From 3990cb993962e22215b942ed8d5e5e232395fe7c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Hugo=20H=C3=B6rnquist?= <hugo@lysator.liu.se>
Date: Mon, 23 Oct 2023 18:05:43 +0200
Subject: [PATCH] Remove many Lysator-specific things from module.

These now recide in https://git.lysator.liu.se/lysator/puppet/profiles,
in the file manifests/irc_bouncer.pp.
---
 manifests/setup.pp | 64 +++++++++-------------------------------------
 1 file changed, 12 insertions(+), 52 deletions(-)

diff --git a/manifests/setup.pp b/manifests/setup.pp
index be1dd1b..5dd737b 100644
--- a/manifests/setup.pp
+++ b/manifests/setup.pp
@@ -1,6 +1,17 @@
 class irc_bouncer::setup {
   require ::irc_bouncer::pre
-  require ::profiles::lysator_repo
+
+  file { [
+    '/var/lib/znc',
+    '/var/lib/znc/configs',
+    '/var/lib/znc/mobdata',
+    '/var/lib/znc/moddata/cyrusauth',
+    '/var/lib/znc/moddata/identfile',
+  ]:
+    ensure => directory,
+    owner  => 'znc',
+  }
+
 
   # We use a self-packaged version of ZNC, whose package source is
   # available at:
@@ -45,11 +56,6 @@ class irc_bouncer::setup {
     groups  => [ 'sasl', ],
   }
 
-  file { '/var/lib/znc':
-    ensure => directory,
-    owner  => 'znc',
-  }
-
   file { '/var/lib/znc/configs/znc.conf':
     ensure  => present,
     replace => no,
@@ -85,52 +91,6 @@ class irc_bouncer::setup {
     args => ['saslauthd'],
   }
 
-  # Letsencrypt challenge is done through DNS since the ZNC webserver
-  # is to inflexible, and I neither want to front it just for certs,
-  # and I don't want to stop ZNC just for updating certs.
-
-  # https://certbot-dns-rfc2136.readthedocs.io/en/stable/
-
-  # Secret is manually generated on the nameserver, and placed in the
-  # appropriate dns config file.
-  # $ tsig-keygen -a hmac-sha256 verdigris.lysator.liu.se
-
-  class { '::letsencrypt':
-    config  => {
-      email => 'hugo@lysator.liu.se',
-    }
-  }
-  # TODO dynamic dns updtae fails since the DNS server manually writes
-  # the zone file, disregarding the journal. Update Lysators DNS
-  # server to not do that.
-  -> class { '::letsencrypt::plugin::dns_rfc2136':
-    # address of ns-master.lysator.liu.se
-    # Since the python can't handle DNS...
-    server              => '2001:6b0:17:f0a0::2',
-    key_name            => $facts['fqdn'],
-    key_algorithm       => 'HMAC-SHA256',
-    # TODO don't publish secret here
-    key_secret          => 'YHR7/5gOkdPF64GwWRu6Ge8jcjz8siqCWIy/G8FsVzw=',
-    propagation_seconds => 10,
-    manage_package      => true,
-  }
-  # TODO znc probably needs to be reloaded after cert upgrade
-  -> letsencrypt::certonly { $certname:
-    ensure          => 'present',
-    domains         => [ $facts['fqdn'], ],
-    plugin          => 'dns-rfc2136',
-    manage_cron     => true,
-    additional_args => [ '--quiet', ],
-  }
-
-  # TODO files in archive is still not readable by znc
-  file { ['/etc/letsencrypt/live',
-          '/etc/letsencrypt/archive', ]:
-    ensure => directory,
-    mode   => '0750',
-    group  => 'znc',
-  }
-
   file { '/var/lib/znc/moddata/cyrusauth/.registry':
     ensure  => file,
     content => "CreateUser true\n",
-- 
GitLab