## Toxygen Weechat You can have a [weechat](https://github.com/weechat/qweechat) console so that you can have IRC and jabber in a window as well as Tox. There's a copy of qweechat in ```thirdparty/qweechat``` backported to PyQt5 and integrated into toxygen. Follow the normal instructions for adding a ```relay``` to [weechat](https://github.com/weechat/weechat) ``` /relay add ipv4.ssl.weechat 9000 /relay start ipv4.ssl.weechat ``` or ``` /set relay.network.ipv6 off /set relay.network.password password /relay add weechat 9000 /relay start weechat ``` and use the Plugins/Weechat Console to start weechat under Toxygen. Then use the File/Connect menu item of the Console to connect to weechat. Weechat has a Jabber plugin to enable XMPP: ``` /python load jabber.el /help jabber ``` so you can have Tox, IRC and XMPP in the same application! ### Creating servers for IRC over Tor Create a proxy called tor ``` /proxy add tor socks5 127.0.0.1 9050 ``` It should now show up in the list of proxies. ``` /proxy list ``` ``` /nick NickName ``` ## TLS certificates [Create a Self-signed Certificate](https://www.oftc.net/NickServ/CertFP/) Choose a NickName you will identify as. Create a directory for your certificates ~/.config/weechat/ssl/ and make a subdirectory for each server ~/.config/weechat/ssl/irc.oftc.net/ Change to the server directory and use openssl to make a keypair and answer the questions: ``` openssl req -nodes -newkey rsa:2048 -keyout NickName.key -x509 -days 3650 -out NickName.cer chmod 400 NickName.key ``` We now combine certificate and key to a single file NickName.pem ``` cat NickName.cer NickName.key > NickName.pem chmod 400 NickName.pem ``` Do this for each server you want to connect to, or just use one for all of them. ### Libera TokTok channel The main discussion forum for Tox is the #TokTok channel on libera. https://mox.sh/sysadmin/secure-irc-connection-to-freenode-with-tor-and-weechat/ We have to create an account without Tor, this is a requirement to use TOR: Connect to irc.libera.chat without Tor and register ``` /msg NickServ identify NickName password /msg NickServ REGISTER mypassword mycoolemail@example.com /msg NickServ SET PRIVATE ON ``` You'll get an email with a registration code. Confirm registration after getting the mail with the code: ``` /msg NickServ VERIFY REGISTER NickName code1235678 ``` Libera has an onion server so we can map an address in tor. Add this to your /etc/tor/torrc ``` MapAddress palladium.libera.chat libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion ``` Or without the MapAddress just use libera75jm6of4wxpxt4aynol3xjmbtxgfyjpu34ss4d7r7q2v5zrpyd.onion as the server address below, but set tls_verify to off. Define the server in weechat https://www.weechat.org/files/doc/stable/weechat_user.en.html#irc_sasl_authentication ``` /server remove libera /server add libera palladium.libera.chat/6697 -tls -tls_verify /set irc.server.libera.ipv6 off /set irc.server.libera.proxy tor /set irc.server.libera.username NickName /set irc.server.libera.password password /set irc.server.libera.nicks NickName /set irc.server.libera.tls on /set irc.server.libera.tls_cert "${weechat_config_dir}/ssl/libera.chat/NickName.pem" ``` ``` /set irc.server.libera.sasl_mechanism ecdsa-nist256p-challenge /set irc.server.libera.sasl_username "NickName" /set irc.server.libera.sasl_key "${weechat_config_dir}/ssl/libera.chat/NickName.pem" ``` Disconnect and connect back to the server. ``` /disconnect libera /connect libera ``` /msg nickserv identify password NickName ### oftc.net To use oftc.net over tor, you need to authenticate by SSL certificates. Define the server in weechat ``` /server remove irc.oftc.net /server add OFTC irc.oftc.net/6697 -tls -tls_verify /set irc.server.OFTC.ipv6 off /set irc.server.OFTC.proxy tor /set irc.server.OFTC.username NickName /set irc.server.OFTC.nicks NickName /set irc.server.OFTC.tls on /set irc.server.OFTC.tls_cert "${weechat_config_dir}/ssl/irc.oftc.chat/NickName.pem" # Disconnect and connect back to the server. /disconnect OFTC /connect OFTC ``` You must be identified in order to validate using certs ``` /msg nickserv identify password NickName ``` To allow NickServ to identify you based on this certificate you need to associate the certificate fingerprint with your nick. To do this issue the command cert add to Nickserv (try /msg nickserv helpcert). ``` /msg nickserv cert add ``` ### Privacy [Add somes settings bellow to weechat](https://szorfein.github.io/weechat/tor/configure-weechat/). Detail from [faq](https://weechat.org/files/doc/weechat_faq.en.html#security). ``` /set irc.server_default.msg_part "" /set irc.server_default.msg_quit "" /set irc.ctcp.clientinfo "" /set irc.ctcp.finger "" /set irc.ctcp.source "" /set irc.ctcp.time "" /set irc.ctcp.userinfo "" /set irc.ctcp.version "" /set irc.ctcp.ping "" /plugin unload xfer /set weechat.plugin.autoload "*,!xfer" ```