Difference between revisions of "So you want to link to pissnet"

From pisswiki
Jump to: navigation, search
(ACMEDNS uses ACMEDNS_BASE_URL now instead of ACMEDNS_UPDATE_URL)
(8 intermediate revisions by 5 users not shown)
Line 4: Line 4:


* You sure you want to do this?
* You sure you want to do this?
** Really?
** Really? I'm sorry.
* Let the despair set in.
 
** Or ''don't'' let the despair set in.
* Thar be dragons here.
** They're horny.
*** (Get it? Cause they have horns? Ah. Sigh.)
* Just make sure this is something you really want to do. We'd like for people to be able to not only set up a server, '''but also keep it maintained and updated.'''
* Just make sure this is something you really want to do. We'd like for people to be able to not only set up a server, '''but also keep it maintained and updated.'''
* With great power comes great responsibili'''pee'''.  
* With great power comes great responsibili'''pee'''.  
* At minimum, you'll need to know your way around a shell and be able to self diagnose your own issues on your own server. We'll try to help out but a lot of the time it's your own config that needs tweaking and only you can do that for yourself.
* At minimum, you'll need to know your way around a shell and be able to self diagnose your own issues on your own server. We'll try to help out but a lot of the time it's your own config that needs tweaking and only you can do that for yourself.
* That said... Unrealircd is pretty simple and easy to set up. Proceed if you're horny like dragons.
* That said... UnrealIRCd is pretty simple and easy to set up and we've git things well documented here.




'''Important note:'''
'''Important note:'''


* It is highly advised that you '''don't''' use your own home computer or home internet connection for this. There are many options for free-tier (or free trial with generous credits) cloud VMS providers... Including Oracle, AWS and Google. Other providers are quite inexpensive, running about $3 to $5 a month for the lowest spec vserver, which is more than plenty for an IRCd. Linode, Vultr, Hetzner, OVH, Digital Ocean, BuyVM are options if you want to get away from the 'big three.' A lot of it comes down to personal preference. Just about anything that can give you a Linux 'box' is able to run Unrealircd. If this is your first time running a cloud service and you're not quite sure where to start, Oracle is probably the most documented and it's fairly straightforward. They have an always free tier with generous quotas, but they do require a credit card for signup (which is not stored on the account).
* It is highly advised that you '''don't''' use your own home computer or home internet connection if you're able to. There are many options for free-tier (or free trial with generous credits) cloud VMS providers... Including Oracle, AWS and Google. Other providers are quite inexpensive, running about $3 to $5 a month for the lowest spec vServer, which is more than plenty for an IRCd. Linode, Vultr, Hetzner, OVH, DigitalOcean, BuyVM are options if you want to get away from the 'big three.' A lot of it comes down to personal preference. Just about anything that can give you a Linux "box" is able to run UnrealIRCd. If this is your first time running a cloud service and you're not quite sure where to start, Oracle is probably the most documented and it's fairly straightforward. They have an always free tier with generous quotas, but they do require a credit card for sign-up (which is not stored on the account).


=== Step 1: Preparing your system ===
=== Step 1: Preparing your system ===
Line 38: Line 34:
=== Step 3: Configuring your brand new IRCd ===
=== Step 3: Configuring your brand new IRCd ===


* Grab the [[Optimal linking script of doom]] and execute it in your server. The script will ping every pissnet hub and give you the link block for the three hubs with the lowest ping. Save those link blocks for later
* Grab the [[Optimal linking script of doom]] and execute it in your server. The script will ping every pissnet hub and give you the link block for the three hubs with the lowest ping. Save those link blocks for later.
** If you decide to not link directly to one of the hubs, it is still a good idea to add a hub (or two) to your config (but not with autoconnect) so that you have backup links if your main link should ever drop.
* Go to the ircd directory (with <code>cd ~/unrealircd</code>) and copy the example file to its final location (<code>cp conf/examples/example.conf conf/unrealircd.conf</code>)
* Go to the ircd directory (with <code>cd ~/unrealircd</code>) and copy the example file to its final location (<code>cp conf/examples/example.conf conf/unrealircd.conf</code>)
* Edit the <code>conf/unrealircd.conf</code> with your favorite text editor. The parts you want to change are:
* Edit the <code>conf/unrealircd.conf</code> with your favorite text editor. The parts you want to change are:
** The <code>me {}</code> block:
** The <code>me {}</code> block:
*** <code>name</code> is the name of your server. It doesn't need to resolve to your server, but it's a plus if it does.
*** <code>name</code> is the name of your server. It doesn't need to resolve to your server, but it's a plus if it does. You can find available domains at [[Domains]].
*** <code>info</code> a description for your server, you can be creative here.
*** <code>info</code> a description for your server, you can be creative here.
*** <code>sid</code> is an identifier for your server and it should be unique. You can check out the '''[[Great big-ass server list of doom]]''' to find an unused one for your server.
*** <code>sid</code> is an identifier for your server and it should be unique. You can check out the '''[[Great big-ass server list of doom]]''' to find an unused one for your server.
Line 50: Line 47:
***This block sets the username and password you will use with the <code>/oper</code> command to admin your server. The default user and password are "bobsmith" and "test". '''CHANGE IT'''.
***This block sets the username and password you will use with the <code>/oper</code> command to admin your server. The default user and password are "bobsmith" and "test". '''CHANGE IT'''.
* At the bottom of the file, paste the three <code>link {}</code> blocks you got when you ran the [[Optimal linking script of doom]]
* At the bottom of the file, paste the three <code>link {}</code> blocks you got when you ran the [[Optimal linking script of doom]]
* Now you can start your IRCd with `./unrealircd start`. Connect to it with your IRC client to check that everything is OK. Check if your oper credentials work with <code>/oper username password</code>, you should get auto-joined to a channel named <code>#opers</code> when it succeeds.
* Now you can start your IRCd with `./unrealircd start`.
** One potential hitch at this point is whether or not you have properly configured your VMS's firewall to allow incoming and/or outgoing connections, especially on the common IRCd ports (6667, 6697, 6900)
* Connect to it with your IRC client to check that everything is OK. Check if your oper credentials work with <code>/oper username password</code> as defined in your conf file, you should get auto-joined to a channel named <code>#opers</code> when it succeeds.


That's it! Now your server is ready to run! But before, you have to send your own link block to one of the hub administrators. Grab your link block with <code>./unrealircd genlinkblock</code>, upload it to a [https://bpaste.net pastebin] and send it to the admins of the hubs you added to your config file (Hint: their nicks are in a comment block above the <code>link ...{}</code> block). After at least one hub adds you, you will automatically connect to the network!
That's it! Now your server is ready to run! But before, you have to send your own link block to one of the hub administrators. Grab your link block with <code>./unrealircd genlinkblock</code>, upload it to a [https://bpaste.net pastebin] and send it to the admins of the hubs you added to your config file (Hint: their nicks are in a comment block above the <code>link ...{}</code> block). After at least one hub adds you, you will automatically connect to the network!
== SSL certificate (before you link do this) ==
Soon, to be part of the round-robin you will need a valid SSL certificate for both <code>irc.letspiss.net</code> and your own server domain. To do this you can use <code>[https://github.com/acmesh-official/acme.sh acme.sh]</code> (run the installer!). Here is an example of how to generate a certificate for both in one go (assuming you use cloudflare for your domain, for other providers [https://github.com/acmesh-official/acme.sh/wiki/dnsapi check here]):
<pre>
# These are the credentials required to get the irc.letspiss.net certificate
export ACMEDNS_BASE_URL="https://auth.autie.net"
export ACMEDNS_USERNAME="7a72b116-70de-4a49-83a5-dcfeb2dfabb2"
export ACMEDNS_PASSWORD="R6uA0z8-bwfU8xZxqbTIkoNUBE91Yrn7LN-34qRx"
export ACMEDNS_SUBDOMAIN="cdd942bb-0b02-4e50-9bf0-639d61c60741"
# You will have to change this!
export CF_Token="aaaaabbbbbcccc"
export CF_Account_ID="ddddeeeeeffff"
export CF_Zone_ID="ggggghhhhiiii"
~/.acme.sh/acme.sh --issue  -d irc.letspiss.net --dns dns_acmedns  -d my.fancy.server.blah.com --dns dns_cf
</pre>
If you use custom DNS or want to do this manually, run the above environment variable commands for <code>ACMEDNS_*</code> and use the <code>--yes-I-know-dns-manual-mode-enough-go-ahead-please</code> option (note this does not support automatic cert renewal, and it will have to be done manually) as shown below:
<pre>
~/.acme.sh/acme.sh  --server letsencrypt --auto-upgrade --issue  -d irc.letspiss.net --dns dns_acmedns  -d my.fancy.server.blah.com --yes-I-know-dns-manual-mode-enough-go-ahead-please
</pre>
You will then need to manually add the new <code>TXT</code> record to your DNS zone while <code>acme.sh</code> is running.
After this you will have to edit your configs to look like this:
<pre>
listen {
        ip *;
        port 6697;
        options { tls; }
        tls-options {
                certificate "/home/ircd/.acme.sh/irc.letspiss.net/fullchain.cer";
                key "/home/ircd/.acme.sh/irc.letspiss.net/irc.letspiss.net.key";
        };
}
</pre>
'''Note''': Do not change the certificate key for the <code>serversonly</code> listen block or your spkifp will change and you won't be able to link to the network.
=== Alternatively, using two certificates ===
If you just want to use <code>acme.sh</code> for the round-robin certificate and use your existing infrastructure for your other certificate(s), call <code>acme.sh</code> as <code>~/.acme.sh/acme.sh --issue  -d irc.letspiss.net --dns dns_acmedns</code> and add a [https://www.unrealircd.org/docs/Sni_block SNI block] instead of changing the config above:
<pre>
sni irc.letspiss.net {
    tls-options {
        certificate "/home/ircd/.acme.sh/irc.letspiss.net/fullchain.cer";
        key "/home/ircd/.acme.sh/irc.letspiss.net/irc.letspiss.net.key";
    };
};
</pre>
=== Alternatively to the alternative, use ZeroSSL ===
If we run out of the LetsEncrypt quota, we can use zerossl, by adding the <code>--server zerossl</code> parameter to <code>acme.sh</code>.


=== Step 4: After you link... ===
=== Step 4: After you link... ===


* Create an account on this wiki and [[Form:Server|add your server to the list]]
* Create an account on this wiki and [[Form:Server|add your server to the list]]
* [[So you linked to pissnet]]

Revision as of 01:41, 20 April 2022

This manual will guide you step-by step on how to compile, configure and link your server to Pissnet.

Step 0: Contemplate your life choices

  • You sure you want to do this?
    • Really? I'm sorry.
  • Just make sure this is something you really want to do. We'd like for people to be able to not only set up a server, but also keep it maintained and updated.
  • With great power comes great responsibilipee.
  • At minimum, you'll need to know your way around a shell and be able to self diagnose your own issues on your own server. We'll try to help out but a lot of the time it's your own config that needs tweaking and only you can do that for yourself.
  • That said... UnrealIRCd is pretty simple and easy to set up and we've git things well documented here.


Important note:

  • It is highly advised that you don't use your own home computer or home internet connection if you're able to. There are many options for free-tier (or free trial with generous credits) cloud VMS providers... Including Oracle, AWS and Google. Other providers are quite inexpensive, running about $3 to $5 a month for the lowest spec vServer, which is more than plenty for an IRCd. Linode, Vultr, Hetzner, OVH, DigitalOcean, BuyVM are options if you want to get away from the 'big three.' A lot of it comes down to personal preference. Just about anything that can give you a Linux "box" is able to run UnrealIRCd. If this is your first time running a cloud service and you're not quite sure where to start, Oracle is probably the most documented and it's fairly straightforward. They have an always free tier with generous quotas, but they do require a credit card for sign-up (which is not stored on the account).

Step 1: Preparing your system

  • We will be building the IRCd from source, so of course you will need a few tools, like: git, gcc, etc.
    • On Ubuntu, Debian and the like, you can install these with apt install git build-essential python3 libssl-dev
  • It is usually a good idea to run UnrealIRCd on it's own user. You can create a ircd user with adduser --disabled-password --shell /bin/bash --gecos "User" ircd
  • Switch to the new ircd user with sudo -iu ircd

Step 2: Downloading and building the IRCd

We will download PissIRCd, which is a fork of UnrealIRCd with a few modules and patches that are useful for pissnet.

  • Get the PissIRCd source code with git clone https://github.com/pissnet/pissircd
  • Configure it for compilation with cd pissircd && ./Config
  • The script will ask you a few questions. It is recommended to pick the defaults for everything, so you can just hit enter on every question.
  • After you finish configuring, you can now compile and install PissIRCd with make && make install

Step 3: Configuring your brand new IRCd

  • Grab the Optimal linking script of doom and execute it in your server. The script will ping every pissnet hub and give you the link block for the three hubs with the lowest ping. Save those link blocks for later.
    • If you decide to not link directly to one of the hubs, it is still a good idea to add a hub (or two) to your config (but not with autoconnect) so that you have backup links if your main link should ever drop.
  • Go to the ircd directory (with cd ~/unrealircd) and copy the example file to its final location (cp conf/examples/example.conf conf/unrealircd.conf)
  • Edit the conf/unrealircd.conf with your favorite text editor. The parts you want to change are:
    • The me {} block:
      • name is the name of your server. It doesn't need to resolve to your server, but it's a plus if it does. You can find available domains at Domains.
      • info a description for your server, you can be creative here.
      • sid is an identifier for your server and it should be unique. You can check out the Great big-ass server list of doom to find an unused one for your server.
    • The admin {} block:
      • In this block you can have up to three lines of free text. Ideally it should have some kind of info so we can contact you in case something goes wrong. You can put just your nick, nick and email or whatever.
    • The oper ... {} block:
      • This block sets the username and password you will use with the /oper command to admin your server. The default user and password are "bobsmith" and "test". CHANGE IT.
  • At the bottom of the file, paste the three link {} blocks you got when you ran the Optimal linking script of doom
  • Now you can start your IRCd with `./unrealircd start`.
    • One potential hitch at this point is whether or not you have properly configured your VMS's firewall to allow incoming and/or outgoing connections, especially on the common IRCd ports (6667, 6697, 6900)
  • Connect to it with your IRC client to check that everything is OK. Check if your oper credentials work with /oper username password as defined in your conf file, you should get auto-joined to a channel named #opers when it succeeds.

That's it! Now your server is ready to run! But before, you have to send your own link block to one of the hub administrators. Grab your link block with ./unrealircd genlinkblock, upload it to a pastebin and send it to the admins of the hubs you added to your config file (Hint: their nicks are in a comment block above the link ...{} block). After at least one hub adds you, you will automatically connect to the network!

SSL certificate (before you link do this)

Soon, to be part of the round-robin you will need a valid SSL certificate for both irc.letspiss.net and your own server domain. To do this you can use acme.sh (run the installer!). Here is an example of how to generate a certificate for both in one go (assuming you use cloudflare for your domain, for other providers check here):

# These are the credentials required to get the irc.letspiss.net certificate
export ACMEDNS_BASE_URL="https://auth.autie.net"
export ACMEDNS_USERNAME="7a72b116-70de-4a49-83a5-dcfeb2dfabb2"
export ACMEDNS_PASSWORD="R6uA0z8-bwfU8xZxqbTIkoNUBE91Yrn7LN-34qRx"
export ACMEDNS_SUBDOMAIN="cdd942bb-0b02-4e50-9bf0-639d61c60741"

# You will have to change this!
export CF_Token="aaaaabbbbbcccc"
export CF_Account_ID="ddddeeeeeffff"
export CF_Zone_ID="ggggghhhhiiii"

~/.acme.sh/acme.sh --issue  -d irc.letspiss.net --dns dns_acmedns  -d my.fancy.server.blah.com --dns dns_cf

If you use custom DNS or want to do this manually, run the above environment variable commands for ACMEDNS_* and use the --yes-I-know-dns-manual-mode-enough-go-ahead-please option (note this does not support automatic cert renewal, and it will have to be done manually) as shown below:

~/.acme.sh/acme.sh  --server letsencrypt --auto-upgrade --issue  -d irc.letspiss.net --dns dns_acmedns  -d my.fancy.server.blah.com --yes-I-know-dns-manual-mode-enough-go-ahead-please

You will then need to manually add the new TXT record to your DNS zone while acme.sh is running.

After this you will have to edit your configs to look like this:

listen {
        ip *;
        port 6697;
        options { tls; }
        tls-options {
                certificate "/home/ircd/.acme.sh/irc.letspiss.net/fullchain.cer";
                key "/home/ircd/.acme.sh/irc.letspiss.net/irc.letspiss.net.key";
        };
}

Note: Do not change the certificate key for the serversonly listen block or your spkifp will change and you won't be able to link to the network.

Alternatively, using two certificates

If you just want to use acme.sh for the round-robin certificate and use your existing infrastructure for your other certificate(s), call acme.sh as ~/.acme.sh/acme.sh --issue -d irc.letspiss.net --dns dns_acmedns and add a SNI block instead of changing the config above:

sni irc.letspiss.net {
    tls-options {
        certificate "/home/ircd/.acme.sh/irc.letspiss.net/fullchain.cer";
        key "/home/ircd/.acme.sh/irc.letspiss.net/irc.letspiss.net.key";
    };
};

Alternatively to the alternative, use ZeroSSL

If we run out of the LetsEncrypt quota, we can use zerossl, by adding the --server zerossl parameter to acme.sh.

Step 4: After you link...