mumble: configure letsencrypt component

Fixes: #701

Signed-off-by: Phil Morrell <debian@emorrp1.name>
Reviewed-by: James Valleroy <jvalleroy@mailbox.org>

actions/mumble

@@ -7,9 +7,13 @@ Configure Mumble server.
 """
 
 import argparse
+import augeas
 import sys
 from subprocess import Popen, PIPE
 
+CONFIG_FILE = '/etc/mumble-server.ini'
+DATA_DIR = '/var/lib/mumble-server'
+
 
 def parse_arguments():
     """Return parsed command line arguments as dictionary."""
@@ -17,12 +21,21 @@ def parse_arguments():
     parser = argparse.ArgumentParser()
     subparsers = parser.add_subparsers(dest='subcommand', help='Sub command')
 
+    subparsers.add_parser('setup', help='Setup Mumble server')
     subparsers.add_parser('create-password',
                           help='Setup mumble superuser password')
 
     return parser.parse_args()
 
 
+def subcommand_setup(_):
+    """Setup Mumble server."""
+    aug = load_augeas()
+    aug.set('.anon/sslCert', DATA_DIR + '/fullchain.pem')
+    aug.set('.anon/sslKey', DATA_DIR + '/privkey.pem')
+    aug.save()
+
+
 def read_from_stdin():
     """Read password from stdin"""
 
@@ -34,7 +47,7 @@ def subcommand_create_password(arguments):
 
     password = read_from_stdin()
 
-    cmd = ['murmurd', '-ini', '/etc/mumble-server.ini', '-readsupw']
+    cmd = ['murmurd', '-ini', CONFIG_FILE, '-readsupw']
     proc = Popen(cmd, stdin=PIPE, stdout=PIPE, stderr=PIPE, shell=False)
 
     # The exit code of the command above seems to be 1 when successful!
@@ -51,6 +64,17 @@ def subcommand_create_password(arguments):
         sys.exit(1)
 
 
+def load_augeas():
+    """Initialize Augeas."""
+    aug = augeas.Augeas(flags=augeas.Augeas.NO_LOAD +
+                        augeas.Augeas.NO_MODL_AUTOLOAD)
+    aug.transform('Php', CONFIG_FILE)
+    aug.set('/augeas/context', '/files' + CONFIG_FILE)
+    aug.load()
+
+    return aug
+
+
 def main():
     """Parse arguments and perform all duties."""
     arguments = parse_arguments()

plinth/modules/mumble/__init__.py

@@ -3,6 +3,8 @@
 FreedomBox app to configure Mumble server.
 """
 
+import pathlib
+
 from django.urls import reverse_lazy
 from django.utils.translation import ugettext_lazy as _
 
@@ -10,6 +12,7 @@ from plinth import app as app_module
 from plinth import frontpage, menu
 from plinth.daemon import Daemon
 from plinth.modules.firewall.components import Firewall
+from plinth.modules.letsencrypt.components import LetsEncrypt
 from plinth.modules.users.components import UsersAndGroups
 
 from .manifest import backup, clients  # noqa, pylint: disable=unused-import
@@ -20,6 +23,8 @@ managed_services = ['mumble-server']
 
 managed_packages = ['mumble-server']
 
+managed_paths = [pathlib.Path('/var/lib/mumble-server')]
+
 _description = [
     _('Mumble is an open source, low-latency, encrypted, high quality '
       'voice chat software.'),
@@ -61,6 +66,15 @@ class MumbleApp(app_module.App):
                             ports=['mumble-plinth'], is_external=True)
         self.add(firewall)
 
+        letsencrypt = LetsEncrypt(
+            'letsencrypt-mumble', domains='*',
+            daemons=managed_services, should_copy_certificates=True,
+            private_key_path='/var/lib/mumble-server/privkey.pem',
+            certificate_path='/var/lib/mumble-server/fullchain.pem',
+            user_owner='mumble-server', group_owner='mumble-server',
+            managing_app='mumble')
+        self.add(letsencrypt)
+
         daemon = Daemon(
             'daemon-mumble', managed_services[0],
             listen_ports=[(64738, 'tcp4'), (64738, 'tcp6'), (64738, 'udp4'),