Partie généré de la conf de la radio (icecast2 + nginx)

2014-12-19 16:18:07 +01:00 · 2014-12-19 16:18:07 +01:00 · 4720c06212
commit 4720c06212
parent 2ca39a03b0
10 changed files with 153 additions and 2 deletions
--- a/Bundler/icecast.xml
+++ b/Bundler/icecast.xml
@ -0,0 +1,5 @@
 <Bundle name="icecast">
  <Python name="/etc/icecast2/radio.xml"/>
  <Service name="icecast2"/>
  <Package name="icecast2"/>
 </Bundle>
--- a/Bundler/nginx.xml
+++ b/Bundler/nginx.xml
@ -24,5 +24,11 @@
    <Group name="roundcube">
        <Path name="/etc/nginx/sites-available/roundcube"/>
    </Group>
    <Group name="tv">
        <Python name="/etc/nginx/sites-available/tv"/>
    </Group>
    <Group name="icecast">
        <Python name="/etc/nginx/sites-available/tv"/>
    </Group>
 </Bundle>
--- a/Bundler/secrets.xml
+++ b/Bundler/secrets.xml
@ -15,6 +15,7 @@
     <Python name="/etc/crans/secrets/trigger-generate"/>
     <Python name="/etc/crans/secrets/trigger-generate.pub"/>
     <Python name="/etc/crans/secrets/rabbitmq_trigger_password"/>
     <Python name="/etc/crans/secrets/icecast-token"/>
     <Python name="/etc/crans/secrets/README"/>
     <!-- Il faut penser au setfacl sur le serveur de l'intranet2 (o2) -->
     <Group name="secrets-acl">
--- a/Cfg/etc/auto.ldapcert/auto.ldapcert
+++ b/Cfg/etc/auto.ldapcert/auto.ldapcert
@ -1 +1 @@
-/etc/ssl/crans -fstype=fuse,allow_other,nodev,noatime :/usr/scripts/utils/ldapcertfs.py
+/etc/ssl/crans -fstype=fuse,allow_other,nodev,noatime :/usr/scripts/utils/ldapcertfs.py\#--decrypt
--- a/Metadata/groups.xml
+++ b/Metadata/groups.xml
@ -342,6 +342,7 @@
    <Group name="mumudvb"/>
    <Group name="crans-wheezy"/>
    <Group name="imprimeurs"/>
    <Group name="tv"/>
    <Group name="radio"/>
  </Group>
@ -604,6 +605,13 @@
    <Bundle name="home"/>
    <Group name="nfs"/>
  </Group>
  <Group name="radio">
    <Group name="icecast"/>
  </Group>
  <Group name="icecast">
    <Group name="nginx"/>
    <Bundle name="icecast"/>
  </Group>
  <Group name="mail">
    <!-- envoi de mail -->
--- a/Python/etc/crans/secrets/icecast-token
+++ b/Python/etc/crans/secrets/icecast-token
@ -0,0 +1,4 @@
 info["perms"] = 0440
 info["owner"] = "root"
 info["group"] = "adm"
 print file("/etc/crans/secrets/icecast-token").read()
--- a/Python/etc/icecast2/radio.xml
+++ b/Python/etc/icecast2/radio.xml
@ -0,0 +1,59 @@
 # -*- mode: python; encoding: utf-8 -*-
 info["owner"] = "root"
 info["group"] = "root"
 info["perms"] = 0644
 import urlparse
 import urllib
 from tv.radio.config import *
 print """<![CDATA[
 Fichier générer par BCfg2
 Ne pas modifier à la main
 Ne pas faire service icecast2 reload mais service icecast2 restart
 sinon le fichier n'est pas pris en compte
 (je pense que c'est un bug de la libxml utilisé par icecast)
 Le fichier doit être inclus dans icecast.xml en plaçant
 <!DOCTYPE icecast [
 <!ENTITY radio SYSTEM "radio.xml">
 ]>
 dans l'entête de icecast.xml puis
 &radio;
 là où l'on souhaite effectivement include le fichier
 (quelque part dans <icecast></icecast>)
 ]]>"""
 auth_template = """<mount>
        <mount-name>/%s</mount-name>
        <authentication type="url">
            <option name="listener_add" value="https://intranet2.crans.org/tv/auth"/>
            <option name="listener_remove" value="https://intranet2.crans.org/tv/auth"/>
            <option name="mount_add" value="https://intranet2.crans.org/tv/auth"/>
            <option name="mount_remove" value="https://intranet2.crans.org/tv/auth"/>
            <option name="auth_header" value="icecast-auth-user: 1"/>
            <option name="timelimit_header" value="icecast-auth-timelimit:"/>
            <option name="headers" value="x-auth,x-real-ip,x-forwarded-for"/>
            <option name="header_prefix" value="ClientHeader."/>
        </authentication>
 </mount>"""
 i=0
 for group in multicast.keys():
        for (title, (name,dst,port,sources)) in multicast[group].items():
                p=urlparse.urlparse(sources[0])
                if ':' in p.netloc:
                        host=p.netloc.split(':')[0]
                        port=p.netloc.split(':')[1]
                else:
                        host=p.netloc
                        port = 80
                print """
 <relay>
        <server>%s</server>
        <port>%s</port>
        <mount>%s</mount>
        <local-mount>/%s</local-mount>
        <relay-shoutcast-metadata>1</relay-shoutcast-metadata>
        <on-demand>1</on-demand>
 </relay>""" % (host, port, p.path, name)
                print auth_template % name
--- a/Python/etc/nginx/sites-available/tv
+++ b/Python/etc/nginx/sites-available/tv
@ -0,0 +1,61 @@
 # -*- mode: python; encoding: utf-8 -*-
 info["owner"] = "root"
 info["group"] = "root"
 info["perms"] = 0644
 comment_start = "#"
 import gestion.secrets_new as secrets_new
 base = """
        root /var/www/;
        index index.html index.htm;
        server_name tv.crans.org;
        location /sap.txt {
                alias /var/www/sap.txt;
        }
        location /images/{
                autoindex  on;
                try_files $uri $uri/ =404;
        }
        location / {
                try_files $uri $uri/ %s;
                rewrite ^/$ https://intranet2.crans.org/tv/;
        }
 """ % "@404" if has("icecast") else "=404"
 icecast = """location @404 {
            proxy_set_header Host $host;
            proxy_set_header X-Auth %s;
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
            proxy_pass http://127.0.0.1:8000;
        }
 """ % secrets_new.get('icecast-token')
 if has("icecast"):
    body = "%s\n        %s" % (base, icecast)
 else:
    body = base
 print """server {
        listen   80; ## listen for ipv4; this line is default and implied
        listen   [::]:80 default_server ipv6only=on; ## listen for ipv6%s
 }""" % body
 print """# HTTPS server
 #
 server {
        listen 443;
        listen   [::]:443 default_server ipv6only=on;
        ssl on;
        ssl_certificate /etc/ssl/crans/cochon.ferme.crans.org/xid=33/cert_chain.pem;
        ssl_certificate_key /etc/ssl/crans/cochon.ferme.crans.org/xid=33/key.pem;
        ssl_session_timeout 5m;%s
 }""" % body
--- a/Rules/icecast.xml
+++ b/Rules/icecast.xml
@ -0,0 +1,5 @@
 <Rules priority="1">
  <Group name="icecast">
    <Service type="deb" name="icecast2" status="on"/>
  </Group>
 </Rules>
--- a/Rules/secrets.xml
+++ b/Rules/secrets.xml
@ -3,7 +3,9 @@
  <Group name="secrets-acl">
   <Action name="setfacl-secrets" timing="post"
     when="modified" status="check"
-     command="setfacl -m u:www-data:rx /etc/crans/secrets; setfacl -m u:www-data:r /etc/crans/secrets/secrets.py /etc/crans/secrets/dhcp.py"/>
+     command="
 setfacl -m u:www-data:rx /etc/crans/secrets;
 setfacl -m u:www-data:r /etc/crans/secrets/secrets.py /etc/crans/secrets/dhcp.py /etc/crans/secrets/icecast-token"/>
  </Group>
  <Action name="setfacl-secrets-freerad" timing="post"
     when="modified" status="check"
`@ -1 +1 @@`
	`/etc/ssl/crans -fstype=fuse,allow_other,nodev,noatime :/usr/scripts/utils/ldapcertfs.py`	`/etc/ssl/crans -fstype=fuse,allow_other,nodev,noatime :/usr/scripts/utils/ldapcertfs.py\#--decrypt`