AniNIX/Kapisi
3
0
Fork 0
Code Issues 27 Pull Requests Projects 1 Releases Wiki Activity

IRC Update for KiwiIRC 1.7

Browse Source
This commit is contained in:
DarkFeather
2025-10-21 13:52:25 -05:00
parent 333a987dac
commit c7f88d988b
9 changed files with 108 additions and 333 deletions
Download Patch File Download Diff File Expand all files Collapse all files

15
roles/IRC/files/services/kiwiirc.service
View File

@@ -1,15 +0,0 @@
[Unit]
Description=AniNIX/IRC Web Client
After=network.target irc.service ircservices.service
[Service]
WorkingDirectory=/usr/local/src/KiwiIRC/
ExecStart=/bin/sh ./kiwi -f
ExecReload=/bin/kill -HUP $MAINPID
KillMode=control-group
Restart=always
User=ircd
Group=ircd
[Install]
WantedBy=multi-user.target

81
roles/IRC/tasks/web.yml
View File

@@ -1,58 +1,33 @@
---
- name: Clone KiwiIRC
become: yes
git:
repo: https://github.com/prawnsalad/KiwiIRC.git
dest: /usr/local/src/KiwiIRC
update: no
- name: KiwiIRC Packages
become: yes
package:
name:
- kiwiirc-server-bin
state: present
# Need to capture AniNIX skinning of client as well as client build process.
# Need to capture AniNIX skinning of client as well as client build process.
- name: Update permissions
become: yes
file:
path: /usr/local/src/KiwiIRC
recurse: yes
owner: ircd
group: ircd
- name: Update permissions
become: yes
file:
path: "{{ item }}"
recurse: yes
owner: ircd
group: http
loop:
- /etc/kiwiirc
- /usr/share/kiwiirc
- name: Populate config
become: yes
register: config
template:
src: kiwiirc/config.js.j2
dest: /usr/local/src/KiwiIRC/config.js
owner: ircd
group: ircd
mode: 0600
- name: Copy service file
become: yes
register: servicesfile
copy:
src: services/kiwiirc.service
dest: /usr/lib/systemd/system/kiwiirc.service
owner: root
group: root
mode: 0644
- name: Reload services
when: servicesfile.changed
become: yes
systemd:
daemon_reload: true
- name: Ensure service running
become: yes
service:
name: kiwiirc
state: started
enabled: yes
- name: Reload on config change
become: yes
when: config.changed or servicesfile.changed
service:
name: kiwiirc
state: reloaded
- name: Populate config
become: yes
#register: config
template:
src: "kiwiirc/{{ item }}.j2"
dest: "/etc/kiwiirc/{{ item }}"
owner: ircd
group: http
mode: 0640
loop:
- "client.json"

31
roles/IRC/templates/inspircd/inspircd.conf.j2
View File

@@ -81,6 +81,35 @@
tlsv13="yes">
<openssl onrehash="yes">
# Websockets
<connect
name="websockets"
parent="main"
allow="*"
port="7778">
<bind address=""
port="7778"
hook="websocket"
proxyranges="{{ main_subnet }}/{{ netmask }}"
nativeping="yes"
defaultmode="text"
sslprofile="websockets">
<sslprofile
name="websockets"
provider="openssl"
cafile="/etc/letsencrypt/live/{{ ssl['identity'] }}/chain.pem"
certfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/fullchain.pem"
keyfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/privkey.pem"
ciphers="{{ ssl['ciphersuite'] }}"
hash="sha256"
renegotiation="no"
requestclientcert="no"
sslv3="no"
tlsv1="no"
tlsv11="no"
tlsv12="yes"
tlsv13="yes">
# Performance
@@ -91,6 +120,8 @@
softlimit="1024"
quietbursts="yes">
<log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="/var/log/inspircd/inspircd.log" flush="1">
# If things aren't working as intended, flip the commenting of the lines above and below here. Make sure to remove /tmp/ircd.log afterwards.
#<log method="file" type="* -USERINPUT -USEROUTPUT" level="debug" target="/tmp/ircd.log" flush="5">
<pid file="/var/lib/inspircd/inspircd.pid">
<options

7
roles/IRC/templates/inspircd/modules.conf.j2
View File

@@ -8,6 +8,8 @@
# SHA256 module: Allows other modules to generate SHA256 hashes,
# usually for cryptographic uses and security.
<module name="m_sha256.so">
# SHA1 module
<module name="m_sha1.so">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Abbreviation module: Provides the ability to abbreviate commands a-la
@@ -414,3 +416,8 @@
# operators to prevent channels matching a glob from being created.
<module name="cban">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Websocket module: allow websocket clients to connect
<module name="websocket">
<wsorigin allow="https://irc.{{ external_domain }}">

2
roles/IRC/templates/inspircd/opers.conf.j2
View File

@@ -8,5 +8,5 @@
# Operators are tracked in the vault.
{% for oper in secrets['IRC']['opers'] %}
<oper name="{{ oper }}" password="{{ secrets['IRC']['opers'][oper] }}" hash="sha256" host="*@127.0.0.1 *@10.0.1.* *@localhost *@aninix.net" type="NetAdmin" maxchans="60">
<oper name="{{ oper }}" password="{{ secrets['IRC']['opers'][oper] }}" hash="sha256" host="*@127.0.0.1 *@10.0.1.* *@localhost *@{{ external_domain }}" type="NetAdmin" maxchans="60">
{% endfor %}

35
roles/IRC/templates/kiwiirc/client.json.j2 Normal file
View File

@@ -0,0 +1,35 @@
{
"windowTitle": "{{ external_domain }}/IRC | Web IRC client",
"startupScreen": "welcome",
"kiwiServer": "https://irc.{{ external_domain }}/webirc/websocket/",
"restricted": true,
"hideSettings": false,
"hideAdvancedSettings": true,
"theme": "Dark",
"themes": [
{ "name": "Default", "url": "static/themes/default" },
{ "name": "Dark", "url": "static/themes/dark" },
{ "name": "Coffee", "url": "static/themes/coffee" },
{ "name": "GrayFox", "url": "static/themes/grayfox" },
{ "name": "Nightswatch", "url": "static/themes/nightswatch" },
{ "name": "Osprey", "url": "static/themes/osprey" },
{ "name": "Radioactive", "url": "static/themes/radioactive" },
{ "name": "Sky", "url": "static/themes/sky" },
{ "name": "Elite", "url": "static/themes/elite" }
],
"startupOptions" : {
"infoContent": "<h3>{{ external_domain }}/IRC</h3>Log in with your AniNIX account.",
"channel": "#lobby",
"nick": "kiwi-n?",
"server": "irc.{{ external_domain }}",
"port": 7778,
"direct": true,
"tls": true
},
"embedly": {
"key": ""
},
"plugins": [
{ "name": "customise", "url": "static/plugins/customise.html" }
]
}

259
roles/IRC/templates/kiwiirc/config.js.j2
View File

@@ -1,259 +0,0 @@
var conf = {};
// Run the Kiwi server under a different user/group
conf.user = "ircd";
conf.group = "ircd";
// Log file location
conf.log = "kiwi.log";
/*
* Server listen blocks
*/
// Do not edit this line!
conf.servers = [];
// Example server block
conf.servers.push({
port: 7778,
address: "127.0.0.1"
});
// Example SSL server block
//conf.servers.push({
// port: 7777,
// address: "0.0.0.0",
//
// ssl: true,
// ssl_key: "server.key",
// ssl_cert: "cert.pem"
//});
// Network interface for outgoing connections
conf.outgoing_address = {
IPv4: '0.0.0.0'
//IPv6: '::'
};
// Do we want to enable the built in Identd server?
conf.identd = {
enabled: false,
port: 113,
address: "0.0.0.0"
};
// Where the client files are
conf.public_http = "client/";
// Transports available to the client.
// Behind an Apache reverse proxy? Uncomment the below - Apache does not support websockets!
//conf.client_transports = ['polling'];
// Max connections per connection. 0 to disable
conf.max_client_conns = 5;
// Max connections per server. 0 to disable.
// Setting is ignored if:
// - There is a WEBIRC password configured for the server,
// - Kiwi is configured to send the client's ip as a username for the server, or
// - Kiwi is running in restricted server mode.
conf.max_server_conns = 0;
/*
* Default encoding to be used by the server
* As specified and limited to iconv-lite library support.
*/
conf.default_encoding = 'utf8';
/*
* Default GECOS (real name) for IRC connections
* %n will be replaced with the users nick
* %h will be replaced with the users hostname
*/
conf.default_gecos = '%n@%h is using a Web IRC client';
/*
* Default ident / username for IRC connections
* %n will be replaced with the users nick
* %h will be replaced with the users hostname
* %i will be replaced with a hexed value of the users IP
*/
conf.default_ident = '%i';
/*
* Default quit message
* If a browser gets disconnected without sending a QUIT command, this
* message will be used instead.
*/
conf.quit_message = 'http://www.kiwiirc.com/ - A hand-crafted IRC client';
/*
* Auto reconnect if the IRC server disconnects a kiwi user
* Hundreds of connected users getting disconnected then reconnecting at once may see
* high CPU usage causing further dropouts. Set to false if under high usage.
*/
conf.ircd_reconnect = true;
/*
* Client side plugins
* Array of URLs that will be loaded into the browser when the client first loads up
* See http://github.com/prawnsalad/KiwiIRC/wiki/Client-plugins
*/
conf.client_plugins = [
// "http://server.com/kiwi/plugins/myplugin.html"
];
// Directory to find the server modules
conf.module_dir = "../server_modules/";
// Which modules to load
conf.modules = [
// Open a TCP port to control the Kiwi server (default port 8888)
// "control",
// Automatically reload CSS files when a theme changes
// "client_file_watcher",
];
// WebIRC password enabled for this server
conf.webirc_pass = "";
// Use the above *OR* the below webirc_pass option
// Multiple WebIRC passwords may be used for multiple servers
//conf.webirc_pass = {
// "irc.network.com": "configured_webirc_password",
// "127.0.0.1": "foobar"
//};
// Whether to verify IRC servers' SSL certificates against built-in well-known certificate authorities
conf.reject_unauthorised_certificates = false;
/*
* Reverse proxy settings
* Reverse proxies that have been reported to work can be found at:
* https://kiwiirc.com/docs/installing/proxies
*/
// Whitelisted HTTP proxies in CIDR format
conf.http_proxies = ["127.0.0.1/32"];
// Header that contains the real-ip from the HTTP proxy
conf.http_proxy_ip_header = "x-forwarded-for";
// Base HTTP path to the KIWI IRC client (eg. /kiwi)
conf.http_base_path = "/kiwi";
/*
* SOCKS (version 5) proxy settings
* This feature is only available on node 0.10.0 and above.
* Do not enable it if you're running 0.8 or below or Bad Things will happen.
*/
conf.socks_proxy = {};
// Enable proxying outbound connections through a SOCKS proxy
conf.socks_proxy.enabled = false;
// Proxy *all* outbound connections through a SOCKS proxy
conf.socks_proxy.all = false;
// Use SOCKS proxy for these hosts only (if conf.sock_proxy.all === false)
conf.socks_proxy.proxy_hosts = [
"irc.{{ external_domain }}"
];
// Host and port for the SOCKS proxy
conf.socks_proxy.address = '127.0.0.1';
conf.socks_proxy.port = 1080;
// Username and password for the SOCKS proxy
// Set user to null to disable password authentication
conf.socks_proxy.user = null;
conf.socks_proxy.pass = null;
// Default settings for the client. These may be changed in the browser
conf.client = {
server: 'localhost',
port: 6667,
ssl: false,
channel: '#lobby',
channel_key: '',
nick: 'kiwi_?',
settings: {
theme: 'cli',
text_theme: 'default',
channel_list_style: 'tabs',
scrollback: 250,
show_joins_parts: true,
show_timestamps: false,
use_24_hour_timestamps: true,
mute_sounds: false,
show_emoticons: true,
ignore_new_queries: false,
count_all_activity: false,
show_autocomplete_slideout: true,
locale: null // null = use the browser locale settings
},
window_title: '{{ organization['displayname'] }}/IRC | KiwiIRC Webchat'
};
// List of themes available for the user to choose from
conf.client_themes = [
'relaxed',
'mini',
'cli',
'basic'
];
// If set, the client may only connect to this 1 IRC server
conf.restrict_server = "127.0.0.1";
conf.restrict_server_port = 6667;
conf.restrict_server_ssl = false;
//conf.restrict_server_password = "";
/*
* If running multiple kiwi servers you may specify them here.
* Note: All kiwi servers must have the same conf.http_base_path config option.
*
* To force the client to connect to one other kiwi server, use:
* conf.client.kiwi_server = 'https://kiwi-server2.com';
*
* To force the client to connect to a random kiwi server from a list, use:
* conf.client.kiwi_server = ['https://kiwi-server1.com', 'https://kiwi-server2.com'];
*/
//conf.client.kiwi_server = '';
/*
* Do not amend the below lines unless you understand the changes!
*/
module.exports.production = conf;

2
roles/Maat/files/aur.list
View File

@@ -3,6 +3,7 @@ https://aur.archlinux.org/aide.git
https://aur.archlinux.org/anope.git
https://aur.archlinux.org/ascii-invaders.git
https://aur.archlinux.org/autopsy.git
https://aur.archlinux.org/brave-bin.git
https://aur.archlinux.org/brother-mfc-j430w.git
https://aur.archlinux.org/brscan4.git
https://aur.archlinux.org/carbonyl-bin.git
@@ -25,6 +26,7 @@ https://aur.archlinux.org/inspircd.git
https://aur.archlinux.org/irker.git
https://aur.archlinux.org/jmtpfs.git
https://aur.archlinux.org/js.git
https://aur.archlinux.org/kiwiirc-server-bin.git
https://aur.archlinux.org/libdaq.git
https://aur.archlinux.org/libdwarf-20140413.git
https://aur.archlinux.org/mkinitcpio-dropbear.git

9
roles/WebServer/files/conf.d/Yggdrasil/irc.conf
View File

@@ -3,15 +3,14 @@ server {
server_name irc.aninix.net;
include conf/sec.conf;
include conf/local.conf;
include conf/default.csp.conf;
include conf/letsencrypt.conf;
location /
{
proxy_set_header Host $http_host;
proxy_set_header X-Forwarded-Host $host;
proxy_set_header X-Forwarded-Server $host;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_pass http://127.0.0.1:7778;
root /usr/share/kiwiirc;
autoindex on;
autoindex_format html;
}
}