aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorAaron LI <aly@aaronly.me>2018-03-15 09:10:49 +0800
committerAaron LI <aly@aaronly.me>2018-03-15 09:10:49 +0800
commitaed916dc76f5cf71b872d76a25083fd27af90b3d (patch)
treea9de8c41fec0946defa2a706cf8c6de45818a4dc
parentf2402b66976e57c457b36141444a3687ce918bfe (diff)
downloadansible-dfly-vps-aed916dc76f5cf71b872d76a25083fd27af90b3d.tar.bz2
znc: move data dir to /home/znc, listen on ipv4 & ipv6, fix reload
-rw-r--r--group_vars/all/vars.yml1
-rw-r--r--roles/znc/handlers/main.yml3
-rw-r--r--roles/znc/tasks/main.yml23
-rw-r--r--roles/znc/templates/acme/znc.j222
-rw-r--r--roles/znc/templates/znc.conf.j227
5 files changed, 48 insertions, 28 deletions
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index 7d9a0b8..05c3c3c 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -116,6 +116,7 @@ vpn:
port: 8080
znc:
+ data_dir: /home/znc
# Admin & client user, as well as IRC nickname
username: "{{ vault_znc_username }}"
realname: "{{ vault_znc_realname }}"
diff --git a/roles/znc/handlers/main.yml b/roles/znc/handlers/main.yml
index 00090bb..858e8f5 100644
--- a/roles/znc/handlers/main.yml
+++ b/roles/znc/handlers/main.yml
@@ -1,3 +1,4 @@
---
- name: reload-znc
- command: rcreload znc
+ # NOTE: znc rc script doesn't support the reload command
+ command: killall -SIGHUP znc
diff --git a/roles/znc/tasks/main.yml b/roles/znc/tasks/main.yml
index e64949f..93754ff 100644
--- a/roles/znc/tasks/main.yml
+++ b/roles/znc/tasks/main.yml
@@ -4,23 +4,34 @@
name: znc
state: present
-- name: znc - create config directory
+- name: znc - create data and config directory
file:
- path: /usr/local/etc/znc/configs
+ path: "{{ znc.data_dir }}/configs"
state: directory
+ recurse: true
+ owner: znc
+ group: znc
+ mode: 0700
- name: znc - generate config file
template:
src: znc.conf.j2
- dest: /usr/local/etc/znc/configs/znc.conf
+ dest: "{{ znc.data_dir }}/configs/znc.conf"
owner: znc
group: znc
mode: 0600
- backup: yes
notify: reload-znc
-- name: znc - enable and start service
- command: rcenable znc
+- name: znc - enable service
+ blockinfile:
+ path: /etc/rc.conf
+ marker: "# {mark} ANSIBLE MANAGED - znc"
+ block: |
+ znc_conf_dir="{{ znc.data_dir }}"
+ znc_enable="YES"
+
+- name: znc - start service
+ command: rcstart znc
- name: acme - generate deployment script
template:
diff --git a/roles/znc/templates/acme/znc.j2 b/roles/znc/templates/acme/znc.j2
index de849b7..0be5dc0 100644
--- a/roles/znc/templates/acme/znc.j2
+++ b/roles/znc/templates/acme/znc.j2
@@ -7,11 +7,11 @@
# ZNC supports SSLKeyFile and SSLDHParamFile since v1.7
#
#cp -v /usr/local/etc/ssl/acme/private/{{ network.domain }}.pem \
-# /usr/local/etc/znc/znc.ssl.key
+# {{ znc.data_dir }}/znc.ssl.key
#cp -v /usr/local/etc/ssl/acme/{{ network.domain }}/fullchain.pem \
-# /usr/local/etc/znc/znc.ssl.crt
-#chown znc:znc /usr/local/etc/znc/znc.ssl.key /usr/local/etc/znc/znc.ssl.crt
-#chmod 0400 /usr/local/etc/znc/znc.ssl.key /usr/local/etc/znc/znc.ssl.crt
+# {{ znc.data_dir }}/znc.ssl.crt
+#chown znc:znc {{ znc.data_dir }}/znc.ssl.key {{ znc.data_dir }}/znc.ssl.crt
+#chmod 0400 {{ znc.data_dir }}/znc.ssl.key {{ znc.data_dir }}/znc.ssl.crt
# SSL: https://wiki.znc.in/Signed_SSL_certificate
# Everything in a single file, in the order from the most *private* to
@@ -21,8 +21,14 @@
cat /usr/local/etc/ssl/acme/private/{{ network.domain }}.pem \
/usr/local/etc/ssl/acme/{{ network.domain }}/fullchain.pem \
/usr/local/etc/ssl/dhparam4096.pem \
- > /usr/local/etc/znc/znc.allinone.pem
-chown znc:znc /usr/local/etc/znc/znc.allinone.pem
-chmod 0400 /usr/local/etc/znc/znc.allinone.pem
+ > {{ znc.data_dir }}/znc.allinone.pem
+chown znc:znc {{ znc.data_dir }}/znc.allinone.pem
+chmod 0400 {{ znc.data_dir }}/znc.allinone.pem
-reload znc
+if pgrep -x znc >/dev/null; then
+ echo "Reloading service znc: ..."
+ killall -SIGHUP znc
+ echo "ok"
+else
+ echo "WARNING: service znc is not running" >&2
+fi
diff --git a/roles/znc/templates/znc.conf.j2 b/roles/znc/templates/znc.conf.j2
index affef0d..c1e97d4 100644
--- a/roles/znc/templates/znc.conf.j2
+++ b/roles/znc/templates/znc.conf.j2
@@ -12,13 +12,7 @@
// Also check http://en.znc.in/wiki/Configuration
//
-{% set data_dir = "/usr/local/etc/znc" %}
-
Version = 1.6.5
-AnonIPLimit = 10
-ConnectDelay = 5
-ProtectWebSessions = true
-ServerThrottle = 30
HideVersion = true
MaxBufferSize = {{ znc.buffer_size }}
SSLProtocols = -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2
@@ -27,23 +21,30 @@ SSLProtocols = -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2
// Everything in a single file, in the order from the most *private* to
// the most *public* entries, except for the root certificate.
// i.e., cat ssl.key ssl.cert dhparam.pem > znc.allinone.pem
-SSLCertFile = {{ data_dir }}/znc.allinone.pem
+SSLCertFile = {{ znc.data_dir }}/znc.allinone.pem
-//SSLCertFile = {{ data_dir }}/znc.ssl.crt
+//SSLCertFile = {{ znc.data_dir }}/znc.ssl.crt
// version >=1.7
-//SSLKeyFile = {{ data_dir }}/znc.ssl.key
+//SSLKeyFile = {{ znc.data_dir }}/znc.ssl.key
//SSLDHParamFile = /usr/local/etc/ssl/dhparam4096.pem
-<Listener listener0>
+<Listener ipv4>
AllowIRC = true
AllowWeb = false
IPv4 = true
- // NOTE: ZNC uses IPV6_V6ONLY to bind on IPv4+IPv6, however, it is
- // NOT supported on DragonFly BSD.
+ // NOTE: DFly doesn't allow IPV6_V6ONLY=0 to bind IPv4+IPv6
IPv6 = false
Port = {{ znc.port }}
SSL = true
</Listener>
+<Listener ipv6>
+ AllowIRC = true
+ AllowWeb = false
+ IPv4 = false
+ IPv6 = true
+ Port = {{ znc.port }}
+ SSL = true
+</Listener>
<User {{ znc.username }}>
Admin = true
@@ -97,7 +98,7 @@ SSLCertFile = {{ data_dir }}/znc.allinone.pem
{% endif %}
{% for ch in net.channels -%}
- <Chan #{{ ch }}>
+ <Chan #{{ ch | regex_replace('^#', '') }}>
</Chan>
{% endfor %}