diff --git a/.env.sample b/.env.sample index dc1c153..3df55c3 100644 --- a/.env.sample +++ b/.env.sample @@ -12,3 +12,55 @@ COMPOSE_FILE="compose.yml" ## Web client #COMPOSE_FILE="$COMPOSE_FILE:compose.mumbleweb.yml" + +## Server Password +# remember to set the server-pw secret: +# abra app secret insert server-pw v1 +#COMPOSE_FILE="$COMPOSE_FILE:compose.serverpassword.yml" +#SECRET_SERVER_PASSWORD_VERSION=v1 + +## SuperUser Password +SECRET_SUPERUSER_PASSWORD_VERSION=v1 + +################# +# MUMBLE CONFIG # +################# +# Documentation for the following options can be found here: +# https://github.com/mumble-voip/mumble/blob/v1.6.870/auxiliary_files/mumble-server.ini +#WELCOME_TEXT="
Welcome to this server running Mumble.
Enjoy your stay!
" +#BANDWIDTH=558000 +#TIMEOUT=30 +#USERS=100 +#USERS_PER_CHANNEL=0 +#MESSAGE_BURST=5 +#MESSAGE_LIMIT=1 +#PLUGIN_MESSAGE_LIMIT=1 +#PLUGIN_MESSAGE_BURST=5 +#ALLOW_PING=true +#OPUS_THRESHOLD=0 +#CHANNEL_NESTING_LIMIT=10 +#CHANNEL_COUNT_LIMIT=1000 +#CHANNEL_NAME=[ \\-=\\w#\\[\\]\\{\\}\\(\\)\\@\\|]+ +#USERNAME=[-=\\w\\[\\]\\{\\}\\(\\)\\@\\|\\.]+ +#DEFAULT_CHANNEL=0 +#REMEMBER_CHANNEL=true +#REMEMBER_CHANNEL_DURATION=0 +#TEXT_MESSAGE_LENGTH=5000 +#IMAGE_MESSAGE_LENGTH=1048576 +#ALLOW_HTML=true +#BONJOUR=true +#OBFUSCATE=false +#CERT_REQUIRED=false +#SEND_VERSION=true +#SUGGEST_VERSION= +#SUGGEST_POSITIONAL= +#SUGGEST_PUSH_TO_TALK= +#KDF_ITERATIONS=-1 +#AUTO_BAN_ATTEMPTS=10 +#AUTO_BAN_TIMEFRAME=120 +#AUTO_BAN_TIME=300 +#AUTO_BAN_SUCCESSFUL_CONNECTIONS=true +#ALLOW_RECORDING=true +#ROLLING_STATS_WINDOW=300 +#LISTENERS_PER_CHANNEL=5 +#LISTENERS_PER_USER=2 diff --git a/README.md b/README.md index 91ad78a..145e2c6 100644 --- a/README.md +++ b/README.md @@ -35,9 +35,10 @@ Low latency, high quality voice chat application. $ abra app deploy --force ``` 3. `abra app new mumble` -4. `abra app config ` -5. `abra app deploy ` -6. Connect with a [Mumble client] to port 64738 on your domain +4. `abra app secret generate --all` +5. `abra app config ` +6. `abra app deploy ` +7. Connect with a [Mumble client] to port 64738 on your domain ## Web Client @@ -50,6 +51,23 @@ overlay. To enable it: 2. `abra app deploy --force` 3. Open `https://` in a browser +## Server Password +By default, the server is not password-restricted. To enable a server password, +1. uncomment the relevant lines in the config: +``` +COMPOSE_FILE="$COMPOSE_FILE:compose.serverpassword.yml" +SECRET_SERVER_PASSWORD_VERSION=v1 +``` +2. set the password as a secret: +```bash +$ abra app secret insert server-pw v1 +? specify secret value: +``` +3. Redeploy your app: +```bash +$ abra app deploy --force +``` + [`abra`]: https://git.coopcloud.tech/coop-cloud/abra [`coop-cloud/traefik`]: https://git.coopcloud.tech/coop-cloud/traefik [Mumble client]:(https://www.mumble.info/downloads/) diff --git a/compose.serverpassword.yml b/compose.serverpassword.yml new file mode 100644 index 0000000..ef2f925 --- /dev/null +++ b/compose.serverpassword.yml @@ -0,0 +1,12 @@ +version: "3.8" + +services: + app: + secrets: + - source: server-pw + target: MUMBLE_CONFIG_SERVER_PASSWORD + +secrets: + server-pw: + external: true + name: ${STACK_NAME}_server-pw_${SECRET_SERVER_PASSWORD_VERSION} diff --git a/compose.yml b/compose.yml index 286f2e0..a618d6b 100644 --- a/compose.yml +++ b/compose.yml @@ -8,6 +8,49 @@ services: - proxy volumes: - "mumble_data:/data" + secrets: + - source: superuser-pw + target: MUMBLE_SUPERUSER_PASSWORD + environment: + MUMBLE_CONFIG_WELCOMETEXT: ${WELCOME_TEXT:-"
Welcome to this server running Mumble.
Enjoy your stay!
"} + MUMBLE_CONFIG_BANDWIDTH: ${BANDWIDTH:-558000} + MUMBLE_CONFIG_TIMEOUT: ${TIMEOUT:-30} + MUMBLE_CONFIG_USERS: ${USERS:-100} + MUMBLE_CONFIG_USERSPERCHANNEL: ${USERS_PER_CHANNEL:-0} + MUMBLE_CONFIG_MESSAGEBURST: ${MESSAGE_BURST:-5} + MUMBLE_CONFIG_MESSAGELIMIT: ${MESSAGE_LIMIT:-1} + MUMBLE_CONFIG_PLUGINMESSAGELIMIT: ${PLUGIN_MESSAGE_LIMIT:-1} + MUMBLE_CONFIG_PLUGINMESSAGEBURST: ${PLUGIN_MESSAGE_BURST:-5} + MUMBLE_CONFIG_ALLOWPING: ${ALLOW_PING:-true} + MUMBLE_CONFIG_OPUSTHRESHOLD: ${OPUS_THRESHOLD:-0} + MUMBLE_CONFIG_CHANNELNESTINGLIMIT: ${CHANNEL_NESTING_LIMIT:-10} + MUMBLE_CONFIG_CHANNELCOUNTLIMIT: ${CHANNEL_COUNT_LIMIT:-1000} + # 2026-04-28 @amras - the missing } in the following lines is intentional + # otherwise compose will pass that character to the env. + MUMBLE_CONFIG_CHANNELNAME: ${CHANNEL_NAME:-[ \\-=\\w\\#\\[\\]\\{\\}\\(\\)\\@\\|]+ + MUMBLE_CONFIG_USERNAME: ${USER_NAME:-[-=\\w\\[\\]\\{\\}\\(\\)\\@\\|\\.]+ + MUMBLE_CONFIG_DEFAULTCHANNEL: ${DEFAULT_CHANNEL} + MUMBLE_CONFIG_REMEMBERCHANNEL: ${REMEMBER_CHANNEL:-true} + MUMBLE_CONFIG_REMEMBERCHANNELDURATION: ${REMEMBER_CHANNEL_DURATION:-0} + MUMBLE_CONFIG_TEXTMESSAGELENGTH: ${TEXT_MESSAGE_LENGTH:-5000} + MUMBLE_CONFIG_IMAGEMESSAGELENGTH: ${IMAGE_MESSAGE_LENGTH:-1048576} + MUMBLE_CONFIG_ALLOWHTML: ${ALLOW_HTML:-true} + MUMBLE_CONFIG_BONJOUR: ${BONJOUR:-true} + MUMBLE_CONFIG_OBFUSCATE: ${OBFUSCATE:-false} + MUMBLE_CONFIG_CERTREQUIRED: ${CERT_REQUIRED:-false} + MUMBLE_CONFIG_SENDVERSION: ${SEND_VERSION:-true} + MUMBLE_CONFIG_SUGGESTVERSION: ${SUGGEST_VERSION} + MUMBLE_CONFIG_SUGGESTPOSITIONAL: ${SUGGEST_POSITIONAL} + MUMBLE_CONFIG_SUGGESTPUSHTOTALK: ${SUGGEST_PUSH_TO_TALK} + MUMBLE_CONFIG_KDFITERATIONS: ${KDF_ITERATIONS:--1} + MUMBLE_CONFIG_AUTOBANATTEMPTS: ${AUTOBAN_ATTEMPTS:-10} + MUMBLE_CONFIG_AUTOBANTIMEFRAME: ${AUTOBAN_TIMEFRAME:-120} + MUMBLE_CONFIG_AUTOBANTIME: ${AUTOBAN_TIME:-300} + MUMBLE_CONFIG_AUTOBANSUCCESSFULCONNECTIONS: ${AUTOBAN_SUCCESSFUL_CONNECTIONS:-true} + MUMBLE_CONFIG_ALLOWRECORDING: ${ALLOW_RECORDING:-true} + MUMBLE_CONFIG_ROLLINGSTATSWINDOW: ${ROLLING_STATS_WINDOW:-300} + MUMBLE_CONFIG_LISTENERSPERCHANNEL: ${LISTENERS_PER_CHANNEL:--1} + MUMBLE_CONFIG_LISTENERSPERUSER: ${LISTENERS_PER_USER:--1} deploy: restart_policy: condition: on-failure @@ -21,7 +64,12 @@ services: - "traefik.udp.routers.${STACK_NAME}.entrypoints=mumble-udp" - "traefik.udp.routers.${STACK_NAME}.service=${STACK_NAME}-udp-service" - "traefik.udp.services.${STACK_NAME}-udp-service.loadbalancer.server.port=64738" - - "coop-cloud.${STACK_NAME}.version=0.1.0+v1.6.870-0" + - "coop-cloud.${STACK_NAME}.version=0.2.0+v1.6.870-0" + +secrets: + superuser-pw: + external: true + name: ${STACK_NAME}_superuser-pw_${SECRET_SUPERUSER_PASSWORD_VERSION} networks: proxy: diff --git a/release/0.2.0+v1.6.870-0 b/release/0.2.0+v1.6.870-0 new file mode 100644 index 0000000..0e57ae7 --- /dev/null +++ b/release/0.2.0+v1.6.870-0 @@ -0,0 +1,3 @@ +- Added support for optional server passwords +- Added support for misc options from mumble-server.ini +- Important: superuser-pw must now be set as a secret