From 13b5d45998b1f958d1f982c8f23633c8fe8c2847 Mon Sep 17 00:00:00 2001
From: Paul-Henri Froidmont <git.contact-57n2p@froidmont.org>
Date: Tue, 5 Dec 2017 02:34:44 +0100
Subject: [PATCH] Murmur setup

---
 .gitignore                      |   1 +
 files/ansible_prerequisites.sh  |   2 +-
 files/murmur/.env               |   1 +
 files/murmur/docker-compose.yml |  12 ++
 files/murmur/murmur.ini         | 223 ++++++++++++++++++++++++++++++++
 playbook.yml                    |  17 +++
 6 files changed, 255 insertions(+), 1 deletion(-)
 create mode 100644 files/murmur/.env
 create mode 100644 files/murmur/docker-compose.yml
 create mode 100644 files/murmur/murmur.ini

diff --git a/.gitignore b/.gitignore
index 8000dd9..c713642 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1 +1,2 @@
+.idea
 .vagrant
diff --git a/files/ansible_prerequisites.sh b/files/ansible_prerequisites.sh
index 7c9d00b..bcf54ae 100755
--- a/files/ansible_prerequisites.sh
+++ b/files/ansible_prerequisites.sh
@@ -1,5 +1,5 @@
 #!/bin/bash
 set -e
-pacman -Syu --noconfirm
+#pacman -Syu --noconfirm   #Skip this step because reboot is needed to start docker in case of kernel update
 pacman -S python --noconfirm
 touch /root/.ansible_prerequisites_installed
diff --git a/files/murmur/.env b/files/murmur/.env
new file mode 100644
index 0000000..23d4382
--- /dev/null
+++ b/files/murmur/.env
@@ -0,0 +1 @@
+COMPOSE_PROJECT_NAME=murmur
diff --git a/files/murmur/docker-compose.yml b/files/murmur/docker-compose.yml
new file mode 100644
index 0000000..ee167e2
--- /dev/null
+++ b/files/murmur/docker-compose.yml
@@ -0,0 +1,12 @@
+version: '2.2'
+
+services:
+  murmur:
+    image: mattikus/murmur
+    volumes:
+      - ./murmur.ini:/etc/murmur.ini
+      - /var/lib/murmur/murmur.sqlite:/data/murmur.sqlite
+    ports:
+      - 64738:64738
+      - 64738:64738/udp
+    restart: always
diff --git a/files/murmur/murmur.ini b/files/murmur/murmur.ini
new file mode 100644
index 0000000..53df041
--- /dev/null
+++ b/files/murmur/murmur.ini
@@ -0,0 +1,223 @@
+# Murmur configuration file.
+#
+# General notes:
+# * Settings in this file are default settings and many of them can be overridden
+#   with virtual server specific configuration via the Ice or DBus interface.
+# * Due to the way this configuration file is read some rules have to be
+#   followed when specifying variable values (as in variable = value):
+#     * Make sure to quote the value when using commas in strings or passwords.
+#        NOT variable = super,secret BUT variable = "super,secret"
+#     * Make sure to escape special characters like '\' or '"' correctly
+#        NOT variable = """ BUT variable = "\""
+#        NOT regex = \w* BUT regex = \\w*
+
+# Path to database. If blank, will search for
+# murmur.sqlite in default locations or create it if not found.
+database=/data/murmur.sqlite
+
+# If you wish to use something other than SQLite, you'll need to set the name
+# of the database above, and also uncomment the below.
+# Sticking with SQLite is strongly recommended, as it's the most well tested
+# and by far the fastest solution.
+#
+#dbDriver=QMYSQL
+#dbUsername=
+#dbPassword=
+#dbHost=
+#dbPort=
+#dbPrefix=murmur_
+#dbOpts=
+
+# Murmur defaults to not using D-Bus. If you wish to use dbus, which is one of the
+# RPC methods available in Murmur, please specify so here.
+#
+#dbus=session
+
+# Alternate D-Bus service name. Only use if you are running distinct
+# murmurd processes connected to the same D-Bus daemon.
+#dbusservice=net.sourceforge.mumble.murmur
+
+# If you want to use ZeroC Ice to communicate with Murmur, you need
+# to specify the endpoint to use. Since there is no authentication
+# with ICE, you should only use it if you trust all the users who have
+# shell access to your machine.
+# Please see the ICE documentation on how to specify endpoints.
+ice="tcp -h 127.0.0.1 -p 6502"
+
+# Ice primarily uses local sockets. This means anyone who has a
+# user account on your machine can connect to the Ice services.
+# You can set a plaintext "secret" on the Ice connection, and
+# any script attempting to access must then have this secret
+# (as context with name "secret").
+# Access is split in read (look only) and write (modify) 
+# operations. Write access always includes read access,
+# unless read is explicitly denied (see note below).
+#
+# Note that if this is uncommented and with empty content,
+# access will be denied.
+
+#icesecretread=
+icesecretwrite=
+
+# How many login attempts do we tolerate from one IP
+# inside a given timeframe before we ban the connection?
+# Note that this is global (shared between all virtual servers), and that
+# it counts both successfull and unsuccessfull connection attempts.
+# Set either Attempts or Timeframe to 0 to disable.
+#autobanAttempts = 10
+#autobanTimeframe = 120
+#autobanTime = 300
+
+# Specifies the file Murmur should log to. By default, Murmur
+# logs to the file 'murmur.log'. If you leave this field blank
+# on Unix-like systems, Murmur will force itself into foreground
+# mode which logs to the console.
+#logfile=/data/murmur.log
+
+# If set, Murmur will write its process ID to this file
+# when running in daemon mode (when the -fg flag is not
+# specified on the command line). Only available on
+# Unix-like systems.
+#pidfile=
+
+# The below will be used as defaults for new configured servers.
+# If you're just running one server (the default), it's easier to
+# configure it here than through D-Bus or Ice.
+#
+# Welcome message sent to clients when they connect.
+welcometext="<br />
+Bienvenue sur le nouveau Mumble.<br />
+Maintenant fini de rire, le premier qui dit un truc <b>naus&eacute;abonde</b> est banni<br />
+⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⣀⠴⠖⡛⣩⠿⠿⠿⢷⣿⣾⣷⣀<br />
+⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⣼⣧⡣⠖⠋⢀⢀⢀⢀⢀⠈⠉⠙⠺⠢⡀<br />
+⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢸⣯⡯⣇⢀⡀⡀⢀⢀⢀⢀⢀⢀⢀⢀⢀⠘⡄<br />
+⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⡀⣸⣿⣽⣳⣿⣹⣡⠄⢀⡀⢀⢀⢀⣀⣀⡀⢀⠑⡀<br />
+⢀⢀⢀⢀⢀⢀⢀⣀⠠⢀⣿⣿⣿⡿⣿⣷⣿⣿⠅⢀⢛⡴⡿⠿⣶⣄⡒⡚⠛⢈⣰⣀<br />
+⢀⢀⢀⢀⢀⠔⠁⠈⠑⡄⠘⢻⡟⣛⡻⣿⣽⠍⢀⠠⢏⣃⣴⢾⡛⢏⠛⠏⢿⢿⢦⡅<br />
+⢀⢀⢀⢀⠎⢠⠃⢀⢀⠸⡀⢸⢨⡵⡽⣌⡏⠐⡂⠤⠉⠛⠢⠩⣭⠝⠈⢀⠈⠙⠧⡁<br />
+⢀⢀⢀⡌⢀⡈⢀⢀⢀⢀⢃⢸⡄⠃⠣⢸⣗⠰⠂⢀⢀⢀⢀⢀⢀⢀⢀⡀⢀⢀⢀⠐⡄<br />
+⢀⢀⢀⢇⢀⡇⢀⢀⢀⢀⠘⣼⠸⡌⢁⣾⣿⣏⣿⡼⣒⢃⣄⠠⡠⡞⠉⠉⢆⢀⢀⢀⢱<br />
+⢀⢀⡎⢀⢸⣇⢀⢀⢀⢀⢀⢫⡇⢓⣾⣿⣻⣻⣿⣟⣿⣵⣾⣿⣧⣁⠶⢄⡀⠁⠁⢀⢰<br />
+⢀⢀⡇⢀⠈⢻⢀⢀⢀⢀⢀⠈⡁⠈⡽⣟⣿⣯⣯⡿⡏⢮⢭⣟⠛⠛⠻⠳⣾⣗⠲⠤⠜<br />
+⢀⢀⢇⢀⢀⣾⢀⢀⢀⢀⢀⢀⠇⢀⣹⢿⣿⣷⣿⣿⣇⢎⠻⣼⣽⣛⡯⡽⠉<br />
+⢀⢸⢀⢀⢀⠟⡄⢀⢀⢀⢀⢀⠘⡤⠛⣧⣿⣜⢿⣿⣿⣾⣷⣌⠉⠙⣡⣿⡄⣀<br />
+⢠⠛⢀⢀⢀⢰⠇⢀⢀⢀⢀⢀⢀⠘⡰⣻⣿⣼⣿⣿⣿⣿⣿⣿⣿⣿⡿⠻⠋⣡⠁<br />
+⢸⢀⢀⢀⢀⢀⡧⢀⢀⢀⢀⢀⢀⢀⠘⡇⢻⢏⣿⣽⣿⣟⣿⣿⣿⠟⢀⠠⢎⣉⠊⢰⡀<br />
+⠸⢀⢀⢀⢀⢀⠰⠂⢀⢀⢀⢀⢀⢀⢀⣘⡛⢡⡟⢻⣟⡾⠿⢿⠋⢀⢀⢀⠈⡋⠐⢁⢼<br />
+⢀⢀⢀⢀⢀⢀⢀⢣⢀⢀⢀⢀⢀⢀⠞⠁⠎⠉⠉⠉⢀⢀⢀⢈⣇⢀⢐⠂⡒⣁⢀⢅⢴⠁<br />
+⢀⢀⢀⢀⢀⢀⢀⠈⢂⢀⢀⢀⢀⢀⢀⠘⢀⢀⢀⢀⢀⢀⢀⢀⠿⣀⣞⠛⢺⠁⣏⢹⠃<br />
+⢀⢀⢀⢀⢀⢀⢀⢀⢀⠣⡀⢀⢀⢀⢀⢀⢀⢀⢠⢀⢀⢀⠄⠚⠁⠉⠉⠙⠊⠙⠁⠁<br />
+⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⠐⢄⡀⢀⠠⠤⠢⣕⠡⠔⠊⠁<br />
+⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⢀⠉⠉⠉⠉⠉<br />
+"
+
+# Port to bind TCP and UDP sockets to.
+port=64738
+
+# Specific IP or hostname to bind to.
+# If this is left blank (default), Murmur will bind to all available addresses.
+host=0.0.0.0
+
+# Password to join server.
+serverpassword=changeme
+
+# Maximum bandwidth (in bits per second) clients are allowed
+# to send speech at.
+bandwidth=128000
+
+# Maximum number of concurrent clients allowed.
+users=100
+
+# Amount of users with Opus support needed to force Opus usage, in percent.
+# 0 = Always enable Opus, 100 = enable Opus if it's supported by all clients.
+#opusthreshold=100
+
+# Maximum depth of channel nesting. Note that some databases like MySQL using
+# InnoDB will fail when operating on deeply nested channels.
+#channelnestinglimit=10
+
+# Regular expression used to validate channel names.
+# (Note that you have to escape backslashes with \ )
+#channelname=[ \\-=\\w\\#\\[\\]\\{\\}\\(\\)\\@\\|]+
+
+# Regular expression used to validate user names.
+# (Note that you have to escape backslashes with \ )
+#username=[-=\\w\\[\\]\\{\\}\\(\\)\\@\\|\\.]+
+
+# Maximum length of text messages in characters. 0 for no limit.
+#textmessagelength=5000
+
+# Maximum length of text messages in characters, with image data. 0 for no limit.
+#imagemessagelength=131072
+
+# Allow clients to use HTML in messages, user comments and channel descriptions?
+allowhtml=true
+
+# Murmur retains the per-server log entries in an internal database which
+# allows it to be accessed over D-Bus/ICE.
+# How many days should such entries be kept?
+# Set to 0 to keep forever, or -1 to disable logging to the DB.
+#logdays=31
+
+# To enable public server registration, the serverpassword must be blank, and
+# this must all be filled out.
+# The password here is used to create a registry for the server name; subsequent
+# updates will need the same password. Don't lose your password.
+# The URL is your own website, and only set the registerHostname for static IP
+# addresses.
+# Only uncomment the 'registerName' parameter if you wish to give your "Root" channel a custom name.
+#
+#registerName=Mumble Server
+#registerPassword=secret
+#registerUrl=http://mumble.sourceforge.net/
+#registerHostname=
+
+# If this option is enabled, the server will announce its presence via the 
+# bonjour service discovery protocol. To change the name announced by bonjour
+# adjust the registerName variable.
+# See http://developer.apple.com/networking/bonjour/index.html for more information
+# about bonjour.
+#bonjour=True
+
+# If you have a proper SSL certificate, you can provide the filenames here.
+# Otherwise, Murmur will create it's own certificate automatically.
+#sslCert=
+#sslKey=
+
+# The sslCiphers option chooses the cipher suites to make available for use
+# in SSL/TLS. This option is server-wide, and cannot be set on a
+# per-virtual-server basis.
+#
+# This option is specified using OpenSSL cipher list notation (see
+# https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT).
+#
+# It is recommended that you try your cipher string using 'openssl ciphers <string>'
+# before setting it here, to get a feel for which cipher suites you will get.
+#
+# After setting this option, it is recommend that you inspect your Murmur log
+# to ensure that Murmur is using the cipher suites that you expected it to.
+#
+# Note: Changing this option may impact the backwards compatibility of your
+# Murmur server, and can remove the ability for older Mumble clients to be able
+# to connect to it.
+#sslCiphers=EECDH+AESGCM:AES256-SHA:AES128-SHA
+
+# If Murmur is started as root, which user should it switch to?
+# This option is ignored if Murmur isn't started with root privileges.
+#uname=
+
+# If this options is enabled, only clients which have a certificate are allowed
+# to connect.
+#certrequired=False
+
+# If enabled, clients are sent information about the servers version and operating
+# system.
+sendversion=True
+
+# You can configure any of the configuration options for Ice here. We recommend
+# leave the defaults as they are.
+# Please note that this section has to be last in the configuration file.
+#
+[Ice]
+Ice.Warn.UnknownProperties=1
+Ice.MessageSizeMax=65536
diff --git a/playbook.yml b/playbook.yml
index 77931b6..9a0e78b 100644
--- a/playbook.yml
+++ b/playbook.yml
@@ -19,3 +19,20 @@
         - vim
         - wget
         - zsh
+    - name: Enable and start docker service
+      systemd:
+        name: docker.service
+        state: started
+        enabled: True
+    - name: Create images config folder
+      file: dest=/etc/images state=directory
+    - name: Copy murmur config
+      copy: src=murmur dest=/etc/images
+    - name: Create murmur data folder
+      file: dest=/var/lib/murmur state=directory
+    - name: Copy murmur database
+      copy: src=/mnt/borg/banditlair.com-2017-12-04/backups/murmur/murmur.sqlite dest=/var/lib/murmur/
+    - name: Start murmur docker project
+      docker_service:
+        project_src: /etc/images/murmur
+        state: present
\ No newline at end of file