soju on YunoHost



Steps to install the soju IRC bouncer on YunoHost 11.0:

  1. Open TCP port 6697 from YunoHost (in "Tools" / "Firewall").
  2. Install scdoc:
    sudo apt install scdoc
  3. Clone the repo then build and install the project with make as instructed in the README.
    • If the build fails because the go version is not new enough, then get the newest Go from and unpack it to ~/.local/go then adjust ~/.profile to have it in your $PATH:
      if [ -d "$HOME/.local/go/bin" ] ; then
  4. We'll need SSL certificates. We can use the ones we already have from YunoHost's Let's Encrypt configuration.

    Look in /etc/yunohost/certs and make sure you have files like /etc/yunohost/certs/

    Also, observe that the certificate files are only accessible to users in the ssl-cert group.

  5. Create a system user that will run soju and add it to the ssl-cert group. For now allow it to have a login shell so we can set it up; we'll remove the shell at the end.
    sudo useradd \
      --system \
      --comment "Account for soju to run as" \
      --shell /bin/bash \
      --home-dir /var/lib/soju soju
    sudo chown "soju:soju" /var/lib/soju
    sudo usermod -a -G ssl-cert soju
  6. Login as soju:
    sudo su - soju
  7. Create a user for the bouncer:

    sojuctl create-user cosmin -admin

    This will create soju.db in the current directory.

  8. Create a config file, let's say ~/.config/soju/soju.config, with the following content:

    tls /etc/yunohost/certs/ /etc/yunohost/certs/
    message-store fs /var/lib/soju/messages
  9. Start soju, just to check that it works:

    soju -config ~/.config/soju/soju.config
  10. Try to connect with your favorite IRC client directly to your YunoHost machine on port 6697 and using the account defined earlier.
  11. Stop soju and logout from soju's account.
  12. Disable the login shell for the soju user:

    sudo usermod --shell /usr/sbin/nologin soju
  13. Create a configuration file for a systemd service, in /etc/systemd/system/soju.service:

    Description=soju IRC bouncer
    ExecStart=/usr/local/bin/soju -config /var/lib/soju/.config/soju/soju.config
  14. Enable and start the new service:

    sudo systemctl enable soju
    sudo systemctl start soju

    Verify that you can still connect from the IRC client.