adelgado/ansible-role-prosody-master
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ansible-role-prosody-master/tasks/main.yaml

185 lines
5.9 KiB
YAML
Raw Permalink Normal View History

Initial commit with previous code
2022-10-11 09:19:07 +02:00
---
- name: Ensure XMPP ports are open
ufw:
rule: allow
port: "{{ item }}"
proto: tcp
with_items:
- 5269
- 5222
- name: Configure Prosody VirtualHosts from Onion services.
when: prosody_virtualhost_onions is defined
import_tasks: configure-virtualhost-onions.yaml
- name: Install Prosody.
include_tasks: "install-{{ ansible_os_family | default('Debian') | lower }}.yaml"
- name: Import certificates from Let's Encrypt
shell: prosodyctl --root cert import /etc/letsencrypt/live
- name: Ensure Prosody TLS key is readable.
file:
path: /etc/prosody/certs/localhost.key
owner: "{{ prosody_server_username }}"
group: "{{ prosody_server_username }}"
mode: "400"
notify: Restart Prosody.
# FIXME: Variablize this so not only `localhost.{crt,key}` are used.
- name: Enable HTTPS TLS certificates.
file:
src: "{{ item.src }}"
dest: "/etc/prosody/certs/{{ item.dest }}"
state: link
loop:
- src: localhost.key
dest: https.key
- src: localhost.crt
dest: https.crt
- name: Ensure Prosody VirtualHost configuration directories exist.
file:
path: "/etc/prosody/{{ item }}"
state: directory
owner: "{{ prosody_server_username }}"
group: "{{ prosody_server_username }}"
mode: "700"
loop:
- virtualhosts-available
- virtualhosts-enabled
- name: Ensure Prosody plugin directories exist.
when: prosody_config.plugin_paths is defined
file:
path: "{{ item }}"
state: directory
owner: "{{ prosody_server_username }}"
group: "{{ prosody_server_username }}"
mode: "500"
loop: "{{ prosody_config.plugin_paths }}"
- name: Install Prosody plugin.
when:
- prosody_config.plugin_paths is defined
- prosody_plugins is defined
- item.state | default('present') == "present"
get_url:
url: "{{ prosody_plugins_src_base_url }}{{ item.version | default('tip') }}/mod_{{ item.name }}/mod_{{ item.name }}.lua"
# FIXME: Which plugin path? Just the first one, for now.
dest: "{{ prosody_config.plugin_paths[0] }}/mod_{{ item.name }}.lua"
checksum: "{{ item.checksum | default(omit) }}"
owner: "{{ prosody_server_username }}"
group: "{{ prosody_server_username }}"
mode: "400"
loop: "{{ prosody_plugins }}"
notify: Restart Prosody.
- name: Remove Prosody plugin.
when:
- prosody_config.plugin_paths is defined
- prosody_plugins is defined
- item.state | default('present') == "absent"
file:
# FIXME: Which plugin path? Just the first one, for now.
path: "{{ prosody_config.plugin_paths[0] }}/mod_{{ item.name }}.lua"
state: "{{ item.state | default('absent') }}"
loop: "{{ prosody_plugins }}"
- name: Add deploy hook to Let's Encrypt
copy:
src: files/prosody-deploy-hook.sh
dest: /etc/letsencrypt/renewal-hooks/deploy/prosody-deploy-hook.sh
mode: 0755
backup: yes
- name: Configure LDAP options
include_tasks: configure_ldap.yml
when: ldap_config is defined
# TODO(unknwon): Support variable directory placements.
# TODO(unknwon): Support specific TLS key/crt files rather than just `localhost`.
# - name: Manage VirtualHost TLS keys and certificates.
# vars:
# file_types:
# - key
# - crt
# block:
# - name: Link VirtualHost TLS keys and certificates.
# when:
# - prosody_config.VirtualHosts is defined
# - item.0.domain != "localhost"
# - item.0.state | default('present') == "present"
# file:
# path: "/etc/prosody/certs/{{ item.0.domain }}.{{ item.1 }}"
# state: link
# src: "localhost.{{ item.1 }}"
# loop: "{{ prosody_config.VirtualHosts | product(file_types) | list }}"
# - name: Remove TLS keys and certificates from absent VirtualHosts.
# when:
# - prosody_config.VirtualHosts is defined
# - item.0.domain != "localhost"
# - item.0.state | default('present') == "absent"
# file:
# path: "/etc/prosody/certs/{{ item.0.domain }}.{{ item.1 }}"
# state: absent
# loop: "{{ prosody_config.VirtualHosts | product(file_types) | list }}"
- name: Write Prosody configuration.
template:
src: prosody.cfg.lua.j2
dest: /etc/prosody/prosody.cfg.lua
owner: "{{ prosody_server_username }}"
group: "{{ prosody_server_username }}"
mode: "600"
# TODO(unknwon): Fix validation.
#validate: "prosodyctl --config %s check config"
notify: Restart Prosody.
- name: Write Prosody VirtualHost configuration.
when:
- prosody_config.VirtualHosts is defined
- item.state | default('present') == "present"
template:
src: prosody-virtualhost.cfg.lua.j2
dest: "/etc/prosody/virtualhosts-available/{{ item.domain }}.cfg.lua"
owner: "{{ prosody_server_username }}"
group: "{{ prosody_server_username }}"
mode: "600"
# TODO(unknwon): Fix validation.
#validate: "prosodyctl --config %s check config"
loop: "{{ prosody_config.VirtualHosts }}"
notify: Restart Prosody.
- name: Enable Prosody VirtualHost configuration.
when:
- prosody_config.VirtualHosts is defined
- item.enabled | default(true)
file:
path: "/etc/prosody/virtualhosts-enabled/{{ item.domain }}.cfg.lua"
state: link
src: "/etc/prosody/virtualhosts-available/{{ item.domain }}.cfg.lua"
loop: "{{ prosody_config.VirtualHosts }}"
notify: Restart Prosody.
- name: Remove absent Prosody VirtualHost configuration.
when:
- prosody_config.VirtualHosts is defined
- item.0.state | default('present') == "absent"
file:
path: "/etc/prosody/{{ item.1 }}/{{ item.0.domain }}.cfg.lua"
state: absent
loop: "{{ prosody_config.VirtualHosts | product(paths) | list }}"
vars:
paths:
- "virtualhosts-available"
- "virtualhosts-enabled"
notify: Restart Prosody.
- name: Set Prosody user accounts.
include_tasks: users.yaml
no_log: true
loop: "{{ prosody_users }}"
vars:
account_file: "{{ prosody_server_data_dir }}/{{ item.jid.split('@') | last | replace('.', '%2e') }}/accounts/{{ item.jid.split('@') | first }}.dat"
Reference in a new issue Copy permalink