summaryrefslogtreecommitdiff
path: root/roles/apps
diff options
context:
space:
mode:
authorChristian Pointner <equinox@spreadspace.org>2023-03-11 18:35:20 +0100
committerChristian Pointner <equinox@spreadspace.org>2023-03-11 18:35:20 +0100
commit23f2f39c58ae2092ff192294b62a4c9119c45f89 (patch)
tree0b6990d8509b912a42800c56fcbf60b745a5ed78 /roles/apps
parentworkstations: some minet tweaks and remove unattended-upgrades (diff)
apps/mumble: switch to new official mumble container images
Diffstat (limited to 'roles/apps')
-rw-r--r--roles/apps/mumble/defaults/main.yml3
-rw-r--r--roles/apps/mumble/tasks/main.yml26
-rw-r--r--roles/apps/mumble/templates/acmetool-reload.sh.j22
-rw-r--r--roles/apps/mumble/templates/config.ini.j210
-rw-r--r--roles/apps/mumble/templates/pod-spec.yml.j230
5 files changed, 28 insertions, 43 deletions
diff --git a/roles/apps/mumble/defaults/main.yml b/roles/apps/mumble/defaults/main.yml
index 01f4ef94..627af125 100644
--- a/roles/apps/mumble/defaults/main.yml
+++ b/roles/apps/mumble/defaults/main.yml
@@ -3,7 +3,7 @@ mumble_uid: 910
mumble_gid: 910
mumble_base_path: /srv/mumble
-# mumble_version: 1.3.4
+# mumble_version: v1.4.274-4
# mumble_instance: example.com
# mumble_hostnames:
# - mumble.example.com
@@ -16,3 +16,4 @@ mumble_timezone: "Europe/Vienna"
mumble_config_options:
bonjour: false
+ sslCiphers: "ECDHE+AESGCM:DHE+AESGCM:ECDHE+AES256:DHE+AES256:ECDHE+AES128:DHE+AES128:!RSA:!ADH:!AECDH:!MD5"
diff --git a/roles/apps/mumble/tasks/main.yml b/roles/apps/mumble/tasks/main.yml
index 91932b05..33331dca 100644
--- a/roles/apps/mumble/tasks/main.yml
+++ b/roles/apps/mumble/tasks/main.yml
@@ -11,21 +11,9 @@
group: mumble
password: "!"
-- name: create mumble config subdirectory
- file:
- path: "{{ mumble_base_path }}/{{ mumble_instance }}/config"
- state: directory
-
-- name: create mumble config
- template:
- src: config.ini.j2
- dest: "{{ mumble_base_path }}/{{ mumble_instance }}/config/config.ini"
- group: mumble
- mode: 0640
-
- name: create mumble ssl subdirectory
file:
- path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/ssl"
+ path: "{{ mumble_base_path }}/{{ mumble_instance }}/ssl"
state: directory
owner: root
group: mumble
@@ -33,7 +21,7 @@
- name: generate Diffie-Hellman parameters
openssl_dhparam:
- path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/ssl/dhparams.pem"
+ path: "{{ mumble_base_path }}/{{ mumble_instance }}/ssl/dhparams.pem"
size: "{{ mumble_dhparam_size }}"
owner: root
group: mumble
@@ -50,7 +38,7 @@
dest: "/etc/systemd/system/acmetool.service.d/mumble-{{ mumble_instance }}.conf"
content: |
[Service]
- ReadWritePaths={{ mumble_base_path }}/{{ mumble_instance }}/config/ssl
+ ReadWritePaths={{ mumble_base_path }}/{{ mumble_instance }}/ssl
register: mumble_acmetool_snippet
- name: reload systemd
@@ -65,9 +53,9 @@
acmetool_cert_name: "mumble-{{ mumble_instance }}"
acmetool_cert_hostnames: "{{ mumble_hostnames }}"
-- name: create mumble database directory
+- name: create mumble data directory
file:
- path: "{{ mumble_base_path }}/{{ mumble_instance }}/db"
+ path: "{{ mumble_base_path }}/{{ mumble_instance }}/data"
state: directory
owner: mumble
group: mumble
@@ -79,9 +67,5 @@
name: "mumble-{{ mumble_instance }}"
spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
mode: "0600"
- config_hash_items:
- - path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/config.ini"
- properties:
- - checksum
include_role:
name: kubernetes/standalone/pod
diff --git a/roles/apps/mumble/templates/acmetool-reload.sh.j2 b/roles/apps/mumble/templates/acmetool-reload.sh.j2
index adef944d..fd9f01ba 100644
--- a/roles/apps/mumble/templates/acmetool-reload.sh.j2
+++ b/roles/apps/mumble/templates/acmetool-reload.sh.j2
@@ -4,7 +4,7 @@ EVENT_NAME="$1"
[ "$EVENT_NAME" = "live-updated" ] || exit 42
MAIN_HOSTNAME="{{ mumble_hostnames[0] }}"
-SSL_D="{{ mumble_base_path }}/{{ mumble_instance }}/config/ssl"
+SSL_D="{{ mumble_base_path }}/{{ mumble_instance }}/ssl"
while read name; do
certdir="$ACME_STATE_DIR/live/$name"
diff --git a/roles/apps/mumble/templates/config.ini.j2 b/roles/apps/mumble/templates/config.ini.j2
deleted file mode 100644
index c182492d..00000000
--- a/roles/apps/mumble/templates/config.ini.j2
+++ /dev/null
@@ -1,10 +0,0 @@
-database=/srv/mumble/db/murmur.sqlite
-
-sslCert=/etc/mumble/ssl/cert.pem
-sslKey=/etc/mumble/ssl/privkey.pem
-sslDHParams=/etc/mumble/ssl/dhparams.pem
-sslCiphers="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES128:!RSA:!ADH:!AECDH:!MD5"
-
-{% for opt, value in mumble_config_options.items() %}
-{{ opt }}={{ value }}
-{% endfor %}
diff --git a/roles/apps/mumble/templates/pod-spec.yml.j2 b/roles/apps/mumble/templates/pod-spec.yml.j2
index 5308e72c..7a681b4a 100644
--- a/roles/apps/mumble/templates/pod-spec.yml.j2
+++ b/roles/apps/mumble/templates/pod-spec.yml.j2
@@ -5,27 +5,37 @@ securityContext:
hostNetwork: true
containers:
- name: mumble
- image: "phlak/mumble:{{ mumble_version }}"
+ image: "mumblevoip/mumble-server:{{ mumble_version }}"
env:
- name: TZ
value: "{{ mumble_timezone }}"
- - name: SUPERUSER_PASSWORD
+ - name: MUMBLE_SUPERUSER_PASSWORD
value: "{{ mumble_superuser_password }}"
+ - name: MUMBLE_CONFIG_SSLCERT
+ value: "/etc/mumble/ssl/cert.pem"
+ - name: MUMBLE_CONFIG_SSLKEY
+ value: "/etc/mumble/ssl/privkey.pem"
+ - name: MUMBLE_CONFIG_SSLDHPARAMS
+ value: "/etc/mumble/ssl/dhparams.pem"
+{% for opt, value in mumble_config_options.items() %}
+ - name: MUMBLE_CONFIG_{{ opt | upper }}
+ value: "{{ value }}"
+{% endfor %}
resources:
limits:
memory: "512Mi"
volumeMounts:
- - name: config
- mountPath: /etc/mumble
+ - name: ssl
+ mountPath: /etc/mumble/ssl
readOnly: true
- - name: db
- mountPath: /srv/mumble/db
+ - name: data
+ mountPath: /data
volumes:
-- name: config
+- name: ssl
hostPath:
- path: "{{ mumble_base_path }}/{{ mumble_instance }}/config"
+ path: "{{ mumble_base_path }}/{{ mumble_instance }}/ssl"
type: Directory
-- name: db
+- name: data
hostPath:
- path: "{{ mumble_base_path }}/{{ mumble_instance }}/db"
+ path: "{{ mumble_base_path }}/{{ mumble_instance }}/data"
type: Directory