toxygen/docs/ToxygenWeechat.md

171 lines
4.8 KiB
Markdown
Raw Normal View History

2024-02-08 07:39:15 +00:00
## Toxygen Weechat
You can have a [weechat](https://github.com/weechat/qweechat)
console so that you can have IRC and jabber in a window as well as Tox.
There's a copy of qweechat in ```thirdparty/qweechat``` backported to
PyQt5 and integrated into toxygen. Follow the normal instructions for
adding a ```relay``` to [weechat](https://github.com/weechat/weechat)
```
2024-02-09 09:38:24 +00:00
/relay add ipv4.ssl.weechat 9000
2024-02-08 07:39:15 +00:00
/relay start ipv4.ssl.weechat
```
or
```
/set relay.network.ipv6 off
/set relay.network.password password
/relay add weechat 9000
/relay start weechat
```
and use the Plugins/Weechat Console to start weechat under Toxygen.
Then use the File/Connect menu item of the Console to connect to weechat.
Weechat has a Jabber plugin to enable XMPP:
```
/python load jabber.el
/help jabber
```
so you can have Tox, IRC and XMPP in the same application!
### Creating servers for IRC over Tor
Create a proxy called tor
```
/proxy add tor socks5 127.0.0.1 9050
```
It should now show up in the list of proxies.
```
/proxy list
```
```
2024-02-09 09:38:24 +00:00
/nick NickName
2024-02-08 07:39:15 +00:00
```
## TLS certificates
[Create a Self-signed Certificate](https://www.oftc.net/NickServ/CertFP/)
2024-02-09 09:38:24 +00:00
Choose a NickName you will identify as.
2024-02-08 07:39:15 +00:00
Create a directory for your certificates ~/.config/weechat/ssl/
and make a subdirectory for each server ~/.config/weechat/ssl/irc.oftc.net/
Change to the server directory and use openssl to make a keypair and answer the questions:
```
2024-02-09 09:38:24 +00:00
openssl req -nodes -newkey rsa:2048 -keyout NickName.key -x509 -days 3650 -out NickName.cer
chmod 400 NickName.key
2024-02-08 07:39:15 +00:00
```
2024-02-09 09:38:24 +00:00
We now combine certificate and key to a single file NickName.pem
2024-02-08 07:39:15 +00:00
```
2024-02-09 09:38:24 +00:00
cat NickName.cer NickName.key > NickName.pem
chmod 400 NickName.pem
2024-02-08 07:39:15 +00:00
```
Do this for each server you want to connect to, or just use one for all of them.
### Libera TokTok channel
The main discussion forum for Tox is the #TokTok channel on libera.
2024-02-09 09:38:24 +00:00
https://mox.sh/sysadmin/secure-irc-connection-to-freenode-with-tor-and-weechat/
We have to create an account without Tor, this is a requirement to use TOR:
Connect to irc.libera.chat without Tor and register
```
/msg NickServ identify NickName password
/msg NickServ REGISTER mypassword mycoolemail@example.com
/msg NickServ SET PRIVATE ON
```
Confirm registration after getting the mail with the code:
```
/msg NickServ VERIFY REGISTER NickName code1235678
```
Libera has an onion server so we can map an address in tor. Add this
2024-02-08 07:39:15 +00:00
to your /etc/tor/torrc
```
MapAddress palladium.libera.chat libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion
```
2024-02-09 09:38:24 +00:00
Or without the MapAddress just use
libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion
as the server address below, but set tls_verify to off.
2024-02-08 07:39:15 +00:00
Define the server in weechat
https://www.weechat.org/files/doc/stable/weechat_user.en.html#irc_sasl_authentication
```
/server remove libera
/server add libera palladium.libera.chat/6697 -tls -tls_verify
/set irc.server.libera.ipv6 off
/set irc.server.libera.proxy tor
2024-02-09 09:38:24 +00:00
/set irc.server.libera.username NickName
/set irc.server.libera.password password
/set irc.server.libera.nicks NickName
2024-02-08 07:39:15 +00:00
/set irc.server.libera.tls on
2024-02-09 09:38:24 +00:00
/set irc.server.libera.tls_cert "${weechat_config_dir}/ssl/libera.chat/NickName.pem"
2024-02-08 07:39:15 +00:00
```
```
/set irc.server.libera.sasl_mechanism ecdsa-nist256p-challenge
2024-02-09 09:38:24 +00:00
/set irc.server.libera.sasl_username "NickName"
/set irc.server.libera.sasl_key "${weechat_config_dir}/ssl/libera.chat/NickName.pem"
2024-02-08 07:39:15 +00:00
```
Disconnect and connect back to the server.
```
/disconnect libera
/connect libera
```
2024-02-09 09:38:24 +00:00
/msg nickserv identify password NickName
2024-02-08 07:39:15 +00:00
### oftc.net
To use oftc.net over tor, you need to authenticate by SSL certificates.
Define the server in weechat
```
/server remove irc.oftc.net
/server add OFTC irc.oftc.net/6697 -tls -tls_verify
/set irc.server.OFTC.ipv6 off
/set irc.server.OFTC.proxy tor
2024-02-09 09:38:24 +00:00
/set irc.server.OFTC.username NickName
/set irc.server.OFTC.nicks NickName
2024-02-08 07:39:15 +00:00
/set irc.server.OFTC.tls on
2024-02-09 09:38:24 +00:00
/set irc.server.OFTC.tls_cert "${weechat_config_dir}/ssl/irc.oftc.chat/NickName.pem"
2024-02-08 07:39:15 +00:00
# Disconnect and connect back to the server.
/disconnect OFTC
/connect OFTC
```
You must be identified in order to validate using certs
```
2024-02-09 09:38:24 +00:00
/msg nickserv identify password NickName
2024-02-08 07:39:15 +00:00
```
To allow NickServ to identify you based on this certificate you need
to associate the certificate fingerprint with your nick. To do this
issue the command cert add to Nickserv (try /msg nickserv helpcert).
```
/msg nickserv cert add
```
### Privacy
[Add somes settings bellow to weechat](https://szorfein.github.io/weechat/tor/configure-weechat/).
Detail from [faq](https://weechat.org/files/doc/weechat_faq.en.html#security).
```
/set irc.server_default.msg_part ""
/set irc.server_default.msg_quit ""
/set irc.ctcp.clientinfo ""
/set irc.ctcp.finger ""
/set irc.ctcp.source ""
/set irc.ctcp.time ""
/set irc.ctcp.userinfo ""
/set irc.ctcp.version ""
/set irc.ctcp.ping ""
/plugin unload xfer
/set weechat.plugin.autoload "*,!xfer"
```