---
- name: Get secrets
ansible.builtin.set_fact:
ejabberd_secrets: "{{ lookup('community.hashi_vault.hashi_vault', 'ansible/data/ejabberd') }}"
- name: install
community.general.pacman:
name: ejabberd
state: present
- name: create DH group
ansible.builtin.command: openssl dhparam -out /etc/ejabberd/dhparams.pem 2048 creates=/etc/ejabberd/dhparams.pem
- name: create db user
community.general.postgresql_user:
name: ejabberd
password: "{{ ejabberd_secrets['psql_password'] }}"
become: true
become_user: postgres
no_log: true
- name: create db
community.general.postgresql_db:
name: ejabberd
owner: ejabberd
become: true
become_user: postgres
register: ejabberd_db
- name: get db schema
ansible.builtin.get_url:
url: https://raw.githubusercontent.com/processone/ejabberd/master/sql/pg.sql
dest: /tmp/pg.sql
owner: root
group: root
mode: 0644
when: ejabberd_db.changed
- name: import db schema
community.general.postgresql_db:
login_user: ejabberd
login_password: "{{ ejabberd_secrets['psql_password'] }}"
name: ejabberd
state: restore
target: /tmp/pg.sql
become: true
become_user: postgres
when: ejabberd_db.changed
no_log: true
- name: configure
ansible.builtin.template:
src: ejabberd.yml
dest: /etc/ejabberd/ejabberd.yml
owner: jabber
group: jabber
mode: 0600
notify: restart ejabberd
- name: Copy certificate
ansible.builtin.copy:
src: /etc/letsencrypt/live/xenrox.net/{{ item }}
dest: /var/lib/ejabberd/{{ item }}
remote_src: true
owner: jabber
group: jabber
mode: 0400
with_items:
- fullchain.pem
- privkey.pem
- name: start and enable
ansible.builtin.systemd:
name: ejabberd
enabled: true
state: started
- name: firewalld allow
ansible.posix.firewalld:
service: "{{ item }}"
state: enabled
permanent: true
immediate: true
with_items:
- xmpp-client
- xmpp-server
- name: create upload dir
ansible.builtin.file:
path: /var/www/ejabberd_upload
state: directory
owner: jabber
group: jabber
mode: 0755
- name: create well-known dir
ansible.builtin.file:
path: /etc/nginx/html/.well-known
state: directory
owner: http
group: http
mode: 0755
- name: copy host-meta
ansible.builtin.copy:
src: "{{ item }}"
dest: "/etc/nginx/html/.well-known/{{ item }}"
owner: http
group: http
mode: 0644
with_items:
- host-meta
- host-meta.json
- name: create xenrox user
community.general.ejabberd_user:
username: xenrox
host: xenrox.net
state: present
password: "{{ ejabberd_secrets['xenrox_password'] }}"
no_log: true
# NOTE: currently ansible always displays this module as changed
# wait for module update to remove changed_when
changed_when: false
- name: set jabber cron mailto
ansible.builtin.cron:
env: true
name: MAILTO
user: jabber
value: admin@xenrox.net
- name: set jabber cronjobs
ansible.builtin.cron:
name: "{{ item.name }}"
state: present
user: jabber
job: "chronic /usr/bin/ejabberdctl {{ item.job }}"
weekday: "1"
hour: "10"
minute: "15"
with_items:
- { name: delete expired messages, job: delete_expired_messages }
- { name: delete old mam messages, job: delete_old_mam_messages all 14 }
- { name: delete old messages, job: delete_old_messages 90 }
- { name: delete old push sessions, job: delete_old_push_sessions 90 }
- { name: delete unused users, job: delete_old_users 365 }
- name: Install certificate hook
ansible.builtin.copy:
src: ejabberd.hook
dest: /etc/letsencrypt/hook.d/ejabberd
owner: root
group: root
mode: 0755