playbook/README.md

# va-playbook

ansible playbook for solanum that supports hosts running debian or alpine

## setup
- add new host to your ansible hosts file
- run `solanum.yml` on new host to compile solanum
- (optional) add your ssh key to ircd user
- (optional) add your `ssl.pem` and `ssl.key` to `/home/ircd/ircd/etc/`. you probably want to make a cronjob for acme to automatically do this when the cert expires. make sure to `openssl dhparam -out dh.pem 2048` in `/home/ircd/ircd/etc/` to make safe dh parameters!
- run `config.yml` on the whole network
- run `enable.yml` on new host to enable and install the service file
- repeat steps periodically for network maintainance

## hosts ini
everything except the server name, `linkpass`, and `sid` are optional and have sane defaults

`
name.of.the.server linkpass=yourreceivepassword sid=123 autoconn=other.server.name paport=6697 pahost=name.accessable.by.other.hosts ansible_host=name.accessable.by.playbook sponsor='nice person' services=linkpass description='very good server'
`

- linkpass: password to receive from other linking servers. preferrably use something random for each one
- sid: the Server ID for the server to use, in the format `[0-9][A-Z0-9][A-Z0-9]`
- autoconn: server name to autoconnect to in the `connect {}` block
- paport: port for other servers to use for linking
- pahost: hostname for other servers to use for linking
- ansible_host: hostname for ansible to use
- sponsor: put a little 'server donated by' message in the MOTD
- services: password to accept for services connecting over localhost, use only on the server that links to services
- description: description for server in whois etc

## caveats
- ini seems to have horrible variable typing, so weird things can happen like `sid=2E5` turning into `sid=200000` (even if you quote it, wtf). use yaml for your hosts file if you need strict typing
- this playbook currently only supports each server having one server set to `autoconn`

## certbot
consider adding `--preferred-chain 'ISRG Root X1'` to
certbot invocations if getting cert from letsencrypt. their
old cross signature is expired but still included to support
older android devices, however this breaks some irc clients
like mIRC. this option requests the cert without the expired
cross signature
small readme changes 2021-07-28 15:39:22 +00:00			`# va-playbook`
create readme 2021-07-28 15:36:27 +00:00
			`ansible playbook for solanum that supports hosts running debian or alpine`

			`## setup`
reduce permissions while creating config files simple configuration changes will no longer require root access, however you may have to chown -R ircd:ircd ircd to fix some of the permissions creating init services now lives in a new playbook, `enable.yml` which does require root access 2022-07-24 01:45:48 +00:00			`- add new host to your ansible hosts file`
small readme changes 2021-07-28 15:39:22 +00:00			- run `solanum.yml` on new host to compile solanum
reduce permissions while creating config files simple configuration changes will no longer require root access, however you may have to chown -R ircd:ircd ircd to fix some of the permissions creating init services now lives in a new playbook, `enable.yml` which does require root access 2022-07-24 01:45:48 +00:00			`- (optional) add your ssh key to ircd user`
mention dh params in readme 2022-07-01 23:17:12 +00:00			- (optional) add your `ssl.pem` and `ssl.key` to `/home/ircd/ircd/etc/`. you probably want to make a cronjob for acme to automatically do this when the cert expires. make sure to `openssl dhparam -out dh.pem 2048` in `/home/ircd/ircd/etc/` to make safe dh parameters!
reduce permissions while creating config files simple configuration changes will no longer require root access, however you may have to chown -R ircd:ircd ircd to fix some of the permissions creating init services now lives in a new playbook, `enable.yml` which does require root access 2022-07-24 01:45:48 +00:00			- run `config.yml` on the whole network
			- run `enable.yml` on new host to enable and install the service file
small readme changes 2021-07-28 15:39:22 +00:00			`- repeat steps periodically for network maintainance`
create readme 2021-07-28 15:36:27 +00:00
			`## hosts ini`
			everything except the server name, `linkpass`, and `sid` are optional and have sane defaults
small readme changes 2021-07-28 15:39:22 +00:00
			`
document description in readme 2021-10-29 21:02:30 +00:00			`name.of.the.server linkpass=yourreceivepassword sid=123 autoconn=other.server.name paport=6697 pahost=name.accessable.by.other.hosts ansible_host=name.accessable.by.playbook sponsor='nice person' services=linkpass description='very good server'`
small readme changes 2021-07-28 15:39:22 +00:00			`

create readme 2021-07-28 15:36:27 +00:00			`- linkpass: password to receive from other linking servers. preferrably use something random for each one`
			- sid: the Server ID for the server to use, in the format `[0-9][A-Z0-9][A-Z0-9]`
			- autoconn: server name to autoconnect to in the `connect {}` block
			`- paport: port for other servers to use for linking`
			`- pahost: hostname for other servers to use for linking`
			`- ansible_host: hostname for ansible to use`
change wording for sponsor var a little 2021-07-28 15:55:53 +00:00			`- sponsor: put a little 'server donated by' message in the MOTD`
create readme 2021-07-28 15:36:27 +00:00			`- services: password to accept for services connecting over localhost, use only on the server that links to services`
document description in readme 2021-10-29 21:02:30 +00:00			`- description: description for server in whois etc`
add caveats 2021-07-28 15:51:52 +00:00
			`## caveats`
			- ini seems to have horrible variable typing, so weird things can happen like `sid=2E5` turning into `sid=200000` (even if you quote it, wtf). use yaml for your hosts file if you need strict typing
			- this playbook currently only supports each server having one server set to `autoconn`
add note about certbot 2022-07-30 23:19:21 +00:00
			`## certbot`
			consider adding `--preferred-chain 'ISRG Root X1'` to
			`certbot invocations if getting cert from letsencrypt. their`
			`old cross signature is expired but still included to support`
			`older android devices, however this breaks some irc clients`
			`like mIRC. this option requests the cert without the expired`
			`cross signature`