coop-cloud/mumble
1
0
Fork 0
Code Issues 2 Pull Requests 1 Projects Releases Wiki Activity

Updating the mumble recipe #1

Closed
notplants wants to merge 3 commits from newmumble into main
pull from: newmumble
merge into: coop-cloud:main
Conversation 19 Commits 3 Files Changed 6 +117 -45
notplants commented 2026-03-03 20:19:06 +00:00
Owner
Copy Link

autonomic mumble from the old times was having issues, so decided to update the recipe to the latest to host our own

appears to be working. was able to use same port publishing pattern I was using in another recipe recently for lasuite-meet

addition of a web client was a nice bonus

autonomic mumble from the old times was having issues, so decided to update the recipe to the latest to host our own appears to be working. was able to use same port publishing pattern I was using in another recipe recently for lasuite-meet addition of a web client was a nice bonus
notplants added 3 commits 2026-03-03 20:19:07 +00:00
working on mumble recipe af87f1085d
small fixes bbbdb120b9
add backups
Some checks failed
continuous-integration/drone/pr Build is failing
Details
a1a5e2adac
notplants commented 2026-03-03 20:20:12 +00:00
Author
Owner
Copy Link

the old 3 year update cycle ... I assume this is probably fine to merge but cc @3wordchant

the old 3 year update cycle ... I assume this is probably fine to merge but cc @3wordchant
3wordchant requested changes 2026-03-04 19:07:45 +00:00
compose.yml
@ -11,0 +15,4 @@
# Mumble uses its own protocol on port 64738 (TCP+UDP), not HTTP.
# Published directly on the host — cannot be proxied through Traefik
# without custom entrypoints.
ports:
3wordchant commented 2026-03-04 19:07:42 +00:00
Owner
Copy Link

Benefits of this over https://git.coopcloud.tech/coop-cloud/traefik/src/branch/master/compose.mumble.yml?

Benefits of this over https://git.coopcloud.tech/coop-cloud/traefik/src/branch/master/compose.mumble.yml?
3wordchant commented 2026-03-04 19:08:34 +00:00
Owner
Copy Link

Update looks good. Personally it seems confusing not to centralise port config in Traefik but 🤷

Update looks good. Personally it seems confusing not to centralise port config in Traefik but 🤷
notplants commented 2026-03-05 15:19:45 +00:00
Author
Owner
Copy Link

@3wordchant ty for taking a look. I see pros/cons of each approach to the ports thing

pro of centralizing in traefik is:

  • if you show up at a new server and want to figure out the port config its all in one place to find

pro of the port config in the recipe is:

  • mumble recipe is self-contained. you can just setup the mumble env and deploy without making any changes to traefik (this is the main reason I liked this approach, as to me it made it easier to setup and deploy)
@3wordchant ty for taking a look. I see pros/cons of each approach to the ports thing pro of centralizing in traefik is: - if you show up at a new server and want to figure out the port config its all in one place to find pro of the port config in the recipe is: - mumble recipe is self-contained. you can just setup the mumble env and deploy without making any changes to traefik (this is the main reason I liked this approach, as to me it made it easier to setup and deploy)
3wordchant commented 2026-03-10 17:33:50 +00:00
Owner
Copy Link

Maybe let's discuss in #coopcloud-tech? I see the "easier" argument (although uncommenting 1 line in abra app config traefik... and redeploying it doesn't seem nightmarish in the scheme of things) but it feels like apps opening their own ports might be unexpected security-wise.

Maybe let's discuss in `#coopcloud-tech`? I see the "easier" argument (although uncommenting 1 line in `abra app config traefik...` and redeploying it doesn't seem nightmarish in the scheme of things) but it feels like apps opening their own ports might be unexpected security-wise.
notplants commented 2026-03-10 17:51:51 +00:00
Author
Owner
Copy Link

@3wordchant want to link this PR into the #coopcloud-tech chat?

I guess for me, as I was trying to understand a recipe, I found it unexpected when there was "action at a distance" and there were also necessary related code changes in another recipe (traefik), even if small. having to touch two repositories instead of one. but I'm not sure how to weigh the approach either way for security

@3wordchant want to link this PR into the #coopcloud-tech chat? I guess for me, as I was trying to understand a recipe, I found it unexpected when there was "action at a distance" and there were also necessary related code changes in another recipe (traefik), even if small. having to touch two repositories instead of one. but I'm not sure how to weigh the approach either way for security
notplants commented 2026-03-16 15:57:32 +00:00
Author
Owner
Copy Link

more host port half-related stuff here: coop-cloud/traefik#88

more host port half-related stuff here: https://git.coopcloud.tech/coop-cloud/traefik/pulls/88
amras commented 2026-04-23 20:06:10 +00:00
Owner
Copy Link

pro of centralizing in traefik is:

  • if you show up at a new server and want to figure out the port config its all in one place to find

pro of the port config in the recipe is:

  • mumble recipe is self-contained. you can just setup the mumble env and deploy without making any changes to traefik (this is the main reason I liked this approach, as to me it made it easier to setup and deploy)

For my usecase, host ports would also break multi-node setups, so I'd like to avoid them being the default.
Would it be possible to break out the host ports to a compose file, and let the operator choose?

> pro of centralizing in traefik is: > - if you show up at a new server and want to figure out the port config its all in one place to find > > pro of the port config in the recipe is: > - mumble recipe is self-contained. you can just setup the mumble env and deploy without making any changes to traefik (this is the main reason I liked this approach, as to me it made it easier to setup and deploy) For my usecase, host ports would also break multi-node setups, so I'd like to avoid them being the default. Would it be possible to break out the host ports to a compose file, and let the operator choose?
👍 1
amras reviewed 2026-04-23 21:12:59 +00:00
abra-entrypoint.sh
@ -0,0 +1,6 @@
#!/bin/sh
set -e
[ -f /run/secrets/su_password ] && export MUMBLE_SUPERUSER_PASSWORD="$(cat /run/secrets/su_password)"
amras commented 2026-04-23 21:12:59 +00:00
Owner
Copy Link

The mumble-server recipe can read secrets directly. Imo, it'd be cleaner to skip the entrypoint and just set those secrets like this: a2e9b642bc. Thoughts?

The mumble-server recipe can read secrets directly. Imo, it'd be cleaner to skip the entrypoint and just set those secrets like this: https://git.coopcloud.tech/coop-cloud/mumble/commit/a2e9b642bc6ff0713d7a8dd13abe18274a0ba08b. Thoughts?
notplants commented 2026-04-24 17:33:21 +00:00
Author
Owner
Copy Link

@amras I'm a bit confused (maybe missing something)

from: a2e9b642bc

services:
			  app:
			    secrets:
			      - source: server-pw
			        target: MUMBLE_CONFIG_SERVER_PASSWORD

does this work?

is this target supposed to set an environment variable? or is this supposed to do something else?

we had a thread with docker inc. at some point because they do not support injecting secrets into env variables like this

or mumble reads that value from a file with that name? I just haven't been able to find documentation about that

@amras I'm a bit confused (maybe missing something) from: https://git.coopcloud.tech/coop-cloud/mumble/commit/a2e9b642bc6ff0713d7a8dd13abe18274a0ba08b ``` services: app: secrets: - source: server-pw target: MUMBLE_CONFIG_SERVER_PASSWORD ``` does this work? is this target supposed to set an environment variable? or is this supposed to do something else? we had a thread with docker inc. at some point because they do not support injecting secrets into env variables like this or mumble reads that value from a file with that name? I just haven't been able to find documentation about that
notplants commented 2026-04-24 17:35:52 +00:00
Author
Owner
Copy Link

For my usecase, host ports would also break multi-node setups, so I'd like to avoid them being the default.
Would it be possible to break out the host ports to a compose file, and let the operator choose?

that sounds doable to put this in a second compose file in mumble. @3wordchant are you ok with this from security perspective if its optional, or should we still start a thread about it in cc matrix?

> For my usecase, host ports would also break multi-node setups, so I'd like to avoid them being the default. Would it be possible to break out the host ports to a compose file, and let the operator choose? that sounds doable to put this in a second compose file in mumble. @3wordchant are you ok with this from security perspective if its optional, or should we still start a thread about it in cc matrix?
3wordchant commented 2026-04-24 19:04:36 +00:00
Owner
Copy Link

that sounds doable to put this in a second compose file in mumble. @3wordchant are you ok with this from security perspective if its optional, or should we still start a thread about it in cc matrix?

Yes, sounds perfect

> that sounds doable to put this in a second compose file in mumble. @3wordchant are you ok with this from security perspective if its optional, or should we still start a thread about it in cc matrix? Yes, sounds perfect
❤️ 1
amras commented 2026-04-27 13:12:53 +00:00
Owner
Copy Link

@notplants

from: a2e9b642bc

services:
			  app:
			    secrets:
			      - source: server-pw
			        target: MUMBLE_CONFIG_SERVER_PASSWORD

does this work?

Seems to! My test deployments on that commit are checking against the appropriate passwords.

or mumble reads that value from a file with that name? I just haven't been able to find documentation about that

Apologies, I forgot to link the docs from the mumble docker image:

As an alternative to environment variables, docker or podman secrets can be used to read configuration options from files which follow the MUMBLE_CONFIG_<config_name> name pattern and are located in the /run/secrets directory at runtime. The same rules to naming environment variables apply to these files as well.

(side note: the example in the same doc uses MUMBLE_SUPERUSER_PASSWORD rather than MUMBLE_CONFIG_SUPERUSER_PASSWORD, unclear what's happening there)

So to answer:

is this target supposed to set an environment variable? or is this supposed to do something else?

No environment variables are being set; target: just populates /run/secrets/MUMBLE_CONFIG_SERVER_PASSWORD and /run/secrets/MUMBLE_SUPERUSER_PASSWORD.

@notplants > from: https://git.coopcloud.tech/coop-cloud/mumble/commit/a2e9b642bc6ff0713d7a8dd13abe18274a0ba08b > ``` > services: > app: > secrets: > - source: server-pw > target: MUMBLE_CONFIG_SERVER_PASSWORD > ``` > > does this work? Seems to! My test deployments on that commit are checking against the appropriate passwords. > or mumble reads that value from a file with that name? I just haven't been able to find documentation about that Apologies, I forgot to link the docs from the [mumble docker image](https://github.com/mumble-voip/mumble-docker#configuration): > As an alternative to environment variables, docker or podman secrets can be used to read configuration options from files which follow the `MUMBLE_CONFIG_<config_name>` name pattern and are located in the `/run/secrets` directory at runtime. The same rules to naming environment variables apply to these files as well. _(side note: the example in the same doc uses `MUMBLE_SUPERUSER_PASSWORD` rather than `MUMBLE_CONFIG_SUPERUSER_PASSWORD`, unclear what's happening there)_ So to answer: > is this target supposed to set an environment variable? or is this supposed to do something else? No environment variables are being set; `target:` just populates `/run/secrets/MUMBLE_CONFIG_SERVER_PASSWORD` and `/run/secrets/MUMBLE_SUPERUSER_PASSWORD`.
❤️ 2
notplants commented 2026-04-27 18:55:01 +00:00
Author
Owner
Copy Link

thank you for the clarification @amras !

I just had some confusion because I had somehow only found the documentation about mumble.ini and environment variables before

but looks good. I'll work on modifying the PR to use the secret method you suggested and moving host port mode to a separate compose file

thank you for the clarification @amras ! I just had some confusion because I had somehow only found the documentation about `mumble.ini` and environment variables before but looks good. I'll work on modifying the PR to use the secret method you suggested and moving host port mode to a separate compose file
amras commented 2026-04-28 09:32:31 +00:00
Owner
Copy Link

@notplants actually, wondering if we could break up this work into 3 PRs?

  1. healthchecks and backups - the ones you introduced look good and I'd like to get them merged soon.
  2. config options, including passwords - I've got the passwords and a good chunk of mumble.ini ready: #3 . I would appreciate your CR since you worked on this as well!
  3. host port compose file - this feels more complex and we should probably take our time to make sure we don't break anything or introduce security issues 😅. Keeping it separate will let us take our time.
@notplants actually, wondering if we could break up this work into 3 PRs? 1. **healthchecks and backups** - the ones you introduced look good and I'd like to get them merged soon. 2. **config options, including passwords** - I've got the passwords and a good chunk of `mumble.ini` ready: https://git.coopcloud.tech/coop-cloud/mumble/pulls/3 . I would appreciate your CR since you worked on this as well! 3. **host port compose file** - this feels more complex and we should probably take our time to make sure we don't break anything or introduce security issues 😅. Keeping it separate will let us take our time.
notplants commented 2026-04-28 15:25:58 +00:00
Author
Owner
Copy Link

@amras sounds good.

The comprehensive config PR you are making looks good. I will also look at it more closely soon.

For what its worth, a month ago, autonomic decided we needed a new mumble because one autonomic member was having trouble connecting with our old instance. So I updated the recipe here spontaneously, with what is in this current PR, and we have been using it "live" for a month since then, even though it wasn't merged.

Just giving context on how this PR here got here. I'm glad though you are bringing a more thorough approach to the recipe and its long-term maintenance.

I will need to figure out how to merge back whatever we do here into the live autonomic instance, but it seems like that will not be a big task.

@amras sounds good. The comprehensive config PR you are making looks good. I will also look at it more closely soon. For what its worth, a month ago, autonomic decided we needed a new mumble because one autonomic member was having trouble connecting with our old instance. So I updated the recipe here spontaneously, with what is in this current PR, and we have been using it "live" for a month since then, even though it wasn't merged. Just giving context on how this PR here got here. I'm glad though you are bringing a more thorough approach to the recipe and its long-term maintenance. I will need to figure out how to merge back whatever we do here into the live autonomic instance, but it seems like that will not be a big task.
notplants commented 2026-04-28 17:31:27 +00:00
Author
Owner
Copy Link

@amras I have separated the parts 1 and 3 in their own PRs: #4 and #5

also just looked a bit more closely at #3 and LGTM

@amras I have separated the parts 1 and 3 in their own PRs: https://git.coopcloud.tech/coop-cloud/mumble/pulls/4 and https://git.coopcloud.tech/coop-cloud/mumble/pulls/5 also just looked a bit more closely at https://git.coopcloud.tech/coop-cloud/mumble/pulls/3 and LGTM
notplants commented 2026-04-28 17:36:31 +00:00
Author
Owner
Copy Link

should we close this PR now that is separated into the other parts?

should we close this PR now that is separated into the other parts?
amras commented 2026-04-29 08:17:22 +00:00
Owner
Copy Link

Agreed.

Agreed.
amras closed this pull request 2026-04-29 08:17:22 +00:00
Some checks failed
continuous-integration/drone/pr Build is failing
Details

Pull request closed

Please reopen this pull request to perform a merge.
Sign in to join this conversation.
Reviewers
No Reviewers
3wordchant
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
3wordchant aadil abra-bot ammaratef45 amras BornDeleuze cas coopcloud decentral1se fauno jjsfunhouse kawaiipunk knoflook moosemower notplants oxaliq p4u1 renovate-bot stevensting trav yksflip
No Assignees
3 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: coop-cloud/mumble#1
No description provided.
Delete Branch "newmumble"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?