diff options
| author | Christian Pointner <equinox@spreadspace.org> | 2024-04-03 20:18:22 +0200 |
|---|---|---|
| committer | Christian Pointner <equinox@spreadspace.org> | 2024-04-03 20:18:22 +0200 |
| commit | b90a0f8dfdcfc045bdfef50ce0e91bbd056f3d47 (patch) | |
| tree | e4a3b32502905113b1c1a499ee6a2a10e3af78c3 /_graveyard_/spreadspace/glt-stream.yml | |
| parent | nginx/vhost: fix string concat issue incase nginx_vhost.name is not a string (diff) | |
cleanup old linuxtage stuff and add new glt-jitsi
Diffstat (limited to '_graveyard_/spreadspace/glt-stream.yml')
| -rw-r--r-- | _graveyard_/spreadspace/glt-stream.yml | 148 |
1 files changed, 148 insertions, 0 deletions
diff --git a/_graveyard_/spreadspace/glt-stream.yml b/_graveyard_/spreadspace/glt-stream.yml new file mode 100644 index 00000000..c76904ab --- /dev/null +++ b/_graveyard_/spreadspace/glt-stream.yml @@ -0,0 +1,148 @@ +--- +- name: Basic Setup + hosts: glt-stream + roles: + - role: apt-repo/base + - role: core/base + - role: core/sshd/base + - role: core/zsh + - role: core/ntp + - role: apt-repo/spreadspace + - role: x509/acmetool/base + - role: nginx/base + - name: storage/lvm/base + post_tasks: + - name: create base directory for static www content + file: + path: /srv/www/stream + state: directory + + - name: configure default vhost stream.linuxtage.at + vars: + nginx_vhost: + default: yes + name: stream + template: generic + tls: + certificate_provider: acmetool + hostnames: + - stream.linuxtage.at + extra_directives: |- + add_header Access-Control-Allow-Headers "origin,range,accept-encoding,referer"; + add_header Access-Control-Allow-Methods "GET,HEAD,OPTIONS"; + add_header Access-Control-Allow-Origin "*"; + add_header Access-Control-Expose-Headers "Server,range,Content-Length,Content-Range,Date"; + + {% for room_id in [1,2,3] %} + location /stats/saal{{ room_id }}/ { + include snippets/proxy-nobuff.conf; + proxy_set_header Host $host; + include snippets/proxy-forward-headers.conf; + proxy_pass http://127.0.0.1:{{ 4200 + room_id }}/; + } + {% endfor %} + locations: + '/': + root: /srv/www/stream + index: index.html + '/preped': + root: /srv/www/stream + autoindex: {} + include_role: + name: nginx/vhost + + - name: install golang + apt: + name: go + state: present + + - name: create base directory for stats + file: + path: /srv/www/stats + state: directory + + - name: add user for stats + user: + name: stats + system: yes + home: /srv/www/stats + + - name: create data and gocache directories for stats + loop: + - data + - .gocache + file: + path: "/srv/www/stats/{{ item }}" + state: directory + group: stats + mode: 0775 + + - name: install stats collector script + copy: + src: "{{ global_files_dir }}/glt/stream-stats.go" + dest: /srv/www/stats/stream-stats.go + + - name: install start script for collector + copy: + content: | + #!/bin/bash + ROOM=$1 + case "$ROOM" in + saal1) + PORT=4201 + ;; + saal2) + PORT=4202 + ;; + saal3) + PORT=4203 + ;; + *) + echo "unknown room" + exit 1 + ;; + esac + exec /usr/bin/go run /srv/www/stats/stream-stats.go 127.0.0.1:$PORT /srv/www/stats/data/glt21-$ROOM.json + dest: /srv/www/stats/run.sh + mode: 0755 + + - name: install systemd unit for stats collector + copy: + content: | + [Unit] + Description=GLT21 Stream Stats Collector (%I) + + [Service] + Type=simple + User=stats + Environment="GOCACHE=/srv/www/stats/.gocache" + ExecStart=/srv/www/stats/run.sh %i + Restart=always + RestartSecs=1s + StartLimitBurst=10 + StartLimitIntervalSec=5s + NoNewPrivileges=yes + PrivateTmp=yes + PrivateDevices=yes + ProtectSystem=strict + ReadWritePaths=/srv/www/stats/data /srv/www/stats/.gocache + ProtectHome=yes + ProtectKernelTunables=yes + ProtectControlGroups=yes + RestrictRealtime=yes + RestrictAddressFamilies=AF_INET + + [Install] + WantedBy=multi-user.target + dest: /etc/systemd/system/stream-stats@.service + + - name: make sure stats collector service units are enabled and started + loop: + - saal1 + - saal2 + - saal3 + systemd: + name: "stream-stats@{{ item }}.service" + daemon_reload: yes + enabled: yes + state: started |