From d1a62b36a6d8b350e3088ec59de088669b271994 Mon Sep 17 00:00:00 2001
From: bnewbold <bnewbold@robocracy.org>
Date: Fri, 22 Jul 2016 18:38:16 -0700
Subject: add znc setup from sovereign (verbatim)

---
 roles/znc/tasks/main.yml |  1 +
 roles/znc/tasks/znc.yml  | 65 ++++++++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 66 insertions(+)
 create mode 100644 roles/znc/tasks/main.yml
 create mode 100644 roles/znc/tasks/znc.yml

(limited to 'roles/znc/tasks')

diff --git a/roles/znc/tasks/main.yml b/roles/znc/tasks/main.yml
new file mode 100644
index 0000000..4b2f51d
--- /dev/null
+++ b/roles/znc/tasks/main.yml
@@ -0,0 +1 @@
+- include: znc.yml tags=znc
\ No newline at end of file
diff --git a/roles/znc/tasks/znc.yml b/roles/znc/tasks/znc.yml
new file mode 100644
index 0000000..e5f7ab5
--- /dev/null
+++ b/roles/znc/tasks/znc.yml
@@ -0,0 +1,65 @@
+# more or less as per http://wiki.znc.in/Running_ZNC_as_a_system_daemon
+
+- name: Install znc
+  apt: pkg={{ item }} state=installed
+  with_items:
+    - znc
+
+- name: Create znc group
+  group: name=znc state=present
+
+- name: Create znc user
+  user: name=znc state=present home=/usr/lib/znc system=yes group=znc shell=/usr/sbin/nologin
+
+- name: Ensure pid directory exists
+  file: state=directory path=/var/run/znc group=znc owner=znc
+
+- name: Ensure configuration folders exist
+  file: state=directory path=/usr/lib/znc/{{ item }} group=znc owner=znc
+  with_items:
+    - moddata
+    - modules
+    - users
+
+- name: Copy znc service file into place
+  copy: src=etc_systemd_system_znc.service dest=/etc/systemd/system/znc.service mode=0644
+
+- name: Create a combined version of the SSL private key and full certificate chain
+  shell: cat /etc/letsencrypt/live/{{ domain }}/privkey.pem
+    /etc/letsencrypt/live/{{ domain }}/fullchain.pem >
+    /usr/lib/znc/znc.pem
+    creates=/usr/lib/znc/znc.pem
+  notify: restart znc
+
+- name: Update post-certificate-renewal task
+  template:
+    src: etc_letsencrypt_postrenew_znc.sh.j2
+    dest: /etc/letsencrypt/postrenew/znc.sh
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Ensure znc user and group can read cert
+  file: path=/usr/lib/znc/znc.pem group=znc owner=znc mode=0640
+  notify: restart znc
+
+- name: Check for existing config file
+  command: cat /usr/lib/znc/configs/znc.conf
+  register: znc_config
+  ignore_errors: True
+  changed_when: False  # never report as "changed"
+
+- name: Create znc config directory
+  file: state=directory path=/usr/lib/znc/configs group=znc owner=znc
+
+- name: Copy znc configuration file into place
+  template: src=usr_lib_znc_configs_znc.conf.j2 dest=/usr/lib/znc/configs/znc.conf owner=znc group=znc
+  when: znc_config.rc != 0
+  notify: restart znc
+
+- name: Set firewall rule for znc
+  ufw: rule=allow port=6697 proto=tcp
+  tags: ufw
+
+- name: Ensure znc is a system service
+  service: name=znc state=restarted enabled=true
-- 
cgit v1.2.3