diff options
| author | Aaron LI <aly@aaronly.me> | 2018-03-14 17:18:01 +0800 |
|---|---|---|
| committer | Aaron LI <aly@aaronly.me> | 2018-03-14 17:18:01 +0800 |
| commit | de6c949a2956deed27b9c053bfcaac1a47ed43a6 (patch) | |
| tree | 9ef16150e20ad4fe5072f64d9388660c25aa0ed6 /roles | |
| parent | 4e4575924b61d26c9e3e0d0770fc2908ac192f7f (diff) | |
| download | ansible-dfly-vps-de6c949a2956deed27b9c053bfcaac1a47ed43a6.tar.bz2 | |
Add znc role: IRC bouncer
Diffstat (limited to 'roles')
| -rw-r--r-- | roles/znc/handlers/main.yml | 3 | ||||
| -rw-r--r-- | roles/znc/tasks/main.yml | 29 | ||||
| -rw-r--r-- | roles/znc/templates/acme/znc.j2 | 28 | ||||
| -rw-r--r-- | roles/znc/templates/znc.conf.j2 | 107 |
4 files changed, 167 insertions, 0 deletions
diff --git a/roles/znc/handlers/main.yml b/roles/znc/handlers/main.yml new file mode 100644 index 0000000..00090bb --- /dev/null +++ b/roles/znc/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: reload-znc + command: rcreload znc diff --git a/roles/znc/tasks/main.yml b/roles/znc/tasks/main.yml new file mode 100644 index 0000000..e64949f --- /dev/null +++ b/roles/znc/tasks/main.yml @@ -0,0 +1,29 @@ +--- +- name: znc - install package + pkgng: + name: znc + state: present + +- name: znc - create config directory + file: + path: /usr/local/etc/znc/configs + state: directory + +- name: znc - generate config file + template: + src: znc.conf.j2 + dest: /usr/local/etc/znc/configs/znc.conf + owner: znc + group: znc + mode: 0600 + backup: yes + notify: reload-znc + +- name: znc - enable and start service + command: rcenable znc + +- name: acme - generate deployment script + template: + src: acme/znc.j2 + dest: /usr/local/etc/acme/deploy.d/znc + tags: acme diff --git a/roles/znc/templates/acme/znc.j2 b/roles/znc/templates/acme/znc.j2 new file mode 100644 index 0000000..de849b7 --- /dev/null +++ b/roles/znc/templates/acme/znc.j2 @@ -0,0 +1,28 @@ +#!/bin/sh +# +# ACME deployment script +# + +# NOTE: +# ZNC supports SSLKeyFile and SSLDHParamFile since v1.7 +# +#cp -v /usr/local/etc/ssl/acme/private/{{ network.domain }}.pem \ +# /usr/local/etc/znc/znc.ssl.key +#cp -v /usr/local/etc/ssl/acme/{{ network.domain }}/fullchain.pem \ +# /usr/local/etc/znc/znc.ssl.crt +#chown znc:znc /usr/local/etc/znc/znc.ssl.key /usr/local/etc/znc/znc.ssl.crt +#chmod 0400 /usr/local/etc/znc/znc.ssl.key /usr/local/etc/znc/znc.ssl.crt + +# SSL: https://wiki.znc.in/Signed_SSL_certificate +# Everything in a single file, in the order from the most *private* to +# the most *public* entries, except for the root certificate. +# i.e., cat ssl.key ssl.cert dhparam.pem > znc.allinone.pem +# +cat /usr/local/etc/ssl/acme/private/{{ network.domain }}.pem \ + /usr/local/etc/ssl/acme/{{ network.domain }}/fullchain.pem \ + /usr/local/etc/ssl/dhparam4096.pem \ + > /usr/local/etc/znc/znc.allinone.pem +chown znc:znc /usr/local/etc/znc/znc.allinone.pem +chmod 0400 /usr/local/etc/znc/znc.allinone.pem + +reload znc diff --git a/roles/znc/templates/znc.conf.j2 b/roles/znc/templates/znc.conf.j2 new file mode 100644 index 0000000..affef0d --- /dev/null +++ b/roles/znc/templates/znc.conf.j2 @@ -0,0 +1,107 @@ +// +// WARNING +// +// Do NOT edit this file while ZNC is running! +// Use webadmin or *controlpanel instead. +// +// Altering this file by hand will forfeit all support. +// +// But if you feel risky, you might want to read help on: +// /znc saveconfig +// /znc rehash. +// Also check http://en.znc.in/wiki/Configuration +// + +{% set data_dir = "/usr/local/etc/znc" %} + +Version = 1.6.5 +AnonIPLimit = 10 +ConnectDelay = 5 +ProtectWebSessions = true +ServerThrottle = 30 +HideVersion = true +MaxBufferSize = {{ znc.buffer_size }} +SSLProtocols = -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2 + +// SSL: https://wiki.znc.in/Signed_SSL_certificate +// Everything in a single file, in the order from the most *private* to +// the most *public* entries, except for the root certificate. +// i.e., cat ssl.key ssl.cert dhparam.pem > znc.allinone.pem +SSLCertFile = {{ data_dir }}/znc.allinone.pem + +//SSLCertFile = {{ data_dir }}/znc.ssl.crt +// version >=1.7 +//SSLKeyFile = {{ data_dir }}/znc.ssl.key +//SSLDHParamFile = /usr/local/etc/ssl/dhparam4096.pem + +<Listener listener0> + AllowIRC = true + AllowWeb = false + IPv4 = true + // NOTE: ZNC uses IPV6_V6ONLY to bind on IPv4+IPv6, however, it is + // NOT supported on DragonFly BSD. + IPv6 = false + Port = {{ znc.port }} + SSL = true +</Listener> + +<User {{ znc.username }}> + Admin = true + Pass = {{ znc.password }} + Nick = {{ znc.username }} + AltNick = {{ znc.username }}_ + Ident = {{ znc.username }} + RealName = {{ znc.realname }} + + Buffer = {{ znc.buffer_size }} + AutoClearChanBuffer = {{ znc.auto_clear_chan_buffer }} + AppendTimestamp = false + PrependTimestamp = true + + StatusPrefix = * + ChanModes = +stn + DenyLoadMod = false + DenySetBindHost = false + + // Save channels to config when user joins and parts + LoadModule = chansaver + // Log chat activity to file + LoadModule = log + // Allow to add/remove/edit users/settings on the fly via IRC msgs + LoadModule = controlpanel + + JoinTries = 10 + MaxJoins = 3 + MaxNetworks = 5 + MultiClients = true + QuitMsg = {{ znc.quit_msg }} + +{% for net in znc.networks %} + <Network {{ net.name }}> + // Automatically connects to the network + IRCConnectEnabled = true + + // Automatically set you away on IRC when disconnected + LoadModule = simple_away + // Routes back answers to the right client when connected with + // multiple clients + LoadModule = route_replies + // Try to get and keep the primary nick if it is taken + LoadModule = keepnick + // Auth with NickServ + LoadModule = nickserv + + Server = {{ net.server }} {% if net.ssl|default(false) %}+{% endif%}{{ net.port }} {{ net.password|default("") }} + {% if net.fingerprint is defined -%} + TrustedServerFingerprint = {{ net.fingerprint }} + {% endif %} + + {% for ch in net.channels -%} + <Chan #{{ ch }}> + </Chan> + {% endfor %} + + </Network> + +{% endfor %} +</User> |