summaryrefslogtreecommitdiff
path: root/spreadspace/glt-stream.yml
blob: e355d1264cb85c366697296b8c93ee132d47ab1d (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
---
- name: Basic Setup
  hosts: glt-stream
  roles:
  - role: apt-repo/base
  - role: core/base
  - role: core/sshd/base
  - role: core/zsh
  - role: core/ntp
  - role: apt-repo/spreadspace
  - role: x509/acmetool/base
  - role: nginx/base
  - name: storage/lvm/volume
    lvm_volume:
      vg: "{{ host_name }}"
      lv: www
      size: 10G
      fs: ext4
      dest: /srv/www
  post_tasks:
  - name: create base directory for static www content
    file:
      path: /srv/www/stream
      state: directory

  - name: configure default vhost stream.linuxtage.at
    vars:
      nginx_vhost:
        default: yes
        name: stream
        template: generic
        tls:
          certificate_provider: acmetool
        hostnames:
        - stream.linuxtage.at
        extra_directives: |-
          add_header Access-Control-Allow-Headers "origin,range,accept-encoding,referer";
          add_header Access-Control-Allow-Methods "GET,HEAD,OPTIONS";
          add_header Access-Control-Allow-Origin "*";
          add_header Access-Control-Expose-Headers "Server,range,Content-Length,Content-Range,Date";

          {% for room_id in [1,2,3] %}
          location /stats/saal{{ room_id }}/ {
              include snippets/proxy-nobuff.conf;
              proxy_set_header Host $host;
              include snippets/proxy-forward-headers.conf;
              proxy_pass http://127.0.0.1:{{ 4200 + room_id }}/;
          }
          {% endfor %}
        locations:
          '/':
            root: /srv/www/stream
            index: index.html
          '/preped':
            root: /srv/www/stream
            autoindex: {}
    include_role:
      name: nginx/vhost

  - name: install golang
    apt:
      name: go
      state: present

  - name: create base directory for stats
    file:
      path: /srv/www/stats
      state: directory

  - name: add user for stats
    user:
      name: stats
      system: yes
      home: /srv/www/stats

  - name: create data and gocache directories for stats
    loop:
      - data
      - .gocache
    file:
      path: "/srv/www/stats/{{ item }}"
      state: directory
      group: stats
      mode: 0775

  - name: install stats collector script
    copy:
      src: "{{ global_files_dir }}/glt/stream-stats.go"
      dest: /srv/www/stats/stream-stats.go

  - name: install start script for collector
    copy:
      content: |
        #!/bin/bash
        ROOM=$1
        case "$ROOM" in
          saal1)
            PORT=4201
            ;;
          saal2)
            PORT=4202
            ;;
          saal3)
            PORT=4203
            ;;
          *)
            echo "unknown room"
            exit 1
            ;;
        esac
        exec /usr/bin/go run /srv/www/stats/stream-stats.go 127.0.0.1:$PORT /srv/www/stats/data/glt21-$ROOM.json
      dest: /srv/www/stats/run.sh
      mode: 0755

  - name: install systemd unit for stats collector
    copy:
      content: |
        [Unit]
        Description=GLT21 Stream Stats Collector (%I)

        [Service]
        Type=simple
        User=stats
        Environment="GOCACHE=/srv/www/stats/.gocache"
        ExecStart=/srv/www/stats/run.sh %i
        Restart=always
        RestartSecs=1s
        StartLimitBurst=10
        StartLimitIntervalSec=5s
        NoNewPrivileges=yes
        PrivateTmp=yes
        PrivateDevices=yes
        ProtectSystem=strict
        ReadWritePaths=/srv/www/stats/data /srv/www/stats/.gocache
        ProtectHome=yes
        ProtectKernelTunables=yes
        ProtectControlGroups=yes
        RestrictRealtime=yes
        RestrictAddressFamilies=AF_INET

        [Install]
        WantedBy=multi-user.target
      dest: /etc/systemd/system/stream-stats@.service

  - name: make sure stats collector service units are enabled and started
    loop:
    - saal1
    - saal2
    - saal3
    systemd:
      name: "stream-stats@{{ item }}.service"
      daemon_reload: yes
      enabled: yes
      state: started