Context Navigation

soju.1.scd@ 756

Last change on this file since 756 was 730, checked in by contact, 4 years ago
Add "sasl status" command
File size: 12.8 KB

Line
1	soju(1)
2
3	# NAME
4
5	soju - IRC bouncer
6
7	# SYNOPSIS
8
9	soju [options...]
10
11	# DESCRIPTION
12
13	soju is a user-friendly IRC bouncer. It connects to upstream IRC servers on
14	behalf of the user to provide extra features.
15
16	- Multiple separate users sharing the same bouncer, each with their own
17	upstream servers
18	- Clients connecting to multiple upstream servers via a single connection to
19	the bouncer
20	- Sending the backlog (messages received while the user was disconnected from
21	the bouncer), with per-client buffers
22
23	When joining a channel, the channel will be saved and automatically joined on
24	the next connection. When registering or authenticating with NickServ, the
25	credentials will be saved and automatically used on the next connection if the
26	server supports SASL. When parting a channel with the reason "detach", the
27	channel will be detached instead of being left.
28
29	When all clients are disconnected from the bouncer, the user is automatically
30	marked as away.
31
32	soju supports two connection modes:
33
34	- Single upstream mode: one downstream connection maps to one upstream
35	connection. To enable this mode, connect to the bouncer with the username
36	"<username>/<network>". If the bouncer isn't connected to the upstream
37	server, it will get automatically added. Then channels can be joined and
38	parted as if you were directly connected to the upstream server.
39	- Multiple upstream mode: one downstream connection maps to multiple upstream
40	connections. Channels and nicks are suffixed with the network name. To join
41	a channel, you need to use the suffix too: _/join #channel/network_. Same
42	applies to messages sent to users.
43
44	For per-client history to work, clients need to indicate their name. This can
45	be done by adding a "@<client>" suffix to the username.
46
47	soju will reload the configuration file, the TLS certificate/key and the MOTD
48	file when it receives the HUP signal. The configuration options _listen_, _db_
49	and _log_ cannot be reloaded.
50
51	Administrators can broadcast a message to all bouncer users via _/notice
52	$<hostname> <text>_, or via _/notice $\* <text>_ in multi-upstream mode. All
53	currently connected bouncer users will receive the message from the special
54	_BouncerServ_ service.
55
56	# OPTIONS
57
58	-h, -help
59	Show help message and quit.
60
61	-config <path>
62	Path to the config file. If unset, a default config file is used.
63
64	-debug
65	Enable debug logging (this will leak sensitive information such as
66	passwords).
67
68	-listen <uri>
69	Listening URI (default: ":6697"). Can be specified multiple times.
70
71	# CONFIG FILE
72
73	The config file has one directive per line.
74
75	Example:
76
77	```
78	listen ircs://
79	tls cert.pem key.pem
80	hostname example.org
81	```
82
83	The following directives are supported:
84
85	listen <uri>
86	Listening URI (default: ":6697").
87
88	The following URIs are supported:
89
90	- _[ircs://][host][:port]_ listens with TLS over TCP (default port if
91	omitted: 6697)
92	- _irc+insecure://[host][:port]_ listens with plain-text over TCP (default
93	port if omitted: 6667)
94	- _unix:///<path>_ listens on a Unix domain socket
95	- _wss://[host][:port]_ listens for WebSocket connections over TLS (default
96	port: 443)
97	- _ws+insecure://[host][:port]_ listens for plain-text WebSocket
98	connections (default port: 80)
99	- _ident://[host][:port]_ listens for plain-text ident connections (default
100	port: 113)
101	- _http+prometheus://localhost:<port>_ listens for plain-text HTTP
102	connections and serves Prometheus metrics (host must be "localhost")
103	- _http+pprof://localhost:<port>_ listens for plain-text HTTP connections
104	and serves pprof runtime profiling data (host must be "localhost"). For
105	more information, see: <https://pkg.go.dev/net/http/pprof>.
106
107	If the scheme is omitted, "ircs" is assumed. If multiple listen
108	directives are specified, soju will listen on each of them.
109
110	hostname <name>
111	Server hostname (default: system hostname).
112
113	title <title>
114	Server title. This will be sent as the _ISUPPORT NETWORK_ value when clients
115	don't select a specific network.
116
117	tls <cert> <key>
118	Enable TLS support. The certificate and the key files must be PEM-encoded.
119
120	db <driver> <source>
121	Set the database location for user, network and channel storage. By default,
122	a _sqlite3_ database is opened in "./soju.db".
123
124	Supported drivers:
125
126	- _sqlite3_ expects _source_ to be a path to the SQLite file
127	- _postgres_ expects _source_ to be a space-separated list of _key=value_
128	parameters, e.g. _db postgres "host=/run/postgresql dbname=soju"_. Note
129	that _sslmode_ defaults to _require_. For more information on connection
130	strings, see:
131	<https://pkg.go.dev/github.com/lib/pq#hdr-Connection_String_Parameters>.
132
133	log fs <path>
134	Path to the bouncer logs root directory, or empty to disable logging. By
135	default, logging is disabled.
136
137	http-origin <patterns...>
138	List of allowed HTTP origins for WebSocket listeners. The parameters are
139	interpreted as shell patterns, see glob(7).
140
141	By default, only the request host is authorized. Use this directive to
142	enable cross-origin WebSockets.
143
144	accept-proxy-ip <cidr...>
145	Allow the specified IPs to act as a proxy. Proxys have the ability to
146	overwrite the remote and local connection addresses (via the PROXY protocol,
147	the Forwarded HTTP header field defined in RFC 7239 or the X-Forwarded-\*
148	HTTP header fields). The special name "localhost" accepts the loopback
149	addresses 127.0.0.0/8 and ::1/128.
150
151	By default, all IPs are rejected.
152
153	max-user-networks <limit>
154	Maximum number of networks per user. By default, there is no limit.
155
156	motd <path>
157	Path to the MOTD file. The bouncer MOTD is sent to clients which aren't
158	bound to a specific network. By default, no MOTD is sent.
159
160	multi-upstream-mode true\|false
161	Globally enable or disable multi-upstream mode. By default, multi-upstream
162	mode is enabled.
163
164	upstream-user-ip <cidr...>
165	Enable per-user IP addresses. One IPv4 range and/or one IPv6 range can be
166	specified in CIDR notation. One IP address per range will be assigned to
167	each user and will be used as the source address when connecting to an
168	upstream network.
169
170	This can be useful to avoid having the whole bouncer banned from an upstream
171	network because of one malicious user.
172
173	# IRC SERVICE
174
175	soju exposes an IRC service called BouncerServ to manage the bouncer.
176	Commands can be sent via regular private messages
177	(_/msg BouncerServ <command> [args...]_). Commands may be written in full or
178	abbreviated form, for instance network can be abbreviated as net or just
179	n.
180
181	help [command]
182	Show a list of commands. If _command_ is specified, show a help message for
183	the command.
184
185	network create -addr <addr> [options...]
186	Connect to a new network at _addr_. _-addr_ is mandatory.
187
188	_addr_ supports several connection types:
189
190	- _[ircs://]<host>[:port]_ connects with TLS over TCP
191	- _irc+insecure://<host>[:port]_ connects with plain-text TCP
192	- _irc+unix:///<path>_ connects to a Unix socket
193
194	For example, to connect to Libera Chat:
195
196	```
197	net create -addr irc.libera.chat
198	```
199
200	Other options are:
201
202	-name <name>
203	Short network name. This will be used instead of _addr_ to refer to the
204	network.
205
206	-username <username>
207	Connect with the specified username. By default, the nickname is used.
208
209	-pass <pass>
210	Connect with the specified server password.
211
212	-realname <realname>
213	Connect with the specified real name. By default, the account's realname
214	is used if set, otherwise the network's nickname is used.
215
216	-nick <nickname>
217	Connect with the specified nickname. By default, the account's username
218	is used.
219
220	-enabled true\|false
221	Enable or disable the network. If the network is disabled, the bouncer
222	won't connect to it. By default, the network is enabled.
223
224	-connect-command <command>
225	Send the specified command as a raw IRC message right after connecting
226	to the server. This can be used to identify to an account when the
227	server doesn't support SASL.
228
229	For instance, to identify with _NickServ_, the following command can be
230	used:
231
232	```
233	PRIVMSG NickServ :IDENTIFY <password>
234	```
235
236	The flag can be specified multiple times to send multiple IRC messages.
237	To clear all commands, set it to the empty string.
238
239	network update <name> [options...]
240	Update an existing network. The options are the same as the
241	_network create_ command.
242
243	When this command is executed, soju will disconnect and re-connect to the
244	network.
245
246	network delete <name>
247	Disconnect and delete a network.
248
249	network quote <name> <command>
250	Send a raw IRC line as-is to a network.
251
252	network status
253	Show a list of saved networks and their current status.
254
255	channel status [options...]
256	Show a list of saved channels and their current status.
257
258	Options:
259
260	-network <name>
261	Only show channels for the specified network. By default, only the
262	channels in the current network are displayed.
263
264	channel update <name> [options...]
265	Update the options of an existing channel.
266
267	Options are:
268
269	-relay-detached <mode>
270	Set when to relay messages from detached channels to the user with a BouncerServ NOTICE.
271
272	Modes are:
273
274	message
275	Relay any message from this channel when detached.
276
277	highlight
278	Relay only messages mentioning you when detached.
279
280	none
281	Don't relay any messages from this channel when detached.
282
283	default
284	Currently same as highlight. This is the default behaviour.
285
286	-reattach-on <mode>
287	Set when to automatically reattach to detached channels.
288
289	Modes are:
290
291	message
292	Reattach to this channel when any message is received.
293
294	highlight
295	Reattach to this channel when any message mentioning you is received.
296
297	none
298	Never automatically reattach to this channel.
299
300	default
301	Currently same as none. This is the default behaviour.
302
303	-detach-after <duration>
304	Automatically detach this channel after the specified duration has elapsed without receving any message corresponding to -detach-on.
305
306	Example duration values: 1h30m, 30s, 2.5h.
307
308	Setting this value to 0 will disable this behaviour, i.e. this channel will never be automatically detached. This is the default behaviour.
309
310	-detach-on <mode>
311	Set when to reset the auto-detach timer used by -detach-after, causing it to wait again for the auto-detach duration timer before detaching.
312	Joining, reattaching, sending a message, or changing any channel option will reset the timer, in addition to the messages specified by the mode.
313
314	Modes are:
315
316	message
317	Receiving any message from this channel will reset the auto-detach timer.
318
319	highlight
320	Receiving any message mentioning you from this channel will reset the auto-detach timer.
321
322	none
323	Receiving messages from this channel will not reset the auto-detach timer. Sending messages or joining the channel will still reset the timer.
324
325	default
326	Currently same as message. This is the default behaviour.
327
328	certfp generate [options...] <network name>
329	Generate self-signed certificate and use it for authentication (via SASL
330	EXTERNAL).
331
332	Generates a 3072-bit RSA private key by default.
333
334	Options are:
335
336	-key-type <type>
337	Private key algorithm to use. Valid values are: _rsa_, _ecdsa_ and
338	_ed25519_. _ecdsa_ uses the NIST P-521 curve.
339
340	-bits <bits>
341	Size of RSA key to generate. Ignored for other key types.
342
343	certfp fingerprint <network name>
344	Show SHA-1 and SHA-256 fingerprints for the certificate
345	currently used with the network.
346
347	sasl status <network name>
348	Show current SASL status.
349
350	sasl set-plain <network name> <username> <password>
351	Set SASL PLAIN credentials.
352
353	sasl reset <network name>
354	Disable SASL authentication and remove stored credentials.
355
356	user create -username <username> -password <password> [options...]
357	Create a new soju user. Only admin users can create new accounts.
358	The _-username_ and _-password_ flags are mandatory.
359
360	Options are:
361
362	-username <username>
363	The bouncer username. This cannot be changed after the user has been
364	created.
365
366	-password <password>
367	The bouncer password.
368
369	-admin true\|false
370	Make the new user an administrator.
371
372	-realname <realname>
373	Set the user's realname. This is used as a fallback if there is no
374	realname set for a network.
375
376	user update [username] [options...]
377	Update a user. The options are the same as the _user create_ command.
378
379	If _username_ is omitted, the current user is updated. Only admins can
380	update other users.
381
382	Not all flags are valid in all contexts:
383
384	- The _-username_ flag is never valid, usernames are immutable.
385	- The _-realname_ flag is only valid when updating the current user.
386	- The _-admin_ flag is only valid when updating another user.
387
388	user delete <username>
389	Delete a soju user. Only admins can delete accounts.
390
391	server status
392	Show some bouncer statistics. Only admins can query this information.
393
394	server notice <message>
395	Broadcast a notice. All currently connected bouncer users will receive the
396	message from the special _BouncerServ_ service. Only admins can broadcast a
397	notice.
398
399	# AUTHORS
400
401	Maintained by Simon Ser <contact@emersion.fr>, who is assisted by other
402	open-source contributors. For more information about soju development, see
403	<https://sr.ht/~emersion/soju>.

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format