vulpineawoo
/
playbook
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
ansible playbook for vulpineawoo
50 Commits 1 Branch 0 Tags 128 KiB
Jinja 100%
Go to file
xfnw 67191fd363 reduce permissions while creating config files 
simple configuration changes will no longer require root access, however
you may have to chown -R ircd:ircd ircd to fix some of the permissions

creating init services now lives in a new playbook, `enable.yml` which
does require root access
 		2022-07-23 21:45:48 -04:00
challenge rotate xfnw's challenge key 2022-04-26 20:28:09 -04:00
README.md reduce permissions while creating config files 2022-07-23 21:45:48 -04:00
auth.j2 kline exempt the tor service 2021-11-04 20:52:30 -04:00
class.j2 fix various systemd-caused bugs 2021-07-15 00:31:58 -04:00
config.yml reduce permissions while creating config files 2022-07-23 21:45:48 -04:00
connect.j2 init 2021-07-14 22:54:14 -04:00
dnsbl.j2 change reject reason 2021-11-21 13:37:57 -05:00
enable.yml reduce permissions while creating config files 2022-07-23 21:45:48 -04:00
ircd.j2 modify privsets 2022-07-04 19:15:17 -04:00
motd.j2 minor config and motd changes 2022-03-05 15:25:48 -05:00
openrc.j2 alpine: fix some breaking changes 2022-03-05 15:24:13 -05:00
operator.j2 welp my rdns is broke 2022-04-14 16:19:59 -04:00
solanum-edge.yml track more debian dependencies 2022-04-30 13:41:57 -04:00
solanum.yml ensure ircd/etc directory gets created 2022-07-23 21:31:51 -04:00
systemd.j2 fix various systemd-caused bugs 2021-07-15 00:31:58 -04:00
unconfigure.yml make unconfigure consistent with other playbooks 2022-03-11 11:27:15 -05:00

README.md

va-playbook

ansible playbook for solanum that supports hosts running debian or alpine

setup

  • add new host to your ansible hosts file
  • run solanum.yml on new host to compile solanum
  • (optional) add your ssh key to ircd user
  • (optional) add your ssl.pem and ssl.key to /home/ircd/ircd/etc/. you probably want to make a cronjob for acme to automatically do this when the cert expires. make sure to openssl dhparam -out dh.pem 2048 in /home/ircd/ircd/etc/ to make safe dh parameters!
  • run config.yml on the whole network
  • run enable.yml on new host to enable and install the service file
  • repeat steps periodically for network maintainance

hosts ini

everything except the server name, linkpass, and sid are optional and have sane defaults

name.of.the.server linkpass=yourreceivepassword sid=123 autoconn=other.server.name paport=6697 pahost=name.accessable.by.other.hosts ansible_host=name.accessable.by.playbook sponsor='nice person' services=linkpass description='very good server'

  • linkpass: password to receive from other linking servers. preferrably use something random for each one
  • sid: the Server ID for the server to use, in the format [0-9][A-Z0-9][A-Z0-9]
  • autoconn: server name to autoconnect to in the connect {} block
  • paport: port for other servers to use for linking
  • pahost: hostname for other servers to use for linking
  • ansible_host: hostname for ansible to use
  • sponsor: put a little 'server donated by' message in the MOTD
  • services: password to accept for services connecting over localhost, use only on the server that links to services
  • description: description for server in whois etc

caveats

  • ini seems to have horrible variable typing, so weird things can happen like sid=2E5 turning into sid=200000 (even if you quote it, wtf). use yaml for your hosts file if you need strict typing
  • this playbook currently only supports each server having one server set to autoconn