luke/ansible-roles/prosody/tasks/main.yaml, branch mainAnsible roles for nth.io infrastructure
https://src.nth.io/luke/ansible-roles/atom?h=main2026-04-06T02:19:55+00:00Harden role security: file permissions, service binding, no_log, strict defaults2026-04-06T02:19:55+00:00Luke Hoerstenluke@hoersten.org2026-04-06T02:19:55+00:00urn:sha1:06b69bd8def0aae07d3fb565d19193be1a8dfe20
- Add no_log: true to tasks that handle passwords/secrets
- Tighten config file permissions (0644 -> 0600/0640 where appropriate)
- Bind pleroma to 127.0.0.1 instead of 0.0.0.0
- Tighten ergo unix socket mode 0777 -> 0770
- Remove weak defaults; roles now fail explicitly if required vars not set
Fixed an error with overwriting certbot certs.2025-05-30T01:01:29+00:00Luke Hoerstenluke@hoersten.org2025-05-30T01:01:29+00:00urn:sha1:a6f6bf556cf28894ac21d41396397acbbda524d7Cleaned up always-changed status tasks.2024-07-29T17:41:57+00:00Luke Hoerstenluke@hoersten.org2024-07-29T17:41:57+00:00urn:sha1:874be10f6646a66cd0e994963b2746ad48f5b73eUse proper ssl cert config for prosody.2020-09-06T02:31:59+00:00Luke Hoerstenluke@hoersten.org2020-09-06T02:31:59+00:00urn:sha1:dbc6e0eca5171a87d0ee344df2650c4727c81040Added postgresql for prosody.2020-06-14T20:22:14+00:00Luke Hoerstenluke@hoersten.org2020-06-14T20:22:14+00:00urn:sha1:0301c507208ff895645e23b1d766438af795ebbcCopy prosody keys over.2020-06-14T19:50:21+00:00Luke Hoerstenluke@hoersten.org2020-06-14T19:50:21+00:00urn:sha1:2f583cf15c00744ed6799c06ed71fde73c7ba839Added prosody role.2020-05-14T13:25:10+00:00Luke Hoerstenluke@hoersten.org2020-05-14T13:25:10+00:00urn:sha1:85b09b3cbdaabbc8ee7e88247c78fb77ab81667b