summaryrefslogtreecommitdiff
path: root/roles/apps/mumble/tasks/main.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/apps/mumble/tasks/main.yml')
-rw-r--r--roles/apps/mumble/tasks/main.yml87
1 files changed, 87 insertions, 0 deletions
diff --git a/roles/apps/mumble/tasks/main.yml b/roles/apps/mumble/tasks/main.yml
new file mode 100644
index 00000000..0e16e54b
--- /dev/null
+++ b/roles/apps/mumble/tasks/main.yml
@@ -0,0 +1,87 @@
+---
+- name: add group for mumble
+ group:
+ name: mumble
+ gid: "{{ mumble_gid }}"
+
+- name: add user for mumble
+ user:
+ name: mumble
+ uid: "{{ mumble_uid }}"
+ group: mumble
+ password: "!"
+
+- name: create mumble config subdirectory
+ file:
+ path: "{{ mumble_base_path }}/{{ mumble_instance }}/config"
+ state: directory
+
+- name: create mumble config
+ template:
+ src: config.ini.j2
+ dest: "{{ mumble_base_path }}/{{ mumble_instance }}/config/config.ini"
+ group: mumble
+ mode: 0640
+
+- name: create mumble ssl subdirectory
+ file:
+ path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/ssl"
+ state: directory
+ owner: root
+ group: mumble
+ mode: 0750
+
+- name: generate Diffie-Hellman parameters
+ openssl_dhparam:
+ path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/ssl/dhparams.pem"
+ size: "{{ mumble_dhparam_size }}"
+ owner: root
+ group: mumble
+ mode: 0644
+
+- name: install acmetool hook script
+ template:
+ src: acmetool-reload.sh.j2
+ dest: "/etc/acme/hooks/mumble-{{ mumble_instance }}"
+ mode: 0755
+
+- name: install acmetool systemd unit snippet
+ copy:
+ dest: "/etc/systemd/system/acmetool.service.d/mumble-{{ mumble_instance }}.conf"
+ content: |
+ [Service]
+ ReadWritePaths={{ mumble_base_path }}/{{ mumble_instance }}/config/ssl
+ register: mumble_acmetool_snippet
+
+- name: reload systemd
+ when: mumble_acmetool_snippet is changed
+ systemd:
+ daemon_reload: yes
+
+- name: get certificate using acmetool
+ import_role:
+ name: acmetool/cert
+ vars:
+ acmetool_cert_name: "mumble-{{ mumble_instance }}"
+ acmetool_cert_hostnames: "{{ mumble_hostnames }}"
+
+- name: create mumble database directory
+ file:
+ path: "{{ mumble_base_path }}/{{ mumble_instance }}/db"
+ state: directory
+ owner: mumble
+ group: mumble
+ mode: 0750
+
+- name: install pod manifest
+ vars:
+ kubernetes_standalone_pod:
+ name: "mumble-{{ mumble_instance }}"
+ spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
+ mode: "0600"
+ config_hash_items:
+ - path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/config.ini"
+ properties:
+ - checksum
+ include_role:
+ name: kubernetes/standalone/pod
generated by cgit v1.2.3 (git 2.39.1) at 2024-07-17 12:49:25 +0000