Replicant-bridge » History » Revision 3
Revision 2 (Denis 'GNUtoo' Carikli, 06/02/2021 10:47 PM) → Revision 3/4 (Denis 'GNUtoo' Carikli, 06/02/2021 10:48 PM)
h1. Replicant-bridge
{{toc}}
h1. Warnings
This tutorial is a work in progress
h1. Introduction
We run a bridge between the #replicant channel on OFTC and the #replicant
channel on liberachat. This is because we originally started on Freenode,
but we found out that it was not possible to create accounts with Tor in
Freenode so we also opened a #replicant channel on the OFTC network to
also enable users that want to protect their identity to be able to join
the replicant channel.
h1. Requirements
To deploy the Replicant IRC bridge, you need:
* - To have the OFTC network and libreachat networks configured in an IRC
client in a way that enforces encryption and checks for certificates validity.
More precisely:
**
- TLS should be used for both OFTC and Libera.Chat
**
- SASL should be used for Libera.Chat.
This is to avoid sending passwords in clear.
* - Access to the Replicant contact address to change the passwords
* - A virtual or physical computer that can stay always on
* - The ability to run FSDG compliant distributions in that computer
* - The ability ro run matterbridge (the bridge software) on the distribution you use
If you intend to deploy a similar configuration for other purposes some of the
requirements above could be removed.
h1. Deployement
We want to avoid passing around password in insecure ways. So the way to
re-deploy this bridge is to first change the passwords, then add the new passwords
in the configuration file and run matterbridge.
h2. Changing passwords
You will first need to shut down the actual bridge if it's already running as
this tutorial doesn't take in account cases where you lost control of a running
bridge for some reasons. If that happens you might need to kick the old bridge
from IRC first or prevent it from login in with the Replicant-bridge username
after having changed the password.
Once done, you can either start with Libera.chat or OFTC, but you'll need to do
both.
h3. Change the liberachat password
To change the password you first need to connect to liberachat securely.
Once done, you can request a password change with the following command:
<pre>
/msg NickServ SENDPASS Replicant-bridge
</pre>
The instructions to change the password will then arrive at the Replicant
contact address.
Once the password has been changed you will need to update it in the
matterbridge.toml configuration file.
Once this is done, make sure that your IRC client is not connected (anymore)
as Replicant-bridge.
h3. Change the OFTC password
To change the password, you first need to connect to the OFTC network securely.
TODO: Document how to change the OFTC password.
h2. Deploying matterbridge
Here's (below) the matterbridge.toml file we use:
<pre>
[irc]
[irc.liberachat]
Nick="Replicant-bridge"
NickServNick="Replicant-bridge"
NickServPassword="PASSWORD"
Server="irc.libera.chat:6697"
UseTLS=true
UseSASL=true
SkipTLSVerify=false
RemoteNickFormat="<{NICK}@OFTC> "
[irc.OFTC]
Nick="Replicant-bridge"
NickServNick="Replicant-bridge"
Server="irc.oftc.net:6697"
UseTLS=true
SkipTLSVerify=false
RunCommands=["PRIVMSG nickserv :IDENTIFY PASSWORD Replicant-bridge"]
RemoteNickFormat="<{NICK}@Libera.Chat> "
[[gateway]]
name="mygateway"
enable=true
[[gateway.inout]]
account="irc.liberachat"
channel="#replicant"
[[gateway.inout]]
account="irc.OFTC"
channel="#replicant"
</pre>
The passwords have been replaced with PASSWORD.