--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/provision/roles/tram-im/defaults/main.yml	Sat Mar 19 01:03:43 2016 +0800
@@ -0,0 +1,3 @@
+---
+admin_jid: admin@{{ domain }}
+...

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/provision/roles/tram-im/tasks/appinstall.yml	Sat Mar 19 01:03:43 2016 +0800
@@ -0,0 +1,16 @@
+---
+- name: Make sure project directory exists
+  file: path={{ dir }} state=directory
+
+- name: Make sure vendor directory exists
+  file: path={{ dir }}/vendor state=directory
+
+- name: Clone Strophe.js
+  git: repo=https://github.com/strophe/strophejs.git dest={{ dir }}/vendor/strophejs
+
+- name: Clone Strophe.js plugins
+  git: repo=https://github.com/strophe/strophejs-plugins.git dest={{ dir }}/vendor/strophejs-plugins
+
+- name: Download WebRTC adapter
+  get_url: url=https://webrtc.github.io/adapter/adapter-1.0.4.js dest={{ dir }}/vendor/webrtc-adapter-1.0.4.js
+...

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/provision/roles/tram-im/tasks/main.yml	Sat Mar 19 01:03:43 2016 +0800
@@ -0,0 +1,38 @@
+---
+- name: Set hostnames
+  lineinfile: dest=/etc/hosts line='{{ ansible_all_ipv4_addresses[0] }} {{ domain }} muc.{{ domain }}'
+  when: ansible_virtualization_type == "virtualbox"
+
+- name: Install packages
+  apt: pkg={{ item }} state=present
+  with_items:
+    - git # for 3rd-party libraries
+  tags: [packages]
+
+- name: Create user
+  user: name=tram-im
+
+- include: appinstall.yml dir=/home/tram-im/tram-im/
+  sudo: yes
+  sudo_user: tram-im
+
+- name: Add Prosody VirtualHost
+  template: src=etc/prosody/conf.avail/tram-im.cfg.lua dest=/etc/prosody/conf.avail/{{ domain }}.cfg.lua
+  notify:
+    - restart prosody
+
+- name: Enable Prosody VirtualHost
+  file: src=/etc/prosody/conf.avail/{{ domain }}.cfg.lua dest=/etc/prosody/conf.d/{{ domain }}.cfg.lua state=link
+  notify:
+    - restart prosody
+
+- name: Add BOSH proxy Nginx site
+  template: src=etc/nginx/sites-available/tram-im dest=/etc/nginx/sites-available/{{ domain }}
+  notify:
+    - restart nginx
+
+- name: Enable BOSH proxy Nginx site
+  file: src=/etc/nginx/sites-available/{{ domain }} dest=/etc/nginx/sites-enabled/50{{ domain }} state=link
+  notify:
+    - restart nginx
+...

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/provision/roles/tram-im/templates/etc/nginx/sites-available/tram-im	Sat Mar 19 01:03:43 2016 +0800
@@ -0,0 +1,62 @@
+types {
+    text/coffeescript coffee;
+}
+
+server {
+    server_name {{ domain }};
+
+    listen 80;
+    listen [::]:80;
+
+    access_log /var/log/nginx/{{ domain }}.access.log;
+    error_log /var/log/nginx/{{ domain }}.error.log;
+
+    return 301 https://{{ domain }}$request_uri;
+}
+
+server {
+    server_name {{ domain }};
+
+    listen 443 ssl spdy;
+    listen [::]:443 ssl spdy;
+
+    ssl_certificate {{ ssl_cert }};
+    ssl_certificate_key {{ ssl_key }};
+    ssl_dhparam /etc/nginx/dh-2048.pem;
+    ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
+    ssl_session_cache shared:SSL:1m;
+    ssl_session_timeout 10m;
+
+    # OCSP
+    ssl_stapling on;
+    resolver 8.8.8.8 [2001:4860:4860::8888] 8.8.4.4 [2001:4860:4860::8844];
+    resolver_timeout 5s;
+
+    # access from <frame | iframe | object>: DENY | SAMEORIGIN | ALLOW-FROM uri
+    add_header X-Frame-Options 'SAMEORIGIN';
+
+    # HSTS: 31536000 = 365 days (set to 0 to expire and allow plain HTTP)
+    add_header Strict-Transport-Security 'max-age=31536000';
+
+    add_header Cache-Control private;
+
+    access_log /var/log/nginx/{{ domain }}.access.log;
+    error_log /var/log/nginx/{{ domain }}.error.log;
+
+    client_max_body_size 1M;
+    keepalive_timeout 5;
+
+    location / {
+        root /home/tram-im/tram-im;
+        expires max;
+        access_log off;
+    }
+
+    location /http-bind {
+        proxy_pass https://127.0.0.1:5281/http-bind;
+        proxy_set_header Host $host;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_buffering off;
+        tcp_nodelay on;
+    }
+}

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/provision/roles/tram-im/templates/etc/prosody/conf.avail/tram-im.cfg.lua	Sat Mar 19 01:03:43 2016 +0800
@@ -0,0 +1,31 @@
+plugin_paths = { "/var/lib/prosody/extra-modules" }
+
+http_interfaces = { }
+https_interfaces = { "127.0.0.1" }
+
+VirtualHost "{{ domain }}"
+
+admins = { "{{ admin_jid }}" }
+
+ssl = {
+	key = "/etc/ssl/selfsigned/muc.{{ domain }}/clean.key";
+	certificate = "/etc/ssl/selfsigned/muc.{{ domain }}/selfsigned.pem";
+	dhparam = "/etc/prosody/dh-2048.pem";
+}
+
+modules_enabled = { "register", "vcard", "bosh" }
+modules_disabled = { "s2s" }
+
+allow_registration = true
+authentication = "internal_hashed"
+
+Component "muc.{{ domain }}" "muc"
+	name = "Multi-user chat on {{ domain }}"
+	restrict_room_creation = "local"
+	--modules_enabled = { "mam_muc" } -- Currently alpha
+
+--[[
+Component "proxy65.{{ domain }}" "proxy65"
+	proxy65_acl = { "{{ domain }}" }
+	modules_enabled = { "http_upload" }
+]]--

--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/contrib/provision/roles/tram-im/vars/main.yml	Sat Mar 19 01:03:43 2016 +0800
@@ -0,0 +1,4 @@
+---
+ssl_cert: /etc/ssl/selfsigned/{{ domain }}/selfsigned.pem
+ssl_key: /etc/ssl/selfsigned/{{ domain }}/clean.key
+...