Files @ 734eb461396e
Branch filter:

Location: majic-ansible-roles/roles/xmpp_server/tasks/main.yml

734eb461396e 3.6 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-218: Document the passlib Python package requirement:

- The library is used for hashing the operating system user passwords
during account creation.
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
---

# Main implementation
# ===================

- name: Set-up the Debian backports repository
  ansible.builtin.template:
    src: backports.list.j2
    dest: /etc/apt/sources.list.d/backports.list
    owner: root
    group: root
    mode: "0644"
  register: backports_repository_configuration

- name: Update apt cache if backports repository configuration changed (for immediate use)  # noqa no-handler
  # [no-handler] Tasks that run when changed should likely be handlers
  #   Since apt_repository module is not reliable (does not deploy
  #   change when changing distro version etc), we have to use
  #   template instead, but this also means we need to trigger the apt
  #   cache reload by hand.
  ansible.builtin.apt:
    update_cache: true
  when: backports_repository_configuration.changed

- name: Install additional Prosody dependencies
  ansible.builtin.apt:
    name:
      - lua-ldap
      - prosody-modules
    state: present
  notify:
    - Restart Prosody

- name: Install Prosody
  ansible.builtin.apt:
    name: prosody
    state: present
  notify:
    - Restart Prosody

- name: Allow Prosody user to traverse the directory with TLS private keys
  ansible.builtin.user:
    name: prosody
    append: true
    groups: ssl-cert

- name: Deploy XMPP TLS private key
  ansible.builtin.copy:
    dest: "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.key"
    content: "{{ xmpp_tls_key }}"
    owner: root
    group: prosody
    mode: "0640"
  notify:
    - Restart Prosody

- name: Deploy XMPP TLS certificate
  ansible.builtin.copy:
    dest: "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem"
    content: "{{ xmpp_tls_certificate }}"
    owner: root
    group: root
    mode: "0644"
  notify:
    - Restart Prosody

- name: Generate the XMPP server Diffie-Hellman parameter
  community.crypto.openssl_dhparam:
    owner: root
    group: prosody
    mode: "0640"
    path: "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.dh.pem"
    size: 2048
  notify:
    - Restart Prosody

- name: Deploy configuration file for checking certificate validity via cron
  ansible.builtin.copy:
    content: "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem"
    dest: "/etc/check_certificate/{{ ansible_fqdn }}_xmpp.conf"
    owner: root
    group: root
    mode: "0644"

- name: Deploy script for validating Prosody certificate
  ansible.builtin.copy:
    src: "check_prosody_certificate.sh"
    dest: "/usr/local/bin/check_prosody_certificate.sh"
    owner: root
    group: root
    mode: "0755"

- name: Set-up crontab task that runs the Prosody certificate checker script once a day
  ansible.builtin.copy:
    src: "cron_check_prosody_certificate"
    dest: "/etc/cron.d/check_prosody_certificate"
    owner: root
    group: root
    mode: "0644"

- name: Deploy LDAP client configuration (for validating LDAP server certificate)
  ansible.builtin.copy:
    src: prosody_ldaprc
    dest: "/var/lib/prosody/.ldaprc"
    owner: root
    group: prosody
    mode: "0640"
  notify:
    - Restart Prosody

- name: Deploy Prosody configuration file
  ansible.builtin.template:
    src: "prosody.cfg.lua.j2"
    dest: "/etc/prosody/prosody.cfg.lua"
    owner: root
    group: prosody
    mode: "0640"
  notify:
    - Restart Prosody

- name: Enable and start Prosody service
  ansible.builtin.service:
    name: prosody
    state: started
    enabled: true

- name: Deploy firewall configuration for XMPP server
  ansible.builtin.copy:
    src: "ferm_xmpp.conf"
    dest: "/etc/ferm/conf.d/30-xmpp.conf"
    owner: root
    group: root
    mode: "0640"
  notify:
    - Restart ferm

- name: Explicitly run all handlers
  ansible.builtin.include_tasks: ../handlers/main.yml
  when: "run_handlers | default(False) | bool()"
  tags:
    - handlers
This site is powered by Kallithea 0.7.0, which is © 2010–2024 by various authors & licensed under GPLv3.