Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+
 Reporter:  pastly   |  Owner:  pastly
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+

Comment (by anarcat):

 thanks for the docs! i linked the service page to the irc docs. i've also
 split the install and user docs between the reference and howto sections,
 to respect the existing document structure, but otherwise didn't touch it.

 i'll followup with the downtime in that other ticket, thank you for that
 too! :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+
 Reporter:  pastly   |  Owner:  pastly
 Type:  defect   | Status:  closed
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:  fixed
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+
Changes (by pastly):

 * status:  assigned => closed
 * resolution:   => fixed


Comment:

 I finally went through the motions of adding a user so I could document
 it. I did. I pushed it to project/help/wiki.git on the master branch and
 the page has automatically updated.

 I added the bouncer to the services page like arma suggested.

 I am going to open a new ticket about the bouncer going down.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+-
 Reporter:  pastly   |  Owner:  pastly
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by arma):

 And: once this is a real service, can somebody add a line to
 https://trac.torproject.org/projects/tor/wiki/org/operations/services
 along with who is the service maintainer, so it is possible for people to
 try to report issues with the service without secretly already knowing who
 runs it? :)

 (maybe in the 'internal stuff' section)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+-
 Reporter:  pastly   |  Owner:  pastly
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by anarcat):

 pastly: chives was rebooted last night and it seems the bouncer didn't
 come back on. could you take a look?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+-
 Reporter:  pastly   |  Owner:  pastly
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by anarcat):

 apparently, i've been told you should be able to push to the wiki
 yourself. the readonly repository, you probably already know here:

 https://gitweb.torproject.org/project/help/wiki.git/

 but you should also be able to pull and push from the read-write URL as
 long as you have an SSH key on the git server:

 g...@git-rw.torproject.org:project/help/wiki.git

 please try that and let me know if works (or doesn't).

 also do let me know what the next steps should be here, i'm a bit lost as
 to what we should do next. :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+-
 Reporter:  pastly   |  Owner:  pastly
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by anarcat):

 * cc: anarcat (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+-
 Reporter:  pastly   |  Owner:  pastly
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by anarcat):

 >  I just need to go through the motions of adding a user so I can
 document it.

 Any update on that?

 >  How do you feel about the existing contents of tsa/howto/irc.mdwn?
 Would it be appropriate for me to delete them entirely? Anything I should
 keep?

 er, you mean https://help.torproject.org/tsa/howto/irc/ here? I definitely
 want to keep *that*. :) or do you mean your patch? if the latter, then i'm
 happy to just merge it in, but I would then need to integrate it with the
 current document structure, as it looks like it's just slapped at the end
 right now. :)

 i would suggest splitting it between the Tutorial (for things that end-
 users can do easily without prior knowledge) Howto (for things that
 require a bit more knowledge, maybe only the sysadmin/commandline-level
 stuff) and Reference (for the "how to configure/install this thing" bits).

 makes sense?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+-
 Reporter:  pastly   |  Owner:  pastly
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by gaba):

 * cc: gaba (added)


--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+-
 Reporter:  pastly   |  Owner:  pastly
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by pastly):

 I just need to go through the motions of adding a user so I can document
 it.

 How do you feel about the existing contents of tsa/howto/irc.mdwn? Would
 it be appropriate for me to delete them entirely? Anything I should keep?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+-
 Reporter:  pastly   |  Owner:  pastly
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by anarcat):

 @pastly - is there anything else you need from us here? how is it going?

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+-
 Reporter:  pastly   |  Owner:  pastly
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by anarcat):

 * status:  accepted => assigned
 * owner:  anarcat => pastly


Comment:

 i opened port 2001 for ZNC and changed the forward for the hidden service,
 which stays at `eibwzyiqgk6vgugg.onion`.

 unfortunately, this is all I can give you for now:

 {{{
 HiddenServiceDir /var/lib/tor/onion/ircbouncer.torproject.org
 HiddenServiceVersion 2
 HiddenServicePort 80 localhost:2000
 }}}

 the Puppet module we use for Tor onion services is limited to v2 addresses
 right now, and doesn't support single hop and all that jazz. hopefully
 that can be fixed soon, but in the meantime I hope it will suffice for our
 purposes here...?

 i think if that all works the remaining step is to fix the docs and merge
 it, reassign to me when that's ready! :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+-
 Reporter:  pastly   |  Owner:  anarcat
 Type:  defect   | Status:
 |  accepted
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by pastly):

 Replying to [comment:9 anarcat]:
 > Do you want me to merge your github branch it or are you going to push
 it yourself to git-rw?

 I don't think I have access to that repo (haven't tried). Instead of me
 gaining access, I think it would be easiest and best for you to just grab
 my commits and push them yourself.

 Should you do so now? Nah. Let me add how to add ZNC users to it first.

 That would also give you a chance to clean up the document as you see fit.
 It's serving a lot of purposes right now. Maybe after this is set up then
 the only thing the document needs is the stuff I wrote. Not my call to
 make :p

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+-
 Reporter:  pastly   |  Owner:  anarcat
 Type:  defect   | Status:
 |  accepted
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by anarcat):

 * status:  assigned => accepted


Comment:

 > I'm assigning the ticket back to you because I think that's how you're
 keeping track of what's on your plate vs what is on mine. If this was
 inappropriate, please excuse my ignorance.

 Not at all! That's exactly what I was expecting. :) will followup soon.

 Do you want me to merge your github branch it or are you going to push it
 yourself to git-rw?

 thanks for your work!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+-
 Reporter:  pastly   |  Owner:  anarcat
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by pastly):

 * owner:  pastly => anarcat


Comment:

 As stated on IRC 24+ hours ago, I fixed the bug generating a ton of email
 spam. Sorry about that, again.

 I've documented everything on the `irc` branch of my fork of that wiki.
 https://github.com/pastly/tsa-
 wiki/commit/dac66a37bef2232ddc234d56918895de23b952c6. Everything expect
 how to add users. View it rendered [https://github.com/pastly/tsa-
 wiki/blob/dac66a37bef2232ddc234d56918895de23b952c6/tsa/howto/irc.mdwn
 #setting-up-znc here]. I'm waiting on adding users and documenting how to
 do so until the necessary/desired network changes are made.

 To distill [comment:6 comment 6] into concrete requests:

 - [ ] allow 2001 inbound to ZNC, TLS-protected web and IRC
 - [ ] configure Tor as follows, or as close to it as willing

 {{{
 Log notice syslog
 # to use 3 hops instead of 6. not anonymous
 # can't do this if you want a SocksPort
 SocksPort 0
 HiddenServiceSingleHopMode 1
 HiddenServiceNonAnonymousMode 1
 # actual interesting config
 HiddenServiceDir /var/lib/tor/onion/ircbouncer.torproject.org
 HiddenServiceVersion 3
 HiddenServicePort 80 2000
 HiddenServicePort 2000
 }}}

 - [ ] share with pastly the onion address if different than
 eibwzyiqgk6vgugg.onion

 I'm assigning the ticket back to you because I think that's how you're
 keeping track of what's on your plate vs what is on mine. If this was
 inappropriate, please excuse my ignorance.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+-
 Reporter:  pastly   |  Owner:  pastly
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by anarcat):

 i started getting a bunch of errors from cron like this:

 {{{
 Subject: Cron  /home/ircbouncer/bin/znc-ssl-copy.sh
 To: ircboun...@chives.torproject.org
 Date: Tue, 19 Nov 2019 02:49:01 +

 /home/ircbouncer/bin/znc-ssl-copy.sh: line 3:
 /home/ircbouncer/.znc/znc.pem: Permission denied
 }}}

 not sure what you're doing here, but something is not working. :)

 i have changed the role's forward to point to you instead of TPA so we
 stop receiving those errors, but it's probably something you'd want to
 fix.

 it would also be great if you could document your setup here or
 somewhere...

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+-
 Reporter:  pastly   |  Owner:  pastly
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by pastly):

 - [x] systemd.service config (pastly)

 Extremely basic service file to run znc. Plus unfortunately fell back to
 copying the certs out of /etc and putting them in ~/.znc/znc.pem once a
 week with a cron job due to what seems like a systemd security thing
 preventing me from reading /etc/ssl/private/ files.

 - [x] znc configuration (pastly)
 - [x] web interface configuration (pastly)

 Uhh ... done I think. I have IRC and HTTP on 2000 as well as IRC-over-TLS
 and HTTPS on 2001. I have an account for myself and can make/migrate
 additional accounts later without help.

 Speaking of the nginx proxy and these ports ...

 We can probably skip nginx. Our users can be expected to use Tor Browser
 in the rare instance they want to access the web interface. Thus
 `HiddenServicePort 80 2000` gets them secure access to the web interface.

 For their IRC client, opening 2001 in the firewall gets them IRC over TLS.
 I guess for completeness we should open 2000 for plaintext IRC. Finally,
 for the cool kids `HiddenServicePort 2000` gets them IRC over Tor.

 PS: why not v3 onion service? :p

 If what I'm saying sounds reasonable, then in lieu of the "nginx proxy"
 step, I would request the following lines in the torrc:

 {{{
 HiddenServiceVersion 3
 HiddenServicePort 80 2000
 HiddenServicePort 2000
 }}}

 And the firewall to allow inbound 2000 and 2001.

 And to be notified about what the new onion service is if you actually
 bump to v3.

 Thanks!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+-
 Reporter:  pastly   |  Owner:  pastly
 Type:  defect   | Status:
 |  assigned
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by anarcat):

 * owner:  anarcat => pastly
 * status:  accepted => assigned


Comment:

 i have created the ircbouncer role (user) and group on chives. the user
 has the rights to keep persistent user-level services running through
 systemd, also known as "lingering". the documentation on how to use that
 to run services is detailed here:

 https://help.torproject.org/tsa/doc/services/

 it is your responsibility to start the service and keep it running, our
 systemd things will just run whatever the service file says. :)

 so `sudo -u ircbouncer` to get to the privileged account. i've made you
 part of the group which should give you that privilege, let me know if
 that doesn't work.

 i've also added the `ircbouncer` user to the `ssl-cert` group so it can
 access the X509 certificates. those certs are the following files:

 {{{
 root@chives:~# ls -al /etc/ssl/private/ircbouncer.torproject.org.*
 /etc/ssl/torproject/certs/ircbouncer.torproject.org.crt*
 -r--r- 1 root ssl-cert 7178 nov 18 20:42
 /etc/ssl/private/ircbouncer.torproject.org.combined
 -r--r- 1 root ssl-cert 3244 nov 18 20:42
 /etc/ssl/private/ircbouncer.torproject.org.key
 -r--r--r-- 1 root root 2286 nov 18 20:42
 /etc/ssl/torproject/certs/ircbouncer.torproject.org.crt
 -r--r--r-- 1 root root 1649 nov 18 20:42
 /etc/ssl/torproject/certs/ircbouncer.torproject.org.crt-chain
 -r--r--r-- 1 root root 3934 nov 18 20:42
 /etc/ssl/torproject/certs/ircbouncer.torproject.org.crt-chained
 }}}

 Those are basically:

  * `.key`: the private key
  * `.crt`: the public key
  * `.crt-chain`: the "chain" bits that might be required in some browsers
  * `.crt-chained`: the above two together
  * `.combined`: all of the above

 Usually, the `.key` and `.crt` are enough, but sometimes you need the
 `.crt-chained` instead of the `.crt`.

 The onion service is also up and running, under (i believe)
 `eibwzyiqgk6vgugg.onion`. It currently points at
 ircbouncer.torproject.org:80 which of course is not listening. That's the
 next step: we need to figure our how to give you access to port 80 here.
 My suggestion would be that you start by setting up the bouncer and its
 web interface on whatever (stable) port you can, and access it over an SSH
 tunnel for now. Once you're happy with this (or if you can't use SSH
 tunnels for some reason), let me know what the port number is, and I'll
 setup an Nginx forward, reusing those nice little X509 certs as well.

 TL;DR: checklist status:

  * [x] znc install (anarcat)
  * [x] ircbouncer role account and group (anarcat)
  * [x] sudo access (anarcat)
  * [x] enable-linger (anarcat)
  * [x] x509 certs (anarcat)
  * [x] hidden service (anarcat)
  * [ ] systemd.service configuration (pastly)
  * [ ] znc configuration (pastly)
  * [ ] web interface configuration (pastly)
  * [ ] nginx proxy (anarcat)

 let me know if you have any questions!

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+-
 Reporter:  pastly   |  Owner:  anarcat
 Type:  defect   | Status:
 |  accepted
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Old description:

> I think I want to migrate the TPO people who use my bouncer off my server
> and onto TPO infra. If possible.
>
> Initial discussion with anarcat suggested that chives.tpo would be the
> box. Okay cool.
>
> **Q1**: Can it get a valid TLS certificate? Both for the web interface
> and also for protecting the IRC traffic.
>
> **Q2**: Can Tor get installed on the box? Right now I also have an onion
> service pointing to my ZNC and it'd be cool to keep that.
>
> If desired, I can talk more about how I have accomplished Q1 with Let's
> Encrypt, nginx, and a cron job. Q2 is just because it's easy and cool. No
> big deal.

New description:

 I think I want to migrate the TPO people who use my bouncer off my server
 and onto TPO infra. If possible.

 Initial discussion with anarcat suggested that chives.tpo would be the
 box. Okay cool.

 **Q1**: Can it get a valid TLS certificate? Both for the web interface
 (**edit** for account management, NOT CHAT) and also for protecting the
 IRC traffic.

 **Q2**: Can Tor get installed on the box? Right now I also have an onion
 service pointing to my ZNC and it'd be cool to keep that.

 If desired, I can talk more about how I have accomplished Q1 with Let's
 Encrypt, nginx, and a cron job. Q2 is just because it's easy and cool. No
 big deal.

--

Comment (by pastly):

 (Edit description to make explicit that ZNC's web interface is for admin
 stuff, not chat.)

 Sure ircbouncer.torproject.org. Doesn't make much difference to me :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+-
 Reporter:  pastly   |  Owner:  anarcat
 Type:  defect   | Status:
 |  accepted
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by anarcat):

 > > > Q1: Can it get a valid TLS certificate? Both for the web interface
 and also for protecting the IRC traffic.
 > >
 > > Yes. I wonder which domain it should be however?
 >
 > chives.torproject.org

 I was thinking something more like `ircbouncer.torproject.org`. :)

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+-
 Reporter:  pastly   |  Owner:  anarcat
 Type:  defect   | Status:
 |  accepted
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-

Comment (by pastly):

 Replying to [comment:1 anarcat]:
 > > **Q1**: Can it get a valid TLS certificate? Both for the web interface
 and also for protecting the IRC traffic.
 >
 > Yes. I wonder which domain it should be however?

 chives.torproject.org

 My users currently use ircbouncer.system33.pw, and I ''could'' made DNS
 for that point to chives.torproject.org, but I'd rather rip the bandaid
 off and make them updates their host.

 If you were thinking the certificate would have to be valid for
 irc.oftc.net, no. ZNC terminates the TLS and pretends to be a regular ol'
 IRC server to the clients.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs

Re: [tor-bugs] #32532 [Internal Services/Tor Sysadmin Team]: Install ZNC on Chives, make pastly admin it

[Tor Bug Tracker & Wiki]

#32532: Install ZNC on Chives, make pastly admin it
-+-
 Reporter:  pastly   |  Owner:  anarcat
 Type:  defect   | Status:
 |  accepted
 Priority:  Medium   |  Milestone:
Component:  Internal Services/Tor Sysadmin Team  |Version:
 Severity:  Normal   | Resolution:
 Keywords:   |  Actual Points:
Parent ID:   | Points:
 Reviewer:   |Sponsor:
-+-
Changes (by anarcat):

 * status:  new => accepted
 * owner:  tpa => anarcat


Comment:

 > **Q1**: Can it get a valid TLS certificate? Both for the web interface
 and also for protecting the IRC traffic.

 Yes. I wonder which domain it should be however?

 > **Q2**: Can Tor get installed on the box? Right now I also have an onion
 service pointing to my ZNC and it'd be cool to keep that.

 Sure, that shouldn't be a problem either.

--
Ticket URL: 
Tor Bug Tracker & Wiki 
The Tor Project: anonymity online
___
tor-bugs mailing list
tor-bugs@lists.torproject.org
https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-bugs