blob: c29dd3871f63105db273e68116e18858bd554466 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
|
- name: install prosody
dnf:
name: '{{ prosody_packages }}'
state: present
- name: request conference vhost certificates
include_role:
name: certbot
vars:
certificate_sans: ['{{ item }}']
certificate_path: '{{ prosody_certificate_dir }}/{{ item }}.crt'
certificate_key_path: '{{ prosody_certificate_dir }}/{{ item }}.key'
certificate_owner: prosody
certificate_hook: systemctl reload prosody
certificate_use_apache: yes
loop: '{{ prosody_conference_vhosts }}'
- import_tasks: freeipa.yml
tags: freeipa
- import_tasks: database.yml
tags: database
- name: create module directory
file:
path: '{{ prosody_module_dir }}'
state: directory
- name: clone module repository
hg:
repo: '{{ prosody_module_repo }}'
dest: '{{ prosody_module_dir }}'
- name: generate configuration
template:
src: etc/prosody/prosody.cfg.lua.j2
dest: /etc/prosody/prosody.cfg.lua
owner: root
group: prosody
mode: 0640
notify: restart prosody
- name: open firewall ports
firewalld:
permanent: yes
immediate: yes
service: '{{ item }}'
state: enabled
loop:
- xmpp-client
- xmpp-server
tags: firewalld
- name: enable httpd_can_network_connect SELinux boolean
seboolean:
name: httpd_can_network_connect
state: yes
persistent: yes
tags: selinux
- name: create roster file with correct permissions
copy:
content: ''
dest: '{{ prosody_groups_file }}'
owner: prosody
group: prosody
mode: 0640
force: no
- name: generate roster script
template:
src: usr/local/bin/prosody-update-roster.j2
dest: /usr/local/bin/prosody-update-roster
mode: 0555
- name: create prosody-update-roster timer
include_role:
name: systemd_timer
vars:
timer_name: prosody-update-roster
timer_description: Update prosody shared roster
timer_after: network.target
timer_on_calendar: daily
timer_exec: /usr/local/bin/prosody-update-roster
timer_user: prosody
- name: generate shared roster
systemd:
name: prosody-update-roster.service
state: started
changed_when: no
- name: start prosody
systemd:
name: prosody
enabled: yes
state: started
|