aboutsummaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorAaron LI <aly@aaronly.me>2018-03-16 22:56:56 +0800
committerAaron LI <aly@aaronly.me>2018-03-16 22:56:56 +0800
commit097cb80499bbed7148fa3b77a555a43d915d39c5 (patch)
tree529313ae8d98c420faf475f10837dc33a927f6df /roles
parentaed916dc76f5cf71b872d76a25083fd27af90b3d (diff)
downloadansible-dfly-vps-097cb80499bbed7148fa3b77a555a43d915d39c5.tar.bz2
znc: simply and improve listeners templating
Diffstat (limited to 'roles')
-rw-r--r--roles/znc/templates/znc.conf.j223
1 files changed, 9 insertions, 14 deletions
diff --git a/roles/znc/templates/znc.conf.j2 b/roles/znc/templates/znc.conf.j2
index c1e97d4..71f3495 100644
--- a/roles/znc/templates/znc.conf.j2
+++ b/roles/znc/templates/znc.conf.j2
@@ -15,7 +15,7 @@
Version = 1.6.5
HideVersion = true
MaxBufferSize = {{ znc.buffer_size }}
-SSLProtocols = -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2
+SSLProtocols = +TLSv1.2 -TLSv1.1 -TLSv1 -SSLv3 -SSLv2
// SSL: https://wiki.znc.in/Signed_SSL_certificate
// Everything in a single file, in the order from the most *private* to
@@ -23,28 +23,23 @@ SSLProtocols = -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2
// i.e., cat ssl.key ssl.cert dhparam.pem > znc.allinone.pem
SSLCertFile = {{ znc.data_dir }}/znc.allinone.pem
+// NOTE: SSLKeyFile & SSLDHParamFile requires version >=1.7
//SSLCertFile = {{ znc.data_dir }}/znc.ssl.crt
-// version >=1.7
//SSLKeyFile = {{ znc.data_dir }}/znc.ssl.key
//SSLDHParamFile = /usr/local/etc/ssl/dhparam4096.pem
-<Listener ipv4>
+// NOTE: DragonFly BSD doesn't allow using "IPV6_V6ONLY=0" to bind on
+// both IPv4 & IPv6, therefore bind them separately.
+{% for listener in ["ipv4", "ipv6"] %}
+<Listener {{ listener }}>
AllowIRC = true
AllowWeb = false
- IPv4 = true
- // NOTE: DFly doesn't allow IPV6_V6ONLY=0 to bind IPv4+IPv6
- IPv6 = false
- Port = {{ znc.port }}
- SSL = true
-</Listener>
-<Listener ipv6>
- AllowIRC = true
- AllowWeb = false
- IPv4 = false
- IPv6 = true
+ IPv4 = {% if listener == "ipv4" %}true{% else %}false{% endif %}
+ IPv6 = {% if listener == "ipv6" %}true{% else %}false{% endif %}
Port = {{ znc.port }}
SSL = true
</Listener>
+{% endfor %}
<User {{ znc.username }}>
Admin = true