|
|
|
@ -6,7 +6,7 @@ There's a copy of qweechat in ```thirdparty/qweechat``` backported to
|
|
|
|
|
PyQt5 and integrated into toxygen. Follow the normal instructions for
|
|
|
|
|
adding a ```relay``` to [weechat](https://github.com/weechat/weechat)
|
|
|
|
|
```
|
|
|
|
|
/relay add ipv4.ssl.weechat 9001
|
|
|
|
|
/relay add ipv4.ssl.weechat 9000
|
|
|
|
|
/relay start ipv4.ssl.weechat
|
|
|
|
|
```
|
|
|
|
|
or
|
|
|
|
@ -39,27 +39,27 @@ It should now show up in the list of proxies.
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
/nick SyniTox
|
|
|
|
|
/nick NickName
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
## TLS certificates
|
|
|
|
|
|
|
|
|
|
[Create a Self-signed Certificate](https://www.oftc.net/NickServ/CertFP/)
|
|
|
|
|
|
|
|
|
|
Choose a SyniTox you will identify as.
|
|
|
|
|
Choose a NickName you will identify as.
|
|
|
|
|
|
|
|
|
|
Create a directory for your certificates ~/.config/weechat/ssl/
|
|
|
|
|
and make a subdirectory for each server ~/.config/weechat/ssl/irc.oftc.net/
|
|
|
|
|
|
|
|
|
|
Change to the server directory and use openssl to make a keypair and answer the questions:
|
|
|
|
|
```
|
|
|
|
|
openssl req -nodes -newkey rsa:2048 -keyout SyniTox.key -x509 -days 3650 -out SyniTox.cer
|
|
|
|
|
chmod 400 SyniTox.key
|
|
|
|
|
openssl req -nodes -newkey rsa:2048 -keyout NickName.key -x509 -days 3650 -out NickName.cer
|
|
|
|
|
chmod 400 NickName.key
|
|
|
|
|
```
|
|
|
|
|
We now combine certificate and key to a single file SyniTox.pem
|
|
|
|
|
We now combine certificate and key to a single file NickName.pem
|
|
|
|
|
```
|
|
|
|
|
cat SyniTox.cer SyniTox.key > SyniTox.pem
|
|
|
|
|
chmod 400 SyniTox.pem
|
|
|
|
|
cat NickName.cer NickName.key > NickName.pem
|
|
|
|
|
chmod 400 NickName.pem
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Do this for each server you want to connect to, or just use one for all of them.
|
|
|
|
@ -68,11 +68,27 @@ Do this for each server you want to connect to, or just use one for all of them.
|
|
|
|
|
|
|
|
|
|
The main discussion forum for Tox is the #TokTok channel on libera.
|
|
|
|
|
|
|
|
|
|
libera has an onion server so we can map an address in tor. Add this
|
|
|
|
|
https://mox.sh/sysadmin/secure-irc-connection-to-freenode-with-tor-and-weechat/
|
|
|
|
|
We have to create an account without Tor, this is a requirement to use TOR:
|
|
|
|
|
Connect to irc.libera.chat without Tor and register
|
|
|
|
|
```
|
|
|
|
|
/msg NickServ identify NickName password
|
|
|
|
|
/msg NickServ REGISTER mypassword mycoolemail@example.com
|
|
|
|
|
/msg NickServ SET PRIVATE ON
|
|
|
|
|
```
|
|
|
|
|
Confirm registration after getting the mail with the code:
|
|
|
|
|
```
|
|
|
|
|
/msg NickServ VERIFY REGISTER NickName code1235678
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Libera has an onion server so we can map an address in tor. Add this
|
|
|
|
|
to your /etc/tor/torrc
|
|
|
|
|
```
|
|
|
|
|
MapAddress palladium.libera.chat libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion
|
|
|
|
|
```
|
|
|
|
|
Or without the MapAddress just use
|
|
|
|
|
libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion
|
|
|
|
|
as the server address below, but set tls_verify to off.
|
|
|
|
|
|
|
|
|
|
Define the server in weechat
|
|
|
|
|
https://www.weechat.org/files/doc/stable/weechat_user.en.html#irc_sasl_authentication
|
|
|
|
@ -81,16 +97,17 @@ https://www.weechat.org/files/doc/stable/weechat_user.en.html#irc_sasl_authentic
|
|
|
|
|
/server add libera palladium.libera.chat/6697 -tls -tls_verify
|
|
|
|
|
/set irc.server.libera.ipv6 off
|
|
|
|
|
/set irc.server.libera.proxy tor
|
|
|
|
|
/set irc.server.libera.username SyniTox
|
|
|
|
|
/set irc.server.libera.nicks SyniTox
|
|
|
|
|
/set irc.server.libera.username NickName
|
|
|
|
|
/set irc.server.libera.password password
|
|
|
|
|
/set irc.server.libera.nicks NickName
|
|
|
|
|
/set irc.server.libera.tls on
|
|
|
|
|
/set irc.server.libera.tls_cert "${weechat_config_dir}/ssl/libera.chat/SyniTox.pem"
|
|
|
|
|
/set irc.server.libera.tls_cert "${weechat_config_dir}/ssl/libera.chat/NickName.pem"
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
```
|
|
|
|
|
/set irc.server.libera.sasl_mechanism ecdsa-nist256p-challenge
|
|
|
|
|
/set irc.server.libera.sasl_username "SyniTox"
|
|
|
|
|
/set irc.server.libera.sasl_key "${weechat_config_dir}/ssl/libera.chat/SyniTox.pem"
|
|
|
|
|
/set irc.server.libera.sasl_username "NickName"
|
|
|
|
|
/set irc.server.libera.sasl_key "${weechat_config_dir}/ssl/libera.chat/NickName.pem"
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
Disconnect and connect back to the server.
|
|
|
|
@ -99,7 +116,7 @@ Disconnect and connect back to the server.
|
|
|
|
|
/connect libera
|
|
|
|
|
```
|
|
|
|
|
|
|
|
|
|
/msg nickserv identify password SyniTox
|
|
|
|
|
/msg nickserv identify password NickName
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
### oftc.net
|
|
|
|
@ -113,10 +130,10 @@ Define the server in weechat
|
|
|
|
|
/server add OFTC irc.oftc.net/6697 -tls -tls_verify
|
|
|
|
|
/set irc.server.OFTC.ipv6 off
|
|
|
|
|
/set irc.server.OFTC.proxy tor
|
|
|
|
|
/set irc.server.OFTC.username SyniTox
|
|
|
|
|
/set irc.server.OFTC.nicks SyniTox
|
|
|
|
|
/set irc.server.OFTC.username NickName
|
|
|
|
|
/set irc.server.OFTC.nicks NickName
|
|
|
|
|
/set irc.server.OFTC.tls on
|
|
|
|
|
/set irc.server.OFTC.tls_cert "${weechat_config_dir}/ssl/irc.oftc.chat/SyniTox.pem"
|
|
|
|
|
/set irc.server.OFTC.tls_cert "${weechat_config_dir}/ssl/irc.oftc.chat/NickName.pem"
|
|
|
|
|
|
|
|
|
|
# Disconnect and connect back to the server.
|
|
|
|
|
/disconnect OFTC
|
|
|
|
@ -124,7 +141,7 @@ Define the server in weechat
|
|
|
|
|
```
|
|
|
|
|
You must be identified in order to validate using certs
|
|
|
|
|
```
|
|
|
|
|
/msg nickserv identify password SyniTox
|
|
|
|
|
/msg nickserv identify password NickName
|
|
|
|
|
```
|
|
|
|
|
To allow NickServ to identify you based on this certificate you need
|
|
|
|
|
to associate the certificate fingerprint with your nick. To do this
|
|
|
|
|