Differences

This shows you the differences between two versions of the page.

--- installing_irc_at_home [2020/07/11 16:24] – [opers.conf] vhost addition waxphilosophic
+++ installing_irc_at_home [2024/09/05 00:05] (current) – ie” hc9
@@ Line 7: / Line 7: @@
 This how-to covers installing and IRC server and clients for a typical home LAN. The hardware and OS used is a Raspberry Pi 2 with FreeBSD 12.1, but any system with a recent BSD variant should work with little need or no modification.
-At the time of writing, the SDF servers run InspIRCd for the server side and ircII for the default client. The same software is used in this document. In addition, this how-to covers Pidgin, a Windows/Mac GUI client that can be used for IRC as well as other instant messaging protocols.
+At the time of writing, the SDF servers run InspIRCd for the server side and ircII for the default client. The same software is used in this document. In addition, this how-to covers Pidgin, a Windows/Mac GUI client that can be used for IRC as well as other instant messaging protocols. Mozilla Thunderbird has IRC capabilities and is covered as well.
 ===== Installing Server-Side Software =====
@@ Line 34: / Line 34: @@
 === SERVER DESCRIPTION ===
-Start with the section entitled SERVER DESCRIPTION. Here you will find the server configuration spread out over several lines and interspersed with comments. For the examples in this document, I am naming the server "beastie" after the FreeBSD mascot. My server section (without the comments) looks like this:
+Start with the section entitled SERVER DESCRIPTION. Here you will find the server configuration spread out over several lines and interspersed with comments. For the examples in this document, I am naming the server “beastie” after the FreeBSD mascot. My server section (without the comments) looks like this:
 <code>
@@ Line 77: / Line 77: @@
 === CONNECTIONS CONFIGURATION ===
-After commenting out the last two lines of PORT CONFIGURATION, so we can move on to CONNECTIONS CONFIGURATION. The changes here involve changing resolvehostnames="yes" to resolvehostnames="no".
+After commenting out the last two lines of PORT CONFIGURATION, so we can move on to CONNECTIONS CONFIGURATION. The changes here involve changing ''resolvehostnames="yes"'' to ''resolvehostnames="no"'' and changing the IP address range in an example section.
-The reason for this is entirely because of DNS. Unless you are running a robust DNS infrastructure on your LAN, chances are good that your ISP's router (the typical home LAN DNS server) will not do reverse look-ups. Setting resolvehostnames="no" will instruct InspIRCd to not even try, sparing you countless warning messages.
+The reason for changing resolvehostnames is entirely because of DNS as you might have guessed. Unless you are running a robust DNS infrastructure on your LAN, chances are good that your ISP's router (the typical home LAN DNS server) will not do reverse look-ups. Setting ''resolvehostnames="no"'' will instruct InspIRCd to not even try, sparing you countless warning messages.
-If you have a more robust DNS server on your network, you can certainly leave this as-is. If you see errors like "Could not resolve your hostname: Malformed answer" when logging in, it means the reverse lookups are not working.
+If you have a more robust DNS server on your network, you can certainly leave this as-is. If you see errors like “''Could not resolve your hostname: Malformed answer''” when logging in, it means the reverse lookups are not working.
-There are two resolvehostnames="yes" entries that must be changed. They should look like this when you're done:
+There are two ''resolvehostnames="yes"'' entries that must be changed. They should look like this when you're done:
 <code>
@@ Line 90: / Line 90: @@
 Do not give into the temptation to comment the lines out. This is not the same as setting it to no.
+As for the IP address range that needs changing, this is in the example <connect:allow> class. There is a sample IP range of 203.0.113.* being allowed. This section should be deleted or at least have the IP range changed to your home LAN's range of addresses. Typical home setups use 192.168.0.* and that is what is shown here.
+<code>
+allow="192.168.0.*"
+</code>
 === Enabling Server Operators ===
@@ Line 99: / Line 105: @@
 </code>
-It needs to be uncommented if you want to enable users to gain administrative privileges. If you don't remove the leading hash, any attempt to use the /OPER command will result in the message "Invalid oper credentials".
+It needs to be uncommented if you want to enable users to gain administrative privileges. If you don't remove the leading hash, any attempt to use the /OPER command will result in the message “''Invalid oper credentials''”.
 It should look like this when you're done:
@@ Line 127: / Line 133: @@
 The next section to need editing is MODULES. You will have scrolled by quite a few sections to get there.
-There is only one change to be made in the MODULES section and that is to uncomment the line that reads: #<include file="modules.conf">, by removing the leading hash character.
+There is only one change to be made in the MODULES section and that is to uncomment the line that reads: ''#<include file="modules.conf">'', by removing the leading hash character.
 It should look like this when you're done:
@@ Line 143: / Line 149: @@
 After including modules.conf inside of inspircd.conf, the next step is to edit modules.conf. The main reason for using modules.conf in this how-to document is to use the permanent channel feature. This involves uncommenting a line and adding another to define the permanent channel.
-But, while we're editing, there are two more handy modules to enable. Those are "sha256" and "password_hash" and are used for avoiding plain-text passwords. All of this gives us three uncomments and one new line for modules.conf.
+But, while we're editing, there are two more handy modules to enable. Those are “sha256” and “password_hash” and are used for avoiding plain-text passwords. All of this gives us three uncomments and one new line for modules.conf.
   * <module name="sha256">
@@ Line 164: / Line 170: @@
 Make sure to uncomment all three modules.
-A little less than 20 lines after uncommenting the permchannels module, you will see a permanent channel definition that's commented out. It looks like this: #<permchannels channel="#opers" modes="isP" topic="Opers only.">
+A little less than 20 lines after uncommenting the permchannels module, you will see a permanent channel definition that's commented out. It looks like this: ''#<permchannels channel="#opers" modes="isP" topic="Opers only.">''
 It's just an example line showing how to configure a permanent channel. On the line after that, you can add your own to set up your permanent channel. Mine looks like this:
@@ Line 198: / Line 204: @@
 </code>
-We'll insert our operator after this. In keeping with the rest of the how-to, the operator will be named "beastie" and beastie will have full network admin privileges.
+We'll insert our operator after this. In keeping with the rest of the how-to, the operator will be named “beastie” and beastie will have full network admin privileges.
 Here's what it will look like:
@@ Line 216: / Line 222: @@
 </code>
-The above should be pretty self-explanatory based on the key=value pairs you see. The two things that require a little clarification are probably password and host. Specifically, where did the password value come from and what does "*@*" mean?
+The above should be pretty self-explanatory based on the key=value pairs you see. The two things that require a little clarification are probably password and host. Specifically, where did the password value come from and what does “''*@*''” mean?
 The value for the password is a sha256 hash of the word s3cret. You may remember that was the plain-text password used for Attila in the opers.conf example that we deleted. You can create a new password hash using the sha256 command-line utility included with FreeBSD.
@@ Line 227: / Line 233: @@
 </code>
-The answer to the question of host="*@*" comes down to wildcards. * is treated as a wildcard matching any possible value. In this case, any user from any host is allowed to use /oper mode and become admin provided they know the password. This is not secure, but for purposes of a home LAN, where you trust your users, it's fine.
+The answer to the question of ''host="*@*"'' comes down to wildcards. ''*'' is treated as a wildcard matching any possible value. In this case, any user from any host is allowed to use /oper mode and become admin provided they know the password. This is not secure, but for purposes of a home LAN, where you trust your users, it's fine.
-It would also be difficult to enforce in an environment were there are no reverse DNS lookups and IPs are handed out from a DHCP server. In other words, neither user@hostname nor user@192.168.x.x would work reliably. "user@*" could be used to give only one account the admin ability. On a home LAN, this is the best we can do.
+It would also be difficult to enforce in an environment were there are no reverse DNS lookups and IPs are handed out from a DHCP server. In other words, neither user@hostname nor user@192.168.x.x would work reliably. ''"user@*"'' could be used to give only one account the admin ability. On a home LAN, this is the best we can do.
 Other than changing the lame password, there's one more step for opers.conf, and that is to change the vhost under the OPERATOR COMPOSITION section. This is purely cosmetic, but it helps show that we pay attention to details.
@@ Line 262: / Line 268: @@
 The following two commands will enable and start inspircd:
-  * sysrc inspircd_enable="YES"
+  * ''sysrc inspircd_enable="YES"''
-  * service inspircd start
+  * ''service inspircd start''
 To verify it's up and running, use:
-  * service inspircd status
+  * ''service inspircd status''
-  * sockstat | grep 6667
+  * ''sockstat | grep 6667''
 If all is well, you should see something like this:
@@ Line 386: / Line 392: @@
 > #<bind address="" port="7000,7001" type="servers">
 > #<bind address="1.2.3.4" port="7005" type="servers" ssl="openssl">
+c278
+<          allow="203.0.113.*"
+---
+>          allow="192.168.0.*"
 c313
 <          resolvehostnames="yes"
@@ Line 425: / Line 435: @@
 ==== opers.conf ====
-opers.conf is not included since most of the changes involved deleting the bottom third of the file.
+This is an abreviated diff of opers.conf since most of the changes involved deleting the bottom third of the file.
+<code>
+c75
+<     vhost="netadmin.omega.example.org"
+---
+>     vhost="netadmin.beastie2.home.lan"
+,95d93
+<
+< # Operator account with a plaintext password.
+,99c95,99
+<       # name: Oper login that is used to oper up (/OPER <username> <password>).
+<       # Remember: This is case sensitive.
+<       name="Attila"
+---
+>     name="beastie"
+>     hash="sha256"
+>     password="1ec1c26b50d5d3c58d9583181af8076655fe00756bf7285940ba3670f99fcba0"
+>     host="*@*"
+>     type="NetAdmin">
+,181d100
+[Not shown for brevity.]
+</code>
 ==== motd.txt ====
@@ Line 455: / Line 487: @@
 See this WikiHow article for a guided step-by-step with pictures: [[ https://www.wikihow.com/Automatically-Join-an-IRC-Channel-in-Pidgin ]]
+===== Thunderbird for GUI clients =====
+In addition to email, Thunderbird also has IRC capabilities. To access, find Chat on the toolbar. It's after Get Messages and Write. Click Chat.
+Unless you've set up Thunderbird as a chat client previously, you'll be looking at a message that say you haven't set up any chat accounts, and a button labeled Get Started. Click on Get Started.
+Follow the set-up wizard.
+  * Select IRC as the network.
+  * Enter your nickname and IRC server hostname (beastie.home.lan if you're following the example.)
+  * You can leave the password blank.
+  * Change the port to 6667 in the Advanced Options.
+  * Remove the check for Use SSL in the Advanced Options.
+Leave the box checked for connect Connect to This Account Now to test.
 ====== Go Forth and Conquer ======
 Now that you're running IRC at home, remember to get everyone else in your household using ircII or Pidgin so you can pester them with messages with just the stroke of a keyboard.