From 120fb9a3daeae7647869caa67b5e13b394f935bd Mon Sep 17 00:00:00 2001
From: Vladimir Still <git@vstill.eu>
Date: Wed, 2 Feb 2022 13:04:03 +0100
Subject: [PATCH] ansible: Add ZNC drop-in for certbot to gate config

---
 ansible/gate.vstill.cz.yml | 18 ++++++++++++++++++
 1 file changed, 18 insertions(+)

diff --git a/ansible/gate.vstill.cz.yml b/ansible/gate.vstill.cz.yml
index f657aa0..8dc0377 100644
--- a/ansible/gate.vstill.cz.yml
+++ b/ansible/gate.vstill.cz.yml
@@ -279,6 +279,24 @@
         pkg:
           - certbot
 
+    - name: Dir for ZNC drop-in for certbot
+      file:
+        state: directory
+        path: /etc/systemd/system/certbot.service.d
+
+    - name: ZNC drop-in for certbot
+      copy:
+        dest: /etc/systemd/system/certbot.service.d/znc-setfacl.conf
+        content: |
+          [Service]
+          ExecStart=/bin/bash -c '/usr/bin/setfacl -m u:znc:r-- /etc/letsencrypt/archive/msg.vstill.cz/privkey*.pem'
+      register: certbot_znc
+
+    - name: Reload systemd after installing ZNC drop-in
+      systemd:
+        daemon_reload: true
+      when: certbot_znc.changed
+
     - name: Disk utils
       apt:
         pkg:
-- 
GitLab