159 lines
5.3 KiB
Bash
Executable File
159 lines
5.3 KiB
Bash
Executable File
#!/usr/bin/env bash
|
|
|
|
# Additional Repos
|
|
yum install -y epel-release
|
|
|
|
# RPMfusion (for ffmpeg) - needs PowerTools
|
|
dnf install -y https://mirrors.rpmfusion.org/free/el/rpmfusion-free-release-8.noarch.rpm
|
|
dnf config-manager --enable powertools
|
|
|
|
# xiph multimedia (for icecast)
|
|
curl -o /etc/yum.repos.d/multimedia:xiph.repo \
|
|
https://download.opensuse.org/repositories/multimedia:/xiph/CentOS_8/multimedia:xiph.repo
|
|
|
|
# RaBe Liquidsoap Distribution (RaBe LSD)
|
|
curl -o /etc/yum.repos.d/home:radiorabe:liquidsoap.repo \
|
|
https://download.opensuse.org/repositories/home:/radiorabe:/liquidsoap/CentOS_8/home:radiorabe:liquidsoap.repo
|
|
|
|
# RaBe Audio Packages for Enterprise Linux (RaBe APEL)
|
|
curl -o /etc/yum.repos.d/home:radiorabe:audio.repo \
|
|
https://download.opensuse.org/repositories/home:/radiorabe:/audio/CentOS_8/home:radiorabe:audio.repo
|
|
|
|
# Update all the things (just to be sure we are on latest)
|
|
yum update -y
|
|
|
|
# Database
|
|
yum install -y postgresql-server patch
|
|
|
|
postgresql-setup --initdb
|
|
|
|
patch -f /var/lib/pgsql/data/pg_hba.conf << EOD
|
|
--- pg_hba.conf.orig 2020-12-19 13:10:46.828960307 +0000
|
|
+++ pg_hba.conf 2020-12-19 13:11:37.356290128 +0000
|
|
@@ -78,10 +78,11 @@
|
|
|
|
# "local" is for Unix domain socket connections only
|
|
local all all peer
|
|
+local all all md5
|
|
# IPv4 local connections:
|
|
-host all all 127.0.0.1/32 ident
|
|
+host all all 127.0.0.1/32 md5
|
|
# IPv6 local connections:
|
|
-host all all ::1/128 ident
|
|
+host all all ::1/128 md5
|
|
# Allow replication connections from localhost, by a user with the
|
|
# replication privilege.
|
|
local replication all peer
|
|
EOD
|
|
|
|
systemctl enable postgresql
|
|
systemctl start postgresql
|
|
# create database user airtime with password airtime
|
|
useradd airtime
|
|
echo "airtime:airtime" | chpasswd
|
|
|
|
su -l postgres bash -c 'createuser airtime'
|
|
su -l postgres bash -c 'createdb -O airtime airtime'
|
|
|
|
echo "ALTER USER airtime WITH PASSWORD 'airtime';" | su -l postgres bash -c psql
|
|
echo "GRANT ALL PRIVILEGES ON DATABASE airtime TO airtime;" | su -l postgres bash -c psql
|
|
|
|
# RabbitMQ
|
|
curl -s https://packagecloud.io/install/repositories/rabbitmq/rabbitmq-server/script.rpm.sh | sudo bash
|
|
yum install -y rabbitmq-server
|
|
|
|
systemctl enable rabbitmq-server
|
|
systemctl start rabbitmq-server
|
|
|
|
rabbitmqctl add_user airtime airtime
|
|
rabbitmqctl add_vhost /airtime
|
|
rabbitmqctl set_permissions -p /airtime airtime ".*" ".*" ".*"
|
|
|
|
# LibreTime deps
|
|
# some of these are needed to build pip deps and as such should no be installed
|
|
# on production grade systems (mostly the -devel packages)
|
|
yum install -y \
|
|
cairo-gobject-devel \
|
|
gcc \
|
|
git \
|
|
glib2-devel \
|
|
gobject-introspection-devel \
|
|
openssl-devel \
|
|
php \
|
|
php-xml \
|
|
php-pdo \
|
|
php-pgsql \
|
|
php-bcmath \
|
|
php-mbstring \
|
|
php-json \
|
|
php-process \
|
|
python38-devel \
|
|
python38-psycopg2 \
|
|
httpd \
|
|
icecast \
|
|
liquidsoap \
|
|
alsa-utils \
|
|
selinux-policy \
|
|
policycoreutils-python-utils \
|
|
lsof \
|
|
xmlstarlet
|
|
|
|
# replace icecast init system with proper systemd unit ("ported" from CentOS 7)
|
|
cat > /etc/systemd/system/icecast.service << 'EOD'
|
|
[Unit]
|
|
Description=Icecast Network Audio Streeaming Server
|
|
After=network.target
|
|
|
|
[Service]
|
|
ExecStart=/usr/bin/icecast -c /etc/icecast.xml
|
|
ExecReload=/bin/kill -HUP $MAINPID
|
|
|
|
[Install]
|
|
WantedBy=multi-user.target
|
|
EOD
|
|
|
|
# install manually since it isn't required somewhere later
|
|
python3 -mpip install pycairo
|
|
|
|
# SELinux Setup
|
|
setsebool -P httpd_can_network_connect 1
|
|
setsebool -P httpd_can_network_connect_db 1
|
|
setsebool -P httpd_execmem on # needed by liquidsoap to do stuff when called by php
|
|
setsebool -P httpd_use_nfs 1 # to get nfs mounted /vagrant
|
|
setsebool -P httpd_graceful_shutdown 1 # to allow prefork to shutdown gracefully
|
|
setsebool -P git_system_use_nfs 1 # same for git
|
|
|
|
semanage port -a -t http_port_t -p tcp 9080 # default vagrant web port
|
|
|
|
# Allow apache full access to /vagrant and /etc/airtime
|
|
semanage fcontext -a -t httpd_sys_rw_content_t "/vagrant(/.*)?"
|
|
semanage fcontext -a -t httpd_sys_rw_content_t "/etc/airtime(/.*)?"
|
|
semanage fcontext -a -t httpd_sys_rw_content_t "/srv/airtime(/.*)?"
|
|
|
|
restorecon -Rv /vagrant /etc/airtime /srv/airtime
|
|
|
|
# Disable default apache page
|
|
sed -i -e 's/^/#/' /etc/httpd/conf.d/welcome.conf
|
|
|
|
# Switch to prefork since CentOS will disable mod_php if we use mpm_event
|
|
sed -i \
|
|
-e 's/#LoadModule mpm_prefork_module/LoadModule mpm_prefork_module/' \
|
|
-e 's/LoadModule mpm_event_module/#LoadModule mpm_event_module/' \
|
|
/etc/httpd/conf.modules.d/00-mpm.conf
|
|
|
|
# celery will not run unless we install a specific version (https://github.com/pypa/setuptools/issues/942)
|
|
# this will need to be figured out later on and will get overridden by the docs installer anyhow :(
|
|
pip3 install setuptools==33.1.1
|
|
pip3 freeze setuptools==33.1.1
|
|
|
|
# the web will fail badly if this is not set, using my personal default just because
|
|
echo 'date.timezone=Europe/Zurich' >> /etc/php.d/timezone.ini
|
|
systemctl restart httpd
|
|
|
|
# icecast needs to be available to everyone
|
|
sed -i -e 's@<bind-address>127.0.0.1</bind-address>@<bind-address>0.0.0.0</bind-address>@' /etc/icecast.xml
|
|
systemctl enable --now icecast
|
|
|
|
# let em use alsa
|
|
usermod -a -G audio apache
|