import from https://github.com/al3x/sovereign

roles/ircbouncer/files/etc_init.d_znc

@@ -0,0 +1,139 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides:          znc
+# Required-Start:    $remote_fs $syslog
+# Required-Stop:     $remote_fs $syslog
+# Default-Start:     2 3 4 5
+# Default-Stop:      0 1 6
+# Short-Description: ZNC IRC bouncer
+# Description:       ZNC is an IRC bouncer
+### END INIT INFO
+ 
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="ZNC daemon"
+NAME=znc
+DAEMON=/usr/local/bin/$NAME
+DATADIR=/var/lib/znc
+DAEMON_ARGS="--datadir=$DATADIR"
+PIDDIR=/var/run/znc
+PIDFILE=$PIDDIR/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+USER=znc
+GROUP=znc
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+  # Return
+  #   0 if daemon has been started
+  #   1 if daemon was already running
+  #   2 if daemon could not be started
+  if [ ! -d $PIDDIR ]
+  then
+    mkdir $PIDDIR
+  fi
+  chown $USER:$GROUP $PIDDIR
+  start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test --chuid $USER > /dev/null || return 1
+  start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --chuid $USER -- $DAEMON_ARGS > /dev/null || return 2
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+  # Return
+  #   0 if daemon has been stopped
+  #   1 if daemon was already stopped
+  #   2 if daemon could not be stopped
+  #   other if a failure occurred
+  start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME --chuid $USER
+  RETVAL="$?"
+  [ "$RETVAL" = 2 ] && return 2
+  # Wait for children to finish too if this is a daemon that forks
+  # and if the daemon is only ever run from this initscript.
+  # If the above conditions are not satisfied then add some other code
+  # that waits for the process to drop all resources that could be
+  # needed by services started subsequently.  A last resort is to
+  # sleep for some time.
+  start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --chuid $USER
+  [ "$?" = 2 ] && return 2
+  # Many daemons don't delete their pidfiles when they exit.
+  rm -f $PIDFILE
+  return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+  start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME --chuid $USER
+  return 0
+}
+
+case "$1" in
+  start)
+  [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+  do_start
+  case "$?" in
+    0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+    2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+  esac
+  ;;
+  stop)
+  [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+  do_stop
+  case "$?" in
+    0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+    2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+  esac
+  ;;
+  status)
+  status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $?
+  ;;
+  reload)
+  log_daemon_msg "Reloading $DESC" "$NAME"
+  do_reload
+  log_end_msg $?
+  ;;
+  restart)
+  log_daemon_msg "Restarting $DESC" "$NAME"
+  do_stop
+  case "$?" in
+    0|1)
+    do_start
+    case "$?" in
+      0) log_end_msg 0 ;;
+      1) log_end_msg 1 ;; # Old process is still running
+      *) log_end_msg 1 ;; # Failed to start
+    esac
+    ;;
+    *)
+    # Failed to stop
+    log_end_msg 1
+    ;;
+  esac
+  ;;
+  *)
+  echo "Usage: $SCRIPTNAME {status|start|stop|reload|restart}" >&2
+  exit 3
+  ;;
+esac
+
+:

roles/ircbouncer/handlers/main.yml

@@ -0,0 +1,2 @@
+- name: restart znc
+  service: name=znc state=restarted

roles/ircbouncer/tasks/main.yml

@@ -0,0 +1 @@
+- include: znc.yml tags=znc

roles/ircbouncer/tasks/znc.yml

@@ -0,0 +1,65 @@
+# more or less as per http://wiki.znc.in/Running_ZNC_as_a_system_daemon
+
+- name: Install znc dependencies
+  apt: pkg={{ item }} state=installed
+  with_items:
+    - automake
+    - build-essential
+    - checkinstall
+    - g++
+    - libperl-dev
+    - libsasl2-dev
+    - libssl-dev
+    - libtool
+    - openssl
+    - pkg-config
+    - python3-dev
+    - swig
+
+- name: Download znc release
+  get_url: url=http://znc.in/releases/archive/znc-{{ znc_version }}.tar.gz dest=/root/znc-{{ znc_version }}.tar.gz
+
+- name: Decompress znc source
+  command: tar xzf /root/znc-{{ znc_version }}.tar.gz chdir=/root creates=/root/znc-{{ znc_version }}/configure
+
+- name: Build and install znc
+  shell: ./configure --enable-python && make && make install executable=/bin/bash chdir=/root/znc-{{ znc_version }} creates=/usr/local/bin/znc
+  notify: restart znc
+
+- name: Create znc group
+  group: name=znc state=present
+
+- name: Create znc user
+  user: name=znc state=present home=/var/lib/znc system=yes group=znc shell=/usr/sbin/nologin
+
+- name: Copy znc init file into place
+  copy: src=etc_init.d_znc dest=/etc/init.d/znc mode=0755
+
+- name: Create a combined version of the private key with public cert and intermediate + root CAs
+  shell: cat /etc/ssl/private/wildcard_private.key /etc/ssl/certs/wildcard_combined.pem >
+    /var/lib/znc/znc.pem creates=/var/lib/znc/znc.pem
+  notify: restart znc
+
+- name: Ensure znc user and group can read cert
+  file: path=/var/lib/znc/znc.pem group=znc owner=znc mode=640
+  notify: restart znc
+
+- name: Check for existing config file
+  command: cat /var/lib/znc/configs/znc.conf
+  register: znc_config
+  ignore_errors: True
+  changed_when: False  # never report as "changed"
+
+- name: Create znc config directory
+  file: state=directory path=/var/lib/znc/configs group=znc owner=znc
+
+- name: Copy znc configuration file into place
+  template: src=var_lib_znc_configs_znc.conf.j2 dest=/var/lib/znc/configs/znc.conf owner=znc group=znc
+  when: znc_config.rc != 0
+  notify: restart znc
+
+- name: Set firewall rule for znc
+  ufw: rule=allow port=6697 proto=tcp
+
+- name: Ensure znc is a system service
+  service: name=znc state=started enabled=true

roles/ircbouncer/templates/var_lib_znc_configs_znc.conf.j2

@@ -0,0 +1,84 @@
+// WARNING
+//
+// Do NOT edit this file while ZNC is running!
+// Use webadmin or *controlpanel instead.
+//
+// Buf if you feel risky, you might want to read help on /znc saveconfig and /znc rehash.
+// Also check http://en.znc.in/wiki/Configuration
+
+AnonIPLimit = 10
+ConnectDelay = 5
+LoadModule = webadmin
+LoadModule = fail2ban
+LoadModule = lastseen
+LoadModule = partyline
+MaxBufferSize = 500
+Motd = Connected to ZNC
+PidFile = /var/run/znc/znc.pid
+ProtectWebSessions = true
+SSLCertFile = /var/lib/znc/znc.pem
+ServerThrottle = 30
+Skin = _default_
+StatusPrefix = *
+Version = 1.0
+
+<Listener listener0>
+	AllowIRC = true
+	AllowWeb = false
+	IPv4 = true
+	IPv6 = true
+	Port = 6697
+	SSL = true
+</Listener>
+
+<Listener listener1>
+	AllowIRC = false
+	AllowWeb = true
+	IPv4 = true
+	IPv6 = true
+	Port = 6643
+	SSL = false
+</Listener>
+
+<User {{ irc_nick }}>
+	Admin = true
+	Allow = *
+	AltNick = {{ irc_nick }}_
+	AppendTimestamp = false
+	AutoClearChanBuffer = true
+	Buffer = 5000
+	ChanModes = +stn
+	DenyLoadMod = false
+	DenySetBindHost = false
+	Ident = {{ irc_ident }}
+	JoinTries = 10
+	LoadModule = controlpanel
+	LoadModule = perform
+	LoadModule = block_motd
+	LoadModule = clientnotify
+	MaxNetworks = 1
+	MultiClients = true
+	Nick = {{ irc_nick }}
+	PrependTimestamp = true
+	QuitMsg = {{ irc_quitmsg }}
+	RealName = {{ irc_realname }}
+	TimestampFormat = [%H:%M:%S]
+	Timezone = {{ irc_timezone }}
+
+	<Pass password>
+	        Method = sha256
+	        Hash = {{ irc_password_hash }}
+	        Salt = {{ irc_password_salt }}
+	</Pass>
+
+	<Network freenode>
+		BindHost = 0.0.0.0
+		FloodBurst = 4
+		FloodRate = 1.00
+		IRCConnectEnabled = true
+		LoadModule = kickrejoin
+		LoadModule = nickserv
+		LoadModule = savebuff
+		Server = chat.freenode.net +6697
+	</Network>
+</User>

roles/wallabag/handlers/main.yml

@@ -0,0 +1,6 @@
+- name: import wallabag sql
+  shell: PGPASSWORD='{{ wallabag_db_password }}' psql -h localhost -d {{ wallabag_db_database }} -U {{ wallabag_db_username }} -f /var/www/wallabag/install/postgres.sql --set ON_ERROR_STOP=1
+  notify: remove install folder
+
+- name: remove install folder
+  file: path=/var/www/wallabag/install state=absent

roles/wallabag/tasks/main.yml

@@ -0,0 +1 @@
+- include: wallabag.yml tags=wallabag

roles/wallabag/tasks/wallabag.yml

@@ -0,0 +1,79 @@
+- name: Determine whether wallabag is configured
+  stat: path=/var/www/wallabag/inc/poche/config.inc.php
+  register: wallabag_config
+
+- name: Clone wallabag
+  git: repo=https://github.com/wallabag/wallabag.git
+       dest=/var/www/wallabag
+       version={{ wallabag_version }}
+       accept_hostkey=yes
+
+- name: Remove wallabag 'install' directory if its configuration file is there
+  file: name=/var/www/wallabag/install state=absent
+  when: wallabag_config.stat.exists == True
+
+- name: Install wallabag dependencies
+  apt: pkg={{ item }} state=present
+  with_items:
+    - php5
+    - php5-curl
+    - php5-mcrypt
+    - php5-pgsql
+    - php5-tidy
+
+- name: Create database user for wallabag
+  postgresql_user: login_host=localhost
+                   login_user={{ db_admin_username }}
+                   login_password="{{ db_admin_password }}"
+                   name={{ wallabag_db_username }}
+                   password="{{ wallabag_db_password }}"
+                   state=present
+
+- name: Create database for wallabag
+  postgresql_db: login_host=localhost
+                 login_user={{ db_admin_username }}
+                 login_password="{{ db_admin_password }}"
+                 name={{ wallabag_db_database }}
+                 state=present
+                 owner={{ wallabag_db_username }}
+  notify: import wallabag sql
+
+- name: Build Composer
+  shell: curl -sS https://getcomposer.org/installer | php
+         chdir=/root
+         creates=/root/composer.phar
+
+- name: Initialize composer
+  command: php /root/composer.phar install
+           chdir=/var/www/wallabag
+           creates=/var/www/wallabag/vendor/autoload.php
+
+- name: Set wallabag permissions
+  file: owner=www-data
+        group=www-data
+        path=/var/www/wallabag
+        recurse=yes
+        state=directory
+
+- name: Create the configuration file
+  template: src=var_www_wallabag_inc_poche_config.inc.php.j2
+            dest=/var/www/wallabag/inc/poche/config.inc.php
+            owner=www-data
+            group=www-data
+
+- name: Rename existing Apache wallabag virtualhost
+  command: mv /etc/apache2/sites-available/wallabag /etc/apache2/sites-available/wallabag.conf removes=/etc/apache2/sites-available/wallabag
+
+- name: Remove old sites-enabled/wallabag symlink (new one will be created by a2ensite)
+  command: rm /etc/apache2/sites-enabled/wallabag removes=/etc/apache2/sites-enabled/wallabag
+
+- name: Configure the Apache HTTP server for wallabag
+  template: src=etc_apache2_sites-available_wallabag.j2
+            dest=/etc/apache2/sites-available/wallabag.conf
+            owner=root
+            group=root
+
+- name: Enable the wallabag site
+  command: a2ensite wallabag.conf
+           creates=/etc/apache2/sites-enabled/wallabag.conf
+  notify: restart apache

roles/wallabag/templates/etc_apache2_sites-available_wallabag.j2

@@ -0,0 +1,31 @@
+<VirtualHost *:80>
+    ServerName {{ wallabag_domain }}
+
+    Redirect permanent / https://{{ wallabag_domain }}/
+</VirtualHost>
+
+<VirtualHost *:443>
+    ServerName {{ wallabag_domain }}
+
+    SSLEngine on
+    SSLProtocol ALL -SSLv2 -SSLv3
+    SSLHonorCipherOrder On
+    SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
+    SSLCertificateFile      /etc/ssl/certs/wildcard_public_cert.crt
+    SSLCertificateKeyFile   /etc/ssl/private/wildcard_private.key
+    SSLCACertificateFile    /etc/ssl/certs/wildcard_ca.pem
+    Header add Strict-Transport-Security "max-age=15768000; includeSubdomains"
+
+    DocumentRoot            /var/www/wallabag
+    Options                 -Indexes
+
+    ErrorLog                /var/log/apache2/wallabag.info-error_log
+    CustomLog               /var/log/apache2/wallabag.info-access_log common
+
+    <Directory /var/www/wallabag>
+        AllowOverride All
+        Order allow,deny
+        allow from all
+        DirectoryIndex index.php
+    </Directory>
+</VirtualHost>

roles/wallabag/templates/var_www_wallabag_inc_poche_config.inc.php.j2

@@ -0,0 +1,58 @@
+<?php
+/**
+ * wallabag, self hostable application allowing you to not miss any content anymore
+ *
+ * @category   wallabag
+ * @author     Nicolas Lœuillet <nicolas@loeuillet.org>
+ * @copyright  2013
+ * @license    http://www.wtfpl.net/ see COPYING file
+ */
+
+define ('SALT', '{{ wallabag_salt }}'); # put a strong string here
+define ('LANG', 'en_EN.utf8');
+
+define ('STORAGE', 'postgres'); # postgres, mysql or sqlite
+
+define ('STORAGE_SQLITE', ROOT . '/db/poche.sqlite'); # if you are using sqlite, where the database file is located
+
+# only for postgres & mysql
+define ('STORAGE_SERVER', 'localhost');
+define ('STORAGE_DB', '{{ wallabag_db_database }}');
+define ('STORAGE_USER', '{{ wallabag_db_username }}');
+define ('STORAGE_PASSWORD', '{{ wallabag_db_password }}');
+
+#################################################################################
+# Do not trespass unless you know what you are doing
+#################################################################################
+
+// Change this if not using the standart port for SSL - i.e you server is behind sslh
+define ('SSL_PORT', 443);
+
+define ('MODE_DEMO', FALSE);
+define ('DEBUG_POCHE', FALSE);
+define ('DOWNLOAD_PICTURES', FALSE);
+define ('CONVERT_LINKS_FOOTNOTES', FALSE);
+define ('REVERT_FORCED_PARAGRAPH_ELEMENTS', FALSE);
+define ('SHARE_TWITTER', TRUE);
+define ('SHARE_MAIL', TRUE);
+define ('SHARE_SHAARLI', FALSE);
+define ('SHAARLI_URL', 'http://myshaarliurl.com');
+define ('FLATTR', TRUE);
+define ('FLATTR_API', 'https://api.flattr.com/rest/v2/things/lookup/?url=');
+define ('NOT_FLATTRABLE', '0');
+define ('FLATTRABLE', '1');
+define ('FLATTRED', '2');
+define ('ABS_PATH', 'assets/');
+
+define ('DEFAULT_THEME', 'baggy');
+
+define ('THEME', ROOT . '/themes');
+define ('LOCALE', ROOT . '/locale');
+define ('CACHE', ROOT . '/cache');
+
+define ('PAGINATION', '10');
+
+//limit for download of articles during import
+define ('IMPORT_LIMIT', 5);
+//delay between downloads (in sec)
+define ('IMPORT_DELAY', 5);