aboutsummaryrefslogtreecommitdiffstats
path: root/roles/znc/templates
diff options
context:
space:
mode:
Diffstat (limited to 'roles/znc/templates')
-rw-r--r--roles/znc/templates/acme/znc.j234
-rw-r--r--roles/znc/templates/deploy_ssl.sh.j222
-rw-r--r--roles/znc/templates/znc.conf.j216
3 files changed, 27 insertions, 45 deletions
diff --git a/roles/znc/templates/acme/znc.j2 b/roles/znc/templates/acme/znc.j2
deleted file mode 100644
index 0be5dc0..0000000
--- a/roles/znc/templates/acme/znc.j2
+++ /dev/null
@@ -1,34 +0,0 @@
-#!/bin/sh
-#
-# ACME deployment script
-#
-
-# NOTE:
-# ZNC supports SSLKeyFile and SSLDHParamFile since v1.7
-#
-#cp -v /usr/local/etc/ssl/acme/private/{{ network.domain }}.pem \
-# {{ znc.data_dir }}/znc.ssl.key
-#cp -v /usr/local/etc/ssl/acme/{{ network.domain }}/fullchain.pem \
-# {{ znc.data_dir }}/znc.ssl.crt
-#chown znc:znc {{ znc.data_dir }}/znc.ssl.key {{ znc.data_dir }}/znc.ssl.crt
-#chmod 0400 {{ znc.data_dir }}/znc.ssl.key {{ znc.data_dir }}/znc.ssl.crt
-
-# SSL: https://wiki.znc.in/Signed_SSL_certificate
-# Everything in a single file, in the order from the most *private* to
-# the most *public* entries, except for the root certificate.
-# i.e., cat ssl.key ssl.cert dhparam.pem > znc.allinone.pem
-#
-cat /usr/local/etc/ssl/acme/private/{{ network.domain }}.pem \
- /usr/local/etc/ssl/acme/{{ network.domain }}/fullchain.pem \
- /usr/local/etc/ssl/dhparam4096.pem \
- > {{ znc.data_dir }}/znc.allinone.pem
-chown znc:znc {{ znc.data_dir }}/znc.allinone.pem
-chmod 0400 {{ znc.data_dir }}/znc.allinone.pem
-
-if pgrep -x znc >/dev/null; then
- echo "Reloading service znc: ..."
- killall -SIGHUP znc
- echo "ok"
-else
- echo "WARNING: service znc is not running" >&2
-fi
diff --git a/roles/znc/templates/deploy_ssl.sh.j2 b/roles/znc/templates/deploy_ssl.sh.j2
new file mode 100644
index 0000000..679ea4d
--- /dev/null
+++ b/roles/znc/templates/deploy_ssl.sh.j2
@@ -0,0 +1,22 @@
+#!/bin/sh
+#
+# Copy the issued SSL key and certificate to deploy them for ZNC.
+#
+# Reference: https://wiki.znc.in/Signed_SSL_certificate
+#
+
+cp -v {{ web.ssl_root }}/{{ network.domain }}/key \
+ {{ znc.data_dir }}/ssl.key
+cp -v {{ web.ssl_root }}/{{ network.domain }}/fullchain \
+ {{ znc.data_dir }}/ssl.crt
+chown znc:znc {{ znc.data_dir }}/ssl.key {{ znc.data_dir }}/ssl.crt
+chmod 0400 {{ znc.data_dir }}/ssl.key {{ znc.data_dir }}/ssl.crt
+
+if pgrep -x znc >/dev/null; then
+ echo -n "Reloading service znc ... "
+ # ZNC's service file doesn't support 'reload' command
+ killall -SIGHUP znc
+ echo "done"
+else
+ echo "WARNING: service znc is not running" >&2
+fi
diff --git a/roles/znc/templates/znc.conf.j2 b/roles/znc/templates/znc.conf.j2
index 17034d4..6b96611 100644
--- a/roles/znc/templates/znc.conf.j2
+++ b/roles/znc/templates/znc.conf.j2
@@ -12,21 +12,15 @@
// Also check http://wiki.znc.in/Configuration
//
-Version = 1.6.5
+Version = 1.7.4
HideVersion = true
MaxBufferSize = {{ znc.buffer_size }}
SSLProtocols = +TLSv1.2 -TLSv1.1 -TLSv1 -SSLv3 -SSLv2
-// SSL: https://wiki.znc.in/Signed_SSL_certificate
-// Everything in a single file, in the order from the most *private* to
-// the most *public* entries, except for the root certificate.
-// i.e., cat ssl.key ssl.cert dhparam.pem > znc.allinone.pem
-SSLCertFile = {{ znc.data_dir }}/znc.allinone.pem
-
-// NOTE: SSLKeyFile & SSLDHParamFile requires version >=1.7
-//SSLCertFile = {{ znc.data_dir }}/znc.ssl.crt
-//SSLKeyFile = {{ znc.data_dir }}/znc.ssl.key
-//SSLDHParamFile = /usr/local/etc/ssl/dhparam4096.pem
+// NOTE: SSLKeyFile & SSLDHParamFile require version >=1.7
+SSLCertFile = {{ znc.data_dir }}/ssl.crt
+SSLKeyFile = {{ znc.data_dir }}/ssl.key
+SSLDHParamFile = /usr/local/etc/ssl/dhparam4096.pem
// NOTE: DragonFly BSD doesn't allow using "IPV6_V6ONLY=0" to bind on
// both IPv4 & IPv6, therefore bind them separately.