mumble cose

roles/stable/etherpad/tasks/main.yml

@@ -20,7 +20,7 @@
   git:
     repo: "https://github.com/ether/etherpad-lite"
     dest: "/srv/etherpad/etherpad"
-    version: "1.8.7"
+    version: "1.8.14"
     force: true
   become: true
   become_user: "etherpad"

roles/stable/mumble/tasks/mumble-web.yml

@@ -23,13 +23,13 @@
 
 - name: copy mumble-web unit file
   template:
-    src: mumble-web.service.j2
+    src: mumble-web-proxy.service.j2
-    dest: /etc/systemd/system/mumble-web.service
+    dest: /etc/systemd/system/mumble-web-proxy.service
     owner: root
     group: root
     mode: 0644
   register: servicefile
-  notify: restart mumble-web
+  notify: restart mumble-web-proxy
 
 - name: Allow to python to inherit socket binding capability
   capabilities:
@@ -47,7 +47,7 @@
 
 - name: enable and start mumble-web
   systemd:
-    name: mumble-web
+    name: mumble-web-proxy
     daemon-reload: yes
     enabled: True
-    state: started
+    state: started

roles/stable/mumble/templates/mumle-web.service.j2

@@ -1,27 +1,15 @@
 [Unit]
-Description=Mumble-web
+Description=Mumble Web Proxy
+After=network.target auditd.service
 
 [Service]
-SyslogIdentifier=mumble-web
+Type=simple
-ExecStart=/usr/bin/python2.7 /usr/bin/python2-websockify \
+ExecStart=/usr/bin/mumble-web-proxy --listen-ws 64737 --server farma.cisti.org:64738 --ice-port-min 20000 --ice-port-max 21000 --ice-ipv4 185.105.3.28
-{% if mumble_web_ssl_activated %}
+Restart=on-failure
-  --cert={{ murmur_sslcert }} --key={{ murmur_sslkey }} --ssl-only \
+PIDFile=/tmp/mumble-web-proxy.pid
-{% endif %}
+User=mumble-server
-{% if mumble_web_ssl_target %}
+WorkingDirectory=/var/lib/mumble-server
-  --ssl-target \
-{% endif %}
-  --web={{ mumble_web_path }}/dist {{ mumble_web_listen }} localhost:{{ murmur_port }}
-DynamicUser=true
-; we need access to the certs
-{% if mumble_web_supplementary_groups is defined %}
-SupplementaryGroups={{ mumble_web_supplementary_groups }}
-{% endif %}
-; The following additional security directives only work with systemd v229 or later.
-AmbientCapabilities=CAP_NET_BIND_SERVICE
-CapabilityBoundingSet=CAP_NET_BIND_SERVICE
-NoNewPrivileges=true
-; Always run
-Restart=always
 
 [Install]
-WantedBy=multi-user.target
+WantedBy=multi-user.target
+