From 23f2f39c58ae2092ff192294b62a4c9119c45f89 Mon Sep 17 00:00:00 2001 From: Christian Pointner Date: Sat, 11 Mar 2023 18:35:20 +0100 Subject: apps/mumble: switch to new official mumble container images --- roles/apps/mumble/defaults/main.yml | 3 ++- roles/apps/mumble/tasks/main.yml | 26 ++++---------------- roles/apps/mumble/templates/acmetool-reload.sh.j2 | 2 +- roles/apps/mumble/templates/config.ini.j2 | 10 -------- roles/apps/mumble/templates/pod-spec.yml.j2 | 30 +++++++++++++++-------- 5 files changed, 28 insertions(+), 43 deletions(-) delete mode 100644 roles/apps/mumble/templates/config.ini.j2 (limited to 'roles/apps') diff --git a/roles/apps/mumble/defaults/main.yml b/roles/apps/mumble/defaults/main.yml index 01f4ef94..627af125 100644 --- a/roles/apps/mumble/defaults/main.yml +++ b/roles/apps/mumble/defaults/main.yml @@ -3,7 +3,7 @@ mumble_uid: 910 mumble_gid: 910 mumble_base_path: /srv/mumble -# mumble_version: 1.3.4 +# mumble_version: v1.4.274-4 # mumble_instance: example.com # mumble_hostnames: # - mumble.example.com @@ -16,3 +16,4 @@ mumble_timezone: "Europe/Vienna" mumble_config_options: bonjour: false + sslCiphers: "ECDHE+AESGCM:DHE+AESGCM:ECDHE+AES256:DHE+AES256:ECDHE+AES128:DHE+AES128:!RSA:!ADH:!AECDH:!MD5" diff --git a/roles/apps/mumble/tasks/main.yml b/roles/apps/mumble/tasks/main.yml index 91932b05..33331dca 100644 --- a/roles/apps/mumble/tasks/main.yml +++ b/roles/apps/mumble/tasks/main.yml @@ -11,21 +11,9 @@ group: mumble password: "!" -- name: create mumble config subdirectory - file: - path: "{{ mumble_base_path }}/{{ mumble_instance }}/config" - state: directory - -- name: create mumble config - template: - src: config.ini.j2 - dest: "{{ mumble_base_path }}/{{ mumble_instance }}/config/config.ini" - group: mumble - mode: 0640 - - name: create mumble ssl subdirectory file: - path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/ssl" + path: "{{ mumble_base_path }}/{{ mumble_instance }}/ssl" state: directory owner: root group: mumble @@ -33,7 +21,7 @@ - name: generate Diffie-Hellman parameters openssl_dhparam: - path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/ssl/dhparams.pem" + path: "{{ mumble_base_path }}/{{ mumble_instance }}/ssl/dhparams.pem" size: "{{ mumble_dhparam_size }}" owner: root group: mumble @@ -50,7 +38,7 @@ dest: "/etc/systemd/system/acmetool.service.d/mumble-{{ mumble_instance }}.conf" content: | [Service] - ReadWritePaths={{ mumble_base_path }}/{{ mumble_instance }}/config/ssl + ReadWritePaths={{ mumble_base_path }}/{{ mumble_instance }}/ssl register: mumble_acmetool_snippet - name: reload systemd @@ -65,9 +53,9 @@ acmetool_cert_name: "mumble-{{ mumble_instance }}" acmetool_cert_hostnames: "{{ mumble_hostnames }}" -- name: create mumble database directory +- name: create mumble data directory file: - path: "{{ mumble_base_path }}/{{ mumble_instance }}/db" + path: "{{ mumble_base_path }}/{{ mumble_instance }}/data" state: directory owner: mumble group: mumble @@ -79,9 +67,5 @@ name: "mumble-{{ mumble_instance }}" spec: "{{ lookup('template', 'pod-spec.yml.j2') }}" mode: "0600" - config_hash_items: - - path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/config.ini" - properties: - - checksum include_role: name: kubernetes/standalone/pod diff --git a/roles/apps/mumble/templates/acmetool-reload.sh.j2 b/roles/apps/mumble/templates/acmetool-reload.sh.j2 index adef944d..fd9f01ba 100644 --- a/roles/apps/mumble/templates/acmetool-reload.sh.j2 +++ b/roles/apps/mumble/templates/acmetool-reload.sh.j2 @@ -4,7 +4,7 @@ EVENT_NAME="$1" [ "$EVENT_NAME" = "live-updated" ] || exit 42 MAIN_HOSTNAME="{{ mumble_hostnames[0] }}" -SSL_D="{{ mumble_base_path }}/{{ mumble_instance }}/config/ssl" +SSL_D="{{ mumble_base_path }}/{{ mumble_instance }}/ssl" while read name; do certdir="$ACME_STATE_DIR/live/$name" diff --git a/roles/apps/mumble/templates/config.ini.j2 b/roles/apps/mumble/templates/config.ini.j2 deleted file mode 100644 index c182492d..00000000 --- a/roles/apps/mumble/templates/config.ini.j2 +++ /dev/null @@ -1,10 +0,0 @@ -database=/srv/mumble/db/murmur.sqlite - -sslCert=/etc/mumble/ssl/cert.pem -sslKey=/etc/mumble/ssl/privkey.pem -sslDHParams=/etc/mumble/ssl/dhparams.pem -sslCiphers="ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES128:!RSA:!ADH:!AECDH:!MD5" - -{% for opt, value in mumble_config_options.items() %} -{{ opt }}={{ value }} -{% endfor %} diff --git a/roles/apps/mumble/templates/pod-spec.yml.j2 b/roles/apps/mumble/templates/pod-spec.yml.j2 index 5308e72c..7a681b4a 100644 --- a/roles/apps/mumble/templates/pod-spec.yml.j2 +++ b/roles/apps/mumble/templates/pod-spec.yml.j2 @@ -5,27 +5,37 @@ securityContext: hostNetwork: true containers: - name: mumble - image: "phlak/mumble:{{ mumble_version }}" + image: "mumblevoip/mumble-server:{{ mumble_version }}" env: - name: TZ value: "{{ mumble_timezone }}" - - name: SUPERUSER_PASSWORD + - name: MUMBLE_SUPERUSER_PASSWORD value: "{{ mumble_superuser_password }}" + - name: MUMBLE_CONFIG_SSLCERT + value: "/etc/mumble/ssl/cert.pem" + - name: MUMBLE_CONFIG_SSLKEY + value: "/etc/mumble/ssl/privkey.pem" + - name: MUMBLE_CONFIG_SSLDHPARAMS + value: "/etc/mumble/ssl/dhparams.pem" +{% for opt, value in mumble_config_options.items() %} + - name: MUMBLE_CONFIG_{{ opt | upper }} + value: "{{ value }}" +{% endfor %} resources: limits: memory: "512Mi" volumeMounts: - - name: config - mountPath: /etc/mumble + - name: ssl + mountPath: /etc/mumble/ssl readOnly: true - - name: db - mountPath: /srv/mumble/db + - name: data + mountPath: /data volumes: -- name: config +- name: ssl hostPath: - path: "{{ mumble_base_path }}/{{ mumble_instance }}/config" + path: "{{ mumble_base_path }}/{{ mumble_instance }}/ssl" type: Directory -- name: db +- name: data hostPath: - path: "{{ mumble_base_path }}/{{ mumble_instance }}/db" + path: "{{ mumble_base_path }}/{{ mumble_instance }}/data" type: Directory -- cgit v1.2.3