diff --git a/.ansible-lint b/.ansible-lint new file mode 100644 index 0000000..098eff3 --- /dev/null +++ b/.ansible-lint @@ -0,0 +1,6 @@ +--- + +skip_list: + - galaxy[no-changelog] + - galaxy[version-incorrect] + - var-naming[no-role-prefix] diff --git a/.forgejo/workflows/ansible-galaxy.yml b/.forgejo/workflows/ansible-galaxy.yml new file mode 100644 index 0000000..05278c0 --- /dev/null +++ b/.forgejo/workflows/ansible-galaxy.yml @@ -0,0 +1,29 @@ +--- + +name: Ansible Galaxy + +on: # noqa yaml[truthy] + push: + tags: + - 'v*' + +jobs: + deploy: + runs-on: docker + steps: + + - uses: actions/checkout@v4 + + - name: Set version in galaxy.yml + run: | + VERSION=${GITHUB_REF#refs/tags/v} + sed -re "s/^version:.*$/version: ${VERSION}/" -i galaxy.yml + + - name: Upload collection to Ansible Galaxy + env: + GALAXY_API_KEY: ${{ secrets.GALAXY_API_KEY }} + run: | + apt update; apt install --yes python3-pip + pip3 install --break-system-packages ansible + ansible-galaxy collection build + ansible-galaxy collection publish --api-key=${GALAXY_API_KEY} s3lph-irc*tar.gz diff --git a/.forgejo/workflows/ansible-lint.yml b/.forgejo/workflows/ansible-lint.yml new file mode 100644 index 0000000..b42b17b --- /dev/null +++ b/.forgejo/workflows/ansible-lint.yml @@ -0,0 +1,17 @@ +--- + +name: Ansible Lint +on: [push, pull_request] # noqa yaml[truthy] + +jobs: + build: + runs-on: docker + + steps: + + - uses: actions/checkout@v4 + + - run: | + apt update; apt install --yes python3-pip + pip3 install --break-system-packages ansible-lint + ansible-lint diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..424bd26 --- /dev/null +++ b/.gitignore @@ -0,0 +1 @@ +.ansible/ diff --git a/galaxy.yml b/galaxy.yml index 187b719..1102bf3 100644 --- a/galaxy.yml +++ b/galaxy.yml @@ -8,7 +8,7 @@ namespace: s3lph name: irc # The version of the collection. Must be compatible with semantic versioning -version: 0.1.0 +version: 0.2.0 # The path to the Markdown (.md) readme file. This path is relative to the root of the collection readme: README.md @@ -16,7 +16,7 @@ readme: README.md # A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url) # @nicks:irc/im.site#channel' authors: -- s3lph <account-gitlab-ideynizv@kernelpanic.lol> + - s3lph <s3lph@kabelsalat.ch> ### OPTIONAL but strongly recommended @@ -26,16 +26,18 @@ description: InspIRCd server setup # Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only # accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file' license: -- MIT + - MIT # The path to the license file for the collection. This path is relative to the root of the collection. This key is # mutually exclusive with 'license' -#license_file: '' +# license_file: '' # A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character # requirements as 'namespace' and 'name' tags: + - application - inspircd + - anope - irc - ircd @@ -46,20 +48,19 @@ tags: dependencies: {} # The URL of the originating SCM repository -repository: https://gitlab.com/s3lph/ansible-collection-irc +repository: https://git.kabelsalat.ch/s3lph/ansible-collection-irc # The URL to any online docs -documentation: https://gitlab.com/s3lph/ansible-collection-irc +documentation: https://git.kabelsalat.ch/s3lph/ansible-collection-irc # The URL to the homepage of the collection/project -homepage: https://gitlab.com/s3lph/ansible-collection-irc +homepage: https://git.kabelsalat.ch/s3lph/ansible-collection-irc # The URL to the collection issue tracker -issues: https://gitlab.com/s3lph/ansible-collection-irc/-/issues +issues: https://git.kabelsalat.ch/s3lph/ansible-collection-irc/issues # A list of file glob-like patterns used to filter any files or directories that should not be included in the build # artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This # uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry', # and '.git' are always filtered build_ignore: [] - diff --git a/meta/runtime.yml b/meta/runtime.yml new file mode 100644 index 0000000..f3589f4 --- /dev/null +++ b/meta/runtime.yml @@ -0,0 +1,52 @@ +--- +# Collections must specify a minimum required ansible version to upload +# to galaxy +requires_ansible: '>=2.15.0' + +# Content that Ansible needs to load from another location or that has +# been deprecated/removed +# plugin_routing: +# action: +# redirected_plugin_name: +# redirect: ns.col.new_location +# deprecated_plugin_name: +# deprecation: +# removal_version: "4.0.0" +# warning_text: | +# See the porting guide on how to update your playbook to +# use ns.col.another_plugin instead. +# removed_plugin_name: +# tombstone: +# removal_version: "2.0.0" +# warning_text: | +# See the porting guide on how to update your playbook to +# use ns.col.another_plugin instead. +# become: +# cache: +# callback: +# cliconf: +# connection: +# doc_fragments: +# filter: +# httpapi: +# inventory: +# lookup: +# module_utils: +# modules: +# netconf: +# shell: +# strategy: +# terminal: +# test: +# vars: + +# Python import statements that Ansible needs to load from another location +# import_redirection: +# ansible_collections.ns.col.plugins.module_utils.old_location: +# redirect: ansible_collections.ns.col.plugins.module_utils.new_location + +# Groups of actions/modules that take a common set of options +# action_groups: +# group_name: +# - module1 +# - module2 diff --git a/roles/anope/README.md b/roles/anope/README.md new file mode 100644 index 0000000..231a6c6 --- /dev/null +++ b/roles/anope/README.md @@ -0,0 +1,5 @@ +# Role s3lph.irc.anope + +Documentation in `meta/argument_specs.yml`. + +A usage example can be found in the `docs` folder of the collection. diff --git a/roles/anope/defaults/main/anope.yml b/roles/anope/defaults/main/anope.yml index 1a48977..2b1b32d 100644 --- a/roles/anope/defaults/main/anope.yml +++ b/roles/anope/defaults/main/anope.yml @@ -48,8 +48,8 @@ anope_options_readtimeout: 5s anope_options_warningtimeout: 4h anope_options_timeoutcheck: 3s anope_options_retrywait: 60s -anope_options_hideprivilegedcommands: yes -anope_options_hideregisteredcommands: yes +anope_options_hideprivilegedcommands: true +anope_options_hideregisteredcommands: true anope_options_languages: - ca_ES.UTF-8 - de_DE.UTF-8 @@ -95,8 +95,8 @@ anope_log: - mode other: - "*" - rawio: no - debug: no + rawio: false + debug: false - targets: - globops admin: @@ -123,7 +123,7 @@ anope_log: - "expire/*" - "bados" - "akill/*" - + anope_opertypes: NetAdmin: commands: ["*"] @@ -133,8 +133,8 @@ anope_opers: {} anope_database_flatfile_filename: anope.db anope_database_flatfile_keepbackups: 3 -anope_database_flatfile_nobackupok: no -anope_database_flatfile_fork: no +anope_database_flatfile_nobackupok: false +anope_database_flatfile_fork: false anope_password_hash: bcrypt diff --git a/roles/anope/defaults/main/chanserv.yml b/roles/anope/defaults/main/chanserv.yml index 85db416..0324688 100644 --- a/roles/anope/defaults/main/chanserv.yml +++ b/roles/anope/defaults/main/chanserv.yml @@ -16,8 +16,8 @@ anope_chanserv_module_maxregistered: 20 anope_chanserv_module_expire: 14d anope_chanserv_module_accessmax: 1024 anope_chanserv_module_inhabit: 15s -anope_chanserv_module_reasonmax: 200 +anope_chanserv_module_reasonmax: 200 anope_chanserv_module_signkickformat: "%m (%n)" -anope_chanserv_module_disallow_hostmask_access: no -anope_chanserv_module_disallow_channel_access: no -anope_chanserv_module_always_lower_ts: no +anope_chanserv_module_disallow_hostmask_access: false +anope_chanserv_module_disallow_channel_access: false +anope_chanserv_module_always_lower_ts: false diff --git a/roles/anope/defaults/main/nickserv.yml b/roles/anope/defaults/main/nickserv.yml index 92f95fe..a5a0560 100644 --- a/roles/anope/defaults/main/nickserv.yml +++ b/roles/anope/defaults/main/nickserv.yml @@ -6,8 +6,8 @@ anope_nickserv_service_host: services.host anope_nickserv_service_gecos: Nickname Registration Service anope_nickserv_module_client: NickServ -anope_nickserv_module_forceemail: yes -anope_nickserv_module_confirmemailchanges: no +anope_nickserv_module_forceemail: true +anope_nickserv_module_confirmemailchanges: false anope_nickserv_module_defaults: - ns_secure - ns_private @@ -18,14 +18,14 @@ anope_nickserv_module_defaults: - autoop anope_nickserv_module_regdelay: 30s anope_nickserv_module_expire: 21d -anope_nickserv_module_secureadmins: yes -anope_nickserv_module_modeonid: yes -anope_nickserv_module_hidenetsplitquit: no +anope_nickserv_module_secureadmins: true +anope_nickserv_module_modeonid: true +anope_nickserv_module_hidenetsplitquit: false anope_nickserv_module_killquick: 20s anope_nickserv_module_kill: 60s anope_nickserv_module_enforceruser: enforcer anope_nickserv_module_enforcerhost: services.host anope_nickserv_module_releasetimeout: 1m anope_nickserv_module_guestnickprefix: Guest -anope_nickserv_module_nonicknameownership: no +anope_nickserv_module_nonicknameownership: false anope_nickserv_module_passlen: 32 diff --git a/roles/anope/handlers/main.yml b/roles/anope/handlers/main.yml index f1e6f70..2c760ce 100644 --- a/roles/anope/handlers/main.yml +++ b/roles/anope/handlers/main.yml @@ -1,11 +1,11 @@ --- -- name: restart anope - service: +- name: Restart anope + ansible.builtin.service: name: anope state: restarted -- name: reload anope - service: +- name: Reload anope + ansible.builtin.service: name: anope state: reloaded diff --git a/roles/anope/meta/argument_specs.yml b/roles/anope/meta/argument_specs.yml new file mode 100644 index 0000000..194dae9 --- /dev/null +++ b/roles/anope/meta/argument_specs.yml @@ -0,0 +1,478 @@ +--- + +argument_specs: + + main: + version_added: "0.0.1" + short_description: Install and configure Anope. + description: + - "Install and configure the L(Anope,https://www.anope.org/) IRC services daemon." + - "Execution of this role can be limited using the following tags:" + - "C(role::anope:install): Install Anope from distribution packages." + - "C(role::anope:config): Render the Anope configuration." + - "C(role::anope): Apply all of the above." + author: s3lph + options: + anope_services_botserv_enabled: + description: + - If C(true), enable BotServ. + - If C(true), enable BotServ. + type: bool + default: false + anope_services_chanserv_enabled: + description: + - If C(true), enable ChanServ. + - If C(true), enable ChanServ. + type: bool + default: true + anope_services_global_enabled: + description: + - If C(true), enable Global. + - If C(true), enable Global. + type: bool + default: true + anope_services_hostserv_enabled: + description: + - If C(true), enable HostServ. + - If C(true), enable HostServ. + type: bool + default: false + anope_services_memoserv_enabled: + description: + - If C(true), enable MemoServ. + - If C(true), enable MemoServ. + type: bool + default: false + anope_services_nickserv_enabled: + description: + - If C(true), enable NickServ. + - If C(true), enable NickServ. + type: bool + default: true + anope_services_operserv_enabled: + description: + - If C(true), enable OperServ. + - If C(true), enable OperServ. + type: bool + default: true + anope_empty_modules: + description: + - List of configuration-less modules to enable. + type: list + elements: str + default: [help, m_sasl] + anope_services_host: + description: + - >- + The services.host define is used in multiple different locations throughout the configuration for services + clients hostnames. + type: str + default: services.localhost.localdomain + anope_uplink_host: + description: + - The IP or hostname of the IRC server you wish to connect Services to. + type: str + default: localhost + anope_uplink_ipv6: + description: + - Enable if Services should connect using IPv6. + type: bool + default: true + anope_uplink_ssl: + description: + - Enable if Services should connect using SSL. + - You must have an SSL module loaded for this to work. + type: bool + default: false + anope_uplink_port: + description: + - The port to connect to. + - The IRCd MUST be configured to listen on this port, and to accept server connections. + type: int + default: 7000 + anope_serverinfo_name: + description: + - The hostname that Services will be seen as. + - it must have no conflicts with any other server names on the rest of your IRC network. + type: str + default: services.localhost.localdomain + anope_serverinfo_description: + description: + - "The text which should appear as the server's information in /WHOIS and similar queries." + type: str + default: Services for IRC Networks + anope_serverinfo_pid: + description: + - The filename containing the Services process ID. + type: str + default: /var/run/anope/anope.pid + anope_serverinfo_motd: + description: + - The filename containing the Message of the Day. + type: str + default: /etc/anope/services.motd + anope_protocol_module_name: + description: + - This directive tells Anope which IRCd Protocol to speak when connecting. + type: str + default: inspircd3 + anope_protocol_module_use_server_side_mlock: + description: + - Some protocol modules can enforce mode locks server-side. + - This reduces the spam caused by services immediately reversing mode changes for locked modes. + type: bool + default: true + anope_protocol_module_use_server_side_topiclock: + description: + - Some protocol modules can enforce topic locks server-side. + - This reduces the spam caused by services immediately reversing topic changes. + type: bool + default: true + anope_networkinfo_networkname: + description: + - This is the name of the network that Services will be running on. + type: str + default: LocalNet + anope_networkinfo_nicklen: + description: + - Set this to the maximum allowed nick length on your network. + type: int + default: 31 + anope_networkinfo_userlen: + description: + - Set this to the maximum allowed ident length on your network. + type: int + default: 10 + anope_networkinfo_hostlen: + description: + - Set this to the maximum allowed hostname length on your network. + type: int + default: 64 + anope_networkinfo_chanlen: + description: + - Set this to the maximum allowed channel length on your network. + type: int + default: 32 + anope_networkinfo_modelistsize: + description: + - The maximum number of list modes settable on a channel (such as C(b), C(e), C(I)). + type: int + default: 100 + anope_networkinfo_vhost_chars: + description: + - The characters allowed in hostnames. + type: str + default: "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-" + anope_networkinfo_allow_undotted_vhosts: + description: + - If set to true, allows vHosts to not contain dots. + type: bool + default: false + anope_networkinfo_disallow_start_or_end: + description: + - The characters that are not allowed to be at the very beginning or very ending of a vHost. + type: str + default: ".-" + anope_options_casemap: + description: + - The case mapping used by services. + type: str + default: ascii + anope_options_strictpasswords: + description: + - If set, Services will perform more stringent checks on passwords. + type: bool + default: true + anope_options_badpasslimit: + description: + - Sets the number of invalid password tries before Services removes a user from the network. + type: int + default: 5 + anope_options_badpasstimeout: + description: + - Sets the time after which invalid passwords are forgotten about. + type: str + default: 1h + anope_options_updatetimeout: + description: + - Sets the delay between automatic database updates. + type: str + default: 5m + anope_options_expiretimeout: + description: + - Sets the delay between checks for expired nicknames and channels. + type: str + default: 30m + anope_options_readtimeout: + description: + - Sets the timeout period for reading from the uplink. + type: str + default: 5s + anope_options_warningtimeout: + description: + - Sets the interval between sending warning messages for program errors via WALLOPS/GLOBOPS. + type: str + default: 4h + anope_options_timeoutcheck: + description: + - Sets the (maximum) frequency at which the timeout list is checked. + type: str + default: 3s + anope_options_retrywait: + description: + - How long to wait between connection retries with the uplink(s). + type: str + default: 60s + anope_options_hideprivilegedcommands: + description: + - "If set, Services will hide commands that users don't have the privilege to execute from HELP output." + type: bool + default: true + anope_options_hideregisteredcommands: + description: + - "If set, Services will hide commands that users can't execute because they are not logged in from HELP output." + type: bool + default: true + anope_options_languages: + description: + - A list of languages to load on startup that will be available in /NICKSERV SET LANGUAGE. + type: list + anope_options_defaultlanguage: + description: + - Default language that non- and newly-registered nicks will receive messages in. + type: str + default: en_US.UTF-8 + anope_log: + description: + - This section is used for configuring what is logged and where it is logged to. + type: list + anope_opertypes: + description: + - This section is used to set up staff access to restricted oper only commands. + type: dict + anope_opers: + description: + - List of operators and their access levels. + type: dict + default: {} + anope_database_flatfile_filename: + description: + - The database name db_flatfile should use. + type: str + default: anope.db + anope_database_flatfile_keepbackups: + description: + - Sets the number of days backups of databases are kept. + type: int + default: 3 + anope_database_flatfile_nobackupok: + description: + - >- + Allows Services to continue file write operations (i.e. database saving) even if the original file cannot + be backed up. + type: bool + default: false + anope_database_flatfile_fork: + description: + - If enabled, services will fork a child process to save databases. + type: bool + default: false + anope_password_hash: + description: + - Name of the primary password hashing module without the C(enc_) prefix. + type: str + default: bcrypt + anope_additional_config: + description: + - Wilcard option to append arbitrary additional configuration. + type: str + default: "" + anope_nickserv_service_nick: + description: + - The name of the NickServ client. + type: str + default: NickServ + anope_nickserv_servie_user: + description: + - The username of the NickServ client. + type: str + default: services + anope_nickserv_service_host: + description: + - The hostname of the NickServ client. + type: str + default: services.host + anope_nickserv_service_gecos: + description: + - The realname of the NickServ client. + type: str + default: Nickname Registration Service + anope_nickserv_module_client: + description: + - The name of the client that should be NickServ. + type: str + default: NickServ + anope_nickserv_module_forceemail: + description: + - Force users to give an e-mail address when they register a nick. + type: bool + default: true + anope_nickserv_module_confirmemailchanges: + description: + - Require users who change their email address to confirm they own their new email. + type: bool + default: false + anope_nickserv_module_defaults: + description: + - The default options for newly registered nicks. + type: list + default: [killprotect, ns_secure, ns_private, hide_email, hide_mask, memo_signon, memo_receive, autoop] + anope_nickserv_module_regdelay: + description: + - "The minimum length of time between consecutive uses of NickServ's REGISTER command." + type: str + default: 30s + anope_nickserv_module_expire: + description: + - "The length of time before a nick's registration expires." + type: str + default: 21d + anope_nickserv_module_secureadmins: + description: + - >- + Prevents the use of the ACCESS and CERT DROP, FORBID, SUSPEND, GETPASS and SET PASSWORD commands by services + operators on other services operators. + type: bool + default: true + anope_nickserv_module_modeonid: + description: + - >- + If set, Services will set the channel modes a user has access to upon identifying, assuming they are not + already set. + type: bool + default: true + anope_nickserv_module_hidenetsplitquit: + description: + - "If set, Services will not show netsplits in the last quit message field of NickServ's INFO command." + type: bool + default: false + anope_nickserv_module_killquick: + description: + - "Length of time NickServ's killquick option waits before forcing users off of protected nicknames." + type: str + default: 20s + anope_nickserv_module_kill: + description: + - "Length of time NickServ's kill option waits before forcing users off of protected nicknames." + type: str + default: 60s + anope_nickserv_module_enforceruser: + description: + - The username used for fake users created when Services needs to hold a nickname. + type: str + default: enforcer + anope_nickserv_module_enforcerhost: + description: + - The hostname used for fake users created when Services needs to hold a nickname. + type: str + default: services.host + anope_nickserv_module_releasetimeout: + description: + - The length of time Services hold nicknames. + type: str + default: 1m + anope_nickserv_module_guestnickprefix: + description: + - "When a users nick is forcibly changed to enforce a nick kill, their new nick will start with this value." + type: str + default: Guest + anope_nickserv_module_nonicknameownership: + description: + - If set, Services do not allow ownership of nick names, only ownership of accounts. + type: bool + default: false + anope_nickserv_module_passlen: + description: + - The maximum length of passwords. + type: int + default: 32 + anope_chanserv_service_nick: + description: + - The name of the ChanServ client. + type: str + default: ChanServ + anope_chanserv_servie_user: + description: + - The username of the ChanServ client. + type: str + default: services + anope_chanserv_service_host: + description: + - The hostname of the ChanServ client. + type: str + default: services.host + anope_chanserv_service_gecos: + description: + - The realname of the ChanServ client. + type: str + default: Channel Registration Service + anope_chanserv_module_client: + description: + - The name of the client that should be ChanServ. + type: str + default: ChanServ + anope_chanserv_module_defaults: + description: + - The default options for newly registered channels. + type: list + elements: str + default: [keeptopic, peace, cs_secure, securefounder, signkick] + anope_chanserv_module_maxregistered: + description: + - The maximum number of channels which may be registered to a single nickname. + type: int + default: 20 + anope_chanserv_module_expire: + description: + - The length of time before a channel registration expires. + type: str + default: 14d + anope_chanserv_module_accessmax: + description: + - "The maximum number of entries on a channel's access list." + type: int + default: 1024 + anope_chanserv_module_inhabit: + description: + - >- + The length of time ChanServ stays in a channel after kicking a user from a channel they are not permitted + to be in. + type: str + default: 15s + anope_chanserv_module_reasonmax: + description: + - The maximum length of the reason field for user commands such as chanserv/kick and chanserv/ban. + type: int + default: 200 + anope_chanserv_module_signkickformat: + description: + - The message formatting to use for signed kick messages. + - "%n is the nick of the kicker." + - "%m is the message specified." + type: str + default: "%m (%n)" + anope_chanserv_module_disallow_hostmask_access: + description: + - If set, prevents channel access entries from containing hostmasks. + type: bool + default: false + anope_chanserv_module_disallow_channel_access: + description: + - If set, prevents channels from being on access lists. + type: bool + default: false + anope_chanserv_module_always_lower_ts: + description: + - If set, ChanServ will always lower the timestamp of registered channels to their registration date. + type: bool + default: false diff --git a/roles/anope/tasks/config.yml b/roles/anope/tasks/config.yml index f538608..2b31174 100644 --- a/roles/anope/tasks/config.yml +++ b/roles/anope/tasks/config.yml @@ -1,29 +1,29 @@ --- -- name: render anope config files - template: +- name: Render anope config files + ansible.builtin.template: src: etc/anope/{{ item }}.conf.j2 dest: /etc/anope/{{ item }}.conf owner: root group: irc - mode: 0640 + mode: "0640" loop: - services - nickserv - chanserv - notify: restart anope + notify: Restart anope -- name: render /etc/default/anope - template: +- name: Render /etc/default/anope + ansible.builtin.template: src: etc/default/anope.j2 dest: /etc/default/anope owner: root group: root - mode: 0644 - notify: restart anope + mode: "0644" + notify: Restart anope -- name: start and enable anope - service: +- name: Start and enable anope + ansible.builtin.service: name: anope state: started - enabled: yes + enabled: true diff --git a/roles/anope/tasks/install.yml b/roles/anope/tasks/install.yml index a69f632..6201f3a 100644 --- a/roles/anope/tasks/install.yml +++ b/roles/anope/tasks/install.yml @@ -1,7 +1,7 @@ --- -- name: install anope - apt: +- name: Install anope + ansible.builtin.apt: name: anope # anope recommends default-mta, which resolves to exim - install_recommends : no + install_recommends: false diff --git a/roles/anope/tasks/main.yml b/roles/anope/tasks/main.yml index 542cbf0..a4faeeb 100644 --- a/roles/anope/tasks/main.yml +++ b/roles/anope/tasks/main.yml @@ -1,11 +1,13 @@ --- -- import_tasks: install.yml +- name: Install Anope + ansible.builtin.import_tasks: install.yml tags: - "role::anope" - "role::anope:install" -- import_tasks: config.yml +- name: Configure Anope + ansible.builtin.import_tasks: config.yml tags: - "role::anope" - "role::anope:config" diff --git a/roles/inspircd/README.md b/roles/inspircd/README.md new file mode 100644 index 0000000..ffef740 --- /dev/null +++ b/roles/inspircd/README.md @@ -0,0 +1,5 @@ +# Role s3lph.irc.inspircd + +Documentation in `meta/argument_specs.yml`. + +A usage example can be found in the `docs` folder of the collection. diff --git a/roles/inspircd/defaults/main.yml b/roles/inspircd/defaults/main.yml index ee84c9e..b219a25 100644 --- a/roles/inspircd/defaults/main.yml +++ b/roles/inspircd/defaults/main.yml @@ -72,7 +72,7 @@ inspircd_autoconnect: [] inspircd_links: {} inspircd_ulines: [] -inspircd_sasl_requiressl: yes +inspircd_sasl_requiressl: true inspircd_oper_classes: Shutdown: diff --git a/roles/inspircd/handlers/main.yml b/roles/inspircd/handlers/main.yml index 1aeaf6f..3fb34de 100644 --- a/roles/inspircd/handlers/main.yml +++ b/roles/inspircd/handlers/main.yml @@ -1,11 +1,11 @@ --- -- name: restart inspircd - service: +- name: Restart inspircd + ansible.builtin.service: name: inspircd state: restarted -- name: reload inspircd - service: +- name: Reload inspircd + ansible.builtin.service: name: inspircd state: reloaded diff --git a/roles/inspircd/meta/argument_specs.yml b/roles/inspircd/meta/argument_specs.yml new file mode 100644 index 0000000..690873e --- /dev/null +++ b/roles/inspircd/meta/argument_specs.yml @@ -0,0 +1,183 @@ +--- + +argument_specs: + + main: + version_added: "0.0.1" + short_description: Install and configure InspIRCd. + description: + - "Install and configure the L(InspIRCd,https://www.inspircd.org/) IRC daemon." + - "Execution of this role can be limited using the following tags:" + - "C(role::inspircd:install): Install InspIRCd from distribution packages." + - "C(role::inspircd:config): Render the InspIRCd configuration." + - "C(role::inspircd): Apply all of the above." + author: s3lph + options: + inspircd_modules: + description: + - Modules to load. + type: list + elements: str + default: + - argon2 + - bcrypt + - botmode + - cap + - connflood + - ircv3 + - ircv3_batch + - ircv3_capnotify + - ircv3_ctctags + - ircv3_labeledresponse + - ircv3_msgid + - ircv3_servertime + - messageflood + - password_hash + - pbkdf2 + - sha256 + - showfile + - sslmodes + - sslrehashsignal + - ssl_gnutls + - spanningtree + - userip + - watch + inspircd_modules_additional: + description: + - Additional modules to load. + type: list + elements: str + default: [] + inspircd_server_hostname: + description: + - The hostname of the local server. + type: str + default: "{{ inventory_hostname }}" + inspircd_server_description: + description: + - A description of the local server. + type: str + default: "{{ inventory_hostname }}" + inspircd_server_network: + description: + - The name of the IRC network the local server is attached to. + type: str + default: "{{ inventory_hostname }}" + inspircd_options_casemapping: + description: + - The casemapping to use when comparing channel and nicknames insensitively. + type: str + default: ascii + inspircd_admin_nick: + description: + - The nickname of the server operator. + type: str + default: admin + inspircd_admin_email: + description: + - The email address of the server operator. + type: str + default: noreply@example.com + inspircd_motd: + description: + - Message of the day, ie. shown to users when they connect or use the /MOTD command. + type: str + default: |2 + CCCC H H A N N GGGG EEEEE M M EEEEE + C H H A A NN N G E MM MM E + C HHHHH A A N N N G GG EEE M M M EEE + C H H AAAAA N NN G G E M M E + CCCC H H A A N N GGGG EEEEE M M EEEEE + inspircd_log_method: + description: + - The method to use for storing logs. + type: str + default: file + inspircd_log_types: + description: + - List of types of message to log. + type: list + elements: str + default: + - CHANNELS + - COMMAND + - MODE + - MODULE + - SOCKET + - STARTUP + - core_channel + - core_oper + - core_reloadmodule + - m_sasl + - m_spanningtree + - m_ssl_gnutls + - m_sslinfo + - m_topiclock + inspircd_log_level: + description: + - The level of messages to log. + type: str + default: default + inspircd_log_target: + description: + - The location to write the log to. + type: str + default: inspircd.log + inspircd_log_flush: + description: + - After how many lines to flush the log to disk. + type: int + default: 20 + inspircd_gnutls_profiles: + description: + - This MUST be set to the name of a GnuTLS TLS (SSL) profile to listen for secure connections with GnuTLS. + type: dict + default: {} + inspircd_bind: + description: + - Endpoints to listen for connections on. + type: list + elements: dict + default: + - address: "::1" + port: 6667 + inspircd_autoconnect: + description: + - One or more servers to attempt to connect to. + type: list + elements: dict + default: [] + inspircd_links: + description: + - Defines servers to link with. + type: dict + default: {} + inspircd_ulines: + description: + - Defines one or more services servers. + type: list + elements: dict + default: [] + inspircd_sasl_requiressl: + description: + - Whether TLS (SSL) is required to use SASL. + type: bool + default: true + inspircd_oper_classes: + description: + - If defined then a connect class to assign users who log into this server operator account to. + type: dict + inspircd_oper_types: + description: + - Types of server operators. + type: dict + inspircd_opers: + description: + - Server operator accounts. + type: dict + default: {} + inspircd_additional_config: + description: + - Wildcard option to append arbitrary additional configuration. + type: str + default: "" diff --git a/roles/inspircd/tasks/config.yml b/roles/inspircd/tasks/config.yml index d9d18a3..0a79199 100644 --- a/roles/inspircd/tasks/config.yml +++ b/roles/inspircd/tasks/config.yml @@ -1,25 +1,25 @@ --- -- name: render /etc/inspircd/motd.txt - copy: +- name: Render /etc/inspircd/motd.txt + ansible.builtin.copy: content: "{{ inspircd_motd }}" dest: /etc/inspircd/motd.txt owner: root group: root - mode: 0644 - notify: reload inspircd + mode: "0644" + notify: Reload inspircd -- name: render /etc/inspircd/inspircd.conf - template: +- name: Render /etc/inspircd/inspircd.conf + ansible.builtin.template: src: etc/inspircd/inspircd.conf.j2 dest: /etc/inspircd/inspircd.conf owner: root group: root - mode: 0644 - notify: reload inspircd + mode: "0644" + notify: Reload inspircd -- name: start and enable inspircd - service: +- name: Start and enable inspircd + ansible.builtin.service: name: inspircd state: started - enabled: yes + enabled: true diff --git a/roles/inspircd/tasks/install.yml b/roles/inspircd/tasks/install.yml index 59750bb..c06b8fd 100644 --- a/roles/inspircd/tasks/install.yml +++ b/roles/inspircd/tasks/install.yml @@ -1,21 +1,13 @@ --- -- name: add s3lphrepo key - apt_key: - url: https://kernelpanic.lol/repo/repo.gpg - -- name: add s3lphrepo - apt_repository: - repo: deb https://kernelpanic.lol/repo stable main - -- name: install inspircd - package: +- name: Install InspIRCd + ansible.builtin.apt: name: inspircd -- name: install inspircd acme deploy hook - template: +- name: Install InspIRCd ACME deploy hook + ansible.builtin.template: src: usr/local/bin/acme-deploy-inspircd.j2 dest: /usr/local/bin/acme-deploy-inspircd owner: root group: root - mode: 0755 + mode: "0755" diff --git a/roles/inspircd/tasks/main.yml b/roles/inspircd/tasks/main.yml index c1df2a2..9265811 100644 --- a/roles/inspircd/tasks/main.yml +++ b/roles/inspircd/tasks/main.yml @@ -1,11 +1,13 @@ --- -- import_tasks: install.yml +- name: Install InspIRCd + ansible.builtin.import_tasks: install.yml tags: - "role::inspircd" - "role::inspircd:install" -- import_tasks: config.yml +- name: Configure InspIRCd + ansible.builtin.import_tasks: config.yml tags: - "role::inspircd" - "role::inspircd:config"