initial commit

2020-04-13 14:46:45 +02:00
commit 961498e32b
76 changed files with 2715 additions and 0 deletions
--- a/roles/mumble/tasks/main.yml
+++ b/roles/mumble/tasks/main.yml
@@ -0,0 +1,11 @@
+- name: Install and configure umurmur server
+  import_tasks: umurmur.yml
+  tags: umurmur
+
+- name: Install and configure mumble web client
+  import_tasks: mumble_web.yml
+  tags: mumble_web
+
+- name: Configure Nginx for mumble web client
+  import_tasks: nginx.yml
+  tags: nginx
--- a/roles/mumble/tasks/mumble_web.yml
+++ b/roles/mumble/tasks/mumble_web.yml
@@ -0,0 +1,77 @@
+- name: Install websockify
+  apt:
+    name: websockify
+    state: present
+  notify: restart mumble-web
+  tags: mumble_web_install
+
+- name: Clone mumble-web git repository
+  git:
+    repo: https://github.com/Johni0702/mumble-web.git
+    dest: "{{ mumble_web_www_dir }}"
+    version: "{{ mumble_web_version }}"
+  tags: mumble_web_install
+
+- name: Change mumble-web git repository's permissions
+  file:
+    path: "{{ mumble_web_www_dir }}"
+    owner: root
+    group: www-data
+    mode: "755"
+    state: directory
+  tags: mumble_web_install
+
+- name: Build mumble-web from sources
+  command: npm install
+  args:
+    chdir: "{{ mumble_web_www_dir }}"
+  register: _mumble_web_installed
+  changed_when: _mumble_web_installed.stdout is regex('(added|removed) [0-9]+ package')
+  tags: [mumble_web_install,mumble_web_build]
+
+- name: Apply security suggestions
+  command: npm audit fix
+  args:
+    chdir: "{{ mumble_web_www_dir }}"
+  when: _mumble_web_installed is changed and _mumble_web_installed.stdout is search('npm audit fix')
+  tags: [mumble_web_install,mumble_web_build]
+
+- name: Build mumble-web assets
+  command: npm run build
+  args:
+    chdir: "{{ mumble_web_www_dir }}"
+  register: _mumble_web_assets_built
+  when: _mumble_web_installed is changed
+  tags: [mumble_web_install,mumble_web_build]
+
+- name: Copy mumble-web config file
+  template:
+    src: mumble-web.js.j2
+    dest: "{{ mumble_web_www_dir }}/dist/config.local.js"
+    owner: root
+    group: www-data
+    mode: "640"
+  tags: [mumble_web_install,mumble_web_config]
+
+- name: Copy mumble-web systemd service
+  template:
+    src: mumble-web.service.j2
+    dest: /etc/systemd/system/mumble-web.service
+    owner: root
+    group: root
+    mode: "644"
+  notify:
+  - reload systemd
+  - restart mumble-web
+  tags: [mumble_web_install,mumble_web_config]
+
+- name: Start mumble-web service
+  service:
+    name: mumble-web
+    state: started
+    enabled: yes
+  register: mumble_web_started
+  tags: mumble_web_run
+
+- name: Trigger mumble-web handlers
+  meta: flush_handlers
--- a/roles/mumble/tasks/nginx.yml
+++ b/roles/mumble/tasks/nginx.yml
@@ -0,0 +1,18 @@
+- name: Copy Nginx config file
+  template:
+    src: nginx.conf.j2
+    dest: /etc/nginx/sites-available/mumble.conf
+    owner: root
+    group: www-data
+    mode: "755"
+  notify: reload nginx
+
+- name: Enable Nginx config file
+  file:
+    src: /etc/nginx/sites-available/mumble.conf
+    path: /etc/nginx/sites-enabled/mumble.conf
+    state: link
+  notify: reload nginx
+
+- name: Trigger Nginx handlers
+  meta: flush_handlers
--- a/roles/mumble/tasks/umurmur.yml
+++ b/roles/mumble/tasks/umurmur.yml
@@ -0,0 +1,88 @@
+- name: Install umurmur build dependencies
+  apt:
+    name:
+    - git
+    - build-essential
+    - cmake
+    - libconfig-dev
+    - libprotobuf-c-dev
+    - libmbedtls-dev
+    - ssl-cert
+
+- name: Clone umurmur git repository
+  git:
+    repo: https://github.com/umurmur/umurmur.git
+    dest: /opt/umurmur
+    version: "{{ umurmur_version }}"
+
+- name: Change umurmur git repository's permissions
+  file:
+    path: /opt/umurmur
+    owner: root
+    group: root
+    mode: "775"
+    state: directory
+
+- name: Create the build directory
+  file:
+    path: /opt/umurmur/build
+    owner: root
+    group: root
+    mode: "775"
+    state: directory
+
+- name: Generate the Makefile with cmake
+  shell: cd /opt/umurmur/build && cmake .. -DSSL=mbedtls
+  changed_when: no
+
+- name: Build umurmur from source
+  make:
+    chdir: /opt/umurmur/build
+  changed_when: _umurmur_built.stdout_lines | length > 1
+  register: _umurmur_built
+
+- name: Install umurmur
+  make:
+    chdir: /opt/umurmur/build
+    target: install
+  changed_when: "'Installing' in _umurmur_installed.stdout"
+  register: _umurmur_installed
+  notify: restart umurmur
+
+- name: Copy umurmur config file
+  template:
+    src: umurmur.conf.j2
+    dest: /usr/local/etc/umurmur.conf
+    owner: root
+    group: "{{ umurmur_ssl_group }}"
+    mode: "640"
+    validate: /usr/local/bin/umurmurd -t -c %s
+  notify: restart umurmur
+  tags: umurmur_config
+
+- name: Copy umurmur systemd service
+  template:
+    src: umurmur.service.j2
+    dest: /etc/systemd/system/umurmur.service
+    owner: root
+    group: root
+    mode: "644"
+  notify:
+  - reload systemd
+  - restart umurmur
+
+- name: Start umurmur service
+  service:
+    name: umurmur
+    enabled: yes
+    state: started
+  register: umurmur_started
+
+- name: Trigger umurmur handlers
+  meta: flush_handlers
+
+- name: Open umurmur port with UFW
+  ufw:
+    rule: allow
+    port: "{{ umurmur_port }}"
+  when: umurmur_ispublic | bool