Broke out into own module

files/znc.conf

+Version = 1.7.5
+
+ConfigWriteDelay = 0
+ProtectWebSessions = true
+SSLCertFile = /var/lib/znc/znc.pem
+SSLDHParamFile = /var/lib/znc/znc.pem
+SSLKeyFile = /var/lib/znc/znc.pem
+
+<Listener irclistener-ssl>
+	Port = 6697
+	IPv4 = true
+	IPv6 = true
+	SSL = true
+	AllowIRC = true
+	AllowWeb = false
+</Listener>
+
+<Listener irclistener-plain>
+	Port = 6667
+	IPv4 = true
+	IPv6 = true
+	SSL = false
+	AllowIRC = true
+	AllowWeb = false
+</Listener>
+
+
+<Listener httplistener>
+	Port = 443
+	IPv4 = true
+	IPv6 = true
+	SSL = true
+	AllowIRC = false
+	AllowWeb = true
+</Listener>
+
+
+<User lysroot>
+	Admin = true
+	AltNick = lysroot_
+	AuthOnlyViaModule = false
+	DenyLoadMod = false
+	DenySetBindHost = false
+	Ident = lysroot
+	JoinTries = 10
+	LoadModule = controlpanel
+	MaxJoins = 0
+	MaxNetworks = 1
+	MultiClients = true
+	Nick = lysroot
+	RealName = Lysator Admin
+
+	<Pass password>
+		Hash = 4920d51d3589060157a3fbe677a484271f477c843bca16ae61177aa7a3fdbc34
+		Method = SHA256
+		Salt = D?7uVG,WyJG+B+flUJ_j
+	</Pass>
+
+</User>

files/znc.service

+[Unit]
+Description=ZNC, an advanced IRC bouncer
+After=network-online.target
+     
+[Service]
+ExecStart=/usr/bin/znc -f --datadir=/var/lib/znc
+AmbientCapabilities=CAP_NET_BIND_SERVICE
+User=znc
+     
+[Install]
+WantedBy=multi-user.target

manifests/ident.pp

+class irc_bouncer::ident {
+  require ::irc_bouncer::pre
+
+  ensure_packages (
+    ['oidentd', ],
+    { ensure => installed, })
+
+
+  file { '/etc/oidentd.conf':
+    ensure  => 'present',
+    group   => 'znc',
+    mode    => '0664',
+    content => @(EOF)
+    user "znc" {
+      default {
+        allow spoof
+        allow spoof_all
+      }
+    }
+    |- EOF
+  }
+
+  service { 'oidentd':
+    ensure => running,
+    enable => true,
+  }
+
+  irc_bouncer::module { 'identfile': }
+
+  file { '/var/lib/znc/moddata/identfile/.registry':
+    ensure => present,
+    # TODO get puppet to escape the string for me
+    content => @(EOF)
+    File %2f;etc%2f;oidentd%2e;conf
+    Format global%20;%7b;%20;reply%20;%22;%25;user%25;%22;%20;%7d;
+  |- EOF
+  }
+}
+

manifests/init.pp

+class irc_bouncer {
+
+  require ::irc_bouncer::setup
+  require ::irc_bouncer::ident
+
+
+  service { 'znc':
+    ensure => running,
+    enable => true,
+    subscribe => [ Class['::irc_bouncer::setup'], ],
+  }
+}

manifests/module.pp

+# Really znc module
+define irc_bouncer::module (
+  String $module = $name,
+  Array[String] $args = [],
+) {
+
+  $arg_str = join($args, ' ')
+
+  file_line { "ZNC module ${module}":
+    path => '/var/lib/znc/configs/znc.conf',
+    ensure => present,
+    match => "^LoadModule = ${module}",
+    line => "LoadModule = ${module} ${arg_str}"
+  }
+}

manifests/pre.pp

+class irc_bouncer::pre {
+  exec { 'stop znc':
+    command => '/bin/systemctl stop znc',
+  } -> Irc_bouncer::Module <| |>
+}

manifests/setup.pp

+class irc_bouncer::setup {
+  require ::irc_bouncer::pre
+  require ::lysrepo
+
+
+  # https://git.lysator.liu.se/hugo/deb-znc
+  ensure_packages ( ['znc'],
+    { ensure => latest, })
+
+  ensure_packages ( ['sasl2-bin'],
+    { ensure => installed, })
+
+  file_line { 'saslauthd remove START=no':
+    path => '/etc/default/saslauthd',
+    line => 'START=no',
+    ensure => absent,
+    require => Package['sasl2-bin'],
+  }
+
+  file_line { 'saslauthd START=yes':
+    path => '/etc/default/saslauthd',
+    line => 'START=yes',
+    ensure => present,
+    require => Package['sasl2-bin'],
+  }
+
+  file_line { 'saslauthd pam':
+    path => '/etc/default/saslauthd',
+    line => 'MECHANISMS="pam"',
+    ensure => present,
+    require => Package['sasl2-bin'],
+  }
+
+  # restart saslauthd here?
+
+
+  user { 'znc':
+    comment => 'ZNC Daemon runner',
+    home => '/var/lib/znc',
+    system => true,
+    shell => '/usr/sbin/nologin',
+    groups => [ 'sasl', ],
+  }
+
+  file { '/var/lib/znc':
+    ensure => directory,
+    owner => 'znc',
+  }
+  vcsrepo { '/var/lib/znc/znc-lysator':
+    ensure => latest,
+    provider => git,
+    source => 'https://git.lysator.liu.se/hugo/znc-lysator',
+    revision => 'release',
+  } ~> exec { 'build znc-lysator':
+    cwd => '/var/lib/znc/znc-lysator',
+    command => 'make',
+    path => '/usr/bin:/bin',
+  } ~> file { '/usr/lib/znc/lysconf.so':
+    ensure => present,
+    source => '/var/lib/znc/znc-lysator/lysconf.so',
+  }
+
+  file { '/var/lib/znc/configs/znc.conf':
+    ensure => present,
+    replace => no,
+    source => 'puppet:///modules/irc_bouncer/znc.conf',
+    owner => 'znc',
+  }
+
+  irc_bouncer::module { [ 'webadmin',
+                          'fail2ban',
+                          'chansaver',
+                          'lysconf' ]: }
+  irc_bouncer::module { 'cyrusauth':
+    args => ['saslauthd'],
+  }
+
+  exec { 'znc make pem':
+    command => 'znc --datadir=/var/lib/znc --makepem',
+    path => '/usr/bin:/bin',
+    user => 'znc',
+    onlyif => 'test ! -f /var/lib/znc/znc.pem',
+  }
+
+  file { '/var/lib/znc/moddata/cyrusauth/.registry':
+    ensure => file,
+    content => "CreateUser true\n",
+  }
+
+  # Möjliga standarder för nya användare?
+  # Gör så play-back ligger kvar även efter man sätt dem.
+  # <user>
+  #   AutoClearChanBuffer = false
+  #   AutoClearQueryBuffer = false
+  # </user>
+  #
+  # Se möjligen även över loggar
+
+
+  systemd::unit_file { 'znc.service':
+    source => 'puppet:///modules/irc_bouncer/znc.service',
+  }
+}