[inspircd] PEPCRANS + prevent diffs

host_vars/irc.adm.crans.org.yml

@@ -27,10 +27,67 @@ loc_thelounge:
   public: "true"
 
 loc_inspircd:
-  cloak_key: "{{ vault.irc_inspircd_cloak_key }}"
+  cloak:
+    name: crans
+    key: "{{ vault.irc_inspircd_cloak_key }}"
   diepass: "{{ vault.irc_inspircd_diepass }}"
   restartpass: "{{ vault.irc_inspircd_restartpass }}"
   opers: "{{ vault.irc_inspircd_opers }}"
+  server:
+    name: irc.crans.org
+    description: Crans IRC server
+    network: Crans
+  admin:
+    name: Pierre-Elliott Bécue
+    nick: PEB
+    email: root@crans.org
+  bind:
+     - address: 185.230.79.11
+       type: clients
+       clair: 6667
+       ssl: 6697
+     - address: 2a0c:700:2::ff:fe01:2902
+       type: clients
+       clair: 6667
+       ssl: 6697
+     - address : 172.16.10.129
+       type: clients
+       clair: 6667
+     - address: 127.0.0.1
+       type: servers
+       clair: 6668
+  connect:
+    - name: zamok
+      allows:
+        ipv4: 185.230.79.1/32
+        ipv6: 2a0c:700:2:0:ec4:7aff:fe59:a1ad/128
+      threshold: 1
+    - name: irc
+      allows:
+        ipv4: 185.230.79.11/32
+        ipv6: 2a0c:700:2::ff:fe01:2902/128
+      threshold: 1
+    - name: gitlab
+      allows:
+        ipv4: 185.230.79.14/32
+        ipv6: 2a0c:700:2::ff:fe01:502/128
+      threshold: 10
+      commandrate: 10000
+    - name: monitoring
+      allows:
+        ipv4: 172.16.10.121/32
+        ipv6: fd00::10:ff:fe01:2110/128
+      threshold: 10
+      commandrate: 10000
+      modes: yes
+  dns: 185.230.79.62
+  services:
+    name: services.irc.crans.org
+    port: 6668
+    recvpass: "{{ vault.irc_anope_recvpass }}"
+    sendpass: "{{ vault.irc_anope_sendpass }}"
+
+
 
 loc_anope:
   recvpass: "{{ vault.irc_anope_recvpass }}"

roles/anope/templates/anope/services.conf.j2

@@ -891,33 +891,35 @@ opertype
  * As with all permissions, make sure to only give trustworthy people access to Services.
  */
 
-oper
+/*
-{
+	* oper
-	/* The nickname of this services oper */
+	* {
-	name = "Fardale"
+	*	/* The nickname of this services oper */
+	*	name = "nick"
 
-	/* The opertype this person will have */
+	*	/* The opertype this person will have */
-	type = "Services Root"
+	*	type = "Services Root"
 
-	/* If set, the user must be an oper on the IRCd to gain their Services
+	*	/* If set, the user must be an oper on the IRCd to gain their Services
-	 * oper privileges.
+	*	 * oper privileges.
+	*	 */
+	*	require_oper = yes
+
+	*	/* An optional password. If defined the user must login using "/msg OperServ LOGIN" first */
+	*	#password = "secret"
+
+	*	/* An optional SSL fingerprint. If defined, it's required to be able to use this opertype. */
+	*	#certfp = "ed3383b3f7d74e89433ddaa4a6e5b2d7"
+
+	*	/* An optional list of user@host masks. If defined the user must be connected from one of them */
+	*	#host = "*@*.anope.org ident@*"
+
+	*	/* An optional vHost to set on users who identify for this oper block.
+	*	 * This will override HostServ vHosts, and may not be available on all IRCds
+	*	 */
+	*	#vhost = "oper.mynet"
+	* }
 	*/
-	require_oper = yes
-
-	/* An optional password. If defined the user must login using "/msg OperServ LOGIN" first */
-	#password = "secret"
-
-	/* An optional SSL fingerprint. If defined, it's required to be able to use this opertype. */
-	#certfp = "ed3383b3f7d74e89433ddaa4a6e5b2d7"
-
-	/* An optional list of user@host masks. If defined the user must be connected from one of them */
-	#host = "*@*.anope.org ident@*"
-
-	/* An optional vHost to set on users who identify for this oper block.
-	 * This will override HostServ vHosts, and may not be available on all IRCds
-	 */
-	#vhost = "oper.mynet"
-}
 
 {% for oper in anope.services_roots %}
 oper

roles/inspircd/templates/inspircd/inspircd.conf.j2

@@ -9,21 +9,21 @@
 	target="/var/log/inspircd.log"
 >
 
-<server name="irc.crans.org"
+<server name="{{ inspircd.server.name }}"
-        description="Crans IRC server"
+        description="{{ inspircd.server.description }}"
-        network="Crans"
+        network="{{ inspircd.server.network }}"
         sid="3AX">
 
-<admin name="Pierre-Elliott Bécue"
+<admin name="{{ inspircd.admin.name }}"
-       nick="PEB"
+       nick="{{ inspircd.admin.nick }}"
-       email="root@crans.org">
+       email="{{ inspircd.admin.email }}">
 
-<bind address="185.230.79.11" port="6667" type="clients">
+{% for bind in inspircd.bind %}
-<bind address="185.230.79.11" port="6697" type="clients" ssl="openssl">
+<bind address="{{ bind.address }}" port="{{ bind.clair }}" type="{{ bind.type }}">
-<bind address="2a0c:700:2::ff:fe01:2902" port="6667" type="clients">
+{% if bind.ssl is defined %}
-<bind address="2a0c:700:2::ff:fe01:2902" port="6697" type="clients" ssl="openssl">
+<bind address="{{ bind.address }}" port="{{ bind.ssl }}" type="{{ bind.type }}" ssl="openssl">
-<bind address="172.16.10.129" port="6667" type="clients">
+{% endif %}
-<bind address="127.0.0.1" port="6668" type="servers">
+{% endfor %}
 
 <sslprofile
 	name="openssl"
@@ -37,102 +37,29 @@
 
 <include file="/etc/inspircd/links.conf">
 
-<connect name="zamok-ipv4"
+{% for connect in inspircd.connect %}
-         allow="185.230.79.1/32"
+{% for name,allow in connect.allows.items() %}
+<connect name="{{ connect.name }}-{{ name }}"
+         allow="{{ allow }}"
          timeout="60"
-         threshold="1"
+         threshold="{{ connect.threshold }}"
+{% if connect.commandrate is defined %}
+         commandrate="{{ connect.commandrate }}"
+{% endif %}
          pingfreq="120"
          sendq="262144"
          recvq="8192"
          maxchans="70"
          localmax="1000"
-         globalmax="1000">
+         globalmax="1000"{% if connect.modes is not defined %}>
+{% else %}
 
-<connect name="zamok-ipv6"
-         allow="2a0c:700:2:0:ec4:7aff:fe59:a1ad/128"
-         timeout="60"
-         threshold="1"
-         pingfreq="120"
-         sendq="262144"
-         recvq="8192"
-         maxchans="70"
-         localmax="1000"
-         globalmax="1000">
-
-<connect name="irc-ipv4"
-         allow="185.230.79.11/32"
-         timeout="60"
-         threshold="1"
-         pingfreq="120"
-         sendq="262144"
-         recvq="8192"
-         maxchans="70"
-         localmax="1000"
-         globalmax="1000">
-
-<connect name="irc-ipv6"
-         allow="2a0c:700:2::ff:fe01:2902/128"
-         timeout="60"
-         threshold="10"
-         pingfreq="120"
-         sendq="262144"
-         recvq="8192"
-         maxchans="70"
-         localmax="1000"
-         globalmax="1000">
-
-<connect name="gitlab-ipv4"
-         allow="185.230.79.14/32"
-         timeout="60"
-         threshold="10"
-         commandrate="10000"
-         pingfreq="120"
-         sendq="262144"
-         recvq="8192"
-         maxchans="70"
-         localmax="1000"
-         globalmax="1000">
-
-<connect name="gitlab-ipv6"
-         allow="2a0c:700:2::ff:fe01:502/128"
-         timeout="60"
-         threshold="10"
-         commandrate="10000"
-         pingfreq="120"
-         sendq="262144"
-         recvq="8192"
-         maxchans="70"
-         localmax="1000"
-         globalmax="1000">
-
-<connect name="monitoring-ipv4"
-         allow="172.16.10.121/32"
-         timeout="60"
-         threshold="10"
-         commandrate="10000"
-         pingfreq="120"
-         sendq="262144"
-         recvq="8192"
-         maxchans="70"
-         localmax="1000"
-         globalmax="1000"
-         modes="+x"
-         useident="no">
-
-<connect name="monitoring-ipv6"
-         allow="fd00::10:ff:fe01:2110/128"
-         timeout="60"
-         threshold="10"
-         commandrate="10000"
-         pingfreq="120"
-         sendq="262144"
-         recvq="8192"
-         maxchans="70"
-         localmax="1000"
-         globalmax="1000"
          modes="+x"
          useident="no">
+{% endif %}
 
+{% endfor %}
+{% endfor %}
 <connect name="default"
          allow="*"
          timeout="60"
@@ -156,7 +83,7 @@
 <channels users="30"
           opers="1000">
 
-<dns server="172.16.10.101" timeout="5">
+<dns server="{{ inspircd.dns }}" timeout="5">
 
 <options prefixquit="Quit: "
          noservices="no"

roles/inspircd/templates/inspircd/links.conf.j2

@@ -1,13 +1,13 @@
 {{ ansible_header | comment }}
 
 <link
-	name="services.irc.crans.org"
+	name="{{ inspircd.services.name }}"
 	ipaddr="127.0.0.1"
-	port="6668"
+	port="{{ inspircd.services.port }}"
 	sid="3AX"
 	allowmask="127.0.0.0/8"
-	sendpass="{{ anope.recvpass }}"
+	sendpass="{{ inspircd.services.recvpass }}"
-	recvpass="{{ anope.sendpass }}"
+	recvpass="{{ inspircd.services.sendpass }}"
 >
 
-<uline server="services.irc.crans.org">
+<uline server="{{ inspircd.services.name }}">

roles/inspircd/templates/inspircd/modules.conf.j2

@@ -24,8 +24,8 @@
 <auditorium  opvisible="yes" opcansee="no" opercansee="yes">
 <module name="m_banexception.so">
 <module name="m_banredirect.so">
-#<module name="m_blockamsg.so">
+<module name="m_blockamsg.so">
-#   <blockamsg delay="3" action="noticeopers">
+   <blockamsg delay="3" action="noticeopers">
 
 <module name="m_blockcaps.so">
 <blockcaps percent="50"
@@ -84,8 +84,8 @@
 <module name="m_cloaking.so">
 <cloak
 	mode="full"
-	key="{{ inspircd.cloak_key }}"
+	key="{{ inspircd.cloak.key }}"
-	prefix="crans"
+	prefix="{{ inspircd.cloak.name }}"
 >
 
 #<module name="m_conn_join.so">