[
	{
		"name": "packages",
		"become": true,
		"ansible.builtin.apt": {
			"update_cache": true,
			"pkg": [
				"mumble-server"
			]
		}
	},
	{
		"name": "tls | directory",
		"when": "cfg_murmur.tls",
		"become": true,
		"ansible.builtin.file": {
			"state": "directory",
			"path": "/var/murmurd"
		}
	},
	{
		"name": "tls | files",
		"when": "cfg_murmur.tls",
		"become": true,
		"loop": [
			{"from": "/etc/ssl/private/{{cfg_murmur.domain}}.pem", "to": "/var/murmurd/tls-key.pem"},
			{"from": "/etc/ssl/fullchains/{{cfg_murmur.domain}}.pem", "to": "/var/murmurd/tls-fullchain.pem"}
		],
		"ansible.builtin.copy": {
			"remote_src": true,
			"src": "{{item.from}}",
			"dest": "{{item.to}}",
			"mode": "0444"
		}
	},
	{
		"name": "configuration",
		"become": true,
		"ansible.builtin.template": {
			"src": "mumble-server.ini.j2",
			"dest": "/etc/mumble-server.ini",
			"group": "mumble-server"
		}
	},
	{
		"name": "admin account",
		"become": true,
		"ansible.builtin.command": {
			"cmd": "murmurd -ini /etc/mumble-server.ini -supw {{cfg_murmur.admin_password}}"
		}
	},
	{
		"name": "ufw | check",
		"check_mode": true,
		"become": true,
		"community.general.ufw": {
			"state": "enabled"
		},
		"register": "ufw_enable_check"
	},
	{
		"name": "ufw | allow port",
		"when": "not ufw_enable_check.changed",
		"become": true,
		"community.general.ufw": {
			"rule": "allow",
			"port": "{{cfg_murmur.port | string}}",
			"proto": "tcp"
		}
	},
	{
		"name": "service",
		"become": true,
		"ansible.builtin.systemd_service": {
			"state": "restarted",
			"name": "mumble-server"
		}
	}
]