From 097cb80499bbed7148fa3b77a555a43d915d39c5 Mon Sep 17 00:00:00 2001 From: Aaron LI Date: Fri, 16 Mar 2018 22:56:56 +0800 Subject: znc: simply and improve listeners templating --- roles/znc/templates/znc.conf.j2 | 23 +++++++++-------------- 1 file changed, 9 insertions(+), 14 deletions(-) (limited to 'roles/znc') diff --git a/roles/znc/templates/znc.conf.j2 b/roles/znc/templates/znc.conf.j2 index c1e97d4..71f3495 100644 --- a/roles/znc/templates/znc.conf.j2 +++ b/roles/znc/templates/znc.conf.j2 @@ -15,7 +15,7 @@ Version = 1.6.5 HideVersion = true MaxBufferSize = {{ znc.buffer_size }} -SSLProtocols = -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2 +SSLProtocols = +TLSv1.2 -TLSv1.1 -TLSv1 -SSLv3 -SSLv2 // SSL: https://wiki.znc.in/Signed_SSL_certificate // Everything in a single file, in the order from the most *private* to @@ -23,28 +23,23 @@ SSLProtocols = -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2 // i.e., cat ssl.key ssl.cert dhparam.pem > znc.allinone.pem SSLCertFile = {{ znc.data_dir }}/znc.allinone.pem +// NOTE: SSLKeyFile & SSLDHParamFile requires version >=1.7 //SSLCertFile = {{ znc.data_dir }}/znc.ssl.crt -// version >=1.7 //SSLKeyFile = {{ znc.data_dir }}/znc.ssl.key //SSLDHParamFile = /usr/local/etc/ssl/dhparam4096.pem - +// NOTE: DragonFly BSD doesn't allow using "IPV6_V6ONLY=0" to bind on +// both IPv4 & IPv6, therefore bind them separately. +{% for listener in ["ipv4", "ipv6"] %} + AllowIRC = true AllowWeb = false - IPv4 = true - // NOTE: DFly doesn't allow IPV6_V6ONLY=0 to bind IPv4+IPv6 - IPv6 = false - Port = {{ znc.port }} - SSL = true - - - AllowIRC = true - AllowWeb = false - IPv4 = false - IPv6 = true + IPv4 = {% if listener == "ipv4" %}true{% else %}false{% endif %} + IPv6 = {% if listener == "ipv6" %}true{% else %}false{% endif %} Port = {{ znc.port }} SSL = true +{% endfor %} Admin = true -- cgit v1.2.2