diff options
| author | Aaron LI <aly@aaronly.me> | 2019-09-22 13:03:02 +0800 |
|---|---|---|
| committer | Aaron LI <aly@aaronly.me> | 2019-09-22 13:03:02 +0800 |
| commit | 1975ac785727e1a19931e202d0e670e8c0905641 (patch) | |
| tree | 7d0352e61594a55821bb70e6072f393a4c544768 | |
| parent | 3a46c140fe496dba09726ffe31995bce92cad07f (diff) | |
| download | ansible-dfly-vps-1975ac785727e1a19931e202d0e670e8c0905641.tar.bz2 | |
znc: Use multiple servers and enable SSL
But accept all certificates, because most IRC servers use self-signed
certificates.
| -rw-r--r-- | group_vars/all/vars.yml | 13 | ||||
| -rw-r--r-- | roles/znc/templates/znc.conf.j2 | 12 |
2 files changed, 18 insertions, 7 deletions
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 107aa41..665f8bd 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -174,9 +174,16 @@ znc: networks: # EFNet: http://www.efnet.org/?module=servers - name: efnet - server: efnet.port80.se - port: 6667 - ssl: false + servers: + - name: irc.choopa.net + port: 9999 + ssl: true + - name: irc.underworld.no + port: 6697 + ssl: true + - name: efnet.port80.se + port: 6697 + ssl: true # Without the beginning '#' channels: - dragonflybsd diff --git a/roles/znc/templates/znc.conf.j2 b/roles/znc/templates/znc.conf.j2 index 6b96611..2380ad4 100644 --- a/roles/znc/templates/znc.conf.j2 +++ b/roles/znc/templates/znc.conf.j2 @@ -22,6 +22,8 @@ SSLCertFile = {{ znc.data_dir }}/ssl.crt SSLKeyFile = {{ znc.data_dir }}/ssl.key SSLDHParamFile = /usr/local/etc/ssl/dhparam4096.pem +LoadModule = adminlog + // NOTE: DragonFly BSD doesn't allow using "IPV6_V6ONLY=0" to bind on // both IPv4 & IPv6, therefore bind them separately. {% for listener in ["ipv4", "ipv6"] %} @@ -89,10 +91,12 @@ SSLDHParamFile = /usr/local/etc/ssl/dhparam4096.pem // Auth with NickServ LoadModule = nickserv - Server = {{ net.server }} {% if net.ssl|default(false) %}+{% endif%}{{ net.port }} {{ net.password|default("") }} - {% if net.fingerprint is defined -%} - TrustedServerFingerprint = {{ net.fingerprint }} - {% endif %} + {% for server in net.servers -%} + Server = {{ server.name }} {% if server.ssl|default(false) %}+{% endif%}{{ server.port }} {{ server.password|default("") }} + {% endfor %} + + TrustPKI = true + TrustAllCerts = true {% for ch in net.channels -%} <Chan #{{ ch | regex_replace('^#', '') }}> |