Moving KiwiIRC websocket behind Nginx instead of dedicated external port

2025-10-21 15:31:32 -05:00
parent 571455802b
commit 31992aa487
5 changed files with 62 additions and 58 deletions
--- a/roles/IRC/tasks/daemon.yml
+++ b/roles/IRC/tasks/daemon.yml
@@ -13,6 +13,15 @@
     - "/etc/inspircd"
     - "/etc/inspircd/data/"

+ - name: Socket directory permissions
+   become: yes
+   file:
+     state: directory
+     path: /run/inspircd
+     owner: inspircd
+     group: ircd
+     mode: 0755
+
 - name: Generate dhparam
   become: yes
   command:
--- a/roles/IRC/tasks/web.yml
+++ b/roles/IRC/tasks/web.yml
@@ -1,33 +1,30 @@
 ---

 - name: KiwiIRC Packages
-become: yes
-package:
-name:
- kiwiirc-server-bin
-state: present
-
-# Need to capture AniNIX skinning of client as well as client build process.
+  become: yes
+  package:
+    name:
+      - kiwiirc-server-bin
+    state: present

 - name: Update permissions
-become: yes
-file:
-path: "{{ item }}"
-recurse: yes
-owner: ircd
-group: http
-loop:
- /etc/kiwiirc
- /usr/share/kiwiirc
+  become: yes
+  file:
+    path: "{{ item }}"
+    recurse: yes
+    owner: ircd
+    group: http
+  loop:
+    - /etc/kiwiirc
+    - /usr/share/kiwiirc

 - name: Populate config
-become: yes
-#register: config
-template:
-src: "kiwiirc/{{ item }}.j2"
-dest: "/etc/kiwiirc/{{ item }}"
-owner: ircd
-group: http
-mode: 0640
-loop:
- "client.json"
+  become: yes
+  template:
+    src: "kiwiirc/{{ item }}.j2"
+    dest: "/etc/kiwiirc/{{ item }}"
+    owner: ircd
+    group: http
+    mode: 0640
+  loop:
+    - "client.json"
--- a/roles/IRC/templates/inspircd/inspircd.conf.j2
+++ b/roles/IRC/templates/inspircd/inspircd.conf.j2
@@ -83,34 +83,14 @@

 # Websockets
 <connect
-   name="websockets"
-   parent="main"
-   allow="*"
-   port="7778">
-<bind address=""
-   port="7778"
-   hook="websocket"
-   proxyranges="{{ main_subnet }}/{{ netmask }}"
-   nativeping="yes"
-   defaultmode="text"
-   sslprofile="websockets">
-<sslprofile
    name="websockets"
-    provider="openssl"
-    cafile="/etc/letsencrypt/live/{{ ssl['identity'] }}/chain.pem"
-    certfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/fullchain.pem"
-    keyfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/privkey.pem"
-    ciphers="{{ ssl['ciphersuite'] }}"
-    hash="sha256"
-    renegotiation="no"
-    requestclientcert="no"
-    sslv3="no"
-    tlsv1="no"
-    tlsv11="no"
-    tlsv12="yes"
-    tlsv13="yes">
-
-
+    allow="/run/inspircd/websocket.sock">
+<bind
+    path="/run/inspircd/websocket.sock"
+    type="clients"
+    hook="websocket"
+    permissions="0777"
+    replace="yes">

 # Performance
 <performance
--- a/roles/IRC/templates/kiwiirc/client.json.j2
+++ b/roles/IRC/templates/kiwiirc/client.json.j2
@@ -1,5 +1,5 @@
 {
-    "windowTitle": "{{ external_domain }}/IRC | Web IRC client",
+    "windowTitle": "{{ organization['displayname'] }}/IRC | Web IRC client",
    "startupScreen": "welcome",
    "kiwiServer": "https://irc.{{ external_domain }}/webirc/websocket/",
    "restricted": true,
@@ -18,11 +18,12 @@
        { "name": "Elite", "url": "static/themes/elite" }
    ],
    "startupOptions" : {
-        "infoContent": "<h3>{{ external_domain }}/IRC</h3>Log in with your AniNIX account.",
+        "infoContent": "<img src='https://{{ external_domain }}/assets/img/AniNIX.png' style='width:100%;height:auto;' /><h3>{{ organization['displayname'] }}/IRC</h3>Log in with your AniNIX account.",
        "channel": "#lobby",
-        "nick": "kiwi-n?",
+        "nick": "Guest?",
        "server": "irc.{{ external_domain }}",
-        "port": 7778,
+        "direct_path": "/websocket/",
+        "port": 443,
        "direct": true,
        "tls": true
    },