From 891c7dc3cd11bd3e8a11ed19672bb057787d36c2 Mon Sep 17 00:00:00 2001
From: Christian Pointner <equinox@spreadspace.org>
Date: Sun, 21 Mar 2021 15:55:10 +0100
Subject: add mumble to glt-coturn

---
 roles/apps/mumble/tasks/main.yml | 87 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 87 insertions(+)
 create mode 100644 roles/apps/mumble/tasks/main.yml

(limited to 'roles/apps/mumble/tasks/main.yml')

diff --git a/roles/apps/mumble/tasks/main.yml b/roles/apps/mumble/tasks/main.yml
new file mode 100644
index 00000000..0e16e54b
--- /dev/null
+++ b/roles/apps/mumble/tasks/main.yml
@@ -0,0 +1,87 @@
+---
+- name: add group for mumble
+  group:
+    name: mumble
+    gid: "{{ mumble_gid }}"
+
+- name: add user for mumble
+  user:
+    name: mumble
+    uid: "{{ mumble_uid }}"
+    group: mumble
+    password: "!"
+
+- name: create mumble config subdirectory
+  file:
+    path: "{{ mumble_base_path }}/{{ mumble_instance }}/config"
+    state: directory
+
+- name: create mumble config
+  template:
+    src: config.ini.j2
+    dest: "{{ mumble_base_path }}/{{ mumble_instance }}/config/config.ini"
+    group: mumble
+    mode: 0640
+
+- name: create mumble ssl subdirectory
+  file:
+    path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/ssl"
+    state: directory
+    owner: root
+    group: mumble
+    mode: 0750
+
+- name: generate Diffie-Hellman parameters
+  openssl_dhparam:
+    path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/ssl/dhparams.pem"
+    size: "{{ mumble_dhparam_size }}"
+    owner: root
+    group: mumble
+    mode: 0644
+
+- name: install acmetool hook script
+  template:
+    src: acmetool-reload.sh.j2
+    dest: "/etc/acme/hooks/mumble-{{ mumble_instance }}"
+    mode: 0755
+
+- name: install acmetool systemd unit snippet
+  copy:
+    dest: "/etc/systemd/system/acmetool.service.d/mumble-{{ mumble_instance }}.conf"
+    content: |
+      [Service]
+      ReadWritePaths={{ mumble_base_path }}/{{ mumble_instance }}/config/ssl
+  register: mumble_acmetool_snippet
+
+- name: reload systemd
+  when: mumble_acmetool_snippet is changed
+  systemd:
+    daemon_reload: yes
+
+- name: get certificate using acmetool
+  import_role:
+    name: acmetool/cert
+  vars:
+    acmetool_cert_name: "mumble-{{ mumble_instance }}"
+    acmetool_cert_hostnames: "{{ mumble_hostnames }}"
+
+- name: create mumble database directory
+  file:
+    path: "{{ mumble_base_path }}/{{ mumble_instance }}/db"
+    state: directory
+    owner: mumble
+    group: mumble
+    mode: 0750
+
+- name: install pod manifest
+  vars:
+    kubernetes_standalone_pod:
+      name: "mumble-{{ mumble_instance }}"
+      spec: "{{ lookup('template', 'pod-spec.yml.j2') }}"
+      mode: "0600"
+      config_hash_items:
+      - path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/config.ini"
+        properties:
+        - checksum
+  include_role:
+    name: kubernetes/standalone/pod
-- 
cgit v1.2.3