#ircdriven Bot Logged User list

Network: Libera.Chat

Modes:

Last Seen: 3 hours ago

Topic: IRC Driven :: https://www.ircdriven.com :: The website is considered out of beta status at this time as most features have been built :: Seeking networks and assistance with Python development :: IRC Driven is just old now. ::

#1,616

Rank

Users

Channel Log Archive for #ircdriven

Hide Joins

* All times are UTC

Wednesday, February 14, 2024

[03:22:54] ComputerTech hie

[03:27:26] Zelator 👋

[03:27:33] ComputerTech sup

[03:29:29] Zelator ComputerTech, was wondering, do you actually rehash every server in your network on every cert renewal for the changes to kick in or is there another mechanism?

[03:29:41] ComputerTech we have a bot that does it

[03:29:43] Zelator i mean i had to do it for the first time a couple of hours ago

[03:29:45] * ComputerTech points at worm`

[03:29:46] ComputerTech he set it up

[03:29:47] Zelator aha

[03:29:47] ComputerTech :p

[03:29:53] Zelator i thought of doing the same

[03:30:18] Zelator is it present on every server under different nicknames or?

[03:31:09] worm` we are changing over to playbooks for the cert updates but yah

[03:31:16] worm` its all auto

[03:31:56] Zelator is it a part of a single cron job?

[03:32:13] ComputerTech worm`!

[03:32:17] * ComputerTech takes worm` fishing

[03:32:21] worm` is it now, no. can it be yah

[03:32:44] worm` you called and i showed up <3

[03:32:51] ComputerTech <3

[03:33:44] worm` and it will all be on one cronjob at some point

[03:34:09] Zelator so you still have to perform at least one action manually to rehash the servers?

[03:34:26] worm` no

[03:34:44] Zelator how does it know when to do it though?

[03:34:48] Zelator what triggers it?

[03:34:51] worm` everything is auto

[03:35:21] Zelator i figured that much, but i'm curious as to how it ticks... does it rehash every once in 24 hours or what?

[03:35:54] worm` well the old way was each server had a cronjob to pulling the cert then rehash the servers once a day

[03:36:05] Zelator right

[03:36:29] Zelator on my network it's all done by a single server, others just fetch the certs from it

[03:36:44] Zelator but only the cert renewal is cronned and automated, not servers rehash

[03:36:49] worm` yah, thats what was happening

[03:37:45] worm` each server was getting the cert form a server and then rehashing ircd

[03:38:07] worm` it can be done much cleaner

[03:38:08] Zelator yeah, this scheme did cross my mind

[03:38:12] worm` with playbooks

[03:39:47] Zelator however, in my case cert pulling is done via ftp, so there is really a single cron job for everything, other servers don't do anything at all other than run the ircd, it's more convenient as the server owners can't be bothered and i can virtually manage them except rehashing is a bit of a PITA

[03:39:59] Zelator i mean i have to connect to every server to do it and it's extremely awkward

[03:40:14] Zelator manage them all*

[03:40:35] Zelator so now you see why i'm curious as to your implementation of it

[03:40:42] worm` ugh

[03:40:53] worm` yah, no

[03:41:01] worm` I dont want to do that

[03:41:57] Zelator yes, that makes all the servers dependent on another one, but they would be anyway as it's also running services

[03:42:01] Zelator so it has to be there at all times

[03:42:18] Zelator besides, they only pull the certs once, then it's cached for as long as ircd is running

[03:42:45] worm` no i meant the manual stuff lol

[03:42:52] Zelator ah

[03:42:57] Zelator well yeah, it's annoying

[03:43:36] Zelator and i'm thinking what i could do about it... cron job on every server to rehash every once a month? Tedious... their owners will have to take care of it if anything happens and it's the last thing they wanna do

[03:44:12] worm` one server checks if its time to refresh the cert. then using deploy hooks it run the playbook to push the cert to the server and rehash the ircd. nice and clean

[03:44:15] Zelator multiple instances of an opered bot on every server? A potential solution

[03:44:43] worm` if there is a cert problem you only need to connect to one server and re issue the cert and rehash

[03:45:03] worm` what ircd are you running

[03:45:08] Zelator unreal

[03:45:13] worm` Ver?

[03:45:23] worm` the command is different depending

[03:46:09] Zelator well, they aren't all the same, but all are 6+

[03:46:27] Zelator it's a mixed bag

[03:47:02] Zelator (05:44:05) <worm`> one server checks if its time to refresh the cert. then using deploy hooks it run the playbook to push the cert to the server and rehash the ircd. nice and clean

[03:47:22] worm` over 6 is the same

[03:47:38] Zelator the only part i don't understand is how you make another server rehash.. is it a part of this playbook magic?

[03:47:47] worm` yah

[03:48:27] Zelator pushing i understand, though i'd much rather prefer they all just pulled the certs because not everyone is willing to provide ssh/scp access and it makes things a bit more complex too

[03:48:43] worm` basically SSH to the server (with the ircd user) and run $HOME/unrealircd/unrealircd rehash -tls

[03:48:56] Zelator that's the problem, i can't

[03:49:04] worm` why not

[03:49:05] Zelator i mean, not to every server in the network

[03:49:07] Zelator well...

[03:49:19] Zelator because like i said, not everyone is willing to open the port etc

[03:49:30] Zelator security hole etc

[03:49:35] worm` open what port

[03:49:48] Zelator 22

[03:49:53] worm` you're saying you have servers that have no SSH

[03:50:05] Zelator correct

[03:50:08] worm` it does not need to be port 22

[03:50:22] worm` how do you manage it. magic?

[03:50:35] Zelator i know, but they still can be checked one way or another or this is what their owners might think, i dunno

[03:50:40] Zelator (05:50:16) <worm`> how do you manage it. magic?

[03:50:44] Zelator something like that ;)

[03:51:19] worm` best to use a port thats not 21-22 then only use ssh-keys

[03:52:16] worm` if you are the network owner why are there servers on the network you cant manage

[03:52:20] worm` fuck that shit

[03:52:47] Zelator basically, i use remote includes for everything and every other ircd conf is just a one-liner, this way i made everybody's life easier

[03:53:34] Zelator so if i need to make any changes on other servers i can do it on my own, unless it's something very technical like updating ircd etc

[03:53:42] Zelator on my own end*

[03:53:51] Zelator (05:52:09) <worm`> if you are the network owner why are there servers on the network you cant manage

[03:53:56] Zelator well.. that's just how it is

[03:53:56] worm` we use remote includes.

[03:54:07] worm` phh, no

[03:54:45] worm` just delink any server you cant manage

[03:54:49] Zelator heh

[03:54:50] worm` problem solved

[04:00:44] * worm` wiggles off

[04:01:17] Zelator 👋

[05:09:20] Zelator btw worm`

[05:09:39] Zelator ./unrealircd reloadtls <- is this for older unreal versions?

[05:15:28] worm` yah, pre Ver 6

[05:16:01] worm` er no

[05:16:39] worm` that is if you are in the unrealircd Dir, then yes

[05:16:48] Zelator i see

[05:27:09] * worm` wiggles off again

[08:53:13] Jobe <Zelator> ./unrealircd reloadtls <- is this for older unreal versions?

[08:53:16] Jobe its still current

[08:53:29] Jobe you can also use kill -USR1 <pid> to do the same thing

[08:53:52] Zelator right, thanks

[08:54:18] Jobe a lot of tls capable IRCds implement SIGUSR1 as reload tls certs

[08:54:33] Jobe but I have confirmed UnrealIRCd definitely does

[09:10:01] Zelator interesting

[13:10:40] * iamzim joined #ircdriven

[13:52:53] * iamzim left #ircdriven

[18:33:43] acidvegas hi Jobe

IRC Log Archive

This is a searchable archive of IRC conversations from #ircdriven on Libera.Chat. Use the search box above to find discussions on specific topics. All conversations are preserved to help the community learn from past discussions.