s3lph/ansible-collection-irc
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Configure InspIRCd

Browse source
This commit is contained in:
s3lph 2020-12-15 21:04:22 +01:00
parent c390da921f
commit 3398b5524c
4 changed files with 271 additions and 6 deletions
roles/inspircd
defaults
main.yml
tasks
config.ymlinstall.yml
templates/etc/inspircd
inspircd.conf.2

94
roles/inspircd/defaults/main.yml Normal file
View file

@ -0,0 +1,94 @@
---
inspircd_modules:
- argon2
- bcrypt
- botmode
- cap
- connflood
- ircv3
- ircv3_batch
- ircv3_capnotify
- ircv3_ctctags
- ircv3_labeledresponse
- ircv3_msgid
- ircv3_servertime
# - ircv3_sts
- messageflood
- password_hash
- pbkdf2
- sha356
- sasl
- showfile
- sslmodes
- sslrehashsignal
- ssl_gnutls
- spanningtree
- userip
- watch
inspircd_server_hostname: "{{ inventory_hostname }}"
inspircd_server_description: "{{ inventory_hostname }}"
inspircd_server_id: null
inspircd_server_network: "{{ inventory_hostname }}"
inspircd_admin_name: null
inspircd_admin_nick: admin
inspircd_admin_email: noreply@example.com
inspircd_gnutls_profiles: {}
inspircd_bind:
- address: "::1"
port: 6667
inspircd_autoconnect: []
inspircd_links: []
inspircd_oper_classes:
Shutdown:
commands: [DIE, RESTART, REHASH, LOADMODULE, UNLOADMODULE, RELOADMODULE, GLOADMODULE, GUNLOADMODULE, GRELOADMODULE]
privs: [users/auspex, channels/auspex, servers/auspex, users/mass-message]
usermodes: "*"
chanmodes: "*"
snomasks: "*"
SACommands:
commands: [SAJOIN, SAPART, SANICK, SAQUIT, SATOPIC, SAKICK, SAMODE, OJOIN]
ServerLink:
commands: [CONNECT, SQUIT, RCONNECT, RSQUIT, MKPASSWD, ALLTIME, SWHOIS, LOCKSERV, UNLOCKSER]
privs: [servers/auspex]
usermodes: "*"
chanmodes: "*"
snomasks: "Cc"
BanControl:
commands: [KILL, GLINE, KLINE, ZLINE, QLINE, ELINE, TLINE, RLINE, CHECK, NICKLOCK, NICKUNLOCK, SHUN, CLONES, CBAN]
usermodes: "*"
chanmodes: "*"
snomasks: "Xx"
OperChat:
commands: [WALLOPS, GLOBOPS]
privs: [users/mass-message]
usermodes: "*"
chanmodes: "*"
snomasks: "Gg"
HostCloak:
commands: [SETHOST SETIDENT SETIDLE CHGNAME CHGHOST CHGIDENT]
privs: [users/auspex]
usermodes: "*"
chanmodes: "*"
inspircd_oper_types:
NetAdmin:
classes:
- SACommands
- OperChat
- BanControl
- HostCloak
- Shutdown
- ServerLink
modes: "+s +cCqQ"
inspircd_opers: {}
inspircd_additional_config: ""

19
roles/inspircd/tasks/config.yml
View file

@ -1 +1,20 @@
---
- name: generate /etc/inspircd/spanningtree.pw
set_fact:
inspircd_link_sendpass: "{{ lookup('password', '/etc/inspircd/spanningtree.pw') }}"
- name: render /etc/inspircd/inspircd.conf
template:
src: etc/inspircd/inspircd.conf.2
dest: /etc/inspircd/inspircd.conf
owner: root
group: root
mode: 0644
notify: reload inspircd
- name: start and enable inspircd
service:
name: inspircd
state: started
enabled: yes

6
roles/inspircd/tasks/install.yml
View file

@ -11,9 +11,3 @@
- name: install inspircd
package:
name: inspircd
- name: start and enable inspircd
service:
name: inspircd
state: started
enabled: yes

158
roles/inspircd/templates/etc/inspircd/inspircd.conf.2 Normal file
View file

@ -0,0 +1,158 @@
{{ ansible_managed | comment }}
<config format="xml">
#
# MODULES
#
{% for module in inspircd_modules %}
<module name="{{ module }}">
{% endfor %}
{% for module in inspircd_modules_additional %}
<module name="{{ module }}">
{% endfor %}
#
# SERVER METADATA
#
<server
name="{{ inspircd_server_hostname }}"
{% if inspircd_server_id != null %}
id="{{ inspircd_server_id }}"
{% endif %}
description="{{ inspircd_server_description }}"
network="{{ inspircd_server_network }}">
<admin
{% if inspircd_admin_name != null %}
name="{{ inspircd_admin_name }}"
{% endif %}
nick="{{ inspircd_admin_nick }}"
email="{{ inspircd_admin_email }}">
{% if 'ssl_gnutls' in inspircd_modules + inspircd_modules_additional %}
#
# TLS CONFIG
#
{% for name, profile in inspircd_gnutls_profiles.items() %}
<sslprofile
name="{{ name }}"
provider="gnutls"
{% if 'cafile' in profile %}cafile="{{ profile.cafile }}"{% endif %}
{% if 'certfile' in profile %}certfile="{{ profile.certfile }}"{% endif %}
{% if 'crlfile' in profile %}crlfile="{{ profile.crlfile }}"{% endif %}
{% if 'dhfile' in profile %}dhfile="{{ profile.dhfile }}"{% endif %}
{% if 'hash' in profile %}hash="{{ profile.hash }}"{% endif %}
{% if 'cafile' in profile %}cafile="{{ profile.cafile }}"{% endif %}
{% if 'keyfile' in profile %}keyfile="{{ profile.keyfile }}"{% endif %}
{% if 'mindhbits' in profile %}mindhbits="{{ profile.mindhbits }}"{% endif %}
{% if 'outrecsize' in profile %}outrecsize="{{ profile.outrecsize }}"{% endif %}
{% if 'priority' in profile %}priority="{{ profile.priority }}"{% endif %}
{% if 'requestclientcert' in profile %}requestclientcert="{{ profile.requestclientcert | ternary('yes', 'no') }}"{% endif %}
{% if 'strictpriority' in profile %}strictpriority="{{ profile.strictpriority | ternary('yes', 'no') }}"{% endif %}>
{% endfor %}
{% endif %}{# ssl_gnutls in modules #}
#
# SERVER ENDPOINTS
#
{% for bind in inspircd_bind %}
<bind
{% if 'address' in bind %}address="{{ bind.address }}"{% endif %}
{% if 'port' in bind %}port="{{ bind.port }}"{% endif %}
{% if 'defer' in bind %}defer="{{ bind.defer }}"{% endif %}
{% if 'free' in bind %}free="{{ bind.free | ternary('yes', 'no') }}"{% endif %}
{% if 'path' in bind %}path="{{ path.cafile }}"{% endif %}
{% if 'permissions' in bind %}permissions="{{ bind.permissions }}"{% endif %}
{% if 'replace' in bind %}replace="{{ bind.replace | ternary('yes', 'no') }}"{% endif %}
{% if 'type' in bind %}type="{{ bind.type }}"{% endif %}
{% if 'ssl' in bind %}ssl="{{ bind.ssl }}"{% endif %}>
{% endfor %}
{% if 'spanningtree' in inspircd_modules + inspircd_modules_additional %}
#
# IRC NETWORK
#
{% for ac in inspircd_autoconnect %}
<autoconnect
{% if 'period' in ac %}period="{{ ac.period }}"{% endif %}
server="{{ ac.servers | join('') }}">
{% endfor %}
{% for name, link in inspircd_links.items() %}
<link
name="{{ name }}"
ipaddr="{{ link.ipaddr }}"
allowmask="{{ link.allowcidr | join(' ') }}"
sendpass="{{ inspircd_link_sendpass }}"
{% if link.recvpass is defined %}
recvpass="{{ link.recvpass }}"
{% else %}
recvpass="{{ hostvars[link.ansible_inventory_name|default(name)].inspircd_link_sendpass }}"
{% endif %}
{% if 'bind' in link %}bind="{{ link.bind }}"{% endif %}
{% if 'fingerprint' in link %}fingerprint="{{ link.fingerprint }}"{% endif %}
{% if 'hidden' in link %}hidden="{{ link.hidden | ternary('yes', 'no') }}"{% endif %}
{% if 'port' in link %}port="{{ link.port }}"{% endif %}
{% if 'ssl' in link %}ssl="{{ link.ssl }}"{% endif %}
{% if 'statshidden' in link %}statshidden="{{ link.statshidden | ternary('yes', 'no') }}"{% endif %}
{% if 'timeout' in link %}timeout="{{ link.timeout }}"{% endif %}>
{% endfor %}
{% for uline in inspircd_ulines %}
<uline
server="{{ uline.server }}"
{% if 'silent' in uline %}silent="{{ uline.silent | ternary('yes', 'no') }}"{% endif %}>
{% endfor %}
{% endif %}
#
# OPERS
#
{% for name, cls in inspircd_oper_classes.items() %}
<class
name="{{ name }}"
{% if 'commands' in cls %}commands="{{ cls.commands | join(' ') }}"{% endif %}
{% if 'privs' in cls %}privs="{{ cls.privs | join(' ') }}"{% endif %}
{% if 'chanmodes' in cls %}chanmodes="{{ cls.chanmodes }}"{% endif %}
{% if 'usermodes' in cls %}usermodes="{{ cls.usermodes }}"{% endif %}
{% if 'snomasks' in cls %}snomasks="{{ cls.snomasks }}"{% endif %}>
{% endfor %}
{% for name, type in inspircd_oper_types.items() %}
<type
name="{{ name }}"
{% if 'class' in type %}class="{{ cls.class }}"{% endif %}
{% if 'classes' in type %}classes="{{ type.classes | join(' ') }}"{% endif %}
{% if 'vhost' in type %}vhost="{{ type.vhost }}"{% endif %}
{% endfor %}
{% for name, oper in inspircd_opers.items() %}
<oper
name="{{ name }}"
host="{{ oper.host }}"
password="{{ oper.password }}"
type="{{ oper.type }}"
{% if 'class' in oper %}class="{{ oper.class }}"{% endif %}
{% if 'hash' in oper %}hash="{{ hash.class }}"{% endif %}
{% if 'vhost' in oper %}vhost="{{ vhost.class }}"{% endif %}>
{% endfor %}
#
# ADDITIONAL CONFIG
#
{{ inspircd_additional_config }}