From 8093a955e3c6238cc14537a54c56277af6b89dc2 Mon Sep 17 00:00:00 2001 From: Matthew Fennell Date: Sun, 7 Jan 2024 11:39:27 +0000 Subject: Add initial playbook At present, the playbook simply ensures that all required packages are installed. --- .gitignore | 5 ++++ .precious.toml | 34 ++++++++++++++++++++++ Makefile | 19 +++++++++++++ README.md | 87 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ hooks/pre-commit | 6 ++++ playbook.yaml | 18 ++++++++++++ 6 files changed, 169 insertions(+) create mode 100644 .gitignore create mode 100644 .precious.toml create mode 100644 Makefile create mode 100644 README.md create mode 100755 hooks/pre-commit create mode 100644 playbook.yaml diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..9d7ac41 --- /dev/null +++ b/.gitignore @@ -0,0 +1,5 @@ +# SPDX-FileCopyrightText: 2024 Matthew Fennell +# +# SPDX-License-Identifier: AGPL-3.0-only + +inventory diff --git a/.precious.toml b/.precious.toml new file mode 100644 index 0000000..89e21de --- /dev/null +++ b/.precious.toml @@ -0,0 +1,34 @@ +# SPDX-FileCopyrightText: 2024 Matthew Fennell +# +# SPDX-License-Identifier: AGPL-3.0-only + +[commands.gitlint] +cmd = ["gitlint"] +include = "*" +invoke = "once" +ok_exit_codes = [0] +path_args = "none" +type = "lint" + +[commands.reuse] +cmd = ["reuse", "lint"] +include = "*" +invoke = "once" +lint_failure_exit_codes = [1] +ok_exit_codes = [0] +path_args = "none" +type = "lint" + +[commands.shellcheck] +cmd = ["shellcheck", "--severity=style", "--enable=all"] +include = ["hooks/*"] +lint_failure_exit_codes = [1] +ok_exit_codes = [0] +type = "lint" + +[commands.yamllint] +cmd = ["yamllint", "--strict"] +include = ["*.yaml"] +lint_failure_exit_codes = [1, 2] +ok_exit_codes = [0] +type = "lint" diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..1b9b4dd --- /dev/null +++ b/Makefile @@ -0,0 +1,19 @@ +#!/usr/bin/make -f +# SPDX-FileCopyrightText: 2024 Matthew Fennell +# +# SPDX-License-Identifier: AGPL-3.0-only + +.PHONY: check lint staging prod + +check: + make lint + make staging + +staging: + ansible-playbook --inventory inventory/staging.ini playbook.yaml + +prod: + ansible-playbook --inventory inventory/prod.ini playbook.yaml + +lint: + precious --ascii lint --all diff --git a/README.md b/README.md new file mode 100644 index 0000000..2cbab87 --- /dev/null +++ b/README.md @@ -0,0 +1,87 @@ + + +# XMPP Server + +This playbook is for creating an XMPP server using prosody. + +I use this playbook for my own purposes; it will likely not generalise to other +deployments. + +## Quickstart + +### Managed node initial setup + +Set up a server with the following things configured: + +* SSH access +* DNS records (see [Prosody's docs](https://prosody.im/doc/dns) for more info) +* `python3` installed + +Now, open the following firewall ports on the external firewall (the firewall +on the box itself will be taken care of by the playbook): + +| Application | Protocol | Port | +| ----------- | -------- | ---- | +| SSH | TCP | 22 | +| HTTP | TCP | 80 | +| XMPP Client | TCP | 5222 | +| XMPP Server | TCP | 5269 | + +### Install ansible on the control node + +Install the `ansible` package via your package manager. + +### Create a prod inventory file + +Create an inventory file in `inventory/prod.ini` with the production hosts that +you would like to deploy to. For instance: + +```ini +[xmpp_server] +fennell.dev +koyo.haus +``` + +### Create a staging inventory file + +Staging hosts can be useful to test deployment of your playbook before +deploying to production. If you have staging hosts set up, you can use the +Makefile to deploy to these first. + +Create an inventory file in `inventory/staging.ini` like the following: + +```ini +[xmpp_server] +staging.koyo.haus +``` + +### Run the playbook on your staging hosts + +```shell +make staging +``` + +### If all goes well, run the playbook on your prod hosts + +```shell +make prod +``` + +## Git hooks + +We provide sample git hooks in the `hooks` directory. To use these, ensure the +following packages are installed: + +* gitlint +* precious +* reuse +* shellcheck +* yamllint + +```shell +$ git config core.hooksPath hooks +``` diff --git a/hooks/pre-commit b/hooks/pre-commit new file mode 100755 index 0000000..ede30be --- /dev/null +++ b/hooks/pre-commit @@ -0,0 +1,6 @@ +#!/bin/sh +# SPDX-FileCopyrightText: 2024 Matthew Fennell +# +# SPDX-License-Identifier: AGPL-3.0-only + +make check diff --git a/playbook.yaml b/playbook.yaml new file mode 100644 index 0000000..85b5e50 --- /dev/null +++ b/playbook.yaml @@ -0,0 +1,18 @@ +# SPDX-FileCopyrightText: 2024 Matthew Fennell +# +# SPDX-License-Identifier: AGPL-3.0-only + +--- + +- name: Ensure XMPP server is set up + hosts: xmpp_server + tasks: + - name: Ensure required packages are installed + ansible.builtin.package: + name: + - certbot + - prosody + - prosody-modules + - python3-certbot-apache + - ufw + state: present -- cgit v1.2.3