Use a static IP for icecast, no proxy

Icecast hates proxies, and proxies hate it. It's not totally HTTP compliant. It also uses Yellow Pages as a directory for publically findable podcasts
redbrick · May 21, 2020 · 30aa4d4 · 30aa4d4
1 parent 761208a
commit 30aa4d4
Show file tree

Hide file tree

Showing 4 changed files with 19 additions and 4 deletions.
diff --git a/common/options.nix b/common/options.nix
@@ -32,5 +32,11 @@
       default = "136.206.15.3";
       type = lib.types.str;
     };
+
+    internalInterface = lib.mkOption {
+      description = "The interface name which owns the host's internal address. Default is the internal VLAN";
+      default = "internal";
+      type = lib.types.str;
+    };
   };
 }
diff --git a/hosts/m1vm/configuration.nix b/hosts/m1vm/configuration.nix
@@ -9,6 +9,7 @@
     ../../services/postfix
     ../../services/dovecot
     ../../services/certs
+    ../../services/icecast.nix
     ../../services/postgres.nix
   ];
 
@@ -38,6 +39,7 @@
   redbrick.skipCustomVhosts = true;
   redbrick.smtpBindAddress = "192.168.0.135";
   redbrick.smtpExternalAddress = "136.206.15.5";
+  redbrick.internalInterface = "enp1s0";
 
   users.users.lucasade = {
     isNormalUser = true;

diff --git a/services/httpd/vhosts.nix b/services/httpd/vhosts.nix
@@ -212,7 +212,6 @@ in (userVhosts // {
   "git.${tld}" = vhostProxy "http://localhost:3000/";
   "prometheus.${tld}" = vhostProxy "http://localhost:9090/";
   "graphs.${tld}" = vhostProxy "http://localhost:3001/";
-  "dcufm.${tld}" = vhostProxy "http://localhost:8002/";
   "jakarta.${tld}" = vhostProxy "http://136.206.15.59:8080/";
   "macspayn.${tld}" = vhostProxy "http://136.206.15.25:3007/";
   "portaldev.${tld}" = vhostProxy "http://136.206.15.61:9080/";

diff --git a/services/icecast.nix b/services/icecast.nix
@@ -5,24 +5,32 @@ let
   admin-secret = "/var/secrets/icecast-admin.secret";
   source-secret = "/var/secrets/icecast-source.secret";
   relay-secret = "/var/secrets/icecast-relay.secret";
+
+  # Hard-coded listen address, will be added to the host's
+  # internalInterface addresses.
+  listenAddress = "192.168.0.5";
 in {
   users.users.icecast = {
     description = "Service user for icecast";
     isSystemUser = true;
-    group = "icecast";
     shell = "/dev/null";
-    home = "/dev/null";
   };
 
+  networking.interfaces."${config.redbrick.internalInterface}".ipv4.addresses = [{
+    address = listenAddress;
+    prefixLength = 24;
+  }];
+
   services.icecast = {
     enable = true;
-    hostname = "localhost";
+    hostname = "dcufm.${tld}";
     user = "icecast";
     admin = {
       password = "${lib.fileContents admin-secret}";
     };
     listen = {
       port = 8002;
+      address = listenAddress;
     };
     logDir = "/var/log/icecast/";
     extraConf = ''