--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/provision/roles/prosody/handlers/main.yml	Sat Mar 19 00:40:00 2016 +0800
@@ -0,0 +1,4 @@
+---
+- name: restart prosody
+  service: name=prosody state=restarted
+...

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/provision/roles/prosody/tasks/extra-modules.yml	Sat Mar 19 00:40:00 2016 +0800
@@ -0,0 +1,6 @@
+---
+- name: Fetch extra Prosody modules
+  hg: repo=https://hg.prosody.im/prosody-modules/ dest=/var/lib/prosody/extra-modules
+  notify:
+    - restart prosody
+...

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/provision/roles/prosody/tasks/main.yml	Sat Mar 19 00:40:00 2016 +0800
@@ -0,0 +1,40 @@
+---
+- name: Install server packages
+  apt: pkg={{ item }} state=present
+  with_items:
+    - mercurial # for extra modules
+    - prosody
+    - lua-event
+    - lua-sec
+  tags: [packages]
+
+- include: extra-modules.yml
+  sudo: yes
+  sudo_user: prosody
+
+- name: Generate a Diffie-Hellman key exchange parameters file
+  command: >
+    openssl dhparam
+    {% if ansible_virtualization_type == "virtualbox" %}-dsaparam{% endif %}
+    -out /etc/prosody/dh-2048.pem
+    2048
+  args:
+    creates: /etc/prosody/dh-2048.pem
+  notify:
+    - restart prosody
+
+- name: Work around default config bug
+  file: src=../../ssl/certs/ssl-cert-snakeoil.pem dest=/etc/prosody/certs/localhost.crt state=link
+  notify:
+    - restart prosody
+
+- name: Disable localhost VirtualHost
+  file: path=/etc/prosody/conf.d/localhost.cfg.lua state=absent
+  notify:
+    - restart prosody
+
+- name: Open ports
+  ufw: rule=allow port=xmpp-client proto=tcp
+  when: ansible_virtualization_type == "virtualbox"
+  tags: [ufw]
+...