ansible-roles/roles/prosody/tasks/selinux.yml

---

- name: Set correct SELinux context
  sefcontext:
    target: "/opt/prosody(/.*)?"
    setype: lib_t
    seuser: system_u
    state: present
  tags: prosody

- name: Restore SELinux context
  command: restorecon -R /opt/prosody/modules
  changed_when: false
  tags: prosody

- name: Copy SELinux policy
  copy: src=prosody-ansible.te dest=/etc/selinux/targeted/local/
  register: prosody_selinux_policy
  tags: prosody

- name: Compile and load SELinux policy
  shell: |
    cd /etc/selinux/targeted/local/
    checkmodule -M -m -o prosody-ansible.mod prosody-ansible.te
    semodule_package -o prosody-ansible.pp -m prosody-ansible.mod
    semodule -i /etc/selinux/targeted/local/prosody-ansible.pp
  when: prosody_selinux_policy.changed
  tags: prosody

- name: Allow prosody to query LDAP and HTTP servers
  seboolean: name={{ item }} state=true persistent=true
  loop:
    - authlogin_nsswitch_use_ldap
    - nis_enabled
  tags: prosody