Replicant-bridge » History » Version 2
Denis 'GNUtoo' Carikli, 06/02/2021 10:47 PM
Add TOC
| 1 | 1 | Denis 'GNUtoo' Carikli | h1. Replicant-bridge |
|---|---|---|---|
| 2 | |||
| 3 | 2 | Denis 'GNUtoo' Carikli | {{toc}} |
| 4 | |||
| 5 | 1 | Denis 'GNUtoo' Carikli | h1. Warnings |
| 6 | |||
| 7 | This tutorial is a work in progress |
||
| 8 | |||
| 9 | h1. Introduction |
||
| 10 | |||
| 11 | We run a bridge between the #replicant channel on OFTC and the #replicant |
||
| 12 | channel on liberachat. This is because we originally started on Freenode, |
||
| 13 | but we found out that it was not possible to create accounts with Tor in |
||
| 14 | Freenode so we also opened a #replicant channel on the OFTC network to |
||
| 15 | also enable users that want to protect their identity to be able to join |
||
| 16 | the replicant channel. |
||
| 17 | |||
| 18 | h1. Requirements |
||
| 19 | |||
| 20 | To deploy the Replicant IRC bridge, you need: |
||
| 21 | - To have the OFTC network and libreachat networks configured in an IRC |
||
| 22 | client in a way that enforces encryption and checks for certificates validity. |
||
| 23 | More precisely: |
||
| 24 | - TLS should be used for both OFTC and Libera.Chat |
||
| 25 | - SASL should be used for Libera.Chat. |
||
| 26 | This is to avoid sending passwords in clear. |
||
| 27 | - Access to the Replicant contact address to change the passwords |
||
| 28 | - A virtual or physical computer that can stay always on |
||
| 29 | - The ability to run FSDG compliant distributions in that computer |
||
| 30 | - The ability ro run matterbridge (the bridge software) on the distribution you use |
||
| 31 | |||
| 32 | If you intend to deploy a similar configuration for other purposes some of the |
||
| 33 | requirements above could be removed. |
||
| 34 | |||
| 35 | h1. Deployement |
||
| 36 | |||
| 37 | We want to avoid passing around password in insecure ways. So the way to |
||
| 38 | re-deploy this bridge is to first change the passwords, then add the new passwords |
||
| 39 | in the configuration file and run matterbridge. |
||
| 40 | |||
| 41 | h2. Changing passwords |
||
| 42 | |||
| 43 | You will first need to shut down the actual bridge if it's already running as |
||
| 44 | this tutorial doesn't take in account cases where you lost control of a running |
||
| 45 | bridge for some reasons. If that happens you might need to kick the old bridge |
||
| 46 | from IRC first or prevent it from login in with the Replicant-bridge username |
||
| 47 | after having changed the password. |
||
| 48 | |||
| 49 | Once done, you can either start with Libera.chat or OFTC, but you'll need to do |
||
| 50 | both. |
||
| 51 | |||
| 52 | h3. Change the liberachat password |
||
| 53 | |||
| 54 | To change the password you first need to connect to liberachat securely. |
||
| 55 | |||
| 56 | Once done, you can request a password change with the following command: |
||
| 57 | <pre> |
||
| 58 | /msg NickServ SENDPASS Replicant-bridge |
||
| 59 | </pre> |
||
| 60 | |||
| 61 | The instructions to change the password will then arrive at the Replicant |
||
| 62 | contact address. |
||
| 63 | |||
| 64 | Once the password has been changed you will need to update it in the |
||
| 65 | matterbridge.toml configuration file. |
||
| 66 | |||
| 67 | Once this is done, make sure that your IRC client is not connected (anymore) |
||
| 68 | as Replicant-bridge. |
||
| 69 | |||
| 70 | h3. Change the OFTC password |
||
| 71 | |||
| 72 | To change the password, you first need to connect to the OFTC network securely. |
||
| 73 | |||
| 74 | TODO: Document how to change the OFTC password. |
||
| 75 | |||
| 76 | h2. Deploying matterbridge |
||
| 77 | |||
| 78 | Here's (below) the matterbridge.toml file we use: |
||
| 79 | <pre> |
||
| 80 | [irc] |
||
| 81 | |||
| 82 | [irc.liberachat] |
||
| 83 | Nick="Replicant-bridge" |
||
| 84 | NickServNick="Replicant-bridge" |
||
| 85 | NickServPassword="PASSWORD" |
||
| 86 | Server="irc.libera.chat:6697" |
||
| 87 | UseTLS=true |
||
| 88 | UseSASL=true |
||
| 89 | SkipTLSVerify=false |
||
| 90 | RemoteNickFormat="<{NICK}@OFTC> " |
||
| 91 | |||
| 92 | [irc.OFTC] |
||
| 93 | Nick="Replicant-bridge" |
||
| 94 | NickServNick="Replicant-bridge" |
||
| 95 | Server="irc.oftc.net:6697" |
||
| 96 | UseTLS=true |
||
| 97 | SkipTLSVerify=false |
||
| 98 | RunCommands=["PRIVMSG nickserv :IDENTIFY PASSWORD Replicant-bridge"] |
||
| 99 | RemoteNickFormat="<{NICK}@Libera.Chat> " |
||
| 100 | |||
| 101 | [[gateway]] |
||
| 102 | name="mygateway" |
||
| 103 | enable=true |
||
| 104 | [[gateway.inout]] |
||
| 105 | account="irc.liberachat" |
||
| 106 | channel="#replicant" |
||
| 107 | |||
| 108 | [[gateway.inout]] |
||
| 109 | account="irc.OFTC" |
||
| 110 | channel="#replicant" |
||
| 111 | </pre> |
||
| 112 | |||
| 113 | The passwords have been replaced with PASSWORD. |