1 files changed, 132 insertions, 0 deletions

diff --git a/_graveyard_/spreadspace/sgg-icecast.yml b/_graveyard_/spreadspace/sgg-icecast.yml
new file mode 100644
index 00000000..d9126e38
--- /dev/null
+++ b/_graveyard_/spreadspace/sgg-icecast.yml
@@ -0,0 +1,132 @@
+---
+- name: Basic Setup
+  hosts: sgg-icecast
+  roles:
+  - role: apt-repo/base
+  - role: core/base
+  - role: core/sshd/base
+  - role: core/zsh
+  - role: core/ntp
+  - role: apt-repo/spreadspace
+  - name: storage/lvm/base
+  - role: kubernetes/base
+  - role: kubernetes/standalone/base
+  - role: streaming/icecast
+  - role: x509/acmetool/base
+  - role: nginx/base
+  post_tasks:
+  - name: create base directory for static www content
+    file:
+      path: /srv/www/radio
+      state: directory
+
+  - name: configure default vhost radiogloria.at
+    vars:
+      nginx_vhost:
+        default: yes
+        name: radio
+        template: generic
+        tls:
+          certificate_provider: acmetool
+        hostnames:
+        - radiogloria.at
+        - www.radiogloria.at
+        locations:
+          '/':
+            root: /srv/www/radio
+            index: index.html
+    include_role:
+      name: nginx/vhost
+
+  - name: configure default vhost live.radiogloria.at
+    vars:
+      nginx_vhost:
+        name: radio-stream
+        template: generic
+        tls:
+          certificate_provider: acmetool
+        hostnames:
+        - live.radiogloria.at
+        locations:
+          '/':
+            proxy_pass: http://127.0.0.1:8080
+    include_role:
+      name: nginx/vhost
+
+
+  - name: create base directory for stats
+    file:
+      path: /srv/www/stats-schlagergarten
+      state: directory
+
+  - name: add user for stats
+    user:
+      name: stats
+      system: yes
+      home: /nonexistent
+      create_home: no
+
+  - name: create data directory for stats
+    file:
+      path: /srv/www/stats-schlagergarten/data
+      state: directory
+      group: stats
+      mode: 0775
+
+  - name: install stats collector script
+    copy:
+      content: |
+        #!/bin/bash
+        STATS_D=$(realpath "${BASH_SOURCE%/*}")
+        ts=$(date '+%Y-%m-%d_%H-%M-%S')
+        exec curl -s http://localhost:8080/status-json.xsl | gzip > "$STATS_D/data/$ts.json.gz"
+      dest: /srv/www/stats-schlagergarten/fetch.sh
+      mode: 0755
+
+  - name: install systemd unit for stats collector
+    copy:
+      content: |
+        [Unit]
+        Description=Schlagergarten Stream Stats Collector
+
+        [Service]
+        Type=oneshot
+        User=stats
+        ExecStart=/srv/www/stats-schlagergarten/fetch.sh
+        TimeoutStartSec=20s
+        TimeoutStartFailureMode=kill
+        NoNewPrivileges=yes
+        PrivateTmp=yes
+        PrivateDevices=yes
+        ProtectSystem=strict
+        ReadWritePaths=/srv/www/stats-schlagergarten/data
+        ProtectHome=yes
+        ProtectKernelTunables=yes
+        ProtectControlGroups=yes
+        RestrictRealtime=yes
+        RestrictAddressFamilies=AF_INET
+
+        [Install]
+        WantedBy=multi-user.target
+      dest: /etc/systemd/system/stats-schlagergarten.service
+
+  - name: install systemd timer for stats collector
+    copy:
+      content: |
+        [Unit]
+        Description=Schlagergarten Stream Stats Collector
+
+        [Timer]
+        OnCalendar=minutely
+        AccuracySec=0s
+
+        [Install]
+        WantedBy=timers.target
+      dest: /etc/systemd/system/stats-schlagergarten.timer
+
+  - name: make sure stats collector timer unit is enabled and started
+    systemd:
+      name: stats-schlagergarten.timer
+      daemon_reload: yes
+      enabled: yes
+      state: started