CRITICAL SECURITY FIXES:
- Bind all Docker services to localhost only (127.0.0.1)
- Prevents external access to Liquidsoap telnet (port 1234)
- Prevents direct Icecast access without HAproxy (port 8000)
- Secures PostgreSQL port (5432)
DOCKER CHANGES (docker-compose.yml):
- Icecast: 127.0.0.1:8000:8000 (was 8000:8000)
- Liquidsoap: 127.0.0.1🔢1234 (was 1234:1234)
- PostgreSQL: 127.0.0.1:5432:5432 (was 5432:5432)
- All passwords now use environment variables
CONFIG TEMPLATE:
- Added ICECAST_SOURCE_PASSWORD
- Added ICECAST_RELAY_PASSWORD
- Documented all Docker password variables
Addresses TODO items from b612.asteroid.radio deployment:
- Problem 1: Liquidsoap telnet exposed ✅ FIXED
- Problem 2: Icecast binding to 0.0.0.0 ✅ FIXED
This prevents the security issues that forced Fade to shut down
the production server. Services are now only accessible via
HAproxy on the host machine.
Ref: TODO.org lines 25-27
- Add 5-second crossfades between tracks
- Use ReplayGain for consistent volume (removed normalize())
- Add audio compression to prevent clipping
- Liquidsoap watches playlist file and reloads every 5 seconds
- Fallback to random playback when queue is empty
- Fix playlist to play all tracks in order
✅ CLIP Template System:
- Created template-utils.lisp with centralized rendering
- Template caching for performance
- render-template-with-plist for consistent API
- Proper CLIP attribute processors (data-text)
- Documentation in docs/CLIP-REFACTORING.org
✅ Admin Dashboard Complete:
- System Status: All 4 indicators working (Server, DB, Liquidsoap, Icecast)
- Music Library: Scan, upload, duplicate detection working
- Track Management: Pagination (20/page, configurable 10/20/50/100)
- Player Control: HTML5 audio player with play/pause/stop
- User Management: Moved to separate /admin/users page
✅ User Management:
- New /admin/users route with dedicated page
- Inline user creation form
- User stats dashboard
- Role management (listener/DJ/admin)
- Activate/deactivate users
- API endpoint /api/users/create
- Tested with curl - all working
✅ Live Stream & Now Playing:
- Fixed: Green 🟢 LIVE STREAM indicator (was red)
- Fixed: Stream quality display matches selected stream (AAC/MP3)
- Now Playing updates every 10s from Icecast
- No HTML rendering bugs - working correctly
✅ Track Library:
- Fixed recursive directory scanning bug
- 64 tracks scanned and in database
- Pagination working perfectly
✅ Front Page & Web Player:
- Station Status shows correct stream quality
- Quality selector updates all displays
- Live stream indicators green
- Now Playing working on all pages
All Templates section items complete [4/4] ✅
- Add <changeowner> section to fix 'run as root' error
- Remove complex mount configurations, let Docker handle automatically
- Fix log directory path from /var/log/icecast2/ to /var/log/icecast/
- Update docker-compose.yml to use main icecast.xml instead of minimal version
- Remove temporary minimal-icecast.xml workaround file
All three streams now working with clean main configuration:
- asteroid.aac (96kbps AAC - recommended)
- asteroid.mp3 (128kbps MP3 - compatible)
- asteroid-low.mp3 (64kbps MP3 - low bandwidth)
AAC streaming feature is now production-ready with proper Docker integration.
- Add complete Docker Compose setup with official Liquidsoap image (savonet/liquidsoap:v2.2.5)
- Add Icecast2 streaming server configuration
- Create dual quality streams (128kbps and 64kbps MP3)
- Add comprehensive documentation in Org format
- Add simple start/stop scripts for easy management
- Update .gitignore to exclude music files and Docker artifacts
- Remove old shell scripts (moved to ~/asteroid-scripts/)
- System-agnostic solution works on any Docker-capable system
This provides a complete streaming solution that works consistently across
all platforms, including Arch Linux where Liquidsoap packages may not be available.
glenneth
Luis Pereira