From 1e4989e67d93e70f64a2d887b632803de6939750 Mon Sep 17 00:00:00 2001 From: Jimbo Date: Sat, 7 Sep 2024 00:38:19 -0400 Subject: [PATCH] Add initial support for Icecast and Liquidsoap, to later replace Azuracast and Docker --- nixos/modules/ips.nix | 1 + nixos/server.nix | 1 + nixos/server/firewall.nix | 16 ++++++++------- nixos/server/icecast.nix | 41 +++++++++++++++++++++++++++++++++++-- nixos/server/wireguard.nix | 12 +++++++---- secrets.nix | Bin 2061 -> 2107 bytes 6 files changed, 58 insertions(+), 13 deletions(-) diff --git a/nixos/modules/ips.nix b/nixos/modules/ips.nix index 82e98a1..8e9d6a6 100644 --- a/nixos/modules/ips.nix +++ b/nixos/modules/ips.nix @@ -4,4 +4,5 @@ rec { server = "${localSpan}.2"; pc = "${localSpan}.3"; vm = "${localSpan}.4"; + hx = "${localSpan}.70"; } diff --git a/nixos/server.nix b/nixos/server.nix index 7039f68..9ecb5be 100644 --- a/nixos/server.nix +++ b/nixos/server.nix @@ -22,6 +22,7 @@ ./server/acme.nix ./server/ddclient.nix ./server/docker.nix + ./server/icecast.nix ./server/firewall.nix ./server/gitea.nix ./server/lemmy.nix diff --git a/nixos/server/firewall.nix b/nixos/server/firewall.nix index 6173789..c1082ae 100644 --- a/nixos/server/firewall.nix +++ b/nixos/server/firewall.nix @@ -29,16 +29,18 @@ chain PREROUTING { type nat hook prerouting priority dstnat; policy accept; tcp dport 2211 dnat to ${ips.pc}:22 comment "SSH to PC" - udp dport { 27005, 27015, 7777 } dnat to ${ips.pc} comment "Games to PC" + udp dport { 27005, 27015, 7777 } dnat to ${ips.pc} comment "PC Hosted Games" - tcp dport { 58010, 57989, 57984 } dnat to ${ips.pc} comment "Sunshine TCP to PC" - udp dport { 57998, 57999, 58000 } dnat to ${ips.pc} comment "Sunshine UDP to PC" + tcp dport { 58010, 57989, 57984 } dnat to ${ips.pc} comment "PC Sunshine TCP" + udp dport { 57998, 57999, 58000 } dnat to ${ips.pc} comment "PC Sunshine UDP" - tcp dport { 38010, 37989, 37984 } dnat to ${ips.vm} comment "Sunshine TCP to VM" - udp dport { 37998, 37999, 38000 } dnat to ${ips.vm} comment "Sunshine UDP to VM" + tcp dport { 38010, 37989, 37984 } dnat to ${ips.vm} comment "VM Sunshine TCP" + udp dport { 37998, 37999, 38000 } dnat to ${ips.vm} comment "VM Sunshine UDP" + + udp dport { 7790, 7791, 7792 } dnat to ${ips.hx} comment "Deus Ex" - ip saddr ${outputs.secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR TCP to VM" - ip saddr ${outputs.secrets.cornIP} udp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR UDP to VM" + ip saddr ${outputs.secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${ips.vm} comment "VM ALVR TCP" + ip saddr ${outputs.secrets.cornIP} udp dport { 9943, 9944 } dnat to ${ips.vm} comment "VM ALVR UDP" } chain POSTROUTING { type nat hook postrouting priority 100; policy accept; diff --git a/nixos/server/icecast.nix b/nixos/server/icecast.nix index 1a2f5cc..42926c7 100644 --- a/nixos/server/icecast.nix +++ b/nixos/server/icecast.nix @@ -1,4 +1,4 @@ -{outputs, ...}: { +{pkgs, outputs, ...}: { # Icecast, replacing Azuracast maybe services = { icecast = { @@ -7,8 +7,45 @@ hostname = "icecast.${outputs.secrets.jimDomain}"; admin = { user = "jimbo"; - password = "${outputs.secrets.castPass}"; + password = "${outputs.secrets.castAdminPass}"; }; + extraConf = '' + + ${outputs.secrets.castSourcePass} + + ''; + }; + liquidsoap.streams = let + jimbops = '' + # CONFIGURATION + settings.log.stdout.set(true) + settings.init.allow_root.set(true) + settings.scheduler.fast_queues.set(2) + settings.decoder.file_extensions.mp4.set(["m4a", "m4b", "m4p", "m4v", "m4r", "3gp", "mp4"]) + + # Define the source with random playlist + jimbops = mksafe(normalize(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/"))) + + # Ensure the stream never stops + jimbops_fallback = fallback([jimbops, jimbops]) + + # Output configuration to Icecast + output.icecast( + %vorbis(channels=2, samplerate=48000, quality=0.8), + host="127.0.0.1", + port=265, + password="${outputs.secrets.castSourcePass}", + description="JimBops Radio", + url="https://icecast.jimbosfiles.com/jimbops.opus", + public=true, + icy_metadata=["artist", "title"], + genre="My personal music folder.", + mount="jimbops.opus", + jimbops_fallback + ) + ''; + in { + JimBops = pkgs.writeText "liquidjim" jimbops; }; nginx.virtualHosts."icecast.${outputs.secrets.jimDomain}" = { enableACME = true; diff --git a/nixos/server/wireguard.nix b/nixos/server/wireguard.nix index 6873d8a..02ba8f4 100644 --- a/nixos/server/wireguard.nix +++ b/nixos/server/wireguard.nix @@ -2,10 +2,14 @@ ips = import ../modules/ips.nix; in { # enable NAT - networking.nat.enable = true; - networking.nat.externalInterface = "${ips.netInt}"; - networking.nat.internalInterfaces = [ "wg0" ]; - networking.firewall.allowedUDPPorts = [ 51820 ]; + networking = { + nat = { + enable = true; + externalInterface = "${ips.netInt}"; + internalInterfaces = [ "wg0" ]; + }; + firewall.allowedUDPPorts = [ 51820 ]; + }; networking.wireguard = { enable = true; diff --git a/secrets.nix b/secrets.nix index bcf084a8288927f988b1e78c83663279e10937c9..48d581b0a1890ae46746264963ef2e5f65dc2e1d 100644 GIT binary patch literal 2107 zcmV-B2*mdQM@dveQdv+`0A(xA8ff3$D7R>*gyN?A*R%y@+(E($$$&A*ofKuq(6G8Xnm-TGUbCB?V?KfK4jF6 zs_pC9n{<+poGgv32ywILFtf#-X;_~tdXn!)O9UT*@V!yLZy6R@GY4d;tdTj0QU>As zblto{*b>E7l4M%t;O57)&;E8fc&3}JCWS}mp-RAlZ~VV5B_I%+87mz-;Tzz|rhdnW zcV=?lBv%P2go)Z-6e;PX&VNOue}3gfkl^J;VzVsLZn0LEX}3WWOo69g@e(V5?RPKa z69B&G(-veE7O(nCpSd4(&kGFTerblg{D5|*Pdx@|-|s2EK*Q?mKzsM&t^D~-)#?#k zTs5^dkFwwC|KeF1S+s=O1y;OT4{w<|6+{2^Q83iy&>rN|0Iv`&d`|j?u!)vuqJhr5 ze^D~(n7JtCLdVX#vI?`s=sIQ3?K{=&9O%g)qHMq^2gwIgIN|}}-BPe>J&ML4iCWxW zRs?u{#OK)l)Eu2~V8c%u*JDKl+Br-JrXk zhNS?VxCJt2L2+;0DtWgRm5@9tdY!BVacsDlOMn}T{=373Wizcy_7D5xb+YN!W?cWo zy^FwtN-nvue+48~1H1aeu&QPzcLD^j4#|rp0STkYSBH7D17Fzy1wUR9&41HX6QC#Y zBCUYI4f0w@VyQ|_UhXu7^>)ng!$xmkX8-n6Wpe}T>DodBpn=paC6`QUMza1baA?&c zZm5sP6cXXWoGCY3ExIlJ@rJU4Tgs>MwZi^fN>c$lS^{Ry7^5L2nzvZ*pz+tcKPtI! zhLd%Pa}_rqZ+Ot93@cYUS||l3j1N^Z8mo40If{(*lI9!C-GmP$X_V4 z$s$T7Re)rm^>=-aM>i%KntB>z1ThCUVfl1cWYiBhN-5?_#}V)??O zt$mz@{SeIwogg&MbT=t&glSiXMtBXJ(uBfLz0$xLe3})33suy=K;9>s7;80G8>Pr= z<%jm~F>z84KWC}97{)JCb^n__T^bfqrn{N(xCRo%s@@Nsn>r&sb2;XwD# zl$*gV27vgbyi5Twe$nB_h}8&Aq|{S{zS!=q zQ{HLcvgc?D#Lf;;(*A@g;|8U>E;Hk<-Z2JW=H@&83Oa>pm}ot|4cxcneC()@+?*Mi zF9Z49r#&!nRZpV(cmk5^@vxC&NAu-`V)0xv4&o8{Q#qwLGNw5n?EU|qOM-oQK@Y?W zV2iRu+BrlD0hb1+@WE=;ibIpXu~7WB3pzn^eMiJBGoC2IQHk%%R2f?%=9L@bCii;lZco}fsXtJoM;gXXbGt`cREw@#-SBjpM=wA3$DbNG`V>dFioK% zyoM618|^9|-IU^;BVf=|@=xNg_mXB(MMSy_Su=ws1s==Ti!SHQo5b647O%VRP6GjB z*afpjmDWl?G^5(w!9Fvh1#{-i&cAb^Wq)CGU(Ga;;|Dd6 zF#(BO>eA+Edy{QwlxPUU;^8h*xT02ylSeD}kcxPoQ>f;oKZO|O_>eyZMDPu#zBWU= z45+Ivy!bOup!uE6X!ve`IGX3X5(C!dI^?+`0E6w#r;LbCS{a$cPx$8n+nLgsuqxeu`P*Ty>})Sk|TRhUD;KPM7hVSQfdYG zZ91C+briPlt9g+GnV>*;SwW9plit6P@`%7a6va5NZ?`*$hiKTj;v+?F`va))j`I)9 zcP>f#sL`rfEmN;28va6+G50=tlEzyfBoB^xFrA@s0PduU!5fdKw+W9C6y_%41bYQ!%)aXs5kq8NL&vyC$g;LS8QQ=c&rez-{`M zD{Mu9KwyuOH)vu9^fyvOfEu4HHoD1>ci?AYH9z3CC?gQ~1@hb}d&LdQbsbt?B*U~s7ZtBm^EoBO+q zMyG4DtOnelz}Q5zh7&BGQE0bOavU?C=R@KMT+5$}E4>R0hz=@(=W!8A4C2P#ht=s@ zj}lwFldLWyA zk0BRcypiO>i6Gfv*;|}{vB!P?fkn;;FZAXuJwmLC72aq)I4g^6V8ohqtHyTE@&f#ykl)8gI zm8!V2y)nZ>yDNwHmG{L;_rlP?!WSZ;y55_~BU%{?_}f%PT|- zCmw5>%W*me3XVM@#J>)Qm(i9#i@<$kWpv^u19wGObp1R}@2s;$#y5u`+G)BDa}c>V0V_p4)_fFZDV rUrqU{7ReE%v>uMJj2b82p96+kuuY42Q$(fo-j{0lx7VBCXMhV_Ozr>y