From a8694d4ad841480a928f213d61f59b5e2648e605 Mon Sep 17 00:00:00 2001
From: Alex <caskd@420blaze.it>
Date: Sun, 24 May 2020 14:46:47 +0200
Subject: [PATCH] Initial commit, still needs configuration

---
 .gitignore                    |   1 +
 tasks/main.yml                |  29 ++
 templates/build.conf.j2       |  19 +
 templates/inspircd.conf.j2    | 632 ++++++++++++++++++++++++++++++++++
 templates/inspircd.service.j2 |  26 ++
 templates/main.motd.j2        |  17 +
 6 files changed, 724 insertions(+)
 create mode 100644 .gitignore
 create mode 100644 tasks/main.yml
 create mode 100644 templates/build.conf.j2
 create mode 100644 templates/inspircd.conf.j2
 create mode 100644 templates/inspircd.service.j2
 create mode 100644 templates/main.motd.j2

diff --git a/.gitignore b/.gitignore
new file mode 100644
index 0000000..4dc51e8
--- /dev/null
+++ b/.gitignore
@@ -0,0 +1 @@
+vault/
diff --git a/tasks/main.yml b/tasks/main.yml
new file mode 100644
index 0000000..1f79f55
--- /dev/null
+++ b/tasks/main.yml
@@ -0,0 +1,29 @@
+- name: Include sensitive info
+  include_vars:
+        dir: '{{ role_path }}/vault'
+  tags:
+        - vault
+        - inspircd
+- name: Copy files
+  loop:
+        - { src: 'build.conf', dest: '{{ inspircd.paths.build }}/.configure/cache.cfg', mode: '655' }
+        - { src: 'inspircd.conf', dest: '{{ inspircd.paths.config }}/conf/inspircd.conf', mode: '600' }
+        - { src: 'main.motd', dest: '{{ inspircd.paths.config }}/conf/main.motd', mode: '655' }
+        - { src: 'inspircd.service', dest: '/etc/systemd/system/inspircd.service', mode: '655' }
+  template:
+        follow: yes
+        src: '{{ item.src }}.j2'
+        dest: '{{ item.dest }}'
+        mode: '{{ item.mode }}'
+  notify: Run service actions
+  tags:
+        - configs
+        - vault
+        - inspircd
+- name: Build inspricd
+  make:
+        chdir: '{{ inspircd.paths.build }}'
+        target: 'install'
+  tags:
+        - build
+        - inspircd
diff --git a/templates/build.conf.j2 b/templates/build.conf.j2
new file mode 100644
index 0000000..1332eb9
--- /dev/null
+++ b/templates/build.conf.j2
@@ -0,0 +1,19 @@
+BASE_DIR {{ inspircd.paths.config }}/run
+SOCKETENGINE epoll
+DATA_DIR {{ inspircd.paths.config }}/run/data
+HAS_CLOCK_GETTIME 1
+VERSION 1
+LOG_DIR {{ inspircd.paths.config }}/run/logs
+MODULE_DIR {{ inspircd.paths.config }}/run/modules
+MANUAL_DIR {{ inspircd.paths.config }}/run/manuals
+GROUP nogroup
+UID 65534
+CXX c++
+EXAMPLE_DIR {{ inspircd.paths.config }}/run/conf/examples
+GID 65534
+BINARY_DIR {{ inspircd.paths.config }}/run/bin
+USER nogroup
+SCRIPT_DIR {{ inspircd.paths.config }}/run
+CONFIG_DIR {{ inspircd.paths.config }}/run/conf
+HAS_ARC4RANDOM_BUF
+HAS_EVENTFD 1
diff --git a/templates/inspircd.conf.j2 b/templates/inspircd.conf.j2
new file mode 100644
index 0000000..b0ff4ad
--- /dev/null
+++ b/templates/inspircd.conf.j2
@@ -0,0 +1,632 @@
+<config format="xml">
+
+#<include executable="/conf/config.sh" noexec="no">
+<module name="override">
+
+#-#-#-#-#-#-#-#-#-#-#-#-  SERVER DESCRIPTION  -#-#-#-#-#-#-#-#-#-#-#-#-
+#                                                                     #
+#   Here is where you enter the information about your server.        #
+#                                                                     #
+
+<server
+        name="{{ inspircd.server.name }}"
+        description="{{ inspircd.server.description }}"
+        network="{{ inspircd.server.network }}">
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-   ADMIN INFORMATION   -#-#-#-#-#-#-#-#-#-#-#-#
+#                                                                     #
+#   Describes the Server Administrator's real name (optionally),      #
+#   nick, and email address.                                          #
+#                                                                     #
+
+<admin
+       name="Alex"
+       nick="caskd"
+       email="caskd@gmx.de">
+
+{% for binds in inspircd.bind %}
+<bind address="{{ binds.address }}" port="{{ binds.port }}" type="{{ binds.type }}"{% if binds.tls %} ssl="gnutls"{% endif %}>
+{% endfor %}
+#-#-#-#-#-#-#-#-#-#-  CONNECTIONS CONFIGURATION  -#-#-#-#-#-#-#-#-#-#-#
+#                                                                     #
+#   This is where you can configure which connections are allowed     #
+#   and denied access onto your server. The password is optional.     #
+#   You may have as many of these as you require. To allow/deny all   #
+#   connections, use a '*' or 0.0.0.0/0.                              #
+#                                                                     #
+#  -- It is important to note that connect tags are read from the  -- #
+#     TOP DOWN. This means that you should have more specific deny    #
+#    and allow tags at the top, progressively more general, followed  #
+#        by a <connect allow="*" (should you wish to have one).       #
+#                                                                     #
+# Connect blocks are searched twice for each user - once when the TCP #
+# connection is accepted, and once when the user completes their      #
+# registration. Most of the information (hostname, ident response,    #
+# password, SSL when using STARTTLS, etc) is only available during    #
+# the second search, so if you are trying to make a closed server,    #
+# you will probably need a connect block just for user registration.  #
+# This can be done by using <connect registered="no">                 #
+
+<connect
+         # name: Name to use for this connect block. Mainly used for
+         # connect class inheriting.
+         name="main"
+
+         # allow: What IP addresses/hosts to allow for this block.
+         allow="*"
+
+         # hash: what hash this password is hashed with. requires the module
+         # for selected hash (m_md5.so, m_sha256.so or m_ripemd160.so) be
+         # loaded and the password hashing module (m_password_hash.so)
+         # loaded. Options here are: "md5", "sha256" and "ripemd160".
+         # Optional, but recommended. Create hashed passwords with:
+         # /mkpasswd <hash> <password>
+         #hash="&connecthash;"
+
+         # password: Password to use for this block/user(s)
+         #password="&connectpassword;"
+
+         # maxchans: Maximum number of channels a user in this class
+         # be in at one time. This overrides every other maxchans setting.
+         #maxchans="30"
+
+         # timeout: How long (in seconds) the server will wait before
+         # disconnecting a user if they do not do anything on connect.
+         # (Note, this is a client-side thing, if the client does not
+         # send /nick, /user or /pass)
+         timeout="10"
+
+         # pingfreq: How often (in seconds) the server tries to ping connecting clients.
+         pingfreq="120"
+
+         # hardsendq: maximum amount of data allowed in a client's send queue
+         # before they are dropped. Keep this value higher than the length of
+         # your network's /LIST or /WHO output, or you will have lots of
+         # disconnects from sendq overruns!
+         # Setting this to "1M" is equivalent to "1048576", "8K" is 8192, etc.
+         hardsendq="1M"
+
+         # softsendq: amount of data in a client's send queue before the server
+         # begins delaying their commands in order to allow the sendq to drain
+         softsendq="8192"
+
+         # recvq: amount of data allowed in a client's queue before they are dropped.
+         # Entering "8K" is equivalent to "8192", see above.
+         recvq="8K"
+
+         # threshold: This specifies the amount of command penalty a user is allowed to have
+         # before being quit or fakelagged due to flood. Normal commands have a penalty of 1,
+         # ones such as /OPER have penalties up to 10.
+         #
+         # If you are not using fakelag, this should be at least 20 to avoid excess flood kills
+         # from processing some commands.
+         threshold="10"
+
+         # commandrate: This specifies the maximum rate that commands can be processed.
+         # If commands are sent more rapidly, the user's penalty will increase and they will
+         # either be fakelagged or killed when they reach the threshold
+         #
+         # Units are millicommands per second, so 1000 means one line per second.
+         commandrate="1000"
+
+         # fakelag: Use fakelag instead of killing users for excessive flood
+         #
+         # Fake lag stops command processing for a user when a flood is detected rather than
+         # immediately killing them; their commands are held in the recvq and processed later
+         # as the user's command penalty drops. Note that if this is enabled, flooders will
+         # quit with "RecvQ exceeded" rather than "Excess Flood".
+         fakelag="on"
+
+         # localmax: Maximum local connections per IP.
+         localmax="3"
+
+         # globalmax: Maximum global (network-wide) connections per IP.
+         globalmax="30"
+
+         # useident: Defines if users in this class must respond to a ident query or not.
+         useident="no"
+
+         # usednsbl: Defines whether or not users in this class are subject to DNSBL. Default is yes.
+         # This setting only has effect when m_dnsbl is loaded.
+         #usednsbl="&usednsbl;"
+
+         # limit: How many users are allowed in this class
+         limit="5000"
+
+         # modes: Usermodes that are set on users in this block on connect.
+         # Enabling this option requires that the m_conn_umodes module be loaded.
+         # This entry is highly recommended to use for/with IP Cloaking/masking.
+         # For the example to work, this also requires that the m_cloaking
+         # module be loaded as well.
+         modes="+x">
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-  CIDR CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-
+#                                                                     #
+# CIDR configuration allows detection of clones and applying of       #
+# throttle limits across a CIDR range. (A CIDR range is a group of    #
+# IPs, for example, the CIDR range 192.168.1.0-192.168.1.255 may be   #
+# represented as 192.168.1.0/24). This means that abuse across an ISP #
+# is detected and curtailed much easier. Here is a good chart that    #
+# shows how many IPs the different CIDRs correspond to:               #
+# http://en.wikipedia.org/wiki/CIDR#Prefix_aggregation                #
+#                                                                     #
+
+<cidr
+      # ipv4clone: specifies how many bits of an IP address should be
+      # looked at for clones. The default only looks for clones on a
+      # single IP address of a user. You do not want to set this
+      # extremely low. (Values are 0-32).
+      ipv4clone="32"
+
+      # ipv6clone: specifies how many bits of an IP address should be
+      # looked at for clones. The default only looks for clones on a
+      # single IP address of a user. You do not want to set this
+      # extremely low. (Values are 0-128).
+      ipv6clone="128">
+
+
+#-#-#-#-#-#-#-#-#-#-  MISCELLANEOUS CONFIGURATION  -#-#-#-#-#-#-#-#-#-#
+#                                                                     #
+
+# Files block - contains files whose contents are used by the ircd
+#
+#   motd - displayed on connect and when a user executes /MOTD
+#   rules - displayed when the user executes /RULES
+# Modules can also define their own files
+<files motd="main.motd">
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-  SERVER OPTIONS   -#-#-#-#-#-#-#-#-#-#-#-#-#
+#                                                                     #
+#   Settings to define which features are usable on your server.      #
+#                                                                     #
+
+<options
+         # prefixquit: What (if anything) users' quit messages
+         # should be prefixed with.
+         prefixquit="Quit: "
+
+         # suffixquit: What (if anything) users' quit messages
+         # should be suffixed with.
+         suffixquit=""
+
+         # prefixpart: What (if anything) users' part messages
+         # should be prefixed with.
+         prefixpart="&quot;"
+         # NOTE: Use "\"" instead of "&quot;" if not using <config format="xml">
+
+         # suffixpart: What (if anything) users' part message
+         # should be suffixed with.
+         suffixpart="&quot;"
+
+         # fixedquit: Set all users' quit messages to this value.
+         #fixedquit=""
+
+         # fixedpart: Set all users' part messages in all channels
+         # to this value.
+         #fixedpart=""
+
+         # syntaxhints: If enabled, if a user fails to send the correct parameters
+         # for a command, the ircd will give back some help text of what
+         # the correct parameters are.
+         syntaxhints="no"
+
+         # cyclehosts: If enabled, when a user gets a host set, it will cycle
+         # them in all their channels. If not, it will simply change their host
+         # without cycling them.
+         cyclehosts="yes"
+
+         # cyclehostsfromuser: If enabled, the source of the mode change for
+         # cyclehosts will be the user who cycled. This can look nicer, but
+         # triggers anti-takeover mechanisms of some obsolete bots.
+         cyclehostsfromuser="no"
+
+         # ircumsgprefix: Use undernet-style message prefixing for NOTICE and
+         # PRIVMSG. If enabled, it will add users' prefix to the line, if not,
+         # it will just message the user normally.
+         ircumsgprefix="no"
+
+         # announcets: If set to yes, when the timestamp on a channel changes, all users
+         # in the channel will be sent a NOTICE about it.
+         announcets="yes"
+
+         # allowmismatch: Setting this option to yes will allow servers to link even
+         # if they don't have the same "optionally common" modules loaded. Setting this to
+         # yes may introduce some desyncs and unwanted behaviour.
+         allowmismatch="no"
+
+         # defaultbind: Sets the default for <bind> tags without an address. Choices are
+         # ipv4 or ipv6; if not specified, IPv6 will be used if your system has support,
+         # falling back to IPv4 otherwise.
+         defaultbind="auto"
+
+         # hostintopic: If enabled, channels will show the host of the topic setter
+         # in the topic. If set to no, it will only show the nick of the topic setter.
+         hostintopic="yes"
+
+         # pingwarning: If a server does not respond to a ping within x seconds,
+         # it will send a notice to opers with snomask +l informing that the server
+         # is about to ping timeout.
+         pingwarning="15"
+
+         # serverpingfreq: How often pings are sent between servers (in seconds).
+         serverpingfreq="60"
+
+         # defaultmodes: What modes are set on a empty channel when a user
+         # joins it and it is unregistered.
+         defaultmodes="nt"
+
+         # moronbanner: This is the text that is sent to a user when they are
+         # banned from the server.
+         moronbanner="You're banned! Email abuse@example.com with the ERROR line below for help."
+
+         # exemptchanops: exemptions for channel access restrictions based on prefix.
+         exemptchanops="nonick:v flood:o"
+
+         # invitebypassmodes: This allows /invite to bypass other channel modes.
+         # (Such as +k, +j, +l, etc.)
+         invitebypassmodes="yes"
+
+         # nosnoticestack: This prevents snotices from 'stacking' and giving you
+         # the message saying '(last message repeated X times)'. Defaults to no.
+         nosnoticestack="no"
+
+         # welcomenotice: When turned on, this sends a NOTICE to connecting users
+         # with the text Welcome to <networkname>! after successful registration.
+         # Defaults to yes.
+         welcomenotice="yes">
+
+
+#-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#
+#                                                                     #
+
+<performance
+             # netbuffersize: Size of the buffer used to receive data from clients.
+             # The ircd may only read this amount of text in 1 go at any time.
+             netbuffersize="10240"
+
+             # somaxconn: The maximum number of connections that may be waiting
+             # in the accept queue. This is *NOT* the total maximum number of
+             # connections per server. Some systems may only allow this to be up
+             # to 5, while others (such as Linux and *BSD) default to 128.
+             somaxconn="128"
+
+             # limitsomaxconn: By default, somaxconn (see above) is limited to a
+             # safe maximum value in the 2.0 branch for compatibility reasons.
+             # This setting can be used to disable this limit, forcing InspIRCd
+             # to use the value specified above.
+             limitsomaxconn="true"
+
+             # softlimit: This optional feature allows a defined softlimit for
+             # connections. If defined, it sets a soft max connections value.
+             softlimit="12800"
+
+             # quietbursts: When syncing or splitting from a network, a server
+             # can generate a lot of connect and quit messages to opers with
+             # +C and +Q snomasks. Setting this to yes squelches those messages,
+             # which makes it easier for opers, but degrades the functionality of
+             # bots like BOPM during netsplits.
+             quietbursts="yes"
+
+             # nouserdns: If enabled, no DNS lookups will be performed on
+             # connecting users. This can save a lot of resources on very busy servers.
+             nouserdns="no">
+
+#-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION  #-#-#-#-#-#-#-#-#-#-#-#
+#                                                                     #
+
+<security
+
+          # announceinvites: This option controls which members of the channel
+          # receive an announcement when someone is INVITEd. Available values:
+          # 'none' - don't send invite announcements
+          # 'all' - send invite announcements to all members
+          # 'ops' - send invite announcements to ops and higher ranked users
+          # 'dynamic' - send invite announcements to halfops (if available) and
+          #             higher ranked users. This is the recommended setting.
+          announceinvites="dynamic"
+
+          # hidemodes: If enabled, then the listmodes given will be hidden
+          # from users below halfop. This is not recommended to be set on +b
+          # as it may break some functionality in popular clients such as mIRC.
+          hidemodes="eI"
+
+          # hideulines: If this value is set to yes, U-lined servers will
+          # be hidden from non-opers in /links and /map.
+          hideulines="no"
+
+          # flatlinks: If this value is set to yes, /map and /links will
+          # be flattened when shown to non-opers.
+          flatlinks="no"
+
+          # hidewhois: When defined, the given text will be used in place
+          # of the server a user is on when whoised by a non-oper. Most
+          # networks will want to set this to something like "*.netname.net"
+          # to conceal the actual server a user is on.
+          # Note that enabling this will cause users' idle times to only be
+          # shown when the format /WHOIS <nick> <nick> is used.
+          hidewhois=""
+
+          # hidebans: If this value is set to yes, when a user is banned ([gkz]lined)
+          # only opers will see the ban message when the user is removed
+          # from the server.
+          hidebans="no"
+
+          # hidekills: If defined, replaces who set a /kill with a custom string.
+          hidekills=""
+
+          # hidesplits: If enabled, non-opers will not be able to see which
+          # servers split in a netsplit, they will only be able to see that one
+          # occurred (If their client has netsplit detection).
+          hidesplits="no"
+
+          # maxtargets: Maximum number of targets per command.
+          # (Commands like /notice, /privmsg, /kick, etc)
+          maxtargets="20"
+
+          # customversion: Displays a custom string when a user /version's
+          # the ircd. This may be set for security reasons or vanity reasons.
+          customversion=""
+
+          # operspywhois: show opers (users/auspex) the +s channels a user is in. Values:
+          #  splitmsg  Split with an explanatory message
+          #  yes       Split with no explanatory message
+          #  no        Do not show
+          operspywhois="no"
+
+          # runasuser: If this is set, InspIRCd will attempt to switch
+          # to run as this user, which allows binding of ports under 1024.
+          # You should NOT set this unless you are starting as root.
+          # NOT SUPPORTED/NEEDED UNDER WINDOWS.
+          #runasuser=""
+
+          # runasgroup: If this is set, InspIRCd will attempt to switch
+          # to run as this group, which allows binding of ports under 1024.
+          # You should NOT set this unless you are starting as root.
+          # NOT SUPPORTED/NEEDED UNDER WINDOWS.
+          #runasgroup=""
+
+          # restrictbannedusers: If this is set to yes, InspIRCd will not allow users
+          # banned on a channel to change nickname or message channels they are
+          # banned on.
+          restrictbannedusers="yes"
+
+          # genericoper: Setting this value to yes makes all opers on this server
+          # appear as 'is an IRC operator' in their WHOIS, regardless of their
+          # oper type, however oper types are still used internally. This only
+          # affects the display in WHOIS.
+          genericoper="no"
+
+          # userstats: /stats commands that users can run (opers can run all).
+          userstats="Pu">
+
+#-#-#-#-#-#-#-#-#-#-#-#-# LIMITS CONFIGURATION  #-#-#-#-#-#-#-#-#-#-#-#
+#                                                                     #
+# This configuration tag defines the maximum sizes of various types   #
+# on IRC, such as the maximum length of a channel name, and the       #
+# maximum length of a channel. Note that with the exception of the    #
+# identmax value all values given here are the exact values you would #
+# expect to see on IRC. This contrasts with the older InspIRCd        #
+# releases where these values would be one character shorter than     #
+# defined to account for a null terminator on the end of the text.    #
+#                                                                     #
+# These values should match network-wide otherwise issues will occur. #
+#                                                                     #
+# The highest safe value you can set any of these options to is 500,  #
+# but it is recommended that you keep them somewhat                   #
+# near their defaults (or lower).                                     #
+
+<limits
+        # maxnick: Maximum length of a nickname.
+        maxnick="31"
+
+        # maxchan: Maximum length of a channel name.
+        maxchan="64"
+
+        # maxmodes: Maximum number of mode changes per line.
+        maxmodes="20"
+
+        # maxident: Maximum length of a ident/username.
+        maxident="11"
+
+        # maxquit: Maximum length of a quit message.
+        maxquit="255"
+
+        # maxtopic: Maximum length of a channel topic.
+        maxtopic="307"
+
+        # maxkick: Maximum length of a kick message.
+        maxkick="255"
+
+        # maxgecos: Maximum length of a GECOS (realname).
+        maxgecos="128"
+
+        # maxaway: Maximum length of an away message.
+        maxaway="200">
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Logging
+# -------
+#
+# Logging is covered with the <log> tag, which you may use to change
+# the behaviour of the logging of the IRCd.
+#
+# In InspIRCd as of 1.2, logging is pluggable and very extensible.
+# Different files can log the same thing, different 'types' of log can
+# go to different places, and modules can even extend the log tag
+# to do what they want.
+#
+# An example log tag would be:
+#  <log method="file" type="OPER" level="default" target="logs/opers.log">
+# which would log all information on /oper (failed and successful) to
+# a file called opers.log.
+#
+# There are many different types which may be used, and modules may
+# generate their own. A list of useful types:
+#  - USERS - information relating to user connection and disconnection
+#  - OPER - succesful and failed oper attempts
+#  - KILL - kill related messages
+#  - snomask - server notices (*all* snomasks will be logged)
+#  - FILTER - messages related to filter matches (m_filter)
+#  - CONFIG - configuration related messages
+#  - COMMAND - die and restart messages, and messages related to unknown user types
+#  - SOCKET - socket engine informational/error messages
+#  - MODULE - module related messages
+#  - STARTUP - messages related to starting up the server
+#
+# You may also log *everything* by using a type of *, and subtract things out
+# of that by using -TYPE - for example "* -USERINPUT -USEROUTPUT".
+#
+# Useful levels are:
+#  - default (general messages, including errors)
+#  - sparse (misc error messages)
+#  - debug (debug messages)
+#
+# Some types only produce output in the debug level, those are:
+#  - BANCACHE - ban cache debug messages
+#  - CHANNELS - information relating to joining/creating channels
+#  - CULLLIST - debug messages related to issues with removing users
+#  - RESOLVER - DNS related debug messages
+#  - CONNECTCLASS - Connection class debug messages
+#  - USERINPUT
+#  - USEROUTPUT
+#
+# The following log tag is highly default and uncustomised. It is recommended you
+# sort out your own log tags. This is just here so you get some output.
+
+<log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="logs/ircd.log">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-  WHOWAS OPTIONS   -#-#-#-#-#-#-#-#-#-#-#-#-#
+#                                                                     #
+# This tag lets you define the behaviour of the /whowas command of    #
+# your server.                                                        #
+#                                                                     #
+
+<whowas
+        # groupsize: Maximum entries per nick shown when performing
+        # a /whowas nick.
+        groupsize="10"
+
+        # maxgroups: Maximum number of nickgroups that can be added to
+        # the list so that /whowas does not use a lot of resources on
+        # large networks.
+        maxgroups="100000"
+
+        # maxkeep: Maximum time a nick is kept in the whowas list
+        # before being pruned. Time may be specified in seconds,
+        # or in the following format: 1y2w3d4h5m6s. Minimum is
+        # 1 hour.
+        maxkeep="3d">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-  BAN OPTIONS  -#-#-#-#-#-#-#-#-#-#-#-#-#-#
+#                                                                     #
+# The ban tags define nick masks, host masks and ip ranges which are  #
+# banned from your server. All details in these tags are local to     #
+# Your server.                                                        #
+#                                                                     #
+
+<badnick nick="ChanServ" reason="Reserved For Services">
+<badnick nick="NickServ" reason="Reserved For Services">
+<badnick nick="OperServ" reason="Reserved For Services">
+<badnick nick="MemoServ" reason="Reserved For Services">
+<badnick nick="HostServ" reason="Reserved For Services">
+<badnick nick="BotServ"  reason="Reserved For Services">
+<badnick nick="AuthServ" reason="Reserved For Services">
+<badnick nick="UserServ" reason="Reserved For Services">
+<badnick nick="Q"        reason="Reserved For Services">
+
+<exception host="*@127.0.0.1" reason="localhost">
+
+#<include executable="/conf/opers.sh">
+<class name="SACommands" commands="SAJOIN SAPART SANICK SAQUIT SATOPIC SAKICK SAMODE OJOIN">
+<class name="ServerLink" commands="CONNECT SQUIT RCONNECT RSQUIT MKPASSWD ALLTIME SWHOIS JUMPSERVER LOCKSERV UNLOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex">
+<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES CBAN CLOSE" usermodes="*" chanmodes="*">
+<class name="OperChat" commands="WALLOPS GLOBOPS" usermodes="*" chanmodes="*" privs="users/mass-message">
+<class name="HostCloak" commands="SETHOST SETIDENT SETIDLE CHGNAME CHGHOST CHGIDENT" usermodes="*" chanmodes="*" privs="users/auspex">
+<type
+    # name: Name of type. Used in actual server operator accounts below.
+    # Cannot contain spaces. If you would like a space, use
+    # the _ character instead and it will translate to a space on whois.
+    name="NetAdmin"
+    # classes: Classes (blocks above) that this type belongs to.
+    classes="SACommands OperChat BanControl HostCloak Shutdown ServerLink"
+    # vhost: Host opers of this type get when they log in (oper up). This is optional.
+    #vhost="netadmin&netsuffix;"
+    # modes: User modes besides +o that are set on an oper of this type
+    # when they oper up. Used for snomasks and other things.
+    # Requires that m_opermodes.so be loaded.
+    modes="+s +cCqQ">
+<class
+     name="Shutdown"
+     # commands: Oper-only commands that opers of this class can run.
+     commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOADMODULE GLOADMODULE GUNLOADMODULE GRELOADMODULE"
+     # privs: Special privileges that users with this class may utilise.
+     #  VIEWING:
+     #   - channels/auspex: allows opers with this priv to see more detail about channels than normal users.
+     #   - users/auspex: allows opers with this priv to view more details about users than normal users, e.g. real host and IP.
+     #   - servers/auspex: allows opers with this priv to see more detail about server information than normal users.
+     # ACTIONS:
+     #   - users/mass-message: allows opers with this priv to PRIVMSG and NOTICE to a server mask (e.g. NOTICE $*)
+     #   - channels/high-join-limit: allows opers with this priv to join <channels:opers> total channels instead of <channels:users> total channels.
+     # PERMISSIONS:
+     #   - users/flood/no-fakelag: prevents opers from being penalized with fake lag for flooding (*NOTE)
+     #   - users/flood/no-throttle: allows opers with this priv to send commands without being throttled (*NOTE)
+     #   - users/flood/increased-buffers: allows opers with this priv to send and receive data without worrying about being disconnected for exceeding limits (*NOTE)
+     #
+     # *NOTE: These privs are potentially dangerous, as they grant users with them the ability to hammer your server's CPU/RAM as much as they want, essentially.
+     privs="users/auspex channels/auspex servers/auspex users/mass-message channels/high-join-limit users/flood/no-throttle users/flood/increased-buffers"
+     # usermodes: Oper-only usermodes that opers with this class can use.
+     usermodes="*"
+     # chanmodes: Oper-only channel modes that opers with this class can use.
+     chanmodes="*">
+
+#<include executable="/conf/links.sh LINK1">
+#<include executable="/conf/links.sh LINK2">
+#<include executable="/conf/links.sh LINK3">
+#<include executable="/conf/services.sh">
+
+<include file="/conf/modules.conf">
+
+#########################################################################
+#                                                                       #
+#                     - InspIRCd Development Team -                     #
+#                        http://www.inspircd.org                        #
+#                                                                       #
+#########################################################################
+
+## EXTRAS -- REDXEN
+
+<oper
+  host="caskd@10.*"
+  name="caskd"
+  password="{{ vault_inspircd.caskd.password }}"
+  hash="sha256"
+  autologin="true"
+  type="Owner">
+
+<type
+  name="Owner"
+  class="FullPerms"
+  classes="BanControl HostCloak OperChat SACommands ServerLink Shutdown"
+  vhost="redxen.eu"
+  override="MODE TOPIC">
+
+<class
+  name="FullPerms"
+  commands="WALLOPS GLOBOPS"
+  privs="users/mass-message"
+  chanmodes="*"
+  usermodes="*">
+
+<module name="permchannels">
+{% for chans in inspircd.permchannels %}
+<permchannels channel="#{{ chans.channel }}"
+  topic="{{ chans.topic }}"
+  modes="{{ chans.modes }}"
+  topicsetby="navi"
+  topicts="1577889749"
+  ts="1577889749">
+{% endfor %}
diff --git a/templates/inspircd.service.j2 b/templates/inspircd.service.j2
new file mode 100644
index 0000000..da1e771
--- /dev/null
+++ b/templates/inspircd.service.j2
@@ -0,0 +1,26 @@
+[Unit]
+Description=Inspire IRC daemon
+ExecStart={{ inspircd.paths.config }}/bin/inspircd
+Restart=always
+DynamicUser=true
+ProtectSystem=strict
+TemporaryFileSystem=/:ro
+BindReadOnlyPaths=/usr /lib /lib64 {{ inspircd.paths.config }}
+RootDirectory={{ inspircd.paths.config }}
+ProtectSystem=strict
+PrivateUsers=true
+NoNewPrivileges=yes
+ProtectControlGroups=yes
+ProtectKernelModules=yes
+ProtectKernelTunables=yes
+RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
+RestrictNamespaces=yes
+RestrictRealtime=yes
+RestrictSUIDSGID=yes
+MemoryDenyWriteExecute=yes
+LockPersonality=yes
+PrivateTmp=yes
+PrivateDevices=yes
+
+[Install]
+WantedBy=multi-user.target
diff --git a/templates/main.motd.j2 b/templates/main.motd.j2
new file mode 100644
index 0000000..76ba972
--- /dev/null
+++ b/templates/main.motd.j2
@@ -0,0 +1,17 @@
+ ________________________________________________
+|        _____          ___   __                 |
+|       |  __ \        | \ \ / /                 |
+|       | |__) |___  __| |\ V / ___ _ __         |
+|       |  _  // _ \/ _` | > < / _ \ '_ \        |
+|       | | \ \  __/ (_| |/ . \  __/ | | |       |
+|       |_|  \_\___|\__,_/_/ \_\___|_| |_|       |
+|                                                |
+|   b        Welcome to RedXen IRC!    *         |
+|      #         Enjoy your stay.         1      |
+|  0x                                         0  |
+|       Want to report something or join us?     |
+|            https://t.me/rxtelegram             |
+|                                                |
+|      Server status: https://stats.redxen.eu    |
+|      Join ZeroNet today: https://zeronet.io    |
+|________________________________________________|