diff --git a/Dockerfile b/Dockerfile
index 8dad183a1c8c5b8b5ecbc0a2358f6b73a166f105..c828e8f59178d8e618d179c61c7bf1a65f128266 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -1,5 +1,5 @@
FROM debian
RUN useradd -ms /bin/bash icecast2
-RUN apt update -y && apt install -y icecast2 darkice
+RUN apt update -y && apt install -y icecast2 darkice pulseaudio-utils
RUN usermod -G icecast -a icecast2
diff --git a/README.md b/README.md
index 031cb7b028fe6961b398d12567ba0c32855129a9..0e1d51f524bf698128c08bb0572f0a41b8580c8f 100644
--- a/README.md
+++ b/README.md
@@ -1,2 +1,17 @@
# Darkice Docker
+A container stack for running Icecast with Darkice.
+
+## Running
+
+- Configuration assumes that current UID is 1000.
+- This may trigger SELinux on Fedora systems. You'll need to add an exception.
+ - `checkmodule -M -m -o darkice-docker.mod darkice-docker.te`
+ - `semodule_package -o darkice-docker.pp -m darkice-docker.mod`
+ - `semodule -i darkice-docker.pp`
+- Modify `darkice.cfg` to point to the appropriate source.
+- Use `pactl list sources` to view available sources.
+
+```
+podman-compose up
+```
\ No newline at end of file
diff --git a/darkice-docker.te b/darkice-docker.te
new file mode 100644
index 0000000000000000000000000000000000000000..d1d6b2dc0b3dce5de5bb4767a3b293e2f319f9e9
--- /dev/null
+++ b/darkice-docker.te
@@ -0,0 +1,11 @@
+
+module darkice-docker 1.0;
+
+require {
+ type container_t;
+ type unconfined_t;
+ class unix_stream_socket connectto;
+}
+
+#============= container_t ==============
+allow container_t unconfined_t:unix_stream_socket connectto;
diff --git a/darkice.cfg b/darkice.cfg
index 7542efbccde717cfe1b18a20f28eb9890b314dc0..f10c2b29880cf361cb44e352745d72f1d0a28bf3 100644
--- a/darkice.cfg
+++ b/darkice.cfg
@@ -11,6 +11,7 @@ sampleRate = 44100
bitsPerSample = 16
channel = 2
paSourceName = alsa_input.pci-0000_00_1f.3.analog-stereo
+#paSourceName = alsa_output.pci-0000_00_1f.3.analog-stereo.monitor
[icecast2-0]
bitrateMode = vbr
@@ -18,6 +19,6 @@ format = mp3
quality = 0.8
server = localhost
port = 8000
-password = <pwd>
+password = hackme
mountPoint = sonos
name = sonos
diff --git a/docker-compose.yml b/docker-compose.yml
index d8fd225a011e347392cfba65d93830259a5155ad..8873a92f5de284b066fbe2a5fc7eb23d44f5f681 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -4,13 +4,16 @@ services:
build: .
command: icecast2 -c /etc/icecast2/icecast.xml
user: icecast2
+ ports:
+ - "8000:8000"
darkice:
build: .
depends_on:
- icecast2
+ environment:
+ PULSE_SERVER: unix:/run/user/0/pulse/native
command: darkice
- user: icecast2
volumes:
- ./darkice.cfg:/etc/darkice.cfg:z
- - /run/user/1000/pulse:/run/user/1000/pulse
+ - /run/user/1000/pulse:/run/user/0/pulse:z
diff --git a/icecast.xml b/icecast.xml
index a2ff0940145c5a6a0e98f5cc1826b61568e29ebd..7a9e7fbbc5b0f9cfc880ef5eda4d381ef5e2b4b6 100644
--- a/icecast.xml
+++ b/icecast.xml
@@ -1,5 +1,344 @@
-<limits>
- <burst-on-connect>0</burst-on-connect>
- <burst-size>0</burst-size>
-</limits>
+<icecast>
+ <!-- IMPORTANT!
+ Especially for inexperienced users:
+ Start out by ONLY changing all passwords and restarting Icecast.
+ For detailed setup instructions please refer to the documentation.
+ It's also available here: http://icecast.org/docs/
+ -->
+ <!-- location and admin are two strings that are e.g. visible
+ on the server info page of the icecast web interface -->
+ <location>Earth</location>
+ <!-- If you are listing streams on a YP, this MUST be a working email! -->
+ <admin>icemaster@localhost</admin>
+ <!-- This is the hostname other people will use to connect to your server.
+ It affects mainly the urls generated by Icecast for playlists and YP
+ listings. You MUST configure it properly for YP listings to work!
+ This is NOT your homepage address, it's the hostname for THIS server.
+ -->
+ <hostname>localhost</hostname>
+
+ <limits>
+ <!-- Global maximum number of clients.
+ This includes all kinds of clients, not only listeners.
+ -->
+ <clients>100</clients>
+ <sources>2</sources>
+ <queue-size>524288</queue-size>
+ <client-timeout>30</client-timeout>
+ <header-timeout>15</header-timeout>
+ <source-timeout>10</source-timeout>
+ <!-- This sets the burst size in [bytes]. This is the amount the
+ the server sends to a listener that connects to a stream.
+ This allows for a significantly reducing in startup time.
+ Most people won't need to change from the default 64k.
+ Applies to all mountpoints.
+ -->
+ <burst-size>65535</burst-size>
+ </limits>
+
+ <authentication>
+ <!-- Sources log in with username 'source' -->
+ <source-password>hackme</source-password>
+ <!-- Relays log in with username 'relay' -->
+ <relay-password>hackme</relay-password>
+
+ <!-- Admin logs in with the username given below -->
+ <admin-user>admin</admin-user>
+ <admin-password>hackme</admin-password>
+ </authentication>
+
+ <!-- set the mountpoint for a shoutcast source to use, the default if not
+ specified is to have none.
+ <shoutcast-mount>/live.nsv</shoutcast-mount>
+ -->
+
+ <!-- Uncommenting this enables publishing to the streaming directory at:
+ http://dir.xiph.org/
+ Please read the Icecast documentation about publishing to directories
+ very carefully, as it is not enough to just uncomment this.
+ -->
+ <!--
+ <directory>
+ <yp-url-timeout>15</yp-url-timeout>
+ <yp-url>http://dir.xiph.org/cgi-bin/yp-cgi</yp-url>
+ </directory>
+ -->
+
+ <!-- You may have multiple <listen-socket> elements -->
+ <listen-socket>
+ <port>8000</port>
+ <!-- <bind-address>127.0.0.1</bind-address> -->
+ <!-- <shoutcast-mount>/stream</shoutcast-mount> -->
+ </listen-socket>
+ <!--
+ <listen-socket>
+ <port>8080</port>
+ </listen-socket>
+ -->
+ <!--
+ <listen-socket>
+ <port>8443</port>
+ <tls>auto_no_plain</tls>
+ </listen-socket>
+ -->
+
+
+ <!-- Global header settings
+ Headers defined here will be returned for every HTTP request to Icecast.
+
+ The ACAO header makes Icecast public content/API by default
+ This will make streams easier embeddable (some HTML5 functionality needs it).
+ Also it allows direct access to e.g. /status-json.xsl from other sites.
+ If you don't want this, comment out the following line or read up on CORS.
+ -->
+ <http-headers>
+ <header type="cors" name="Access-Control-Allow-Origin" />
+ </http-headers>
+
+
+ <!-- Relaying
+ You don't need this if you only have one server.
+ Please refer to the documentation for a detailed explanation.
+ -->
+ <!--
+ <master-server>127.0.0.1</master-server>
+ <master-server-port>8001</master-server-port>
+ <master-update-interval>120</master-update-interval>
+ <master-password>hackme</master-password>
+ -->
+
+ <!-- Setting this makes all relays on-demand unless overridden, this is
+ useful for master relays which do not have <relay> definitions here.
+ The default is false -->
+ <!--<relays-on-demand>true</relays-on-demand>-->
+
+ <!-- Basic relay with one upstream server -->
+ <!--
+ <relay>
+ <local-mount>/different.ogg</local-mount>
+ <on-demand>false</on-demand>
+
+ <upstream type="normal">
+ <server>127.0.0.1</server>
+ <port>8080</port>
+ <mount>/example.ogg</mount>
+ <relay-shoutcast-metadata>false</relay-shoutcast-metadata>
+ </upstream>
+ </relay>
+ -->
+
+ <!-- Relay with multiple upstream servers and default settings -->
+ <!--
+ <relay>
+ <local-mount>/different.ogg</local-mount>
+ <on-demand>false</on-demand>
+
+ <upstream type="normal">
+ <server>master0.example.org</server>
+ </upstream>
+ <upstream type="normal">
+ <server>master1.example.org</server>
+ </upstream>
+ <upstream type="normal">
+ <server>master2.example.org</server>
+ <port>8080</port>
+ </upstream>
+ <upstream type="default">
+ <port>8000</port>
+ <mount>/example.ogg</mount>
+ </upstream>
+ </relay>
+ -->
+
+ <!-- Mountpoints
+ Only define <mount> sections if you want to use advanced options,
+ like alternative usernames or passwords
+ All <mount> sections below are disabled by default,
+ to activate them remove the comment markers around them and reload.
+ -->
+
+ <!-- Default settings for all mounts that don't have a specific <mount type="normal">.
+ -->
+ <!--
+ <mount type="default">
+ <public>false</public>
+ <intro>/server-wide-intro.ogg</intro>
+ <max-listener-duration>3600</max-listener-duration>
+ <authentication>
+ <role type="url" match-method="source,put" allow-web="*" allow-admin="*">
+ <option name="client_add" value="http://auth.example.org/stream_start.php"/>
+ </role>
+ <role type="anonymous" match-method="source,put" deny-all="*" />
+ </authentication>
+ <http-headers>
+ <header name="foo" value="bar" />
+ </http-headers>
+ </mount>
+ -->
+
+ <!-- Normal mounts -->
+ <!--
+ <mount type="normal">
+ <mount-name>/example-complex.ogg</mount-name>
+
+ <max-listeners>1</max-listeners>
+ <dump-file>/tmp/dump-example1.ogg</dump-file>
+ <burst-size>65536</burst-size>
+ <fallback-mount>/example2.ogg</fallback-mount>
+ <fallback-override>true</fallback-override>
+ <fallback-when-full>true</fallback-when-full>
+ <intro>/example_intro.ogg</intro>
+ <hidden>true</hidden>
+ <public>true</public>
+ <authentication>
+ <role type="htpasswd" connections-per-user="1">
+ <option name="filename" value="myauth" />
+ </role>
+ <role type="static" allow-method="source,put,get,post,options" deny-web="*" allow-admin="*">
+ <option name="username" value="othersource" />
+ <option name="passwod" value="hackmemore" />
+ </role>
+ <role type="anonymous" deny-all="*" />
+ </authentication>
+ <http-headers>
+ <header type="cors" name="Access-Control-Allow-Origin" value="http://webplayer.example.org" />
+ <header name="baz" value="quux" />
+ </http-headers>
+
+ <event-bindings>
+ <event type="exec" trigger="source-connect">
+ <option name="executable" value="/home/icecast/bin/stream-start" />
+ </event>
+ <event type="exec" trigger="source-disconnect">
+ <option name="executable" value="/home/icecast/bin/stream-stop" />
+ </event>
+ </event-bindings>
+ </mount>
+ -->
+
+ <!--
+ <mount type="normal">
+ <mount-name>/auth_example.ogg</mount-name>
+ <authentication>
+ <role type="url" match-method="get,post,head,options" allow-web="*" deny-admin="*" may-alter="send_error,redirect">
+ <option name="client_add" value="http://myauthserver.net/notify_listener.php"/>
+ <option name="client_remove" value="http://myauthserver.net/notify_listener.php"/>
+ <option name="action_add" value="listener_add"/>
+ <option name="action_remove" value="listener_remove"/>
+ <option name="headers" value="x-pragma,x-token"/>
+ <option name="header_prefix" value="ClientHeader."/>
+ </role>
+ <role type="anonymous" match-method="get,post,head,options" deny-all="*" />
+ </authentication>
+ <event-bindings>
+ <event type="url" trigger="source-connect">
+ <option name="url" value="http://myauthserver.net/notify_mount.php" />
+ <option name="action" value="mount_add" />
+ </event>
+ <event type="url" trigger="source-disconnect">
+ <option name="url" value="http://myauthserver.net/notify_mount.php" />
+ <option name="action" value="mount_remove" />
+ </event>
+ </event-bindings>
+ </mount>
+ -->
+
+ <!-- Relays can also go into a <mount type="normal"> section -->
+ <!--
+ <mount type="normal">
+ <mount-name>/relay_example.ogg</mount-name>
+ <relay>
+ <upstream type="normal">
+ <server>master0.example.org</server>
+ <port>8000</port>
+ <mount>/example.ogg</mount>
+ </upstream>
+ </relay>
+ </mount>
+ -->
+
+ <paths>
+ <!-- basedir is only used if chroot is enabled -->
+ <basedir>@pkgdatadir@</basedir>
+
+ <!-- Note that if <chroot> is turned on below, these paths must all
+ be relative to the new root, not the original root -->
+ <logdir>@localstatedir@/log/@PACKAGE@</logdir>
+ <webroot>@pkgdatadir@/web</webroot>
+ <adminroot>@pkgdatadir@/admin</adminroot>
+ <reportxmldb>@pkgdatadir@/report-db.xml</reportxmldb>
+ <!-- <pidfile>@pkgdatadir@/icecast.pid</pidfile> -->
+
+ <!-- Aliases: treat requests for 'source' path as being for 'dest' path
+ May be made specific to a port or bound address using the "port"
+ and "bind-address" attributes.
+ -->
+ <!--
+ <alias source="/foo" destination="/bar"/>
+ -->
+ <!-- Aliases: can also be used for simple redirections as well,
+ this example will redirect all requests for http://server:port/ to
+ the status page
+ -->
+ <alias source="/" destination="/status.xsl"/>
+ <!-- The certificate file needs to contain both public and private part.
+ Both should be PEM encoded.
+ <tls-certificate>@pkgdatadir@/icecast.pem</tls-certificate>
+ -->
+ </paths>
+
+ <logging>
+ <accesslog>access.log</accesslog>
+ <errorlog>error.log</errorlog>
+ <!-- <playlistlog>playlist.log</playlistlog> -->
+ <loglevel>information</loglevel> <!-- "debug", "information", "warning", or "error" -->
+ <logsize>10000</logsize> <!-- Max size of a logfile -->
+ <!-- If logarchive is enabled (1), then when logsize is reached
+ the logfile will be moved to [error|access|playlist].log.DATESTAMP,
+ otherwise it will be moved to [error|access|playlist].log.old.
+ Default is non-archive mode (i.e. overwrite)
+ -->
+ <!-- <logarchive>true</logarchive> -->
+ </logging>
+
+ <security>
+ <chroot>false</chroot>
+ <!--
+ <changeowner>
+ <user>nobody</user>
+ <group>nogroup</group>
+ </changeowner>
+ -->
+
+ <!-- It is generally helpful to set a PRNG seed, what seed to set depends on your OS. -->
+ <!-- Useful on all operating systems is a seed file for Icecast to update.
+ This should be at some location that is (semi-)permanent such as /var/lib or /var/cache
+ A size of 1024 [byte] is suggested.
+ The file can be shared with trusted applications (other instances of Icecast).
+ But should be protected against read and write access by untrusted applications.
+ <prng-seed type="read-write" size="1024">/path/to/storage/icecast.prng-seed</prng-seed>
+ -->
+ <!-- A profile includes common sources of entropy therefore provides a good way to
+ seed the PRNG.
+ Currently defined profiles are: bsd, linux.
+ The bsd profile expects /dev/urandom to be readable.
+ The linux profile includes the bsd profile but adds linux specific interfaces (such as /proc).
+ <prng-seed type="profile">linux</prng-seed>
+ -->
+ <!-- If your OS provides a urandom style device and there is no profile for your OS you can
+ provide a custom device name.
+ The size parameter defines how many bytes are read per (re)seeding. The optimal setting
+ depends on the quality of your device, a general good default is 32 [byte].
+ <prng-seed type="device" size="32">/dev/urandom</prng-seed>
+ -->
+ <!-- If none of above is available on your OS you can add a static seed.
+ This is by far not as secure as the above.
+ The value should be at least 64 characters long if from [a-zA-Z0-9].
+ You MUST keep this parameter secret. It MUST NOT be shared with other instances.
+ You SHOULD change this parameter often.
+ <prng-seed type="static">U4V5etZF...</prng-seed>
+ -->
+
+ </security>
+</icecast>