FreeBSD Manual Pages
BIBOUMI(1) biboumi BIBOUMI(1) NAME biboumi - biboumi Documentation SYNOPSIS biboumi [config_filename] ADMINISTRATOR DOCUMENTATION Usage Biboumi acts as a server, it should be run as a daemon that lives in the background for as long as it is needed. Note that biboumi does not daemonize itself, this task should be done by your init system (SysVinit, systemd, upstart). When started, biboumi connects, without encryption (see Security), to the local XMPP server on the port 5347 and authenticates with the pro- vided password. Biboumi then serves the configured hostname: this means that all XMPP stanza with a to JIDon that domain will be for- warded to biboumi by the XMPP server, and biboumi will only send mes- sages coming from that hostname. To cleanly shutdown the component, send a SIGINT or SIGTERM signal to it. It will send messages to all connected IRC and XMPP servers to in- dicate a reason why the users are being disconnected. Biboumi exits when the end of communication is acknowledged by all IRC servers. If one or more IRC servers do not respond, biboumi will only exit if it receives the same signal again or if a 2 seconds delay has passed. Configuration Configuration happens in different places, with different purposes: • The main and global configuration that specifies vital settings for the daemon to run, like the hostname, password etc. This is an ad- min-only configuration, and this is described in the next section. • A TLS configuration, also admin-only, that can be either global or per-domain. See TLS configuration section. • Using the Ad-hoc commands, each user can configure various settings for themself Daemon configuration The configuration file is read by biboumi as it starts. The path is specified as the only argument to the biboumi binary. The configuration file uses a simple format of the form option=value (note that there are no spaces before or after the equal sign). The values from the configuration file can be overridden by environment variables, with the name all in upper case and prefixed with BIBOUMI_. For example, if the environment contains BIBOUMI_PASSWORD=blah", this will override the value of the password option in the configuration file. Sending SIGUSR1, SIGUSR2 or SIGHUP (see kill(1)) to the process will force it to re-read the configuration and make it close and re-open the log files. You can use this to change any configuration option at run- time, or do a log rotation. Options A configuration file can look something like this: hostname=biboumi.example.com password=mypassword xmpp_server_ip=127.0.0.1 port=5347 admin=myself@example.com db_name=postgresql://biboumi:password@localhost/biboumi realname_customization=true realname_from_jid=false log_file= ca_file= outgoing_bind=192.168.0.12 Here is a description of all available options hostname Mandatory. The hostname served by the XMPPgateway. This domain must be configured in the XMPP server as an external component. See the manual for your XMPP server for more information. For prosody, see http://prosody.im/doc/components#adding_an_external_component password Mandatory. The password used to authenticate the XMPP component to your XMPP server. This password must be configured in the XMPPserver, asso- ciated with the external component on hostname. xmpp_server_ip The IP address to connect to the XMPP server on. The connection to the XMPP server is unencrypted, so the biboumi instance and the server should normally be on the same host. The default value is 127.0.0.1. port The TCP port to use to connect to the local XMPP component. The default value is 5347. db_name The name of the database to use. This option can only be used if bi- boumi has been compiled with a database support (Sqlite3 and/or Post- greSQL). If the value begins with the postgresql scheme, postgresql:// or postgres://, then biboumi will try to connect to the PostgreSQL database specified by the URI. See the PostgreSQL doc for all possible values. For example the value could be postgresql://user:secret@local- host. If the value does not start with the postgresql scheme, then it specifies a filename that will be opened with Sqlite3. For example the value could be /var/lib/biboumi/biboumi.sqlite. admin The bare JID of the gateway administrator. This JID will have more privileges than other standard users, for example some administration ad-hoc commands will only be available to that JID. If you need more than one administrator, separate them with a colon (:). fixed_irc_server If this option contains the hostname of an IRC server (for example irc.example.org), then biboumi will enforce the connexion to that IRC server only. This means that a JID like #chan@biboumi.example.com must be used instead of #chan%irc.example.org@biboumi.example.com. The % character loses any meaning in the JIDs. It can appear in the JID but will not be interpreted as a separator (thus the JID #channel%hello@bi- boumi.example.com points to the channel named #channel%hello on the configured IRC server) This option can for example be used by an admin- istrator that just wants to let their users join their own IRC server using an XMPP client, while forbidding access to any other IRC server. persistent_by_default If this option is set to true, all rooms will be persistent by default: the value of the persistent option in the global configuration of each user will be true, but the value of each individual room will still de- fault to false. This means that a user just needs to change the global persistent configuration option to false in order to override this. If it is set to false (the default value), all rooms are not persistent by default. Each room can be configured individually by each user, to override this default value. See Ad-hoc commands. realname_customization If this option is set to false (default is true), the users will not be able to use the ad-hoc commands that lets them configure their realname and username. realname_from_jid If this option is set to true, the realname and username of each bi- boumi user will be extracted from their JID. The realname is their bare JID, and the username is the node-part of their JID. Note that if realname_customization is true, each user will still be able to cus- tomize their realname and username, this option just decides the de- fault realname and username. If this option is set to false (the default value), the realname and username of each user will be set to the nick they used to connect to the IRC server. webirc_password Configure a password to be communicated to the IRC server, as part of the WEBIRC message (see https://kiwiirc.com/docs/webirc). If this op- tion is set, an additional DNS resolution of the hostname of each XMPP server will be made when connecting to an IRC server. log_file A filename into which logs are written. If none is provided, the logs are written on standard output. log_level Indicate what type of log messages to write in the logs. Value can be from 0 to 3. 0 is debug, 1 is info, 2 is warning, 3 is error. The de- fault is 0, but a more practical value for production use is 1. ca_file Specifies which file should be used as the list of trusted CA when ne- gociating a TLS session. By default this value is unset and biboumi tries a list of well-known paths. outgoing_bind An address (IPv4 or IPv6) to bind the outgoing sockets to. If no value is specified, it will use the one assigned by the operating system. You can for example use outgoing_bind=192.168.1.11 to force biboumi to use the interface with this address. Note that this is only used for connections to IRC servers. identd_port The TCP port on which to listen for identd queries. The default is the standard value: 113. To be able to listen on this privileged port, bi- boumi needs to have certain capabilities: on linux, using systemd, this can be achieved by adding AmbientCapabilities=CAP_NET_BIND_SERVICE to the unit file. On other systems, other solutions exist, like the por- tacl module on FreeBSD. If biboumis identd server is properly started, it will receive queries from the IRC servers asking for the identity of each IRC connection made to it. Biboumi will answer with a hash of the JID that made the connection. This is useful for the IRC server to be able to distinguish the different users, and be able to deal with the absuses without hav- ing to simply ban the IP. Without this identd server, moderation is a lot harder, because all the different users of a single biboumi in- stance all share the same IP, and they cant be distinguished by the IRC servers. To disable the built-in identd, you may set identd_port to 0. policy_directory A directory that should contain the policy files, used to customize Botans behaviour when negociating the TLS connections with the IRC servers. If not specified, the directory is the one where biboumis con- figuration file is located: for example if biboumi reads its configura- tion from /etc/biboumi/biboumi.cfg, the policy_directory value will be /etc/biboumi. TLS configuration Various settings of the TLS connections can be customized using policy files. The files should be located in the directory specified by the configuration option policy_directory. When attempting to connect to an IRC server using TLS, biboumi will use Botans default TLS policy, and then will try to load some policy files to override the values found in these files. For example, if policy_directory is /etc/bi- boumi, when trying to connect to irc.example.com, biboumi will try to read /etc/biboumi/policy.txt, use the values found to override the de- fault values, then it will try to read /etc/biboumi/irc.exam- ple.com.policy.txt and re-override the policy with the values found in this file. The policy.txt file applies to all the connections, and irc.exam- ple.policy.txt will only apply (in addition to policy.txt) when con- necting to that specific server. To see the list of possible options to configure, refer to Botans TLS documentation. In addition to these Botan options, biboumi implements a few custom options listed hereafter: - verify_certificate: if this value is set to false, biboumi will not check the certificate validity at all. The default value is true. By default, biboumi provides a few policy files, to work around some issues found with a few well-known IRC servers. Security The connection to the XMPP server can only be made on localhost. The XMPPserver is not supposed to accept non-local connections from compo- nents. Thus, encryption is not used to connect to the local XMPPserver because it is useless. If compiled with the Botan library, biboumi can use TLS when communi- cating with the IRC servers. It will first try ports 6697 and 6670 and use TLS if it succeeds, if connection fails on both these ports, the connection is established on port 6667 without any encryption. Biboumi does not check if the received JIDs are properly formatted us- ing nodeprep. This must be done by the XMPP server to which biboumi is directly connected. Biboumi does not provide a way to ban users from connecting to it, has no protection against flood or any sort of abuse that your users may cause on the IRC servers. Some XMPP server however offer the possibil- ity to restrict what JID can access a gateway. Use that feature if you wish to grant access to your biboumi instance only to a list of trusted users. AUTHOR Florent Le Coz COPYRIGHT 2018, Florent Le Coz 8.4 May 18, 2025 BIBOUMI(1)
NAME | SYNOPSIS | ADMINISTRATOR DOCUMENTATION | AUTHOR | COPYRIGHT
Want to link to this manual page? Use this URL:
<https://man.freebsd.org/cgi/man.cgi?query=biboumi&sektion=1&manpath=FreeBSD+Ports+14.3.quarterly>