From 2f8541b452951ef42add5f42d360efe7c8ec121d Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Mon, 23 Oct 2023 21:07:06 +0200
Subject: [PATCH] Move everything around.
---
files/znc.conf | 2 -
.../znc.service.epp => files/znc.service | 5 --
manifests/ident.pp | 14 +++-
manifests/init.pp | 1 -
manifests/sasl.pp | 46 ++++++++++++
manifests/setup.pp | 74 +++++--------------
6 files changed, 74 insertions(+), 68 deletions(-)
rename templates/znc.service.epp => files/znc.service (55%)
create mode 100644 manifests/sasl.pp
diff --git a/files/znc.conf b/files/znc.conf
index 14dc742..ad2fcf9 100644
--- a/files/znc.conf
+++ b/files/znc.conf
@@ -24,7 +24,6 @@ SSLKeyFile = /etc/letsencrypt/live/verdigris.lysator.liu.se/privkey.pem
AllowWeb = false
</Listener>
-
<Listener httplistener>
Port = 443
IPv4 = true
@@ -55,5 +54,4 @@ SSLKeyFile = /etc/letsencrypt/live/verdigris.lysator.liu.se/privkey.pem
Method = SHA256
Salt = D?7uVG,WyJG+B+flUJ_j
</Pass>
-
</User>
diff --git a/templates/znc.service.epp b/files/znc.service
similarity index 55%
rename from templates/znc.service.epp
rename to files/znc.service
index 6e3d6ef..1f90a92 100644
--- a/templates/znc.service.epp
+++ b/files/znc.service
@@ -1,5 +1,3 @@
-<%- | String $keyname
-| -%>
[Unit]
Description=ZNC, an advanced IRC bouncer
After=network-online.target
@@ -9,8 +7,5 @@ ExecStart=/usr/bin/znc --foreground --datadir=/var/lib/znc
AmbientCapabilities=CAP_NET_BIND_SERVICE
User=znc
-# LoadCredential=fullchain.pem:/etc/letsencrypt/live/<%= $keyname %>/fullchain.pem
-# LoadCredential=privkey.pem:/etc/letsencrypt/live/<%= $keyname %>/privkey.pem
-
[Install]
WantedBy=multi-user.target
diff --git a/manifests/ident.pp b/manifests/ident.pp
index 7053fdd..a020b83 100644
--- a/manifests/ident.pp
+++ b/manifests/ident.pp
@@ -4,8 +4,8 @@
class irc_bouncer::ident {
ensure_packages(['oidentd',], { ensure => installed, })
- $oident_conf = @(EOF)
- user "znc" {
+ $oident_conf = @("EOF")
+ user "${irc_bouncer::setup::user}" {
default {
allow spoof
allow spoof_all
@@ -15,7 +15,7 @@ class irc_bouncer::ident {
file { '/etc/oidentd.conf':
ensure => file,
- group => 'znc',
+ group => $irc_bouncer::setup::user,
mode => '0664',
content => $oident_conf,
}
@@ -27,8 +27,14 @@ class irc_bouncer::ident {
irc_bouncer::module { 'identfile': }
- file { '/var/lib/znc/moddata/identfile/.registry':
+ file { "${irc_bouncer::setup::datadir}/moddata/identfile":
+ ensure => directory,
+ owner => $irc_bouncer::setup::user,
+ }
+
+ file { "${irc_bouncer::setup::datadir}/moddata/identfile/.registry":
ensure => file,
+ owner => $irc_bouncer::setup::user,
content => [
'File /etc/oidentd.conf',
'Format global { reply "%user%" }',
diff --git a/manifests/init.pp b/manifests/init.pp
index f8526bb..acb1e53 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -1,7 +1,6 @@
# @summary
class irc_bouncer {
require irc_bouncer::setup
- require irc_bouncer::ident
service { 'znc':
ensure => running,
diff --git a/manifests/sasl.pp b/manifests/sasl.pp
new file mode 100644
index 0000000..a993e01
--- /dev/null
+++ b/manifests/sasl.pp
@@ -0,0 +1,46 @@
+# @summary Configures central authentication
+#
+# Configures saslauthd to allow authentication through pam,
+#
+# Also loads the ZNC cyrusauth module and configures it to use
+# saslauth.
+#
+# @param package
+# Name of the package providing saslauthd
+class irc_bouncer::sasl (
+ String $package = 'sasl2-bin',
+) {
+ ensure_packages([$package], { ensure => installed, })
+
+ file_line { 'saslauthd START=yes':
+ ensure => present,
+ path => '/etc/default/saslauthd',
+ line => 'START=yes',
+ match => '^START=',
+ require => Package[$package],
+ notify => Service['saslauthd'],
+ }
+
+ file_line { 'saslauthd pam':
+ ensure => present,
+ path => '/etc/default/saslauthd',
+ line => 'MECHANISMS="pam"',
+ match => '^MECHANISMS=',
+ require => Package[$package],
+ notify => Service['saslauthd'],
+ }
+
+ service { 'saslauthd':
+ ensure => running,
+ enable => true,
+ }
+
+ file { "${irc_bouncer::setup::datadir}/moddata/cyrusauth":
+ ensure => directory,
+ owner => $irc_bouncer::setup::user,
+ }
+
+ irc_bouncer::module { 'cyrusauth':
+ args => ['saslauthd'],
+ }
+}
diff --git a/manifests/setup.pp b/manifests/setup.pp
index 41fdd3c..d46b636 100644
--- a/manifests/setup.pp
+++ b/manifests/setup.pp
@@ -1,61 +1,36 @@
# @summary Initial configuration of ZNC
-class irc_bouncer::setup {
+# @api private
+class irc_bouncer::setup (
+ Stdlib::Absolutepath $datadir = '/var/lib/znc',
+ String $user = 'znc',
+ String $package = 'znc',
+) {
file { [
- '/var/lib/znc',
- '/var/lib/znc/configs',
- '/var/lib/znc/mobdata',
- '/var/lib/znc/moddata/cyrusauth',
- '/var/lib/znc/moddata/identfile',
+ $datadir,
+ "${datadir}/configs",
+ "${datadir}/mobdata",
]:
ensure => directory,
- owner => 'znc',
+ owner => $user,
}
- # We use a self-packaged version of ZNC, whose package source is
- # available at:
- # https://git.lysator.liu.se/hugo/deb-znc
- # It also comes bundled with a lysator module.
-
- ensure_packages(['znc'], { ensure => latest, })
-
- ensure_packages(['sasl2-bin'], { ensure => installed, })
-
- file_line { 'saslauthd remove START=no':
- ensure => absent,
- path => '/etc/default/saslauthd',
- line => 'START=no',
- require => Package['sasl2-bin'],
- }
-
- file_line { 'saslauthd START=yes':
- ensure => present,
- path => '/etc/default/saslauthd',
- line => 'START=yes',
- require => Package['sasl2-bin'],
- }
-
- file_line { 'saslauthd pam':
- ensure => present,
- path => '/etc/default/saslauthd',
- line => 'MECHANISMS="pam"',
- require => Package['sasl2-bin'],
- }
+ ensure_packages([$package], { ensure => latest, })
# restart saslauthd here?
- user { 'znc':
+ user { $user:
comment => 'ZNC Daemon runner',
- home => '/var/lib/znc',
+ home => $datadir,
system => true,
shell => '/usr/sbin/nologin',
groups => ['sasl',],
}
- file { '/var/lib/znc/configs/znc.conf':
+ file { "${datadir}/configs/znc.conf":
ensure => file,
replace => no,
- source => 'puppet:///modules/irc_bouncer/znc.conf',
- owner => 'znc',
+ source => "puppet:///modules/${module_name}/znc.conf",
+ owner => $user,
}
$certname = $facts['networking']['fqdn']
@@ -76,25 +51,13 @@ class irc_bouncer::setup {
line => "SSLKeyFile = /etc/letsencrypt/live/${certname}/privkey.pem",
}
- # lysconf module comes bundled with lysator-version of znc
-
irc_bouncer::module { [
'webadmin',
'fail2ban',
'chansaver',
- 'lysconf',
]:
}
- irc_bouncer::module { 'cyrusauth':
- args => ['saslauthd'],
- }
-
- file { '/var/lib/znc/moddata/cyrusauth/.registry':
- ensure => file,
- content => "CreateUser true\n",
- }
-
# Möjliga standarder för nya användare?
# Gör så play-back ligger kvar även efter man sätt dem.
# <user>
@@ -105,8 +68,7 @@ class irc_bouncer::setup {
# Se möjligen även över loggar
systemd::unit_file { 'znc.service':
- content => epp('irc_bouncer/znc.service.epp', {
- 'keyname' => $certname,
- }),
+ source => "file:///modules/${module_name}/znc.service",
+ before => Service['znc'],
}
}
--
GitLab