summaryrefslogtreecommitdiff
path: root/playbook.yaml
diff options
context:
space:
mode:
Diffstat (limited to 'playbook.yaml')
-rw-r--r--playbook.yaml87
1 files changed, 75 insertions, 12 deletions
diff --git a/playbook.yaml b/playbook.yaml
index 48b482a..94137d3 100644
--- a/playbook.yaml
+++ b/playbook.yaml
@@ -10,25 +10,30 @@
- name: Ensure required packages are installed
ansible.builtin.package:
name:
- - borgmatic
- - certbot
- - prosody
- - prosody-modules
- - python3-certbot-apache
- - ufw
+ - borgmatic # Backups
+ - certbot # SSL certificates
+ - coturn # Audio / video calling server
+ - lua-dbi-postgresql # Prosody postgres connection
+ - postgresql # Database
+ - prosody # XMPP server
+ - prosody-modules # Extra addons
+ - python3-certbot-apache # Web server to issue challenge responses
+ - python3-psycopg2 # Used by ansible postgres role
+ - ufw # Firewall
state: present
become: true
- - name: Ensure required ports are open
+ - name: Ensure required ports with ufw applications are open
community.general.ufw:
rule: allow
name: "{{ item }}"
state: enabled
loop:
- OpenSSH
+ - Turnserver
- WWW
- XMPP
become: true
- - name: Ensure tcp ports are open for other XEPs
+ - name: Ensure other required tcp ports are open
community.general.ufw:
rule: allow
port: "{{ item }}"
@@ -36,10 +41,13 @@
state: enabled
loop:
- 5000 # XEP-0065
+ - 5223 # XEP-0368
+ - 5270 # XEP-0368
- 5280 # XEP-0363
- 5281 # XEP-0363
+ # - 5432 # Postgres
become: true
- - name: Ensure udp ports are open for other XEPs
+ - name: Ensure other udp ports are open
community.general.ufw:
rule: allow
port: "{{ item }}"
@@ -62,13 +70,63 @@
ansible.builtin.command: >-
certbot --non-interactive --agree-tos --post-hook "/bin/true"
--email {{ certbot_email }} --no-eff-email --expand --apache --keep
- --domains {{ virtual_host }},upload.{{ virtual_host }}
+ -d {{ virtual_host }},upload.{{ virtual_host }},turn.{{ virtual_host }}
become: true
register: certbot
changed_when: "'Running post-hook command' in certbot.stdout"
+ - name: Ensure turn is configured
+ ansible.builtin.template:
+ src: "{{ playbook_dir }}/files/turnserver.conf.j2"
+ dest: /etc/turnserver.conf
+ owner: root
+ group: prosody
+ mode: "0640"
+ become: true
+ notify: Reload coturn
+ - name: Ensure prosody database is set up
+ community.postgresql.postgresql_db:
+ name: prosody
+ become: true
+ become_user: postgres
+ - name: Ensure prosody role is created
+ community.postgresql.postgresql_user:
+ db: prosody
+ name: prosody
+ become: true
+ become_user: postgres
+ - name: Ensure prosody schema is created
+ community.postgresql.postgresql_schema:
+ db: prosody
+ name: prosody
+ owner: prosody
+ become: true
+ become_user: postgres
+ register: my_result
+ - name: Ensure prosody user exists on database
+ community.postgresql.postgresql_user:
+ name: prosody
+ become: true
+ become_user: postgres
+ - name: Ensure prosody user has permissions on database
+ community.postgresql.postgresql_privs:
+ type: database
+ database: prosody
+ privs: ALL
+ roles: prosody
+ become: true
+ become_user: postgres
+ - name: Ensure prosody user has permissions on schema
+ community.postgresql.postgresql_privs:
+ type: table
+ database: prosody
+ objs: ALL_IN_SCHEMA
+ privs: ALL
+ roles: prosody
+ become: true
+ become_user: postgres
- name: Ensure top-level prosody configuration is installed
- ansible.builtin.copy:
- src: "{{ playbook_dir }}/files/prosody.cfg.lua"
+ ansible.builtin.template:
+ src: "{{ playbook_dir }}/files/prosody.cfg.lua.j2"
dest: /etc/prosody/prosody.cfg.lua
owner: root
group: prosody
@@ -130,3 +188,8 @@
name: prosody
state: reloaded
become: true
+ - name: Reload coturn
+ ansible.builtin.service:
+ name: coturn
+ state: restarted
+ become: true
generated by cgit v1.2.3 (git 2.46.0) at 2025-10-20 03:47:26 +0000