infrastructure/roles/quassel/tasks/main.yml

---

- name: install quassel
  pacman: name=quassel-core,python-pexpect state=present

- name: add quassel postgres db
  postgresql_db: db=quassel
  become: yes
  become_user: postgres
  become_method: su

- name: add quassel postgres user
  postgresql_user: db=quassel name=quassel password={{ vault_postgres_users.quassel }} encrypted=true
  become: yes
  become_user: postgres
  become_method: su

- name: initialize quassel
  become: yes
  become_user: quassel
  become_method: sudo
  expect:
    command: quasselcore --configdir=/var/lib/quassel --select-backend=PostgreSQL
    responses:
      Username: ''
      Password:
        - '{{ vault_postgres_users.quassel }}'
        - ''
        - ''
        - ''
      Hostname: ''
      Port: ''
      Database: ''
    creates: /var/lib/quassel/quasselcore.conf

- name: install quassel cert renewal hook
  template: src=letsencrypt.hook.d.j2 dest=/etc/letsencrypt/hook.d/quassel owner=root group=root mode=0755

- name: install quassel units
  copy: src={{ item }} dest=/etc/systemd/system/{{ item }} owner=root group=root mode=0644
  with_items:
    - clean-quassel.timer
    - clean-quassel.service
  notify:
    - daemon reload

- name: add quassel.service.d dir
  file: state=directory path=/etc/systemd/system/quassel.service.d owner=root group=root mode=0755

- name: install quassel.service snippet
  copy: src=quassel.service.d dest=/etc/systemd/system/quassel.service.d/local.conf owner=root group=root mode=0644

- name: start and enable quassel
  service: name={{ item }} enabled=yes state=started
  with_items:
    - quassel.service
    - clean-quassel.timer

- name: open firewall holes
  ansible.posix.firewalld: port={{ item }} permanent=true state=enabled immediate=yes
  with_items:
    - 4242/tcp
    - 113/tcp
  when: configure_firewall
  tags:
    - firewall