No Description
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

znc.yml 2.5KB

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889
  1. ---
  2. # more or less as per http://wiki.znc.in/Running_ZNC_as_a_system_daemon
  3. - name: Install znc
  4. apt:
  5. name: "{{ packages }}"
  6. state: present
  7. vars:
  8. packages:
  9. - znc
  10. - expect
  11. tags:
  12. - dependencies
  13. - name: Create znc group
  14. group: name=znc state=present
  15. - name: Create znc user
  16. user: name=znc state=present home=/usr/lib/znc system=yes group=znc shell=/usr/sbin/nologin
  17. - name: Ensure pid directory exists
  18. file: state=directory path=/var/run/znc group=znc owner=znc
  19. - name: Ensure configuration folders exist
  20. file: state=directory path=/usr/lib/znc/{{ item }} group=znc owner=znc
  21. with_items:
  22. - moddata
  23. - modules
  24. - users
  25. - configs
  26. - name: Copy znc service file into place
  27. copy: src=etc_systemd_system_znc.service dest=/etc/systemd/system/znc.service mode=0644
  28. - name: Create a combined version of the SSL private key and full certificate chain
  29. shell: cat /etc/letsencrypt/live/{{ domain }}/privkey.pem
  30. /etc/letsencrypt/live/{{ domain }}/fullchain.pem >
  31. /usr/lib/znc/znc.pem
  32. creates=/usr/lib/znc/znc.pem
  33. notify: restart znc
  34. - name: Update post-certificate-renewal task
  35. template:
  36. src: etc_letsencrypt_postrenew_znc.sh.j2
  37. dest: /etc/letsencrypt/postrenew/znc.sh
  38. owner: root
  39. group: root
  40. mode: 0755
  41. - name: Ensure znc user and group can read cert
  42. file: path=/usr/lib/znc/znc.pem group=znc owner=znc mode=0640
  43. notify: restart znc
  44. - name: Check for existing config file
  45. command: cat /usr/lib/znc/configs/znc.conf
  46. register: znc_config
  47. ignore_errors: True
  48. changed_when: False # never report as "changed"
  49. - name: Copy znc configuration file into place
  50. template: src=usr_lib_znc_configs_znc.conf.j2 dest=/usr/lib/znc/configs/znc.conf owner=znc group=znc
  51. when: znc_config.rc != 0
  52. notify: restart znc
  53. - name: Copy expect script for znc password generation
  54. template: src=root_znc_pw.j2 dest=/root/znc_pw mode=0777
  55. when: znc_config.rc != 0
  56. - name: Run script to generate znc hash and salt
  57. shell: /root/znc_pw | head --lines=-1 | tail --lines=+7
  58. register: znc_config_pass
  59. when: znc_config.rc != 0
  60. - name: Put generated hash and salt into configuration file
  61. blockinfile:
  62. block: "{{ znc_config_pass.stdout }}"
  63. path: /usr/lib/znc/configs/znc.conf
  64. marker: "// {mark} ANSIBLE MANAGED BLOCK"
  65. when: znc_config.rc != 0
  66. - name: Remove expect script
  67. file: path=/root/znc_pw state=absent
  68. - name: Set firewall rule for znc
  69. ufw: rule=allow port=6697 proto=tcp
  70. tags: ufw
  71. - name: Ensure znc is a system service
  72. service: name=znc state=restarted enabled=true