# SPDX-FileCopyrightText: 2024 Matthew Fennell <matthew@fennell.dev>
#
# SPDX-License-Identifier: AGPL-3.0-only

---

- name: Ensure XMPP server is set up
  hosts: xmpp_server
  tasks:
   - name: Ensure required packages are installed
     ansible.builtin.package:
      name:
       - certbot
       - prosody
       - prosody-modules
       - python3-certbot-apache
       - ufw
      state: present
   - name: Ensure required ports are open
     community.general.ufw:
      rule: allow
      name: "{{ item }}"
      state: enabled
     loop:
      - OpenSSH
      - WWW
      - XMPP
     become: true
   - name: Ensure prosody is configured
     ansible.builtin.copy:
      src: "{{ playbook_dir }}/files/prosody.cfg.lua"
      dest: /etc/prosody/prosody.cfg.lua
      owner: root
      group: root
      mode: "0640"
     become: true
   - name: Ensure prosody config is reloaded
     ansible.builtin.service:
      name: prosody
      enabled: true
      state: reloaded
     become: true