ansible-role-mumble/defaults/main.yml

177 lines
5.7 KiB
YAML

mumble_domain: "{{ inventory_hostname }}.local"
acme_enabled: no
acme_account_email: acme@example.com
acme_domains:
- name: "{{ mumble_domain }}"
hooks: |
{{ (
'systemctl reload nginx' if mumble_web_enabled else None,
'systemctl restart umurmur' if umurmur_enabled else None,
'systemctl restart mumble-server' if murmur_enabled else None
) | reject("none") | list }}
acme_config:
account:
private_key: "{{ acme_accounts_dir }}/acme_account.key"
email: "{{ acme_account_email }}"
directory_url: https://acme-v02.api.letsencrypt.org/directory
challenge_dir: /var/www/acme/.well-known/acme-challenge
domains: "{{ acme_domains }}"
mumble_web_enabled: no
mumble_web_domain: "{{ mumble_domain }}"
mumble_nginx_domains:
- "{{ mumble_web_domain }}"
mumble_web_owner: mumble-web
mumble_web_group: "{{ mumble_web_owner }}"
mumble_web_certificate: "{{ acme_certs_dir }}/{{ mumble_web_domain }}.d/{{ acme_enabled | ternary('fullchain','cert') }}.pem"
mumble_web_trusted_certificate: "{{ acme_certs_dir }}/{{ mumble_web_domain }}.d/chain.pem"
mumble_web_private_key: "{{ acme_keys_dir }}/{{ mumble_web_domain }}.key"
mumble_web_www_dir: /var/www/mumble-web
mumble_web_version: master
mumble_web_websockify_port: "64737"
mumble_web_nginx_enabled: yes
mumble_web_nginx_config_dir: /etc/nginx
mumble_web_nginx_generate_dhparam: yes
mumble_web_nginx_dhparam: "{{ mumble_web_nginx_config_dir }}/ssl/dhparam.pem"
mumble_web_nginx_dhparam_size: 2048
murmur_enabled: no
murmur_domain: "{{ mumble_domain }}"
murmur_superuser_password: supersecret
murmur_database:
path: "/var/lib/mumble-server/mumble-server.sqlite"
# driver: "QMYSQL"
# username: "mumble"
# password: "password"
# host: "localhost"
# port: 3306
# prefix: "murmur_"
murmur_ice_host: "127.0.0.1"
murmur_ice_port: 6502
# Give read permission on ICE connection. Empty secret will deny read permission to anybody.
murmur_ice_secret_read: "{{ lookup('password', '/tmp/murmur-ice-read.secret length=50') }}"
# Give write permission on ICE connection. Empty secret will deny write permission to anybody.
murmur_ice_secret_write: "{{ lookup('password', '/tmp/murmur-ice-write.secret length=50') }}"
murmur_autoban_attempts: 10
murmur_autoban_timeframe: 120
murmur_autoban_time: 300
murmur_log_file: "/var/log/mumble-server/mumble-server.log"
murmur_pid_file: "/var/run/mumble-server/mumble-server.pid"
murmur_welcome_text: "Welcome on the {{ inventory_hostname }} Mumble server!"
# Leave blank to let Murmur bind to all available addresses
murmur_host: ""
murmur_port: 64738
# Password to join the server
murmur_server_password: ""
murmur_max_bandwidth: 72000
murmur_max_users: 100
murmur_opus_threshold: 100
murmur_channel_nesting_limit: 10
murmur_channel_count_limit: 1000
# Regex to validate channel or usernames
# murmur_channel_name_regex: ""
# murmur_username_regex: ""
murmur_text_message_max_length: 5000
murmur_image_message_max_length: 131072
murmur_allow_html: yes
# Set to 0 to keep logs forever, or -1 to disable logging to the DB.
murmur_log_days: -1
# Name for root channel and entry in mumble main server list
murmur_register_enabled: no
murmur_register:
name: "MyMumbleServerRegisterName"
password: "password"
url: "https://mymumbleserverurl.org"
hostname: "mymumblehostname.domain.org"
# Enable Bonjour for dev purpose
murmur_bonjour_enabled: no
murmur_certificate: "{{ acme_certs_dir }}/{{ murmur_domain }}.d/{{ acme_enabled | ternary('fullchain', 'cert') }}.pem"
murmur_trusted_certificate: "{{ acme_certs_dir }}/{{ murmur_domain }}.d/chain.pem"
murmur_private_key: "{{ acme_keys_dir }}/{{ murmur_domain }}.key"
murmur_dhparam: "@ffdhe4096"
murmur_owner: "mumble-server"
murmur_group: "{{ murmur_owner }}"
murmur_client_certificate_required: no
murmur_send_server_version: yes
murmur_ice_warn_unknown_properties: yes
murmur_ice_message_size_max: 65536
murmur_channels:
- name: Root
description: Root channel. No entry.
groups:
admin:
inherit: yes
inheritable: yes
permissions:
- group: all
deny:
- Enter
recursive: no
enabled: yes
- group: all
allow:
- RegisterSelf
- MakeTempChannel
- group: admin
allow:
- MuteDeafen
- Move
- Kick
- Ban
- Register
- name: Welcome
parent: Root
description: Welcome channel
position: 0
isdefault: yes
- name: Silent
parent: Root
description: Silent channel
position: 1
permissions:
- group: all
deny:
- Speak
- MakeTempChannel
- group: admin
allow:
- MakeTempChannel
umurmur_enabled: no
umurmur_domain: "{{ mumble_domain }}"
umurmur_max_bandwidth: 48000
umurmur_max_users: 100
umurmur_server_password: ""
umurmur_channels:
- name: Root
description: Root channel. No entry.
noenter: yes
- name: Welcome
parent: Root
description: Welcome channel
position: 0
- name: Silent
parent: Root
description: Silent channel
silent: yes
position: 1
umurmur_default_channel: Welcome
umurmur_welcome_text: "Welcome on the {{ inventory_hostname }} Mumble server!"
umurmur_channel_links:
- source: "{{ umurmur_default_channel }}"
destinations: >-
{{ umurmur_channels
| selectattr('parent', 'defined')
| selectattr('parent', '==', umurmur_default_channel)
| map(attribute='name')
| list
}}
umurmur_ssl_group: "{{ acme_ssl_group }}"
umurmur_certificate: "{{ acme_certs_dir }}/{{ umurmur_domain }}.d/{{ acme_enabled | ternary('fullchain', 'cert') }}.pem"
umurmur_private_key: "{{ acme_keys_dir }}/{{ umurmur_domain }}.key"
umurmur_version: master
umurmur_port: 64738