Merge pull request 'pottwal: Add prosody docker container' (!25) from alex/netz39-infra-ansible:prosody into master

Reviewed-on: https://gitea.n39.eu/Netz39_Admin/netz39-infra-ansible/pulls/25
Reviewed-by: tux <tux@netz39.de>

holmium.yml

@@ -9,10 +9,6 @@
     - role: nginx-https-ingress
       vars:
         ingress:
-          - server: helium
-            hosts:
-              - name: jabber.n39.eu
-              - name: conference.jabber.n39.eu
           - server: kant
             hosts:
               - name: spaceapi.n39.eu
@@ -29,6 +25,8 @@
               - name: pad.n39.eu
               - name: brotherql-web.n39.eu
                 local: true
+              - name: jabber.n39.eu
+              - name: conference.jabber.n39.eu
           - server: radon
             hosts:
               - name: nodered.n39.eu

pottwal.yml

@@ -12,6 +12,10 @@
     shlink_host_port: 8083
     shlink_domain_name: sl.n39.eu
 
+    prosody_data_dir: "{{ data_dir }}/prosody"
+    prosody_domain_name: jabber.n39.eu
+    jabber_host_port: 8086
+
     hedgedoc_host_port: 8084
     hedgedoc_image: quay.io/hedgedoc/hedgedoc:1.9.3
 
@@ -25,11 +29,15 @@
       vars:
         dehydrated_contact_email: "{{ server_admin }}"
         dehydrated_domains:
-        - name: gitea.n39.eu
+          - name: gitea.n39.eu
-        - name: uritools.n39.eu
+          - name: uritools.n39.eu
-        - name: uritools-api.n39.eu
+          - name: uritools-api.n39.eu
-        - name: sl.n39.eu
+          - name: sl.n39.eu
-        - name: pad.n39.eu
+          - name: pad.n39.eu
+          - name: "{{ prosody_domain_name }}"
+            alternate_names:
+              - conference.jabber.n39.eu
+            deploy_cert_hook: "docker exec prosody prosodyctl --root cert import ${DOMAIN} /var/lib/dehydrated/certs"
     - role: penguineer.dehydrated_cron
     - role: dd24-dyndns-cron
       # variables are set in the inventory
@@ -119,6 +127,58 @@
         site_name: "{{ shlink_domain_name }}"
         proxy_port: "{{ shlink_host_port }}"
 
+    - name: Check if prosody data dir exists
+      ansible.builtin.stat:
+        path: "{{ prosody_data_dir }}"
+      register: prosody_dir
+    - name: Fail if prosody data dir does not exist
+      ansible.builtin.fail:
+        msg: "prosody data dir is missing, please restore from the backup!"
+      when: not prosody_dir.stat.exists
+
+    - name: Ensure container for prosody XMPP server is running
+      docker_container:
+        name: prosody
+        image: netz39/prosody:0.11
+        pull: true
+        state: started
+        detach: true
+        restart_policy: unless-stopped
+        ports:
+          # container offers more ports, depends on actual prosody configuration
+          - 5222:5222   # xmpp-client
+          - 5269:5269   # xmpp-server
+        volumes:
+          - "{{ prosody_data_dir }}/etc/prosody:/etc/prosody:rw"
+          - "{{ prosody_data_dir }}/var/lib/prosody:/var/lib/prosody:rw"
+          - "{{ prosody_data_dir }}/var/log/prosody:/var/log/prosody:rw"
+          - "{{ dehydrated_certs_dir }}/{{ prosody_domain_name }}:/var/lib/dehydrated/certs/{{ prosody_domain_name }}:ro"
+
+    - name: Ensure container for static XMPP website is running
+      docker_container:
+        name: jabber-static-website
+        image: joseluisq/static-web-server:2.13.1
+        pull: true
+        state: started
+        detach: true
+        restart_policy: unless-stopped
+        env:
+          SERVER_HOST=127.0.0.1
+          SERVER_PORT=80
+          SERVER_ROOT=/public
+        ports:
+          - "127.0.0.1:{{ jabber_host_port }}:80"
+        volumes:
+          - "{{ prosody_data_dir }}/var/www:/public:ro"
+
+    - name: Setup proxy site {{ prosody_domain_name }}
+      # point to static website for now
+      include_role:
+        name: setup-http-site-proxy
+      vars:
+        site_name: "{{ prosody_domain_name }}"
+        proxy_port: "{{ jabber_host_port }}"
+
     - name: Check if hedgedoc data dir exists
       ansible.builtin.stat:
         path: "{{ data_dir }}/hedgedoc"