From bd89c96fbb6ca3fbe73e219bd2ad254bece9c4be Mon Sep 17 00:00:00 2001 From: Alexander Dahl Date: Sun, 30 Jan 2022 11:39:05 +0100 Subject: [PATCH 01/14] :whale: pottwal: Add prosody docker container The service should be moved away from helium.n39.eu into a container. --- pottwal.yml | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/pottwal.yml b/pottwal.yml index b5c796d..aaa525a 100644 --- a/pottwal.yml +++ b/pottwal.yml @@ -12,6 +12,8 @@ shlink_host_port: 8083 shlink_domain_name: sl.n39.eu + prosody_data: "{{ data_dir }}/prosody" + hedgedoc_host_port: 8084 hedgedoc_image: quay.io/hedgedoc/hedgedoc:1.9.3 @@ -119,6 +121,25 @@ site_name: "{{ shlink_domain_name }}" proxy_port: "{{ shlink_host_port }}" + - name: Ensure container for prosody XMPP server is running + docker_container: + name: prosody + image: netz39/prosody:0.11 + pull: true + state: started + detach: true + restart_policy: unless-stopped + ports: + # container offers more ports, depends on actual prosody configuration + - 5222:5222 # xmpp-client + - 5269:5269 # xmpp-server + volumes: + - "{{ prosody_data }}/etc/prosody:/etc/prosody:rw" + - "{{ prosody_data }}/var/lib/prosody:/var/lib/prosody:rw" + - "{{ prosody_data }}/var/log/prosody:/var/log/prosody:rw" + # TODO Migrate to dehydrated role + # - /var/lib/dehydrated:/var/lib/dehydrated:ro + - name: Check if hedgedoc data dir exists ansible.builtin.stat: path: "{{ data_dir }}/hedgedoc" From caf1e0e12321285ab6ded88ee19b09541605ebad Mon Sep 17 00:00:00 2001 From: Alexander Dahl Date: Thu, 15 Sep 2022 20:41:54 +0200 Subject: [PATCH 02/14] :whale: pottwal: Add container hosting static website for XMPP --- pottwal.yml | 18 ++++++++++++++++++ 1 file changed, 18 insertions(+) diff --git a/pottwal.yml b/pottwal.yml index aaa525a..e8758a1 100644 --- a/pottwal.yml +++ b/pottwal.yml @@ -13,6 +13,7 @@ shlink_domain_name: sl.n39.eu prosody_data: "{{ data_dir }}/prosody" + jabber_host_port: 8086 hedgedoc_host_port: 8084 hedgedoc_image: quay.io/hedgedoc/hedgedoc:1.9.3 @@ -140,6 +141,23 @@ # TODO Migrate to dehydrated role # - /var/lib/dehydrated:/var/lib/dehydrated:ro + - name: Ensure container for static XMPP website is running + docker_container: + name: jabber-static-website + image: joseluisq/static-web-server:latest + pull: true + state: started + detach: true + restart_policy: unless-stopped + env: + SERVER_HOST=127.0.0.1 + SERVER_PORT=80 + SERVER_ROOT=/public + ports: + - "127.0.0.1:{{ jabber_host_port }}:80" + volumes: + - "{{ prosody_data }}/var/www:/public:ro" + - name: Check if hedgedoc data dir exists ansible.builtin.stat: path: "{{ data_dir }}/hedgedoc" From e9ca246090a1712f26653ebf620a042a2f1f925b Mon Sep 17 00:00:00 2001 From: Alexander Dahl Date: Fri, 8 Jul 2022 07:16:55 +0200 Subject: [PATCH 03/14] :web: pottwal: Prepare reverse proxy for prosody XMPP/Jabber server The container can serve HTTP for yet unknown reasons, but that port is not yet exposed. Do NOT confuse this with the old static website jabber.n39.eu which was decoupled from prosody and plain HTML only. The reverse proxy is used to make the static website available, and to let dehydrated renew the certs. The certs are used for https to the static website _and_ for the XMPP server itself! --- pottwal.yml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/pottwal.yml b/pottwal.yml index e8758a1..ba721da 100644 --- a/pottwal.yml +++ b/pottwal.yml @@ -158,6 +158,14 @@ volumes: - "{{ prosody_data }}/var/www:/public:ro" + - name: Setup proxy site jabber.n39.eu + # point to static website for now + include_role: + name: setup-http-site-proxy + vars: + site_name: "jabber.n39.eu" + proxy_port: "{{ jabber_host_port }}" + - name: Check if hedgedoc data dir exists ansible.builtin.stat: path: "{{ data_dir }}/hedgedoc" From fdc923263f30b456e99a15c2825de3de9e2a5741 Mon Sep 17 00:00:00 2001 From: Alexander Dahl Date: Thu, 8 Sep 2022 21:41:01 +0200 Subject: [PATCH 04/14] :beers: pottwal: jabber/prosody: Add deploy cert hook Hook works outside of ansible in personal prosody instance. Hope I understood the template correctly, docs of dehydrated role are quite sparse on that. The dehydrated cert path variable is only available since recent change c4af7754b219 (":sparkles: Use variables to configure dehydrated locations"). Link: https://prosody.im/doc/certificates --- pottwal.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/pottwal.yml b/pottwal.yml index ba721da..f12f09e 100644 --- a/pottwal.yml +++ b/pottwal.yml @@ -33,6 +33,8 @@ - name: uritools-api.n39.eu - name: sl.n39.eu - name: pad.n39.eu + - name: jabber.n39.eu + deploy_cert_hook: "docker exec prosody prosodyctl --root cert import ${DOMAIN} /var/lib/dehydrated/certs" - role: penguineer.dehydrated_cron - role: dd24-dyndns-cron # variables are set in the inventory @@ -138,8 +140,7 @@ - "{{ prosody_data }}/etc/prosody:/etc/prosody:rw" - "{{ prosody_data }}/var/lib/prosody:/var/lib/prosody:rw" - "{{ prosody_data }}/var/log/prosody:/var/log/prosody:rw" - # TODO Migrate to dehydrated role - # - /var/lib/dehydrated:/var/lib/dehydrated:ro + - "{{ dehydrated_certs_dir }}/jabber.n39.eu:/var/lib/dehydrated/certs/jabber.n39.eu:ro" - name: Ensure container for static XMPP website is running docker_container: From 8c97012a8a9dd5afc7fbc7c586108dd3779e0e68 Mon Sep 17 00:00:00 2001 From: Alexander Dahl Date: Wed, 14 Sep 2022 21:55:03 +0200 Subject: [PATCH 05/14] :hammer: pottwal: Use variable for xmpp domain name --- pottwal.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/pottwal.yml b/pottwal.yml index f12f09e..f78ef9f 100644 --- a/pottwal.yml +++ b/pottwal.yml @@ -13,6 +13,7 @@ shlink_domain_name: sl.n39.eu prosody_data: "{{ data_dir }}/prosody" + prosody_domain_name: jabber.n39.eu jabber_host_port: 8086 hedgedoc_host_port: 8084 @@ -33,7 +34,7 @@ - name: uritools-api.n39.eu - name: sl.n39.eu - name: pad.n39.eu - - name: jabber.n39.eu + - name: "{{ prosody_domain_name }}" deploy_cert_hook: "docker exec prosody prosodyctl --root cert import ${DOMAIN} /var/lib/dehydrated/certs" - role: penguineer.dehydrated_cron - role: dd24-dyndns-cron @@ -140,7 +141,7 @@ - "{{ prosody_data }}/etc/prosody:/etc/prosody:rw" - "{{ prosody_data }}/var/lib/prosody:/var/lib/prosody:rw" - "{{ prosody_data }}/var/log/prosody:/var/log/prosody:rw" - - "{{ dehydrated_certs_dir }}/jabber.n39.eu:/var/lib/dehydrated/certs/jabber.n39.eu:ro" + - "{{ dehydrated_certs_dir }}/{{ prosody_domain_name }}:/var/lib/dehydrated/certs/{{ prosody_domain_name }}:ro" - name: Ensure container for static XMPP website is running docker_container: @@ -159,12 +160,12 @@ volumes: - "{{ prosody_data }}/var/www:/public:ro" - - name: Setup proxy site jabber.n39.eu + - name: Setup proxy site {{ prosody_domain_name }} # point to static website for now include_role: name: setup-http-site-proxy vars: - site_name: "jabber.n39.eu" + site_name: "{{ prosody_domain_name }}" proxy_port: "{{ jabber_host_port }}" - name: Check if hedgedoc data dir exists From 75b51970694d6f19906620fb10b2db8876f824c3 Mon Sep 17 00:00:00 2001 From: Alexander Dahl Date: Wed, 14 Sep 2022 21:40:33 +0200 Subject: [PATCH 06/14] :rotating_light: pottwal: Fix indentation yamllint complained. --- pottwal.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/pottwal.yml b/pottwal.yml index f78ef9f..c180c5d 100644 --- a/pottwal.yml +++ b/pottwal.yml @@ -29,13 +29,13 @@ vars: dehydrated_contact_email: "{{ server_admin }}" dehydrated_domains: - - name: gitea.n39.eu - - name: uritools.n39.eu - - name: uritools-api.n39.eu - - name: sl.n39.eu - - name: pad.n39.eu - - name: "{{ prosody_domain_name }}" - deploy_cert_hook: "docker exec prosody prosodyctl --root cert import ${DOMAIN} /var/lib/dehydrated/certs" + - name: gitea.n39.eu + - name: uritools.n39.eu + - name: uritools-api.n39.eu + - name: sl.n39.eu + - name: pad.n39.eu + - name: "{{ prosody_domain_name }}" + deploy_cert_hook: "docker exec prosody prosodyctl --root cert import ${DOMAIN} /var/lib/dehydrated/certs" - role: penguineer.dehydrated_cron - role: dd24-dyndns-cron # variables are set in the inventory From 2dc0730efc1cbfbd9930f1d142d4f1ade7c68fdd Mon Sep 17 00:00:00 2001 From: Alexander Dahl Date: Thu, 15 Sep 2022 06:38:56 +0200 Subject: [PATCH 07/14] :wrench: pottwal: Add alternative cert name for XMPP MUC The config file /etc/dehydrated/domains.txt on the old host had this line before: jabber.n39.eu conference.jabber.n39.eu Link: https://github.com/24367dfa/ansible-role-dehydrated --- pottwal.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/pottwal.yml b/pottwal.yml index c180c5d..9108a29 100644 --- a/pottwal.yml +++ b/pottwal.yml @@ -35,6 +35,8 @@ - name: sl.n39.eu - name: pad.n39.eu - name: "{{ prosody_domain_name }}" + alternate_names: + - conference.jabber.n39.eu deploy_cert_hook: "docker exec prosody prosodyctl --root cert import ${DOMAIN} /var/lib/dehydrated/certs" - role: penguineer.dehydrated_cron - role: dd24-dyndns-cron From 3537e91e35bb018d49de901ea9fd80e01e68eda5 Mon Sep 17 00:00:00 2001 From: Alexander Dahl Date: Thu, 15 Sep 2022 08:03:59 +0200 Subject: [PATCH 08/14] :wrench: holmium: Move https ingress for XMPP server The http(s) stuff for jabber.n39.eu was a static page before. We point that to a static-webserver container on pottwal next to the xmpp server container for now. --- holmium.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/holmium.yml b/holmium.yml index 9d7682c..fd56750 100644 --- a/holmium.yml +++ b/holmium.yml @@ -9,10 +9,6 @@ - role: nginx-https-ingress vars: ingress: - - server: helium - hosts: - - name: jabber.n39.eu - - name: conference.jabber.n39.eu - server: kant hosts: - name: spaceapi.n39.eu @@ -29,6 +25,8 @@ - name: pad.n39.eu - name: brotherql-web.n39.eu local: true + - name: jabber.n39.eu + - name: conference.jabber.n39.eu - server: radon hosts: - name: nodered.n39.eu From e483d0f19c6ac9c34023e8111a8940493c9f555d Mon Sep 17 00:00:00 2001 From: Alexander Dahl Date: Thu, 15 Sep 2022 21:42:32 +0200 Subject: [PATCH 09/14] :ok_hand: pottwal: Check prosody data dir exists Suggested-by: Stefan Haun --- pottwal.yml | 19 ++++++++++++++----- 1 file changed, 14 insertions(+), 5 deletions(-) diff --git a/pottwal.yml b/pottwal.yml index 9108a29..b74d14b 100644 --- a/pottwal.yml +++ b/pottwal.yml @@ -12,7 +12,7 @@ shlink_host_port: 8083 shlink_domain_name: sl.n39.eu - prosody_data: "{{ data_dir }}/prosody" + prosody_data_dir: "{{ data_dir }}/prosody" prosody_domain_name: jabber.n39.eu jabber_host_port: 8086 @@ -127,6 +127,15 @@ site_name: "{{ shlink_domain_name }}" proxy_port: "{{ shlink_host_port }}" + - name: Check if prosody data dir exists + ansible.builtin.stat: + path: "{{ prosody_data_dir }}" + register: prosody_dir + - name: Fail if prosody data dir does not exist + ansible.builtin.fail: + msg: "prosody data dir is missing, please restore from the backup!" + when: not prosody.stat.exists + - name: Ensure container for prosody XMPP server is running docker_container: name: prosody @@ -140,9 +149,9 @@ - 5222:5222 # xmpp-client - 5269:5269 # xmpp-server volumes: - - "{{ prosody_data }}/etc/prosody:/etc/prosody:rw" - - "{{ prosody_data }}/var/lib/prosody:/var/lib/prosody:rw" - - "{{ prosody_data }}/var/log/prosody:/var/log/prosody:rw" + - "{{ prosody_data_dir }}/etc/prosody:/etc/prosody:rw" + - "{{ prosody_data_dir }}/var/lib/prosody:/var/lib/prosody:rw" + - "{{ prosody_data_dir }}/var/log/prosody:/var/log/prosody:rw" - "{{ dehydrated_certs_dir }}/{{ prosody_domain_name }}:/var/lib/dehydrated/certs/{{ prosody_domain_name }}:ro" - name: Ensure container for static XMPP website is running @@ -160,7 +169,7 @@ ports: - "127.0.0.1:{{ jabber_host_port }}:80" volumes: - - "{{ prosody_data }}/var/www:/public:ro" + - "{{ prosody_data_dir }}/var/www:/public:ro" - name: Setup proxy site {{ prosody_domain_name }} # point to static website for now From 7e206a8e52e9b13b9300c36e4303cba8546d44e5 Mon Sep 17 00:00:00 2001 From: Alexander Dahl Date: Thu, 15 Sep 2022 21:45:36 +0200 Subject: [PATCH 10/14] :ok_hand: pottwal: Pin down tag for static-web-server container Suggested-by: Stefan Haun --- pottwal.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pottwal.yml b/pottwal.yml index b74d14b..f9c1dee 100644 --- a/pottwal.yml +++ b/pottwal.yml @@ -157,7 +157,7 @@ - name: Ensure container for static XMPP website is running docker_container: name: jabber-static-website - image: joseluisq/static-web-server:latest + image: joseluisq/static-web-server:2.11.0 pull: true state: started detach: true From 4a7a6d912ee456b1b1b2821074d21bc044125a9f Mon Sep 17 00:00:00 2001 From: Alexander Dahl Date: Wed, 28 Sep 2022 10:31:50 +0200 Subject: [PATCH 11/14] :arrow_up: pottwal: Bump static-web-server to v2.12.0 Link: https://github.com/joseluisq/static-web-server/releases/tag/v2.12.0 --- pottwal.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pottwal.yml b/pottwal.yml index f9c1dee..3421407 100644 --- a/pottwal.yml +++ b/pottwal.yml @@ -157,7 +157,7 @@ - name: Ensure container for static XMPP website is running docker_container: name: jabber-static-website - image: joseluisq/static-web-server:2.11.0 + image: joseluisq/static-web-server:2.12.0 pull: true state: started detach: true From 7467649f1e3ced08c188b28853d6158dff819a12 Mon Sep 17 00:00:00 2001 From: Alexander Dahl Date: Thu, 13 Oct 2022 07:57:03 +0200 Subject: [PATCH 12/14] :arrow_up: pottwal: Bump static-web-server to v2.13.0 Link: https://github.com/joseluisq/static-web-server/releases/tag/v2.13.0 --- pottwal.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pottwal.yml b/pottwal.yml index 3421407..e955e9f 100644 --- a/pottwal.yml +++ b/pottwal.yml @@ -157,7 +157,7 @@ - name: Ensure container for static XMPP website is running docker_container: name: jabber-static-website - image: joseluisq/static-web-server:2.12.0 + image: joseluisq/static-web-server:2.13.0 pull: true state: started detach: true From 7b3920a45670dd65973cad0484dcfe3c7594b871 Mon Sep 17 00:00:00 2001 From: Alexander Dahl Date: Mon, 17 Oct 2022 09:01:41 +0200 Subject: [PATCH 13/14] :arrow_up: pottwal: Bump static-web-server to v2.13.1 Link: https://github.com/joseluisq/static-web-server/releases/tag/v2.13.1 --- pottwal.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pottwal.yml b/pottwal.yml index e955e9f..d1666a1 100644 --- a/pottwal.yml +++ b/pottwal.yml @@ -157,7 +157,7 @@ - name: Ensure container for static XMPP website is running docker_container: name: jabber-static-website - image: joseluisq/static-web-server:2.13.0 + image: joseluisq/static-web-server:2.13.1 pull: true state: started detach: true From 236f45dfec929fee6fb2bc4f8b8e70b0ba800070 Mon Sep 17 00:00:00 2001 From: Alexander Dahl Date: Thu, 20 Oct 2022 21:57:33 +0200 Subject: [PATCH 14/14] :bug: Fix variable name Suggested-by: Stefan Haun --- pottwal.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/pottwal.yml b/pottwal.yml index d1666a1..bc784fc 100644 --- a/pottwal.yml +++ b/pottwal.yml @@ -134,7 +134,7 @@ - name: Fail if prosody data dir does not exist ansible.builtin.fail: msg: "prosody data dir is missing, please restore from the backup!" - when: not prosody.stat.exists + when: not prosody_dir.stat.exists - name: Ensure container for prosody XMPP server is running docker_container: