MURMUR_USE_CAPABILITIES=0
MURMUR_LIMIT_NOFILE=0
+# ECDHE Perfect Forward Secrecy on the Murmur server via an LD_PRELOAD
+# https://github.com/ultramancool/ecdhforce
+STARTSTOP="LD_PRELOAD=/var/lib/mumble-server/ecdhforce/ecdhforce.so start-stop-daemon"
+
# Include murmur defaults if available
if [ -f /etc/default/$NAME ] ; then
. /etc/default/$NAME
[ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
[ -d $PIDDIR ] || install -o $USER -d $PIDDIR
if [ "$MURMUR_USE_CAPABILITIES" != "1" ] ; then
- start-stop-daemon --start --quiet \
+ $STARTSTOP --start --quiet \
--pidfile $PIDFILE \
--chuid $USER:$GROUP \
--exec $DAEMON \
-- $DAEMON_OPTS
else
- start-stop-daemon --start --quiet \
+ $STARTSTOP --start --quiet \
--pidfile $PIDFILE \
--exec $DAEMON \
-- $DAEMON_OPTS
;;
stop)
[ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
- start-stop-daemon --stop --quiet \
+ $STARTSTOP --stop --quiet \
--retry=TERM/30/KILL/5 \
--pidfile $PIDFILE \
--user $USER \
esac
;;
force-reload)
- start-stop-daemon --stop --test --quiet \
+ $STARTSTOP --stop --test --quiet \
--pidfile $PIDFILE \
--user $USER \
--exec $DAEMON \
;;
restart)
[ "$VERBOSE" != no ] && log_daemon_msg "Restarting $DESC" "$NAME"
- start-stop-daemon --stop --quiet \
+ $STARTSTOP --stop --quiet \
--retry=TERM/30/KILL/5 \
--pidfile $PIDFILE \
--user $USER \
[ -d $PIDDIR ] || install -o $USER -d $PIDDIR
rm -f $PIDFILE
if [ "$MURMUR_USE_CAPABILITIES" != "1" ] ; then
- start-stop-daemon --start --quiet \
+ $STARTSTOP --start --quiet \
--pidfile $PIDFILE \
--chuid $USER:$GROUP \
--exec $DAEMON \
-- $DAEMON_OPTS
else
- start-stop-daemon --start --quiet \
+ $STARTSTOP --start --quiet \
--pidfile $PIDFILE \
--exec $DAEMON \
-- $DAEMON_OPTS
--- /dev/null
+class mumble::ecdhforce {
+ vcsrepo { "/var/lib/mumble-server/ecdhforce":
+ ensure => present,
+ provider => git,
+ source => 'https://github.com/ultramancool/ecdhforce.git',
+ revision => '7b0d6564c21a1bc619307258b773da547842ebca',
+ owner => root,
+ group => mumble-server,
+ require => Package[ 'mumble-server' ],
+ }
+
+ package { [ 'gcc', 'libssl-dev' ]:
+ ensure => present,
+ }
+
+ exec { 'ecdhforce-compile':
+ cwd => '/var/lib/mumble-server/ecdhforce',
+ command => 'gcc -Wall -fPIC -DPIC -c ecdhforce.c',
+ require => [ Vcsrepo['/var/lib/mumble-server/ecdhforce'], Package['gcc'], Package['libssl-dev'] ],
+ creates => '/var/lib/mumble-server/ecdhforce/ecdhforce.o',
+ user => root,
+ group => root,
+ }
+
+ exec { 'ecdhforce-link':
+ cwd => '/var/lib/mumble-server/ecdhforce',
+ command => 'ld -shared -o ecdhforce.so ecdhforce.o -ldl',
+ require => Exec['ecdhforce-compile'],
+ creates => '/var/lib/mumble-server/ecdhforce/ecdhforce.so',
+ user => root,
+ group => root,
+ }
+
+ file { '/etc/init.d/mumble-server':
+ ensure => present,
+ owner => root,
+ group => root,
+ mode => 0755,
+ source => "puppet:///modules/mumble/init.d/mumble-server.${::operatingsystem}",
+ require => Exec['ecdhforce-link'],
+ notify => Service['mumble-server'],
+ }
+}
projects / puppet-mumble.git / commitdiff