First, install oidentd:
$ doas pkg_add oidentd
Inside your /home/znc/home/znc/.znc/configs/znc.conf file, you will want to include the identfile module:
AnonIPLimit = 1000
AuthOnlyViaModule = false
ConfigWriteDelay = 0
ConnectDelay = 5
HideVersion = false
LoadModule = chansaver
LoadModule = lastseen
LoadModule = adminlog
LoadModule = identfile
LoadModule = webadmin
LoadModule = certauth
MaxBufferSize = 10000
ProtectWebSessions = true
SSLCertFile = /home/znc/.znc/bnc3.ircnow.org.fullchain.pem
SSLKeyFile = /home/znc/.znc/bnc3.ircnow.org.key
SSLDHParamFile = /home/znc/.znc/dhparam.pem
ServerThrottle = 30
Version = 1.7.4
AllowIRC = true
AllowWeb = false
Host = 209.141.39.184
IPv4 = true
IPv6 = false
Port = 6697
SSL = true
URIPrefix = /
AllowIRC = true
AllowWeb = false
Host = 2605:6400:0020:0434::
IPv4 = false
IPv6 = true
Port = 6697
SSL = true
URIPrefix = /
Put this inside /etc/oidentd.conf:
user "znc" {
default {
allow spoof
allow spoof_all
}
}
If this file doesn't already exist:
# touch /home/znc/home/znc/.oidentd.conf
# ln -s /home/znc/home/znc/.oidentd.conf /home/znc/.oidentd.conf
# chown znc:znc /home/znc/home/znc/.oidentd.conf /home/znc/.oidentd.conf
Add this to /etc/pf.conf:
pass in proto tcp to port {auth} #ident
$ doas pfctl -f /etc/pf.conf
You want to connect to znc and set the ident to match the account's username (to prevent users from being able to change their ident response). This allows channel ops to ban individual users without banning the entire znc's IP address:
/msg *identfile setformat global { reply "%user%" }
Put this inside /etc/rc.local:
if [ -x /usr/local/sbin/oidentd ]; then
echo -n ' oidentd'; /usr/local/sbin/oidentd -u _identd -g _identd
fi
This will run each time upon bootup. The first time, though, you will want to start it manually:
$ doas sh /etc/rc.local
You will probably also want to restart znc. You can do this as follows:
$ doas pkill -INT znc
$ doas su
# export HOME=/home/znc && chroot -u znc -g znc /home/znc znc > /var/log/znc.log 2>&1 &