From 19e52cb5c1dc97c94cd70457ccdf094e598f68bd Mon Sep 17 00:00:00 2001
From: Pig Monkey <pm@pig-monkey.com>
Date: Fri, 27 Nov 2015 13:48:36 -0800
Subject: [PATCH] jail bitlbee

---
 roles/chat/files/bitlbee-service-override.conf |  3 +++
 roles/chat/tasks/bitlbee.yml                   | 12 ++++++++++++
 2 files changed, 15 insertions(+)
 create mode 100644 roles/chat/files/bitlbee-service-override.conf

diff --git a/roles/chat/files/bitlbee-service-override.conf b/roles/chat/files/bitlbee-service-override.conf
new file mode 100644
index 0000000..ac6be68
--- /dev/null
+++ b/roles/chat/files/bitlbee-service-override.conf
@@ -0,0 +1,3 @@
+[Service]
+ExecStart=
+ExecStart=/usr/bin/firejail /usr/bin/bitlbee -F -n
diff --git a/roles/chat/tasks/bitlbee.yml b/roles/chat/tasks/bitlbee.yml
index 45bd60f..a8028b1 100644
--- a/roles/chat/tasks/bitlbee.yml
+++ b/roles/chat/tasks/bitlbee.yml
@@ -19,6 +19,18 @@
   tags:
     - bitlbee
 
+- name: Create Bitlbee systemd unit file directory
+  file: path=/etc/systemd/system/bitlbee.service.d state=directory
+  tags:
+    - bitlbee
+    - firejail
+
+- name: Push Bitlbee socket unit file
+  copy: src=bitlbee-service-override.conf dest=/etc/systemd/system/bitlbee.service.d/override.conf
+  tags:
+    - bitlbee
+    - firejail
+
 - name: Enable and start Bitlbee
   service: name=bitlbee enabled=yes state=started
   tags: