soju on YunoHost

2022-12-27

Tags:
Categories:

Steps to install the soju IRC bouncer on YunoHost 11.0:

  1. Open TCP port 6697 from YunoHost (in "Tools" / "Firewall").
  2. Install scdoc:
    sudo apt install scdoc
    
  3. Clone the repo then build and install the project with make as instructed in the README.
    • If the build fails because the go version is not new enough, then get the newest Go from go.dev and unpack it to ~/.local/go then adjust ~/.profile to have it in your $PATH:
      if [ -d "$HOME/.local/go/bin" ] ; then
          PATH="$HOME/.local/go/bin:$PATH"
      fi
      
  4. We'll need SSL certificates. We can use the ones we already have from YunoHost's Let's Encrypt configuration.

    Look in /etc/yunohost/certs and make sure you have files like /etc/yunohost/certs/example.com/crt.pem

    Also, observe that the certificate files are only accessible to users in the ssl-cert group.

  5. Create a system user that will run soju and add it to the ssl-cert group. For now allow it to have a login shell so we can set it up; we'll remove the shell at the end.
    sudo mkdir /var/lib/soju
    
    sudo useradd \
      --system \
      --comment "Account for soju to run as" \
      --shell /bin/bash \
      --home-dir /var/lib/soju soju
    
    sudo chown "soju:soju" /var/lib/soju
    
    sudo usermod -a -G ssl-cert soju
    
  6. Login as soju:
    sudo su - soju
    
  7. Create a user for the bouncer:

    sojudb create-user cosmin -admin
    

    This will create main.db in the current directory.

  8. Create a config file, let's say ~/.config/soju/soju.config, with the following content:

    tls /etc/yunohost/certs/example.com/crt.pem /etc/yunohost/certs/example.com/key.pem
    message-store fs /var/lib/soju/messages
    db sqlite3 /var/lib/soju/main.db
    
  9. Start soju, just to check that it works:

    soju -config ~/.config/soju/soju.config
    
  10. Try to connect with your favorite IRC client directly to your YunoHost machine on port 6697 and using the account defined earlier.
  11. Stop soju and logout from soju's account.
  12. Disable the login shell for the soju user:

    sudo usermod --shell /usr/sbin/nologin soju
    
  13. Create a configuration file for a systemd service, in /etc/systemd/system/soju.service:

    [Unit]
    Description=soju IRC bouncer
    After=network.target
    
    [Service]
    WorkingDirectory=/var/lib/soju
    ExecStart=/usr/local/bin/soju -config /var/lib/soju/.config/soju/soju.config
    User=soju
    
    [Install]
    WantedBy=multi-user.target
    
  14. Enable and start the new service:

    sudo systemctl enable soju
    sudo systemctl start soju
    

    Verify that you can still connect from the IRC client.