From ca8703974ede3950eaed0589dc55b7e606224f98 Mon Sep 17 00:00:00 2001
From: Aaron LI <aly@aaronly.me>
Date: Sat, 17 Mar 2018 13:50:11 +0800
Subject: znc: Add filter znc_makepass, improve templating with ipv4+ipv6

---
 filter_plugins/znc.py           | 32 ++++++++++++++++++++++++++++++++
 group_vars/all/vars.yml         |  2 +-
 roles/znc/templates/znc.conf.j2 | 14 +++++++++++---
 3 files changed, 44 insertions(+), 4 deletions(-)
 create mode 100644 filter_plugins/znc.py

diff --git a/filter_plugins/znc.py b/filter_plugins/znc.py
new file mode 100644
index 0000000..243cdd5
--- /dev/null
+++ b/filter_plugins/znc.py
@@ -0,0 +1,32 @@
+# Copyright (c) 2018 Aaron LI <aly@aaronly.me>
+# MIT License
+
+"""
+Custom Ansible template filters for "znc" role.
+"""
+
+import os
+import base64
+import hashlib
+
+
+def znc_makepass(p, method="sha256", saltlen=20):
+    """
+    Generate the salted hashed password for ZNC configuration.
+
+    Implement the "znc --makepass" command.
+
+    ZNC password format: <method>#<hash>#<salt>
+    """
+    salt = os.urandom(saltlen)
+    salt = base64.b64encode(salt)[:saltlen]
+    s = p + salt
+    h = getattr(hashlib, method)(s)
+    return "%s#%s#%s" % (method, h.hexdigest(), salt)
+
+
+class FilterModule(object):
+    def filters(self):
+        return {
+            "znc_makepass": znc_makepass,
+        }
diff --git a/group_vars/all/vars.yml b/group_vars/all/vars.yml
index 05c3c3c..6998c98 100644
--- a/group_vars/all/vars.yml
+++ b/group_vars/all/vars.yml
@@ -118,7 +118,7 @@ vpn:
 znc:
   data_dir: /home/znc
   # Admin & client user, as well as IRC nickname
-  username: "{{ vault_znc_username }}"
+  username: aly
   realname: "{{ vault_znc_realname }}"
   password: "{{ vault_znc_password }}"
   port: 6697  # SSL/TLS
diff --git a/roles/znc/templates/znc.conf.j2 b/roles/znc/templates/znc.conf.j2
index 71f3495..a45aa89 100644
--- a/roles/znc/templates/znc.conf.j2
+++ b/roles/znc/templates/znc.conf.j2
@@ -34,8 +34,16 @@ SSLCertFile = {{ znc.data_dir }}/znc.allinone.pem
 <Listener {{ listener }}>
     AllowIRC = true
     AllowWeb = false
-    IPv4 = {% if listener == "ipv4" %}true{% else %}false{% endif %}
-    IPv6 = {% if listener == "ipv6" %}true{% else %}false{% endif %}
+    IPv4 = {% if listener == "ipv4" -%}
+        true
+    {% else -%}
+        false
+    {% endif -%}
+    IPv6 = {% if listener == "ipv6" -%}
+        true
+    {% else -%}
+        false
+    {% endif -%}
     Port = {{ znc.port }}
     SSL = true
 </Listener>
@@ -43,7 +51,7 @@ SSLCertFile = {{ znc.data_dir }}/znc.allinone.pem
 
 <User {{ znc.username }}>
     Admin = true
-    Pass = {{ znc.password }}
+    Pass = {{ znc.password | znc_makepass }}
     Nick = {{ znc.username }}
     AltNick = {{ znc.username }}_
     Ident = {{ znc.username }}
-- 
cgit v1.2.2