aboutsummaryrefslogtreecommitdiffstats
path: root/roles/znc/tasks/znc.yml
diff options
context:
space:
mode:
Diffstat (limited to 'roles/znc/tasks/znc.yml')
-rw-r--r--roles/znc/tasks/znc.yml65
1 files changed, 65 insertions, 0 deletions
diff --git a/roles/znc/tasks/znc.yml b/roles/znc/tasks/znc.yml
new file mode 100644
index 0000000..e5f7ab5
--- /dev/null
+++ b/roles/znc/tasks/znc.yml
@@ -0,0 +1,65 @@
+# more or less as per http://wiki.znc.in/Running_ZNC_as_a_system_daemon
+
+- name: Install znc
+ apt: pkg={{ item }} state=installed
+ with_items:
+ - znc
+
+- name: Create znc group
+ group: name=znc state=present
+
+- name: Create znc user
+ user: name=znc state=present home=/usr/lib/znc system=yes group=znc shell=/usr/sbin/nologin
+
+- name: Ensure pid directory exists
+ file: state=directory path=/var/run/znc group=znc owner=znc
+
+- name: Ensure configuration folders exist
+ file: state=directory path=/usr/lib/znc/{{ item }} group=znc owner=znc
+ with_items:
+ - moddata
+ - modules
+ - users
+
+- name: Copy znc service file into place
+ copy: src=etc_systemd_system_znc.service dest=/etc/systemd/system/znc.service mode=0644
+
+- name: Create a combined version of the SSL private key and full certificate chain
+ shell: cat /etc/letsencrypt/live/{{ domain }}/privkey.pem
+ /etc/letsencrypt/live/{{ domain }}/fullchain.pem >
+ /usr/lib/znc/znc.pem
+ creates=/usr/lib/znc/znc.pem
+ notify: restart znc
+
+- name: Update post-certificate-renewal task
+ template:
+ src: etc_letsencrypt_postrenew_znc.sh.j2
+ dest: /etc/letsencrypt/postrenew/znc.sh
+ owner: root
+ group: root
+ mode: 0755
+
+- name: Ensure znc user and group can read cert
+ file: path=/usr/lib/znc/znc.pem group=znc owner=znc mode=0640
+ notify: restart znc
+
+- name: Check for existing config file
+ command: cat /usr/lib/znc/configs/znc.conf
+ register: znc_config
+ ignore_errors: True
+ changed_when: False # never report as "changed"
+
+- name: Create znc config directory
+ file: state=directory path=/usr/lib/znc/configs group=znc owner=znc
+
+- name: Copy znc configuration file into place
+ template: src=usr_lib_znc_configs_znc.conf.j2 dest=/usr/lib/znc/configs/znc.conf owner=znc group=znc
+ when: znc_config.rc != 0
+ notify: restart znc
+
+- name: Set firewall rule for znc
+ ufw: rule=allow port=6697 proto=tcp
+ tags: ufw
+
+- name: Ensure znc is a system service
+ service: name=znc state=restarted enabled=true
generated by cgit v1.2.3 (git 2.39.1) at 2024-05-04 12:41:53 +0000