additional-config-options #3

amras · 2026-04-28T14:15:50Z

amras commented

2026-04-28 14:15:50 +00:00

Adding passwords and various config options from https://github.com/mumble-voip/mumble/blob/master/auxiliary_files/mumble-server.ini .

Passwords

mumble-docker reads certain config values from /run/secrets/, so we set the SuperUser password and server password using this method.

server-config.ini

mumble-docker also reads config values from env variables named MUMBLE_CONFIG_*. Importantly, when a variable is set but empty, the corresponding config value is overwritten with an empty string. Therefore we have to provide default values in compose.yml.

The following options are not included, for now:

*ssl* : adding support for certificates needs to be a larger project, it's non-trivial
database, *db*, *sqlite* : as above, for databases
*ice* : I'm unclear how ZeroC Ice works, decided to skip for now
*log* : logs aren't visible outside the container

The following options should probably never be included:

port, host, uname, pidfile: unneccessary in a container environment
legacyPasswordHash: unsecure (could be set with a custom compose file if someone really needs it)
forceExternalAuth: undocumented

Checklist

I have deployed and tested my changes
I have updated relevant versions in abra.sh
I have made my environment variable changes backwards compatible
I have added a release note entry

Adding passwords and various config options from https://github.com/mumble-voip/mumble/blob/master/auxiliary_files/mumble-server.ini . ## Passwords [mumble-docker](https://github.com/mumble-voip/mumble-docker#configuration) reads certain config values from `/run/secrets/`, so we set the SuperUser password and server password using this method. ## server-config.ini `mumble-docker` also reads config values from env variables named `MUMBLE_CONFIG_*`. Importantly, when a variable is set but empty, the corresponding config value is overwritten with an empty string. Therefore we have to provide default values in `compose.yml`. The following options are not included, for now: - `*ssl*` : adding support for certificates needs to be a larger project, it's non-trivial - `database`, `*db*`, `*sqlite*` : as above, for databases - `*ice*` : I'm unclear how ZeroC Ice works, decided to skip for now - `*log*` : logs aren't visible outside the container The following options should probably never be included: - `port`, `host`, `uname`, `pidfile`: unneccessary in a container environment - `legacyPasswordHash`: unsecure (could be set with a custom compose file if someone really needs it) - `forceExternalAuth`: undocumented ## Checklist * [X] I have deployed and tested my changes * [X] I have [updated relevant versions in `abra.sh`](https://docs.coopcloud.tech/maintainers/upgrade/#updating-versions-in-the-abrash) * [X] I have made my environment variable changes [backwards compatible](https://docs.coopcloud.tech/maintainers/upgrade/#backwards-compatible-environment-variable-changes) * [X] I have added a [release note entry](https://docs.coopcloud.tech/maintainers/upgrade/#creating-new-release-notes)

amras added 7 commits 2026-04-28 14:15:50 +00:00

[feat] server and superuser passwords a2e9b642bc

Impl note: server-pw can be ignored for a password-less server,
 e.g. if operator wants to run a publicly registered server:
 https://www.mumble.info/documentation/administration/config-file/#server-registration

Impl note: secret names (-pw rather than -password) are shortened due to R015.

[feat] add options from mumble-server.ini 069298a9f0

Most of the options from mumble-server.ini have been added to .env
No documentation for these settings, since they're described elsewhere.

The exceptions which were not included are:
- *ssl* : adding support for custom certs needs more work
- database, *db*, *sqlite* : as above, for databases
- *ice* : unclear how ZeroC Ice works, decided to skip for now
- logfile, pidfile, *log* : would need to expose these files outside the
  container
- port, host, uname : unneccessary in a container
- legacypasswordhash : unsecure, therefore requires custom compose file
- forceExternalAuth : undocumented

Reference:
on environment variables to set config options in the container: a0ab293b2a/README.md (configuration)
list of options: https://github.com/mumble-voip/mumble/blob/v1.6.870/auxiliary_files/mumble-server.ini

Merge branch 'main' into additional-config-options e2c946339d

[doc] update README with new configs a96464676e

[fix] Include default values in .env e8766522d2

When a MUMBLE_CONFIG var is set, mumble will use it even if it is empty.
This caused problems e.g. when USERNAME="" caused all usernames to be
rejected.

One option to resolve this would be to keep unset-in-config variables
unset in the container. The other option is to supply mumble's default
values to the .env (which also makes the values more explicit).

This commit also removes a few config variables:
SSL would require more work to set up, as the server would need access
to the cert files
REGISTER is skipped for now as it would require an extra secret
LOG_DAYS is skipped because I'm not sure the logs are visible to the
user

[fix] backwards compatible env 11589df06e

As per https://docs.coopcloud.tech/maintainers/upgrade/#backwards-compatible-environment-variable-changes

moved the defaults for the new mumble-server.ini variables
 from .env.sample to the compose file

[chore] update minor version

continuous-integration/drone/pr Build is failing

Details

e4eba96d53

Previous commits introduced new config options:
- passwords
- several misc mumble-server.ini settings

since the new setup requires superuser-pw to be set,
 it is a breaking change compared to 0.1.0
 however, 0.y.z is not considered stable by semver,
 so we're free to increment the minor version.

amras referenced this pull request

2026-04-28 14:16:36 +00:00

Updating the mumble recipe #1

notplants commented

2026-04-28 17:29:19 +00:00

looks great!

nice to have the full set of configs too and server password as a secret in its own compose file

my only stylistic question would be that because MUMBLE_ was removed from all the config values, there is more of a possibility of a collision with another environment variable set by something else. for example if abra injected an environment variable that happened to collide. but I don't think its a necessary change or one I would even recommend, but it did pop into my head while looking at the diff. from looking at a couple other recipes, it doesn't look like other recipes prefix env vars very often, so maybe since its within an app-specific container, there are just not many chances of a collision

looks great! nice to have the full set of configs too and server password as a secret in its own compose file my only stylistic question would be that because MUMBLE_ was removed from all the config values, there is more of a possibility of a collision with another environment variable set by something else. for example if abra injected an environment variable that happened to collide. but I don't think its a necessary change or one I would even recommend, but it did pop into my head while looking at the diff. from looking at a couple other recipes, it doesn't look like other recipes prefix env vars very often, so maybe since its within an app-specific container, there are just not many chances of a collision

notplants referenced this pull request

2026-04-28 17:31:27 +00:00

Updating the mumble recipe #1

amras merged commit faf1a4493d into main

2026-04-29 08:04:23 +00:00

amras deleted branch additional-config-options

2026-04-29 08:04:23 +00:00

amras referenced this issue from a commit

2026-04-29 08:04:23 +00:00

Merge pull request 'additional-config-options' (#3)

Sign in to join this conversation.