Context Navigation

soju.1.scd@ 708

Last change on this file since 708 was 707, checked in by contact, 4 years ago

Add basic Prometheus metrics exporter

This only exports the default metrics for now.

References: https://todo.sr.ht/~emersion/soju/142

File size: 12.5 KB

Line
1	soju(1)
2
3	# NAME
4
5	soju - IRC bouncer
6
7	# SYNOPSIS
8
9	soju [options...]
10
11	# DESCRIPTION
12
13	soju is a user-friendly IRC bouncer. It connects to upstream IRC servers on
14	behalf of the user to provide extra features.
15
16	- Multiple separate users sharing the same bouncer, each with their own
17	upstream servers
18	- Clients connecting to multiple upstream servers via a single connection to
19	the bouncer
20	- Sending the backlog (messages received while the user was disconnected from
21	the bouncer), with per-client buffers
22
23	When joining a channel, the channel will be saved and automatically joined on
24	the next connection. When registering or authenticating with NickServ, the
25	credentials will be saved and automatically used on the next connection if the
26	server supports SASL. When parting a channel with the reason "detach", the
27	channel will be detached instead of being left.
28
29	When all clients are disconnected from the bouncer, the user is automatically
30	marked as away.
31
32	soju supports two connection modes:
33
34	- Single upstream mode: one downstream connection maps to one upstream
35	connection. To enable this mode, connect to the bouncer with the username
36	"<username>/<network>". If the bouncer isn't connected to the upstream
37	server, it will get automatically added. Then channels can be joined and
38	parted as if you were directly connected to the upstream server.
39	- Multiple upstream mode: one downstream connection maps to multiple upstream
40	connections. Channels and nicks are suffixed with the network name. To join
41	a channel, you need to use the suffix too: _/join #channel/network_. Same
42	applies to messages sent to users.
43
44	For per-client history to work, clients need to indicate their name. This can
45	be done by adding a "@<client>" suffix to the username.
46
47	soju will reload the configuration file, the TLS certificate/key and the MOTD
48	file when it receives the HUP signal. The configuration options _listen_, _db_
49	and _log_ cannot be reloaded.
50
51	Administrators can broadcast a message to all bouncer users via _/notice
52	$<hostname> <text>_, or via _/notice $\* <text>_ in multi-upstream mode. All
53	currently connected bouncer users will receive the message from the special
54	_BouncerServ_ service.
55
56	# OPTIONS
57
58	-h, -help
59	Show help message and quit.
60
61	-config <path>
62	Path to the config file. If unset, a default config file is used.
63
64	-debug
65	Enable debug logging (this will leak sensitive information such as
66	passwords).
67
68	-listen <uri>
69	Listening URI (default: ":6697"). Can be specified multiple times.
70
71	# CONFIG FILE
72
73	The config file has one directive per line.
74
75	Example:
76
77	```
78	listen ircs://
79	tls cert.pem key.pem
80	hostname example.org
81	```
82
83	The following directives are supported:
84
85	listen <uri>
86	Listening URI (default: ":6697").
87
88	The following URIs are supported:
89
90	- _[ircs://][host][:port]_ listens with TLS over TCP (default port if
91	omitted: 6697)
92	- _irc+insecure://[host][:port]_ listens with plain-text over TCP (default
93	port if omitted: 6667)
94	- _unix:///<path>_ listens on a Unix domain socket
95	- _wss://[host][:port]_ listens for WebSocket connections over TLS (default
96	port: 443)
97	- _ws+insecure://[host][:port]_ listens for plain-text WebSocket
98	connections (default port: 80)
99	- _ident://[host][:port]_ listens for plain-text ident connections (default
100	port: 113)
101	- _http+prometheus://localhost:<port>_ listens for plain-text HTTP
102	connections and serves Prometheus metrics (host must be "localhost")
103
104	If the scheme is omitted, "ircs" is assumed. If multiple listen
105	directives are specified, soju will listen on each of them.
106
107	hostname <name>
108	Server hostname (default: system hostname).
109
110	title <title>
111	Server title. This will be sent as the _ISUPPORT NETWORK_ value when clients
112	don't select a specific network.
113
114	tls <cert> <key>
115	Enable TLS support. The certificate and the key files must be PEM-encoded.
116
117	db <driver> <source>
118	Set the database location for user, network and channel storage. By default,
119	a _sqlite3_ database is opened in "./soju.db".
120
121	Supported drivers:
122
123	- _sqlite3_ expects _source_ to be a path to the SQLite file
124	- _postgres_ expects _source_ to be a space-separated list of _key=value_
125	parameters, e.g. _db postgres "host=/run/postgresql dbname=soju"_. Note
126	that _sslmode_ defaults to _require_. For more information on connection
127	strings, see:
128	<https://pkg.go.dev/github.com/lib/pq#hdr-Connection_String_Parameters>.
129
130	log fs <path>
131	Path to the bouncer logs root directory, or empty to disable logging. By
132	default, logging is disabled.
133
134	http-origin <patterns...>
135	List of allowed HTTP origins for WebSocket listeners. The parameters are
136	interpreted as shell patterns, see glob(7).
137
138	By default, only the request host is authorized. Use this directive to
139	enable cross-origin WebSockets.
140
141	accept-proxy-ip <cidr...>
142	Allow the specified IPs to act as a proxy. Proxys have the ability to
143	overwrite the remote and local connection addresses (via the PROXY protocol,
144	the Forwarded HTTP header field defined in RFC 7239 or the X-Forwarded-\*
145	HTTP header fields). The special name "localhost" accepts the loopback
146	addresses 127.0.0.0/8 and ::1/128.
147
148	By default, all IPs are rejected.
149
150	max-user-networks <limit>
151	Maximum number of networks per user. By default, there is no limit.
152
153	motd <path>
154	Path to the MOTD file. The bouncer MOTD is sent to clients which aren't
155	bound to a specific network. By default, no MOTD is sent.
156
157	multi-upstream-mode true\|false
158	Globally enable or disable multi-upstream mode. By default, multi-upstream
159	mode is enabled.
160
161	upstream-user-ip <cidr...>
162	Enable per-user IP addresses. One IPv4 range and/or one IPv6 range can be
163	specified in CIDR notation. One IP address per range will be assigned to
164	each user and will be used as the source address when connecting to an
165	upstream network.
166
167	This can be useful to avoid having the whole bouncer banned from an upstream
168	network because of one malicious user.
169
170	# IRC SERVICE
171
172	soju exposes an IRC service called BouncerServ to manage the bouncer.
173	Commands can be sent via regular private messages
174	(_/msg BouncerServ <command> [args...]_). Commands may be written in full or
175	abbreviated form, for instance network can be abbreviated as net or just
176	n.
177
178	help [command]
179	Show a list of commands. If _command_ is specified, show a help message for
180	the command.
181
182	network create -addr <addr> [options...]
183	Connect to a new network at _addr_. _-addr_ is mandatory.
184
185	_addr_ supports several connection types:
186
187	- _[ircs://]<host>[:port]_ connects with TLS over TCP
188	- _irc+insecure://<host>[:port]_ connects with plain-text TCP
189	- _irc+unix:///<path>_ connects to a Unix socket
190
191	Other options are:
192
193	-name <name>
194	Short network name. This will be used instead of _addr_ to refer to the
195	network.
196
197	-username <username>
198	Connect with the specified username. By default, the nickname is used.
199
200	-pass <pass>
201	Connect with the specified server password.
202
203	-realname <realname>
204	Connect with the specified real name. By default, the account's realname
205	is used if set, otherwise the network's nickname is used.
206
207	-nick <nickname>
208	Connect with the specified nickname. By default, the account's username
209	is used.
210
211	-enabled true\|false
212	Enable or disable the network. If the network is disabled, the bouncer
213	won't connect to it. By default, the network is enabled.
214
215	-connect-command <command>
216	Send the specified command as a raw IRC message right after connecting
217	to the server. This can be used to identify to an account when the
218	server doesn't support SASL.
219
220	For instance, to identify with _NickServ_, the following command can be
221	used:
222
223	```
224	PRIVMSG NickServ :IDENTIFY <password>
225	```
226
227	The flag can be specified multiple times to send multiple IRC messages.
228	To clear all commands, set it to the empty string.
229
230	network update <name> [options...]
231	Update an existing network. The options are the same as the
232	_network create_ command.
233
234	When this command is executed, soju will disconnect and re-connect to the
235	network.
236
237	network delete <name>
238	Disconnect and delete a network.
239
240	network quote <name> <command>
241	Send a raw IRC line as-is to a network.
242
243	network status
244	Show a list of saved networks and their current status.
245
246	channel status [options...]
247	Show a list of saved channels and their current status.
248
249	Options:
250
251	-network <name>
252	Only show channels for the specified network. By default, only the
253	channels in the current network are displayed.
254
255	channel update <name> [options...]
256	Update the options of an existing channel.
257
258	Options are:
259
260	-relay-detached <mode>
261	Set when to relay messages from detached channels to the user with a BouncerServ NOTICE.
262
263	Modes are:
264
265	message
266	Relay any message from this channel when detached.
267
268	highlight
269	Relay only messages mentioning you when detached.
270
271	none
272	Don't relay any messages from this channel when detached.
273
274	default
275	Currently same as highlight. This is the default behaviour.
276
277	-reattach-on <mode>
278	Set when to automatically reattach to detached channels.
279
280	Modes are:
281
282	message
283	Reattach to this channel when any message is received.
284
285	highlight
286	Reattach to this channel when any message mentioning you is received.
287
288	none
289	Never automatically reattach to this channel.
290
291	default
292	Currently same as none. This is the default behaviour.
293
294	-detach-after <duration>
295	Automatically detach this channel after the specified duration has elapsed without receving any message corresponding to -detach-on.
296
297	Example duration values: 1h30m, 30s, 2.5h.
298
299	Setting this value to 0 will disable this behaviour, i.e. this channel will never be automatically detached. This is the default behaviour.
300
301	-detach-on <mode>
302	Set when to reset the auto-detach timer used by -detach-after, causing it to wait again for the auto-detach duration timer before detaching.
303	Joining, reattaching, sending a message, or changing any channel option will reset the timer, in addition to the messages specified by the mode.
304
305	Modes are:
306
307	message
308	Receiving any message from this channel will reset the auto-detach timer.
309
310	highlight
311	Receiving any message mentioning you from this channel will reset the auto-detach timer.
312
313	none
314	Receiving messages from this channel will not reset the auto-detach timer. Sending messages or joining the channel will still reset the timer.
315
316	default
317	Currently same as message. This is the default behaviour.
318
319	certfp generate [options...] <network name>
320	Generate self-signed certificate and use it for authentication (via SASL
321	EXTERNAL).
322
323	Generates a 3072-bit RSA private key by default.
324
325	Options are:
326
327	-key-type <type>
328	Private key algorithm to use. Valid values are: _rsa_, _ecdsa_ and
329	_ed25519_. _ecdsa_ uses the NIST P-521 curve.
330
331	-bits <bits>
332	Size of RSA key to generate. Ignored for other key types.
333
334	certfp fingerprint <network name>
335	Show SHA-1 and SHA-256 fingerprints for the certificate
336	currently used with the network.
337
338	sasl set-plain <network name> <username> <password>
339	Set SASL PLAIN credentials.
340
341	sasl reset <network name>
342	Disable SASL authentication and remove stored credentials.
343
344	user create -username <username> -password <password> [options...]
345	Create a new soju user. Only admin users can create new accounts.
346	The _-username_ and _-password_ flags are mandatory.
347
348	Options are:
349
350	-username <username>
351	The bouncer username. This cannot be changed after the user has been
352	created.
353
354	-password <password>
355	The bouncer password.
356
357	-admin true\|false
358	Make the new user an administrator.
359
360	-realname <realname>
361	Set the user's realname. This is used as a fallback if there is no
362	realname set for a network.
363
364	user update [username] [options...]
365	Update a user. The options are the same as the _user create_ command.
366
367	If _username_ is omitted, the current user is updated. Only admins can
368	update other users.
369
370	Not all flags are valid in all contexts:
371
372	- The _-username_ flag is never valid, usernames are immutable.
373	- The _-realname_ flag is only valid when updating the current user.
374	- The _-admin_ flag is only valid when updating another user.
375
376	user delete <username>
377	Delete a soju user. Only admins can delete accounts.
378
379	server status
380	Show some bouncer statistics. Only admins can query this information.
381
382	server notice <message>
383	Broadcast a notice. All currently connected bouncer users will receive the
384	message from the special _BouncerServ_ service. Only admins can broadcast a
385	notice.
386
387	# AUTHORS
388
389	Maintained by Simon Ser <contact@emersion.fr>, who is assisted by other
390	open-source contributors. For more information about soju development, see
391	<https://sr.ht/~emersion/soju>.

Note: See TracBrowser for help on using the repository browser.

Download in other formats:

Original Format