summaryrefslogtreecommitdiff
path: root/roles/apps/mumble/templates
diff options
context:
space:
mode:
Diffstat (limited to 'roles/apps/mumble/templates')
-rw-r--r--roles/apps/mumble/templates/acmetool-reload.sh.j231
-rw-r--r--roles/apps/mumble/templates/config.ini.j210
-rw-r--r--roles/apps/mumble/templates/pod-spec.yml.j231
3 files changed, 72 insertions, 0 deletions
diff --git a/roles/apps/mumble/templates/acmetool-reload.sh.j2 b/roles/apps/mumble/templates/acmetool-reload.sh.j2
new file mode 100644
index 00000000..e3b8dbb7
--- /dev/null
+++ b/roles/apps/mumble/templates/acmetool-reload.sh.j2
@@ -0,0 +1,31 @@
+#!/bin/sh
+set -e
+EVENT_NAME="$1"
+[ "$EVENT_NAME" = "live-updated" ] || exit 42
+
+MAIN_HOSTNAME="{{ mumble_hostnames[0] }}"
+SSL_D="{{ mumble_base_path }}/{{ mumble_instance }}/config/ssl"
+
+while read name; do
+ certdir="$ACME_STATE_DIR/live/$name"
+ if [ -z "$name" -o ! -e "$certdir" ]; then
+ continue
+ fi
+ if [ "$name" != "$MAIN_HOSTNAME" ]; then
+ continue
+ fi
+
+ install -m 0644 -o root -g mumble "$certdir/fullchain" "$SSL_D/cert.pem"
+ install -m 0640 -o root -g mumble "$certdir/privkey" "$SSL_D/privkey.pem"
+
+{% if kubernetes_cri_socket %}
+ export CONTAINER_RUNTIME_ENDPOINT="{{ kubernetes_cri_socket }}"
+{% endif %}
+ pod_id=$(crictl pods -q --state ready --name "^mumble-{{ mumble_instance }}-{{ ansible_nodename }}$")
+ [ -n "$pod_id" ] || exit 42
+ container_id=$(crictl ps -q --name '^mumble$' -p "$pod_id")
+ [ -n "$container_id" ] || exit 42
+ crictl exec "$container_id" kill -USR1 1
+
+ break
+done
diff --git a/roles/apps/mumble/templates/config.ini.j2 b/roles/apps/mumble/templates/config.ini.j2
new file mode 100644
index 00000000..c182492d
--- /dev/null
+++ b/roles/apps/mumble/templates/config.ini.j2
@@ -0,0 +1,10 @@
+database=/srv/mumble/db/murmur.sqlite
+
+sslCert=/etc/mumble/ssl/cert.pem
+sslKey=/etc/mumble/ssl/privkey.pem
+sslDHParams=/etc/mumble/ssl/dhparams.pem
+sslCiphers="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES128:!RSA:!ADH:!AECDH:!MD5"
+
+{% for opt, value in mumble_config_options.items() %}
+{{ opt }}={{ value }}
+{% endfor %}
diff --git a/roles/apps/mumble/templates/pod-spec.yml.j2 b/roles/apps/mumble/templates/pod-spec.yml.j2
new file mode 100644
index 00000000..5308e72c
--- /dev/null
+++ b/roles/apps/mumble/templates/pod-spec.yml.j2
@@ -0,0 +1,31 @@
+securityContext:
+ allowPrivilegeEscalation: false
+ runAsUser: {{ mumble_uid }}
+ runAsGroup: {{ mumble_gid }}
+hostNetwork: true
+containers:
+- name: mumble
+ image: "phlak/mumble:{{ mumble_version }}"
+ env:
+ - name: TZ
+ value: "{{ mumble_timezone }}"
+ - name: SUPERUSER_PASSWORD
+ value: "{{ mumble_superuser_password }}"
+ resources:
+ limits:
+ memory: "512Mi"
+ volumeMounts:
+ - name: config
+ mountPath: /etc/mumble
+ readOnly: true
+ - name: db
+ mountPath: /srv/mumble/db
+volumes:
+- name: config
+ hostPath:
+ path: "{{ mumble_base_path }}/{{ mumble_instance }}/config"
+ type: Directory
+- name: db
+ hostPath:
+ path: "{{ mumble_base_path }}/{{ mumble_instance }}/db"
+ type: Directory
generated by cgit v1.2.3 (git 2.39.1) at 2024-08-27 13:55:49 +0000