diff --git a/host_vars/irc.adm.crans.org.yml b/host_vars/irc.adm.crans.org.yml
index b75e160f2bb0050adfab12fe1014ba172ca0aa2b..17426494a3273fd04683cbd8ebe629c63f37f00f 100644
--- a/host_vars/irc.adm.crans.org.yml
+++ b/host_vars/irc.adm.crans.org.yml
@@ -27,10 +27,67 @@ loc_thelounge:
public: "true"
loc_inspircd:
- cloak_key: "{{ vault.irc_inspircd_cloak_key }}"
+ cloak:
+ name: crans
+ key: "{{ vault.irc_inspircd_cloak_key }}"
diepass: "{{ vault.irc_inspircd_diepass }}"
restartpass: "{{ vault.irc_inspircd_restartpass }}"
opers: "{{ vault.irc_inspircd_opers }}"
+ server:
+ name: irc.crans.org
+ description: Crans IRC server
+ network: Crans
+ admin:
+ name: Pierre-Elliott Bécue
+ nick: PEB
+ email: root@crans.org
+ bind:
+ - address: 185.230.79.11
+ type: clients
+ clair: 6667
+ ssl: 6697
+ - address: 2a0c:700:2::ff:fe01:2902
+ type: clients
+ clair: 6667
+ ssl: 6697
+ - address : 172.16.10.129
+ type: clients
+ clair: 6667
+ - address: 127.0.0.1
+ type: servers
+ clair: 6668
+ connect:
+ - name: zamok
+ allows:
+ ipv4: 185.230.79.1/32
+ ipv6: 2a0c:700:2:0:ec4:7aff:fe59:a1ad/128
+ threshold: 1
+ - name: irc
+ allows:
+ ipv4: 185.230.79.11/32
+ ipv6: 2a0c:700:2::ff:fe01:2902/128
+ threshold: 1
+ - name: gitlab
+ allows:
+ ipv4: 185.230.79.14/32
+ ipv6: 2a0c:700:2::ff:fe01:502/128
+ threshold: 10
+ commandrate: 10000
+ - name: monitoring
+ allows:
+ ipv4: 172.16.10.121/32
+ ipv6: fd00::10:ff:fe01:2110/128
+ threshold: 10
+ commandrate: 10000
+ modes: yes
+ dns: 185.230.79.62
+ services:
+ name: services.irc.crans.org
+ port: 6668
+ recvpass: "{{ vault.irc_anope_recvpass }}"
+ sendpass: "{{ vault.irc_anope_sendpass }}"
+
+
loc_anope:
recvpass: "{{ vault.irc_anope_recvpass }}"
diff --git a/roles/anope/templates/anope/services.conf.j2 b/roles/anope/templates/anope/services.conf.j2
index e16e42b5a69c0593300dd77a3304bc624b9994c4..1abcc2c7d72fd8a5bd46f85ae9091d29ed5a050f 100644
--- a/roles/anope/templates/anope/services.conf.j2
+++ b/roles/anope/templates/anope/services.conf.j2
@@ -891,33 +891,35 @@ opertype
* As with all permissions, make sure to only give trustworthy people access to Services.
*/
-oper
-{
- /* The nickname of this services oper */
- name = "Fardale"
-
- /* The opertype this person will have */
- type = "Services Root"
-
- /* If set, the user must be an oper on the IRCd to gain their Services
- * oper privileges.
- */
- require_oper = yes
-
- /* An optional password. If defined the user must login using "/msg OperServ LOGIN" first */
- #password = "secret"
-
- /* An optional SSL fingerprint. If defined, it's required to be able to use this opertype. */
- #certfp = "ed3383b3f7d74e89433ddaa4a6e5b2d7"
-
- /* An optional list of user@host masks. If defined the user must be connected from one of them */
- #host = "*@*.anope.org ident@*"
-
- /* An optional vHost to set on users who identify for this oper block.
- * This will override HostServ vHosts, and may not be available on all IRCds
- */
- #vhost = "oper.mynet"
-}
+/*
+ * oper
+ * {
+ * /* The nickname of this services oper */
+ * name = "nick"
+
+ * /* The opertype this person will have */
+ * type = "Services Root"
+
+ * /* If set, the user must be an oper on the IRCd to gain their Services
+ * * oper privileges.
+ * */
+ * require_oper = yes
+
+ * /* An optional password. If defined the user must login using "/msg OperServ LOGIN" first */
+ * #password = "secret"
+
+ * /* An optional SSL fingerprint. If defined, it's required to be able to use this opertype. */
+ * #certfp = "ed3383b3f7d74e89433ddaa4a6e5b2d7"
+
+ * /* An optional list of user@host masks. If defined the user must be connected from one of them */
+ * #host = "*@*.anope.org ident@*"
+
+ * /* An optional vHost to set on users who identify for this oper block.
+ * * This will override HostServ vHosts, and may not be available on all IRCds
+ * */
+ * #vhost = "oper.mynet"
+ * }
+ */
{% for oper in anope.services_roots %}
oper
diff --git a/roles/inspircd/templates/inspircd/inspircd.conf.j2 b/roles/inspircd/templates/inspircd/inspircd.conf.j2
index 1d98c6701384a4e33af5b1671479e2714d5b6c04..3a0fa88518e52dcc5bd0557503250cbe89f73d31 100644
--- a/roles/inspircd/templates/inspircd/inspircd.conf.j2
+++ b/roles/inspircd/templates/inspircd/inspircd.conf.j2
@@ -9,21 +9,21 @@
target="/var/log/inspircd.log"
>
-<server name="irc.crans.org"
- description="Crans IRC server"
- network="Crans"
+<server name="{{ inspircd.server.name }}"
+ description="{{ inspircd.server.description }}"
+ network="{{ inspircd.server.network }}"
sid="3AX">
-<admin name="Pierre-Elliott Bécue"
- nick="PEB"
- email="root@crans.org">
+<admin name="{{ inspircd.admin.name }}"
+ nick="{{ inspircd.admin.nick }}"
+ email="{{ inspircd.admin.email }}">
-<bind address="185.230.79.11" port="6667" type="clients">
-<bind address="185.230.79.11" port="6697" type="clients" ssl="openssl">
-<bind address="2a0c:700:2::ff:fe01:2902" port="6667" type="clients">
-<bind address="2a0c:700:2::ff:fe01:2902" port="6697" type="clients" ssl="openssl">
-<bind address="172.16.10.129" port="6667" type="clients">
-<bind address="127.0.0.1" port="6668" type="servers">
+{% for bind in inspircd.bind %}
+<bind address="{{ bind.address }}" port="{{ bind.clair }}" type="{{ bind.type }}">
+{% if bind.ssl is defined %}
+<bind address="{{ bind.address }}" port="{{ bind.ssl }}" type="{{ bind.type }}" ssl="openssl">
+{% endif %}
+{% endfor %}
<sslprofile
name="openssl"
@@ -37,102 +37,29 @@
<include file="/etc/inspircd/links.conf">
-<connect name="zamok-ipv4"
- allow="185.230.79.1/32"
+{% for connect in inspircd.connect %}
+{% for name,allow in connect.allows.items() %}
+<connect name="{{ connect.name }}-{{ name }}"
+ allow="{{ allow }}"
timeout="60"
- threshold="1"
- pingfreq="120"
- sendq="262144"
- recvq="8192"
- maxchans="70"
- localmax="1000"
- globalmax="1000">
-
-<connect name="zamok-ipv6"
- allow="2a0c:700:2:0:ec4:7aff:fe59:a1ad/128"
- timeout="60"
- threshold="1"
- pingfreq="120"
- sendq="262144"
- recvq="8192"
- maxchans="70"
- localmax="1000"
- globalmax="1000">
-
-<connect name="irc-ipv4"
- allow="185.230.79.11/32"
- timeout="60"
- threshold="1"
- pingfreq="120"
- sendq="262144"
- recvq="8192"
- maxchans="70"
- localmax="1000"
- globalmax="1000">
-
-<connect name="irc-ipv6"
- allow="2a0c:700:2::ff:fe01:2902/128"
- timeout="60"
- threshold="10"
+ threshold="{{ connect.threshold }}"
+{% if connect.commandrate is defined %}
+ commandrate="{{ connect.commandrate }}"
+{% endif %}
pingfreq="120"
sendq="262144"
recvq="8192"
maxchans="70"
localmax="1000"
- globalmax="1000">
+ globalmax="1000"{% if connect.modes is not defined %}>
+{% else %}
-<connect name="gitlab-ipv4"
- allow="185.230.79.14/32"
- timeout="60"
- threshold="10"
- commandrate="10000"
- pingfreq="120"
- sendq="262144"
- recvq="8192"
- maxchans="70"
- localmax="1000"
- globalmax="1000">
-
-<connect name="gitlab-ipv6"
- allow="2a0c:700:2::ff:fe01:502/128"
- timeout="60"
- threshold="10"
- commandrate="10000"
- pingfreq="120"
- sendq="262144"
- recvq="8192"
- maxchans="70"
- localmax="1000"
- globalmax="1000">
-
-<connect name="monitoring-ipv4"
- allow="172.16.10.121/32"
- timeout="60"
- threshold="10"
- commandrate="10000"
- pingfreq="120"
- sendq="262144"
- recvq="8192"
- maxchans="70"
- localmax="1000"
- globalmax="1000"
- modes="+x"
- useident="no">
-
-<connect name="monitoring-ipv6"
- allow="fd00::10:ff:fe01:2110/128"
- timeout="60"
- threshold="10"
- commandrate="10000"
- pingfreq="120"
- sendq="262144"
- recvq="8192"
- maxchans="70"
- localmax="1000"
- globalmax="1000"
modes="+x"
useident="no">
+{% endif %}
+{% endfor %}
+{% endfor %}
<connect name="default"
allow="*"
timeout="60"
@@ -156,7 +83,7 @@
<channels users="30"
opers="1000">
-<dns server="172.16.10.101" timeout="5">
+<dns server="{{ inspircd.dns }}" timeout="5">
<options prefixquit="Quit: "
noservices="no"
diff --git a/roles/inspircd/templates/inspircd/links.conf.j2 b/roles/inspircd/templates/inspircd/links.conf.j2
index 8c4ae15c3c8b35c08e86bb21cc4c8f4d0cb3c9c4..648106caaf96fbae41ed16b9ece389c23e846d82 100644
--- a/roles/inspircd/templates/inspircd/links.conf.j2
+++ b/roles/inspircd/templates/inspircd/links.conf.j2
@@ -1,13 +1,13 @@
{{ ansible_header | comment }}
<link
- name="services.irc.crans.org"
+ name="{{ inspircd.services.name }}"
ipaddr="127.0.0.1"
- port="6668"
+ port="{{ inspircd.services.port }}"
sid="3AX"
allowmask="127.0.0.0/8"
- sendpass="{{ anope.recvpass }}"
- recvpass="{{ anope.sendpass }}"
+ sendpass="{{ inspircd.services.recvpass }}"
+ recvpass="{{ inspircd.services.sendpass }}"
>
-<uline server="services.irc.crans.org">
+<uline server="{{ inspircd.services.name }}">
diff --git a/roles/inspircd/templates/inspircd/modules.conf.j2 b/roles/inspircd/templates/inspircd/modules.conf.j2
index 25e3eb026965bdad25ce5bc63f8725ed56bacc92..ab311ad32a13348cf10794d883f7938bdc10d179 100644
--- a/roles/inspircd/templates/inspircd/modules.conf.j2
+++ b/roles/inspircd/templates/inspircd/modules.conf.j2
@@ -24,8 +24,8 @@
<auditorium opvisible="yes" opcansee="no" opercansee="yes">
<module name="m_banexception.so">
<module name="m_banredirect.so">
-#<module name="m_blockamsg.so">
-# <blockamsg delay="3" action="noticeopers">
+<module name="m_blockamsg.so">
+ <blockamsg delay="3" action="noticeopers">
<module name="m_blockcaps.so">
<blockcaps percent="50"
@@ -84,8 +84,8 @@
<module name="m_cloaking.so">
<cloak
mode="full"
- key="{{ inspircd.cloak_key }}"
- prefix="crans"
+ key="{{ inspircd.cloak.key }}"
+ prefix="{{ inspircd.cloak.name }}"
>
#<module name="m_conn_join.so">