diff options
| -rw-r--r-- | group_vars/all/vars.yml | 1 | ||||
| -rw-r--r-- | roles/znc/handlers/main.yml | 3 | ||||
| -rw-r--r-- | roles/znc/tasks/main.yml | 23 | ||||
| -rw-r--r-- | roles/znc/templates/acme/znc.j2 | 22 | ||||
| -rw-r--r-- | roles/znc/templates/znc.conf.j2 | 27 |
5 files changed, 48 insertions, 28 deletions
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 7d9a0b8..05c3c3c 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -116,6 +116,7 @@ vpn: port: 8080 znc: + data_dir: /home/znc # Admin & client user, as well as IRC nickname username: "{{ vault_znc_username }}" realname: "{{ vault_znc_realname }}" diff --git a/roles/znc/handlers/main.yml b/roles/znc/handlers/main.yml index 00090bb..858e8f5 100644 --- a/roles/znc/handlers/main.yml +++ b/roles/znc/handlers/main.yml @@ -1,3 +1,4 @@ --- - name: reload-znc - command: rcreload znc + # NOTE: znc rc script doesn't support the reload command + command: killall -SIGHUP znc diff --git a/roles/znc/tasks/main.yml b/roles/znc/tasks/main.yml index e64949f..93754ff 100644 --- a/roles/znc/tasks/main.yml +++ b/roles/znc/tasks/main.yml @@ -4,23 +4,34 @@ name: znc state: present -- name: znc - create config directory +- name: znc - create data and config directory file: - path: /usr/local/etc/znc/configs + path: "{{ znc.data_dir }}/configs" state: directory + recurse: true + owner: znc + group: znc + mode: 0700 - name: znc - generate config file template: src: znc.conf.j2 - dest: /usr/local/etc/znc/configs/znc.conf + dest: "{{ znc.data_dir }}/configs/znc.conf" owner: znc group: znc mode: 0600 - backup: yes notify: reload-znc -- name: znc - enable and start service - command: rcenable znc +- name: znc - enable service + blockinfile: + path: /etc/rc.conf + marker: "# {mark} ANSIBLE MANAGED - znc" + block: | + znc_conf_dir="{{ znc.data_dir }}" + znc_enable="YES" + +- name: znc - start service + command: rcstart znc - name: acme - generate deployment script template: diff --git a/roles/znc/templates/acme/znc.j2 b/roles/znc/templates/acme/znc.j2 index de849b7..0be5dc0 100644 --- a/roles/znc/templates/acme/znc.j2 +++ b/roles/znc/templates/acme/znc.j2 @@ -7,11 +7,11 @@ # ZNC supports SSLKeyFile and SSLDHParamFile since v1.7 # #cp -v /usr/local/etc/ssl/acme/private/{{ network.domain }}.pem \ -# /usr/local/etc/znc/znc.ssl.key +# {{ znc.data_dir }}/znc.ssl.key #cp -v /usr/local/etc/ssl/acme/{{ network.domain }}/fullchain.pem \ -# /usr/local/etc/znc/znc.ssl.crt -#chown znc:znc /usr/local/etc/znc/znc.ssl.key /usr/local/etc/znc/znc.ssl.crt -#chmod 0400 /usr/local/etc/znc/znc.ssl.key /usr/local/etc/znc/znc.ssl.crt +# {{ znc.data_dir }}/znc.ssl.crt +#chown znc:znc {{ znc.data_dir }}/znc.ssl.key {{ znc.data_dir }}/znc.ssl.crt +#chmod 0400 {{ znc.data_dir }}/znc.ssl.key {{ znc.data_dir }}/znc.ssl.crt # SSL: https://wiki.znc.in/Signed_SSL_certificate # Everything in a single file, in the order from the most *private* to @@ -21,8 +21,14 @@ cat /usr/local/etc/ssl/acme/private/{{ network.domain }}.pem \ /usr/local/etc/ssl/acme/{{ network.domain }}/fullchain.pem \ /usr/local/etc/ssl/dhparam4096.pem \ - > /usr/local/etc/znc/znc.allinone.pem -chown znc:znc /usr/local/etc/znc/znc.allinone.pem -chmod 0400 /usr/local/etc/znc/znc.allinone.pem + > {{ znc.data_dir }}/znc.allinone.pem +chown znc:znc {{ znc.data_dir }}/znc.allinone.pem +chmod 0400 {{ znc.data_dir }}/znc.allinone.pem -reload znc +if pgrep -x znc >/dev/null; then + echo "Reloading service znc: ..." + killall -SIGHUP znc + echo "ok" +else + echo "WARNING: service znc is not running" >&2 +fi diff --git a/roles/znc/templates/znc.conf.j2 b/roles/znc/templates/znc.conf.j2 index affef0d..c1e97d4 100644 --- a/roles/znc/templates/znc.conf.j2 +++ b/roles/znc/templates/znc.conf.j2 @@ -12,13 +12,7 @@ // Also check http://en.znc.in/wiki/Configuration // -{% set data_dir = "/usr/local/etc/znc" %} - Version = 1.6.5 -AnonIPLimit = 10 -ConnectDelay = 5 -ProtectWebSessions = true -ServerThrottle = 30 HideVersion = true MaxBufferSize = {{ znc.buffer_size }} SSLProtocols = -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2 @@ -27,23 +21,30 @@ SSLProtocols = -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2 // Everything in a single file, in the order from the most *private* to // the most *public* entries, except for the root certificate. // i.e., cat ssl.key ssl.cert dhparam.pem > znc.allinone.pem -SSLCertFile = {{ data_dir }}/znc.allinone.pem +SSLCertFile = {{ znc.data_dir }}/znc.allinone.pem -//SSLCertFile = {{ data_dir }}/znc.ssl.crt +//SSLCertFile = {{ znc.data_dir }}/znc.ssl.crt // version >=1.7 -//SSLKeyFile = {{ data_dir }}/znc.ssl.key +//SSLKeyFile = {{ znc.data_dir }}/znc.ssl.key //SSLDHParamFile = /usr/local/etc/ssl/dhparam4096.pem -<Listener listener0> +<Listener ipv4> AllowIRC = true AllowWeb = false IPv4 = true - // NOTE: ZNC uses IPV6_V6ONLY to bind on IPv4+IPv6, however, it is - // NOT supported on DragonFly BSD. + // NOTE: DFly doesn't allow IPV6_V6ONLY=0 to bind IPv4+IPv6 IPv6 = false Port = {{ znc.port }} SSL = true </Listener> +<Listener ipv6> + AllowIRC = true + AllowWeb = false + IPv4 = false + IPv6 = true + Port = {{ znc.port }} + SSL = true +</Listener> <User {{ znc.username }}> Admin = true @@ -97,7 +98,7 @@ SSLCertFile = {{ data_dir }}/znc.allinone.pem {% endif %} {% for ch in net.channels -%} - <Chan #{{ ch }}> + <Chan #{{ ch | regex_replace('^#', '') }}> </Chan> {% endfor %} |