From de6c949a2956deed27b9c053bfcaac1a47ed43a6 Mon Sep 17 00:00:00 2001 From: Aaron LI Date: Wed, 14 Mar 2018 17:18:01 +0800 Subject: Add znc role: IRC bouncer --- roles/znc/handlers/main.yml | 3 ++ roles/znc/tasks/main.yml | 29 +++++++++++ roles/znc/templates/acme/znc.j2 | 28 +++++++++++ roles/znc/templates/znc.conf.j2 | 107 ++++++++++++++++++++++++++++++++++++++++ 4 files changed, 167 insertions(+) create mode 100644 roles/znc/handlers/main.yml create mode 100644 roles/znc/tasks/main.yml create mode 100644 roles/znc/templates/acme/znc.j2 create mode 100644 roles/znc/templates/znc.conf.j2 (limited to 'roles/znc') diff --git a/roles/znc/handlers/main.yml b/roles/znc/handlers/main.yml new file mode 100644 index 0000000..00090bb --- /dev/null +++ b/roles/znc/handlers/main.yml @@ -0,0 +1,3 @@ +--- +- name: reload-znc + command: rcreload znc diff --git a/roles/znc/tasks/main.yml b/roles/znc/tasks/main.yml new file mode 100644 index 0000000..e64949f --- /dev/null +++ b/roles/znc/tasks/main.yml @@ -0,0 +1,29 @@ +--- +- name: znc - install package + pkgng: + name: znc + state: present + +- name: znc - create config directory + file: + path: /usr/local/etc/znc/configs + state: directory + +- name: znc - generate config file + template: + src: znc.conf.j2 + dest: /usr/local/etc/znc/configs/znc.conf + owner: znc + group: znc + mode: 0600 + backup: yes + notify: reload-znc + +- name: znc - enable and start service + command: rcenable znc + +- name: acme - generate deployment script + template: + src: acme/znc.j2 + dest: /usr/local/etc/acme/deploy.d/znc + tags: acme diff --git a/roles/znc/templates/acme/znc.j2 b/roles/znc/templates/acme/znc.j2 new file mode 100644 index 0000000..de849b7 --- /dev/null +++ b/roles/znc/templates/acme/znc.j2 @@ -0,0 +1,28 @@ +#!/bin/sh +# +# ACME deployment script +# + +# NOTE: +# ZNC supports SSLKeyFile and SSLDHParamFile since v1.7 +# +#cp -v /usr/local/etc/ssl/acme/private/{{ network.domain }}.pem \ +# /usr/local/etc/znc/znc.ssl.key +#cp -v /usr/local/etc/ssl/acme/{{ network.domain }}/fullchain.pem \ +# /usr/local/etc/znc/znc.ssl.crt +#chown znc:znc /usr/local/etc/znc/znc.ssl.key /usr/local/etc/znc/znc.ssl.crt +#chmod 0400 /usr/local/etc/znc/znc.ssl.key /usr/local/etc/znc/znc.ssl.crt + +# SSL: https://wiki.znc.in/Signed_SSL_certificate +# Everything in a single file, in the order from the most *private* to +# the most *public* entries, except for the root certificate. +# i.e., cat ssl.key ssl.cert dhparam.pem > znc.allinone.pem +# +cat /usr/local/etc/ssl/acme/private/{{ network.domain }}.pem \ + /usr/local/etc/ssl/acme/{{ network.domain }}/fullchain.pem \ + /usr/local/etc/ssl/dhparam4096.pem \ + > /usr/local/etc/znc/znc.allinone.pem +chown znc:znc /usr/local/etc/znc/znc.allinone.pem +chmod 0400 /usr/local/etc/znc/znc.allinone.pem + +reload znc diff --git a/roles/znc/templates/znc.conf.j2 b/roles/znc/templates/znc.conf.j2 new file mode 100644 index 0000000..affef0d --- /dev/null +++ b/roles/znc/templates/znc.conf.j2 @@ -0,0 +1,107 @@ +// +// WARNING +// +// Do NOT edit this file while ZNC is running! +// Use webadmin or *controlpanel instead. +// +// Altering this file by hand will forfeit all support. +// +// But if you feel risky, you might want to read help on: +// /znc saveconfig +// /znc rehash. +// Also check http://en.znc.in/wiki/Configuration +// + +{% set data_dir = "/usr/local/etc/znc" %} + +Version = 1.6.5 +AnonIPLimit = 10 +ConnectDelay = 5 +ProtectWebSessions = true +ServerThrottle = 30 +HideVersion = true +MaxBufferSize = {{ znc.buffer_size }} +SSLProtocols = -SSLv2 -SSLv3 -TLSv1 +TLSv1.1 +TLSv1.2 + +// SSL: https://wiki.znc.in/Signed_SSL_certificate +// Everything in a single file, in the order from the most *private* to +// the most *public* entries, except for the root certificate. +// i.e., cat ssl.key ssl.cert dhparam.pem > znc.allinone.pem +SSLCertFile = {{ data_dir }}/znc.allinone.pem + +//SSLCertFile = {{ data_dir }}/znc.ssl.crt +// version >=1.7 +//SSLKeyFile = {{ data_dir }}/znc.ssl.key +//SSLDHParamFile = /usr/local/etc/ssl/dhparam4096.pem + + + AllowIRC = true + AllowWeb = false + IPv4 = true + // NOTE: ZNC uses IPV6_V6ONLY to bind on IPv4+IPv6, however, it is + // NOT supported on DragonFly BSD. + IPv6 = false + Port = {{ znc.port }} + SSL = true + + + + Admin = true + Pass = {{ znc.password }} + Nick = {{ znc.username }} + AltNick = {{ znc.username }}_ + Ident = {{ znc.username }} + RealName = {{ znc.realname }} + + Buffer = {{ znc.buffer_size }} + AutoClearChanBuffer = {{ znc.auto_clear_chan_buffer }} + AppendTimestamp = false + PrependTimestamp = true + + StatusPrefix = * + ChanModes = +stn + DenyLoadMod = false + DenySetBindHost = false + + // Save channels to config when user joins and parts + LoadModule = chansaver + // Log chat activity to file + LoadModule = log + // Allow to add/remove/edit users/settings on the fly via IRC msgs + LoadModule = controlpanel + + JoinTries = 10 + MaxJoins = 3 + MaxNetworks = 5 + MultiClients = true + QuitMsg = {{ znc.quit_msg }} + +{% for net in znc.networks %} + + // Automatically connects to the network + IRCConnectEnabled = true + + // Automatically set you away on IRC when disconnected + LoadModule = simple_away + // Routes back answers to the right client when connected with + // multiple clients + LoadModule = route_replies + // Try to get and keep the primary nick if it is taken + LoadModule = keepnick + // Auth with NickServ + LoadModule = nickserv + + Server = {{ net.server }} {% if net.ssl|default(false) %}+{% endif%}{{ net.port }} {{ net.password|default("") }} + {% if net.fingerprint is defined -%} + TrustedServerFingerprint = {{ net.fingerprint }} + {% endif %} + + {% for ch in net.channels -%} + + + {% endfor %} + + + +{% endfor %} + -- cgit v1.2.2