thomas
/
sovereign


			
				
					
						
						
							12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667
							# more or less as per http://wiki.znc.in/Running_ZNC_as_a_system_daemon

- name: Install znc
  apt: pkg={{ item }} state=present
  with_items:
    - znc
  tags:
    - dependencies

- name: Create znc group
  group: name=znc state=present

- name: Create znc user
  user: name=znc state=present home=/usr/lib/znc system=yes group=znc shell=/usr/sbin/nologin

- name: Ensure pid directory exists
  file: state=directory path=/var/run/znc group=znc owner=znc

- name: Ensure configuration folders exist
  file: state=directory path=/usr/lib/znc/{{ item }} group=znc owner=znc
  with_items:
    - moddata
    - modules
    - users

- name: Copy znc service file into place
  copy: src=etc_systemd_system_znc.service dest=/etc/systemd/system/znc.service mode=0644

- name: Create a combined version of the SSL private key and full certificate chain
  shell: cat /etc/letsencrypt/live/{{ domain }}/privkey.pem
    /etc/letsencrypt/live/{{ domain }}/fullchain.pem >
    /usr/lib/znc/znc.pem
    creates=/usr/lib/znc/znc.pem
  notify: restart znc

- name: Update post-certificate-renewal task
  template:
    src: etc_letsencrypt_postrenew_znc.sh.j2
    dest: /etc/letsencrypt/postrenew/znc.sh
    owner: root
    group: root
    mode: 0755

- name: Ensure znc user and group can read cert
  file: path=/usr/lib/znc/znc.pem group=znc owner=znc mode=0640
  notify: restart znc

- name: Check for existing config file
  command: cat /usr/lib/znc/configs/znc.conf
  register: znc_config
  ignore_errors: True
  changed_when: False  # never report as "changed"

- name: Create znc config directory
  file: state=directory path=/usr/lib/znc/configs group=znc owner=znc

- name: Copy znc configuration file into place
  template: src=usr_lib_znc_configs_znc.conf.j2 dest=/usr/lib/znc/configs/znc.conf owner=znc group=znc
  when: znc_config.rc != 0
  notify: restart znc

- name: Set firewall rule for znc
  ufw: rule=allow port=6697 proto=tcp
  tags: ufw

- name: Ensure znc is a system service
  service: name=znc state=restarted enabled=true