irc:openbsd:oidentd

First, install oidentd:

$ doas pkg_add oidentd

Inside your /home/znc/home/znc/.znc/configs/znc.conf file, you will want to include the identfile module:

AnonIPLimit = 1000
AuthOnlyViaModule = false
ConfigWriteDelay = 0
ConnectDelay = 5
HideVersion = false
LoadModule = chansaver
LoadModule = lastseen
LoadModule = adminlog
LoadModule = identfile
LoadModule = webadmin
LoadModule = certauth
MaxBufferSize = 10000
ProtectWebSessions = true
SSLCertFile = /home/znc/.znc/bnc3.ircnow.org.fullchain.pem
SSLKeyFile = /home/znc/.znc/bnc3.ircnow.org.key
SSLDHParamFile = /home/znc/.znc/dhparam.pem
ServerThrottle = 30
Version = 1.7.4

<Listener listener0>
        AllowIRC = true
        AllowWeb = false
        Host = 209.141.39.184
        IPv4 = true
        IPv6 = false
        Port = 6697
        SSL = true
        URIPrefix = /
</Listener>

<Listener listener1>
        AllowIRC = true
        AllowWeb = false
        Host = 2605:6400:0020:0434::
        IPv4 = false
        IPv6 = true
        Port = 6697
        SSL = true
        URIPrefix = /
</Listener>

Put this inside /etc/oidentd.conf:

user "znc" {
    default {
        allow spoof
        allow spoof_all
    }
}

If this file doesn't already exist:

# touch /home/znc/home/znc/.oidentd.conf
# ln -s /home/znc/home/znc/.oidentd.conf /home/znc/.oidentd.conf
# chown znc:znc /home/znc/home/znc/.oidentd.conf /home/znc/.oidentd.conf

Add this to /etc/pf.conf:

pass in proto tcp to port {auth} #ident

$ doas pfctl -f /etc/pf.conf

You want to connect to znc and set the ident to match the account's username (to prevent users from being able to change their ident response). This allows channel ops to ban individual users without banning the entire znc's IP address:

/msg *identfile setformat global { reply "%user%" }

Put this inside /etc/rc.local:

if [ -x /usr/local/sbin/oidentd ]; then
        echo -n ' oidentd';     /usr/local/sbin/oidentd -u _identd -g _identd
fi

This will run each time upon bootup. The first time, though, you will want to start it manually:

$ doas sh /etc/rc.local

You will probably also want to restart znc. You can do this as follows:

$ doas pkill -INT znc
$ doas su
# export HOME=/home/znc && chroot -u znc -g znc /home/znc znc > /var/log/znc.log 2>&1 &