mirror of
https://github.com/migatu/conjurer.git
synced 2026-07-14 21:38:38 +00:00
split: betoniarka (radio operator) colocated with liquidsoap; musician goes Discord-only
Permissions post-mortem that motivated this: the musician wrote radio playlists AS ROOT onto a ROOT-OWNED network share which liquidsoap then read AS USER 'radio' - chown fails on such shares by design (root squash / uid mapping), so the radio came up and died on the playlists. The fix is structural: the playlist WRITER now lives in the same container as the READER, as the same user, on a local volume. No shared partition, no chown, no uid mapping. New: conjurer_betoniarka/betoniarka.py - runs inside the radio container (started by the entrypoint as user 'radio', port 5005): - library scan -> all_playlist/hit playlists with LOCAL container paths (start + every 24h + authenticated GET /rescan) - bot-facing radio API moved from the musician: /add_to_priority, /create_priority_playlist, /request_radio_file, /clear_pr_pls, plus GET /ping (health) and /stream (web page) - radio_log/persistence tailer forwarding play events to the bot's /prepped_tracks with the shared API key (bot-unreachable = logged, not fatal) Musician: pure Discord music player now - keeps /mp3, /update_mp3, /get_music and the file-share endpoints; all radio playlist writing, radio paths/env and the tailer removed. Bot: new CONJURER_RADIO_SERVICE (defaults to CONJURER_FILE_SERVICE so un-split deployments keep working); radio_commands targets it; separate 'radio' health-gate group on betoniarka /ping (musician group now covers music_commands + file_search_commands only). Docker: betoniarka baked into the radio image (python3 + flask/waitress/ requests from Debian debs), port 5005 exposed, entrypoint starts it via setpriv as 'radio'; data-volume chown is now best-effort with a loud warning (keep the volume local); docs get the post-mortem + wiring. Verified: py_compile everything; functional stub tests - rescan writes local-path playlists, wyszukaj scores and appends to priority, auth 401/ok, tailer forward carries the API key. Co-Authored-By: Claude Opus 4.8 <noreply@anthropic.com>
This commit is contained in:
@@ -91,13 +91,23 @@ esac
|
||||
|
||||
# Liquidsoap refuses to run as root (init: security exit), so hand the data
|
||||
# volume to the dedicated 'radio' user and drop privileges for the main
|
||||
# process. The script parses the icecast secret directly, so make that one
|
||||
# file group-readable for 'radio' (kept 640, root-owned).
|
||||
chown -R radio:radio "$DATA"
|
||||
# process. chown is best-effort: on local volumes it always works (the
|
||||
# supported layout); network filesystems with root-squash reject it, hence
|
||||
# the warning instead of a fatal abort.
|
||||
chown -R radio:radio "$DATA" 2>/dev/null \
|
||||
|| echo "WARNING: chown of $DATA failed (network FS?) - keep this volume LOCAL to the radio VM" >&2
|
||||
chgrp radio "$CREDS" 2>/dev/null && chmod 640 "$CREDS" || true
|
||||
if ! setpriv --reuid radio --regid radio --init-groups -- test -r "$MUSIC"; then
|
||||
echo "WARNING: music dir $MUSIC is not readable by the 'radio' user" >&2
|
||||
fi
|
||||
|
||||
# Betoniarka: the radio-operator API + radio-log forwarder, running as the
|
||||
# SAME user as liquidsoap on the SAME volume - this is what makes the old
|
||||
# musician-writes-as-root-over-network-share permission mess go away.
|
||||
BETONIARKA_DATA="$DATA" BETONIARKA_MUSIC="$MUSIC" \
|
||||
setpriv --reuid radio --regid radio --init-groups -- \
|
||||
python3 /app/betoniarka.py &
|
||||
echo "betoniarka started (pid $!)"
|
||||
|
||||
cd "$DATA"
|
||||
exec setpriv --reuid radio --regid radio --init-groups -- "$@"
|
||||
|
||||
Reference in New Issue
Block a user