From 33692b7b743facef8dd3ae220e10ba5a46211f3a Mon Sep 17 00:00:00 2001
From: xfnw <xfnw@riseup.net>
Date: Thu, 15 Jul 2021 00:31:58 -0400
Subject: [PATCH] fix various systemd-caused bugs

---
 .gitignore  |  1 -
 auth.j2     | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++++
 class.j2    |  9 +++++++
 ircd.j2     |  2 +-
 operator.j2 | 14 +++++++++++
 solanum.yml |  9 +++++--
 systemd.j2  |  4 ++--
 7 files changed, 100 insertions(+), 6 deletions(-)
 delete mode 100644 .gitignore

diff --git a/.gitignore b/.gitignore
deleted file mode 100644
index 6ff331c..0000000
--- a/.gitignore
+++ /dev/null
@@ -1 +0,0 @@
-hosts
diff --git a/auth.j2 b/auth.j2
index 63b64af..9421af6 100644
--- a/auth.j2
+++ b/auth.j2
@@ -49,6 +49,73 @@ auth {
         class = "opers";
 };
 
+auth {
+	user = "*@024-196-237-116.res.spectrum.com";
+	user = "*@2600:6c5a:517f:e075::/64";
+
+	#password = "letmein";
+
+	spoof = "click.click.manokit";
+
+	/* Possible flags in auth:
+	 *
+	 * encrypted		  | password is encrypted with mkpasswd
+	 * spoof_notice	       | give a notice when spoofing hosts
+	 * exceed_limit (old > flag)  | allow user to exceed class user limits
+	 * kline_exempt (old ^ flag)  | exempt this user from k/g/xlines,
+	 *			    | dnsbls, and proxies
+	 * proxy_exempt	       | exempt this user from proxies
+	 * dnsbl_exempt	       | exempt this user from dnsbls
+	 * spambot_exempt	     | exempt this user from spambot checks
+	 * shide_exempt	       | exempt this user from serverhiding
+	 * jupe_exempt		| exempt this user from generating
+	 *			      warnings joining juped channels
+	 * resv_exempt		| exempt this user from resvs
+	 * flood_exempt	       | exempt this user from flood limits
+	 *			      USE WITH CAUTION.
+	 * no_tilde     (old - flag)  | don't prefix ~ to username if no ident
+	 * need_ident   (old + flag)  | require ident for user in this class
+	 * need_ssl		   | require SSL/TLS for user in this class
+	 * need_sasl		  | require SASL id for user in this class
+	 */
+	#flags = flood_exempt;
+	class = "users";
+};
+
+auth {
+	user = "*@localhost";
+
+	/* spoof: fake the users user@host to be be this.  You may either
+	 * specify a host or a user@host to spoof to.  This is free-form,
+	 * just do everyone a favour and dont abuse it. (OLD I: = flag)
+	 */
+	spoof = "gateway/tor/unidentified";
+
+	/* Possible flags in auth:
+	 *
+	 * encrypted		  | password is encrypted with mkpasswd
+	 * spoof_notice	       | give a notice when spoofing hosts
+	 * exceed_limit (old > flag)  | allow user to exceed class user limits
+	 * kline_exempt (old ^ flag)  | exempt this user from k/g/xlines,
+	 *			    | dnsbls, and proxies
+	 * proxy_exempt	       | exempt this user from proxies
+	 * dnsbl_exempt	       | exempt this user from dnsbls
+	 * spambot_exempt	     | exempt this user from spambot checks
+	 * shide_exempt	       | exempt this user from serverhiding
+	 * jupe_exempt		| exempt this user from generating
+	 *			      warnings joining juped channels
+	 * resv_exempt		| exempt this user from resvs
+	 * flood_exempt	       | exempt this user from flood limits
+	 *			      USE WITH CAUTION.
+	 * no_tilde     (old - flag)  | don't prefix ~ to username if no ident
+	 * need_ident   (old + flag)  | require ident for user in this class
+	 * need_ssl		   | require SSL/TLS for user in this class
+	 * need_sasl		  | require SASL id for user in this class
+	 */
+	flags = dnsbl_exempt;
+	class = "users";
+};
+
 auth {
 	user = "*@*";
 	class = "users";
diff --git a/class.j2 b/class.j2
index 9ff45b2..c97288f 100644
--- a/class.j2
+++ b/class.j2
@@ -13,6 +13,15 @@ class "users" {
 	sendq = 400 kbytes;
 };
 
+class "bigusers" {
+	ping_time = 2 minutes;
+	number_per_ident = 10;
+	number_per_ip = 100;
+	number_per_ip_global = 200;
+	max_number = 3000;
+	sendq = 400 kbytes;
+};
+
 class "opers" {
 	ping_time = 5 minutes;
 	number_per_ip = 100;
diff --git a/ircd.j2 b/ircd.j2
index 4eb768e..1d1c7d0 100644
--- a/ircd.j2
+++ b/ircd.j2
@@ -28,7 +28,7 @@ loadmodule "extensions/override_kick_immunity";
 
 serverinfo {
 	name = "{{ inventory_hostname }}";
-	sid = "{{ sid }}";
+	sid = "{{ serverid }}";
 	description = "{% if description is defined %}{{ description }}{% else %}solanum fox server{% endif %}";
 	network_name = "vulpineawoo";
 
diff --git a/operator.j2 b/operator.j2
index e69de29..8001216 100644
--- a/operator.j2
+++ b/operator.j2
@@ -0,0 +1,14 @@
+operator "xfnw" {
+	user = "xfnw@tilde.team";
+	user = "16abab341f@foxes.are.allowed.org";
+	user = "*@96.231.99.178";
+
+	password = "$6$TWgh5Wy71KMT5ZxY$gj.fK1if5.JFYg72cKixl34eW3EaFX3KucKwBHA1gjYQbCmFWXEkOwF1AwKveSh5IRMC0yD7/F2qipe.zSs9u0";
+	umodes = locops, servnotice, operwall, wallop;
+
+	snomask = "+Zbcdfkrsuxy";
+
+	flags = encrypted;
+
+	privset = "jellyfish";
+};
diff --git a/solanum.yml b/solanum.yml
index b6f9be0..7205a40 100644
--- a/solanum.yml
+++ b/solanum.yml
@@ -1,4 +1,5 @@
 - hosts: all
+  remote_user: root
 
   tasks:
     - name: install dependencies for alpine
@@ -9,7 +10,7 @@
 
     - name: install dependencies for debian
       package:
-        name: sudo,buildessential,autotools-dev,automake,cmake,make,libtool,byacc,flex,openssl-dev,sqlite3
+        name: sudo,build-essential,autotools-dev,automake,cmake,make,libtool,byacc,flex,openssl,sqlite3,libsqlite3-dev
         state: present
       when: ansible_distribution == 'Debian'
 
@@ -95,5 +96,9 @@
     - name: enable service
       service:
         name: solanum
-        state: reloaded
+        state: started
         enabled: yes
+
+    - name: reload solanum
+      command: killall -1 solanum
+
diff --git a/systemd.j2 b/systemd.j2
index d3207bd..e4e477f 100644
--- a/systemd.j2
+++ b/systemd.j2
@@ -2,9 +2,9 @@
 Description=solanum ircd
 
 [Service]
-Type=forking
 User=ircd
-ExecStart=/home/ircd/ircd/bin/solanum
+ExecStart=/home/ircd/ircd/bin/solanum -foreground
+ExecReload=kill -HUP $MAINPID
 
 [Install]
 WantedBy=default.target