infrastructure/roles/quassel/tasks/main.yml

- name: Install quassel
  pacman: name=quassel-core,python-pexpect state=present

- name: Add quassel postgres db
  postgresql_db: db=quassel
  become: true
  become_user: postgres
  become_method: ansible.builtin.su

- name: Add quassel postgres user
  postgresql_user: db=quassel name=quassel password={{ vault_postgres_users.quassel }} encrypted=true
  become: true
  become_user: postgres
  become_method: ansible.builtin.su

- name: Initialize quassel
  become: true
  become_user: quassel
  become_method: ansible.builtin.sudo
  expect:
    command: quasselcore --configdir=/var/lib/quassel --select-backend=PostgreSQL
    responses:
      Username: ''
      Password:
        - '{{ vault_postgres_users.quassel }}'
        - ''
        - ''
        - ''
      Hostname: ''
      Port: ''
      Database: ''
    creates: /var/lib/quassel/quasselcore.conf

- name: Create ssl cert
  include_role:
    name: certificate
  vars:
    domains: ["{{ quassel_domain }}"]

- name: Install quassel cert renewal hook
  template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/quassel owner=root group=root mode=0755

- name: Install quassel units
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
  loop:
    - clean-quassel.timer
    - clean-quassel.service
  notify:
    - Daemon reload

- name: Add quassel.service.d dir
  file: state=directory path=/etc/systemd/system/quassel.service.d owner=root group=root mode=0755

- name: Install quassel.service snippet
  copy: src=quassel.service.d dest=/etc/systemd/system/quassel.service.d/local.conf owner=root group=root mode=0644

- name: Start and enable quassel
  service: name={{ item }} enabled=yes state=started
  loop:
    - quassel.service
    - clean-quassel.timer

- name: Open firewall holes
  ansible.posix.firewalld: service={{ item }} permanent=true state=enabled immediate=yes
  loop:
    - quassel
    - ident
  when: configure_firewall
  tags:
    - firewall