Compare commits

..

2 commits

Author SHA1 Message Date
67191fd363 reduce permissions while creating config files
simple configuration changes will no longer require root access, however
you may have to chown -R ircd:ircd ircd to fix some of the permissions

creating init services now lives in a new playbook, `enable.yml` which
does require root access
2022-07-23 21:45:48 -04:00
787af75211 ensure ircd/etc directory gets created 2022-07-23 21:31:51 -04:00
4 changed files with 40 additions and 24 deletions

View file

@ -3,10 +3,12 @@
ansible playbook for solanum that supports hosts running debian or alpine ansible playbook for solanum that supports hosts running debian or alpine
## setup ## setup
- add new host to your hosts file - add new host to your ansible hosts file
- run `solanum.yml` on new host to compile solanum - run `solanum.yml` on new host to compile solanum
- (optional) add your ssh key to ircd user
- (optional) add your `ssl.pem` and `ssl.key` to `/home/ircd/ircd/etc/`. you probably want to make a cronjob for acme to automatically do this when the cert expires. make sure to `openssl dhparam -out dh.pem 2048` in `/home/ircd/ircd/etc/` to make safe dh parameters! - (optional) add your `ssl.pem` and `ssl.key` to `/home/ircd/ircd/etc/`. you probably want to make a cronjob for acme to automatically do this when the cert expires. make sure to `openssl dhparam -out dh.pem 2048` in `/home/ircd/ircd/etc/` to make safe dh parameters!
- run config.yml on the whole network - run `config.yml` on the whole network
- run `enable.yml` on new host to enable and install the service file
- repeat steps periodically for network maintainance - repeat steps periodically for network maintainance
## hosts ini ## hosts ini

View file

@ -1,5 +1,5 @@
- hosts: all - hosts: all
remote_user: root remote_user: ircd
tasks: tasks:
- name: check for ssl cert - name: check for ssl cert
@ -27,26 +27,7 @@
src: challenge/ src: challenge/
dest: /home/ircd/ircd/challenge/ dest: /home/ircd/ircd/challenge/
- name: create openrc service
template:
src: openrc.j2
dest: /etc/init.d/solanum
mode: 0755
when: ansible_distribution == 'Alpine'
- name: create systemd service
template:
src: systemd.j2
dest: /etc/systemd/system/solanum.service
mode: 0755
when: ansible_distribution == 'Debian'
- name: enable service
service:
name: solanum
state: started
enabled: yes
ignore_errors: yes
- name: reload solanum - name: reload solanum
command: killall -1 solanum command: killall -1 solanum
ignore_errors: yes

25
enable.yml Normal file
View file

@ -0,0 +1,25 @@
- hosts: all
remote_user: root
tasks:
- name: create openrc service
template:
src: openrc.j2
dest: /etc/init.d/solanum
mode: 0755
when: ansible_distribution == 'Alpine'
- name: create systemd service
template:
src: systemd.j2
dest: /etc/systemd/system/solanum.service
mode: 0755
when: ansible_distribution == 'Debian'
- name: enable service
service:
name: solanum
state: started
enabled: yes
ignore_errors: yes

View file

@ -59,3 +59,11 @@
become: yes become: yes
become_user: ircd become_user: ircd
- name: ensure etc directory
file:
path: /home/ircd/ircd/etc
state: directory
mode: '0755'
become: yes
become_user: ircd