m455.casa


Setting up an IRC server with Oragono

2020-12-25

This page will guide you through setting up an IRC server using Oragono.

Page overview

Page conventions

Assumptions

This guide assumes:

Requirements

Preparing your system

This section will guide you through preparing your system for running an IRC server using Oragono.

This section consists of the following topics:

Creating an oragono user

An oragono user allows your server to run Oragono as a less-privileged user than root. This provides you with a more secure IRC server setup.

To create an oragono user

  1. Run the following command:

    sudo adduser \
      --system \
      --shell /bin/bash \
      --group \
      --disabled-password \
      --home /home/oragono \
      oragono

Allowing connections on port 6697

You will need to allow connections on port 6697, which is the port people will use to connect to your IRC server.

To allow connections on port 6697

  1. Run sudo ufw allow 6697

Setting up Oragono

This section will guide you through downloading, extracting, and configuring Oragono’s files.

This section consists of the following topics:

Downloading Oragono

Downloading the Oragono files will allow you to access the files required to run the IRC server.

To download Oragono

  1. Run sudo su oragono
  2. Run cd
  3. Run wget https://github.com/oragono/oragono/releases/download/v2.4.0/oragono-2.4.0-linux-x86_64.tar.gz

Note: In this guide, I am using Oragono version 2.4.0. For the latest release number, see Oragono’s releases page.

Extracting the downloaded files

Extracting the downloaded files allows you to access, use, and modify the contents that were compressed inside the .tar.gz directory.

To extract the downloaded files

  1. Run tar -xf oragono-2.4.0-linux-x86_64.tar.gz
  2. Run mv oragono-2.4.0-linux-x86_64.tar.gz oragono
  3. Run mv oragono/* /home/oragono/
  4. Run rm -rf oragono

Configuring Oragono

You will need to switch to the oragono user to properly configure Oragono.

To configure Oragono

  1. Run cp default.yaml ircd.yaml
  2. Edit ircd.yaml and oragono.motd to your liking.

Note: For more information on editing ircd.yaml, see the Account/Nick Modes section on the Oragono manual.

Creating a IRC server administrator password

A server administrator account allows you to supersede other users and settings when needed.

To create a IRC server administrator password

  1. Run ./oragono genpasswd
  2. Copy the generated password hash
  3. Paste the password has in the ircd.yaml file in the opers section

Productionizing Oragono

This section will guide you through enabling autostarting Oragono every time you restart your server, and creating a post-renew hook for certbot when renewing SSL and TLS certificates.

This section consists of the following sections:

Autostarting Oragono

Autostarting Oragono removes the need to manually start Oragono on system restarts.

To autostart Oragono

  1. Run sudo su
  2. Add the following to /etc/systemd/system/oragono.service:

    [Unit]
    Description=oragono
    After=network.target
    # If you are using MySQL for history storage, comment out the above line
    # and uncomment these two instead (you must independently install and configure
    # MySQL for your system):
    # Wants=mysql.service
    # After=network.target mysql.service
    
    [Service]
    Type=simple
    User=oragono
    WorkingDirectory=/home/oragono
    ExecStart=/home/oragono/oragono run --conf /home/oragono/ircd.yaml
    ExecReload=/bin/kill -HUP $MAINPID
    Restart=on-failure
    LimitNOFILE=1048576
    
    [Install]
    WantedBy=multi-user.target
  3. Run systemctl daemon-reload
  4. Run systemctl enable oragono.service
  5. Run systemctl start oragono.service

Auto-renewing Oragono’s SSL and TLS certificates

Auto-renewing Oragono’s SSL and TLS certificates removes the need to manually copy your website domain’s certificates to the /home/oragono/ directory.

To Auto-renew Oragono’s SSL and TLS certificates

  1. Add the following in /etc/letsencrypt/renewal-hooks/post/install-oragono-certificates:

    #!/bin/bash
    
    set -eu
    
    umask 077
    cp /etc/letsencrypt/live/m455.casa/fullchain.pem /home/oragono/
    cp /etc/letsencrypt/live/m455.casa/privkey.pem /home/oragono/
    chown oragono:oragono /home/oragono/*.pem
    # rehash oragono, which will reload the certificates:
    systemctl reload oragono.service
  2. Run chmod 755 /etc/letsencrypt/renewal-hooks/post/install-oragono-certificates
  3. Run certbot renew

    Note: Sometimes certbot has issues with post-renew scripts, so if the script doesn’t run automatically after you’ve renewed your certificates, try running the install-oragono-certificates script manually as root.