majic-ansible-roles Changeset

Changeset - 2e1ff733350e

Parent rev.

Child rev.

[Not reviewed]

0 0 4

Branko Majic (branko) - 9 years ago 2015-03-08 11:23:00
branko@majic.rs

MAR-3: Adding Prosody repository apt key. Adding initial implementation of Prosody role, with support for LDAP.

4 files changed with 168 insertions and 0 deletions:

roles/prosody/files/prosody-debian-packages.gpg

roles/prosody/handlers/main.yml

roles/prosody/tasks/main.yml

roles/prosody/templates/prosody.cfg.lua.j2

0 comments (0 inline, 0 general)

roles/prosody/files/prosody-debian-packages.gpg

➞

Show inline comments

@@ new file 100644 @@
 -----BEGIN PGP PUBLIC KEY BLOCK-----
 Version: GnuPG v2
 mQGiBEoXOjERBAD2ygmSdiqsRmrTqUqcGoWmTU90DrikaYb3/rwwMhSloXT9qNuD
 aOdJb/LNfwhiSbKF35JHgYV4+RIdwDLv4wNqmsQH1ZYOUi3j/1O5w2LV8lG816X2
 NdGni+fGArtM68C9ZxdIDweo2V5G5StHINcKP/Cab08sUjyrrCpwO/Z5xwCg9H8L
 PsFYns6RcnM7f6A6x5NHEVsEAL9RYChhkecv/+qnbDlKHOJT8TQT4S8p6RYtaZHE
 XR73vvvj0P/6Lxw+tKZJqQmVpNaLXztLSNW3KfAR+Jz4SLBJoSP4uXJ5UVIUnqbp
 HCUZ3BnDGeHuTplxtrYWmznE34KMks6riXoUApU/kmo8TFqh8aTEp1F/Zd9TdriQ
 c0iCA/42SBlM3Ax0cbi2thHSEhUV6aCbs9R9H2Tmke0LswpUMTfxUT37b8t5ocbZ
 iHoGdEVIC3ZK2Usu6IS5uhY4245iECafLUX4LF4uY17IHj713yOHZ8T9t2LAGFu9
 oxM7EEoDyVK8Jg0fRn7srBC/p7MdBD1kwVaQOnIjqjiqf3e9sLQyUHJvc29keSBJ
 TSBEZWJpYW4gUGFja2FnZXMgPGRldmVsb3BlcnNAcHJvc29keS5pbT6IYAQTEQIA
 IAUCShc6MQIbAwYLCQgHAwIEFQIIAwQWAgMBAh4BAheAAAoJEHOT1+Z02du11MQA
 nRsq54C4D1k/s0i0Tg41h1LDbAFtAKC2g53DYE3X8jPVJVBTFeHsnkztfLkEDQRK
 FzsAEBAAwd9OI2tmqS0DR3Z8vxpio0eV/0+G4OObYEzjq4Keohw8u4qGVoDO4LPB
 pyseNPv6J+eu+F2ONa04L1eODPAYprzjxU6gFgt+X2u7kjERybFDXBlVHUNDQIUM
 hqpVHhslLGAk1tLJ0anIVwn7Lh4ft7IZq2/LrAb5SR1sSml4q6352jwqyxsNZv71
 R+xHjVfj4SqE2FQ63YpQQQtKiPIc/u876m1bxC04KuR1buEjA0KlPHARjGW9dGf/
 SzEy4FYcuLyNPUiRRH2AJ+b8wocefpXnbKKfHs+zL0j2KApAvSiiW0MN3qvXiXV5
 aer7DVubXpzrS7VAeBJ6yzjqQTUWbYhmg2MKn6JixYI9y4w9ENGhkHcKp8RjOgdP
 +hdzoyKQNSE51y1NzujQCefs85BaXKrImUvJJVziWEsTAiy0rT55+juDenjAmGlC
 mCkNCTB0fbWI3HH3P6WdT3ft+jZkVuxHWTbyogGVYyVy3et29HnI+KJ4+94FbWvd
 WdEOA2HD1EaPbkUtN1J39PoP0iDx0V1eKBrLGqMGXmDUAYjXBy9sEJz2CpLwzx3S
 wizIgUv5hogLILassF05YB08DtLDk1EB7D+TSkBWG+G33r6DljTk5hrjWJCE1DK4
 OfwGkwV9J75mDS36eTknEn4hxt2NSDOwXD/u0KeEKrrGGBZt918AAwUP/38LeUAs
 c+7HeQmuWItZvTjAeQd71ECi0G/iIO+ccGYFvIKEMMUrJZQaGJpa3h8j1Eu8usEE
 +3UULn6Wl5YpiCpIBpEystxnmqn2bxaKtDdFtD43hHV/eaCQuuLKN9qmx6VspdqH
 SqN+1xbtkBqIBxONBLNusafByWUs15AUxFbLYqS5dPw3PNooHGLRvLtq3prO0F2j
 BLKiujpNSWG/Q6u/AbxIn3qNiYOl201bKBQiYD/xCZEQZAfJSWC+EvU0fpDrTNy+
 MArZniAGltAR4UyhJcqS3RAsB6b12ZpgreOpbTAJ3hET6bYmIwVPQfE/OfIRkZMm
 jldn4zzRjMn9HiJjc/lvWJecmdzZ1NOKFCigz8luOHZeSXCS34THhi4fHZBzSKfD
 FJXOmq79ouHTY0hyvVksk/tj3g7Oz3obFYDbb86XmAVlPvsmWTFO83DFS2ohA6ai
 lvbRhTMOED4y5Ed5abFcfrziCTyPtZgm1OpeNibrOp85D2IzMHlqZTG/RWl5LtVU
 wFSrv0OlEz2xD9RyrlIg9c4BUJNybErX1oZ08FVWQdmgff59XNNLv7bPPHYKCnaE
 ou6SAY1PeEgmbONRJ6cR6dSVIMEAl8rFCIcL7jz/6S4CjMqST4D9MqDOeoDdl2Zm
 ohKViNdLF+P2Oha6djBTxEjz1qhfcu7OVjGaiEkEGBECAAkFAkoXOwACGwwACgkQ
 c5PX5nTZ27WmTQCg32XtVZ1E9KIPDpcpMrhV+4wpt50AnjSYtDgDGoWbRxhGDNK3
 UqwePNWL
 =/y9s
 -----END PGP PUBLIC KEY BLOCK-----

roles/prosody/handlers/main.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 - name: Restart Prosody
   service: name=prosody state=restarted
@@ \ No newline at end of file @@

roles/prosody/tasks/main.yml

➞

Show inline comments

@@ new file 100644 @@
 ---
 - name: Install Python apt bindings
   apt: name=python-apt
 - name: Add Prosody repository apt key
   apt_key:
     data: "{{ lookup('file', 'prosody-debian-packages.gpg') }}"
     state: present
 - name: Add Prosody repository
   apt_repository: repo="deb http://packages.prosody.im/debian wheezy main" state=present
 - name: Install Lua LDAP library
   apt: name=lua-ldap state=installed
 - name: Install Prosody
   apt: name=prosody state=installed
 - name: Set-up directory for storing additional Prosody modules
   file: path=/usr/local/lib/prosody/modules/ state=directory mode=755 owner=root group=root
 - name: Deploy the Prosody mod_auth_ldap module
   get_url: url=https://prosody-modules.googlecode.com/hg/mod_auth_ldap/mod_auth_ldap.lua
            dest=/usr/local/lib/prosody/modules/mod_auth_ldap.lua
 - name: Set-up file permissions for the Prosody mod_auth_ldap module
   file: dest=/usr/local/lib/prosody/modules/mod_auth_ldap.lua owner=root group=root mode=644
 - name: Deploy Prosody configuration file
   template: src=prosody.cfg.lua.j2 dest=/etc/prosody/prosody.cfg.lua
   notify:
     - Restart Prosody
 - name: Enable and start Prosody service
   service: name=prosody state=started
@@ \ No newline at end of file @@

roles/prosody/templates/prosody.cfg.lua.j2

➞

Show inline comments

@@ new file 100644 @@
 -- Additional paths to search for modules.
 plugin_paths = { "/usr/local/lib/prosody/modules/" }
 -- List of server administrators.
 admins = { {% for admin in prosody_administrators %}"{{ admin }}", {% endfor %} }
 -- List of modules to load on startup.
 modules_enabled = {
 	-- Generally required
 		"roster"; -- Allow users to have a roster. Recommended ;)
 		"saslauth"; -- Authentication for clients and servers. Recommended if you want to log in.
 		"tls"; -- Add support for secure TLS on c2s/s2s connections
 		"dialback"; -- s2s dialback support
 		"disco"; -- Service discovery
 		"posix"; -- POSIX functionality, sends server to background, enables syslog, etc.
 	-- Not essential, but recommended
 		"private"; -- Private XML storage (for room bookmarks, etc.)
 		"vcard"; -- Allow users to set vCards
 	-- Nice to have
 		"version"; -- Replies to server version requests
 		"uptime"; -- Report how long server has been running
 		"time"; -- Let others know the time here on this server
 		"ping"; -- Replies to XMPP pings with pongs
 		"pep"; -- Enables users to publish their mood, activity, playing music and more
 		"register"; -- Allow users to register on this server using a client and change passwords
 	-- Admin interfaces
 		"admin_adhoc"; -- Allows administration via an XMPP client that supports ad-hoc commands
 	-- Other specific functionality
 		"announce"; -- Send announcement to all online users
 };
 -- Disable account creation by default, for security
 -- For more information see http://prosody.im/doc/creating_accounts
 allow_registration = false;
 -- These are the SSL/TLS-related settings. If you don't want
 -- to use SSL/TLS, you may comment or remove this
 ssl = {
 	key = "{{ prosody_tls_key }}";
 	certificate = "{{ prosody_tls_certificate }}";
+}
 -- Force clients to use encrypted connection.
 c2s_require_encryption = true
 -- Disable certificate validation for server-to-server connections.
 s2s_secure_auth = false
 -- Path to Prosody's PID file.
 pidfile = "/var/run/prosody/prosody.pid"
 -- Authentication backend.
 authentication = "ldap"
 ldap_server = "{{ prosody_ldap_server }}"
 ldap_rootdn = "{{ prosody_ldap_bind_dn }}"
 ldap_password = "{{ prosody_ldap_password }}"
 ldap_filter = "{{ prosody_ldap_filter }}"
 ldap_scope = "{{ prosody_ldap_scope }}"
 ldap_tls = {{ prosody_ldap_tls }}
 ldap_base = "{{ prosody_ldap_base }}"
 -- Storage backend.
 storage = "internal"
 -- Logging configuration.
 log = {
 	debug = "/var/log/prosody/prosody.log"; -- Change 'info' to 'debug' for verbose logging
 	error = "/var/log/prosody/prosody.err";
 	"*syslog";
+}
 -- Domains which should be handled by Prosody.
 {% for domain in prosody_domains -%}
 VirtualHost "{{ domain }}"
 {% endfor -%}
 -- Support for multi-user chats.
 Component "{{ prosody_conference_fqdn }}" "muc"
 -- Support for server-proxied file transfers.
 Component "{{ prosody_proxy_fqdn }}" "proxy65"

0 comments (0 inline, 0 general)