diff --git a/.ansible-lint b/.ansible-lint
index 2aea330..cfe50ce 100644
--- a/.ansible-lint
+++ b/.ansible-lint
@@ -1,3 +1,4 @@
---
-skip_list:
- - fqcn-builtins
+exclude_paths:
+ - molecule/
+ - .github/
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 9f637cf..a90318b 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -17,8 +17,6 @@ on:
jobs:
integration:
name: Integration
- uses: systemli/github-ansible-workflow/.github/workflows/ansible-integration-workflow.yaml@main
+ uses: systemli/github-ansible-workflow/.github/workflows/ansible-integration-workflow.yaml@v1.0.0
with:
- distros: '[ "debian11", "debian10" ]'
- role-dependencies: |
- - src: systemli.apt_repositories
+ distros: '[ "debian11" ]'
diff --git a/README.md b/README.md
index 81e453e..e2a0572 100644
--- a/README.md
+++ b/README.md
@@ -1,40 +1,34 @@
-ansible-role-prosody
-=========
+# ansible-role-prosody
+
[](https://github.com/systemli/ansible-role-prosody/actions?query=workflow%3AIntegration)
[](https://galaxy.ansible.com/systemli/prosody/)
-[](https://check.messaging.one/result.php?domain=jabber.systemli.org&type=client)
-
-
Install and maintain [Prosody](http://prosody.im/) from official repo with Ansible.
Tested with Molecule, Docker and Vagrant.
-Requirements
-------------
+## Requirements
-Debian 10. Other versions of Debian/Ubuntu might be supported as well, but aren't tested.
+Debian 11. Other versions of Debian/Ubuntu might be supported as well, but aren't tested.
-Role Variables
---------------
+## Role Variables
see `defaults/main.yml`
-Dependencies
-------------
+## Dependencies
- - [systemli.apt_repositories](https://galaxy.ansible.com/systemli/apt_repositories)
+- [systemli.apt_repositories](https://galaxy.ansible.com/systemli/apt_repositories)
-Download
---------
+## Download
Download latest release with `ansible-galaxy`
- ansible-galaxy install systemli.prosody
+```shell
+ansible-galaxy install systemli.prosody
+```
-Example Playbook
-----------------
+## Example Playbook
-```
+```yaml
- hosts: servers
roles:
- systemli.prosody
@@ -58,7 +52,7 @@ Look at [systemli.onion](https://github.com/systemli/ansible-role-onion).
You can also combine it with [systemli.letsencrypt](https://github.com/systemli/ansible-role-letsencrypt/) to automatically configure certs.
-```
+```yaml
- hosts: servers
roles:
- systemli.letsencrypt
@@ -76,13 +70,14 @@ You can also combine it with [systemli.letsencrypt](https://github.com/systemli/
renew_hook: "/usr/bin/prosodyctl --root cert import /etc/letsencrypt/live/"
```
-Tests
------
+## Tests
Run local tests with
-```
+
+```shell
molecule test
```
+
Requires Molecule, Vagrant and `python-vagrant` to be installed.
To update vars in tests run
@@ -104,12 +99,10 @@ def j2_environment_params():
)
```
-License
--------
+## License
GPL
-Author Information
-------------------
+## Author Information
-https://www.systemli.org
+
diff --git a/handlers/main.yml b/handlers/main.yml
index b328da4..ab7073c 100644
--- a/handlers/main.yml
+++ b/handlers/main.yml
@@ -1,37 +1,36 @@
---
-
-- name: update lua alternatives
+- name: Update lua alternatives
community.general.alternatives:
name: lua-interpreter
link: /usr/bin/lua
path: "/usr/bin/lua{{ prosody_lua_version }}"
-- name: reload systemd
+- name: Reload systemd
ansible.builtin.systemd:
daemon_reload: true
-- name: reload prosody config
+- name: Reload prosody config
ansible.builtin.systemd:
name: prosody
state: reloaded
-- name: restart prosody
+- name: Restart prosody
ansible.builtin.systemd:
name: prosody
state: restarted
daemon_reload: true
-- name: stop prosody
+- name: Stop prosody
ansible.builtin.systemd:
name: prosody
state: stopped
-- name: start prosody
+- name: Start prosody
ansible.builtin.systemd:
name: prosody
state: started
-- name: restart saslauthd
+- name: Restart saslauthd
ansible.builtin.systemd:
name: saslauthd
state: restarted
diff --git a/meta/main.yml b/meta/main.yml
index 57fb6c9..c0c9134 100644
--- a/meta/main.yml
+++ b/meta/main.yml
@@ -17,7 +17,6 @@ galaxy_info:
- name: Debian
versions:
- bullseye
- - buster
dependencies:
- role: systemli.apt_repositories
vars:
diff --git a/requirements.yml b/requirements.yml
new file mode 100644
index 0000000..a36be43
--- /dev/null
+++ b/requirements.yml
@@ -0,0 +1,6 @@
+---
+roles:
+ - name: systemli.apt_repositories
+ version: 1.0.5
+collections:
+ - name: community.general
diff --git a/tasks/goss.yml b/tasks/goss.yml
index de208d7..33eefd3 100644
--- a/tasks/goss.yml
+++ b/tasks/goss.yml
@@ -1,5 +1,4 @@
---
-
- name: Check is goss test directory exists
ansible.builtin.stat:
path: "{{ goss_test_directory }}"
@@ -12,7 +11,7 @@
dest: "{{ goss_test_directory }}/test_{{ item }}.yml"
owner: root
group: root
- mode: 0644
+ mode: "0644"
when: dir.stat is defined and dir.stat.exists and dir.stat.isdir
with_items:
- prosody
diff --git a/tasks/inactive.yml b/tasks/inactive.yml
index ec9e268..07d49cc 100644
--- a/tasks/inactive.yml
+++ b/tasks/inactive.yml
@@ -1,12 +1,11 @@
---
-
- name: Copy script to list inactive users
ansible.builtin.template:
src: prosody_inactive_users.j2
dest: /usr/local/bin/prosody_inactive_users
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Enable cron job to clean inactive users
ansible.builtin.cron:
diff --git a/tasks/ldap.yml b/tasks/ldap.yml
index d77d47f..82b37aa 100644
--- a/tasks/ldap.yml
+++ b/tasks/ldap.yml
@@ -1,5 +1,4 @@
---
-
# kudos: https://blogs.mafia-server.net/nur-bahnhof/2013/12/prosody-authentification-ldapactivedirectory/
# and https://wiki.debian.org/InstallingProsody#Cyrus_SASL_with_LDAP
@@ -13,8 +12,8 @@
dest: /etc/default/saslauthd
owner: root
group: root
- mode: 0644
- notify: restart saslauthd
+ mode: "0644"
+ notify: Restart saslauthd
- name: Configure ldap details
ansible.builtin.template:
@@ -22,8 +21,8 @@
dest: /etc/saslauthd.conf
owner: root
group: root
- mode: 0644
- notify: restart saslauthd
+ mode: "0644"
+ notify: Restart saslauthd
- name: Create sasl directory
ansible.builtin.file:
@@ -31,7 +30,7 @@
state: directory
owner: root
group: root
- mode: 0755
+ mode: "0755"
- name: Create SASL prosody config
ansible.builtin.copy:
@@ -39,12 +38,12 @@
dest: /etc/sasl/prosody.conf
owner: root
group: root
- mode: 0644
- notify: restart saslauthd
+ mode: "0644"
+ notify: Restart saslauthd
- name: Add prosody to sasl group
ansible.builtin.user:
name: prosody
groups: sasl
append: true
- notify: restart prosody
+ notify: Restart prosody
diff --git a/tasks/main.yml b/tasks/main.yml
index 147284e..9c3944c 100644
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -1,26 +1,30 @@
---
-
-- include_tasks: prosody.yml
+- name: Include Prosody Tasks
+ ansible.builtin.include_tasks: prosody.yml
tags:
- prosody
-- include_tasks: inactive.yml
+- name: Include Tasks for Inactive Users Scripts
+ ansible.builtin.include_tasks: inactive.yml
tags:
- prosody
-- include_tasks: ldap.yml
+- name: Include Tasks for LDAP Authentication
+ ansible.builtin.include_tasks: ldap.yml
when: prosody_authentication == "cyrus"
tags:
- prosody
- ldap
-- include_tasks: web.yml
- when: prosody_web_dir|default(False) and prosody_web_user|default(False)
+- name: Include Tasks for Web UI
+ ansible.builtin.include_tasks: web.yml
+ when: prosody_web_dir | default(False) and prosody_web_user | default(False)
tags:
- prosody
- web
-- include_tasks: goss.yml
+- name: Include Tasks for Goss Tests
+ ansible.builtin.include_tasks: goss.yml
tags:
- prosody
- goss
diff --git a/tasks/prosody.yml b/tasks/prosody.yml
index 04a0246..0bf0339 100644
--- a/tasks/prosody.yml
+++ b/tasks/prosody.yml
@@ -1,5 +1,4 @@
---
-
- name: Ensure selected lua version is present
ansible.builtin.apt:
pkg: "{{ item }}"
@@ -8,27 +7,26 @@
- "lua{{ prosody_lua_version }}"
- "liblua{{ prosody_lua_version }}-dev"
notify:
- - update lua alternatives
- - restart prosody
+ - Update lua alternatives
+ - Restart prosody
- name: Ensure required packages are present
ansible.builtin.apt:
pkg: "{{ prosody_packages }}"
cache_valid_time: 600
-- name: ensure prosody systemd drop-in dir exists
+- name: Ensure prosody systemd drop-in dir exists
ansible.builtin.file:
path: "/etc/systemd/system/prosody.service.d"
state: directory
- mode: 0755
+ mode: "0755"
-- name: ensure prosody file descriptor limit is set
+- name: Ensure prosody file descriptor limit is set
ansible.builtin.template:
src: "10-fd-limit.conf.j2"
dest: "/etc/systemd/system/prosody.service.d/10-fd-limit.conf"
- mode: 0444
- notify:
- - restart prosody
+ mode: "0444"
+ notify: Restart prosody
- name: Get latest registration theme
ansible.builtin.git:
@@ -43,8 +41,8 @@
dest: /etc/prosody/prosody.cfg.lua
owner: root
group: prosody
- mode: 0640
- notify: reload prosody config
+ mode: "0640"
+ notify: Reload prosody config
- name: Flush handlers
ansible.builtin.meta: flush_handlers
@@ -53,54 +51,55 @@
# ansible.builtin.command: prosodyctl register {{ item.name }} {{ prosody_virtual_domain }} {{ item.password }}
# with_items: prosody_accounts
-- name: get installed prosody modules
+- name: Get installed prosody modules
ansible.builtin.command: prosodyctl list
changed_when: false
check_mode: false
register: __prosody_installed_modules
-- name: assemble external module list to install and enable
+- name: Assemble external module list to install and enable
ansible.builtin.set_fact:
__prosody_extra_modules: >-
- {{ __prosody_extra_modules | default([])
- + prosody_external_modules | default([])
- + prosody_muc_modules_extra | default([]) }}
- {% if prosody_motd and not prosody_motd is string %}
- + [ 'motd_sequential']{% endif %}
- {% if prosody_external_services is defined %}
- + ['extdisco'] {% endif %}
- {% if prosody_turncredentials_host is defined
- and prosody_turncredentials_secret is defined %}
- + ['turncredentials']{% endif %}
-
-- name: ensure prosody modules are present
+ {{ __prosody_extra_modules | default([])
+ + prosody_external_modules | default([])
+ + prosody_muc_modules_extra | default([]) }}
+ {% if prosody_motd and not prosody_motd is string %}
+ + [ 'motd_sequential']{% endif %}
+ {% if prosody_external_services is defined %}
+ + ['extdisco'] {% endif %}
+ {% if prosody_turncredentials_host is defined
+ and prosody_turncredentials_secret is defined %}
+ + ['turncredentials']{% endif %}
+
+- name: Ensure prosody modules are present
ansible.builtin.command: prosodyctl install mod_{{ item }}
+ changed_when: false
loop: "{{ __prosody_extra_modules | flatten(levels=1) }}"
when:
- __prosody_installed_modules.stdout_lines is not search(item)
- __prosody_extra_modules
- notify:
- - restart prosody
+ notify: Restart prosody
-- name: get outdated prosody modules
+- name: Get outdated prosody modules
ansible.builtin.command: prosodyctl list --outdated
changed_when: false
check_mode: false
register: __prosody_outdated_modules
when: prosody_update_external_modules
-- name: ensure prosody modules are not outdated
+- name: Ensure prosody modules are not outdated
ansible.builtin.command: prosodyctl install mod_{{ item }}
+ changed_when: false
loop: "{{ __prosody_extra_modules | flatten(levels=1) }}"
when:
- __prosody_outdated_modules.stdout_lines | default() is search(item)
- __prosody_extra_modules
- prosody_update_external_modules
- prosody_update_external_modules_ignore is not search(item)
- notify:
- - restart prosody
+ notify: Restart prosody
-- include_tasks: tls.yml
+- name: Include Tasks for TLS Certificates
+ ansible.builtin.include_tasks: tls.yml
with_items: "{{ prosody_virtual_hosts }}"
tags:
- certs-jabber
@@ -109,7 +108,7 @@
ansible.builtin.command: "openssl dhparam -out /etc/prosody/certs/dh-{{ prosody_dhparam_length }}.pem {{ prosody_dhparam_length }}"
args:
creates: /etc/prosody/certs/dh-{{ prosody_dhparam_length }}.pem
- notify: restart prosody
+ notify: Restart prosody
when: not __testing|default()
- name: Push proxy TLS cert to /etc/prosody/certs/
@@ -122,7 +121,7 @@
when: prosody_proxy_ssl_cert is defined
tags:
- certs-jabber
- notify: reload prosody config
+ notify: Reload prosody config
- name: Change ownership of generic key file if no custom is used
ansible.builtin.file:
@@ -142,7 +141,7 @@
when: prosody_proxy_ssl_key is defined
tags:
- certs-jabber
- notify: reload prosody config
+ notify: Reload prosody config
- name: Flush handlers
ansible.builtin.meta: flush_handlers
diff --git a/tasks/tls.yml b/tasks/tls.yml
index 5bc3f7a..6f3b00b 100644
--- a/tasks/tls.yml
+++ b/tasks/tls.yml
@@ -1,6 +1,5 @@
---
-
-- name: "Push TLS cert of {{ item.name }} to /etc/prosody/certs/"
+- name: "Push TLS cert /etc/prosody/certs/"
ansible.builtin.copy:
content: "{{ item.cert }}"
dest: "/etc/prosody/certs/{{ item.name }}.crt"
@@ -10,9 +9,9 @@
when: item.cert is defined
tags:
- certs-jabber
- notify: reload prosody config
+ notify: Reload prosody config
-- name: "Push TLS key of {{ item.name }} to /etc/prosody/certs/"
+- name: "Push TLS key to /etc/prosody/certs/"
ansible.builtin.copy:
content: "{{ item.key }}"
dest: "/etc/prosody/certs/{{ item.name }}.key"
@@ -22,4 +21,4 @@
when: item.key is defined
tags:
- certs-jabber
- notify: reload prosody config
+ notify: Reload prosody config
diff --git a/tasks/web.yml b/tasks/web.yml
index da92ad1..d8505a6 100644
--- a/tasks/web.yml
+++ b/tasks/web.yml
@@ -1,12 +1,11 @@
---
-
-- name: create .well-known
+- name: Create .well-known
ansible.builtin.file:
path: "{{ prosody_web_dir }}/.well-known"
state: directory
owner: "{{ prosody_web_user }}"
group: "{{ prosody_web_user }}"
- mode: 0755
+ mode: "0755"
- name: Create .well-known/host-meta.json
ansible.builtin.template:
@@ -14,4 +13,4 @@
dest: "{{ prosody_web_dir }}/.well-known/host-meta.json"
owner: "{{ prosody_web_user }}"
group: "{{ prosody_web_user }}"
- mode: 0644
+ mode: "0644"