Replicant-bridge » History » Version 2
Denis 'GNUtoo' Carikli, 06/02/2021 10:47 PM
Add TOC
1 | 1 | Denis 'GNUtoo' Carikli | h1. Replicant-bridge |
---|---|---|---|
2 | |||
3 | 2 | Denis 'GNUtoo' Carikli | {{toc}} |
4 | |||
5 | 1 | Denis 'GNUtoo' Carikli | h1. Warnings |
6 | |||
7 | This tutorial is a work in progress |
||
8 | |||
9 | h1. Introduction |
||
10 | |||
11 | We run a bridge between the #replicant channel on OFTC and the #replicant |
||
12 | channel on liberachat. This is because we originally started on Freenode, |
||
13 | but we found out that it was not possible to create accounts with Tor in |
||
14 | Freenode so we also opened a #replicant channel on the OFTC network to |
||
15 | also enable users that want to protect their identity to be able to join |
||
16 | the replicant channel. |
||
17 | |||
18 | h1. Requirements |
||
19 | |||
20 | To deploy the Replicant IRC bridge, you need: |
||
21 | - To have the OFTC network and libreachat networks configured in an IRC |
||
22 | client in a way that enforces encryption and checks for certificates validity. |
||
23 | More precisely: |
||
24 | - TLS should be used for both OFTC and Libera.Chat |
||
25 | - SASL should be used for Libera.Chat. |
||
26 | This is to avoid sending passwords in clear. |
||
27 | - Access to the Replicant contact address to change the passwords |
||
28 | - A virtual or physical computer that can stay always on |
||
29 | - The ability to run FSDG compliant distributions in that computer |
||
30 | - The ability ro run matterbridge (the bridge software) on the distribution you use |
||
31 | |||
32 | If you intend to deploy a similar configuration for other purposes some of the |
||
33 | requirements above could be removed. |
||
34 | |||
35 | h1. Deployement |
||
36 | |||
37 | We want to avoid passing around password in insecure ways. So the way to |
||
38 | re-deploy this bridge is to first change the passwords, then add the new passwords |
||
39 | in the configuration file and run matterbridge. |
||
40 | |||
41 | h2. Changing passwords |
||
42 | |||
43 | You will first need to shut down the actual bridge if it's already running as |
||
44 | this tutorial doesn't take in account cases where you lost control of a running |
||
45 | bridge for some reasons. If that happens you might need to kick the old bridge |
||
46 | from IRC first or prevent it from login in with the Replicant-bridge username |
||
47 | after having changed the password. |
||
48 | |||
49 | Once done, you can either start with Libera.chat or OFTC, but you'll need to do |
||
50 | both. |
||
51 | |||
52 | h3. Change the liberachat password |
||
53 | |||
54 | To change the password you first need to connect to liberachat securely. |
||
55 | |||
56 | Once done, you can request a password change with the following command: |
||
57 | <pre> |
||
58 | /msg NickServ SENDPASS Replicant-bridge |
||
59 | </pre> |
||
60 | |||
61 | The instructions to change the password will then arrive at the Replicant |
||
62 | contact address. |
||
63 | |||
64 | Once the password has been changed you will need to update it in the |
||
65 | matterbridge.toml configuration file. |
||
66 | |||
67 | Once this is done, make sure that your IRC client is not connected (anymore) |
||
68 | as Replicant-bridge. |
||
69 | |||
70 | h3. Change the OFTC password |
||
71 | |||
72 | To change the password, you first need to connect to the OFTC network securely. |
||
73 | |||
74 | TODO: Document how to change the OFTC password. |
||
75 | |||
76 | h2. Deploying matterbridge |
||
77 | |||
78 | Here's (below) the matterbridge.toml file we use: |
||
79 | <pre> |
||
80 | [irc] |
||
81 | |||
82 | [irc.liberachat] |
||
83 | Nick="Replicant-bridge" |
||
84 | NickServNick="Replicant-bridge" |
||
85 | NickServPassword="PASSWORD" |
||
86 | Server="irc.libera.chat:6697" |
||
87 | UseTLS=true |
||
88 | UseSASL=true |
||
89 | SkipTLSVerify=false |
||
90 | RemoteNickFormat="<{NICK}@OFTC> " |
||
91 | |||
92 | [irc.OFTC] |
||
93 | Nick="Replicant-bridge" |
||
94 | NickServNick="Replicant-bridge" |
||
95 | Server="irc.oftc.net:6697" |
||
96 | UseTLS=true |
||
97 | SkipTLSVerify=false |
||
98 | RunCommands=["PRIVMSG nickserv :IDENTIFY PASSWORD Replicant-bridge"] |
||
99 | RemoteNickFormat="<{NICK}@Libera.Chat> " |
||
100 | |||
101 | [[gateway]] |
||
102 | name="mygateway" |
||
103 | enable=true |
||
104 | [[gateway.inout]] |
||
105 | account="irc.liberachat" |
||
106 | channel="#replicant" |
||
107 | |||
108 | [[gateway.inout]] |
||
109 | account="irc.OFTC" |
||
110 | channel="#replicant" |
||
111 | </pre> |
||
112 | |||
113 | The passwords have been replaced with PASSWORD. |