mumble cose

roles/stable/mumble/tasks/mumble-web.yml

@@ -23,13 +23,13 @@
 
 - name: copy mumble-web unit file
   template:
-    src: mumble-web.service.j2
-    dest: /etc/systemd/system/mumble-web.service
+    src: mumble-web-proxy.service.j2
+    dest: /etc/systemd/system/mumble-web-proxy.service
     owner: root
     group: root
     mode: 0644
   register: servicefile
-  notify: restart mumble-web
+  notify: restart mumble-web-proxy
 
 - name: Allow to python to inherit socket binding capability
   capabilities:
@@ -47,7 +47,7 @@
 
 - name: enable and start mumble-web
   systemd:
-    name: mumble-web
+    name: mumble-web-proxy
     daemon-reload: yes
     enabled: True
-    state: started
+    state: started

roles/stable/mumble/templates/mumle-web.service.j2

@@ -1,27 +1,15 @@
 [Unit]
-Description=Mumble-web
+Description=Mumble Web Proxy
+After=network.target auditd.service
 
 [Service]
-SyslogIdentifier=mumble-web
-ExecStart=/usr/bin/python2.7 /usr/bin/python2-websockify \
-{% if mumble_web_ssl_activated %}
-  --cert={{ murmur_sslcert }} --key={{ murmur_sslkey }} --ssl-only \
-{% endif %}
-{% if mumble_web_ssl_target %}
-  --ssl-target \
-{% endif %}
-  --web={{ mumble_web_path }}/dist {{ mumble_web_listen }} localhost:{{ murmur_port }}
-DynamicUser=true
-; we need access to the certs
-{% if mumble_web_supplementary_groups is defined %}
-SupplementaryGroups={{ mumble_web_supplementary_groups }}
-{% endif %}
-; The following additional security directives only work with systemd v229 or later.
-AmbientCapabilities=CAP_NET_BIND_SERVICE
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-NoNewPrivileges=true
-; Always run
-Restart=always
+Type=simple
+ExecStart=/usr/bin/mumble-web-proxy --listen-ws 64737 --server farma.cisti.org:64738 --ice-port-min 20000 --ice-port-max 21000 --ice-ipv4 185.105.3.28
+Restart=on-failure
+PIDFile=/tmp/mumble-web-proxy.pid
+User=mumble-server
+WorkingDirectory=/var/lib/mumble-server
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target
+