From 215371a877fa64ca283d4545aa176ad1a9062211 Mon Sep 17 00:00:00 2001 From: Phil Morrell Date: Sun, 24 May 2020 02:42:22 +0100 Subject: [PATCH] mumble: configure letsencrypt component Fixes: #701 Signed-off-by: Phil Morrell Reviewed-by: James Valleroy --- actions/mumble | 26 +++++++++++++++++++++++++- plinth/modules/mumble/__init__.py | 14 ++++++++++++++ 2 files changed, 39 insertions(+), 1 deletion(-) diff --git a/actions/mumble b/actions/mumble index 4a1c3f3c2..2e1d01283 100755 --- a/actions/mumble +++ b/actions/mumble @@ -7,9 +7,13 @@ Configure Mumble server. """ import argparse +import augeas import sys from subprocess import Popen, PIPE +CONFIG_FILE = '/etc/mumble-server.ini' +DATA_DIR = '/var/lib/mumble-server' + def parse_arguments(): """Return parsed command line arguments as dictionary.""" @@ -17,12 +21,21 @@ def parse_arguments(): parser = argparse.ArgumentParser() subparsers = parser.add_subparsers(dest='subcommand', help='Sub command') + subparsers.add_parser('setup', help='Setup Mumble server') subparsers.add_parser('create-password', help='Setup mumble superuser password') return parser.parse_args() +def subcommand_setup(_): + """Setup Mumble server.""" + aug = load_augeas() + aug.set('.anon/sslCert', DATA_DIR + '/fullchain.pem') + aug.set('.anon/sslKey', DATA_DIR + '/privkey.pem') + aug.save() + + def read_from_stdin(): """Read password from stdin""" @@ -34,7 +47,7 @@ def subcommand_create_password(arguments): password = read_from_stdin() - cmd = ['murmurd', '-ini', '/etc/mumble-server.ini', '-readsupw'] + cmd = ['murmurd', '-ini', CONFIG_FILE, '-readsupw'] proc = Popen(cmd, stdin=PIPE, stdout=PIPE, stderr=PIPE, shell=False) # The exit code of the command above seems to be 1 when successful! @@ -51,6 +64,17 @@ def subcommand_create_password(arguments): sys.exit(1) +def load_augeas(): + """Initialize Augeas.""" + aug = augeas.Augeas(flags=augeas.Augeas.NO_LOAD + + augeas.Augeas.NO_MODL_AUTOLOAD) + aug.transform('Php', CONFIG_FILE) + aug.set('/augeas/context', '/files' + CONFIG_FILE) + aug.load() + + return aug + + def main(): """Parse arguments and perform all duties.""" arguments = parse_arguments() diff --git a/plinth/modules/mumble/__init__.py b/plinth/modules/mumble/__init__.py index 2f71b3766..1e414dfe1 100644 --- a/plinth/modules/mumble/__init__.py +++ b/plinth/modules/mumble/__init__.py @@ -3,6 +3,8 @@ FreedomBox app to configure Mumble server. """ +import pathlib + from django.urls import reverse_lazy from django.utils.translation import ugettext_lazy as _ @@ -10,6 +12,7 @@ from plinth import app as app_module from plinth import frontpage, menu from plinth.daemon import Daemon from plinth.modules.firewall.components import Firewall +from plinth.modules.letsencrypt.components import LetsEncrypt from plinth.modules.users.components import UsersAndGroups from .manifest import backup, clients # noqa, pylint: disable=unused-import @@ -20,6 +23,8 @@ managed_services = ['mumble-server'] managed_packages = ['mumble-server'] +managed_paths = [pathlib.Path('/var/lib/mumble-server')] + _description = [ _('Mumble is an open source, low-latency, encrypted, high quality ' 'voice chat software.'), @@ -61,6 +66,15 @@ class MumbleApp(app_module.App): ports=['mumble-plinth'], is_external=True) self.add(firewall) + letsencrypt = LetsEncrypt( + 'letsencrypt-mumble', domains='*', + daemons=managed_services, should_copy_certificates=True, + private_key_path='/var/lib/mumble-server/privkey.pem', + certificate_path='/var/lib/mumble-server/fullchain.pem', + user_owner='mumble-server', group_owner='mumble-server', + managing_app='mumble') + self.add(letsencrypt) + daemon = Daemon( 'daemon-mumble', managed_services[0], listen_ports=[(64738, 'tcp4'), (64738, 'tcp6'), (64738, 'udp4'),