aboutsummaryrefslogtreecommitdiff
path: root/scripts/hostclass/znc_server
blob: 5dbc88720f245ce5f0e810839f11edad0eec9b08 (plain) (blame)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
#!/bin/sh

: ${znc_max_networks:='16'}
: ${znc_access_role:='znc-access'}

znc_http_port=8443
znc_home=/usr/local/etc/znc
znc_user=znc
znc_tls_cert="${znc_home}/znc.crt"
znc_tls_key="${znc_home}/znc.key"
znc_clone_user='clone___'

# Install required packages.
pkg install -y \
  cyrus-sasl-saslauthd \
  nginx \
  znc

# Create ZFS dataset for ZNC configs. 
create_dataset -o "mountpoint=${znc_home}" "${state_dataset}/znc"
zfs set \
  com.sun:auto-snapshot:daily=true \
  com.sun:auto-snapshot:weekly=true \
  "${state_dataset}/znc"

# Set ownership on ZNC dir.
install_directory -o "$znc_user" -g "$znc_user" -m 0755 "$znc_home"

# Copy TLS certificate for ZNC.
install_certificate     -o "$znc_user" -g "$znc_user" znc "$znc_tls_cert"
install_certificate_key -o "$znc_user" -g "$znc_user" znc "$znc_tls_key"

# Generate ZNC configs.
install_directory -o "$znc_user" -g "$znc_user" -m 0700 \
  "${znc_home}/configs" \
  "${znc_home}/moddata" \
  "${znc_home}/moddata/cyrusauth"

[ -f "${znc_home}/configs/znc.conf" ] \
  || install_template -o "$znc_user" -g "$znc_user" -m 0600 "${znc_home}/configs/znc.conf"

install_template -o "$znc_user" -g "$znc_user" -m 0600 "${znc_home}/moddata/cyrusauth/.registry"

# Copy saslauthd configuration.
install_template -m 0644 \
  /usr/local/lib/sasl2/znc.conf \
  /usr/local/etc/saslauthd.conf

# Allow znc to read the saslauthd socket.
install_directory -m 0750 -o "$saslauthd_user" -g "$znc_user" "$saslauthd_runtime_dir"

# Generate nginx configuration.
install_template -m 0644 \
  /usr/local/etc/nginx/nginx.conf \
  /usr/local/etc/nginx/vhosts.conf
install_file -m 0644 /etc/newsyslog.conf.d/nginx.conf

sysrc -v \
  saslauthd_enable=YES \
  saslauthd_flags='-a ldap' \
  znc_enable=YES \
  nginx_enable=YES

service saslauthd restart
service znc status || service znc start
service nginx restart

# Create access role.
ldap_add "cn=${znc_access_role},${roles_basedn}" <<EOF
objectClass: groupOfMembers
cn: ${znc_access_role}
EOF