ulfm: initial test run

applications/ulfm.nix

@@ -0,0 +1,37 @@
+{ config, lib, pkgs, ... }:{
+
+  # shove the entire config file into secrets
+  age.secrets.ulfm.file = ../secrets/stream_ulfm.age;
+
+  ###### implementation
+  networking.firewall.allowedTCPPorts = [ 8000 ];
+
+  users.groups."icecast" = { };
+
+  users.users."icecast2" = {
+    createHome = true;
+    isSystemUser = true;
+    home = "/etc/icecast2";
+    group = "icecast";
+  };
+
+  systemd.services.icecast = {
+    after = [ "network.target" ];
+    description = "Icecast Network Audio Streaming Server";
+    wantedBy = [ "multi-user.target" ];
+
+    preStart = "mkdir -p /var/log/icecast && chown nobody:nogroup /var/log/icecast";
+    serviceConfig = {
+      Type = "simple";
+      ExecStart = "${pkgs.icecast}/bin/icecast -c /run/agenix/ulfm";
+      ExecReload = "${pkgs.coreutils}/bin/kill -HUP $MAINPID";
+    };
+  };
+
+  services.nginx.virtualHosts."ulfm.skynet.ie" = {
+    #forceSSL = true;
+    #useACMEHost = "ulcompsoc.ie";
+    locations."/".proxyPass = "http://localhost:8000";
+  };
+
+}

machines/galatea.nix

@@ -28,7 +28,9 @@ in {
     # web stuff
     ../applications/nginx.nix
     #../applications/acme.nix
+
     # specific to tis server
+    ../applications/ulfm.nix
   ];
 
   deployment = {
@@ -57,14 +59,4 @@ in {
       "ulfm             CNAME   ${name}"
     ];
   };
-
-  networking.firewall.allowedTCPPorts = [ 8000 ];
-
-  services = {
-    nginx.virtualHosts."ulfm.skynet.ie" = {
-      #forceSSL = true;
-      #useACMEHost = "skynet";
-    #  locations."/gw2".proxyPass = "http://localhost:8085";
-    };
-  };
 }

secrets/secrets.nix

@@ -31,4 +31,7 @@ in
   "wireguard.age".publicKeys = users ++ systems;
   "dns_certs.secret.age".publicKeys = users ++ systems;
   "dns_dnskeys.conf.age".publicKeys = users ++ systems;
+
+  "stream_ulfm.age".publicKeys = users ++ systems;
+
 }