2 files changed, 47 insertions, 17 deletions

diff --git a/chaos-at-home/ch-equinox-ws.yml b/chaos-at-home/ch-equinox-ws.yml
index f5cbd4cf..3cabbaeb 100644
--- a/chaos-at-home/ch-equinox-ws.yml
+++ b/chaos-at-home/ch-equinox-ws.yml
@@ -34,3 +34,26 @@
       fstype: nfs4
       opts: nodev,x-systemd.automount,nofail
       state: mounted
+
+  - name: create pulse daemon config directory
+    file:
+      path: /etc/pulse/daemon.conf.d
+      state: directory
+
+  - name: force pulseaudio sample rates to 48kHz (workadournd for Motu M4)
+    copy:
+      content: |
+        resample-method = speex-float-10
+        avoid-resampling = false
+
+        default-sample-format = float32le
+        default-sample-rate = 48000
+        alternate-sample-rate = 48000
+      dest: /etc/pulse/daemon.conf.d/motu-m4.conf
+
+  - name: disable USB Powermanagement for Motu M4
+    copy:
+      content: |
+        ## workaround for spurious audio issues with Motu M4
+        ATTRS{idVendor}=="07fd", ATTRS{idProduct}=="0008", ATTR{power/control}="on", ATTR{power/persist}="0"
+      dest: /etc/udev/rules.d/90-motu-m4-power.rules
diff --git a/chaos-at-home/ch-http-proxy.yml b/chaos-at-home/ch-http-proxy.yml
index 9b731bfb..507e8906 100644
--- a/chaos-at-home/ch-http-proxy.yml
+++ b/chaos-at-home/ch-http-proxy.yml
@@ -111,10 +111,12 @@
         acme: yes
         hostnames:
         - passwd.chaos-at-home.org
-        proxy_pass: "https://{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-auth-legacy']) | ipaddr('address') }}/"
-        proxy_ssl:
-          verify: "on"
-          trusted_certificate: /etc/ssl/whawty-auth-ca/ca.pem
+        locations:
+          '/':
+            proxy_pass: "https://{{ network_zones.svc.prefix | ipaddr(network_zones.svc.offsets['ch-auth-legacy']) | ipaddr('address') }}/"
+            proxy_ssl:
+              verify: "on"
+              trusted_certificate: /etc/ssl/whawty-auth-ca/ca.pem
       acmetool_cert_config:
         request:
           challenge:
@@ -176,13 +178,16 @@
         acme: yes
         hostnames:
         - webmail.chaos-at-home.org
-        client_max_body_size: "200M"
-        proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ipaddr('address') }}/"
-        proxy_ssl:
-          verify: "on"
-          trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem
-          protocols: TLSv1
-          ciphers: "DEFAULT@SECLEVEL=1"
+        locations:
+          '/':
+            proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ipaddr('address') }}/"
+            proxy_ssl:
+              verify: "on"
+              trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem
+              protocols: TLSv1
+              ciphers: "DEFAULT@SECLEVEL=1"
+            extra_directives: |-
+              client_max_body_size 200M;
       acmetool_cert_config:
         request:
           challenge:
@@ -198,12 +203,14 @@
         acme: yes
         hostnames:
         - webdav.chaos-at-home.org
-        proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ipaddr('address') }}/"
-        proxy_ssl:
-          verify: "on"
-          trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem
-          protocols: TLSv1
-          ciphers: "DEFAULT@SECLEVEL=1"
+        locations:
+          '/':
+            proxy_pass: "https://{{ network_zones.lan.prefix | ipaddr(network_zones.lan.offsets['ch-prometheus-legacy']) | ipaddr('address') }}/"
+            proxy_ssl:
+              verify: "on"
+              trusted_certificate: /etc/ssl/prometheus-old-ca/ca.pem
+              protocols: TLSv1
+              ciphers: "DEFAULT@SECLEVEL=1"
       acmetool_cert_config:
         request:
           challenge: