mumble_domain: "{{ inventory_hostname }}.local"

acme_enabled: no
acme_domains:
  - name: "{{ mumble_domain }}"
    hooks: |
      {{ (
        'systemctl reload nginx' if mumble_web_enabled else None,
        'systemctl restart mumble-server' if murmur_enabled else None
      ) | reject("none") | list }}
acme_directory_url: https://acme-v02.api.letsencrypt.org/directory

mumble_web_enabled: no
mumble_web_domain: "{{ mumble_domain }}"
mumble_web_owner: mumble-web
mumble_web_group: "{{ mumble_web_owner }}"
mumble_web_certificate: "{{ acme_certs_dir }}/{{ mumble_web_domain }}.d/{{ acme_enabled | ternary('fullchain','cert') }}.pem"
mumble_web_trusted_certificate: "{{ acme_certs_dir }}/{{ mumble_web_domain }}.d/chain.pem"
mumble_web_private_key: "{{ acme_keys_dir }}/{{ mumble_web_domain }}.key"
mumble_web_www_dir: /var/www/mumble-web
mumble_web_dist_dir: "{{ mumble_web_www_dir }}/dist"
mumble_web_version: master
mumble_web_websockify_port: "64737"

mumble_web_nginx_enabled: yes
mumble_web_nginx_domains: 
  - "{{ mumble_web_domain }}"
mumble_web_nginx_config_dir: /etc/nginx
mumble_web_nginx_log_dir: /var/log/nginx
mumble_web_nginx_generate_dhparam: yes
mumble_web_nginx_dhparam: "{{ mumble_web_nginx_config_dir }}/ssl/dhparam.pem"
mumble_web_nginx_dhparam_size: 2048

murmur_enabled: no
murmur_domain: "{{ mumble_domain }}"
murmur_superuser_password: supersecret
murmur_database:
  path: "/var/lib/mumble-server/mumble-server.sqlite"
  # driver: "QMYSQL"
  # username: "mumble"
  # password: "password"
  # host: "localhost"
  # port: 3306
  # prefix: "murmur_"
murmur_ice_host: "127.0.0.1"
murmur_ice_port: 6502
# Give read permission on ICE connection. Empty secret will deny read permission to anybody.
murmur_ice_secret_read: "{{ lookup('password', '/tmp/murmur-ice-read.secret length=50') }}"
# Give write permission on ICE connection. Empty secret will deny write permission to anybody.
murmur_ice_secret_write: "{{ lookup('password', '/tmp/murmur-ice-write.secret length=50') }}"

murmur_autoban_attempts: 10
murmur_autoban_timeframe: 120
murmur_autoban_time: 300
murmur_log_file: "/var/log/mumble-server/mumble-server.log"
murmur_pid_file: "/var/run/mumble-server/mumble-server.pid"
murmur_welcome_text: "Welcome on the {{ inventory_hostname }} Mumble server!"
# Leave blank to let Murmur bind to all available addresses
murmur_host: ""
murmur_port: 64738
# Password to join the server
murmur_server_password: ""
murmur_max_bandwidth: 72000
murmur_max_users: 100
murmur_opus_threshold: 100
murmur_channel_nesting_limit: 10
murmur_channel_count_limit: 1000
# Regex to validate channel or usernames
# murmur_channel_name_regex: ""
# murmur_username_regex: ""
murmur_text_message_max_length: 5000
murmur_image_message_max_length: 131072
murmur_allow_html: yes
# Set to 0 to keep logs forever, or -1 to disable logging to the DB.
murmur_log_days: -1
# Name for root channel and entry in mumble main server list
murmur_register_enabled: no
murmur_register:
  name: "MyMumbleServerRegisterName"
  password: "password"
  url: "https://mymumbleserverurl.org"
  hostname: "mymumblehostname.domain.org"
# Enable Bonjour for dev purpose
murmur_bonjour_enabled: no
murmur_certificate: "{{ acme_certs_dir }}/{{ murmur_domain }}.d/{{ acme_enabled | ternary('fullchain', 'cert') }}.pem"
murmur_trusted_certificate: "{{ acme_certs_dir }}/{{ murmur_domain }}.d/chain.pem"
murmur_private_key: "{{ acme_keys_dir }}/{{ murmur_domain }}.key"
murmur_dhparam: "@ffdhe4096"
murmur_owner: "mumble-server"
murmur_group: "{{ murmur_owner }}"
murmur_client_certificate_required: no
murmur_send_server_version: yes
murmur_ice_warn_unknown_properties: yes
murmur_ice_message_size_max: 65536
murmur_channels:
  - name: Root
    description: Root channel. No entry.
    groups:
      admin:
        inherit: yes
        inheritable: yes
    permissions:
      - group: all
        deny:
          - Enter
        recursive: no
        enabled: yes
      - group: all
        allow:
          - RegisterSelf
          - MakeTempChannel
      - group: admin
        allow:
          - MuteDeafen
          - Move
          - Kick
          - Ban
          - Register
  - name: Welcome
    parent: Root
    description: Welcome channel
    position: 0
    isdefault: yes
  - name: Silent
    parent: Root
    description: Silent channel
    position: 1
    permissions:
      - group: all
        deny:
          - Speak
          - MakeTempChannel
      - group: admin
        allow:
          - MakeTempChannel