snikket-server/ansible/tasks/prosody.yml

---

- name: "Install Lua 5.2"
  apt:
    name: lua5.2
    state: present
    install_recommends: no
- name: "Add Prosody package signing key"
  apt_key:
    url: "https://packages.prosody.im/debian/pubkey.asc"
- name: "Add Prosody package repo"
  apt_repository:
    filename: prosody
    repo: "deb https://packages.prosody.im/debian buster main"
- name: "Detect dpkg architecture name"
  shell: dpkg --print-architecture
  register: dpkg_arch
- name: "Install Prosody package"
  apt:
    deb: "https://packages.prosody.im/debian/pool/main/p/{{ prosody.package }}/{{ prosody.package }}_1nightly{{ prosody.build }}-1~buster_{{ dpkg_arch.stdout }}.deb"
    state: present
    install_recommends: yes
- name: "Deploy Prosody config"
  copy:
    src: ../files/prosody.cfg.lua
    dest: /etc/prosody/prosody.cfg.lua
- name: "Create Prosody data directory"
  file:
    state: directory
    path: /snikket/prosody
    owner: prosody
    group: prosody
    mode: 0750
- name: "Create Prosody modules directory"
  file:
    state: directory
    path: /etc/prosody/modules
- name: "Create web root directory"
  file:
    state: directory
    path: /var/www
- name: "FIXME Workaround for Prosody package bug"
  file:
    path: /etc/prosody/certs
    state: directory
    owner: prosody
    group: adm
    mode: 0750
    recurse: yes
- name: "Disable Prosody init script"
  service:
    name: prosody
    enabled: no
- name: "Stop Prosody if running"
  service:
    name: prosody
    state: stopped
- name: "Allow Prosody to bind service ports"
  command: setcap 'cap_net_bind_service=+ep' /usr/bin/lua5.2

- name: Install Mercurial
  apt:
    name: mercurial
    state: present
    install_recommends: no

- name: Clone prosody-modules
  hg:
    repo: https://hg.prosody.im/prosody-modules
    dest: /usr/local/lib/prosody-modules
    revision: "{{ prosody_modules.revision }}"
    purge: yes
    update: yes
- name: Enable wanted modules (prosody-modules)
  file:
    state: link
    src: "/usr/local/lib/prosody-modules/{{item}}"
    dest: "/etc/prosody/modules/{{item}}"
  loop:
    - mod_smacks
    - mod_cloud_notify
    - mod_cloud_notify_encrypted
    - mod_cloud_notify_priority_tag
    - mod_cloud_notify_filters
    - mod_block_registrations
    - mod_compact_resource
    - mod_conversejs
    - mod_migrate_http_upload
    - mod_lastlog
    - mod_limit_auth
    - mod_password_policy
    - mod_roster_allinall
    - mod_strict_https
    - mod_vcard_muc
    - mod_reload_modules
    - mod_email
    - mod_http_altconnect
    - mod_bookmarks
    - mod_default_bookmarks
    - mod_firewall
    - mod_turncredentials
    - mod_admin_notify
    - mod_http_oauth2
    - mod_http_admin_api
    - mod_rest
    - mod_groups_migration
    - mod_invites
    - mod_invites_adhoc
    - mod_invites_api
    - mod_invites_groups
    - mod_invites_page
    - mod_invites_register
    - mod_invites_register_api
    - mod_invites_tracking
    - mod_groups_internal
    - mod_groups_muc_bookmarks
    - mod_muc_defaults
    - mod_muc_local_only
    - mod_http_host_status_check
    - mod_measure_process
    - mod_prometheus
    - mod_spam_reporting
    - mod_watch_spam_reports

- name: Enable wanted modules (snikket-modules)
  file:
    state: link
    src: "/usr/local/lib/snikket-modules/{{item}}"
    dest: "/etc/prosody/modules/{{item}}"
  loop:
    - mod_update_check
    - mod_update_notify
    - mod_invites_default_group
    - mod_invites_bootstrap
    - mod_snikket_client_id
    - mod_snikket_ios_preserve_push

- name: "Install lua-ossl for encrypted push notifications"
  apt:
    name: lua-luaossl
    state: present
    install_recommends: no

- name: "Fetch luaunbound source"
  get_url:
    #url: https://code.zash.se/dl/luaunbound/luaunbound-0.5.tar.gz
    url: https://matthewwild.co.uk/uploads/luaunbound-0.5.tar.gz
    sha256sum: a6564ac1cca6bb350576eb2a5cfa03adb0aafd4f99d6cd491bd8028d046c62a7
    dest: /tmp/luaunbound-0.5.tar.gz

- name: "Extract luaunbound"
  unarchive:
    src: /tmp/luaunbound-0.5.tar.gz
    remote_src: yes
    dest: /tmp

- name: "Install libunbound-dev"
  apt:
    name:
      - libunbound8
      - libunbound-dev
      - liblua5.2-dev
    state: present

- name: "Build luaunbound"
  make:
    chdir: /tmp/luaunbound-0.5

- name: "Install luaunbound"
  make:
    chdir: /tmp/luaunbound-0.5
    target: install

- name: "Remove luaunbound source"
  file:
    path: /tmp/luaunbound-0.5
    state: absent

- name: "Remove libunbound-dev"
  apt:
    name:
      - libunbound-dev
      - liblua5.2-dev
    state: absent
Initial commit 2020-01-31 13:46:46 +00:00			`---`

Switch to Lua 5.2 (fixes build with new trunk packages) 2020-11-11 12:19:42 +00:00			`- name: "Install Lua 5.2"`
			`apt:`
			`name: lua5.2`
			`state: present`
			`install_recommends: no`
Initial commit 2020-01-31 13:46:46 +00:00			`- name: "Add Prosody package signing key"`
			`apt_key:`
			`url: "https://packages.prosody.im/debian/pubkey.asc"`
			`- name: "Add Prosody package repo"`
			`apt_repository:`
Specify a filename for repository So that it stays the same even if the URL is changed. 2021-10-18 12:15:32 +00:00			`filename: prosody`
Initial commit 2020-01-31 13:46:46 +00:00			`repo: "deb https://packages.prosody.im/debian buster main"`
Install latest prosody from deb, factor out variables 2021-05-17 20:22:01 +00:00			`- name: "Detect dpkg architecture name"`
			`shell: dpkg --print-architecture`
			`register: dpkg_arch`
Initial commit 2020-01-31 13:46:46 +00:00			`- name: "Install Prosody package"`
			`apt:`
Install latest prosody from deb, factor out variables 2021-05-17 20:22:01 +00:00			`deb: "https://packages.prosody.im/debian/pool/main/p/{{ prosody.package }}/{{ prosody.package }}_1nightly{{ prosody.build }}-1~buster_{{ dpkg_arch.stdout }}.deb"`
Initial commit 2020-01-31 13:46:46 +00:00			`state: present`
			`install_recommends: yes`
			`- name: "Deploy Prosody config"`
			`copy:`
			`src: ../files/prosody.cfg.lua`
			`dest: /etc/prosody/prosody.cfg.lua`
			`- name: "Create Prosody data directory"`
			`file:`
			`state: directory`
			`path: /snikket/prosody`
			`owner: prosody`
			`group: prosody`
			`mode: 0750`
			`- name: "Create Prosody modules directory"`
			`file:`
			`state: directory`
			`path: /etc/prosody/modules`
			`- name: "Create web root directory"`
			`file:`
			`state: directory`
			`path: /var/www`
			`- name: "FIXME Workaround for Prosody package bug"`
			`file:`
			`path: /etc/prosody/certs`
			`state: directory`
			`owner: prosody`
			`group: adm`
			`mode: 0750`
			`recurse: yes`
			`- name: "Disable Prosody init script"`
			`service:`
			`name: prosody`
			`enabled: no`
			`- name: "Stop Prosody if running"`
			`service:`
			`name: prosody`
			`state: stopped`
docker-compose, prosody: Switch to host networking for the container This simplifies things in preparation for adding coturn and its large number of ports. As Prosody now must listen on the "real" HTTP ports, we had to give permission to the Lua binary to bind low network ports. 2020-05-12 14:05:42 +00:00			`- name: "Allow Prosody to bind service ports"`
Switch to Lua 5.2 (fixes build with new trunk packages) 2020-11-11 12:19:42 +00:00			`command: setcap 'cap_net_bind_service=+ep' /usr/bin/lua5.2`
Initial commit 2020-01-31 13:46:46 +00:00
			`- name: Install Mercurial`
			`apt:`
			`name: mercurial`
			`state: present`
			`install_recommends: no`

			`- name: Clone prosody-modules`
			`hg:`
			`repo: https://hg.prosody.im/prosody-modules`
			`dest: /usr/local/lib/prosody-modules`
Install latest prosody from deb, factor out variables 2021-05-17 20:22:01 +00:00			`revision: "{{ prosody_modules.revision }}"`
Initial commit 2020-01-31 13:46:46 +00:00			`purge: yes`
			`update: yes`
prosody: Add mod_http_host_status_check 2021-03-10 14:37:19 +00:00			`- name: Enable wanted modules (prosody-modules)`
Initial commit 2020-01-31 13:46:46 +00:00			`file:`
			`state: link`
			`src: "/usr/local/lib/prosody-modules/{{item}}"`
			`dest: "/etc/prosody/modules/{{item}}"`
			`loop:`
			`- mod_smacks`
			`- mod_cloud_notify`
prosody: Add new push notification extensions for iOS app 2021-01-22 12:47:24 +00:00			`- mod_cloud_notify_encrypted`
			`- mod_cloud_notify_priority_tag`
			`- mod_cloud_notify_filters`
Initial commit 2020-01-31 13:46:46 +00:00			`- mod_block_registrations`
			`- mod_compact_resource`
			`- mod_conversejs`
Switch to mod_http_file_share More future-proof, allowing for larger uploads. 2021-02-24 18:21:31 +00:00			`- mod_migrate_http_upload`
Initial commit 2020-01-31 13:46:46 +00:00			`- mod_lastlog`
			`- mod_limit_auth`
			`- mod_password_policy`
			`- mod_roster_allinall`
			`- mod_strict_https`
			`- mod_vcard_muc`
			`- mod_reload_modules`
			`- mod_email`
			`- mod_http_altconnect`
			`- mod_bookmarks`
			`- mod_default_bookmarks`
prosody: Load mod_firewall 2020-01-31 19:57:54 +00:00			`- mod_firewall`
Flesh out coturn config, autodiscover external IP 2020-05-12 14:10:59 +00:00			`- mod_turncredentials`
Update update checks so they hopefully work 2020-11-11 16:50:30 +00:00			`- mod_admin_notify`
Add modules required for web portal 2021-01-22 12:39:07 +00:00			`- mod_http_oauth2`
			`- mod_http_admin_api`
			`- mod_rest`
prosody: Broad update to upstream (prosody-modules) where appropriate 2021-01-27 13:11:36 +00:00			`- mod_groups_migration`
			`- mod_invites`
			`- mod_invites_adhoc`
			`- mod_invites_api`
			`- mod_invites_groups`
			`- mod_invites_page`
			`- mod_invites_register`
			`- mod_invites_register_api`
			`- mod_invites_tracking`
prosody: Add mod_groups_internal from prosody-modules 2021-01-27 13:56:07 +00:00			`- mod_groups_internal`
Import fixes from prosody-modules - Fix room destruction of circle rooms when circle is deleted or fails to be created (fixes #17) - Add circle rooms to bookmarks of (newly added) members (fixes #16) 2021-02-04 15:18:06 +00:00			`- mod_groups_muc_bookmarks`
prosody: Re-add some modules that we're still using (for now) 2021-01-29 17:31:33 +00:00			`- mod_muc_defaults`
			`- mod_muc_local_only`
prosody: Add mod_http_host_status_check 2021-03-10 14:37:19 +00:00			`- mod_http_host_status_check`
Expose prosody metrics to the web portal This requires mod_measure_process loaded and a recent version of mod_http_admin_api to expose the metrics to the web portal in a reduced and specialized form. 2021-05-27 16:03:48 +00:00			`- mod_measure_process`
Allow to load the prometheus exposition module based on env vars Useful for monitoring. 2021-05-27 16:04:35 +00:00			`- mod_prometheus`
Add and enable mod_spam_reporting/mod_watch_spam_reports 2021-08-26 18:42:26 +00:00			`- mod_spam_reporting`
			`- mod_watch_spam_reports`
Initial commit 2020-01-31 13:46:46 +00:00
prosody: Add mod_http_host_status_check 2021-03-10 14:37:19 +00:00			`- name: Enable wanted modules (snikket-modules)`
Initial commit 2020-01-31 13:46:46 +00:00			`file:`
			`state: link`
			`src: "/usr/local/lib/snikket-modules/{{item}}"`
			`dest: "/etc/prosody/modules/{{item}}"`
			`loop:`
			`- mod_update_check`
Update update checks so they hopefully work 2020-11-11 16:50:30 +00:00			`- mod_update_notify`
prosody: Add new module mod_invites_default_group to add the default group to in-app invites 2021-01-28 21:28:40 +00:00			`- mod_invites_default_group`
mod_invites_bootstrap: Module/API to create initial admin invite at startup 2021-03-09 16:33:12 +00:00			`- mod_invites_bootstrap`
prosody: Add module to expose stable client id across sessions 2021-10-18 12:50:36 +00:00			`- mod_snikket_client_id`
prosody: Add new module to load push registration for new sessions 2021-10-18 13:15:56 +00:00			`- mod_snikket_ios_preserve_push`
prosody: Add lua-luaossl for mod_cloud_notify_encrypted 2021-01-27 18:07:27 +00:00
			`- name: "Install lua-ossl for encrypted push notifications"`
			`apt:`
			`name: lua-luaossl`
			`state: present`
			`install_recommends: no`
Add lua-unbound for more robust DNS resolution 2021-03-15 19:55:33 +00:00
			`- name: "Fetch luaunbound source"`
			`get_url:`
Update luaunbound source URL while code.zash.se is offline 2021-08-27 06:49:37 +00:00			`#url: https://code.zash.se/dl/luaunbound/luaunbound-0.5.tar.gz`
			`url: https://matthewwild.co.uk/uploads/luaunbound-0.5.tar.gz`
Add lua-unbound for more robust DNS resolution 2021-03-15 19:55:33 +00:00			`sha256sum: a6564ac1cca6bb350576eb2a5cfa03adb0aafd4f99d6cd491bd8028d046c62a7`
			`dest: /tmp/luaunbound-0.5.tar.gz`

			`- name: "Extract luaunbound"`
			`unarchive:`
			`src: /tmp/luaunbound-0.5.tar.gz`
			`remote_src: yes`
			`dest: /tmp`

			`- name: "Install libunbound-dev"`
			`apt:`
			`name:`
			`- libunbound8`
			`- libunbound-dev`
			`- liblua5.2-dev`
			`state: present`

			`- name: "Build luaunbound"`
			`make:`
			`chdir: /tmp/luaunbound-0.5`

			`- name: "Install luaunbound"`
			`make:`
			`chdir: /tmp/luaunbound-0.5`
			`target: install`

			`- name: "Remove luaunbound source"`
			`file:`
			`path: /tmp/luaunbound-0.5`
			`state: absent`

			`- name: "Remove libunbound-dev"`
			`apt:`
			`name:`
			`- libunbound-dev`
			`- liblua5.2-dev`
			`state: absent`