Download:
child 7:f7a4a735f291
parent 5:4213233fc119
6:ff39be154d7d
Anton Shestakov <av6@dwimlabs.net>, Sat, 19 Mar 2016 01:03:43 +0800
provision: add tram-im role

6 файлов изменено, 154 вставок(+), 0 удалений(-) [+]
contrib/provision/roles/tram-im/defaults/main.yml file | annotate | diff | comparison | revisions
contrib/provision/roles/tram-im/tasks/appinstall.yml file | annotate | diff | comparison | revisions
contrib/provision/roles/tram-im/tasks/main.yml file | annotate | diff | comparison | revisions
contrib/provision/roles/tram-im/templates/etc/nginx/sites-available/tram-im file | annotate | diff | comparison | revisions
contrib/provision/roles/tram-im/templates/etc/prosody/conf.avail/tram-im.cfg.lua file | annotate | diff | comparison | revisions
contrib/provision/roles/tram-im/vars/main.yml file | annotate | diff | comparison | revisions
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/provision/roles/tram-im/defaults/main.yml Sat Mar 19 01:03:43 2016 +0800
@@ -0,0 +1,3 @@
+---
+admin_jid: admin@{{ domain }}
+...
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/provision/roles/tram-im/tasks/appinstall.yml Sat Mar 19 01:03:43 2016 +0800
@@ -0,0 +1,16 @@
+---
+- name: Make sure project directory exists
+ file: path={{ dir }} state=directory
+
+- name: Make sure vendor directory exists
+ file: path={{ dir }}/vendor state=directory
+
+- name: Clone Strophe.js
+ git: repo=https://github.com/strophe/strophejs.git dest={{ dir }}/vendor/strophejs
+
+- name: Clone Strophe.js plugins
+ git: repo=https://github.com/strophe/strophejs-plugins.git dest={{ dir }}/vendor/strophejs-plugins
+
+- name: Download WebRTC adapter
+ get_url: url=https://webrtc.github.io/adapter/adapter-1.0.4.js dest={{ dir }}/vendor/webrtc-adapter-1.0.4.js
+...
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/provision/roles/tram-im/tasks/main.yml Sat Mar 19 01:03:43 2016 +0800
@@ -0,0 +1,38 @@
+---
+- name: Set hostnames
+ lineinfile: dest=/etc/hosts line='{{ ansible_all_ipv4_addresses[0] }} {{ domain }} muc.{{ domain }}'
+ when: ansible_virtualization_type == "virtualbox"
+
+- name: Install packages
+ apt: pkg={{ item }} state=present
+ with_items:
+ - git # for 3rd-party libraries
+ tags: [packages]
+
+- name: Create user
+ user: name=tram-im
+
+- include: appinstall.yml dir=/home/tram-im/tram-im/
+ sudo: yes
+ sudo_user: tram-im
+
+- name: Add Prosody VirtualHost
+ template: src=etc/prosody/conf.avail/tram-im.cfg.lua dest=/etc/prosody/conf.avail/{{ domain }}.cfg.lua
+ notify:
+ - restart prosody
+
+- name: Enable Prosody VirtualHost
+ file: src=/etc/prosody/conf.avail/{{ domain }}.cfg.lua dest=/etc/prosody/conf.d/{{ domain }}.cfg.lua state=link
+ notify:
+ - restart prosody
+
+- name: Add BOSH proxy Nginx site
+ template: src=etc/nginx/sites-available/tram-im dest=/etc/nginx/sites-available/{{ domain }}
+ notify:
+ - restart nginx
+
+- name: Enable BOSH proxy Nginx site
+ file: src=/etc/nginx/sites-available/{{ domain }} dest=/etc/nginx/sites-enabled/50{{ domain }} state=link
+ notify:
+ - restart nginx
+...
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/provision/roles/tram-im/templates/etc/nginx/sites-available/tram-im Sat Mar 19 01:03:43 2016 +0800
@@ -0,0 +1,62 @@
+types {
+ text/coffeescript coffee;
+}
+
+server {
+ server_name {{ domain }};
+
+ listen 80;
+ listen [::]:80;
+
+ access_log /var/log/nginx/{{ domain }}.access.log;
+ error_log /var/log/nginx/{{ domain }}.error.log;
+
+ return 301 https://{{ domain }}$request_uri;
+}
+
+server {
+ server_name {{ domain }};
+
+ listen 443 ssl spdy;
+ listen [::]:443 ssl spdy;
+
+ ssl_certificate {{ ssl_cert }};
+ ssl_certificate_key {{ ssl_key }};
+ ssl_dhparam /etc/nginx/dh-2048.pem;
+ ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+ ssl_session_cache shared:SSL:1m;
+ ssl_session_timeout 10m;
+
+ # OCSP
+ ssl_stapling on;
+ resolver 8.8.8.8 [2001:4860:4860::8888] 8.8.4.4 [2001:4860:4860::8844];
+ resolver_timeout 5s;
+
+ # access from <frame | iframe | object>: DENY | SAMEORIGIN | ALLOW-FROM uri
+ add_header X-Frame-Options 'SAMEORIGIN';
+
+ # HSTS: 31536000 = 365 days (set to 0 to expire and allow plain HTTP)
+ add_header Strict-Transport-Security 'max-age=31536000';
+
+ add_header Cache-Control private;
+
+ access_log /var/log/nginx/{{ domain }}.access.log;
+ error_log /var/log/nginx/{{ domain }}.error.log;
+
+ client_max_body_size 1M;
+ keepalive_timeout 5;
+
+ location / {
+ root /home/tram-im/tram-im;
+ expires max;
+ access_log off;
+ }
+
+ location /http-bind {
+ proxy_pass https://127.0.0.1:5281/http-bind;
+ proxy_set_header Host $host;
+ proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+ proxy_buffering off;
+ tcp_nodelay on;
+ }
+}
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/provision/roles/tram-im/templates/etc/prosody/conf.avail/tram-im.cfg.lua Sat Mar 19 01:03:43 2016 +0800
@@ -0,0 +1,31 @@
+plugin_paths = { "/var/lib/prosody/extra-modules" }
+
+http_interfaces = { }
+https_interfaces = { "127.0.0.1" }
+
+VirtualHost "{{ domain }}"
+
+admins = { "{{ admin_jid }}" }
+
+ssl = {
+ key = "/etc/ssl/selfsigned/muc.{{ domain }}/clean.key";
+ certificate = "/etc/ssl/selfsigned/muc.{{ domain }}/selfsigned.pem";
+ dhparam = "/etc/prosody/dh-2048.pem";
+}
+
+modules_enabled = { "register", "vcard", "bosh" }
+modules_disabled = { "s2s" }
+
+allow_registration = true
+authentication = "internal_hashed"
+
+Component "muc.{{ domain }}" "muc"
+ name = "Multi-user chat on {{ domain }}"
+ restrict_room_creation = "local"
+ --modules_enabled = { "mam_muc" } -- Currently alpha
+
+--[[
+Component "proxy65.{{ domain }}" "proxy65"
+ proxy65_acl = { "{{ domain }}" }
+ modules_enabled = { "http_upload" }
+]]--
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/provision/roles/tram-im/vars/main.yml Sat Mar 19 01:03:43 2016 +0800
@@ -0,0 +1,4 @@
+---
+ssl_cert: /etc/ssl/selfsigned/{{ domain }}/selfsigned.pem
+ssl_key: /etc/ssl/selfsigned/{{ domain }}/clean.key
+...