|
|
---
|
|
|
|
|
|
- name: Install Python apt bindings
|
|
|
apt: name=python-apt
|
|
|
apt:
|
|
|
name: python-apt
|
|
|
|
|
|
- name: Add Prosody repository apt key
|
|
|
apt_key:
|
|
@@ -9,27 +10,38 @@
|
|
|
state: present
|
|
|
|
|
|
- name: Add Prosody repository
|
|
|
apt_repository: repo="deb http://packages.prosody.im/debian jessie main" state=present
|
|
|
apt_repository:
|
|
|
repo: "deb http://packages.prosody.im/debian jessie main"
|
|
|
state: present
|
|
|
|
|
|
- name: Install Lua Sec library (needed for TLS)
|
|
|
apt: name=lua-sec state=installed
|
|
|
apt:
|
|
|
name: lua-sec
|
|
|
state: installed
|
|
|
|
|
|
- name: Install Lua LDAP library
|
|
|
apt: name=lua-ldap state=installed
|
|
|
apt:
|
|
|
name: lua-ldap
|
|
|
state: installed
|
|
|
|
|
|
- name: Install Prosody
|
|
|
apt: name=prosody state=installed
|
|
|
apt:
|
|
|
name: prosody
|
|
|
state: installed
|
|
|
|
|
|
- name: Allow Prosody user to traverse the directory with TLS private keys
|
|
|
user: name=prosody append=yes groups=ssl-cert
|
|
|
user:
|
|
|
name: prosody
|
|
|
append: yes
|
|
|
groups: ssl-cert
|
|
|
|
|
|
- name: Deploy XMPP TLS private key
|
|
|
copy:
|
|
|
dest: "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.key"
|
|
|
content: "{{ xmpp_tls_key }}"
|
|
|
mode: 0640
|
|
|
owner: root
|
|
|
group: prosody
|
|
|
mode: 0640
|
|
|
notify:
|
|
|
- Restart Prosody
|
|
|
|
|
@@ -37,30 +49,44 @@
|
|
|
copy:
|
|
|
dest: "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem"
|
|
|
content: "{{ xmpp_tls_certificate }}"
|
|
|
mode: 0644
|
|
|
owner: root
|
|
|
group: root
|
|
|
mode: 0644
|
|
|
notify:
|
|
|
- Restart Prosody
|
|
|
|
|
|
- name: Deploy configuration file for checking certificate validity via cron
|
|
|
copy: content="/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem" dest="/etc/check_certificate/{{ ansible_fqdn }}_xmpp.conf"
|
|
|
owner=root group=root mode=0644
|
|
|
copy:
|
|
|
content: "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem"
|
|
|
dest: "/etc/check_certificate/{{ ansible_fqdn }}_xmpp.conf"
|
|
|
owner: root
|
|
|
group: root
|
|
|
mode: 0644
|
|
|
|
|
|
- name: Set-up directory for storing additional Prosody modules
|
|
|
file: path=/usr/local/lib/prosody/modules/ state=directory mode=0755 owner=root group=root
|
|
|
file:
|
|
|
path: "/usr/local/lib/prosody/modules/"
|
|
|
state: directory
|
|
|
owner: root
|
|
|
group: root
|
|
|
mode: 0755
|
|
|
|
|
|
- name: Deploy the Prosody mod_auth_ldap module
|
|
|
get_url: url=https://hg.prosody.im/prosody-modules/raw-file/tip/mod_auth_ldap/mod_auth_ldap.lua
|
|
|
dest=/usr/local/lib/prosody/modules/mod_auth_ldap.lua
|
|
|
get_url:
|
|
|
url: "https://hg.prosody.im/prosody-modules/raw-file/tip/mod_auth_ldap/mod_auth_ldap.lua"
|
|
|
dest: "/usr/local/lib/prosody/modules/mod_auth_ldap.lua"
|
|
|
|
|
|
- name: Set-up file permissions for the Prosody mod_auth_ldap module
|
|
|
file: dest=/usr/local/lib/prosody/modules/mod_auth_ldap.lua owner=root group=root mode=0644
|
|
|
file:
|
|
|
dest: "/usr/local/lib/prosody/modules/mod_auth_ldap.lua"
|
|
|
owner: root
|
|
|
group: root
|
|
|
mode: 0644
|
|
|
|
|
|
- name: Deploy Prosody configuration file
|
|
|
template:
|
|
|
src: prosody.cfg.lua.j2
|
|
|
dest: /etc/prosody/prosody.cfg.lua
|
|
|
src: "prosody.cfg.lua.j2"
|
|
|
dest: "/etc/prosody/prosody.cfg.lua"
|
|
|
owner: root
|
|
|
group: prosody
|
|
|
mode: 0640
|
|
@@ -68,15 +94,22 @@
|
|
|
- Restart Prosody
|
|
|
|
|
|
- name: Enable Prosody service on boot (workaround for systemctl broken handling of SysV)
|
|
|
command: rcconf -on prosody
|
|
|
command: "rcconf -on prosody"
|
|
|
register: result
|
|
|
changed_when: result.stderr == ""
|
|
|
|
|
|
- name: Enable and start Prosody service
|
|
|
service: name=prosody state=started
|
|
|
service:
|
|
|
name: prosody
|
|
|
state: started
|
|
|
|
|
|
- name: Deploy firewall configuration for XMPP server
|
|
|
copy: src="ferm_xmpp.conf" dest="/etc/ferm/conf.d/30-xmpp.conf" owner=root group=root mode=0640
|
|
|
copy:
|
|
|
src: "ferm_xmpp.conf"
|
|
|
dest: "/etc/ferm/conf.d/30-xmpp.conf"
|
|
|
owner: root
|
|
|
group: root
|
|
|
mode: 0640
|
|
|
notify:
|
|
|
- Restart ferm
|
|
|
|