Initial commit

tasks/main.yml

@@ -0,0 +1,65 @@
+---
+# tasks file for MicroJoe.prosody
+
+- name: Install debian dependencies
+  apt:
+    name: apt-transport-https
+    state: present
+
+- name: Install official prosody repository's key
+  apt_key:
+    url: https://prosody.im/files/prosody-debian-packages.key
+    state: present
+
+- name: Install official prosody repository
+  apt_repository:
+    repo: deb https://packages.prosody.im/debian stretch main
+    state: present
+
+- name: Install prosody package
+  apt:
+    name: prosody
+    state: latest
+    update_cache: yes
+
+- name: Configure prosody
+  template:
+    src: prosody.cfg.lua.j2
+    dest: /etc/prosody/prosody.cfg.lua
+    group: root
+    owner: root
+    mode: 0755
+    validate: "luac -p %s"
+  notify: reload prosody config
+
+- name: Copy TLS cert to /etc/prosody/certs/
+  command: /bin/cp "{{ prosody_ssl_cert_source }}" "{{ prosody_ssl_cert_dest }}"
+  notify: reload prosody config
+
+- name: Copy TLS key to /etc/prosody/certs/
+  command: /bin/cp "{{ prosody_ssl_key_source }}" "{{ prosody_ssl_key_dest }}"
+  notify: reload prosody config
+
+- name: Set good access to certs
+  file:
+    path: "{{ item }}"
+    owner: root
+    group: prosody
+    mode: 0640
+  with_items:
+    - "{{ prosody_ssl_key_dest }}"
+    - "{{ prosody_ssl_cert_dest }}"
+
+# Everyday at 4 AM
+
+- name: Install crontab for periodic copy of LetsEncypt certs
+  cron:
+    name: Copy LetsEncrypt certificates and restart
+    hour: 4
+    minute: 0
+    job: "cp {{ prosody_ssl_cert_source }} {{ prosody_ssl_cert_dest }} &&
+          cp {{ prosody_ssl_key_source }} {{ prosody_ssl_key_dest }} &&
+          systemctl restart prosody"
+
+- name: Enable and restart prosody service
+  service: name=prosody enabled=yes state=restarted