A modern, geo-distributed IRC network infrastructure built for irc.perl.org with anycast routing and automatic regional scaling.
The Magnet IRC Network provides reliable, secure, and performant IRC services across multiple geographic regions. Built using Solanum IRCd and Atheme services, it leverages Fly.io's global anycast infrastructure for optimal client routing and go-mmproxy for client IP preservation.
- Anycast Routing: Clients automatically connect to the nearest regional server
- Client IP Preservation: go-mmproxy unwraps PROXY protocol headers to maintain real client IPs for bans, geolocation, and logging
- Dynamic Scaling: Add new regions with a single command - no code changes needed
- Hub-and-Spoke Topology: Central hub with auto-connecting leaf servers
- Modern Infrastructure: Container-based deployment with health checks and monitoring
Backbone (private network)
┌────────────────────────────────────────────┐
│ │
│ ┌─────────────┐ ┌───────────────┐ │
│ │ Hub │◄──────│ Services │ │
│ │ (coordinator│ │ (Atheme) │ │
│ │ server) │ │ │ │
│ │ │ │ │ │
│ └──────┬──────┘ └───────────────┘ │
│ │ │
└─────────┼─────────────────────────────────┘
│
private links
│
┌───┴───────────────────┐
▼ ▼
┌──────────────────────────────────────────────────────┐
│ Leaf Servers (public, anycast) │
│ │
│ ┌──────────┐ ┌──────────┐ │
│ │ leaf-ord │ │ leaf-ams │ ... │
│ │ Chicago │ │Amsterdam │ │
│ └────▲─────┘ └────▲─────┘ │
└─────────────┼───────────────────────────┼────────────┘
│ │
─────┴─────────anycast───────────┴─────
│
Clients
-
Hub Server - Central coordinator
- Routes messages between all connected servers
- Accepts connections from leaf servers and services
- Single point of network coordination
-
Leaf Servers (magnet-irc) - Regional client-facing servers
- Deployed via Fly.io anycast to multiple regions
- Dynamic identity derived from
FLY_REGION(e.g., ord → magnet-ord) - Auto-connect to hub via
autoconnflag - go-mmproxy preserves real client IPs through PROXY protocol
-
Services (magnet-atheme) - IRC Services
- NickServ, ChanServ, OperServ, MemoServ
- Persistent data via opensex flat file backend
- Connects directly to hub
Client → Fly.io Anycast → Nearest Leaf → go-mmproxy → Solanum
│
(preserves real IP)
- Client connects to
irc.perl.org:6667or:6697(SSL) - Fly.io routes to nearest regional leaf server
- Fly.io edge adds PROXY protocol headers with real client IP
- go-mmproxy unwraps headers and spoofs the client IP
- Solanum receives connection with original client IP intact
IMPORTANT: All deployments must be run from the project root directory.
To add a new region (e.g., Frankfurt):
# Scale to include the new region
flyctl scale count 3 --region ord,ams,fra -a magnet-irc
# Add connect block to hub config (servers/magnet-hub/server.conf)
# Then redeploy hub
flyctl deploy -a magnet-hub --config servers/magnet-hub/fly.tomlThe leaf server will automatically:
- Derive its name from the region (fra → magnet-fra)
- Generate a valid SID (0FR)
- Connect to the hub via autoconn
| Region | Location | Code |
|---|---|---|
| ord | Chicago, US | 0OR |
| ams | Amsterdam, EU | 0AM |
These connect blocks exist on the hub - just scale to activate:
- sin (Singapore)
- syd (Sydney)
- gru (São Paulo)
- dfw (Dallas)
- iad (Virginia)
- lhr (London)
- fra (Frankfurt)
Leaf Servers (magnet-irc):
FLY_REGION- Automatically set by Fly.io, used to derive identityHUB_PASSWORD- Password sent to hubLEAF_PASSWORD- Password accepted from hubIRC_DOMAIN- Domain suffix (default:internal)
Hub Server:
SERVER_NAME- Explicit server nameSERVER_SID- Three-character server IDLEAF_PASSWORD/HUB_PASSWORD- Shared secrets for leaf authSERVICES_PASSWORD- Authentication for Atheme
servers/
├── magnet-hub/
│ ├── fly.toml # Hub Fly.io config
│ └── server.conf # Hub-specific IRC config
├── magnet-irc/
│ ├── fly.toml # Leaf Fly.io config
│ └── server.conf # Leaf template (uses env vars)
└── magnet-atheme/
└── fly.toml # Services Fly.io config
solanum/
├── common.conf.template # Shared IRC settings
├── opers.conf.template # Operator definitions
├── start.sh # Startup script with env substitution
└── Dockerfile # Solanum + go-mmproxy build
atheme/
├── atheme.conf.template # Services configuration
├── entrypoint.sh # Startup script
└── Dockerfile # Atheme build
- Fly.io Internal Network: Server-to-server communication uses
.internalDNS over Fly.io's encrypted private network - No Public S2S Ports: Port 7000 (S2S) only accessible within Fly.io network
- Client SSL/TLS: Port 6697 for encrypted client connections
All sensitive values stored as Fly.io secrets:
flyctl secrets set HUB_PASSWORD=xxx LEAF_PASSWORD=xxx -a magnet-irc
flyctl secrets set SERVICES_PASSWORD=xxx -a magnet-athemego-mmproxy ensures real client IPs are visible to Solanum for:
- K-lines and bans
- Connection logging
- Geolocation
- Abuse prevention
# Check leaf server status
flyctl status -a magnet-irc
# View logs
flyctl logs -a magnet-irc
# SSH into a specific region
flyctl ssh console -a magnet-irc -r ord
# Check network links (from any server)
flyctl ssh console -a magnet-irc -C "sh -c 'printf \"LINKS\r\n\" | nc -w 2 127.0.0.1 16667'"
# Scale regions
flyctl scale count 4 --region ord,ams,fra,sin -a magnet-ircAll components include health checks:
- TCP checks on IRC ports (6667, 6697)
- S2S port availability (7000)
- Process monitoring in start.sh
-
Check host matching - hub connect blocks must use wildcard:
host = "*.vm.magnet-irc.internal";(Fly.io VMs have machine-ID-based reverse DNS, not region names)
-
Verify secrets match between hub and leaf
-
Check DNS resolution:
flyctl ssh console -a magnet-irc -C "nslookup magnet-hub.internal"
go-mmproxy isn't running or routing rules aren't set. Check:
flyctl ssh console -a magnet-irc -C "ps -ef | grep mmproxy"
flyctl ssh console -a magnet-irc -C "ip rule list"MIT License - see LICENSE for details.