diff options
Diffstat (limited to 'playbook.yaml')
| -rw-r--r-- | playbook.yaml | 20 |
1 files changed, 20 insertions, 0 deletions
diff --git a/playbook.yaml b/playbook.yaml index 3b9561a..d11ff6a 100644 --- a/playbook.yaml +++ b/playbook.yaml @@ -7,6 +7,7 @@ - name: Ensure XMPP server is set up hosts: xmpp_server tasks: + # We specifically use apt instead of the more general package module here, # because we want to ensure the cache is updated before we try and install # anything. This is needed because, on a freh Debian install on AWS @@ -27,6 +28,7 @@ state: present update_cache: true become: true + - name: Ensure required ports with ufw applications are open community.general.ufw: rule: allow @@ -38,6 +40,7 @@ - WWW - XMPP become: true + - name: Ensure other required tcp ports are open community.general.ufw: rule: allow @@ -52,6 +55,7 @@ - 5281 # XEP-0363 # - 5432 # Postgres become: true + - name: Ensure other udp ports are open community.general.ufw: rule: allow @@ -63,6 +67,7 @@ - 5280 # XEP-0363 - 5281 # XEP-0363 become: true + - name: Ensure turn is configured ansible.builtin.template: src: "{{ playbook_dir }}/files/turnserver.conf.j2" @@ -72,17 +77,20 @@ mode: "0640" become: true notify: Reload coturn + - name: Ensure prosody database is set up community.postgresql.postgresql_db: name: prosody become: true become_user: postgres + - name: Ensure prosody role is created community.postgresql.postgresql_user: db: prosody name: prosody become: true become_user: postgres + - name: Ensure prosody schema is created community.postgresql.postgresql_schema: db: prosody @@ -91,11 +99,13 @@ become: true become_user: postgres register: my_result + - name: Ensure prosody user exists on database community.postgresql.postgresql_user: name: prosody become: true become_user: postgres + - name: Ensure prosody user has permissions on database community.postgresql.postgresql_privs: type: database @@ -104,6 +114,7 @@ roles: prosody become: true become_user: postgres + - name: Ensure prosody user has permissions on schema community.postgresql.postgresql_privs: type: table @@ -113,6 +124,7 @@ roles: prosody become: true become_user: postgres + - name: Ensure top-level prosody configuration is installed ansible.builtin.template: src: "{{ playbook_dir }}/files/prosody.cfg.lua.j2" @@ -122,6 +134,7 @@ mode: "0640" become: true notify: Reload prosody + - name: Ensure host-specific prosody configuration is available ansible.builtin.template: src: "{{ playbook_dir }}/files/virtual_host.cfg.lua.j2" @@ -131,6 +144,7 @@ mode: "0644" become: true notify: Reload prosody + - name: Ensure host-specific prosody configuration is set ansible.builtin.file: src: "/etc/prosody/conf.avail/{{ virtual_host }}.cfg.lua" @@ -140,11 +154,13 @@ state: link become: true notify: Reload prosody + - name: Ensure prosody is enabled ansible.builtin.service: name: prosody enabled: true become: true + - name: Ensure borgmatic private key is installed ansible.builtin.copy: src: "{{ borg_private_key_path }}" @@ -153,6 +169,7 @@ group: root mode: "0600" become: true + - name: Ensure borgmatic config directory exists ansible.builtin.file: path: /etc/borgmatic @@ -161,6 +178,7 @@ group: root mode: "0700" become: true + - name: Ensure borgmatic is configured ansible.builtin.template: src: "{{ playbook_dir }}/files/borgmatic_config.yaml.j2" @@ -172,11 +190,13 @@ become: true handlers: + - name: Reload prosody ansible.builtin.service: name: prosody state: reloaded become: true + - name: Reload coturn ansible.builtin.service: name: coturn |