Files @ a8ad1fdf6f60
Branch filter:

Location: majic-ansible-roles/roles/xmpp_server/tasks/main.yml

a8ad1fdf6f60 2.8 KiB text/x-yaml Show Annotation Show as Raw Download as Raw
branko
MAR-153: Use custom Diffie-Helman parameters for HTTP(S) server in the web_server role.
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
---

- name: Install Python apt bindings
  apt:
    name: python-apt

- name: Add Prosody repository apt key
  apt_key:
    data: "{{ lookup('file', 'prosody-debian-packages.gpg') }}"
    state: present

- name: Add Prosody repository
  apt_repository:
    repo: "deb http://packages.prosody.im/debian {{ ansible_distribution_release }} main"
    state: present

- name: Install Lua Sec library (needed for TLS)
  apt:
    name: lua-sec
    state: present

- name: Install Lua LDAP library
  apt:
    name: lua-ldap
    state: present

- name: Install Prosody
  apt:
    name: "{{ xmpp_prosody_package }}"
    state: present
  notify:
    - Restart Prosody

- name: Allow Prosody user to traverse the directory with TLS private keys
  user:
    name: prosody
    append: true
    groups: ssl-cert

- name: Deploy XMPP TLS private key
  copy:
    dest: "/etc/ssl/private/{{ ansible_fqdn }}_xmpp.key"
    content: "{{ xmpp_tls_key }}"
    owner: root
    group: prosody
    mode: 0640
  notify:
    - Restart Prosody

- name: Deploy XMPP TLS certificate
  copy:
    dest: "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem"
    content: "{{ xmpp_tls_certificate }}"
    owner: root
    group: root
    mode: 0644
  notify:
    - Restart Prosody

- name: Deploy configuration file for checking certificate validity via cron
  copy:
    content: "/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem"
    dest: "/etc/check_certificate/{{ ansible_fqdn }}_xmpp.conf"
    owner: root
    group: root
    mode: 0644

- name: Set-up directory for storing additional Prosody modules
  file:
    path: "/usr/local/lib/prosody/modules/"
    state: directory
    owner: root
    group: root
    mode: 0755

- name: Deploy the Prosody mod_auth_ldap module
  get_url:
    url: "https://hg.prosody.im/prosody-modules/raw-file/tip/mod_auth_ldap/mod_auth_ldap.lua"
    dest: "/usr/local/lib/prosody/modules/mod_auth_ldap.lua"

- name: Set-up file permissions for the Prosody mod_auth_ldap module
  file:
    dest: "/usr/local/lib/prosody/modules/mod_auth_ldap.lua"
    owner: root
    group: root
    mode: 0644

- name: Deploy Prosody configuration file
  template:
    src: "prosody.cfg.lua.j2"
    dest: "/etc/prosody/prosody.cfg.lua"
    owner: root
    group: prosody
    mode: 0640
  notify:
    - Restart Prosody

- name: Enable Prosody service on boot (workaround for systemctl broken handling of SysV)
  command: "rcconf -on prosody"
  register: result
  changed_when: not result.stderr

- name: Enable and start Prosody service
  service:
    name: prosody
    state: started

- name: Deploy firewall configuration for XMPP server
  copy:
    src: "ferm_xmpp.conf"
    dest: "/etc/ferm/conf.d/30-xmpp.conf"
    owner: root
    group: root
    mode: 0640
  notify:
    - Restart ferm

- name: Explicitly run all handlers
  include: ../handlers/main.yml
  when: "run_handlers | default(False) | bool()"
  tags:
    - handlers
This site is powered by Kallithea 0.7.0, which is © 2010–2023 by various authors & licensed under GPLv3.