aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAaron LI <aly@aaronly.me>2019-09-22 13:03:02 +0800
committerAaron LI <aly@aaronly.me>2019-09-22 13:03:02 +0800
commit1975ac785727e1a19931e202d0e670e8c0905641 (patch)
tree7d0352e61594a55821bb70e6072f393a4c544768
parent3a46c140fe496dba09726ffe31995bce92cad07f (diff)
downloadansible-dfly-vps-1975ac785727e1a19931e202d0e670e8c0905641.tar.bz2
znc: Use multiple servers and enable SSL
But accept all certificates, because most IRC servers use self-signed certificates.
-rw-r--r--group_vars/all/vars.yml13
-rw-r--r--roles/znc/templates/znc.conf.j212
2 files changed, 18 insertions, 7 deletions
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index 107aa41..665f8bd 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -174,9 +174,16 @@ znc:
networks:
# EFNet: http://www.efnet.org/?module=servers
- name: efnet
- server: efnet.port80.se
- port: 6667
- ssl: false
+ servers:
+ - name: irc.choopa.net
+ port: 9999
+ ssl: true
+ - name: irc.underworld.no
+ port: 6697
+ ssl: true
+ - name: efnet.port80.se
+ port: 6697
+ ssl: true
# Without the beginning '#'
channels:
- dragonflybsd
diff --git a/roles/znc/templates/znc.conf.j2 b/roles/znc/templates/znc.conf.j2
index 6b96611..2380ad4 100644
--- a/roles/znc/templates/znc.conf.j2
+++ b/roles/znc/templates/znc.conf.j2
@@ -22,6 +22,8 @@ SSLCertFile = {{ znc.data_dir }}/ssl.crt
SSLKeyFile = {{ znc.data_dir }}/ssl.key
SSLDHParamFile = /usr/local/etc/ssl/dhparam4096.pem
+LoadModule = adminlog
+
// NOTE: DragonFly BSD doesn't allow using "IPV6_V6ONLY=0" to bind on
// both IPv4 & IPv6, therefore bind them separately.
{% for listener in ["ipv4", "ipv6"] %}
@@ -89,10 +91,12 @@ SSLDHParamFile = /usr/local/etc/ssl/dhparam4096.pem
// Auth with NickServ
LoadModule = nickserv
- Server = {{ net.server }} {% if net.ssl|default(false) %}+{% endif%}{{ net.port }} {{ net.password|default("") }}
- {% if net.fingerprint is defined -%}
- TrustedServerFingerprint = {{ net.fingerprint }}
- {% endif %}
+ {% for server in net.servers -%}
+ Server = {{ server.name }} {% if server.ssl|default(false) %}+{% endif%}{{ server.port }} {{ server.password|default("") }}
+ {% endfor %}
+
+ TrustPKI = true
+ TrustAllCerts = true
{% for ch in net.channels -%}
<Chan #{{ ch | regex_replace('^#', '') }}>