Setting up an IRC server with Oragono

2020-12-25 00:00

This page will guide you through setting up an IRC server using Oragono.

Page overview

• Page conventions
• Assumptions
• Requirements
• Preparing your system
  • Creating an oragono user
    • To create an oragono user
  • Allowing connections on port 6697
    • To allow connections on port 6697
• Setting up Oragono
  • Downloading Oragono
    • To download Oragono
  • Extracting the downloaded files
    • To extract the downloaded files
  • Configuring Oragono
    • To configure Oragono
  • Creating a IRC server administrator password
    • To create a IRC server administrator password
• Productionizing Oragono
  • Autostarting Oragono
    • To autostart Oragono
  • Auto-renewing Oragono’s SSL and TLS certificates
    • To Auto-renew Oragono’s SSL and TLS certificates

Page conventions

• Note: Signifies additional information
• Tip: Signifies an alternative procedure for completing a step
• Warning: Signifies that damage, such as data loss, may occur
• Example: Shows how a procedure would be performed in a real scenario
• Inline code and code blocks: Signify package names, filenames, file contents, or commands

Assumptions

This guide assumes:

• You are using a Ubuntu server on a DigialOcean droplet
• You are using nginx to serve your web content
• You manage your SSL/TLS certificates with certbot
• You have your domain name setup with DigitalOcean’s name servers
• You have your SSH keys setup with your server
• You have root access to your server

Requirements

• ufw

Preparing your system

This section will guide you through preparing your system for running an IRC server using Oragono.

This section consists of the following topics:

• Creating an oragono user
• Allowing connections on port 6697

Creating an oragono user

An oragono user allows your server to run Oragono as a less-privileged user than root. This provides you with a more secure IRC server setup.

To create an oragono user

1. Run the following command:

    sudo adduser \
      --system \
      --shell /bin/bash \
      --group \
      --disabled-password \
      --home /home/oragono \
      oragono

Allowing connections on port 6697

You will need to allow connections on port 6697, which is the port people will use to connect to your IRC server.

To allow connections on port 6697

1. Run sudo ufw allow 6697

Setting up Oragono

This section will guide you through downloading, extracting, and configuring Oragono’s files.

This section consists of the following topics:

• Downloading Oragono
• Extracting the downloaded files
• Configuring Oragono

Downloading Oragono

Downloading the Oragono files will allow you to access the files required to run the IRC server.

To download Oragono

1. Run sudo su oragono
2. Run cd
3. Run wget https://github.com/oragono/oragono/releases/download/v2.4.0/oragono-2.4.0-linux-x86_64.tar.gz

Extracting the downloaded files

Extracting the downloaded files allows you to access, use, and modify the contents that were compressed inside the .tar.gz directory.

To extract the downloaded files

1. Run tar -xf oragono-2.4.0-linux-x86_64.tar.gz
2. Run mv oragono-2.4.0-linux-x86_64 oragono1
3. Run mv oragono1/* /home/oragono/
4. Run rm -rf oragono1

Configuring Oragono

You will need to switch to the oragono user to properly configure Oragono.

To configure Oragono

1. Run cp default.yaml ircd.yaml
2. Edit ircd.yaml and oragono.motd to your liking.

Creating a IRC server administrator password

A server administrator account allows you to supersede other users and settings when needed.

To create a IRC server administrator password

1. Run ./oragono genpasswd
2. Copy the generated password hash
3. Paste the password has in the ircd.yaml file in the opers section

Productionizing Oragono

This section will guide you through enabling autostarting Oragono every time you restart your server, and creating a post-renew hook for certbot when renewing SSL and TLS certificates.

This section consists of the following sections:

• Autostarting Oragono
• Auto-renewing Oragono’s SSL and TLS certificates

Autostarting Oragono

Autostarting Oragono removes the need to manually start Oragono on system restarts.

To autostart Oragono

1. Run sudo su

2. Add the following to /etc/systemd/system/oragono.service:

    [Unit]
    Description=oragono
    After=network.target
    # If you are using MySQL for history storage, comment out the above line
    # and uncomment these two instead (you must independently install and configure
    # MySQL for your system):
    # Wants=mysql.service
    # After=network.target mysql.service
   
    [Service]
    Type=simple
    User=oragono
    WorkingDirectory=/home/oragono
    ExecStart=/home/oragono/oragono run --conf /home/oragono/ircd.yaml
    ExecReload=/bin/kill -HUP $MAINPID
    Restart=on-failure
    LimitNOFILE=1048576
   
    [Install]
    WantedBy=multi-user.target

3. Run systemctl daemon-reload

4. Run systemctl enable oragono

5. Run systemctl start oragono

Auto-renewing Oragono’s SSL and TLS certificates

Auto-renewing Oragono’s SSL and TLS certificates removes the need to manually copy your website domain’s certificates to the /home/oragono/ directory.

To Auto-renew Oragono’s SSL and TLS certificates

1. Add the following in /etc/letsencrypt/renewal-hooks/post/install-oragono-certificates:

    #!/bin/bash
   
    set -eu
   
    umask 077
    cp /etc/letsencrypt/live/m455.casa/fullchain.pem /home/oragono/
    cp /etc/letsencrypt/live/m455.casa/privkey.pem /home/oragono/
    chown oragono:oragono /home/oragono/*.pem
    # rehash oragono, which will reload the certificates:
    systemctl reload oragono.service

2. Run chmod 755 /etc/letsencrypt/renewal-hooks/post/install-oragono-certificates

3. Run certbot renew