Blame
Date:
Sun Jan 29 05:00:28 2023 UTC
Message:
Daily backup
01
2023-01-22
jrmu
version=pmwiki-2.2.130 ordered=1 urlencoded=1
02
2023-01-22
jrmu
agent=Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/101.0.4951.54 Safari/537.36
03
2023-01-22
jrmu
author=miniontoby
04
2023-01-22
jrmu
charset=UTF-8
05
2023-01-22
jrmu
csum=fixed the text
06
2023-01-22
jrmu
ctime=1612973133
07
2023-01-22
jrmu
host=45.136.74.157
08
2023-01-22
jrmu
name=Ngircd.Ssl
09
2023-01-22
jrmu
rev=19
10
2023-01-22
jrmu
targets=Acme-client.Configure,Crontab.Edit,Pf.Guide
11
2023-01-22
jrmu
text=(:title Providing TLS for Ngircd:)%0a%0a!! Before You Begin%0a%0aTo enable TLS for ngircd, you must first have a properly-signed [[acme-client/configure|SSL cert]].%0a%0aCheck to make sure you have the following two files:%0a%0a[@%0a/etc/ssl/example.com.crt%0a/etc/ssl/private/example.com.key%0a@]%0a%0a'''NOTE''': In all examples in this guide, make sure to replace @@example.com@@ with your actual hostname.%0a%0aIf the SSL certs do not exist, you can use [[acme-client/configure|acme-client]] to request the certs.%0a%0a!! Copying the cert and key%0a%0aCopy the cert and key into [@/etc/ngircd/@]:%0a%0a[@%0a$ doas cp /etc/ssl/example.com.crt /etc/ssl/private/example.com.key /etc/ngircd/%0a$ doas chown _ngircd:_ngircd /etc/ngircd/example.com.{crt,key}%0a@]%0a%0aIn /etc/ngircd/ngircd.conf, you will need the following lines in the [SSL] block:%0a%0a[@%0a # SSL Server Key Certificate%0a CertFile = /etc/ngircd/example.com.crt%0a...%0a # SSL Server Key%0a KeyFile = /etc/ngircd/example.com.key%0a...%0a # Additional Listen Ports that expect SSL/TLS encrypted connections%0a Ports = 6697, 9999, 16697%0a@]%0a%0a'''NOTE''': If the [SSL] block is commented out, it needs to be uncommented.%0a%0a''Optional'': If you want to have a DHFile:%0a%0a[@%0a$ openssl dhparam -out ~/dhparams.pem 2048%0a$ doas cp ~/dhparams.pem /etc/ngircd/%0a$ doas chown _ngircd:_ngircd /etc/ngircd/dhparams.pem%0a@]%0a%0aThen, uncomment this line in /etc/ngircd/ngircd.conf:%0a%0a[@%0aDHFile = /etc/ngircd/dhparams.pem%0a@]%0a%0a!! Reloading Certs%0a%0aIn ngircd, it is not necessary to restart the IRCd (which would result in downtime) in order to reload certs. Simply send the daemon a HUP signal:%0a%0a[@%0a$ doas pkill -HUP ngircd%0a@]%0a%0aThat will cause ngircd to reread its conf file and reload its TLS certs.%0a%0a!! Automation%0a%0aLet's Encrypt TLS certs expire after 90 days. As a result, you are highly encouraged to automate the renewal of TLS certs. Otherwise, once a cert expires, your users may no longer be able to visit your IRC server.%0a%0aWe can automate the request process using [[crontab/edit|crontab]].%0a%0a[@%0a$ doas crontab -e%0a@]%0a%0aAdd this line at the bottom:%0a%0a[@%0a~ ~ * * * acme-client irc.example.com >> /var/log/acme-client.log 2>&1 && sleep 300 && cp /etc/ssl/irc.example.com.crt /etc/ssl/private/irc.example.com.key /etc/ngircd/ && chown _ngircd:_ngircd /etc/ngircd/irc.example.com.{crt,key} && pkill -HUP ngircd%0a@]%0a%0a'''NOTE''': Replace @@irc.example.com@@ with your actual IRC server name.%0a%0aThis cronjob will check the certificate once each day at a random time to see if it needs to be renewed. If it does, it will renew the cert, wait 300 seconds, then reload openhttpd to use it.%0a%0a!!! Troubleshooting%0a%0aIf you were unable to establish the connection above, it may be because your [[pf/guide|firewall]] is blocking the necessary ports.%0a%0aYou can ensure pf allows incoming IRC connections by putting this line into /etc/pf.conf:%0a%0a[@%0apass in quick proto tcp to port { 6660:6669 6697 6997 7000 9999 16667 16697 } #irc%0a@]%0a%0aThen, reload the pf rulesets:%0a%0a[@%0a$ doas pfctl -f /etc/pf.conf%0a@]%0a
12
2023-01-22
jrmu
time=1652023834
13
2023-01-22
jrmu
title=Providing TLS for Ngircd
14
2023-01-22
jrmu
author:1652023834=miniontoby
15
2023-01-22
jrmu
csum:1652023834=fixed the text
16
2023-01-22
jrmu
diff:1652023834:1649046295:=68c68%0a%3c Let's Encrypt TLS certs expire after 90 days. As a result, you are highly encouraged to automate the renewal of TLS certs. Otherwise, once a cert expires, your users may no longer be able to visit your IRC server.%0a---%0a> Let's Encrypt TLS certs expire after 90 days. As a result, you are highly encouraged to automate the renewal of TLS certs. Otherwise, once a cert expires, your users may no longer be able to visit your site.%0a
17
2023-01-22
jrmu
host:1652023834=45.136.74.157
18
2023-01-22
jrmu
author:1649046295=jrmu
19
2023-01-22
jrmu
diff:1649046295:1649046282:=79c79%0a%3c ~ ~ * * * acme-client irc.example.com >> /var/log/acme-client.log 2>&1 && sleep 300 && cp /etc/ssl/irc.example.com.crt /etc/ssl/private/irc.example.com.key /etc/ngircd/ && chown _ngircd:_ngircd /etc/ngircd/irc.example.com.{crt,key} && pkill -HUP ngircd%0a---%0a> ~ ~ * * * acme-client irc.example.com >> /var/log/acme-client.log 2>&1 && sleep 360 && cp /etc/ssl/irc.example.com.crt /etc/ssl/private/irc.example.com.key /etc/ngircd/ && chown _ngircd:_ngircd /etc/ngircd/irc.example.com.{crt,key} && pkill -HUP ngircd%0a84c84%0a%3c This cronjob will check the certificate once each day at a random time to see if it needs to be renewed. If it does, it will renew the cert, wait 300 seconds, then reload openhttpd to use it.%0a---%0a> This cronjob will check the certificate once each day at a random time to see if it needs to be renewed. If it does, it will renew the cert, wait 360 seconds, then reload openhttpd to use it.%0a
20
2023-01-22
jrmu
host:1649046295=38.87.162.154
21
2023-01-22
jrmu
author:1649046282=jrmu
22
2023-01-22
jrmu
diff:1649046282:1649046265:=84c84%0a%3c This cronjob will check the certificate once each day at a random time to see if it needs to be renewed. If it does, it will renew the cert, wait 360 seconds, then reload openhttpd to use it.%0a---%0a> This cronjob will check the certificate once each day at a random time to see if it needs to be renewed. If it does, it will renew the cert, wait 60 seconds, then reload openhttpd to use it.%0a
23
2023-01-22
jrmu
host:1649046282=38.87.162.154
24
2023-01-22
jrmu
author:1649046265=jrmu
25
2023-01-22
jrmu
diff:1649046265:1649046187:=79c79%0a%3c ~ ~ * * * acme-client irc.example.com >> /var/log/acme-client.log 2>&1 && sleep 360 && cp /etc/ssl/irc.example.com.crt /etc/ssl/private/irc.example.com.key /etc/ngircd/ && chown _ngircd:_ngircd /etc/ngircd/irc.example.com.{crt,key} && pkill -HUP ngircd%0a---%0a> ~ ~ * * * acme-client irc.example.com >> /var/log/acme-client.log 2>&1 && sleep 60 && cp /etc/ssl/irc.example.com.crt /etc/ssl/private/irc.example.com.key /etc/ngircd/ && chown _ngircd:_ngircd /etc/ngircd/irc.example.com.{crt,key} && pkill -HUP ngircd%0a
26
2023-01-22
jrmu
host:1649046265=38.87.162.154
27
2023-01-22
jrmu
author:1649046187=jrmu
28
2023-01-22
jrmu
diff:1649046187:1649046130:=79c79%0a%3c ~ ~ * * * acme-client irc.example.com >> /var/log/acme-client.log 2>&1 && sleep 60 && cp /etc/ssl/irc.example.com.crt /etc/ssl/private/irc.example.com.key /etc/ngircd/ && chown _ngircd:_ngircd /etc/ngircd/irc.example.com.{crt,key} && pkill -HUP ngircd%0a---%0a> ~ ~ * * * acme-client irc.example.com >> /var/log/acme-client.log 2>&1 && sleep 60 && cp /etc/ssl/irc.example.com.crt /etc/ssl/private/irc.example.com.key /etc/ngircd && chown _ngircd:_ngircd /etc/ngircd/irc.example.com.{crt,key} && pkill -HUP ngircd%0a
29
2023-01-22
jrmu
host:1649046187=38.87.162.154
30
2023-01-22
jrmu
author:1649046130=jrmu
31
2023-01-22
jrmu
diff:1649046130:1649045956:=10c10%0a%3c /etc/ssl/example.com.crt%0a---%0a> /etc/ssl/example.com.fullchain.pem%0a23,24c23,24%0a%3c $ doas cp /etc/ssl/example.com.crt /etc/ssl/private/example.com.key /etc/ngircd/%0a%3c $ doas chown _ngircd:_ngircd /etc/ngircd/example.com.{crt,key}%0a---%0a> $ doas cp /etc/ssl/example.com.fullchain.pem /etc/ssl/private/example.com.key /etc/ngircd/%0a> $ doas chown _ngircd:_ngircd /etc/ngircd/example.com.{fullchain.pem,key}%0a31c31%0a%3c CertFile = /etc/ngircd/example.com.crt%0a---%0a> CertFile = /etc/ngircd/example.com.fullchain.pem%0a79c79%0a%3c ~ ~ * * * acme-client irc.example.com >> /var/log/acme-client.log 2>&1 && sleep 60 && cp /etc/ssl/irc.example.com.crt /etc/ssl/private/irc.example.com.key /etc/ngircd && chown _ngircd:_ngircd /etc/ngircd/irc.example.com.{crt,key} && pkill -HUP ngircd%0a---%0a> ~ ~ * * * acme-client example.com >> /var/log/acme-client.log 2>&1 && sleep 60 && rcctl reload httpd%0a81,82d80%0a%3c %0a%3c '''NOTE''': Replace @@irc.example.com@@ with your actual IRC server name.%0a
32
2023-01-22
jrmu
host:1649046130=38.87.162.154
33
2023-01-22
jrmu
author:1649045956=jrmu
34
2023-01-22
jrmu
diff:1649045956:1649037390:=66,98c66%0a%3c !! Automation%0a%3c %0a%3c Let's Encrypt TLS certs expire after 90 days. As a result, you are highly encouraged to automate the renewal of TLS certs. Otherwise, once a cert expires, your users may no longer be able to visit your site.%0a%3c %0a%3c We can automate the request process using [[crontab/edit|crontab]].%0a%3c %0a%3c [@%0a%3c $ doas crontab -e%0a%3c @]%0a%3c %0a%3c Add this line at the bottom:%0a%3c %0a%3c [@%0a%3c ~ ~ * * * acme-client example.com >> /var/log/acme-client.log 2>&1 && sleep 60 && rcctl reload httpd%0a%3c @]%0a%3c %0a%3c This cronjob will check the certificate once each day at a random time to see if it needs to be renewed. If it does, it will renew the cert, wait 60 seconds, then reload openhttpd to use it.%0a%3c %0a%3c !!! Troubleshooting%0a%3c %0a%3c If you were unable to establish the connection above, it may be because your [[pf/guide|firewall]] is blocking the necessary ports.%0a%3c %0a%3c You can ensure pf allows incoming IRC connections by putting this line into /etc/pf.conf:%0a%3c %0a%3c [@%0a%3c pass in quick proto tcp to port { 6660:6669 6697 6997 7000 9999 16667 16697 } #irc%0a%3c @]%0a%3c %0a%3c Then, reload the pf rulesets:%0a%3c %0a%3c [@%0a%3c $ doas pfctl -f /etc/pf.conf%0a%3c @]%0a---%0a> !! Cronjob%0a
35
2023-01-22
jrmu
host:1649045956=38.87.162.154
36
2023-01-22
jrmu
author:1649037390=jrmu
37
2023-01-22
jrmu
diff:1649037390:1649019790:=7,8c7,8%0a%3c Check to make sure you have the following two files:%0a%3c %0a---%0a> Check if you have the following two files:%0a> %0a27,28c27,28%0a%3c In /etc/ngircd/ngircd.conf, you will need the following lines in the [SSL] block:%0a%3c %0a---%0a> In /etc/ngircd/ngircd.conf, change the following lines in the [SSL] block:%0a> %0a40,41d39%0a%3c '''NOTE''': If the [SSL] block is commented out, it needs to be uncommented.%0a%3c %0a45,46c43%0a%3c $ openssl dhparam -out ~/dhparams.pem 2048%0a%3c $ doas cp ~/dhparams.pem /etc/ngircd/%0a---%0a> $ doas openssl dhparam -out /etc/ngircd/dhparams.pem 2048%0a
38
2023-01-22
jrmu
host:1649037390=38.87.162.154
39
2023-01-22
jrmu
author:1649019790=jrmu
40
2023-01-22
jrmu
diff:1649019790:1649019325:=47,51c47%0a%3c Then, uncomment this line in /etc/ngircd/ngircd.conf:%0a%3c %0a%3c [@%0a%3c DHFile = /etc/ngircd/dhparams.pem%0a%3c @]%0a---%0a> Then, uncomment @@DHFile = /etc/ngircd/dhparams.pem@@ in /etc/ngircd/ngircd.conf.%0a
41
2023-01-22
jrmu
host:1649019790=38.87.162.154
42
2023-01-22
jrmu
author:1649019325=jrmu
43
2023-01-22
jrmu
diff:1649019325:1649019290:=23c23,24%0a%3c $ doas cp /etc/ssl/example.com.fullchain.pem /etc/ssl/private/example.com.key /etc/ngircd/%0a---%0a> $ doas cp /etc/ssl/example.com.fullchain.pem /etc/ngircd/%0a> $ doas cp /etc/ssl/private/example.com.key /etc/ngircd/%0a
44
2023-01-22
jrmu
host:1649019325=38.87.162.154
45
2023-01-22
jrmu
author:1649019290=jrmu
46
2023-01-22
jrmu
diff:1649019290:1649018941:=14c14%0a%3c '''NOTE''': In all examples in this guide, make sure to replace @@example.com@@ with your actual hostname.%0a---%0a> '''NOTE''': In the above and all below examples, make sure to replace example.com with your actual hostname.%0a
47
2023-01-22
jrmu
host:1649019290=38.87.162.154
48
2023-01-22
jrmu
author:1649018941=jrmu
49
2023-01-22
jrmu
diff:1649018941:1649018829:=
50
2023-01-22
jrmu
host:1649018941=38.87.162.154
51
2023-01-22
jrmu
author:1649018829=jrmu
52
2023-01-22
jrmu
diff:1649018829:1648184902:=14,15c14,15%0a%3c '''NOTE''': In the above and all below examples, make sure to replace example.com with your actual hostname.%0a%3c %0a---%0a> '''NOTE''': Replace example.com with your actual hostname.%0a> %0a25d24%0a%3c $ doas chown _ngircd:_ngircd /etc/ngircd/example.com.{fullchain.pem,key}%0a41,42c40,41%0a%3c ''Optional'': If you want to have a DHFile:%0a%3c %0a---%0a> ''Optional'': If you want to have a DHFile,%0a> %0a49,60d47%0a%3c %0a%3c !! Reloading Certs%0a%3c %0a%3c In ngircd, it is not necessary to restart the IRCd (which would result in downtime) in order to reload certs. Simply send the daemon a HUP signal:%0a%3c %0a%3c [@%0a%3c $ doas pkill -HUP ngircd%0a%3c @]%0a%3c %0a%3c That will cause ngircd to reread its conf file and reload its TLS certs.%0a%3c %0a%3c !! Cronjob%0a
53
2023-01-22
jrmu
host:1649018829=38.87.162.154
54
2023-01-22
jrmu
author:1648184902=jrmu
55
2023-01-22
jrmu
diff:1648184902:1612975446:=3,8c3,8%0a%3c !! Before You Begin%0a%3c %0a%3c To enable TLS for ngircd, you must first have a properly-signed [[acme-client/configure|SSL cert]].%0a%3c %0a%3c Check if you have the following two files:%0a%3c %0a---%0a> !! Prerequisites%0a> %0a> Before you can enable TLS for ngircd, you must first have a properly-signed [[acme-client/configure|SSL cert]].%0a> %0a> Check to see if you have the following two files:%0a> %0a14,17c14,15%0a%3c '''NOTE''': Replace example.com with your actual hostname.%0a%3c %0a%3c If the SSL certs do not exist, you can use [[acme-client/configure|acme-client]] to request the certs.%0a%3c %0a---%0a> You will, of course, need to replace example.com with your actual hostname.%0a> %0a20,21c18,19%0a%3c Copy the cert and key into [@/etc/ngircd/@]:%0a%3c %0a---%0a> We'll need to copy the cert and key into /etc/ngircd/%0a> %0a47c45%0a%3c Then, uncomment @@DHFile = /etc/ngircd/dhparams.pem@@ in /etc/ngircd/ngircd.conf.%0a---%0a> Then, uncomment @@DHFile = /etc/ngircd/dhparams.pem@@ in /etc/ngircd/ngircd.conf.%0a\ No newline at end of file%0a
56
2023-01-22
jrmu
host:1648184902=38.87.162.154
57
2023-01-22
jrmu
author:1612975446=jrmu
58
2023-01-22
jrmu
diff:1612975446:1612975377:=
59
2023-01-22
jrmu
host:1612975446=198.251.81.119
60
2023-01-22
jrmu
author:1612975377=jrmu
61
2023-01-22
jrmu
diff:1612975377:1612975216:=1,18c1,4%0a%3c (:title Providing TLS for Ngircd:)%0a%3c %0a%3c !! Prerequisites%0a%3c %0a%3c Before you can enable TLS for ngircd, you must first have a properly-signed [[acme-client/configure|SSL cert]].%0a%3c %0a%3c Check to see if you have the following two files:%0a%3c %0a%3c [@%0a%3c /etc/ssl/example.com.fullchain.pem%0a%3c /etc/ssl/private/example.com.key%0a%3c @]%0a%3c %0a%3c You will, of course, need to replace example.com with your actual hostname.%0a%3c %0a%3c !! Copying the cert and key%0a%3c %0a%3c We'll need to copy the cert and key into /etc/ngircd/%0a---%0a> !! SSL%0a> %0a> Use [[openbsd/acme-client|acme-client]] to get an SSL certificate signed by Let's Encrypt.%0a> %0a
62
2023-01-22
jrmu
host:1612975377=198.251.81.119
63
2023-01-22
jrmu
author:1612975216=jrmu
64
2023-01-22
jrmu
diff:1612975216:1612973225:=
65
2023-01-22
jrmu
host:1612975216=198.251.81.119
66
2023-01-22
jrmu
author:1612973225=jrmu
67
2023-01-22
jrmu
diff:1612973225:1612973133:=1,4c1,2%0a%3c !! SSL%0a%3c %0a%3c Use [[openbsd/acme-client|acme-client]] to get an SSL certificate signed by Let's Encrypt.%0a%3c %0a---%0a> In the server block, for Host, it is better to use a [[openbsd/dns|symbolic hostname]] (don't use an IP address).%0a> %0a6,7c4,9%0a%3c $ doas cp /etc/ssl/example.com.fullchain.pem /etc/ngircd/%0a%3c $ doas cp /etc/ssl/private/example.com.key /etc/ngircd/%0a---%0a> [Server]%0a> Name = irc.example.ircnow.org%0a> Host = irc.example.ircnow.org%0a> Port = 6667%0a> MyPassword = password12345%0a> PeerPassword = password12345%0a10,11c12,17%0a%3c In /etc/ngircd/ngircd.conf, change the following lines in the [SSL] block:%0a%3c %0a---%0a> Notice that Host = irc.example.ircnow.org and not an IP address like 1.2.3.4. This makes it less work to configure when the other server changes its IP address.%0a> %0a> !! SSL%0a> %0a> Use [[openbsd/acme-client|acme-client]] to get an SSL certificate signed by Let's Encrypt.%0a> %0a12a19,25%0a> $ doas cp /etc/ssl/example.com.fullchain.pem /etc/ngircd/%0a> $ doas cp /etc/ssl/private/example.com.key /etc/ngircd/%0a> @]%0a> %0a> In /etc/ngircd/ngircd.conf, change the following lines in the [SSL] block:%0a> %0a> [@%0a30c43,85%0a%3c Then, uncomment @@DHFile = /etc/ngircd/dhparams.pem@@ in /etc/ngircd/ngircd.conf.%0a\ No newline at end of file%0a---%0a> Then, uncomment @@DHFile = /etc/ngircd/dhparams.pem@@ in /etc/ngircd/ngircd.conf.%0a> %0a> !! Autostart%0a> %0a> To automatically restart ngIRCd if it was terminated unexpectedly, create a script in /usr/local/libexec/project/ngircd.sh:%0a> %0a> [@%0a> doas touch /usr/local/libexec/project/ngircd.sh%0a> doas chmod +x /usr/local/libexec/project/ngircd.sh%0a> @]%0a> %0a> Inside /usr/local/libexec/project/ngircd.sh:%0a> %0a> [@%0a> #!/bin/sh%0a> %0a> SERVICE_NAME="ngircd"%0a> SERVICE_USER="_ngircd"%0a> SERVICE_PID="/var/ngircd/var/run/ngircd/ngircd.pid"%0a> %0a> if ! pgrep -u $SERVICE_USER -x "$SERVICE_NAME" > /dev/null%0a> then%0a> if [ -f $SERVICE_PID ]; then%0a> rm -f $SERVICE_PID%0a> rcctl -d start $SERVICE_NAME%0a> fi%0a> fi%0a> @]%0a> %0a> Add this as a cronjob:%0a> %0a> [@%0a> $ doas crontab -e%0a> %0a> * * * * * /usr/local/libexec/project/checker_ngircd.sh > /dev/null 2>&1%0a> @]%0a> %0a> For the solution to work, you need to enable the use of pid files in /etc/ngircd/ngircd.conf:%0a> [@%0a> PidFile = /var/run/ngircd/ngircd.pid%0a> @]%0a> %0a> Make sure to configure [[openbsd/hopm|hopm]].%0a
68
2023-01-22
jrmu
host:1612973225=198.251.81.119
69
2023-01-22
jrmu
author:1612973133=jrmu
70
2023-01-22
jrmu
diff:1612973133:1612973133:=1,85d0%0a%3c In the server block, for Host, it is better to use a [[openbsd/dns|symbolic hostname]] (don't use an IP address).%0a%3c %0a%3c [@%0a%3c [Server]%0a%3c Name = irc.example.ircnow.org%0a%3c Host = irc.example.ircnow.org%0a%3c Port = 6667%0a%3c MyPassword = password12345%0a%3c PeerPassword = password12345%0a%3c @]%0a%3c %0a%3c Notice that Host = irc.example.ircnow.org and not an IP address like 1.2.3.4. This makes it less work to configure when the other server changes its IP address.%0a%3c %0a%3c !! SSL%0a%3c %0a%3c Use [[openbsd/acme-client|acme-client]] to get an SSL certificate signed by Let's Encrypt.%0a%3c %0a%3c [@%0a%3c $ doas cp /etc/ssl/example.com.fullchain.pem /etc/ngircd/%0a%3c $ doas cp /etc/ssl/private/example.com.key /etc/ngircd/%0a%3c @]%0a%3c %0a%3c In /etc/ngircd/ngircd.conf, change the following lines in the [SSL] block:%0a%3c %0a%3c [@%0a%3c # SSL Server Key Certificate%0a%3c CertFile = /etc/ngircd/example.com.fullchain.pem%0a%3c ...%0a%3c # SSL Server Key%0a%3c KeyFile = /etc/ngircd/example.com.key%0a%3c ...%0a%3c # Additional Listen Ports that expect SSL/TLS encrypted connections%0a%3c Ports = 6697, 9999, 16697%0a%3c @]%0a%3c %0a%3c ''Optional'': If you want to have a DHFile,%0a%3c %0a%3c [@%0a%3c $ doas openssl dhparam -out /etc/ngircd/dhparams.pem 2048%0a%3c $ doas chown _ngircd:_ngircd /etc/ngircd/dhparams.pem%0a%3c @]%0a%3c %0a%3c Then, uncomment @@DHFile = /etc/ngircd/dhparams.pem@@ in /etc/ngircd/ngircd.conf.%0a%3c %0a%3c !! Autostart%0a%3c %0a%3c To automatically restart ngIRCd if it was terminated unexpectedly, create a script in /usr/local/libexec/project/ngircd.sh:%0a%3c %0a%3c [@%0a%3c doas touch /usr/local/libexec/project/ngircd.sh%0a%3c doas chmod +x /usr/local/libexec/project/ngircd.sh%0a%3c @]%0a%3c %0a%3c Inside /usr/local/libexec/project/ngircd.sh:%0a%3c %0a%3c [@%0a%3c #!/bin/sh%0a%3c %0a%3c SERVICE_NAME="ngircd"%0a%3c SERVICE_USER="_ngircd"%0a%3c SERVICE_PID="/var/ngircd/var/run/ngircd/ngircd.pid"%0a%3c %0a%3c if ! pgrep -u $SERVICE_USER -x "$SERVICE_NAME" > /dev/null%0a%3c then%0a%3c if [ -f $SERVICE_PID ]; then%0a%3c rm -f $SERVICE_PID%0a%3c rcctl -d start $SERVICE_NAME%0a%3c fi%0a%3c fi%0a%3c @]%0a%3c %0a%3c Add this as a cronjob:%0a%3c %0a%3c [@%0a%3c $ doas crontab -e%0a%3c %0a%3c * * * * * /usr/local/libexec/project/checker_ngircd.sh > /dev/null 2>&1%0a%3c @]%0a%3c %0a%3c For the solution to work, you need to enable the use of pid files in /etc/ngircd/ngircd.conf:%0a%3c [@%0a%3c PidFile = /var/run/ngircd/ngircd.pid%0a%3c @]%0a%3c %0a%3c Make sure to configure [[openbsd/hopm|hopm]].%0a
71
2023-01-22
jrmu
host:1612973133=198.251.81.119
IRCNow