From c7f88d988b54dff80759a9235d249752a94ff5cf Mon Sep 17 00:00:00 2001 From: DarkFeather Date: Tue, 21 Oct 2025 13:52:25 -0500 Subject: [PATCH] IRC Update for KiwiIRC 1.7 --- roles/IRC/files/services/kiwiirc.service | 15 - roles/IRC/tasks/web.yml | 81 ++---- roles/IRC/templates/inspircd/inspircd.conf.j2 | 31 +++ roles/IRC/templates/inspircd/modules.conf.j2 | 7 + roles/IRC/templates/inspircd/opers.conf.j2 | 2 +- roles/IRC/templates/kiwiirc/client.json.j2 | 35 +++ roles/IRC/templates/kiwiirc/config.js.j2 | 259 ------------------ roles/Maat/files/aur.list | 2 + .../WebServer/files/conf.d/Yggdrasil/irc.conf | 9 +- 9 files changed, 108 insertions(+), 333 deletions(-) delete mode 100644 roles/IRC/files/services/kiwiirc.service create mode 100644 roles/IRC/templates/kiwiirc/client.json.j2 delete mode 100644 roles/IRC/templates/kiwiirc/config.js.j2 diff --git a/roles/IRC/files/services/kiwiirc.service b/roles/IRC/files/services/kiwiirc.service deleted file mode 100644 index 662326e..0000000 --- a/roles/IRC/files/services/kiwiirc.service +++ /dev/null @@ -1,15 +0,0 @@ -[Unit] -Description=AniNIX/IRC Web Client -After=network.target irc.service ircservices.service - -[Service] -WorkingDirectory=/usr/local/src/KiwiIRC/ -ExecStart=/bin/sh ./kiwi -f -ExecReload=/bin/kill -HUP $MAINPID -KillMode=control-group -Restart=always -User=ircd -Group=ircd - -[Install] -WantedBy=multi-user.target diff --git a/roles/IRC/tasks/web.yml b/roles/IRC/tasks/web.yml index ef42451..80d80b2 100644 --- a/roles/IRC/tasks/web.yml +++ b/roles/IRC/tasks/web.yml @@ -1,58 +1,33 @@ --- - - name: Clone KiwiIRC - become: yes - git: - repo: https://github.com/prawnsalad/KiwiIRC.git - dest: /usr/local/src/KiwiIRC - update: no +- name: KiwiIRC Packages +become: yes +package: +name: +- kiwiirc-server-bin +state: present - # Need to capture AniNIX skinning of client as well as client build process. +# Need to capture AniNIX skinning of client as well as client build process. - - name: Update permissions - become: yes - file: - path: /usr/local/src/KiwiIRC - recurse: yes - owner: ircd - group: ircd +- name: Update permissions +become: yes +file: +path: "{{ item }}" +recurse: yes +owner: ircd +group: http +loop: +- /etc/kiwiirc +- /usr/share/kiwiirc - - name: Populate config - become: yes - register: config - template: - src: kiwiirc/config.js.j2 - dest: /usr/local/src/KiwiIRC/config.js - owner: ircd - group: ircd - mode: 0600 - - - name: Copy service file - become: yes - register: servicesfile - copy: - src: services/kiwiirc.service - dest: /usr/lib/systemd/system/kiwiirc.service - owner: root - group: root - mode: 0644 - - - name: Reload services - when: servicesfile.changed - become: yes - systemd: - daemon_reload: true - - - name: Ensure service running - become: yes - service: - name: kiwiirc - state: started - enabled: yes - - - name: Reload on config change - become: yes - when: config.changed or servicesfile.changed - service: - name: kiwiirc - state: reloaded +- name: Populate config +become: yes +#register: config +template: +src: "kiwiirc/{{ item }}.j2" +dest: "/etc/kiwiirc/{{ item }}" +owner: ircd +group: http +mode: 0640 +loop: +- "client.json" diff --git a/roles/IRC/templates/inspircd/inspircd.conf.j2 b/roles/IRC/templates/inspircd/inspircd.conf.j2 index a169626..06d568f 100644 --- a/roles/IRC/templates/inspircd/inspircd.conf.j2 +++ b/roles/IRC/templates/inspircd/inspircd.conf.j2 @@ -81,6 +81,35 @@ tlsv13="yes"> +# Websockets + + + + # Performance @@ -91,6 +120,8 @@ softlimit="1024" quietbursts="yes"> +# If things aren't working as intended, flip the commenting of the lines above and below here. Make sure to remove /tmp/ircd.log afterwards. +# +# SHA1 module + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Abbreviation module: Provides the ability to abbreviate commands a-la @@ -414,3 +416,8 @@ # operators to prevent channels matching a glob from being created. + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Websocket module: allow websocket clients to connect + + diff --git a/roles/IRC/templates/inspircd/opers.conf.j2 b/roles/IRC/templates/inspircd/opers.conf.j2 index b4884dd..4b1eb1c 100644 --- a/roles/IRC/templates/inspircd/opers.conf.j2 +++ b/roles/IRC/templates/inspircd/opers.conf.j2 @@ -8,5 +8,5 @@ # Operators are tracked in the vault. {% for oper in secrets['IRC']['opers'] %} - + {% endfor %} diff --git a/roles/IRC/templates/kiwiirc/client.json.j2 b/roles/IRC/templates/kiwiirc/client.json.j2 new file mode 100644 index 0000000..f589f5c --- /dev/null +++ b/roles/IRC/templates/kiwiirc/client.json.j2 @@ -0,0 +1,35 @@ +{ + "windowTitle": "{{ external_domain }}/IRC | Web IRC client", + "startupScreen": "welcome", + "kiwiServer": "https://irc.{{ external_domain }}/webirc/websocket/", + "restricted": true, + "hideSettings": false, + "hideAdvancedSettings": true, + "theme": "Dark", + "themes": [ + { "name": "Default", "url": "static/themes/default" }, + { "name": "Dark", "url": "static/themes/dark" }, + { "name": "Coffee", "url": "static/themes/coffee" }, + { "name": "GrayFox", "url": "static/themes/grayfox" }, + { "name": "Nightswatch", "url": "static/themes/nightswatch" }, + { "name": "Osprey", "url": "static/themes/osprey" }, + { "name": "Radioactive", "url": "static/themes/radioactive" }, + { "name": "Sky", "url": "static/themes/sky" }, + { "name": "Elite", "url": "static/themes/elite" } + ], + "startupOptions" : { + "infoContent": "

{{ external_domain }}/IRC

Log in with your AniNIX account.", + "channel": "#lobby", + "nick": "kiwi-n?", + "server": "irc.{{ external_domain }}", + "port": 7778, + "direct": true, + "tls": true + }, + "embedly": { + "key": "" + }, + "plugins": [ + { "name": "customise", "url": "static/plugins/customise.html" } + ] +} diff --git a/roles/IRC/templates/kiwiirc/config.js.j2 b/roles/IRC/templates/kiwiirc/config.js.j2 deleted file mode 100644 index db1d838..0000000 --- a/roles/IRC/templates/kiwiirc/config.js.j2 +++ /dev/null @@ -1,259 +0,0 @@ -var conf = {}; - -// Run the Kiwi server under a different user/group -conf.user = "ircd"; -conf.group = "ircd"; - - -// Log file location -conf.log = "kiwi.log"; - - - -/* - * Server listen blocks - */ - -// Do not edit this line! -conf.servers = []; - -// Example server block -conf.servers.push({ - port: 7778, - address: "127.0.0.1" -}); - -// Example SSL server block -//conf.servers.push({ -// port: 7777, -// address: "0.0.0.0", -// -// ssl: true, -// ssl_key: "server.key", -// ssl_cert: "cert.pem" -//}); - -// Network interface for outgoing connections -conf.outgoing_address = { - IPv4: '0.0.0.0' - //IPv6: '::' -}; - - -// Do we want to enable the built in Identd server? -conf.identd = { - enabled: false, - port: 113, - address: "0.0.0.0" -}; - - - - - - -// Where the client files are -conf.public_http = "client/"; - -// Transports available to the client. -// Behind an Apache reverse proxy? Uncomment the below - Apache does not support websockets! -//conf.client_transports = ['polling']; - -// Max connections per connection. 0 to disable -conf.max_client_conns = 5; - -// Max connections per server. 0 to disable. -// Setting is ignored if: -// - There is a WEBIRC password configured for the server, -// - Kiwi is configured to send the client's ip as a username for the server, or -// - Kiwi is running in restricted server mode. -conf.max_server_conns = 0; - -/* -* Default encoding to be used by the server -* As specified and limited to iconv-lite library support. -*/ -conf.default_encoding = 'utf8'; - - -/* -* Default GECOS (real name) for IRC connections -* %n will be replaced with the users nick -* %h will be replaced with the users hostname -*/ -conf.default_gecos = '%n@%h is using a Web IRC client'; - - -/* -* Default ident / username for IRC connections -* %n will be replaced with the users nick -* %h will be replaced with the users hostname -* %i will be replaced with a hexed value of the users IP -*/ -conf.default_ident = '%i'; - - -/* -* Default quit message -* If a browser gets disconnected without sending a QUIT command, this -* message will be used instead. -*/ -conf.quit_message = 'http://www.kiwiirc.com/ - A hand-crafted IRC client'; - - -/* -* Auto reconnect if the IRC server disconnects a kiwi user -* Hundreds of connected users getting disconnected then reconnecting at once may see -* high CPU usage causing further dropouts. Set to false if under high usage. -*/ -conf.ircd_reconnect = true; - - -/* - * Client side plugins - * Array of URLs that will be loaded into the browser when the client first loads up - * See http://github.com/prawnsalad/KiwiIRC/wiki/Client-plugins - */ -conf.client_plugins = [ - // "http://server.com/kiwi/plugins/myplugin.html" -]; - - - - -// Directory to find the server modules -conf.module_dir = "../server_modules/"; - -// Which modules to load -conf.modules = [ - // Open a TCP port to control the Kiwi server (default port 8888) - // "control", - - // Automatically reload CSS files when a theme changes - // "client_file_watcher", -]; - - - - -// WebIRC password enabled for this server -conf.webirc_pass = ""; - -// Use the above *OR* the below webirc_pass option - -// Multiple WebIRC passwords may be used for multiple servers -//conf.webirc_pass = { -// "irc.network.com": "configured_webirc_password", -// "127.0.0.1": "foobar" -//}; - - -// Whether to verify IRC servers' SSL certificates against built-in well-known certificate authorities -conf.reject_unauthorised_certificates = false; - - - -/* - * Reverse proxy settings - * Reverse proxies that have been reported to work can be found at: - * https://kiwiirc.com/docs/installing/proxies - */ - -// Whitelisted HTTP proxies in CIDR format -conf.http_proxies = ["127.0.0.1/32"]; - -// Header that contains the real-ip from the HTTP proxy -conf.http_proxy_ip_header = "x-forwarded-for"; - -// Base HTTP path to the KIWI IRC client (eg. /kiwi) -conf.http_base_path = "/kiwi"; - - -/* - * SOCKS (version 5) proxy settings - * This feature is only available on node 0.10.0 and above. - * Do not enable it if you're running 0.8 or below or Bad Things will happen. - */ -conf.socks_proxy = {}; - -// Enable proxying outbound connections through a SOCKS proxy -conf.socks_proxy.enabled = false; - -// Proxy *all* outbound connections through a SOCKS proxy -conf.socks_proxy.all = false; - -// Use SOCKS proxy for these hosts only (if conf.sock_proxy.all === false) -conf.socks_proxy.proxy_hosts = [ - "irc.{{ external_domain }}" -]; - -// Host and port for the SOCKS proxy -conf.socks_proxy.address = '127.0.0.1'; -conf.socks_proxy.port = 1080; - -// Username and password for the SOCKS proxy -// Set user to null to disable password authentication -conf.socks_proxy.user = null; -conf.socks_proxy.pass = null; - - -// Default settings for the client. These may be changed in the browser -conf.client = { - server: 'localhost', - port: 6667, - ssl: false, - channel: '#lobby', - channel_key: '', - nick: 'kiwi_?', - settings: { - theme: 'cli', - text_theme: 'default', - channel_list_style: 'tabs', - scrollback: 250, - show_joins_parts: true, - show_timestamps: false, - use_24_hour_timestamps: true, - mute_sounds: false, - show_emoticons: true, - ignore_new_queries: false, - count_all_activity: false, - show_autocomplete_slideout: true, - locale: null // null = use the browser locale settings - }, - window_title: '{{ organization['displayname'] }}/IRC | KiwiIRC Webchat' -}; - -// List of themes available for the user to choose from -conf.client_themes = [ - 'relaxed', - 'mini', - 'cli', - 'basic' -]; - - -// If set, the client may only connect to this 1 IRC server -conf.restrict_server = "127.0.0.1"; -conf.restrict_server_port = 6667; -conf.restrict_server_ssl = false; -//conf.restrict_server_password = ""; - - -/* - * If running multiple kiwi servers you may specify them here. - * Note: All kiwi servers must have the same conf.http_base_path config option. - * - * To force the client to connect to one other kiwi server, use: - * conf.client.kiwi_server = 'https://kiwi-server2.com'; - * - * To force the client to connect to a random kiwi server from a list, use: - * conf.client.kiwi_server = ['https://kiwi-server1.com', 'https://kiwi-server2.com']; - */ -//conf.client.kiwi_server = ''; - - - -/* - * Do not amend the below lines unless you understand the changes! - */ -module.exports.production = conf; diff --git a/roles/Maat/files/aur.list b/roles/Maat/files/aur.list index e32b7e9..84bef0b 100644 --- a/roles/Maat/files/aur.list +++ b/roles/Maat/files/aur.list @@ -3,6 +3,7 @@ https://aur.archlinux.org/aide.git https://aur.archlinux.org/anope.git https://aur.archlinux.org/ascii-invaders.git https://aur.archlinux.org/autopsy.git +https://aur.archlinux.org/brave-bin.git https://aur.archlinux.org/brother-mfc-j430w.git https://aur.archlinux.org/brscan4.git https://aur.archlinux.org/carbonyl-bin.git @@ -25,6 +26,7 @@ https://aur.archlinux.org/inspircd.git https://aur.archlinux.org/irker.git https://aur.archlinux.org/jmtpfs.git https://aur.archlinux.org/js.git +https://aur.archlinux.org/kiwiirc-server-bin.git https://aur.archlinux.org/libdaq.git https://aur.archlinux.org/libdwarf-20140413.git https://aur.archlinux.org/mkinitcpio-dropbear.git diff --git a/roles/WebServer/files/conf.d/Yggdrasil/irc.conf b/roles/WebServer/files/conf.d/Yggdrasil/irc.conf index de2ca11..9c52a0d 100644 --- a/roles/WebServer/files/conf.d/Yggdrasil/irc.conf +++ b/roles/WebServer/files/conf.d/Yggdrasil/irc.conf @@ -3,15 +3,14 @@ server { server_name irc.aninix.net; include conf/sec.conf; + include conf/local.conf; include conf/default.csp.conf; include conf/letsencrypt.conf; location / { - proxy_set_header Host $http_host; - proxy_set_header X-Forwarded-Host $host; - proxy_set_header X-Forwarded-Server $host; - proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; - proxy_pass http://127.0.0.1:7778; + root /usr/share/kiwiirc; + autoindex on; + autoindex_format html; } }