diff --git a/roles/ircbouncer/files/etc_init.d_znc b/roles/ircbouncer/files/etc_init.d_znc
new file mode 100644
index 0000000..8f262b2
--- /dev/null
+++ b/roles/ircbouncer/files/etc_init.d_znc
@@ -0,0 +1,139 @@
+#! /bin/sh
+### BEGIN INIT INFO
+# Provides: znc
+# Required-Start: $remote_fs $syslog
+# Required-Stop: $remote_fs $syslog
+# Default-Start: 2 3 4 5
+# Default-Stop: 0 1 6
+# Short-Description: ZNC IRC bouncer
+# Description: ZNC is an IRC bouncer
+### END INIT INFO
+
+PATH=/sbin:/usr/sbin:/bin:/usr/bin
+DESC="ZNC daemon"
+NAME=znc
+DAEMON=/usr/local/bin/$NAME
+DATADIR=/var/lib/znc
+DAEMON_ARGS="--datadir=$DATADIR"
+PIDDIR=/var/run/znc
+PIDFILE=$PIDDIR/$NAME.pid
+SCRIPTNAME=/etc/init.d/$NAME
+USER=znc
+GROUP=znc
+
+# Exit if the package is not installed
+[ -x "$DAEMON" ] || exit 0
+
+# Read configuration variable file if it is present
+[ -r /etc/default/$NAME ] && . /etc/default/$NAME
+
+# Load the VERBOSE setting and other rcS variables
+. /lib/init/vars.sh
+
+# Define LSB log_* functions.
+# Depend on lsb-base (>= 3.2-14) to ensure that this file is present
+# and status_of_proc is working.
+. /lib/lsb/init-functions
+
+#
+# Function that starts the daemon/service
+#
+do_start()
+{
+ # Return
+ # 0 if daemon has been started
+ # 1 if daemon was already running
+ # 2 if daemon could not be started
+ if [ ! -d $PIDDIR ]
+ then
+ mkdir $PIDDIR
+ fi
+ chown $USER:$GROUP $PIDDIR
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --test --chuid $USER > /dev/null || return 1
+ start-stop-daemon --start --quiet --pidfile $PIDFILE --exec $DAEMON --chuid $USER -- $DAEMON_ARGS > /dev/null || return 2
+}
+
+#
+# Function that stops the daemon/service
+#
+do_stop()
+{
+ # Return
+ # 0 if daemon has been stopped
+ # 1 if daemon was already stopped
+ # 2 if daemon could not be stopped
+ # other if a failure occurred
+ start-stop-daemon --stop --quiet --retry=TERM/30/KILL/5 --pidfile $PIDFILE --name $NAME --chuid $USER
+ RETVAL="$?"
+ [ "$RETVAL" = 2 ] && return 2
+ # Wait for children to finish too if this is a daemon that forks
+ # and if the daemon is only ever run from this initscript.
+ # If the above conditions are not satisfied then add some other code
+ # that waits for the process to drop all resources that could be
+ # needed by services started subsequently. A last resort is to
+ # sleep for some time.
+ start-stop-daemon --stop --quiet --oknodo --retry=0/30/KILL/5 --exec $DAEMON --chuid $USER
+ [ "$?" = 2 ] && return 2
+ # Many daemons don't delete their pidfiles when they exit.
+ rm -f $PIDFILE
+ return "$RETVAL"
+}
+
+#
+# Function that sends a SIGHUP to the daemon/service
+#
+do_reload() {
+ start-stop-daemon --stop --signal 1 --quiet --pidfile $PIDFILE --name $NAME --chuid $USER
+ return 0
+}
+
+case "$1" in
+ start)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Starting $DESC" "$NAME"
+ do_start
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ stop)
+ [ "$VERBOSE" != no ] && log_daemon_msg "Stopping $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1) [ "$VERBOSE" != no ] && log_end_msg 0 ;;
+ 2) [ "$VERBOSE" != no ] && log_end_msg 1 ;;
+ esac
+ ;;
+ status)
+ status_of_proc -p $PIDFILE "$DAEMON" "$NAME" && exit 0 || exit $?
+ ;;
+ reload)
+ log_daemon_msg "Reloading $DESC" "$NAME"
+ do_reload
+ log_end_msg $?
+ ;;
+ restart)
+ log_daemon_msg "Restarting $DESC" "$NAME"
+ do_stop
+ case "$?" in
+ 0|1)
+ do_start
+ case "$?" in
+ 0) log_end_msg 0 ;;
+ 1) log_end_msg 1 ;; # Old process is still running
+ *) log_end_msg 1 ;; # Failed to start
+ esac
+ ;;
+ *)
+ # Failed to stop
+ log_end_msg 1
+ ;;
+ esac
+ ;;
+ *)
+ echo "Usage: $SCRIPTNAME {status|start|stop|reload|restart}" >&2
+ exit 3
+ ;;
+esac
+
+:
\ No newline at end of file
diff --git a/roles/ircbouncer/handlers/main.yml b/roles/ircbouncer/handlers/main.yml
new file mode 100644
index 0000000..d39db67
--- /dev/null
+++ b/roles/ircbouncer/handlers/main.yml
@@ -0,0 +1,2 @@
+- name: restart znc
+ service: name=znc state=restarted
\ No newline at end of file
diff --git a/roles/ircbouncer/tasks/main.yml b/roles/ircbouncer/tasks/main.yml
new file mode 100644
index 0000000..4b2f51d
--- /dev/null
+++ b/roles/ircbouncer/tasks/main.yml
@@ -0,0 +1 @@
+- include: znc.yml tags=znc
\ No newline at end of file
diff --git a/roles/ircbouncer/tasks/znc.yml b/roles/ircbouncer/tasks/znc.yml
new file mode 100644
index 0000000..d44dfd2
--- /dev/null
+++ b/roles/ircbouncer/tasks/znc.yml
@@ -0,0 +1,65 @@
+# more or less as per http://wiki.znc.in/Running_ZNC_as_a_system_daemon
+
+- name: Install znc dependencies
+ apt: pkg={{ item }} state=installed
+ with_items:
+ - automake
+ - build-essential
+ - checkinstall
+ - g++
+ - libperl-dev
+ - libsasl2-dev
+ - libssl-dev
+ - libtool
+ - openssl
+ - pkg-config
+ - python3-dev
+ - swig
+
+- name: Download znc release
+ get_url: url=http://znc.in/releases/archive/znc-{{ znc_version }}.tar.gz dest=/root/znc-{{ znc_version }}.tar.gz
+
+- name: Decompress znc source
+ command: tar xzf /root/znc-{{ znc_version }}.tar.gz chdir=/root creates=/root/znc-{{ znc_version }}/configure
+
+- name: Build and install znc
+ shell: ./configure --enable-python && make && make install executable=/bin/bash chdir=/root/znc-{{ znc_version }} creates=/usr/local/bin/znc
+ notify: restart znc
+
+- name: Create znc group
+ group: name=znc state=present
+
+- name: Create znc user
+ user: name=znc state=present home=/var/lib/znc system=yes group=znc shell=/usr/sbin/nologin
+
+- name: Copy znc init file into place
+ copy: src=etc_init.d_znc dest=/etc/init.d/znc mode=0755
+
+- name: Create a combined version of the private key with public cert and intermediate + root CAs
+ shell: cat /etc/ssl/private/wildcard_private.key /etc/ssl/certs/wildcard_combined.pem >
+ /var/lib/znc/znc.pem creates=/var/lib/znc/znc.pem
+ notify: restart znc
+
+- name: Ensure znc user and group can read cert
+ file: path=/var/lib/znc/znc.pem group=znc owner=znc mode=640
+ notify: restart znc
+
+- name: Check for existing config file
+ command: cat /var/lib/znc/configs/znc.conf
+ register: znc_config
+ ignore_errors: True
+ changed_when: False # never report as "changed"
+
+- name: Create znc config directory
+ file: state=directory path=/var/lib/znc/configs group=znc owner=znc
+
+- name: Copy znc configuration file into place
+ template: src=var_lib_znc_configs_znc.conf.j2 dest=/var/lib/znc/configs/znc.conf owner=znc group=znc
+ when: znc_config.rc != 0
+ notify: restart znc
+
+- name: Set firewall rule for znc
+ ufw: rule=allow port=6697 proto=tcp
+
+- name: Ensure znc is a system service
+ service: name=znc state=started enabled=true
diff --git a/roles/ircbouncer/templates/var_lib_znc_configs_znc.conf.j2 b/roles/ircbouncer/templates/var_lib_znc_configs_znc.conf.j2
new file mode 100644
index 0000000..5583b1e
--- /dev/null
+++ b/roles/ircbouncer/templates/var_lib_znc_configs_znc.conf.j2
@@ -0,0 +1,84 @@
+// WARNING
+//
+// Do NOT edit this file while ZNC is running!
+// Use webadmin or *controlpanel instead.
+//
+// Buf if you feel risky, you might want to read help on /znc saveconfig and /znc rehash.
+// Also check http://en.znc.in/wiki/Configuration
+
+AnonIPLimit = 10
+ConnectDelay = 5
+LoadModule = webadmin
+LoadModule = fail2ban
+LoadModule = lastseen
+LoadModule = partyline
+MaxBufferSize = 500
+Motd = Connected to ZNC
+PidFile = /var/run/znc/znc.pid
+ProtectWebSessions = true
+SSLCertFile = /var/lib/znc/znc.pem
+ServerThrottle = 30
+Skin = _default_
+StatusPrefix = *
+Version = 1.0
+
+
+ AllowIRC = true
+ AllowWeb = false
+ IPv4 = true
+ IPv6 = true
+ Port = 6697
+ SSL = true
+
+
+
+ AllowIRC = false
+ AllowWeb = true
+ IPv4 = true
+ IPv6 = true
+ Port = 6643
+ SSL = false
+
+
+
+ Admin = true
+ Allow = *
+ AltNick = {{ irc_nick }}_
+ AppendTimestamp = false
+ AutoClearChanBuffer = true
+ Buffer = 5000
+ ChanModes = +stn
+ DenyLoadMod = false
+ DenySetBindHost = false
+ Ident = {{ irc_ident }}
+ JoinTries = 10
+ LoadModule = controlpanel
+ LoadModule = perform
+ LoadModule = block_motd
+ LoadModule = clientnotify
+ MaxNetworks = 1
+ MultiClients = true
+ Nick = {{ irc_nick }}
+ PrependTimestamp = true
+ QuitMsg = {{ irc_quitmsg }}
+ RealName = {{ irc_realname }}
+ TimestampFormat = [%H:%M:%S]
+ Timezone = {{ irc_timezone }}
+
+
+ Method = sha256
+ Hash = {{ irc_password_hash }}
+ Salt = {{ irc_password_salt }}
+
+
+
+ BindHost = 0.0.0.0
+ FloodBurst = 4
+ FloodRate = 1.00
+ IRCConnectEnabled = true
+ LoadModule = kickrejoin
+ LoadModule = nickserv
+ LoadModule = savebuff
+ Server = chat.freenode.net +6697
+
+
diff --git a/roles/wallabag/handlers/main.yml b/roles/wallabag/handlers/main.yml
new file mode 100644
index 0000000..9a51f87
--- /dev/null
+++ b/roles/wallabag/handlers/main.yml
@@ -0,0 +1,6 @@
+- name: import wallabag sql
+ shell: PGPASSWORD='{{ wallabag_db_password }}' psql -h localhost -d {{ wallabag_db_database }} -U {{ wallabag_db_username }} -f /var/www/wallabag/install/postgres.sql --set ON_ERROR_STOP=1
+ notify: remove install folder
+
+- name: remove install folder
+ file: path=/var/www/wallabag/install state=absent
diff --git a/roles/wallabag/tasks/main.yml b/roles/wallabag/tasks/main.yml
new file mode 100644
index 0000000..36ff87b
--- /dev/null
+++ b/roles/wallabag/tasks/main.yml
@@ -0,0 +1 @@
+- include: wallabag.yml tags=wallabag
\ No newline at end of file
diff --git a/roles/wallabag/tasks/wallabag.yml b/roles/wallabag/tasks/wallabag.yml
new file mode 100644
index 0000000..1c2ded7
--- /dev/null
+++ b/roles/wallabag/tasks/wallabag.yml
@@ -0,0 +1,79 @@
+- name: Determine whether wallabag is configured
+ stat: path=/var/www/wallabag/inc/poche/config.inc.php
+ register: wallabag_config
+
+- name: Clone wallabag
+ git: repo=https://github.com/wallabag/wallabag.git
+ dest=/var/www/wallabag
+ version={{ wallabag_version }}
+ accept_hostkey=yes
+
+- name: Remove wallabag 'install' directory if its configuration file is there
+ file: name=/var/www/wallabag/install state=absent
+ when: wallabag_config.stat.exists == True
+
+- name: Install wallabag dependencies
+ apt: pkg={{ item }} state=present
+ with_items:
+ - php5
+ - php5-curl
+ - php5-mcrypt
+ - php5-pgsql
+ - php5-tidy
+
+- name: Create database user for wallabag
+ postgresql_user: login_host=localhost
+ login_user={{ db_admin_username }}
+ login_password="{{ db_admin_password }}"
+ name={{ wallabag_db_username }}
+ password="{{ wallabag_db_password }}"
+ state=present
+
+- name: Create database for wallabag
+ postgresql_db: login_host=localhost
+ login_user={{ db_admin_username }}
+ login_password="{{ db_admin_password }}"
+ name={{ wallabag_db_database }}
+ state=present
+ owner={{ wallabag_db_username }}
+ notify: import wallabag sql
+
+- name: Build Composer
+ shell: curl -sS https://getcomposer.org/installer | php
+ chdir=/root
+ creates=/root/composer.phar
+
+- name: Initialize composer
+ command: php /root/composer.phar install
+ chdir=/var/www/wallabag
+ creates=/var/www/wallabag/vendor/autoload.php
+
+- name: Set wallabag permissions
+ file: owner=www-data
+ group=www-data
+ path=/var/www/wallabag
+ recurse=yes
+ state=directory
+
+- name: Create the configuration file
+ template: src=var_www_wallabag_inc_poche_config.inc.php.j2
+ dest=/var/www/wallabag/inc/poche/config.inc.php
+ owner=www-data
+ group=www-data
+
+- name: Rename existing Apache wallabag virtualhost
+ command: mv /etc/apache2/sites-available/wallabag /etc/apache2/sites-available/wallabag.conf removes=/etc/apache2/sites-available/wallabag
+
+- name: Remove old sites-enabled/wallabag symlink (new one will be created by a2ensite)
+ command: rm /etc/apache2/sites-enabled/wallabag removes=/etc/apache2/sites-enabled/wallabag
+
+- name: Configure the Apache HTTP server for wallabag
+ template: src=etc_apache2_sites-available_wallabag.j2
+ dest=/etc/apache2/sites-available/wallabag.conf
+ owner=root
+ group=root
+
+- name: Enable the wallabag site
+ command: a2ensite wallabag.conf
+ creates=/etc/apache2/sites-enabled/wallabag.conf
+ notify: restart apache
diff --git a/roles/wallabag/templates/etc_apache2_sites-available_wallabag.j2 b/roles/wallabag/templates/etc_apache2_sites-available_wallabag.j2
new file mode 100644
index 0000000..5d04d18
--- /dev/null
+++ b/roles/wallabag/templates/etc_apache2_sites-available_wallabag.j2
@@ -0,0 +1,31 @@
+
+ ServerName {{ wallabag_domain }}
+
+ Redirect permanent / https://{{ wallabag_domain }}/
+
+
+
+ ServerName {{ wallabag_domain }}
+
+ SSLEngine on
+ SSLProtocol ALL -SSLv2 -SSLv3
+ SSLHonorCipherOrder On
+ SSLCipherSuite ECDH+AESGCM:DH+AESGCM:ECDH+AES256:DH+AES256:ECDH+AES128:DH+AES:ECDH+3DES:DH+3DES:RSA+AES:RSA+3DES:!ADH:!AECDH:!MD5:!DSS
+ SSLCertificateFile /etc/ssl/certs/wildcard_public_cert.crt
+ SSLCertificateKeyFile /etc/ssl/private/wildcard_private.key
+ SSLCACertificateFile /etc/ssl/certs/wildcard_ca.pem
+ Header add Strict-Transport-Security "max-age=15768000; includeSubdomains"
+
+ DocumentRoot /var/www/wallabag
+ Options -Indexes
+
+ ErrorLog /var/log/apache2/wallabag.info-error_log
+ CustomLog /var/log/apache2/wallabag.info-access_log common
+
+
+ AllowOverride All
+ Order allow,deny
+ allow from all
+ DirectoryIndex index.php
+
+
diff --git a/roles/wallabag/templates/var_www_wallabag_inc_poche_config.inc.php.j2 b/roles/wallabag/templates/var_www_wallabag_inc_poche_config.inc.php.j2
new file mode 100644
index 0000000..aa60164
--- /dev/null
+++ b/roles/wallabag/templates/var_www_wallabag_inc_poche_config.inc.php.j2
@@ -0,0 +1,58 @@
+
+ * @copyright 2013
+ * @license http://www.wtfpl.net/ see COPYING file
+ */
+
+define ('SALT', '{{ wallabag_salt }}'); # put a strong string here
+define ('LANG', 'en_EN.utf8');
+
+define ('STORAGE', 'postgres'); # postgres, mysql or sqlite
+
+define ('STORAGE_SQLITE', ROOT . '/db/poche.sqlite'); # if you are using sqlite, where the database file is located
+
+# only for postgres & mysql
+define ('STORAGE_SERVER', 'localhost');
+define ('STORAGE_DB', '{{ wallabag_db_database }}');
+define ('STORAGE_USER', '{{ wallabag_db_username }}');
+define ('STORAGE_PASSWORD', '{{ wallabag_db_password }}');
+
+#################################################################################
+# Do not trespass unless you know what you are doing
+#################################################################################
+
+// Change this if not using the standart port for SSL - i.e you server is behind sslh
+define ('SSL_PORT', 443);
+
+define ('MODE_DEMO', FALSE);
+define ('DEBUG_POCHE', FALSE);
+define ('DOWNLOAD_PICTURES', FALSE);
+define ('CONVERT_LINKS_FOOTNOTES', FALSE);
+define ('REVERT_FORCED_PARAGRAPH_ELEMENTS', FALSE);
+define ('SHARE_TWITTER', TRUE);
+define ('SHARE_MAIL', TRUE);
+define ('SHARE_SHAARLI', FALSE);
+define ('SHAARLI_URL', 'http://myshaarliurl.com');
+define ('FLATTR', TRUE);
+define ('FLATTR_API', 'https://api.flattr.com/rest/v2/things/lookup/?url=');
+define ('NOT_FLATTRABLE', '0');
+define ('FLATTRABLE', '1');
+define ('FLATTRED', '2');
+define ('ABS_PATH', 'assets/');
+
+define ('DEFAULT_THEME', 'baggy');
+
+define ('THEME', ROOT . '/themes');
+define ('LOCALE', ROOT . '/locale');
+define ('CACHE', ROOT . '/cache');
+
+define ('PAGINATION', '10');
+
+//limit for download of articles during import
+define ('IMPORT_LIMIT', 5);
+//delay between downloads (in sec)
+define ('IMPORT_DELAY', 5);