{{ ansible_managed | comment(decoration="; ") }} ; Murmur configuration file. ; ; General notes: ; * Settings in this file are default settings and many of them can be overridden ; with virtual server specific configuration via the Ice or DBus interface. ; * Due to the way this configuration file is read some rules have to be ; followed when specifying variable values (as in variable = value): ; * Make sure to quote the value when using commas in strings or passwords. ; NOT variable = super,secret BUT variable = "super,secret" ; * Make sure to escape special characters like '\' or '"' correctly ; NOT variable = """ BUT variable = "\"" ; NOT regex = \w* BUT regex = \\w* ; Path to database. If blank, will search for ; murmur.sqlite in default locations or create it if not found. database={{ murmur_database.path | to_json }} ; Murmur defaults to using SQLite with its default rollback journal. ; In some situations, using SQLite's write-ahead log (WAL) can be ; advantageous. ; If you encounter slowdowns when moving between channels and similar ; operations, enabling the SQLite write-ahead log might help. ; ; To use SQLite's write-ahead log, set sqlite_wal to one of the following ; values: ; ; 0 - Use SQLite's default rollback journal. ; 1 - Use write-ahead log with synchronous=NORMAL. ; If Murmur crashes, the database will be in a consistent state, but ; the most recent changes might be lost if the operating system did ; not write them to disk yet. This option can improve Murmur's ; interactivity on busy servers, or servers with slow storage. ; 2 - Use write-ahead log with synchronous=FULL. ; All database writes are synchronized to disk when they are made. ; If Murmur crashes, the database will be include all completed writes. ;sqlite_wal=0 ; If you wish to use something other than SQLite, you'll need to set the name ; of the database above, and also uncomment the below. ; Sticking with SQLite is strongly recommended, as it's the most well tested ; and by far the fastest solution. ; ;dbDriver=QMYSQL ;dbUsername= ;dbPassword= ;dbHost= ;dbPort= ;dbPrefix=murmur_ ;dbOpts= {% if murmur_database.driver is defined %} dbDriver={{ murmur_database.driver | to_json }} dbUsername={{ murmur_database.username | to_json }} dbPassword={{ murmur_database.password | to_json }} dbHost={{ murmur_database.host | default('localhost') | to_json }} dbPort={{ murmur_database.port }} dbPrefix={{ murmur_database.prefix | default('') | to_json }} dbOpts={{ murmur_database.opts | default('') | to_json }} {% endif %} ; Murmur defaults to not using D-Bus. If you wish to use dbus, which is one of the ; RPC methods available in Murmur, please specify so here. ; ;dbus=session ; Alternate D-Bus service name. Only use if you are running distinct ; murmurd processes connected to the same D-Bus daemon. ;dbusservice=net.sourceforge.mumble.murmur ; If you want to use ZeroC Ice to communicate with Murmur, you need ; to specify the endpoint to use. Since there is no authentication ; with ICE, you should only use it if you trust all the users who have ; shell access to your machine. ; Please see the ICE documentation on how to specify endpoints. ice="tcp -h {{ murmur_ice_host | quote }} -p {{ murmur_ice_port | int }}" ; Ice primarily uses local sockets. This means anyone who has a ; user account on your machine can connect to the Ice services. ; You can set a plaintext "secret" on the Ice connection, and ; any script attempting to access must then have this secret ; (as context with name "secret"). ; Access is split in read (look only) and write (modify) ; operations. Write access always includes read access, ; unless read is explicitly denied (see note below). ; ; Note that if this is uncommented and with empty content, ; access will be denied. {% if murmur_ice_secret_read is defined %} icesecretread={{ murmur_ice_secret_read | to_json }} {% else %} ;icesecretread= {% endif %} {% if murmur_ice_secret_write is defined %} icesecretwrite={{ murmur_ice_secret_write | to_json }} {% else %} ;icesecretwrite= {% endif %} ; If you want to expose Murmur's experimental gRPC API, you ; need to specify an address to bind on. ; Note: not all builds of Murmur support gRPC. If gRPC is not ; available, Murmur will warn you in its log output. ;grpc="127.0.0.1:50051" ; Specifying both a certificate and key file below will cause gRPC to use ; secured, TLS connections. ;grpccert="" ;grpckey="" ; How many login attempts do we tolerate from one IP ; inside a given timeframe before we ban the connection? ; Note that this is global (shared between all virtual servers), and that ; it counts both successfull and unsuccessfull connection attempts. ; Set either Attempts or Timeframe to 0 to disable. ;autobanAttempts = 10 ;autobanTimeframe = 120 ;autobanTime = 300 autobanAttempts={{ murmur_autoban_attempts }} autobanTimeframe={{ murmur_autoban_timeframe }} autobanTime={{ murmur_autoban_time }} ; Specifies the file Murmur should log to. By default, Murmur ; logs to the file 'murmur.log'. If you leave this field blank ; on Unix-like systems, Murmur will force itself into foreground ; mode which logs to the console. ;logfile=murmur.log logfile={{ murmur_log_file | to_json }} ; If set, Murmur will write its process ID to this file ; when running in daemon mode (when the -fg flag is not ; specified on the command line). Only available on ; Unix-like systems. ;pidfile= pidfile={{ murmur_pid_file | to_json }} ; The below will be used as defaults for new configured servers. ; If you're just running one server (the default), it's easier to ; configure it here than through D-Bus or Ice. ; ; Welcome message sent to clients when they connect. ; If the welcome message is set to an empty string, ; no welcome message will be sent to clients. welcometext={{ murmur_welcome_text | to_json }} ; Port to bind TCP and UDP sockets to. port={{ murmur_port }} ; Specific IP or hostname to bind to. ; If this is left blank (default), Murmur will bind to all available addresses. ;host= host={{ murmur_host | to_json }} ; Password to join server. serverpassword={{ murmur_server_password | to_json }} ; Maximum bandwidth (in bits per second) clients are allowed ; to send speech at. bandwidth={{ murmur_max_bandwidth }} ; Maximum number of concurrent clients allowed. users={{ murmur_max_users }} ; Per-user rate limiting ; ; These two settings allow to configure the per-user rate limiter for some ; command messages sent from the client to the server. The messageburst setting ; specifies an amount of messages which are allowed in short bursts. The ; messagelimit setting specifies the number of messages per second allowed over ; a longer period. If a user hits the rate limit, his packages are then ignored ; for some time. Both of these settings have a minimum of 1 as setting either to ; 0 could render the server unusable. messageburst=5 messagelimit=1 ; Respond to UDP ping packets. ; ; Setting to true exposes the current user count, the maximum user count, and ; the server's maximum bandwidth per client to unauthenticated users. In the ; Mumble client, this information is shown in the Connect dialog. allowping=true ; Amount of users with Opus support needed to force Opus usage, in percent. ; 0 = Always enable Opus, 100 = enable Opus if it's supported by all clients. ;opusthreshold=100 opusthreshold={{ murmur_opus_threshold }} ; Maximum depth of channel nesting. Note that some databases like MySQL using ; InnoDB will fail when operating on deeply nested channels. ;channelnestinglimit=10 channelnestinglimit={{ murmur_channel_nesting_limit }} ; Maximum number of channels per server. 0 for unlimited. Note that an ; excessive number of channels will impact server performance ;channelcountlimit=1000 channelcountlimit={{ murmur_channel_count_limit }} ; Regular expression used to validate channel names. ; (Note that you have to escape backslashes with \ ) ;channelname=[ \\-=\\w\\#\\[\\]\\{\\}\\(\\)\\@\\|]+ {% if murmur_channel_name_regex is defined %} channelname={{ murmur_channel_name_regex }} {% endif %} ; Regular expression used to validate user names. ; (Note that you have to escape backslashes with \ ) ;username=[-=\\w\\[\\]\\{\\}\\(\\)\\@\\|\\.]+ {% if murmur_username_regex is defined %} username={{ murmur_username_regex }} {% endif %} ; Maximum length of text messages in characters. 0 for no limit. ;textmessagelength=5000 textmessagelength={{ murmur_text_message_max_length }} ; Maximum length of text messages in characters, with image data. 0 for no limit. ;imagemessagelength=131072 imagemessagelength={{ murmur_image_message_max_length }} ; Allow clients to use HTML in messages, user comments and channel descriptions? ;allowhtml=true allowhtml={{ murmur_allow_html }} ; Murmur retains the per-server log entries in an internal database which ; allows it to be accessed over D-Bus/ICE. ; How many days should such entries be kept? ; Set to 0 to keep forever, or -1 to disable logging to the DB. ;logdays=31 logdays={{ murmur_log_days }} {% if murmur_register_enabled %} ; To enable public server registration, the serverpassword must be blank, and ; this must all be filled out. ; The password here is used to create a registry for the server name; subsequent ; updates will need the same password. Don't lose your password. ; The URL is your own website, and only set the registerHostname for static IP ; addresses. ; Only uncomment the 'registerName' parameter if you wish to give your "Root" channel a custom name. ; registerName={{ murmur_register.name | to_json }} registerPassword={{ murmur_register.password | to_json }} registerUrl={{ murmur_register.url | to_json }} registerHostname={{ murmur_register.hostname | to_json }} {% endif %} ; If this option is enabled, the server will announce its presence via the ; bonjour service discovery protocol. To change the name announced by bonjour ; adjust the registerName variable. ; See http://developer.apple.com/networking/bonjour/index.html for more information ; about bonjour. ;bonjour=True bonjour={{ murmur_bonjour_enabled }} ; If you have a proper SSL certificate, you can provide the filenames here. ; Otherwise, Murmur will create its own certificate automatically. ;sslCert= ;sslKey= sslCert={{ murmur_certificate | to_json }} sslKey={{ murmur_private_key | to_json }} {% if acme_enabled %} sslCa={{ murmur_trusted_certificate | to_json }} {% endif %} ; The sslDHParams option allows you to specify a PEM-encoded file with ; Diffie-Hellman parameters, which will be used as the default Diffie- ; Hellman parameters for all virtual servers. ; ; Instead of pointing sslDHParams to a file, you can also use the option ; to specify a named set of Diffie-Hellman parameters for Murmur to use. ; Murmur comes bundled with the Diffie-Hellman parameters from RFC 7919. ; These parameters are available by using the following names: ; ; @ffdhe2048, @ffdhe3072, @ffdhe4096, @ffdhe6144, @ffdhe8192 ; ; By default, Murmur uses @ffdhe2048. sslDHParams={{ murmur_dhparam | to_json }} ; The sslCiphers option chooses the cipher suites to make available for use ; in SSL/TLS. This option is server-wide, and cannot be set on a ; per-virtual-server basis. ; ; This option is specified using OpenSSL cipher list notation (see ; https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT). ; ; It is recommended that you try your cipher string using 'openssl ciphers ' ; before setting it here, to get a feel for which cipher suites you will get. ; ; After setting this option, it is recommend that you inspect your Murmur log ; to ensure that Murmur is using the cipher suites that you expected it to. ; ; Note: Changing this option may impact the backwards compatibility of your ; Murmur server, and can remove the ability for older Mumble clients to be able ; to connect to it. ;sslCiphers=EECDH+AESGCM:EDH+aRSA+AESGCM:DHE-RSA-AES256-SHA:DHE-RSA-AES128-SHA:AES256-SHA:AES128-SHA ; If Murmur is started as root, which user should it switch to? ; This option is ignored if Murmur isn't started with root privileges. ;uname= uname={{ murmur_owner }} ; If this options is enabled, only clients which have a certificate are allowed ; to connect. ;certrequired=False certrequired={{ murmur_client_certificate_required }} ; If enabled, clients are sent information about the servers version and operating ; system. ;sendversion=True sendversion={{ murmur_send_server_version }} ; This sets password hash storage to legacy mode (1.2.4 and before) ; (Note that setting this to true is insecure and should not be used unless absolutely necessary) ;legacyPasswordHash=false ; By default a strong amount of PBKDF2 iterations are chosen automatically. If >0 this setting ; overrides the automatic benchmark and forces a specific number of iterations. ; (Note that you should only change this value if you know what you are doing) ;kdfIterations=-1 ; You can configure any of the configuration options for Ice here. We recommend ; leave the defaults as they are. ; Please note that this section has to be last in the configuration file. ; [Ice] Ice.Warn.UnknownProperties={{ murmur_ice_warn_unknown_properties | int }} Ice.MessageSizeMax={{ murmur_ice_message_size_max }}