Congegni
/
sintonia
7
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

chore: use a secure dev environment

This commit is contained in:
jo 2023-04-11 19:30:46 +02:00 committed by Kyle Robbertze
parent edf96ac5fc
commit d4c272db49
7 changed files with 84 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -8,6 +8,7 @@
*~ *~
VERSION VERSION
/dev/certs/*
/dev/playout/* /dev/playout/*
/website/ /website/

13
Makefile
View File

@ -10,7 +10,18 @@ setup:
.env: .env:
cp .env.dev .env cp .env.dev .env
dev: .env dev-certs:
rm -f dev/certs/fake.*
openssl req -x509 \
-newkey rsa:2048 \
-days 365 \
-nodes \
-subj "/CN=localhost" -addext "subjectAltName=DNS:localhost,IP:127.0.0.1" \
-keyout dev/certs/fake.key \
-out dev/certs/fake.crt
cat dev/certs/fake.{key,crt} > dev/certs/fake.pem
dev: .env dev-certs
DOCKER_BUILDKIT=1 docker-compose build DOCKER_BUILDKIT=1 docker-compose build
docker-compose run --rm legacy make build docker-compose run --rm legacy make build
docker-compose run --rm api libretime-api migrate docker-compose run --rm api libretime-api migrate

0
dev/certs/.gitkeep Normal file
View File

3
dev/config.yml
View File

@ -31,6 +31,7 @@ stream:
- <<: *default_icecast_output - <<: *default_icecast_output
enabled: true enabled: true
mount: main.ogg mount: main.ogg
public_url: https://localhost:8443/main.ogg
audio: audio:
format: ogg format: ogg
bitrate: 256 bitrate: 256
@ -38,6 +39,7 @@ stream:
- <<: *default_icecast_output - <<: *default_icecast_output
enabled: true enabled: true
mount: main.opus mount: main.opus
public_url: https://localhost:8443/main.opus
audio: audio:
format: opus format: opus
bitrate: 256 bitrate: 256
@ -45,6 +47,7 @@ stream:
- <<: *default_icecast_output - <<: *default_icecast_output
enabled: true enabled: true
mount: main.mp3 mount: main.mp3
public_url: https://localhost:8443/main.mp3
audio: audio:
format: mp3 format: mp3
bitrate: 256 bitrate: 256

61
dev/icecast.xml Normal file
View File

@ -0,0 +1,61 @@
<icecast>
<location>Earth</location>
<admin>icemaster@localhost</admin>
<limits>
<clients>100</clients>
<sources>10</sources>
<queue-size>524288</queue-size>
<client-timeout>30</client-timeout>
<header-timeout>15</header-timeout>
<source-timeout>10</source-timeout>
<burst-on-connect>1</burst-on-connect>
<burst-size>65535</burst-size>
</limits>
<authentication>
<source-password>hackme</source-password>
<relay-password>hackme</relay-password>
<admin-user>admin</admin-user>
<admin-password>hackme</admin-password>
</authentication>
<hostname>localhost</hostname>
<listen-socket>
<port>8000</port>
</listen-socket>
<listen-socket>
<port>8443</port>
<ssl>1</ssl>
</listen-socket>
<http-headers>
<header name="Access-Control-Allow-Origin" value="*" />
</http-headers>
<fileserve>1</fileserve>
<paths>
<basedir>/usr/share/icecast</basedir>
<logdir>/var/log/icecast</logdir>
<webroot>/usr/share/icecast/web</webroot>
<adminroot>/usr/share/icecast/admin</adminroot>
<alias source="/" destination="/status.xsl" />
<ssl-certificate>/certs/fake.pem</ssl-certificate>
</paths>
<logging>
<accesslog>access.log</accesslog>
<errorlog>-</errorlog>
<loglevel>3</loglevel>
<logsize>10000</logsize>
</logging>
<security>
<chroot>0</chroot>
</security>
</icecast>

6
docker-compose.override.yml
View File

@ -72,5 +72,11 @@ services:
- ./legacy:/var/www/html - ./legacy:/var/www/html
icecast: icecast:
ports:
- 8000:8000
- 8443:8443
environment: environment:
ICECAST_MAX_SOURCES: 10 ICECAST_MAX_SOURCES: 10
volumes:
- ./dev/certs:/certs
- ./dev/icecast.xml:/etc/icecast.xml

1
docs/contributor-manual/development-environment.md
View File

@ -17,6 +17,7 @@ cp .env.dev .env
DOCKER_BUILDKIT=1 docker-compose build DOCKER_BUILDKIT=1 docker-compose build
# Setup # Setup
make dev-certs
docker-compose run --rm legacy make build docker-compose run --rm legacy make build
docker-compose run --rm api libretime-api migrate docker-compose run --rm api libretime-api migrate