|
|
| Line 56: |
Line 56: |
| | #ducks || DuckBot channel | | | #ducks || DuckBot channel |
| |} | | |} |
|
| |
| === Set up your SSL certificate ===
| |
|
| |
| Soon, to be part of the round-robin you will need a valid SSL certificate for both <code>irc.letspiss.net</code> and your own server domain. To do this you can use <code>[https://github.com/acmesh-official/acme.sh acme.sh]</code> (run the installer!). Here is an example of how to generate a certificate for both in one go (assuming you use cloudflare for your domain, for other providers [https://github.com/acmesh-official/acme.sh/wiki/dnsapi check here]):
| |
|
| |
| <pre>
| |
| # These are the credentials required to get the irc.letspiss.net certificate
| |
| export ACMEDNS_BASE_URL="https://auth.autie.net"
| |
| export ACMEDNS_USERNAME="7a72b116-70de-4a49-83a5-dcfeb2dfabb2"
| |
| export ACMEDNS_PASSWORD="R6uA0z8-bwfU8xZxqbTIkoNUBE91Yrn7LN-34qRx"
| |
| export ACMEDNS_SUBDOMAIN="cdd942bb-0b02-4e50-9bf0-639d61c60741"
| |
|
| |
| # You will have to change this!
| |
| export CF_Token="aaaaabbbbbcccc"
| |
| export CF_Account_ID="ddddeeeeeffff"
| |
| export CF_Zone_ID="ggggghhhhiiii"
| |
|
| |
| ~/.acme.sh/acme.sh --issue -d irc.letspiss.net --dns dns_acmedns -d my.fancy.server.blah.com --dns dns_cf
| |
| </pre>
| |
|
| |
| You can also use standalone (requires you to run the command with root access (or sudo) ( --cert-home is recommended since else the certs will be placed in your /root directory)
| |
| <pre> /home/ircd/.acme.sh/acme.sh --server letsencrypt --auto-upgrade --issue -d irc.letspiss.net --dns dns_acmedns -d my.fancy.server.blah.com --standalone --cert-home /home/ircd/.acme.sh </pre>
| |
| If you use custom DNS or want to do this manually, run the above environment variable commands for <code>ACMEDNS_*</code> and use the <code>--yes-I-know-dns-manual-mode-enough-go-ahead-please</code> option (note this does not support automatic cert renewal, and it will have to be done manually) as shown below:
| |
|
| |
| <pre>
| |
| ~/.acme.sh/acme.sh --server letsencrypt --auto-upgrade --issue -d irc.letspiss.net --dns dns_acmedns -d my.fancy.server.blah.com --yes-I-know-dns-manual-mode-enough-go-ahead-please
| |
| </pre>
| |
|
| |
| You will then need to manually add the new <code>TXT</code> record to your DNS zone while <code>acme.sh</code> is running.
| |
|
| |
| After this you will have to edit your configs to look like this:
| |
|
| |
| <pre>
| |
| listen {
| |
| ip *;
| |
| port 6697;
| |
| options { tls; }
| |
| tls-options {
| |
| certificate "/home/ircd/.acme.sh/irc.letspiss.net/fullchain.cer";
| |
| key "/home/ircd/.acme.sh/irc.letspiss.net/irc.letspiss.net.key";
| |
| };
| |
| }
| |
| </pre>
| |
|
| |
| '''Note''': Do not change the certificate key for the <code>serversonly</code> listen block or your spkifp will change and you won't be able to link to the network.
| |
|
| |
| === Alternatively, using two certificates ===
| |
|
| |
| If you just want to use <code>acme.sh</code> for the round-robin certificate and use your existing infrastructure for your other certificate(s), call <code>acme.sh</code> as <code>~/.acme.sh/acme.sh --issue -d irc.letspiss.net --dns dns_acmedns</code> and add a [https://www.unrealircd.org/docs/Sni_block SNI block] instead of changing the config above:
| |
|
| |
| <pre>
| |
| sni irc.letspiss.net {
| |
| tls-options {
| |
| certificate "/home/ircd/.acme.sh/irc.letspiss.net/fullchain.cer";
| |
| key "/home/ircd/.acme.sh/irc.letspiss.net/irc.letspiss.net.key";
| |
| };
| |
| };
| |
| </pre>
| |
|
| |
| ==== Alternatively to the alternative, use ZeroSSL ====
| |
|
| |
| If we run out of the LetsEncrypt quota, we can use zerossl, by adding the <code>--server zerossl</code> parameter to <code>acme.sh</code>.
| |
|
| |
|
| |
|
| === Things to avoid === | | === Things to avoid === |
This page will guide you through on what you can do to improve your setup, and ideas on what to do next.
Set up your client
You may want to set up your client to oper-up on join, set some user modes, and more.
Here is a few suggestions for user modes:
- User mode +T(*): Disable CTCPs from being sent to you.
- User mode +J(**): Prevent SAJOIN/SAPARTs.
(*) noctcp module in upstream UnrealIRCd/PissIRCd doesn't prevent other opers from CTCPing you. Patch is relatively straightforward, though.
(**) Requires module third/nosajoinpartmode.
You can do snomasks and modes in your operblock too, see below.
Customize your oper block
You can set things such as:
- swhois: A line that shows up when you are /WHOISed
- operclass: I recommend
netadmin for this, but you may use netadmin-with-override (be careful: you may accidentally mess things up that usually are not possible by default)
- mask: Set this to
*@host. Host would preferably be your bouncer (if you use a shared one, set it to ident@host), your IP address, or localhost. It can also be a wildcard. Use CIDRs for IP blocks (*@1.2.3.0/24) for security (10.* matches 10.example.com), and make sure you use CertFP or a strong password.
- password: You can use
password "INSERT CERTFP HERE" { certfp; } if you client supports client certificates. You can obtain the fingerprint by /WHOISing yourself while using the certificate. Then, to oper up, you can do /oper <operblock name>. (/quote oper <operblock name>, if your client enforces some sort of format, like WeeChat.)
- snomask: You can set snomasks to add to yourself upon opering. Example:
snomask foobar;
- modes: You can set modes to add to yourself upon opering. Example:
modes "+WJT";
Join some channels
There are channels varying from fun to network management to chat channels.
Channels
| Channel |
Description
|
| #pissnet |
The main channel of the network
|
| #opers |
Operator channel. Chatting & network issues are discussed here.
|
| #services |
Service bots
|
| #(╯°□°)╯︵ ┻━┻ |
An eval bot running Ruby & shell commands
|
| #pisswiki |
Wiki logs
|
| #wallops |
WallopsServ bot
|
| ##asciiart |
ASCII art channel
|
| #donger |
Fight bot
|
| #shitbots |
Markov bots and other weird bots
|
| #ducks |
DuckBot channel
|
Things to avoid
At pissnet you can do a lot of things, but there are a few things we want you to refrain from or not do at all:
- Do NOT link Eris (
eris.berkeley.edu). This will result in a jupe/delink.
- Please refrain from flooding too much as this causes server and client SendQ overflows and freezing
- Please refrain from /KILLing a lot
- Don't run services that manage nick registrations or channel registrations. UserServs are fine, but please no ChanServ's or NickServ's. We won't U-Line servers, either.
- Please don't mess with other people's pseudoservers or bots whenever possible
- Be kind to everyone
Suggestions on what to do
If you like programming, you could:
- Write a pseudoserver
- Write a few bots
And remember to have fun!
