diff options
| author | Matthew Fennell <matthew@fennell.dev> | 2025-09-21 12:45:28 +0100 |
|---|---|---|
| committer | Matthew Fennell <matthew@fennell.dev> | 2025-09-21 12:45:28 +0100 |
| commit | fea8112921b688c508bbab34587dc3c6661c72fa (patch) | |
| tree | d8c69ff3a5535418298cfe6f61b96898b47d7ed8 /playbook.yaml | |
| parent | c6db3465d868b11f1e379c31db4b1166d29d177c (diff) | |
Place invites behind a flag
I am planning on deploying a new single-user server, without s2s connections or
other features, specifically for transports.
This necessiates splitting off some functionality behind a flag, so that it is
only enabled for non-transport ("standard") servers.
Diffstat (limited to 'playbook.yaml')
| -rw-r--r-- | playbook.yaml | 28 |
1 files changed, 24 insertions, 4 deletions
diff --git a/playbook.yaml b/playbook.yaml index 33c4e45..4b0f4c7 100644 --- a/playbook.yaml +++ b/playbook.yaml @@ -203,10 +203,7 @@ ansible.builtin.apt: name: - coturn # Audio / video calling server - - libjs-bootstrap4 # Used by invite webpage - - libjs-jquery # Used by invite webpage - lua-dbi-postgresql # Prosody postgres connection - - nginx # Serve invite webpages - postgresql # Database - prosody # XMPP server - prosody-modules # Extra addons @@ -217,6 +214,17 @@ update_cache: true become: true + - name: Ensure invite-specific packages are installed + ansible.builtin.apt: + name: + - libjs-bootstrap4 # Used by invite webpage + - libjs-jquery # Used by invite webpage + - nginx # Serve invite webpages + state: present + update_cache: true + become: true + when: not is_transport_server + - name: Ensure required ports with ufw applications are open community.general.ufw: rule: allow @@ -225,10 +233,19 @@ loop: - OpenSSH - Turnserver - - WWW Full - XMPP become: true + - name: Ensure invite-specific ports with ufw applications are open + community.general.ufw: + rule: allow + name: "{{ item }}" + state: enabled + loop: + - WWW Full + become: true + when: not is_transport_server + - name: Ensure other required tcp ports are open community.general.ufw: rule: allow @@ -262,6 +279,7 @@ state: absent become: true notify: Restart nginx + when: not is_transport_server - name: Ensure nginx config is installed ansible.builtin.template: @@ -272,6 +290,7 @@ mode: "0644" become: true notify: Restart nginx + when: not is_transport_server - name: Ensure nginx config is enabled ansible.builtin.file: @@ -282,6 +301,7 @@ state: link become: true notify: Restart nginx + when: not is_transport_server - name: Ensure turn is configured ansible.builtin.template: |