Add znc role: IRC bouncer

1 files changed, 28 insertions, 0 deletions

diff --git a/roles/znc/templates/acme/znc.j2 b/roles/znc/templates/acme/znc.j2
new file mode 100644
index 0000000..de849b7
--- /dev/null
+++ b/roles/znc/templates/acme/znc.j2
@@ -0,0 +1,28 @@
+#!/bin/sh
+#
+# ACME deployment script
+#
+
+# NOTE:
+# ZNC supports SSLKeyFile and SSLDHParamFile since v1.7
+#
+#cp -v /usr/local/etc/ssl/acme/private/{{ network.domain }}.pem \
+#      /usr/local/etc/znc/znc.ssl.key
+#cp -v /usr/local/etc/ssl/acme/{{ network.domain }}/fullchain.pem \
+#      /usr/local/etc/znc/znc.ssl.crt
+#chown znc:znc /usr/local/etc/znc/znc.ssl.key /usr/local/etc/znc/znc.ssl.crt
+#chmod 0400    /usr/local/etc/znc/znc.ssl.key /usr/local/etc/znc/znc.ssl.crt
+
+# SSL: https://wiki.znc.in/Signed_SSL_certificate
+# Everything in a single file, in the order from the most *private* to
+# the most *public* entries, except for the root certificate.
+# i.e., cat ssl.key ssl.cert dhparam.pem > znc.allinone.pem
+#
+cat /usr/local/etc/ssl/acme/private/{{ network.domain }}.pem \
+    /usr/local/etc/ssl/acme/{{ network.domain }}/fullchain.pem \
+    /usr/local/etc/ssl/dhparam4096.pem \
+    > /usr/local/etc/znc/znc.allinone.pem
+chown znc:znc /usr/local/etc/znc/znc.allinone.pem
+chmod 0400    /usr/local/etc/znc/znc.allinone.pem
+
+reload znc