1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283848586878889 |
- ---
- # more or less as per http://wiki.znc.in/Running_ZNC_as_a_system_daemon
-
- - name: Install znc
- apt:
- name: "{{ packages }}"
- state: present
- vars:
- packages:
- - znc
- - expect
- tags:
- - dependencies
-
- - name: Create znc group
- group: name=znc state=present
-
- - name: Create znc user
- user: name=znc state=present home=/usr/lib/znc system=yes group=znc shell=/usr/sbin/nologin
-
- - name: Ensure pid directory exists
- file: state=directory path=/var/run/znc group=znc owner=znc
-
- - name: Ensure configuration folders exist
- file: state=directory path=/usr/lib/znc/{{ item }} group=znc owner=znc
- with_items:
- - moddata
- - modules
- - users
- - configs
-
- - name: Copy znc service file into place
- copy: src=etc_systemd_system_znc.service dest=/etc/systemd/system/znc.service mode=0644
-
- - name: Create a combined version of the SSL private key and full certificate chain
- shell: cat /etc/letsencrypt/live/{{ domain }}/privkey.pem
- /etc/letsencrypt/live/{{ domain }}/fullchain.pem >
- /usr/lib/znc/znc.pem
- creates=/usr/lib/znc/znc.pem
- notify: restart znc
-
- - name: Update post-certificate-renewal task
- template:
- src: etc_letsencrypt_postrenew_znc.sh.j2
- dest: /etc/letsencrypt/postrenew/znc.sh
- owner: root
- group: root
- mode: 0755
-
- - name: Ensure znc user and group can read cert
- file: path=/usr/lib/znc/znc.pem group=znc owner=znc mode=0640
- notify: restart znc
-
- - name: Check for existing config file
- command: cat /usr/lib/znc/configs/znc.conf
- register: znc_config
- ignore_errors: True
- changed_when: False # never report as "changed"
-
- - name: Copy znc configuration file into place
- template: src=usr_lib_znc_configs_znc.conf.j2 dest=/usr/lib/znc/configs/znc.conf owner=znc group=znc
- when: znc_config.rc != 0
- notify: restart znc
-
- - name: Copy expect script for znc password generation
- template: src=root_znc_pw.j2 dest=/root/znc_pw mode=0777
- when: znc_config.rc != 0
-
- - name: Run script to generate znc hash and salt
- shell: /root/znc_pw | head --lines=-1 | tail --lines=+7
- register: znc_config_pass
- when: znc_config.rc != 0
-
- - name: Put generated hash and salt into configuration file
- blockinfile:
- block: "{{ znc_config_pass.stdout }}"
- path: /usr/lib/znc/configs/znc.conf
- marker: "// {mark} ANSIBLE MANAGED BLOCK"
- when: znc_config.rc != 0
-
- - name: Remove expect script
- file: path=/root/znc_pw state=absent
-
- - name: Set firewall rule for znc
- ufw: rule=allow port=6697 proto=tcp
- tags: ufw
-
- - name: Ensure znc is a system service
- service: name=znc state=restarted enabled=true
|