diff --git a/.ansible-lint b/.ansible-lint
new file mode 100644
index 0000000..098eff3
--- /dev/null
+++ b/.ansible-lint
@@ -0,0 +1,6 @@
+---
+
+skip_list:
+ - galaxy[no-changelog]
+ - galaxy[version-incorrect]
+ - var-naming[no-role-prefix]
diff --git a/.forgejo/workflows/ansible-galaxy.yml b/.forgejo/workflows/ansible-galaxy.yml
new file mode 100644
index 0000000..05278c0
--- /dev/null
+++ b/.forgejo/workflows/ansible-galaxy.yml
@@ -0,0 +1,29 @@
+---
+
+name: Ansible Galaxy
+
+on: # noqa yaml[truthy]
+ push:
+ tags:
+ - 'v*'
+
+jobs:
+ deploy:
+ runs-on: docker
+ steps:
+
+ - uses: actions/checkout@v4
+
+ - name: Set version in galaxy.yml
+ run: |
+ VERSION=${GITHUB_REF#refs/tags/v}
+ sed -re "s/^version:.*$/version: ${VERSION}/" -i galaxy.yml
+
+ - name: Upload collection to Ansible Galaxy
+ env:
+ GALAXY_API_KEY: ${{ secrets.GALAXY_API_KEY }}
+ run: |
+ apt update; apt install --yes python3-pip
+ pip3 install --break-system-packages ansible
+ ansible-galaxy collection build
+ ansible-galaxy collection publish --api-key=${GALAXY_API_KEY} s3lph-irc*tar.gz
diff --git a/.forgejo/workflows/ansible-lint.yml b/.forgejo/workflows/ansible-lint.yml
new file mode 100644
index 0000000..b42b17b
--- /dev/null
+++ b/.forgejo/workflows/ansible-lint.yml
@@ -0,0 +1,17 @@
+---
+
+name: Ansible Lint
+on: [push, pull_request] # noqa yaml[truthy]
+
+jobs:
+ build:
+ runs-on: docker
+
+ steps:
+
+ - uses: actions/checkout@v4
+
+ - run: |
+ apt update; apt install --yes python3-pip
+ pip3 install --break-system-packages ansible-lint
+ ansible-lint
diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..424bd26
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+.ansible/
diff --git a/galaxy.yml b/galaxy.yml
index 187b719..1102bf3 100644
--- a/galaxy.yml
+++ b/galaxy.yml
@@ -8,7 +8,7 @@ namespace: s3lph
name: irc
# The version of the collection. Must be compatible with semantic versioning
-version: 0.1.0
+version: 0.2.0
# The path to the Markdown (.md) readme file. This path is relative to the root of the collection
readme: README.md
@@ -16,7 +16,7 @@ readme: README.md
# A list of the collection's content authors. Can be just the name or in the format 'Full Name <email> (url)
# @nicks:irc/im.site#channel'
authors:
-- s3lph <account-gitlab-ideynizv@kernelpanic.lol>
+ - s3lph <s3lph@kabelsalat.ch>
### OPTIONAL but strongly recommended
@@ -26,16 +26,18 @@ description: InspIRCd server setup
# Either a single license or a list of licenses for content inside of a collection. Ansible Galaxy currently only
# accepts L(SPDX,https://spdx.org/licenses/) licenses. This key is mutually exclusive with 'license_file'
license:
-- MIT
+ - MIT
# The path to the license file for the collection. This path is relative to the root of the collection. This key is
# mutually exclusive with 'license'
-#license_file: ''
+# license_file: ''
# A list of tags you want to associate with the collection for indexing/searching. A tag name has the same character
# requirements as 'namespace' and 'name'
tags:
+ - application
- inspircd
+ - anope
- irc
- ircd
@@ -46,20 +48,19 @@ tags:
dependencies: {}
# The URL of the originating SCM repository
-repository: https://gitlab.com/s3lph/ansible-collection-irc
+repository: https://git.kabelsalat.ch/s3lph/ansible-collection-irc
# The URL to any online docs
-documentation: https://gitlab.com/s3lph/ansible-collection-irc
+documentation: https://git.kabelsalat.ch/s3lph/ansible-collection-irc
# The URL to the homepage of the collection/project
-homepage: https://gitlab.com/s3lph/ansible-collection-irc
+homepage: https://git.kabelsalat.ch/s3lph/ansible-collection-irc
# The URL to the collection issue tracker
-issues: https://gitlab.com/s3lph/ansible-collection-irc/-/issues
+issues: https://git.kabelsalat.ch/s3lph/ansible-collection-irc/issues
# A list of file glob-like patterns used to filter any files or directories that should not be included in the build
# artifact. A pattern is matched from the relative path of the file or directory of the collection directory. This
# uses 'fnmatch' to match the files or directories. Some directories and files like 'galaxy.yml', '*.pyc', '*.retry',
# and '.git' are always filtered
build_ignore: []
-
diff --git a/meta/runtime.yml b/meta/runtime.yml
new file mode 100644
index 0000000..f3589f4
--- /dev/null
+++ b/meta/runtime.yml
@@ -0,0 +1,52 @@
+---
+# Collections must specify a minimum required ansible version to upload
+# to galaxy
+requires_ansible: '>=2.15.0'
+
+# Content that Ansible needs to load from another location or that has
+# been deprecated/removed
+# plugin_routing:
+# action:
+# redirected_plugin_name:
+# redirect: ns.col.new_location
+# deprecated_plugin_name:
+# deprecation:
+# removal_version: "4.0.0"
+# warning_text: |
+# See the porting guide on how to update your playbook to
+# use ns.col.another_plugin instead.
+# removed_plugin_name:
+# tombstone:
+# removal_version: "2.0.0"
+# warning_text: |
+# See the porting guide on how to update your playbook to
+# use ns.col.another_plugin instead.
+# become:
+# cache:
+# callback:
+# cliconf:
+# connection:
+# doc_fragments:
+# filter:
+# httpapi:
+# inventory:
+# lookup:
+# module_utils:
+# modules:
+# netconf:
+# shell:
+# strategy:
+# terminal:
+# test:
+# vars:
+
+# Python import statements that Ansible needs to load from another location
+# import_redirection:
+# ansible_collections.ns.col.plugins.module_utils.old_location:
+# redirect: ansible_collections.ns.col.plugins.module_utils.new_location
+
+# Groups of actions/modules that take a common set of options
+# action_groups:
+# group_name:
+# - module1
+# - module2
diff --git a/roles/anope/README.md b/roles/anope/README.md
new file mode 100644
index 0000000..231a6c6
--- /dev/null
+++ b/roles/anope/README.md
@@ -0,0 +1,5 @@
+# Role s3lph.irc.anope
+
+Documentation in `meta/argument_specs.yml`.
+
+A usage example can be found in the `docs` folder of the collection.
diff --git a/roles/anope/defaults/main/anope.yml b/roles/anope/defaults/main/anope.yml
index 1a48977..2b1b32d 100644
--- a/roles/anope/defaults/main/anope.yml
+++ b/roles/anope/defaults/main/anope.yml
@@ -48,8 +48,8 @@ anope_options_readtimeout: 5s
anope_options_warningtimeout: 4h
anope_options_timeoutcheck: 3s
anope_options_retrywait: 60s
-anope_options_hideprivilegedcommands: yes
-anope_options_hideregisteredcommands: yes
+anope_options_hideprivilegedcommands: true
+anope_options_hideregisteredcommands: true
anope_options_languages:
- ca_ES.UTF-8
- de_DE.UTF-8
@@ -95,8 +95,8 @@ anope_log:
- mode
other:
- "*"
- rawio: no
- debug: no
+ rawio: false
+ debug: false
- targets:
- globops
admin:
@@ -123,7 +123,7 @@ anope_log:
- "expire/*"
- "bados"
- "akill/*"
-
+
anope_opertypes:
NetAdmin:
commands: ["*"]
@@ -133,8 +133,8 @@ anope_opers: {}
anope_database_flatfile_filename: anope.db
anope_database_flatfile_keepbackups: 3
-anope_database_flatfile_nobackupok: no
-anope_database_flatfile_fork: no
+anope_database_flatfile_nobackupok: false
+anope_database_flatfile_fork: false
anope_password_hash: bcrypt
diff --git a/roles/anope/defaults/main/chanserv.yml b/roles/anope/defaults/main/chanserv.yml
index 85db416..0324688 100644
--- a/roles/anope/defaults/main/chanserv.yml
+++ b/roles/anope/defaults/main/chanserv.yml
@@ -16,8 +16,8 @@ anope_chanserv_module_maxregistered: 20
anope_chanserv_module_expire: 14d
anope_chanserv_module_accessmax: 1024
anope_chanserv_module_inhabit: 15s
-anope_chanserv_module_reasonmax: 200
+anope_chanserv_module_reasonmax: 200
anope_chanserv_module_signkickformat: "%m (%n)"
-anope_chanserv_module_disallow_hostmask_access: no
-anope_chanserv_module_disallow_channel_access: no
-anope_chanserv_module_always_lower_ts: no
+anope_chanserv_module_disallow_hostmask_access: false
+anope_chanserv_module_disallow_channel_access: false
+anope_chanserv_module_always_lower_ts: false
diff --git a/roles/anope/defaults/main/nickserv.yml b/roles/anope/defaults/main/nickserv.yml
index 92f95fe..a5a0560 100644
--- a/roles/anope/defaults/main/nickserv.yml
+++ b/roles/anope/defaults/main/nickserv.yml
@@ -6,8 +6,8 @@ anope_nickserv_service_host: services.host
anope_nickserv_service_gecos: Nickname Registration Service
anope_nickserv_module_client: NickServ
-anope_nickserv_module_forceemail: yes
-anope_nickserv_module_confirmemailchanges: no
+anope_nickserv_module_forceemail: true
+anope_nickserv_module_confirmemailchanges: false
anope_nickserv_module_defaults:
- ns_secure
- ns_private
@@ -18,14 +18,14 @@ anope_nickserv_module_defaults:
- autoop
anope_nickserv_module_regdelay: 30s
anope_nickserv_module_expire: 21d
-anope_nickserv_module_secureadmins: yes
-anope_nickserv_module_modeonid: yes
-anope_nickserv_module_hidenetsplitquit: no
+anope_nickserv_module_secureadmins: true
+anope_nickserv_module_modeonid: true
+anope_nickserv_module_hidenetsplitquit: false
anope_nickserv_module_killquick: 20s
anope_nickserv_module_kill: 60s
anope_nickserv_module_enforceruser: enforcer
anope_nickserv_module_enforcerhost: services.host
anope_nickserv_module_releasetimeout: 1m
anope_nickserv_module_guestnickprefix: Guest
-anope_nickserv_module_nonicknameownership: no
+anope_nickserv_module_nonicknameownership: false
anope_nickserv_module_passlen: 32
diff --git a/roles/anope/handlers/main.yml b/roles/anope/handlers/main.yml
index f1e6f70..2c760ce 100644
--- a/roles/anope/handlers/main.yml
+++ b/roles/anope/handlers/main.yml
@@ -1,11 +1,11 @@
---
-- name: restart anope
- service:
+- name: Restart anope
+ ansible.builtin.service:
name: anope
state: restarted
-- name: reload anope
- service:
+- name: Reload anope
+ ansible.builtin.service:
name: anope
state: reloaded
diff --git a/roles/anope/meta/argument_specs.yml b/roles/anope/meta/argument_specs.yml
new file mode 100644
index 0000000..194dae9
--- /dev/null
+++ b/roles/anope/meta/argument_specs.yml
@@ -0,0 +1,478 @@
+---
+
+argument_specs:
+
+ main:
+ version_added: "0.0.1"
+ short_description: Install and configure Anope.
+ description:
+ - "Install and configure the L(Anope,https://www.anope.org/) IRC services daemon."
+ - "Execution of this role can be limited using the following tags:"
+ - "C(role::anope:install): Install Anope from distribution packages."
+ - "C(role::anope:config): Render the Anope configuration."
+ - "C(role::anope): Apply all of the above."
+ author: s3lph
+ options:
+ anope_services_botserv_enabled:
+ description:
+ - If C(true), enable BotServ.
+ - If C(true), enable BotServ.
+ type: bool
+ default: false
+ anope_services_chanserv_enabled:
+ description:
+ - If C(true), enable ChanServ.
+ - If C(true), enable ChanServ.
+ type: bool
+ default: true
+ anope_services_global_enabled:
+ description:
+ - If C(true), enable Global.
+ - If C(true), enable Global.
+ type: bool
+ default: true
+ anope_services_hostserv_enabled:
+ description:
+ - If C(true), enable HostServ.
+ - If C(true), enable HostServ.
+ type: bool
+ default: false
+ anope_services_memoserv_enabled:
+ description:
+ - If C(true), enable MemoServ.
+ - If C(true), enable MemoServ.
+ type: bool
+ default: false
+ anope_services_nickserv_enabled:
+ description:
+ - If C(true), enable NickServ.
+ - If C(true), enable NickServ.
+ type: bool
+ default: true
+ anope_services_operserv_enabled:
+ description:
+ - If C(true), enable OperServ.
+ - If C(true), enable OperServ.
+ type: bool
+ default: true
+ anope_empty_modules:
+ description:
+ - List of configuration-less modules to enable.
+ type: list
+ elements: str
+ default: [help, m_sasl]
+ anope_services_host:
+ description:
+ - >-
+ The services.host define is used in multiple different locations throughout the configuration for services
+ clients hostnames.
+ type: str
+ default: services.localhost.localdomain
+ anope_uplink_host:
+ description:
+ - The IP or hostname of the IRC server you wish to connect Services to.
+ type: str
+ default: localhost
+ anope_uplink_ipv6:
+ description:
+ - Enable if Services should connect using IPv6.
+ type: bool
+ default: true
+ anope_uplink_ssl:
+ description:
+ - Enable if Services should connect using SSL.
+ - You must have an SSL module loaded for this to work.
+ type: bool
+ default: false
+ anope_uplink_port:
+ description:
+ - The port to connect to.
+ - The IRCd MUST be configured to listen on this port, and to accept server connections.
+ type: int
+ default: 7000
+ anope_serverinfo_name:
+ description:
+ - The hostname that Services will be seen as.
+ - it must have no conflicts with any other server names on the rest of your IRC network.
+ type: str
+ default: services.localhost.localdomain
+ anope_serverinfo_description:
+ description:
+ - "The text which should appear as the server's information in /WHOIS and similar queries."
+ type: str
+ default: Services for IRC Networks
+ anope_serverinfo_pid:
+ description:
+ - The filename containing the Services process ID.
+ type: str
+ default: /var/run/anope/anope.pid
+ anope_serverinfo_motd:
+ description:
+ - The filename containing the Message of the Day.
+ type: str
+ default: /etc/anope/services.motd
+ anope_protocol_module_name:
+ description:
+ - This directive tells Anope which IRCd Protocol to speak when connecting.
+ type: str
+ default: inspircd3
+ anope_protocol_module_use_server_side_mlock:
+ description:
+ - Some protocol modules can enforce mode locks server-side.
+ - This reduces the spam caused by services immediately reversing mode changes for locked modes.
+ type: bool
+ default: true
+ anope_protocol_module_use_server_side_topiclock:
+ description:
+ - Some protocol modules can enforce topic locks server-side.
+ - This reduces the spam caused by services immediately reversing topic changes.
+ type: bool
+ default: true
+ anope_networkinfo_networkname:
+ description:
+ - This is the name of the network that Services will be running on.
+ type: str
+ default: LocalNet
+ anope_networkinfo_nicklen:
+ description:
+ - Set this to the maximum allowed nick length on your network.
+ type: int
+ default: 31
+ anope_networkinfo_userlen:
+ description:
+ - Set this to the maximum allowed ident length on your network.
+ type: int
+ default: 10
+ anope_networkinfo_hostlen:
+ description:
+ - Set this to the maximum allowed hostname length on your network.
+ type: int
+ default: 64
+ anope_networkinfo_chanlen:
+ description:
+ - Set this to the maximum allowed channel length on your network.
+ type: int
+ default: 32
+ anope_networkinfo_modelistsize:
+ description:
+ - The maximum number of list modes settable on a channel (such as C(b), C(e), C(I)).
+ type: int
+ default: 100
+ anope_networkinfo_vhost_chars:
+ description:
+ - The characters allowed in hostnames.
+ type: str
+ default: "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-"
+ anope_networkinfo_allow_undotted_vhosts:
+ description:
+ - If set to true, allows vHosts to not contain dots.
+ type: bool
+ default: false
+ anope_networkinfo_disallow_start_or_end:
+ description:
+ - The characters that are not allowed to be at the very beginning or very ending of a vHost.
+ type: str
+ default: ".-"
+ anope_options_casemap:
+ description:
+ - The case mapping used by services.
+ type: str
+ default: ascii
+ anope_options_strictpasswords:
+ description:
+ - If set, Services will perform more stringent checks on passwords.
+ type: bool
+ default: true
+ anope_options_badpasslimit:
+ description:
+ - Sets the number of invalid password tries before Services removes a user from the network.
+ type: int
+ default: 5
+ anope_options_badpasstimeout:
+ description:
+ - Sets the time after which invalid passwords are forgotten about.
+ type: str
+ default: 1h
+ anope_options_updatetimeout:
+ description:
+ - Sets the delay between automatic database updates.
+ type: str
+ default: 5m
+ anope_options_expiretimeout:
+ description:
+ - Sets the delay between checks for expired nicknames and channels.
+ type: str
+ default: 30m
+ anope_options_readtimeout:
+ description:
+ - Sets the timeout period for reading from the uplink.
+ type: str
+ default: 5s
+ anope_options_warningtimeout:
+ description:
+ - Sets the interval between sending warning messages for program errors via WALLOPS/GLOBOPS.
+ type: str
+ default: 4h
+ anope_options_timeoutcheck:
+ description:
+ - Sets the (maximum) frequency at which the timeout list is checked.
+ type: str
+ default: 3s
+ anope_options_retrywait:
+ description:
+ - How long to wait between connection retries with the uplink(s).
+ type: str
+ default: 60s
+ anope_options_hideprivilegedcommands:
+ description:
+ - "If set, Services will hide commands that users don't have the privilege to execute from HELP output."
+ type: bool
+ default: true
+ anope_options_hideregisteredcommands:
+ description:
+ - "If set, Services will hide commands that users can't execute because they are not logged in from HELP output."
+ type: bool
+ default: true
+ anope_options_languages:
+ description:
+ - A list of languages to load on startup that will be available in /NICKSERV SET LANGUAGE.
+ type: list
+ anope_options_defaultlanguage:
+ description:
+ - Default language that non- and newly-registered nicks will receive messages in.
+ type: str
+ default: en_US.UTF-8
+ anope_log:
+ description:
+ - This section is used for configuring what is logged and where it is logged to.
+ type: list
+ anope_opertypes:
+ description:
+ - This section is used to set up staff access to restricted oper only commands.
+ type: dict
+ anope_opers:
+ description:
+ - List of operators and their access levels.
+ type: dict
+ default: {}
+ anope_database_flatfile_filename:
+ description:
+ - The database name db_flatfile should use.
+ type: str
+ default: anope.db
+ anope_database_flatfile_keepbackups:
+ description:
+ - Sets the number of days backups of databases are kept.
+ type: int
+ default: 3
+ anope_database_flatfile_nobackupok:
+ description:
+ - >-
+ Allows Services to continue file write operations (i.e. database saving) even if the original file cannot
+ be backed up.
+ type: bool
+ default: false
+ anope_database_flatfile_fork:
+ description:
+ - If enabled, services will fork a child process to save databases.
+ type: bool
+ default: false
+ anope_password_hash:
+ description:
+ - Name of the primary password hashing module without the C(enc_) prefix.
+ type: str
+ default: bcrypt
+ anope_additional_config:
+ description:
+ - Wilcard option to append arbitrary additional configuration.
+ type: str
+ default: ""
+ anope_nickserv_service_nick:
+ description:
+ - The name of the NickServ client.
+ type: str
+ default: NickServ
+ anope_nickserv_servie_user:
+ description:
+ - The username of the NickServ client.
+ type: str
+ default: services
+ anope_nickserv_service_host:
+ description:
+ - The hostname of the NickServ client.
+ type: str
+ default: services.host
+ anope_nickserv_service_gecos:
+ description:
+ - The realname of the NickServ client.
+ type: str
+ default: Nickname Registration Service
+ anope_nickserv_module_client:
+ description:
+ - The name of the client that should be NickServ.
+ type: str
+ default: NickServ
+ anope_nickserv_module_forceemail:
+ description:
+ - Force users to give an e-mail address when they register a nick.
+ type: bool
+ default: true
+ anope_nickserv_module_confirmemailchanges:
+ description:
+ - Require users who change their email address to confirm they own their new email.
+ type: bool
+ default: false
+ anope_nickserv_module_defaults:
+ description:
+ - The default options for newly registered nicks.
+ type: list
+ default: [killprotect, ns_secure, ns_private, hide_email, hide_mask, memo_signon, memo_receive, autoop]
+ anope_nickserv_module_regdelay:
+ description:
+ - "The minimum length of time between consecutive uses of NickServ's REGISTER command."
+ type: str
+ default: 30s
+ anope_nickserv_module_expire:
+ description:
+ - "The length of time before a nick's registration expires."
+ type: str
+ default: 21d
+ anope_nickserv_module_secureadmins:
+ description:
+ - >-
+ Prevents the use of the ACCESS and CERT DROP, FORBID, SUSPEND, GETPASS and SET PASSWORD commands by services
+ operators on other services operators.
+ type: bool
+ default: true
+ anope_nickserv_module_modeonid:
+ description:
+ - >-
+ If set, Services will set the channel modes a user has access to upon identifying, assuming they are not
+ already set.
+ type: bool
+ default: true
+ anope_nickserv_module_hidenetsplitquit:
+ description:
+ - "If set, Services will not show netsplits in the last quit message field of NickServ's INFO command."
+ type: bool
+ default: false
+ anope_nickserv_module_killquick:
+ description:
+ - "Length of time NickServ's killquick option waits before forcing users off of protected nicknames."
+ type: str
+ default: 20s
+ anope_nickserv_module_kill:
+ description:
+ - "Length of time NickServ's kill option waits before forcing users off of protected nicknames."
+ type: str
+ default: 60s
+ anope_nickserv_module_enforceruser:
+ description:
+ - The username used for fake users created when Services needs to hold a nickname.
+ type: str
+ default: enforcer
+ anope_nickserv_module_enforcerhost:
+ description:
+ - The hostname used for fake users created when Services needs to hold a nickname.
+ type: str
+ default: services.host
+ anope_nickserv_module_releasetimeout:
+ description:
+ - The length of time Services hold nicknames.
+ type: str
+ default: 1m
+ anope_nickserv_module_guestnickprefix:
+ description:
+ - "When a users nick is forcibly changed to enforce a nick kill, their new nick will start with this value."
+ type: str
+ default: Guest
+ anope_nickserv_module_nonicknameownership:
+ description:
+ - If set, Services do not allow ownership of nick names, only ownership of accounts.
+ type: bool
+ default: false
+ anope_nickserv_module_passlen:
+ description:
+ - The maximum length of passwords.
+ type: int
+ default: 32
+ anope_chanserv_service_nick:
+ description:
+ - The name of the ChanServ client.
+ type: str
+ default: ChanServ
+ anope_chanserv_servie_user:
+ description:
+ - The username of the ChanServ client.
+ type: str
+ default: services
+ anope_chanserv_service_host:
+ description:
+ - The hostname of the ChanServ client.
+ type: str
+ default: services.host
+ anope_chanserv_service_gecos:
+ description:
+ - The realname of the ChanServ client.
+ type: str
+ default: Channel Registration Service
+ anope_chanserv_module_client:
+ description:
+ - The name of the client that should be ChanServ.
+ type: str
+ default: ChanServ
+ anope_chanserv_module_defaults:
+ description:
+ - The default options for newly registered channels.
+ type: list
+ elements: str
+ default: [keeptopic, peace, cs_secure, securefounder, signkick]
+ anope_chanserv_module_maxregistered:
+ description:
+ - The maximum number of channels which may be registered to a single nickname.
+ type: int
+ default: 20
+ anope_chanserv_module_expire:
+ description:
+ - The length of time before a channel registration expires.
+ type: str
+ default: 14d
+ anope_chanserv_module_accessmax:
+ description:
+ - "The maximum number of entries on a channel's access list."
+ type: int
+ default: 1024
+ anope_chanserv_module_inhabit:
+ description:
+ - >-
+ The length of time ChanServ stays in a channel after kicking a user from a channel they are not permitted
+ to be in.
+ type: str
+ default: 15s
+ anope_chanserv_module_reasonmax:
+ description:
+ - The maximum length of the reason field for user commands such as chanserv/kick and chanserv/ban.
+ type: int
+ default: 200
+ anope_chanserv_module_signkickformat:
+ description:
+ - The message formatting to use for signed kick messages.
+ - "%n is the nick of the kicker."
+ - "%m is the message specified."
+ type: str
+ default: "%m (%n)"
+ anope_chanserv_module_disallow_hostmask_access:
+ description:
+ - If set, prevents channel access entries from containing hostmasks.
+ type: bool
+ default: false
+ anope_chanserv_module_disallow_channel_access:
+ description:
+ - If set, prevents channels from being on access lists.
+ type: bool
+ default: false
+ anope_chanserv_module_always_lower_ts:
+ description:
+ - If set, ChanServ will always lower the timestamp of registered channels to their registration date.
+ type: bool
+ default: false
diff --git a/roles/anope/tasks/config.yml b/roles/anope/tasks/config.yml
index f538608..2b31174 100644
--- a/roles/anope/tasks/config.yml
+++ b/roles/anope/tasks/config.yml
@@ -1,29 +1,29 @@
---
-- name: render anope config files
- template:
+- name: Render anope config files
+ ansible.builtin.template:
src: etc/anope/{{ item }}.conf.j2
dest: /etc/anope/{{ item }}.conf
owner: root
group: irc
- mode: 0640
+ mode: "0640"
loop:
- services
- nickserv
- chanserv
- notify: restart anope
+ notify: Restart anope
-- name: render /etc/default/anope
- template:
+- name: Render /etc/default/anope
+ ansible.builtin.template:
src: etc/default/anope.j2
dest: /etc/default/anope
owner: root
group: root
- mode: 0644
- notify: restart anope
+ mode: "0644"
+ notify: Restart anope
-- name: start and enable anope
- service:
+- name: Start and enable anope
+ ansible.builtin.service:
name: anope
state: started
- enabled: yes
+ enabled: true
diff --git a/roles/anope/tasks/install.yml b/roles/anope/tasks/install.yml
index a69f632..6201f3a 100644
--- a/roles/anope/tasks/install.yml
+++ b/roles/anope/tasks/install.yml
@@ -1,7 +1,7 @@
---
-- name: install anope
- apt:
+- name: Install anope
+ ansible.builtin.apt:
name: anope
# anope recommends default-mta, which resolves to exim
- install_recommends : no
+ install_recommends: false
diff --git a/roles/anope/tasks/main.yml b/roles/anope/tasks/main.yml
index 542cbf0..a4faeeb 100644
--- a/roles/anope/tasks/main.yml
+++ b/roles/anope/tasks/main.yml
@@ -1,11 +1,13 @@
---
-- import_tasks: install.yml
+- name: Install Anope
+ ansible.builtin.import_tasks: install.yml
tags:
- "role::anope"
- "role::anope:install"
-- import_tasks: config.yml
+- name: Configure Anope
+ ansible.builtin.import_tasks: config.yml
tags:
- "role::anope"
- "role::anope:config"
diff --git a/roles/inspircd/README.md b/roles/inspircd/README.md
new file mode 100644
index 0000000..ffef740
--- /dev/null
+++ b/roles/inspircd/README.md
@@ -0,0 +1,5 @@
+# Role s3lph.irc.inspircd
+
+Documentation in `meta/argument_specs.yml`.
+
+A usage example can be found in the `docs` folder of the collection.
diff --git a/roles/inspircd/defaults/main.yml b/roles/inspircd/defaults/main.yml
index ee84c9e..b219a25 100644
--- a/roles/inspircd/defaults/main.yml
+++ b/roles/inspircd/defaults/main.yml
@@ -72,7 +72,7 @@ inspircd_autoconnect: []
inspircd_links: {}
inspircd_ulines: []
-inspircd_sasl_requiressl: yes
+inspircd_sasl_requiressl: true
inspircd_oper_classes:
Shutdown:
diff --git a/roles/inspircd/handlers/main.yml b/roles/inspircd/handlers/main.yml
index 1aeaf6f..3fb34de 100644
--- a/roles/inspircd/handlers/main.yml
+++ b/roles/inspircd/handlers/main.yml
@@ -1,11 +1,11 @@
---
-- name: restart inspircd
- service:
+- name: Restart inspircd
+ ansible.builtin.service:
name: inspircd
state: restarted
-- name: reload inspircd
- service:
+- name: Reload inspircd
+ ansible.builtin.service:
name: inspircd
state: reloaded
diff --git a/roles/inspircd/meta/argument_specs.yml b/roles/inspircd/meta/argument_specs.yml
new file mode 100644
index 0000000..690873e
--- /dev/null
+++ b/roles/inspircd/meta/argument_specs.yml
@@ -0,0 +1,183 @@
+---
+
+argument_specs:
+
+ main:
+ version_added: "0.0.1"
+ short_description: Install and configure InspIRCd.
+ description:
+ - "Install and configure the L(InspIRCd,https://www.inspircd.org/) IRC daemon."
+ - "Execution of this role can be limited using the following tags:"
+ - "C(role::inspircd:install): Install InspIRCd from distribution packages."
+ - "C(role::inspircd:config): Render the InspIRCd configuration."
+ - "C(role::inspircd): Apply all of the above."
+ author: s3lph
+ options:
+ inspircd_modules:
+ description:
+ - Modules to load.
+ type: list
+ elements: str
+ default:
+ - argon2
+ - bcrypt
+ - botmode
+ - cap
+ - connflood
+ - ircv3
+ - ircv3_batch
+ - ircv3_capnotify
+ - ircv3_ctctags
+ - ircv3_labeledresponse
+ - ircv3_msgid
+ - ircv3_servertime
+ - messageflood
+ - password_hash
+ - pbkdf2
+ - sha256
+ - showfile
+ - sslmodes
+ - sslrehashsignal
+ - ssl_gnutls
+ - spanningtree
+ - userip
+ - watch
+ inspircd_modules_additional:
+ description:
+ - Additional modules to load.
+ type: list
+ elements: str
+ default: []
+ inspircd_server_hostname:
+ description:
+ - The hostname of the local server.
+ type: str
+ default: "{{ inventory_hostname }}"
+ inspircd_server_description:
+ description:
+ - A description of the local server.
+ type: str
+ default: "{{ inventory_hostname }}"
+ inspircd_server_network:
+ description:
+ - The name of the IRC network the local server is attached to.
+ type: str
+ default: "{{ inventory_hostname }}"
+ inspircd_options_casemapping:
+ description:
+ - The casemapping to use when comparing channel and nicknames insensitively.
+ type: str
+ default: ascii
+ inspircd_admin_nick:
+ description:
+ - The nickname of the server operator.
+ type: str
+ default: admin
+ inspircd_admin_email:
+ description:
+ - The email address of the server operator.
+ type: str
+ default: noreply@example.com
+ inspircd_motd:
+ description:
+ - Message of the day, ie. shown to users when they connect or use the /MOTD command.
+ type: str
+ default: |2
+ CCCC H H A N N GGGG EEEEE M M EEEEE
+ C H H A A NN N G E MM MM E
+ C HHHHH A A N N N G GG EEE M M M EEE
+ C H H AAAAA N NN G G E M M E
+ CCCC H H A A N N GGGG EEEEE M M EEEEE
+ inspircd_log_method:
+ description:
+ - The method to use for storing logs.
+ type: str
+ default: file
+ inspircd_log_types:
+ description:
+ - List of types of message to log.
+ type: list
+ elements: str
+ default:
+ - CHANNELS
+ - COMMAND
+ - MODE
+ - MODULE
+ - SOCKET
+ - STARTUP
+ - core_channel
+ - core_oper
+ - core_reloadmodule
+ - m_sasl
+ - m_spanningtree
+ - m_ssl_gnutls
+ - m_sslinfo
+ - m_topiclock
+ inspircd_log_level:
+ description:
+ - The level of messages to log.
+ type: str
+ default: default
+ inspircd_log_target:
+ description:
+ - The location to write the log to.
+ type: str
+ default: inspircd.log
+ inspircd_log_flush:
+ description:
+ - After how many lines to flush the log to disk.
+ type: int
+ default: 20
+ inspircd_gnutls_profiles:
+ description:
+ - This MUST be set to the name of a GnuTLS TLS (SSL) profile to listen for secure connections with GnuTLS.
+ type: dict
+ default: {}
+ inspircd_bind:
+ description:
+ - Endpoints to listen for connections on.
+ type: list
+ elements: dict
+ default:
+ - address: "::1"
+ port: 6667
+ inspircd_autoconnect:
+ description:
+ - One or more servers to attempt to connect to.
+ type: list
+ elements: dict
+ default: []
+ inspircd_links:
+ description:
+ - Defines servers to link with.
+ type: dict
+ default: {}
+ inspircd_ulines:
+ description:
+ - Defines one or more services servers.
+ type: list
+ elements: dict
+ default: []
+ inspircd_sasl_requiressl:
+ description:
+ - Whether TLS (SSL) is required to use SASL.
+ type: bool
+ default: true
+ inspircd_oper_classes:
+ description:
+ - If defined then a connect class to assign users who log into this server operator account to.
+ type: dict
+ inspircd_oper_types:
+ description:
+ - Types of server operators.
+ type: dict
+ inspircd_opers:
+ description:
+ - Server operator accounts.
+ type: dict
+ default: {}
+ inspircd_additional_config:
+ description:
+ - Wildcard option to append arbitrary additional configuration.
+ type: str
+ default: ""
diff --git a/roles/inspircd/tasks/config.yml b/roles/inspircd/tasks/config.yml
index d9d18a3..0a79199 100644
--- a/roles/inspircd/tasks/config.yml
+++ b/roles/inspircd/tasks/config.yml
@@ -1,25 +1,25 @@
---
-- name: render /etc/inspircd/motd.txt
- copy:
+- name: Render /etc/inspircd/motd.txt
+ ansible.builtin.copy:
content: "{{ inspircd_motd }}"
dest: /etc/inspircd/motd.txt
owner: root
group: root
- mode: 0644
- notify: reload inspircd
+ mode: "0644"
+ notify: Reload inspircd
-- name: render /etc/inspircd/inspircd.conf
- template:
+- name: Render /etc/inspircd/inspircd.conf
+ ansible.builtin.template:
src: etc/inspircd/inspircd.conf.j2
dest: /etc/inspircd/inspircd.conf
owner: root
group: root
- mode: 0644
- notify: reload inspircd
+ mode: "0644"
+ notify: Reload inspircd
-- name: start and enable inspircd
- service:
+- name: Start and enable inspircd
+ ansible.builtin.service:
name: inspircd
state: started
- enabled: yes
+ enabled: true
diff --git a/roles/inspircd/tasks/install.yml b/roles/inspircd/tasks/install.yml
index 59750bb..c06b8fd 100644
--- a/roles/inspircd/tasks/install.yml
+++ b/roles/inspircd/tasks/install.yml
@@ -1,21 +1,13 @@
---
-- name: add s3lphrepo key
- apt_key:
- url: https://kernelpanic.lol/repo/repo.gpg
-
-- name: add s3lphrepo
- apt_repository:
- repo: deb https://kernelpanic.lol/repo stable main
-
-- name: install inspircd
- package:
+- name: Install InspIRCd
+ ansible.builtin.apt:
name: inspircd
-- name: install inspircd acme deploy hook
- template:
+- name: Install InspIRCd ACME deploy hook
+ ansible.builtin.template:
src: usr/local/bin/acme-deploy-inspircd.j2
dest: /usr/local/bin/acme-deploy-inspircd
owner: root
group: root
- mode: 0755
+ mode: "0755"
diff --git a/roles/inspircd/tasks/main.yml b/roles/inspircd/tasks/main.yml
index c1df2a2..9265811 100644
--- a/roles/inspircd/tasks/main.yml
+++ b/roles/inspircd/tasks/main.yml
@@ -1,11 +1,13 @@
---
-- import_tasks: install.yml
+- name: Install InspIRCd
+ ansible.builtin.import_tasks: install.yml
tags:
- "role::inspircd"
- "role::inspircd:install"
-- import_tasks: config.yml
+- name: Configure InspIRCd
+ ansible.builtin.import_tasks: config.yml
tags:
- "role::inspircd"
- "role::inspircd:config"