---

- name: Install Python apt bindings
  apt: name=python-apt

- name: Add Prosody repository apt key
  apt_key:
    data: "{{ lookup('file', 'prosody-debian-packages.gpg') }}"
    state: present

- name: Add Prosody repository
  apt_repository: repo="deb http://packages.prosody.im/debian jessie main" state=present

- name: Install Lua Sec library (needed for TLS)
  apt: name=lua-sec state=installed

- name: Install Lua LDAP library
  apt: name=lua-ldap state=installed

- name: Install Prosody
  apt: name=prosody state=installed

- name: Allow Prosody user to traverse the directory with TLS private keys
  user: name=prosody append=yes groups=ssl-cert

- name: Deploy XMPP TLS private key
  copy: dest="/etc/ssl/private/{{ ansible_fqdn }}_xmpp.key" content="{{ xmpp_tls_key }}"
        mode=640 owner=root group=prosody
  notify:
    - Restart Prosody

- name: Deploy XMPP TLS certificate
  copy: dest="/etc/ssl/certs/{{ ansible_fqdn }}_xmpp.pem" content="{{ xmpp_tls_certificate }}"
        mode=644 owner=root group=root
  notify:
    - Restart Prosody

- name: Set-up directory for storing additional Prosody modules
  file: path=/usr/local/lib/prosody/modules/ state=directory mode=755 owner=root group=root

- name: Deploy the Prosody mod_auth_ldap module
  get_url: url=https://hg.prosody.im/prosody-modules/raw-file/tip/mod_auth_ldap/mod_auth_ldap.lua
           dest=/usr/local/lib/prosody/modules/mod_auth_ldap.lua

- name: Set-up file permissions for the Prosody mod_auth_ldap module
  file: dest=/usr/local/lib/prosody/modules/mod_auth_ldap.lua owner=root group=root mode=644

- name: Deploy Prosody configuration file
  template: src=prosody.cfg.lua.j2 dest=/etc/prosody/prosody.cfg.lua
  notify:
    - Restart Prosody

- name: Enable Prosody service on boot (workaround for systemctl broken handling of SysV)
  command: rcconf -on prosody
  register: result
  changed_when: result.stderr == ""

- name: Enable and start Prosody service
  service: name=prosody state=started

- name: Deploy firewall configuration for XMPP server
  copy: src="ferm_xmpp.conf" dest="/etc/ferm/conf.d/30-xmpp.conf" owner=root group=root mode=640
  notify:
    - Restart ferm

- name: Explicitly run all handlers
  include: ../handlers/main.yml
  when: "handlers | default(False) | bool() == True"
  tags:
    - handlers