Quassel Core on Fedora

Installing Quassel Core on Fedora 20 is a snap. For this tutorial Quassel Core is installed remotely on a DigitalOcean hosted Fedora server, without exposing the port publically until it is locked down. The configuration below will default to using the SQLite backend, but keep in mind there is also an option to use PostgreSQL. The core handles migration via the --select-backend so don't worry about being stuck with your choice here.

On the remote server install the quassel-core package.

yum install quassel-core

Doing this directly instead of choosing quassel-common, etc. will prevent pulling in unnecessary dependencies.

On the desktop, install quassel-client.

yum install quassel-client

Keep in mind that there is also a quassel package, which is the original monolithic client, so avoid installing that one.

At the time of this post it doesn't look like there was a systemd service file provided. So I placed the following at /etc/systemd/system/quassel.service, just edit to meet your own needs.

[Unit]
Description=Quassel Core
After=network.target

[Service]
User=quassel
Group=quassel
PIDFile=/var/run/quassel.pid
EnvironmentFile=/etc/default/quassel
ExecStart=/usr/bin/quasselcore --listen=${LISTEN} --configdir=/srv/quassel
#Use following line to force SSL
#ExecStart=/usr/bin/quasselcore --listen=${LISTEN} --require-ssl --configdir=/srv/quassel

[Install]
WantedBy=multi-user.target

Next is to create the enviroment file referenced above at /etc/default/quassel that contains the following single line.

LISTEN=127.0.0.1

On other distributions I have seen the variable QUASSEL_USER passed as well, but that seems redundant to what is already in the systemd service file.

Since the quassel user and configuriation directories aren't made for us, lets create them now and start quassel.

useradd -r quassel -U
mkdir /srv/quassel
chown -R quassel:quassel /srv/quassel
systemctl start quassel
systemctl enable quassel

Now you can just use SSH to connect without SSL with the following command, but I use it for the initial setup as I'd like to use the mobile apps.

ssh -L 4242:localhost:4242 your-quassel-server.com

Open up the quassel client and connect to localhost. When connecting for the first time you will be asked for the username and password you would like to use.

Now if you don't mind opening the SSH session for quassel every time you want to connect you can stop here. Otherwise lets get SSL running so we can enjoy apps like QuasselDroid.

If you want to self sign a certificate, the following will do the job just fine.

openssl req -x509 -nodes -days 365 -newkey rsa:4096 -keyout /srv/quassel/quasselCert.pem -out /srv/quassel/quasselCert.pem

On my own server I decided to go with a domain validated certificate from Comodo. If that sounds like something you want to do, check out my previous post on getting started.

Comodo's PositiveSSL includes two intermediate certificates that need to be chained together, as clients will generally only have the root CA. The only documentation that I've found for setup was from Felix Geyer's patch back in 2011.

The server needs to send the intermediate CA certs if the client only has the root CA in his trusted cert pool.

The .pem cert file needs to look like this: [key], [server cert], [intermediate CAs], [root CA]

Creating a chain using Comodo's PositiveSSL looks like the following.

cat your_quassel_server_com.key your_quassel_server_com.crt COMODORSADomainValidationSecureServerCA.crt COMODORSAAddTrustCA.crt > quasselCert.pem

After placing at /srv/quassel/quasselCert.pem, restart Quassel core and it will automatically start using the certificate. If you want to force clients to use SSL, just switch to the commented out line in the service file. A reload and restart will force connecting clients to use SSL

systemctl daemon-reload
systemctl restart quassel

Now all that is left is to change the line in/etc/default/quassel to LISTEN=0.0.0.0 and open the ports in FirewallD

firewall-cmd --add-port=4242/tcp
firewall-cmd --permanent --add-port=4242/tcp

Have fun chatting!

Waldo

A *nix enthusiast and accidental programmer interested in sharing whatever tidbits I learn, more or less for my own reference.

The Evergreen State