Use proper ssl cert config for prosody.
authorLuke Hoersten <luke@hoersten.org>
Sat, 05 Sep 2020 21:31:59 -0500
changeset 138 591b6609fc64
parent 137 645c1e109921
child 139 4efa743f2fa1
Use proper ssl cert config for prosody.
prosody/defaults/main.yaml
prosody/files/prosody.sh
prosody/tasks/main.yaml
prosody/templates/prosody.cfg.lua.j2
--- a/prosody/defaults/main.yaml	Sat Sep 05 19:27:02 2020 -0500
+++ b/prosody/defaults/main.yaml	Sat Sep 05 21:31:59 2020 -0500
@@ -1,6 +1,4 @@
 ---
 
-prosody_ssl_dir: "/etc/prosody/certs/{{prosody_vhost}}"
-
 prosody_db: "prosody_{{prosody_instance}}"
 prosody_db_port: "5432"
--- /dev/null	Thu Jan 01 00:00:00 1970 +0000
+++ b/prosody/files/prosody.sh	Sat Sep 05 21:31:59 2020 -0500
@@ -0,0 +1,3 @@
+#! /bin/bash
+
+prosodyctl --root cert import /etc/letsencrypt/live
--- a/prosody/tasks/main.yaml	Sat Sep 05 19:27:02 2020 -0500
+++ b/prosody/tasks/main.yaml	Sat Sep 05 21:31:59 2020 -0500
@@ -20,19 +20,17 @@
   template: src="prosody.cfg.lua.j2" dest="/etc/prosody/conf.avail/{{prosody_vhost}}.cfg.lua"
   notify: restart prosody
 
-- name: copy ssl keys
+- name: install letsencrypt ssl deploy hook
   become: yes
   copy:
-    src: "{{item}}"
-    dest: "{{prosody_ssl_dir}}/"
-    remote_src: yes
-    mode: "0640"
-    owner: "root"
-    group: "prosody"
+    src: "prosody.sh"
+    dest: "/etc/letsencrypt/renewal-hooks/deploy/prosody.sh"
+    mode: "0755"
+
+- name: run letsencrypt ssl deploy hook
+  become: yes
+  command: "/etc/letsencrypt/renewal-hooks/deploy/prosody.sh"
   notify: restart prosody
-  loop:
-    - "{{prosody_ssl_privkey_src}}"
-    - "{{prosody_ssl_cert_src}}"
 
 - name: install db schema file
   become: yes
--- a/prosody/templates/prosody.cfg.lua.j2	Sat Sep 05 19:27:02 2020 -0500
+++ b/prosody/templates/prosody.cfg.lua.j2	Sat Sep 05 21:31:59 2020 -0500
@@ -1,10 +1,5 @@
 VirtualHost "{{prosody_vhost}}"
 
-ssl = {
-    key = "{{prosody_ssl_privkey}}";
-    certificate = "{{prosody_ssl_cert}}";
-}
-
 storage = "sql"
 sql = {
     driver = "PostgreSQL";