vulpineawoo
/
playbook
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
ansible playbook for vulpineawoo
51 Commits 1 Branch 0 Tags 128 KiB
Jinja 100%
Go to file
xfnw ec87474b91 add note about certbot 2022-07-30 19:19:21 -04:00
challenge rotate xfnw's challenge key 2022-04-26 20:28:09 -04:00
README.md add note about certbot 2022-07-30 19:19:21 -04:00
auth.j2 kline exempt the tor service 2021-11-04 20:52:30 -04:00
class.j2 fix various systemd-caused bugs 2021-07-15 00:31:58 -04:00
config.yml reduce permissions while creating config files 2022-07-23 21:45:48 -04:00
connect.j2 init 2021-07-14 22:54:14 -04:00
dnsbl.j2 change reject reason 2021-11-21 13:37:57 -05:00
enable.yml reduce permissions while creating config files 2022-07-23 21:45:48 -04:00
ircd.j2 modify privsets 2022-07-04 19:15:17 -04:00
motd.j2 minor config and motd changes 2022-03-05 15:25:48 -05:00
openrc.j2 alpine: fix some breaking changes 2022-03-05 15:24:13 -05:00
operator.j2 welp my rdns is broke 2022-04-14 16:19:59 -04:00
solanum-edge.yml track more debian dependencies 2022-04-30 13:41:57 -04:00
solanum.yml ensure ircd/etc directory gets created 2022-07-23 21:31:51 -04:00
systemd.j2 fix various systemd-caused bugs 2021-07-15 00:31:58 -04:00
unconfigure.yml make unconfigure consistent with other playbooks 2022-03-11 11:27:15 -05:00

README.md

va-playbook

ansible playbook for solanum that supports hosts running debian or alpine

setup

  • add new host to your ansible hosts file
  • run solanum.yml on new host to compile solanum
  • (optional) add your ssh key to ircd user
  • (optional) add your ssl.pem and ssl.key to /home/ircd/ircd/etc/. you probably want to make a cronjob for acme to automatically do this when the cert expires. make sure to openssl dhparam -out dh.pem 2048 in /home/ircd/ircd/etc/ to make safe dh parameters!
  • run config.yml on the whole network
  • run enable.yml on new host to enable and install the service file
  • repeat steps periodically for network maintainance

hosts ini

everything except the server name, linkpass, and sid are optional and have sane defaults

name.of.the.server linkpass=yourreceivepassword sid=123 autoconn=other.server.name paport=6697 pahost=name.accessable.by.other.hosts ansible_host=name.accessable.by.playbook sponsor='nice person' services=linkpass description='very good server'

  • linkpass: password to receive from other linking servers. preferrably use something random for each one
  • sid: the Server ID for the server to use, in the format [0-9][A-Z0-9][A-Z0-9]
  • autoconn: server name to autoconnect to in the connect {} block
  • paport: port for other servers to use for linking
  • pahost: hostname for other servers to use for linking
  • ansible_host: hostname for ansible to use
  • sponsor: put a little 'server donated by' message in the MOTD
  • services: password to accept for services connecting over localhost, use only on the server that links to services
  • description: description for server in whois etc

caveats

  • ini seems to have horrible variable typing, so weird things can happen like sid=2E5 turning into sid=200000 (even if you quote it, wtf). use yaml for your hosts file if you need strict typing
  • this playbook currently only supports each server having one server set to autoconn

certbot

consider adding --preferred-chain 'ISRG Root X1' to certbot invocations if getting cert from letsencrypt. their old cross signature is expired but still included to support older android devices, however this breaks some irc clients like mIRC. this option requests the cert without the expired cross signature