Browse Source

Content

pull/1/head
Hamzah 5 months ago
parent
commit
740af9f3ad
3 changed files with 152 additions and 94 deletions
  1. +90
    -90
      docs/procedures.md
  2. +58
    -4
      docs/services.md
  3. +4
    -0
      mkdocs.yml

+ 90
- 90
docs/procedures.md View File

@@ -1,91 +1,5 @@
# Procedures

## IRC Ops

This is a mirror of:
[Redbrick cmt Wiki entry](https://www.redbrick.dcu.ie/cmt/wiki/index.php?title=IRC_Op_Guide)

##### Channel Modes

It's easy to bugger up the channel with the MODE command, so here's a nice
copied and pasted summary of how to use it:

- `/mode {channel} +b {nick|address}` - ban somebody by nickname or address mask
(nick!account@host)
- `/mode {channel} +i` - channel is invite-only
- `/mode {channel} +l {number}` - channel is limited, with {number} users
allowed maximal
- `/mode {channel} +m` - channel is moderated, only chanops and others with
'voice' can `talk/mode {channel} +n` external `/MSG`s to channel are not
allowed.
- `/mode {channel} +p` - channel is private
- `/mode {channel} +s` - channel is secret
- `/mode {channel} +t topic` - limited, only chanops may change it
- `/mode {channel} +o {nick}` - makes `{nick}` a channel operator
- `/mode {channel} +v {nick}` - gives `{nick}` a voice

##### Other Commands

Basically what you'll be using is:

- To kick someone: `/kick username`
- To ban someone: `/mode #lobby +b username`
- To set the topic: `/topic #lobby whatever`
- To op someone: `/mode #lobby +o someone`
- To op two people: `/mode #lobby +oo someone someone_else`

Or:

- To kick someone: `/k username`
- To ban someone: `/ban username`
- To unban someone: `/unban username`
- To set the topic: `/t whatever`
- To op someone: `/op someone`
- To op two people: `/op someone someone_else`
- To deop someone: `/deop someone`

##### Sysop specific commands

These commands can only be run by sysops (i.e. admins in the ircd config file).

- Enter BOFH mode (required for all sysop commands): `/oper`
- Peer to another server\*: `/sconnect <node name>`
- Drop a peer with another server: `/squit <node name>`
- Force op yourself (**do not abuse**): `/quote opme <channel name>`
- Barge into a channel uninvited (**again, do not abuse**):
`/quote ojoin #channel`
- Barge into a channel uninvited with ops (**same again**):
`/quote ojoin @#channel`
- Force someone to join a channel: `/quote forcejoin nick #channel`
- Kill someone: /kill `<username>` `<smartassed kill messsage>`
- Ban someone from this server: `/kline <username>` (there may be more params on
this)
- Ban someone from the entire network: `/gline <username>` (there may be more
params on this)

(thanks to atlas for the quick overview)

- Don't try connect to intersocs. Due to crazy endian issues or something they
have to connect to us.

##### Bots

It has now become a slight problem with so many bots 'littering' #lobby that
anyone wishing to add a new bot to the channel must request permission from the
Committee. The main feature wanted is a time limit on bot commands.

##### Services

The IRC services run by Trinity for all the netsocs. The two services are
`NickServ` and `ChanServ`.

- `/msg NickServ HELP`
- `/msg ChanServ HELP`

for more details.

___

## Redbrick System Administrator Policies

The purpose of this is to brief new Redbrick system administrators on
@@ -116,7 +30,6 @@ When su'ing to root, please observe the following:
- If you wish to use another shell, place customisations in your own file. For
bash, `/root/.bash_profile.<USERNAME>` and for zsh `/root/.zshrc.<USERNAME>`.


`/root/.zshrc` and `/root/.bash_profile` source in the appropriate file as long
as `$LOGNAME` is set right (see above). Do not put personal customisations into
the default root account setup, remember other people have to use it.
@@ -125,7 +38,7 @@ Common aliases can be put in /root/.profile, familiarise yourself with the
existing ones, they can come in handy.

- Please keep `/root` tidy. Don't leave stuff strewn about
the place!
the place!
- Make sure to check permissions and ownership on files you work on
**constantly** especially files with important or sensitive information in
them (e.g. always use `cp -p` when copying stuff about).
@@ -156,7 +69,7 @@ Couple of things to look out for:

As an adminisitrator, your new local account has extra priviliges (namely being
in the root group). For this reason, you should not run _any_ untrusted or
unknown programs or scripts.
unknown programs or scripts.

If you must, and source code is available you
should check it before running it. Compile your own versions of other user's
@@ -202,7 +115,6 @@ docs aren't complete and are sometimes out of date. Please update them as you go

___


## Post-powercut Todo List

A list of things that should be done/checked immediately after a power cut:
@@ -269,3 +181,91 @@ change with new cryprographic standards.

Once this is done, contact one of the currently set up users to pull and reload the given machines
and you'll have access right away using the accompanying key.

___

## IRC Ops

This is a mirror of:
[Redbrick cmt Wiki entry](https://www.redbrick.dcu.ie/cmt/wiki/index.php?title=IRC_Op_Guide)

##### Channel Modes

It's easy to bugger up the channel with the MODE command, so here's a nice
copied and pasted summary of how to use it:

- `/mode {channel} +b {nick|address}` - ban somebody by nickname or address mask
(nick!account@host)
- `/mode {channel} +i` - channel is invite-only
- `/mode {channel} +l {number}` - channel is limited, with {number} users
allowed maximal
- `/mode {channel} +m` - channel is moderated, only chanops and others with
'voice' can `talk/mode {channel} +n` external `/MSG`s to channel are not
allowed.
- `/mode {channel} +p` - channel is private
- `/mode {channel} +s` - channel is secret
- `/mode {channel} +t topic` - limited, only chanops may change it
- `/mode {channel} +o {nick}` - makes `{nick}` a channel operator
- `/mode {channel} +v {nick}` - gives `{nick}` a voice

##### Other Commands

Basically what you'll be using is:

- To kick someone: `/kick username`
- To ban someone: `/mode #lobby +b username`
- To set the topic: `/topic #lobby whatever`
- To op someone: `/mode #lobby +o someone`
- To op two people: `/mode #lobby +oo someone someone_else`

Or:

- To kick someone: `/k username`
- To ban someone: `/ban username`
- To unban someone: `/unban username`
- To set the topic: `/t whatever`
- To op someone: `/op someone`
- To op two people: `/op someone someone_else`
- To deop someone: `/deop someone`

##### Sysop specific commands

These commands can only be run by sysops (i.e. admins in the ircd config file).

- Enter BOFH mode (required for all sysop commands): `/oper`
- Peer to another server\*: `/sconnect <node name>`
- Drop a peer with another server: `/squit <node name>`
- Force op yourself (**do not abuse**): `/quote opme <channel name>`
- Barge into a channel uninvited (**again, do not abuse**):
`/quote ojoin #channel`
- Barge into a channel uninvited with ops (**same again**):
`/quote ojoin @#channel`
- Force someone to join a channel: `/quote forcejoin nick #channel`
- Kill someone: /kill `<username>` `<smartassed kill messsage>`
- Ban someone from this server: `/kline <username>` (there may be more params on
this)
- Ban someone from the entire network: `/gline <username>` (there may be more
params on this)

(thanks to atlas for the quick overview)

- Don't try connect to intersocs. Due to crazy endian issues or something they
have to connect to us.

##### Bots

It has now become a slight problem with so many bots 'littering' #lobby that
anyone wishing to add a new bot to the channel must request permission from the
Committee. The main feature wanted is a time limit on bot commands.

##### Services

The IRC services run by Trinity for all the netsocs. The two services are
`NickServ` and `ChanServ`.

- `/msg NickServ HELP`
- `/msg ChanServ HELP`

for more details.

___

+ 58
- 4
docs/services.md View File

@@ -1,8 +1,8 @@
# Services

## Bind9
## Bind9 - `distro`, `ylmcc`

Bind9 is our DNS provider. Currently it runs on Paphos, but is being moved to Fred during the restructuring.00GHz
Bind9 is our DNS provider. Currently it runs on Paphos, but is being moved to Fred during the restructuring.

## Git

@@ -36,9 +36,9 @@ Gitea is very well documented in itself. Here's a couple of special commands whe
/path/to/gitea admin regenerate keys
```

## HackMD
## HackMD - `distro`

HackMD lives on Zeus as a docker container. It is accessible through [md.redbrick.dcu.ie](md.redbrick.dcu.ie)
HackMD lives on Zeus as a docker container. It is accessible through [md.redbrick.dcu.ie](md.redbrick.dcu.ie).

HackMD is built locally and is based on [docker-hackmd](https://github.com/hackmdio/docker-hackmd)

@@ -47,3 +47,57 @@ Clone the repo and modify `.sequlize`, `Dockerfile` and `config.json` so anywher
Hackmd auths against ldap and its configuration is controlled from docker-compose. See [docker-sevices repo](https://github.com/redbrickCmt/docker-compose-services) for configs.

See [hackmd github](https://github.com/hackmdio/hackmd/#environment-variables-will-overwrite-other-server-configs) for more info on configuration. The important points are disabling anonymus users and the ldap settings.

## IRC

### Redbrick InspIRCd

In 2016/2017 we began work to move to InspIRCd. This was due to the complications in ircd-hybrid and how old it was. These complications stopped new netsocs joining us so we all agreed to move irc. $ 4 years later after multiple attempts we had not migrated. Until TCD decided to shutdown their server breaking the network.

We run Inspircd v3 on Metharme. InspIRCd's docs can be found [here](https://docs.inspircd.org/) for configuration specifics.

IRC is available at `irc.redbrick.dcu.ie` on port `6697`. SSL is required for connection, we do not support non-SSL.

When connecting from a redbrick server a user will be automatically logged in. If connecting from an external server a user must pass their password on login.

For the purpose of external peering of other servers the port `7001` is expose as well. Similarly to clients we only support SSL on this port

For docs on connecting and using an IRC client please refer to the [wiki](https://wiki.redbrick.dcu.ie/index.php/IRC)

### Installation

InspIRCd is installed with Nix. There is no Nix package for InspIRCd so we compile a specific git tag from source. See [Nix package](https://github.com/redbrick/nix-configs/tree/master/packages/inspircd) for details on how it is compiled.

Given we only support SSL and require LDAP, we need to enable both at compile time.

### Configuration

InspIRCd's configuration is in Nix [here](https://github.com/redbrick/nix-configs/blob/master/services/ircd/inspircd/conf.nix). This config will be converted to xml on disc.

#### Important Configuration

*oper* is a list of admin users on the irc server. Their `OPER` password will need to be manually hashed with `hmac-sha256`, and placed in a secret on the server to be read in by inspircd.

*ldapwhitelist* is a list of cidr addresses that do no require authentication. The list consists of Redbrick public and private addresses as well as `oldsoc`.

*link* is a list of all servers we peer with including the anope services server that runs on the same box.

#### oldsoc.net

`oldsoc.net` is a server run by old TCD netsocers. All the users on it are the remaining TCD associates following the shutdown of TCD IRCd. This server is maintained by its own users and has explicit permission to join IRC without LDAP auth.

### Anope

Redbrick runs Anope services for the entire network. As with [inspircd we compile](https://github.com/redbrick/nix-configs/tree/master/packages/inspircd) from source. Refer to anopes [github docs](https://github.com/anope/anope/tree/2.0/docs) for configuration specifics.

Our current Anope is configured with standard mods of chanserv, nickserv and operserv. All config is in [here](https://github.com/redbrick/nix-configs/tree/master/services/ircd/anope/confs)

Anope stores all info in a custom db file on disk.

### Discord Bridge - `butlerx`

We run a [bridge](https://github.com/qaisjp/go-discord-irc) between the Redbrick Discord and irc. The configuration for this is [here](https://github.com/redbrick/nix-configs/tree/master/services/ircd/discord/conf.nix).

The bridge adds all users from discord with the suffix `_d2` and all irc users appear as them self but tagged as a bot in discord. Not all discord channels are on IRC, the config above contains a mapping of irc channels to discord channels id's. This needs to be manually updated to add more channels.

## Icecast

+ 4
- 0
mkdocs.yml View File

@@ -11,6 +11,10 @@ theme:
name: material
features:
- navigation.tabs
- navigation.instant
- navigation.sections
- navigation.expand
- navigation.top
palette:
- media: "(prefers-color-scheme: light)"
scheme: default


Loading…
Cancel
Save