IRC Operators

Operators Block

operators: [
  # {"nickname", "argon2id_hash"}
  {"admin", "$argon2id$v=19$m=4096,t=2,p=4$0Ikum7IgbC2CkId/UJQE7A$n1YVbtPj1nP4EfdL771tPCS1PmK+Q364g14ScJzBaSg"}
]

The operators list is a list of {name, password_hash} tuples.

Field	Description
`name`	The operator name used in the `OPER` command
`password_hash`	An Argon2id hash of the password

Generating Password Hashes

Start an Elixir shell with ElixIRCd

From source:
Terminal window
```
iex -S mix
```
Or via Docker:
Terminal window
```
docker exec -it <container_name> ./bin/elixircd remote
```

Generate the hash

Argon2.hash_pwd_salt("your_secure_password")

This outputs something like:

"$argon2id$v=19$m=4096,t=2,p=4$randomsalt$hashvalue"

Add to your config

operators: [
  {"admin", "$argon2id$v=19$m=4096,t=2,p=4$randomsalt$hashvalue"}
]

Using OPER

Once configured, connect to the server and authenticate:

/oper admin your_secure_password

On success:

:server 381 yournick :You are now an IRC Operator

Multiple Operators

You can configure multiple operator credentials:

operators: [
  {"admin", "$argon2id$...hash1..."},
  {"netstaff", "$argon2id$...hash2..."},
  {"backup_admin", "$argon2id$...hash3..."}
]

All operator names are checked; the first matching one is used.

De-Opering

To relinquish operator status:

/mode yournick -o

This removes +o and automatically removes any operator-only modes (+H, +s).

Security Best Practices

Use long, random passwords — at least 16 characters
Use OPER over TLS only — configure TLS listener and use port 6697
Limit who has oper access — only trusted administrators
Don’t share oper credentials — each admin should have their own
Consider +H mode — operators can use /mode nick +H to hide their IRC op status
Rotate passwords periodically — regenerate hashes when operators leave