Installing Anope

Anope is a set of IRC services. It is cross-platform (runs on Linux and BSD) and works well with a variety of IRCds such as ngircd.

Anope provides users with the NickServ, ChanServ and other *Serv that users expect from IRC. This allows users to register their nicknames, channels, and much more.

The main drawback to anope is that it is written in C++ and has too many configurable parameters for most new admins of IRC.

Building Anope

First, install cmake and gettext-tools (internationalization support):

$ doas pkg_add cmake gettext-tools

Create a new user for anope:

$ doas useradd -m -g =uid -c "anope" -d /home/anope -s /bin/ksh anope
$ doas su anope
$ cd ~

Next, download the latest https://github.com/anope/anope/release of Anope:

$ ftp https://github.com/anope/anope/archive/refs/tags/2.0.10.tar.gz
$ tar -zxf 2.0.10.tar.gz
$ cd anope-2.0.10

Before proceeding, make sure to thoroughly read README.md and the docs/ folder.

$ ./Config

Default settings are recommended. Press enter for every question asked.

For these two questions, type NONE in all caps.

Next, build Anope:

 
$ cd build/
$ make
$ make install

Create services.conf:

$ cd ~/services/conf/
$ cp example.conf services.conf

Edit services.conf:

define
{
        name = "services.host"
        value = "services.irc.example.com"
}

Replace services.irc.example.com with your real hostname.

uplink
{
        host = "127.0.0.1"
        ipv6 = no
        ssl = no
        port = 16667
        password = "NGIRCDMYPASSWORD"
}

The host is the address of the server you want to connect to. In this setup, anope will be running on the same server that ngircd will be running on.

We want to disable IPv6 and use IPv4 only. SSL is not necessary because we are connecting to localhost.

NOTE: ngircd must be set to listen on port 16667 (or whatever port you decide to use).

The server password must match MyPassword in ngircd.conf's Server block.

serverinfo
{
        name = "services.irc.example.com"
        description = "Services for IRC Networks"
        pid = "data/services.pid"
        motd = "conf/services.motd"
}

Replace services.irc.example.com with the actual hostname. Replace the description. The rest should be left untouched.

module
{
	name = "ngircd"
	use_server_side_mlock = yes
	use_server_side_topiclock = yes
}

WARNING: Your module must match your ircd. In this guide, we use the ngircd module.

networkinfo
{
        networkname = "ExampleNet"
        nicklen = 16
        userlen = 16
        hostlen = 64
        chanlen = 32
        modelistsize = 100
        vhost_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-"
        allow_undotted_vhosts = false
        disallow_start_or_end = ".-"
}

Replace ExampleNet with your actual network name.

On IRCNow, nicklen (the maximum nick length) and userlen (the maximum ident? length) are both 16. The rest are left at defaults.

You will need to configure the rest of services.conf according to the comments. The defaults are generally sensible.

Adding Operators

For each IRC operator, create a block:

oper
{
        name = "OPERNICK"
        type = "Services Root"
        require_oper = yes
        password = "OPERPASSWORD"
        #certfp = "ed3383b3f7d74e89433ddaa4a6e5b2d7"
        #host = "*@*.anope.org ident@*"
        #vhost = "oper.mynet"
}

Replace OPERNICK with your operator's nickname. require_oper will require the user first be an oper on the IRCd before he can be services operator. The user must first type /quote oper OPERNICK PASSWORD

Anope has four levels of operators:

TypeCommands
HelperHostServ? (approves vhosts)
Services OperatorHostServ?, ChanServ? (some), OperServ? (some)
Services AdministratorHostServ?, ChanServ? (some), OperServ? (some), BotServ?, MemoServ?, Global?
Services RootAll

If a password is defined, the user must login using /squery OPERSERV LOGIN.

mail
{
        usemail = yes
        sendmailpath = "/usr/sbin/sendmail -t"
        sendfrom = "services@example.com"
        delay = 5m
        registration_subject = "Nickname registration for %n"
        registration_message = "Hi,

                                You have requested to register the nickname %n on %N.
                                Please type \" /msg NickServ CONFIRM %c \" to complete registration.

                                If you don't know why this mail was sent to you, please ignore it silently.

                                %N administrators."

        reset_subject = "Reset password request for %n"
        reset_message = "Hi,

                        You have requested to have the password for %n reset.
                        To reset your password, type \" /msg NickServ CONFIRM %n %c \"

                        If you don't know why this mail was sent to you, please ignore it silently.

                        %N administrators."

        emailchange_subject = "Email confirmation"
        emailchange_message = "Hi,

                        You have requested to change your email address from %e to %E.
                        Please type \" /msg NickServ CONFIRM %c \" to confirm this change.

                        If you don't know why this mail was sent to you, please ignore it silently.

                        %N administrators."
        memo_subject = "New memo"
        memo_message = "Hi %n,

                        You've just received a new memo from %s. This is memo number %d.

                        Memo text:

                        %t"
}

We set usemail to yes so that users can reset their passwords. Make sure your mail server? is configured and running properly before enabling this option.

Replace services@example.com with the actual email address you plan to send mail from.

NOTE: sendmail must be able to send from this email address.

The rest of the configuration uses the defaults.

Edit /home/anope/services/conf/nickserv.conf:

        defaults = "killprotect ns_secure ns_private hide_email hide_mask memo
_signon memo_receive autoop"

killprotect will give users 60 seconds to identify if they use a registered nick. If they do not identify within that time, they are killed.

        restrictopernicks = yes

Configuring ngircd.conf

In ngircd.conf, you need a block that looks like this:

[Server]
	Name = services.irc.example.com
	Host = 127.0.0.1
	;Bind = 192.168.0.1
	Port = 16667
	MyPassword = NGIRCDMYPASSWORD
	PeerPassword = NGIRCDPEERPASSWORD
	;Group = 123
	Passive = yes
	SSLConnect = false
	ServiceMask = *Serv,Global

Replace services.irc.example.com with the actual services hostname. The host will likely be 127.0.0.1 (again, because anope is running on the same server as ngircd). The port should be 16667.

Make sure that MyPassword matches the server password for the uplink block in anope. Set Passive to yes so that ngircd does not automatically connect to anope (let anope initiate the connection), and turn off SSL.

Finally, we set the ServiceMask. This lets ngircd know that the nicknames *Serv and Global belong to IRC Services.

If ngircd is already running, remember to reload changes to ngircd.conf:

$ doas rcctl reload ngircd

NOTE: restarting ngircd is unnecessary and results in downtime.

To start services:

$ cd ~/services/bin
$ ./anoperc start

If './anoperc start' fails, please double check the conf file.

Automation

While logged in as user anope:

$ cp ~/services/conf/{example,services}.chk
$ chmod +x ~/services/conf/services.chk

Edit the lines in ~/services/conf/services.chk to read as follows:

# Anope binary directory
ANOPATH=/home/anope/services/bin

# Anope data directory
ANODATA=/home/anope/services/data

# Name of the pid file
ANOPIDF=services.pid

# Name of the executable
ANOPROG=services

# Parameters to pass to the executable
ANOARGS=""
#ANOARGS="-debug"

While logged in as user anope, set up a cronjob? with this entry:

$ crontab -e
*/5 * * * * /home/anope/services/conf/services.chk >/home/anope/services/logs/services.log 2>&1

Troubleshooting

If you run into issues, check /home/anope/services/logs: