--- - name: add group for mumble group: name: mumble gid: "{{ mumble_gid }}" - name: add user for mumble user: name: mumble uid: "{{ mumble_uid }}" group: mumble password: "!" - name: create mumble config subdirectory file: path: "{{ mumble_base_path }}/{{ mumble_instance }}/config" state: directory - name: create mumble config template: src: config.ini.j2 dest: "{{ mumble_base_path }}/{{ mumble_instance }}/config/config.ini" group: mumble mode: 0640 - name: create mumble ssl subdirectory file: path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/ssl" state: directory owner: root group: mumble mode: 0750 - name: generate Diffie-Hellman parameters openssl_dhparam: path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/ssl/dhparams.pem" size: "{{ mumble_dhparam_size }}" owner: root group: mumble mode: 0644 - name: install acmetool hook script template: src: acmetool-reload.sh.j2 dest: "/etc/acme/hooks/mumble-{{ mumble_instance }}" mode: 0755 - name: install acmetool systemd unit snippet copy: dest: "/etc/systemd/system/acmetool.service.d/mumble-{{ mumble_instance }}.conf" content: | [Service] ReadWritePaths={{ mumble_base_path }}/{{ mumble_instance }}/config/ssl register: mumble_acmetool_snippet - name: reload systemd when: mumble_acmetool_snippet is changed systemd: daemon_reload: yes - name: get certificate using acmetool import_role: name: acmetool/cert vars: acmetool_cert_name: "mumble-{{ mumble_instance }}" acmetool_cert_hostnames: "{{ mumble_hostnames }}" - name: create mumble database directory file: path: "{{ mumble_base_path }}/{{ mumble_instance }}/db" state: directory owner: mumble group: mumble mode: 0750 - name: install pod manifest vars: kubernetes_standalone_pod: name: "mumble-{{ mumble_instance }}" spec: "{{ lookup('template', 'pod-spec.yml.j2') }}" mode: "0600" config_hash_items: - path: "{{ mumble_base_path }}/{{ mumble_instance }}/config/config.ini" properties: - checksum include_role: name: kubernetes/standalone/pod