PPBe/ansible-role-mumble
3
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

manage murmur channels; install mumble-web's self-signed cert; add molecule default scenario

Browse Source
This commit is contained in:
HgO
2020-12-06 14:10:29 +01:00
parent 31d3221d05
commit 6914b83d96
21 changed files with 739 additions and 101 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
templates/mumble-server.ini.j2
View File

@@ -72,7 +72,7 @@ dbOpts={{ murmur_database.opts | default('') | to_json }}
; with ICE, you should only use it if you trust all the users who have
; shell access to your machine.
; Please see the ICE documentation on how to specify endpoints.
ice="{{ murmur_ice }}"
ice="tcp -h {{ murmur_ice_host | quote }} -p {{ murmur_ice_port | int }}"
; Ice primarily uses local sockets. This means anyone who has a
; user account on your machine can connect to the Ice services.
@@ -227,7 +227,7 @@ allowhtml={{ murmur_allow_html }}
;logdays=31
logdays={{ murmur_log_days }}
{% if murmur_register.name is defined %}
{% if murmur_register_enabled %}
; To enable public server registration, the serverpassword must be blank, and
; this must all be filled out.
; The password here is used to create a registry for the server name; subsequent
@@ -256,7 +256,9 @@ bonjour={{ murmur_bonjour_enabled }}
;sslKey=
sslCert={{ murmur_certificate | to_json }}
sslKey={{ murmur_private_key | to_json }}
{% if acme_enabled %}
sslCa={{ murmur_trusted_certificate | to_json }}
{% endif %}
; The sslDHParams option allows you to specify a PEM-encoded file with
; Diffie-Hellman parameters, which will be used as the default Diffie-
@@ -319,5 +321,5 @@ sendversion={{ murmur_send_server_version }}
; Please note that this section has to be last in the configuration file.
;
[Ice]
Ice.Warn.UnknownProperties={{ murmur_ice_warn_unknown_properties }}
Ice.Warn.UnknownProperties={{ murmur_ice_warn_unknown_properties | int }}
Ice.MessageSizeMax={{ murmur_ice_message_size_max }}

8
templates/nginx.conf.j2
View File

@@ -8,7 +8,7 @@ server {
return 301 https://$host$request_uri;
}
{% if acme_challenge_dir is defined %}
{% if acme_enabled and acme_challenge_dir is defined %}
location ^~ /.well-known/acme-challenge/ {
allow all;
root {{ acme_challenge_dir }};
@@ -30,8 +30,8 @@ server {
ssl_session_cache shared:AnsibleSSL:10m; # about 40000 sessions
ssl_session_tickets off;
{% if mumble_web_dhparam is defined and mumble_web_dhparam != '' %}
ssl_dhparam {{ mumble_web_dhparam }};
{% if mumble_web_nginx_dhparam %}
ssl_dhparam {{ mumble_web_nginx_dhparam }};
{% endif %}
ssl_protocols TLSv1.2 TLSv1.3;
@@ -44,8 +44,10 @@ server {
ssl_stapling on;
ssl_stapling_verify on;
{% if acme_enabled %}
# Verify chain of trust of OCSP response using Root CA and Intermediate certs
ssl_trusted_certificate {{ mumble_web_trusted_certificate }};
{% endif %}
location / {
root /var/www/mumble-web/dist/;