6 files changed, 77 insertions, 0 deletions

diff --git a/group_vars/all/znc.yml b/group_vars/all/znc.yml
new file mode 100644
index 0000000..e29ee2a
--- /dev/null
+++ b/group_vars/all/znc.yml
@@ -0,0 +1,2 @@
+---
+znc_subdomain: "znc.th73.ovh"
diff --git a/playbooks/nyarlathotep.yml b/playbooks/nyarlathotep.yml
index 649eb26..b5a971b 100644
--- a/playbooks/nyarlathotep.yml
+++ b/playbooks/nyarlathotep.yml
@@ -5,6 +5,7 @@
   roles:
     - { role: teamspeak, tags: ['ts3'] }
     - { role: nginx, tags: ['www'] }
+    - { role: znc, tags: ['znc'] }
     - { role: gitolite, git_config_keys: ".*", tags: ['git'] }
     - { role: grokmirror, tags: ['git'] }
     - { role: cgit, tags: ['cgit'] }
diff --git a/roles/znc/files/znc-certbot-hook b/roles/znc/files/znc-certbot-hook
new file mode 100644
index 0000000..03273a8
--- /dev/null
+++ b/roles/znc/files/znc-certbot-hook
@@ -0,0 +1,10 @@
+#/bin/sh
+set -e
+
+for domain in $RENEWED_DOMAINS; do
+	case $domain in
+		znc.th73.ovh)
+			cat /etc/letsencrypt/live/znc.th73.ovh/{privkey.pem,cert.pem,chain.pem} > /var/lib/znc/.znc/znc.pem
+			;;
+	esac
+done
diff --git a/roles/znc/meta/main.yml b/roles/znc/meta/main.yml
new file mode 100644
index 0000000..5938332
--- /dev/null
+++ b/roles/znc/meta/main.yml
@@ -0,0 +1,4 @@
+---
+
+dependencies:
+  - { role: nginx }
diff --git a/roles/znc/tasks/main.yml b/roles/znc/tasks/main.yml
new file mode 100644
index 0000000..bf3d3ff
--- /dev/null
+++ b/roles/znc/tasks/main.yml
@@ -0,0 +1,30 @@
+---
+
+- name: Install znc
+  package:
+    name: znc
+    state: present
+
+- name: Install certbot hook
+  copy:
+    src: znc-certbot-hook
+    dest: /etc/letsencrypt/renewal-hooks/deploy/znc
+    owner: root
+    group: root
+    mode: 0755
+
+- name: Copy nginx conf file
+  template:
+    src: znc_nginx.conf.j2
+    dest: /etc/nginx/nginx.d/znc.conf
+    mode: 0644
+    owner: "root"
+    group: "root"
+  notify:
+    - reload nginx
+
+- name: Enable znc
+  service:
+    name: znc.service
+    state: started
+    enabled: yes
diff --git a/roles/znc/templates/znc_nginx.conf.j2 b/roles/znc/templates/znc_nginx.conf.j2
new file mode 100644
index 0000000..b11e6e3
--- /dev/null
+++ b/roles/znc/templates/znc_nginx.conf.j2
@@ -0,0 +1,30 @@
+# {{ ansible_managed }}
+
+server {
+    listen 80;
+    listen [::]:80;
+    server_name {{ znc_subdomain }};
+
+    include snippets/letsencrypt.conf;
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl http2;
+    listen [::]:443 ssl http2;
+    server_name {{ znc_subdomain }};
+
+    ssl_certificate         /etc/letsencrypt/live/{{ znc_subdomain }}/fullchain.pem;
+    ssl_certificate_key     /etc/letsencrypt/live/{{ znc_subdomain }}/privkey.pem;
+    ssl_trusted_certificate /etc/letsencrypt/live/{{ znc_subdomain }}/chain.pem;
+
+    location / {
+        proxy_pass       http://localhost:7778;
+        proxy_set_header Host            $host;
+        proxy_set_header X-Real-IP       $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}