From dbc6e0eca5171a87d0ee344df2650c4727c81040 Mon Sep 17 00:00:00 2001
From: Luke Hoersten <luke@hoersten.org>
Date: Sat, 5 Sep 2020 21:31:59 -0500
Subject: Use proper ssl cert config for prosody.

---
 prosody/defaults/main.yaml           |  2 --
 prosody/files/prosody.sh             |  3 +++
 prosody/tasks/main.yaml              | 18 ++++++++----------
 prosody/templates/prosody.cfg.lua.j2 |  5 -----
 4 files changed, 11 insertions(+), 17 deletions(-)
 create mode 100644 prosody/files/prosody.sh

(limited to 'prosody')

diff --git a/prosody/defaults/main.yaml b/prosody/defaults/main.yaml
index 440d5c2..8e36a63 100644
--- a/prosody/defaults/main.yaml
+++ b/prosody/defaults/main.yaml
@@ -1,6 +1,4 @@
 ---
 
-prosody_ssl_dir: "/etc/prosody/certs/{{prosody_vhost}}"
-
 prosody_db: "prosody_{{prosody_instance}}"
 prosody_db_port: "5432"
diff --git a/prosody/files/prosody.sh b/prosody/files/prosody.sh
new file mode 100644
index 0000000..abe7e71
--- /dev/null
+++ b/prosody/files/prosody.sh
@@ -0,0 +1,3 @@
+#! /bin/bash
+
+prosodyctl --root cert import /etc/letsencrypt/live
diff --git a/prosody/tasks/main.yaml b/prosody/tasks/main.yaml
index e58cd0b..97e1f16 100644
--- a/prosody/tasks/main.yaml
+++ b/prosody/tasks/main.yaml
@@ -20,19 +20,17 @@
   template: src="prosody.cfg.lua.j2" dest="/etc/prosody/conf.avail/{{prosody_vhost}}.cfg.lua"
   notify: restart prosody
 
-- name: copy ssl keys
+- name: install letsencrypt ssl deploy hook
   become: yes
   copy:
-    src: "{{item}}"
-    dest: "{{prosody_ssl_dir}}/"
-    remote_src: yes
-    mode: "0640"
-    owner: "root"
-    group: "prosody"
+    src: "prosody.sh"
+    dest: "/etc/letsencrypt/renewal-hooks/deploy/prosody.sh"
+    mode: "0755"
+
+- name: run letsencrypt ssl deploy hook
+  become: yes
+  command: "/etc/letsencrypt/renewal-hooks/deploy/prosody.sh"
   notify: restart prosody
-  loop:
-    - "{{prosody_ssl_privkey_src}}"
-    - "{{prosody_ssl_cert_src}}"
 
 - name: install db schema file
   become: yes
diff --git a/prosody/templates/prosody.cfg.lua.j2 b/prosody/templates/prosody.cfg.lua.j2
index 32bc1a6..932464a 100644
--- a/prosody/templates/prosody.cfg.lua.j2
+++ b/prosody/templates/prosody.cfg.lua.j2
@@ -1,10 +1,5 @@
 VirtualHost "{{prosody_vhost}}"
 
-ssl = {
-    key = "{{prosody_ssl_privkey}}";
-    certificate = "{{prosody_ssl_cert}}";
-}
-
 storage = "sql"
 sql = {
     driver = "PostgreSQL";
-- 
cgit v1.2.3