diff options
author | Christian Pointner <equinox@spreadspace.org> | 2021-03-21 15:55:10 +0100 |
---|---|---|
committer | Christian Pointner <equinox@spreadspace.org> | 2021-03-21 15:55:10 +0100 |
commit | 891c7dc3cd11bd3e8a11ed19672bb057787d36c2 (patch) | |
tree | 9f7b43b1421c9f3e71aa718c036c309fcd3ff4c5 /roles/apps/mumble/tasks/main.yml | |
parent | add some ssh keys for linuxtage (diff) |
add mumble to glt-coturn
Diffstat (limited to 'roles/apps/mumble/tasks/main.yml')
-rw-r--r-- | roles/apps/mumble/tasks/main.yml | 87 |
1 files changed, 87 insertions, 0 deletions
diff --git a/roles/apps/mumble/tasks/main.yml b/roles/apps/mumble/tasks/main.yml new file mode 100644 index 00000000..0e16e54b --- /dev/null +++ b/roles/apps/mumble/tasks/main.yml @@ -0,0 +1,87 @@ +--- +- name: add group for mumble + group: + name: mumble + gid: "{{ mumble_gid }}" + +- name: add user for mumble + user: + name: mumble + uid: "{{ mumble_uid }}" + group: mumble + password: "!" + +- name: create mumble config subdirectory + file: + path: "{{ mumble_base_path }}/{{ mumble_instance }}/config" + state: directory + +- name: create mumble config + template: + src: config.ini.j2 + dest: "{{ mumble_base_path }}/{{ mumble_instance }}/config/config.ini" + group: mumble + mode: 0640 + +- name: create mumble ssl subdirectory + file: + path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/ssl" + state: directory + owner: root + group: mumble + mode: 0750 + +- name: generate Diffie-Hellman parameters + openssl_dhparam: + path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/ssl/dhparams.pem" + size: "{{ mumble_dhparam_size }}" + owner: root + group: mumble + mode: 0644 + +- name: install acmetool hook script + template: + src: acmetool-reload.sh.j2 + dest: "/etc/acme/hooks/mumble-{{ mumble_instance }}" + mode: 0755 + +- name: install acmetool systemd unit snippet + copy: + dest: "/etc/systemd/system/acmetool.service.d/mumble-{{ mumble_instance }}.conf" + content: | + [Service] + ReadWritePaths={{ mumble_base_path }}/{{ mumble_instance }}/config/ssl + register: mumble_acmetool_snippet + +- name: reload systemd + when: mumble_acmetool_snippet is changed + systemd: + daemon_reload: yes + +- name: get certificate using acmetool + import_role: + name: acmetool/cert + vars: + acmetool_cert_name: "mumble-{{ mumble_instance }}" + acmetool_cert_hostnames: "{{ mumble_hostnames }}" + +- name: create mumble database directory + file: + path: "{{ mumble_base_path }}/{{ mumble_instance }}/db" + state: directory + owner: mumble + group: mumble + mode: 0750 + +- name: install pod manifest + vars: + kubernetes_standalone_pod: + name: "mumble-{{ mumble_instance }}" + spec: "{{ lookup('template', 'pod-spec.yml.j2') }}" + mode: "0600" + config_hash_items: + - path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/config.ini" + properties: + - checksum + include_role: + name: kubernetes/standalone/pod |