diff --git a/inventories/group_vars/all/main.yml b/inventories/group_vars/all/main.yml index 75231d1..886b46d 100644 --- a/inventories/group_vars/all/main.yml +++ b/inventories/group_vars/all/main.yml @@ -25,4 +25,11 @@ users: - name: tierce - name: zefredz -acme_email: it@pirateparty.be \ No newline at end of file +acme_account_email: it@pirateparty.be +acme_config: + account: + private_key: "{{ acme_accounts_dir }}/acme_account.key" + email: "{{ acme_account_email }}" + directory_url: https://acme-v02.api.letsencrypt.org/directory + challenge_dir: /var/www/acme/.well-known/acme-challenge + domains: "{{ acme_domains }}" \ No newline at end of file diff --git a/inventories/group_vars/mumble/main.yml b/inventories/group_vars/mumble/main.yml index 1515862..49bfc11 100644 --- a/inventories/group_vars/mumble/main.yml +++ b/inventories/group_vars/mumble/main.yml @@ -1,49 +1,84 @@ -murmur_port: 64730 +mumble_domain: "{{ inventory_hostname }}" +acme_enabled: yes +acme_domains: + - name: "{{ mumble_domain }}" + alt_names: "{{ mumble_alt_domains }}" + hooks: + - systemctl reload nginx + - systemctl restart mumble-server + - systemctl restart umurmur +mumble_nginx_domains: "{{ [mumble_domain] + mumble_alt_domains }}" + +murmur_enabled: yes murmur_superuser_password: "{{ vault_murmur_superuser_password }}" +murmur_ice_secret_read: "{{ vault_murmur_ice_secret_read }}" +murmur_ice_secret_write: "{{ vault_murmur_ice_secret_write }}" +murmur_welcome_text: + - Welcome to Parley Talk! + - You can talk to the people in the room you joined. + - You start in the Welcome room, to join another channel double click on the room name. +murmur_max_users: 100 +murmur_channels: + - name: Parley + description: Main Parley Talk channel. No entry. + groups: + admin: + inherit: yes + inheritable: yes + permissions: + - group: all + deny: + - Enter + recursive: no + enabled: yes + - group: all + allow: + - RegisterSelf + - MakeTempChannel + - group: admin + allow: + - MuteDeafen + - Move + - Kick + - Ban + - Register + - name: Welcome + parent: Parley + description: Welcome channel + position: 0 + isdefault: yes + - name: Mary Read's territory + description: The channel dedicated to Mary Read. She was a Caribbean pirate. Dressed as a man, Mary went to sea and later joined the British army, fighting in the War Of The Spanish Succession. She married and settled down as a woman, but dressed back as a man following the death of her husband, later boarding a ship bound for the West Indies. + parent: Welcome + - name: Anne Bonny crew + description: The channel dedicated to Anne Bonny. She was one the most famous female pirates. She operated in the Caribbean. She discovered that one of her crew companion, Mark Read, was secretly a woman (Mary Read) and the two became very close. + parent: Welcome + - name: Mary Cricket's ship + description: The channel dedicated to Mary Cricket. Toghether with 5 other prisoners Mary Crickett escaped and overpowered the two-man crew of the sloop John and Elizabeth on 12 May 1729. She held the prisoners in the ship's hold, sitting on the hatch to prevent their escape. The pair was released a few days later. The pirates sailed into Chesapeake Bay but before they could raid any other ships, they were captured by HMS Shoreham. Returned to Virginia, they were tried in August 1729, convicted of piracy, and sentenced to hang. + parent: Welcome + - name: Flora Burn's island + description: The channel dedicated to Flora Burn. She began her pirate career in 1741 and operated mainly on the East Coast of North America. + parent: Welcome + - name: Sayyida al Hurra + description: She was a Moroccan pirate from the 16th century, and controlled the Mediterranean Sea together with Barbarossa. Her name means "noble lady who is free and independent" + parent: Welcome + - name: Ching Shih + description: She was a Chinese pirate from the 19th century. She is considered to be the pirate with the largest crew ever assembled (between 20.000 and 40.000 pirates) and died peacefully as a free woman + parent: Welcome + - name: Silent + parent: Parley + description: Silent channel + position: 1 + permissions: + - group: all + deny: + - Speak + - MakeTempChannel + - group: admin + allow: + - MakeTempChannel +murmur_default_channel: Welcome -umurmur_version: 0.2.17 -umurmur_domain: mumble.parley.be - -umurmur_welcome_text: -- Welcome to Parley Talk! -- You can talk to the people in the room you joined. -- You start in the Welcome room, to join another channel double click on the room name. -umurmur_admin_password: "{{ vault_umurmur_admin_password }}" -umurmur_max_users: 100 - -umurmur_channels: -- name: Parley - description: Main Parley Talk channel. No entry. - noenter: yes -- name: Welcome - parent: Parley - description: Welcome channel - position: 0 -- name: Silent - parent: Parley - description: Silent channel - silent: yes - position: 1 -- name: Mary Read's territory - description: The channel dedicated to Mary Read. She was a Caribbean pirate. Dressed as a man, Mary went to sea and later joined the British army, fighting in the War Of The Spanish Succession. She married and settled down as a woman, but dressed back as a man following the death of her husband, later boarding a ship bound for the West Indies. - parent: Welcome -- name: Anne Bonny crew - description: The channel dedicated to Anne Bonny. She was one the most famous female pirates. She operated in the Caribbean. She discovered that one of her crew companion, Mark Read, was secretly a woman (Mary Read) and the two became very close. - parent: Welcome -- name: Mary Cricket's ship - description: The channel dedicated to Mary Cricket. Toghether with 5 other prisoners Mary Crickett escaped and overpowered the two-man crew of the sloop John and Elizabeth on 12 May 1729. She held the prisoners in the ship's hold, sitting on the hatch to prevent their escape. The pair was released a few days later. The pirates sailed into Chesapeake Bay but before they could raid any other ships, they were captured by HMS Shoreham. Returned to Virginia, they were tried in August 1729, convicted of piracy, and sentenced to hang. - parent: Welcome -- name: Flora Burn's island - description: The channel dedicated to Flora Burn. She began her pirate career in 1741 and operated mainly on the East Coast of North America. - parent: Welcome -- name: Sayyida al Hurra - description: She was a Moroccan pirate from the 16th century, and controlled the Mediterranean Sea together with Barbarossa. Her name means "noble lady who is free and independent" - parent: Welcome -- name: Ching Shih - description: She was a Chinese pirate from the 19th century. She is considered to be the pirate with the largest crew ever assembled (between 20.000 and 40.000 pirates) and died peacefully as a free woman - parent: Welcome - -umurmur_default_channel: Welcome - -mumble_web_domain: talk.parley.be -mumble_web_version: master \ No newline at end of file +mumble_web_enabled: yes +mumble_web_version: master +mumble_web_nginx_generate_dhparam: no \ No newline at end of file diff --git a/inventories/group_vars/mumble/vault.yml b/inventories/group_vars/mumble/vault.yml index 0f70684..661d6d8 100644 --- a/inventories/group_vars/mumble/vault.yml +++ b/inventories/group_vars/mumble/vault.yml @@ -1,13 +1,21 @@ $ANSIBLE_VAULT;1.1;AES256 -39653565313333643836363062656363333232313166303331656135633830323633366236313438 -6663616535626237326566636331356564373936356465310a323638646333623731366530316630 -30653662666239336465366466663162303466613139636138316538643862383962393734323665 -6135633264336530650a653234353636643630643566323638386138633035396232666136333531 -66353062333661393462353535383964333262336235643237383632633135346165326635633730 -65356161363266393834353964626164356364353061646638366232643132373965646466373734 -34346238313666363466633934333737313761643965313130313465623038393638343564393064 -31373132643762373161396236646366326666306536643566383638623133666333663430356431 -65356166326339373666643365623837326461316437616361346531383533646435323331363131 -30373838306631393066323766316638303233303231616266323562653332306631393334353361 -30353130333164643333663262356437386564356432343533336163383735343830656132396332 -61313334396638636333 +34366265373235346635666537616638376532326239636234613934623363643630656337366336 +6266653039336639646566393239643335616261356431360a653366336238383137353530366232 +37353032353737653238313634313333323339373663376435373234316534363763306161643036 +6633306461636162370a393964383732623162316438383562656132333735656265633463663665 +33373837653232343335396131366235333437316136633466353838323436323835383062353332 +30373232626534616430333066663035353738643132656233336531633162346233313366313262 +64303331656137643235333663313063356366306530646330303965656238323735623237613739 +62396662646335383362373539313939343231356332623362316661653466386363636135333932 +31383936323064633235643533643632363665613262306532336131393831306462633233613764 +65326630376633386465653763643964643466346133393433313266373138393635616332393661 +66353331373632623133366261363765653762373664303564633635366161363365363866633737 +31303936643430646430353031376237393961333934326463323864336337663137383230653362 +36666339646134663464396337373130643337623835636231656565343234323565383833343238 +65643831386536656332393265636135316662626164316337313134613231316234643366643838 +32356332393238626539303436336634383664653366366166343831353463663631386364653631 +65323832383436373833313238313965646638646664333036333165386438366433303035363435 +66656132363238633434323735353330373061613762353535643561323462313230306462336130 +39386635666535653235623564303930383339633537313839393237653334383837353363333965 +39373465306566623534326661303738333862643536356437343639386335646635363139363334 +63363063636436383737 diff --git a/inventories/host_vars/talk.parley.be/main.yml b/inventories/host_vars/talk.parley.be/main.yml new file mode 100644 index 0000000..ce3ab67 --- /dev/null +++ b/inventories/host_vars/talk.parley.be/main.yml @@ -0,0 +1,2 @@ +mumble_alt_domains: + - mumble.parley.be \ No newline at end of file diff --git a/playbooks/mumble.yml b/playbooks/mumble.yml index db29728..58346b7 100644 --- a/playbooks/mumble.yml +++ b/playbooks/mumble.yml @@ -1,9 +1,5 @@ - hosts: mumble become: yes - vars: - acme_domains: - - "{{ umurmur_domain }}" - - "{{ mumble_web_domain }}" roles: - ppbe.mumble \ No newline at end of file diff --git a/requirements.yml b/requirements.yml index 72efac6..73d1beb 100644 --- a/requirements.yml +++ b/requirements.yml @@ -1,8 +1,10 @@ - name: ppbe.acme src: https://dev.parley.be/PPBe/ansible-role-acme.git scm: git - version: master + version: 5-trigger-hooks-after-certificate-renewal - name: ppbe.mumble src: https://dev.parley.be/PPBe/ansible-role-mumble.git scm: git - version: master \ No newline at end of file + version: master +- name: cloudalchemy.alertmanager +- name: cloudalchemy.prometheus \ No newline at end of file diff --git a/roles/common/tasks/nginx.yml b/roles/common/tasks/nginx.yml index eba8aad..bddcb69 100644 --- a/roles/common/tasks/nginx.yml +++ b/roles/common/tasks/nginx.yml @@ -35,10 +35,11 @@ size: "{{ nginx_dhparam_size }}" owner: root group: www-data + mode: "640" async: 3600 poll: 0 changed_when: no - register: nginx_dh + register: _nginx_dhparam - name: Use snakoil cert key as Nginx's default private key file: @@ -86,11 +87,12 @@ - name: Waiting for Diffie-Hellman task to complete… async_status: - jid: "{{ nginx_dh.ansible_job_id }}" - register: nginx_dh_job + jid: "{{ _nginx_dhparam.ansible_job_id }}" + register: _nginx_dhparam_job retries: 60 delay: 30 # will retry every 30s for 30min (60 retries) - until: nginx_dh_job.finished + until: _nginx_dhparam_job.finished + notify: reload nginx - name: Start Nginx server service: