doas configured properly. If you do not have this configured properly and are interfacing with your server as root, you are asking for trouble!adduser before. If not, you can run it and the majority of the defaults are fine.nano via doas pkg_add nano. You must know how to use your favourite text editor as I won't cover you on how to use it.BASH is required due to some funkiness in autoconf (ac) scripts. not optional.Create acopm as its own user.
$ doas adduser Use option ``-silent'' if you don't want to see all warnings and questions. Reading /etc/shells Check /etc/master.passwd Check /etc/group Ok, let's go. Don't worry about mistakes. There will be a chance later to correct any input. Enter username []: acopm Enter full name []: acopm Enter shell bash csh jk_chrootsh ksh nologin sh [ksh]: nologin Uid [1002]: 65531 Login group acopm [acopm]: Login group is ``acopm''. Invite acopm into other groups: guest no [no]: Login class authpf bgpd daemon default pbuild staff unbound znc [default]: daemon Enter password []: Disable password logins for the user? (y/n) [n]: y Name: acopm Password: **** Fullname: acopm Uid: 65531 Gid: 65531 (acopm) Groups: acopm Login Class: daemon HOME: /home/acopm Shell: /sbin/nologin OK? (y/n) [y]: Added user ``acopm'' Copy files from /etc/skel to /home/acopm Add another user? (y/n) [y]: n Goodbye!
Install the necessary packages.
$ doas pkg_add git bash autoconf-2.69p2 automake-1.16.1 libconfig libevent mbedtls
Navigate into the newly created user.
$ cd /home/acopm
Fetch the project from the project page.
doas -u acopm git clone https://packages.alphachat.net/projects/ACOPM.git
Go into the ACOPM directory.
$ cd ACOPM
Explicitly state the versions that are installed for both automake and autoconf to autogen.
$ doas -u acopm AUTOMAKE_VERSION=1.16 AUTOCONF_VERSION=2.69 bash ./autogen.sh
Explicitly state all the files in which configure needs.
$ doas -u acopm CPPFLAGS=-I/usr/local/include LDFLAGS=-L/usr/local/lib LIBS="-levent_core -levent_extra" \ bash ./configure --with-mbedtls --prefix=$HOME/opt
Clean, build and install acopm.
$ doas -u acopm make clean all install
This will leave you with a ready-to-configure ACOPM install in $HOME/opt. Now we navigate into $HOME/opt/etc.
$ cd ../opt/etc
Replicate acopm.conf.example as acopm.conf and edit with your own favourite text editor. In my case I use vim.
$ doas -u acopm acopm.conf.example acopm.conf $ doas -u vim acopm.conf
Make necessary adjustments within the acopm.conf to suit your server/network configuration. In the config, you will need a conn_fmt string to suit your IRCd, for ngircd it is:
conn_fmt = "Client connecting: %s %*s [%[0-9A-Fa-f.:]] - %*s"
Save and exit out of your own favourite text editor.
You should have at minimum a crt file. For acme-client users your /etc/acme-client.conf should probably look like this at minimum.
#
# $OpenBSD: acme-client.conf,v 1.2 2019/06/07 08:08:30 florian Exp $
#
authority letsencrypt {
api url "https://acme-v02.api.letsencrypt.org/directory"
account key "/etc/acme/letsencrypt-privkey.pem"
}
authority letsencrypt-staging {
api url "https://acme-staging-v02.api.letsencrypt.org/directory"
account key "/etc/acme/letsencrypt-staging-privkey.pem"
}
domain example.com {
# alternative names { }
domain key "/etc/ssl/private/example.com.key"
domain certificate "/etc/ssl/example.com.crt"
domain full chain certificate "/etc/ssl/example.com.fullchain.pem"
sign with letsencrypt
}
This will generate three files. You mainly need the example.com.crt in the prior example, but you can use example.com.fullchain.pem if you wish.
Copy all these three files into $HOME/opt/bin
$ doas cp /etc/ssl/example.com.crt /home/acopm/opt/bin $ doas cp /etc/ssl/example.com.fullchain.pem /home/acopm/opt/bin $ doas cp /etc/ssl/private/example.com.key /home/acopm/opt/bin
In your $HOME/opt/etc/acopm.conf, you should have the following.
* * The SPKI digests are useful if your server certificates change * frequently (for example, with Let's Encrypt certificates which * are only valid for 3 months at a time). If the public key in your * certificate does not change when you renew it, the SPKI finger- * prints will not change either, easing configuration management. */ # use_tls = true; # certfp_method = "SPKI-SHA256-B64"; # certfp_values = ( # "cnqredviWVt2Vo4Ww0CgwFog0KWP7gubF7E8IC0LjuQ=", # "pcky/MCUI+Wfm+Pftedhs7yzjaYvpysWO9cst4K/07Q=" # );
Uncomment the lines use_tls, certfp_method, and certfp_values.
use_tls = true; certfp_method = "SPKI-SHA256-B64"; certfp_values = ( "cnqredviWVt2Vo4Ww0CgwFog0KWP7gubF7E8IC0LjuQ=", "pcky/MCUI+Wfm+Pftedhs7yzjaYvpysWO9cst4K/07Q=" );
Run acopm-mkfingerprint.sh.
$ doas -u acopm /home/acopm/opt/bin/acopm-mkfingerprint.sh example.com.crt SPKI SHA256 B64 czky/MCYI+Wfm+Pftedhs1yzjaYvpasW99cst4K/07Q=$
Copy and paste that czky/MCYI+Wfm+Pftedhs1yzjaYvpasW99cst4K/07Q= into your /home/acopm/opt/etc/acopm.conf.
use_tls = true; certfp_method = "SPKI-SHA256-B64"; certfp_values = ( "czky/MCYI+Wfm+Pftedhs1yzjaYvpasW99cst4K/07Q=" );
Getting acopm configured right can be tricky. So, here are some few hints and tips.
hopm.logmask to 32. Also, you might want to ensure that you don't have daemonise is set to true, as well as logfile defined.password defined. The following example is sufficient,/* * The following 3 values are required and self-explanatory. */ nickname = "ACOPM"; username = "ACOPM"; // password = "supersecret";