ansible playbook for vulpineawoo
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
xfnw ec87474b91 add note about certbot 2 months ago
challenge rotate xfnw's challenge key 5 months ago add note about certbot 2 months ago
auth.j2 kline exempt the tor service 11 months ago
class.j2 fix various systemd-caused bugs 1 year ago
config.yml reduce permissions while creating config files 2 months ago
connect.j2 init 1 year ago
dnsbl.j2 change reject reason 10 months ago
enable.yml reduce permissions while creating config files 2 months ago
ircd.j2 modify privsets 3 months ago
motd.j2 minor config and motd changes 7 months ago
openrc.j2 alpine: fix some breaking changes 7 months ago
operator.j2 welp my rdns is broke 6 months ago
solanum-edge.yml track more debian dependencies 5 months ago
solanum.yml ensure ircd/etc directory gets created 2 months ago
systemd.j2 fix various systemd-caused bugs 1 year ago
unconfigure.yml make unconfigure consistent with other playbooks 7 months ago


ansible playbook for solanum that supports hosts running debian or alpine


  • add new host to your ansible hosts file
  • run solanum.yml on new host to compile solanum
  • (optional) add your ssh key to ircd user
  • (optional) add your ssl.pem and ssl.key to /home/ircd/ircd/etc/. you probably want to make a cronjob for acme to automatically do this when the cert expires. make sure to openssl dhparam -out dh.pem 2048 in /home/ircd/ircd/etc/ to make safe dh parameters!
  • run config.yml on the whole network
  • run enable.yml on new host to enable and install the service file
  • repeat steps periodically for network maintainance

hosts ini

everything except the server name, linkpass, and sid are optional and have sane defaults

name.of.the.server linkpass=yourreceivepassword sid=123 paport=6697 sponsor='nice person' services=linkpass description='very good server'

  • linkpass: password to receive from other linking servers. preferrably use something random for each one
  • sid: the Server ID for the server to use, in the format [0-9][A-Z0-9][A-Z0-9]
  • autoconn: server name to autoconnect to in the connect {} block
  • paport: port for other servers to use for linking
  • pahost: hostname for other servers to use for linking
  • ansible_host: hostname for ansible to use
  • sponsor: put a little 'server donated by' message in the MOTD
  • services: password to accept for services connecting over localhost, use only on the server that links to services
  • description: description for server in whois etc


  • ini seems to have horrible variable typing, so weird things can happen like sid=2E5 turning into sid=200000 (even if you quote it, wtf). use yaml for your hosts file if you need strict typing
  • this playbook currently only supports each server having one server set to autoconn


consider adding --preferred-chain 'ISRG Root X1' to certbot invocations if getting cert from letsencrypt. their old cross signature is expired but still included to support older android devices, however this breaks some irc clients like mIRC. this option requests the cert without the expired cross signature