diff --git a/roles/znc/defaults/main.yml b/roles/znc/defaults/main.yml
new file mode 100644
index 0000000..d536b42
--- /dev/null
+++ b/roles/znc/defaults/main.yml
@@ -0,0 +1,14 @@
+---
+# Needed to make znc create the TLS certificate as znc user.
+ansible_shell_allow_world_readable_temp: true
+znc_become: true
+znc_become_user: root
+
+znc_port: 12345
+znc_ipv4: "true"
+znc_ipv6: "false"
+znc_ssl: "true"
+
+znc_admin_username: admin
+znc_admin_password: password
+znc_salt: abcdefghijklmnopqrst
diff --git a/roles/znc/handlers/main.yml b/roles/znc/handlers/main.yml
new file mode 100644
index 0000000..9866103
--- /dev/null
+++ b/roles/znc/handlers/main.yml
@@ -0,0 +1,13 @@
+---
+- name: systemctl daemon-reload
+ systemd:
+ daemon_reload: true
+ become: "{{ znc_become }}"
+ become_user: "{{ znc_become_user }}"
+
+- name: systemctl start znc
+ systemd:
+ name: znc.service
+ state: started
+ become: "{{ znc_become }}"
+ become_user: "{{ znc_become_user }}"
diff --git a/roles/znc/tasks/main.yml b/roles/znc/tasks/main.yml
new file mode 100644
index 0000000..2015f98
--- /dev/null
+++ b/roles/znc/tasks/main.yml
@@ -0,0 +1,76 @@
+---
+- block:
+
+ - name: install znc
+ apt:
+ name: znc
+ state: present
+ update_cache: true
+ cache_valid_time: 3600
+
+ - name: add znc group
+ group:
+ name: znc
+
+ - name: add znc user
+ user:
+ name: znc
+ group: znc
+ create_home: true
+
+ - name: restrict znc home only to znc user and group
+ file:
+ path: /home/znc
+ state: directory
+ owner: znc
+ group: znc
+ mode: 0750
+ recurse: true
+
+ - name: ensure that the znc config directory exists
+ file:
+ path: /home/znc/.znc/configs
+ state: directory
+ owner: znc
+ group: znc
+ mode: "0750"
+
+ - name: check if the znf configuration exists
+ stat:
+ path: "/home/znc/.znc/configs/znc.conf"
+ register: znc_config
+
+ - name: set the znc config file
+ template:
+ src: templates/znc.conf.j2
+ dest: "/home/znc/.znc/configs/znc.conf"
+ owner: znc
+ group: znc
+ mode: 0640
+ when: not znc_config.stat.exists
+
+ - name: create the ssl certificate
+ ansible.builtin.shell:
+ cmd: znc --makepem
+ when:
+ - znc_ssl == "true"
+ - not znc_config.stat.exists
+ become_user: znc
+
+ - name: install znc systemd unit file
+ template:
+ src: etc/systemd/system/znc.service.j2
+ dest: /etc/systemd/system/znc.service
+
+ - name: systemctl daemon-reload
+ systemd:
+ daemon_reload: true
+
+ - name: ensure znc is running
+ systemd:
+ name: znc.service
+ state: started
+ enabled: true
+
+ become: "{{ znc_become }}"
+ become_user: "{{ znc_become_user }}"
diff --git a/roles/znc/templates/etc/systemd/system/znc.service.j2 b/roles/znc/templates/etc/systemd/system/znc.service.j2
new file mode 100644
index 0000000..39db653
--- /dev/null
+++ b/roles/znc/templates/etc/systemd/system/znc.service.j2
@@ -0,0 +1,15 @@
+# {{ ansible_managed }}
+[Unit]
+Description=znc
+After=network-online.target
+Wants=network-online.target
+
+[Service]
+WorkingDirectory=/home/znc
+ExecStart=/usr/bin/znc -f
+User=znc
+Group=znc
+Restart=on-failure
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/znc/templates/znc.conf.j2 b/roles/znc/templates/znc.conf.j2
new file mode 100644
index 0000000..7a2c6d7
--- /dev/null
+++ b/roles/znc/templates/znc.conf.j2
@@ -0,0 +1,27 @@
+// WARNING
+//
+// Do NOT edit this file while ZNC is running!
+// Use webadmin or *controlpanel instead.
+//
+// Altering this file by hand will forfeit all support.
+//
+// But if you feel risky, you might want to read help on /znc saveconfig and /znc rehash.
+// Also check https://wiki.znc.in/Configuration
+
+Version = 1.7.2
+
+ Port = {{ znc_port }}
+ IPv4 = {{ znc_ipv4 }}
+ IPv6 = {{ znc_ipv6 }}
+ SSL = {{ znc_ssl }}
+
+
+
+ Pass = sha256#{{ [znc_admin_password, znc_salt] | join() | hash('sha256') }}#{{ znc_salt }}#
+ Admin = true
+ Nick = {{ znc_admin_username }}
+ AltNick = {{ znc_admin_username }}_
+ Ident = {{ znc_admin_username }}
+ LoadModule = chansaver
+ LoadModule = controlpanel
+