So you linked to pissnet

From pisswiki
Revision as of 11:37, 26 March 2023 by Roadkill (talk | contribs)

This page will guide you through on what you can do to improve your setup, and ideas on what to do next.

Set up your client

You may want to set up your client to oper-up on join, set some user modes, and more.

Here is a few suggestions for user modes:

  • User mode +T(*): Disable CTCPs from being sent to you.
  • User mode +J(**): Prevent SAJOIN/SAPARTs.

(*) noctcp module in upstream UnrealIRCd/PissIRCd doesn't prevent other opers from CTCPing you. Patch is relatively straightforward, though.

(**) Requires module third/nosajoinpartmode.

You can do snomasks and modes in your operblock too, see below.

Customize your oper block

You can set things such as:

  • swhois: A line that shows up when you are /WHOISed
  • operclass: I recommend netadmin for this, but you may use netadmin-with-override (be careful: you may accidentally mess things up that usually are not possible by default)
  • mask: Set this to *@host. Host would preferably be your bouncer (if you use a shared one, set it to ident@host), your IP address, or localhost. It can also be a wildcard. Use CIDRs for IP blocks (*@1.2.3.0/24) for security (10.* matches 10.example.com), and make sure you use CertFP or a strong password.
  • password: You can use password "INSERT CERTFP HERE" { certfp; } if you client supports client certificates. You can obtain the fingerprint by /WHOISing yourself while using the certificate. Then, to oper up, you can do /oper <operblock name>. (/quote oper <operblock name>, if your client enforces some sort of format, like WeeChat.)
  • snomask: You can set snomasks to add to yourself upon opering. Example: snomask foobar;
  • modes: You can set modes to add to yourself upon opering. Example: modes "+WJT";

Join some channels

There are channels varying from fun to network management to chat channels.

Channels
Channel Description
#pissnet The main channel of the network
#opers Operator channel. Chatting & network issues are discussed here.
#services Service bots
#(╯°□°)╯︵ ┻━┻ An eval bot running Ruby & shell commands
#pisswiki Wiki logs
#wallops WallopsServ bot
##asciiart ASCII art channel
#donger Fight bot
#shitbots Markov bots and other weird bots
#ducks DuckBot channel

Set up your SSL certificate

Soon, to be part of the round-robin you will need a valid SSL certificate for both irc.letspiss.net and your own server domain. To do this you can use acme.sh (run the installer!). Here is an example of how to generate a certificate for both in one go (assuming you use cloudflare for your domain, for other providers check here):

# These are the credentials required to get the irc.letspiss.net certificate
export ACMEDNS_BASE_URL="https://auth.autie.net"
export ACMEDNS_USERNAME="7a72b116-70de-4a49-83a5-dcfeb2dfabb2"
export ACMEDNS_PASSWORD="R6uA0z8-bwfU8xZxqbTIkoNUBE91Yrn7LN-34qRx"
export ACMEDNS_SUBDOMAIN="cdd942bb-0b02-4e50-9bf0-639d61c60741"

# You will have to change this!
export CF_Token="aaaaabbbbbcccc"
export CF_Account_ID="ddddeeeeeffff"
export CF_Zone_ID="ggggghhhhiiii"

~/.acme.sh/acme.sh --issue  -d irc.letspiss.net --dns dns_acmedns  -d my.fancy.server.blah.com --dns dns_cf

You can also use standalone (requires you to run the command with root access (or sudo) ( --cert-home is recommended since else the certs will be placed in your /root directory)

 /home/ircd/.acme.sh/acme.sh  --server letsencrypt --auto-upgrade --issue  -d irc.letspiss.net --dns dns_acmedns -d my.fancy.server.blah.com --standalone --cert-home /home/ircd/.acme.sh 

If you use custom DNS or want to do this manually, run the above environment variable commands for ACMEDNS_* and use the --yes-I-know-dns-manual-mode-enough-go-ahead-please option (note this does not support automatic cert renewal, and it will have to be done manually) as shown below:

~/.acme.sh/acme.sh  --server letsencrypt --auto-upgrade --issue  -d irc.letspiss.net --dns dns_acmedns  -d my.fancy.server.blah.com --yes-I-know-dns-manual-mode-enough-go-ahead-please

You will then need to manually add the new TXT record to your DNS zone while acme.sh is running.

After this you will have to edit your configs to look like this:

listen {
        ip *;
        port 6697;
        options { tls; }
        tls-options {
                certificate "/home/ircd/.acme.sh/irc.letspiss.net/fullchain.cer";
                key "/home/ircd/.acme.sh/irc.letspiss.net/irc.letspiss.net.key";
        };
}

Note: Do not change the certificate key for the serversonly listen block or your spkifp will change and you won't be able to link to the network.

Alternatively, using two certificates

If you just want to use acme.sh for the round-robin certificate and use your existing infrastructure for your other certificate(s), call acme.sh as ~/.acme.sh/acme.sh --issue -d irc.letspiss.net --dns dns_acmedns and add a SNI block instead of changing the config above:

sni irc.letspiss.net {
    tls-options {
        certificate "/home/ircd/.acme.sh/irc.letspiss.net/fullchain.cer";
        key "/home/ircd/.acme.sh/irc.letspiss.net/irc.letspiss.net.key";
    };
};

Alternatively to the alternative, use ZeroSSL

If we run out of the LetsEncrypt quota, we can use zerossl, by adding the --server zerossl parameter to acme.sh.


Things to avoid

At pissnet you can do a lot of things, but there are a few things we want you to refrain from or not do at all:

  • Do NOT link Eris (eris.berkeley.edu). This will result in a jupe/delink.
  • Please refrain from flooding too much as this causes server and client SendQ overflows and freezing
  • Please refrain from /KILLing a lot
  • Don't run services that manage nick registrations or channel registrations. UserServs are fine, but please no ChanServ's or NickServ's. We won't U-Line servers, either.
  • Please don't mess with other people's pseudoservers or bots whenever possible
  • Be kind to everyone

Suggestions on what to do

If you like programming, you could:

  • Write a pseudoserver
  • Write a few bots

And remember to have fun!