boh, ha smesso di andare... non ci capisco un cazzo

playbooks/configure_lxc.yml

@@ -8,16 +8,14 @@
   tasks:
     - name: Wait until SSH is fully ready (Ansible login confirms availability)
       ansible.builtin.wait_for_connection:
-        timeout: 300     # fino a 5 minuti (essere generosi per bootstrap lento)
+        timeout: 600 # fino a 10 minuti (essere generosi per bootstrap lento)
-        delay: 5         # aspetta 5s prima di cominciare i tentativi
+        delay: 5 # aspetta 5s prima di cominciare i tentativi
-
 
     - name: Ensure apt cache is updated (idempotent)
       ansible.builtin.apt:
         update_cache: yes
       # non vogliamo che il primo apt rallenti la connessione dopo wait_for_connection,
       # ma questo garantisce che i task successivi usino pacchetti aggiornati.
-      
 
     - name: Ensure SSH is installed
       ansible.builtin.apt:
@@ -25,36 +23,38 @@
         state: present
         update_cache: yes
 
-
     - name: Ensure SSH is running
       ansible.builtin.systemd:
         name: ssh
         state: started
         enabled: yes
 
-
     - name: Configure SSH to allow root login
       ansible.builtin.lineinfile:
         path: /etc/ssh/sshd_config
-        regexp: '^#?PermitRootLogin'
+        regexp: "^#?PermitRootLogin"
-        line: 'PermitRootLogin yes'
+        line: "PermitRootLogin yes"
       notify: Restart SSH
 
-        
     - name: Ensure .ssh directory exists
       ansible.builtin.file:
         path: /root/.ssh
         state: directory
-        mode: '0700'
+        mode: "0700"
         owner: root
         group: root
 
-
     - name: Install authorized_keys for root
       ansible.builtin.copy:
         dest: /root/.ssh/authorized_keys
         content: "{{ ssh_public_key }}"
-        mode: '0600'
+        mode: "0600"
         owner: root
         group: root
 
+  #add restart handler
+  handlers:
+    - name: Restart SSH
+      ansible.builtin.systemd:
+        name: ssh
+        state: restarted

playbooks/configure_prosody.yml

@@ -0,0 +1,4 @@
+- name: Configura Prosody (xmpp) sul container
+  hosts: lxc_containers
+  roles:
+    - prosody

playbooks/create_lxc.yml

@@ -1,15 +1,12 @@
 - name: Crea container lxc per prosody (xmpp)
-  hosts: proxmox_nodes  
+  hosts: proxmox_nodes
   gather_facts: false
   vars:
     root_password: "{{ lookup('env', 'XMPP_PASSWORD') }}"
     ssh_public_key: "{{ lookup('file', '~/.ssh/ansible.pub') }}"
     vmid: 121
-    
-
-  tasks: 
-
 
+  tasks:
     - name: Create LXC
       community.general.proxmox:
         api_host: "{{ proxmox_url }}"
@@ -29,8 +26,7 @@
         features: "nesting=1"
         state: present
       delegate_to: localhost
-      register: lxc_creation_result   #booooh, capiremo questo che vuol dire. Intanto registriamolo... immagino... 
+      register: lxc_creation_result #booooh, capiremo questo che vuol dire. Intanto registriamolo... immagino...
-
 
     - name: Start LXC container
       community.general.proxmox:
@@ -39,11 +35,10 @@
         api_password: "{{ proxmox_password }}"
         vmid: "{{ vmid }}"
         node: milan
-        state: started              # Tutto questo blocco è riassumibile in questa riga
+        state: started # Tutto questo blocco è riassumibile in questa riga
       delegate_to: localhost
       when: lxc_creation_result.changed
 
-
     - name: Aggiungi container all'inventory dinamico
       add_host:
         name: xmpp01

playbooks/site.yml

@@ -1,3 +1,4 @@
 - import_playbook: create_lxc.yml
 - import_playbook: configure_lxc.yml
-- import_playbook: configure_nginx.yml
+# - import_playbook: configure_nginx.yml
+- import_playbook: configure_prosody.yml

roles/prosody/defaults/main.yml

@@ -0,0 +1,4 @@
+prosody_domain: "xmpp.local"
+prosody_admin: "admin@{{ prosody_domain }}"
+prosody_packages:
+  - prosody

roles/prosody/handlers/main.yml

@@ -0,0 +1,4 @@
+- name: Restart Prosody
+  ansible.builtin.systemd:
+    name: prosody
+    state: restarted

roles/prosody/tasks/main.yml

@@ -0,0 +1,20 @@
+- name: Ensure Prosody is installed
+  ansible.builtin.apt:
+    name: "{{ prosody_package }}"
+    state: present
+    update_cache: yes
+
+- name: Deploy Prosody config
+  ansible.builtin.template:
+    src: prosody.cfg.lua.j2
+    dest: /etc/prosody/prosody.cfg.lua
+    owner: root
+    group: root
+    mode: "0644"
+  notify: Restart Prosody
+
+- name: Ensure Prosody is up and running
+  ansible.builtin.systemd:
+    name: prosody
+    state: started
+    enabled: yes

roles/prosody/templates/prosody.cfg.lua.j2

@@ -0,0 +1,29 @@
+admins = { "{{ prosody_admin }}" }
+
+modules_enabled = {
+    "roster"; -- gestione contatti
+    "saslauth"; -- autenticazione
+    "tls"; -- cifratura
+    "dialback";
+    "disco"; -- service discovery
+    "carbons"; -- messaggi su più client
+    "pep"; -- presence & personal events
+    "private"; -- dati privati
+    "vcard4"; "vcard_legacy"; -- profili
+    "version"; -- risponde alla query version
+    "uptime";
+    "time"; -- orologio
+    "ping"; -- keepalive
+    "register"; -- permetti registrazione utenti
+}
+
+allow_registration = true
+
+ssl = {
+    key = "/etc/prosody/certs/{{ prosody_domain }}.key";
+    certificate = "/etc/prosody/certs/{{ prosody_domain }}.crt";
+}
+
+VirtualHost "{{ prosody_domain }}"
+
+Component "conference.{{ prosody_domain }}" "muc"