Replicant » Replicant infrastructure

h1. Replicant-bridge

{{toc}}

h1. Warnings

This tutorial is a work in progress

h1. Introduction

We run a bridge between the #replicant channel on OFTC and the #replicant

channel on liberachat. This is because we originally started on Freenode,

but we found out that it was not possible to create accounts with Tor in

Freenode so we also opened a #replicant channel on the OFTC network to

also enable users that want to protect their identity to be able to join

the replicant channel.

h1. Requirements

To deploy the Replicant IRC bridge, you need:

* To have the OFTC network and libreachat networks configured in an IRC client in a way that enforces encryption and checks for certificates validity. More precisely:

** TLS should be used for both OFTC and Libera.Chat

** SASL should be used for Libera.Chat. This is to avoid sending passwords in clear.

* Access to the Replicant contact address to change the passwords

* A virtual or physical computer that can stay always on

* The ability to run FSDG compliant distributions in that computer

* The ability ro run matterbridge (the bridge software) on the distribution you use

If you intend to deploy a similar configuration for other purposes some of the

requirements above could be removed.

h1. Deployement

We want to avoid passing around password in insecure ways. So the way to

re-deploy this bridge is to first change the passwords, then add the new passwords

in the configuration file and run matterbridge.

h2. Changing passwords

You will first need to shut down the actual bridge if it's already running as

this tutorial doesn't take in account cases where you lost control of a running

bridge for some reasons. If that happens you might need to kick the old bridge

from IRC first or prevent it from login in with the Replicant-bridge username

after having changed the password.

Once done, you can either start with Libera.chat or OFTC, but you'll need to do

both.

h3. Change the liberachat password

To change the password you first need to connect to liberachat securely.

Once done, you can request a password change with the following command:

<pre>

/msg NickServ SENDPASS Replicant-bridge

</pre>

The instructions to change the password will then arrive at the Replicant

contact address.

Once the password has been changed you will need to update it in the

matterbridge.toml configuration file.

Once this is done, make sure that your IRC client is not connected (anymore)

as Replicant-bridge.

h3. Change the OFTC password

To change the password, you first need to connect to the OFTC network securely.

TODO: Document how to change the OFTC password.

h2. Deploying matterbridge

Here's (below) the matterbridge.toml file we use:

<pre>

[irc]

    [irc.liberachat]

    Nick="Replicant-bridge"

    NickServNick="Replicant-bridge"

    NickServPassword="PASSWORD"

    Server="irc.libera.chat:6697"

    UseTLS=true

    UseSASL=true

    SkipTLSVerify=false

    RemoteNickFormat="<{NICK}@OFTC> "

    [irc.OFTC]

    Nick="Replicant-bridge"

    NickServNick="Replicant-bridge"

    Server="irc.oftc.net:6697"

    UseTLS=true

    SkipTLSVerify=false

    RunCommands=["PRIVMSG nickserv :IDENTIFY PASSWORD Replicant-bridge"] 

    RemoteNickFormat="<{NICK}@Libera.Chat> "

[[gateway]]

name="mygateway"

enable=true

    [[gateway.inout]]

    account="irc.liberachat"

    channel="#replicant"

    [[gateway.inout]]

    account="irc.OFTC"

    channel="#replicant"

</pre>

The passwords have been replaced with PASSWORD.