From ae4fe7e931c5a91a1fc3dc569a24c4a9a585fdc4 Mon Sep 17 00:00:00 2001
From: Emmanuel Garette <egarette@silique.fr>
Date: Sun, 25 Dec 2022 17:09:14 +0100
Subject: [PATCH] add znc

---
 seed/znc/dictionaries/40_znc.xml        | 45 ++++++++++++++++++
 seed/znc/extras/machine/20_unbound.xml  | 17 +++++++
 seed/znc/manual/image/preinstall/znc.sh |  1 +
 seed/znc/templates/sysuser-znc.conf     |  3 ++
 seed/znc/templates/tmpfile-znc.conf     |  9 ++++
 seed/znc/templates/znc.conf             | 61 +++++++++++++++++++++++++
 seed/znc/templates/znc.crt              |  2 +
 seed/znc/templates/znc.key              |  1 +
 seed/znc/templates/znc.service          |  2 +
 seed/znc/templates/znc_passwords        |  8 ++++
 10 files changed, 149 insertions(+)
 create mode 100644 seed/znc/dictionaries/40_znc.xml
 create mode 100644 seed/znc/extras/machine/20_unbound.xml
 create mode 100644 seed/znc/manual/image/preinstall/znc.sh
 create mode 100644 seed/znc/templates/sysuser-znc.conf
 create mode 100644 seed/znc/templates/tmpfile-znc.conf
 create mode 100644 seed/znc/templates/znc.conf
 create mode 100644 seed/znc/templates/znc.crt
 create mode 100644 seed/znc/templates/znc.key
 create mode 100644 seed/znc/templates/znc.service
 create mode 100644 seed/znc/templates/znc_passwords

diff --git a/seed/znc/dictionaries/40_znc.xml b/seed/znc/dictionaries/40_znc.xml
new file mode 100644
index 00000000..9ada380b
--- /dev/null
+++ b/seed/znc/dictionaries/40_znc.xml
@@ -0,0 +1,45 @@
+<?xml version='1.0' encoding='UTF-8'?>
+<rougail version="0.10">
+  <services>
+    <service name="znc" target="multi-user">
+      <override/>
+      <file mode="700">/secrets/znc_passwords</file>
+      <file engine="none" source="sysuser-znc.conf">/sysusers.d/1znc.conf</file>
+      <file source="tmpfile-znc.conf">/tmpfiles.d/0znc.conf</file>
+      <file owner="znc" mode="640">/etc/znc/znc.conf</file>
+      <file>/etc/pki/tls/certs/znc.crt</file>
+      <file owner="znc" mode="400">/etc/pki/tls/private/znc.key</file>
+    </service>
+  </services>
+  <variables>
+    <family name="network">
+      <variable name="incoming_ports" redefine="True">
+        <value>5535</value>
+      </variable>
+      <!--variable name="outgoing_ports" redefine="True">
+               <value>6697</value>
+        </variable>-->
+    </family>
+    <family name="znc" description="IRC Bouncer ZNC">
+      <variable name="external_domain_name" type="domainname" description="Nom de domaine externe de ZNC" mandatory="True"/>
+      <variable name="user_name" type="unix_user" description="Utilisateur IRC et ZNC" mandatory="True"/>
+      <variable name="user_password" type="password" description="Mot de passe de l'utilisateur ZNC" mandatory="True"/>
+      <variable name="real_name" description="Nom d'utilisateur réel" mandatory="True"/>
+      <family name="servers" description="Serveurs IRC" leadership="True">
+        <variable name="server_names" type="domainname" description="Adresse du serveur IRC" multi="True" mandatory="True"/>
+        <variable name="password" type="password" description="Mot de passe de l'utilisateur sur le serveur IRC" mandatory="True"/>
+        <variable name="port" type="port" description="Port TLS du serveur IRC" mandatory="True" hidden="True">
+          <value>6697</value>
+        </variable>
+        <variable name="channels" description="Nom des salons du serveur IRC" multi="True" mandatory="True"/>
+      </family>
+    </family>
+  </variables>
+  <constraints>
+    <fill name="calc_value">
+      <param type="variable">port</param>
+      <param name="remove_duplicate_value" type="boolean">True</param>
+      <target>outgoing_ports</target>
+    </fill>
+  </constraints>
+</rougail>
diff --git a/seed/znc/extras/machine/20_unbound.xml b/seed/znc/extras/machine/20_unbound.xml
new file mode 100644
index 00000000..c8842485
--- /dev/null
+++ b/seed/znc/extras/machine/20_unbound.xml
@@ -0,0 +1,17 @@
+<?xml version="1.0" encoding="utf-8"?>
+<rougail version="0.10">
+  <variables>
+    <variable name="var_size" redefine="True">
+      <value>256</value>
+    </variable>
+    <variable name="add_tmp" redefine="True">
+      <value>False</value>
+    </variable>
+    <variable name="add_swap" redefine="True">
+      <value>False</value>
+    </variable>
+    <variable name='memory' redefine="True" exists="True">
+      <value>512</value>
+    </variable>
+  </variables>
+</rougail>
diff --git a/seed/znc/manual/image/preinstall/znc.sh b/seed/znc/manual/image/preinstall/znc.sh
new file mode 100644
index 00000000..a59ba915
--- /dev/null
+++ b/seed/znc/manual/image/preinstall/znc.sh
@@ -0,0 +1 @@
+PKG="$PKG znc"
diff --git a/seed/znc/templates/sysuser-znc.conf b/seed/znc/templates/sysuser-znc.conf
new file mode 100644
index 00000000..a77bc434
--- /dev/null
+++ b/seed/znc/templates/sysuser-znc.conf
@@ -0,0 +1,3 @@
+g znc 998 -
+u znc 998:1000     "Account for ZNC to run as" /var/lib/znc	/sbin/nologin
+m znc ssl-cert
diff --git a/seed/znc/templates/tmpfile-znc.conf b/seed/znc/templates/tmpfile-znc.conf
new file mode 100644
index 00000000..fa5efac7
--- /dev/null
+++ b/seed/znc/templates/tmpfile-znc.conf
@@ -0,0 +1,9 @@
+d     /etc/znc                                750  root znc   -           -
+d     /srv/znc                                750  root znc   -           -
+d     /srv/znc/modules                        750  znc  znc   -           -
+d     /srv/znc/users                          750  znc  znc   -           -
+d     /var/lib/znc                            750  root znc   -           -
+d     /var/lib/znc/.znc                       750  root znc   -           -
+L     /var/lib/znc/.znc/configs               -    -    -     -           /etc/znc
+L     /var/lib/znc/.znc/modules               -    -    -     -           /srv/znc/modules
+L     /var/lib/znc/.znc/users                 -    -    -     -           /srv/znc/users
diff --git a/seed/znc/templates/znc.conf b/seed/znc/templates/znc.conf
new file mode 100644
index 00000000..c3f43c72
--- /dev/null
+++ b/seed/znc/templates/znc.conf
@@ -0,0 +1,61 @@
+%compiler-settings
+commentStartToken = //
+%end compiler-settings
+//GNUNUX generate with command znc --makeconf
+// WARNING
+//
+// Do NOT edit this file while ZNC is running!
+// Use webadmin or *controlpanel instead.
+//
+// Altering this file by hand will forfeit all support.
+//
+// But if you feel risky, you might want to read help on /znc saveconfig and /znc rehash.
+// Also check https://wiki.znc.in/Configuration
+
+//>GNUNUX
+SSLCertFile = /etc/pki/tls/certs/znc.crt
+SSLKeyFile  = /etc/pki/tls/private/znc.key
+//<GNUNUX
+
+Version = 1.8.2
+<Listener l>
+//>GNUNUX
+	AllowWeb = false
+//<GNUNUX
+	Port = 5535
+	IPv4 = true
+	IPv6 = false
+	SSL = true
+</Listener>
+//GNUNUX LoadModule = webadmin
+
+<User %%user_name>
+        {{PASSWORD}}
+	Admin      = false
+	Nick       = %%user_name
+	AltNick    = %%{user_name}_
+	Ident      = %%user_name
+	LoadModule = chansaver
+//GNUNUX	LoadModule = controlpanel
+//>GNUNUX
+        RealName   = %%real_name
+//<GNUNUX
+
+%for %%server in %%server_names
+	<Network %%server>
+		LoadModule = simple_away
+//>GNUNUX
+                LoadModule = keepnick
+                LoadModule = kickrejoin
+                LoadModule = nickserv
+                IRCConnectEnabled = true
+//<GNUNUX
+		Server     = %%server +%%server.port %%server.password
+  %for %%channel in %%server.channels
+		<Chan #%%channel>
+		</Chan>
+  %end for
+	</Network>
+%end for
+</User>
+
diff --git a/seed/znc/templates/znc.crt b/seed/znc/templates/znc.crt
new file mode 100644
index 00000000..88816c0b
--- /dev/null
+++ b/seed/znc/templates/znc.crt
@@ -0,0 +1,2 @@
+%set %%chain=%%get_chain(%%external_domain_name, authority_cn=%%domain_name_eth0, authority_name="External", hide=%%hide_secret)
+%%get_certificate(%%external_domain_name, authority_cn=%%domain_name_eth0, authority_name='External', hide=%%hide_secret)
diff --git a/seed/znc/templates/znc.key b/seed/znc/templates/znc.key
new file mode 100644
index 00000000..01f0fb0e
--- /dev/null
+++ b/seed/znc/templates/znc.key
@@ -0,0 +1 @@
+%%get_private_key(cn=%%external_domain_name, authority_cn=%%domain_name_eth0, authority_name='External', hide=%%hide_secret)
diff --git a/seed/znc/templates/znc.service b/seed/znc/templates/znc.service
new file mode 100644
index 00000000..598be267
--- /dev/null
+++ b/seed/znc/templates/znc.service
@@ -0,0 +1,2 @@
+[Service]
+ExecStartPre=+/usr/local/lib/secrets/znc_passwords
diff --git a/seed/znc/templates/znc_passwords b/seed/znc/templates/znc_passwords
new file mode 100644
index 00000000..3e245de7
--- /dev/null
+++ b/seed/znc/templates/znc_passwords
@@ -0,0 +1,8 @@
+%echo '#!/bin/bash -e'
+
+# Convert password with znc
+password="%%user_password"
+pass=$(echo -e "$password\n$password\n"|/usr/bin/znc -ns|grep -A4 '<Pass');
+pass_sed=${pass//$'\n'/\\$'\n'}
+sed -i "s@{{PASSWORD}}@$pass_sed@g" /etc/znc/znc.conf
+exit 0