vulpineawoo
/
playbook
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
playbook/README.md

2.2 KiB
Raw Permalink Blame History

va-playbook

ansible playbook for solanum that supports hosts running debian or alpine

setup

  • add new host to your ansible hosts file
  • run solanum.yml on new host to compile solanum
  • (optional) add your ssh key to ircd user
  • (optional) add your ssl.pem and ssl.key to /home/ircd/ircd/etc/. you probably want to make a cronjob for acme to automatically do this when the cert expires. make sure to openssl dhparam -out dh.pem 2048 in /home/ircd/ircd/etc/ to make safe dh parameters!
  • run config.yml on the whole network
  • run enable.yml on new host to enable and install the service file
  • repeat steps periodically for network maintainance

hosts ini

everything except the server name, linkpass, and sid are optional and have sane defaults

name.of.the.server linkpass=yourreceivepassword sid=123 autoconn=other.server.name paport=6697 pahost=name.accessable.by.other.hosts ansible_host=name.accessable.by.playbook sponsor='nice person' services=linkpass description='very good server'

  • linkpass: password to receive from other linking servers. preferrably use something random for each one
  • sid: the Server ID for the server to use, in the format [0-9][A-Z0-9][A-Z0-9]
  • autoconn: server name to autoconnect to in the connect {} block
  • paport: port for other servers to use for linking
  • pahost: hostname for other servers to use for linking
  • ansible_host: hostname for ansible to use
  • sponsor: put a little 'server donated by' message in the MOTD
  • services: password to accept for services connecting over localhost, use only on the server that links to services
  • description: description for server in whois etc

caveats

  • ini seems to have horrible variable typing, so weird things can happen like sid=2E5 turning into sid=200000 (even if you quote it, wtf). use yaml for your hosts file if you need strict typing
  • this playbook currently only supports each server having one server set to autoconn

certbot

consider adding --preferred-chain 'ISRG Root X1' to certbot invocations if getting cert from letsencrypt. their old cross signature is expired but still included to support older android devices, however this breaks some irc clients like mIRC. this option requests the cert without the expired cross signature