DevOps/ansible-role-ejabberd
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Initial commit

Browse Source
This commit is contained in:
Eric Meehan 2026-02-06 14:49:53 -05:00
commit 50b3aaf8ba
Signed by: eric
GPG Key ID: B7DA729FBB8CA6E9
11 changed files with 742 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

38
README.md Normal file
View File

@ -0,0 +1,38 @@
Role Name
=========
A brief description of the role goes here.
Requirements
------------
Any pre-requisites that may not be covered by Ansible itself or the role should be mentioned here. For instance, if the role uses the EC2 module, it may be a good idea to mention in this section that the boto package is required.
Role Variables
--------------
A description of the settable variables for this role should go here, including any variables that are in defaults/main.yml, vars/main.yml, and any variables that can/should be set via parameters to the role. Any variables that are read from other roles and/or the global scope (ie. hostvars, group vars, etc.) should be mentioned here as well.
Dependencies
------------
A list of other roles hosted on Galaxy should go here, plus any details in regards to parameters that may need to be set for other roles, or variables that are used from other roles.
Example Playbook
----------------
Including an example of how to use your role (for instance, with variables passed in as parameters) is always nice for users too:
- hosts: servers
roles:
- { role: username.rolename, x: 42 }
License
-------
BSD
Author Information
------------------
An optional section for the role authors to include contact information, or a website (HTML is not allowed).

3
defaults/main.yml Normal file
View File

@ -0,0 +1,3 @@
#SPDX-License-Identifier: MIT-0
---
# defaults file for ansible-role-ejabberd

3
handlers/main.yml Normal file
View File

@ -0,0 +1,3 @@
#SPDX-License-Identifier: MIT-0
---
# handlers file for ansible-role-ejabberd

35
meta/main.yml Normal file
View File

@ -0,0 +1,35 @@
#SPDX-License-Identifier: MIT-0
galaxy_info:
author: your name
description: your role description
company: your company (optional)
# If the issue tracker for your role is not on github, uncomment the
# next line and provide a value
# issue_tracker_url: http://example.com/issue/tracker
# Choose a valid license ID from https://spdx.org - some suggested licenses:
# - BSD-3-Clause (default)
# - MIT
# - GPL-2.0-or-later
# - GPL-3.0-only
# - Apache-2.0
# - CC-BY-4.0
license: license (GPL-2.0-or-later, MIT, etc)
min_ansible_version: 2.1
# If this a Container Enabled role, provide the minimum Ansible Container version.
# min_ansible_container_version:
galaxy_tags: []
# List tags for your role here, one per line. A tag is a keyword that describes
# and categorizes the role. Users find roles by searching for tags. Be sure to
# remove the '[]' above, if you add tags to this list.
#
# NOTE: A tag is limited to a single word comprised of alphanumeric characters.
# Maximum 20 tags per role.
dependencies: []
# List your role dependencies here, one per line. Be sure to remove the '[]' above,
# if you add dependencies to this list.

BIN
tasks/.main.yml.swp Normal file
View File

Binary file not shown.

610
tasks/main.yml Normal file
View File

@ -0,0 +1,610 @@
#SPDX-License-Identifier: MIT-0
---
# tasks file for ansible-role-ejabberd
- name: namespace
k8s:
state: present
definition:
apiVersion: v1
kind: Namespace
metadata:
name: "{{ ejabberd_namespace }}"
- name: certificate
k8s:
state: present
definition:
apiVersion: cert-manager.io/v1
kind: Certificate
metadata:
name: ssl
namespace: "{{ ejabberd_namespace }}"
spec:
secretName: ssl
privateKey:
algorithm: RSA
encoding: PKCS1
size: 2048
duration: 2160h # 90d
renewBefore: 360h # 15d
isCA: false
usages:
- server auth
- client auth
subject:
organizations:
- EOM
commonName: eom.dev
dnsNames:
- ejabberd.eom.dev
issuerRef:
name: ca-issuer
kind: ClusterIssuer
- name: configmap
k8s:
state: present
definition:
apiVersion: v1
kind: ConfigMap
metadata:
name: config
namespace: "{{ ejabberd_namespace }}"
data:
ejabberd.yml: "{{ lookup('template', 'ejabberd.yml.j2') }}"
- name: pvc for data
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: data
namespace: "{{ ejabberd_namespace }}"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "{{ ejabberd_pvc_size_data }}"
- name: pvc for db
k8s:
state: present
definition:
apiVersion: v1
kind: PersistentVolumeClaim
metadata:
name: db
namespace: "{{ ejabberd_namespace }}"
spec:
accessModes:
- ReadWriteOnce
resources:
requests:
storage: "{{ ejabberd_pvc_size_db }}"
- name: deployment for ejabberd
k8s:
definition:
apiVersion: v1
kind: Deployment
metadata:
name: ejabberd
namespace: "{{ ejabberd_namespace }}"
spec:
replicas: 1
selector:
matchLabels:
app: ejabberd
template:
metadata:
labels:
app: ejabberd
spec:
containers:
- name: ejabberd
image: ejabberd/ecs
env:
- name: EJABBERD_MACRO_ADMIN
value: "{{ ejabberd_macro_admin }}"
- name: EJABBERD_MACRO_PASSWORD
value: "{{ ejabberd_macro_password }}"
volumeMounts:
- name: certs
mountPath: /etc/letsencrypt
- name: config
mountPath: /opt/ejabberd/conf/ejabberd.yml
subPath: ejabberd.yml
- name: data
mountPath: /opt/ejabberd/upload
- name: db
mountPath: /opt/ejabberd/database
ports:
- containerPort: 5222
- containerPort: 5269
- containerPort: 5280
- containerPort: 5443
- containerPort: 1880
- containerPort: 1883
- containerPort: 50000
- containerPort: 50001
- containerPort: 50002
- containerPort: 50003
- containerPort: 50004
- containerPort: 50005
- containerPort: 50006
- containerPort: 50007
- containerPort: 50008
- containerPort: 50009
- containerPort: 50010
- containerPort: 50011
- containerPort: 50012
- containerPort: 50013
- containerPort: 50014
- containerPort: 50015
- containerPort: 50016
- containerPort: 50017
- containerPort: 50018
- containerPort: 50019
- containerPort: 50020
- containerPort: 50021
- containerPort: 50022
- containerPort: 50023
- containerPort: 50024
- containerPort: 50025
- containerPort: 50026
- containerPort: 50027
- containerPort: 50028
- containerPort: 50029
- containerPort: 50030
- containerPort: 50031
- containerPort: 50032
- containerPort: 50033
- containerPort: 50034
- containerPort: 50035
- containerPort: 50036
- containerPort: 50037
- containerPort: 50038
- containerPort: 50039
- containerPort: 50040
- containerPort: 50041
- containerPort: 50042
- containerPort: 50043
- containerPort: 50044
- containerPort: 50045
- containerPort: 50046
- containerPort: 50047
- containerPort: 50048
- containerPort: 50049
- containerPort: 50050
- containerPort: 50051
- containerPort: 50052
- containerPort: 50053
- containerPort: 50054
- containerPort: 50055
- containerPort: 50056
- containerPort: 50057
- containerPort: 50058
- containerPort: 50059
- containerPort: 50060
- containerPort: 50061
- containerPort: 50062
- containerPort: 50063
- containerPort: 50064
- containerPort: 50065
- containerPort: 50066
- containerPort: 50067
- containerPort: 50068
- containerPort: 50069
- containerPort: 50070
- containerPort: 50071
- containerPort: 50072
- containerPort: 50073
- containerPort: 50074
- containerPort: 50075
- containerPort: 50076
- containerPort: 50077
- containerPort: 50078
- containerPort: 50079
- containerPort: 50080
- containerPort: 50081
- containerPort: 50082
- containerPort: 50083
- containerPort: 50084
- containerPort: 50085
- containerPort: 50086
- containerPort: 50087
- containerPort: 50088
- containerPort: 50089
- containerPort: 50090
- containerPort: 50091
- containerPort: 50092
- containerPort: 50093
- containerPort: 50094
- containerPort: 50095
- containerPort: 50096
- containerPort: 50097
- containerPort: 50098
- containerPort: 50099
- containerPort: 5210
- containerPort: 4369
- containerPort: 4370
- containerPort: 4371
- containerPort: 4372
- containerPort: 4373
- containerPort: 4374
- containerPort: 4375
- containerPort: 4376
- containerPort: 4377
- containerPort: 4378
- containerPort: 4379
- containerPort: 4380
- containerPort: 4381
- containerPort: 4382
- containerPort: 4383
- containerPort: 4384
- containerPort: 4385
- containerPort: 4386
- containerPort: 4387
- containerPort: 4388
- containerPort: 4389
- containerPort: 4390
- containerPort: 4391
- containerPort: 4392
- containerPort: 4393
- containerPort: 4394
- containerPort: 4395
- containerPort: 4396
- containerPort: 4397
- containerPort: 4398
- containerPort: 4399
volumes:
- name: data
persistentVolumeClaim:
claimName: data
- name: config
configMap:
name: config
- name: db
persistentVolumeClaim:
claimName: db
- name: service for ejabberd
k8s:
definition:
apiVersion: v1
kind: Service
metadata:
name: ejabberd
namespace: "{{ ejabberd_namespace }}"
spec:
selector:
app: ejabberd
ports:
- port: 5222
name: xmpp
- port: 5269
name: federation
- port: 5280
name: admin
- port: 5443
name: http
- port: 1880
name: admin2
- port: 1883
name: mqtt
- port: 5478
name: stun
- port: 50000
name: turn50000
- port: 50001
name: turn50001
- port: 50002
name: turn50002
- port: 50003
name: turn50003
- port: 50004
name: turn50004
- port: 50005
name: turn50005
- port: 50006
name: turn50006
- port: 50007
name: turn50007
- port: 50008
name: turn50008
- port: 50009
name: turn50009
- port: 50010
name: turn50010
- port: 50011
name: turn50011
- port: 50012
name: turn50012
- port: 50013
name: turn50013
- port: 50014
name: turn50014
- port: 50015
name: turn50015
- port: 50016
name: turn50016
- port: 50017
name: turn50017
- port: 50018
name: turn50018
- port: 50019
name: turn50019
- port: 50020
name: turn50020
- port: 50021
name: turn50021
- port: 50022
name: turn50022
- port: 50023
name: turn50023
- port: 50024
name: turn50024
- port: 50025
name: turn50025
- port: 50026
name: turn50026
- port: 50027
name: turn50027
- port: 50028
name: turn50028
- port: 50029
name: turn50029
- port: 50030
name: turn50030
- port: 50031
name: turn50031
- port: 50032
name: turn50032
- port: 50033
name: turn50033
- port: 50034
name: turn50034
- port: 50035
name: turn50035
- port: 50036
name: turn50036
- port: 50037
name: turn50037
- port: 50038
name: turn50038
- port: 50039
name: turn50039
- port: 50040
name: turn50040
- port: 50041
name: turn50041
- port: 50042
name: turn50042
- port: 50043
name: turn50043
- port: 50044
name: turn50044
- port: 50045
name: turn50045
- port: 50046
name: turn50046
- port: 50047
name: turn50047
- port: 50048
name: turn50048
- port: 50049
name: turn50049
- port: 50050
name: turn50050
- port: 50051
name: turn50051
- port: 50052
name: turn50052
- port: 50053
name: turn50053
- port: 50054
name: turn50054
- port: 50055
name: turn50055
- port: 50056
name: turn50056
- port: 50057
name: turn50057
- port: 50058
name: turn50058
- port: 50059
name: turn50059
- port: 50060
name: turn50060
- port: 50061
name: turn50061
- port: 50062
name: turn50062
- port: 50063
name: turn50063
- port: 50064
name: turn50064
- port: 50065
name: turn50065
- port: 50066
name: turn50066
- port: 50067
name: turn50067
- port: 50068
name: turn50068
- port: 50069
name: turn50069
- port: 50070
name: turn50070
- port: 50071
name: turn50071
- port: 50072
name: turn50072
- port: 50073
name: turn50073
- port: 50074
name: turn50074
- port: 50075
name: turn50075
- port: 50076
name: turn50076
- port: 50077
name: turn50077
- port: 50078
name: turn50078
- port: 50079
name: turn50079
- port: 50080
name: turn50080
- port: 50081
name: turn50081
- port: 50082
name: turn50082
- port: 50083
name: turn50083
- port: 50084
name: turn50084
- port: 50085
name: turn50085
- port: 50086
name: turn50086
- port: 50087
name: turn50087
- port: 50088
name: turn50088
- port: 50089
name: turn50089
- port: 50090
name: turn50090
- port: 50091
name: turn50091
- port: 50092
name: turn50092
- port: 50093
name: turn50093
- port: 50094
name: turn50094
- port: 50095
name: turn50095
- port: 50096
name: turn50096
- port: 50097
name: turn50097
- port: 50098
name: turn50098
- port: 50099
name: turn50099
- port: 7777
name: socks5
- port: 5210
name: erlang
- port: 4369
name: epmd4369
- port: 4370
name: epmd4370
- port: 4371
name: epmd4371
- port: 4372
name: epmd4372
- port: 4373
name: epmd4373
- port: 4374
name: epmd4374
- port: 4375
name: epmd4375
- port: 4376
name: epmd4376
- port: 4377
name: epmd4377
- port: 4378
name: epmd4378
- port: 4379
name: epmd4379
- port: 4380
name: epmd4380
- port: 4381
name: epmd4381
- port: 4382
name: epmd4382
- port: 4383
name: epmd4383
- port: 4384
name: epmd4384
- port: 4385
name: epmd4385
- port: 4386
name: epmd4386
- port: 4387
name: epmd4387
- port: 4388
name: epmd4388
- port: 4389
name: epmd4389
- port: 4390
name: epmd4390
- port: 4391
name: epmd4391
- port: 4392
name: epmd4392
- port: 4393
name: epmd4393
- port: 4394
name: epmd4394
- port: 4395
name: epmd4395
- port: 4396
name: epmd4396
- port: 4397
name: epmd4397
- port: 4398
name: epmd4398
- port: 4399
name: epmd4399
type: LoadBalancer
- name: onionservice
k8s:
definition:
apiVersion: tor.k8s.torproject.org/v1alpha2
kind: OnionService
metadata:
name: ejabberd
namespace: "{{ ejabberd_namespace }}"
spec:
version: 3
rules:
- port:
number: 5222
backend:
service:
name: ejabberd
port:
number: 5222
- name: ingress
k8s:
state: present
definition:
apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
annotations:
cert-manager.io/cluster-issuer: ca-issuer
name: ejabberd
namespace: "{{ ejabberd_namespace }}"
spec:
ingressClassName: nginx
rules:
- host: ejabberd.eom.dev
http:
paths:
- pathType: Prefix
path: /
backend:
service:
name: ejabberd
port:
number: 5280

BIN
templates/.ejabberd.yml.j2.swp Normal file
View File

Binary file not shown.

41
templates/ejabberd.yml.j2 Normal file
View File

@ -0,0 +1,41 @@
hosts:
- ejabberd.eom.dev
- jabber.eom.dev
certfiles:
- /etc/letsencrypt/tls.crt
- /etc/letsencrypt/tls.key
auth_method: ldap
ldap_servers:
- openldap.openldap.svc.cluster.local
ldap_port: 389
ldap_rootdn: "cn=readonly,dc=eom,dc=dev"
ldap_password: "{{ openldap_readonly_password }}"
ldap_filter: "(&(objectClass=posixAccount)(memberOf=cn=ejabberd users,ou=ejabberd,ou=Services,dc=eom,dc=dev))"
ldap_uids:
uid: "%u@eom.dev"
modules:
mod_vcard:
db_type: ldap
ldap_rootdn: "cn=readonly,dc=eom,dc=dev"
ldap_password: "{{ openldap_readonly_password }}"
ldap_base: "ou=People,dc=eom,dc=dev"
ldap_uids:
uid: "%u@eom.dev"
ldap_filter: "(&(objectClass=posixAccount)(memberOf=cn=ejabberd users,ou=ejabberd,ou=Services,dc=eom,dc=dev))"
ldap_vcard_map:
NICKNAME: {"%u": []}
GIVEN: {"%s": [givenName]}
FAMILY: {"%s": [sn]}
FN: {"%s, %s": [sn, givenName]}
EMAIL: {"%s": [mail]}
BDAY: {"%s": [birthDay]}
ldap_search_fields:
User: "%u"
Name: givenName
"Family Name": sn
Email: mail
Birthday: birthDay
ldap_search_reported:
"Full Name": FN
Nickname: NICKNAME
Birthday: BDAY

3
tests/inventory Normal file
View File

@ -0,0 +1,3 @@
#SPDX-License-Identifier: MIT-0
localhost

6
tests/test.yml Normal file
View File

@ -0,0 +1,6 @@
#SPDX-License-Identifier: MIT-0
---
- hosts: localhost
remote_user: root
roles:
- ansible-role-ejabberd

3
vars/main.yml Normal file
View File

@ -0,0 +1,3 @@
#SPDX-License-Identifier: MIT-0
---
# vars file for ansible-role-ejabberd