diff options
| author | Aaron LI <aly@aaronly.me> | 2018-03-15 09:10:49 +0800 |
|---|---|---|
| committer | Aaron LI <aly@aaronly.me> | 2018-03-15 09:10:49 +0800 |
| commit | aed916dc76f5cf71b872d76a25083fd27af90b3d (patch) | |
| tree | a9de8c41fec0946defa2a706cf8c6de45818a4dc /roles/znc/templates | |
| parent | f2402b66976e57c457b36141444a3687ce918bfe (diff) | |
| download | ansible-dfly-vps-aed916dc76f5cf71b872d76a25083fd27af90b3d.tar.bz2 | |
znc: move data dir to /home/znc, listen on ipv4 & ipv6, fix reload
Diffstat (limited to 'roles/znc/templates')
| -rw-r--r-- | roles/znc/templates/acme/znc.j2 | 22 | ||||
| -rw-r--r-- | roles/znc/templates/znc.conf.j2 | 27 |
2 files changed, 28 insertions, 21 deletions
diff --git a/roles/znc/templates/acme/znc.j2 b/roles/znc/templates/acme/znc.j2 index de849b7..0be5dc0 100644 --- a/roles/znc/templates/acme/znc.j2 +++ b/roles/znc/templates/acme/znc.j2 @@ -7,11 +7,11 @@ # ZNC supports SSLKeyFile and SSLDHParamFile since v1.7 # #cp -v /usr/local/etc/ssl/acme/private/{{ network.domain }}.pem \ -# /usr/local/etc/znc/znc.ssl.key +# {{ znc.data_dir }}/znc.ssl.key #cp -v /usr/local/etc/ssl/acme/{{ network.domain }}/fullchain.pem \ -# /usr/local/etc/znc/znc.ssl.crt -#chown znc:znc /usr/local/etc/znc/znc.ssl.key /usr/local/etc/znc/znc.ssl.crt -#chmod 0400 /usr/local/etc/znc/znc.ssl.key /usr/local/etc/znc/znc.ssl.crt +# {{ znc.data_dir }}/znc.ssl.crt +#chown znc:znc {{ znc.data_dir }}/znc.ssl.key {{ znc.data_dir }}/znc.ssl.crt +#chmod 0400 {{ znc.data_dir }}/znc.ssl.key {{ znc.data_dir }}/znc.ssl.crt # SSL: https://wiki.znc.in/Signed_SSL_certificate # Everything in a single file, in the order from the most *private* to @@ -21,8 +21,14 @@ cat /usr/local/etc/ssl/acme/private/{{ network.domain }}.pem \ /usr/local/etc/ssl/acme/{{ network.domain }}/fullchain.pem \ /usr/local/etc/ssl/dhparam4096.pem \ - > /usr/local/etc/znc/znc.allinone.pem -chown znc:znc /usr/local/etc/znc/znc.allinone.pem -chmod 0400 /usr/local/etc/znc/znc.allinone.pem + > {{ znc.data_dir }}/znc.allinone.pem +chown znc:znc {{ znc.data_dir }}/znc.allinone.pem +chmod 0400 {{ znc.data_dir }}/znc.allinone.pem -reload znc +if pgrep -x znc >/dev/null; then + echo "Reloading service znc: ..." + killall -SIGHUP znc + echo "ok" +else + echo "WARNING: service znc is not running" >&2 +fi diff --git a/roles/znc/templates/znc.conf.j2 b/roles/znc/templates/znc.conf.j2 index affef0d..c1e97d4 100644 --- a/roles/znc/templates/znc.conf.j2 +++ b/roles/znc/templates/znc.conf.j2 @@ -12,13 +12,7 @@ // Also check http://en.znc.in/wiki/Configuration // -{% set data_dir = "/usr/local/etc/znc" %} - Version = 1.6.5 -AnonIPLimit = 10 -ConnectDelay = 5 -ProtectWebSessions = true -ServerThrottle = 30 HideVersion = true MaxBufferSize = {{ znc.buffer_size }} SSLProtocols = -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2 @@ -27,23 +21,30 @@ SSLProtocols = -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2 // Everything in a single file, in the order from the most *private* to // the most *public* entries, except for the root certificate. // i.e., cat ssl.key ssl.cert dhparam.pem > znc.allinone.pem -SSLCertFile = {{ data_dir }}/znc.allinone.pem +SSLCertFile = {{ znc.data_dir }}/znc.allinone.pem -//SSLCertFile = {{ data_dir }}/znc.ssl.crt +//SSLCertFile = {{ znc.data_dir }}/znc.ssl.crt // version >=1.7 -//SSLKeyFile = {{ data_dir }}/znc.ssl.key +//SSLKeyFile = {{ znc.data_dir }}/znc.ssl.key //SSLDHParamFile = /usr/local/etc/ssl/dhparam4096.pem -<Listener listener0> +<Listener ipv4> AllowIRC = true AllowWeb = false IPv4 = true - // NOTE: ZNC uses IPV6_V6ONLY to bind on IPv4+IPv6, however, it is - // NOT supported on DragonFly BSD. + // NOTE: DFly doesn't allow IPV6_V6ONLY=0 to bind IPv4+IPv6 IPv6 = false Port = {{ znc.port }} SSL = true </Listener> +<Listener ipv6> + AllowIRC = true + AllowWeb = false + IPv4 = false + IPv6 = true + Port = {{ znc.port }} + SSL = true +</Listener> <User {{ znc.username }}> Admin = true @@ -97,7 +98,7 @@ SSLCertFile = {{ data_dir }}/znc.allinone.pem {% endif %} {% for ch in net.channels -%} - <Chan #{{ ch }}> + <Chan #{{ ch | regex_replace('^#', '') }}> </Chan> {% endfor %} |