From 129fcfab74e3b3efcc7eee7a1b3da7779550b3c3 Mon Sep 17 00:00:00 2001 From: Sebastian Hugentobler Date: Thu, 30 Jun 2016 13:53:52 +0200 Subject: [PATCH] initial commit --- .gitignore | 3 + Dockerfile | 7 + rootfs/etc/confd/conf.d/murmur.ini.toml | 3 + rootfs/etc/confd/templates/murmur.ini.tmpl | 199 ++++++++++++++++++ .../fix-attrs.d/01-radicale-collections-dir | 1 + rootfs/etc/services.d/murmur/run | 3 + 6 files changed, 216 insertions(+) create mode 100755 .gitignore create mode 100644 Dockerfile create mode 100644 rootfs/etc/confd/conf.d/murmur.ini.toml create mode 100644 rootfs/etc/confd/templates/murmur.ini.tmpl create mode 100644 rootfs/etc/fix-attrs.d/01-radicale-collections-dir create mode 100644 rootfs/etc/services.d/murmur/run diff --git a/.gitignore b/.gitignore new file mode 100755 index 0000000..af0faab --- /dev/null +++ b/.gitignore @@ -0,0 +1,3 @@ +*~ +.DS_Store +*.swp diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..0752d46 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,7 @@ +FROM thallian/confd-env:latest + +RUN apk add --no-cache murmur + +VOLUME /etc/ssl/murmur + +ADD /rootfs / diff --git a/rootfs/etc/confd/conf.d/murmur.ini.toml b/rootfs/etc/confd/conf.d/murmur.ini.toml new file mode 100644 index 0000000..03db3af --- /dev/null +++ b/rootfs/etc/confd/conf.d/murmur.ini.toml @@ -0,0 +1,3 @@ +[template] +src = "murmur.ini.tmpl" +dest = "/etc/murmur.ini" diff --git a/rootfs/etc/confd/templates/murmur.ini.tmpl b/rootfs/etc/confd/templates/murmur.ini.tmpl new file mode 100644 index 0000000..e100ddb --- /dev/null +++ b/rootfs/etc/confd/templates/murmur.ini.tmpl @@ -0,0 +1,199 @@ +# Murmur configuration file. +# +# General notes: +# * Settings in this file are default settings and many of them can be overridden +# with virtual server specific configuration via the Ice or DBus interface. +# * Due to the way this configuration file is read some rules have to be +# followed when specifying variable values (as in variable = value): +# * Make sure to quote the value when using commas in strings or passwords. +# NOT variable = super,secret BUT variable = "super,secret" +# * Make sure to escape special characters like '\' or '"' correctly +# NOT variable = """ BUT variable = "\"" +# NOT regex = \w* BUT regex = \\w* + +# Path to database. If blank, will search for +# murmur.sqlite in default locations or create it if not found. +database={{getenv "DBNAME"}} + +# If you wish to use something other than SQLite, you'll need to set the name +# of the database above, and also uncomment the below. +# Sticking with SQLite is strongly recommended, as it's the most well tested +# and by far the fastest solution. +# +dbDriver=QPSQL +dbUsername={{getenv "DBUSER"}} +dbPassword={{getenv "DBPASSWORD"}} +dbHost={{getenv "DBHOST"}} +dbPort={{getenv "DBPORT"}} +dbPrefix=murmur_ +#dbOpts= + +# Murmur defaults to not using D-Bus. If you wish to use dbus, which is one of the +# RPC methods available in Murmur, please specify so here. +# +dbus=session + +# Alternate D-Bus service name. Only use if you are running distinct +# murmurd processes connected to the same D-Bus daemon. +#dbusservice=net.sourceforge.mumble.murmur + +# If you want to use ZeroC Ice to communicate with Murmur, you need +# to specify the endpoint to use. Since there is no authentication +# with ICE, you should only use it if you trust all the users who have +# shell access to your machine. +# Please see the ICE documentation on how to specify endpoints. +#ice="tcp -h 127.0.0.1 -p 6502" + +# Ice primarily uses local sockets. This means anyone who has a +# user account on your machine can connect to the Ice services. +# You can set a plaintext "secret" on the Ice connection, and +# any script attempting to access must then have this secret +# (as context with name "secret"). +# Access is split in read (look only) and write (modify) +# operations. Write access always includes read access, +# unless read is explicitly denied (see note below). +# +# Note that if this is uncommented and with empty content, +# access will be denied. + +#icesecretread= +icesecretwrite= + +# How many login attempts do we tolerate from one IP +# inside a given timeframe before we ban the connection? +# Note that this is global (shared between all virtual servers), and that +# it counts both successfull and unsuccessfull connection attempts. +# Set either Attempts or Timeframe to 0 to disable. +#autobanAttempts = 10 +#autobanTimeframe = 120 +#autobanTime = 300 + +# Specifies the file Murmur should log to. By default, Murmur +# logs to the file 'murmur.log'. If you leave this field blank +# on Unix-like systems, Murmur will force itself into foreground +# mode which logs to the console. +logfile=/var/log/murmur.log + +# If set, Murmur will write its process ID to this file +# when running in daemon mode (when the -fg flag is not +# specified on the command line). Only available on +# Unix-like systems. +pidfile=/var/run/murmur/murmur.pid + +# The below will be used as defaults for new configured servers. +# If you're just running one server (the default), it's easier to +# configure it here than through D-Bus or Ice. +# +# Welcome message sent to clients when they connect. +welcometext="{{getenv "WELCOMETEXT"}}" + +# Port to bind TCP and UDP sockets to. +port=64738 + +# Specific IP or hostname to bind to. +# If this is left blank (default), Murmur will bind to all available addresses. +#host= + +# Password to join server. +serverpassword={{getenv "SERVERPASSWORD"}} + +# Maximum bandwidth (in bits per second) clients are allowed +# to send speech at. +bandwidth={{getenv "MAXBANDWIDTH"}} + +# Maximum number of concurrent clients allowed. +users={{getenv "MAXUSERS"}} + +# Amount of users with Opus support needed to force Opus usage, in percent. +# 0 = Always enable Opus, 100 = enable Opus if it's supported by all clients. +#opusthreshold=100 + +# Maximum depth of channel nesting. Note that some databases like MySQL using +# InnoDB will fail when operating on deeply nested channels. +#channelnestinglimit=10 + +# Regular expression used to validate channel names. +# (Note that you have to escape backslashes with \ ) +#channelname=[ \\-=\\w\\#\\[\\]\\{\\}\\(\\)\\@\\|]+ + +# Regular expression used to validate user names. +# (Note that you have to escape backslashes with \ ) +#username=[-=\\w\\[\\]\\{\\}\\(\\)\\@\\|\\.]+ + +# Maximum length of text messages in characters. 0 for no limit. +#textmessagelength=5000 + +# Maximum length of text messages in characters, with image data. 0 for no limit. +#imagemessagelength=131072 + +# Allow clients to use HTML in messages, user comments and channel descriptions? +#allowhtml=true + +# Murmur retains the per-server log entries in an internal database which +# allows it to be accessed over D-Bus/ICE. +# How many days should such entries be kept? +# Set to 0 to keep forever, or -1 to disable logging to the DB. +#logdays=31 + +# To enable public server registration, the serverpassword must be blank, and +# this must all be filled out. +# The password here is used to create a registry for the server name; subsequent +# updates will need the same password. Don't lose your password. +# The URL is your own website, and only set the registerHostname for static IP +# addresses. +# Only uncomment the 'registerName' parameter if you wish to give your "Root" channel a custom name. +# +#registerName=Mumble Server +#registerPassword=secret +#registerUrl=http://mumble.sourceforge.net/ +#registerHostname= + +# If this option is enabled, the server will announce its presence via the +# bonjour service discovery protocol. To change the name announced by bonjour +# adjust the registerName variable. +# See http://developer.apple.com/networking/bonjour/index.html for more information +# about bonjour. +#bonjour=True + +# If you have a proper SSL certificate, you can provide the filenames here. +# Otherwise, Murmur will create it's own certificate automatically. +sslCert=/etc/ssl/murmur/fullchain.pem +sslKey=/etc/ssl/murmur/privkey.pem + +# The sslCiphers option chooses the cipher suites to make available for use +# in SSL/TLS. This option is server-wide, and cannot be set on a +# per-virtual-server basis. +# +# This option is specified using OpenSSL cipher list notation (see +# https://www.openssl.org/docs/apps/ciphers.html#CIPHER-LIST-FORMAT). +# +# It is recommended that you try your cipher string using 'openssl ciphers ' +# before setting it here, to get a feel for which cipher suites you will get. +# +# After setting this option, it is recommend that you inspect your Murmur log +# to ensure that Murmur is using the cipher suites that you expected it to. +# +# Note: Changing this option may impact the backwards compatibility of your +# Murmur server, and can remove the ability for older Mumble clients to be able +# to connect to it. +#sslCiphers=EECDH+AESGCM:AES256-SHA:AES128-SHA + +# If Murmur is started as root, which user should it switch to? +# This option is ignored if Murmur isn't started with root privileges. +uname=murmur + +# If this options is enabled, only clients which have a certificate are allowed +# to connect. +#certrequired=False + +# If enabled, clients are sent information about the servers version and operating +# system. +#sendversion=True + +# You can configure any of the configuration options for Ice here. We recommend +# leave the defaults as they are. +# Please note that this section has to be last in the configuration file. +# +[Ice] +Ice.Warn.UnknownProperties=1 +Ice.MessageSizeMax=65536 \ No newline at end of file diff --git a/rootfs/etc/fix-attrs.d/01-radicale-collections-dir b/rootfs/etc/fix-attrs.d/01-radicale-collections-dir new file mode 100644 index 0000000..774ecef --- /dev/null +++ b/rootfs/etc/fix-attrs.d/01-radicale-collections-dir @@ -0,0 +1 @@ +/home/radicale/.config/radicale/collections true radicale 0600 0700 diff --git a/rootfs/etc/services.d/murmur/run b/rootfs/etc/services.d/murmur/run new file mode 100644 index 0000000..6964284 --- /dev/null +++ b/rootfs/etc/services.d/murmur/run @@ -0,0 +1,3 @@ +#!/usr/bin/with-contenv sh + +exec s6-setuidgid murmur murmurd -fg