From 38e41bff20ddfbbcdfd8dfd176e55e9907a9d12b Mon Sep 17 00:00:00 2001
From: lassulus <lassulus@lassul.us>
Date: Sat, 7 Jan 2023 23:26:40 +0100
Subject: l radio: use http proxying, get proxied listeners

---
 lass/2configs/radio/default.nix | 59 +++++++++++++++++++----------------------
 lass/2configs/radio/weather.nix | 26 +++++++++---------
 2 files changed, 42 insertions(+), 43 deletions(-)

(limited to 'lass')

diff --git a/lass/2configs/radio/default.nix b/lass/2configs/radio/default.nix
index 3eab68e9f..f13181088 100644
--- a/lass/2configs/radio/default.nix
+++ b/lass/2configs/radio/default.nix
@@ -253,18 +253,38 @@ in {
     '';
   };
 
+  networking.firewall.allowedTCPPorts = [ 80 ];
   services.nginx = {
     enable = true;
-    virtualHosts."radio.lassul.us" = {
-      forceSSL = true;
-      enableACME = true;
+    virtualHosts."radio.r" = {
       locations."/".extraConfig = ''
-        proxy_set_header Host $host;
-        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
-        proxy_set_header X-Forwarded-Host $host;
-        proxy_set_header X-Forwarded-Server $host;
-        proxy_set_header X-Real-IP $remote_addr;
+        # https://github.com/aswild/icecast-notes#core-nginx-config
         proxy_pass http://localhost:8000;
+        # Disable request size limit, very important for uploading large files
+        client_max_body_size 0;
+
+        # Enable support `Transfer-Encoding: chunked`
+        chunked_transfer_encoding on;
+
+        # Disable request and response buffering, minimize latency to/from Icecast
+        proxy_buffering off;
+        proxy_request_buffering off;
+
+        # Icecast needs HTTP/1.1, not 1.0 or 2
+        proxy_http_version 1.1;
+
+        # Forward all original request headers
+        proxy_pass_request_headers on;
+
+        # Set some standard reverse proxy headers. Icecast server currently ignores these,
+        # but may support them in a future version so that access logs are more useful.
+        proxy_set_header  Host              $host;
+        proxy_set_header  X-Real-IP         $remote_addr;
+        proxy_set_header  X-Forwarded-For   $proxy_add_x_forwarded_for;
+        proxy_set_header  X-Forwarded-Proto $scheme;
+
+        # get source ip for weather reports
+        proxy_set_header user-agent "$http_user_agent; client-ip=$remote_addr";
       '';
       locations."= /recent".extraConfig = ''
         default_type "text/plain";
@@ -297,29 +317,6 @@ in {
         add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS';
       '';
     };
-    virtualHosts."lassul.us".locations."= /the_playlist".extraConfig = let
-      html = pkgs.writeText "index.html" ''
-        <!DOCTYPE html>
-        <html lang="en">
-          <head>
-            <meta charset="utf-8">
-            <title>lassulus playlist</title>
-          </head>
-          <body>
-            <div style="display:inline-block;margin:0px;padding:0px;overflow:hidden">
-              <iframe src="https://kiwiirc.com/client/irc.hackint.org/?nick=kiwi_test|?&theme=cli#the_playlist" frameborder="0" style="overflow:hidden;overflow-x:hidden;overflow-y:hidden;height:95%;width:100%;position:absolute;top:0px;left:0px;right:0px;bottom:0px" height="95%" width="100%"></iframe>
-            </div>
-            <div style="position:absolute;bottom:1px;display:inline-block;background-color:red;">
-              <audio controls autoplay="autoplay"><source src="http://lassul.us:8000/radio.ogg" type="audio/ogg">Your browser does not support the audio element.</audio>
-            </div>
-            <!-- page content -->
-          </body>
-        </html>
-      '';
-    in ''
-      default_type "text/html";
-      alias ${html};
-    '';
   };
   services.syncthing.declarative.folders."the_playlist" = {
     path = "/var/music/the_playlist";
diff --git a/lass/2configs/radio/weather.nix b/lass/2configs/radio/weather.nix
index ad96d8ec0..dca8a7843 100644
--- a/lass/2configs/radio/weather.nix
+++ b/lass/2configs/radio/weather.nix
@@ -10,23 +10,25 @@ let
     export PATH="${lib.makeBinPath [
       pkgs.coreutils
       pkgs.curl
-      pkgs.iproute2
-      pkgs.jc
       pkgs.jq
     ]}"
     curl -fSsz /tmp/GeoLite2-City.mmdb -o /tmp/GeoLite2-City.mmdb http://c.r/GeoLite2-City.mmdb
     MAXMIND_GEOIP_DB="/tmp/GeoLite2-City.mmdb"; export MAXMIND_GEOIP_DB
     OPENWEATHER_API_KEY=$(cat "$CREDENTIALS_DIRECTORY/openweather_api"); export OPENWEATHER_API_KEY
-    ss -no 'sport = :8000' |
-      jc --ss | jq -r '
-        [
-          .[] |
-            select(
-              .local_address != "[::ffff:127.0.0.1]"
-              and .local_address != "[::1]"
-            ) | .peer_address | gsub("[\\[\\]]"; "")
-        ] | unique[]
-      ' |
+    (
+      curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.ogg'
+      curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.mp3'
+      curl -sS 'http://admin:hackme@localhost:8000/admin/listclients.json?mount=/radio.opus'
+    ) | jq -rs '
+      [
+        .[][].source|values|to_entries[].value |
+        (.listener//[]) [] |
+        (.useragent | capture("client-ip=(?<ip>[a-f0-9.:]+)")).ip // .ip
+      ] |
+        unique[] |
+        select(. != "127.0.0.1") |
+        select(. != "::1")
+    ' |
       ${weather_for_ips}/bin/weather_for_ips
   '';
 in {
-- 
cgit v1.2.3

[cgit] Unable to lock slot /tmp/cgit/1a200000.lock: No such file or directory (2)