tilderadio
/
AzuraCast
mirror of https://github.com/AzuraCast/AzuraCast.git
4
0
Fork 0
Code Issues Releases Wiki Activity

Move Ansible install files to standalone repo (azuracast/ansible-installer).

This commit is contained in:
Buster Neece 2023-02-05 22:15:44 -06:00
parent 6298b1c3c7
commit d622075ba0
No known key found for this signature in database
GPG Key ID: F1D2E64A0005E80E
56 changed files with 3 additions and 2011 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
ansible.cfg
View File

@ -1,3 +0,0 @@
[defaults]
retry_files_enabled = False
command_warnings = False

34
install.sh
View File

@ -1,34 +0,0 @@
#!/usr/bin/env bash
while [[ "$1" =~ ^- && ! "$1" == "--" ]]; do
case $1 in
--dev)
APP_ENV="development"
shift
;;
esac
shift
done
if [[ "$1" == '--' ]]; then shift; fi
. /etc/lsb-release
if [[ $DISTRIB_ID != "Ubuntu" ]]; then
echo "Ansible installation is only supported on Ubuntu distributions."
exit 0
fi
sudo apt-get update
sudo apt-get install -q -y software-properties-common
if [[ $DISTRIB_CODENAME == "focal" || $DISTRIB_CODENAME == "jammy" ]]; then
sudo apt-get install -q -y ansible python3-pip python3-mysqldb
else
echo "Ansible installation is only supported on Ubuntu Focal (20.04) or Jammy (22.04)."
exit 0
fi
APP_ENV="${APP_ENV:-production}"
echo "Installing AzuraCast (Environment: $APP_ENV)"
ansible-playbook util/ansible/deploy.yml --inventory=util/ansible/hosts --extra-vars "app_env=$APP_ENV"

29
uninstall.sh
View File

@ -1,29 +0,0 @@
#!/usr/bin/env bash
APP_ENV="${APP_ENV:-production}"
read -p "WARNING: This operation is destructive and will uninstall software on this server. Continue? [y/N] " -n 1 -r
echo
if [[ $REPLY =~ ^[Yy]$ ]]; then
echo "Uninstalling AzuraCast..."
ansible-playbook util/ansible/uninstall.yml --inventory=util/ansible/hosts --extra-vars "app_env=$APP_ENV"
echo " "
echo "Uninstallation complete. Some components were not removed."
echo " "
echo "To automatically remove unnecessary packages, run:"
echo " apt-get autoremove"
echo " "
echo "To remove MariaDB data, run:"
echo " rm -rfv /etc/mysql /var/lib/mysql"
echo " "
echo "To remove AzuraCast station data, run:"
echo " rm -rf /var/azuracast/stations"
echo " "
echo "If moving to Docker, you can remove every file in this folder except docker-compose.yml."
echo "Thanks for using AzuraCast!"
echo " "
fi

52
update.sh Executable file → Normal file
View File

@ -1,51 +1,5 @@
#!/usr/bin/env bash
while [[ "$1" =~ ^- && ! "$1" == "--" ]]; do
case $1 in
--dev)
APP_ENV="development"
;;
--full)
UPDATE_REVISION=0
;;
esac
shift
done
if [[ "$1" == '--' ]]; then shift; fi
. /etc/lsb-release
if [[ $DISTRIB_ID != "Ubuntu" ]]; then
echo "Ansible installation is only supported on Ubuntu distributions."
exit 0
fi
sudo apt-get update
sudo apt-get install -q -y software-properties-common
if [[ $DISTRIB_CODENAME == "focal" ]]; then
sudo apt-get install -q -y ansible python3-pip python3-mysqldb
else
sudo add-apt-repository -y ppa:ansible/ansible
sudo apt-get update
sudo apt-get install -q -y python2.7 python-pip python-mysqldb ansible
fi
APP_ENV="${APP_ENV:-production}"
UPDATE_REVISION="${UPDATE_REVISION:-94}"
echo "Updating AzuraCast (Environment: $APP_ENV, Update revision: $UPDATE_REVISION)"
if [[ ${APP_ENV} == "production" ]]; then
if [[ -d ".git" ]]; then
git config --global --add safe.directory /var/azuracast/www
git reset --hard
git pull
else
echo "You are running a downloaded release build. Any code updates should be applied manually."
fi
fi
ansible-playbook util/ansible/update.yml --inventory=util/ansible/hosts --extra-vars "app_env=$APP_ENV update_revision=$UPDATE_REVISION"
echo "Ansible installation is now a standalone repository. For more information, visit:"
echo "https://github.com/AzuraCast/ansible-installer"
exit 0

37
util/ansible/deploy.yml
View File

@ -1,37 +0,0 @@
---
- hosts: all
become: true
vars:
util_base: "{{ playbook_dir | dirname }}"
www_base: "{{ util_base | dirname }}"
app_base: "{{ www_base | dirname }}"
tmp_base: "{{ app_base }}/www_tmp"
app_env: "production"
update_mode: false
dev_azuracast_user_password: "azuracast"
dev_mysql_user_password: "azuracast"
environment:
DEBIAN_FRONTEND: noninteractive
roles:
- init
- azuracast-user
- azuracast-config
- azuracast-radio
- supervisord
- nginx
- php
- redis
- beanstalkd
- sftpgo
- mariadb
- ufw
- dbip
- composer
- services
- azuracast-db-install
- azuracast-build
- azuracast-setup
- azuracast-cron

1
util/ansible/hosts
View File

@ -1 +0,0 @@
localhost ansible_connection=local

41
util/ansible/roles/azuracast-build/tasks/main.yml
View File

@ -1,41 +0,0 @@
---
- name: Install NodeJS and NPM
shell: curl -L https://raw.githubusercontent.com/tj/n/master/bin/n -o n && bash n lts
args:
warn: false
chdir: "/tmp"
- name: Set permissions for folders
file: path="{{ item }}" state=directory owner=azuracast group=www-data mode=0744
with_items:
- "{{ www_base }}/frontend/node_modules"
- "{{ www_base }}/web/static"
- "{{ www_base }}/web/static/dist"
- "{{ www_base }}/web/static/webpack_dist"
- name: Pull Node Dependencies
become: true
become_user: azuracast
command: >-
npm ci
args:
chdir: "{{ www_base }}/frontend"
- name: Build AzuraCast Frontend Scripts
become: true
become_user: azuracast
command: >-
npm run build
args:
chdir: "{{ www_base }}/frontend"
- name: Set permissions of generated frontend content
command: >-
{{ azuracast_build_perm_command }}
loop:
- "chown -R azuracast:www-data {{ www_base }}"
- "find {{ www_base }} -type d -exec chmod 755 {} \\;"
- "find {{ www_base }} -type f -exec chmod 644 {} \\;"
loop_control:
loop_var: azuracast_build_perm_command
# Note: Don't add warn: false here, it's incompatible with the earlier Ansibles used in 16.04/18.04.

53
util/ansible/roles/azuracast-config/tasks/main.yml
View File

@ -1,53 +0,0 @@
---
- name: Write environment configuration file
template:
src: env.ini.j2
dest: "{{ www_base }}/env.ini"
owner: azuracast
group: www-data
mode: 0644
force: false
- name: Set up environment file
ini_file:
dest: "{{ www_base }}/env.ini"
section: "configuration"
option: "application_env"
value: "{{ app_env }}"
mode: 0644
- name: Set Permissions on Base App Folder
file:
path: "{{ app_base }}"
state: directory
owner: azuracast
group: www-data
mode: 0775
- name: Clear temp directory
file:
path: "{{ tmp_base }}"
state: absent
- name: Create System Folders
file:
path: "{{ azuracast_config_sys_directory }}"
state: directory
owner: azuracast
group: www-data
mode: 0775
loop:
- "{{ tmp_base }}"
- "{{ tmp_base }}/proxies"
- "{{ app_base }}/stations"
- "{{ app_base }}/geoip"
- "{{ app_base }}/dbip"
- "{{ app_base }}/backups"
- "{{ app_base }}/servers"
- "{{ app_base }}/servers/shoutcast2"
- "{{ app_base }}/servers/icecast2"
- "{{ app_base }}/servers/stereo_tool"
- "{{ app_base }}/uploads"
- "{{ app_base }}/acme/challenges"
loop_control:
loop_var: azuracast_config_sys_directory

7
util/ansible/roles/azuracast-config/templates/env.ini.j2
View File

@ -1,7 +0,0 @@
;
; AzuraCast Environment Settings
;
; This file is automatically generated by AzuraCast.
;
[configuration]

36
util/ansible/roles/azuracast-cron/tasks/main.yml
View File

@ -1,36 +0,0 @@
---
- name: Install cron-related packages
apt:
name:
- cron
- tmpreaper
- name: Generate Cron Template
template:
src: azuracast_cron.j2
dest: "{{ tmp_base }}/azuracast_cron"
force: true
mode: 0644
- name: Install Cron file
command: >-
crontab -u azuracast {{ tmp_base }}/azuracast_cron
- name: Clean up temp Cron file
file:
path: "{{ tmp_base }}/azuracast_cron"
state: absent
- name: Install Cron Supervisord conf
template:
src: supervisor.conf.j2
dest: /etc/supervisor/conf.d/cron.conf
force: true
mode: 0644
- name: Disable Cron service
service:
name: "cron"
enabled: false
state: stopped
ignore_errors: true

2
util/ansible/roles/azuracast-cron/templates/azuracast_cron.j2
View File

@ -1,2 +0,0 @@
* * * * * php {{ www_base }}/bin/console azuracast:sync:run
0 */6 * * * tmpreaper 12h /var/azuracast/stations/*/temp

6
util/ansible/roles/azuracast-cron/templates/supervisor.conf.j2
View File

@ -1,6 +0,0 @@
[program:cron]
command=/usr/sbin/cron -f
priority=600
numprocs=1
autostart=true
autorestart=unexpected

4
util/ansible/roles/azuracast-db-install/handlers/main.yml
View File

@ -1,4 +0,0 @@
---
- name: send mysql notification
debug:
msg: "The MySQL 'azuracast'@'localhost' account has been created. Its password is: {{ mysql_user_password }}"

83
util/ansible/roles/azuracast-db-install/tasks/main.yml
View File

@ -1,83 +0,0 @@
---
- name: (Prod) Generate MariaDB User Password
command: pwgen 8 -sn 1
register: prod_mysql_user_password
when: app_env == "production"
- name: Assign User Password
set_fact:
mysql_user_password: "{{ prod_mysql_user_password.stdout if app_env == 'production' else dev_mysql_user_password }}"
- name: Add configuration
template: src=my.cnf.j2 dest=/etc/mysql/conf.d/my.cnf owner=root group=root mode=0644
- name: Add empty root .my.cnf (if none exists)
template: src=root_empty_my.cnf.j2 dest=/root/.my.cnf owner=root group=root mode=0600 force=no
- name: MariaDB Cleanup
command: >-
mysql --defaults-extra-file=/root/.my.cnf -ne "{{ azure_db_install_sql_cleanup_query }}"
loop:
- "DELETE FROM mysql.user WHERE User=''"
- "DELETE FROM mysql.user WHERE User='root' AND Host NOT IN ('localhost', '127.0.0.1', '::1')"
- "DROP DATABASE test"
- "DELETE FROM mysql.db WHERE Db='test' OR Db='test\\_%'"
loop_control:
loop_var: azure_db_install_sql_cleanup_query
changed_when: false
ignore_errors: true
# MySQL Secure Installation
- name: Set up AzuraCast database user
mysql_user:
name: azuracast
host: "localhost"
password: "{{ mysql_user_password }}"
priv: "azuracast.*:ALL,GRANT"
state: present
notify: send mysql notification
- name: Add .my.cnf
template:
src: user_my.cnf.j2
dest: "{{ app_base }}/.my.cnf"
owner: azuracast
group: www-data
mode: 0644
force: true
- name: Reload privilege tables
command: >-
mysql --defaults-extra-file=/root/.my.cnf -ne "FLUSH PRIVILEGES"
changed_when: false
# Create Database
- name: Create MySQL Database
mysql_db:
config_file: "/root/.my.cnf"
name: azuracast
state: present
collation: utf8mb4_unicode_ci
encoding: utf8mb4
register: azuracast_db_created
- name: Set up environment file
ini_file:
dest: "{{ www_base }}/env.ini"
section: "configuration"
option: "{{ azure_db_install_env_ini.option }}"
value: "{{ azure_db_install_env_ini.value }}"
mode: 0644
loop:
- option: 'MYSQL_HOST'
value: 'localhost'
- option: 'MYSQL_PORT'
value: '3306'
- option: 'MYSQL_USER'
value: 'azuracast'
- option: 'MYSQL_DB'
value: 'azuracast'
- option: 'MYSQL_PASSWORD'
value: "{{ mysql_user_password }}"
loop_control:
loop_var: azure_db_install_env_ini

11
util/ansible/roles/azuracast-db-install/templates/my.cnf.j2
View File

@ -1,11 +0,0 @@
[client]
default-character-set = utf8mb4
[mysql]
default-character-set = utf8mb4
[mysqld]
bind-address=*
character-set-client-handshake = FALSE
character-set-server = utf8mb4
collation-server = utf8mb4_unicode_ci

3
util/ansible/roles/azuracast-db-install/templates/root_empty_my.cnf.j2
View File

@ -1,3 +0,0 @@
[client]
default-character-set = utf8mb4
user=root

4
util/ansible/roles/azuracast-db-install/templates/user_my.cnf.j2
View File

@ -1,4 +0,0 @@
[client]
default-character-set = utf8mb4
user=azuracast
password={{ mysql_user_password }}

34
util/ansible/roles/azuracast-radio/tasks/icecast.yml
View File

@ -1,34 +0,0 @@
---
- name: Install IceCast-KH-AC Dependencies
apt:
name: "{{ packages }}"
install_recommends: false
vars:
packages:
- libxml2
- libxslt1-dev
- libvorbis-dev
- libssl-dev
- libcurl4-openssl-dev
- pkg-config
- name: Download IceCast-KH-AC Source
get_url:
url: https://github.com/AzuraCast/icecast-kh-ac/archive/refs/tags/2.4.0-kh15-ac2.tar.gz
dest: "{{ app_base }}/servers/icecast2/icecast2.tar.gz"
force: true
- name: Extract IceCast-KH-AC Source
unarchive:
src: "{{ app_base }}/servers/icecast2/icecast2.tar.gz"
dest: "{{ app_base }}/servers/icecast2"
remote_src: true
mode: "u=rwx,g=rx,o=rx"
owner: "azuracast"
group: "www-data"
extra_opts: "--strip-components=1"
- name: Build IceCast-KH-AC
shell: "cd {{ app_base }}/servers/icecast2 && ./configure && make && make install"
args:
chdir: "{{ app_base }}/servers/icecast2"

101
util/ansible/roles/azuracast-radio/tasks/liquidsoap.yml
View File

@ -1,101 +0,0 @@
---
- name: Clear OPAM directory
file:
path: "{{ app_base }}/.opam"
state: absent
- name: Install Liquidsoap Dependencies
apt:
name: "{{ packages }}"
install_recommends: false
vars:
packages:
- libao-dev
- libasound2-dev
- libavcodec-dev
- libavdevice-dev
- libavfilter-dev
- libavformat-dev
- libavutil-dev
- libfaad-dev
- libfdk-aac-dev
- libflac-dev
- libfreetype-dev
- libgd-dev
- libjack-dev
- libjpeg-dev
- liblo-dev
- libmad0-dev
- libmagic-dev
- libmp3lame-dev
- libopus-dev
- libpng-dev
- libportaudio2
- libpulse-dev
- libsamplerate0-dev
- libsdl2-dev
- libsdl2-ttf-dev
- libsdl2-image-dev
- libshine-dev
- libsoundtouch-dev
- libspeex-dev
- libswresample-dev
- libswscale-dev
- libtag1-dev
- libtheora-dev
- libtiff-dev
- libx11-dev
- libxpm-dev
- bubblewrap
- ffmpeg
- name: Install Focal Liquidsoap Dependencies (20.04)
apt:
name:
- libsrt-dev
when: ansible_distribution_release == 'focal'
- name: Install Jammy Liquidsoap Dependencies (22.04)
apt:
name:
- libsrt-openssl-dev
when: ansible_distribution_release == 'jammy'
- name: Install Optional Audio Plugins
apt:
name: "{{ packages }}"
install_recommends: false
vars:
packages:
- frei0r-plugins-dev
- ladspa-sdk
- multimedia-audio-plugins
- swh-plugins
- tap-plugins
- lsp-plugins-ladspa
- name: Get the DPKG Architecture
shell: dpkg --print-architecture
register: dpkg_arch
ignore_errors: true
- name: Remove Existing Liquidsoap Packages
apt:
name: "{{ packages }}"
state: absent
vars:
packages:
- liquidsoap
- liquidsoap-snapshot
ignore_errors: true
- name: Install Liquidsoap
apt:
deb: "https://github.com/savonet/liquidsoap/releases/download/v2.1.3/liquidsoap_2.1.3-ubuntu-{{ ansible_distribution_release }}-1_{{ dpkg_arch.stdout_lines[0] | default('amd64') }}.deb"
- name: Link Liquidsoap binary
file:
src: "/usr/bin/liquidsoap"
dest: /usr/local/bin/liquidsoap
state: link
force: true

92
util/ansible/roles/azuracast-radio/tasks/liquidsoap_legacy.yml
View File

@ -1,92 +0,0 @@
---
- name: Clear OPAM directory
file:
path: "{{ app_base }}/.opam"
state: absent
- name: Add OPAM/OCaml Repository
apt_repository:
repo: "ppa:avsm/ppa"
update_cache: true
- name: Install Liquidsoap Dependencies
apt:
name: "{{ packages }}"
install_recommends: false
vars:
packages:
- ffmpeg
- opam
- ocaml
- libavcodec-dev
- libavdevice-dev
- libavfilter-dev
- libavformat-dev
- libavresample-dev
- libavutil-dev
- libcurl4-gnutls-dev
- libfaad-dev
- libfdk-aac-dev
- libflac-dev
- libmad0-dev
- libmp3lame-dev
- libogg-dev
- libopus-dev
- libpcre3-dev
- libpostproc-dev
- libsamplerate0-dev
- libswresample-dev
- libswscale-dev
- libssl-dev
- libtag1-dev
- libvorbis-dev
- autoconf
- automake
- m4
- pkg-config
- unzip
- bubblewrap
- frei0r-plugins-dev
- ladspa-sdk
- multimedia-audio-plugins
- swh-plugins
- tap-plugins
- name: Initialize OPAM
become_user: azuracast
shell: >-
opam init -a --disable-sandboxing --bare
&& opam switch create 4.13.1
args:
chdir: "{{ app_base }}"
executable: "bash" # Fixes some possible hang issues.
- name: Build and Install Liquidsoap and Dependencies
become_user: azuracast
shell: >-
ladspa.0.2.2 ffmpeg.1.1.3 ffmpeg-avutil.1.1.3 ffmpeg-avcodec.1.1.3 ffmpeg-avdevice.1.1.3
ffmpeg-av.1.1.3 ffmpeg-avfilter.1.1.3 ffmpeg-swresample.1.1.3 ffmpeg-swscale.1.1.3 frei0r.0.1.2
samplerate.0.1.6 taglib.0.3.9 mad.0.5.2 faad.0.5.0 fdkaac.0.3.2 lame.0.3.6 vorbis.0.8.0 cry.0.6.7
flac.0.3.0 opus.0.2.1 dtools.0.4.4 duppy.0.9.2 ocurl.0.9.2 ssl.0.5.10 \
liquidsoap.2.0.4
args:
chdir: "{{ app_base }}"
register: install_result
async: 3600
poll: 0
- name: Check on Liquidsoap Installation
become_user: azuracast
async_status:
jid: "{{ install_result.ansible_job_id }}"
register: check_result
until: check_result.finished
retries: 60
delay: 60
- name: Link Liquidsoap binary
file:
src: "{{ app_base }}/.opam/4.12.0/bin/liquidsoap"
dest: /usr/local/bin/liquidsoap
state: link
force: true

28
util/ansible/roles/azuracast-radio/tasks/main.yml
View File

@ -1,28 +0,0 @@
---
- name: Build Icecast
include_tasks: icecast.yml
- name: Install Liquidsoap (Focal)
include_tasks: liquidsoap.yml
when:
- ansible_distribution_release == 'focal'
- name: Add Audiowaveform PPA
apt_repository:
repo: "ppa:chris-needham/ppa"
update_cache: true
- name: Install Audiowaveform
apt:
name: audiowaveform
install_recommends: false
- name: Install Flac
apt:
name: flac
install_recommends: false
- name: Install Vorbis-Tools
apt:
name: vorbis-tools
install_recommends: false

31
util/ansible/roles/azuracast-setup/tasks/main.yml
View File

@ -1,31 +0,0 @@
---
- name: Ensure update script continues to be executable
file:
path: "{{ azuracast_setup_update_script }}"
state: touch
mode: "a+x"
loop:
- "{{ www_base }}/update.sh"
- "{{ www_base }}/bin/console"
loop_control:
loop_var: azuracast_setup_update_script
- name: Run AzuraCast Setup (Install Mode)
become: true
become_user: azuracast
shell: >-
php {{ www_base }}/bin/console azuracast:setup
when: not update_mode|bool
- name: Migrate Legacy Configuration (Update Mode)
become: true
become_user: azuracast
shell: >-
php {{ www_base }}/bin/console azuracast:config:migrate
when: update_mode|bool
- name: Run AzuraCast Setup (Update Mode)
become: true
become_user: azuracast
shell: php {{ www_base }}/bin/console azuracast:setup --update
when: update_mode|bool

6
util/ansible/roles/azuracast-user/handlers/main.yml
View File

@ -1,6 +0,0 @@
---
- name: send user notification
debug:
msg: >-
A user account named 'azuracast' has been created. The password associated with this
account is: {{ prod_azuracast_user_password.stdout }}

31
util/ansible/roles/azuracast-user/tasks/main.yml
View File

@ -1,31 +0,0 @@
---
- name: Generate AzuraCast Password
command: >-
pwgen 8 -sn 1
register: prod_azuracast_user_password
- name: Create Groups
group:
name: "{{ azuracast_user_sys_group }}"
state: present
loop:
- www-data
- admin
loop_control:
loop_var: azuracast_user_sys_group
- name: Create AzuraCast User
user:
name: azuracast
home: "{{ app_base }}"
comment: "AzuraCast"
shell: /bin/bash
groups: 'sudo,admin,www-data'
password: "{{ prod_azuracast_user_password.stdout|password_hash('sha512') }}"
notify: send user notification
- name: Modify www-data User
user:
name: www-data
groups: "azuracast"
append: true

25
util/ansible/roles/beanstalkd/tasks/main.yml
View File

@ -1,25 +0,0 @@
---
- name: Install Beanstalkd
apt:
name: beanstalkd
- name: Extend default message size.
template:
src: etc_default_beanstalkd.j2
dest: /etc/default/beanstalkd
force: true
mode: 0644
- name: Install Beanstalkd Supervisord conf
template:
src: supervisor.conf.j2
dest: /etc/supervisor/conf.d/beanstalkd.conf
force: true
mode: 0644
- name: Disable Beanstalkd service
service:
name: "beanstalkd"
enabled: false
state: stopped
ignore_errors: true

3
util/ansible/roles/beanstalkd/templates/etc_default_beanstalkd.j2
View File

@ -1,3 +0,0 @@
BEANSTALKD_LISTEN_ADDR="127.0.0.1"
BEANSTALKD_LISTEN_PORT=11300
BEANSTALKD_EXTRA="-z 262140"

6
util/ansible/roles/beanstalkd/templates/supervisor.conf.j2
View File

@ -1,6 +0,0 @@
[program:beanstalkd]
command=beanstalkd -p 11300 -z 262140
user=azuracast
numprocs=1
autostart=true
autorestart=unexpected

46
util/ansible/roles/composer/tasks/main.yml
View File

@ -1,46 +0,0 @@
---
- name: Install Composer
shell: >-
curl -fsSL https://getcomposer.org/installer
| php -- --install-dir=/usr/bin --filename=composer
args:
warn: false
- name: Clear existing vendor folder
file:
path: "{{ www_base }}/vendor"
state: absent
- name: Recreate vendor folder
file:
path: "{{ www_base }}/vendor"
state: directory
owner: azuracast
group: www-data
mode: 0744
- name: Ensure composer.lock exists
file:
path: "{{ www_base }}/composer.lock"
state: file
owner: azuracast
group: www-data
mode: 0744
- name: Install Composer Dependencies (Development)
become: true
become_user: azuracast
command: >-
composer install --ignore-platform-req=php
args:
chdir: "{{ www_base }}"
when: app_env == "development"
- name: Install Composer Dependencies (Production)
become: true
become_user: azuracast
command: >-
composer install --ignore-platform-req=php --no-dev --optimize-autoloader
args:
chdir: "{{ www_base }}"
when: app_env == "production"

18
util/ansible/roles/dbip/tasks/main.yml
View File

@ -1,18 +0,0 @@
---
- name: Download DBIP Database
get_url:
url: "https://download.db-ip.com/free/dbip-city-lite-{{ ansible_date_time.year }}-{{ ansible_date_time.month }}.mmdb.gz"
dest: "{{ app_base }}/dbip/dbip-city-lite.mmdb.gz"
- name: Extract DBIP Database
shell: "gunzip -f dbip-city-lite.mmdb.gz"
args:
chdir: "{{ app_base }}/dbip"
- name: Set DBIP Database Permissions
file:
path: "{{ app_base }}/dbip/dbip-city-lite.mmdb"
state: file
mode: "u=rwx,g=rx,o=rx"
owner: "azuracast"
group: "www-data"

6
util/ansible/roles/debug-dump/tasks/main.yml
View File

@ -1,6 +0,0 @@
---
- name: Dump all vars
template:
src: dumpall.j2
dest: "{{ app_base }}/ansible/vars.txt"
mode: 0644

5
util/ansible/roles/debug-dump/templates/dumpall.j2
View File

@ -1,5 +0,0 @@
util_base: {{ util_base }}
www_base: {{ www_base }}
app_base: {{ app_base }}
tmp_base: {{ tmp_base }}
app_env: {{ app_env }}

13
util/ansible/roles/influxdb/tasks/main.yml
View File

@ -1,13 +0,0 @@
---
- name: Shut Down InfluxDB
service:
name: "influxdb"
state: stopped
ignore_errors: true
- name: Remove InfluxDB if Present
apt:
name: "influxdb"
state: absent
force: true
purge: true

59
util/ansible/roles/init/tasks/main.yml
View File

@ -1,59 +0,0 @@
---
- name: Running context
debug:
msg: >-
Running Ansible on {{ inventory_hostname }} with OS {{ ansible_distribution }}
{{ ansible_distribution_release }} {{ ansible_distribution_version }} {{ ansible_architecture }} ({{ app_env }})"
- name: Ubuntu OS Check
fail:
msg: "The AzuraCast Ansible installation can only be installed onto computers running Ubuntu."
when: ansible_distribution != 'Ubuntu'
- name: Ubuntu Version Check
fail:
msg: "The AzuraCast Ansible installation can only be installed onto computers running Ubuntu 20.04 LTS (Focal) or 22.04 LTS (Jammy)."
when:
- ansible_distribution_release != 'focal'
- ansible_distribution_release != 'jammy'
- name: Add multiverse repository
apt_repository:
repo: "{{ init_repo_to_add }}"
update_cache: false
when:
- ansible_architecture == 'x86_64' or ansible_architecture == 'i386'
loop:
- "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }} multiverse"
- "deb-src http://archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }} multiverse"
- "deb http://archive.ubuntu.com/ubuntu {{ ansible_distribution_release }}-updates multiverse"
- "deb-src http://archive.ubuntu.com/ubuntu/ {{ ansible_distribution_release }}-updates multiverse"
loop_control:
loop_var: init_repo_to_add
- name: Update apt
apt:
update_cache: true
- name: Install system packages
apt:
name: "{{ packages }}"
vars:
packages:
- apt-transport-https
- curl
- wget
- tar
- build-essential
- pwgen
- whois
- gzip
- zip
- unzip
- zstd
- software-properties-common
- python3-pip
- name: Update pip components
pip:
name: pip

44
util/ansible/roles/mariadb/tasks/main.yml
View File

@ -1,44 +0,0 @@
---
- name: Update MariaDB Dependencies
shell: >-
curl -sSL https://downloads.mariadb.com/MariaDB/mariadb_repo_setup
| bash -s -- --mariadb-server-version="mariadb-10.5"
- name: Remove old MariaDB conf files
file:
path: "{{ item }}"
state: absent
with_fileglob:
- "/etc/apt/sources.list.d/mariadb.list.old*"
ignore_errors: true
- name: Install MariaDB
apt:
name: "{{ packages }}"
state: present
update_cache: true
vars:
packages:
- mariadb-server
- mariadb-client
- name: Install MariaDB DB conf
template:
src: my.cnf.j2
dest: /etc/mysql/conf.d/db.cnf
force: true
mode: 0644
- name: Install MariaDB Supervisord conf
template:
src: supervisor.conf.j2
dest: /etc/supervisor/conf.d/mariadb.conf
force: true
mode: 0644
- name: Disable MariaDB service
service:
name: "mysql"
enabled: false
state: stopped
ignore_errors: true

5
util/ansible/roles/mariadb/templates/my.cnf.j2
View File

@ -1,5 +0,0 @@
[mysqld]
character-set-server=utf8mb4
[client]
default-character-set=utf8mb4

7
util/ansible/roles/mariadb/templates/supervisor.conf.j2
View File

@ -1,7 +0,0 @@
[program:mariadb]
command=/usr/sbin/mariadbd
user=mysql
priority=100
numprocs=1
autostart=true
autorestart=unexpected

99
util/ansible/roles/nginx/tasks/main.yml
View File

@ -1,99 +0,0 @@
---
- name: Uninstall web server packages that may conflict with nginx
apt:
name:
- apache2
- lighttpd
state: absent
- name: Unhold nginx-related packages for updates
dpkg_selections:
name: "{{ nginx_pkg_select }}"
selection: install
loop:
- "nginx"
- "nginx-common"
- "nginx-extras"
loop_control:
loop_var: nginx_pkg_select
- name: Remove any older nginx
apt:
name:
- nginx
- nginx-common
- nginx-extras
state: absent
purge: true
- name: Install nginx
apt:
name:
- nginx
- nginx-common
- name: Remove default nginx site symlink
file:
path: "/etc/nginx/sites-enabled/default"
state: absent
- name: Add nginx global config
template:
src: nginx.conf.j2
dest: /etc/nginx/nginx.conf
force: true
backup: true
mode: 0644
- name: Add app-specific nginx site
template:
src: default.j2
dest: /etc/nginx/sites-available/00-azuracast
force: true
mode: 0644
- name: Link app-specific nginx site
file:
path: "/etc/nginx/sites-enabled/00-azuracast"
state: link
src: "/etc/nginx/sites-available/00-azuracast"
- name: Turn sendfile off on nginx for local development
replace:
dest: /etc/nginx/nginx.conf
regexp: 'sendfile on;'
replace: 'sendfile off;'
when: app_env == "development"
- name: Create self-signed SSL cert
command: >-
openssl req -new -nodes -x509 -subj "/C=US/ST=Texas/L=Austin/O=IT/CN=${ansible_fqdn}" -days 3650
-keyout {{ app_base }}/acme/default.key -out {{ app_base }}/acme/default.crt -extensions v3_ca
args:
creates: "{{ app_base }}/acme/default.crt"
- name: Link self-signed SSL key if applicable.
file:
path: "{{ app_base }}/acme/ssl.key"
state: link
src: "{{ app_base }}/acme/default.key"
- name: Link self-signed SSL cert if applicable.
file:
path: "{{ app_base }}/acme/ssl.crt"
state: link
src: "{{ app_base }}/acme/default.crt"
- name: Install Nginx Supervisord conf
template:
src: supervisor.conf.j2
dest: /etc/supervisor/conf.d/nginx.conf
force: true
mode: 0644
- name: Disable Nginx service
service:
name: "nginx"
enabled: false
state: stopped
ignore_errors: true

137
util/ansible/roles/nginx/templates/default.j2
View File

@ -1,137 +0,0 @@
upstream php-fpm-internal {
server unix:/var/run/php-fpm-internal.sock;
}
upstream php-fpm-www {
server unix:/var/run/php-fpm-www.sock;
}
server {
listen 127.0.0.1:6010;
root {{ app_base }}/www/web;
index index.php;
# Default clean URL routing
location / {
try_files $uri @clean_url;
}
location @clean_url {
rewrite ^(.*)$ /index.php last;
}
location ~ ^/index\.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
fastcgi_pass php-fpm-internal;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
include fastcgi_params;
fastcgi_read_timeout 600;
fastcgi_buffering off;
internal;
}
}
server {
listen 80;
listen 443 default_server ssl;
listen [::]:80;
listen [::]:443 default_server ssl;
ssl_certificate {{ app_base }}/acme/ssl.crt;
ssl_certificate_key {{ app_base }}/acme/ssl.key;
root {{ app_base }}/www/web;
index index.php;
server_name localhost;
add_header X-XSS-Protection 1;
add_header X-Content-Type-Options nosniff;
add_header Referrer-Policy no-referrer-when-downgrade;
access_log {{ app_base }}/www_tmp/access.log;
error_log {{ app_base }}/www_tmp/error.log;
# LetsEncrypt handling
location /.well-known/acme-challenge {
alias {{ app_base }}/acme/challenges;
try_files $uri =404;
}
# Serve a static version of the nowplaying data for non-PHP-blocking delivery.
location /api/nowplaying_static {
expires 10s;
add_header Access-Control-Allow-Origin *;
alias {{ app_base }}/www_tmp/nowplaying;
try_files $uri =404;
}
location / {
try_files $uri @clean_url;
}
location @clean_url {
rewrite ^(.*)$ /index.php last;
}
# Set up caching for static assets.
location /static {
add_header Access-Control-Allow-Origin *;
}
location /static/uploads {
rewrite ^(.+)\.(?:\w+)\.(js|css|png|jpg)$ $1.$2 last;
alias /var/azuracast/uploads;
try_files $uri =404;
}
location /static/dist {
expires 365d;
}
location /static/webpack_dist {
expires 365d;
}
location ~ ^/index\.php(/|$) {
fastcgi_split_path_info ^(.+\.php)(/.+)$;
# NOTE: You should have "cgi.fix_pathinfo = 0;" in php.ini
fastcgi_pass php-fpm-www;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
fastcgi_param DOCUMENT_ROOT $realpath_root;
include fastcgi_params;
fastcgi_read_timeout 1800;
fastcgi_buffering off;
internal;
}
# deny access to .htaccess files, if Apache's document root
# concurs with nginx's one
location ~ /\.ht {
deny all;
}
# Internal handlers used by the application to perform X-Accel-Redirect's for higher performance.
location /internal/backups/ {
internal;
alias {{ app_base }}/backups/;
}
location /internal/stations/ {
internal;
alias {{ app_base }}/stations/;
}
include {{ app_base }}/stations/*/config/nginx.conf;
}

94
util/ansible/roles/nginx/templates/nginx.conf.j2
View File

@ -1,94 +0,0 @@
user azuracast;
worker_processes auto;
worker_rlimit_nofile 65000;
pid /run/nginx.pid;
include /etc/nginx/modules-enabled/*.conf;
events {
worker_connections 65000;
multi_accept on;
}
http {
##
# Basic Settings
##
sendfile on;
tcp_nopush on;
tcp_nodelay on;
keepalive_timeout 65;
types_hash_max_size 2048;
server_tokens off;
proxy_max_temp_file_size 0;
client_max_body_size 50M;
# server_names_hash_bucket_size 64;
# server_name_in_redirect off;
include /etc/nginx/mime.types;
default_type application/octet-stream;
##
# SSL Settings
##
{% if ansible_distribution_release == 'focal' %}
ssl_protocols TLSv1.2 TLSv1.3;
ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384';
ssl_prefer_server_ciphers off;
{% else %}
ssl_protocols TLSv1 TLSv1.1 TLSv1.2; # Dropping SSLv3, ref: POODLE
ssl_prefer_server_ciphers on;
{% endif %}
##
# Logging Settings
##
log_format hls_json escape=json '{'
'"msec": "$msec",'
'"ua": "$http_user_agent",'
'"ip": "$remote_addr",'
'"ip_xff": "$http_x_forwarded_for",'
'"uri": "$request_uri"'
'}';
access_log /var/log/nginx/access.log;
error_log /var/log/nginx/error.log;
##
# Gzip Settings
##
gzip on;
gzip_disable "msie6";
gzip_comp_level 6;
gzip_min_length 1100;
gzip_buffers 16 8k;
gzip_proxied any;
gzip_types
text/plain
text/css
text/js
text/xml
text/javascript
application/javascript
application/x-javascript
application/json
application/xml
application/xml+rss;
##
# Virtual Host Configs
##
include /etc/nginx/conf.d/*.conf;
include /etc/nginx/sites-enabled/*;
}

8
util/ansible/roles/nginx/templates/supervisor.conf.j2
View File

@ -1,8 +0,0 @@
[program:nginx]
command=nginx -g "daemon off;"
priority=100
numprocs=1
autostart=true
autorestart=unexpected
stopasgroup=true
killasgroup=true

89
util/ansible/roles/php/tasks/main.yml
View File

@ -1,89 +0,0 @@
---
- name: Add PHP PPA repository
apt_repository:
repo: "ppa:ondrej/php"
update_cache: true
- name: Remove Old PHP Libraries
apt:
name: "{{ packages }}"
state: absent
vars:
packages:
- "php5-*"
- "php7.0-*"
- "php7.1-*"
- "php7.2-*"
- "php7.4-*"
- "php8.0-*"
ignore_errors: true
- name: Set PHP Version
set_fact:
php_version: 8.1
- name: "Install PHP {{ php_version }}"
apt:
name: "{{ packages }}"
state: present
vars:
packages:
- "php{{ php_version }}-fpm"
- "php{{ php_version }}-cli"
- "php{{ php_version }}-gd"
- "php{{ php_version }}-curl"
- "php{{ php_version }}-xml" # IceCast XML config
- "php{{ php_version }}-zip" # Composer installs
- "php{{ php_version }}-mysqlnd" # MySQL Native Driver (Doctrine)
- "php{{ php_version }}-mbstring" # Codeception Tests
- "php{{ php_version }}-intl" # Localization
- "php{{ php_version }}-redis" # Cache
- "php{{ php_version }}-bcmath" # BigInteger
- "php{{ php_version }}-gmp" # BigInteger and PHP-IP
- "php{{ php_version }}-maxminddb" # Maxmind (GeoIP) DB native ext
- name: Configure PHP FPM Pool
template:
src: fpmpool.j2
dest: "/etc/php/{{ php_version }}/fpm/pool.d/www.conf"
force: true
mode: 0644
- name: Configure php-fpm php.ini
ini_file:
dest: "/etc/php/{{ php_version }}/fpm/php.ini"
section: PHP
option: "{{ php_init_option.option }}"
value: "{{ php_init_option.value }}"
mode: 0644
loop:
- option: "post_max_size"
value: "50M"
- option: "short_open_tag"
value: "On"
- option: "upload_max_filesize"
value: "50M"
loop_control:
loop_var: php_init_option
- name: Configure php-cli php.ini
ini_file:
dest: "/etc/php/{{ php_version }}/cli/php.ini"
section: PHP
option: "short_open_tag"
value: "On"
mode: 0644
- name: Install PHP-FPM Supervisord conf
template:
src: supervisor.conf.j2
dest: /etc/supervisor/conf.d/php-fpm.conf
force: true
mode: 0644
- name: Disable PHP-FPM service
service:
name: "php8.1-fpm"
enabled: false
state: stopped
ignore_errors: true

51
util/ansible/roles/php/templates/fpmpool.j2
View File

@ -1,51 +0,0 @@
[global]
error_log = syslog
daemonize = no
[www]
user = azuracast
group = azuracast
listen = /var/run/php-fpm-www.sock
listen.owner = azuracast
listen.group = www-data
listen.mode = 0660
pm = ondemand
pm.max_children = 20
pm.start_servers = 2
pm.min_spare_servers = 2
pm.max_spare_servers = 4
pm.max_requests = 200
pm.status_path = /status
pm.process_idle_timeout = 60s
chdir = /
clear_env=No
catch_workers_output = yes
decorate_workers_output = no
[internal]
user = azuracast
group = azuracast
listen = /var/run/php-fpm-internal.sock
listen.owner = azuracast
listen.group = www-data
listen.mode = 0660
pm = ondemand
pm.max_children = 10
pm.start_servers = 2
pm.min_spare_servers = 2
pm.max_spare_servers = 4
pm.max_requests = 50
pm.process_idle_timeout = 60s
chdir = /
clear_env=No
catch_workers_output = yes
decorate_workers_output = no

28
util/ansible/roles/php/templates/supervisor.conf.j2
View File

@ -1,28 +0,0 @@
[program:php-fpm]
command=/usr/sbin/php-fpm8.1 --nodaemonize --fpm-config /etc/php/8.1/fpm/php-fpm.conf
priority=500
numprocs=1
autostart=true
autorestart=unexpected
stopasgroup=true
killasgroup=true
[program:php-nowplaying]
command=php {{ www_base }}/bin/console azuracast:sync:nowplaying
user=azuracast
priority=600
numprocs=1
autostart=true
autorestart=true
stopasgroup=true
killasgroup=true
[program:php-worker]
command=php {{ www_base }}/bin/console queue:process --worker-name=app_worker_0
user=azuracast
priority=600
numprocs=1
autostart=true
autorestart=true
stopasgroup=true
killasgroup=true

35
util/ansible/roles/redis/tasks/main.yml
View File

@ -1,35 +0,0 @@
---
- name: Add Redis PPA repository (Focal)
apt_repository:
repo: "ppa:chris-lea/redis-server"
update_cache: true
when: ansible_distribution_release == 'focal'
- name: Install Redis
apt:
name: redis-server
- name: Install Redis Conf
template:
src: redis.conf.j2
dest: /etc/redis/redis.conf
force: true
owner: "redis"
mode: 0644
- name: Install Redis Supervisord conf
template:
src: supervisor.conf.j2
dest: /etc/supervisor/conf.d/redis.conf
force: true
mode: 0644
- name: Disable Redis services
service:
name: "{{ item }}"
enabled: false
state: stopped
ignore_errors: true
with_items:
- "redis-server"
- "redis"

14
util/ansible/roles/redis/templates/redis.conf.j2
View File

@ -1,14 +0,0 @@
bind 127.0.0.1
protected-mode yes
port 6379
save ""
appendonly no
maxmemory 128mb
maxmemory-policy volatile-lfu
always-show-logo no
protected-mode no

6
util/ansible/roles/redis/templates/supervisor.conf.j2
View File

@ -1,6 +0,0 @@
[program:redis]
command=/usr/bin/redis-server /etc/redis/redis.conf
user=redis
numprocs=1
autostart=true
autorestart=unexpected

7
util/ansible/roles/services/tasks/main.yml
View File

@ -1,7 +0,0 @@
---
- name: Enable and restart Supervisord
service:
name: "supervisor"
enabled: true
state: restarted
ignore_errors: true

31
util/ansible/roles/sftpgo/tasks/main.yml
View File

@ -1,31 +0,0 @@
---
- name: Add SFTPGo PPA repository
apt_repository:
repo: "ppa:sftpgo/sftpgo"
update_cache: true
- name: Install SFTPGo
apt:
name: "sftpgo"
state: present
- name: Configure SFTPGo
template:
src: sftpgo.json.j2
dest: "/etc/sftpgo/sftpgo.json"
force: true
mode: 0644
- name: Install SFTPGo Supervisord conf
template:
src: supervisor.conf.j2
dest: /etc/supervisor/conf.d/sftpgo.conf
force: true
mode: 0644
- name: Disable SFTPGo service
service:
name: "sftpgo"
enabled: false
state: stopped
ignore_errors: true

51
util/ansible/roles/sftpgo/templates/sftpgo.json.j2
View File

@ -1,51 +0,0 @@
{
"common": {
"idle_timeout": 15,
"upload_mode": 2,
"setstat_mode": 1,
"actions": {
"execute_on": [
"upload",
"pre-delete",
"rename"
],
"hook": "http://127.0.0.1:6010/api/internal/sftp-event"
},
"defender": {
"enabled": true,
"driver": "memory"
}
},
"sftpd": {
"bindings": [
{
"port": 2022,
"address": "",
"apply_proxy_config": true
}
],
"enable_scp": true
},
"httpd": {
"bindings": [
{
"port": 0
}
],
"templates_path": "/usr/share/sftpgo/templates",
"static_files_path": "/usr/share/sftpgo/static"
},
"telemetry": {
"bind_port": 0
},
"data_provider": {
"driver": "bolt",
"name": "/etc/sftpgo/sftpgo.db",
"users_base_dir": "{{ app_base }}/stations",
"external_auth_hook": "http://127.0.0.1:6010/api/internal/sftp-auth",
"external_auth_scope": 0,
"auto_backup": {
"enabled": false
}
}
}

10
util/ansible/roles/sftpgo/templates/supervisor.conf.j2
View File

@ -1,10 +0,0 @@
[program:sftpgo]
command=sftpgo serve -l ""
dir=/var/azuracast/sftpgo
user=azuracast
priority=700
numprocs=1
autostart=true
autorestart=true
stopasgroup=true
killasgroup=true

18
util/ansible/roles/supervisord/tasks/main.yml
View File

@ -1,18 +0,0 @@
---
- name: Install supervisord from repo
apt:
name: supervisor
- name: Change supervisord configuration
template:
src: supervisord.conf.j2
dest: /etc/supervisor/supervisord.conf
force: true
mode: 0644
- name: Temporarily turn off supervisord
service:
name: "supervisor"
enabled: true
state: stopped
ignore_errors: true

134
util/ansible/roles/supervisord/templates/supervisord.conf.j2
View File

@ -1,134 +0,0 @@
; Sample supervisor config file.
;
; For more information on the config file, please see:
; http://supervisord.org/configuration.html
;
; Notes:
; - Shell expansion ("~" or "$HOME") is not supported. Environment
; variables can be expanded using this syntax: "%(ENV_HOME)s".
; - Comments must have a leading space: "a=b ;comment" not "a=b;comment".
[unix_http_server]
file = /var/run/supervisor.sock
chmod = 0666
chown=azuracast:azuracast
[supervisord]
logfile={{ tmp_base }}/supervisord.log ; (main log file;default $CWD/supervisord.log)
logfile_maxbytes=50MB ; (max main logfile bytes b4 rotation;default 50MB)
logfile_backups=10 ; (num of main logfile rotation backups;default 10)
loglevel=info ; (log level;default info; others: debug,warn,trace)
pidfile=/var/run/supervisord.pid ; (supervisord pidfile;default supervisord.pid)
nodaemon=false ; (start in foreground if true;default false)
minfds=1024 ; (min. avail startup file descriptors;default 1024)
minprocs=200 ; (min. avail process descriptors;default 200)
;umask=022 ; (process file creation umask;default 022)
;user=azuracast ; (default is current user, required if root)
;identifier=supervisor ; (supervisord identifier, default is 'supervisor')
;directory=/tmp ; (default is not to cd during start)
;nocleanup=true ; (don't clean up tempfiles at start;default false)
;childlogdir=/tmp ; ('AUTO' child log dir, default $TEMP)
;environment=KEY="value" ; (key value pairs to add to environment)
;strip_ansi=false ; (strip ansi escape codes in logs; def. false)
; the below section must remain in the config file for RPC
; (supervisorctl/web interface) to work, additional interfaces may be
; added by defining them in separate rpcinterface: sections
[rpcinterface:supervisor]
supervisor.rpcinterface_factory = supervisor.rpcinterface:make_main_rpcinterface
[supervisorctl]
serverurl=unix:///var/run/supervisor.sock ; use a unix:// URL for a unix socket
;serverurl=http://127.0.0.1:9001 ; use an http:// url to specify an inet socket
;username=chris ; should be same as http_username if set
;password=123 ; should be same as http_password if set
;prompt=mysupervisor ; cmd line prompt (default "supervisor")
;history_file=~/.sc_history ; use readline history if available
; The below sample program section shows all possible program subsection values,
; create one or more 'real' program: sections to be able to control them under
; supervisor.
;[program:theprogramname]
;command=/bin/cat ; the program (relative uses PATH, can take args)
;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
;numprocs=1 ; number of processes copies to start (def 1)
;directory=/tmp ; directory to cwd to before exec (def no cwd)
;umask=022 ; umask for process (default None)
;priority=999 ; the relative start priority (default 999)
;autostart=true ; start at supervisord start (default: true)
;startsecs=1 ; # of secs prog must stay up to be running (def. 1)
;startretries=3 ; max # of serial start failures when starting (default 3)
;autorestart=unexpected ; when to restart if exited after running (def: unexpected)
;exitcodes=0,2 ; 'expected' exit codes used with autorestart (default 0,2)
;stopsignal=QUIT ; signal used to kill process (default TERM)
;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10)
;stopasgroup=false ; send stop signal to the UNIX process group (default false)
;killasgroup=false ; SIGKILL the UNIX process group (def false)
;user=chrism ; setuid to this UNIX account to run the program
;redirect_stderr=true ; redirect proc stderr to stdout (default false)
;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO
;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)
;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10)
;stdout_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)
;stdout_events_enabled=false ; emit events on stdout writes (default false)
;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO
;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)
;stderr_logfile_backups=10 ; # of stderr logfile backups (default 10)
;stderr_capture_maxbytes=1MB ; number of bytes in 'capturemode' (default 0)
;stderr_events_enabled=false ; emit events on stderr writes (default false)
;environment=A="1",B="2" ; process environment additions (def no adds)
;serverurl=AUTO ; override serverurl computation (childutils)
; The below sample eventlistener section shows all possible
; eventlistener subsection values, create one or more 'real'
; eventlistener: sections to be able to handle event notifications
; sent by supervisor.
;[eventlistener:theeventlistenername]
;command=/bin/eventlistener ; the program (relative uses PATH, can take args)
;process_name=%(program_name)s ; process_name expr (default %(program_name)s)
;numprocs=1 ; number of processes copies to start (def 1)
;events=EVENT ; event notif. types to subscribe to (req'd)
;buffer_size=10 ; event buffer queue size (default 10)
;directory=/tmp ; directory to cwd to before exec (def no cwd)
;umask=022 ; umask for process (default None)
;priority=-1 ; the relative start priority (default -1)
;autostart=true ; start at supervisord start (default: true)
;startsecs=1 ; # of secs prog must stay up to be running (def. 1)
;startretries=3 ; max # of serial start failures when starting (default 3)
;autorestart=unexpected ; autorestart if exited after running (def: unexpected)
;exitcodes=0,2 ; 'expected' exit codes used with autorestart (default 0,2)
;stopsignal=QUIT ; signal used to kill process (default TERM)
;stopwaitsecs=10 ; max num secs to wait b4 SIGKILL (default 10)
;stopasgroup=false ; send stop signal to the UNIX process group (default false)
;killasgroup=false ; SIGKILL the UNIX process group (def false)
;user=chrism ; setuid to this UNIX account to run the program
;redirect_stderr=false ; redirect_stderr=true is not allowed for eventlisteners
;stdout_logfile=/a/path ; stdout log path, NONE for none; default AUTO
;stdout_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)
;stdout_logfile_backups=10 ; # of stdout logfile backups (default 10)
;stdout_events_enabled=false ; emit events on stdout writes (default false)
;stderr_logfile=/a/path ; stderr log path, NONE for none; default AUTO
;stderr_logfile_maxbytes=1MB ; max # logfile bytes b4 rotation (default 50MB)
;stderr_logfile_backups=10 ; # of stderr logfile backups (default 10)
;stderr_events_enabled=false ; emit events on stderr writes (default false)
;environment=A="1",B="2" ; process environment additions
;serverurl=AUTO ; override serverurl computation (childutils)
; The below sample group section shows all possible group values,
; create one or more 'real' group: sections to create "heterogeneous"
; process groups.
;[group:thegroupname]
;programs=progname1,progname2 ; each refers to 'x' in [program:x] definitions
;priority=999 ; the relative start priority (default 999)
; The [include] section can just contain the "files" setting. This
; setting can list multiple files (separated by whitespace or
; newlines). It can also contain wildcards. The filenames are
; interpreted as relative to this file. Included files *cannot*
; include files themselves.
[include]
files = {{ app_base }}/stations/*/config/supervisord.conf conf.d/*

37
util/ansible/roles/ufw/tasks/main.yml
View File

@ -1,37 +0,0 @@
---
- name: Install UFW Firewall
apt:
name: ufw
- name: UFW - Disable all other incoming by default
ufw:
policy: deny
direction: incoming
- name: UFW - Allow all other outgoing by default
ufw:
policy: allow
direction: outgoing
- name: UFW - Enable AzuraCast TCP Ports
ufw:
rule: allow
port: "{{ ufw_allow_rule }}"
proto: tcp
loop:
- 80
- 443
- 2022
- '8000:8999'
loop_control:
loop_var: ufw_allow_rule
- name: UFW - Enable SSH
ufw:
rule: limit
port: ssh
proto: tcp
- name: UFW - Turn on Firewall
ufw:
state: enabled

122
util/ansible/roles/uninstall/tasks/main.yml
View File

@ -1,122 +0,0 @@
---
- name: "Running context"
debug:
msg: >-
Running Ansible on {{ inventory_hostname }} with OS {{ ansible_distribution }} {{ ansible_distribution_release }}
{{ ansible_distribution_version }} {{ ansible_architecture }} ({{ app_env }})
- name: "Shut down all services"
service:
name: "{{ uninstall_svc_to_stop }}"
state: stopped
loop:
- "influxdb"
- "mysql"
- "php7.4-fpm"
- "nginx"
- "redis-server"
- "supervisor"
loop_control:
loop_var: uninstall_svc_to_stop
ignore_errors: true
- name: Kill all processes owned by AzuraCast user
command: pkill -9 -u azuracast
ignore_errors: true
- name: Update apt
apt:
update_cache: true
- name: Remove AzuraCast User
user:
name: azuracast
state: absent
- name: "Remove AzuraCast folders"
file:
path: "{{ uninstall_file_to_delete }}"
state: absent
loop:
- "{{ tmp_base }}"
- "{{ app_base }}/servers"
loop_control:
loop_var: uninstall_file_to_delete
- name: Remove PPAs
apt_repository:
repo: "{{ uninstall_repo_to_delete }}"
state: absent
loop:
- "ppa:avsm/ppa"
loop_control:
loop_var: uninstall_repo_to_delete
- name: UFW - Turn off Firewall
ufw:
state: disabled
ignore_errors: true
- name: Remove software
apt:
name: "{{ packages }}"
state: absent
force: true
purge: true
vars:
packages:
# Radio software
- icecast2
- liquidsoap
- liquidsoap-plugin-*
- libxml2
- libxslt1-dev
- libvorbis-dev
- libssl-dev
- libcurl4-openssl-dev
- opam
- libpcre3-dev
- libfdk-aac-dev
- libmad0-dev
- libmp3lame-dev
- libtag1-dev
- libfaad-dev
- libflac-dev
- libogg-dev
- libopus-dev
- m4
- aspcud
- camlp4
# Supervisord
- supervisor
# InfluxDB
- influxdb
# Nginx
- nginx
- nginx-*
# PHP 7.2
- php7.2-*
- php7.4-*
# MariaDB
- mariadb-*
# Redis
- redis-server
# UFW Firewall
- ufw
# Ansible itself
- python2.7
- python-pip
- python-mysqldb
- ansible
# System packages
- pwgen
- lnav

14
util/ansible/uninstall.yml
View File

@ -1,14 +0,0 @@
---
- hosts: all
become: true
vars:
util_base: "{{ playbook_dir | dirname }}"
www_base: "{{ util_base | dirname }}"
app_base: "{{ www_base | dirname }}"
tmp_base: "{{ app_base }}/www_tmp"
app_env: "production"
update_revision: 1
roles:
- "uninstall"

63
util/ansible/update.yml
View File

@ -1,63 +0,0 @@
---
- hosts: all
become: true
vars:
util_base: "{{ playbook_dir | dirname }}"
www_base: "{{ util_base | dirname }}"
app_base: "{{ www_base | dirname }}"
tmp_base: "{{ app_base }}/www_tmp"
app_env: "production"
update_mode: true
update_revision: 1
environment:
DEBIAN_FRONTEND: noninteractive
roles:
- role: "init"
- role: "azuracast-config"
- role: "azuracast-radio"
when: update_revision|int < 94
- role: "supervisord"
- role: "mariadb"
when: update_revision|int < 87
- role: "nginx"
when: update_revision|int < 90
- role: "redis"
when: update_revision|int < 93
- role: "beanstalkd"
when: update_revision|int < 87
- role: "sftpgo"
when: update_revision|int < 87
- role: "php"
when: update_revision|int < 87
- role: "composer"
- role: "influxdb"
when: update_revision|int < 58
- role: "ufw"
when: update_revision|int < 86
- role: "dbip"
when: update_revision|int < 51
- role: "azuracast-cron"
when: update_revision|int < 87
- role: "services"
- role: "azuracast-build"
- role: "azuracast-setup"