fix various systemd-caused bugs

2021-07-15 00:31:58 -04:00 · 2021-07-15 00:31:58 -04:00 · 33692b7b74
commit 33692b7b74
parent fd84538016
7 changed files with 100 additions and 6 deletions
--- a/.gitignore
+++ b/.gitignore
@ -1 +0,0 @@
-hosts
--- a/auth.j2
+++ b/auth.j2
@ -49,6 +49,73 @@ auth {
        class = "opers";
 };

+auth {
+	user = "*@024-196-237-116.res.spectrum.com";
+	user = "*@2600:6c5a:517f:e075::/64";
+
+	#password = "letmein";
+
+	spoof = "click.click.manokit";
+
+	/* Possible flags in auth:
+	 *
+	 * encrypted		  | password is encrypted with mkpasswd
+	 * spoof_notice	       | give a notice when spoofing hosts
+	 * exceed_limit (old > flag)  | allow user to exceed class user limits
+	 * kline_exempt (old ^ flag)  | exempt this user from k/g/xlines,
+	 *			    | dnsbls, and proxies
+	 * proxy_exempt	       | exempt this user from proxies
+	 * dnsbl_exempt	       | exempt this user from dnsbls
+	 * spambot_exempt	     | exempt this user from spambot checks
+	 * shide_exempt	       | exempt this user from serverhiding
+	 * jupe_exempt		| exempt this user from generating
+	 *			      warnings joining juped channels
+	 * resv_exempt		| exempt this user from resvs
+	 * flood_exempt	       | exempt this user from flood limits
+	 *			      USE WITH CAUTION.
+	 * no_tilde     (old - flag)  | don't prefix ~ to username if no ident
+	 * need_ident   (old + flag)  | require ident for user in this class
+	 * need_ssl		   | require SSL/TLS for user in this class
+	 * need_sasl		  | require SASL id for user in this class
+	 */
+	#flags = flood_exempt;
+	class = "users";
+};
+
+auth {
+	user = "*@localhost";
+
+	/* spoof: fake the users user@host to be be this.  You may either
+	 * specify a host or a user@host to spoof to.  This is free-form,
+	 * just do everyone a favour and dont abuse it. (OLD I: = flag)
+	 */
+	spoof = "gateway/tor/unidentified";
+
+	/* Possible flags in auth:
+	 *
+	 * encrypted		  | password is encrypted with mkpasswd
+	 * spoof_notice	       | give a notice when spoofing hosts
+	 * exceed_limit (old > flag)  | allow user to exceed class user limits
+	 * kline_exempt (old ^ flag)  | exempt this user from k/g/xlines,
+	 *			    | dnsbls, and proxies
+	 * proxy_exempt	       | exempt this user from proxies
+	 * dnsbl_exempt	       | exempt this user from dnsbls
+	 * spambot_exempt	     | exempt this user from spambot checks
+	 * shide_exempt	       | exempt this user from serverhiding
+	 * jupe_exempt		| exempt this user from generating
+	 *			      warnings joining juped channels
+	 * resv_exempt		| exempt this user from resvs
+	 * flood_exempt	       | exempt this user from flood limits
+	 *			      USE WITH CAUTION.
+	 * no_tilde     (old - flag)  | don't prefix ~ to username if no ident
+	 * need_ident   (old + flag)  | require ident for user in this class
+	 * need_ssl		   | require SSL/TLS for user in this class
+	 * need_sasl		  | require SASL id for user in this class
+	 */
+	flags = dnsbl_exempt;
+	class = "users";
+};
+
 auth {
 	user = "*@*";
 	class = "users";
--- a/class.j2
+++ b/class.j2
@ -13,6 +13,15 @@ class "users" {
 	sendq = 400 kbytes;
 };

+class "bigusers" {
+	ping_time = 2 minutes;
+	number_per_ident = 10;
+	number_per_ip = 100;
+	number_per_ip_global = 200;
+	max_number = 3000;
+	sendq = 400 kbytes;
+};
+
 class "opers" {
 	ping_time = 5 minutes;
 	number_per_ip = 100;
--- a/ircd.j2
+++ b/ircd.j2
@ -28,7 +28,7 @@ loadmodule "extensions/override_kick_immunity";

 serverinfo {
 	name = "{{ inventory_hostname }}";
-	sid = "{{ sid }}";
+	sid = "{{ serverid }}";
 	description = "{% if description is defined %}{{ description }}{% else %}solanum fox server{% endif %}";
 	network_name = "vulpineawoo";

--- a/operator.j2
+++ b/operator.j2
@ -0,0 +1,14 @@
+operator "xfnw" {
+	user = "xfnw@tilde.team";
+	user = "16abab341f@foxes.are.allowed.org";
+	user = "*@96.231.99.178";
+
+	password = "$6$TWgh5Wy71KMT5ZxY$gj.fK1if5.JFYg72cKixl34eW3EaFX3KucKwBHA1gjYQbCmFWXEkOwF1AwKveSh5IRMC0yD7/F2qipe.zSs9u0";
+	umodes = locops, servnotice, operwall, wallop;
+
+	snomask = "+Zbcdfkrsuxy";
+
+	flags = encrypted;
+
+	privset = "jellyfish";
+};
--- a/solanum.yml
+++ b/solanum.yml
@ -1,4 +1,5 @@
 - hosts: all
+  remote_user: root

  tasks:
    - name: install dependencies for alpine
@ -9,7 +10,7 @@

    - name: install dependencies for debian
      package:
-        name: sudo,buildessential,autotools-dev,automake,cmake,make,libtool,byacc,flex,openssl-dev,sqlite3
+        name: sudo,build-essential,autotools-dev,automake,cmake,make,libtool,byacc,flex,openssl,sqlite3,libsqlite3-dev
        state: present
      when: ansible_distribution == 'Debian'

@ -95,5 +96,9 @@
    - name: enable service
      service:
        name: solanum
-        state: reloaded
+        state: started
        enabled: yes
+
+    - name: reload solanum
+      command: killall -1 solanum
+
--- a/systemd.j2
+++ b/systemd.j2
@ -2,9 +2,9 @@
 Description=solanum ircd

 [Service]
-Type=forking
 User=ircd
-ExecStart=/home/ircd/ircd/bin/solanum
+ExecStart=/home/ircd/ircd/bin/solanum -foreground
+ExecReload=kill -HUP $MAINPID

 [Install]
 WantedBy=default.target