tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Various fixes for irc module

Browse source
This commit is contained in:
Ossi Salmi 2012-11-19 12:08:50 +02:00
parent f19ae66ba5
commit 089082ef20
4 changed files with 85 additions and 18 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

82
irc/manifests/init.pp
View file

@ -1,5 +1,10 @@
# Install IRC server. # Install IRC server.
# #
# === Global variables
#
# $irc_motd:
# IRC server message of the day.
#
class irc::server { class irc::server {
package { "ircd-ratbox": package { "ircd-ratbox":
@ -8,9 +13,18 @@ class irc::server {
file { "/var/lib/ratbox": file { "/var/lib/ratbox":
ensure => directory, ensure => directory,
mode => "0700",
owner => "irc", owner => "irc",
group => "irc", group => "irc",
mode => "0700", require => Package["ircd-ratbox"],
}
file { "/etc/ircd-ratbox/ircd.motd":
ensure => present,
mode => "0644",
owner => "irc",
group => "irc",
content => "${irc_motd}",
require => Package["ircd-ratbox"], require => Package["ircd-ratbox"],
} }
@ -38,12 +52,48 @@ class irc::services inherits irc::server {
# Configure IRC network. # Configure IRC network.
# #
define irc::network($desc, $servername, $serverdesc, # === Parameters
$port, $sslport, $operpass, $userpass="", #
$services=false, $servpass="") { # $name:
# IRC network name.
# $desc:
# IRC network description.
# $servername:
# Name of this IRC server.
# $serverdesc:
# Desription of this IRC server.
# $port:
# Port to listen.
# $sslport:
# Port to listen with SSL.
# $sslcert:
# Certificate source. Defaults to generated self signed cert.
# $operator:
# List of allowed operators. Defaults to ["*@127.0.0.1"].
# $operpass:
# Password required for gaining operator privileges.
# $userpass:
# Password required for joining this server.
# $service:
# Enabled IRC services. Defaults to false.
# $servpass:
# Password for IRC services.
# $ident:
# Use ident service. Defaults to false.
#
define irc::network($desc, $servername, $serverdesc, $port, $sslport,
$sslcert="", $operator=["*@127.0.0.1"], $operpass,
$userpass="", $services=false, $servpass="",
$ident=false) {
include irc::server include irc::server
if $ident == false {
$disable_identd = "yes";
} else {
$disable_identd = "no";
}
file { "/var/lib/ratbox/${name}": file { "/var/lib/ratbox/${name}":
ensure => directory, ensure => directory,
owner => "irc", owner => "irc",
@ -66,12 +116,23 @@ define irc::network($desc, $servername, $serverdesc,
require => File["/var/lib/ratbox/${name}"], require => File["/var/lib/ratbox/${name}"],
} }
ssl::certificate { "/var/lib/ratbox/${name}/ircd.pem": if $sslcert {
cn => $servername, file { "/var/lib/ratbox/${name}/ircd.pem":
mode => "0600", ensure => present,
owner => "irc", mode => "0600",
group => "irc", owner => "irc",
require => File["/var/lib/ratbox/${name}"], group => "irc",
source => "${sslcert}",
require => File["/var/lib/ratbox/${name}"],
}
} else {
ssl::certificate { "/var/lib/ratbox/${name}/ircd.pem":
cn => "${servername}",
mode => "0600",
owner => "irc",
group => "irc",
require => File["/var/lib/ratbox/${name}"],
}
} }
ssl::dhparam { "/var/lib/ratbox/${name}/dh.pem": ssl::dhparam { "/var/lib/ratbox/${name}/dh.pem":
@ -102,6 +163,7 @@ define irc::network($desc, $servername, $serverdesc,
ensure => running, ensure => running,
enable => true, enable => true,
status => "pgrep -u irc -f /var/lib/ratbox/${name}", status => "pgrep -u irc -f /var/lib/ratbox/${name}",
restart => "/etc/init.d/ircd-${name} reload",
} }
if $services == true { if $services == true {

12
irc/templates/ircd-ratbox.conf.erb
View file

@ -178,7 +178,7 @@ class "users" {
number_per_cidr = 100; number_per_cidr = 100;
/* max number: the maximum number of users allowed in this class */ /* max number: the maximum number of users allowed in this class */
max_number = 100; max_number = 1000;
/* sendq: the amount of data allowed in a clients queue before /* sendq: the amount of data allowed in a clients queue before
* they are dropped. * they are dropped.
@ -230,6 +230,7 @@ auth {
class = "users"; class = "users";
<% if userpass != "" -%> <% if userpass != "" -%>
password = "<%= userpass %>"; password = "<%= userpass %>";
flags = encrypted;
<% end -%> <% end -%>
}; };
@ -244,7 +245,9 @@ operator "root" {
* supported now. * supported now.
* multiple user="" lines are supported. * multiple user="" lines are supported.
*/ */
user = "*@127.0.0.1"; <% operator.each do |user| -%>
user = "<%= user %>";
<% end -%>
/* password: the password required to oper. Unless ~encrypted is /* password: the password required to oper. Unless ~encrypted is
* contained in flags = ...; this will need to be encrypted using * contained in flags = ...; this will need to be encrypted using
@ -301,8 +304,7 @@ operator "root" {
* *
*/ */
flags = global_kill, remote, kline, unkline, gline, flags = global_kill, remote, kline, unkline, gline,
die, rehash, admin, xline, resv, operwall, die, rehash, admin, xline, resv, operwall;
~encrypted;
}; };
/* If you are using the ratbox-services compatibility code, uncomment this. */ /* If you are using the ratbox-services compatibility code, uncomment this. */
@ -639,7 +641,7 @@ general {
connect_timeout = 30 seconds; connect_timeout = 30 seconds;
/* disable auth: disables identd checking */ /* disable auth: disables identd checking */
disable_auth = no; disable_auth = <%= disable_identd %>;
/* no oper flood: increase flood limits for opers. */ /* no oper flood: increase flood limits for opers. */
no_oper_flood = yes; no_oper_flood = yes;

1
irc/templates/ircd-ratbox.init.erb
View file

@ -105,6 +105,7 @@ reload)
restart|force-reload) restart|force-reload)
log_daemon_msg "Restarting $NAME" "$NAME" log_daemon_msg "Restarting $NAME" "$NAME"
ratbox_stop ratbox_stop
sleep 2
ratbox_start ratbox_start
case "$?" in case "$?" in
0) log_end_msg 0 ;; 0) log_end_msg 0 ;;

8
irc/templates/ratbox-services.conf.erb
View file

@ -154,7 +154,9 @@ operator "root" {
/* user: specifies a user@host who may connect. /* user: specifies a user@host who may connect.
* multiple may be specified, wildcards are accepted. * multiple may be specified, wildcards are accepted.
*/ */
user = "*@127.0.0.1"; <% operator.each do |user| -%>
user = "<%= user %>";
<% end -%>
/* you may also restrict the oper to a specific server, they will /* you may also restrict the oper to a specific server, they will
* then only be able to connect when using that server. * then only be able to connect when using that server.
@ -167,7 +169,7 @@ operator "root" {
/* encrypted: specifies whether the above password has been /* encrypted: specifies whether the above password has been
* encrypted or not. default: yes * encrypted or not. default: yes
*/ */
encrypted = no; encrypted = yes;
/* flags: specifies what general privs an oper has /* flags: specifies what general privs an oper has
* admin - services admin, .die etc * admin - services admin, .die etc
@ -485,7 +487,7 @@ service "nickserv" {
realname = "nickname services"; realname = "nickname services";
/* disabled by default */ /* disabled by default */
flags = opered, msg_self, disabled; flags = opered, msg_self;
/* loglevel: level to log at, 0 to disable logging /* loglevel: level to log at, 0 to disable logging
* 1 - Admin commands * 1 - Admin commands