‹ back home

Setting up an IRC bouncer (soju) on OpenBSD

2024-01-12 #bouncer #irc #openbsd #soju

Given the outage at sourcehut right now1, I need an alternative bouncer to use IRC without leaving a client running 24/7. Running my own seems like a simple enough choice.

I opted to run soju (mirror) on my personal server running OpenBSD. soju is what powers chat.sr.ht. It is well tested, I know it fits my needs, and has support for connecting to multiple networks. Its bouncer/network support integrates nicely with senpai, a modern irc terminal client.

The OpenBSD port for soju seems rather new, and there doesn’t seem to be a binary package for it in the latest stable release. I opted to upgrade from -stable to -current, which was really as simple as running sysupgrade -s, rebooting, and finally running pkg_add -U.

Installing soju is as simple as running pkg_add soju.

I also needed to create a DNS entry for irc.whynothugo.nl, and point that to the same server.

Since soju uses TLS, I need certificates for it. I added the new domain to /etc/acme-client.conf and then executed acme-client irc.whynothugo.nl:

domain irc.whynothugo.nl {
        domain key "/etc/ssl/private/irc.whynothugo.nl.key"
        domain full chain certificate "/etc/ssl/irc.whynothugo.nl.fullchain.pem"
        sign with letsencrypt
}

To avoid acme-client from messing up permissions for the certificates, I’ll copy them to another location on renewal. My renewal script is then:

#!/bin/sh
set -e
acme-client irc.whynothugo.nl
install -Dm 644 -o _soju /etc/ssl/irc.whynothugo.nl.fullchain.pem /etc/soju/
install -Dm 600 -o _soju /etc/ssl/private/irc.whynothugo.nl.key /etc/soju/
rcctl reload soju

And the configuration file at /etc/soju/config reads:

db sqlite3 /var/soju/main.db
message-store fs /var/soju/logs/
listen ircs://
tls /etc/soju/irc.whynothugo.nl.fullchain.pem /etc/soju/irc.whynothugo.nl.key

As a on-off, I need to manually copy the certificates into the right location, and manually start and enable soju:

# These two lines copied from the above script:
install -Dm 644 -o _soju /etc/ssl/irc.whynothugo.nl.fullchain.pem /etc/soju/
install -Dm 600 -o _soju /etc/ssl/private/irc.whynothugo.nl.key /etc/soju/

rcctl start soju
rcctl enable soju

With soju running, I reconfigured senpai locally and connected to it. In order to connect the bouncer to a new network, I used:

/msg BouncerServ network create -addr irc.libera.chat

It works!

  1. My warmest sympathies to the team working hard to restore services during this attack. ↩︎

— § —