aboutsummaryrefslogtreecommitdiffstats
path: root/roles
diff options
context:
space:
mode:
authorbnewbold <bnewbold@robocracy.org>2016-07-22 18:38:16 -0700
committerbnewbold <bnewbold@robocracy.org>2016-07-22 18:38:16 -0700
commitd1a62b36a6d8b350e3088ec59de088669b271994 (patch)
treee30499fcf3b69cfa11b6a2492e0b520ee5f2cfd5 /roles
parent90b6400c511ad214c58abb3127a2e96ae6c1ae24 (diff)
downloadinfra-d1a62b36a6d8b350e3088ec59de088669b271994.tar.gz
infra-d1a62b36a6d8b350e3088ec59de088669b271994.zip
add znc setup from sovereign (verbatim)
Diffstat (limited to 'roles')
-rw-r--r--roles/znc/defaults/main.yml1
-rw-r--r--roles/znc/files/etc_systemd_system_znc.service11
-rw-r--r--roles/znc/handlers/main.yml2
-rw-r--r--roles/znc/tasks/main.yml1
-rw-r--r--roles/znc/tasks/znc.yml65
-rw-r--r--roles/znc/templates/etc_letsencrypt_postrenew_znc.sh.j27
-rw-r--r--roles/znc/templates/usr_lib_znc_configs_znc.conf.j284
7 files changed, 171 insertions, 0 deletions
diff --git a/roles/znc/defaults/main.yml b/roles/znc/defaults/main.yml
new file mode 100644
index 0000000..41370ff
--- /dev/null
+++ b/roles/znc/defaults/main.yml
@@ -0,0 +1 @@
+irc_timezone: "{{ common_timezone|default('Etc/UTC') }}"
diff --git a/roles/znc/files/etc_systemd_system_znc.service b/roles/znc/files/etc_systemd_system_znc.service
new file mode 100644
index 0000000..866607b
--- /dev/null
+++ b/roles/znc/files/etc_systemd_system_znc.service
@@ -0,0 +1,11 @@
+[Unit]
+Description=ZNC, an IRC bouncer
+After=network.target
+
+[Service]
+ExecStart=/usr/bin/znc --datadir=/usr/lib/znc
+PIDFile=/var/run/znc/znc.pid
+User=znc
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/znc/handlers/main.yml b/roles/znc/handlers/main.yml
new file mode 100644
index 0000000..d39db67
--- /dev/null
+++ b/roles/znc/handlers/main.yml
@@ -0,0 +1,2 @@
+- name: restart znc
+ service: name=znc state=restarted \ No newline at end of file
diff --git a/roles/znc/tasks/main.yml b/roles/znc/tasks/main.yml
new file mode 100644
index 0000000..4b2f51d
--- /dev/null
+++ b/roles/znc/tasks/main.yml
@@ -0,0 +1 @@
+- include: znc.yml tags=znc \ No newline at end of file
diff --git a/roles/znc/tasks/znc.yml b/roles/znc/tasks/znc.yml
new file mode 100644
index 0000000..e5f7ab5
--- /dev/null
+++ b/roles/znc/tasks/znc.yml
@@ -0,0 +1,65 @@
+# more or less as per http://wiki.znc.in/Running_ZNC_as_a_system_daemon
+
+- name: Install znc
+ apt: pkg={{ item }} state=installed
+ with_items:
+ - znc
+
+- name: Create znc group
+ group: name=znc state=present
+
+- name: Create znc user
+ user: name=znc state=present home=/usr/lib/znc system=yes group=znc shell=/usr/sbin/nologin
+
+- name: Ensure pid directory exists
+ file: state=directory path=/var/run/znc group=znc owner=znc
+
+- name: Ensure configuration folders exist
+ file: state=directory path=/usr/lib/znc/{{ item }} group=znc owner=znc
+ with_items:
+ - moddata
+ - modules
+ - users
+
+- name: Copy znc service file into place
+ copy: src=etc_systemd_system_znc.service dest=/etc/systemd/system/znc.service mode=0644
+
+- name: Create a combined version of the SSL private key and full certificate chain
+ shell: cat /etc/letsencrypt/live/{{ domain }}/privkey.pem
+ /etc/letsencrypt/live/{{ domain }}/fullchain.pem >
+ /usr/lib/znc/znc.pem
+ creates=/usr/lib/znc/znc.pem
+ notify: restart znc
+
+- name: Update post-certificate-renewal task
+ template:
+ src: etc_letsencrypt_postrenew_znc.sh.j2
+ dest: /etc/letsencrypt/postrenew/znc.sh
+ owner: root
+ group: root
+ mode: 0755
+
+- name: Ensure znc user and group can read cert
+ file: path=/usr/lib/znc/znc.pem group=znc owner=znc mode=0640
+ notify: restart znc
+
+- name: Check for existing config file
+ command: cat /usr/lib/znc/configs/znc.conf
+ register: znc_config
+ ignore_errors: True
+ changed_when: False # never report as "changed"
+
+- name: Create znc config directory
+ file: state=directory path=/usr/lib/znc/configs group=znc owner=znc
+
+- name: Copy znc configuration file into place
+ template: src=usr_lib_znc_configs_znc.conf.j2 dest=/usr/lib/znc/configs/znc.conf owner=znc group=znc
+ when: znc_config.rc != 0
+ notify: restart znc
+
+- name: Set firewall rule for znc
+ ufw: rule=allow port=6697 proto=tcp
+ tags: ufw
+
+- name: Ensure znc is a system service
+ service: name=znc state=restarted enabled=true
diff --git a/roles/znc/templates/etc_letsencrypt_postrenew_znc.sh.j2 b/roles/znc/templates/etc_letsencrypt_postrenew_znc.sh.j2
new file mode 100644
index 0000000..bcdfae1
--- /dev/null
+++ b/roles/znc/templates/etc_letsencrypt_postrenew_znc.sh.j2
@@ -0,0 +1,7 @@
+#!/bin/bash
+# Executed by /etc/cron.daily/letsencrypt-renew
+
+cat /etc/letsencrypt/live/{{ domain }}/{privkey,fullchain}.pem > /usr/lib/znc/znc.pem
+chown znc.znc /usr/lib/znc/znc.pem
+chmod 640 /usr/lib/znc/znc.pem
+service znc restart
diff --git a/roles/znc/templates/usr_lib_znc_configs_znc.conf.j2 b/roles/znc/templates/usr_lib_znc_configs_znc.conf.j2
new file mode 100644
index 0000000..1ff626b
--- /dev/null
+++ b/roles/znc/templates/usr_lib_znc_configs_znc.conf.j2
@@ -0,0 +1,84 @@
+// WARNING
+//
+// Do NOT edit this file while ZNC is running!
+// Use webadmin or *controlpanel instead.
+//
+// Buf if you feel risky, you might want to read help on /znc saveconfig and /znc rehash.
+// Also check http://en.znc.in/wiki/Configuration
+
+AnonIPLimit = 10
+ConnectDelay = 5
+LoadModule = webadmin
+LoadModule = fail2ban
+LoadModule = lastseen
+LoadModule = partyline
+MaxBufferSize = 500
+Motd = Connected to ZNC
+PidFile = /var/run/znc/znc.pid
+ProtectWebSessions = true
+SSLCertFile = /usr/lib/znc/znc.pem
+ServerThrottle = 30
+Skin = _default_
+StatusPrefix = *
+Version = 1.0
+
+<Listener listener0>
+ AllowIRC = true
+ AllowWeb = false
+ IPv4 = true
+ IPv6 = true
+ Port = 6697
+ SSL = true
+</Listener>
+
+<Listener listener1>
+ AllowIRC = false
+ AllowWeb = true
+ IPv4 = true
+ IPv6 = true
+ Port = 6643
+ SSL = false
+</Listener>
+
+<User {{ irc_nick }}>
+ Admin = true
+ Allow = *
+ AltNick = {{ irc_nick }}_
+ AppendTimestamp = false
+ AutoClearChanBuffer = true
+ Buffer = 5000
+ ChanModes = +stn
+ DenyLoadMod = false
+ DenySetBindHost = false
+ Ident = {{ irc_ident }}
+ JoinTries = 10
+ LoadModule = controlpanel
+ LoadModule = perform
+ LoadModule = block_motd
+ LoadModule = clientnotify
+ MaxNetworks = 1
+ MultiClients = true
+ Nick = {{ irc_nick }}
+ PrependTimestamp = true
+ QuitMsg = {{ irc_quitmsg }}
+ RealName = {{ irc_realname }}
+ TimestampFormat = [%H:%M:%S]
+ Timezone = {{ irc_timezone }}
+
+ <Pass password>
+ Method = sha256
+ Hash = {{ irc_password_hash }}
+ Salt = {{ irc_password_salt }}
+ </Pass>
+
+ <Network freenode>
+ BindHost = 0.0.0.0
+ FloodBurst = 4
+ FloodRate = 1.00
+ IRCConnectEnabled = true
+ LoadModule = kickrejoin
+ LoadModule = nickserv
+ LoadModule = savebuff
+ Server = chat.freenode.net +6697
+ </Network>
+</User>