Add initial playbook

At present, the playbook simply ensures that all required packages are
installed.

6 files changed, 169 insertions, 0 deletions

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..9d7ac41
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1,5 @@
+# SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev>
+#
+# SPDX-License-Identifier: AGPL-3.0-only
+
+inventory
diff --git a/.precious.toml b/.precious.toml
new file mode 100644
index 0000000..89e21de
--- /dev/null
+++ b/.precious.toml
@@ -0,0 +1,34 @@
+# SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev>
+#
+# SPDX-License-Identifier: AGPL-3.0-only
+
+[commands.gitlint]
+cmd = ["gitlint"]
+include = "*"
+invoke = "once"
+ok_exit_codes = [0]
+path_args = "none"
+type = "lint"
+
+[commands.reuse]
+cmd = ["reuse", "lint"]
+include = "*"
+invoke = "once"
+lint_failure_exit_codes = [1]
+ok_exit_codes = [0]
+path_args = "none"
+type = "lint"
+
+[commands.shellcheck]
+cmd = ["shellcheck", "--severity=style", "--enable=all"]
+include = ["hooks/*"]
+lint_failure_exit_codes = [1]
+ok_exit_codes = [0]
+type = "lint"
+
+[commands.yamllint]
+cmd = ["yamllint", "--strict"]
+include = ["*.yaml"]
+lint_failure_exit_codes = [1, 2]
+ok_exit_codes = [0]
+type = "lint"
diff --git a/Makefile b/Makefile
new file mode 100644
index 0000000..1b9b4dd
--- /dev/null
+++ b/Makefile
@@ -0,0 +1,19 @@
+#!/usr/bin/make -f
+# SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev>
+#
+# SPDX-License-Identifier: AGPL-3.0-only
+
+.PHONY: check lint staging prod
+
+check:
+	make lint
+	make staging
+
+staging:
+	ansible-playbook --inventory inventory/staging.ini playbook.yaml
+
+prod:
+	ansible-playbook --inventory inventory/prod.ini playbook.yaml
+
+lint:
+	precious --ascii lint --all
diff --git a/README.md b/README.md
new file mode 100644
index 0000000..2cbab87
--- /dev/null
+++ b/README.md
@@ -0,0 +1,87 @@
+<!--
+SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev>
+
+SPDX-License-Identifier: AGPL-3.0-only
+-->
+
+# XMPP Server
+
+This playbook is for creating an XMPP server using prosody.
+
+I use this playbook for my own purposes; it will likely not generalise to other
+deployments.
+
+## Quickstart
+
+### Managed node initial setup
+
+Set up a server with the following things configured:
+
+* SSH access
+* DNS records (see [Prosody's docs](https://prosody.im/doc/dns) for more info)
+* `python3` installed
+
+Now, open the following firewall ports on the external firewall (the firewall
+on the box itself will be taken care of by the playbook):
+
+| Application | Protocol | Port |
+| ----------- | -------- | ---- |
+| SSH         | TCP      | 22   |
+| HTTP        | TCP      | 80   |
+| XMPP Client | TCP      | 5222 |
+| XMPP Server | TCP      | 5269 |
+
+### Install ansible on the control node
+
+Install the `ansible` package via your package manager.
+
+### Create a prod inventory file
+
+Create an inventory file in `inventory/prod.ini` with the production hosts that
+you would like to deploy to. For instance:
+
+```ini
+[xmpp_server]
+fennell.dev
+koyo.haus
+```
+
+### Create a staging inventory file
+
+Staging hosts can be useful to test deployment of your playbook before
+deploying to production. If you have staging hosts set up, you can use the
+Makefile to deploy to these first.
+
+Create an inventory file in `inventory/staging.ini` like the following:
+
+```ini
+[xmpp_server]
+staging.koyo.haus
+```
+
+### Run the playbook on your staging hosts
+
+```shell
+make staging
+```
+
+### If all goes well, run the playbook on your prod hosts
+
+```shell
+make prod
+```
+
+## Git hooks
+
+We provide sample git hooks in the `hooks` directory. To use these, ensure the
+following packages are installed:
+
+* gitlint
+* precious
+* reuse
+* shellcheck
+* yamllint
+
+```shell
+$ git config core.hooksPath hooks
+```
diff --git a/hooks/pre-commit b/hooks/pre-commit
new file mode 100755
index 0000000..ede30be
--- /dev/null
+++ b/hooks/pre-commit
@@ -0,0 +1,6 @@
+#!/bin/sh
+# SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev>
+#
+# SPDX-License-Identifier: AGPL-3.0-only
+
+make check
diff --git a/playbook.yaml b/playbook.yaml
new file mode 100644
index 0000000..85b5e50
--- /dev/null
+++ b/playbook.yaml
@@ -0,0 +1,18 @@
+# SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev>
+#
+# SPDX-License-Identifier: AGPL-3.0-only
+
+---
+
+- name: Ensure XMPP server is set up
+  hosts: xmpp_server
+  tasks:
+   - name: Ensure required packages are installed
+     ansible.builtin.package:
+      name:
+       - certbot
+       - prosody
+       - prosody-modules
+       - python3-certbot-apache
+       - ufw
+      state: present