HackInPovo/XMPP-service
9
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

boh, ha smesso di andare... non ci capisco un cazzo

Browse source
This commit is contained in:
Freek Kettone 2025-09-03 18:13:04 +02:00
parent 2d82ebe140
commit 4906a4b734
8 changed files with 79 additions and 22 deletions
Download patch file Download diff file Expand all files Collapse all files

22
playbooks/configure_lxc.yml
View file

@ -8,53 +8,53 @@
tasks: tasks:
- name: Wait until SSH is fully ready (Ansible login confirms availability) - name: Wait until SSH is fully ready (Ansible login confirms availability)
ansible.builtin.wait_for_connection: ansible.builtin.wait_for_connection:
timeout: 300 # fino a 5 minuti (essere generosi per bootstrap lento) timeout: 600 # fino a 10 minuti (essere generosi per bootstrap lento)
delay: 5 # aspetta 5s prima di cominciare i tentativi delay: 5 # aspetta 5s prima di cominciare i tentativi
- name: Ensure apt cache is updated (idempotent) - name: Ensure apt cache is updated (idempotent)
ansible.builtin.apt: ansible.builtin.apt:
update_cache: yes update_cache: yes
# non vogliamo che il primo apt rallenti la connessione dopo wait_for_connection, # non vogliamo che il primo apt rallenti la connessione dopo wait_for_connection,
# ma questo garantisce che i task successivi usino pacchetti aggiornati. # ma questo garantisce che i task successivi usino pacchetti aggiornati.
- name: Ensure SSH is installed - name: Ensure SSH is installed
ansible.builtin.apt: ansible.builtin.apt:
name: openssh-server name: openssh-server
state: present state: present
update_cache: yes update_cache: yes
- name: Ensure SSH is running - name: Ensure SSH is running
ansible.builtin.systemd: ansible.builtin.systemd:
name: ssh name: ssh
state: started state: started
enabled: yes enabled: yes
- name: Configure SSH to allow root login - name: Configure SSH to allow root login
ansible.builtin.lineinfile: ansible.builtin.lineinfile:
path: /etc/ssh/sshd_config path: /etc/ssh/sshd_config
regexp: '^#?PermitRootLogin' regexp: "^#?PermitRootLogin"
line: 'PermitRootLogin yes' line: "PermitRootLogin yes"
notify: Restart SSH notify: Restart SSH
- name: Ensure .ssh directory exists - name: Ensure .ssh directory exists
ansible.builtin.file: ansible.builtin.file:
path: /root/.ssh path: /root/.ssh
state: directory state: directory
mode: '0700' mode: "0700"
owner: root owner: root
group: root group: root
- name: Install authorized_keys for root - name: Install authorized_keys for root
ansible.builtin.copy: ansible.builtin.copy:
dest: /root/.ssh/authorized_keys dest: /root/.ssh/authorized_keys
content: "{{ ssh_public_key }}" content: "{{ ssh_public_key }}"
mode: '0600' mode: "0600"
owner: root owner: root
group: root group: root
#add restart handler
handlers:
- name: Restart SSH
ansible.builtin.systemd:
name: ssh
state: restarted

4
playbooks/configure_prosody.yml Normal file
View file

@ -0,0 +1,4 @@
- name: Configura Prosody (xmpp) sul container
hosts: lxc_containers
roles:
- prosody

5
playbooks/create_lxc.yml
View file

@ -6,10 +6,7 @@
ssh_public_key: "{{ lookup('file', '~/.ssh/ansible.pub') }}" ssh_public_key: "{{ lookup('file', '~/.ssh/ansible.pub') }}"
vmid: 121 vmid: 121
tasks: tasks:
- name: Create LXC - name: Create LXC
community.general.proxmox: community.general.proxmox:
api_host: "{{ proxmox_url }}" api_host: "{{ proxmox_url }}"
@ -31,7 +28,6 @@
delegate_to: localhost delegate_to: localhost
register: lxc_creation_result #booooh, capiremo questo che vuol dire. Intanto registriamolo... immagino... register: lxc_creation_result #booooh, capiremo questo che vuol dire. Intanto registriamolo... immagino...
- name: Start LXC container - name: Start LXC container
community.general.proxmox: community.general.proxmox:
api_host: "{{ proxmox_url }}" api_host: "{{ proxmox_url }}"
@ -43,7 +39,6 @@
delegate_to: localhost delegate_to: localhost
when: lxc_creation_result.changed when: lxc_creation_result.changed
- name: Aggiungi container all'inventory dinamico - name: Aggiungi container all'inventory dinamico
add_host: add_host:
name: xmpp01 name: xmpp01

3
playbooks/site.yml
View file

@ -1,3 +1,4 @@
- import_playbook: create_lxc.yml - import_playbook: create_lxc.yml
- import_playbook: configure_lxc.yml - import_playbook: configure_lxc.yml
- import_playbook: configure_nginx.yml # - import_playbook: configure_nginx.yml
- import_playbook: configure_prosody.yml

4
roles/prosody/defaults/main.yml Normal file
View file

@ -0,0 +1,4 @@
prosody_domain: "xmpp.local"
prosody_admin: "admin@{{ prosody_domain }}"
prosody_packages:
- prosody

4
roles/prosody/handlers/main.yml Normal file
View file

@ -0,0 +1,4 @@
- name: Restart Prosody
ansible.builtin.systemd:
name: prosody
state: restarted

20
roles/prosody/tasks/main.yml Normal file
View file

@ -0,0 +1,20 @@
- name: Ensure Prosody is installed
ansible.builtin.apt:
name: "{{ prosody_package }}"
state: present
update_cache: yes
- name: Deploy Prosody config
ansible.builtin.template:
src: prosody.cfg.lua.j2
dest: /etc/prosody/prosody.cfg.lua
owner: root
group: root
mode: "0644"
notify: Restart Prosody
- name: Ensure Prosody is up and running
ansible.builtin.systemd:
name: prosody
state: started
enabled: yes

29
roles/prosody/templates/prosody.cfg.lua.j2 Normal file
View file

@ -0,0 +1,29 @@
admins = { "{{ prosody_admin }}" }
modules_enabled = {
"roster"; -- gestione contatti
"saslauth"; -- autenticazione
"tls"; -- cifratura
"dialback";
"disco"; -- service discovery
"carbons"; -- messaggi su più client
"pep"; -- presence & personal events
"private"; -- dati privati
"vcard4"; "vcard_legacy"; -- profili
"version"; -- risponde alla query version
"uptime";
"time"; -- orologio
"ping"; -- keepalive
"register"; -- permetti registrazione utenti
}
allow_registration = true
ssl = {
key = "/etc/prosody/certs/{{ prosody_domain }}.key";
certificate = "/etc/prosody/certs/{{ prosody_domain }}.crt";
}
VirtualHost "{{ prosody_domain }}"
Component "conference.{{ prosody_domain }}" "muc"