diff options
| -rw-r--r-- | deploy.yml | 2 | ||||
| -rw-r--r-- | group_vars/all/vars.yml | 23 | ||||
| -rw-r--r-- | group_vars/all/vault.yml | 26 | ||||
| -rw-r--r-- | roles/znc/handlers/main.yml | 3 | ||||
| -rw-r--r-- | roles/znc/tasks/main.yml | 29 | ||||
| -rw-r--r-- | roles/znc/templates/acme/znc.j2 | 28 | ||||
| -rw-r--r-- | roles/znc/templates/znc.conf.j2 | 107 |
7 files changed, 211 insertions, 7 deletions
@@ -17,5 +17,7 @@ tags: mail - role: shadowsocks tags: shadowsocks + - role: znc + tags: znc # vim: set ft=yaml sw=2: # diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 80f97ef..86b074d 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -115,4 +115,27 @@ vpn: network4: 10.6.20.0 port: 8080 +znc: + # Admin & client user, as well as IRC nickname + username: "{{ vault_znc_username }}" + realname: "{{ vault_znc_realname }}" + password: "{{ vault_znc_password }}" + port: 6697 + # Buffer size for each channel/query playback + buffer_size: 5000 + # Whether channel buffers are automatically cleared after playback + auto_clear_chan_buffer: "true" + # Quit message when disconnecting or shutting down + quit_msg: "see you" + # IRC networks + networks: + # EFNet: http://www.efnet.org/?module=servers + - name: efnet + server: efnet.port80.se + port: 6667 + ssl: false + # Without the beginning '#' + channels: + - dragonflybsd + # vim: set ft=yaml sw=2: # diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml index 47aceae..30bec53 100644 --- a/group_vars/all/vault.yml +++ b/group_vars/all/vault.yml @@ -1,8 +1,20 @@ $ANSIBLE_VAULT;1.1;AES256 -36633265653732353166323733663635323362663563656236303463313731336436633363386631 -3031383935653637646134303162333431303266646433370a303133376536393261616239396464 -61306630333230303335383437643737633739306366653464623835646436616330396265316364 -6637663238323666320a383566646464633961323363616132326266343162646364623839616164 -33343763613535336464373361633862613032663738373534656162306232666161663666643832 -63396262336566303332643832373339353334656461373536383630393437313737343466393037 -373635323561386564336534623134663832 +65316331323834623136353637646131316535356337336536663638353165383035343339323934 +3335613462656231396433626663303864383161316235370a356333323535366466643262653234 +62666364616137356138363333306664313532323262616363646231306666343434333934346533 +6535316164623461320a366362333139306430636237313339356131356134306339616463356264 +61366663353036653063373863643337613635376663636265306663653663363262316433373339 +31633365633235653063323034653038383932656561363161323236653064613038336461353233 +34373366326334623062363362393631373737303330343033643937623730353062393139386132 +35623161303232383930613564393362656632313562393765323533306139346237386461386339 +34336639326163643631303661303762303539356130306239336335376361663235383335333931 +37633466343933643666366132613839383964366535356466623837313464636438393036643865 +34396265353130666539366562643366626463633662336431366337393032663563323334636465 +64336139316666323037313062393335346638663961643635386534613161373435663461313464 +63343432626164306231346533616131633531643037353365366130303838353863663333373966 +30363830653061333165363432303261396332353463663034366161323862333562353062343461 +65633034303237623337316562656636626131323662316562616233333563393932363664653064 +65626462666434653265626435373635316466366333366632336265636632633465356337656466 +66626530396138663466383461313038363331346334613230353939323337336433306565326263 +39346535363861393961316362386363383938393538373038366537393861623666383137666239 +623231396461386461663439343661383336 diff --git a/roles/znc/handlers/main.yml b/roles/znc/handlers/main.yml new file mode 100644 index 0000000..00090bb --- /dev/null +++ b/roles/znc/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: reload-znc + command: rcreload znc diff --git a/roles/znc/tasks/main.yml b/roles/znc/tasks/main.yml new file mode 100644 index 0000000..e64949f --- /dev/null +++ b/roles/znc/tasks/main.yml @@ -0,0 +1,29 @@ +--- +- name: znc - install package + pkgng: + name: znc + state: present + +- name: znc - create config directory + file: + path: /usr/local/etc/znc/configs + state: directory + +- name: znc - generate config file + template: + src: znc.conf.j2 + dest: /usr/local/etc/znc/configs/znc.conf + owner: znc + group: znc + mode: 0600 + backup: yes + notify: reload-znc + +- name: znc - enable and start service + command: rcenable znc + +- name: acme - generate deployment script + template: + src: acme/znc.j2 + dest: /usr/local/etc/acme/deploy.d/znc + tags: acme diff --git a/roles/znc/templates/acme/znc.j2 b/roles/znc/templates/acme/znc.j2 new file mode 100644 index 0000000..de849b7 --- /dev/null +++ b/roles/znc/templates/acme/znc.j2 @@ -0,0 +1,28 @@ +#!/bin/sh +# +# ACME deployment script +# + +# NOTE: +# ZNC supports SSLKeyFile and SSLDHParamFile since v1.7 +# +#cp -v /usr/local/etc/ssl/acme/private/{{ network.domain }}.pem \ +# /usr/local/etc/znc/znc.ssl.key +#cp -v /usr/local/etc/ssl/acme/{{ network.domain }}/fullchain.pem \ +# /usr/local/etc/znc/znc.ssl.crt +#chown znc:znc /usr/local/etc/znc/znc.ssl.key /usr/local/etc/znc/znc.ssl.crt +#chmod 0400 /usr/local/etc/znc/znc.ssl.key /usr/local/etc/znc/znc.ssl.crt + +# SSL: https://wiki.znc.in/Signed_SSL_certificate +# Everything in a single file, in the order from the most *private* to +# the most *public* entries, except for the root certificate. +# i.e., cat ssl.key ssl.cert dhparam.pem > znc.allinone.pem +# +cat /usr/local/etc/ssl/acme/private/{{ network.domain }}.pem \ + /usr/local/etc/ssl/acme/{{ network.domain }}/fullchain.pem \ + /usr/local/etc/ssl/dhparam4096.pem \ + > /usr/local/etc/znc/znc.allinone.pem +chown znc:znc /usr/local/etc/znc/znc.allinone.pem +chmod 0400 /usr/local/etc/znc/znc.allinone.pem + +reload znc diff --git a/roles/znc/templates/znc.conf.j2 b/roles/znc/templates/znc.conf.j2 new file mode 100644 index 0000000..affef0d --- /dev/null +++ b/roles/znc/templates/znc.conf.j2 @@ -0,0 +1,107 @@ +// +// WARNING +// +// Do NOT edit this file while ZNC is running! +// Use webadmin or *controlpanel instead. +// +// Altering this file by hand will forfeit all support. +// +// But if you feel risky, you might want to read help on: +// /znc saveconfig +// /znc rehash. +// Also check http://en.znc.in/wiki/Configuration +// + +{% set data_dir = "/usr/local/etc/znc" %} + +Version = 1.6.5 +AnonIPLimit = 10 +ConnectDelay = 5 +ProtectWebSessions = true +ServerThrottle = 30 +HideVersion = true +MaxBufferSize = {{ znc.buffer_size }} +SSLProtocols = -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2 + +// SSL: https://wiki.znc.in/Signed_SSL_certificate +// Everything in a single file, in the order from the most *private* to +// the most *public* entries, except for the root certificate. +// i.e., cat ssl.key ssl.cert dhparam.pem > znc.allinone.pem +SSLCertFile = {{ data_dir }}/znc.allinone.pem + +//SSLCertFile = {{ data_dir }}/znc.ssl.crt +// version >=1.7 +//SSLKeyFile = {{ data_dir }}/znc.ssl.key +//SSLDHParamFile = /usr/local/etc/ssl/dhparam4096.pem + +<Listener listener0> + AllowIRC = true + AllowWeb = false + IPv4 = true + // NOTE: ZNC uses IPV6_V6ONLY to bind on IPv4+IPv6, however, it is + // NOT supported on DragonFly BSD. + IPv6 = false + Port = {{ znc.port }} + SSL = true +</Listener> + +<User {{ znc.username }}> + Admin = true + Pass = {{ znc.password }} + Nick = {{ znc.username }} + AltNick = {{ znc.username }}_ + Ident = {{ znc.username }} + RealName = {{ znc.realname }} + + Buffer = {{ znc.buffer_size }} + AutoClearChanBuffer = {{ znc.auto_clear_chan_buffer }} + AppendTimestamp = false + PrependTimestamp = true + + StatusPrefix = * + ChanModes = +stn + DenyLoadMod = false + DenySetBindHost = false + + // Save channels to config when user joins and parts + LoadModule = chansaver + // Log chat activity to file + LoadModule = log + // Allow to add/remove/edit users/settings on the fly via IRC msgs + LoadModule = controlpanel + + JoinTries = 10 + MaxJoins = 3 + MaxNetworks = 5 + MultiClients = true + QuitMsg = {{ znc.quit_msg }} + +{% for net in znc.networks %} + <Network {{ net.name }}> + // Automatically connects to the network + IRCConnectEnabled = true + + // Automatically set you away on IRC when disconnected + LoadModule = simple_away + // Routes back answers to the right client when connected with + // multiple clients + LoadModule = route_replies + // Try to get and keep the primary nick if it is taken + LoadModule = keepnick + // Auth with NickServ + LoadModule = nickserv + + Server = {{ net.server }} {% if net.ssl|default(false) %}+{% endif%}{{ net.port }} {{ net.password|default("") }} + {% if net.fingerprint is defined -%} + TrustedServerFingerprint = {{ net.fingerprint }} + {% endif %} + + {% for ch in net.channels -%} + <Chan #{{ ch }}> + </Chan> + {% endfor %} + + </Network> + +{% endfor %} +</User> |