From 1e4989e67d93e70f64a2d887b632803de6939750 Mon Sep 17 00:00:00 2001
From: Jimbo <jimjam4real@gmail.com>
Date: Sat, 7 Sep 2024 00:38:19 -0400
Subject: [PATCH] Add initial support for Icecast and Liquidsoap, to later
 replace Azuracast and Docker

---
 nixos/modules/ips.nix      |   1 +
 nixos/server.nix           |   1 +
 nixos/server/firewall.nix  |  16 ++++++++-------
 nixos/server/icecast.nix   |  41 +++++++++++++++++++++++++++++++++++--
 nixos/server/wireguard.nix |  12 +++++++----
 secrets.nix                | Bin 2061 -> 2107 bytes
 6 files changed, 58 insertions(+), 13 deletions(-)

diff --git a/nixos/modules/ips.nix b/nixos/modules/ips.nix
index 82e98a1b..8e9d6a6e 100644
--- a/nixos/modules/ips.nix
+++ b/nixos/modules/ips.nix
@@ -4,4 +4,5 @@ rec {
   server = "${localSpan}.2";
   pc = "${localSpan}.3";
   vm = "${localSpan}.4";
+  hx = "${localSpan}.70";
 }
diff --git a/nixos/server.nix b/nixos/server.nix
index 7039f689..9ecb5bec 100644
--- a/nixos/server.nix
+++ b/nixos/server.nix
@@ -22,6 +22,7 @@
     ./server/acme.nix
     ./server/ddclient.nix
     ./server/docker.nix
+    ./server/icecast.nix
     ./server/firewall.nix
     ./server/gitea.nix
     ./server/lemmy.nix
diff --git a/nixos/server/firewall.nix b/nixos/server/firewall.nix
index 61737894..c1082ae1 100644
--- a/nixos/server/firewall.nix
+++ b/nixos/server/firewall.nix
@@ -29,16 +29,18 @@
             chain PREROUTING {
               type nat hook prerouting priority dstnat; policy accept;
               tcp dport 2211 dnat to ${ips.pc}:22 comment "SSH to PC"
-              udp dport { 27005, 27015, 7777 } dnat to ${ips.pc} comment "Games to PC"
+              udp dport { 27005, 27015, 7777 } dnat to ${ips.pc} comment "PC Hosted Games"
             
-              tcp dport { 58010, 57989, 57984 } dnat to ${ips.pc} comment "Sunshine TCP to PC"
-              udp dport { 57998, 57999, 58000 } dnat to ${ips.pc} comment "Sunshine UDP to PC"
+              tcp dport { 58010, 57989, 57984 } dnat to ${ips.pc} comment "PC Sunshine TCP"
+              udp dport { 57998, 57999, 58000 } dnat to ${ips.pc} comment "PC Sunshine UDP"
             
-              tcp dport { 38010, 37989, 37984 } dnat to ${ips.vm} comment "Sunshine TCP to VM"
-              udp dport { 37998, 37999, 38000 } dnat to ${ips.vm} comment "Sunshine UDP to VM"
+              tcp dport { 38010, 37989, 37984 } dnat to ${ips.vm} comment "VM Sunshine TCP"
+              udp dport { 37998, 37999, 38000 } dnat to ${ips.vm} comment "VM Sunshine UDP"
+
+              udp dport { 7790, 7791, 7792 } dnat to ${ips.hx} comment "Deus Ex"
             
-              ip saddr ${outputs.secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR TCP to VM"
-              ip saddr ${outputs.secrets.cornIP} udp dport { 9943, 9944 } dnat to ${ips.vm} comment "ALVR UDP to VM"
+              ip saddr ${outputs.secrets.cornIP} tcp dport { 9943, 9944 } dnat to ${ips.vm} comment "VM ALVR TCP"
+              ip saddr ${outputs.secrets.cornIP} udp dport { 9943, 9944 } dnat to ${ips.vm} comment "VM ALVR UDP"
             }
             chain POSTROUTING {
               type nat hook postrouting priority 100; policy accept;
diff --git a/nixos/server/icecast.nix b/nixos/server/icecast.nix
index 1a2f5ccd..42926c74 100644
--- a/nixos/server/icecast.nix
+++ b/nixos/server/icecast.nix
@@ -1,4 +1,4 @@
-{outputs, ...}: {
+{pkgs, outputs, ...}: {
   # Icecast, replacing Azuracast maybe
   services = {
     icecast = {
@@ -7,8 +7,45 @@
       hostname = "icecast.${outputs.secrets.jimDomain}";
       admin = {
         user = "jimbo";
-	password = "${outputs.secrets.castPass}";
+	password = "${outputs.secrets.castAdminPass}";
       };
+      extraConf = ''
+        <authentication>
+          <source-password>${outputs.secrets.castSourcePass}</source-password>
+        </authentication>
+      '';
+    };
+    liquidsoap.streams = let
+      jimbops = ''
+        # CONFIGURATION
+        settings.log.stdout.set(true)
+        settings.init.allow_root.set(true)
+        settings.scheduler.fast_queues.set(2)
+        settings.decoder.file_extensions.mp4.set(["m4a", "m4b", "m4p", "m4v", "m4r", "3gp", "mp4"])
+        
+        # Define the source with random playlist
+        jimbops = mksafe(normalize(playlist(mode='randomize', reload=1, reload_mode="rounds", "/export/JimboNFS/Music/")))
+        
+        # Ensure the stream never stops
+        jimbops_fallback = fallback([jimbops, jimbops])
+        
+        # Output configuration to Icecast
+        output.icecast(
+          %vorbis(channels=2, samplerate=48000, quality=0.8),
+          host="127.0.0.1",
+          port=265,
+          password="${outputs.secrets.castSourcePass}",
+          description="JimBops Radio",
+          url="https://icecast.jimbosfiles.com/jimbops.opus",
+          public=true,
+          icy_metadata=["artist", "title"],
+          genre="My personal music folder.",
+          mount="jimbops.opus",
+          jimbops_fallback
+        )
+      '';
+    in {
+      JimBops = pkgs.writeText "liquidjim" jimbops;
     };
     nginx.virtualHosts."icecast.${outputs.secrets.jimDomain}" =  {
       enableACME = true;
diff --git a/nixos/server/wireguard.nix b/nixos/server/wireguard.nix
index 6873d8ad..02ba8f42 100644
--- a/nixos/server/wireguard.nix
+++ b/nixos/server/wireguard.nix
@@ -2,10 +2,14 @@
   ips = import ../modules/ips.nix;
 in {
   # enable NAT
-  networking.nat.enable = true;
-  networking.nat.externalInterface = "${ips.netInt}";
-  networking.nat.internalInterfaces = [ "wg0" ];
-  networking.firewall.allowedUDPPorts = [ 51820 ];
+  networking = {
+    nat = {
+      enable = true;
+      externalInterface = "${ips.netInt}";
+      internalInterfaces = [ "wg0" ];
+    };
+    firewall.allowedUDPPorts = [ 51820 ];
+  };
 
   networking.wireguard = {
     enable = true;
diff --git a/secrets.nix b/secrets.nix
index bcf084a8288927f988b1e78c83663279e10937c9..48d581b0a1890ae46746264963ef2e5f65dc2e1d 100644
GIT binary patch
literal 2107
zcmZQ@_Y83kiVO&0NY&w8da>@v;;<}FliYU`l)wM`tueE9N=CcIoDa+w{$5YI;kd{*
ze^R%|mP?m^eLR|cefw|2C%#tqFZW!?d1PM3yg~8Uh5U%fLP6n^QW^K}YHZI~-tt1O
z=y}<cMA`2THXIA!RIw9q>6~B9()-No$5b`ZLLsFGwY~ivEY=MHUv&0Q_Yf@F(RJ?f
zu@)xP%!0$Sm;5-qYb)bky>pW5Q{Hs0cyu>epu9frV#V~vnMceb=6p!lGH-A9UoFeS
z`bGg2TUN^|9f=7{cG@O(e71(U+|H9rm&%3C`7O6EXL$y@&L#K9@mw}5$`+mVc=Y^!
zf$;MM6;U_;`1HozHoJB|@JN*VqKk9q8a`7JT`V=BYSvRN1NQlb`$HqRG|vm2J#Kz;
zr?OM(0`YyiOCzRB7ELXDuz&WA;Qx$EDpE4Scd+bnHt@7E|7G&H{GCP3>B}<{&Ia`A
zPu#o9^!OLuw#Cuy<u7?&%+ua<rZ-@7>+U>Zepw+t#bsCKf6{inf3ksl%Z-kkf0o!+
zt<0!h(P#9uS?cW~uOD_PSNc}HeSLFw$)pK$bb8lt6mEWQu=(iR%!v8gRg>Pkd$Y(l
ze%KqhKVMQT(wIGE<(i3>9YJglf0x|d<8(vlXxOBbsHYE}9p7^PUzugave|3ZTHT*7
z^g7U#|7X9Rs)E35No`r{htdyDE~`7<QJz+GPbHjFqowm!oQUSjCFkm0m(<rib)E3w
zsaw)!olAKe!=`6$cNF$%Tps^XNW0-}x&9MjhJ7zCi=~K)t^egcf2Vxud2XHub(w9u
z|1^{>^S5Qoy8m8tzr*2IuN|ttKVJLir|;EQf-y0sTTS~n-GBN2QKVGlmX=$rVSA$Z
z^JiL#I{*I~XmI7}1-U1e8P*Hv*7*Hu+t4{JeNp4NJ@tV`uV(Djc;<Bc-0n?Wn~%P*
zN<IJ9`s!Pm7bg`K<s8stKgk|s@rd!^-JlIwwq3^*I-~Byhp|-D9eIA^-xZm;1qp}!
zrLHHtvfQbb{34vV%6*llWy||_MM1Of%yaFv$^4O2`_1yeI>QN@74|D{72CW?_m~fx
zj>SoN$7MBF6chxuyRWkCXwu)Hp!v`F*tH1{&s=J+SmG-;?{DeuklZ8trafI=6jpgA
z*3!C`lg(J}&4m}sPx*#wKU3Hf>$gUv_!QscLlT#xx3-pb?pd9%dF8Y{^;=39=eh*R
zJ?9BJny>x-mwdeV-1MF;SH8(OoKI#8tLx9(_3w1~semnI^7j8TN@gE!HD#TjzDg`o
z<JRXgl{YE{v$Pg96-fv>?Ead`(NZL%D}3^?q?4_Gw4%V_P0ZhW9fY4JKE0mweV6z*
z;Sb*$6hGSttk$T?o6dTrjOlJg+PM=qeM^|{9nBPew&3eY-j0*EKII%a@@2Z^0=um*
z-kyGNVx#lH?iK+Rb<?%e7k6)%A;0@!L89fi=NC2g)0!r(usqQHCEe*y{yar#=cfn0
z-d(VJUfWWJxjR^m(j5!)?`l<U7o9r6MyqP>8rH&`9W%Teq`Uv^KHQROyw>|0|L@18
zn_gZ^i}`<KZ})*FFTI@`>RDC7n0Nm=ykS+ES~(NTdcKq0s*IeAPlmTwZefnU$-rtK
zCwR90a;WeE^^Zzx8xHb*it<QW>E##q&ZPBg*_jWA-SXqp{(lQjEoOfG@|F|Jg2pSl
zs?&Y4+&2BwEy%d4l((Y)xQNihLvu9Eqjh)b{{7gtsX6-8@=se2{fqGmX0(oCN;@a9
zSW$J>_K5cjK3?B#ueGzFZE|U6v8cIxe#M2QJlf$_Q5vjjJ^Z0YQmf1IEIa3De7Jk`
z74H}RTZjF-R~$XCV3MkutbR#(%O9avN}5*JA3aaF^hn}fLfMWKy{7Enzn9JBt(y4C
z=lwMe&fkBoJ{MmRFLc+aMR4MYRTtDfid|bDUHt#7c2iTyifa>Q6rc8RUNB=0N1X3@
z`?TG$`wmNY%)0*RMwUUT`p5VMC*n0WpH%Wv3vEbQ@U^_Q&)r;2YF3q0GK(R*dE(EK
zu#_wO7G9dqyq-KTy}FD!?_r|ak*5-(KFQ5WcY3t9#=hU_vthef@XV`<wM?Sx)`+(z
z`uV1dW#0F&Pd{^SvX7x<;<YbJHdd{jZkYD+MR~)Ko(o=@p&jRz-uYY~<@9Mql5z9y
z6+ag^Z@%8M<)_>IAi?v-wt@??OTGp9_;)mxE)3TGQ~h6Cw?XKJ-`VAJmxgk-Dc4v%
zy%l0)s$m>vEwww@;A}&|6#ZElJCYQ$CrlUKUc8xKweW?DoZfp!YiHr>N7>e{h-FFI
zcx<(@<GJZG=FH@Gnl(`&SMB%%4V&IYS#APcH%~ifCH*|Kcx~;R*1rO0Ip->voGUTc
z%x%dGZ*!~QopY(>P{7_x2PA7|i8gYFUfJ((Pkoj|wrRNZ(i7QF+rPaxEDYkePhYu1
z;+TGL>Hpbwu~K4z%XZKFe#o*$l=ac6b)k2UuKZ9~Dz`lRlfXlV@8_q?KB&vq@MGy7
zA4dD8)uAUc8Sdz9dpO1Avh^R68BaY}9BMo>YxTN*b}!sFOZ`px%jf5k&M0qU+CFXi
zDT#CQ{+?d8B}*gxLHDwI`>s_tMl3$#{61=H>#J4InXY*&`PqGw>^eVRIpVQGiOIzJ
zI+w?NZ`MkjEw22yrdjPmY2P-(1;1H-9`Wd3_sr$-j}>`=6F;SteF>WHv&vLVBt9r<
zlVs<~NVaW7thXL|c<FIptK><TT@)W{);Kpgey7x@zWbThac(!?$mqx0oV}M~=N{{J
zN4-$Kx8b>$sF0w`<IkKL&JCh+Yxs8jbk*;akeXPTr?FIQX7tMYYf3kq-Fxu&@*^)j
t)aN-w#{bK{tNC`SZtB5x7dM36dY&cz!M^VK(G%+&A}>@Loslb#0RX*K9K`?t

literal 2061
zcmZQ@_Y83kiVO&0xR7;R*tXYsZq&8!i!AaJ*?a_xTaO9Ozqj@Pr^y5%)qOYKtqs1H
zd4JRM46Y;R_yRBeYteknwsg0i@#A&(4B6tJJ+uDDW!0KFBg1wd@15;WYTm4vaA%I>
zOnv5`cb3~46o&dQ`dz^^>Gj7A6O-LPKW$0+7-P)$NbqN{<x&fyWtQ@9{{Elm-BerY
z$bW=8p?j0dElU?J#_4R!KOD@u+T}cX|Hgnn+qkV9i)!7E=ort_I273VDdNt>&y(U?
zpZXs33(QpgmuAs*lRNR>jK@3s7M1zVV-l=MZ{XM46|p3l{oocQnX`XYy1M1wRY(@x
zdtxqji@AQq)S?MXh0dpSpPLuo?3+5B<GOv`p#=pgFRGaq1$ymHJ@Z>OQs8jg;#-oY
zLR<dZzOXPhIK>pHQT1fe-FYTLib~(E#I5+5m>?y1XHJG7cLwK5({iiePsbLDM$K=z
zoX)-O$PAO6m7)f|3zhb?39XiXt0jMT%A>i;2^WGt`9E6!eNtMGtIIC#NaJQTR=LwR
zy7iu)oqgnXk=Xj(@BEk<lW(wYcAI+5%fV!I=p`4fMx&)kBHd?LYhHiY^}}wz(k8`!
zttU#$Sx)g(b+^A+rYoEkVYTarNQ~Mp%ckdTQae7)of_?BS-b9MpG2X)bn>bdDi3>Q
zezwOIJ~#Msda>9fFXKbuDNEH_j?FoD)9dk*<7f9@EbWQ=dnG+X@n7?X11uYsOSB8$
zIcR6Rh_(3HnREM#7pB%Hmc*YmnfRF9bb=vcXUwZh&oZkg=VnaF;5hu~p<d9AMPXf&
z-L=0@=&G0(yyDps`&NmkKPK3-x_sbWzR%2g56_C#dV78t`!D!8_iV<GyatO|&vy$k
zUwdlxWTz5C^V_q_dpi81BxfG>|M8sh@dI%kr+D_Ob*q;A-nqPHZD`RugL=;SzBgmv
z6pE=9>A96I;F-*NdF7A2xA$6e_PWj3?rS==FSc{{0`EOrjsE)_WOIwY^;}`HMB<bK
zQ8|IvUw?4gx=L(9<3`=i_`T(7Vw04s{bO&2_PFdkzB(w2^+&GNZ01stZSPiBPGp(6
zz@Z}2u|IC|z5NqEbsVr2Icl*!f4g-@d&Z5OkCa{WelxH5*!P+LOu3%tuN4<pMd}8x
z&s&|bK;rG5c!oyK`1QM1o@8lKYBzMdtaEKk#sBlJ?zf(ZUp=%+vAa(sXwxar1$_&?
zBsP?Cso#%c(>x^hU+SOJRKxFfRg;cI%d7DBRT|7)Sjg~hN!Q~KTNr-rfBJ9Ze6a>s
z6}=9Bo>0~)S4_9<*tNNUbM5pqKRNasvE830eS66g^Vz%n?HPpQTYqPz*u+ostlDHh
zYfkvzhi76uSnQ`qU#>opV0P$q(qnICo(D}w5|`h;r()=Fed5l&2R$O!e6-(@GFL`;
zw@~lT1C0#-3X-2WM*q;O)5<!cZ(V5n@!7e50ynms)+k8s6JESqZKaS?oZi>xD^Hz1
zko#-8c8+VKLqh)~^Nb|+FXllm4N~)U%yyleQ2ro2$<+SAHVtKgAFQA5XjUKPJzXjr
z75{j$pzp*L-hZb3m^xWpzgv4!iPS%h<Qwgqc16}4sa@|Q@+Nmj#?C$U-zS!)y^{+0
zXJ)YTS7j-$_T)>umqjM=i{6s4%UZHBA>qL8GMQr)Q-6xiXVY1tXnyA276yHvr3oGh
z1uOoo?)i0V_V3-@Zp*VbuVK40|G*8GEp5U&^8+)s2NuZ~&wuXxh$H6o{BG^N+&mq8
zT20Rj1-*D49lO_l^<{LwsO1O$|AJzFYI0}hmDzT>yYZimbUd$n)<)M)+0D04KyO9m
z-tu3kY@aP&&-!uK#uYN*%Ub@wyzOnVLsNcF<gXQR#=HK6Eiw7F=FNfLUy7UZwGX>~
zx%=SZ#h_xPKf4aZS3mveyfNv`QOQWoBtIdx%m&3Xo=%s(J~Q-dS~&lYbl~Ldpvf8D
zrKXc&d=eWT746LVpcnemNneBO-McW}E%|J$YtrgmZt}0Uo$+;3UqI-?1t<7#o}QyK
z|LVHs-}~Lx{#&pwqA|_S;jpgF`;e5E?`r4$H|jnj<?!0OFWS8Eu+idOrW=lnzlyvl
zafgBFl3soEa_RFY-DmEdV8roq{#T1=&tJTEQX6!e6t!p0(6BapkyRbyXaB3rwd3vk
zrsGvlWUl`%FnM5|!pJpk>HYmGC+G3bJLG<Ns=M{->AS8vMjHM7_clKv+TmsNQuc70
zxYKW0Yo^tl{I+|d&2QbyZ`SlyAM1-LwGtASf0Oga$mgP-xz3NjE2n-6mTj85@=Rg@
zTRzWoO&w=xm#Z%m4`?~O)OpU3Qt(W7jp^#;Zm%V`7gZ_DuIpD6kJ~fx$)U%0&-jae
zpLHohovDr0;`XmH{^U99gGBlcHNUR#2#HVMx;f~g*>1nNjr$hp&w0-?S=e>4=VQL#
z-YSjV-zR+L*2;D7uiR#3XvIFk<O3gzqoUN_x(DV`Zd=bi%-=C(SF`=pRXaBCH9YLR
zH}T4>Srx|?-joqP@H=8bQ>nzAhi7GOCrVZtTP(V;|KC}U*LU|_5O^ijy_3aWNW)xR
zCF`JmjfC<y^S&J!%N~}wm2UIjDz#3-g(;>dU<QkRet+rH9}gpW|6TjN=Crm8kGfp;
ztkZ>7Y+QY|N=NqdwNJmeI@|SPo$r~)H`l3%GexZ3!|qz{Cp+n2kv+3a;m@-{v5%zL
zN+-YK{Qdd-%WdWgPwUp5+G4e&bSvM6eJo1H_pMrcIaP3pOZMg8=i)2=zS;eKb@JQ>
y#SP{0zCTxqofKTUMXqmSkCgho`OIxm8+^Mff?bw=xi>xQ$M);9AEY;M#{d9K?f?M*