Files
@ 31a7f7c61740
Branch filter:
Location: majic-ansible-roles/roles/xmpp_server/tasks/main.yml
31a7f7c61740
4.9 KiB
text/x-yaml
MAR-181: Install Prosody from Debian backports repository:
- This way we should be able to get way more features available, and
reduce chances of breaking upgrades from upstream project towards
Debian-provided packages due to eventual bigger differences between
the nightly builds and official releases.
- This way we should be able to get way more features available, and
reduce chances of breaking upgrades from upstream project towards
Debian-provided packages due to eventual bigger differences between
the nightly builds and official releases.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 164 165 166 167 168 169 170 171 172 173 174 175 176 177 178 179 180 181 182 183 184 185 186 187 188 189 190 191 | ---
- name: Install Python apt bindings
apt:
name: python-apt
- name: Set-up the Debian backports repository
template:
src: backports.list.j2
dest: /etc/apt/sources.list.d/backports.list
owner: root
group: root
mode: 0644
register: backports_repository_configuration
- name: Update apt cache if backports repository configuration changed (for immediate use)
apt:
update_cache: true
when: backports_repository_configuration.changed
- name: Configure package pins to backports for Prosody
template:
src: prosody_backports_pin.j2
dest: /etc/apt/preferences.d/prosody
owner: root
group: root
mode: 0644
- name: Collect information about installed packages
package_facts:
- name: Uninstall Prosody from project-provided repository
apt:
name: prosody
state: absent
when:
- "ansible_facts.packages['prosody'] is defined"
- "'nightly' in ansible_facts.packages['prosody'][0].version"
- name: Uninstall Prosody dependencies from project-provided repository
apt:
name:
- lua-expat
- lua-filesystem
- lua-sec
- lua-socket
state: absent
when: >-
(ansible_facts.packages['lua-expat'] is defined and 'prosody' in ansible_facts.packages['lua-expat'][0].version)
or (ansible_facts.packages['lua-filesystem'] is defined and 'prosody' in ansible_facts.packages['lua-filesystem'][0].version)
or (ansible_facts.packages['lua-sec'] is defined and 'prosody' in ansible_facts.packages['lua-sec'][0].version)
or (ansible_facts.packages['lua-socket'] is defined and 'prosody' in ansible_facts.packages['lua-socket'][0].version)
- name: Remove Prosody project-provided apt key
apt_key:
id: "{{ item }}"
state: absent
with_items:
- "107D65A0A148C237FDF00AB47393D7E674D9DBB5"
- "44AB6DD06DA46979CFAF997F9B1B82786C8F28BA"
- name: Remove Prosody project-provided repository
apt_repository:
repo: "deb http://packages.prosody.im/debian {{ ansible_distribution_release }} main"
state: absent
- name: Install Lua LDAP library
apt:
name: lua-ldap
state: present
notify:
- Restart Prosody
- name: Install Prosody
apt:
name: prosody
state: present
notify:
- Restart Prosody
- name: Allow Prosody user to traverse the directory with TLS private keys
user:
name: prosody
append: true
groups: ssl-cert
- name: Deploy XMPP TLS private key
copy:
dest: "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.key"
content: "{{ xmpp_tls_key }}"
owner: root
group: prosody
mode: 0640
notify:
- Restart Prosody
- name: Deploy XMPP TLS certificate
copy:
dest: "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem"
content: "{{ xmpp_tls_certificate }}"
owner: root
group: root
mode: 0644
notify:
- Restart Prosody
- name: Generate the XMPP server Diffie-Hellman parameter
openssl_dhparam:
owner: root
group: prosody
mode: 0640
path: "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.dh.pem"
size: 2048
notify:
- Restart Prosody
- name: Deploy configuration file for checking certificate validity via cron
copy:
content: "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem"
dest: "/etc/check_certificate/{{ ansible_fqdn }}_xmpp.conf"
owner: root
group: root
mode: 0644
- name: Deploy script for validating Prosody certificate
copy:
src: "check_prosody_certificate.sh"
dest: "/usr/local/bin/check_prosody_certificate.sh"
owner: root
group: root
mode: 0755
- name: Set-up crontab task that runs the Prosody certificate checker script once a day
copy:
src: "cron_check_prosody_certificate"
dest: "/etc/cron.d/check_prosody_certificate"
owner: root
group: root
mode: 0644
- name: Set-up directory for storing additional Prosody modules
file:
path: "/usr/local/lib/prosody/modules/"
state: directory
owner: root
group: root
mode: 0755
- name: Deploy the Prosody mod_auth_ldap module
get_url:
url: "https://hg.prosody.im/prosody-modules/raw-file/tip/mod_auth_ldap/mod_auth_ldap.lua"
dest: "/usr/local/lib/prosody/modules/mod_auth_ldap.lua"
- name: Set-up file permissions for the Prosody mod_auth_ldap module
file:
dest: "/usr/local/lib/prosody/modules/mod_auth_ldap.lua"
owner: root
group: root
mode: 0644
- name: Deploy Prosody configuration file
template:
src: "prosody.cfg.lua.j2"
dest: "/etc/prosody/prosody.cfg.lua"
owner: root
group: prosody
mode: 0640
notify:
- Restart Prosody
- name: Enable and start Prosody service
service:
name: prosody
state: started
enabled: true
- name: Deploy firewall configuration for XMPP server
copy:
src: "ferm_xmpp.conf"
dest: "/etc/ferm/conf.d/30-xmpp.conf"
owner: root
group: root
mode: 0640
notify:
- Restart ferm
- name: Explicitly run all handlers
include: ../handlers/main.yml
when: "run_handlers | default(False) | bool()"
tags:
- handlers
|