diff --git a/irc/manifests/init.pp b/irc/manifests/init.pp index a72e920..9634e42 100644 --- a/irc/manifests/init.pp +++ b/irc/manifests/init.pp @@ -1,5 +1,10 @@ # Install IRC server. # +# === Global variables +# +# $irc_motd: +# IRC server message of the day. +# class irc::server { package { "ircd-ratbox": @@ -8,9 +13,18 @@ class irc::server { file { "/var/lib/ratbox": ensure => directory, + mode => "0700", owner => "irc", group => "irc", - mode => "0700", + require => Package["ircd-ratbox"], + } + + file { "/etc/ircd-ratbox/ircd.motd": + ensure => present, + mode => "0644", + owner => "irc", + group => "irc", + content => "${irc_motd}", require => Package["ircd-ratbox"], } @@ -38,12 +52,48 @@ class irc::services inherits irc::server { # Configure IRC network. # -define irc::network($desc, $servername, $serverdesc, - $port, $sslport, $operpass, $userpass="", - $services=false, $servpass="") { +# === Parameters +# +# $name: +# IRC network name. +# $desc: +# IRC network description. +# $servername: +# Name of this IRC server. +# $serverdesc: +# Desription of this IRC server. +# $port: +# Port to listen. +# $sslport: +# Port to listen with SSL. +# $sslcert: +# Certificate source. Defaults to generated self signed cert. +# $operator: +# List of allowed operators. Defaults to ["*@127.0.0.1"]. +# $operpass: +# Password required for gaining operator privileges. +# $userpass: +# Password required for joining this server. +# $service: +# Enabled IRC services. Defaults to false. +# $servpass: +# Password for IRC services. +# $ident: +# Use ident service. Defaults to false. +# +define irc::network($desc, $servername, $serverdesc, $port, $sslport, + $sslcert="", $operator=["*@127.0.0.1"], $operpass, + $userpass="", $services=false, $servpass="", + $ident=false) { include irc::server + if $ident == false { + $disable_identd = "yes"; + } else { + $disable_identd = "no"; + } + file { "/var/lib/ratbox/${name}": ensure => directory, owner => "irc", @@ -66,12 +116,23 @@ define irc::network($desc, $servername, $serverdesc, require => File["/var/lib/ratbox/${name}"], } - ssl::certificate { "/var/lib/ratbox/${name}/ircd.pem": - cn => $servername, - mode => "0600", - owner => "irc", - group => "irc", - require => File["/var/lib/ratbox/${name}"], + if $sslcert { + file { "/var/lib/ratbox/${name}/ircd.pem": + ensure => present, + mode => "0600", + owner => "irc", + group => "irc", + source => "${sslcert}", + require => File["/var/lib/ratbox/${name}"], + } + } else { + ssl::certificate { "/var/lib/ratbox/${name}/ircd.pem": + cn => "${servername}", + mode => "0600", + owner => "irc", + group => "irc", + require => File["/var/lib/ratbox/${name}"], + } } ssl::dhparam { "/var/lib/ratbox/${name}/dh.pem": @@ -102,6 +163,7 @@ define irc::network($desc, $servername, $serverdesc, ensure => running, enable => true, status => "pgrep -u irc -f /var/lib/ratbox/${name}", + restart => "/etc/init.d/ircd-${name} reload", } if $services == true { diff --git a/irc/templates/ircd-ratbox.conf.erb b/irc/templates/ircd-ratbox.conf.erb index 41e4ce5..967f29d 100644 --- a/irc/templates/ircd-ratbox.conf.erb +++ b/irc/templates/ircd-ratbox.conf.erb @@ -178,7 +178,7 @@ class "users" { number_per_cidr = 100; /* max number: the maximum number of users allowed in this class */ - max_number = 100; + max_number = 1000; /* sendq: the amount of data allowed in a clients queue before * they are dropped. @@ -230,6 +230,7 @@ auth { class = "users"; <% if userpass != "" -%> password = "<%= userpass %>"; + flags = encrypted; <% end -%> }; @@ -244,7 +245,9 @@ operator "root" { * supported now. * multiple user="" lines are supported. */ - user = "*@127.0.0.1"; +<% operator.each do |user| -%> + user = "<%= user %>"; +<% end -%> /* password: the password required to oper. Unless ~encrypted is * contained in flags = ...; this will need to be encrypted using @@ -301,8 +304,7 @@ operator "root" { * */ flags = global_kill, remote, kline, unkline, gline, - die, rehash, admin, xline, resv, operwall, - ~encrypted; + die, rehash, admin, xline, resv, operwall; }; /* If you are using the ratbox-services compatibility code, uncomment this. */ @@ -639,7 +641,7 @@ general { connect_timeout = 30 seconds; /* disable auth: disables identd checking */ - disable_auth = no; + disable_auth = <%= disable_identd %>; /* no oper flood: increase flood limits for opers. */ no_oper_flood = yes; diff --git a/irc/templates/ircd-ratbox.init.erb b/irc/templates/ircd-ratbox.init.erb index eabd9a5..3523d72 100755 --- a/irc/templates/ircd-ratbox.init.erb +++ b/irc/templates/ircd-ratbox.init.erb @@ -105,6 +105,7 @@ reload) restart|force-reload) log_daemon_msg "Restarting $NAME" "$NAME" ratbox_stop + sleep 2 ratbox_start case "$?" in 0) log_end_msg 0 ;; diff --git a/irc/templates/ratbox-services.conf.erb b/irc/templates/ratbox-services.conf.erb index 33abe58..08b881b 100644 --- a/irc/templates/ratbox-services.conf.erb +++ b/irc/templates/ratbox-services.conf.erb @@ -154,7 +154,9 @@ operator "root" { /* user: specifies a user@host who may connect. * multiple may be specified, wildcards are accepted. */ - user = "*@127.0.0.1"; +<% operator.each do |user| -%> + user = "<%= user %>"; +<% end -%> /* you may also restrict the oper to a specific server, they will * then only be able to connect when using that server. @@ -167,7 +169,7 @@ operator "root" { /* encrypted: specifies whether the above password has been * encrypted or not. default: yes */ - encrypted = no; + encrypted = yes; /* flags: specifies what general privs an oper has * admin - services admin, .die etc @@ -485,7 +487,7 @@ service "nickserv" { realname = "nickname services"; /* disabled by default */ - flags = opered, msg_self, disabled; + flags = opered, msg_self; /* loglevel: level to log at, 0 to disable logging * 1 - Admin commands