From e90cfacdfddd5577d6aab9b4b3583055370a5c5e Mon Sep 17 00:00:00 2001
From: 3wc <3wc@doesthisthing.work>
Date: Fri, 6 Aug 2021 11:40:28 +0200
Subject: [PATCH] =?UTF-8?q?Initial=20import=20=F0=9F=8E=B6=F0=9F=A4=96?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .env.sample   | 16 ++++++++++++
 .gitignore    |  1 +
 README.md     | 43 ++++++++++++++++++++++++++++++++
 abra.sh       |  1 +
 compose.yml   | 68 +++++++++++++++++++++++++++++++++++++++++++++++++++
 entrypoint.sh | 38 ++++++++++++++++++++++++++++
 6 files changed, 167 insertions(+)
 create mode 100644 .env.sample
 create mode 100644 .gitignore
 create mode 100644 README.md
 create mode 100644 abra.sh
 create mode 100644 compose.yml
 create mode 100644 entrypoint.sh

diff --git a/.env.sample b/.env.sample
new file mode 100644
index 0000000..76e9922
--- /dev/null
+++ b/.env.sample
@@ -0,0 +1,16 @@
+TYPE=botamusique
+
+DOMAIN=botamusique.example.com
+
+## Domain aliases
+#EXTRA_DOMAINS=', `www.botamusique.example.com`'
+LETS_ENCRYPT_ENV=production
+
+#BAM_MUMBLE_SERVER=mumble.example.com
+#BAM_USER=username
+#BAM_MUMBLE_PORT=
+#BAM_CHANNEL=channel
+#BAM_VERBOSE=
+
+SECRET_BAM_CERTIFICATE_VERSION=v1
+SECRET_BAM_MUMBLE_PASSWORD=v1
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..7a6353d
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.envrc
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..685aa39
--- /dev/null
+++ b/README.md
@@ -0,0 +1,43 @@
+# botamusique
+
+Bot to play youtube / soundcloud / radio / local music on Mumble 
+
+<!-- metadata -->
+
+- **Category**: Apps
+- **Status**:
+- **Image**:
+- **Healthcheck**:
+- **Backups**:
+- **Email**:
+- **Tests**:
+- **SSO**:
+
+<!-- endmetadata -->
+
+## Basic usage
+
+1. Set up Docker Swarm and [`abra`]
+2. Deploy [`coop-cloud/traefik`]
+3. `abra app new botamusique --secrets` (optionally with `--pass` if you'd like
+   to save secrets in `pass`)
+4. `abra app YOURAPPDOMAIN config` - be sure to change `$DOMAIN` to something that resolves to
+   your Docker swarm box
+5. `abra app YOURAPPDOMAIN deploy`
+6. Open the configured domain in your browser to finish set-up
+
+NB you currently need to manually generate a certificate:
+
+```
+openssl req -x509 -nodes -days 3650 -newkey rsa:2048 -keyout botamusique.pem -out botamusique.pem -subj "/CN=botamusique"
+```
+
+and load it into Docker swarm:
+
+```
+cat botamusique.pem | DOCKER_CONTEXT=swarm.example.com docker secret create bam_certificate_v1 -
+```
+
+[`abra`]: https://git.coopcloud.tech/coop-cloud/abra
+[`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik
+cloud/traefik
diff --git a/abra.sh b/abra.sh
new file mode 100644
index 0000000..5c54e9d
--- /dev/null
+++ b/abra.sh
@@ -0,0 +1 @@
+export ENTRYPOINT_CONF_VERSION=v1
diff --git a/compose.yml b/compose.yml
new file mode 100644
index 0000000..3ba9f4a
--- /dev/null
+++ b/compose.yml
@@ -0,0 +1,68 @@
+---
+version: "3.8"
+
+services:
+  app:
+    image: azlux/botamusique
+    networks:
+      - proxy
+    configs:
+      - source: entrypoint_conf
+        target: /docker-entrypoint.sh
+        mode: 0555
+    entrypoint: /docker-entrypoint.sh
+    environment:
+      BAM_CONFIG_file: /config/botamusique.ini
+      BAM_CERTIFICATE: /run/secrets/bam_certificate
+      BAM_MUSIC_DB: /config/music.db
+      BAM_DB: /config/setting.db
+      BAM_MUMBLE_SERVER:
+      BAM_MUMBLE_PASSWORD_FILE: /run/secrets/mumble_password
+      BAM_USER:
+      BAM_MUMBLE_PORT:
+      BAM_CHANNEL:
+      BAM_VERBOSE:
+    volumes:
+      - config:/config
+    secrets:
+      - bam_certificate
+      - mumble_password
+    deploy:
+      restart_policy:
+        condition: on-failure
+      labels:
+        - "traefik.enable=true"
+        - "traefik.http.services.${STACK_NAME}.loadbalancer.server.port=8181"
+        - "traefik.http.routers.${STACK_NAME}.rule=Host(`${DOMAIN}`${EXTRA_DOMAINS})"
+        - "traefik.http.routers.${STACK_NAME}.entrypoints=web-secure"
+        - "traefik.http.routers.${STACK_NAME}.tls.certresolver=${LETS_ENCRYPT_ENV}"
+        ## Redirect from EXTRA_DOMAINS to DOMAIN
+        #- "traefik.http.routers.${STACK_NAME}.middlewares=${STACK_NAME}-redirect"
+        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLForceHost=true"
+        #- "traefik.http.middlewares.${STACK_NAME}-redirect.headers.SSLHost=${DOMAIN}"
+    # healthcheck:
+    #   test: ["CMD", "curl", "-f", "http://localhost"]
+    #   interval: 30s
+    #   timeout: 10s
+    #   retries: 10
+    #   start_period: 1m
+
+networks:
+  proxy:
+    external: true
+
+volumes:
+  config:
+
+configs:
+  entrypoint_conf:
+    name: ${STACK_NAME}_entrypoint_conf_${ENTRYPOINT_CONF_VERSION}
+    file: entrypoint.sh
+
+secrets:
+  bam_certificate:
+    external: true
+    name: ${STACK_NAME}_bam_certificate_${SECRET_BAM_CERTIFICATE_VERSION}
+  mumble_password:
+    external: true
+    name: ${STACK_NAME}_mumble_password_${SECRET_MUMBLE_PASSWORD_VERSION}
diff --git a/entrypoint.sh b/entrypoint.sh
new file mode 100644
index 0000000..d2648cf
--- /dev/null
+++ b/entrypoint.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/env bash
+
+file_env() {
+	# 3wc: Load $VAR_FILE into $VAR - useful for secrets. See
+	# 	https://medium.com/@adrian.gheorghe.dev/using-docker-secrets-in-your-environment-variables-7a0609659aab
+	local var="$1"
+	local fileVar="${var}_FILE"
+	local def="${2:-}"
+
+	if [ "${!var:-}" ] && [ "${!fileVar:-}" ]; then
+		echo >&2 "error: both $var and $fileVar are set (but are exclusive)"
+		exit 1
+	fi
+	local val="$def"
+	if [ "${!var:-}" ]; then
+		val="${!var}"
+	elif [ "${!fileVar:-}" ]; then
+		val="$(< "${!fileVar}")"
+	fi
+	export "$var"="$val"
+	unset "$fileVar"
+}
+
+load_vars() {
+	file_env "BAM_MUMBLE_PASSWORD"
+}
+
+main() {
+	set -eu
+
+	load_vars
+}
+
+main
+
+# 3wc: upstream ENTRYPOINT
+# https://github.com/azlux/botamusique/blob/master/Dockerfile
+/botamusique/entrypoint.sh venv/bin/python mumbleBot.py