all sorts of shit

remove magnataur
fix tls certs bug
add comet
add owncast skeleton

6 files changed, 92 insertions, 3 deletions

diff --git a/ansible/files/comet.cyberia.club/nginx/prometheus.cyberia.club.conf b/ansible/files/comet.cyberia.club/nginx/prometheus.cyberia.club.conf
new file mode 100644
index 0000000..c5f6556
--- /dev/null
+++ b/ansible/files/comet.cyberia.club/nginx/prometheus.cyberia.club.conf
@@ -0,0 +1,22 @@
+server {
+    listen 80;
+    server_name stream.cyberia.club;
+    include /etc/nginx/snippets/letsencrypt.conf;
+    location / {
+        return 302 https://stream.cyberia.club/;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name stream.cyberia.club;
+    include /etc/nginx/snippets/ssl.conf;
+    ssl_certificate     /etc/ssl/uacme/stream.cyberia.club/cert.pem;
+    ssl_certificate_key /etc/ssl/uacme/private/stream.cyberia.club/key.pem;
+
+    location / {
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_pass http://localhost:8080;
+    }
+}
diff --git a/ansible/group_vars/streamservers b/ansible/group_vars/streamservers
new file mode 100644
index 0000000..93be110
--- /dev/null
+++ b/ansible/group_vars/streamservers
@@ -0,0 +1,4 @@
+---
+
+tls_certs:
+  - stream.cyberia.club
diff --git a/ansible/hosts b/ansible/hosts
index cc33f0a..9964f1e 100644
--- a/ansible/hosts
+++ b/ansible/hosts
@@ -19,8 +19,11 @@ rosewater.cyberia.club
 [mailservers]
 domechild.cyberia.club
 
-[btcpayservers]
-magnataur.cyberia.club
+# [btcpayservers]
+# magnataur.cyberia.club
+
+[streamservers]
+comet.cyberia.club
 
 # external
 
diff --git a/ansible/roles/owncast/tasks/main.yml b/ansible/roles/owncast/tasks/main.yml
new file mode 100644
index 0000000..2ea48ef
--- /dev/null
+++ b/ansible/roles/owncast/tasks/main.yml
@@ -0,0 +1,25 @@
+---
+- name: Add deps
+  package: 
+    name: "{{ item }}"
+    state: present
+  with_items:
+    - ffmpeg
+    - git
+    - go
+
+- name: Start and enable owncast
+  service:
+    name: "{{ item }}"
+    state: started
+    enabled: yes
+  with_items:
+    - owncast
+
+- name: Allow RTMP traffic
+  iptables:
+    chain: INPUT
+    protocol: tcp
+    source: "{{ item }}"
+    destination_port: '1935'
+    jump: ACCEPT
diff --git a/ansible/site.yml b/ansible/site.yml
index 63ca239..d1d6710 100644
--- a/ansible/site.yml
+++ b/ansible/site.yml
@@ -16,7 +16,6 @@
         - nginx-custom-configs
         - nginx
 
-
 - name: setup DBServer
   hosts: dbservers
   become: true
diff --git a/builds/daily/capsul-alpine-3.13.yaml b/builds/daily/capsul-alpine-3.13.yaml
new file mode 100644
index 0000000..66eaafc
--- /dev/null
+++ b/builds/daily/capsul-alpine-3.13.yaml
@@ -0,0 +1,36 @@
+# this builds the capsul alpine 3.13 template
+image: alpine/edge
+packages:
+  - e2fsprogs
+  - qemu-img
+  - qemu-system-x86_64
+  - rsync
+environment:
+  version: 3.13
+  slaves:
+    - deploy@baikal.cyberia.club
+sources:
+  - https://git.cyberia.club/services/capsul-images
+secrets:
+  # deploy@baikal.cyberia.club
+  - aac6b8d1-65c1-4d7f-862f-094716b800e3
+triggers:
+  - action: email
+    condition: failure
+    to: ops <ops@cyberia.club>
+tasks:
+  - genimg: |
+      cd capsul-images/alpine
+      sudo ./build $version
+  - deploy: |
+      cd capsul-images/alpine
+      echo "StrictHostKeyChecking=no" >> ~/.ssh/config
+      for server in "${slaves[@]}"
+      do
+        ssh $server mkdir -p /tank/img/alpine/$version
+        rsync -rzP $version/root.img.qcow2 \
+          ${server}:/tank/img/alpine/$version/new_root.img.qcow2
+        ssh $server \
+          mv /tank/img/alpine/$version/new_root.img.qcow2 \
+             /tank/img/alpine/$version/root.img.qcow2
+      done