create mumble role

tasks/main.yml

@@ -0,0 +1,11 @@
+- name: Install and configure umurmur server
+  import_tasks: umurmur.yml
+  tags: umurmur
+
+- name: Install and configure mumble web client
+  import_tasks: mumble_web.yml
+  tags: mumble_web
+
+- name: Configure Nginx for mumble web client
+  import_tasks: nginx.yml
+  tags: nginx

tasks/mumble_web.yml

@@ -0,0 +1,78 @@
+- name: Install websockify
+  apt:
+    name: websockify
+    state: present
+  notify: reload mumble-web
+  tags: mumble_web_install
+
+- name: Create mumble-web system user
+  user:
+    name: "{{ mumble_web_owner }}"
+    home: "{{ mumble_web_www_dir }}"
+    groups:
+    - www-data
+    shell: /sbin/nologin
+    password: '*'
+    state: present
+    system: yes
+    append: yes
+    create_home: no
+
+- name: Change mumble-web home directory's permissions
+  file:
+    path: "{{ mumble_web_www_dir }}"
+    owner: "{{ mumble_web_owner }}"
+    group: "{{ mumble_web_group }}"
+    mode: "755"
+    state: directory
+  tags: mumble_web_install
+
+- name: Clone mumble-web git repository
+  git:
+    repo: https://github.com/Johni0702/mumble-web.git
+    dest: "{{ mumble_web_www_dir }}"
+    version: "{{ mumble_web_version }}"
+  register: mumble_web_cloned
+  become_user: "{{ mumble_web_owner }}"
+  tags: mumble_web_install
+
+- name: Build mumble-web from sources
+  command: npm clean-install
+  args:
+    chdir: "{{ mumble_web_www_dir }}"
+  register: _mumble_web_installed
+  become_user: "{{ mumble_web_owner }}"
+  when: mumble_web_cloned is changed
+  tags: [mumble_web_install,mumble_web_build]
+
+- name: Copy mumble-web config file
+  template:
+    src: mumble-web.js.j2
+    dest: "{{ mumble_web_www_dir }}/dist/config.local.js"
+    owner: "{{ mumble_web_owner }}"
+    group: "{{ mumble_web_group }}"
+    mode: "644"
+  tags: [mumble_web_install,mumble_web_config]
+
+- name: Copy mumble-web systemd service
+  template:
+    src: mumble-web.service.j2
+    dest: /etc/systemd/system/mumble-web.service
+    owner: root
+    group: root
+    mode: "644"
+  notify:
+  - reload systemd
+  - reload mumble-web
+  tags: [mumble_web_install,mumble_web_config]
+
+- name: Start mumble-web service
+  service:
+    name: mumble-web
+    state: started
+    enabled: yes
+  register: mumble_web_started
+  tags: mumble_web_run
+
+- name: Trigger mumble-web handlers
+  meta: flush_handlers

tasks/nginx.yml

@@ -0,0 +1,18 @@
+- name: Copy Nginx config file
+  template:
+    src: nginx.conf.j2
+    dest: /etc/nginx/sites-available/mumble.conf
+    owner: root
+    group: www-data
+    mode: "755"
+  notify: reload nginx
+
+- name: Enable Nginx config file
+  file:
+    src: /etc/nginx/sites-available/mumble.conf
+    path: /etc/nginx/sites-enabled/mumble.conf
+    state: link
+  notify: reload nginx
+
+- name: Trigger Nginx handlers
+  meta: flush_handlers

tasks/umurmur.yml

@@ -0,0 +1,91 @@
+- name: Install umurmur build dependencies
+  apt:
+    name: "{{ package }}"
+  loop:
+  - git
+  - build-essential
+  - cmake
+  - libconfig-dev
+  - libprotobuf-c-dev
+  - libmbedtls-dev
+  - ssl-cert
+  loop_control:
+    loop_var: package
+
+- name: Clone umurmur git repository
+  git:
+    repo: https://github.com/umurmur/umurmur.git
+    dest: /opt/umurmur
+    version: "{{ umurmur_version }}"
+
+- name: Change umurmur git repository's permissions
+  file:
+    path: /opt/umurmur
+    owner: root
+    group: root
+    mode: "775"
+    state: directory
+
+- name: Create the build directory
+  file:
+    path: /opt/umurmur/build
+    owner: root
+    group: root
+    mode: "775"
+    state: directory
+
+- name: Generate the Makefile with cmake
+  shell: cd /opt/umurmur/build && cmake .. -DSSL=mbedtls
+  changed_when: no
+
+- name: Build umurmur from source
+  make:
+    chdir: /opt/umurmur/build
+  changed_when: _umurmur_built.stdout_lines | length > 1
+  register: _umurmur_built
+
+- name: Install umurmur
+  make:
+    chdir: /opt/umurmur/build
+    target: install
+  changed_when: "'Installing' in _umurmur_installed.stdout"
+  register: _umurmur_installed
+  notify: restart umurmur
+
+- name: Copy umurmur config file
+  template:
+    src: umurmur.conf.j2
+    dest: /usr/local/etc/umurmur.conf
+    owner: root
+    group: "{{ umurmur_ssl_group }}"
+    mode: "640"
+    validate: /usr/local/bin/umurmurd -t -c %s
+  notify: restart umurmur
+  tags: umurmur_config
+
+- name: Copy umurmur systemd service
+  template:
+    src: umurmur.service.j2
+    dest: /etc/systemd/system/umurmur.service
+    owner: root
+    group: root
+    mode: "644"
+  notify:
+  - reload systemd
+  - restart umurmur
+
+- name: Start umurmur service
+  service:
+    name: umurmur
+    enabled: yes
+    state: started
+  register: umurmur_started
+
+- name: Trigger umurmur handlers
+  meta: flush_handlers
+
+- name: Open umurmur port with UFW
+  ufw:
+    rule: allow
+    port: "{{ umurmur_port }}"
+  when: umurmur_ispublic | bool