This site is currently under maintenance. Please check back later!
9 | 10 | 11 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/encoder-webinterface/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Reload nginx 3 | systemd: 4 | name: nginx 5 | state: reloaded 6 | 7 | - name: Restart nginx 8 | systemd: 9 | name: nginx 10 | state: restarted 11 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/encoder-webinterface/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: config_nginx_sreview.yml 3 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/encoder-webinterface/templates/nginx/sites-enabled/sreview-web-http.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | server { 4 | listen 80; 5 | listen [::]:80; 6 | server_name review.video.fosdem.org; 7 | 8 | root /var/www/html; 9 | 10 | index index.html; 11 | 12 | location /.well-known/ { 13 | alias {{ letsencrypt_well_known_dir }}/; 14 | } 15 | 16 | location / { 17 | return 301 https://$host$request_uri; 18 | } 19 | } 20 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/encoder-webinterface/templates/nginx/sites-enabled/sreview-web-https.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | server { 4 | listen 443 ssl http2; 5 | listen [::]:443 ssl http2; 6 | server_name review.video.fosdem.org; 7 | 8 | ssl_certificate /etc/ssl/ansible/certs/sreview-web.fullchain.pem; 9 | ssl_certificate_key /etc/ssl/ansible/private/sreview-web.key; 10 | client_max_body_size 2G; 11 | 12 | add_header Strict-Transport-Security max-age=15768000; 13 | 14 | root /var/www/html; 15 | 16 | index index.html; 17 | 18 | location / { 19 | proxy_set_header Host $http_host; 20 | proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; 21 | proxy_set_header X-Forwarded-Proto $scheme; 22 | proxy_set_header Upgrade $http_upgrade; 23 | 24 | proxy_pass http://localhost:8080/; 25 | } 26 | 27 | location /video { 28 | root /srv/sreview/storage; 29 | } 30 | location /pages { 31 | root /var/www/html/; 32 | } 33 | 34 | access_log /var/log/nginx/sreview-access.log; 35 | error_log /var/log/nginx/sreview-error.log; 36 | error_page 502 /pages/maint.html; 37 | } 38 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/helm-kubequeue/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: enable kubequeue helm chart repository 3 | kubernetes.core.helm_repository: 4 | name: kubequeue 5 | repo_url: https://gitlab.grep.be/api/v4/projects/14/packages/helm/dev 6 | 7 | - name: install kubequeue helm chart 8 | kubernetes.core.helm: 9 | name: kubequeue 10 | namespace: kubequeue 11 | create_namespace: true 12 | chart_ref: kubequeue/kubequeue 13 | update_repo_cache: true 14 | values: 15 | containerLabel: git-a03a0403 16 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/helm-sreview/files/announce.ep: -------------------------------------------------------------------------------- 1 | Hi! 2 | 3 | This is to inform you that the video of your talk, titled 4 | 5 | <%= $title %> 6 | 7 | has now been released and will soon be available at 8 | 9 | <%= $talk->eventurl %> 10 | 11 | It may be a few hours before our mirrors get the files and the links work. 12 | 13 | Feel free to announce it to whoever you think may be interested! 14 | 15 | Thanks for speaking at FOSDEM, 16 | 17 | The FOSDEM team. 18 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/helm-sreview/files/fosdem_video_post.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FOSDEM/infrastructure/1ac1eeaed13db8b891796016d7a95357553238f2/ansible/playbooks/roles/helm-sreview/files/fosdem_video_post.png -------------------------------------------------------------------------------- /ansible/playbooks/roles/helm/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: create directory 3 | file: 4 | path: /opt/helm 5 | state: directory 6 | 7 | - name: install helm 8 | unarchive: 9 | src: "https://get.helm.sh/helm-v3.10.3-linux-amd64.tar.gz" 10 | dest: "/opt/helm/" 11 | copy: false 12 | 13 | - name: create symlink to helm binary 14 | file: 15 | path: /usr/local/bin/helm 16 | state: link 17 | src: /opt/helm/linux-amd64/helm 18 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/hwraid/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | hwraid_packages: 3 | - megacli 4 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/hwraid/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Install hwraid packages from https://hwraid.le-vert.net/wiki/DebianPackages 3 | 4 | - name: Install gpg key 5 | apt_key: 6 | url: https://hwraid.le-vert.net/debian/hwraid.le-vert.net.gpg.key 7 | 8 | - name: Install apt repo 9 | apt_repository: 10 | filename: hwraid 11 | repo: "deb http://hwraid.le-vert.net/{{ ansible_distribution | lower }} {{ ansible_distribution_release }} main" 12 | 13 | - name: Install hwraid packages 14 | apt: 15 | package: "{{ hwraid_packages }}" 16 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/ipmitool/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart ipmi_metrics.timer 3 | become: true 4 | systemd: 5 | daemon_reload: true 6 | name: ipmi_metrics.timer 7 | state: restarted 8 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/ipmitool/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Copy prometheus tool 3 | copy: 4 | src: ipmi_sensor_prometheus.py 5 | dest: /usr/local/sbin/ipmi_sensor_prometheus.py 6 | owner: root 7 | mode: 0755 8 | 9 | - name: install kernel modules 10 | modprobe: 11 | name: "{{ item }}" 12 | state: present 13 | with_items: 14 | - acpi_ipmi 15 | - ipmi_devintf 16 | - ipmi_si 17 | 18 | - name: install packages 19 | apt: 20 | state: latest 21 | install_recommends: false 22 | package: 23 | - ipmitool 24 | 25 | - name: Install ipmi_metrics systemd service file 26 | notify: 27 | - restart ipmi_metrics.timer 28 | template: 29 | src: "{{ item }}" 30 | dest: "/etc/systemd/system/{{ item }}" 31 | with_items: 32 | - ipmi_metrics.service 33 | - ipmi_metrics.timer 34 | 35 | - name: Enable ipmi_metrics service/timer 36 | systemd: 37 | name: "{{ item }}" 38 | enabled: true 39 | daemon_reload: true 40 | with_items: 41 | - ipmi_metrics.service 42 | - ipmi_metrics.timer 43 | 44 | - name: Start ipmi_metrics timer 45 | systemd: 46 | name: ipmi_metrics.timer 47 | start: true 48 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/ipmitool/templates/ipmi_metrics.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=ipmi metrics 3 | 4 | [Service] 5 | Type=oneshot 6 | ExecStart=/bin/sh -c '/usr/local/sbin/ipmi_sensor_prometheus.py > {{ node_exporter_textfile_dir }}/ipmi.prom' 7 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/ipmitool/templates/ipmi_metrics.timer: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=ipmi metrics 3 | 4 | [Timer] 5 | OnUnitActiveSec=10s 6 | OnBootSec=10s 7 | 8 | [Install] 9 | WantedBy=timers.target 10 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/json_exporter/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | json_exporter_version: 0.1.0 3 | json_exporter_dl: https://github.com/superq/prometheus-json-exporter/releases/download 4 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/json_exporter/files/config.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Room state has 2 meanings, fullness and alert, when 2 alert is on. 3 | # 0 room is empty and alert is 0 4 | # 1 room is full and alert is 0 5 | # 2 room is full and alert alert alert 6 | - name: fosdem_room 7 | type: object 8 | path: $[*]?(@.state == "2") 9 | labels: 10 | room: $.roomname 11 | value: 12 | emergency: 1 13 | full: 1 14 | 15 | - name: fosdem_room 16 | type: object 17 | path: $[*]?(@.state != "2") 18 | labels: 19 | room: $.roomname 20 | values: 21 | full: $.state 22 | emergency: 0 23 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/json_exporter/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart json_exporter 3 | systemd: name=json_exporter.service state=restarted 4 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/json_exporter/tasks/preflight.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - block: 3 | - name: "Get checksum list" 4 | set_fact: 5 | __json_exporter_checksums: "{{ lookup('url', json_exporter_dl + '/v' + json_exporter_version + '/sha256sums.txt', wantlist=True) | list }}" 6 | run_once: true 7 | 8 | - name: "Get checksum for {{ go_arch }} architecture" 9 | set_fact: 10 | __json_exporter_checksum: "{{ item.split(' ')[0] }}" 11 | with_items: "{{ __json_exporter_checksums }}" 12 | when: 13 | - "('linux-' + go_arch + '.tar.gz') in item" 14 | delegate_to: localhost 15 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/json_exporter/templates/json_exporter.service.j2: -------------------------------------------------------------------------------- 1 | {{ ansible_managed | comment }} 2 | 3 | [Unit] 4 | Description=JSON Exporter 5 | 6 | [Service] 7 | User=json-exporter 8 | Group=json-exporter 9 | ExecStart=/usr/local/bin/json_exporter https://api.fosdem.org/roomstatus/v1/listrooms /etc/json_exporter/config.yml 10 | ExecReload=/bin/kill -HUP $MAINPID 11 | KillMode=process 12 | Restart=always 13 | 14 | [Install] 15 | WantedBy=multi-user.target 16 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/laptop/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: restart systemd-logind 4 | service: 5 | name: systemd-logind 6 | state: restarted 7 | 8 | - name: update grub 9 | shell: update-grub 10 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/laptop/tasks/cleanup_apt_proxy.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # We use apt proxy during PXE installs, make sure it's cleaned up 4 | # Matching the exact IP address used at the office, just in case we'd actually 5 | # want to use apt proxy somewhere somehow 6 | - name: clean up apt proxy settings 7 | ansible.builtin.lineinfile: 8 | path: /etc/apt/apt.conf 9 | state: absent 10 | regexp: '^Acquire::http::Proxy "http://172.22.10.30:3142";' 11 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/laptop/tasks/disable_suspend.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: disable suspend and hibernate 3 | systemd: 4 | name: "{{ item }}" 5 | enabled: false 6 | masked: true 7 | with_items: 8 | - sleep.target 9 | - suspend.target 10 | - hibernate.target 11 | - hybrid-sleep.target 12 | 13 | 14 | - name: disable systemd lid switch handling 15 | lineinfile: 16 | dest: /etc/systemd/logind.conf 17 | regexp: "^HandleLidSwitch" 18 | line: "HandleLidSwitch=ignore" 19 | state: present 20 | notify: restart systemd-logind 21 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/laptop/tasks/disable_usbcore_autosuspend.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | # this causes issues on some machines, taking up one core 4 | - name: disable usb autosuspend 5 | template: 6 | src: grub/disable-usbcore-autosuspend.cfg 7 | dest: /etc/default/grub.d/disable-usbcore-autosuspend.cfg 8 | owner: root 9 | group: root 10 | mode: 0644 11 | notify: update grub 12 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/laptop/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | # Various tasks to be performed on hosts running on laptops 3 | 4 | - import_tasks: disable_suspend.yml 5 | - import_tasks: disable_usbcore_autosuspend.yml 6 | - import_tasks: cleanup_apt_proxy.yml 7 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/laptop/templates/grub/disable-usbcore-autosuspend.cfg: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT usbcore.autosuspend=-1" 3 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps-tileserver/files/c3nav-tiles.ini: -------------------------------------------------------------------------------- 1 | [uwsgi] 2 | base = /opt/c3nav/src 3 | module = c3nav.tileserver.wsgi 4 | 5 | master = true 6 | processes = 5 7 | 8 | socket = /var/run/c3nav/tiles.sock 9 | vacuum = true 10 | chmod-socket = 660 11 | chown-socket = c3nav:www-data 12 | 13 | # note : this only disables access logs 14 | disable-logging = true 15 | logto=/var/log/c3nav/tiles.log 16 | 17 | die-on-term = true 18 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps-tileserver/files/tmpfiles.d/c3nav.conf: -------------------------------------------------------------------------------- 1 | d /var/run/c3nav 0755 c3nav c3nav - - 2 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps-tileserver/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: reload nginx 3 | service: name=nginx state=reloaded 4 | 5 | - name: reload redis 6 | service: name=redis-server state=reloaded 7 | 8 | - name: reload postgres 9 | service: name=postgres state=reloaded 10 | 11 | - name: clearmapcache 12 | command: source /opt/c3nav/env/bin/activate && \ 13 | /opt/c3nav/src/manage.py clearmapcache --include-geometries \ 14 | --include-history 15 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps-tileserver/tasks/install_packages.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "install packages" 3 | apt: 4 | state: latest 5 | install_recommends: false 6 | package: 7 | - git 8 | - nginx 9 | - uwsgi-plugin-python3 10 | - python3-requests 11 | - python3-numpy 12 | - python3-pylibmc 13 | - memcached 14 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps-tileserver/tasks/virtualenv.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: virtualenv - tileserver 3 | pip: 4 | requirements: /opt/c3nav/src/requirements-tileserver.txt 5 | virtualenv_python: python3.6 6 | virtualenv: /opt/c3nav/env 7 | 8 | - name: install uwsgi with pip 9 | pip: 10 | name: uwsgi 11 | virtualenv_python: python3.6 12 | virtualenv: /opt/c3nav/env 13 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps-tileserver/templates/c3nav-tiles.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=uWSGI c3nav tileserver 3 | 4 | [Service] 5 | ExecStart=/opt/c3nav/env/bin/uwsgi --ini /etc/c3nav/c3nav-tiles.ini 6 | WorkingDirectory=/opt/c3nav/src 7 | User=c3nav 8 | Group=www-data 9 | Environment=C3NAV_UPSTREAM_BASE=https://{{domain}}/ 10 | Environment=C3NAV_TILE_SECRET_FILE=/opt/c3nav/data/.tile_secret 11 | Environment=C3NAV_DATA_DIR=/opt/c3nav/tiledata 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | 16 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps-tileserver/templates/nginx/c3nav-tiles: -------------------------------------------------------------------------------- 1 | server { 2 | listen [::]:80; 3 | listen 80; 4 | server_name {{domain}}; 5 | location / { 6 | uwsgi_pass unix:///var/run/c3nav/tiles.sock; 7 | include uwsgi_params; 8 | } 9 | } 10 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps-tileserver/templates/nginx/c3nav-tiles.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=uWSGI c3nav tileserver 3 | 4 | [Service] 5 | ExecStart=/opt/c3nav/env/bin/uwsgi --ini /etc/c3nav/c3nav-tiles.ini 6 | WorkingDirectory=/opt/c3nav/src 7 | User=c3nav 8 | Group=www-data 9 | Environment=C3NAV_UPSTREAM_BASE=https://{{upstream}}/ 10 | Environment=C3NAV_TILE_SECRET_FILE=/opt/c3nav/data/.tile_secret 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps/files/c3nav-celery.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Celery Service 3 | After=network.target 4 | 5 | [Service] 6 | Type=forking 7 | User=c3nav 8 | Group=c3nav 9 | EnvironmentFile=/etc/c3nav/celery.conf 10 | WorkingDirectory=/opt/c3nav/src 11 | ExecStart=/bin/sh -c '${CELERY_BIN} multi start ${CELERYD_NODES} \ 12 | -A ${CELERY_APP} --pidfile=${CELERYD_PID_FILE} \ 13 | --logfile=${CELERYD_LOG_FILE} --loglevel=${CELERYD_LOG_LEVEL} ${CELERYD_OPTS}' 14 | ExecStop=/bin/sh -c '${CELERY_BIN} multi stopwait ${CELERYD_NODES} \ 15 | --pidfile=${CELERYD_PID_FILE}' 16 | ExecReload=/bin/sh -c '${CELERY_BIN} multi restart ${CELERYD_NODES} \ 17 | -A ${CELERY_APP} --pidfile=${CELERYD_PID_FILE} \ 18 | --logfile=${CELERYD_LOG_FILE} --loglevel=${CELERYD_LOG_LEVEL} ${CELERYD_OPTS}' 19 | 20 | [Install] 21 | WantedBy=multi-user.target 22 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps/files/c3nav-gunicorn.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=gunicorn c3nav daemon 3 | After=network.target 4 | 5 | [Service] 6 | User=c3nav 7 | Group=c3nav 8 | WorkingDirectory=/opt/c3nav/src 9 | ExecStart=/opt/c3nav/env/bin/gunicorn --workers 8 --bind unix:/var/run/c3nav/gunicorn-c3nav.sock c3nav.wsgi:application --log-level warning --error-logfile /var/log/c3nav/gunicorn.log --access-logfile /dev/null 10 | 11 | [Install] 12 | WantedBy=multi-user.target 13 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps/files/celery.conf: -------------------------------------------------------------------------------- 1 | CELERY_BIN="/opt/c3nav/env/bin/celery" 2 | CELERY_APP=c3nav 3 | CELERYD_PID_FILE=/var/run/c3nav/celery.pid 4 | CELERYD_NODES="w1 w2" 5 | CELERYD_LOG_FILE=/var/log/c3nav/celery.log 6 | CELERYD_OPTS="--concurrency=2" 7 | CELERYD_LOG_LEVEL="WARNING" 8 | PYTHONPATH=${PYTHONPATH}:/opt/c3nav/src 9 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps/files/media/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FOSDEM/infrastructure/1ac1eeaed13db8b891796016d7a95357553238f2/ansible/playbooks/roles/maps/files/media/logo.png -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps/files/tmpfiles.d/c3nav.conf: -------------------------------------------------------------------------------- 1 | d /var/run/c3nav 0755 c3nav c3nav - - 2 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: reload nginx 3 | service: name=nginx state=reloaded 4 | 5 | - name: reload redis 6 | service: name=redis-server state=reloaded 7 | 8 | - name: reload postgres 9 | service: name=postgres state=reloaded 10 | 11 | - name: clearmapcache 12 | command: source /opt/c3nav/env/bin/activate && \ 13 | /opt/c3nav/src/manage.py clearmapcache --include-geometries \ 14 | --include-history 15 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps/tasks/configure_celery.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install the c3nav celery service configuration 3 | copy: 4 | src: celery.conf 5 | dest: /etc/c3nav/celery.conf 6 | owner: root 7 | group: root 8 | mode: 0644 9 | 10 | - name: install the c3nav celery service 11 | copy: 12 | src: c3nav-celery.service 13 | dest: /etc/systemd/system 14 | owner: root 15 | group: root 16 | mode: 0644 17 | 18 | - name: enable c3nav celery service 19 | systemd: 20 | name: c3nav-celery 21 | state: started 22 | enabled: true 23 | daemon_reload: true 24 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps/tasks/configure_gunicorn.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install the tmpfiles.d conf 3 | become: true 4 | copy: 5 | src: tmpfiles.d/c3nav.conf 6 | dest: /usr/lib/tmpfiles.d 7 | 8 | - name: configure tmpfiles.d 9 | become: true 10 | command: systemd-tmpfiles --create 11 | 12 | - name: install the c3nav gunicorn service 13 | copy: 14 | src: c3nav-gunicorn.service 15 | dest: /etc/systemd/system 16 | owner: root 17 | group: root 18 | mode: 0644 19 | 20 | - name: enable c3nav gunicorn service 21 | systemd: 22 | name: c3nav-gunicorn 23 | state: started 24 | enabled: true 25 | daemon_reload: true 26 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps/tasks/configure_nginx.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: configure app 4 | template: 5 | src: nginx/c3nav 6 | dest: /etc/nginx/sites-enabled/c3nav 7 | owner: root 8 | group: root 9 | mode: 0644 10 | notify: reload nginx 11 | 12 | - name: remove default config 13 | file: 14 | dest: /etc/nginx/sites-enabled/default 15 | state: absent 16 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps/tasks/install_packages.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "install packages" 3 | apt: 4 | state: latest 5 | install_recommends: false 6 | package: 7 | - git 8 | - libgeos-dev 9 | - librsvg2-bin 10 | - libagg-dev 11 | - libpng-dev 12 | - build-essential 13 | - libfreetype6-dev 14 | - libqhull-dev 15 | - pkg-config 16 | - libjpeg-dev 17 | - libatlas-base-dev 18 | - gettext 19 | - redis-server 20 | - libpq-dev 21 | - python3.8 22 | - python3.8-venv 23 | - python3-pip 24 | - virtualenv 25 | - python3.8-dev 26 | - libmemcached-dev 27 | - python3-psycopg2 28 | - python-setuptools 29 | - python3-setuptools 30 | - python3-tk 31 | - nginx 32 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps/tasks/virtualenv.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create virtualenv 3 | pip: 4 | requirements: /opt/c3nav/src/requirements/production.txt 5 | virtualenv_python: python3.8 6 | virtualenv: /opt/c3nav/env 7 | 8 | - name: virtualenv - tileserver 9 | pip: 10 | requirements: /opt/c3nav/src/requirements-tileserver.txt 11 | virtualenv_python: python3.8 12 | virtualenv: /opt/c3nav/env 13 | 14 | - name: virtualenv - redis 15 | pip: 16 | requirements: /opt/c3nav/src/requirements/redis.txt 17 | virtualenv_python: python3.8 18 | virtualenv: /opt/c3nav/env 19 | 20 | - name: virtualenv - postgresql 21 | pip: 22 | requirements: /opt/c3nav/src/requirements/postgres.txt 23 | virtualenv_python: python3.8 24 | virtualenv: /opt/c3nav/env 25 | 26 | - name: install gunicorn with pip 27 | pip: 28 | name: gunicorn 29 | virtualenv_python: python3.8 30 | virtualenv: /opt/c3nav/env 31 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps/templates/c3nav/c3nav.cfg: -------------------------------------------------------------------------------- 1 | [django] 2 | hosts=* 3 | 4 | [c3nav] 5 | datadir=/opt/c3nav/data 6 | logdir=/var/log/c3nav/ 7 | header_logo=/opt/c3nav/data/media/logo.png 8 | # primary_color=#a41c31 9 | # header_background_color=#000000 10 | 11 | # should be enabled if tilecaching is used 12 | # tile_access_cookie_domain=.nav-test.fosdem.org 13 | # tile_cache_server=https://tiles.nav-test.fosdem.org/ 14 | 15 | 16 | [database] 17 | backend=postgresql 18 | host={{host}} 19 | user={{user}} 20 | name={{name}} 21 | 22 | [redis] 23 | location=redis://localhost/0 24 | 25 | [celery] 26 | broker=redis://localhost/1 27 | backend=redis://localhost/2 28 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/maps/templates/nginx/c3nav: -------------------------------------------------------------------------------- 1 | server { 2 | listen [::]:80; 3 | listen 80; 4 | server_name {{domain}}; 5 | location = /favicon.ico { access_log off; log_not_found off; } 6 | location /static/ { 7 | alias /opt/c3nav/src/c3nav/static.dist/; 8 | } 9 | location /media/ { 10 | alias /opt/c3nav/src/c3nav/media/; 11 | } 12 | location / { 13 | include proxy_params; 14 | proxy_pass http://unix://var/run/c3nav/gunicorn-c3nav.sock; 15 | } 16 | } 17 | 18 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/microk8s/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install microk8s 3 | community.general.snap: 4 | name: microk8s 5 | channel: v1.25/stable 6 | classic: yes 7 | 8 | - name: kubectl config 9 | shell: 10 | creates: /root/.kube/config 11 | cmd: mkdir -p /root/.kube && microk8s config > /root/.kube/config 12 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/mtail/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart mtail 3 | service: 4 | name: mtail 5 | state: restarted 6 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/mtail/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: install mtail from stretch-backports 4 | apt: 5 | state: latest 6 | default_release: stretch-backports 7 | package: 8 | - mtail 9 | when: ansible_distribution_release == "stretch" 10 | 11 | - name: install mtail from main 12 | apt: 13 | state: latest 14 | package: 15 | - mtail 16 | when: ansible_distribution_release != "stretch" 17 | 18 | 19 | - name: enable and start mtail service 20 | service: 21 | name: mtail 22 | state: started 23 | enabled: true 24 | 25 | - name: install mtail defaults file 26 | template: 27 | src: defaults 28 | dest: /etc/default/mtail 29 | notify: 30 | - restart mtail 31 | 32 | - name: install mtail configs 33 | copy: 34 | src: "{{ item }}" 35 | dest: /etc/mtail/ 36 | owner: root 37 | mode: 0644 38 | with_fileglob: 39 | - mtail/*.mtail 40 | notify: 41 | - restart mtail 42 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/mtail/templates/defaults: -------------------------------------------------------------------------------- 1 | # Set to 1 to start Mtail at boot. 2 | ENABLED=1 3 | 4 | ## Log processing. 5 | 6 | # List of files to monitor (mandatory). 7 | LOGS=/var/log/nginx/metrics.log 8 | 9 | ## Metrics exporting. 10 | 11 | # HTTP port to listen on. (default "3903") 12 | #PORT=3903 13 | 14 | # Path to collectd unixsock to write metrics to. 15 | #COLLECTD_SOCKETPATH= 16 | 17 | # Host:port to graphite carbon server to write metrics to. 18 | #GRAPHITE_HOSTPORT= 19 | 20 | # Host:port to statsd server to write metrics to. 21 | #STATSD_HOSTPORT= 22 | 23 | # Interval between metric pushes, in seconds (default 60) 24 | #METRIC_PUSH_INTERVAL= 25 | 26 | # Extra command-line arguments to pass to the server. 27 | #EXTRA_ARGS="" 28 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/oxidized/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install build packages 3 | apt: 4 | state: latest 5 | update_cache: true 6 | cache_valid_time: 3600 7 | package: 8 | - build-essential 9 | - ruby 10 | - ruby-dev 11 | - cmake 12 | - libsqlite3-dev 13 | - libssh2-1-dev 14 | - libssl-dev 15 | - pkg-config 16 | - libicu-dev 17 | - libz-dev 18 | 19 | - name: Add ozidized group 20 | group: 21 | name: oxidized 22 | system: true 23 | 24 | - name: Add oxidized user 25 | user: 26 | name: oxidized 27 | group: oxidized 28 | home: /opt/oxidized 29 | createhome: true 30 | shell: /bin/bash 31 | comment: "oxidized user" 32 | system: true 33 | 34 | - name: Install oxidized 35 | gem: 36 | state: latest 37 | name: "{{ item }}" 38 | with_items: 39 | - oxidized 40 | - oxidized-script 41 | - oxidized-web 42 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/power_supply/files/power_supply_metrics.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | # 3 | # Description: Generate /sys/class/power_supply metrics 4 | 5 | if [[ -f /sys/class/power_supply/AC/online ]] ; then 6 | echo "# HELP node_power_supply_ac_online Boolean if the AC is plugged in" 7 | echo "# TYPE node_power_supply_ac_online gauge" 8 | echo "node_power_supply_ac_online $(< /sys/class/power_supply/AC/online)" 9 | fi 10 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/power_supply/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install helper script 3 | copy: 4 | src: power_supply_metrics.sh 5 | dest: /usr/local/bin/power_supply_metrics.sh 6 | owner: root 7 | mode: 0755 8 | 9 | - name: Add moreutils 10 | apt: 11 | package: moreutils 12 | 13 | - name: Install timer/service unit 14 | template: 15 | src: "{{ item }}" 16 | dest: /etc/systemd/system/ 17 | owner: root 18 | mode: 0644 19 | with_items: 20 | - power_supply_metrics.timer 21 | - power_supply_metrics.service 22 | 23 | - name: Setup service/timer 24 | service: 25 | daemon_reload: true 26 | name: "{{ item }}" 27 | state: started 28 | enabled: true 29 | with_items: 30 | - power_supply_metrics.service 31 | - power_supply_metrics.timer 32 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/power_supply/templates/power_supply_metrics.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=power_supply metrics 3 | 4 | [Service] 5 | Type=oneshot 6 | ExecStart=/bin/sh -c '/usr/local/bin/power_supply_metrics.sh | sponge {{ node_exporter_textfile_dir }}/power_supply.prom' 7 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/power_supply/templates/power_supply_metrics.timer: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=power_supply metrics 3 | 4 | [Timer] 5 | OnUnitActiveSec=10s 6 | OnBootSec=10s 7 | 8 | [Install] 9 | WantedBy=timers.target 10 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/sshfs/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install sshfs 3 | apt: 4 | package: sshfs 5 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/tacplus/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | tacplus_key: FAKE_KEY 3 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/tacplus/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart tacplus 3 | docker_container: 4 | name: tacplus 5 | restart: true 6 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/tacplus/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create TACPLUS config directory 3 | file: 4 | path: /var/lib/tacplus 5 | state: directory 6 | mode: 0755 7 | 8 | - name: Deploy TACPLUS config 9 | template: 10 | src: tac_plus.conf.j2 11 | dest: /var/lib/tacplus/tac_plus.conf 12 | mode: 0644 13 | notify: restart tacplus 14 | 15 | - name: install python-docker 16 | apt: 17 | package: 18 | - python-docker 19 | 20 | - name: Create TACPLUS container 21 | docker_container: 22 | name: tacplus 23 | image: ajoldham/tacplus 24 | ports: 25 | - "49:49" 26 | volumes: 27 | - "/var/lib/tacplus:/etc/tacacs+" 28 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/tacplus/templates/tac_plus.conf.j2: -------------------------------------------------------------------------------- 1 | # TACACS key 2 | key = "{{ tacplus_key }}" 3 | 4 | # Users 5 | user = msuriar { 6 | member = netadmin 7 | } 8 | 9 | user = pevaneyn { 10 | member = netadmin 11 | } 12 | 13 | user = richi { 14 | member = netadmin 15 | } 16 | 17 | user = zzdravko { 18 | member = netadmin 19 | } 20 | 21 | group = netadmin { 22 | default service = permit 23 | service = exec { 24 | priv-lvl = 15 25 | } 26 | } 27 | 28 | 29 | accounting file = /var/log/tacacs/tac_plus.log 30 | accounting syslog 31 | logging = local6 32 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/tls-certificates/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | basename: bogus 3 | common_name: bogus.example 4 | subject_alt_names: [] 5 | base_directory: /etc/ssl/ansible 6 | 7 | self_sign: false 8 | 9 | csr_path: "{{ base_directory }}/certs/{{ basename }}.csr" 10 | certificate_path: "{{ base_directory }}/certs/{{ basename }}.pem" 11 | fullchain_path: "{{ base_directory }}/certs/{{ basename }}.fullchain.pem" 12 | privatekey_path: "{{ base_directory }}/private/{{ basename }}.key" 13 | 14 | letsencrypt_account_key: "{{ base_directory }}/private/letsencrypt_account.key" 15 | letsencrypt_account_email: foo@dbar.org 16 | 17 | letsencrypt_acme_directory: https://acme-v02.api.letsencrypt.org/directory 18 | 19 | letsencrypt_chain_path: "{{ base_directory }}/certs/letsencrypt.chain.pem" 20 | 21 | letsencrypt_challenge_mode: http-01 22 | letsencrypt_remaining_days: 10 23 | letsencrypt_well_known_dir: /var/www/well-known 24 | 25 | skip_unit_test: false 26 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/tls-certificates/files/letsencrypt.chain: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FOSDEM/infrastructure/1ac1eeaed13db8b891796016d7a95357553238f2/ansible/playbooks/roles/tls-certificates/files/letsencrypt.chain -------------------------------------------------------------------------------- /ansible/playbooks/roles/tls-certificates/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Reload nginx 3 | ansible.builtin.systemd: 4 | name: nginx 5 | state: reloaded 6 | when: not skip_unit_test 7 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/tls-certificates/tasks/create_directories.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create base directory 3 | ansible.builtin.file: 4 | path: "{{ base_directory }}" 5 | state: directory 6 | owner: root 7 | group: root 8 | mode: "0755" 9 | tags: 10 | - tls-certificates 11 | 12 | - name: Create certs directory 13 | ansible.builtin.file: 14 | path: "{{ base_directory }}/certs" 15 | state: directory 16 | owner: root 17 | group: root 18 | mode: "0755" 19 | tags: 20 | - tls-certificates 21 | 22 | - name: Create private directory 23 | ansible.builtin.file: 24 | path: "{{ base_directory }}/private" 25 | state: directory 26 | owner: root 27 | group: root 28 | mode: "0700" 29 | tags: 30 | - tls-certificates 31 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/tls-certificates/tasks/create_keypair.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Generate private key 3 | community.crypto.openssl_privatekey: 4 | state: present 5 | path: "{{ privatekey_path }}" 6 | tags: 7 | - tls-certificates 8 | 9 | - name: Generate subjectaltname list 10 | ansible.builtin.set_fact: 11 | all_subject_alt_names: "{{ [common_name] + subject_alt_names }}" 12 | tags: 13 | - tls-certificates 14 | 15 | - name: Generate certificate signing request 16 | community.crypto.openssl_csr: 17 | state: present 18 | common_name: "{{ common_name }}" 19 | subject_alt_name: "{{ all_subject_alt_names \ 20 | | map('regex_replace', '^(.*)$', 'DNS:\\1') \ 21 | | join(',') }}" 22 | path: "{{ csr_path }}" 23 | privatekey_path: "{{ privatekey_path }}" 24 | register: csr_result 25 | tags: 26 | - tls-certificates 27 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/tls-certificates/tasks/letsencrypt.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Create letsencrypt account key 3 | community.crypto.openssl_privatekey: 4 | state: present 5 | path: "{{ letsencrypt_account_key }}" 6 | tags: 7 | - tls-certificates 8 | 9 | - name: Request letsencrypt signing 10 | community.crypto.acme_certificate: 11 | acme_version: 2 12 | csr: "{{ csr_path }}" 13 | dest: "{{ certificate_path }}" 14 | challenge: http-01 15 | account_key: "{{ letsencrypt_account_key }}" 16 | account_email: "{{ letsencrypt_account_email }}" 17 | acme_directory: "{{ letsencrypt_acme_directory }}" 18 | remaining_days: "{{ letsencrypt_remaining_days }}" 19 | terms_agreed: true 20 | register: letsencrypt_challenge 21 | tags: 22 | - tls-certificates 23 | 24 | - name: Answer letsencrypt challenge 25 | ansible.builtin.include_tasks: letsencrypt_challenge.yml 26 | when: "letsencrypt_challenge is changed or \ 27 | letsencrypt_challenge.cert_days < letsencrypt_remaining_days" 28 | tags: 29 | - tls-certificates 30 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/tls-certificates/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Install required dependencies 3 | ansible.builtin.apt: 4 | name: 5 | - openssl 6 | - python3-openssl 7 | tags: 8 | - tls-certificates 9 | 10 | - name: Create directories for tls certificates 11 | ansible.builtin.include_tasks: create_directories.yml 12 | tags: 13 | - tls-certificates 14 | 15 | - name: Create private key and csr 16 | ansible.builtin.include_tasks: create_keypair.yml 17 | tags: 18 | - tls-certificates 19 | 20 | - name: Sign certificate with letsencrypt 21 | ansible.builtin.include_tasks: letsencrypt.yml 22 | when: not self_sign and not skip_unit_test 23 | tags: 24 | - tls-certificates 25 | 26 | - name: Self-sign certificate 27 | ansible.builtin.include_tasks: self_sign.yml 28 | when: self_sign 29 | tags: 30 | - tls-certificates 31 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/tls-certificates/tasks/nginx_common.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Remove SSL settings from nginx.conf 3 | ansible.builtin.lineinfile: 4 | state: absent 5 | regexp: ^\s*(ssl_protocols|ssl_prefer_server_ciphers)\s 6 | path: /etc/nginx/nginx.conf 7 | tags: 8 | - tls-certificates 9 | 10 | - name: Write nginx common SSL configuration 11 | ansible.builtin.template: 12 | src: ansible-common-ssl.conf.j2 13 | dest: /etc/nginx/conf.d/ansible-common-ssl.conf 14 | notify: Reload nginx 15 | tags: 16 | - tls-certificates 17 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/tls-certificates/tasks/self_sign.yml: -------------------------------------------------------------------------------- 1 | --- 2 | #FIXME: ansible-lint says this should probably be a handler? 3 | - name: Self-sign certificate # noqa: no-handler 4 | ansible.builtin.command: openssl x509 -req -sha256 -days 365 -in {{ csr_path }} 5 | -signkey {{ privatekey_path }} -out {{ certificate_path }} 6 | when: 7 | - csr_result is changed 8 | tags: 9 | - tls-certificates 10 | register: self_sign_result 11 | 12 | - name: Generate full chain # noqa: no-handler 13 | ansible.builtin.shell: 14 | cmd: /bin/cat {{ certificate_path | quote }} > {{ fullchain_path | quote }} 15 | when: 16 | - self_sign_result is changed 17 | tags: 18 | - tls-certificates 19 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/tls-certificates/templates/ansible-common-ssl.conf.j2: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | 3 | ssl_protocols TLSv1.2; 4 | ssl_ciphers 'ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384'; 5 | ssl_prefer_server_ciphers off; 6 | 7 | ssl_session_cache shared:SSL:10m; 8 | ssl_session_timeout 1440m; 9 | ssl_session_tickets off; 10 | 11 | ssl_stapling on; 12 | ssl_stapling_verify on; 13 | ssl_trusted_certificate /etc/ssl/certs/ca-certificates.crt; 14 | resolver {% for server in ansible_dns.nameservers %}{% if "%" in server %}{% elif ":" in server %}[{{ server }}]{% else %}{{ server }}{% endif %} {% endfor %}; 15 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-audio-parser/files/audio-fetcher/audio-fetcher.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | 3 | Description=audio-fetcher 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/audio-fetcher 7 | ExecReload=/bin/kill -HUP $MAINPID 8 | KillMode=control-group 9 | KillSignal=SIGKILL 10 | Restart=on-failure 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-audio-parser/tasks/install_packages.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "install packages" 3 | apt: 4 | state: latest 5 | install_recommends: false 6 | package: 7 | - ffmpeg 8 | 9 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-audio-parser/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: install_packages.yml 3 | - import_tasks: configure_audiofetcher.yml 4 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-audio-parser/templates/audio-fetcher-fl.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description={{ item }} FL audio parser service 3 | 4 | [Service] 5 | ExecStart=/usr/local/bin/audio-fetcher {{ item }} 0 6 | ExecReload=/bin/kill -HUP $MAINPID 7 | KillMode=control-group 8 | KillSignal=SIGKILL 9 | Restart=always 10 | RestartSec=1 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-audio-parser/templates/audio-fetcher-fr.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description={{ item }} FR audio parser service 3 | 4 | [Service] 5 | ExecStart=/usr/local/bin/audio-fetcher {{ item }} 2 6 | ExecReload=/bin/kill -HUP $MAINPID 7 | KillMode=control-group 8 | KillSignal=SIGKILL 9 | Restart=always 10 | RestartSec=1 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | destroy_all_videobox_data: false 3 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/audio-fetcher/audio-fetcher-0.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | 3 | Description=audio-fetcher chan 0 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/audio-fetcher 0 7 | ExecReload=/bin/kill -HUP $MAINPID 8 | KillMode=control-group 9 | KillSignal=SIGKILL 10 | Restart=on-failure 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/audio-fetcher/audio-fetcher-1.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | 3 | Description=audio-fetcher chan 1 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/audio-fetcher 1 7 | ExecReload=/bin/kill -HUP $MAINPID 8 | KillMode=control-group 9 | KillSignal=SIGKILL 10 | Restart=on-failure 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/audiotest/audiotest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # no usb to usb 4 | 5 | mixercli set-gain "USB L" "USB L" 0 6 | mixercli set-gain "USB L" "USB R" 0 7 | mixercli set-gain "USB R" "USB L" 0 8 | mixercli set-gain "USB R" "USB R" 0 9 | 10 | # no xlr to xlr 11 | 12 | for inp in 1 2 3; do 13 | for out in 1 2; do 14 | mixercli set-gain "XLR $inp" "XLR $out" 0 15 | done 16 | done 17 | 18 | # no xlr to headphones 19 | 20 | for inp in 1 2 3; do 21 | for out in R L; do 22 | mixercli set-gain "XLR $inp" "Headphone $out" 0 23 | done 24 | done 25 | 26 | 27 | 28 | level=0.1 29 | 30 | # all xlr to usb 31 | 32 | for inp in 1 2 3; do 33 | for out in R L; do 34 | mixercli set-gain "XLR $inp" "USB $out" $level 35 | done 36 | done 37 | 38 | # all usb to xlr and headphones 39 | 40 | for inp in R L; do 41 | for out in 1 2; do 42 | mixercli set-gain "USB $inp" "XLR $out" $level 43 | done 44 | done 45 | 46 | for inp in R L; do 47 | for out in R L; do 48 | mixercli set-gain "USB $inp" "Headphone $out" $level 49 | done 50 | done 51 | 52 | # run the test 53 | 54 | alsabat -P hw:0 -C hw:0 --saveplay=tmpf -F 18000 -c 2 -r 48000 -n 5s 55 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/cgroups/cgconfig.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Control Group configuration service 3 | Documentation=man:cgconfigparser(8) 4 | 5 | # The service should be able to start as soon as possible, 6 | # before any 'normal' services: 7 | DefaultDependencies=no 8 | Conflicts=shutdown.target 9 | Before=basic.target shutdown.target 10 | 11 | [Service] 12 | Type=oneshot 13 | RemainAfterExit=yes 14 | Delegate=yes 15 | ExecStart=/usr/sbin/cgconfigparser -L /etc/cgconfig.d 16 | 17 | [Install] 18 | WantedBy=sysinit.target 19 | 20 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/cgroups/fosdem.conf: -------------------------------------------------------------------------------- 1 | group system.slice { 2 | cpuset { 3 | cpuset.cpus="0-1"; 4 | cpuset.mems="0"; 5 | } 6 | } 7 | 8 | group user.slice { 9 | cpuset { 10 | cpuset.cpus="0-1"; 11 | cpuset.mems="0"; 12 | } 13 | } 14 | 15 | group fosdem.slice { 16 | cpuset { 17 | cpuset.cpus="2-3"; 18 | cpuset.mems="0"; 19 | cpuset.cpu_exclusive="1"; 20 | } 21 | } 22 | 23 | group fosdem.slice/receiver { 24 | cpuset { 25 | cpuset.cpus="2"; 26 | cpuset.mems="0"; 27 | } 28 | } 29 | 30 | group fosdem.slice/preview { 31 | cpuset { 32 | cpuset.cpus="2"; 33 | cpuset.mems="0"; 34 | } 35 | } 36 | 37 | 38 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/config/background.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FOSDEM/infrastructure/1ac1eeaed13db8b891796016d7a95357553238f2/ansible/playbooks/roles/video-box-mixer/files/config/background.png -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/config/background.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FOSDEM/infrastructure/1ac1eeaed13db8b891796016d7a95357553238f2/ansible/playbooks/roles/video-box-mixer/files/config/background.raw -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/config/config.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | 4 | #data=$(curl -s http://control.video.fosdem.org/query-vocto.php?voctop=$(hostname)) 5 | # 6 | #if [ -z "$data" ] || [ "$data" == "notfound" ]; then 7 | # # we don't exist. wait. 8 | # sleep 60 9 | # exit 10 | #fi 11 | # 12 | #room=$(echo $data | cut -d ' ' -f 1) 13 | #cam=$(echo $data | cut -d ' ' -f 2) 14 | #slides=$(echo $data | cut -d ' ' -f 3) 15 | # 16 | #SOURCE_CAM=tcp://${cam}:8899/ 17 | #SOURCE_SLIDES=tcp://${slides}:8899/ 18 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/config/defaults.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | WIDTH=1280 3 | HEIGHT=720 4 | FRAMERATE=30 5 | AUDIORATE=48000 6 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/config/preroll.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FOSDEM/infrastructure/1ac1eeaed13db8b891796016d7a95357553238f2/ansible/playbooks/roles/video-box-mixer/files/config/preroll.png -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/config/preroll.raw: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FOSDEM/infrastructure/1ac1eeaed13db8b891796016d7a95357553238f2/ansible/playbooks/roles/video-box-mixer/files/config/preroll.raw -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/control/inc.php: -------------------------------------------------------------------------------- 1 | quote($str); 8 | } 9 | 10 | $db = new PDO("pgsql:dbname=fosdem user=www-data"); 11 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/network/video0: -------------------------------------------------------------------------------- 1 | allow-hotplug video0 2 | iface video0 inet dhcp 3 | pre-up ethtool -K video0 tx-checksum-ipv6 off 4 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/patches/videomix.py.diff: -------------------------------------------------------------------------------- 1 | diff --git a/voctocore/lib/videomix.py b/voctocore/lib/videomix.py 2 | index 38432e8..c7d29c0 100644 3 | --- a/voctocore/lib/videomix.py 4 | +++ b/voctocore/lib/videomix.py 5 | @@ -95,9 +95,9 @@ class VideoMix(object): 6 | self.padState.append(PadState()) 7 | 8 | self.log.debug('Initializing Mixer-State') 9 | - self.compositeMode = CompositeModes.fullscreen 10 | - self.sourceA = 0 11 | - self.sourceB = 1 12 | + self.compositeMode = CompositeModes.side_by_side_preview 13 | + self.sourceA = 1 14 | + self.sourceB = 0 15 | self.recalculateMixerState() 16 | self.applyMixerState() 17 | 18 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/scripts/restart-voctocore.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | systemctl stop vocto-source-cam.service vocto-source-slides.service vocto-sink-output.service 4 | systemctl restart voctocore 5 | systemctl start vocto-source-cam.service vocto-source-slides.service vocto-sink-output.service 6 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/signal-status/display-rescan.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | function getstatus { 4 | cat /sys/class/drm/*/edid | md5sum |cut -d ' ' -f 1 5 | } 6 | 7 | res=$(getstatus) 8 | state=nochange #or switching or nosignal 9 | while :; do 10 | sleep 0.5 11 | oldres="$res" 12 | res=$(getstatus) 13 | if [[ $state == nochange ]] ; then 14 | if [[ $res == $oldres ]]; then 15 | continue 16 | else 17 | state=changing 18 | waited=0 19 | continue 20 | fi 21 | elif [[ $state == changing ]]; then 22 | waited=$(($waited+1)) 23 | if [[ $res != $oldres ]]; then 24 | waited=0 25 | continue 26 | fi 27 | if [[ $waited -eq 3 ]]; then 28 | logger Display signal stable, restarting receiver 29 | systemctl restart vocto-source-slides 30 | sleep 10 31 | state=nochange 32 | waited=0 33 | fi 34 | elif [[ $state == nosignal ]]; then 35 | state=changing 36 | waited=0 37 | continue 38 | fi 39 | 40 | done 41 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/signal-status/statuskeeper.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ms213x-status status --json --loop 1000 --filename /tmp/ms213x-status --region=flaky 4 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/signal-status/video-capture-rescan.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=video capture rescan service 3 | StartLimitIntervalSec=0 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/capture-rescan.sh 7 | ExecReload=/bin/kill -9 $MAINPID 8 | KillMode=control-group 9 | KillSignal=SIGKILL 10 | Restart=always 11 | RestartSec=1 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/signal-status/video-display-rescan.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=video display rescan service 3 | StartLimitIntervalSec=0 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/display-rescan.sh 7 | ExecReload=/bin/kill -9 $MAINPID 8 | KillMode=control-group 9 | KillSignal=SIGKILL 10 | Restart=always 11 | RestartSec=1 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/signal-status/video-statuskeeper.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=video statuskeeper service 3 | StartLimitIntervalSec=0 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/statuskeeper.sh 7 | ExecReload=/bin/kill -9 $MAINPID 8 | KillMode=control-group 9 | KillSignal=SIGKILL 10 | Restart=always 11 | RestartSec=1 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/udev/20-fosdem-serial.rules: -------------------------------------------------------------------------------- 1 | SUBSYSTEM=="tty", ATTRS{idVendor}=="f05d", ATTRS{idProduct}=="4001", SYMLINK+="tty_fosdem_box_ctl" 2 | # SUBSYSTEM=="tty", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="048a", SYMLINK+="tty_fosdem_audio_ctl" 3 | 4 | ACTION=="remove", GOTO="fosdem_serial_end" 5 | SUBSYSTEM!="tty", GOTO="fosdem_serial_end" 6 | SUBSYSTEMS=="usb", IMPORT{builtin}="usb_id" 7 | ENV{ID_SERIAL}!="FOSDEM_Audio*", GOTO="fosdem_serial_end" 8 | KERNEL!="ttyACM[0-9]*", GOTO="fosdem_serial_end" 9 | 10 | ENV{ID_USB_INTERFACE_NUM}=="00", SYMLINK+="tty_fosdem_audio_ctl" 11 | ENV{ID_USB_INTERFACE_NUM}=="02", SYMLINK+="tty_fosdem_audio_debug" 12 | 13 | LABEL="fosdem_serial_end" 14 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/udev/99-picotool.rules: -------------------------------------------------------------------------------- 1 | SUBSYSTEM=="usb", \ 2 | ATTRS{idVendor}=="2e8a", \ 3 | ATTRS{idProduct}=="0003", \ 4 | TAG+="uaccess" \ 5 | MODE="660", \ 6 | GROUP="plugdev" 7 | SUBSYSTEM=="usb", \ 8 | ATTRS{idVendor}=="2e8a", \ 9 | ATTRS{idProduct}=="0009", \ 10 | TAG+="uaccess" \ 11 | MODE="660", \ 12 | GROUP="plugdev" 13 | SUBSYSTEM=="usb", \ 14 | ATTRS{idVendor}=="2e8a", \ 15 | ATTRS{idProduct}=="000a", \ 16 | TAG+="uaccess" \ 17 | MODE="660", \ 18 | GROUP="plugdev" 19 | SUBSYSTEM=="usb", \ 20 | ATTRS{idVendor}=="2e8a", \ 21 | ATTRS{idProduct}=="000f", \ 22 | TAG+="uaccess" \ 23 | MODE="660", \ 24 | GROUP="plugdev" 25 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/udev/99-video-box.rules: -------------------------------------------------------------------------------- 1 | # Our USB ethernet thing should always be renamed to video0 2 | 3 | SUBSYSTEMS=="usb", DRIVERS=="ax88179_178a", ENV{USB_NETWORK_RENAME}="video0" 4 | ENV{USB_NETWORK_RENAME}=="video0", SUBSYSTEM=="net", ATTR{type}=="1", NAME="video0" 5 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/units/vocto-sink-output.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description = voctomix output sink 3 | After = voctocore.service 4 | Requires = voctocore.service 5 | 6 | [Service] 7 | Type = simple 8 | ExecStart = /opt/scripts/sink-output.sh 9 | Restart = always 10 | RestartSec = 1s 11 | StartLimitInterval = 0 12 | 13 | [Install] 14 | WantedBy = voctocore.service 15 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/units/vocto-source-cam.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description = voctomix source cam 3 | After = voctocore.service 4 | Requires = voctocore.service 5 | 6 | [Service] 7 | Type = simple 8 | ExecStart = /opt/scripts/source-cam.sh 9 | Restart = always 10 | RestartSec = 1s 11 | StartLimitInterval = 0 12 | 13 | [Install] 14 | WantedBy = voctocore.service 15 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/units/vocto-source-slides.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description = voctomix source slides 3 | After = voctocore.service 4 | Requires = voctocore.service 5 | 6 | [Service] 7 | Type = simple 8 | ExecStart = /opt/scripts/source-slides.sh 9 | Restart = always 10 | RestartSec = 1s 11 | StartLimitInterval = 0 12 | 13 | [Install] 14 | WantedBy = voctocore.service 15 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/units/voctocore.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=voctocore 3 | After=network.target 4 | 5 | [Service] 6 | Type=simple 7 | ExecStart=/usr/share/voctomix/voctocore/voctocore.py -vv --ini-file /opt/config/voctocore.ini 8 | Restart=always 9 | RestartSec=1s 10 | StartLimitInterval=0 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/video-status/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FOSDEM/infrastructure/1ac1eeaed13db8b891796016d7a95357553238f2/ansible/playbooks/roles/video-box-mixer/files/video-status/logo.png -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/video-status/preview.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | cgexec -g cpuset:fosdem.slice/preview ffmpeg -y -v error -i tcp://localhost:8899 -s 240x134 -vf fps=fps=1,format=rgb565be -c:v rawvideo -f image2 -s 240x134 -update 1 -atomic_writing 1 /tmp/picture.raw -s 1280x720 -update 1 -atomic_writing 1 /var/www/html/preview.jpg 3 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/video-status/video-preview.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=video preview service 3 | StartLimitIntervalSec=0 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/preview.sh 7 | ExecReload=/bin/kill -9 $MAINPID 8 | KillMode=control-group 9 | KillSignal=SIGKILL 10 | Restart=always 11 | RestartSec=1 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/video-status/video-status.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=video-status service 3 | After=video-streamer.service 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/video-status.py 7 | ExecReload=/bin/kill -HUP $MAINPID 8 | KillMode=control-group 9 | KillSignal=SIGTERM 10 | Restart=always 11 | RestartSec=1s 12 | StartLimitInterval=0 13 | StandardInput=tty 14 | StandardOutput=tty 15 | TTYPath=/dev/tty1 16 | 17 | 18 | [Install] 19 | WantedBy=multi-user.target 20 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/video-streamer/rc.local: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | cpupower frequency-set -g performance -u 2900M -d 1900M 4 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/video-streamer/video-receiver.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=video-receiver service 3 | After=network-online.target 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/video-receiver.sh 7 | ExecReload=/bin/kill -HUP $MAINPID 8 | KillMode=control-group 9 | KillSignal=SIGKILL 10 | Restart=always 11 | RestartSec=1s 12 | StartLimitInterval=0 13 | 14 | 15 | [Install] 16 | WantedBy=multi-user.target 17 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/video-streamer/video-recorder.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=video-recorder service 3 | After=network-online.target 4 | StartLimitIntervalSec=0 5 | 6 | [Service] 7 | ExecStart=/usr/local/bin/video-recorder.sh 8 | ExecReload=/bin/kill -HUP $MAINPID 9 | KillMode=control-group 10 | KillSignal=SIGKILL 11 | Restart=always 12 | RestartSec=1 13 | 14 | [Install] 15 | WantedBy=multi-user.target 16 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/video-streamer/video-recorder.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ffmpeg -v error -i "tcp://127.0.0.1:8899?timeout=10000000" -c copy -f mpegts /home/video-recording/log.`date +%s`.ts 4 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/files/video-streamer/video-usbreset.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | 3 | # reset the macrosilicon USB 3 device before use 4 | # after close it doesn't work without reset and having the driver patches is not going to be fast 5 | 6 | import fcntl 7 | import re 8 | import subprocess 9 | import sys 10 | 11 | usbInfo = subprocess.check_output('lsusb -d 345f:2131', shell=True).decode("utf-8") 12 | # Bus 002 Device 005: ID 345f:2131 MACROSILICON USB3 Video 13 | 14 | matches = re.search("Bus (\d+) Device (\d+): ID 345f:2131", usbInfo).groups() 15 | bus = matches[0] 16 | device = matches[1] 17 | srcfd = open(f'/dev/bus/usb/{bus}/{device}','wb') 18 | 19 | USBDEVFS_RESET = 0x5514 20 | fcntl.ioctl(srcfd.fileno(), USBDEVFS_RESET, 0) 21 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: update initramfs 4 | command: update-initramfs -u 5 | 6 | - name: update grub 7 | shell: update-grub 8 | 9 | - name: restart vocto 10 | service: 11 | name: voctocore 12 | state: restarted 13 | notify: restart voctoscripts 14 | 15 | - name: restart voctoscripts 16 | service: 17 | name: "{{ item }}" 18 | state: restarted 19 | with_items: 20 | - vocto-sink-output 21 | - vocto-source-cam 22 | - vocto-source-slides 23 | 24 | - name: restart voctocore 25 | service: 26 | name: voctocore 27 | state: restarted 28 | 29 | - name: restart systemd-logind 30 | service: 31 | name: systemd-logind 32 | state: restarted 33 | 34 | - name: restart nginx 35 | service: 36 | name: nginx 37 | state: restarted 38 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/tasks/configure_network.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: set up udev rules 4 | ansible.builtin.copy: 5 | src: udev/99-video-box.rules 6 | dest: /etc/udev/rules.d/99-fosdem.rules 7 | owner: root 8 | group: root 9 | mode: 0644 10 | 11 | - name: configure interfaces 12 | ansible.builtin.copy: 13 | src: network/video0 14 | dest: /etc/network/interfaces.d/video0 15 | owner: root 16 | group: root 17 | mode: 0644 18 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/tasks/install_mixer_ctl.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: disable OSC proxy 3 | service: 4 | name: oscproxy 5 | enabled: false 6 | state: stopped 7 | 8 | - name: disable mixer API 9 | service: 10 | name: fosdem-mixer-api 11 | enabled: false 12 | state: stopped 13 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/tasks/install_packages.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "common: install packages" 3 | apt: 4 | state: latest 5 | install_recommends: false 6 | update_cache: yes 7 | package: 8 | - fbi 9 | - fontconfig 10 | - python3-pygame 11 | - avahi-daemon 12 | - bash-completion 13 | - curl 14 | - ffmpeg 15 | - sproxy 16 | - git 17 | - python3-gi-cairo 18 | - rsync 19 | - avahi-daemon 20 | - i965-va-driver-shaders 21 | - v4l-utils 22 | - mpv 23 | - jq 24 | - alsa-utils 25 | - lm-sensors 26 | - ms213x-status 27 | - ms213x-cli 28 | - python3-serial 29 | - cgroup-tools 30 | - intel-media-va-driver-non-free 31 | - firmware-sof-signed 32 | - firmware-misc-nonfree 33 | - fosdem-firmware 34 | - teensy-loader-cli 35 | - linux-cpupower 36 | - picotool 37 | - gpiod 38 | - fosdem-mixer-cli 39 | - python3-fosdemosc 40 | - fosdem-mixer-api 41 | - picocom 42 | tags: 43 | - firmware 44 | - firmware_ms2131 45 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - import_tasks: configure_network.yml 2 | - import_tasks: install_packages.yml 3 | - import_tasks: install_extra_hw.yml 4 | - import_tasks: cgroup_setup.yml 5 | - import_tasks: configure_nvme.yml 6 | - import_tasks: install_signal-status.yml 7 | - import_tasks: install_video-status.yml 8 | - import_tasks: install_video-streamer.yml 9 | - import_tasks: install_voctocore.yml 10 | - import_tasks: install_control.yml 11 | - import_tasks: install_mixer_ctl.yml 12 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box-mixer/templates/grub/cgroup.cfg: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT systemd.unified_cgroup_hierarchy=0 systemd.legacy_systemd_cgroup_controller=1" 3 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | destroy_all_videobox_data: false 3 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/audiotest/audiotest.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | # no usb to usb 4 | 5 | mixercli set-gain "USB L" "USB L" 0 6 | mixercli set-gain "USB L" "USB R" 0 7 | mixercli set-gain "USB R" "USB L" 0 8 | mixercli set-gain "USB R" "USB R" 0 9 | 10 | # no xlr to xlr 11 | 12 | for inp in 1 2 3; do 13 | for out in 1 2; do 14 | mixercli set-gain "XLR $inp" "XLR $out" 0 15 | done 16 | done 17 | 18 | # no xlr to headphones 19 | 20 | for inp in 1 2 3; do 21 | for out in R L; do 22 | mixercli set-gain "XLR $inp" "Headphone $out" 0 23 | done 24 | done 25 | 26 | 27 | 28 | level=0.1 29 | 30 | # all xlr to usb 31 | 32 | for inp in 1 2 3; do 33 | for out in R L; do 34 | mixercli set-gain "XLR $inp" "USB $out" $level 35 | done 36 | done 37 | 38 | # all usb to xlr and headphones 39 | 40 | for inp in R L; do 41 | for out in 1 2; do 42 | mixercli set-gain "USB $inp" "XLR $out" $level 43 | done 44 | done 45 | 46 | for inp in R L; do 47 | for out in R L; do 48 | mixercli set-gain "USB $inp" "Headphone $out" $level 49 | done 50 | done 51 | 52 | # run the test 53 | 54 | alsabat -P hw:0 -C hw:0 --saveplay=tmpf -F 18000 -c 2 -r 48000 -n 5s 55 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/cgroups/cgconfig.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Control Group configuration service 3 | Documentation=man:cgconfigparser(8) 4 | 5 | # The service should be able to start as soon as possible, 6 | # before any 'normal' services: 7 | DefaultDependencies=no 8 | Conflicts=shutdown.target 9 | Before=basic.target shutdown.target 10 | 11 | [Service] 12 | Type=oneshot 13 | RemainAfterExit=yes 14 | Delegate=yes 15 | ExecStart=/usr/sbin/cgconfigparser -L /etc/cgconfig.d 16 | 17 | [Install] 18 | WantedBy=sysinit.target 19 | 20 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/cgroups/fosdem.conf: -------------------------------------------------------------------------------- 1 | group system.slice { 2 | cpuset { 3 | cpuset.cpus="0-1"; 4 | cpuset.mems="0"; 5 | } 6 | } 7 | 8 | group user.slice { 9 | cpuset { 10 | cpuset.cpus="0-1"; 11 | cpuset.mems="0"; 12 | } 13 | } 14 | 15 | group fosdem.slice { 16 | cpuset { 17 | cpuset.cpus="2-3"; 18 | cpuset.mems="0"; 19 | cpuset.cpu_exclusive="1"; 20 | } 21 | } 22 | 23 | group fosdem.slice/receiver { 24 | cpuset { 25 | cpuset.cpus="2"; 26 | cpuset.mems="0"; 27 | } 28 | } 29 | 30 | group fosdem.slice/preview { 31 | cpuset { 32 | cpuset.cpus="2"; 33 | cpuset.mems="0"; 34 | } 35 | } 36 | 37 | 38 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/network/video0: -------------------------------------------------------------------------------- 1 | allow-hotplug video0 2 | iface video0 inet dhcp 3 | pre-up ethtool -K video0 tx-checksum-ipv6 off 4 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/signal-status/display-rescan.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | function getstatus { 4 | cat /sys/class/drm/*/edid | md5sum |cut -d ' ' -f 1 5 | } 6 | 7 | res=$(getstatus) 8 | state=nochange #or switching or nosignal 9 | while :; do 10 | sleep 0.5 11 | oldres="$res" 12 | res=$(getstatus) 13 | if [[ $state == nochange ]] ; then 14 | if [[ $res == $oldres ]]; then 15 | continue 16 | else 17 | state=changing 18 | waited=0 19 | continue 20 | fi 21 | elif [[ $state == changing ]]; then 22 | waited=$(($waited+1)) 23 | if [[ $res != $oldres ]]; then 24 | waited=0 25 | continue 26 | fi 27 | if [[ $waited -eq 3 ]]; then 28 | logger Display signal stable, restarting receiver 29 | systemctl restart video-receiver 30 | sleep 10 31 | state=nochange 32 | waited=0 33 | fi 34 | elif [[ $state == nosignal ]]; then 35 | state=changing 36 | waited=0 37 | continue 38 | fi 39 | 40 | done 41 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/signal-status/statuskeeper.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | ms213x-status status --json --loop 1000 --filename /tmp/ms213x-status --region=flaky 4 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/signal-status/video-capture-rescan.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=video capture rescan service 3 | StartLimitIntervalSec=0 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/capture-rescan.sh 7 | ExecReload=/bin/kill -9 $MAINPID 8 | KillMode=control-group 9 | KillSignal=SIGKILL 10 | Restart=always 11 | RestartSec=1 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/signal-status/video-display-rescan.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=video display rescan service 3 | StartLimitIntervalSec=0 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/display-rescan.sh 7 | ExecReload=/bin/kill -9 $MAINPID 8 | KillMode=control-group 9 | KillSignal=SIGKILL 10 | Restart=always 11 | RestartSec=1 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/signal-status/video-statuskeeper.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=video statuskeeper service 3 | StartLimitIntervalSec=0 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/statuskeeper.sh 7 | ExecReload=/bin/kill -9 $MAINPID 8 | KillMode=control-group 9 | KillSignal=SIGKILL 10 | Restart=always 11 | RestartSec=1 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/udev/20-fosdem-serial.rules: -------------------------------------------------------------------------------- 1 | SUBSYSTEM=="tty", ATTRS{idVendor}=="f05d", ATTRS{idProduct}=="4001", SYMLINK+="tty_fosdem_box_ctl" 2 | # SUBSYSTEM=="tty", ATTRS{idVendor}=="16c0", ATTRS{idProduct}=="048a", SYMLINK+="tty_fosdem_audio_ctl" 3 | 4 | ACTION=="remove", GOTO="fosdem_serial_end" 5 | SUBSYSTEM!="tty", GOTO="fosdem_serial_end" 6 | SUBSYSTEMS=="usb", IMPORT{builtin}="usb_id" 7 | ENV{ID_SERIAL}!="FOSDEM_Audio*", GOTO="fosdem_serial_end" 8 | KERNEL!="ttyACM[0-9]*", GOTO="fosdem_serial_end" 9 | 10 | ENV{ID_USB_INTERFACE_NUM}=="00", SYMLINK+="tty_fosdem_audio_ctl" 11 | ENV{ID_USB_INTERFACE_NUM}=="02", SYMLINK+="tty_fosdem_audio_debug" 12 | 13 | LABEL="fosdem_serial_end" 14 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/udev/99-picotool.rules: -------------------------------------------------------------------------------- 1 | SUBSYSTEM=="usb", \ 2 | ATTRS{idVendor}=="2e8a", \ 3 | ATTRS{idProduct}=="0003", \ 4 | TAG+="uaccess" \ 5 | MODE="660", \ 6 | GROUP="plugdev" 7 | SUBSYSTEM=="usb", \ 8 | ATTRS{idVendor}=="2e8a", \ 9 | ATTRS{idProduct}=="0009", \ 10 | TAG+="uaccess" \ 11 | MODE="660", \ 12 | GROUP="plugdev" 13 | SUBSYSTEM=="usb", \ 14 | ATTRS{idVendor}=="2e8a", \ 15 | ATTRS{idProduct}=="000a", \ 16 | TAG+="uaccess" \ 17 | MODE="660", \ 18 | GROUP="plugdev" 19 | SUBSYSTEM=="usb", \ 20 | ATTRS{idVendor}=="2e8a", \ 21 | ATTRS{idProduct}=="000f", \ 22 | TAG+="uaccess" \ 23 | MODE="660", \ 24 | GROUP="plugdev" 25 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/udev/99-video-box.rules: -------------------------------------------------------------------------------- 1 | # Our USB ethernet thing should always be renamed to video0 2 | 3 | SUBSYSTEMS=="usb", DRIVERS=="ax88179_178a", ENV{USB_NETWORK_RENAME}="video0" 4 | ENV{USB_NETWORK_RENAME}=="video0", SUBSYSTEM=="net", ATTR{type}=="1", NAME="video0" 5 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/video-status/logo.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/FOSDEM/infrastructure/1ac1eeaed13db8b891796016d7a95357553238f2/ansible/playbooks/roles/video-box/files/video-status/logo.png -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/video-status/preview.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | cgexec -g cpuset:fosdem.slice/preview ffmpeg -y -v error -i tcp://localhost:8899 -s 240x134 -vf fps=fps=1,format=rgb565be -c:v rawvideo -f image2 -s 240x134 -update 1 -atomic_writing 1 /tmp/picture.raw 3 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/video-status/video-preview.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=video preview service 3 | StartLimitIntervalSec=0 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/preview.sh 7 | ExecReload=/bin/kill -9 $MAINPID 8 | KillMode=control-group 9 | KillSignal=SIGKILL 10 | Restart=always 11 | RestartSec=1 12 | 13 | [Install] 14 | WantedBy=multi-user.target 15 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/video-status/video-status.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=video-status service 3 | After=video-streamer.service 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/video-status.py 7 | ExecReload=/bin/kill -HUP $MAINPID 8 | KillMode=control-group 9 | KillSignal=SIGTERM 10 | Restart=always 11 | RestartSec=1s 12 | StartLimitInterval=0 13 | StandardInput=tty 14 | StandardOutput=tty 15 | TTYPath=/dev/tty1 16 | 17 | 18 | [Install] 19 | WantedBy=multi-user.target 20 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/video-streamer/rc.local: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | cpupower frequency-set -g performance -u 2000M -d 1900M 4 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/video-streamer/video-receiver.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=video-receiver service 3 | After=network-online.target 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/video-receiver.sh 7 | ExecReload=/bin/kill -HUP $MAINPID 8 | KillMode=control-group 9 | KillSignal=SIGKILL 10 | Restart=always 11 | RestartSec=1s 12 | StartLimitInterval=0 13 | 14 | 15 | [Install] 16 | WantedBy=multi-user.target 17 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/video-streamer/video-recorder.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=video-recorder service 3 | After=network-online.target 4 | StartLimitIntervalSec=0 5 | 6 | [Service] 7 | ExecStart=/usr/local/bin/video-recorder.sh 8 | ExecReload=/bin/kill -HUP $MAINPID 9 | KillMode=control-group 10 | KillSignal=SIGKILL 11 | Restart=always 12 | RestartSec=1 13 | 14 | [Install] 15 | WantedBy=multi-user.target 16 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/video-streamer/video-recorder.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | ffmpeg -v error -i "tcp://127.0.0.1:8899?timeout=10000000" -c copy -f mpegts /home/video-recording/log.`date +%s`.ts 4 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/files/video-streamer/video-usbreset.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/python3 2 | 3 | # reset the macrosilicon USB 3 device before use 4 | # after close it doesn't work without reset and having the driver patches is not going to be fast 5 | 6 | import fcntl 7 | import re 8 | import subprocess 9 | import sys 10 | 11 | usbInfo = subprocess.check_output('lsusb -d 345f:2131', shell=True).decode("utf-8") 12 | # Bus 002 Device 005: ID 345f:2131 MACROSILICON USB3 Video 13 | 14 | matches = re.search("Bus (\d+) Device (\d+): ID 345f:2131", usbInfo).groups() 15 | bus = matches[0] 16 | device = matches[1] 17 | srcfd = open(f'/dev/bus/usb/{bus}/{device}','wb') 18 | 19 | USBDEVFS_RESET = 0x5514 20 | fcntl.ioctl(srcfd.fileno(), USBDEVFS_RESET, 0) 21 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: update initramfs 4 | command: update-initramfs -u 5 | 6 | - name: update grub 7 | shell: update-grub 8 | 9 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/tasks/configure_network.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: set up udev rules 4 | ansible.builtin.copy: 5 | src: udev/99-video-box.rules 6 | dest: /etc/udev/rules.d/99-fosdem.rules 7 | owner: root 8 | group: root 9 | mode: 0644 10 | 11 | - name: configure interfaces 12 | ansible.builtin.copy: 13 | src: network/video0 14 | dest: /etc/network/interfaces.d/video0 15 | owner: root 16 | group: root 17 | mode: 0644 18 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/tasks/install_mixer_ctl.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: enable OSC proxy 3 | service: 4 | name: oscproxy 5 | enabled: true 6 | state: restarted 7 | 8 | - name: enable mixer API 9 | service: 10 | name: fosdem-mixer-api 11 | enabled: true 12 | state: restarted 13 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/tasks/install_packages.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "common: install packages" 3 | apt: 4 | state: latest 5 | install_recommends: false 6 | update_cache: yes 7 | package: 8 | - fbi 9 | - fontconfig 10 | - python3-pygame 11 | - avahi-daemon 12 | - bash-completion 13 | - curl 14 | - ffmpeg 15 | - sproxy 16 | - git 17 | - python3-gi-cairo 18 | - rsync 19 | - avahi-daemon 20 | - i965-va-driver-shaders 21 | - v4l-utils 22 | - mpv 23 | - jq 24 | - alsa-utils 25 | - lm-sensors 26 | - ms213x-status 27 | - ms213x-cli 28 | - python3-serial 29 | - cgroup-tools 30 | - intel-media-va-driver-non-free 31 | - firmware-sof-signed 32 | - firmware-misc-nonfree 33 | - fosdem-firmware 34 | - teensy-loader-cli 35 | - linux-cpupower 36 | - picotool 37 | - gpiod 38 | - fosdem-mixer-cli 39 | - python3-fosdemosc 40 | - fosdem-mixer-api 41 | - picocom 42 | tags: 43 | - firmware 44 | - firmware_ms2131 45 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - import_tasks: configure_network.yml 2 | - import_tasks: install_packages.yml 3 | - import_tasks: install_extra_hw.yml 4 | - import_tasks: cgroup_setup.yml 5 | - import_tasks: install_signal-status.yml 6 | - import_tasks: install_video-status.yml 7 | - import_tasks: install_video-streamer.yml 8 | - import_tasks: install_mixer_ctl.yml 9 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-box/templates/grub/cgroup.cfg: -------------------------------------------------------------------------------- 1 | # {{ ansible_managed }} 2 | GRUB_CMDLINE_LINUX_DEFAULT="$GRUB_CMDLINE_LINUX_DEFAULT systemd.unified_cgroup_hierarchy=0 systemd.legacy_systemd_cgroup_controller=1" 3 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/README.md: -------------------------------------------------------------------------------- 1 | Control server for vocto 2 | 3 | This lets devroom managers live mix 4 predefined scenes. 4 | 5 | Also, it has accumulated other crap: 6 | 7 | * influxdb instance for audio monitoring 8 | * previews of all buildings' boxes and outputs 9 | * dhcp server for the video VLAN 10 | 11 | The htpasswd file comes from the video-private repo. 12 | 13 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/files/fosdem.sql: -------------------------------------------------------------------------------- 1 | CREATE TABLE IF NOT EXISTS fosdem ( 2 | roomname varchar(16) not null primary key, 3 | building varchar(16) not null, 4 | voctop varchar(255), 5 | slides varchar(255), 6 | cam varchar(255), 7 | audio varchar(255) 8 | ); 9 | create unique index fosdem_voctop on fosdem(voctop); 10 | create unique index fosdem_cam on fosdem(cam); 11 | create unique index fosdem_slides on fosdem(slides); 12 | create unique index fosdem_audio on fosdem(audio); 13 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/files/icinga/fosdem-services.conf: -------------------------------------------------------------------------------- 1 | apply Service "http" { 2 | import "generic-service" 3 | 4 | check_command = "http" 5 | 6 | assign where (host.address || host.address6) && (host.vars.group == "frontend") 7 | } 8 | 9 | apply Service "daemons" { 10 | import "generic-pasv-service" 11 | assign where (host.address || host.address6) && (host.vars.group == "vocto" || host.vars.group == "frontend" || host.vars.group == "backend") 12 | } 13 | 14 | apply Service "disk" { 15 | import "generic-pasv-service" 16 | assign where (host.address || host.address6) && (host.vars.group == "vocto" || host.vars.group == "frontend" || host.vars.group == "backend") 17 | } 18 | 19 | apply Service "load" { 20 | import "generic-pasv-service" 21 | assign where (host.address || host.address6) && (host.vars.group == "vocto" || host.vars.group == "frontend" || host.vars.group == "backend") 22 | } 23 | 24 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/files/icinga/passive.conf: -------------------------------------------------------------------------------- 1 | template Service "generic-pasv-service" { 2 | max_check_attempts = 1 3 | check_interval = 1460m 4 | retry_interval = 1m 5 | enable_active_checks = true 6 | enable_passive_checks = true 7 | check_command = "passive" 8 | 9 | vars.dummy_state = 3 10 | vars.dummy_text = "No data received" 11 | } 12 | 13 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/files/imgmaker.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ]; then 4 | echo "Usage: $0 room" 5 | exit 2 6 | fi 7 | cd /var/www/html 8 | 9 | ROOM=$1 10 | HOST=$(psql -A -t -q fosdem -c "select voctop from fosdem where roomname='$ROOM'") 11 | 12 | if [ -z "$HOST" ]; then 13 | # we have no voctop for this room, do not spin 14 | sleep 60 15 | exit 0 16 | fi 17 | 18 | t=`mktemp` 19 | rm -f ${t} ${t}.jpg 20 | 21 | ffmpeg=`which ffmpeg` 22 | if ! [ $? -eq 0 ]; then 23 | echo No ffmpeg/avconv found. 24 | exit 3 25 | fi 26 | 27 | 28 | function ff_fetch { 29 | # $0 host port file 30 | $ffmpeg -v quiet -y -i tcp://"$1":"$2"'?timeout=1000000' -map 0:v -s 320x180 -q 5 -an -vframes 1 "${t}".jpg && mv ${t}.jpg $3 31 | } 32 | 33 | mkdir -p ${ROOM} 34 | 35 | # exit after this many times to reload voctop 36 | times=30 37 | i=0 38 | 39 | while /bin/true; do 40 | let i=$i+1 41 | if [ $i -gt $times ]; then 42 | exit 0 43 | fi 44 | ff_fetch $HOST 11000 ${ROOM}/room.jpg 45 | ff_fetch $HOST 13000 ${ROOM}/cam.jpg 46 | ff_fetch $HOST 13001 ${ROOM}/grab.jpg 47 | sleep 1 48 | done 49 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/files/isc-dhcp-server.default: -------------------------------------------------------------------------------- 1 | INTERFACESv4="bond0" 2 | INTERFACESv6="" 3 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/files/nginx/certificate/dhparam.pem: -------------------------------------------------------------------------------- 1 | -----BEGIN DH PARAMETERS----- 2 | MIICCAKCAgEAt6reliZJhEolguC3iQeTaFwLvW7GMJkH1ilrQKIRtjfPVEdErd74 3 | HT37cs0NzQcN+AAYmMndUgvMV5HtjH2Yn2SRLxKM0OZ5EpkMBnBvtkBZbGkF4dI+ 4 | LKvTgQWVwWzL/UCCWthcUYYSRsNGEjdMSumlYn5VC+l/lwtemxBUBfaJVE5rhPxK 5 | d0bAAmp6UUtSaEfKnSbnaL8r2udWAk0rt15/4hXaJRxrRfg3faDiL80DQkHy1BCp 6 | WawIWL5hnNbhr+fB3DV1W5zi8Lf7qi5nUgebmyfYi2WJtTw+gRYwg3tm47PAHvfI 7 | NazYiCzohED9TRlzO7Iaet0/6wKCFkDS4ilhtVplYmINlhe+4VehvtVuOuqX21pm 8 | yyrWID7csAIE3ALmg++bxZCyZnPsUp7btMtlDyYcYNeRLBr9dMMJ1B4LyAiiad+j 9 | V6gD+iivT/keyy2YgktdbZrNCcFaGFgDaVRZFYV9mwt9Ix7esugj4elGG8pObxFQ 10 | jtlfF5bYQwNFqNKbAkR3AbUsf0NEPhaEvYPfDgPoPD2byPtUUJg3Q482JkSKvsmh 11 | vB0Wn60wDVi+G+jUUFhRH1iY6AnN3m7XNuKu4MlrTwUm2Dc+niRbsNUZ6/Ro6RhC 12 | 8aBDVdKI42s007t0CRCZ7q0bR93ouBRjeUXzk3VC1F32qPreZkgO8iMCAQI= 13 | -----END DH PARAMETERS----- 14 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/files/nginx/global.conf: -------------------------------------------------------------------------------- 1 | ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH"; 2 | ssl_ecdh_curve secp384r1; 3 | ssl_session_cache shared:SSL:10m; 4 | ssl_session_tickets off; 5 | ssl_dhparam /etc/nginx/dhparam.pem; 6 | 7 | resolver 127.0.0.1; 8 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/files/nginx/mtail.conf: -------------------------------------------------------------------------------- 1 | log_format mtail '$server_name $remote_addr - $remote_user [$time_local] ' 2 | '"$request" $status $bytes_sent $request_time ' 3 | '"$http_referer" "$http_user_agent" "$sent_http_content_type"'; 4 | 5 | access_log /var/log/nginx/metrics.log mtail; 6 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/files/unbound-access.conf: -------------------------------------------------------------------------------- 1 | server: 2 | interface: 127.0.0.1 3 | interface: 185.175.218.11 4 | access-control: 185.175.218.0/24 allow 5 | access-control: 127.0.0.0/8 allow 6 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/files/web/inc.php: -------------------------------------------------------------------------------- 1 | quote($str); 8 | } 9 | 10 | $db = new PDO("pgsql:dbname=fosdem user=www-data"); 11 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/files/web/query-room.php: -------------------------------------------------------------------------------- 1 | prepare("SELECT voctop FROM fosdem WHERE roomname = :room"); 11 | $r->execute(['room' => $room]); 12 | 13 | if (!$r) { 14 | die("notfound"); 15 | } 16 | 17 | $row = $r->fetch(); 18 | echo 'tcp://'.$row[0].':8899/?timeout=3000000'; 19 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/files/web/query-vocto.php: -------------------------------------------------------------------------------- 1 | prepare("SELECT roomname, cam, slides FROM fosdem WHERE voctop = :voctop"); 11 | $r->execute(['voctop' => $voct]); 12 | 13 | if (!$r) { 14 | die("notfound"); 15 | } 16 | 17 | $row = $r->fetch(); 18 | echo $row[0]." ".$row[1]." ".$row[2]; 19 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/files/web/room_status.php: -------------------------------------------------------------------------------- 1 | 27 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: reload nginx 3 | service: name=nginx state=reloaded 4 | 5 | - name: restart systemd-logind 6 | service: 7 | name: systemd-logind 8 | state: restarted 9 | 10 | - name: reload unbound 11 | service: name=unbound state=reloaded 12 | 13 | - name: reload icinga 14 | service: name=icinga2 state=reloaded 15 | 16 | - name: reload dhcpd 17 | service: name=unbound state=restarted 18 | 19 | 20 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/tasks/configure_db.yml: -------------------------------------------------------------------------------- 1 | - name: Create DB user - www-data 2 | command: createuser -d www-data 3 | ignore_errors: true 4 | become: true 5 | become_user: postgres 6 | 7 | - name: Create DB user - root 8 | command: createuser -s root 9 | ignore_errors: true 10 | become: true 11 | become_user: postgres 12 | 13 | - name: Create DB 14 | command: createdb fosdem 15 | become: true 16 | become_user: www-data 17 | ignore_errors: true 18 | 19 | - name: Copy DB schema 20 | copy: 21 | src: "fosdem.sql" 22 | dest: "/tmp/fosdem.sql" 23 | 24 | - name: create DB table 25 | command: "psql fosdem -f /tmp/fosdem.sql" 26 | become: true 27 | become_user: www-data 28 | 29 | - name: make sure InfluxDB is running 30 | systemd: 31 | name: influxdb 32 | state: started 33 | enabled: true 34 | 35 | - name: create InfluxDB database 36 | command: influx -execute 'create database ebur' 37 | ignore_errors: true 38 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/tasks/configure_dns_dhcp.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install unbound config 3 | copy: 4 | src: unbound-access.conf 5 | dest: /etc/unbound/unbound.conf.d/access.conf 6 | owner: root 7 | group: root 8 | mode: 0644 9 | notify: reload unbound 10 | 11 | - name: install dhcpd config 12 | copy: 13 | src: dhcpd.conf 14 | dest: /etc/dhcp/dhcpd.conf 15 | owner: root 16 | group: root 17 | mode: 0644 18 | notify: reload dhcpd 19 | 20 | - name: install dhcpd config defaults 21 | copy: 22 | src: isc-dhcp-server.default 23 | dest: /etc/default/isc-dhcp-server 24 | owner: root 25 | group: root 26 | mode: 0644 27 | notify: reload dhcpd 28 | 29 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/tasks/configure_grafana.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install grafana config 3 | copy: 4 | src: grafana/grafana.ini 5 | dest: /etc/grafana/grafana.ini 6 | owner: root 7 | group: root 8 | mode: 0644 9 | 10 | - name: enable grafana-server services 11 | service: 12 | name: "grafana-server" 13 | enabled: true 14 | state: started 15 | 16 | #- name: "Create datasource'" 17 | # community.grafana.grafana_datasource: 18 | # grafana_url: "https://control.video.fosdem.org/grafana" 19 | # grafana_user: "admin" 20 | # grafana_password: "{{ grafana_password }}" 21 | # org_id: "1" 22 | # name: "infl" 23 | # state: present 24 | # is_default: true 25 | # database: "ebur" 26 | # ds_type: influxdb 27 | # ds_url: http://localhost:8086 28 | # access: proxy 29 | # with_credentials: false 30 | 31 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/tasks/install_packages.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Add influx key 3 | apt_key: 4 | url: https://repos.influxdata.com/influxdata-archive_compat.key 5 | 6 | - name: Add influx repo 7 | apt_repository: 8 | filename: influxdb 9 | repo: "deb https://repos.influxdata.com/debian stable main" 10 | 11 | - name: Add grafana key 12 | apt_key: 13 | url: https://packages.grafana.com/gpg.key 14 | 15 | - name: Add influx repo 16 | apt_repository: 17 | filename: influxdb 18 | repo: "deb https://packages.grafana.com/oss/deb stable main" 19 | 20 | 21 | - name: "install packages" 22 | apt: 23 | state: latest 24 | install_recommends: false 25 | package: 26 | - apache2-utils 27 | - avahi-daemon 28 | - ffmpeg 29 | - nginx 30 | - php8.2 31 | - php8.2-fpm 32 | - php8.2-pgsql 33 | - php8.2-curl 34 | - isc-dhcp-server 35 | - unbound 36 | - influxdb 37 | - grafana 38 | - postgresql 39 | 40 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: install_packages.yml 3 | - import_tasks: configure_dns_dhcp.yml 4 | - import_tasks: configure_db.yml 5 | - import_tasks: configure_icinga.yml 6 | - import_tasks: configure_grafana.yml 7 | - import_tasks: configure_imgmaker.yml 8 | - import_tasks: configure_nginx.yml 9 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-control-server/templates/imgmaker.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description={{ item }} image maker service 3 | 4 | [Service] 5 | ExecStart=/usr/local/bin/imgmaker.sh {{ item }} 6 | ExecReload=/bin/kill -HUP $MAINPID 7 | KillMode=control-group 8 | KillSignal=SIGKILL 9 | Restart=always 10 | RestartSec=1 11 | 12 | [Install] 13 | WantedBy=multi-user.target 14 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-monitoring/files/monitoring.cron: -------------------------------------------------------------------------------- 1 | * * * * * root /usr/local/bin/do_checks.sh 2 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-monitoring/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart munin-node 3 | service: 4 | name: munin-node 5 | state: restarted 6 | 7 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-monitoring/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "install monitoring packages" 3 | apt: 4 | state: latest 5 | package: 6 | - nsca-client 7 | - monitoring-plugins 8 | - munin-node 9 | - bc 10 | 11 | - name: monitoring script 12 | copy: 13 | src: "{{ item }}" 14 | dest: /usr/local/bin/ 15 | owner: root 16 | group: root 17 | mode: 0755 18 | with_items: 19 | - do_checks.sh 20 | 21 | - name: install nsca configuration 22 | copy: 23 | src: "{{ item }}" 24 | dest: "/etc/{{ item }}" 25 | owner: root 26 | group: root 27 | mode: 0644 28 | with_items: 29 | - send_nsca.cfg 30 | 31 | - name: install munin-node configuration 32 | copy: 33 | src: "{{ item }}" 34 | dest: "/etc/munin/{{ item }}" 35 | owner: root 36 | group: root 37 | mode: 0644 38 | with_items: 39 | - munin-node.conf 40 | notify: restart munin-node 41 | 42 | - name: install cron file 43 | copy: 44 | src: "{{ item }}" 45 | dest: "/etc/cron.d/monitoring" 46 | owner: root 47 | group: root 48 | mode: 0644 49 | with_items: 50 | - monitoring.cron 51 | 52 | 53 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-repo/files/video-team.repo.list: -------------------------------------------------------------------------------- 1 | deb https://packagecloud.io/fosdem/video-team/debian bookworm main 2 | deb-src https://packagecloud.io/fosdem/video-team/debian bookworm main 3 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-repo/tasks/main.yml: -------------------------------------------------------------------------------- 1 | - name: Setting facts 2 | set_fact: 3 | url_tmp_file_path: /tmp/packagecloud_{{repository |replace("/", "_")}}_url 4 | tmp_file_path: /tmp/packagecloud_{{repository |replace("/", "_")}}_key 5 | when: ansible_os_family == "Debian" 6 | 7 | - name: Install debian-archive-keyring and apt-transport-https 8 | apt: pkg={{ packages }} state=present 9 | vars: 10 | packages: 11 | - debian-archive-keyring 12 | - apt-transport-https 13 | when: ansible_os_family == "Debian" 14 | 15 | # {{ repository }}/gpgkey URL works for both legacy and modern public repositories. 16 | - name: Add {{repository}} GPG key to apt-key 17 | apt_key: url=https://packagecloud.io/{{ repository }}/gpgkey state=present 18 | when: ansible_os_family == "Debian" 19 | 20 | - name: "Adding packagecloud.io repository: {{ repository }}" 21 | copy: 22 | src: "video-team.repo.list" 23 | dest: "{{ debian_config_file_location }}" 24 | register: added_deb_repository 25 | when: ansible_os_family == "Debian" 26 | 27 | - name: Update APT package cache 28 | apt: update_cache=true 29 | when: ansible_os_family == "Debian" and added_deb_repository.changed 30 | 31 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-repo/vars/main.yml: -------------------------------------------------------------------------------- 1 | repository: fosdem/video-team 2 | os: debian 3 | version: bullseye 4 | debian_gpg_key_url: https://packagecloud.io/install/repositories/{{ repository }}/gpg_key_url.list?os={{ os }}&dist={{ version }}&name={{ ansible_nodename }} 5 | debian_config_file_url: https://packagecloud.io/install/repositories/{{ repository }}/config_file.list?os={{ os }}&dist={{ version }}&name={{ ansible_nodename }} 6 | debian_config_file_location: /etc/apt/sources.list.d/{{ repository|replace("/", "_")}}.list 7 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-stream-dump-external/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | video_stream_dump_hdd: /dev/sdb 3 | video_stream_dump_configure_hdd: true 4 | video_stream_dump_destroy_all_streamdump_data: false 5 | video_dump_source: [] 6 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-stream-dump-external/files/streamdump.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | while true; do 4 | ffmpeg -v error -y -i "$1"'?timeout=1000000' -map 0 -c copy -f mpegts $2`date +%s`.ts 5 | done 6 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-stream-dump-external/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart streamdump target 3 | become: true 4 | systemd: 5 | daemon_reload: true 6 | name: streamdump.target 7 | state: restarted 8 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-stream-dump-external/tasks/configure_streamdump.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: create stream dump directories 4 | file: 5 | path: "/mnt/storage/{{ item }}" 6 | state: directory 7 | owner: root 8 | group: root 9 | mode: 0755 10 | with_items: "{{ video_sproxy }}" 11 | 12 | - name: install stream dump script 13 | copy: 14 | src: streamdump.sh 15 | dest: /usr/local/bin/streamdump.sh 16 | owner: root 17 | group: root 18 | mode: 0755 19 | notify: 20 | - restart streamdump target 21 | 22 | - name: install stream dump services 23 | template: 24 | src: streamdump.service 25 | dest: "/etc/systemd/system/streamdump-{{ item }}.service" 26 | owner: root 27 | group: root 28 | mode: 0644 29 | with_items: "{{ video_sproxy }}" 30 | register: video_stream_dump_services 31 | notify: 32 | - restart streamdump target 33 | 34 | - name: enable streamdump service 35 | systemd: 36 | name: "streamdump-{{ item }}" 37 | enabled: true 38 | state: started 39 | daemon_reload: true 40 | with_items: "{{ video_sproxy }}" 41 | 42 | - import_tasks: streamdump_target.yml 43 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-stream-dump-external/tasks/install_packages.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "install packages" 3 | apt: 4 | state: latest 5 | install_recommends: false 6 | package: 7 | - ffmpeg 8 | - sysstat 9 | - mpv 10 | - avahi-daemon 11 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-stream-dump-external/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: install_packages.yml 3 | - import_tasks: configure_hdd.yml 4 | when: video_stream_dump_configure_hdd 5 | - import_tasks: configure_streamdump.yml 6 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-stream-dump-external/tasks/streamdump_target.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install streamdump target 3 | template: 4 | src: streamdump.target 5 | dest: /etc/systemd/system/streamdump.target 6 | owner: root 7 | group: root 8 | mode: 0644 9 | notify: 10 | - restart streamdump target 11 | 12 | - name: start and enable streamdump target 13 | become: true 14 | systemd: 15 | daemon_reload: true 16 | name: streamdump.target 17 | state: started 18 | enabled: true 19 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-stream-dump-external/templates/streamdump.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description={{ item }} stream dump service 3 | PartOf=streamdump.target 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/streamdump.sh 'tcp://{{ item }}.video.fosdem.org:8899/' /mnt/storage/{{ item }}/ 7 | ExecReload=/bin/kill -HUP $MAINPID 8 | KillMode=control-group 9 | KillSignal=SIGKILL 10 | Restart=on-failure 11 | 12 | [Install] 13 | WantedBy=streamdump.target 14 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-stream-dump-external/templates/streamdump.target: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Streamdump target allowing to start/stop all streamdump-*.service instances at once 3 | [Install] 4 | WantedBy=multi-user.target 5 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-stream-dump/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | video_stream_dump_hdd: /dev/sdb 3 | video_stream_dump_configure_hdd: true 4 | video_stream_dump_destroy_all_streamdump_data: false 5 | video_dump_source: [] 6 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-stream-dump/files/streamdump.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | while true; do 4 | ffmpeg -v error -y -i "$1"'?timeout=1000000' -map 0 -c copy -f mpegts $2`date +%s`.ts 5 | done 6 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-stream-dump/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: restart streamdump target 3 | become: true 4 | systemd: 5 | daemon_reload: true 6 | name: streamdump.target 7 | state: restarted 8 | 9 | - name: restart streamdump service 10 | become: true 11 | systemd: 12 | daemon_reload: true 13 | name: "streamdump-{{ item }}.service" 14 | state: restarted 15 | with_items: "{{ video_stream_dump_services.results }}" 16 | when: item is changed 17 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-stream-dump/tasks/configure_streamdump.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: Loop for streamdump type 3 | include_tasks: configure_streamdump_simple.yml 4 | with_items: 5 | - cam 6 | - slides 7 | - vocto 8 | tags: video-stream-dump-internal 9 | 10 | - import_tasks: streamdump_target.yml 11 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-stream-dump/tasks/configure_streamdump_simple.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: set type of box 4 | set_fact: 5 | box_type: "{{ item }}" 6 | 7 | - name: create stream dump directories 8 | file: 9 | path: "/mnt/storage/{{ item }}-{{ box_type }}" 10 | state: directory 11 | owner: root 12 | group: root 13 | mode: 0755 14 | with_items: "{{ video_rooms }}" 15 | 16 | - name: install stream dump script 17 | copy: 18 | src: streamdump.sh 19 | dest: /usr/local/bin/streamdump.sh 20 | owner: root 21 | group: root 22 | mode: 0755 23 | notify: 24 | - restart streamdump target 25 | 26 | - name: install stream dump services 27 | template: 28 | src: streamdump.service 29 | dest: "/etc/systemd/system/streamdump-{{ item }}-{{ box_type }}.service" 30 | owner: root 31 | group: root 32 | mode: 0644 33 | with_items: "{{ video_rooms }}" 34 | register: video_stream_dump_services 35 | notify: 36 | - restart streamdump service 37 | 38 | - name: enable streamdump service 39 | systemd: 40 | name: "streamdump-{{ item }}-{{ box_type }}" 41 | enabled: true 42 | state: started 43 | daemon_reload: true 44 | with_items: "{{ video_rooms }}" 45 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-stream-dump/tasks/install_packages.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: "install packages" 3 | apt: 4 | state: latest 5 | install_recommends: false 6 | package: 7 | - ffmpeg 8 | - sysstat 9 | - mpv 10 | - avahi-daemon 11 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-stream-dump/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: install_packages.yml 3 | - import_tasks: configure_hdd.yml 4 | when: video_stream_dump_configure_hdd 5 | - import_tasks: configure_streamdump.yml 6 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-stream-dump/tasks/streamdump_target.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: install streamdump target 3 | template: 4 | src: streamdump.target 5 | dest: /etc/systemd/system/streamdump.target 6 | owner: root 7 | group: root 8 | mode: 0644 9 | notify: 10 | - restart streamdump target 11 | 12 | - name: start and enable streamdump target 13 | become: true 14 | systemd: 15 | daemon_reload: true 16 | name: streamdump.target 17 | state: started 18 | enabled: true 19 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-stream-dump/templates/streamdump.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description={{ item }}-{{ box_type }} stream dump service 3 | PartOf=streamdump.target 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/streamdump.sh 'http://{{ item }}-{{ box_type }}.video.fosdem.org/0.ts' /mnt/storage/{{ item }}-{{ box_type }}/ 7 | ExecReload=/bin/kill -HUP $MAINPID 8 | KillMode=control-group 9 | KillSignal=SIGKILL 10 | Restart=on-failure 11 | 12 | [Install] 13 | WantedBy=streamdump.target 14 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-stream-dump/templates/streamdump.target: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Streamdump target allowing to start/stop all streamdump-*.service instances at once 3 | [Install] 4 | WantedBy=multi-user.target 5 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-streamer-backend/defaults/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | destroy_all_streambackend_data: false 3 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-streamer-backend/files/bic/modules: -------------------------------------------------------------------------------- 1 | tcp_bic 2 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-streamer-backend/files/fetcher/thumb.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | if [ -z "$1" ]; then 4 | echo Usage: $0 room 5 | exit 2 6 | fi 7 | 8 | cd /var/www/hls || exit 3 9 | 10 | room="$1" 11 | 12 | while :; do 13 | ffmpeg -v error -y -i `ls -t ${room}-1080p-*ts|head -n1` -update 1 -frames:v 1 ${room}-preview.jpg 14 | sleep 10 15 | done 16 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-streamer-backend/files/iptables/rules.v4: -------------------------------------------------------------------------------- 1 | # Generated by xtables-save v1.8.2 on Thu Feb 4 10:17:08 2021 2 | *filter 3 | :INPUT ACCEPT [0:0] 4 | :FORWARD ACCEPT [0:0] 5 | :OUTPUT ACCEPT [0:0] 6 | -A INPUT -i enp193s0 -p udp -m udp --dport 111 -j DROP 7 | -A INPUT -i enp193s0 -p tcp -m tcp --dport 111 -j DROP 8 | -A INPUT -i enp193s0 -p udp -m udp --dport 2049 -j DROP 9 | -A INPUT -i enp193s0 -p tcp -m tcp --dport 2049 -j DROP 10 | COMMIT 11 | # Completed on Thu Feb 4 10:17:08 2021 12 | 13 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-streamer-backend/files/iptables/rules.v6: -------------------------------------------------------------------------------- 1 | # Generated by xtables-save v1.8.2 on Thu Feb 4 10:17:08 2021 2 | *filter 3 | :INPUT ACCEPT [0:0] 4 | :FORWARD ACCEPT [0:0] 5 | :OUTPUT ACCEPT [0:0] 6 | -A INPUT -i enp193s0 -p udp -m udp --dport 111 -j DROP 7 | -A INPUT -i enp193s0 -p tcp -m tcp --dport 111 -j DROP 8 | -A INPUT -i enp193s0 -p udp -m udp --dport 2049 -j DROP 9 | -A INPUT -i enp193s0 -p tcp -m tcp --dport 2049 -j DROP 10 | COMMIT 11 | # Completed on Thu Feb 4 10:17:08 2021 12 | 13 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-streamer-backend/files/nginx/mtail.conf: -------------------------------------------------------------------------------- 1 | log_format mtail '$server_name $remote_addr - $remote_user [$time_local] ' 2 | '"$request" $status $bytes_sent $request_time ' 3 | '"$http_referer" "$http_user_agent" "$sent_http_content_type"'; 4 | 5 | access_log /var/log/nginx/metrics.log mtail; 6 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-streamer-backend/handlers/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - name: reload nginx 3 | service: 4 | name: nginx 5 | state: reloaded 6 | 7 | - name: restart nfs 8 | service: 9 | name: nfs-server 10 | state: restarted 11 | 12 | - name: restart iptables-persistent 13 | service: 14 | name: netfilter-persistent 15 | state: restarted 16 | 17 | - name: restart fetcher target 18 | become: true 19 | systemd: 20 | daemon_reload: true 21 | name: fetcher.target 22 | state: restarted 23 | 24 | - name: restart fetcher service 25 | become: true 26 | systemd: 27 | daemon_reload: true 28 | name: "fetcher-{{ item }}" 29 | state: restarted 30 | with_items: "{{ video_rooms + virtual_video_rooms }}" 31 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-streamer-backend/tasks/configure_bic.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Add the tcp_bic module 4 | modprobe: 5 | name: tcp_bic 6 | state: present 7 | 8 | - ansible.posix.sysctl: 9 | name: net.ipv4.tcp_congestion_control 10 | value: 'bic' 11 | sysctl_set: true 12 | state: present 13 | reload: true 14 | 15 | - name: install module load on boot 16 | copy: 17 | src: bic/modules 18 | dest: /etc/modules 19 | owner: root 20 | group: root 21 | mode: 0644 22 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-streamer-backend/tasks/install_packages.yml: -------------------------------------------------------------------------------- 1 | --- 2 | 3 | - name: Add testing repo 4 | apt_repository: 5 | filename: testing 6 | repo: "deb http://deb.debian.org/debian/ testing main contrib non-free" 7 | 8 | 9 | - name: "install packages" 10 | apt: 11 | state: latest 12 | install_recommends: false 13 | package: 14 | - ffmpeg 15 | - libglib-object-introspection-perl 16 | - gir1.2-gstreamer-1.0 17 | - gir1.2-gst-plugins-base-1.0 18 | - gstreamer1.0-plugins-base 19 | - gstreamer1.0-plugins-good 20 | - gstreamer1.0-plugins-bad 21 | - gstreamer1.0-plugins-ugly 22 | - gstreamer1.0-libav 23 | - libdbd-pg-perl 24 | - nginx-common 25 | - nginx-doc 26 | - nginx-extras 27 | 28 | 29 | - name: "install ffmpeg from testing" 30 | apt: 31 | state: latest 32 | install_recommends: false 33 | default_release: testing 34 | package: 35 | - ffmpeg 36 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-streamer-backend/tasks/main.yml: -------------------------------------------------------------------------------- 1 | --- 2 | - import_tasks: install_packages.yml 3 | # - import_tasks: mount_ssd.yml 4 | - import_tasks: configure_bic.yml 5 | - import_tasks: configure_nginx.yml 6 | - import_tasks: configure_fetcher.yml 7 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-streamer-backend/templates/fetcher/fetcher.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description={{ item }} vlc fetcher service 3 | PartOf=fetcher.target 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/fetcher.sh {{ item }} 7 | KillMode=control-group 8 | KillSignal=SIGKILL 9 | Restart=always 10 | RestartSec=3 11 | User=www-data 12 | Group=www-data 13 | 14 | [Install] 15 | WantedBy=fetcher.target 16 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-streamer-backend/templates/fetcher/fetcher.target: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description=Streamdump target allowing to start/stop all streamdump-*.service instances at once 3 | [Install] 4 | WantedBy=multi-user.target 5 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-streamer-backend/templates/fetcher/room.m3u8: -------------------------------------------------------------------------------- 1 | #EXTM3U 2 | #EXT-X-VERSION:3 3 | #EXT-X-STREAM-INF:BANDWIDTH=3500,RESOLUTION=1920x1080,CODECS="avc1.640828,mp4a.40.2" 4 | {{ item }}-1080p.m3u8 5 | 6 | #EXT-X-STREAM-INF:BANDWIDTH=1000,RESOLUTION=854x480,CODECS="avc1.64081f,mp4a.40.2" 7 | {{ item }}-480p.m3u8 8 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-streamer-backend/templates/fetcher/thumb.service: -------------------------------------------------------------------------------- 1 | [Unit] 2 | Description={{ item }} thumbnail service 3 | PartOf=fetcher.target 4 | 5 | [Service] 6 | ExecStart=/usr/local/bin/thumb.sh {{ item }} 7 | KillMode=control-group 8 | KillSignal=SIGKILL 9 | Restart=always 10 | RestartSec=3 11 | User=www-data 12 | Group=www-data 13 | 14 | [Install] 15 | WantedBy=fetcher.target 16 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-streamer-backend/templates/nfs/exports.j2: -------------------------------------------------------------------------------- 1 | {% for export in nfs_exports %} 2 | {{ export }} 3 | {% endfor %} 4 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-streamer-backend/templates/nginx/nginx-rtmp.conf: -------------------------------------------------------------------------------- 1 | # {{ansible_hostname}} 2 | # 3 | 4 | rtmp_auto_push on; 5 | 6 | rtmp { 7 | # Only allow publishing from trusted sources 8 | {% for address in nginx_rtmp_publishers %} 9 | allow publish {{ address }}; 10 | {% endfor %} 11 | deny publish all; 12 | 13 | server { 14 | listen 1935; 15 | 16 | application stream { 17 | record all; 18 | 19 | record_path /var/www/dump; 20 | record_suffix /%Y%m%d%H%M%S.flv; 21 | 22 | record_interval 30m; 23 | 24 | # Needed in case something goes wrong during the conversion. As long as this 25 | # isn't wrapped in a script, ffmpeg will terminate properly without the 26 | # default SIGKILL. Otherwise see nginx-rtmp wiki for a clean example. 27 | exec_kill_signal term; 28 | exec_record_done ffmpeg -v error -y -i $path -codec copy -movflags +faststart $path.mp4; 29 | 30 | live on; 31 | 32 | hls on; 33 | hls_path /var/www/hls; 34 | hls_fragment_naming system; 35 | 36 | drop_idle_publisher 20s; 37 | } 38 | } 39 | } 40 | -------------------------------------------------------------------------------- /ansible/playbooks/roles/video-streamer-backend/templates/sreview/config.pm.j2: -------------------------------------------------------------------------------- 1 | our $config; 2 | 3 | $dbistring = "dbi:Pg:dbname=sreview;host={{ sreview_db_host }};sslmode=require;user=sreview;password={{ sreview_db_pw }}"; 4 | $inputglob = "/var/www/dump/*/*.flv.mp4"; 5 | $parse_re = '.*\/(?