apps/mumble: switch to new official mumble container images

5 files changed, 28 insertions, 43 deletions

diff --git a/roles/apps/mumble/defaults/main.yml b/roles/apps/mumble/defaults/main.yml
index 01f4ef94..627af125 100644
--- a/roles/apps/mumble/defaults/main.yml
+++ b/roles/apps/mumble/defaults/main.yml
@@ -3,7 +3,7 @@ mumble_uid: 910
 mumble_gid: 910
 mumble_base_path: /srv/mumble
 
-# mumble_version: 1.3.4
+# mumble_version: v1.4.274-4
 # mumble_instance: example.com
 # mumble_hostnames:
 #  - mumble.example.com
@@ -16,3 +16,4 @@ mumble_timezone: "Europe/Vienna"
 
 mumble_config_options:
   bonjour: false
+  sslCiphers: "ECDHE+AESGCM:DHE+AESGCM:ECDHE+AES256:DHE+AES256:ECDHE+AES128:DHE+AES128:!RSA:!ADH:!AECDH:!MD5"
diff --git a/roles/apps/mumble/tasks/main.yml b/roles/apps/mumble/tasks/main.yml
index 91932b05..33331dca 100644
--- a/roles/apps/mumble/tasks/main.yml
+++ b/roles/apps/mumble/tasks/main.yml
@@ -11,21 +11,9 @@
     group: mumble
     password: "!"
 
-- name: create mumble config subdirectory
-  file:
-    path: "{{ mumble_base_path }}/{{ mumble_instance }}/config"
-    state: directory
-
-- name: create mumble config
-  template:
-    src: config.ini.j2
-    dest: "{{ mumble_base_path }}/{{ mumble_instance }}/config/config.ini"
-    group: mumble
-    mode: 0640
-
 - name: create mumble ssl subdirectory
   file:
-    path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/ssl"
+    path: "{{ mumble_base_path }}/{{ mumble_instance }}/ssl"
     state: directory
     owner: root
     group: mumble
@@ -33,7 +21,7 @@
 
 - name: generate Diffie-Hellman parameters
   openssl_dhparam:
-    path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/ssl/dhparams.pem"
+    path: "{{ mumble_base_path }}/{{ mumble_instance }}/ssl/dhparams.pem"
     size: "{{ mumble_dhparam_size }}"
     owner: root
     group: mumble
@@ -50,7 +38,7 @@
     dest: "/etc/systemd/system/acmetool.service.d/mumble-{{ mumble_instance }}.conf"
     content: |
       [Service]
-      ReadWritePaths={{ mumble_base_path }}/{{ mumble_instance }}/config/ssl
+      ReadWritePaths={{ mumble_base_path }}/{{ mumble_instance }}/ssl
   register: mumble_acmetool_snippet
 
 - name: reload systemd
@@ -65,9 +53,9 @@
     acmetool_cert_name: "mumble-{{ mumble_instance }}"
     acmetool_cert_hostnames: "{{ mumble_hostnames }}"
 
-- name: create mumble database directory
+- name: create mumble data directory
   file:
-    path: "{{ mumble_base_path }}/{{ mumble_instance }}/db"
+    path: "{{ mumble_base_path }}/{{ mumble_instance }}/data"
     state: directory
     owner: mumble
     group: mumble
@@ -79,9 +67,5 @@
       name: "mumble-{{ mumble_instance }}"
       spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
       mode: "0600"
-      config_hash_items:
-      - path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/config.ini"
-        properties:
-        - checksum
   include_role:
     name: kubernetes/standalone/pod
diff --git a/roles/apps/mumble/templates/acmetool-reload.sh.j2 b/roles/apps/mumble/templates/acmetool-reload.sh.j2
index adef944d..fd9f01ba 100644
--- a/roles/apps/mumble/templates/acmetool-reload.sh.j2
+++ b/roles/apps/mumble/templates/acmetool-reload.sh.j2
@@ -4,7 +4,7 @@ EVENT_NAME="$1"
 [ "$EVENT_NAME" = "live-updated" ] || exit 42
 
 MAIN_HOSTNAME="{{ mumble_hostnames[0] }}"
-SSL_D="{{ mumble_base_path }}/{{ mumble_instance }}/config/ssl"
+SSL_D="{{ mumble_base_path }}/{{ mumble_instance }}/ssl"
 
 while read name; do
   certdir="$ACME_STATE_DIR/live/$name"
diff --git a/roles/apps/mumble/templates/config.ini.j2 b/roles/apps/mumble/templates/config.ini.j2
deleted file mode 100644
index c182492d..00000000
--- a/roles/apps/mumble/templates/config.ini.j2
+++ /dev/null
@@ -1,10 +0,0 @@
-database=/srv/mumble/db/murmur.sqlite
-
-sslCert=/etc/mumble/ssl/cert.pem
-sslKey=/etc/mumble/ssl/privkey.pem
-sslDHParams=/etc/mumble/ssl/dhparams.pem
-sslCiphers="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES128:!RSA:!ADH:!AECDH:!MD5"
-
-{% for opt, value in mumble_config_options.items() %}
-{{ opt }}={{ value }}
-{% endfor %}
diff --git a/roles/apps/mumble/templates/pod-spec.yml.j2 b/roles/apps/mumble/templates/pod-spec.yml.j2
index 5308e72c..7a681b4a 100644
--- a/roles/apps/mumble/templates/pod-spec.yml.j2
+++ b/roles/apps/mumble/templates/pod-spec.yml.j2
@@ -5,27 +5,37 @@ securityContext:
 hostNetwork: true
 containers:
 - name: mumble
-  image: "phlak/mumble:{{ mumble_version }}"
+  image: "mumblevoip/mumble-server:{{ mumble_version }}"
   env:
   - name: TZ
     value: "{{ mumble_timezone }}"
-  - name: SUPERUSER_PASSWORD
+  - name: MUMBLE_SUPERUSER_PASSWORD
     value: "{{ mumble_superuser_password }}"
+  - name: MUMBLE_CONFIG_SSLCERT
+    value: "/etc/mumble/ssl/cert.pem"
+  - name: MUMBLE_CONFIG_SSLKEY
+    value: "/etc/mumble/ssl/privkey.pem"
+  - name: MUMBLE_CONFIG_SSLDHPARAMS
+    value: "/etc/mumble/ssl/dhparams.pem"
+{% for opt, value in mumble_config_options.items() %}
+  - name: MUMBLE_CONFIG_{{ opt | upper }}
+    value: "{{ value }}"
+{% endfor %}
   resources:
     limits:
       memory: "512Mi"
   volumeMounts:
-  - name: config
-    mountPath: /etc/mumble
+  - name: ssl
+    mountPath: /etc/mumble/ssl
     readOnly: true
-  - name: db
-    mountPath: /srv/mumble/db
+  - name: data
+    mountPath: /data
 volumes:
-- name: config
+- name: ssl
   hostPath:
-    path: "{{ mumble_base_path }}/{{ mumble_instance }}/config"
+    path: "{{ mumble_base_path }}/{{ mumble_instance }}/ssl"
     type: Directory
-- name: db
+- name: data
   hostPath:
-    path: "{{ mumble_base_path }}/{{ mumble_instance }}/db"
+    path: "{{ mumble_base_path }}/{{ mumble_instance }}/data"
     type: Directory