So you want to link to pissnet

From pisswiki
Jump to: navigation, search

This manual will guide you step-by step on how to compile, configure and link your server to Pissnet.

Step 0: Contemplate your life choices

  • You sure you want to do this?
    • Really? I'm sorry.
  • Just make sure this is something you really want to do. We'd like for people to be able to not only set up a server, but also keep it maintained and updated.
  • With great power comes great responsibilipee.
  • At minimum, you'll need to know your way around a shell and be able to self diagnose your own issues on your own server. We'll try to help out but a lot of the time it's your own config that needs tweaking and only you can do that for yourself.
  • That said... UnrealIRCd is pretty simple and easy to set up and we've git things well documented here.

Important note:

  • It is highly advised that you don't use your own home computer or home internet connection if you're able to. There are many options for free-tier (or free trial with generous credits) cloud VMS providers... Including Oracle, AWS and Google. Other providers are quite inexpensive, running about $3 to $5 a month for the lowest spec vServer, which is more than plenty for an IRCd. Linode, Vultr, Hetzner, OVH, DigitalOcean, BuyVM are options if you want to get away from the 'big three.' A lot of it comes down to personal preference. Just about anything that can give you a Linux "box" is able to run UnrealIRCd. If this is your first time running a cloud service and you're not quite sure where to start, Oracle is probably the most documented and it's fairly straightforward. They have an always free tier with generous quotas, but they do require a credit card for sign-up (which is not stored on the account).

Step 1: Preparing your system

  • We will be building the IRCd from source, so of course you will need a few tools, like: git, gcc, etc.
    • On Ubuntu, Debian and the like, you can install these with apt install git build-essential python3 libssl-dev
  • It is usually a good idea to run UnrealIRCd on it's own user. You can create a ircd user with adduser --disabled-password --shell /bin/bash --gecos "User" ircd
  • Switch to the new ircd user with sudo -iu ircd

Step 2: Downloading and building the IRCd

We will download PissIRCd, which is a fork of UnrealIRCd with a few modules and patches that are useful for pissnet.

  • Get the PissIRCd source code with git clone
  • Configure it for compilation with cd pissircd && ./Config
  • The script will ask you a few questions. It is recommended to pick the defaults for everything, so you can just hit enter on every question.
  • After you finish configuring, you can now compile and install PissIRCd with make && make install

Step 3: Configuring your brand new IRCd

  • Grab the Optimal linking script of doom and execute it in your server. The script will ping every pissnet hub and give you the link block for the three hubs with the lowest ping. Save those link blocks for later.
    • If you decide to not link directly to one of the hubs, it is still a good idea to add a hub (or two) to your config (but not with autoconnect) so that you have backup links if your main link should ever drop.
  • Go to the ircd directory (with cd ~/unrealircd) and copy the example file to its final location (cp conf/examples/example.conf conf/unrealircd.conf)
  • Edit the conf/unrealircd.conf with your favorite text editor. The parts you want to change are:
    • The me {} block:
      • name is the name of your server. It doesn't need to resolve to your server, but it's a plus if it does. You can find available domains at Domains.
      • info a description for your server, you can be creative here.
      • sid is an identifier for your server and it should be unique. You can check out the Great big-ass server list of doom to find an unused one for your server.
    • The admin {} block:
      • In this block you can have up to three lines of free text. Ideally it should have some kind of info so we can contact you in case something goes wrong. You can put just your nick, nick and email or whatever.
    • The oper ... {} block:
      • This block sets the username and password you will use with the /oper command to admin your server. The default user and password are "bobsmith" and "test". CHANGE IT.
  • At the bottom of the file, paste the three link {} blocks you got when you ran the Optimal linking script of doom
  • Now you can start your IRCd with `./unrealircd start`.
    • One potential hitch at this point is whether or not you have properly configured your VMS's firewall to allow incoming and/or outgoing connections, especially on the common IRCd ports (6667, 6697, 6900)
  • Connect to it with your IRC client to check that everything is OK. Check if your oper credentials work with /oper username password as defined in your conf file, you should get auto-joined to a channel named #opers when it succeeds.

That's it! Now your server is ready to run! But before, you have to send your own link block to one of the hub administrators. Grab your link block with ./unrealircd genlinkblock, upload it to a pastebin and send it to the admins of the hubs you added to your config file (Hint: their nicks are in a comment block above the link ...{} block). After at least one hub adds you, you will automatically connect to the network!

SSL certificate

Soon, to be part of the round-robin you will need a valid SSL certificate for both and your own server domain. To do this you can use (run the installer!). Here is an example of how to generate a certificate for both in one go (assuming you use cloudflare for your domain, for other providers check here):

# These are the credentials required to get the certificate
export ACMEDNS_USERNAME="7a72b116-70de-4a49-83a5-dcfeb2dfabb2"
export ACMEDNS_PASSWORD="R6uA0z8-bwfU8xZxqbTIkoNUBE91Yrn7LN-34qRx"
export ACMEDNS_SUBDOMAIN="cdd942bb-0b02-4e50-9bf0-639d61c60741"

# You will have to change this!
export CF_Token="aaaaabbbbbcccc"
export CF_Account_ID="ddddeeeeeffff"
export CF_Zone_ID="ggggghhhhiiii"

~/ --issue  -d --dns dns_acmedns  -d --dns dns_cf

You can also use standalone (requires you to run the command with root access (or sudo) ( --cert-home is recommended since else the certs will be placed in your /root directory)

 /home/ircd/  --server letsencrypt --auto-upgrade --issue  -d --dns dns_acmedns -d --standalone --cert-home /home/ircd/ 

If you use custom DNS or want to do this manually, run the above environment variable commands for ACMEDNS_* and use the --yes-I-know-dns-manual-mode-enough-go-ahead-please option (note this does not support automatic cert renewal, and it will have to be done manually) as shown below:

~/  --server letsencrypt --auto-upgrade --issue  -d --dns dns_acmedns  -d --yes-I-know-dns-manual-mode-enough-go-ahead-please

You will then need to manually add the new TXT record to your DNS zone while is running.

After this you will have to edit your configs to look like this:

listen {
        ip *;
        port 6697;
        options { tls; }
        tls-options {
                certificate "/home/ircd/";
                key "/home/ircd/";

Note: Do not change the certificate key for the serversonly listen block or your spkifp will change and you won't be able to link to the network.

Alternatively, using two certificates

If you just want to use for the round-robin certificate and use your existing infrastructure for your other certificate(s), call as ~/ --issue -d --dns dns_acmedns and add a SNI block instead of changing the config above:

sni {
    tls-options {
        certificate "/home/ircd/";
        key "/home/ircd/";

Alternatively to the alternative, use ZeroSSL

If we run out of the LetsEncrypt quota, we can use zerossl, by adding the --server zerossl parameter to

Step 4: After you link...