move schlagergarten gloria stuff to graveyard

2 files changed, 143 insertions, 0 deletions

diff --git a/_graveyard_/spreadspace/host_vars/sgg-icecast.yml b/_graveyard_/spreadspace/host_vars/sgg-icecast.yml
new file mode 100644
index 00000000..a2fbf9c2
--- /dev/null
+++ b/_graveyard_/spreadspace/host_vars/sgg-icecast.yml
@@ -0,0 +1,11 @@
+$ANSIBLE_VAULT;1.2;AES256;spreadspace
+39363834326634646135336332623265656639643265336365376261623735656232336431633866
+3338626436643936626538396436626435383733356662330a373538303865623430386430343034
+30613631333931373363323962373737656230303162633331333334323663336433306464646466
+3338333661393232620a303932653164376533653266656361633338323962643935343533303736
+37353863343437333362653736353031343737373836393866323762303866626231616665646535
+35396633653666633262386536623139383831313365643734633438306634353463626461363337
+32303636616337306563613937616339336334313235306563616436363438323235323863313632
+31393238346534346335333261343033623831616632343137613737663766373935623962353262
+63376333666466323866336166373636626335633561633166343535653539306138643164306632
+3833316531323761613465383437646336643763646266643032
diff --git a/_graveyard_/spreadspace/sgg-icecast.yml b/_graveyard_/spreadspace/sgg-icecast.yml
new file mode 100644
index 00000000..d9126e38
--- /dev/null
+++ b/_graveyard_/spreadspace/sgg-icecast.yml
@@ -0,0 +1,132 @@
+---
+- name: Basic Setup
+  hosts: sgg-icecast
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd/base
+  - role: core/zsh
+  - role: core/ntp
+  - role: apt-repo/spreadspace
+  - name: storage/lvm/base
+  - role: kubernetes/base
+  - role: kubernetes/standalone/base
+  - role: streaming/icecast
+  - role: x509/acmetool/base
+  - role: nginx/base
+  post_tasks:
+  - name: create base directory for static www content
+    file:
+      path: /srv/www/radio
+      state: directory
+
+  - name: configure default vhost radiogloria.at
+    vars:
+      nginx_vhost:
+        default: yes
+        name: radio
+        template: generic
+        tls:
+          certificate_provider: acmetool
+        hostnames:
+        - radiogloria.at
+        - www.radiogloria.at
+        locations:
+          '/':
+            root: /srv/www/radio
+            index: index.html
+    include_role:
+      name: nginx/vhost
+
+  - name: configure default vhost live.radiogloria.at
+    vars:
+      nginx_vhost:
+        name: radio-stream
+        template: generic
+        tls:
+          certificate_provider: acmetool
+        hostnames:
+        - live.radiogloria.at
+        locations:
+          '/':
+            proxy_pass: http://127.0.0.1:8080
+    include_role:
+      name: nginx/vhost
+
+
+  - name: create base directory for stats
+    file:
+      path: /srv/www/stats-schlagergarten
+      state: directory
+
+  - name: add user for stats
+    user:
+      name: stats
+      system: yes
+      home: /nonexistent
+      create_home: no
+
+  - name: create data directory for stats
+    file:
+      path: /srv/www/stats-schlagergarten/data
+      state: directory
+      group: stats
+      mode: 0775
+
+  - name: install stats collector script
+    copy:
+      content: |
+        #!/bin/bash
+        STATS_D=$(realpath "${BASH_SOURCE%/*}")
+        ts=$(date '+%Y-%m-%d_%H-%M-%S')
+        exec curl -s http://localhost:8080/status-json.xsl | gzip > "$STATS_D/data/$ts.json.gz"
+      dest: /srv/www/stats-schlagergarten/fetch.sh
+      mode: 0755
+
+  - name: install systemd unit for stats collector
+    copy:
+      content: |
+        [Unit]
+        Description=Schlagergarten Stream Stats Collector
+
+        [Service]
+        Type=oneshot
+        User=stats
+        ExecStart=/srv/www/stats-schlagergarten/fetch.sh
+        TimeoutStartSec=20s
+        TimeoutStartFailureMode=kill
+        NoNewPrivileges=yes
+        PrivateTmp=yes
+        PrivateDevices=yes
+        ProtectSystem=strict
+        ReadWritePaths=/srv/www/stats-schlagergarten/data
+        ProtectHome=yes
+        ProtectKernelTunables=yes
+        ProtectControlGroups=yes
+        RestrictRealtime=yes
+        RestrictAddressFamilies=AF_INET
+
+        [Install]
+        WantedBy=multi-user.target
+      dest: /etc/systemd/system/stats-schlagergarten.service
+
+  - name: install systemd timer for stats collector
+    copy:
+      content: |
+        [Unit]
+        Description=Schlagergarten Stream Stats Collector
+
+        [Timer]
+        OnCalendar=minutely
+        AccuracySec=0s
+
+        [Install]
+        WantedBy=timers.target
+      dest: /etc/systemd/system/stats-schlagergarten.timer
+
+  - name: make sure stats collector timer unit is enabled and started
+    systemd:
+      name: stats-schlagergarten.timer
+      daemon_reload: yes
+      enabled: yes
+      state: started