Differences

This shows you the differences between two versions of the page.

--- openbsd:irc:acopm [2020/05/08 03:42]
rails created
+++ openbsd:irc:acopm [2020/05/11 07:24] (current)
net_wayfarer Copied from my own personal wiki
@@ Line 1: / Line 1: @@
-ACOPM requires automake/autoconf, bash and some extra libs:
+===== Pre-requisites =====
+  * It is assumed you have ''[[openbsd:doas|doas]]'' configured properly. If you do not have this configured properly and are interfacing with your server as root, you are asking for trouble!
+  * It is assumed you have ran ''adduser'' before. If not, you can run it and the majority of the defaults are fine.
+  * It is **also** assumed you have your own favourite text editor. If you **do not have** a favourite text editor, I recommend installing ''nano'' via ''doas pkg_add nano''. You must know how to use your favourite text editor as I won't cover you on how to use it.
+  * A valid SSL/TLS certificate is required. If you do not have one you cannot use TLS function, and must have it disabled.
+  * ACOPM requires automake/autoconf, bash and some extra libraries.
+  * **''BASH'' is required due to some funkiness in autoconf (ac) scripts. not optional.**
-**Bash is required due to some funkiness in ac scripts. not optional**
+===== Installation =====
+Create acopm as its own user.
+<code>
+$ doas adduser
+Use option ``-silent'' if you don't want to see all warnings and questions.
-<code bash>
+Reading /etc/shells
-pkg_add git bash autoconf-2.69p2 automake-1.16.1 libconfig libevent mbedtls
+Check /etc/master.passwd
+Check /etc/group
+Ok, let's go.
+Don't worry about mistakes. There will be a chance later to correct any input.
+Enter username []: acopm
+Enter full name []: acopm
+Enter shell bash csh jk_chrootsh ksh nologin sh [ksh]: nologin
+Uid [1002]: 65531
+Login group acopm [acopm]:
+Login group is ``acopm''. Invite acopm into other groups: guest no
+[no]:
+Login class authpf bgpd daemon default pbuild staff unbound znc
+[default]: daemon
+Enter password []:
+Disable password logins for the user? (y/n) [n]: y
+Name:        acopm
+Password:    ****
+Fullname:    acopm
+Uid:         65531
+Gid:         65531 (acopm)
+Groups:      acopm
+Login Class: daemon
+HOME:        /home/acopm
+Shell:       /sbin/nologin
+OK? (y/n) [y]:
+Added user ``acopm''
+Copy files from /etc/skel to /home/acopm
+Add another user? (y/n) [y]: n
+Goodbye!
 </code>
-drop into a separate user, then:
+Install the necessary packages.
-<code bash>
+<code>
-git clone https://packages.alphachat.net/projects/ACOPM.git
+$ doas pkg_add git bash autoconf-2.69p2 automake-1.16.1 libconfig libevent mbedtls
-cd ACOPM
+</code>
-AUTOMAKE_VERSION=1.16 AUTOCONF_VERSION=2.69 bash ./autogen.sh
-CPPFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib LIBS="-levent_core -levent_extra" \
+Navigate into the newly created user.
+<code>
+$ cd /home/acopm
+</code>
+Fetch the project from the project page.
+<code>
+doas -u acopm git clone https://packages.alphachat.net/projects/ACOPM.git
+</code>
+Go into the ''ACOPM'' directory.
+<code>
+$ cd ACOPM
+</code>
+Explicitly state the versions that are installed for both ''automake'' and ''autoconf'' to ''autogen''.
+<code>
+$ doas -u acopm AUTOMAKE_VERSION=1.16 AUTOCONF_VERSION=2.69 bash ./autogen.sh
+</code>
+Explicitly state all the files in which ''configure'' needs.
+<code>
+$ doas -u acopm CPPFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib LIBS="-levent_core -levent_extra" \
 bash ./configure --with-mbedtls --prefix=$HOME/opt
-make clean all install
 </code>
-this will leave you with a ready-to-configure ACOPM install in $HOME/opt
+Clean, build and install ''acopm''.
+<code>
+$ doas -u acopm make clean all install
+</code>
+This will leave you with a ready-to-configure ACOPM install in $HOME/opt. Now we navigate into $HOME/opt/etc.
+<code>
+$ cd ../opt/etc
+</code>
+Replicate ''acopm.conf.example'' as ''acopm.conf'' and edit with **your own favourite text editor**. In my case I use ''vim''.
+<code>
+$ doas -u acopm acopm.conf.example acopm.conf
+$ doas -u vim acopm.conf
+</code>
+Make necessary adjustments within the ''acopm.conf'' to suit your server/network configuration. In the config, you will need a ''conn_fmt'' string to suit your IRCd, for ''ngircd'' it is:
+<code c>
+conn_fmt       = "Client connecting: %s %*s [%[0-9A-Fa-f.:]] - %*s"
+</code>
+Save and exit out of **your own favourite text editor**.
+===== TLS =====
+You should have at minimum a crt file. For ''acme-client'' users your ''/etc/acme-client.conf'' should probably look like this at minimum.
+<code>
+#
+# $OpenBSD: acme-client.conf,v 1.2 2019/06/07 08:08:30 florian Exp $
+#
+authority letsencrypt {
+        api url "https://acme-v02.api.letsencrypt.org/directory"
+        account key "/etc/acme/letsencrypt-privkey.pem"
+}
+authority letsencrypt-staging {
+        api url "https://acme-staging-v02.api.letsencrypt.org/directory"
+        account key "/etc/acme/letsencrypt-staging-privkey.pem"
+}
+domain example.com {
+#       alternative names { }
+        domain key "/etc/ssl/private/example.com.key"
+        domain certificate "/etc/ssl/example.com.crt"
+        domain full chain certificate "/etc/ssl/example.com.fullchain.pem"
+        sign with letsencrypt
+}
+</code>
+This will generate three files. You mainly need the ''example.com.crt'' in the prior example, but you can use ''example.com.fullchain.pem'' if you wish.
+Copy all these three files into ''$HOME/opt/bin''
+<code>
+$ doas cp /etc/ssl/example.com.crt /home/acopm/opt/bin
+$ doas cp /etc/ssl/example.com.fullchain.pem /home/acopm/opt/bin
+$ doas cp /etc/ssl/private/example.com.key /home/acopm/opt/bin
+</code>
+In your ''$HOME/opt/etc/acopm.conf'', you should have the following.
+<code c>
+         *
+         * The SPKI digests are useful if your server certificates change
+         * frequently (for example, with Let's Encrypt certificates which
+         * are only valid for 3 months at a time). If the public key in your
+         * certificate does not change when you renew it, the SPKI finger-
+         * prints will not change either, easing configuration management.
+         */
+        # use_tls       = true;
+        # certfp_method = "SPKI-SHA256-B64";
+        # certfp_values = (
+        #     "cnqredviWVt2Vo4Ww0CgwFog0KWP7gubF7E8IC0LjuQ=",
+        #     "pcky/MCUI+Wfm+Pftedhs7yzjaYvpysWO9cst4K/07Q="
+        # );
+</code>
+Uncomment the lines ''use_tls'', ''certfp_method'', and ''certfp_values''.
+<code c>
+        use_tls       = true;
+        certfp_method = "SPKI-SHA256-B64";
+        certfp_values = (
+            "cnqredviWVt2Vo4Ww0CgwFog0KWP7gubF7E8IC0LjuQ=",
+            "pcky/MCUI+Wfm+Pftedhs7yzjaYvpysWO9cst4K/07Q="
+        );
+</code>
+Run ''acopm-mkfingerprint.sh''.
+<code>
+$ doas -u acopm /home/acopm/opt/bin/acopm-mkfingerprint.sh example.com.crt SPKI SHA256 B64
+czky/MCYI+Wfm+Pftedhs1yzjaYvpasW99cst4K/07Q=$
+</code>
+Copy and paste that ''czky/MCYI+Wfm+Pftedhs1yzjaYvpasW99cst4K/07Q='' into your ''/home/acopm/opt/etc/acopm.conf''.
+<code c>
+        use_tls       = true;
+        certfp_method = "SPKI-SHA256-B64";
+        certfp_values = ( "czky/MCYI+Wfm+Pftedhs1yzjaYvpasW99cst4K/07Q=" );
+</code>
+===== Troubleshooting =====
+Getting acopm configured right can be tricky. So, here are some few hints and tips.
+  * If you are getting syntax errors, you might want to follow a hint for ''[[ngircd:hopm#troubleshooting|hopm]]''.
+  * If your acopm is exiting straight back to the prompt even when there's no syntax errors. You might want to set ''logmask'' to ''32''. Also, you might want to ensure that you don't have ''daemonise'' is set to true, as well as ''logfile'' defined.
+  * If your IRCd does not have a server password, you do not need to have ''password'' defined. The following example is sufficient,
+<code c>
+        /*
+         * The following 3 values are required and self-explanatory.
+         */
+        nickname        = "ACOPM";
+        username        = "ACOPM";
+        // password        = "supersecret";
+</code>

IRCNow

Page Tools

Site Tools

User Tools

Differences