Commit 8335151b authored by Maciej Delmanowski's avatar Maciej Delmanowski

Merge branch 'TuxCoder-prosody'

parents 6458c8a8 0d021271
Pipeline #17382730 passed with stages
in 16 minutes and 16 seconds
......@@ -955,6 +955,13 @@ stages:
JANE_DIFF_PATTERN: '.*/debops.proc_hidepid/.*'
JANE_LOG_PATTERN: '\[debops\.proc_hidepid\]'
'prosody/pki role':
<<: *test_role_2nd_deps
variables:
JANE_TEST_PLAY: '${DEBOPS_PLAYBOOKS}/service/pki.yml ${DEBOPS_PLAYBOOKS}/service/prosody.yml'
JANE_INVENTORY_GROUPS: 'debops_service_pki,debops_service_prosody'
JANE_DIFF_PATTERN: '.*/debops.prosody/.*'
JANE_LOG_PATTERN: '\[debops\.prosody\]'
# --- r --- [[[2
......
......@@ -42,6 +42,8 @@ Added
- :ref:`debops.proc_hidepid`: configure the ``/proc`` ``hidepid=`` options.
- :ref:`debops.prosody`: configure an xmpp server on a given host
- You can now :ref:`use Vagrant <quick_start__vagrant>` to create an Ansible
Controller based on Debian Stretch and use it to manage itself or other hosts
over the network.
......
---
- name: Manage Prosody
hosts: [ 'debops_service_prosody' ]
become: True
environment: '{{ inventory__environment | d({})
| combine(inventory__group_environment | d({}))
| combine(inventory__host_environment | d({})) }}'
roles:
- role: debops.ferm
tags: [ 'role::ferm' ]
ferm__dependent_rules:
- '{{ prosody__ferm__dependent_rules }}'
- role: debops.prosody
tags: [ 'role::prosody' ]
......@@ -69,3 +69,5 @@
- include: salt.yml
- include: fail2ban.yml
- include: prosody.yml
../service/prosody.yml
\ No newline at end of file
This diff is collapsed.
---
- name: 'Restart prosody'
service:
name: 'prosody'
state: 'restarted'
---
dependencies: []
galaxy_info:
company: 'DebOps'
author: 'Norbert Summer'
description: 'Lightweight Jabber/XMPP server'
license: 'GPL-3.0'
min_ansible_version: '2.2.0'
platforms:
- name: Debian
versions:
- stretch
- name: Ubuntu
versions:
- xenial
- artful
galaxy_tags:
- prosody
- jabber
- xmpp
---
- name: Install required packages
package:
name: '{{ item }}'
state: 'present'
with_flattened:
- '{{ prosody__base_packages }}'
- '{{ prosody__packages }}'
- name: Generate Prosody configuration
template:
src: 'etc/prosody/prosody.cfg.lua.j2'
dest: '/etc/prosody/prosody.cfg.lua'
notify: [ 'Restart prosody' ]
- name: Enable Services
service:
name: '{{ item }}'
enabled: 'yes'
state: 'started'
with_items:
- prosody
- name: Make sure that PKI hook directory exists
file:
path: '{{ prosody__pki_hook_path }}'
state: 'directory'
owner: 'root'
group: 'root'
mode: '0755'
when: (prosody__pki|bool and prosody__deploy_state in [ 'present' ])
- name: Manage PKI prosody hook
template:
src: 'etc/pki/hooks/prosody.j2'
dest: '{{ prosody__pki_hook_path + "/" + prosody__pki_hook_name }}'
owner: 'root'
group: 'root'
mode: '0755'
when: (prosody__pki|bool and prosody__deploy_state in [ 'present' ])
- name: Ensure the PKI prosody hook is absent
file:
path: '{{ prosody__pki_hook_path }}'
state: 'absent'
when: (prosody__deploy_state in [ 'absent' ])
#!/bin/bash
# {{ ansible_managed }}
# Reload or restart prosody on a certificate state change
set -o nounset -o pipefail -o errexit
prosody_config="/etc/prosody/prosody.conf.lua"
prosody_action="{{ prosody__pki_hook_action }}"
# Check if current PKI realm is used by the 'prosody' webserver
certificate=$(grep -r "${PKI_SCRIPT_DEFAULT_CRT:-}" ${prosody_config} || true)
# Get list of current realm states
states=( $(echo "${PKI_SCRIPT_STATE:-}" | tr "," " ") )
if [ -n "${certificate}" -a "${{ '{#' }}states[@]}" -gt 0 ] ; then
for state in "${states[@]}" ; do
if [ "${state}" = "changed-certificate" -o "${state}" = "changed-dhparam" ] ; then
# Check if current init is systemd
if $(pidof systemd > /dev/null 2>&1) ; then
prosody_state="$(systemctl is-active prosody.service)"
if [ ${prosody_state} = "active" ] ; then
if $(/usr/sbin/prosody -c ${prosody_config} -t > /dev/null 2>&1) ; then
systemctl ${prosody_action} prosody.service
fi
fi
else
#TODO
fi
break
fi
done
fi
-- {{ ansible_managed }}
{% import 'templates/import/debops__tpl_macros.j2' as debops__tpl_macros with context %}
{% macro lua_print(object, prefix='',depth=0) %}
{% if object is mapping %}
{% set prefix = prefix + ' ' %}
{% if depth!=0 %}{{ "{\n" }}{% endif %}
{% for _item_name, _value in object |dictsort %}
{{ _item_name+' = '+lua_print(_value, prefix,depth+1)|indent(2,true) }}
{% endfor %}
{% if depth!=0 %}{{ '}' }}{% endif %}
{% elif 'bool' == object|type_debug %}
{% if object %}{{ 'true;'|indent(2,true) }}
{% else %}{{ 'false;'|indent(2,true) }}{% endif %}
{% elif object is string %}
{{ '"' + object + '";' }}
{% elif object is iterable %}
{% if depth!=0 %}{{ "{\n" }}{% endif %}
{% for _item in object %}
{{ lua_print(_item, prefix,depth+1)|indent(2,true) }}
{% endfor %}
{% if depth!=0 %}{{ '}' }}{% endif %}
{% elif object is number %}
{{ '%d' | format(object)|indent(2,true) }}
{% else %}
error unknown type
{% endif %}
{% endmacro %}
{{ lua_print(prosody__combined_config_global,'',false) }}
{% for item in prosody__config_virtual_hosts %}
{% set prosody__tpl_pki_realm = item.pki_realm %}{#| d((debops__tpl_macros.get_realm_yaml_list(item.name, prosody__pki_realm) | from_yaml)[0]) %#}
{% set prosody__tpl_pki_realm_path = prosdoy__pki_realm_path + "/" + prosody__tpl_pki_realm %}
VirtualHost "{{ item.name }}"
enabled = {{ item.enabled }}
ssl = {
certificate = "{{ item.tls_crt | d(prosody__tpl_pki_realm_path + "/" + (item.pki_crt|d(prosody__pki_crt_filename))) }}";
key = "{{ item.tls_key | d(prosody__tpl_pki_realm_path + "/" + (item.pki_key|d(prosody__pki_key_filename))) }}";
}
{{ item.raw|d("") }}
{% endfor %}
{% for _component in prosody__combined_config_components %}
Component "{{ _component.domain }}" {{ _component.params }}
{% endfor %}
......@@ -30,6 +30,7 @@ etc.
- :ref:`debops.netbox`
- :ref:`debops.owncloud`
- :ref:`debops.rstudio_server`
- :ref:`debops.prosody`
- ``debops.phpipam``
- ``debops.phpmyadmin``
- ``debops-contrib.foodsoft``
......
Copyright
=========
.. literalinclude:: ../../../../ansible/roles/debops.apt/COPYRIGHT
Getting started
===============
.. contents::
:local:
Default configuration
---------------------
The configuration is split into 3 basic parameters,
this is because of limitation of YAML and easier representation.
- prosody__*_config_global
- prosody__*_config_components
- prosody__*_config_virtual_hosts
By default there are two components active :envvar:`prosody__http_upload` :envvar:`prosody__muc`
Set this varables to false to disable the specific component.
Domains
~~~~~~~
The default virtual host uses :envvar:`prosody__domain` as domain.
The components uses two subdomains: conference.`prosody__domain and upload.`prosody__domain`
Ports
~~~~~
By default the ports are:
- `5222` (c2s)
- `5269` (s2s)
- `5280` http
- `5281` https
Example inventory
-----------------
To enable Prosody server support on a host, it needs to be included in the Ansible inventory in a specific group:
.. code-block:: none
[debops_service_prosody]
hostname
Example playbook
----------------
If you are using this role without DebOps, here's an example Ansible playbook
that uses the ``debops.prosody`` role:
.. literalinclude:: ../../../../ansible/playbooks/service/prosody.yml
:language: yaml
Ansible tags
------------
You can use Ansible ``--tags`` or ``--skip-tags`` parameters to limit what
tasks are performed during Ansible run. This can be used after a host was first
configured to speed up playbook execution, when you are sure that most of the
configuration is already in the desired state.
Available role tags:
``role::prosody``
Main role tag, should be used in the playbook to execute all of the role
tasks as well as role dependencies.
``role::ferm``
Role tag for configure the firewall ferm.
.. _debops.prosody:
debops.prosody
==============
.. toctree::
:maxdepth: 2
introduction
getting-started
defaults
copyright
..
Local Variables:
mode: rst
ispell-local-dictionary: "american"
End:
Introduction
============
``debops.prosody`` configures and manages the XMPP server prosody.
Installation
~~~~~~~~~~~~
This role requires at least Ansible ``v2.0.0``. To install it, run::
ansible-galaxy install debops.prosody
..
Local Variables:
mode: rst
ispell-local-dictionary: "american"
End:
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment