Update to 2021-12-01 19:13

roles/prosody/tasks/conf.yml

@@ -0,0 +1,13 @@
+---
+
+- name: Deploy prosody configuration
+  template: src={{ item.src }} dest={{ item.dest }} owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
+  loop:
+    - src: prosody.cfg.lua.j2
+      dest: /etc/prosody/prosody.cfg.lua
+      group: prosody
+      mode: 640
+  notify: reload prosody
+  tags: prosody
+
+# TODO: support vhosts

roles/prosody/tasks/directories.yml

@@ -0,0 +1,8 @@
+---
+
+- name: Create directories
+  file: path={{ item.dir }} state=directory owner={{ item.owner | default(omit) }} group={{ item.group | default(omit) }} mode={{ item.mode | default(omit) }}
+  loop:
+    - dir: /etc/prosody/ansible_conf.d
+    - dir: /opt/prosody/modules
+  tags: prosody

roles/prosody/tasks/facts.yml

@@ -0,0 +1,7 @@
+---
+
+- name: Ensure cyrus is enabled
+  set_fact: prosody_modules_enabled={{ prosody_modules_enabled + ['auth_cyrus'] }}
+  when: prosody_auth_provider == 'cyrus' and 'auth_cyrus' not in prosody_modules_enabled
+  tags: prosody
+

roles/prosody/tasks/install.yml

@@ -0,0 +1,46 @@
+---
+
+- name: Install prosody
+  yum:
+    name:
+      - prosody
+      - lua-ldap
+      - lua-cyrussasl
+  tags: prosody
+
+- name: Create systemd unit snippet dir
+  file: path=/etc/systemd/system/prosody.service.d state=directory
+  tags: prosody
+
+- name: Install modules
+  get_url:
+    url: "{{ item.url | default('https://raw.githubusercontent.com/prosody-modules/' ~ item.name ~ '/master/' ~ item.name ~ '.lua') }}"
+    dest: /opt/prosody/modules/{{ item.name }}.lua
+  loop: "{{ prosody_modules }}"
+  notify: restart prosody
+  tags: prosody
+
+- name: Install Participan Metadata module
+  copy:
+    src: mod_participant_metadata.lua
+    dest: /opt/prosody/modules/
+  notify: restart prosody
+  tags: prosody
+
+- name: Remove useless unit override
+  file: path=/etc/systemd/system/prosody.service.d/99-ansible.conf state=absent
+  register: prosody_unit
+  notify: restart prosody
+  tags: prosody
+
+- name: Reload systemd
+  systemd: daemon_reload=True
+  when: prosody_unit.changed
+  tags: prosody
+
+- name: Allow prosody to query LDAP servers
+  seboolean: name={{ item }} state=True persistent=True
+  loop:
+    - authlogin_nsswitch_use_ldap
+  when: ansible_selinux.status == 'enabled'
+  tags: prosody

roles/prosody/tasks/iptables.yml

@@ -0,0 +1,19 @@
+---
+
+- name: Handle ports for prosody
+  iptables_raw:
+    name: prosody_port_{{ item.name }}
+    state: "{{ (item.src_ip | length > 0) | ternary('present','absent') }}"
+    rules: "-A INPUT -p tcp -m multiport --dports {{ item.ports | join(',') }} -s {{ item.src_ip | join(',') }} -j ACCEPT"
+  loop:
+    - name: c2s
+      src_ip: "{{ prosody_c2s_src_ip }}"
+      ports: "{{ prosody_c2s_ports }}"
+    - name: s2s
+      src_ip: "{{ prosody_s2s_src_ip }}"
+      ports: "{{ prosody_s2s_ports }}"
+    - name: http
+      src_ip: "{{ prosody_http_src_ip }}"
+      ports: "{{ prosody_http_ports }}"
+  when: iptables_manage | default(True)
+  tags: firewall,prosody

roles/prosody/tasks/main.yml

@@ -0,0 +1,8 @@
+---
+
+- include: directories.yml
+- include: install.yml
+- include: facts.yml
+- include: conf.yml
+- include: iptables.yml
+- include: service.yml

roles/prosody/tasks/service.yml

@@ -0,0 +1,5 @@
+---
+
+- name: Start and enable prosody
+  service: name=prosody state=started enabled=True
+  tags: prosody