diff options
Diffstat (limited to 'roles/apps/mumble/templates')
-rw-r--r-- | roles/apps/mumble/templates/acmetool-reload.sh.j2 | 31 | ||||
-rw-r--r-- | roles/apps/mumble/templates/config.ini.j2 | 10 | ||||
-rw-r--r-- | roles/apps/mumble/templates/pod-spec.yml.j2 | 31 |
3 files changed, 72 insertions, 0 deletions
diff --git a/roles/apps/mumble/templates/acmetool-reload.sh.j2 b/roles/apps/mumble/templates/acmetool-reload.sh.j2 new file mode 100644 index 00000000..e3b8dbb7 --- /dev/null +++ b/roles/apps/mumble/templates/acmetool-reload.sh.j2 @@ -0,0 +1,31 @@ +#!/bin/sh +set -e +EVENT_NAME="$1" +[ "$EVENT_NAME" = "live-updated" ] || exit 42 + +MAIN_HOSTNAME="{{ mumble_hostnames[0] }}" +SSL_D="{{ mumble_base_path }}/{{ mumble_instance }}/config/ssl" + +while read name; do + certdir="$ACME_STATE_DIR/live/$name" + if [ -z "$name" -o ! -e "$certdir" ]; then + continue + fi + if [ "$name" != "$MAIN_HOSTNAME" ]; then + continue + fi + + install -m 0644 -o root -g mumble "$certdir/fullchain" "$SSL_D/cert.pem" + install -m 0640 -o root -g mumble "$certdir/privkey" "$SSL_D/privkey.pem" + +{% if kubernetes_cri_socket %} + export CONTAINER_RUNTIME_ENDPOINT="{{ kubernetes_cri_socket }}" +{% endif %} + pod_id=$(crictl pods -q --state ready --name "^mumble-{{ mumble_instance }}-{{ ansible_nodename }}$") + [ -n "$pod_id" ] || exit 42 + container_id=$(crictl ps -q --name '^mumble$' -p "$pod_id") + [ -n "$container_id" ] || exit 42 + crictl exec "$container_id" kill -USR1 1 + + break +done diff --git a/roles/apps/mumble/templates/config.ini.j2 b/roles/apps/mumble/templates/config.ini.j2 new file mode 100644 index 00000000..c182492d --- /dev/null +++ b/roles/apps/mumble/templates/config.ini.j2 @@ -0,0 +1,10 @@ +database=/srv/mumble/db/murmur.sqlite + +sslCert=/etc/mumble/ssl/cert.pem +sslKey=/etc/mumble/ssl/privkey.pem +sslDHParams=/etc/mumble/ssl/dhparams.pem +sslCiphers="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES128:!RSA:!ADH:!AECDH:!MD5" + +{% for opt, value in mumble_config_options.items() %} +{{ opt }}={{ value }} +{% endfor %} diff --git a/roles/apps/mumble/templates/pod-spec.yml.j2 b/roles/apps/mumble/templates/pod-spec.yml.j2 new file mode 100644 index 00000000..5308e72c --- /dev/null +++ b/roles/apps/mumble/templates/pod-spec.yml.j2 @@ -0,0 +1,31 @@ +securityContext: + allowPrivilegeEscalation: false + runAsUser: {{ mumble_uid }} + runAsGroup: {{ mumble_gid }} +hostNetwork: true +containers: +- name: mumble + image: "phlak/mumble:{{ mumble_version }}" + env: + - name: TZ + value: "{{ mumble_timezone }}" + - name: SUPERUSER_PASSWORD + value: "{{ mumble_superuser_password }}" + resources: + limits: + memory: "512Mi" + volumeMounts: + - name: config + mountPath: /etc/mumble + readOnly: true + - name: db + mountPath: /srv/mumble/db +volumes: +- name: config + hostPath: + path: "{{ mumble_base_path }}/{{ mumble_instance }}/config" + type: Directory +- name: db + hostPath: + path: "{{ mumble_base_path }}/{{ mumble_instance }}/db" + type: Directory |