Compare commits

..

1 Commits

Author SHA1 Message Date
eleonore12345
fca32d7f5c command wireguard utilisee par le serveur jc et non plus l'ordi installant 2024-06-20 10:15:44 +02:00
92 changed files with 364 additions and 2294 deletions

1
.gitignore vendored
View File

@ -1,4 +1,3 @@
installing/temporary_mount_point
installing/secrets
provisioning/roles/deploy_all/files/secrets
.~lock.*

View File

@ -285,7 +285,7 @@ section "Creating wireguard conf"
if [ -n "$wireguard_number" ] ; then
run cat >> "$mnt/etc/wireguard/jeancloud.conf" <<EOF
[Interface]
PrivateKey = $(wg genkey)
PrivateKey = $(chroot_run wg genkey)
ListenPort = 51812
Address = 10.98.1.$wireguard_number/32
@ -295,7 +295,7 @@ AllowedIPs = 10.98.1.254/32
Endpoint = 193.33.56.94:51812
PersistentKeepalive = 25
EOF
wireguard_pubkey="$(cat "$mnt/etc/wireguard/jeancloud.conf" | grep -oP '^PrivateKey = \K.*' | wg pubkey)"
wireguard_pubkey="$(cat "$mnt/etc/wireguard/jeancloud.conf" | grep -oP '^PrivateKey = \K.*' | chroot_run wg pubkey)"
run cat > "$secret_dir/wg_conf_part" <<EOF
[Peer] # $hostname

View File

@ -4,31 +4,4 @@ DO NOT REBOOT IT. it sometimes fails…
raku :
+ ajouter nonfree dans les sources
-i firmware-atheros -i firmware-realtek
cheri :
cat > /etc/init.d/autoreboot <<EOF
#!/bin/bash
### BEGIN INIT INFO
# Provides: autoreboot
# Required-Start: \$local_fs \$syslog
# Required-Stop: \$local_fs \$syslog
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: starts autoreboot
# Description: starts autoreboot
### END INIT INFO
sleep 120
ip -4 -o a > /dev/tty1
if ! ip a | grep -q 'eth0' ; then
echo 'eth0 not found. rebooting' >/dev/tty1
sleep 3
reboot
else
echo 'eth0 found' >/dev/tty1
sleep 3
exit 0
fi
exit 0
EOF
chmod +x /etc/init.d/autoreboot
-i firmware-atheros

View File

@ -1,41 +0,0 @@
version: '3.1'
services:
wp:
image: wordpress:5-apache
restart: unless-stopped
env_file: $DATA_DIR/wordpress.env
volumes:
- $DATA_DIR/wordpress:/var/www/html
- /srv/http/$JC_SERVICE:/var/www/html/static
networks:
default:
ipv4_address: $NET.100
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
db:
image: mariadb:10.11
restart: unless-stopped
env_file: $DATA_DIR/wordpress.env
volumes:
- $DATA_DIR/db:/var/lib/mysql
networks:
default:
ipv4_address: $NET.101
deploy:
resources:
limits:
cpus: '0.50'
memory: 300M
networks:
default:
ipam:
config:
- subnet: $NET.0/24

View File

@ -1,30 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name wordpress.$JC_SERVICE www.wordpress.$JC_SERVICE;
location / {
auth_basic "Mot de passe !";
auth_basic_user_file /data/$JC_SERVICE/pass.txt;
client_max_body_size 2G;
#proxy_set_header X-Real-IP $remote_addr;
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://$NET.100;
proxy_redirect off;
}
}
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name $JC_SERVICE www.$JC_SERVICE;
location / {
root /srv/http/$JC_SERVICE;
try_files $uri $uri/ =404;
}
}

View File

@ -1,32 +0,0 @@
version: '2'
services:
coldcms:
image: coldcms/coldcms-backend:latest
volumes:
- $DATA_DIR/coldcms:/srv/build
- $DATA_DIR/db:/var/db
environment:
- DJANGO_SETTINGS_MODULE=coldcms.settings
- DB_URL=sqlite:////var/db/database.sqlite3
- BUILD_DIR=/srv/build
- STATIC_ROOT=/srv/build/static/
- ALLOWED_HOSTS=$JC_SERVICE
- SECRET_KEY=275bLEjLIsDg19HkIcjjwgdC41zcyTAc1y527VuX23khKUZGRCMybChydeBKFNJVjhD0KMrzIeLbMlS30IxPhfqLAcR2OK0LVxOu4G8dgx3p2pia4SUFm39tOznKZ0Kt9IdbX
restart: unless-stopped
networks:
default:
ipv4_address: $NET.100
deploy:
resources:
limits:
cpus: '0.50'
memory: 500M
networks:
default:
ipam:
config:
- subnet: $NET.0/24

View File

@ -1,55 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name $JC_SERVICE www.$JC_SERVICE;
add_header Strict-Transport-Security "max-age=31536000";
gzip on;
gzip_disable "msie6";
gzip_types text/plain text/css application/json text/xml application/xml text/javascript application/x-javascript;
gzip_min_length 1000;
gzip_proxied no-cache no-store private expired auth;
gzip_vary on;
root $HTTP_DIR;
location / {
set $try_files_value '';
if ($request_method = GET){
set $try_files_value $uri/;
}
gzip_static on;
try_files $try_files_value @uwsgi_backend;
}
location @uwsgi_backend {
uwsgi_pass $NET.100:8000;
include uwsgi_params;
client_max_body_size 20m;
}
location /media/ {
gzip_static on;
expires 100d;
add_header Cache-Control public;
access_log off;
}
location /static/ {
gzip_static on;
expires 100d;
add_header Cache-Control public;
access_log off;
}
location /admin/ {
uwsgi_pass $NET.100:8000;
include uwsgi_params;
client_max_body_size 20m;
}
}

View File

@ -1 +0,0 @@
GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/grapesjs

View File

@ -1,3 +0,0 @@
#!/bin/bash
git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO"

View File

@ -1,19 +0,0 @@
version: '3'
services:
json_server:
image: jeancloud/json-server
volumes:
- "$DATA_DIR:/usr/lib/json-server"
networks:
default:
ipv4_address: $NET.100
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
networks:
default:
ipam:
config:
- subnet: $NET.0/24

View File

@ -1,35 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name grapes.chahut.jean-cloud.net;
root $HTTP_DIR;
# Security headers
# We can create a file with the base security headers and include it.
# Will it be possible to overload them then ?
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#add_header Content-Security-Policy "default-src 'self' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ ;frame-ancestors 'none'; script-src 'self' 'unsafe-eval' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ ; img-src 'self'; object-src 'none'; style-src 'self' 'unsafe-inline' https://cdnjs.cloudflare.com/ajax/libs/font-awesome/ ; base-uri 'self'; form-action 'self';" always;
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options SAMEORIGIN always;
add_header X-XSS-Protection "1; mode=block" always;
#add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='https://mailer.jean-cloud.net';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
auth_basic "Mot de passe !";
auth_basic_user_file $DATA_DIR/pass.txt;
location / {
index index.html;
try_files $uri $uri/ =404;
}
location /projects {
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Proto https;
proxy_pass http://$NET.100:3000;
proxy_redirect off;
}
}

View File

@ -1,19 +0,0 @@
TZ=Europe/Paris
OMA_DOCKER_VERSION=8
WEBSOCKET_PORT=2002
TELECOM_SERVER_PORT=3492
MUX_SERVER_PORT=9002
RADIO_NAME_SIMPLE=paj
OMA_CONFIG_NomRadio=paj
RADIO_NAME_PRETTY="Paj Radio"
RADIO_HOST=paj.oma-radio.fr
COMPOSE_NAME=pajoma-radiofr
DOCKER_INSTANCES_PREFIX=pajoma-radiofr-
DOCKER_INSTANCES_SUFIX=-1
DATA_DIR=/data/paj.oma-radio.fr
USE_SSL=true
PUBLIC_WEBSITE_UPSTREAM=https://static.oma-radio.fr/player-interface/1.3.0
MANAGER_WEBSITE_UPSTREAM=https://static.oma-radio.fr/single-manager/1.1.0
SYNCTHINGS_API_KEY=425qLiE5QMJmFjgoxUHRgxD2icWNmkdy
SYNCTHINGS_LABEL_PREFIX="[oma] [paj] "
SYNCTHINGS_PRIVATE_KEY="/keys/Niilos"

View File

@ -1,181 +0,0 @@
version: '3'
services:
ambre_mux:
image: registry.oma-radio.fr/mux:$OMA_DOCKER_VERSION
env_file: .env
environment:
OMA_CONFIG_Client1Url: /paj.ogg
volumes:
- $DATA_DIR/soundbase/pige:/app/pige
ports:
- $MUX_SERVER_PORT:9000
restart: unless-stopped
networks:
default:
ipv4_address: $NET.100
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
saphir_telecom_server:
image: registry.oma-radio.fr/telecom-server:$OMA_DOCKER_VERSION
env_file: .env
ports:
- $TELECOM_SERVER_PORT:3490
restart: unless-stopped
networks:
default:
ipv4_address: $NET.101
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
anthracite_jukebox:
image: registry.oma-radio.fr/jukebox:$OMA_DOCKER_VERSION
env_file: .env
volumes:
- $DATA_DIR/soundbase:/app/soundBase
- $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM
restart: unless-stopped
networks:
default:
ipv4_address: $NET.102
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
azurite_jukebox_simulator:
image: registry.oma-radio.fr/jukebox-simulator:$OMA_DOCKER_VERSION
env_file: .env
volumes:
- $DATA_DIR/soundbase:/app/soundBase
restart: unless-stopped
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
agate_importer:
image: registry.oma-radio.fr/baseimport:$OMA_DOCKER_VERSION
env_file: .env
volumes:
- $DATA_DIR/soundbase:/app/soundBase
restart: unless-stopped
networks:
default:
ipv4_address: $NET.104
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
amarante_webserver:
image: registry.oma-radio.fr/webserver:$OMA_DOCKER_VERSION
env_file: .env
environment:
OMA_CONFIG_PigeOggConsigne: 5000
OMA_CONFIG_PigeOggMax: 5100
OMA_CONFIG_PigeOggMaxMax: 5500
OMA_CONFIG_PigeTextConsigne: 10000
OMA_CONFIG_PigeTextMax: 11000
OMA_CONFIG_PigeTextMaxMax: 15000
OMA_CONFIG_PodCacheSize: 25 # to fix a webserver bug
restart: unless-stopped
networks:
default:
ipv4_address: $NET.105
volumes:
- $DATA_DIR/soundbase:/soundbase
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
rubis_base_mg:
image: registry.oma-radio.fr/base-mg:$OMA_DOCKER_VERSION
restart: unless-stopped
networks:
default:
ipv4_address: $NET.106
volumes:
- $DATA_DIR/soundbase:/soundbase
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
system_api:
image: registry.oma-radio.fr/system-api:master
env_file: .env
environment:
UID: 33
SOUNDBASE_PATH: /soundbase
MOUNT: /api
CONFIG_PATH: /config
restart: unless-stopped
networks:
default:
ipv4_address: $NET.107
volumes:
- /tmp/uwsgi/$RADIO_HOST:/tmp/uwsgi
- /var/run/docker.sock:/var/run/docker.sock
- $DATA_DIR/soundbase:/soundbase
- /data/soundbase.oma-radio.fr/Niilos:/keys/Niilos
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
liquidsoap:
image: registry.oma-radio.fr/liquidsoap:1.3.7
env_file: .env
volumes:
- $DATA_DIR/secours.ogg:/secours.ogg
- ./transcode.liq:/transcode.liq
command: /transcode.liq
restart: unless-stopped
networks:
default:
ipv4_address: $NET.108
icecast:
image: registry.oma-radio.fr/icecast:alpine-2.4.0
environment:
- ICECAST_SOURCE_PASSWORD=JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f
- ICECAST_ADMIN_PASSWORD=STh5LrPMvp876KPoajCPEUpehE98JPqZ6sEixSnzJ42CR2MdyPMBYfzjGpbAzajNgw8jsuLh
- ICECAST_RELAY_PASSWORD=r2LgmDocgyYh7DqhSsey8tM99wxdViTpLtyi9tcWHtokC73QnC6kQLRRb58VUy5FXYnStRsG
- ICECAST_ADMIN_USERNAME=admin
- ICECAST_ADMIN_EMAIL=contact@oma-radio.fr
- ICECAST_LOCATION=Rhône-Alpes
- TZ=Europe/Paris
restart: unless-stopped
networks:
default:
ipv4_address: $NET.109
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
networks:
default:
ipam:
config:
- subnet: $NET.0/24

View File

@ -1,187 +0,0 @@
# Parameters:
# radio name
# file path
# ws port (local)
# wss port (open)
# upload service port
# ssl certs location
# TODO
# /speedtest-down returns random data
# can use : openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero > randomfile.bin
# /speedtest-up just eat everything it can
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server{
listen $WEBSOCKET_PORT ssl;
listen [::]:$WEBSOCKET_PORT ssl;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://$NET.105:9000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 120s;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name $RADIO_HOST www.$RADIO_HOST;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
root $DATA_DIR/soundbase/website;
index index.html;
location = /direct.ogg {
proxy_pass http://$NET.109:8000/$RADIO_NAME_SIMPLE.ogg;
}
location = /direct.mp3 {
proxy_pass http://$NET.109:8000/$RADIO_NAME_SIMPLE.mp3;
}
location = /api { rewrite ^ /api/; }
location ~ /api(/.*) {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $DATA_DIR/soundbase/users.htpasswd;
include uwsgi_params;
uwsgi_param PATH_INFO "$1";
uwsgi_param SCRIPT_NAME /api;
uwsgi_pass unix:/tmp/uwsgi/$RADIO_HOST/uwsgi-api.sock;
client_max_body_size 0;
proxy_connect_timeout 6000;
proxy_send_timeout 60000;
proxy_read_timeout 6000;
send_timeout 6000;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
location /pige{
alias $DATA_DIR/soundbase/pige;
try_files $uri $uri/ =404;
}
location /pigeMp3{
alias $DATA_DIR/soundbase/pigeMp3;
try_files $uri $uri/ =404;
}
location /png {
alias $DATA_DIR/soundbase/png;
try_files $uri $uri/ =404;
}
location /jpgL {
alias $DATA_DIR/soundbase/jpgL;
try_files $uri $uri/ =404;
}
location /jpgH {
alias $DATA_DIR/soundbase/jpgH;
try_files $uri $uri/ =404;
}
location /webpL {
alias $DATA_DIR/soundbase/webpL;
try_files $uri $uri/ =404;
}
location /webpH {
alias $DATA_DIR/soundbase/webpH;
try_files $uri $uri/ =404;
}
location /ogg {
alias $DATA_DIR/soundbase/ogg;
try_files $uri $uri/ =404;
}
location /txt {
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
alias $DATA_DIR/soundbase/txt;
try_files $uri $uri/ =404;
}
location /wavM {
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
alias $DATA_DIR/soundbase/wavM;
try_files $uri $uri/ =404;
}
location /wav {
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
alias $DATA_DIR/soundbase/wav;
try_files $uri $uri/ =404;
}
location /fiches {
alias $DATA_DIR/soundbase/fiches;
try_files $uri $uri/ =404;
}
location /prg {
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
alias $DATA_DIR/soundbase/prg;
try_files $uri $uri/ =404;
}
location /listes {
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
alias $DATA_DIR/soundbase/listes;
try_files $uri $uri/ =404;
}
location /statique {
alias $DATA_DIR/soundbase/statique;
try_files $uri $uri/ =404;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
# Admin interface
location /manager {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $DATA_DIR/soundbase/users.htpasswd;
try_files $uri $uri/ =404;
}
location = /favicon.ico {
return 301 /favicon.webp;
}
# for js, css, html — dynamic site, players
location / {
try_files $uri $uri/ =404;
add_header Cache-Control 'public must-revalidate';
}
}

View File

@ -1,13 +0,0 @@
#!/usr/bin/liquidsoap
#input1 = mksafe(input.harbor("direct.ogg",port=8000,password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f"))
input1 = mksafe(input.http("http://172.29.10.109:8000/paj.ogg"))
# Direct mp3
output.icecast(
%mp3(stereo=false),
mount="/paj.mp3",
host="172.29.10.109", port=8000, password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f",
input1)

View File

@ -1,9 +1,13 @@
[shlago]
#max.jean-cloud.org
max.jean-cloud.org
tetede.jean-cloud.org
raku.jean-cloud.org
[servers]
nougaro.jean-cloud.org
montbonnot.jean-cloud.org
#max.jean-cloud.org
#blatte.jean-cloud.org
max.jean-cloud.org
tetede.jean-cloud.org
raku.jean-cloud.org
izzo.jean-cloud.org

View File

@ -55,14 +55,12 @@ cd "/docker/$service"
if "$deploy" ; then
run mkdir -p "$DATA_DIR" "$HTTP_DIR"
run chown $uid "$DATA_DIR" "$HTTP_DIR"
run chown $uid "$DATA_DIR"
run chmod 751 "$DATA_DIR"
run chown $uid:www-data -R "$HTTP_DIR"
if [ -d "$SECRET_DIR" ] ; then
run chown $uid "$SECRET_DIR" -R
run find "$SECRET_DIR" -type d -exec chmod 751 '{}' \;
run find "$SECRET_DIR" -type f -exec chmod 700 '{}' \;
run chmod 751 "$SECRET_DIR" -R
fi
else
[ -d "$HTTP_DIR" ] && rm -r "$HTTP_DIR"

View File

@ -50,9 +50,6 @@ run chmod 755 /data
section "Create new conf directory"
run mkdir -p "$new_nginx_conf_path"
logdir="/var/log/shlaguernetes/"
run mkdir -p "$logdir"
###############################################################################
# Deploy services
###############################################################################
@ -73,14 +70,14 @@ do
[[ "$(getent hosts $target)" != "::1 "* ]] && echo 'Not here' && continue
echo "Deploying"
deploy_service.sh "$service" "noreload" &>"$logdir/deploy.$service.$(date +%Y-%m-%d.%Hh-%M-%S)" &
deploy_service.sh "$service" "noreload"
if [ "$?" -ne 0 ] ; then
failed="$failed $service"
fi
done < <(grep -v '^#' /docker/services.csv)
wait
restart_nginx.sh
if [ -n "$failed" ] ; then

View File

@ -1,72 +0,0 @@
#!/bin/bash
# This script will generate a single config for a given host and privkey
# Limits:
# 253 peers 1 -> 254
# Lib
. /usr/local/bin/driglibash-base
# Arg parsing
if [ "$#" -ne 4 ] ; then
die "Usage: $0 <name> <privkey_filepath> <port> <net_prefix>\nNet is a /24"
fi
thisname="$1"
privkey="$2"
port="$3"
net="$4"
# script
content="$(mktemp)"
clean "rm $content"
while IFS=";" read id name location isp note pubkey ip1 ip2 ip3 ip4 ip5 ; do
# Skip header
[ "$id" = "id" ] && continue
# Add local config
if [ "$name" = "$thisname" ] ; then
cat <<-EOF
[Interface] # $name
PrivateKey = $(cat "$privkey")
ListenPort = $port
Address = $net.$id/32
EOF
else
# Create list of endpoints
endpoints=""
for i in $(seq 1 5) ; do
varname="ip$i"
ip="${!varname}"
echo "$ip" | grep -q ':' && ip="[$ip]"
if [ -n "$ip" ] ; then
endpoints="$endpoints"$'\n'"Endpoint = $ip:$port"
fi
done
# Correct endpoint value or add keepalive for endpointless hosts
if [ -n "$endpoints" ] ; then
endpoints="${endpoints:1}"
else
endpoints="PersistentKeepalive = 30"
fi
# Peer config
cat >> "$content" <<-EOF
[Peer] # $name
PublicKey = $pubkey
AllowedIPs = $net.$id/32
$endpoints
EOF
fi
done < $DOCKER_DIR/servers.csv
cat "$content"
rm "$content"

View File

@ -1,59 +1,56 @@
#!/bin/bash
Help(){
echo "
NAME
git_update.sh
SYNOPSIS
git_update.sh [-h] [-r ref] [-d dest] [-H] [-a] repository
OPTIONS
-h prints the help.
-r specifies the reference to the commit to be synchronized. It can be a tag or a branch. By default, it is the last commit of branch main.
It can be different from the actual branch. CAREFUL, the command git branch will always show the original branch name even though a branch switch has happened.
-d specifies the destination of the clone or update. Directory must be empty if a new clone is to be made.
If the repository to be cloned is local, and its path is passed as a relative path, the path should start from the destination.
To avoid mistakes, absolute paths are advised.
-H allows the $HOME directory to be used by git_update.sh. By default, git_update.sh cannot access $HOME to prevent default behavior.
If you need the global .gitconfig located in your $HOME to be used, you should supply the -H option.
-a specifies that the aggressive option of the git garbage collection must be used. Only advised when changes happen in many different objects. Will slow down the execution.
-o ssh options for ssh clone
DESCRIPTION
This script will replace the destination with the wanted commit of a git repository. The history is not preserved but tags are. Untracked files remain.
The git commands have been chosen so as to minimize the memory and bandwidth usages."
}
#variables
declare -A usage
declare -A varia
summary="$0 [options] <repo>"
ref=main
dst='.'
use_home=false
be_aggressive="false"
ssh_opts="ssh"
while getopts ":ho:r:d:H" option; do
case $option in
h) # display Help
Help
exit;;
r) # desired branch or tag
ref="$OPTARG";;
d) # destination of clone
dst="$OPTARG";;
H) # use real home dir
use_home="true";;
a) #use -a in git gc call
be_aggressive="true";;
o) # ssh options
ssh_opts="$ssh_opts $OPTARG";;
\?) # invalid option
echo "Error: Invalid option '$option'"
exit;;
esac
done
shift $((OPTIND-1))
usage[b]="Branch of git repo"
varia[b]=branch
branch=master
usage[t]="Tog of git repo"
varia[t]=tag
tag=
usage[d]="Destination of clone"
varia[d]=dst
dst='.'
usage[i]="privkey used to ssh pull"
varia[i]=privkey
privkey=''
usage[N]="Clone to a Non-empty target. Existing files will be overwriten"
varia[N]=nonempty_target
nonempty_target=false
usage[K]="Remote host key file (known_hosts) for ssh connections"
varia[K]=hostkeyfile
hostkeyfile=''
usage[H]="Use real home dir"
varia[H]=use_home
use_home=false
. driglibash-args
# Some SSH options
ssh_opt='ssh'
if [ -n "$privkey" ] ; then
ssh_opt="$ssh_opt -i $privkey"
fi
if [ -n "$hostkeyfile" ] ; then
ssh_opt="$ssh_opt -o 'UserKnownHostsFile $hostkeyfile'"
fi
repo="$1"
if [ -z "$repo" ] ; then
exit "$0: Empty repo given\n$summary"
die "$0: Empty repo given\n$summary"
fi
if [ ! $use_home ] ; then
@ -62,24 +59,44 @@ if [ ! $use_home ] ; then
set +a
fi
mkdir -p "$dst"
cd "$dst"
run mkdir -p "$dst"
run cd "$dst"
if [ -d .git ] ; then
echo "updating..."
git fetch --tags --depth=1 --prune --prune-tags --force origin $ref
git reset --hard --recurse-submodules FETCH_HEAD
git submodule update --init --recursive --force --depth=1 --remote
#garbage collection of anything unreachable at the moment
git reflog expire --expire=now --all
if "$be_aggressive" ; then
git gc --prune=now --aggressive
elsels
git gc --prune=now
# Compute git branch and tag
tagref=
if [ -n "$tag" ] ; then
tagref="tags/$tag"
fi
run git fetch origin "$branch" --tags
run git checkout --force $tagref -B "$branch"
run git reset --hard # TODO we can keep some files?
# Preserve existing files in some cases
if ! "$nonempty_target" ; then
git clean -qffdx
fi
run git submodule update --init --recursive --force --recommend-shallow
run git submodule foreach git fetch
run git submodule foreach git checkout --force HEAD
run git submodule foreach git reset --hard
run git submodule foreach git clean -fdx
else
echo "cloning..."
clone_dst='.'
git clone -b "$ref" --recurse-submodules --shallow-submodules --depth 1 --config core.sshCommand="$ssh_opts" "$repo" "$clone_dst"
# To override an existing dir, we need to clone elsewhere first
if "$nonempty_target" ; then
clone_dst="$(mktemp -d)"
fi
run git clone -b "$branch" --single-branch --recurse-submodules --shallow-submodules --depth 1 --config core.sshCommand="$ssh_opt" "$repo" "$clone_dst"
# To override an existing dir, we then move everything to that dir
if "$nonempty_target" ; then
run mv "$clone_dst/"{*,.*} .
run rmdir "$clone_dst"
fi
fi

View File

@ -17,7 +17,7 @@ run nginx -t
if [ -z "$(cat /var/run/nginx.pid)" ] ; then
section "Start nginx"
run systemctl restart nginx
run nginx
else
section "Reload nginx"
run nginx -s reload

View File

@ -1,8 +1,6 @@
#!/bin/bash
#set -euo pipefail
# Pipefail will trigger annoying sigpipe on our greps
set -eu
set -euo pipefail
if [ "$#" -ne 2 ] ; then
echo "Usage: $0 <start|stop|reload|restart> <wgif>"

View File

@ -54,7 +54,7 @@
- name: Install some softwares
apt:
name: ['bind9', 'certbot', 'curl', 'dnsutils', 'git', 'gnupg2', 'htop', 'netcat-openbsd', 'nginx', 'nmap', 'podman', 'rsync', 'screen', 'sshfs', 'sudo', 'traceroute', 'vim', 'wget', 'zip']
name: ['bind9', 'certbot', 'curl', 'dnsutils', 'git', 'gnupg2', 'htop', 'hugo', 'netcat-openbsd', 'nginx', 'podman', 'rclone', 'rsync', 'screen', 'sshfs', 'sudo', 'traceroute', 'vim', 'wget', 'zip']
state: latest
# TODO disable certbot and certbot.timer services. We are using our own

View File

@ -58,11 +58,11 @@ http {
#error_page 503 https://jean-cloud.net/503;
# limit requests
#limit_req_status 429;
#limit_req_zone $binary_remote_addr zone=defaultlimit:10m rate=30r/s;
#limit_req zone=defaultlimit burst=100 nodelay;
#limit_conn_zone $request_uri zone=defaultconumber:10m;
#limit_conn defaultconumber 20;
limit_req_status 429;
limit_req_zone $binary_remote_addr zone=defaultlimit:10m rate=30r/s;
limit_req zone=defaultlimit burst=100 nodelay;
limit_conn_zone $request_uri zone=defaultconumber:10m;
limit_conn defaultconumber 20;
##
# Virtual Host Configs

View File

@ -2,7 +2,7 @@
set -euo pipefail
# Update git repo
git_update.sh -d "$HTTP_DIR" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
cd "$HTTP_DIR"

View File

@ -1 +0,0 @@
GIT_SOURCE_REPO=https://git.jean-cloud.net/eleonore/site_web_karafon.git

View File

@ -1,5 +0,0 @@
#!/bin/bash
set -euo pipefail
# Update git repo
git_update.sh -b sale -d "$HTTP_DIR" "$GIT_SOURCE_REPO"

View File

@ -4,24 +4,21 @@ server {
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name $JC_SERVICE www.$JC_SERVICE;
root $HTTP_DIR;
root $HTTP_DIR/collectifkarafon.wixsite.com/;
# Security headers
# We can create a file with the base security headers and include it.
# Will it be possible to overload them then ?
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self'; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self'; base-uri 'self'; form-action 'self';" always;
#add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self'; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self'; base-uri 'self'; form-action 'self';" always;
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options SAMEORIGIN always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='none';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';sync-xhr='https://mailer.jean-cloud.net';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
location / {
index index.html;
index monsite.html;
try_files $uri $uri/ =404;
}
location /.git {
return 404;
}
}

View File

@ -1,3 +1,8 @@
#!/bin/bash
set -euo pipefail
# For some variables
. /etc/jeancloud.env
apt install -y python3-certbot-dns-rfc2136

View File

@ -36,5 +36,5 @@ for srv in $(host -t TXT shlago.jean-cloud.org ns.jean-cloud.org | grep -Po 'des
server="$srv.jean-cloud.org"
[ -n "$(grep "$server" /etc/hosts)" ] && continue
echo "-- $server"
rsync -avz -e "ssh -i '$DATA_DIR/certs.priv' -p 45985" "$DATA_DIR/certs" "dnscerts.jean-cloud.org@$server:$DATA_DIR/" || true
rsync -avz -e "ssh -i '$DATA_DIR/certs.priv' -p 45985" "$DATA_DIR/certs" "certs@$server:$DATA_DIR/" || true
done

View File

@ -1,4 +1,4 @@
#!/bin/bash
set -euo pipefail
git_update.sh -d "$HTTP_DIR" -r 2021 "https://git.jean-cloud.net/adrian/feteducourt-static.git"
git_update.sh -d "$HTTP_DIR" -b 2021 "https://git.jean-cloud.net/adrian/feteducourt-static.git"

View File

@ -1,4 +1,4 @@
#!/bin/bash
set -euo pipefail
git_update.sh -d "$HTTP_DIR" -r 2020 "https://git.jean-cloud.net/adrian/feteducourt-static.git"
git_update.sh -d "$HTTP_DIR" -b 2020 "https://git.jean-cloud.net/adrian/feteducourt-static.git"

View File

@ -1,5 +1,5 @@
#!/bin/bash
set -euo pipefail
git_update.sh -d "$HTTP_DIR" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"

View File

@ -1,7 +1,7 @@
version: '3'
services:
gitea:
image: gitea/gitea:1.22
image: gitea/gitea:1.21
depends_on:
- db
volumes:

View File

@ -1,11 +1,8 @@
#!/bin/bash
set -euo pipefail
# Do not update website if body is unreachable
[ ! -f "$HTTP_DIR/public/index.html" ] && { curl --fail-with-body https://$RADIO_HOST/manager/ >/dev/null || exit 0 ; }
# Update git repo
git_update.sh -d "$HTTP_DIR" -o "-i $SECRET_DIR/gitlab-deploy.sshprivkey" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
cd "$HTTP_DIR"
@ -13,7 +10,7 @@ cd "$HTTP_DIR"
rclone_ncloud_publiclink.sh
# Invalid cache
rm -rf "/tmp/hugo_cache_$USER"
#rm -rf "/tmp/hugo_cache_$USER"
# Build website
HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo

View File

@ -1,2 +1 @@
GIT_SOURCE_REPO=https://git.jean-cloud.net/adrian/jean-cloud_website
GIT_BRANCH=master

View File

@ -1,5 +1,5 @@
#!/bin/bash
set -euo pipefail
git_update.sh -d "$HTTP_DIR" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
git_update.sh -d "$HTTP_DIR" -b "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"

View File

@ -6,7 +6,7 @@ fi
. venv/bin/activate
git_update.sh -r v1 -d $HTTP_DIR https://git.jean-cloud.net/adrian/mutubot.git
git_update.sh -b v1 -d $HTTP_DIR https://git.jean-cloud.net/adrian/mutubot.git
pip install -r requirements.txt

View File

@ -1,16 +0,0 @@
WEBSERVER=.105
MUX=.100
TELECOM=.101
SWEBSOCKET_PORT=2002
WEBSOCKET_PORT=2202
RADIO_HOST=mux.paj.oma-radio.fr
MUX_SERVER_PORT=9002
TELECOM_SERVER_PORT=3492
SOUNDBASE_DIR=/data/mux.paj.oma-radio.fr/soundbase
OMA_DOCKER_VERSION=dev
ICECAST=.110
SOUNDBASE_IP=10.99.99.7
SOUNDBASE_HOST=soundbase.paj.oma-radio.fr
COMPOSE_NAME=muxpajoma-radiofr
DOCKER_INSTANCES_PREFIX=muxpajoma-radiofr-
DOCKER_INSTANCES_SUFIX=-1

View File

@ -1,6 +0,0 @@
#!/bin/bash
mkdir -p "$SOUNDBASE_DIR/pige"
chown 10000:10000 "$SOUNDBASE_DIR/pige" -R
cat "$SECRET_DIR/registry_pass" | docker login --username "$registry_user" --password-stdin registry.gitlab.com

View File

@ -1,10 +0,0 @@
#!/bin/bash
if [ ! -e "$DATA_DIR/.env" ] ; then
cat > "$DATA_DIR/.env" <<EOF
ICECAST_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
ICECAST_ADMIN_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
ICECAST_RELAY_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
LIQUIDSOAP_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
EOF
fi

View File

@ -1,143 +0,0 @@
version: '3'
services:
ambre_mux:
image: registry.gitlab.com/omaradio/core/oma-mux:$OMA_DOCKER_VERSION
env_file:
- .env
- $DATA_DIR/.env
environment:
OMA_CONFIG_Client1Host: $NET$ICECAST
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
OMA_CONFIG_LogLevel: 8
volumes:
- $SOUNDBASE_DIR/pige:/app/pige
ports:
- $MUX_SERVER_PORT:9000
depends_on:
- transcode
restart: unless-stopped
networks:
default:
ipv4_address: $NET$MUX
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
saphir_telecom_server:
image: registry.gitlab.com/omaradio/core/oma-telecom-server:$OMA_DOCKER_VERSION
env_file: .env
ports:
- $TELECOM_SERVER_PORT:3490
restart: unless-stopped
networks:
default:
ipv4_address: $NET$TELECOM
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
amarante_webserver:
image: registry.gitlab.com/omaradio/core/oma-webserver:$OMA_DOCKER_VERSION
env_file: .env
environment:
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
OMA_CONFIG_PigeTxtLoadFic: off
restart: unless-stopped
volumes:
- $SOUNDBASE_DIR:/soundbase
ports:
- $WEBSOCKET_PORT:9000
networks:
default:
ipv4_address: $NET$WEBSERVER
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
transcode:
image: savonet/liquidsoap:v2.1.4
env_file:
- .env
- $DATA_DIR/.env
volumes:
- ./liquidsoap.liq:/transcode.liq
- $SOUNDBASE_DIR:/soundbase
command: /transcode.liq
restart: unless-stopped
networks:
default:
ipv4_address: $NET.108
deploy:
resources:
limits:
cpus: '0.50'
memory: 300M
#radioking:
# image: jeancloud/liquidsoap:1.3.7
# env_file: .env
# volumes:
# - ./radioking.liq:/radioking.liq
# command: /radioking.liq
# restart: unless-stopped
# networks:
# default:
# ipv4_address: $NET.111
icecast:
image: infiniteproject/icecast
restart: unless-stopped
environment:
# echo -n "source:pass" | base64
ICECAST_ADMIN_USERNAME: admin
ICECAST_ADMIN_EMAIL: contact@oma-radio.fr
ICECAST_LOCATION: Rhône-Alpes
TZ: Europe/Paris
env_file: $DATA_DIR/.env
healthcheck:
test: "wget http://127.0.0.1:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://127.0.0.1:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'"
interval: 1h0m0s
timeout: 10s
retries: 3
start_period: 1m0s
networks:
default:
ipv4_address: $NET$ICECAST
system_api:
image: jeancloud/system-api:$OMA_DOCKER_VERSION
env_file: .env
environment:
UID: 33
SOUNDBASE_PATH: /soundbase
MOUNT: /muxapi
CONFIG_PATH: /config
restart: unless-stopped
volumes:
- /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi
- /var/run/docker.sock:/var/run/docker.sock
- $SOUNDBASE_DIR:/soundbase
networks:
default:
ipv4_address: $NET.107
deploy:
resources:
limits:
cpus: '0.50'
memory: 500M
networks:
default:
ipam:
config:
- subnet: $NET.0/24

View File

@ -1,84 +0,0 @@
#!/usr/bin/liquidsoap
# Extract timestamp from pige path
def ts_from_filepath (filepath)
splitpath = string.split(separator='/', filepath)
# Keep only filename
filename = list.nth(splitpath,list.length(splitpath)-1)
int_of_string(list.hd(string.split(separator='\\.', filename)))
end
# Remove pige from now-1month
def rm_pige(ts)
filepath = "/soundbase/pige/#{ts}.ogg"
if file.exists("#{filepath}") then
process.run("rm #{filepath}")
end
end
# Check that the timestamp starts exactly on a minute
def integrity_check(ts)
if ts mod 60 != 0 then
print("#{ts} is to fix")
end
end
# Routine integrity check for each files
def clean_and_check (filepath)
ts = ts_from_filepath (filepath)
# Remove if old
if ( ts < int_of_float(time()) - 2678400 ) then
rm_pige(ts)
end
integrity_check (ts)
end
def clean_and_check_latest (filepath)
ts = ts_from_filepath (filepath)
rm_pige(ts - 2678400) # ts of one month sooner
integrity_check (ts)
end
# Exaustive integrity check
def clean_and_check_all ()
list.iter(clean_and_check, file.ls("/soundbase/pige/"))
end
# Mux
#input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
input1 = mksafe(input.http("http://icecast:8000/direct.ogg"))
# Direct mp3
# TODO faire du 44100 pour éviter les trous ?
output.icecast(
%mp3(bitrate=128, samplerate=22050, stereo=false),
mount="/direct.mp3",
#host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
host="icecast", port=8000, password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f",
input1)
# Radioking
#output.icecast(
# %mp3(bitrate=128, samplerate=22050, stereo=false),
# mount="/test355",
# host="live.radioking.com", port=80, user="", password="",
# input)
# Direct ogg
#output.icecast(
# %vorbis(samplerate=44100, channels=1, quality=0.2),
# mount="/direct.ogg",
# host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
# input1)
# Pige
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check_latest)
# Integrity checks
clean_and_check_all()

View File

@ -1,119 +0,0 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server{
listen $SWEBSOCKET_PORT ssl;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://$NET$WEBSERVER:9000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 120s;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name $JC_SERVICE;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
location / {
proxy_pass http://$SOUNDBASE_IP/;
proxy_set_header Host '$SOUNDBASE_HOST';
proxy_redirect http://$SOUNDBASE_HOST https://$JC_SERVICE;
# wait
client_max_body_size 0;
proxy_connect_timeout 6000;
proxy_send_timeout 60000;
proxy_read_timeout 6000;
send_timeout 6000;
}
location /pige {
alias "$SOUNDBASE_DIR/pige";
try_files $uri $uri/ =404;
}
location /direct.ogg {
client_max_body_size 0;
proxy_pass http://$NET$ICECAST:8000/direct.ogg;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
location /direct.mp3 {
client_max_body_size 0;
proxy_pass http://$NET$ICECAST:8000/direct.mp3;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
}
location /style.css {
client_max_body_size 0;
proxy_pass http://$NET$ICECAST:8000/style.css;
}
location /status.xsl {
client_max_body_size 0;
proxy_pass http://$NET$ICECAST:8000/status.xsl;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
location ~ /muxapi(/.*) {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
include uwsgi_params;
uwsgi_param PATH_INFO "$1";
uwsgi_param SCRIPT_NAME /muxapi;
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
client_max_body_size 0;
proxy_connect_timeout 6000;
proxy_send_timeout 60000;
proxy_read_timeout 6000;
send_timeout 6000;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy- revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
location ~ /muxapi(/.*) {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
include uwsgi_params;
uwsgi_param PATH_INFO "$1";
uwsgi_param SCRIPT_NAME /muxapi;
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
client_max_body_size 0;
proxy_connect_timeout 6000;
proxy_send_timeout 60000;
proxy_read_timeout 6000;
send_timeout 6000;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
}

View File

@ -1,3 +1,4 @@
ENDPOINT=10.29.0.1
WEBSERVER=.105
MUX=.100
TELECOM=.101
@ -6,12 +7,7 @@ WEBSOCKET_PORT=2204
RADIO_HOST=mux.radiodemo.oma-radio.fr
MUX_SERVER_PORT=9004
TELECOM_SERVER_PORT=3494
SOUNDBASE_DIR=/data/mux.radiodemo.oma-radio.fr/
SOUNDBASE_DIR=/data/mux.radiodemo.oma-radio.fr/core/radioDemo
OMA_DOCKER_VERSION=dev
ICECAST=.110
SOUNDBASE_IP=10.99.99.7
SOUNDBASE_HOST=soundbase.radiodemo.oma-radio.fr
COMPOSE_NAME=muxradiodemooma-radiofr
DOCKER_INSTANCES_PREFIX=muxradiodemooma-radiofr-
DOCKER_INSTANCES_SUFIX=-1
OMA_CONFIG_LogLevel=8
WG_NAME_radiodemo=radiodemo

View File

@ -1,12 +1,10 @@
#!/bin/bash
if [ ! -e "$DATA_DIR/.env" ] ; then
source_pass="$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 40)"
cat > "$DATA_DIR/.env" <<EOF
ICECAST_SOURCE_PASSWORD=$source_pass
ICECAST_ADMIN_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 40)
ICECAST_RELAY_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 40)
LIQUIDSOAP_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 40)
OMA_CONFIG_Client1EnteteNext="Authorization: Basic $(echo "source:$source_pass" | base64)"
ICECAST_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
ICECAST_ADMIN_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
ICECAST_RELAY_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
LIQUIDSOAP_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
EOF
fi

View File

@ -6,7 +6,7 @@ services:
- .env
- $DATA_DIR/.env
environment:
OMA_CONFIG_Client1Host: $NET$ICECAST
OMA_CONFIG_Client1Host: $NET.108
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
OMA_CONFIG_Pige: on
volumes:
@ -58,7 +58,7 @@ services:
deploy:
resources:
limits:
cpus: '0.5'
cpus: '0.50'
memory: 100M
transcode:
@ -103,7 +103,7 @@ services:
TZ: Europe/Paris
env_file: $DATA_DIR/.env
healthcheck:
test: "wget http://127.0.0.1:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://127.0.0.1:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'"
test: "wget http://localhost:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://localhost:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'"
interval: 1h0m0s
timeout: 10s
retries: 3
@ -112,28 +112,6 @@ services:
default:
ipv4_address: $NET$ICECAST
system_api:
image: jeancloud/system-api:$OMA_DOCKER_VERSION
env_file: .env
environment:
UID: 33
SOUNDBASE_PATH: /soundbase
MOUNT: /muxapi
CONFIG_PATH: /config
restart: unless-stopped
volumes:
- /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi
- /var/run/docker.sock:/var/run/docker.sock
- $SOUNDBASE_DIR:/soundbase
networks:
default:
ipv4_address: $NET.107
deploy:
resources:
limits:
cpus: '0.50'
memory: 500M
networks:
default:
ipam:

View File

@ -1,79 +0,0 @@
#!/usr/bin/liquidsoap
# Extract timestamp from pige path
def ts_from_filepath (filepath)
splitpath = string.split(separator='/', filepath)
# Keep only filename
filename = list.nth(splitpath,list.length(splitpath)-1)
int_of_string(list.hd(string.split(separator='\\.', filename)))
end
# Remove pige from now-1month
def clean_single_old_pige(ts)
# ts of one month sooner
ts = ts - 2678400
filepath = "/soundbase/pige/#{ts}.ogg"
if file.exists("#{filepath}") then
process.run("rm #{filepath}")
end
end
# Remove a pige file if it is too old
def clean_if_old(filename)
filepath = "/soundbase/pige/#{filename}"
if ( ts_from_filepath (filename) < int_of_float(time()) - 2678400 ) then
process.run("rm #{filepath}")
end
end
# Check that the timestamp starts exactly on a minute
def integrity_check(ts)
if ts mod 60 != 0 then
log.important("#{ts} is to fix")
end
end
# Routine integrity check for each files
def clean_and_check (filepath)
ts = ts_from_filepath (filepath)
integrity_check (ts)
clean_single_old_pige (ts)
end
# Exaustive integrity check
def clean_and_check_all ()
#list.iter(clean_if_old, file.ls("/soundbase/pige/"))
list.iter(clean_and_check, file.ls("/soundbase/pige/"))
end
# Mux
input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
# Direct mp3
output.icecast(
%mp3(bitrate=128, samplerate=22050, stereo=false),
mount="/direct.mp3",
host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
input1)
# Radioking
#output.icecast(
# %mp3(bitrate=128, samplerate=22050, stereo=false),
# mount="/test355",
# host="live.radioking.com", port=80, user="", password="",
# input)
# Direct ogg
output.icecast(
%vorbis(samplerate=44100, channels=1, quality=0.2),
mount="/direct.ogg",
host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
input1)
# Pige
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check)
# Integrity checks
clean_and_check_all()

View File

@ -1,80 +0,0 @@
#!/usr/bin/liquidsoap
# Extract timestamp from pige path
def ts_from_filepath (filepath)
splitpath = string.split(separator='/', filepath)
# Keep only filename
filename = list.nth(splitpath,list.length(splitpath)-1)
int_of_string(list.hd(string.split(separator='\\.', filename)))
end
# Remove pige from now-1month
def clean_single_old_pige(ts)
# ts of one month sooner
ts = ts - 2678400
filepath = "/soundbase/pige/#{ts}.ogg"
if file.exists("#{filepath}") then
process.run("rm #{filepath}")
end
end
# Remove a pige file if it is too old
def clean_if_old(filename)
filepath = "/soundbase/pige/#{filename}"
if ( ts_from_filepath (filename) < int_of_float(time()) - 2678400 ) then
process.run("rm #{filepath}")
end
end
# Check that the timestamp starts exactly on a minute
def integrity_check(ts)
if ts mod 60 != 0 then
log.important("#{ts} is to fix")
end
end
# Routine integrity check for each files
def clean_and_check (filepath)
ts = ts_from_filepath (filepath)
integrity_check (ts)
clean_single_old_pige (ts)
end
# Exaustive integrity check
def clean_and_check_all ()
list.iter(clean_if_old, file.ls("/soundbase/pige/"))
list.iter(clean_and_check, file.ls("/soundbase/pige/"))
end
# Mux
#input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
input1 = mksafe(input.http("http://icecast:8000/direct.ogg"))
# Direct mp3
output.icecast(
%mp3(bitrate=128, samplerate=22050, stereo=false),
mount="/direct.mp3",
host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
input1)
# Radioking
#output.icecast(
# %mp3(bitrate=128, samplerate=22050, stereo=false),
# mount="/test355",
# host="live.radioking.com", port=80, user="", password="",
# input)
# Direct ogg
#output.icecast(
# %vorbis(samplerate=44100, channels=1, quality=0.2),
# mount="/direct.ogg",
# host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
# input1)
# Pige
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check)
# Integrity checks
clean_and_check_all()

View File

@ -1 +0,0 @@
liquidsoap-transcode.liq

View File

@ -0,0 +1,79 @@
#!/usr/bin/liquidsoap
# Extract timestamp from pige path
def ts_from_filepath (filepath)
splitpath = string.split(separator='/', filepath)
# Keep only filename
filename = list.nth(splitpath,list.length(splitpath)-1)
int_of_string(list.hd(string.split(separator='\\.', filename)))
end
# Remove pige from now-1month
def clean_single_old_pige(ts)
# ts of one month sooner
ts = ts - 2678400
filepath = "/soundbase/pige/#{ts}.ogg"
if file.exists("#{filepath}") then
process.run("rm #{filepath}")
end
end
# Remove a pige file if it is too old
def clean_if_old(filename)
filepath = "/soundbase/pige/#{filename}"
if ( ts_from_filepath (filename) < int_of_float(time()) - 2678400 ) then
process.run("rm #{filepath}")
end
end
# Check that the timestamp starts exactly on a minute
def integrity_check(ts)
if ts mod 60 != 0 then
log.important("#{ts} is to fix")
end
end
# Routine integrity check for each files
def clean_and_check (filepath)
ts = ts_from_filepath (filepath)
integrity_check (ts)
clean_single_old_pige (ts)
end
# Exaustive integrity check
def clean_and_check_all ()
#list.iter(clean_if_old, file.ls("/soundbase/pige/"))
list.iter(clean_and_check, file.ls("/soundbase/pige/"))
end
# Mux
input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
# Direct mp3
output.icecast(
%mp3(bitrate=128, samplerate=22050, stereo=false),
mount="/direct.mp3",
host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
input1)
# Radioking
#output.icecast(
# %mp3(bitrate=128, samplerate=22050, stereo=false),
# mount="/test355",
# host="live.radioking.com", port=80, user="", password="",
# input)
# Direct ogg
output.icecast(
%vorbis(samplerate=44100, channels=1, quality=0.2),
mount="/direct.ogg",
host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
input1)
# Pige
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check)
# Integrity checks
clean_and_check_all()

View File

@ -28,73 +28,25 @@ server {
location / {
client_max_body_size 0;
proxy_pass http://$SOUNDBASE_IP/;
proxy_set_header Host '$SOUNDBASE_HOST';
proxy_redirect http://$SOUNDBASE_HOST https://$JC_SERVICE;
# wait
client_max_body_size 0;
proxy_connect_timeout 6000;
proxy_send_timeout 60000;
proxy_read_timeout 6000;
send_timeout 6000;
proxy_pass http://$ENDPOINT/;
proxy_set_header Host 'soundbase.radiodemo.oma-radio.fr';
proxy_redirect http://soundbase.radiodemo.oma-radio.fr https://$JC_SERVICE;
}
location /pige {
alias "$SOUNDBASE_DIR/pige";
try_files $uri $uri/ =404;
}
location /direct.ogg {
client_max_body_size 0;
proxy_pass http://$NET$ICECAST:8000/direct.ogg;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
location /direct.mp3 {
client_max_body_size 0;
proxy_pass http://$NET$ICECAST:8000/direct.mp3;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
}
location /style.css {
client_max_body_size 0;
proxy_pass http://$NET$ICECAST:8000/style.css;
}
location /status.xsl {
client_max_body_size 0;
proxy_pass http://$NET$ICECAST:8000/status.xsl;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
location ~ /muxapi(/.*) {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
include uwsgi_params;
uwsgi_param PATH_INFO "$1";
uwsgi_param SCRIPT_NAME /muxapi;
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
client_max_body_size 0;
proxy_connect_timeout 6000;
proxy_send_timeout 60000;
proxy_read_timeout 6000;
send_timeout 6000;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
location /logs/ {
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $DOCKER_DIR/server.sh;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
}

View File

@ -0,0 +1,7 @@
input = mksafe(input.http("http://172.29.0.110:8000/direct.mp3"))
output.icecast(
%mp3(bitrate=128, samplerate=22050, stereo=false),
mount="/test355",
host="live.radioking.com", port=80, user="test_test29", password="S9tx3VBhl",
input)

View File

@ -10,7 +10,7 @@ instance=''
since=''
until=''
action="$(echo "${REQUEST_URI##*/}" | tr -d '/\;!<>?#[]()"*.' | sed 's/&/\n/g')"
action="$(echo "$QUERY_STRING" | tr -d '/\;!<>?#[]()"*.' | sed 's/&/\n/g')"
while IFS='=' read key value ; do
case "$key" in
@ -35,9 +35,7 @@ done < <(echo "$action")
[ -z "$since" ] && exit 3
[ -z "$until" ] && exit 4
pwd
echo docker-compose logs --since "$since" --until "$until" "$instance"
docker-compose logs --since "$since" --until "$until" "$instance" 2>&1
if [ "$?" -ne 0 ] ; then
echo failed
fi

View File

@ -0,0 +1,33 @@
#!/bin/bash
set -euo pipefail
. .env
wgif="$1"
echo "
[Interface]
PrivateKey = $(cat $DATA_DIR/privatekey)
Address = 10.29.0.254/32
ListenPort = 55820
# packet forwarding
PreUp = sysctl -w net.ipv4.ip_forward=1
# port forwarding
#PreUp = iptables -t nat -A PREROUTING -p tcp --dport $MUX_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$MUX_SERVER_PORT
#PreUp = iptables -t nat -A PREROUTING -p tcp --dport $TELECOM_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$TELECOM_SERVER_PORT
#PostDown = iptables -t nat -D PREROUTING -p tcp --dport $MUX_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$MUX_SERVER_PORT
#PostDown = iptables -t nat -D PREROUTING -p tcp --dport $TELECOM_SERVER_PORT -j DNAT --to-destination $ENDPOINT:$TELECOM_SERVER_PORT
# packet masquerading
#PreUp = iptables -t nat -A POSTROUTING -o $wgif -j MASQUERADE
#PostDown = iptables -t nat -D POSTROUTING -o $wgif -j MASQUERADE
# remote settings for the private server
[Peer]
PublicKey = 6/Mlxe9auEw/WQnC6QYNAYtSAo8jAEMhJ1wXaRNy4AE=
AllowedIPs = 10.29.0.0/24
"

View File

@ -1,16 +0,0 @@
WEBSERVER=.105
MUX=.100
TELECOM=.101
SWEBSOCKET_PORT=2005
WEBSOCKET_PORT=2205
RADIO_HOST=mux.radiokipik.org
MUX_SERVER_PORT=9005
TELECOM_SERVER_PORT=3495
SOUNDBASE_DIR=/data/mux.radiokipik.org/soundbase
OMA_DOCKER_VERSION=unstable
ICECAST=.110
SOUNDBASE_IP=10.99.99.7
SOUNDBASE_HOST=soundbase.radiokipik.org
COMPOSE_NAME=muxradiokipikorg
DOCKER_INSTANCES_PREFIX=muxradiokipikorg-
DOCKER_INSTANCES_SUFIX=-1

View File

@ -1,6 +0,0 @@
#!/bin/bash
mkdir -p "$SOUNDBASE_DIR/pige"
chown 10000:10000 "$SOUNDBASE_DIR/pige" -R
cat "$SECRET_DIR/registry_pass" | docker login --username "$registry_user" --password-stdin registry.gitlab.com

View File

@ -1,11 +0,0 @@
#!/bin/bash
if [ ! -e "$DATA_DIR/.env" ] ; then
cat > "$DATA_DIR/.env" <<EOF
ICECAST_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
ICECAST_ADMIN_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
ICECAST_RELAY_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
LIQUIDSOAP_SOURCE_PASSWORD=$(LC_ALL=C tr -dc A-Za-z0-9 </dev/urandom | head -c 130)
EOF
fi

View File

@ -1,140 +0,0 @@
version: '3'
services:
ambre_mux:
image: registry.gitlab.com/omaradio/core/oma-mux:$OMA_DOCKER_VERSION
env_file:
- .env
- $DATA_DIR/.env
environment:
OMA_CONFIG_Client1Host: $NET$ICECAST
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
volumes:
- $SOUNDBASE_DIR/pige:/app/pige
ports:
- $MUX_SERVER_PORT:9000
depends_on:
- transcode
restart: unless-stopped
networks:
default:
ipv4_address: $NET$MUX
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
saphir_telecom_server:
image: registry.gitlab.com/omaradio/core/oma-telecom-server:$OMA_DOCKER_VERSION
env_file: .env
ports:
- $TELECOM_SERVER_PORT:3490
restart: unless-stopped
networks:
default:
ipv4_address: $NET$TELECOM
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
amarante_webserver:
image: registry.gitlab.com/omaradio/core/oma-webserver:$OMA_DOCKER_VERSION
env_file: .env
environment:
OMA_CONFIG_TelecommandeHost: $NET$TELECOM
OMA_CONFIG_PigeTxtLoadFic: off
restart: unless-stopped
volumes:
- $SOUNDBASE_DIR:/soundbase
ports:
- $WEBSOCKET_PORT:9000
networks:
default:
ipv4_address: $NET$WEBSERVER
deploy:
resources:
limits:
cpus: '0.5'
memory: 100M
transcode:
image: savonet/liquidsoap:v2.1.4
env_file:
- .env
- $DATA_DIR/.env
volumes:
- ./liquidsoap.liq:/transcode.liq
- $SOUNDBASE_DIR:/soundbase
command: /transcode.liq
restart: unless-stopped
networks:
default:
ipv4_address: $NET.108
deploy:
resources:
limits:
cpus: '0.50'
memory: 300M
#radioking:
# image: jeancloud/liquidsoap:1.3.7
# env_file: .env
# volumes:
# - ./radioking.liq:/radioking.liq
# command: /radioking.liq
# restart: unless-stopped
# networks:
# default:
# ipv4_address: $NET.111
icecast:
image: infiniteproject/icecast
restart: unless-stopped
environment:
# echo -n "source:pass" | base64
ICECAST_ADMIN_USERNAME: admin
ICECAST_ADMIN_EMAIL: contact@oma-radio.fr
ICECAST_LOCATION: Rhône-Alpes
TZ: Europe/Paris
env_file: $DATA_DIR/.env
healthcheck:
test: "wget http://127.0.0.1:8000/direct.ogg -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK' && wget http://127.0.0.1:8000/direct.mp3 -O - -t 1 -T 3 -S --spider 2>&1 | grep '200 OK'"
interval: 1h0m0s
timeout: 10s
retries: 3
start_period: 1m0s
networks:
default:
ipv4_address: $NET$ICECAST
system_api:
image: jeancloud/system-api:$OMA_DOCKER_VERSION
env_file: .env
environment:
UID: 33
SOUNDBASE_PATH: /soundbase
MOUNT: /muxapi
CONFIG_PATH: /config
restart: unless-stopped
volumes:
- /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi
- /var/run/docker.sock:/var/run/docker.sock
- $SOUNDBASE_DIR:/soundbase
networks:
default:
ipv4_address: $NET.107
deploy:
resources:
limits:
cpus: '0.50'
memory: 500M
networks:
default:
ipam:
config:
- subnet: $NET.0/24

View File

@ -1,84 +0,0 @@
#!/usr/bin/liquidsoap
# Extract timestamp from pige path
def ts_from_filepath (filepath)
splitpath = string.split(separator='/', filepath)
# Keep only filename
filename = list.nth(splitpath,list.length(splitpath)-1)
int_of_string(list.hd(string.split(separator='\\.', filename)))
end
# Remove pige from now-1month
def rm_pige(ts)
filepath = "/soundbase/pige/#{ts}.ogg"
if file.exists("#{filepath}") then
process.run("rm #{filepath}")
end
end
# Check that the timestamp starts exactly on a minute
def integrity_check(ts)
if ts mod 60 != 0 then
print("#{ts} is to fix")
end
end
# Routine integrity check for each files
def clean_and_check (filepath)
ts = ts_from_filepath (filepath)
# Remove if old
if ( ts < int_of_float(time()) - 2678400 ) then
rm_pige(ts)
end
integrity_check (ts)
end
def clean_and_check_latest (filepath)
ts = ts_from_filepath (filepath)
rm_pige(ts - 2678400) # ts of one month sooner
integrity_check (ts)
end
# Exaustive integrity check
def clean_and_check_all ()
list.iter(clean_and_check, file.ls("/soundbase/pige/"))
end
# Mux
#input1 = mksafe(input.harbor("direct.ogg",port=8000,password=getenv("ICECAST_SOURCE_PASSWORD")))
input1 = mksafe(input.http("http://icecast:8000/direct.ogg"))
# Direct mp3
# TODO faire du 44100 pour éviter les trous ?
output.icecast(
%mp3(bitrate=128, samplerate=22050, stereo=false),
mount="/direct.mp3",
#host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
host="icecast", port=8000, password="JsCabjWJUZXrrrKCaaRZma5wD4YKj5LQLXv6f",
input1)
# Radioking
#output.icecast(
# %mp3(bitrate=128, samplerate=22050, stereo=false),
# mount="/test355",
# host="live.radioking.com", port=80, user="", password="",
# input)
# Direct ogg
#output.icecast(
# %vorbis(samplerate=44100, channels=1, quality=0.2),
# mount="/direct.ogg",
# host="icecast", port=8000, password=getenv("ICECAST_SOURCE_PASSWORD"),
# input1)
# Pige
output.file(%vorbis(samplerate=44100, channels=1, quality=0.2), {"/soundbase/pige/#{int_of_float(time())}.ogg"}, input1, reopen_when={0s}, reopen_delay=1.0, on_close=clean_and_check_latest)
# Integrity checks
clean_and_check_all()

View File

@ -1,104 +0,0 @@
map $http_upgrade $connection_upgrade {
default upgrade;
'' close;
}
server{
listen $SWEBSOCKET_PORT ssl;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
location / {
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header Host $host;
proxy_pass http://$NET$WEBSERVER:9000;
proxy_http_version 1.1;
proxy_set_header Upgrade $http_upgrade;
proxy_set_header Connection "upgrade";
proxy_read_timeout 120s;
}
}
server {
listen 443 ssl;
listen [::]:443 ssl;
server_name $JC_SERVICE;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
location / {
proxy_pass http://$SOUNDBASE_IP/;
proxy_set_header Host '$SOUNDBASE_HOST';
proxy_redirect http://$SOUNDBASE_HOST https://$JC_SERVICE;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
# wait
client_max_body_size 0;
proxy_connect_timeout 6000;
proxy_send_timeout 60000;
proxy_read_timeout 6000;
send_timeout 6000;
}
location /pige {
alias "$SOUNDBASE_DIR/pige";
try_files $uri $uri/ =404;
}
location /direct.ogg {
client_max_body_size 0;
proxy_pass http://$NET$ICECAST:8000/direct.ogg;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
location /direct.mp3 {
client_max_body_size 0;
proxy_pass http://$NET$ICECAST:8000/direct.mp3;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
}
location /style.css {
client_max_body_size 0;
proxy_pass http://$NET$ICECAST:8000/style.css;
}
location /status.xsl {
client_max_body_size 0;
proxy_pass http://$NET$ICECAST:8000/status.xsl;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
location ~ /muxapi(/.*) {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
include uwsgi_params;
uwsgi_param PATH_INFO "$1";
uwsgi_param SCRIPT_NAME /muxapi;
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
client_max_body_size 0;
proxy_connect_timeout 6000;
proxy_send_timeout 60000;
proxy_read_timeout 6000;
send_timeout 6000;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
}

View File

@ -1,38 +0,0 @@
-----BEGIN OPENSSH PRIVATE KEY-----
b3BlbnNzaC1rZXktdjEAAAAABG5vbmUAAAAEbm9uZQAAAAAAAAABAAABlwAAAAdzc2gtcn
NhAAAAAwEAAQAAAYEAuKyZzOALRAFq487PSFdSilaUN6wTacncP5XDlVwWr2QBOMPWpOyf
DzdhxIGx2ZBofgDE/47bClZR4SvFr6+2Sj5a5fAhOGeBAS2Z/Je7pL5Ar+nvIBNFG5bwv/
qEgkfWEjuzjDoEVoY7f6RMrOOnTpZS1F32Y3UB0WiH5FgOwjKWb47q8kxUDSQd0sdZNNKL
d7/RWGplNSLtloC87C8YC0Wxi3wHgssgRCw7xD2cpm6zwRh1lvLbk0a0zhZXTOcsR+lBwe
fEF4eziZDCrKpYwaPdSjIuP6+dctO+1BTSK0KnvuMftTwfLwInZtn9kxa+oTsMRV27oxyO
MiVnx5Gfahh2OQtI299Zm19Lu3ARSzJL0CQc4oDmf9Yhi3SoHwXCMNdyEwRk55iO5b6oA1
wilUAe2K+YHuG5eNtLu1UvpREGhN4AqYVYW+TqIdRLNr2PTuMW3GyQlCHxIFfBcKPoVNuY
B+sBwhva3IQG+EEwY3ZkqU80J5NXmj36epBe+yxhAAAFkFBSLaVQUi2lAAAAB3NzaC1yc2
EAAAGBALismczgC0QBauPOz0hXUopWlDesE2nJ3D+Vw5VcFq9kATjD1qTsnw83YcSBsdmQ
aH4AxP+O2wpWUeErxa+vtko+WuXwIThngQEtmfyXu6S+QK/p7yATRRuW8L/6hIJH1hI7s4
w6BFaGO3+kTKzjp06WUtRd9mN1AdFoh+RYDsIylm+O6vJMVA0kHdLHWTTSi3e/0VhqZTUi
7ZaAvOwvGAtFsYt8B4LLIEQsO8Q9nKZus8EYdZby25NGtM4WV0znLEfpQcHnxBeHs4mQwq
yqWMGj3UoyLj+vnXLTvtQU0itCp77jH7U8Hy8CJ2bZ/ZMWvqE7DEVdu6McjjIlZ8eRn2oY
djkLSNvfWZtfS7twEUsyS9AkHOKA5n/WIYt0qB8FwjDXchMEZOeYjuW+qANcIpVAHtivmB
7huXjbS7tVL6URBoTeAKmFWFvk6iHUSza9j07jFtxskJQh8SBXwXCj6FTbmAfrAcIb2tyE
BvhBMGN2ZKlPNCeTV5o9+nqQXvssYQAAAAMBAAEAAAGAATuMD1Mjknsg53VGo4lSaWZMpg
h6av1Jbald/6iZthZin6DVXsxl4rgrhcFghSAQYi9ckwawYqiEuZLuWVrAt5h5zVKvOe5H
9oARleGEt8FaJLJwj9/uFrpnwdCScnmR8B6pVgnONMFEbBB5nitaTXfi6EYTBStUOSEXgC
SmsNzyzEkeDABM0/wSCtCAz665VWYT5XaH48W80QFnFF8UUel1mVYp1R1ptNAdEJoVfShM
/7JB5L3T+BAbZpMJMTU65Vgq2QfG1QUd+R9c73Z0J17VaZJivOqzoY+BsvcEwjWn7gxOjx
0PYkaZSLiqY6GT6oU5TWNgzIS8F/2ORrMgaxWOKDLBFt2vgQiwf/2T1E8m1jmmPvEeOJ70
gmJIk9CKAM0UX2HAYM+il0Na4lOpIKggA6QLszsEWjBkdrHjZPL9HeLRMz1vnFAWCoekPN
jemZGhk6mEj6qMRuoDZ/6UWYcMhv64SFX/93YTF5QozbFoMYct1tfE03c9QEX+dV/3AAAA
wQDtsDjhtps2NWP8H5V2MY+cQoE16T8abQjxCCo7nX3vfB2+lxg9wyRx1PdtySDnSNgpG+
pYjGFUzDlNxCVOqY9+aOA31mzfVn6EH4mG3q6/TL3/QN1ILnLbs4lyNLG4KWP1wT5MocHt
PAzWWL2O1j2Y8B/zYZZDdirx+D/0gnZmEghzq4KwIj+zj+ILRFKuM07WD73mNvyzfwuaTb
hhV75hEtMcLO6EgjX1NUlsIeZvK5Xht3cta62XFpsXAUY4u0EAAADBAPOxezplUkaxdmnR
CVduC7pcDweexJyVJtg753kde65IIizPSxB0QNwA4gqc2Us5PjxfS4tetsupOxRZD+ER0S
fEpX7rTedqFdukb8h7QDE6yVOD7C14vVC/kThPu9LI21itp03BFZUw1/FRRMK/xur51Ahj
g5F83+CkgQsVmwEo8cZ0b+io76FlXa4OGBUQnVE+mf6TZ+PbMT2zFJ5KAlZ54KxPZJAQOR
VJwaND0N6YQLaAkDZEnTJG3KTHyAFt4wAAAMEAwgAbwCPg4aeFXptJLUbBmDB9mGkHZkjM
p4SVC2iPSSMahnu8L5vCk/SOQJlv13mJ1JcZ/HplPUugB9cL+9SsLkr7c/r2otnch/x2WP
tF7zN6AgECs4/MWSenlxlvmD2HU6TtXaKQHfmP9HK4cIf0m1rTz4OpuZJlbDXNh/QNyzU3
8UUAns4EaLLSM5rgSz2pPXYU6XnfSOVGZNotmla/xWbPd8sSrWCFV0VC/O0cBVMJ20QlUo
vR0cIiNMZDyQ/rAAAAGHJvb3RAcmFrdS5qZWFuLWNsb3VkLm9yZwEC
-----END OPENSSH PRIVATE KEY-----

View File

@ -1,4 +0,0 @@
key "letsencrypt.key" {
algorithm hmac-sha256;
secret "d2q77gecXwNQdzJb3tnE5IUGXY7/r0LL3hj+GG2/iTo=";
};

View File

@ -21,7 +21,7 @@ prepare () {
fi
echo 'Sync the git repo'
run sudo -u bind git_update.sh -r main -o "-i $DATA_DIR/gitkey" -d "$debian_bind_confdir" 'ssh://git@git.jean-cloud.net:22529/adrian/dnszones.git'
run sudo -u bind git_update.sh -N -b main -i "$DATA_DIR/gitkey" -d "$debian_bind_confdir" 'ssh://git@git.jean-cloud.net:22529/adrian/dnszones.git'
cd /etc/bind

View File

@ -89,7 +89,6 @@ services:
collabora:
image: collabora/code
privileged: true
environment:
- "dictionaries=fr"
- "server_name=office.nuage.jean-cloud.net"

View File

@ -1,6 +0,0 @@
GIT_SOURCE_REPO="https://gitlab.com/omaradio/website"
GIT_SOURCE_BRANCH=dev
RADIO_HOST=mux.paj.oma-radio.fr
USE_SSL=true
WEBSOCKET_PORT=2002
RADIO_NAME_PRETTY="Paj Radio"

View File

@ -1,2 +0,0 @@
gitlab.com ssh-dss AAAAB3NzaC1kc3MAAACBAMPKInNPflcRle9F5Qt2j9aI0EZuWQzdXTbYvsl+ChaacqCOWRMiOmXHXqetFz6jD/6Fcqg20ZATxqSskQBaRn97O/mbH+GQk4d3zw9WAEURicE8rKJop3qGtdfFxLzrTuF/PAkKRDMmutT3hwZIOO8CFWOl1BiuUYTncJTeonrfAAAAFQCujauoy3Yy+ul72b/WsTECUPj9yQAAAIBIV2yyF7RZf7IYS8tsWcKP7Y5Bv9eFdbvbtsaxcFCHcmHIGoJQrIdPoueoOb5EUTYz0NgYKsKaZzDZkgFk28GsmLxKvhnPjaw0lJVSKRchEE5xVlamOlabiRMjQ7X/bAdejkBJe96AjZZL3UO4acpwfy3Tnnap0w6YCDeaxoyHpwAAAIAU+dyNaL3Hy15VIV32QwWMekvxeptUY/DW03LNcgZZDoin87TE9xuQhM0qF3pi2i2a2ExuslgdttmYWvrbEz8eW+RFgvT5pKwWpalKWetHvtN3oYZP37ZIO1Y3Hd5A4YVcpYp1ccRayveLlCRwxb4HdGXT2OmYU+lmvimIR8zQ6A==
gitlab.com ssh-rsa AAAAB3NzaC1yc2EAAAADAQABAAABAQCsj2bNKTBSpIYDEGk9KxsGh3mySTRgMtXL583qmBpzeQ+jqCMRgBqB98u3z++J1sKlXHWfM9dyhSevkMwSbhoR8XIq/U0tCNyokEi/ueaBMCvbcTHhO7FcwzY92WK4Yt0aGROY5qX2UKSeOvuP4D6TPqKF1onrSzH9bx9XUf2lEdWT/ia1NEKjunUqu1xOB/StKDHMoX4/OKyIzuS0q/T1zOATthvasJFoPrAjkohTyaDUz2LN5JoH839hViyEG82yB+MjcFV5MU3N1l1QL3cVUCh93xSaua1N85qivl+siMkPGbO5xR/En4iEY6K2XPASUEMaieWVNTRCtJ4S8H+9

View File

@ -1,19 +0,0 @@
#!/bin/bash
set -euo pipefail
# Si le site a déjà été build par le passé, curl termine lexécution du script en cas dabsence sur serveur corps.
[ -f "$HTTP_DIR/public/index.html" ] && { curl --head --fail-with-body $RADIO_HOST/fic/_series-_index.fic || exit 0 ; } >/dev/null
# Update git repo
git_update.sh -d "$HTTP_DIR" -o "-i $SECRET_DIR/gitlab-deploy.sshprivkey" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
cd "$HTTP_DIR"
# Get remote content files
#rclone_ncloud_publiclink.sh
# Invalid cache
rm -rf "/tmp/hugo_cache_$USER"
# Build website
HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo

View File

@ -1,32 +0,0 @@
server {
listen 443 ssl http2;
listen [::]:443 ssl http2;
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name $JC_SERVICE www.$JC_SERVICE;
root $HTTP_DIR/public/;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
#add_header Content-Security-Policy "default-src 'none';frame-ancestors 'none'; script-src 'self' 'https://static.jean-cloud.net/player-interface/*' ; img-src 'self'; font-src 'self'; object-src 'none'; style-src 'self' 'https://static.jean-cloud.net/player-interface/*' 'https://cdn.jsdelivr.net/npm/*'; base-uri 'self'; form-action 'self';" always;
add_header X-Content-Type-Options "nosniff";
add_header X-Frame-Options SAMEORIGIN always;
add_header X-XSS-Protection "1; mode=block" always;
add_header Referrer-Policy "strict-origin-when-cross-origin";
add_header Permissions-Policy "geolocation='none';midi='none';notifications='none';push='none';microphone='none';camera='none';magnetometer='none';gyroscope='none';speaker='self';vibrate='none';fullscreen='self';payment='none';";
location / {
index index.html;
try_files $uri $uri/ =404;
}
location /manager {
return 301 $scheme://mux.$JC_SERVICE/manager;
}
location /buildscript/ {
include /etc/nginx/fastcgi_params;
fastcgi_param SCRIPT_FILENAME $DOCKER_DIR/server.sh;
fastcgi_pass unix:/var/run/fcgiwrap.socket;
}
}

View File

@ -1,10 +0,0 @@
#!/bin/bash
echo "Content-type: text/html"
echo ""
. .env
echo '<pre>'
deploy_as "$JC_SERVICE"
echo '</pre>'

View File

@ -2,7 +2,7 @@
set -euo pipefail
# Update git repo
git_update.sh -r "${GIT_BRANCH:main}" -d "$HTTP_DIR" "$GIT_SOURCE_REPO"
git_update.sh -d "$HTTP_DIR" "$GIT_SOURCE_REPO"
cd "$HTTP_DIR"

View File

@ -2,4 +2,3 @@ GIT_SOURCE_REPO="git@gitlab.com:omaradio/website.git"
RADIO_HOST=mux.radiodemo.oma-radio.fr
USE_SSL=true
WEBSOCKET_PORT=2004
VUE_APP_PUBLIC_WEBSITE=radiodemo.oma-radio.fr

View File

@ -1,16 +0,0 @@
#!/bin/bash
set -euo pipefail
# Si le site a déjà été build par le passé, curl termine lexécution du script en cas dabsence sur serveur corps.
[ -f "$HTTP_DIR/public/index.html" ] && { curl -iI https://$RADIO_HOST/fic/_series-_index.fic >/dev/null || exit 0 ; }
# Update git repo
git_update.sh -d "$HTTP_DIR" -o "-i $SECRET_DIR/gitlab-deploy.sshprivkey" -r "${GIT_SOURCE_BRANCH:-main}" "$GIT_SOURCE_REPO"
cd "$HTTP_DIR"
# Invalid cache
rm -rf "/tmp/hugo_cache_$USER"
# Build website
HUGO_CACHEDIR="/tmp/hugo_cache_$USER" hugo

View File

@ -0,0 +1 @@
../hugo/deploy_user.sh

View File

@ -1,5 +1,4 @@
GIT_SOURCE_REPO="git@gitlab.com:omaradio/website.git"
RADIO_HOST=mux.radiokipik.org
RADIO_HOST=mux.radiodemo.oma-radio.fr
USE_SSL=true
WEBSOCKET_PORT=2005
RADIO_NAME_PRETTY="Radio Kipik"
WEBSOCKET_PORT=2004

View File

@ -4,7 +4,7 @@ server {
ssl_certificate $JC_CERT/fullchain.pem;
ssl_certificate_key $JC_CERT/privkey.pem;
server_name $JC_SERVICE www.$JC_SERVICE;
root $HTTP_DIR/public;
root $HTTP_DIR/;
# Security headers
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;

View File

@ -1,7 +0,0 @@
id;nom;lieu;fai;note;wg_pubkey;ip;ip;ip;ip;ip
3;max;"Montpellier";red/sfr;"Chez Elisa";wTU3G3tutx2NIBlDDdBQhSnPFmkE5TM8aqcn1gdACF8=;2a02:8434:66e2:e301:a2b3:ccff:fe85:af97;;;
4;raku;"Le bessat";red/sfr;"Chez axel et louise";xEKLecqKmr7+VWhi9+LvfYNflVfkkMEe7DXHFDaiqBk=;92.92.34.140;;;
6;jeanPinion;"Alençon";;"Librairie de Centime";+goHQ6dBoqrjkPtru9Y1QeSChXNIuUpnv0xnh23jYRs=;
7;montbonnot;"Marseille";;"Géré par Nico";S1jpvHJRr2yFh4OB9hLk+zXUNXAycOewNqouoO2Zky4=;
8;jeanCheri;"Lyon";;"Épicerie ACTR";5+j+wcrQQAnR8thBRqdoKsamNog0pMZeJG2AONs5OD0=;
9;izzo;"Hostinger";"Hostinger";"Serveur hébergé principal";8ulBTjnjbo/dD8pPumpz07TUbDTofZ46+oTdkBb2JWE=;89.116.110.62;2a02:4780:28:a254::1;
Can't render this file because it has a wrong number of fields in line 2.

View File

@ -26,10 +26,10 @@
29;nuage.jean-cloud.net;nuage.jean-cloud.net;izzo.jean-cloud.org
30;oma-radio.fr;oma-radio.fr;izzo.jean-cloud.org
31;pa1.studios.oma-radio.fr;pa1.studios.oma-radio.fr;tetede.jean-cloud.org
32;paj.oma-radio.fr;paj.oma-radio.fr;izzo.jean-cloud.org
32;paj.oma-radio.fr;paj.oma-radio.fr;nougaro.jean-cloud.org
33;quadrille-elsa.jean-cloud.net;quadrille-elsa.jean-cloud.net;shlago.jean-cloud.org
34;radiodemo.oma-radio.fr;radiodemo.oma-radio.fr;raku.jean-cloud.org
35;radionimaitre.oma-radio.fr;radionimaitre.oma-radio.fr;izzo.jean-cloud.org
35;radionimaitre.oma-radio.fr;radionimaitre.oma-radio.fr;tetede.jean-cloud.org
36;raplacgr.jean-cloud.net;raplacgr.jean-cloud.net;izzo.jean-cloud.org
37;rimarima.fr;rimarima.fr;raku.jean-cloud.org
38;rpnow.jean-cloud.net;rpnow.jean-cloud.net;izzo.jean-cloud.org
@ -37,7 +37,7 @@
40;static.jean-cloud.net;static.jean-cloud.net;izzo.jean-cloud.org
41;velov.jean-cloud.net;velov.jean-cloud.net;shlago.jean-cloud.org
42;wiki-cgr.jean-cloud.net;wiki-cgr.jean-cloud.net;izzo.jean-cloud.org
43;radio.karnaval.fr;radio.karnaval.fr;izzo.jean-cloud.org
43;radio.karnaval.fr;radio.karnaval.fr;tetede.jean-cloud.org
44;wordpress.abc.jean-cloud.net;wordpress.abc.jean-cloud.net;raku.jean-cloud.org
45;jean-cloud.org;jean-cloud.org;shlago.jean-cloud.org
46;soundbase.paj.oma-radio.fr;soundbase.paj.oma-radio.fr;montbonnot.jean-cloud.org
@ -55,6 +55,3 @@
60;soundbase.radiokipik.org;soundbase.radiokipik.org;montbonnot.jean-cloud.org
61;radiokipik.org;radiokipik.org;izzo.jean-cloud.org
62;mux.radiokipik.org;mux.radiokipik.org;izzo.jean-cloud.org
63;collectif-karafon.fr;collectif-karafon.fr;izzo.jean-cloud.org
64;mux.radionimaitre.oma;mux.radionimaitre.oma-radio.fr;raku.jean-cloud.org
65;mux.paj.oma-radio.fr;mux.paj.oma-radio.fr;izzo.jean-cloud.org

1 # This is not real CSV. Do not put separator in a field, even escaped
26 29;nuage.jean-cloud.net;nuage.jean-cloud.net;izzo.jean-cloud.org
27 30;oma-radio.fr;oma-radio.fr;izzo.jean-cloud.org
28 31;pa1.studios.oma-radio.fr;pa1.studios.oma-radio.fr;tetede.jean-cloud.org
29 32;paj.oma-radio.fr;paj.oma-radio.fr;izzo.jean-cloud.org 32;paj.oma-radio.fr;paj.oma-radio.fr;nougaro.jean-cloud.org
30 33;quadrille-elsa.jean-cloud.net;quadrille-elsa.jean-cloud.net;shlago.jean-cloud.org
31 34;radiodemo.oma-radio.fr;radiodemo.oma-radio.fr;raku.jean-cloud.org
32 35;radionimaitre.oma-radio.fr;radionimaitre.oma-radio.fr;izzo.jean-cloud.org 35;radionimaitre.oma-radio.fr;radionimaitre.oma-radio.fr;tetede.jean-cloud.org
33 36;raplacgr.jean-cloud.net;raplacgr.jean-cloud.net;izzo.jean-cloud.org
34 37;rimarima.fr;rimarima.fr;raku.jean-cloud.org
35 38;rpnow.jean-cloud.net;rpnow.jean-cloud.net;izzo.jean-cloud.org
37 40;static.jean-cloud.net;static.jean-cloud.net;izzo.jean-cloud.org
38 41;velov.jean-cloud.net;velov.jean-cloud.net;shlago.jean-cloud.org
39 42;wiki-cgr.jean-cloud.net;wiki-cgr.jean-cloud.net;izzo.jean-cloud.org
40 43;radio.karnaval.fr;radio.karnaval.fr;izzo.jean-cloud.org 43;radio.karnaval.fr;radio.karnaval.fr;tetede.jean-cloud.org
41 44;wordpress.abc.jean-cloud.net;wordpress.abc.jean-cloud.net;raku.jean-cloud.org
42 45;jean-cloud.org;jean-cloud.org;shlago.jean-cloud.org
43 46;soundbase.paj.oma-radio.fr;soundbase.paj.oma-radio.fr;montbonnot.jean-cloud.org
55 60;soundbase.radiokipik.org;soundbase.radiokipik.org;montbonnot.jean-cloud.org
56 61;radiokipik.org;radiokipik.org;izzo.jean-cloud.org
57 62;mux.radiokipik.org;mux.radiokipik.org;izzo.jean-cloud.org
63;collectif-karafon.fr;collectif-karafon.fr;izzo.jean-cloud.org
64;mux.radionimaitre.oma;mux.radionimaitre.oma-radio.fr;raku.jean-cloud.org
65;mux.paj.oma-radio.fr;mux.paj.oma-radio.fr;izzo.jean-cloud.org

View File

@ -1,25 +0,0 @@
TELECOM=.101
ICECAST=.110
WEBSERVER=.105
SYSTEM_API=.107
TZ=Europe/Paris
OMA_DOCKER_VERSION=dev
WEBSOCKET_PORT=2002
TELECOM_SERVER_PORT=3492
OMA_CONFIG_TelecommandeHost=mux.paj.oma-radio.fr
OMA_CONFIG_TelecommandePort=3492
MUX_SERVER_PORT=9002
RADIO_NAME_SIMPLE=paj
OMA_CONFIG_NomRadio=paj
OMA_CONFIG_LogLevel=8
RADIO_NAME_PRETTY="Radio Démo"
COMPOSE_NAME=soundbasepajoma-radiofr
DOCKER_INSTANCES_PREFIX=soundbasepajoma-radiofr-
DOCKER_INSTANCES_SUFIX=-1
SOUNDBASE_DIR=/data/soundbase.paj.oma-radio.fr/
USE_SSL=true
MANAGER_WEBSITE_UPSTREAM=https://static.oma-radio.fr/single-manager/1.1.1
RADIO_HOST=mux.paj.oma-radio.fr
WG_NAME_interco=paj
WG_NET=10.29.65
WG_PORT=55002

View File

@ -1,6 +0,0 @@
#!/bin/bash
git_update.sh -r $OMA_DOCKER_VERSION -d "$HTTP_DIR/manager" https://gitlab.com/omaradio/single-manager.git
cd "$HTTP_DIR/manager"
npm install
npm run build

View File

@ -1,137 +0,0 @@
version: '3'
services:
anthracite_jukebox:
image: registry.gitlab.com/omaradio/core/oma-jukebox:$OMA_DOCKER_VERSION
env_file: .env
environment:
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
OMA_CONFIG_TelecommandePort: $TELECOM_SERVER_PORT
OMA_CONFIG_Client1Host: $RADIO_HOST
OMA_CONFIG_Client1Port: $MUX_SERVER_PORT
volumes:
- $DATA_DIR:/app/soundBase
- $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM
restart: unless-stopped
networks:
default:
ipv4_address: $NET.102
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
azurite_jukebox_simulator:
image: registry.gitlab.com/omaradio/core/oma-jukebox-simulator:$OMA_DOCKER_VERSION
env_file: .env
environment:
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
volumes:
- $DATA_DIR:/app/soundBase
restart: unless-stopped
networks:
default:
ipv4_address: $NET.103
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
# aventurine_transcode:
# image: jeancloud/transcode:$OMA_DOCKER_VERSION
# env_file: .env
# restart: unless-stopped
agate_importer:
image: registry.gitlab.com/omaradio/core/oma-baseimport:$OMA_DOCKER_VERSION
env_file: .env
environment:
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
volumes:
- $DATA_DIR:/app/soundBase
restart: unless-stopped
networks:
default:
ipv4_address: $NET.104
deploy:
resources:
limits:
cpus: '0.50'
memory: 1000M
rubis_base_mg:
image: registry.gitlab.com/omaradio/core/oma-base-mg:$OMA_DOCKER_VERSION
env_file: .env
environment:
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
restart: unless-stopped
volumes:
- $DATA_DIR:/soundbase
networks:
default:
ipv4_address: $NET.106
deploy:
resources:
limits:
cpus: '0.50'
memory: 100M
system_api:
image: jeancloud/system-api:dev
env_file: .env
environment:
OMA_CONFIG_TelecommandeHost: $RADIO_HOST
UID: 33
SOUNDBASE_PATH: /soundbase
MOUNT: /api
CONFIG_PATH: /config
restart: unless-stopped
volumes:
- /tmp/uwsgi/$JC_SERVICE:/tmp/uwsgi
- /var/run/docker.sock:/var/run/docker.sock
- $DATA_DIR:/soundbase
networks:
default:
ipv4_address: $NET.107
deploy:
resources:
limits:
cpus: '0.50'
memory: 500M
#ammolite_mp3_addon:
# image: jeancloud/mp3addon:$OMA_DOCKER_VERSION
# env_file: .env
# environment:
# OMA_CONFIG_TelecommandeHost: $NET.101
# OMA_CONFIG_PigePrefix: /opt
# restart: unless-stopped
# volumes:
# - $DATA_DIR:/app/soundbase
# networks:
# default:
# ipv4_address: $NET.109
# deploy:
# resources:
# limits:
# cpus: '0.05'
# doxy:
# image: qnib/doxy
# volumes:
# - /tmp/radiodemo.oma-radio.fr/doxy:/tmp/doxy
# - /data/radiodemo.oma-radio.fr/doxy.pattern:/etc/doxy.pattern
# - /var/run/docker.sock:/var/run/docker.sock
# environment:
# DOXY_PROXY_SOCKET: /tmp/doxy/doxy.sock
networks:
default:
ipam:
config:
- subnet: $NET.0/24

View File

@ -1,119 +0,0 @@
# Parameters:
# radio name
# file path
# ws port (local)
# wss port (open)
# upload service port
# ssl certs location
# TODO
# /speedtest-down returns random data
# can use : openssl enc -aes-256-ctr -pass pass:"$(dd if=/dev/urandom bs=128 count=1 2>/dev/null | base64)" -nosalt < /dev/zero > randomfile.bin
# /speedtest-up just eat everything it can
server {
listen 80;
listen [::]:80;
server_name $JC_SERVICE;
root $HTTP_DIR/manager/dist;
index index.html;
location ~ /api(/.*) {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
include uwsgi_params;
uwsgi_param PATH_INFO "$1";
uwsgi_param SCRIPT_NAME /api;
uwsgi_pass unix:/tmp/uwsgi/$JC_SERVICE/uwsgi-api.sock;
client_max_body_size 0;
proxy_connect_timeout 6000;
proxy_send_timeout 60000;
proxy_read_timeout 6000;
send_timeout 6000;
# kill cache
add_header Last-Modified $date_gmt;
add_header Cache-Control 'private no-store, no-cache, must-revalidate, proxy-revalidate, max-age=0';
if_modified_since off;
expires off;
etag off;
}
location /pige{
alias $SOUNDBASE_DIR/pige;
try_files $uri $uri/ =404;
}
location /png {
alias $SOUNDBASE_DIR/png;
try_files $uri $uri/ =404;
}
location /webpL {
alias $SOUNDBASE_DIR/webpL;
try_files $uri $uri/ =404;
}
location /webpH {
alias $SOUNDBASE_DIR/webpH;
try_files $uri $uri/ =404;
}
location /ogg {
alias $SOUNDBASE_DIR/ogg;
try_files $uri $uri/ =404;
}
location /txt {
alias $SOUNDBASE_DIR/txt;
try_files $uri $uri/ =404;
}
location /wavM {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
alias $SOUNDBASE_DIR/wavM;
try_files $uri $uri/ =404;
}
location /import {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
alias $SOUNDBASE_DIR/import;
try_files $uri $uri/ =404;
}
location /export {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
alias $SOUNDBASE_DIR/export;
try_files $uri $uri/ =404;
}
location /wav {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
alias $SOUNDBASE_DIR/wav;
try_files $uri $uri/ =404;
}
location /fic {
add_header Cache-Control "must-revalidate, proxy-revalidate";
alias $SOUNDBASE_DIR/fic;
try_files $uri $uri/ =404;
}
location /prg {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
alias $SOUNDBASE_DIR/prg;
try_files $uri $uri/ =404;
}
location /lst {
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
alias $SOUNDBASE_DIR/lst;
try_files $uri $uri/ =404;
}
# Admin interface
location /manager {
alias $HTTP_DIR/manager/dist;
auth_basic "Entrez votre identifiant et mot de passe";
auth_basic_user_file $SOUNDBASE_DIR/users.htpasswd;
try_files $uri $uri/ =404;
}
}

View File

@ -1,11 +0,0 @@
#!/bin/bash
if [ -d "$DATA_DIR/core" ] ; then
git_update.sh -r dev -o "-i $DATA_DIR/radiodemo-deploy" -d "$DATA_DIR/core" git@gitlab.com:omaradio/core.git
fi
git_update.sh -r dev -d "$HTTP_DIR/manager" git@gitlab.com:omaradio/single-manager.git
cd "$HTTP_DIR/manager"
npm install
npm run build

View File

@ -11,8 +11,7 @@ services:
OMA_CONFIG_Client2Port: 9003
volumes:
- $SOUNDBASE_DIR:/app/soundBase
- $SOUNDBASE_DIR/secours/JingleDemo-Secours.wavM:/app/secours/secours-jingle.wavM
- $DATA_DIR/secours-jingle.wavM:/app/secours/secours-jingle.wavM
restart: unless-stopped
networks:
default:
@ -20,7 +19,7 @@ services:
deploy:
resources:
limits:
cpus: '1'
cpus: '0.50'
memory: 100M
azurite_jukebox_simulator:
@ -49,7 +48,6 @@ services:
env_file: .env
volumes:
- $SOUNDBASE_DIR:/app/soundBase
stop_grace_period: 1m30s
restart: unless-stopped
networks:
default:

View File

@ -92,7 +92,6 @@ server {
try_files $uri $uri/ =404;
}
location /fic {
add_header Cache-Control 'must-revalidate, proxy-revalidate';
alias $SOUNDBASE_DIR/fic;
try_files $uri $uri/ =404;
}
@ -108,6 +107,10 @@ server {
alias $SOUNDBASE_DIR/lst;
try_files $uri $uri/ =404;
}
location /statique {
alias $SOUNDBASE_DIR/statique;
try_files $uri $uri/ =404;
}
# Admin interface
location /manager {

View File

@ -0,0 +1,20 @@
#!/bin/bash
set -euo pipefail
. .env
[ -f "$DATA_DIR/radiodemo-soundbase.wgkey" ] || { echo 'No privatekey found' >&2 && exit 1 ; }
echo "
[Interface]
PrivateKey = $(cat "$DATA_DIR/radiodemo-soundbase.wgkey")
Address = 10.29.0.1/32
ListenPort = 55820
[Peer]
PublicKey = iwIsUriF4CT/Jpu29VXlj43hT3bUjG67FeEgCTcQCVc=
AllowedIPs = 10.29.0.254/32
Endpoint = mux.radiodemo.oma-radio.fr:55820
PersistentKeepalive = 30
"

View File

@ -4,20 +4,21 @@ ICECAST=.110
WEBSERVER=.105
SYSTEM_API=.107
TZ=Europe/Paris
OMA_DOCKER_VERSION=unstable
WEBSOCKET_PORT=2005
TELECOM_SERVER_PORT=3495
OMA_CONFIG_TelecommandeHost=mux.radiokipik.org
OMA_CONFIG_TelecommandePort=3495
MUX_SERVER_PORT=9005
RADIO_NAME_SIMPLE=radiokipik
OMA_CONFIG_NomRadio=radiokipik
RADIO_NAME_PRETTY="Radio Kipik"
COMPOSE_NAME=soundbaseradiokipikorg
DOCKER_INSTANCES_PREFIX=soundbaseradiokipikorg-
OMA_DOCKER_VERSION=dev
WEBSOCKET_PORT=2004
TELECOM_SERVER_PORT=3494
OMA_CONFIG_TelecommandeHost=mux.radiodemo.oma-radio.fr
OMA_CONFIG_TelecommandePort=3494
MUX_SERVER_PORT=9004
RADIO_NAME_SIMPLE=radiodemo
OMA_CONFIG_NomRadio=radiodemo
OMA_CONFIG_LogLevel=8
RADIO_NAME_PRETTY="Radio Démo"
COMPOSE_NAME=soundbaseradiodemooma-radiofr
DOCKER_INSTANCES_PREFIX=soundbaseradiodemooma-radiofr-
DOCKER_INSTANCES_SUFIX=-1
SOUNDBASE_DIR=/data/soundbase.radiokipik.org/soundbase/
SOUNDBASE_DIR=/data/soundbase.radiodemo.oma-radio.fr/core/radioDemo
USE_SSL=true
MANAGER_VERSION=3.0.0
PUBLIC_WEBSITE_UPSTREAM=https://static.oma-radio.fr/player-interface/1.1.1
RADIO_HOST=radiokipik.org
RADIO_HOST=radiodemo.oma-radio.fr

View File

@ -1,3 +1,8 @@
#!/bin/bash
apt install -y nodejs npm
#docker run --rm -i -v /srv/http/soundbase.radiodemo.oma-radio.fr:/app node:alpine sh <<EOF
#cd /app
#npm install --production omaradio-web-manager@~$MANAGER_VERSION
#npm update
#EOF

View File

@ -6,9 +6,10 @@
chmod 700 "$SECRET_DIR/gitlab-deploy.sshprivkey"
mkdir -p "$HTTP_DIR/manager"
git_update.sh -r 'v3.0' -o "-i $SECRET_DIR/gitlab-deploy.sshprivkey" -d "$HTTP_DIR/manager" git@gitlab.com:omaradio/single-manager.git
git_update.sh -b 'v3' -i "$SECRET_DIR/gitlab-deploy.sshprivkey" -d "$HTTP_DIR/manager" git@gitlab.com:omaradio/single-manager.git
cd "$HTTP_DIR/manager"
npm install
#npm audit fix
npm run build

View File

@ -4,7 +4,7 @@ services:
image: registry.gitlab.com/omaradio/core/oma-jukebox:$OMA_DOCKER_VERSION
env_file: .env
environment:
OMA_CONFIG_Client1Host: mux.radiokipik.org
OMA_CONFIG_Client1Host: mux.radiodemo.oma-radio.fr
OMA_CONFIG_Client1Port: $MUX_SERVER_PORT
OMA_CONFIG_Client2: off
OMA_CONFIG_Client2Host: radionimaitre.oma-radio.fr
@ -76,7 +76,7 @@ services:
system_api:
image: jeancloud/system-api:$OMA_DOCKER_VERSION
image: jeancloud/system-api:dev
env_file: .env
environment:
UID: 33
@ -98,6 +98,30 @@ services:
memory: 500M
#ammolite_mp3_addon:
# image: jeancloud/mp3addon:$OMA_DOCKER_VERSION
# env_file: .env
# environment:
# OMA_CONFIG_PigePrefix: /opt
# restart: unless-stopped
# volumes:
# - $SOUNDBASE_DIR:/app/soundbase
# networks:
# default:
# ipv4_address: $NET.109
# deploy:
# resources:
# limits:
# cpus: '0.05'
# doxy:
# image: qnib/doxy
# volumes:
# - /tmp/radiodemo.oma-radio.fr/doxy:/tmp/doxy
# - /data/radiodemo.oma-radio.fr/doxy.pattern:/etc/doxy.pattern
# - /var/run/docker.sock:/var/run/docker.sock
# environment:
# DOXY_PROXY_SOCKET: /tmp/doxy/doxy.sock
networks:
default:

View File

@ -92,7 +92,6 @@ server {
try_files $uri $uri/ =404;
}
location /fic {
add_header Cache-Control 'must-revalidate, proxy-revalidate';
alias $SOUNDBASE_DIR/fic;
try_files $uri $uri/ =404;
}
@ -108,6 +107,10 @@ server {
alias $SOUNDBASE_DIR/lst;
try_files $uri $uri/ =404;
}
location /statique {
alias $SOUNDBASE_DIR/statique;
try_files $uri $uri/ =404;
}
# Admin interface
location /manager {

View File

@ -0,0 +1,20 @@
#!/bin/bash
set -euo pipefail
. .env
[ -f "$DATA_DIR/soundbase.wgkey" ] || { echo 'No privatekey found' >&2 && exit 1 ; }
echo "
[Interface]
PrivateKey = $(cat "$DATA_DIR/soundbase.wgkey")
Address = 10.29.60.1/32
ListenPort = 55860
[Peer]
PublicKey = 3ADrLVxzVqLHV530cT+paM+zNQBvm3KCW0voIN1wVBQ=
AllowedIPs = 10.29.60.254/32
Endpoint = mux.radiokipik.org:55825
PersistentKeepalive = 30
"