diff options
Diffstat (limited to 'roles/znc/tasks')
| -rw-r--r-- | roles/znc/tasks/main.yml | 1 | ||||
| -rw-r--r-- | roles/znc/tasks/znc.yml | 65 |
2 files changed, 66 insertions, 0 deletions
diff --git a/roles/znc/tasks/main.yml b/roles/znc/tasks/main.yml new file mode 100644 index 0000000..4b2f51d --- /dev/null +++ b/roles/znc/tasks/main.yml @@ -0,0 +1 @@ +- include: znc.yml tags=znc
\ No newline at end of file diff --git a/roles/znc/tasks/znc.yml b/roles/znc/tasks/znc.yml new file mode 100644 index 0000000..e5f7ab5 --- /dev/null +++ b/roles/znc/tasks/znc.yml @@ -0,0 +1,65 @@ +# more or less as per http://wiki.znc.in/Running_ZNC_as_a_system_daemon + +- name: Install znc + apt: pkg={{ item }} state=installed + with_items: + - znc + +- name: Create znc group + group: name=znc state=present + +- name: Create znc user + user: name=znc state=present home=/usr/lib/znc system=yes group=znc shell=/usr/sbin/nologin + +- name: Ensure pid directory exists + file: state=directory path=/var/run/znc group=znc owner=znc + +- name: Ensure configuration folders exist + file: state=directory path=/usr/lib/znc/{{ item }} group=znc owner=znc + with_items: + - moddata + - modules + - users + +- name: Copy znc service file into place + copy: src=etc_systemd_system_znc.service dest=/etc/systemd/system/znc.service mode=0644 + +- name: Create a combined version of the SSL private key and full certificate chain + shell: cat /etc/letsencrypt/live/{{ domain }}/privkey.pem + /etc/letsencrypt/live/{{ domain }}/fullchain.pem > + /usr/lib/znc/znc.pem + creates=/usr/lib/znc/znc.pem + notify: restart znc + +- name: Update post-certificate-renewal task + template: + src: etc_letsencrypt_postrenew_znc.sh.j2 + dest: /etc/letsencrypt/postrenew/znc.sh + owner: root + group: root + mode: 0755 + +- name: Ensure znc user and group can read cert + file: path=/usr/lib/znc/znc.pem group=znc owner=znc mode=0640 + notify: restart znc + +- name: Check for existing config file + command: cat /usr/lib/znc/configs/znc.conf + register: znc_config + ignore_errors: True + changed_when: False # never report as "changed" + +- name: Create znc config directory + file: state=directory path=/usr/lib/znc/configs group=znc owner=znc + +- name: Copy znc configuration file into place + template: src=usr_lib_znc_configs_znc.conf.j2 dest=/usr/lib/znc/configs/znc.conf owner=znc group=znc + when: znc_config.rc != 0 + notify: restart znc + +- name: Set firewall rule for znc + ufw: rule=allow port=6697 proto=tcp + tags: ufw + +- name: Ensure znc is a system service + service: name=znc state=restarted enabled=true |