Files @ 61e6cfb81789
Branch filter:

Location: majic-ansible-roles/roles/xmpp_server/tasks/main.yml

61e6cfb81789 2.1 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-51: Fixed documentation for ansible_key parameter in preseed role. Updated ca_certificates parameter in common role to accept key-value pairs of filenames and certificates to put on remote host (so lookups/inventory can be utilised in more flexible manner). Updated backup_client role to fail if it is not possible to extract encryption key IDs from deployed keys. Moved purging of Exim4 configuration files from handlers to tasks (more robust, and still idempotent). All documentation has been updated as well.
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
---

- name: Install Python apt bindings
  apt: name=python-apt

- name: Add Prosody repository apt key
  apt_key:
    data: "{{ lookup('file', 'prosody-debian-packages.gpg') }}"
    state: present

- name: Add Prosody repository
  apt_repository: repo="deb http://packages.prosody.im/debian jessie main" state=present

- name: Install Lua Sec library (needed for TLS)
  apt: name=lua-sec state=installed

- name: Install Lua LDAP library
  apt: name=lua-ldap state=installed

- name: Install Prosody
  apt: name=prosody state=installed

- name: Allow Prosody user to traverse the directory with TLS private keys
  user: name=prosody append=yes groups=ssl-cert

- name: Deploy XMPP TLS private key
  copy: dest="/etc/ssl/private/{{ xmpp_tls_key | basename }}" src="{{ xmpp_tls_key }}"
        mode=640 owner=root group=prosody
  notify:
    - Restart Prosody

- name: Deploy XMPP TLS certificate
  copy: dest="/etc/ssl/certs/{{ xmpp_tls_certificate | basename }}" src="{{ xmpp_tls_certificate }}"
        mode=644 owner=root group=root
  notify:
    - Restart Prosody

- name: Set-up directory for storing additional Prosody modules
  file: path=/usr/local/lib/prosody/modules/ state=directory mode=755 owner=root group=root

- name: Deploy the Prosody mod_auth_ldap module
  get_url: url=https://prosody-modules.googlecode.com/hg/mod_auth_ldap/mod_auth_ldap.lua
           dest=/usr/local/lib/prosody/modules/mod_auth_ldap.lua

- name: Set-up file permissions for the Prosody mod_auth_ldap module
  file: dest=/usr/local/lib/prosody/modules/mod_auth_ldap.lua owner=root group=root mode=644

- name: Deploy Prosody configuration file
  template: src=prosody.cfg.lua.j2 dest=/etc/prosody/prosody.cfg.lua
  notify:
    - Restart Prosody

- name: Enable Prosody service on boot (workaround for systemctl broken handling of SysV)
  command: rcconf -on prosody
  register: result
  changed_when: result.stderr == ""

- name: Enable and start Prosody service
  service: name=prosody state=started

- name: Deploy firewall configuration for XMPP server
  copy: src="ferm_xmpp.conf" dest="/etc/ferm/conf.d/30-xmpp.conf" owner=root group=root mode=640
  notify:
    - Restart ferm
This site is powered by Kallithea 0.7.0, which is © 2010–2025 by various authors & licensed under GPLv3.