Updates for latest inspircd & anope

precommit-hooks/find-mismatched-macs

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+
+export IFS="
+"
+retcode=0
+
+for macline in `grep -E '^\s+mac: ' examples/*.yml`; do
+    if [ "${macline}" != "${macline,,}" ]; then
+        mac="$( echo "${macline}" | awk '{ print $2; }')"
+        retcode=1
+        echo "${mac} has mismatched case -- should be lower."
+        sed -i "s/${mac}/${mac,,}/g" examples/*.yml
+        echo "Attempted replacement."
+    fi
+done
+exit $retcode

precommit-hooks/find-passwords-in-files

@@ -28,3 +28,12 @@ if [ $? -ne 1 ]; then
     echo Otherwise, convert any files above to templates and encode the passphrase into your vault.
     exit 1;
 fi
+IFS="
+"
+for i in `ansible-vault decrypt --output - ${ANSIBLE_VAULT_FILE} | sed 's/\s\?-\?\s\?[A-Za-z0-9_]\+://' | grep -vE '\||password|^\s\?$|#|https://' | sed "s/^ \+['\"]\?//" | sed "s/[\"']\s\?//" | sort | uniq`; do
+    grep -rl "${i}" . 2>/dev/null
+    if [ $? -ne 1 ]; then
+        echo "A secret starting with $(echo "$i" | cut -c 1-7) was found in the files above."
+        exit 1;
+    fi
+done

precommit-hooks/make-sure-hooks-synced

@@ -0,0 +1,4 @@
+if [ `git ls-files -m | grep precommit-hooks/ | wc -l` != '0' ]; then
+    echo 'Hooks have changed and need to be added. Run `git add precommit-hooks`'
+    exit 1
+fi

precommit-hooks/playbook-lint-check

@@ -1,7 +0,0 @@
-#!/bin/bash
-
-# pre-commit hook to use ansible-lint to check our playbooks.
-
-for file in `find ../playbooks/ -type f`; do
-        ansible-lint "$file"
-done 

roles/IRC/files/services/anope.service

@@ -6,10 +6,10 @@ After=network.target
 [Service]
 Type=simple
 PIDFile=/run/anope/anope.pid
-ExecStart=/opt/anope/bin/services --confdir=/etc/anope/ --dbdir=/opt/anope/data --localedir=/opt/anope/locale --logdir=/var/log/anope --modulesdir=/opt/anope/lib --nofork
+ExecStart=/usr/bin/services --confdir=/etc/anope/ --dbdir=/opt/anope/data --logdir=/var/log/anope --localedir=/usr/lib/anope/locale --modulesdir=/usr/lib/anope --nofork
 ExecReload=/bin/kill -1 $MAINPID
 Restart=always
-User=ircd
+User=anope
 Group=ircd
 
 [Install]

roles/IRC/files/services/inspircd.service

@@ -5,12 +5,12 @@ After=network.target
 
 [Service]
 Type=forking
-PIDFile=/var/lib/inspircd/inspircd.pid
+PIDFile=/var/lib//inspircd.pid
-ExecStart=/usr/bin/inspircd
+ExecStart=/usr/bin/
 ExecReload=kill -HUP $MAINPID
 ExecStop=kill $MAINPID
 Restart=always
-User=ircd
+User=inspircd
 Group=ircd
 
 [Install]

roles/IRC/tasks/daemon.yml

@@ -5,12 +5,13 @@
    file:
      state: directory
      path: "{{ item }}"
-     owner: ircd
+     owner: inspircd
      group: ircd
      mode: 0750
    loop:
      - "/var/log/inspircd"
      - "/etc/inspircd"
+     - "/etc/inspircd/data/"
 
  - name: Generate dhparam
    become: yes
@@ -23,40 +24,24 @@
    file:
      state: file
      path: /etc/inspircd/dhparams.pem
-     owner: ircd
+     owner: inspircd
      group: ircd
      mode: 0640
 
- - name: Add ircd user to ssl
+ - name: Add inspircd user to ssl
    become: yes
    user:
-       name: ircd
+       name: inspircd
-       groups: ssl
+       groups: ssl,ircd
        append: yes
 
- - name: Copy service file
-   become: yes
-   register: servicesfile
-   copy:
-     src: services/inspircd.service
-     dest: /usr/lib/systemd/system/inspircd.service
-     owner: root
-     group: root
-     mode: 0644
-
- - name: Reload services
-   when: servicesfile.changed
-   become: yes
-   systemd:
-     daemon_reload: true
-
  - name: Copy config and fill in attributes
    register: templatefiles
    become: yes
    template:
      src: "inspircd/{{ item }}.j2"
      dest: "/etc/inspircd/{{ item }}"
-     owner: ircd
+     owner: inspircd
      group: ircd
      mode: 0600
    loop:
@@ -67,20 +52,11 @@
      - rules.txt
      - motd.txt
 
- - name: Tracking directory
-   become: yes
-   file:
-       dest: "/etc/inspircd/data/"
-       owner: ircd
-       group: ircd
-       mode: 0750
-       state: directory
-
  - name: Ensure tracking files
    become: yes
    file:
      dest: "/etc/inspircd/{{ item }}"
-     owner: ircd
+     owner: inspircd
      group: ircd
      mode: 0600
    loop:
@@ -96,7 +72,7 @@
 
  - name: Reload on config change
    become: yes
-   when: templatefiles.changed or servicesfile.changed
+   when: templatefiles.changed
    service:
      name: inspircd
      state: reloaded

roles/IRC/tasks/services.yml

@@ -1,11 +1,18 @@
 ---
 
+ - name: Add anope user to ircd
+   become: yes
+   user:
+       name: anope
+       groups: ircd
+       append: yes
+
  - name: Ensure directory permissions
    become: yes
    file:
      state: directory
      path: "{{ item }}"
-     owner: ircd
+     owner: anope
      group: ircd
      mode: 0700
    loop:
@@ -20,7 +27,7 @@
    template:
      src: "anope/{{ item }}.j2"
      dest: "/etc/anope/{{ item }}"
-     owner: ircd
+     owner: anope
      group: ircd
      mode: 0600
    loop:

roles/IRC/templates/anope/modules.conf.j2

@@ -36,7 +36,7 @@ module
 		 * Admin credentials used for performing searches and adding users.
 		 */
 		admin_binddn = "uid=binduser,{{ ldap['userou'] }},{{ ldap['orgdn'] }}"
-		admin_password = "{{ secrets['Sora']['bindpassword'] }}"
+		admin_password = "{{ secrets['Password']['bindpassword'] }}"
 	}
 }
 
@@ -91,7 +91,7 @@ module
 	 *
 	 * If not set, then registration is not blocked.
 	 */
-	 #disable_register_reason = "To register on this network, contact a netadmin in #lobby. They will need to add an AniNIX/Sora LDAP account for you."
+	 #disable_register_reason = "To register on this network, contact a netadmin in #lobby. They will need to add an AniNIX/Password LDAP account for you."
 
 	/*
 	 * If set, the reason to give the users who try to "/msg NickServ SET EMAIL".

roles/IRC/templates/anope/services.conf.j2

@@ -135,7 +135,7 @@ uplink
 	 *
 	 * NOTE: On some shell providers, this will not be an option.
 	 */
-	host = "10.0.1.3"
+	host = "127.0.0.1"
 
 	/*
 	 * Enable if Services should connect using IPv6.
@@ -221,19 +221,10 @@ serverinfo
  *
  * This directive tells Anope which IRCd Protocol to speak when connecting.
  * You MUST modify this to match the IRCd you run.
- *
- * Supported:
- *  - bahamut
- *  - inspircd11
- *  - inspircd12
- *  - inspircd20
- *  - plexus
- *  - ratbox
- *  - unreal
  */
 module
 {
-	name = "inspircd20"
+	name = "inspircd3"
 
 	/*
 	 * Some protocol modules can enforce mode locks server-side. This reduces the spam caused by

roles/IRC/templates/inspircd/inspircd.conf.j2

@@ -1,5 +1,4 @@
 # Includes
-<config format="xml">
 <include file="/etc/inspircd/opers.conf">
 <include file="/etc/inspircd/links.conf">
 <include file="/etc/inspircd/modules.conf">
@@ -54,6 +53,7 @@
     limit="500"
     localmax="500"
     maxconnwarn="on"
+    maxchans="20"
     modes="+wx"
     pingfreq="120"
     port="6697"
@@ -119,7 +119,7 @@
 
     defaultmodes="not"
 
-    moronbanner="You're banned! Contact {{ organization['email'] }} with the ERROR line below for help."
+    xlinemessage="You're banned! Contact {{ organization['email'] }} with the ERROR line below for help."
     exemptchanops="nonick:v flood:o"
     invitebypassmodes="yes"
     nosnoticestack="no"
@@ -134,7 +134,7 @@
     hidemodes="eI"
     hideulines="no"
     flatlinks="no"
-    hidewhois=""
+    hideserver=""
     hidebans="no"
     hidekills=""
     hidesplits="yes"
@@ -152,9 +152,8 @@
     maxquit="255"
     maxtopic="307"
     maxkick="255"
-    maxgecos="128"
+    maxreal="128"
     maxaway="200">
-<channels users="20" opers="60">
 <maxlist chan="*" limit="60">
 <whowas
     groupsize="10"

roles/IRC/templates/inspircd/links.conf.j2

@@ -3,7 +3,7 @@
 <link name="ircservices.{{ external_domain }}"
       ipaddr="core.{{ replica_domain }}"
       port="8067"
-      allowmask="10.0.1.3/32"
+      allowmask="127.0.0.1"
       sendpass="{{ secrets['IRC']['servicespass'] }}"
       recvpass="{{ secrets['IRC']['servicespass'] }}">
 

roles/IRC/templates/inspircd/modules.conf.j2

@@ -54,8 +54,8 @@
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Block CAPS module: Adds channel mode +B, blocks all-CAPS messages.
-<module name="m_blockcaps.so">
+<module name="m_anticaps.so">
-<blockcaps percent="50"
+<anticaps percent="50"
            minlen="5"
            capsmap="ABCDEFGHIJKLMNOPQRSTUVWXYZ! ">
 
@@ -402,15 +402,15 @@
 # integration with services packages.
 <module name="m_topiclock.so">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Userip module: Adds the /USERIP command.
-# Allows users to query their own IP, also allows opers to query the IP
-# of anyone else.
-<module name="m_userip.so">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Spanning tree module: Allows linking of servers using the spanning
 # tree protocol (see the READ THIS BIT section above).
 # You will almost always want to load this.
 #
 <module name="m_spanningtree.so">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# CBAN module: This module adds the /CBAN command which allows server
+# operators to prevent channels matching a glob from being created.
+
+<module name="cban">

roles/IRC/templates/inspircd/motd.txt.j2

@@ -31,7 +31,7 @@ You should check which channels you want to join.
 Type the following to get a list:
 /list
 
-You will need to request an AniNIX/Sora LDAP
+You will need to request an AniNIX/Password LDAP
 account from an op or founder in #lobby to be
 able to log in. If you already have an account,
 use the following to authenticate:

roles/IRC/templates/inspircd/opers.conf.j2

@@ -8,5 +8,5 @@
 
 # Operators are tracked in the vault.
 {% for oper in secrets['IRC']['opers'] %}
-<oper name="{{ oper }}" password="{{ secrets['IRC']['opers'][oper] }}" hash="sha256" host="*@127.0.0.1 *@10.0.1.* *@localhost *@aninix.net" type="NetAdmin">
+<oper name="{{ oper }}" password="{{ secrets['IRC']['opers'][oper] }}" hash="sha256" host="*@127.0.0.1 *@10.0.1.* *@localhost *@aninix.net" type="NetAdmin" maxchans="60">
 {% endfor %}