
|
||||||
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000";
|
|
||||||
|
|
||||||
gzip on;
|
|
||||||
gzip_disable "msie6";
|
|
||||||
gzip_types text/plain text/css application/json text/xml application/xml text/javascript application/x-javascript;
|
|
||||||
gzip_min_length 1000;
|
|
||||||
gzip_proxied no-cache no-store private expired auth;
|
|
||||||
gzip_vary on;
|
|
||||||
|
|
||||||
root $HTTP_DIR;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
set $try_files_value '';
|
|
||||||
if ($request_method = GET){
|
|
||||||
set $try_files_value $uri/;
|
|
||||||
}
|
|
||||||
gzip_static on;
|
|
||||||
try_files $try_files_value @uwsgi_backend;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
location @uwsgi_backend {
|
|
||||||
uwsgi_pass $NET.100:8000;
|
|
||||||
include uwsgi_params;
|
|
||||||
client_max_body_size 20m;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /media/ {
|
|
||||||
gzip_static on;
|
|
||||||
expires 100d;
|
|
||||||
add_header Cache-Control public;
|
|
||||||
access_log off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /static/ {
|
|
||||||
gzip_static on;
|
|
||||||
expires 100d;
|
|
||||||
add_header Cache-Control public;
|
|
||||||
access_log off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /admin/ {
|
|
||||||
uwsgi_pass $NET.100:8000;
|
|
||||||
include uwsgi_params;
|
|
||||||
client_max_body_size 20m;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
@ -1 +0,0 @@
|
|||||||
GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/grapesjs
|
|
@ -1,3 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO"
|
|
@ -1,19 +0,0 @@
|
|||||||
version: '3'
|
|
||||||
services:
|
|
||||||
json_server:
|
|
||||||
image: jeancloud/json-server
|
|
||||||
volumes:
|
|
||||||
- "$DATA_DIR:/usr/lib/json-server"
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.100
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 100M
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipam:
|
|
||||||
config:
|
|
||||||
- subnet: $NET.0/24
|
|
@ -1,35 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
|
||||||
server_name grapes.chahut.jean-cloud.net;
|
|
||||||
root $HTTP_DIR;
|
|
||||||
|
|
||||||
# Security headers
|
|
||||||
# We can create a file with the base security headers and include it.
|
|
||||||
# Will it be possible to overload them then ?
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
||||||
#add_header Content-Security-Policy "default-src 'self' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ ;frame-ancestors 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ ; img-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ ; base-uri 'self'; form-action 'self';" always;
|
|
||||||
add_header X-Content-Type-Options "nosniff";
|
|
||||||
add_header X-Frame-Options SAMEORIGIN always;
|
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
|
||||||
#add_header Referrer-Policy "strict-origin-when-cross-origin";
|
|
||||||
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='https://mailer.jean-cloud.net';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
|
|
||||||
|
|
||||||
auth_basic "Mot de passe !";
|
|
||||||
auth_basic_user_file $DATA_DIR/pass.txt;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
index index.html;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /projects {
|
|
||||||
proxy_set_header Host $http_host;
|
|
||||||
proxy_set_header X-Forwarded-Proto https;
|
|
||||||
proxy_pass http://$NET.100:3000;
|
|
||||||
proxy_redirect off;
|
|
||||||
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,19 +0,0 @@
|
|||||||
TZ=Europe/Paris
|
|
||||||
OMA_DOCKER_VERSION=8
|
|
||||||
WEBSOCKET_PORT=2002
|
|
||||||
TELECOM_SERVER_PORT=3492
|
|
||||||
MUX_SERVER_PORT=9002
|
|
||||||
RADIO_NAME_SIMPLE=paj
|
|
||||||
OMA_CONFIG_NomRadio=paj
|
|
||||||
RADIO_NAME_PRETTY="Paj Radio"
|
|
||||||
RADIO_HOST=paj.oma-radio.fr
|
|
||||||
COMPOSE_NAME=pajoma-radiofr
|
|
||||||
DOCKER_INSTANCES_PREFIX=pajoma-radiofr-
|
|
||||||
DOCKER_INSTANCES_SUFIX=-1
|
|
||||||
DATA_DIR=/data/paj.oma-radio.fr
|
|
||||||
USE_SSL=true
|
|
||||||
PUBLIC_WEBSITE_UPSTREAM=https://static.oma-radio.fr/player-interface/1.3.0
|
|
||||||
MANAGER_WEBSITE_UPSTREAM=https://static.oma-radio.fr/single-manager/1.1.0
|
|
||||||
SYNCTHINGS_API_KEY=425qLiE5QMJmFjgoxUHRgxD2icWNmkdy
|
|
||||||
SYNCTHINGS_LABEL_PREFIX="[oma] [paj] "
|
|
||||||
SYNCTHINGS_PRIVATE_KEY="/keys/Niilos"
|
|
@ -1,181 +0,0 @@
|
|||||||
version: '3'
|
|
||||||
services:
|
|
||||||
ambre_mux:
|
|
||||||
image: registry.oma-radio.fr/mux:$OMA_DOCKER_VERSION
|
|
||||||
env_file: .env
|
|
||||||
environment:
|
|
||||||
OMA_CONFIG_Client1Url: /paj.ogg
|
|
||||||
volumes:
|
|
||||||
- $DATA_DIR/soundbase/pige:/app/pige
|
|
||||||
ports:
|
|
||||||
- $MUX_SERVER_PORT:9000
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.100
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 100M
|
|
||||||
|
|
||||||
|
|
||||||
saphir_telecom_server:
|
|
||||||
image: registry.oma-radio.fr/telecom-server:$OMA_DOCKER_VERSION
|
|
||||||
env_file: .env
|
|
||||||
ports:
|
|
||||||
- $TELECOM_SERVER_PORT:3490
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.101
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 100M
|
|
||||||
|
|
||||||
anthracite_jukebox:
|
|
||||||
image: registry.oma-radio.fr/jukebox:$OMA_DOCKER_VERSION
|
|
||||||
env_file: .env
|
|
||||||
volumes:
|
|
||||||
- $DATA_DIR/soundbase:/app/soundBase
|
|
||||||
- $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.102
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 100M
|
|
||||||
|
|
||||||
azurite_jukebox_simulator:
|
|
||||||
image: registry.oma-radio.fr/jukebox-simulator:$OMA_DOCKER_VERSION
|
|
||||||
env_file: .env
|
|
||||||
volumes:
|
|
||||||
- $DATA_DIR/soundbase:/app/soundBase
|
|
||||||
restart: unless-stopped
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 100M
|
|
||||||
|
|
||||||
|
|
||||||
agate_importer:
|
|
||||||
image: registry.oma-radio.fr/baseimport:$OMA_DOCKER_VERSION
|
|
||||||
env_file: .env
|
|
||||||
volumes:
|
|
||||||
- $DATA_DIR/soundbase:/app/soundBase
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.104
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 100M
|
|
||||||
|
|
||||||
amarante_webserver:
|
|
||||||
image: registry.oma-radio.fr/webserver:$OMA_DOCKER_VERSION
|
|
||||||
env_file: .env
|
|
||||||
environment:
|
|
||||||
OMA_CONFIG_PigeOggConsigne: 5000
|
|
||||||
OMA_CONFIG_PigeOggMax: 5100
|
|
||||||
OMA_CONFIG_PigeOggMaxMax: 5500
|
|
||||||
OMA_CONFIG_PigeTextConsigne: 10000
|
|
||||||
OMA_CONFIG_PigeTextMax: 11000
|
|
||||||
OMA_CONFIG_PigeTextMaxMax: 15000
|
|
||||||
OMA_CONFIG_PodCacheSize: 25 # to fix a webserver bug
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.105
|
|
||||||
volumes:
|
|
||||||
- $DATA_DIR/soundbase:/soundbase
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 100M
|
|
||||||
|
|
||||||
rubis_base_mg:
|
|
||||||
image: registry.oma-radio.fr/base-mg:$OMA_DOCKER_VERSION
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.106
|
|
||||||
volumes:
|
|
||||||
- $DATA_DIR/soundbase:/soundbase
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 100M
|
|
||||||
|
|
||||||
|
|
||||||
system_api:
|
|
||||||
image: registry.oma-radio.fr/system-api:master
|
|
||||||
env_file: .env
|
|
||||||
environment:
|
|
||||||
UID: 33
|
|
||||||
SOUNDBASE_PATH: /soundbase
|
|
||||||
MOUNT: /api
|
|
||||||
CONFIG_PATH: /config
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.107
|
|
||||||
volumes:
|
|
||||||
- /tmp/uwsgi/$RADIO_HOST:/tmp/uwsgi
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
|
||||||
- $DATA_DIR/soundbase:/soundbase
|
|
||||||
- /data/soundbase.oma-radio.fr/Niilos:/keys/Niilos
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 100M
|
|
||||||
|
|
||||||
liquidsoap:
|
|
||||||
image: registry.oma-radio.fr/liquidsoap:1.3.7
|
|
||||||
env_file: .env
|
|
||||||
volumes:
|
|
||||||
- $DATA_DIR/secours.ogg:/secours.ogg
|
|
||||||
- ./transcode.liq:/transcode.liq
|
|
||||||
command: /transcode.liq
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.108
|
|
||||||
|
|
||||||
icecast:
|
|
||||||
image: registry.oma-radio.fr/icecast:alpine-2.4.0
|
|
||||||
environment:
|
|
||||||
- ICECAST_SOURCE_PASSWORD=JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f
|
|
||||||
- ICECAST_ADMIN_PASSWORD=STh5LrPMvp876KPoajCPEUpehE98JPqZ6sEixSnzJ42CR2MdyPMBYfzjGpbAzajNgw8jsuLh
|
|
||||||
- ICECAST_RELAY_PASSWORD=r2LgmDocgyYh7DqhSsey8tM99wxdViTpLtyi9tcWHtokC73QnC6kQLRRb58VUy5FXYnStRsG
|
|
||||||
- ICECAST_ADMIN_USERNAME=admin
|
|
||||||
- ICECAST_ADMIN_EMAIL=contact@oma-radio.fr
|
|
||||||
- ICECAST_LOCATION=Rhône-Alpes
|
|
||||||
- TZ=Europe/Paris
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.109
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 100M
|
|
||||||
|
|
||||||
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipam:
|
|
||||||
config:
|
|
||||||
- subnet: $NET.0/24
|
|
||||||
|
|
@ -1,187 +0,0 @@
|
|||||||
# Parameters:
|
|
||||||
# radio name
|
|
||||||
# file path
|
|
||||||
# ws port (local)
|
|
||||||
# wss port (open)
|
|
||||||
# upload service port
|
|
||||||
# ssl certs location
|
|
||||||
|
|
||||||
# TODO
|
|
||||||
# /speedtest-down returns random data
|
|
||||||
# can use : openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero > randomfile.bin
|
|
||||||
# /speedtest-up just eat everything it can
|
|
||||||
|
|
||||||
|
|
||||||
map $http_upgrade $connection_upgrade {
|
|
||||||
default upgrade;
|
|
||||||
'' close;
|
|
||||||
}
|
|
||||||
|
|
||||||
server{
|
|
||||||
listen $WEBSOCKET_PORT ssl;
|
|
||||||
listen [::]:$WEBSOCKET_PORT ssl;
|
|
||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://$NET.105:9000;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_read_timeout 120s;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
listen [::]:443 ssl;
|
|
||||||
server_name $RADIO_HOST www.$RADIO_HOST;
|
|
||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
|
||||||
|
|
||||||
root $DATA_DIR/soundbase/website;
|
|
||||||
index index.html;
|
|
||||||
|
|
||||||
location = /direct.ogg {
|
|
||||||
proxy_pass http://$NET.109:8000/$RADIO_NAME_SIMPLE.ogg;
|
|
||||||
}
|
|
||||||
location = /direct.mp3 {
|
|
||||||
proxy_pass http://$NET.109:8000/$RADIO_NAME_SIMPLE.mp3;
|
|
||||||
}
|
|
||||||
|
|
||||||
location = /api { rewrite ^ /api/; }
|
|
||||||
location ~ /api(/.*) {
|
|
||||||
auth_basic "Entrez votre identifiant et mot de passe";
|
|
||||||
auth_basic_user_file $DATA_DIR/soundbase/users.htpasswd;
|
|
||||||
include uwsgi_params;
|
|
||||||
uwsgi_param PATH_INFO "$1";
|
|
||||||
uwsgi_param SCRIPT_NAME /api;
|
|
||||||
uwsgi_pass unix:/tmp/uwsgi/$RADIO_HOST/uwsgi-api.sock;
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_connect_timeout 6000;
|
|
||||||
proxy_send_timeout 60000;
|
|
||||||
proxy_read_timeout 6000;
|
|
||||||
send_timeout 6000;
|
|
||||||
# kill cache
|
|
||||||
add_header Last-Modified $date_gmt;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
if_modified_since off;
|
|
||||||
expires off;
|
|
||||||
etag off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /pige{
|
|
||||||
alias $DATA_DIR/soundbase/pige;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /pigeMp3{
|
|
||||||
alias $DATA_DIR/soundbase/pigeMp3;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /png {
|
|
||||||
alias $DATA_DIR/soundbase/png;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /jpgL {
|
|
||||||
alias $DATA_DIR/soundbase/jpgL;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /jpgH {
|
|
||||||
alias $DATA_DIR/soundbase/jpgH;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /webpL {
|
|
||||||
alias $DATA_DIR/soundbase/webpL;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /webpH {
|
|
||||||
alias $DATA_DIR/soundbase/webpH;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /ogg {
|
|
||||||
alias $DATA_DIR/soundbase/ogg;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /txt {
|
|
||||||
# kill cache
|
|
||||||
add_header Last-Modified $date_gmt;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
if_modified_since off;
|
|
||||||
expires off;
|
|
||||||
etag off;
|
|
||||||
alias $DATA_DIR/soundbase/txt;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /wavM {
|
|
||||||
# kill cache
|
|
||||||
add_header Last-Modified $date_gmt;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
if_modified_since off;
|
|
||||||
expires off;
|
|
||||||
etag off;
|
|
||||||
alias $DATA_DIR/soundbase/wavM;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /wav {
|
|
||||||
# kill cache
|
|
||||||
add_header Last-Modified $date_gmt;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
if_modified_since off;
|
|
||||||
expires off;
|
|
||||||
etag off;
|
|
||||||
alias $DATA_DIR/soundbase/wav;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /fiches {
|
|
||||||
alias $DATA_DIR/soundbase/fiches;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /prg {
|
|
||||||
# kill cache
|
|
||||||
add_header Last-Modified $date_gmt;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
if_modified_since off;
|
|
||||||
expires off;
|
|
||||||
etag off;
|
|
||||||
alias $DATA_DIR/soundbase/prg;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /listes {
|
|
||||||
# kill cache
|
|
||||||
add_header Last-Modified $date_gmt;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
if_modified_since off;
|
|
||||||
expires off;
|
|
||||||
etag off;
|
|
||||||
alias $DATA_DIR/soundbase/listes;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /statique {
|
|
||||||
alias $DATA_DIR/soundbase/statique;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
# kill cache
|
|
||||||
add_header Last-Modified $date_gmt;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
if_modified_since off;
|
|
||||||
expires off;
|
|
||||||
etag off;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Admin interface
|
|
||||||
location /manager {
|
|
||||||
auth_basic "Entrez votre identifiant et mot de passe";
|
|
||||||
auth_basic_user_file $DATA_DIR/soundbase/users.htpasswd;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location = /favicon.ico {
|
|
||||||
return 301 /favicon.webp;
|
|
||||||
}
|
|
||||||
|
|
||||||
# for js, css, html — dynamic site, players
|
|
||||||
location / {
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
add_header Cache-Control 'public must-revalidate';
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,13 +0,0 @@
|
|||||||
#!/usr/bin/liquidsoap
|
|
||||||
|
|
||||||
#input1 = mksafe(input.harbor("direct.ogg",port=8000,password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f"))
|
|
||||||
input1 = mksafe(input.http("http://172.29.10.109:8000/paj.ogg"))
|
|
||||||
|
|
||||||
# Direct mp3
|
|
||||||
output.icecast(
|
|
||||||
%mp3(stereo=false),
|
|
||||||
mount="/paj.mp3",
|
|
||||||
host="172.29.10.109", port=8000, password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f",
|
|
||||||
input1)
|
|
||||||
|
|
||||||
|
|
@ -1,9 +1,13 @@
|
|||||||
[shlago]
|
[shlago]
|
||||||
#max.jean-cloud.org
|
max.jean-cloud.org
|
||||||
|
tetede.jean-cloud.org
|
||||||
raku.jean-cloud.org
|
raku.jean-cloud.org
|
||||||
|
|
||||||
[servers]
|
[servers]
|
||||||
|
nougaro.jean-cloud.org
|
||||||
montbonnot.jean-cloud.org
|
montbonnot.jean-cloud.org
|
||||||
#max.jean-cloud.org
|
#blatte.jean-cloud.org
|
||||||
|
max.jean-cloud.org
|
||||||
|
tetede.jean-cloud.org
|
||||||
raku.jean-cloud.org
|
raku.jean-cloud.org
|
||||||
izzo.jean-cloud.org
|
izzo.jean-cloud.org
|
||||||
|
@ -55,14 +55,12 @@ cd "/docker/$service"
|
|||||||
|
|
||||||
if "$deploy" ; then
|
if "$deploy" ; then
|
||||||
run mkdir -p "$DATA_DIR" "$HTTP_DIR"
|
run mkdir -p "$DATA_DIR" "$HTTP_DIR"
|
||||||
run chown $uid "$DATA_DIR" "$HTTP_DIR"
|
run chown $uid "$DATA_DIR"
|
||||||
run chmod 751 "$DATA_DIR"
|
run chmod 751 "$DATA_DIR"
|
||||||
run chown $uid:www-data -R "$HTTP_DIR"
|
run chown $uid:www-data -R "$HTTP_DIR"
|
||||||
if [ -d "$SECRET_DIR" ] ; then
|
if [ -d "$SECRET_DIR" ] ; then
|
||||||
run chown $uid "$SECRET_DIR" -R
|
run chown $uid "$SECRET_DIR" -R
|
||||||
run find "$SECRET_DIR" -type d -exec chmod 751 '{}' \;
|
run chmod 751 "$SECRET_DIR" -R
|
||||||
run find "$SECRET_DIR" -type f -exec chmod 700 '{}' \;
|
|
||||||
|
|
||||||
fi
|
fi
|
||||||
else
|
else
|
||||||
[ -d "$HTTP_DIR" ] && rm -r "$HTTP_DIR"
|
[ -d "$HTTP_DIR" ] && rm -r "$HTTP_DIR"
|
||||||
|
@ -50,9 +50,6 @@ run chmod 755 /data
|
|||||||
section "Create new conf directory"
|
section "Create new conf directory"
|
||||||
run mkdir -p "$new_nginx_conf_path"
|
run mkdir -p "$new_nginx_conf_path"
|
||||||
|
|
||||||
logdir="/var/log/shlaguernetes/"
|
|
||||||
run mkdir -p "$logdir"
|
|
||||||
|
|
||||||
###############################################################################
|
###############################################################################
|
||||||
# Deploy services
|
# Deploy services
|
||||||
###############################################################################
|
###############################################################################
|
||||||
@ -73,14 +70,14 @@ do
|
|||||||
[[ "$(getent hosts $target)" != "::1 "* ]] && echo 'Not here' && continue
|
[[ "$(getent hosts $target)" != "::1 "* ]] && echo 'Not here' && continue
|
||||||
|
|
||||||
echo "Deploying"
|
echo "Deploying"
|
||||||
deploy_service.sh "$service" "noreload" &>"$logdir/deploy.$service.$(date +%Y-%m-%d.%Hh-%M-%S)" &
|
deploy_service.sh "$service" "noreload"
|
||||||
|
|
||||||
if [ "$?" -ne 0 ] ; then
|
if [ "$?" -ne 0 ] ; then
|
||||||
failed="$failed $service"
|
failed="$failed $service"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
done < <(grep -v '^#' /docker/services.csv)
|
done < <(grep -v '^#' /docker/services.csv)
|
||||||
wait
|
|
||||||
restart_nginx.sh
|
restart_nginx.sh
|
||||||
|
|
||||||
if [ -n "$failed" ] ; then
|
if [ -n "$failed" ] ; then
|
||||||
|
@ -1,72 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
# This script will generate a single config for a given host and privkey
|
|
||||||
|
|
||||||
# Limits:
|
|
||||||
# 253 peers 1 -> 254
|
|
||||||
|
|
||||||
# Lib
|
|
||||||
. /usr/local/bin/driglibash-base
|
|
||||||
|
|
||||||
# Arg parsing
|
|
||||||
if [ "$#" -ne 4 ] ; then
|
|
||||||
die "Usage: $0 <name> <privkey_filepath> <port> <net_prefix>\nNet is a /24"
|
|
||||||
fi
|
|
||||||
|
|
||||||
thisname="$1"
|
|
||||||
privkey="$2"
|
|
||||||
port="$3"
|
|
||||||
net="$4"
|
|
||||||
|
|
||||||
|
|
||||||
# script
|
|
||||||
|
|
||||||
content="$(mktemp)"
|
|
||||||
clean "rm $content"
|
|
||||||
|
|
||||||
while IFS=";" read id name location isp note pubkey ip1 ip2 ip3 ip4 ip5 ; do
|
|
||||||
# Skip header
|
|
||||||
[ "$id" = "id" ] && continue
|
|
||||||
|
|
||||||
# Add local config
|
|
||||||
if [ "$name" = "$thisname" ] ; then
|
|
||||||
cat <<-EOF
|
|
||||||
[Interface] # $name
|
|
||||||
PrivateKey = $(cat "$privkey")
|
|
||||||
ListenPort = $port
|
|
||||||
Address = $net.$id/32
|
|
||||||
|
|
||||||
EOF
|
|
||||||
else
|
|
||||||
# Create list of endpoints
|
|
||||||
endpoints=""
|
|
||||||
for i in $(seq 1 5) ; do
|
|
||||||
varname="ip$i"
|
|
||||||
ip="${!varname}"
|
|
||||||
echo "$ip" | grep -q ':' && ip="[$ip]"
|
|
||||||
if [ -n "$ip" ] ; then
|
|
||||||
endpoints="$endpoints"$'\n'"Endpoint = $ip:$port"
|
|
||||||
fi
|
|
||||||
done
|
|
||||||
|
|
||||||
# Correct endpoint value or add keepalive for endpointless hosts
|
|
||||||
if [ -n "$endpoints" ] ; then
|
|
||||||
endpoints="${endpoints:1}"
|
|
||||||
else
|
|
||||||
endpoints="PersistentKeepalive = 30"
|
|
||||||
fi
|
|
||||||
|
|
||||||
# Peer config
|
|
||||||
cat >> "$content" <<-EOF
|
|
||||||
[Peer] # $name
|
|
||||||
PublicKey = $pubkey
|
|
||||||
AllowedIPs = $net.$id/32
|
|
||||||
$endpoints
|
|
||||||
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
done < $DOCKER_DIR/servers.csv
|
|
||||||
|
|
||||||
cat "$content"
|
|
||||||
|
|
||||||
rm "$content"
|
|
@ -1,59 +1,56 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
Help(){
|
|
||||||
echo "
|
|
||||||
NAME
|
|
||||||
git_update.sh
|
|
||||||
SYNOPSIS
|
|
||||||
git_update.sh [-h] [-r ref] [-d dest] [-H] [-a] repository
|
|
||||||
OPTIONS
|
|
||||||
-h prints the help.
|
|
||||||
-r specifies the reference to the commit to be synchronized. It can be a tag or a branch. By default, it is the last commit of branch main.
|
|
||||||
It can be different from the actual branch. CAREFUL, the command git branch will always show the original branch name even though a branch switch has happened.
|
|
||||||
-d specifies the destination of the clone or update. Directory must be empty if a new clone is to be made.
|
|
||||||
If the repository to be cloned is local, and its path is passed as a relative path, the path should start from the destination.
|
|
||||||
To avoid mistakes, absolute paths are advised.
|
|
||||||
-H allows the $HOME directory to be used by git_update.sh. By default, git_update.sh cannot access $HOME to prevent default behavior.
|
|
||||||
If you need the global .gitconfig located in your $HOME to be used, you should supply the -H option.
|
|
||||||
-a specifies that the aggressive option of the git garbage collection must be used. Only advised when changes happen in many different objects. Will slow down the execution.
|
|
||||||
-o ssh options for ssh clone
|
|
||||||
DESCRIPTION
|
|
||||||
This script will replace the destination with the wanted commit of a git repository. The history is not preserved but tags are. Untracked files remain.
|
|
||||||
The git commands have been chosen so as to minimize the memory and bandwidth usages."
|
|
||||||
}
|
|
||||||
|
|
||||||
#variables
|
|
||||||
|
declare -A usage
|
||||||
|
declare -A varia
|
||||||
|
|
||||||
summary="$0 [options] <repo>"
|
summary="$0 [options] <repo>"
|
||||||
ref=main
|
|
||||||
dst='.'
|
|
||||||
use_home=false
|
|
||||||
be_aggressive="false"
|
|
||||||
ssh_opts="ssh"
|
|
||||||
|
|
||||||
while getopts ":ho:r:d:H" option; do
|
usage[b]="Branch of git repo"
|
||||||
case $option in
|
varia[b]=branch
|
||||||
h) # display Help
|
branch=master
|
||||||
Help
|
|
||||||
exit;;
|
usage[t]="Tog of git repo"
|
||||||
r) # desired branch or tag
|
varia[t]=tag
|
||||||
ref="$OPTARG";;
|
tag=
|
||||||
d) # destination of clone
|
|
||||||
dst="$OPTARG";;
|
usage[d]="Destination of clone"
|
||||||
H) # use real home dir
|
varia[d]=dst
|
||||||
use_home="true";;
|
dst='.'
|
||||||
a) #use -a in git gc call
|
|
||||||
be_aggressive="true";;
|
usage[i]="privkey used to ssh pull"
|
||||||
o) # ssh options
|
varia[i]=privkey
|
||||||
ssh_opts="$ssh_opts $OPTARG";;
|
privkey=''
|
||||||
\?) # invalid option
|
|
||||||
echo "Error: Invalid option '$option'"
|
usage[N]="Clone to a Non-empty target. Existing files will be overwriten"
|
||||||
exit;;
|
varia[N]=nonempty_target
|
||||||
esac
|
nonempty_target=false
|
||||||
done
|
|
||||||
shift $((OPTIND-1))
|
usage[K]="Remote host key file (known_hosts) for ssh connections"
|
||||||
|
varia[K]=hostkeyfile
|
||||||
|
hostkeyfile=''
|
||||||
|
|
||||||
|
usage[H]="Use real home dir"
|
||||||
|
varia[H]=use_home
|
||||||
|
use_home=false
|
||||||
|
|
||||||
|
|
||||||
|
. driglibash-args
|
||||||
|
|
||||||
|
|
||||||
|
# Some SSH options
|
||||||
|
ssh_opt='ssh'
|
||||||
|
if [ -n "$privkey" ] ; then
|
||||||
|
ssh_opt="$ssh_opt -i $privkey"
|
||||||
|
fi
|
||||||
|
|
||||||
|
if [ -n "$hostkeyfile" ] ; then
|
||||||
|
ssh_opt="$ssh_opt -o 'UserKnownHostsFile $hostkeyfile'"
|
||||||
|
fi
|
||||||
|
|
||||||
repo="$1"
|
repo="$1"
|
||||||
if [ -z "$repo" ] ; then
|
if [ -z "$repo" ] ; then
|
||||||
exit "$0: Empty repo given\n$summary"
|
die "$0: Empty repo given\n$summary"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if [ ! $use_home ] ; then
|
if [ ! $use_home ] ; then
|
||||||
@ -62,24 +59,44 @@ if [ ! $use_home ] ; then
|
|||||||
set +a
|
set +a
|
||||||
fi
|
fi
|
||||||
|
|
||||||
mkdir -p "$dst"
|
run mkdir -p "$dst"
|
||||||
cd "$dst"
|
run cd "$dst"
|
||||||
|
|
||||||
|
|
||||||
if [ -d .git ] ; then
|
if [ -d .git ] ; then
|
||||||
echo "updating..."
|
|
||||||
git fetch --tags --depth=1 --prune --prune-tags --force origin $ref
|
# Compute git branch and tag
|
||||||
git reset --hard --recurse-submodules FETCH_HEAD
|
tagref=
|
||||||
git submodule update --init --recursive --force --depth=1 --remote
|
if [ -n "$tag" ] ; then
|
||||||
#garbage collection of anything unreachable at the moment
|
tagref="tags/$tag"
|
||||||
git reflog expire --expire=now --all
|
fi
|
||||||
if "$be_aggressive" ; then
|
|
||||||
git gc --prune=now --aggressive
|
run git fetch origin "$branch" --tags
|
||||||
elsels
|
run git checkout --force $tagref -B "$branch"
|
||||||
git gc --prune=now
|
run git reset --hard # TODO we can keep some files?
|
||||||
|
# Preserve existing files in some cases
|
||||||
|
if ! "$nonempty_target" ; then
|
||||||
|
git clean -qffdx
|
||||||
fi
|
fi
|
||||||
|
run git submodule update --init --recursive --force --recommend-shallow
|
||||||
|
run git submodule foreach git fetch
|
||||||
|
run git submodule foreach git checkout --force HEAD
|
||||||
|
run git submodule foreach git reset --hard
|
||||||
|
run git submodule foreach git clean -fdx
|
||||||
else
|
else
|
||||||
echo "cloning..."
|
|
||||||
clone_dst='.'
|
clone_dst='.'
|
||||||
git clone -b "$ref" --recurse-submodules --shallow-submodules --depth 1 --config core.sshCommand="$ssh_opts" "$repo" "$clone_dst"
|
|
||||||
|
# To override an existing dir, we need to clone elsewhere first
|
||||||
|
if "$nonempty_target" ; then
|
||||||
|
clone_dst="$(mktemp -d)"
|
||||||
|
fi
|
||||||
|
|
||||||
|
run git clone -b "$branch" --single-branch --recurse-submodules --shallow-submodules --depth 1 --config core.sshCommand="$ssh_opt" "$repo" "$clone_dst"
|
||||||
|
|
||||||
|
# To override an existing dir, we then move everything to that dir
|
||||||
|
if "$nonempty_target" ; then
|
||||||
|
run mv "$clone_dst/"{*,.*} .
|
||||||
|
run rmdir "$clone_dst"
|
||||||
|
fi
|
||||||
fi
|
fi
|
||||||
|
|
||||||
|
@ -17,7 +17,7 @@ run nginx -t
|
|||||||
|
|
||||||
if [ -z "$(cat /var/run/nginx.pid)" ] ; then
|
if [ -z "$(cat /var/run/nginx.pid)" ] ; then
|
||||||
section "Start nginx"
|
section "Start nginx"
|
||||||
run systemctl restart nginx
|
run nginx
|
||||||
else
|
else
|
||||||
section "Reload nginx"
|
section "Reload nginx"
|
||||||
run nginx -s reload
|
run nginx -s reload
|
||||||
|
@ -1,8 +1,6 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
#set -euo pipefail
|
set -euo pipefail
|
||||||
# Pipefail will trigger annoying sigpipe on our greps
|
|
||||||
set -eu
|
|
||||||
|
|
||||||
if [ "$#" -ne 2 ] ; then
|
if [ "$#" -ne 2 ] ; then
|
||||||
echo "Usage: $0 <start|stop|reload|restart> <wgif>"
|
echo "Usage: $0 <start|stop|reload|restart> <wgif>"
|
||||||
|
Binary file not shown.
@ -54,7 +54,7 @@
|
|||||||
|
|
||||||
- name: Install some softwares
|
- name: Install some softwares
|
||||||
apt:
|
apt:
|
||||||
name: ['bind9', 'certbot', 'curl', 'dnsutils', 'git', 'gnupg2', 'htop', 'netcat-openbsd', 'nginx', 'nmap', 'podman', 'rsync', 'screen', 'sshfs', 'sudo', 'traceroute', 'vim', 'wget', 'zip']
|
name: ['bind9', 'certbot', 'curl', 'dnsutils', 'git', 'gnupg2', 'htop', 'hugo', 'netcat-openbsd', 'nginx', 'podman', 'rclone', 'rsync', 'screen', 'sshfs', 'sudo', 'traceroute', 'vim', 'wget', 'zip']
|
||||||
state: latest
|
state: latest
|
||||||
|
|
||||||
# TODO disable certbot and certbot.timer services. We are using our own
|
# TODO disable certbot and certbot.timer services. We are using our own
|
||||||
|
@ -58,11 +58,11 @@ http {
|
|||||||
#error_page 503 https://jean-cloud.net/503;
|
#error_page 503 https://jean-cloud.net/503;
|
||||||
|
|
||||||
# limit requests
|
# limit requests
|
||||||
#limit_req_status 429;
|
limit_req_status 429;
|
||||||
#limit_req_zone $binary_remote_addr zone=defaultlimit:10m rate=30r/s;
|
limit_req_zone $binary_remote_addr zone=defaultlimit:10m rate=30r/s;
|
||||||
#limit_req zone=defaultlimit burst=100 nodelay;
|
limit_req zone=defaultlimit burst=100 nodelay;
|
||||||
#limit_conn_zone $request_uri zone=defaultconumber:10m;
|
limit_conn_zone $request_uri zone=defaultconumber:10m;
|
||||||
#limit_conn defaultconumber 20;
|
limit_conn defaultconumber 20;
|
||||||
|
|
||||||
##
|
##
|
||||||
# Virtual Host Configs
|
# Virtual Host Configs
|
||||||
|
@ -2,7 +2,7 @@
|
|||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
# Update git repo
|
# Update git repo
|
||||||
git_update.sh -d "$HTTP_DIR" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
||||||
|
|
||||||
cd "$HTTP_DIR"
|
cd "$HTTP_DIR"
|
||||||
|
|
||||||
|
@ -1 +0,0 @@
|
|||||||
GIT_SOURCE_REPO=https://git.jean-cloud.net/eleonore/site_web_karafon.git
|
|
@ -1,5 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
# Update git repo
|
|
||||||
git_update.sh -b sale -d "$HTTP_DIR" "$GIT_SOURCE_REPO"
|
|
@ -4,24 +4,21 @@ server {
|
|||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
server_name $JC_SERVICE www.$JC_SERVICE;
|
server_name $JC_SERVICE www.$JC_SERVICE;
|
||||||
root $HTTP_DIR;
|
root $HTTP_DIR/collectifkarafon.wixsite.com/;
|
||||||
|
|
||||||
# Security headers
|
# Security headers
|
||||||
# We can create a file with the base security headers and include it.
|
# We can create a file with the base security headers and include it.
|
||||||
# Will it be possible to overload them then ?
|
# Will it be possible to overload them then ?
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self'; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self'; base-uri 'self'; form-action 'self';" always;
|
#add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self'; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self'; base-uri 'self'; form-action 'self';" always;
|
||||||
add_header X-Content-Type-Options "nosniff";
|
add_header X-Content-Type-Options "nosniff";
|
||||||
add_header X-Frame-Options SAMEORIGIN always;
|
add_header X-Frame-Options SAMEORIGIN always;
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
add_header X-XSS-Protection "1; mode=block" always;
|
||||||
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
||||||
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='none';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
|
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='https://mailer.jean-cloud.net';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
|
||||||
|
|
||||||
location / {
|
location / {
|
||||||
index index.html;
|
index monsite.html;
|
||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
location /.git {
|
|
||||||
return 404;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -1,3 +1,8 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
# For some variables
|
||||||
|
. /etc/jeancloud.env
|
||||||
|
|
||||||
apt install -y python3-certbot-dns-rfc2136
|
apt install -y python3-certbot-dns-rfc2136
|
||||||
|
@ -36,5 +36,5 @@ for srv in $(host -t TXT shlago.jean-cloud.org ns.jean-cloud.org | grep -Po 'des
|
|||||||
server="$srv.jean-cloud.org"
|
server="$srv.jean-cloud.org"
|
||||||
[ -n "$(grep "$server" /etc/hosts)" ] && continue
|
[ -n "$(grep "$server" /etc/hosts)" ] && continue
|
||||||
echo "-- $server"
|
echo "-- $server"
|
||||||
rsync -avz -e "ssh -i '$DATA_DIR/certs.priv' -p 45985" "$DATA_DIR/certs" "dnscerts.jean-cloud.org@$server:$DATA_DIR/" || true
|
rsync -avz -e "ssh -i '$DATA_DIR/certs.priv' -p 45985" "$DATA_DIR/certs" "certs@$server:$DATA_DIR/" || true
|
||||||
done
|
done
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
git_update.sh -d "$HTTP_DIR" -r 2021 "https://git.jean-cloud.net/adrian/feteducourt-static.git"
|
git_update.sh -d "$HTTP_DIR" -b 2021 "https://git.jean-cloud.net/adrian/feteducourt-static.git"
|
||||||
|
@ -1,4 +1,4 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
git_update.sh -d "$HTTP_DIR" -r 2020 "https://git.jean-cloud.net/adrian/feteducourt-static.git"
|
git_update.sh -d "$HTTP_DIR" -b 2020 "https://git.jean-cloud.net/adrian/feteducourt-static.git"
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
git_update.sh -d "$HTTP_DIR" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
||||||
|
|
||||||
|
@ -1,7 +1,7 @@
|
|||||||
version: '3'
|
version: '3'
|
||||||
services:
|
services:
|
||||||
gitea:
|
gitea:
|
||||||
image: gitea/gitea:1.22
|
image: gitea/gitea:1.21
|
||||||
depends_on:
|
depends_on:
|
||||||
- db
|
- db
|
||||||
volumes:
|
volumes:
|
||||||
|
@ -1,11 +1,8 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
# Do not update website if body is unreachable
|
|
||||||
[ ! -f "$HTTP_DIR/public/index.html" ] && { curl --fail-with-body https://$RADIO_HOST/manager/ >/dev/null || exit 0 ; }
|
|
||||||
|
|
||||||
# Update git repo
|
# Update git repo
|
||||||
git_update.sh -d "$HTTP_DIR" -o "-i $SECRET_DIR/gitlab-deploy.sshprivkey" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
||||||
|
|
||||||
cd "$HTTP_DIR"
|
cd "$HTTP_DIR"
|
||||||
|
|
||||||
@ -13,7 +10,7 @@ cd "$HTTP_DIR"
|
|||||||
rclone_ncloud_publiclink.sh
|
rclone_ncloud_publiclink.sh
|
||||||
|
|
||||||
# Invalid cache
|
# Invalid cache
|
||||||
rm -rf "/tmp/hugo_cache_$USER"
|
#rm -rf "/tmp/hugo_cache_$USER"
|
||||||
|
|
||||||
# Build website
|
# Build website
|
||||||
HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo
|
HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo
|
||||||
|
@ -1,2 +1 @@
|
|||||||
GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/jean-cloud_website
|
GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/jean-cloud_website
|
||||||
GIT_BRANCH=master
|
|
||||||
|
@ -1,5 +1,5 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
git_update.sh -d "$HTTP_DIR" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
||||||
|
|
||||||
|
@ -6,7 +6,7 @@ fi
|
|||||||
|
|
||||||
. venv/bin/activate
|
. venv/bin/activate
|
||||||
|
|
||||||
git_update.sh -r v1 -d $HTTP_DIR https://git.jean-cloud.net/adrian/mutubot.git
|
git_update.sh -b v1 -d $HTTP_DIR https://git.jean-cloud.net/adrian/mutubot.git
|
||||||
|
|
||||||
pip install -r requirements.txt
|
pip install -r requirements.txt
|
||||||
|
|
||||||
|
@ -1,16 +0,0 @@
|
|||||||
WEBSERVER=.105
|
|
||||||
MUX=.100
|
|
||||||
TELECOM=.101
|
|
||||||
SWEBSOCKET_PORT=2002
|
|
||||||
WEBSOCKET_PORT=2202
|
|
||||||
RADIO_HOST=mux.paj.oma-radio.fr
|
|
||||||
MUX_SERVER_PORT=9002
|
|
||||||
TELECOM_SERVER_PORT=3492
|
|
||||||
SOUNDBASE_DIR=/data/mux.paj.oma-radio.fr/soundbase
|
|
||||||
OMA_DOCKER_VERSION=dev
|
|
||||||
ICECAST=.110
|
|
||||||
SOUNDBASE_IP=10.99.99.7
|
|
||||||
SOUNDBASE_HOST=soundbase.paj.oma-radio.fr
|
|
||||||
COMPOSE_NAME=muxpajoma-radiofr
|
|
||||||
DOCKER_INSTANCES_PREFIX=muxpajoma-radiofr-
|
|
||||||
DOCKER_INSTANCES_SUFIX=-1
|
|
@ -1,6 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
mkdir -p "$SOUNDBASE_DIR/pige"
|
|
||||||
chown 10000:10000 "$SOUNDBASE_DIR/pige" -R
|
|
||||||
|
|
||||||
cat "$SECRET_DIR/registry_pass" | docker login --username "$registry_user" --password-stdin registry.gitlab.com
|
|
||||||
|
|
@ -1,10 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
if [ ! -e "$DATA_DIR/.env" ] ; then
|
|
||||||
cat > "$DATA_DIR/.env" <<EOF
|
|
||||||
ICECAST_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
|
||||||
ICECAST_ADMIN_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
|
||||||
ICECAST_RELAY_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
|
||||||
LIQUIDSOAP_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
|
||||||
EOF
|
|
||||||
fi
|
|
@ -1,143 +0,0 @@
|
|||||||
version: '3'
|
|
||||||
services:
|
|
||||||
ambre_mux:
|
|
||||||
image: registry.gitlab.com/omaradio/core/oma-mux:$OMA_DOCKER_VERSION
|
|
||||||
env_file:
|
|
||||||
- .env
|
|
||||||
- $DATA_DIR/.env
|
|
||||||
environment:
|
|
||||||
OMA_CONFIG_Client1Host: $NET$ICECAST
|
|
||||||
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
|
|
||||||
OMA_CONFIG_LogLevel: 8
|
|
||||||
volumes:
|
|
||||||
- $SOUNDBASE_DIR/pige:/app/pige
|
|
||||||
ports:
|
|
||||||
- $MUX_SERVER_PORT:9000
|
|
||||||
depends_on:
|
|
||||||
- transcode
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET$MUX
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 100M
|
|
||||||
|
|
||||||
|
|
||||||
saphir_telecom_server:
|
|
||||||
image: registry.gitlab.com/omaradio/core/oma-telecom-server:$OMA_DOCKER_VERSION
|
|
||||||
env_file: .env
|
|
||||||
ports:
|
|
||||||
- $TELECOM_SERVER_PORT:3490
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET$TELECOM
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 100M
|
|
||||||
|
|
||||||
amarante_webserver:
|
|
||||||
image: registry.gitlab.com/omaradio/core/oma-webserver:$OMA_DOCKER_VERSION
|
|
||||||
env_file: .env
|
|
||||||
environment:
|
|
||||||
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
|
|
||||||
OMA_CONFIG_PigeTxtLoadFic: off
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- $SOUNDBASE_DIR:/soundbase
|
|
||||||
ports:
|
|
||||||
- $WEBSOCKET_PORT:9000
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET$WEBSERVER
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 100M
|
|
||||||
|
|
||||||
transcode:
|
|
||||||
image: savonet/liquidsoap:v2.1.4
|
|
||||||
env_file:
|
|
||||||
- .env
|
|
||||||
- $DATA_DIR/.env
|
|
||||||
volumes:
|
|
||||||
- ./liquidsoap.liq:/transcode.liq
|
|
||||||
- $SOUNDBASE_DIR:/soundbase
|
|
||||||
command: /transcode.liq
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.108
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 300M
|
|
||||||
|
|
||||||
#radioking:
|
|
||||||
# image: jeancloud/liquidsoap:1.3.7
|
|
||||||
# env_file: .env
|
|
||||||
# volumes:
|
|
||||||
# - ./radioking.liq:/radioking.liq
|
|
||||||
# command: /radioking.liq
|
|
||||||
# restart: unless-stopped
|
|
||||||
# networks:
|
|
||||||
# default:
|
|
||||||
# ipv4_address: $NET.111
|
|
||||||
|
|
||||||
|
|
||||||
icecast:
|
|
||||||
image: infiniteproject/icecast
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
# echo -n "source:pass" | base64
|
|
||||||
ICECAST_ADMIN_USERNAME: admin
|
|
||||||
ICECAST_ADMIN_EMAIL: contact@oma-radio.fr
|
|
||||||
ICECAST_LOCATION: Rhône-Alpes
|
|
||||||
TZ: Europe/Paris
|
|
||||||
env_file: $DATA_DIR/.env
|
|
||||||
healthcheck:
|
|
||||||
test: "wget http://127.0.0.1:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://127.0.0.1:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'"
|
|
||||||
interval: 1h0m0s
|
|
||||||
timeout: 10s
|
|
||||||
retries: 3
|
|
||||||
start_period: 1m0s
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET$ICECAST
|
|
||||||
|
|
||||||
system_api:
|
|
||||||
image: jeancloud/system-api:$OMA_DOCKER_VERSION
|
|
||||||
env_file: .env
|
|
||||||
environment:
|
|
||||||
UID: 33
|
|
||||||
SOUNDBASE_PATH: /soundbase
|
|
||||||
MOUNT: /muxapi
|
|
||||||
CONFIG_PATH: /config
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
|
||||||
- $SOUNDBASE_DIR:/soundbase
|
|
||||||
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.107
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 500M
|
|
||||||
|
|
||||||
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipam:
|
|
||||||
config:
|
|
||||||
- subnet: $NET.0/24
|
|
@ -1,84 +0,0 @@
|
|||||||
#!/usr/bin/liquidsoap
|
|
||||||
|
|
||||||
# Extract timestamp from pige path
|
|
||||||
def ts_from_filepath (filepath)
|
|
||||||
splitpath = string.split(separator='/', filepath)
|
|
||||||
# Keep only filename
|
|
||||||
filename = list.nth(splitpath,list.length(splitpath)-1)
|
|
||||||
int_of_string(list.hd(string.split(separator='\\.', filename)))
|
|
||||||
end
|
|
||||||
|
|
||||||
# Remove pige from now-1month
|
|
||||||
def rm_pige(ts)
|
|
||||||
filepath = "/soundbase/pige/#{ts}.ogg"
|
|
||||||
if file.exists("#{filepath}") then
|
|
||||||
process.run("rm #{filepath}")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
# Check that the timestamp starts exactly on a minute
|
|
||||||
def integrity_check(ts)
|
|
||||||
if ts mod 60 != 0 then
|
|
||||||
print("#{ts} is to fix")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Routine integrity check for each files
|
|
||||||
def clean_and_check (filepath)
|
|
||||||
ts = ts_from_filepath (filepath)
|
|
||||||
|
|
||||||
# Remove if old
|
|
||||||
if ( ts < int_of_float(time()) - 2678400 ) then
|
|
||||||
rm_pige(ts)
|
|
||||||
end
|
|
||||||
|
|
||||||
integrity_check (ts)
|
|
||||||
end
|
|
||||||
|
|
||||||
def clean_and_check_latest (filepath)
|
|
||||||
ts = ts_from_filepath (filepath)
|
|
||||||
rm_pige(ts - 2678400) # ts of one month sooner
|
|
||||||
integrity_check (ts)
|
|
||||||
|
|
||||||
end
|
|
||||||
|
|
||||||
# Exaustive integrity check
|
|
||||||
def clean_and_check_all ()
|
|
||||||
list.iter(clean_and_check, file.ls("/soundbase/pige/"))
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Mux
|
|
||||||
#input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
|
|
||||||
input1 = mksafe(input.http("http://icecast:8000/direct.ogg"))
|
|
||||||
|
|
||||||
# Direct mp3
|
|
||||||
# TODO faire du 44100 pour éviter les trous ?
|
|
||||||
output.icecast(
|
|
||||||
%mp3(bitrate=128, samplerate=22050, stereo=false),
|
|
||||||
mount="/direct.mp3",
|
|
||||||
#host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
|
||||||
host="icecast", port=8000, password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f",
|
|
||||||
input1)
|
|
||||||
|
|
||||||
# Radioking
|
|
||||||
#output.icecast(
|
|
||||||
# %mp3(bitrate=128, samplerate=22050, stereo=false),
|
|
||||||
# mount="/test355",
|
|
||||||
# host="live.radioking.com", port=80, user="", password="",
|
|
||||||
# input)
|
|
||||||
|
|
||||||
# Direct ogg
|
|
||||||
#output.icecast(
|
|
||||||
# %vorbis(samplerate=44100, channels=1, quality=0.2),
|
|
||||||
# mount="/direct.ogg",
|
|
||||||
# host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
|
||||||
# input1)
|
|
||||||
|
|
||||||
# Pige
|
|
||||||
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check_latest)
|
|
||||||
|
|
||||||
# Integrity checks
|
|
||||||
clean_and_check_all()
|
|
@ -1,119 +0,0 @@
|
|||||||
map $http_upgrade $connection_upgrade {
|
|
||||||
default upgrade;
|
|
||||||
'' close;
|
|
||||||
}
|
|
||||||
|
|
||||||
server{
|
|
||||||
listen $SWEBSOCKET_PORT ssl;
|
|
||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://$NET$WEBSERVER:9000;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_read_timeout 120s;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
listen [::]:443 ssl;
|
|
||||||
server_name $JC_SERVICE;
|
|
||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://$SOUNDBASE_IP/;
|
|
||||||
proxy_set_header Host '$SOUNDBASE_HOST';
|
|
||||||
proxy_redirect http://$SOUNDBASE_HOST https://$JC_SERVICE;
|
|
||||||
# wait
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_connect_timeout 6000;
|
|
||||||
proxy_send_timeout 60000;
|
|
||||||
proxy_read_timeout 6000;
|
|
||||||
send_timeout 6000;
|
|
||||||
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
location /pige {
|
|
||||||
alias "$SOUNDBASE_DIR/pige";
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
location /direct.ogg {
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_pass http://$NET$ICECAST:8000/direct.ogg;
|
|
||||||
# kill cache
|
|
||||||
add_header Last-Modified $date_gmt;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
if_modified_since off;
|
|
||||||
expires off;
|
|
||||||
etag off;
|
|
||||||
}
|
|
||||||
location /direct.mp3 {
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_pass http://$NET$ICECAST:8000/direct.mp3;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
}
|
|
||||||
location /style.css {
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_pass http://$NET$ICECAST:8000/style.css;
|
|
||||||
}
|
|
||||||
location /status.xsl {
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_pass http://$NET$ICECAST:8000/status.xsl;
|
|
||||||
# kill cache
|
|
||||||
add_header Last-Modified $date_gmt;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
if_modified_since off;
|
|
||||||
expires off;
|
|
||||||
etag off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location ~ /muxapi(/.*) {
|
|
||||||
auth_basic "Entrez votre identifiant et mot de passe";
|
|
||||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
|
||||||
include uwsgi_params;
|
|
||||||
uwsgi_param PATH_INFO "$1";
|
|
||||||
uwsgi_param SCRIPT_NAME /muxapi;
|
|
||||||
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_connect_timeout 6000;
|
|
||||||
proxy_send_timeout 60000;
|
|
||||||
proxy_read_timeout 6000;
|
|
||||||
send_timeout 6000;
|
|
||||||
# kill cache
|
|
||||||
add_header Last-Modified $date_gmt;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy- revalidate, max-age=0';
|
|
||||||
if_modified_since off;
|
|
||||||
expires off;
|
|
||||||
etag off;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
location ~ /muxapi(/.*) {
|
|
||||||
auth_basic "Entrez votre identifiant et mot de passe";
|
|
||||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
|
||||||
include uwsgi_params;
|
|
||||||
uwsgi_param PATH_INFO "$1";
|
|
||||||
uwsgi_param SCRIPT_NAME /muxapi;
|
|
||||||
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_connect_timeout 6000;
|
|
||||||
proxy_send_timeout 60000;
|
|
||||||
proxy_read_timeout 6000;
|
|
||||||
send_timeout 6000;
|
|
||||||
# kill cache
|
|
||||||
add_header Last-Modified $date_gmt;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
if_modified_since off;
|
|
||||||
expires off;
|
|
||||||
etag off;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,3 +1,4 @@
|
|||||||
|
ENDPOINT=10.29.0.1
|
||||||
WEBSERVER=.105
|
WEBSERVER=.105
|
||||||
MUX=.100
|
MUX=.100
|
||||||
TELECOM=.101
|
TELECOM=.101
|
||||||
@ -6,12 +7,7 @@ WEBSOCKET_PORT=2204
|
|||||||
RADIO_HOST=mux.radiodemo.oma-radio.fr
|
RADIO_HOST=mux.radiodemo.oma-radio.fr
|
||||||
MUX_SERVER_PORT=9004
|
MUX_SERVER_PORT=9004
|
||||||
TELECOM_SERVER_PORT=3494
|
TELECOM_SERVER_PORT=3494
|
||||||
SOUNDBASE_DIR=/data/mux.radiodemo.oma-radio.fr/
|
SOUNDBASE_DIR=/data/mux.radiodemo.oma-radio.fr/core/radioDemo
|
||||||
OMA_DOCKER_VERSION=dev
|
OMA_DOCKER_VERSION=dev
|
||||||
ICECAST=.110
|
ICECAST=.110
|
||||||
SOUNDBASE_IP=10.99.99.7
|
WG_NAME_radiodemo=radiodemo
|
||||||
SOUNDBASE_HOST=soundbase.radiodemo.oma-radio.fr
|
|
||||||
COMPOSE_NAME=muxradiodemooma-radiofr
|
|
||||||
DOCKER_INSTANCES_PREFIX=muxradiodemooma-radiofr-
|
|
||||||
DOCKER_INSTANCES_SUFIX=-1
|
|
||||||
OMA_CONFIG_LogLevel=8
|
|
||||||
|
@ -1,12 +1,10 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
if [ ! -e "$DATA_DIR/.env" ] ; then
|
if [ ! -e "$DATA_DIR/.env" ] ; then
|
||||||
source_pass="$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 40)"
|
|
||||||
cat > "$DATA_DIR/.env" <<EOF
|
cat > "$DATA_DIR/.env" <<EOF
|
||||||
ICECAST_SOURCE_PASSWORD=$source_pass
|
ICECAST_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||||
ICECAST_ADMIN_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 40)
|
ICECAST_ADMIN_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||||
ICECAST_RELAY_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 40)
|
ICECAST_RELAY_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||||
LIQUIDSOAP_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 40)
|
LIQUIDSOAP_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
||||||
OMA_CONFIG_Client1EnteteNext="Authorization: Basic $(echo "source:$source_pass" | base64)"
|
|
||||||
EOF
|
EOF
|
||||||
fi
|
fi
|
||||||
|
@ -6,7 +6,7 @@ services:
|
|||||||
- .env
|
- .env
|
||||||
- $DATA_DIR/.env
|
- $DATA_DIR/.env
|
||||||
environment:
|
environment:
|
||||||
OMA_CONFIG_Client1Host: $NET$ICECAST
|
OMA_CONFIG_Client1Host: $NET.108
|
||||||
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
|
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
|
||||||
OMA_CONFIG_Pige: on
|
OMA_CONFIG_Pige: on
|
||||||
volumes:
|
volumes:
|
||||||
@ -58,7 +58,7 @@ services:
|
|||||||
deploy:
|
deploy:
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpus: '0.5'
|
cpus: '0.50'
|
||||||
memory: 100M
|
memory: 100M
|
||||||
|
|
||||||
transcode:
|
transcode:
|
||||||
@ -103,7 +103,7 @@ services:
|
|||||||
TZ: Europe/Paris
|
TZ: Europe/Paris
|
||||||
env_file: $DATA_DIR/.env
|
env_file: $DATA_DIR/.env
|
||||||
healthcheck:
|
healthcheck:
|
||||||
test: "wget http://127.0.0.1:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://127.0.0.1:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'"
|
test: "wget http://localhost:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://localhost:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'"
|
||||||
interval: 1h0m0s
|
interval: 1h0m0s
|
||||||
timeout: 10s
|
timeout: 10s
|
||||||
retries: 3
|
retries: 3
|
||||||
@ -112,28 +112,6 @@ services:
|
|||||||
default:
|
default:
|
||||||
ipv4_address: $NET$ICECAST
|
ipv4_address: $NET$ICECAST
|
||||||
|
|
||||||
system_api:
|
|
||||||
image: jeancloud/system-api:$OMA_DOCKER_VERSION
|
|
||||||
env_file: .env
|
|
||||||
environment:
|
|
||||||
UID: 33
|
|
||||||
SOUNDBASE_PATH: /soundbase
|
|
||||||
MOUNT: /muxapi
|
|
||||||
CONFIG_PATH: /config
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
|
||||||
- $SOUNDBASE_DIR:/soundbase
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.107
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 500M
|
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
default:
|
default:
|
||||||
ipam:
|
ipam:
|
||||||
|
@ -1,79 +0,0 @@
|
|||||||
#!/usr/bin/liquidsoap
|
|
||||||
|
|
||||||
# Extract timestamp from pige path
|
|
||||||
def ts_from_filepath (filepath)
|
|
||||||
splitpath = string.split(separator='/', filepath)
|
|
||||||
# Keep only filename
|
|
||||||
filename = list.nth(splitpath,list.length(splitpath)-1)
|
|
||||||
int_of_string(list.hd(string.split(separator='\\.', filename)))
|
|
||||||
end
|
|
||||||
|
|
||||||
# Remove pige from now-1month
|
|
||||||
def clean_single_old_pige(ts)
|
|
||||||
# ts of one month sooner
|
|
||||||
ts = ts - 2678400
|
|
||||||
filepath = "/soundbase/pige/#{ts}.ogg"
|
|
||||||
if file.exists("#{filepath}") then
|
|
||||||
process.run("rm #{filepath}")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Remove a pige file if it is too old
|
|
||||||
def clean_if_old(filename)
|
|
||||||
filepath = "/soundbase/pige/#{filename}"
|
|
||||||
if ( ts_from_filepath (filename) < int_of_float(time()) - 2678400 ) then
|
|
||||||
process.run("rm #{filepath}")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Check that the timestamp starts exactly on a minute
|
|
||||||
def integrity_check(ts)
|
|
||||||
if ts mod 60 != 0 then
|
|
||||||
log.important("#{ts} is to fix")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Routine integrity check for each files
|
|
||||||
def clean_and_check (filepath)
|
|
||||||
ts = ts_from_filepath (filepath)
|
|
||||||
integrity_check (ts)
|
|
||||||
clean_single_old_pige (ts)
|
|
||||||
end
|
|
||||||
|
|
||||||
# Exaustive integrity check
|
|
||||||
def clean_and_check_all ()
|
|
||||||
#list.iter(clean_if_old, file.ls("/soundbase/pige/"))
|
|
||||||
list.iter(clean_and_check, file.ls("/soundbase/pige/"))
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Mux
|
|
||||||
input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
|
|
||||||
|
|
||||||
# Direct mp3
|
|
||||||
output.icecast(
|
|
||||||
%mp3(bitrate=128, samplerate=22050, stereo=false),
|
|
||||||
mount="/direct.mp3",
|
|
||||||
host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
|
||||||
input1)
|
|
||||||
|
|
||||||
# Radioking
|
|
||||||
#output.icecast(
|
|
||||||
# %mp3(bitrate=128, samplerate=22050, stereo=false),
|
|
||||||
# mount="/test355",
|
|
||||||
# host="live.radioking.com", port=80, user="", password="",
|
|
||||||
# input)
|
|
||||||
|
|
||||||
# Direct ogg
|
|
||||||
output.icecast(
|
|
||||||
%vorbis(samplerate=44100, channels=1, quality=0.2),
|
|
||||||
mount="/direct.ogg",
|
|
||||||
host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
|
||||||
input1)
|
|
||||||
|
|
||||||
# Pige
|
|
||||||
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check)
|
|
||||||
|
|
||||||
# Integrity checks
|
|
||||||
clean_and_check_all()
|
|
@ -1,80 +0,0 @@
|
|||||||
#!/usr/bin/liquidsoap
|
|
||||||
|
|
||||||
# Extract timestamp from pige path
|
|
||||||
def ts_from_filepath (filepath)
|
|
||||||
splitpath = string.split(separator='/', filepath)
|
|
||||||
# Keep only filename
|
|
||||||
filename = list.nth(splitpath,list.length(splitpath)-1)
|
|
||||||
int_of_string(list.hd(string.split(separator='\\.', filename)))
|
|
||||||
end
|
|
||||||
|
|
||||||
# Remove pige from now-1month
|
|
||||||
def clean_single_old_pige(ts)
|
|
||||||
# ts of one month sooner
|
|
||||||
ts = ts - 2678400
|
|
||||||
filepath = "/soundbase/pige/#{ts}.ogg"
|
|
||||||
if file.exists("#{filepath}") then
|
|
||||||
process.run("rm #{filepath}")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Remove a pige file if it is too old
|
|
||||||
def clean_if_old(filename)
|
|
||||||
filepath = "/soundbase/pige/#{filename}"
|
|
||||||
if ( ts_from_filepath (filename) < int_of_float(time()) - 2678400 ) then
|
|
||||||
process.run("rm #{filepath}")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Check that the timestamp starts exactly on a minute
|
|
||||||
def integrity_check(ts)
|
|
||||||
if ts mod 60 != 0 then
|
|
||||||
log.important("#{ts} is to fix")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Routine integrity check for each files
|
|
||||||
def clean_and_check (filepath)
|
|
||||||
ts = ts_from_filepath (filepath)
|
|
||||||
integrity_check (ts)
|
|
||||||
clean_single_old_pige (ts)
|
|
||||||
end
|
|
||||||
|
|
||||||
# Exaustive integrity check
|
|
||||||
def clean_and_check_all ()
|
|
||||||
list.iter(clean_if_old, file.ls("/soundbase/pige/"))
|
|
||||||
list.iter(clean_and_check, file.ls("/soundbase/pige/"))
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Mux
|
|
||||||
#input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
|
|
||||||
input1 = mksafe(input.http("http://icecast:8000/direct.ogg"))
|
|
||||||
|
|
||||||
# Direct mp3
|
|
||||||
output.icecast(
|
|
||||||
%mp3(bitrate=128, samplerate=22050, stereo=false),
|
|
||||||
mount="/direct.mp3",
|
|
||||||
host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
|
||||||
input1)
|
|
||||||
|
|
||||||
# Radioking
|
|
||||||
#output.icecast(
|
|
||||||
# %mp3(bitrate=128, samplerate=22050, stereo=false),
|
|
||||||
# mount="/test355",
|
|
||||||
# host="live.radioking.com", port=80, user="", password="",
|
|
||||||
# input)
|
|
||||||
|
|
||||||
# Direct ogg
|
|
||||||
#output.icecast(
|
|
||||||
# %vorbis(samplerate=44100, channels=1, quality=0.2),
|
|
||||||
# mount="/direct.ogg",
|
|
||||||
# host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
|
||||||
# input1)
|
|
||||||
|
|
||||||
# Pige
|
|
||||||
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check)
|
|
||||||
|
|
||||||
# Integrity checks
|
|
||||||
clean_and_check_all()
|
|
@ -1 +0,0 @@
|
|||||||
liquidsoap-transcode.liq
|
|
79
services/mux.radiodemo.oma-radio.fr/liquidsoap.liq
Normal file
79
services/mux.radiodemo.oma-radio.fr/liquidsoap.liq
Normal file
@ -0,0 +1,79 @@
|
|||||||
|
#!/usr/bin/liquidsoap
|
||||||
|
|
||||||
|
# Extract timestamp from pige path
|
||||||
|
def ts_from_filepath (filepath)
|
||||||
|
splitpath = string.split(separator='/', filepath)
|
||||||
|
# Keep only filename
|
||||||
|
filename = list.nth(splitpath,list.length(splitpath)-1)
|
||||||
|
int_of_string(list.hd(string.split(separator='\\.', filename)))
|
||||||
|
end
|
||||||
|
|
||||||
|
# Remove pige from now-1month
|
||||||
|
def clean_single_old_pige(ts)
|
||||||
|
# ts of one month sooner
|
||||||
|
ts = ts - 2678400
|
||||||
|
filepath = "/soundbase/pige/#{ts}.ogg"
|
||||||
|
if file.exists("#{filepath}") then
|
||||||
|
process.run("rm #{filepath}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Remove a pige file if it is too old
|
||||||
|
def clean_if_old(filename)
|
||||||
|
filepath = "/soundbase/pige/#{filename}"
|
||||||
|
if ( ts_from_filepath (filename) < int_of_float(time()) - 2678400 ) then
|
||||||
|
process.run("rm #{filepath}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Check that the timestamp starts exactly on a minute
|
||||||
|
def integrity_check(ts)
|
||||||
|
if ts mod 60 != 0 then
|
||||||
|
log.important("#{ts} is to fix")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
# Routine integrity check for each files
|
||||||
|
def clean_and_check (filepath)
|
||||||
|
ts = ts_from_filepath (filepath)
|
||||||
|
integrity_check (ts)
|
||||||
|
clean_single_old_pige (ts)
|
||||||
|
end
|
||||||
|
|
||||||
|
# Exaustive integrity check
|
||||||
|
def clean_and_check_all ()
|
||||||
|
#list.iter(clean_if_old, file.ls("/soundbase/pige/"))
|
||||||
|
list.iter(clean_and_check, file.ls("/soundbase/pige/"))
|
||||||
|
end
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Mux
|
||||||
|
input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
|
||||||
|
|
||||||
|
# Direct mp3
|
||||||
|
output.icecast(
|
||||||
|
%mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||||
|
mount="/direct.mp3",
|
||||||
|
host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
||||||
|
input1)
|
||||||
|
|
||||||
|
# Radioking
|
||||||
|
#output.icecast(
|
||||||
|
# %mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||||
|
# mount="/test355",
|
||||||
|
# host="live.radioking.com", port=80, user="", password="",
|
||||||
|
# input)
|
||||||
|
|
||||||
|
# Direct ogg
|
||||||
|
output.icecast(
|
||||||
|
%vorbis(samplerate=44100, channels=1, quality=0.2),
|
||||||
|
mount="/direct.ogg",
|
||||||
|
host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
||||||
|
input1)
|
||||||
|
|
||||||
|
# Pige
|
||||||
|
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check)
|
||||||
|
|
||||||
|
# Integrity checks
|
||||||
|
clean_and_check_all()
|
@ -28,73 +28,25 @@ server {
|
|||||||
|
|
||||||
location / {
|
location / {
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
proxy_pass http://$SOUNDBASE_IP/;
|
proxy_pass http://$ENDPOINT/;
|
||||||
proxy_set_header Host '$SOUNDBASE_HOST';
|
proxy_set_header Host 'soundbase.radiodemo.oma-radio.fr';
|
||||||
proxy_redirect http://$SOUNDBASE_HOST https://$JC_SERVICE;
|
proxy_redirect http://soundbase.radiodemo.oma-radio.fr https://$JC_SERVICE;
|
||||||
# wait
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_connect_timeout 6000;
|
|
||||||
proxy_send_timeout 60000;
|
|
||||||
proxy_read_timeout 6000;
|
|
||||||
send_timeout 6000;
|
|
||||||
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
location /pige {
|
|
||||||
alias "$SOUNDBASE_DIR/pige";
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
location /direct.ogg {
|
location /direct.ogg {
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
proxy_pass http://$NET$ICECAST:8000/direct.ogg;
|
proxy_pass http://$NET$ICECAST:8000/direct.ogg;
|
||||||
# kill cache
|
|
||||||
add_header Last-Modified $date_gmt;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
if_modified_since off;
|
|
||||||
expires off;
|
|
||||||
etag off;
|
|
||||||
}
|
}
|
||||||
location /direct.mp3 {
|
location /direct.mp3 {
|
||||||
client_max_body_size 0;
|
client_max_body_size 0;
|
||||||
proxy_pass http://$NET$ICECAST:8000/direct.mp3;
|
proxy_pass http://$NET$ICECAST:8000/direct.mp3;
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
}
|
}
|
||||||
location /style.css {
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_pass http://$NET$ICECAST:8000/style.css;
|
|
||||||
}
|
|
||||||
location /status.xsl {
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_pass http://$NET$ICECAST:8000/status.xsl;
|
|
||||||
# kill cache
|
|
||||||
add_header Last-Modified $date_gmt;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
if_modified_since off;
|
|
||||||
expires off;
|
|
||||||
etag off;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
location /logs/ {
|
||||||
location ~ /muxapi(/.*) {
|
include /etc/nginx/fastcgi_params;
|
||||||
auth_basic "Entrez votre identifiant et mot de passe";
|
fastcgi_param SCRIPT_FILENAME $DOCKER_DIR/server.sh;
|
||||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
fastcgi_pass unix:/var/run/fcgiwrap.socket;
|
||||||
include uwsgi_params;
|
}
|
||||||
uwsgi_param PATH_INFO "$1";
|
|
||||||
uwsgi_param SCRIPT_NAME /muxapi;
|
|
||||||
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_connect_timeout 6000;
|
|
||||||
proxy_send_timeout 60000;
|
|
||||||
proxy_read_timeout 6000;
|
|
||||||
send_timeout 6000;
|
|
||||||
# kill cache
|
|
||||||
add_header Last-Modified $date_gmt;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
if_modified_since off;
|
|
||||||
expires off;
|
|
||||||
etag off;
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
7
services/mux.radiodemo.oma-radio.fr/radioking.liq
Normal file
7
services/mux.radiodemo.oma-radio.fr/radioking.liq
Normal file
@ -0,0 +1,7 @@
|
|||||||
|
input = mksafe(input.http("http://172.29.0.110:8000/direct.mp3"))
|
||||||
|
output.icecast(
|
||||||
|
%mp3(bitrate=128, samplerate=22050, stereo=false),
|
||||||
|
mount="/test355",
|
||||||
|
host="live.radioking.com", port=80, user="test_test29", password="S9tx3VBhl",
|
||||||
|
input)
|
||||||
|
|
@ -10,7 +10,7 @@ instance=''
|
|||||||
since=''
|
since=''
|
||||||
until=''
|
until=''
|
||||||
|
|
||||||
action="$(echo "${REQUEST_URI##*/}" | tr -d '/\;!<>?#[]()"*.' | sed 's/&/\n/g')"
|
action="$(echo "$QUERY_STRING" | tr -d '/\;!<>?#[]()"*.' | sed 's/&/\n/g')"
|
||||||
|
|
||||||
while IFS='=' read key value ; do
|
while IFS='=' read key value ; do
|
||||||
case "$key" in
|
case "$key" in
|
||||||
@ -35,9 +35,7 @@ done < <(echo "$action")
|
|||||||
[ -z "$since" ] && exit 3
|
[ -z "$since" ] && exit 3
|
||||||
[ -z "$until" ] && exit 4
|
[ -z "$until" ] && exit 4
|
||||||
|
|
||||||
pwd
|
|
||||||
echo docker-compose logs --since "$since" --until "$until" "$instance"
|
echo docker-compose logs --since "$since" --until "$until" "$instance"
|
||||||
docker-compose logs --since "$since" --until "$until" "$instance" 2>&1
|
|
||||||
if [ "$?" -ne 0 ] ; then
|
if [ "$?" -ne 0 ] ; then
|
||||||
echo failed
|
echo failed
|
||||||
fi
|
fi
|
||||||
|
33
services/mux.radiodemo.oma-radio.fr/wg-radiodemo.sh
Executable file
33
services/mux.radiodemo.oma-radio.fr/wg-radiodemo.sh
Executable file
@ -0,0 +1,33 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
. .env
|
||||||
|
|
||||||
|
wgif="$1"
|
||||||
|
|
||||||
|
echo "
|
||||||
|
[Interface]
|
||||||
|
PrivateKey = $(cat $DATA_DIR/privatekey)
|
||||||
|
Address = 10.29.0.254/32
|
||||||
|
ListenPort = 55820
|
||||||
|
|
||||||
|
# packet forwarding
|
||||||
|
PreUp = sysctl -w net.ipv4.ip_forward=1
|
||||||
|
|
||||||
|
# port forwarding
|
||||||
|
#PreUp = iptables -t nat -A PREROUTING -p tcp --dport $MUX_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$MUX_SERVER_PORT
|
||||||
|
#PreUp = iptables -t nat -A PREROUTING -p tcp --dport $TELECOM_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$TELECOM_SERVER_PORT
|
||||||
|
|
||||||
|
#PostDown = iptables -t nat -D PREROUTING -p tcp --dport $MUX_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$MUX_SERVER_PORT
|
||||||
|
#PostDown = iptables -t nat -D PREROUTING -p tcp --dport $TELECOM_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$TELECOM_SERVER_PORT
|
||||||
|
|
||||||
|
# packet masquerading
|
||||||
|
#PreUp = iptables -t nat -A POSTROUTING -o $wgif -j MASQUERADE
|
||||||
|
#PostDown = iptables -t nat -D POSTROUTING -o $wgif -j MASQUERADE
|
||||||
|
|
||||||
|
# remote settings for the private server
|
||||||
|
[Peer]
|
||||||
|
PublicKey = 6/Mlxe9auEw/WQnC6QYNAYtSAo8jAEMhJ1wXaRNy4AE=
|
||||||
|
AllowedIPs = 10.29.0.0/24
|
||||||
|
"
|
@ -1,16 +0,0 @@
|
|||||||
WEBSERVER=.105
|
|
||||||
MUX=.100
|
|
||||||
TELECOM=.101
|
|
||||||
SWEBSOCKET_PORT=2005
|
|
||||||
WEBSOCKET_PORT=2205
|
|
||||||
RADIO_HOST=mux.radiokipik.org
|
|
||||||
MUX_SERVER_PORT=9005
|
|
||||||
TELECOM_SERVER_PORT=3495
|
|
||||||
SOUNDBASE_DIR=/data/mux.radiokipik.org/soundbase
|
|
||||||
OMA_DOCKER_VERSION=unstable
|
|
||||||
ICECAST=.110
|
|
||||||
SOUNDBASE_IP=10.99.99.7
|
|
||||||
SOUNDBASE_HOST=soundbase.radiokipik.org
|
|
||||||
COMPOSE_NAME=muxradiokipikorg
|
|
||||||
DOCKER_INSTANCES_PREFIX=muxradiokipikorg-
|
|
||||||
DOCKER_INSTANCES_SUFIX=-1
|
|
@ -1,6 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
mkdir -p "$SOUNDBASE_DIR/pige"
|
|
||||||
chown 10000:10000 "$SOUNDBASE_DIR/pige" -R
|
|
||||||
|
|
||||||
cat "$SECRET_DIR/registry_pass" | docker login --username "$registry_user" --password-stdin registry.gitlab.com
|
|
||||||
|
|
@ -1,11 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
if [ ! -e "$DATA_DIR/.env" ] ; then
|
|
||||||
cat > "$DATA_DIR/.env" <<EOF
|
|
||||||
ICECAST_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
|
||||||
ICECAST_ADMIN_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
|
||||||
ICECAST_RELAY_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
|
||||||
LIQUIDSOAP_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
|
|
||||||
EOF
|
|
||||||
fi
|
|
||||||
|
|
@ -1,140 +0,0 @@
|
|||||||
version: '3'
|
|
||||||
services:
|
|
||||||
ambre_mux:
|
|
||||||
image: registry.gitlab.com/omaradio/core/oma-mux:$OMA_DOCKER_VERSION
|
|
||||||
env_file:
|
|
||||||
- .env
|
|
||||||
- $DATA_DIR/.env
|
|
||||||
environment:
|
|
||||||
OMA_CONFIG_Client1Host: $NET$ICECAST
|
|
||||||
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
|
|
||||||
volumes:
|
|
||||||
- $SOUNDBASE_DIR/pige:/app/pige
|
|
||||||
ports:
|
|
||||||
- $MUX_SERVER_PORT:9000
|
|
||||||
depends_on:
|
|
||||||
- transcode
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET$MUX
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 100M
|
|
||||||
|
|
||||||
|
|
||||||
saphir_telecom_server:
|
|
||||||
image: registry.gitlab.com/omaradio/core/oma-telecom-server:$OMA_DOCKER_VERSION
|
|
||||||
env_file: .env
|
|
||||||
ports:
|
|
||||||
- $TELECOM_SERVER_PORT:3490
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET$TELECOM
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 100M
|
|
||||||
|
|
||||||
amarante_webserver:
|
|
||||||
image: registry.gitlab.com/omaradio/core/oma-webserver:$OMA_DOCKER_VERSION
|
|
||||||
env_file: .env
|
|
||||||
environment:
|
|
||||||
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
|
|
||||||
OMA_CONFIG_PigeTxtLoadFic: off
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- $SOUNDBASE_DIR:/soundbase
|
|
||||||
ports:
|
|
||||||
- $WEBSOCKET_PORT:9000
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET$WEBSERVER
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.5'
|
|
||||||
memory: 100M
|
|
||||||
|
|
||||||
transcode:
|
|
||||||
image: savonet/liquidsoap:v2.1.4
|
|
||||||
env_file:
|
|
||||||
- .env
|
|
||||||
- $DATA_DIR/.env
|
|
||||||
volumes:
|
|
||||||
- ./liquidsoap.liq:/transcode.liq
|
|
||||||
- $SOUNDBASE_DIR:/soundbase
|
|
||||||
command: /transcode.liq
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.108
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 300M
|
|
||||||
|
|
||||||
#radioking:
|
|
||||||
# image: jeancloud/liquidsoap:1.3.7
|
|
||||||
# env_file: .env
|
|
||||||
# volumes:
|
|
||||||
# - ./radioking.liq:/radioking.liq
|
|
||||||
# command: /radioking.liq
|
|
||||||
# restart: unless-stopped
|
|
||||||
# networks:
|
|
||||||
# default:
|
|
||||||
# ipv4_address: $NET.111
|
|
||||||
|
|
||||||
|
|
||||||
icecast:
|
|
||||||
image: infiniteproject/icecast
|
|
||||||
restart: unless-stopped
|
|
||||||
environment:
|
|
||||||
# echo -n "source:pass" | base64
|
|
||||||
ICECAST_ADMIN_USERNAME: admin
|
|
||||||
ICECAST_ADMIN_EMAIL: contact@oma-radio.fr
|
|
||||||
ICECAST_LOCATION: Rhône-Alpes
|
|
||||||
TZ: Europe/Paris
|
|
||||||
env_file: $DATA_DIR/.env
|
|
||||||
healthcheck:
|
|
||||||
test: "wget http://127.0.0.1:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://127.0.0.1:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'"
|
|
||||||
interval: 1h0m0s
|
|
||||||
timeout: 10s
|
|
||||||
retries: 3
|
|
||||||
start_period: 1m0s
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET$ICECAST
|
|
||||||
|
|
||||||
system_api:
|
|
||||||
image: jeancloud/system-api:$OMA_DOCKER_VERSION
|
|
||||||
env_file: .env
|
|
||||||
environment:
|
|
||||||
UID: 33
|
|
||||||
SOUNDBASE_PATH: /soundbase
|
|
||||||
MOUNT: /muxapi
|
|
||||||
CONFIG_PATH: /config
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
|
||||||
- $SOUNDBASE_DIR:/soundbase
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.107
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 500M
|
|
||||||
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipam:
|
|
||||||
config:
|
|
||||||
- subnet: $NET.0/24
|
|
@ -1,84 +0,0 @@
|
|||||||
#!/usr/bin/liquidsoap
|
|
||||||
|
|
||||||
# Extract timestamp from pige path
|
|
||||||
def ts_from_filepath (filepath)
|
|
||||||
splitpath = string.split(separator='/', filepath)
|
|
||||||
# Keep only filename
|
|
||||||
filename = list.nth(splitpath,list.length(splitpath)-1)
|
|
||||||
int_of_string(list.hd(string.split(separator='\\.', filename)))
|
|
||||||
end
|
|
||||||
|
|
||||||
# Remove pige from now-1month
|
|
||||||
def rm_pige(ts)
|
|
||||||
filepath = "/soundbase/pige/#{ts}.ogg"
|
|
||||||
if file.exists("#{filepath}") then
|
|
||||||
process.run("rm #{filepath}")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
# Check that the timestamp starts exactly on a minute
|
|
||||||
def integrity_check(ts)
|
|
||||||
if ts mod 60 != 0 then
|
|
||||||
print("#{ts} is to fix")
|
|
||||||
end
|
|
||||||
end
|
|
||||||
|
|
||||||
# Routine integrity check for each files
|
|
||||||
def clean_and_check (filepath)
|
|
||||||
ts = ts_from_filepath (filepath)
|
|
||||||
|
|
||||||
# Remove if old
|
|
||||||
if ( ts < int_of_float(time()) - 2678400 ) then
|
|
||||||
rm_pige(ts)
|
|
||||||
end
|
|
||||||
|
|
||||||
integrity_check (ts)
|
|
||||||
end
|
|
||||||
|
|
||||||
def clean_and_check_latest (filepath)
|
|
||||||
ts = ts_from_filepath (filepath)
|
|
||||||
rm_pige(ts - 2678400) # ts of one month sooner
|
|
||||||
integrity_check (ts)
|
|
||||||
|
|
||||||
end
|
|
||||||
|
|
||||||
# Exaustive integrity check
|
|
||||||
def clean_and_check_all ()
|
|
||||||
list.iter(clean_and_check, file.ls("/soundbase/pige/"))
|
|
||||||
end
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
# Mux
|
|
||||||
#input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
|
|
||||||
input1 = mksafe(input.http("http://icecast:8000/direct.ogg"))
|
|
||||||
|
|
||||||
# Direct mp3
|
|
||||||
# TODO faire du 44100 pour éviter les trous ?
|
|
||||||
output.icecast(
|
|
||||||
%mp3(bitrate=128, samplerate=22050, stereo=false),
|
|
||||||
mount="/direct.mp3",
|
|
||||||
#host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
|
||||||
host="icecast", port=8000, password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f",
|
|
||||||
input1)
|
|
||||||
|
|
||||||
# Radioking
|
|
||||||
#output.icecast(
|
|
||||||
# %mp3(bitrate=128, samplerate=22050, stereo=false),
|
|
||||||
# mount="/test355",
|
|
||||||
# host="live.radioking.com", port=80, user="", password="",
|
|
||||||
# input)
|
|
||||||
|
|
||||||
# Direct ogg
|
|
||||||
#output.icecast(
|
|
||||||
# %vorbis(samplerate=44100, channels=1, quality=0.2),
|
|
||||||
# mount="/direct.ogg",
|
|
||||||
# host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
|
|
||||||
# input1)
|
|
||||||
|
|
||||||
# Pige
|
|
||||||
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check_latest)
|
|
||||||
|
|
||||||
# Integrity checks
|
|
||||||
clean_and_check_all()
|
|
@ -1,104 +0,0 @@
|
|||||||
map $http_upgrade $connection_upgrade {
|
|
||||||
default upgrade;
|
|
||||||
'' close;
|
|
||||||
}
|
|
||||||
|
|
||||||
server{
|
|
||||||
listen $SWEBSOCKET_PORT ssl;
|
|
||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
|
|
||||||
proxy_set_header Host $host;
|
|
||||||
proxy_pass http://$NET$WEBSERVER:9000;
|
|
||||||
proxy_http_version 1.1;
|
|
||||||
proxy_set_header Upgrade $http_upgrade;
|
|
||||||
proxy_set_header Connection "upgrade";
|
|
||||||
proxy_read_timeout 120s;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 443 ssl;
|
|
||||||
listen [::]:443 ssl;
|
|
||||||
server_name $JC_SERVICE;
|
|
||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
|
||||||
|
|
||||||
location / {
|
|
||||||
proxy_pass http://$SOUNDBASE_IP/;
|
|
||||||
proxy_set_header Host '$SOUNDBASE_HOST';
|
|
||||||
proxy_redirect http://$SOUNDBASE_HOST https://$JC_SERVICE;
|
|
||||||
# kill cache
|
|
||||||
add_header Last-Modified $date_gmt;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
if_modified_since off;
|
|
||||||
expires off;
|
|
||||||
etag off;
|
|
||||||
# wait
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_connect_timeout 6000;
|
|
||||||
proxy_send_timeout 60000;
|
|
||||||
proxy_read_timeout 6000;
|
|
||||||
send_timeout 6000;
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
location /pige {
|
|
||||||
alias "$SOUNDBASE_DIR/pige";
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
location /direct.ogg {
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_pass http://$NET$ICECAST:8000/direct.ogg;
|
|
||||||
# kill cache
|
|
||||||
add_header Last-Modified $date_gmt;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
if_modified_since off;
|
|
||||||
expires off;
|
|
||||||
etag off;
|
|
||||||
}
|
|
||||||
location /direct.mp3 {
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_pass http://$NET$ICECAST:8000/direct.mp3;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
}
|
|
||||||
location /style.css {
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_pass http://$NET$ICECAST:8000/style.css;
|
|
||||||
}
|
|
||||||
location /status.xsl {
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_pass http://$NET$ICECAST:8000/status.xsl;
|
|
||||||
# kill cache
|
|
||||||
add_header Last-Modified $date_gmt;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
if_modified_since off;
|
|
||||||
expires off;
|
|
||||||
etag off;
|
|
||||||
}
|
|
||||||
|
|
||||||
|
|
||||||
location ~ /muxapi(/.*) {
|
|
||||||
auth_basic "Entrez votre identifiant et mot de passe";
|
|
||||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
|
||||||
include uwsgi_params;
|
|
||||||
uwsgi_param PATH_INFO "$1";
|
|
||||||
uwsgi_param SCRIPT_NAME /muxapi;
|
|
||||||
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_connect_timeout 6000;
|
|
||||||
proxy_send_timeout 60000;
|
|
||||||
proxy_read_timeout 6000;
|
|
||||||
send_timeout 6000;
|
|
||||||
# kill cache
|
|
||||||
add_header Last-Modified $date_gmt;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
if_modified_since off;
|
|
||||||
expires off;
|
|
||||||
etag off;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,38 +0,0 @@
|
|||||||
-----BEGIN OPENSSH PRIVATE KEY-----
|
|
||||||
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
|
|
||||||
NhAAAAAwEAAQAAAYEAuKyZzOALRAFq487PSFdSilaUN6wTacncP5XDlVwWr2QBOMPWpOyf
|
|
||||||
DzdhxIGx2ZBofgDE/47bClZR4SvFr6+2Sj5a5fAhOGeBAS2Z/Je7pL5Ar+nvIBNFG5bwv/
|
|
||||||
qEgkfWEjuzjDoEVoY7f6RMrOOnTpZS1F32Y3UB0WiH5FgOwjKWb47q8kxUDSQd0sdZNNKL
|
|
||||||
d7/RWGplNSLtloC87C8YC0Wxi3wHgssgRCw7xD2cpm6zwRh1lvLbk0a0zhZXTOcsR+lBwe
|
|
||||||
fEF4eziZDCrKpYwaPdSjIuP6+dctO+1BTSK0KnvuMftTwfLwInZtn9kxa+oTsMRV27oxyO
|
|
||||||
MiVnx5Gfahh2OQtI299Zm19Lu3ARSzJL0CQc4oDmf9Yhi3SoHwXCMNdyEwRk55iO5b6oA1
|
|
||||||
wilUAe2K+YHuG5eNtLu1UvpREGhN4AqYVYW+TqIdRLNr2PTuMW3GyQlCHxIFfBcKPoVNuY
|
|
||||||
B+sBwhva3IQG+EEwY3ZkqU80J5NXmj36epBe+yxhAAAFkFBSLaVQUi2lAAAAB3NzaC1yc2
|
|
||||||
EAAAGBALismczgC0QBauPOz0hXUopWlDesE2nJ3D+Vw5VcFq9kATjD1qTsnw83YcSBsdmQ
|
|
||||||
aH4AxP+O2wpWUeErxa+vtko+WuXwIThngQEtmfyXu6S+QK/p7yATRRuW8L/6hIJH1hI7s4
|
|
||||||
w6BFaGO3+kTKzjp06WUtRd9mN1AdFoh+RYDsIylm+O6vJMVA0kHdLHWTTSi3e/0VhqZTUi
|
|
||||||
7ZaAvOwvGAtFsYt8B4LLIEQsO8Q9nKZus8EYdZby25NGtM4WV0znLEfpQcHnxBeHs4mQwq
|
|
||||||
yqWMGj3UoyLj+vnXLTvtQU0itCp77jH7U8Hy8CJ2bZ/ZMWvqE7DEVdu6McjjIlZ8eRn2oY
|
|
||||||
djkLSNvfWZtfS7twEUsyS9AkHOKA5n/WIYt0qB8FwjDXchMEZOeYjuW+qANcIpVAHtivmB
|
|
||||||
7huXjbS7tVL6URBoTeAKmFWFvk6iHUSza9j07jFtxskJQh8SBXwXCj6FTbmAfrAcIb2tyE
|
|
||||||
BvhBMGN2ZKlPNCeTV5o9+nqQXvssYQAAAAMBAAEAAAGAATuMD1Mjknsg53VGo4lSaWZMpg
|
|
||||||
h6av1Jbald/6iZthZin6DVXsxl4rgrhcFghSAQYi9ckwawYqiEuZLuWVrAt5h5zVKvOe5H
|
|
||||||
9oARleGEt8FaJLJwj9/uFrpnwdCScnmR8B6pVgnONMFEbBB5nitaTXfi6EYTBStUOSEXgC
|
|
||||||
SmsNzyzEkeDABM0/wSCtCAz665VWYT5XaH48W80QFnFF8UUel1mVYp1R1ptNAdEJoVfShM
|
|
||||||
/7JB5L3T+BAbZpMJMTU65Vgq2QfG1QUd+R9c73Z0J17VaZJivOqzoY+BsvcEwjWn7gxOjx
|
|
||||||
0PYkaZSLiqY6GT6oU5TWNgzIS8F/2ORrMgaxWOKDLBFt2vgQiwf/2T1E8m1jmmPvEeOJ70
|
|
||||||
gmJIk9CKAM0UX2HAYM+il0Na4lOpIKggA6QLszsEWjBkdrHjZPL9HeLRMz1vnFAWCoekPN
|
|
||||||
jemZGhk6mEj6qMRuoDZ/6UWYcMhv64SFX/93YTF5QozbFoMYct1tfE03c9QEX+dV/3AAAA
|
|
||||||
wQDtsDjhtps2NWP8H5V2MY+cQoE16T8abQjxCCo7nX3vfB2+lxg9wyRx1PdtySDnSNgpG+
|
|
||||||
pYjGFUzDlNxCVOqY9+aOA31mzfVn6EH4mG3q6/TL3/QN1ILnLbs4lyNLG4KWP1wT5MocHt
|
|
||||||
PAzWWL2O1j2Y8B/zYZZDdirx+D/0gnZmEghzq4KwIj+zj+ILRFKuM07WD73mNvyzfwuaTb
|
|
||||||
hhV75hEtMcLO6EgjX1NUlsIeZvK5Xht3cta62XFpsXAUY4u0EAAADBAPOxezplUkaxdmnR
|
|
||||||
CVduC7pcDweexJyVJtg753kde65IIizPSxB0QNwA4gqc2Us5PjxfS4tetsupOxRZD+ER0S
|
|
||||||
fEpX7rTedqFdukb8h7QDE6yVOD7C14vVC/kThPu9LI21itp03BFZUw1/FRRMK/xur51Ahj
|
|
||||||
g5F83+CkgQsVmwEo8cZ0b+io76FlXa4OGBUQnVE+mf6TZ+PbMT2zFJ5KAlZ54KxPZJAQOR
|
|
||||||
VJwaND0N6YQLaAkDZEnTJG3KTHyAFt4wAAAMEAwgAbwCPg4aeFXptJLUbBmDB9mGkHZkjM
|
|
||||||
p4SVC2iPSSMahnu8L5vCk/SOQJlv13mJ1JcZ/HplPUugB9cL+9SsLkr7c/r2otnch/x2WP
|
|
||||||
tF7zN6AgECs4/MWSenlxlvmD2HU6TtXaKQHfmP9HK4cIf0m1rTz4OpuZJlbDXNh/QNyzU3
|
|
||||||
8UUAns4EaLLSM5rgSz2pPXYU6XnfSOVGZNotmla/xWbPd8sSrWCFV0VC/O0cBVMJ20QlUo
|
|
||||||
vR0cIiNMZDyQ/rAAAAGHJvb3RAcmFrdS5qZWFuLWNsb3VkLm9yZwEC
|
|
||||||
-----END OPENSSH PRIVATE KEY-----
|
|
@ -1,4 +0,0 @@
|
|||||||
key "letsencrypt.key" {
|
|
||||||
algorithm hmac-sha256;
|
|
||||||
secret "d2q77gecXwNQdzJb3tnE5IUGXY7/r0LL3hj+GG2/iTo=";
|
|
||||||
};
|
|
@ -21,7 +21,7 @@ prepare () {
|
|||||||
fi
|
fi
|
||||||
|
|
||||||
echo 'Sync the git repo'
|
echo 'Sync the git repo'
|
||||||
run sudo -u bind git_update.sh -r main -o "-i $DATA_DIR/gitkey" -d "$debian_bind_confdir" 'ssh://git@git.jean-cloud.net:22529/adrian/dnszones.git'
|
run sudo -u bind git_update.sh -N -b main -i "$DATA_DIR/gitkey" -d "$debian_bind_confdir" 'ssh://git@git.jean-cloud.net:22529/adrian/dnszones.git'
|
||||||
cd /etc/bind
|
cd /etc/bind
|
||||||
|
|
||||||
|
|
||||||
|
@ -89,7 +89,6 @@ services:
|
|||||||
|
|
||||||
collabora:
|
collabora:
|
||||||
image: collabora/code
|
image: collabora/code
|
||||||
privileged: true
|
|
||||||
environment:
|
environment:
|
||||||
- "dictionaries=fr"
|
- "dictionaries=fr"
|
||||||
- "server_name=office.nuage.jean-cloud.net"
|
- "server_name=office.nuage.jean-cloud.net"
|
||||||
|
@ -1,6 +0,0 @@
|
|||||||
GIT_SOURCE_REPO="https://gitlab.com/omaradio/website"
|
|
||||||
GIT_SOURCE_BRANCH=dev
|
|
||||||
RADIO_HOST=mux.paj.oma-radio.fr
|
|
||||||
USE_SSL=true
|
|
||||||
WEBSOCKET_PORT=2002
|
|
||||||
RADIO_NAME_PRETTY="Paj Radio"
|
|
@ -1,2 +0,0 @@
|
|||||||
gitlab.com ssh-dss AAAAB3NzaC1kc3MAAACBAMPKInNPflcRle9F5Qt2j9aI0EZuWQzdXTbYvsl+ChaacqCOWRMiOmXHXqetFz6jD/6Fcqg20ZATxqSskQBaRn97O/mbH+GQk4d3zw9WAEURicE8rKJop3qGtdfFxLzrTuF/PAkKRDMmutT3hwZIOO8CFWOl1BiuUYTncJTeonrfAAAAFQCujauoy3Yy+ul72b/WsTECUPj9yQAAAIBIV2yyF7RZf7IYS8tsWcKP7Y5Bv9eFdbvbtsaxcFCHcmHIGoJQrIdPoueoOb5EUTYz0NgYKsKaZzDZkgFk28GsmLxKvhnPjaw0lJVSKRchEE5xVlamOlabiRMjQ7X/bAdejkBJe96AjZZL3UO4acpwfy3Tnnap0w6YCDeaxoyHpwAAAIAU+dyNaL3Hy15VIV32QwWMekvxeptUY/DW03LNcgZZDoin87TE9xuQhM0qF3pi2i2a2ExuslgdttmYWvrbEz8eW+RFgvT5pKwWpalKWetHvtN3oYZP37ZIO1Y3Hd5A4YVcpYp1ccRayveLlCRwxb4HdGXT2OmYU+lmvimIR8zQ6A==
|
|
||||||
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9
|
|
@ -1,19 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
# Si le site a déjà été build par le passé, curl termine l’exécution du script en cas d’absence sur serveur corps.
|
|
||||||
[ -f "$HTTP_DIR/public/index.html" ] && { curl --head --fail-with-body $RADIO_HOST/fic/_series-_index.fic || exit 0 ; } >/dev/null
|
|
||||||
|
|
||||||
# Update git repo
|
|
||||||
git_update.sh -d "$HTTP_DIR" -o "-i $SECRET_DIR/gitlab-deploy.sshprivkey" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
|
||||||
|
|
||||||
cd "$HTTP_DIR"
|
|
||||||
|
|
||||||
# Get remote content files
|
|
||||||
#rclone_ncloud_publiclink.sh
|
|
||||||
|
|
||||||
# Invalid cache
|
|
||||||
rm -rf "/tmp/hugo_cache_$USER"
|
|
||||||
|
|
||||||
# Build website
|
|
||||||
HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo
|
|
@ -1,32 +0,0 @@
|
|||||||
server {
|
|
||||||
listen 443 ssl http2;
|
|
||||||
listen [::]:443 ssl http2;
|
|
||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
|
||||||
server_name $JC_SERVICE www.$JC_SERVICE;
|
|
||||||
root $HTTP_DIR/public/;
|
|
||||||
|
|
||||||
# Security headers
|
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
|
||||||
#add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self' 'https://static.jean-cloud.net/player-interface/*' ; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self' 'https://static.jean-cloud.net/player-interface/*' 'https://cdn.jsdelivr.net/npm/*'; base-uri 'self'; form-action 'self';" always;
|
|
||||||
add_header X-Content-Type-Options "nosniff";
|
|
||||||
add_header X-Frame-Options SAMEORIGIN always;
|
|
||||||
add_header X-XSS-Protection "1; mode=block" always;
|
|
||||||
add_header Referrer-Policy "strict-origin-when-cross-origin";
|
|
||||||
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
|
|
||||||
|
|
||||||
location / {
|
|
||||||
index index.html;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /manager {
|
|
||||||
return 301 $scheme://mux.$JC_SERVICE/manager;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /buildscript/ {
|
|
||||||
include /etc/nginx/fastcgi_params;
|
|
||||||
fastcgi_param SCRIPT_FILENAME $DOCKER_DIR/server.sh;
|
|
||||||
fastcgi_pass unix:/var/run/fcgiwrap.socket;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,10 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
echo "Content-type: text/html"
|
|
||||||
echo ""
|
|
||||||
|
|
||||||
. .env
|
|
||||||
|
|
||||||
echo '<pre>'
|
|
||||||
deploy_as "$JC_SERVICE"
|
|
||||||
echo '</pre>'
|
|
@ -2,7 +2,7 @@
|
|||||||
set -euo pipefail
|
set -euo pipefail
|
||||||
|
|
||||||
# Update git repo
|
# Update git repo
|
||||||
git_update.sh -r "${GIT_BRANCH:main}" -d "$HTTP_DIR" "$GIT_SOURCE_REPO"
|
git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO"
|
||||||
|
|
||||||
cd "$HTTP_DIR"
|
cd "$HTTP_DIR"
|
||||||
|
|
||||||
|
@ -2,4 +2,3 @@ GIT_SOURCE_REPO="git@gitlab.com:omaradio/website.git"
|
|||||||
RADIO_HOST=mux.radiodemo.oma-radio.fr
|
RADIO_HOST=mux.radiodemo.oma-radio.fr
|
||||||
USE_SSL=true
|
USE_SSL=true
|
||||||
WEBSOCKET_PORT=2004
|
WEBSOCKET_PORT=2004
|
||||||
VUE_APP_PUBLIC_WEBSITE=radiodemo.oma-radio.fr
|
|
||||||
|
@ -1,16 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
set -euo pipefail
|
|
||||||
|
|
||||||
# Si le site a déjà été build par le passé, curl termine l’exécution du script en cas d’absence sur serveur corps.
|
|
||||||
[ -f "$HTTP_DIR/public/index.html" ] && { curl -iI https://$RADIO_HOST/fic/_series-_index.fic >/dev/null || exit 0 ; }
|
|
||||||
|
|
||||||
# Update git repo
|
|
||||||
git_update.sh -d "$HTTP_DIR" -o "-i $SECRET_DIR/gitlab-deploy.sshprivkey" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
|
|
||||||
|
|
||||||
cd "$HTTP_DIR"
|
|
||||||
|
|
||||||
# Invalid cache
|
|
||||||
rm -rf "/tmp/hugo_cache_$USER"
|
|
||||||
|
|
||||||
# Build website
|
|
||||||
HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo
|
|
1
services/radiodemo.oma-radio.fr/deploy_user.sh
Symbolic link
1
services/radiodemo.oma-radio.fr/deploy_user.sh
Symbolic link
@ -0,0 +1 @@
|
|||||||
|
../hugo/deploy_user.sh
|
@ -1,5 +1,4 @@
|
|||||||
GIT_SOURCE_REPO="git@gitlab.com:omaradio/website.git"
|
GIT_SOURCE_REPO="git@gitlab.com:omaradio/website.git"
|
||||||
RADIO_HOST=mux.radiokipik.org
|
RADIO_HOST=mux.radiodemo.oma-radio.fr
|
||||||
USE_SSL=true
|
USE_SSL=true
|
||||||
WEBSOCKET_PORT=2005
|
WEBSOCKET_PORT=2004
|
||||||
RADIO_NAME_PRETTY="Radio Kipik"
|
|
||||||
|
@ -4,7 +4,7 @@ server {
|
|||||||
ssl_certificate $JC_CERT/fullchain.pem;
|
ssl_certificate $JC_CERT/fullchain.pem;
|
||||||
ssl_certificate_key $JC_CERT/privkey.pem;
|
ssl_certificate_key $JC_CERT/privkey.pem;
|
||||||
server_name $JC_SERVICE www.$JC_SERVICE;
|
server_name $JC_SERVICE www.$JC_SERVICE;
|
||||||
root $HTTP_DIR/public;
|
root $HTTP_DIR/;
|
||||||
|
|
||||||
# Security headers
|
# Security headers
|
||||||
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
|
||||||
|
@ -1,7 +0,0 @@
|
|||||||
id;nom;lieu;fai;note;wg_pubkey;ip;ip;ip;ip;ip
|
|
||||||
3;max;"Montpellier";red/sfr;"Chez Elisa";wTU3G3tutx2NIBlDDdBQhSnPFmkE5TM8aqcn1gdACF8=;2a02:8434:66e2:e301:a2b3:ccff:fe85:af97;;;
|
|
||||||
4;raku;"Le bessat";red/sfr;"Chez axel et louise";xEKLecqKmr7+VWhi9+LvfYNflVfkkMEe7DXHFDaiqBk=;92.92.34.140;;;
|
|
||||||
6;jeanPinion;"Alençon";;"Librairie de Centime";+goHQ6dBoqrjkPtru9Y1QeSChXNIuUpnv0xnh23jYRs=;
|
|
||||||
7;montbonnot;"Marseille";;"Géré par Nico";S1jpvHJRr2yFh4OB9hLk+zXUNXAycOewNqouoO2Zky4=;
|
|
||||||
8;jeanCheri;"Lyon";;"Épicerie ACTR";5+j+wcrQQAnR8thBRqdoKsamNog0pMZeJG2AONs5OD0=;
|
|
||||||
9;izzo;"Hostinger";"Hostinger";"Serveur hébergé principal";8ulBTjnjbo/dD8pPumpz07TUbDTofZ46+oTdkBb2JWE=;89.116.110.62;2a02:4780:28:a254::1;
|
|
Can't render this file because it has a wrong number of fields in line 2.
|
@ -26,10 +26,10 @@
|
|||||||
29;nuage.jean-cloud.net;nuage.jean-cloud.net;izzo.jean-cloud.org
|
29;nuage.jean-cloud.net;nuage.jean-cloud.net;izzo.jean-cloud.org
|
||||||
30;oma-radio.fr;oma-radio.fr;izzo.jean-cloud.org
|
30;oma-radio.fr;oma-radio.fr;izzo.jean-cloud.org
|
||||||
31;pa1.studios.oma-radio.fr;pa1.studios.oma-radio.fr;tetede.jean-cloud.org
|
31;pa1.studios.oma-radio.fr;pa1.studios.oma-radio.fr;tetede.jean-cloud.org
|
||||||
32;paj.oma-radio.fr;paj.oma-radio.fr;izzo.jean-cloud.org
|
32;paj.oma-radio.fr;paj.oma-radio.fr;nougaro.jean-cloud.org
|
||||||
33;quadrille-elsa.jean-cloud.net;quadrille-elsa.jean-cloud.net;shlago.jean-cloud.org
|
33;quadrille-elsa.jean-cloud.net;quadrille-elsa.jean-cloud.net;shlago.jean-cloud.org
|
||||||
34;radiodemo.oma-radio.fr;radiodemo.oma-radio.fr;raku.jean-cloud.org
|
34;radiodemo.oma-radio.fr;radiodemo.oma-radio.fr;raku.jean-cloud.org
|
||||||
35;radionimaitre.oma-radio.fr;radionimaitre.oma-radio.fr;izzo.jean-cloud.org
|
35;radionimaitre.oma-radio.fr;radionimaitre.oma-radio.fr;tetede.jean-cloud.org
|
||||||
36;raplacgr.jean-cloud.net;raplacgr.jean-cloud.net;izzo.jean-cloud.org
|
36;raplacgr.jean-cloud.net;raplacgr.jean-cloud.net;izzo.jean-cloud.org
|
||||||
37;rimarima.fr;rimarima.fr;raku.jean-cloud.org
|
37;rimarima.fr;rimarima.fr;raku.jean-cloud.org
|
||||||
38;rpnow.jean-cloud.net;rpnow.jean-cloud.net;izzo.jean-cloud.org
|
38;rpnow.jean-cloud.net;rpnow.jean-cloud.net;izzo.jean-cloud.org
|
||||||
@ -37,7 +37,7 @@
|
|||||||
40;static.jean-cloud.net;static.jean-cloud.net;izzo.jean-cloud.org
|
40;static.jean-cloud.net;static.jean-cloud.net;izzo.jean-cloud.org
|
||||||
41;velov.jean-cloud.net;velov.jean-cloud.net;shlago.jean-cloud.org
|
41;velov.jean-cloud.net;velov.jean-cloud.net;shlago.jean-cloud.org
|
||||||
42;wiki-cgr.jean-cloud.net;wiki-cgr.jean-cloud.net;izzo.jean-cloud.org
|
42;wiki-cgr.jean-cloud.net;wiki-cgr.jean-cloud.net;izzo.jean-cloud.org
|
||||||
43;radio.karnaval.fr;radio.karnaval.fr;izzo.jean-cloud.org
|
43;radio.karnaval.fr;radio.karnaval.fr;tetede.jean-cloud.org
|
||||||
44;wordpress.abc.jean-cloud.net;wordpress.abc.jean-cloud.net;raku.jean-cloud.org
|
44;wordpress.abc.jean-cloud.net;wordpress.abc.jean-cloud.net;raku.jean-cloud.org
|
||||||
45;jean-cloud.org;jean-cloud.org;shlago.jean-cloud.org
|
45;jean-cloud.org;jean-cloud.org;shlago.jean-cloud.org
|
||||||
46;soundbase.paj.oma-radio.fr;soundbase.paj.oma-radio.fr;montbonnot.jean-cloud.org
|
46;soundbase.paj.oma-radio.fr;soundbase.paj.oma-radio.fr;montbonnot.jean-cloud.org
|
||||||
@ -55,6 +55,3 @@
|
|||||||
60;soundbase.radiokipik.org;soundbase.radiokipik.org;montbonnot.jean-cloud.org
|
60;soundbase.radiokipik.org;soundbase.radiokipik.org;montbonnot.jean-cloud.org
|
||||||
61;radiokipik.org;radiokipik.org;izzo.jean-cloud.org
|
61;radiokipik.org;radiokipik.org;izzo.jean-cloud.org
|
||||||
62;mux.radiokipik.org;mux.radiokipik.org;izzo.jean-cloud.org
|
62;mux.radiokipik.org;mux.radiokipik.org;izzo.jean-cloud.org
|
||||||
63;collectif-karafon.fr;collectif-karafon.fr;izzo.jean-cloud.org
|
|
||||||
64;mux.radionimaitre.oma;mux.radionimaitre.oma-radio.fr;raku.jean-cloud.org
|
|
||||||
65;mux.paj.oma-radio.fr;mux.paj.oma-radio.fr;izzo.jean-cloud.org
|
|
||||||
|
|
@ -1,25 +0,0 @@
|
|||||||
TELECOM=.101
|
|
||||||
ICECAST=.110
|
|
||||||
WEBSERVER=.105
|
|
||||||
SYSTEM_API=.107
|
|
||||||
TZ=Europe/Paris
|
|
||||||
OMA_DOCKER_VERSION=dev
|
|
||||||
WEBSOCKET_PORT=2002
|
|
||||||
TELECOM_SERVER_PORT=3492
|
|
||||||
OMA_CONFIG_TelecommandeHost=mux.paj.oma-radio.fr
|
|
||||||
OMA_CONFIG_TelecommandePort=3492
|
|
||||||
MUX_SERVER_PORT=9002
|
|
||||||
RADIO_NAME_SIMPLE=paj
|
|
||||||
OMA_CONFIG_NomRadio=paj
|
|
||||||
OMA_CONFIG_LogLevel=8
|
|
||||||
RADIO_NAME_PRETTY="Radio Démo"
|
|
||||||
COMPOSE_NAME=soundbasepajoma-radiofr
|
|
||||||
DOCKER_INSTANCES_PREFIX=soundbasepajoma-radiofr-
|
|
||||||
DOCKER_INSTANCES_SUFIX=-1
|
|
||||||
SOUNDBASE_DIR=/data/soundbase.paj.oma-radio.fr/
|
|
||||||
USE_SSL=true
|
|
||||||
MANAGER_WEBSITE_UPSTREAM=https://static.oma-radio.fr/single-manager/1.1.1
|
|
||||||
RADIO_HOST=mux.paj.oma-radio.fr
|
|
||||||
WG_NAME_interco=paj
|
|
||||||
WG_NET=10.29.65
|
|
||||||
WG_PORT=55002
|
|
@ -1,6 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
git_update.sh -r $OMA_DOCKER_VERSION -d "$HTTP_DIR/manager" https://gitlab.com/omaradio/single-manager.git
|
|
||||||
cd "$HTTP_DIR/manager"
|
|
||||||
npm install
|
|
||||||
npm run build
|
|
@ -1,137 +0,0 @@
|
|||||||
version: '3'
|
|
||||||
services:
|
|
||||||
anthracite_jukebox:
|
|
||||||
image: registry.gitlab.com/omaradio/core/oma-jukebox:$OMA_DOCKER_VERSION
|
|
||||||
env_file: .env
|
|
||||||
environment:
|
|
||||||
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
|
||||||
OMA_CONFIG_TelecommandePort: $TELECOM_SERVER_PORT
|
|
||||||
OMA_CONFIG_Client1Host: $RADIO_HOST
|
|
||||||
OMA_CONFIG_Client1Port: $MUX_SERVER_PORT
|
|
||||||
volumes:
|
|
||||||
- $DATA_DIR:/app/soundBase
|
|
||||||
- $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.102
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 100M
|
|
||||||
|
|
||||||
azurite_jukebox_simulator:
|
|
||||||
image: registry.gitlab.com/omaradio/core/oma-jukebox-simulator:$OMA_DOCKER_VERSION
|
|
||||||
env_file: .env
|
|
||||||
environment:
|
|
||||||
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
|
||||||
volumes:
|
|
||||||
- $DATA_DIR:/app/soundBase
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.103
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 100M
|
|
||||||
|
|
||||||
# aventurine_transcode:
|
|
||||||
# image: jeancloud/transcode:$OMA_DOCKER_VERSION
|
|
||||||
# env_file: .env
|
|
||||||
# restart: unless-stopped
|
|
||||||
|
|
||||||
|
|
||||||
agate_importer:
|
|
||||||
image: registry.gitlab.com/omaradio/core/oma-baseimport:$OMA_DOCKER_VERSION
|
|
||||||
env_file: .env
|
|
||||||
environment:
|
|
||||||
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
|
||||||
volumes:
|
|
||||||
- $DATA_DIR:/app/soundBase
|
|
||||||
restart: unless-stopped
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.104
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 1000M
|
|
||||||
|
|
||||||
|
|
||||||
rubis_base_mg:
|
|
||||||
image: registry.gitlab.com/omaradio/core/oma-base-mg:$OMA_DOCKER_VERSION
|
|
||||||
env_file: .env
|
|
||||||
environment:
|
|
||||||
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- $DATA_DIR:/soundbase
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.106
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 100M
|
|
||||||
|
|
||||||
|
|
||||||
system_api:
|
|
||||||
image: jeancloud/system-api:dev
|
|
||||||
env_file: .env
|
|
||||||
environment:
|
|
||||||
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
|
|
||||||
UID: 33
|
|
||||||
SOUNDBASE_PATH: /soundbase
|
|
||||||
MOUNT: /api
|
|
||||||
CONFIG_PATH: /config
|
|
||||||
restart: unless-stopped
|
|
||||||
volumes:
|
|
||||||
- /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi
|
|
||||||
- /var/run/docker.sock:/var/run/docker.sock
|
|
||||||
- $DATA_DIR:/soundbase
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipv4_address: $NET.107
|
|
||||||
deploy:
|
|
||||||
resources:
|
|
||||||
limits:
|
|
||||||
cpus: '0.50'
|
|
||||||
memory: 500M
|
|
||||||
|
|
||||||
|
|
||||||
#ammolite_mp3_addon:
|
|
||||||
# image: jeancloud/mp3addon:$OMA_DOCKER_VERSION
|
|
||||||
# env_file: .env
|
|
||||||
# environment:
|
|
||||||
# OMA_CONFIG_TelecommandeHost: $NET.101
|
|
||||||
# OMA_CONFIG_PigePrefix: /opt
|
|
||||||
# restart: unless-stopped
|
|
||||||
# volumes:
|
|
||||||
# - $DATA_DIR:/app/soundbase
|
|
||||||
# networks:
|
|
||||||
# default:
|
|
||||||
# ipv4_address: $NET.109
|
|
||||||
# deploy:
|
|
||||||
# resources:
|
|
||||||
# limits:
|
|
||||||
# cpus: '0.05'
|
|
||||||
|
|
||||||
# doxy:
|
|
||||||
# image: qnib/doxy
|
|
||||||
# volumes:
|
|
||||||
# - /tmp/radiodemo.oma-radio.fr/doxy:/tmp/doxy
|
|
||||||
# - /data/radiodemo.oma-radio.fr/doxy.pattern:/etc/doxy.pattern
|
|
||||||
# - /var/run/docker.sock:/var/run/docker.sock
|
|
||||||
# environment:
|
|
||||||
# DOXY_PROXY_SOCKET: /tmp/doxy/doxy.sock
|
|
||||||
|
|
||||||
networks:
|
|
||||||
default:
|
|
||||||
ipam:
|
|
||||||
config:
|
|
||||||
- subnet: $NET.0/24
|
|
@ -1,119 +0,0 @@
|
|||||||
# Parameters:
|
|
||||||
# radio name
|
|
||||||
# file path
|
|
||||||
# ws port (local)
|
|
||||||
# wss port (open)
|
|
||||||
# upload service port
|
|
||||||
# ssl certs location
|
|
||||||
|
|
||||||
# TODO
|
|
||||||
# /speedtest-down returns random data
|
|
||||||
# can use : openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero > randomfile.bin
|
|
||||||
# /speedtest-up just eat everything it can
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
server {
|
|
||||||
listen 80;
|
|
||||||
listen [::]:80;
|
|
||||||
server_name $JC_SERVICE;
|
|
||||||
|
|
||||||
root $HTTP_DIR/manager/dist;
|
|
||||||
index index.html;
|
|
||||||
|
|
||||||
location ~ /api(/.*) {
|
|
||||||
auth_basic "Entrez votre identifiant et mot de passe";
|
|
||||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
|
||||||
include uwsgi_params;
|
|
||||||
uwsgi_param PATH_INFO "$1";
|
|
||||||
uwsgi_param SCRIPT_NAME /api;
|
|
||||||
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
|
|
||||||
client_max_body_size 0;
|
|
||||||
proxy_connect_timeout 6000;
|
|
||||||
proxy_send_timeout 60000;
|
|
||||||
proxy_read_timeout 6000;
|
|
||||||
send_timeout 6000;
|
|
||||||
# kill cache
|
|
||||||
add_header Last-Modified $date_gmt;
|
|
||||||
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
|
|
||||||
if_modified_since off;
|
|
||||||
expires off;
|
|
||||||
etag off;
|
|
||||||
}
|
|
||||||
|
|
||||||
location /pige{
|
|
||||||
alias $SOUNDBASE_DIR/pige;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /png {
|
|
||||||
alias $SOUNDBASE_DIR/png;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /webpL {
|
|
||||||
alias $SOUNDBASE_DIR/webpL;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /webpH {
|
|
||||||
alias $SOUNDBASE_DIR/webpH;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /ogg {
|
|
||||||
alias $SOUNDBASE_DIR/ogg;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /txt {
|
|
||||||
alias $SOUNDBASE_DIR/txt;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /wavM {
|
|
||||||
auth_basic "Entrez votre identifiant et mot de passe";
|
|
||||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
|
||||||
alias $SOUNDBASE_DIR/wavM;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /import {
|
|
||||||
auth_basic "Entrez votre identifiant et mot de passe";
|
|
||||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
|
||||||
alias $SOUNDBASE_DIR/import;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /export {
|
|
||||||
auth_basic "Entrez votre identifiant et mot de passe";
|
|
||||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
|
||||||
alias $SOUNDBASE_DIR/export;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /wav {
|
|
||||||
auth_basic "Entrez votre identifiant et mot de passe";
|
|
||||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
|
||||||
alias $SOUNDBASE_DIR/wav;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /fic {
|
|
||||||
add_header Cache-Control "must-revalidate, proxy-revalidate";
|
|
||||||
alias $SOUNDBASE_DIR/fic;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /prg {
|
|
||||||
auth_basic "Entrez votre identifiant et mot de passe";
|
|
||||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
|
||||||
alias $SOUNDBASE_DIR/prg;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
location /lst {
|
|
||||||
auth_basic "Entrez votre identifiant et mot de passe";
|
|
||||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
|
||||||
alias $SOUNDBASE_DIR/lst;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
|
|
||||||
# Admin interface
|
|
||||||
location /manager {
|
|
||||||
alias $HTTP_DIR/manager/dist;
|
|
||||||
auth_basic "Entrez votre identifiant et mot de passe";
|
|
||||||
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
|
|
||||||
try_files $uri $uri/ =404;
|
|
||||||
}
|
|
||||||
}
|
|
@ -1,11 +0,0 @@
|
|||||||
#!/bin/bash
|
|
||||||
|
|
||||||
if [ -d "$DATA_DIR/core" ] ; then
|
|
||||||
git_update.sh -r dev -o "-i $DATA_DIR/radiodemo-deploy" -d "$DATA_DIR/core" git@gitlab.com:omaradio/core.git
|
|
||||||
fi
|
|
||||||
|
|
||||||
git_update.sh -r dev -d "$HTTP_DIR/manager" git@gitlab.com:omaradio/single-manager.git
|
|
||||||
cd "$HTTP_DIR/manager"
|
|
||||||
npm install
|
|
||||||
npm run build
|
|
||||||
|
|
@ -11,8 +11,7 @@ services:
|
|||||||
OMA_CONFIG_Client2Port: 9003
|
OMA_CONFIG_Client2Port: 9003
|
||||||
volumes:
|
volumes:
|
||||||
- $SOUNDBASE_DIR:/app/soundBase
|
- $SOUNDBASE_DIR:/app/soundBase
|
||||||
- $SOUNDBASE_DIR/secours/JingleDemo-Secours.wavM:/app/secours/secours-jingle.wavM
|
- $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM
|
||||||
|
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
default:
|
default:
|
||||||
@ -20,7 +19,7 @@ services:
|
|||||||
deploy:
|
deploy:
|
||||||
resources:
|
resources:
|
||||||
limits:
|
limits:
|
||||||
cpus: '1'
|
cpus: '0.50'
|
||||||
memory: 100M
|
memory: 100M
|
||||||
|
|
||||||
azurite_jukebox_simulator:
|
azurite_jukebox_simulator:
|
||||||
@ -49,7 +48,6 @@ services:
|
|||||||
env_file: .env
|
env_file: .env
|
||||||
volumes:
|
volumes:
|
||||||
- $SOUNDBASE_DIR:/app/soundBase
|
- $SOUNDBASE_DIR:/app/soundBase
|
||||||
stop_grace_period: 1m30s
|
|
||||||
restart: unless-stopped
|
restart: unless-stopped
|
||||||
networks:
|
networks:
|
||||||
default:
|
default:
|
||||||
|
@ -92,7 +92,6 @@ server {
|
|||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
location /fic {
|
location /fic {
|
||||||
add_header Cache-Control 'must-revalidate, proxy-revalidate';
|
|
||||||
alias $SOUNDBASE_DIR/fic;
|
alias $SOUNDBASE_DIR/fic;
|
||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
@ -108,6 +107,10 @@ server {
|
|||||||
alias $SOUNDBASE_DIR/lst;
|
alias $SOUNDBASE_DIR/lst;
|
||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
|
location /statique {
|
||||||
|
alias $SOUNDBASE_DIR/statique;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
|
||||||
# Admin interface
|
# Admin interface
|
||||||
location /manager {
|
location /manager {
|
||||||
|
20
services/soundbase.radiodemo.oma-radio.fr/wg-radiodemo.sh
Executable file
20
services/soundbase.radiodemo.oma-radio.fr/wg-radiodemo.sh
Executable file
@ -0,0 +1,20 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
. .env
|
||||||
|
|
||||||
|
[ -f "$DATA_DIR/radiodemo-soundbase.wgkey" ] || { echo 'No privatekey found' >&2 && exit 1 ; }
|
||||||
|
|
||||||
|
echo "
|
||||||
|
[Interface]
|
||||||
|
PrivateKey = $(cat "$DATA_DIR/radiodemo-soundbase.wgkey")
|
||||||
|
Address = 10.29.0.1/32
|
||||||
|
ListenPort = 55820
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
PublicKey = iwIsUriF4CT/Jpu29VXlj43hT3bUjG67FeEgCTcQCVc=
|
||||||
|
AllowedIPs = 10.29.0.254/32
|
||||||
|
Endpoint = mux.radiodemo.oma-radio.fr:55820
|
||||||
|
PersistentKeepalive = 30
|
||||||
|
"
|
@ -4,20 +4,21 @@ ICECAST=.110
|
|||||||
WEBSERVER=.105
|
WEBSERVER=.105
|
||||||
SYSTEM_API=.107
|
SYSTEM_API=.107
|
||||||
TZ=Europe/Paris
|
TZ=Europe/Paris
|
||||||
OMA_DOCKER_VERSION=unstable
|
OMA_DOCKER_VERSION=dev
|
||||||
WEBSOCKET_PORT=2005
|
WEBSOCKET_PORT=2004
|
||||||
TELECOM_SERVER_PORT=3495
|
TELECOM_SERVER_PORT=3494
|
||||||
OMA_CONFIG_TelecommandeHost=mux.radiokipik.org
|
OMA_CONFIG_TelecommandeHost=mux.radiodemo.oma-radio.fr
|
||||||
OMA_CONFIG_TelecommandePort=3495
|
OMA_CONFIG_TelecommandePort=3494
|
||||||
MUX_SERVER_PORT=9005
|
MUX_SERVER_PORT=9004
|
||||||
RADIO_NAME_SIMPLE=radiokipik
|
RADIO_NAME_SIMPLE=radiodemo
|
||||||
OMA_CONFIG_NomRadio=radiokipik
|
OMA_CONFIG_NomRadio=radiodemo
|
||||||
RADIO_NAME_PRETTY="Radio Kipik"
|
OMA_CONFIG_LogLevel=8
|
||||||
COMPOSE_NAME=soundbaseradiokipikorg
|
RADIO_NAME_PRETTY="Radio Démo"
|
||||||
DOCKER_INSTANCES_PREFIX=soundbaseradiokipikorg-
|
COMPOSE_NAME=soundbaseradiodemooma-radiofr
|
||||||
|
DOCKER_INSTANCES_PREFIX=soundbaseradiodemooma-radiofr-
|
||||||
DOCKER_INSTANCES_SUFIX=-1
|
DOCKER_INSTANCES_SUFIX=-1
|
||||||
SOUNDBASE_DIR=/data/soundbase.radiokipik.org/soundbase/
|
SOUNDBASE_DIR=/data/soundbase.radiodemo.oma-radio.fr/core/radioDemo
|
||||||
USE_SSL=true
|
USE_SSL=true
|
||||||
MANAGER_VERSION=3.0.0
|
MANAGER_VERSION=3.0.0
|
||||||
PUBLIC_WEBSITE_UPSTREAM=https://static.oma-radio.fr/player-interface/1.1.1
|
PUBLIC_WEBSITE_UPSTREAM=https://static.oma-radio.fr/player-interface/1.1.1
|
||||||
RADIO_HOST=radiokipik.org
|
RADIO_HOST=radiodemo.oma-radio.fr
|
||||||
|
@ -1,3 +1,8 @@
|
|||||||
#!/bin/bash
|
#!/bin/bash
|
||||||
|
|
||||||
apt install -y nodejs npm
|
apt install -y nodejs npm
|
||||||
|
#docker run --rm -i -v /srv/http/soundbase.radiodemo.oma-radio.fr:/app node:alpine sh <<EOF
|
||||||
|
#cd /app
|
||||||
|
#npm install --production omaradio-web-manager@~$MANAGER_VERSION
|
||||||
|
#npm update
|
||||||
|
#EOF
|
||||||
|
@ -6,9 +6,10 @@
|
|||||||
|
|
||||||
chmod 700 "$SECRET_DIR/gitlab-deploy.sshprivkey"
|
chmod 700 "$SECRET_DIR/gitlab-deploy.sshprivkey"
|
||||||
mkdir -p "$HTTP_DIR/manager"
|
mkdir -p "$HTTP_DIR/manager"
|
||||||
git_update.sh -r 'v3.0' -o "-i $SECRET_DIR/gitlab-deploy.sshprivkey" -d "$HTTP_DIR/manager" git@gitlab.com:omaradio/single-manager.git
|
git_update.sh -b 'v3' -i "$SECRET_DIR/gitlab-deploy.sshprivkey" -d "$HTTP_DIR/manager" git@gitlab.com:omaradio/single-manager.git
|
||||||
cd "$HTTP_DIR/manager"
|
cd "$HTTP_DIR/manager"
|
||||||
npm install
|
npm install
|
||||||
|
#npm audit fix
|
||||||
npm run build
|
npm run build
|
||||||
|
|
||||||
|
|
||||||
|
@ -4,7 +4,7 @@ services:
|
|||||||
image: registry.gitlab.com/omaradio/core/oma-jukebox:$OMA_DOCKER_VERSION
|
image: registry.gitlab.com/omaradio/core/oma-jukebox:$OMA_DOCKER_VERSION
|
||||||
env_file: .env
|
env_file: .env
|
||||||
environment:
|
environment:
|
||||||
OMA_CONFIG_Client1Host: mux.radiokipik.org
|
OMA_CONFIG_Client1Host: mux.radiodemo.oma-radio.fr
|
||||||
OMA_CONFIG_Client1Port: $MUX_SERVER_PORT
|
OMA_CONFIG_Client1Port: $MUX_SERVER_PORT
|
||||||
OMA_CONFIG_Client2: off
|
OMA_CONFIG_Client2: off
|
||||||
OMA_CONFIG_Client2Host: radionimaitre.oma-radio.fr
|
OMA_CONFIG_Client2Host: radionimaitre.oma-radio.fr
|
||||||
@ -76,7 +76,7 @@ services:
|
|||||||
|
|
||||||
|
|
||||||
system_api:
|
system_api:
|
||||||
image: jeancloud/system-api:$OMA_DOCKER_VERSION
|
image: jeancloud/system-api:dev
|
||||||
env_file: .env
|
env_file: .env
|
||||||
environment:
|
environment:
|
||||||
UID: 33
|
UID: 33
|
||||||
@ -98,6 +98,30 @@ services:
|
|||||||
memory: 500M
|
memory: 500M
|
||||||
|
|
||||||
|
|
||||||
|
#ammolite_mp3_addon:
|
||||||
|
# image: jeancloud/mp3addon:$OMA_DOCKER_VERSION
|
||||||
|
# env_file: .env
|
||||||
|
# environment:
|
||||||
|
# OMA_CONFIG_PigePrefix: /opt
|
||||||
|
# restart: unless-stopped
|
||||||
|
# volumes:
|
||||||
|
# - $SOUNDBASE_DIR:/app/soundbase
|
||||||
|
# networks:
|
||||||
|
# default:
|
||||||
|
# ipv4_address: $NET.109
|
||||||
|
# deploy:
|
||||||
|
# resources:
|
||||||
|
# limits:
|
||||||
|
# cpus: '0.05'
|
||||||
|
|
||||||
|
# doxy:
|
||||||
|
# image: qnib/doxy
|
||||||
|
# volumes:
|
||||||
|
# - /tmp/radiodemo.oma-radio.fr/doxy:/tmp/doxy
|
||||||
|
# - /data/radiodemo.oma-radio.fr/doxy.pattern:/etc/doxy.pattern
|
||||||
|
# - /var/run/docker.sock:/var/run/docker.sock
|
||||||
|
# environment:
|
||||||
|
# DOXY_PROXY_SOCKET: /tmp/doxy/doxy.sock
|
||||||
|
|
||||||
networks:
|
networks:
|
||||||
default:
|
default:
|
||||||
|
@ -92,7 +92,6 @@ server {
|
|||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
location /fic {
|
location /fic {
|
||||||
add_header Cache-Control 'must-revalidate, proxy-revalidate';
|
|
||||||
alias $SOUNDBASE_DIR/fic;
|
alias $SOUNDBASE_DIR/fic;
|
||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
@ -108,6 +107,10 @@ server {
|
|||||||
alias $SOUNDBASE_DIR/lst;
|
alias $SOUNDBASE_DIR/lst;
|
||||||
try_files $uri $uri/ =404;
|
try_files $uri $uri/ =404;
|
||||||
}
|
}
|
||||||
|
location /statique {
|
||||||
|
alias $SOUNDBASE_DIR/statique;
|
||||||
|
try_files $uri $uri/ =404;
|
||||||
|
}
|
||||||
|
|
||||||
# Admin interface
|
# Admin interface
|
||||||
location /manager {
|
location /manager {
|
||||||
|
20
services/soundbase.radiokipik.org/wg-radiokipik.sh
Executable file
20
services/soundbase.radiokipik.org/wg-radiokipik.sh
Executable file
@ -0,0 +1,20 @@
|
|||||||
|
#!/bin/bash
|
||||||
|
|
||||||
|
set -euo pipefail
|
||||||
|
|
||||||
|
. .env
|
||||||
|
|
||||||
|
[ -f "$DATA_DIR/soundbase.wgkey" ] || { echo 'No privatekey found' >&2 && exit 1 ; }
|
||||||
|
|
||||||
|
echo "
|
||||||
|
[Interface]
|
||||||
|
PrivateKey = $(cat "$DATA_DIR/soundbase.wgkey")
|
||||||
|
Address = 10.29.60.1/32
|
||||||
|
ListenPort = 55860
|
||||||
|
|
||||||
|
[Peer]
|
||||||
|
PublicKey = 3ADrLVxzVqLHV530cT+paM+zNQBvm3KCW0voIN1wVBQ=
|
||||||
|
AllowedIPs = 10.29.60.254/32
|
||||||
|
Endpoint = mux.radiokipik.org:55825
|
||||||
|
PersistentKeepalive = 30
|
||||||
|
"
|
Loading…
Reference in New Issue
Block a user