This page will guide you through on what you can do to improve your setup, and ideas on what to do next.
Set up your client
You may want to set up your client to oper-up on join, set some user modes, and more.
Here is a few suggestions for user modes:
- User mode +T(*): Disable CTCPs from being sent to you.
- User mode +J(**): Prevent SAJOIN/SAPARTs.
(*) noctcp module in upstream UnrealIRCd/PissIRCd doesn't prevent other opers from CTCPing you. Patch is relatively straightforward, though.
(**) Requires module third/nosajoinpartmode
.
You can do snomasks and modes in your operblock too, see below.
Customize your oper block
You can set things such as:
- swhois: A line that shows up when you are /WHOISed
- operclass: I recommend
netadmin
for this, but you may usenetadmin-with-override
(be careful: you may accidentally mess things up that usually are not possible by default) - mask: Set this to
*@host
. Host would preferably be your bouncer (if you use a shared one, set it toident@host
), your IP address, or localhost. It can also be a wildcard. Use CIDRs for IP blocks (*@1.2.3.0/24
) for security (10.*
matches10.example.com
), and make sure you use CertFP or a strong password. - password: You can use
password "INSERT CERTFP HERE" { certfp; }
if you client supports client certificates. You can obtain the fingerprint by /WHOISing yourself while using the certificate. Then, to oper up, you can do/oper <operblock name>
. (/quote oper <operblock name>
, if your client enforces some sort of format, like WeeChat.) - snomask: You can set snomasks to add to yourself upon opering. Example:
snomask foobar;
- modes: You can set modes to add to yourself upon opering. Example:
modes "+WJT";
Join some channels
There are channels varying from fun to network management to chat channels.
Channel | Description |
---|---|
#pissnet | The main channel of the network |
#opers | Operator channel. Chatting & network issues are discussed here. |
#services | Service bots |
#(╯°□°)╯︵ ┻━┻ | An eval bot running Ruby & shell commands |
#pisswiki | Wiki logs |
#wallops | WallopsServ bot |
##asciiart | ASCII art channel |
#donger | Fight bot |
#shitbots | Markov bots and other weird bots |
#ducks | DuckBot channel |
Set up your SSL certificate
Soon, to be part of the round-robin you will need a valid SSL certificate for both irc.letspiss.net
and your own server domain. To do this you can use acme.sh
(run the installer!). Here is an example of how to generate a certificate for both in one go (assuming you use cloudflare for your domain, for other providers check here):
# These are the credentials required to get the irc.letspiss.net certificate export ACMEDNS_BASE_URL="https://auth.autie.net" export ACMEDNS_USERNAME="7a72b116-70de-4a49-83a5-dcfeb2dfabb2" export ACMEDNS_PASSWORD="R6uA0z8-bwfU8xZxqbTIkoNUBE91Yrn7LN-34qRx" export ACMEDNS_SUBDOMAIN="cdd942bb-0b02-4e50-9bf0-639d61c60741" # You will have to change this! export CF_Token="aaaaabbbbbcccc" export CF_Account_ID="ddddeeeeeffff" export CF_Zone_ID="ggggghhhhiiii" ~/.acme.sh/acme.sh --issue -d irc.letspiss.net --dns dns_acmedns -d my.fancy.server.blah.com --dns dns_cf
You can also use standalone (requires you to run the command with root access (or sudo) ( --cert-home is recommended since else the certs will be placed in your /root directory)
/home/ircd/.acme.sh/acme.sh --server letsencrypt --auto-upgrade --issue -d irc.letspiss.net --dns dns_acmedns -d my.fancy.server.blah.com --standalone --cert-home /home/ircd/.acme.sh
If you use custom DNS or want to do this manually, run the above environment variable commands for ACMEDNS_*
and use the --yes-I-know-dns-manual-mode-enough-go-ahead-please
option (note this does not support automatic cert renewal, and it will have to be done manually) as shown below:
~/.acme.sh/acme.sh --server letsencrypt --auto-upgrade --issue -d irc.letspiss.net --dns dns_acmedns -d my.fancy.server.blah.com --yes-I-know-dns-manual-mode-enough-go-ahead-please
You will then need to manually add the new TXT
record to your DNS zone while acme.sh
is running.
After this you will have to edit your configs to look like this:
listen { ip *; port 6697; options { tls; } tls-options { certificate "/home/ircd/.acme.sh/irc.letspiss.net/fullchain.cer"; key "/home/ircd/.acme.sh/irc.letspiss.net/irc.letspiss.net.key"; }; }
Note: Do not change the certificate key for the serversonly
listen block or your spkifp will change and you won't be able to link to the network.
Alternatively, using two certificates
If you just want to use acme.sh
for the round-robin certificate and use your existing infrastructure for your other certificate(s), call acme.sh
as ~/.acme.sh/acme.sh --issue -d irc.letspiss.net --dns dns_acmedns
and add a SNI block instead of changing the config above:
sni irc.letspiss.net { tls-options { certificate "/home/ircd/.acme.sh/irc.letspiss.net/fullchain.cer"; key "/home/ircd/.acme.sh/irc.letspiss.net/irc.letspiss.net.key"; }; };
Alternatively to the alternative, use ZeroSSL
If we run out of the LetsEncrypt quota, we can use zerossl, by adding the --server zerossl
parameter to acme.sh
.
Things to avoid
At pissnet you can do a lot of things, but there are a few things we want you to refrain from or not do at all:
- Do NOT link Eris (
eris.berkeley.edu
). This will result in a jupe/delink. - Please refrain from flooding too much as this causes server and client SendQ overflows and freezing
- Please refrain from /KILLing a lot
- Don't run services that manage nick registrations or channel registrations. UserServs are fine, but please no ChanServ's or NickServ's. We won't U-Line servers, either.
- Please don't mess with other people's pseudoservers or bots whenever possible
- Be kind to everyone
Suggestions on what to do
If you like programming, you could:
- Write a pseudoserver
- Write a few bots
And remember to have fun!