soju on YunoHost

2022-12-27

---

Steps to install the soju IRC bouncer on YunoHost 11.0:

1. Open TCP port 6697 from YunoHost (in "Tools" / "Firewall").
2. Install scdoc:

   sudo apt install scdoc
   

3. Clone the repo then build and install the project with make as instructed in the README.
   • If the build fails because the go version is not new enough, then get the newest Go from go.dev and unpack it to ~/.local/go then adjust ~/.profile to have it in your $PATH:

     if [ -d "$HOME/.local/go/bin" ] ; then
         PATH="$HOME/.local/go/bin:$PATH"
     fi
     

4. We'll need SSL certificates. We can use the ones we already have from YunoHost's Let's Encrypt configuration.

   Look in /etc/yunohost/certs and make sure you have files like /etc/yunohost/certs/example.com/crt.pem

   Also, observe that the certificate files are only accessible to users in the ssl-cert group.

5. Create a system user that will run soju and add it to the ssl-cert group. For now allow it to have a login shell so we can set it up; we'll remove the shell at the end.

   sudo useradd \
     --system \
     --comment "Account for soju to run as" \
     --shell /bin/bash \
     --home-dir /var/lib/soju soju
   
   sudo chown "soju:soju" /var/lib/soju
   
   sudo usermod -a -G ssl-cert soju
   

6. Login as soju:

   sudo su - soju
   

7. Create a user for the bouncer:

   sojuctl create-user cosmin -admin
   

   This will create soju.db in the current directory.

8. Create a config file, let's say ~/.config/soju/soju.config, with the following content:

   tls /etc/yunohost/certs/example.com/crt.pem /etc/yunohost/certs/example.com/key.pem
   message-store fs /var/lib/soju/messages
   

9. Start soju, just to check that it works:

   soju -config ~/.config/soju/soju.config
   

10. Try to connect with your favorite IRC client directly to your YunoHost machine on port 6697 and using the account defined earlier.
11. Stop soju and logout from soju's account.

12. Disable the login shell for the soju user:

    sudo usermod --shell /usr/sbin/nologin soju
    

13. Create a configuration file for a systemd service, in /etc/systemd/system/soju.service:

    [Unit]
    Description=soju IRC bouncer
    After=network.target
    
    [Service]
    WorkingDirectory=/var/lib/soju
    ExecStart=/usr/local/bin/soju -config /var/lib/soju/.config/soju/soju.config
    User=soju
    
    [Install]
    WantedBy=multi-user.target
    

14. Enable and start the new service:

    sudo systemctl enable soju
    sudo systemctl start soju
    

    Verify that you can still connect from the IRC client.