- name: install packages
  dnf:
    name: '{{ znc_packages }}'
    state: present

- name: request TLS certificate
  include_role:
    name: getcert_request
  vars:
    certificate_service: irc
    certificate_path: '{{ znc_certificate_path }}'
    certificate_key_path: '{{ znc_certificate_key_path }}'
    certificate_owner: znc
    certificate_hook: pkill -HUP znc

- name: generate dhparams
  openssl_dhparam:
    path: '{{ znc_dhparams_path }}'
    size: 2048

- import_tasks: freeipa.yml
  tags: freeipa

- name: configure saslauthd for znc
  copy:
    src: etc/sasl2/znc.conf
    dest: /etc/sasl2/znc.conf
  notify: restart saslauthd

- name: enable saslauthd
  systemd:
    name: saslauthd
    enabled: yes
    state: started

- name: create config directories
  file:
    path: '{{ znc_home }}/{{ item }}'
    state: directory
    owner: znc
    group: znc
    mode: 0700
  loop:
    - ''
    - 'configs'
    - 'moddata'
    - 'moddata/cyrusauth'

- name: create znc custom module directories
  file:
    path: '{{ item }}'
    state: directory
  loop:
    - '{{ znc_module_path }}'
    - '{{ znc_clientbuffer_src_path }}'

- name: extract znc-clientbuffer tarball
  unarchive:
    src: '{{ znc_clientbuffer_url }}'
    remote_src: yes
    dest: '{{ znc_clientbuffer_src_path }}'
    extra_opts:
      - '--strip-components=1'
  register: znc_clientbuffer_src

- name: build znc-clientbuffer
  command:
    chdir: '{{ znc_module_path }}'
    cmd: znc-buildmod {{ znc_clientbuffer_src_path }}/clientbuffer.cpp
  when: znc_clientbuffer_src.changed
  notify: restart znc

- name: generate znc.conf if it does not exist
  template:
    src: '{{ znc_home[1:] }}/configs/znc.conf.j2'
    dest: '{{ znc_home }}/configs/znc.conf'
    owner: znc
    group: znc
    force: no
  notify: reload znc

- name: generate cyrusauth configuration
  template:
    src: '{{ znc_home[1:] }}/moddata/cyrusauth/.registry.j2'
    dest: '{{ znc_home }}/moddata/cyrusauth/.registry'
    owner: znc
    group: znc
  notify: reload znc

- name: start znc
  systemd:
    name: znc
    enabled: yes
    state: started

- name: forward https port
  firewalld:
    permanent: yes
    immediate: yes
    rich_rule: 'rule family={{ item }} forward-port port={{ 443 }} protocol=tcp to-port={{ znc_https_port }}'
    state: enabled
  loop:
    - ipv4
    - ipv6
  tags: firewalld

- name: open firewall ports
  firewalld:
    permanent: yes
    immediate: yes
    service: '{{ item }}'
    state: enabled
  loop:
    - ircs
    - https
  tags: firewalld