From 4906a4b73482b73fd4a49c670aab02681e48d1eb Mon Sep 17 00:00:00 2001
From: Freek Kettone <federico.ds25@gmail.com>
Date: Wed, 3 Sep 2025 18:13:04 +0200
Subject: [PATCH] boh, ha smesso di andare... non ci capisco un cazzo

---
 playbooks/configure_lxc.yml                | 24 +++++++++---------
 playbooks/configure_prosody.yml            |  4 +++
 playbooks/create_lxc.yml                   | 13 +++-------
 playbooks/site.yml                         |  3 ++-
 roles/prosody/defaults/main.yml            |  4 +++
 roles/prosody/handlers/main.yml            |  4 +++
 roles/prosody/tasks/main.yml               | 20 +++++++++++++++
 roles/prosody/templates/prosody.cfg.lua.j2 | 29 ++++++++++++++++++++++
 8 files changed, 79 insertions(+), 22 deletions(-)
 create mode 100644 playbooks/configure_prosody.yml
 create mode 100644 roles/prosody/defaults/main.yml
 create mode 100644 roles/prosody/handlers/main.yml
 create mode 100644 roles/prosody/tasks/main.yml
 create mode 100644 roles/prosody/templates/prosody.cfg.lua.j2

diff --git a/playbooks/configure_lxc.yml b/playbooks/configure_lxc.yml
index 91eb865..4de063d 100644
--- a/playbooks/configure_lxc.yml
+++ b/playbooks/configure_lxc.yml
@@ -8,16 +8,14 @@
   tasks:
     - name: Wait until SSH is fully ready (Ansible login confirms availability)
       ansible.builtin.wait_for_connection:
-        timeout: 300     # fino a 5 minuti (essere generosi per bootstrap lento)
-        delay: 5         # aspetta 5s prima di cominciare i tentativi
-
+        timeout: 600 # fino a 10 minuti (essere generosi per bootstrap lento)
+        delay: 5 # aspetta 5s prima di cominciare i tentativi
 
     - name: Ensure apt cache is updated (idempotent)
       ansible.builtin.apt:
         update_cache: yes
       # non vogliamo che il primo apt rallenti la connessione dopo wait_for_connection,
       # ma questo garantisce che i task successivi usino pacchetti aggiornati.
-      
 
     - name: Ensure SSH is installed
       ansible.builtin.apt:
@@ -25,36 +23,38 @@
         state: present
         update_cache: yes
 
-
     - name: Ensure SSH is running
       ansible.builtin.systemd:
         name: ssh
         state: started
         enabled: yes
 
-
     - name: Configure SSH to allow root login
       ansible.builtin.lineinfile:
         path: /etc/ssh/sshd_config
-        regexp: '^#?PermitRootLogin'
-        line: 'PermitRootLogin yes'
+        regexp: "^#?PermitRootLogin"
+        line: "PermitRootLogin yes"
       notify: Restart SSH
 
-        
     - name: Ensure .ssh directory exists
       ansible.builtin.file:
         path: /root/.ssh
         state: directory
-        mode: '0700'
+        mode: "0700"
         owner: root
         group: root
 
-
     - name: Install authorized_keys for root
       ansible.builtin.copy:
         dest: /root/.ssh/authorized_keys
         content: "{{ ssh_public_key }}"
-        mode: '0600'
+        mode: "0600"
         owner: root
         group: root
 
+  #add restart handler
+  handlers:
+    - name: Restart SSH
+      ansible.builtin.systemd:
+        name: ssh
+        state: restarted
diff --git a/playbooks/configure_prosody.yml b/playbooks/configure_prosody.yml
new file mode 100644
index 0000000..52764b3
--- /dev/null
+++ b/playbooks/configure_prosody.yml
@@ -0,0 +1,4 @@
+- name: Configura Prosody (xmpp) sul container
+  hosts: lxc_containers
+  roles:
+    - prosody
diff --git a/playbooks/create_lxc.yml b/playbooks/create_lxc.yml
index 3afdaf4..2a3efff 100644
--- a/playbooks/create_lxc.yml
+++ b/playbooks/create_lxc.yml
@@ -1,15 +1,12 @@
 - name: Crea container lxc per prosody (xmpp)
-  hosts: proxmox_nodes  
+  hosts: proxmox_nodes
   gather_facts: false
   vars:
     root_password: "{{ lookup('env', 'XMPP_PASSWORD') }}"
     ssh_public_key: "{{ lookup('file', '~/.ssh/ansible.pub') }}"
     vmid: 121
-    
-
-  tasks: 
-
 
+  tasks:
     - name: Create LXC
       community.general.proxmox:
         api_host: "{{ proxmox_url }}"
@@ -29,8 +26,7 @@
         features: "nesting=1"
         state: present
       delegate_to: localhost
-      register: lxc_creation_result   #booooh, capiremo questo che vuol dire. Intanto registriamolo... immagino... 
-
+      register: lxc_creation_result #booooh, capiremo questo che vuol dire. Intanto registriamolo... immagino...
 
     - name: Start LXC container
       community.general.proxmox:
@@ -39,11 +35,10 @@
         api_password: "{{ proxmox_password }}"
         vmid: "{{ vmid }}"
         node: milan
-        state: started              # Tutto questo blocco è riassumibile in questa riga
+        state: started # Tutto questo blocco è riassumibile in questa riga
       delegate_to: localhost
       when: lxc_creation_result.changed
 
-
     - name: Aggiungi container all'inventory dinamico
       add_host:
         name: xmpp01
diff --git a/playbooks/site.yml b/playbooks/site.yml
index f51de94..b6cd59a 100644
--- a/playbooks/site.yml
+++ b/playbooks/site.yml
@@ -1,3 +1,4 @@
 - import_playbook: create_lxc.yml
 - import_playbook: configure_lxc.yml
-- import_playbook: configure_nginx.yml
+# - import_playbook: configure_nginx.yml
+- import_playbook: configure_prosody.yml
diff --git a/roles/prosody/defaults/main.yml b/roles/prosody/defaults/main.yml
new file mode 100644
index 0000000..a4c2244
--- /dev/null
+++ b/roles/prosody/defaults/main.yml
@@ -0,0 +1,4 @@
+prosody_domain: "xmpp.local"
+prosody_admin: "admin@{{ prosody_domain }}"
+prosody_packages:
+  - prosody
diff --git a/roles/prosody/handlers/main.yml b/roles/prosody/handlers/main.yml
new file mode 100644
index 0000000..2f7acf6
--- /dev/null
+++ b/roles/prosody/handlers/main.yml
@@ -0,0 +1,4 @@
+- name: Restart Prosody
+  ansible.builtin.systemd:
+    name: prosody
+    state: restarted
diff --git a/roles/prosody/tasks/main.yml b/roles/prosody/tasks/main.yml
new file mode 100644
index 0000000..b5d0163
--- /dev/null
+++ b/roles/prosody/tasks/main.yml
@@ -0,0 +1,20 @@
+- name: Ensure Prosody is installed
+  ansible.builtin.apt:
+    name: "{{ prosody_package }}"
+    state: present
+    update_cache: yes
+
+- name: Deploy Prosody config
+  ansible.builtin.template:
+    src: prosody.cfg.lua.j2
+    dest: /etc/prosody/prosody.cfg.lua
+    owner: root
+    group: root
+    mode: "0644"
+  notify: Restart Prosody
+
+- name: Ensure Prosody is up and running
+  ansible.builtin.systemd:
+    name: prosody
+    state: started
+    enabled: yes
diff --git a/roles/prosody/templates/prosody.cfg.lua.j2 b/roles/prosody/templates/prosody.cfg.lua.j2
new file mode 100644
index 0000000..02c9b95
--- /dev/null
+++ b/roles/prosody/templates/prosody.cfg.lua.j2
@@ -0,0 +1,29 @@
+admins = { "{{ prosody_admin }}" }
+
+modules_enabled = {
+    "roster"; -- gestione contatti
+    "saslauth"; -- autenticazione
+    "tls"; -- cifratura
+    "dialback";
+    "disco"; -- service discovery
+    "carbons"; -- messaggi su più client
+    "pep"; -- presence & personal events
+    "private"; -- dati privati
+    "vcard4"; "vcard_legacy"; -- profili
+    "version"; -- risponde alla query version
+    "uptime";
+    "time"; -- orologio
+    "ping"; -- keepalive
+    "register"; -- permetti registrazione utenti
+}
+
+allow_registration = true
+
+ssl = {
+    key = "/etc/prosody/certs/{{ prosody_domain }}.key";
+    certificate = "/etc/prosody/certs/{{ prosody_domain }}.crt";
+}
+
+VirtualHost "{{ prosody_domain }}"
+
+Component "conference.{{ prosody_domain }}" "muc"