From 1975ac785727e1a19931e202d0e670e8c0905641 Mon Sep 17 00:00:00 2001 From: Aaron LI Date: Sun, 22 Sep 2019 13:03:02 +0800 Subject: znc: Use multiple servers and enable SSL But accept all certificates, because most IRC servers use self-signed certificates. --- group_vars/all/vars.yml | 13 ++++++++++--- roles/znc/templates/znc.conf.j2 | 12 ++++++++---- 2 files changed, 18 insertions(+), 7 deletions(-) diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml index 107aa41..665f8bd 100644 --- a/group_vars/all/vars.yml +++ b/group_vars/all/vars.yml @@ -174,9 +174,16 @@ znc: networks: # EFNet: http://www.efnet.org/?module=servers - name: efnet - server: efnet.port80.se - port: 6667 - ssl: false + servers: + - name: irc.choopa.net + port: 9999 + ssl: true + - name: irc.underworld.no + port: 6697 + ssl: true + - name: efnet.port80.se + port: 6697 + ssl: true # Without the beginning '#' channels: - dragonflybsd diff --git a/roles/znc/templates/znc.conf.j2 b/roles/znc/templates/znc.conf.j2 index 6b96611..2380ad4 100644 --- a/roles/znc/templates/znc.conf.j2 +++ b/roles/znc/templates/znc.conf.j2 @@ -22,6 +22,8 @@ SSLCertFile = {{ znc.data_dir }}/ssl.crt SSLKeyFile = {{ znc.data_dir }}/ssl.key SSLDHParamFile = /usr/local/etc/ssl/dhparam4096.pem +LoadModule = adminlog + // NOTE: DragonFly BSD doesn't allow using "IPV6_V6ONLY=0" to bind on // both IPv4 & IPv6, therefore bind them separately. {% for listener in ["ipv4", "ipv6"] %} @@ -89,10 +91,12 @@ SSLDHParamFile = /usr/local/etc/ssl/dhparam4096.pem // Auth with NickServ LoadModule = nickserv - Server = {{ net.server }} {% if net.ssl|default(false) %}+{% endif%}{{ net.port }} {{ net.password|default("") }} - {% if net.fingerprint is defined -%} - TrustedServerFingerprint = {{ net.fingerprint }} - {% endif %} + {% for server in net.servers -%} + Server = {{ server.name }} {% if server.ssl|default(false) %}+{% endif%}{{ server.port }} {{ server.password|default("") }} + {% endfor %} + + TrustPKI = true + TrustAllCerts = true {% for ch in net.channels -%} -- cgit v1.2.2