diff --git a/our.example.service b/our.example.service
index 56aaf8b..09b3327 100644
--- a/our.example.service
+++ b/our.example.service
@@ -6,9 +6,15 @@ After=our.service
 Type=simple
 WorkingDirectory=/home/kindrobot/wrk/our
 ExecStart=/home/kindrobot/wrk/our/our.rb
-Environment="OUR_NICK=your"
+Environment="OUR_NICK=our"
 Environment="OUR_CHANNELS=#bots"
-Environment="OUR_CMDS_DIR=/town/our"
+#Environment="OUR_PREFIX=our"
+#Environment="OUR_CMDS_DIR=/town/our"
+#Environment="OUR_SERVER=localhost"
+#Environment="OUR_USE_SSL=false"
+#Environment="OUR_IRC_PORT=6667"
+#Environment="OUR_SASL_USER=AzureDiamond"
+#Environment="OUR_SASL_PASS=hunter2"
 Restart=always
 RestartSec=5
 StartLimitInterval=60s
diff --git a/our.rb b/our.rb
index 0a8556d..c26a4df 100755
--- a/our.rb
+++ b/our.rb
@@ -1,25 +1,57 @@
 #!/usr/bin/env ruby
 require 'open3'
 require 'socket'
+require 'openssl'
 require 'timeout'
+require 'base64'
 
 # configurable environment variables
-nick      = ENV['OUR_NICK']      || 'our'
-channels  = ENV['OUR_CHANNELS']  || '#tildetown,#bots'
-prefix    = ENV['OUR_PREFIX']    || "#{nick}/"
-cmds_dir  = ENV['OUR_CMDS_DIR']  || '/town/our'
+nick      = ENV['OUR_NICK']              || 'our'
+channels  = ENV['OUR_CHANNELS']          || '#tildetown,#bots'
+prefix    = ENV['OUR_PREFIX']            || "#{nick}/"
+cmds_dir  = ENV['OUR_CMDS_DIR']          || '/town/our'
+server    = ENV['OUR_SERVER']            || 'localhost'
+use_ssl   = ENV['OUR_USE_SSL'] == "true" || false
+port      = ENV['OUR_IRC_PORT']          || 6667
+sasl_user = ENV['OUR_SASL_USER']         || nil
+sasl_pass = ENV['OUR_SASL_PASS']         || nil
 
 module IRC
 
 class User
   attr_accessor :s
 
-  def initialize addr, port, nick
+  def initialize(addr:, port:, nick:, use_ssl: false, sasl_user: nil, sasl_pass: nil)
     @hooks = []
 
-    @s = TCPSocket.open addr, port.to_s
-    s.puts "USER #{nick} fakehost whatevenisaservername :beep boop"
-    s.puts "NICK #{nick}"
+    sock = TCPSocket.open addr, port.to_s
+    if use_ssl
+      puts "connecting with SSL"
+      ctx = OpenSSL::SSL::SSLContext.new
+      ctx.set_params(verify_mode: OpenSSL::SSL::VERIFY_PEER)
+      @s = OpenSSL::SSL::SSLSocket.new(sock, ctx).tap do |socket|
+        socket.sync_close = true
+        socket.connect
+      end
+    else
+      puts "connecting without SSL"
+      @s = sock
+    end
+
+    if sasl_user && sasl_pass
+      puts "connecting with SASL"
+      s.puts "CAP REQ :sasl"
+      s.puts "USER #{nick} m455.casa 1 :beep boop"
+      s.puts "NICK #{nick}"
+      s.puts "AUTHENTICATE PLAIN"
+      plain_auth = Base64.encode64("#{sasl_user}\0#{sasl_user}\0#{sasl_pass}")
+      s.puts "AUTHENTICATE #{plain_auth}"
+      s.puts "CAP END"
+    else
+      puts "connecting without SASL"
+      s.puts "USER #{nick} m455.casa 1 :beep boop"
+      s.puts "NICK #{nick}"
+    end
 
     hook do |m|
       next unless m.cmd == 'PING'
@@ -46,6 +78,7 @@ class User
   def loop
     while line = s.gets
       msg = Message.new line
+      puts "S: #{msg.raw}"
       @hooks.each{|h| h.call(msg)}
     end
   end
@@ -77,7 +110,7 @@ end
 
 
 puts "starting"
-i = IRC::User.new 'localhost', 6667, nick
+i = IRC::User.new(addr: server, port: port, nick: nick, use_ssl: use_ssl, sasl_user: sasl_user, sasl_pass: sasl_pass)
 channels.split(',').each { |channel| i.join channel }
 i.hook do |msg|
   next unless msg.cmd == 'PRIVMSG'