Install & Chroot Soju

Overview

Soju is a user-friendly IRC bouncer that has the following features:

  • Multi-user
  • Support multiple clients for a single user, with proper backlog sychronization
  • Support connecting to multiple upstream servers via a single IRC connection to the bouncer

Compiling from Source

As of OpenBSD 7.0, soju is not packaged yet so you'll have to compile it from source.

$ doas pkg_add git go
$ git clone https://git.sr.ht/~emersion/soju
$ cd soju
$ make soju sojuctl

Golang is only a build-time dependency so it can be removed after the make command finishes.

Configuration and Running without Chroot

You can now use it as is by creating a user with sojuctl and then running soju, or you can create and use a config file.

Example config file:

listen ircs://:6999
tls /etc/soju/yourhostname.crt /etc/soju/yourhostname.key
hostname yourhostname
db sqlite3 /etc/soju/soju.db
title A Soju Instance

And to run that (assuming you're still in soju's repository directory):

$ ./sojuctl -config /path/to/soju.conf create-user someuser -admin
$ ./soju -config /path/to/soju.conf

Chroot

For additional security/peace of mind, you can run it under it's own unprivileged account and in a chroot.

You can run these commands to create the user and populate the chroot (replace the placeholder paths) and then running it:

# populating chroot
useradd -m -d /home/soju -s /sbin/nologin -k /var/empty -L daemon soju
cd /home/soju
mkdir -p etc/{soju,ssl} usr/bin usr/lib{,exec}
cp /usr/lib/libc.so.* /usr/lib/libpthread.so.* usr/lib
cp /usr/libexec/ld.so usr/libexec
cp /etc/resolv.conf etc
cp /etc/ssl/cert.pem etc/ssl
cp /path/to/soju_repo/soju{,ctl} usr/bin
cp /path/to/soju_repo/soju.{conf,db} etc/soju
cp /etc/ssl/yourhostname.crt /etc/ssl/private/yourhostname.key etc/soju
chown -R soju etc/soju/
# running soju from the chroot
chroot -u soju -g soju /home/soju soju -config /etc/soju/soju.conf >>/var/log/soju.log 2>&1 &

If you want to run sojuctl from the chroot, then you can run:

chroot -u soju -g soju /home/soju sojuctl -config /etc/soju/soju.conf yourarguments

Alternatively, if soju is already running and you are connected under an admin account, you can run /msg BouncerServ help to see its available commands. For example, if you want to create a new user or add a new IRC network to it, then you can message BouncerServ and its appropriate command.

Autostart and Logging

To run it automatically on startup or whenever it stops, you can run it from a cron job.

You can add something like this to root's crontab (attempts to run soju every 5 minutes)

*/5 * * * * /usr/sbin/chroot -u soju -g soju /home/soju soju -config /etc/soju/soju.conf >>/var/log/soju.log 2>&1