7 files changed, 217 insertions, 0 deletions

diff --git a/inventory/host_vars/sgg-icecast.yml b/inventory/host_vars/sgg-icecast.yml
index 3b3b609c..cba33d84 100644
--- a/inventory/host_vars/sgg-icecast.yml
+++ b/inventory/host_vars/sgg-icecast.yml
@@ -53,3 +53,24 @@ kubernetes_version: 1.21.0
 kubernetes_container_runtime: docker
 kubernetes_standalone_max_pods: 42
 kubernetes_standalone_cni_variant: with-portmap
+
+
+icecast_instances:
+  schlagergarten:
+    image_version: 2021-04-23.1
+    port: 8080
+
+    source_password: "{{ vault_icecast_secrets['schlagergarten'].source_password }}"
+    relay_password: "{{ vault_icecast_secrets['schlagergarten'].relay_password }}"
+    admin:
+      username: admin
+      password: "{{ vault_icecast_secrets['schlagergarten'].admin_password }}"
+
+    hostname: stream.schlagergartengloria.at
+    location: Graz/Austria
+    contact: info@schlagergartengloria.at
+
+    mountpoints:
+      '/live.mp3':
+        username: live
+        password: "{{ vault_icecast_secrets['schlagergarten'].mountpoint_passwords['live.mp3'] }}"
diff --git a/roles/streaming/icecast/defaults/main.yml b/roles/streaming/icecast/defaults/main.yml
new file mode 100644
index 00000000..673284fd
--- /dev/null
+++ b/roles/streaming/icecast/defaults/main.yml
@@ -0,0 +1,24 @@
+---
+icecast_base_path: /srv/icecast
+
+# icecast_instances:
+#   example:
+#     image_version: 2021-04-23.1
+#     port: 8080
+
+#     source_password: quite-secret
+#     relay_password: quite-secret
+#     admin:
+#       username: admin
+#       password: very-secret
+
+#     ## optional
+#     hostname: stream.example.com
+#     location: Graz/Austria
+#     contact: icecast@example.com
+
+#     mountpoints:
+#       '/test.mp3':
+#         username: ## optional
+#         password: secret
+#         max_listeners: ## optional
diff --git a/roles/streaming/icecast/tasks/main.yml b/roles/streaming/icecast/tasks/main.yml
new file mode 100644
index 00000000..cbd9f909
--- /dev/null
+++ b/roles/streaming/icecast/tasks/main.yml
@@ -0,0 +1,40 @@
+---
+- name: create icecast instance directory
+  loop: "{{ icecast_instances | list }}"
+  file:
+    path: "{{ icecast_base_path }}/{{ item }}"
+    state: directory
+
+- name: create icecast log directory
+  loop: "{{ icecast_instances | list }}"
+  file:
+    dest: "{{ icecast_base_path }}/{{ item }}/logs"
+    state: directory
+    owner: app
+    group: app
+
+- name: generate icecast config
+  loop: "{{ icecast_instances | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  template:
+    src: icecast.xml.j2
+    dest: "{{ icecast_base_path }}/{{ item.key }}/icecast.xml"
+    owner: root
+    group: app
+    mode: 0640
+
+- name: install pod manifest
+  loop: "{{ icecast_instances | dict2items }}"
+  loop_control:
+    label: "{{ item.key }}"
+  vars:
+    kubernetes_standalone_pod:
+      name: "icecast-{{ item.key }}"
+      spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
+      config_hash_items:
+      - path: "{{ icecast_base_path }}/{{ item.key }}/icecast.xml"
+        properties:
+        - checksum
+  include_role:
+    name: kubernetes/standalone/pod
diff --git a/roles/streaming/icecast/templates/icecast.xml.j2 b/roles/streaming/icecast/templates/icecast.xml.j2
new file mode 100644
index 00000000..3bf0044a
--- /dev/null
+++ b/roles/streaming/icecast/templates/icecast.xml.j2
@@ -0,0 +1,71 @@
+<icecast>
+<!-- ***** global ***** -->
+    <listen-socket>
+        <port>8080</port>
+    </listen-socket>
+
+    <limits>
+        <threadpool>5</threadpool>
+        <queue-size>524288</queue-size>
+        <client-timeout>30</client-timeout>
+        <header-timeout>15</header-timeout>
+        <source-timeout>10</source-timeout>
+        <burst-on-connect>1</burst-on-connect>
+        <burst-size>32768</burst-size>
+    </limits>
+
+    <authentication>
+        <source-password>{{ item.value.source_password }}</source-password>
+        <relay-password>{{ item.value.relay_password }}</relay-password>
+        <admin-user>{{ item.value.admin.username }}</admin-user>
+        <admin-password>{{ item.value.admin.password }}</admin-password>
+    </authentication>
+
+{% if 'hostname' in item.value %}
+    <hostname>{{ item.value.hostname }}</hostname>
+{% endif %}
+{% if 'location' in item.value %}
+    <location>{{ item.value.location }}</location>
+{% endif %}
+{% if 'contact' in item.value %}
+    <admin>{{ item.value.contact }}</admin>
+{% endif %}
+
+
+<!-- ***** mountpoints ***** -->
+{% for mountpoint, config in item.value.mountpoints.items() %}
+    <mount>
+        <mount-name>{{ mountpoint }}</mount-name>
+{%   if 'username' in config %}
+        <username>{{ config.username }}</username>
+{%   endif  %}
+        <password>{{ config.password }}</password>
+{%   if 'max_listeners' in config %}
+        <max-listeners>{{ config.max_listeners }}</max-listeners>
+{%   endif  %}
+    </mount>
+
+{% endfor %}
+
+<!-- ***** aux ***** -->
+    <fileserve>1</fileserve>
+    <paths>
+        <basedir>/usr/share/icecast2</basedir>
+        <logdir>/srv/logs</logdir>
+        <webroot>/usr/share/icecast2/web</webroot>
+        <adminroot>/usr/share/icecast2/admin</adminroot>
+        <alias source="/" dest="/status.xsl"/>
+    </paths>
+
+    <logging>
+        <errorlog>-</errorlog>
+        <accesslog>access.log</accesslog>
+      	<loglevel>3</loglevel> <!-- 4 Debug, 3 Info, 2 Warn, 1 Error -->
+      	<logsize>100000</logsize> <!-- Max size of a logfile -->
+    </logging>
+
+    <security>
+        <chroot>0</chroot>
+    </security>
+<!-- ***** end ***** -->
+</icecast>
diff --git a/roles/streaming/icecast/templates/pod-spec.yml.j2 b/roles/streaming/icecast/templates/pod-spec.yml.j2
new file mode 100644
index 00000000..5dc0b086
--- /dev/null
+++ b/roles/streaming/icecast/templates/pod-spec.yml.j2
@@ -0,0 +1,31 @@
+securityContext:
+  allowPrivilegeEscalation: false
+  runAsUser: 990
+  runAsGroup: 990
+containers:
+- name: icecast
+  image: registry.gitlab.com/spreadspace/docker/icecast:{{ item.value.image_version }}
+  imagePullPolicy: Always
+  resources:
+    limits:
+      memory: "512Mi"
+  args:
+  - icecast2
+  - -c
+  - /srv/icecast.xml
+  volumeMounts:
+  - name: home
+    mountPath: /srv/icecast.xml
+    subPath: icecast.xml
+    readOnly: true
+  - name: home
+    mountPath: /srv/logs
+    subPath: logs
+  ports:
+  - containerPort: 8080
+    hostPort: {{ item.value.port }}
+
+volumes:
+- name: home
+  hostPath:
+    path: "{{ icecast_base_path }}/{{ item.key }}"
diff --git a/spreadspace/host_vars/sgg-icecast.yml b/spreadspace/host_vars/sgg-icecast.yml
new file mode 100644
index 00000000..c0e42963
--- /dev/null
+++ b/spreadspace/host_vars/sgg-icecast.yml
@@ -0,0 +1,18 @@
+$ANSIBLE_VAULT;1.2;AES256;spreadspace
+39356439616363336239303163333166353034663966653934623963326433363061646164313031
+3862333763653737313830346237636531363966326336360a646166333832303135353833303831
+33393163633339636334653337346164636663653839306662616463386633396130643062376364
+3565333734323136340a306163663337663863616633613837636364643231353138393661353163
+33306332323030336566376634616663643636663335373033363935613964333166663661656138
+34636336383532646535396135303064653664626564333666623833303930396630633663356136
+39613038373831396662623630636338636164373664656235666362313633306439613631383064
+38613733613861663666666431373234306539666638616564353034396335656434393364613532
+30643032373332646335386566373866366536643866633537353061623866666234643862306464
+38666634653539396336393235343232363664326361386566666466633931373765383463613965
+63333262666230613033326364656235313530363932643461386362363839323035336436313130
+37316138323363613632626338353630643831643332396363333264653631383061396266383530
+32633032613631643530653534653563356539373836353934383062646434383062303162393934
+33383262303137396566656333626131636430656136666664656432646431383838303137346133
+36306465333335316131626165383937313237353461616464333933333837373166336130356539
+33666666646561373735643131656235366336303362633131363436613834376338383362306334
+61316435333265626339363965353836373464613338356137393434663539336164
diff --git a/spreadspace/sgg-icecast.yml b/spreadspace/sgg-icecast.yml
new file mode 100644
index 00000000..9a10dd4f
--- /dev/null
+++ b/spreadspace/sgg-icecast.yml
@@ -0,0 +1,12 @@
+---
+- name: Basic Setup
+  hosts: sgg-icecast
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd/base
+  - role: core/zsh
+  - role: core/ntp
+  - role: kubernetes/base
+  - role: kubernetes/standalone/base
+  - role: streaming/icecast