diff --git a/.gitattributes b/.gitattributes
@@ -1 +0,0 @@
-*.conf diff merge text
diff --git a/Dockerfile b/Dockerfile
@@ -1,31 +0,0 @@
-FROM alpine:latest
-
-# Install required packages
-RUN apk add --no-cache curl nano openssl python3-pip weechat weechat-perl weechat-python
-
-# Create weechat user
-RUN adduser -D -h /home/weechat weechat
-
-# Switch to weechat user
-USER weechat
-WORKDIR /home/weechat
-
-# Create weechat directory structure
-RUN mkdir -p .weechat/{python/autoload,perl/autoload,logs,tls} && chmod 700 .weechat
-
-# Copy our local files into the container
-COPY scripts/python/*.py .weechat/python/autoload/
-COPY scripts/perl/*.pl .weechat/perl/autoload/
-COPY alias.conf .weechat/
-
-# Install Python dependencies for scripts
-RUN pip3 install --user requests
-
-# Create fifo for external commands
-RUN mkfifo .weechat/weechat_fifo
-
-# Generate SSL certificate
-RUN openssl req -x509 -new -newkey rsa:4096 -sha256 -days 3650 -nodes -out .weechat/tls/cert.pem -keyout .weechat/tls/cert.pem -subj "/CN=HARDCHATS" && chmod 400 .weechat/tls/cert.pem
-
-# Start actual weechat client
-ENTRYPOINT ["weechat"]
-\ No newline at end of file
diff --git a/README.md b/README.md
@@ -1,13 +1,8 @@
# WeeChat
-> backup of me weechat setup
## Table of Contents
-- [Setup](#setup)
- - [WeeChat](#weechat)
- - [Relay](#relay)
- - [Docker](#docker)
- [Settings](#settings)
- [Appearance](#appearance)
- [Settings](#appearance)
@@ -26,51 +21,6 @@
---
-### Setup
-###### Repository for Debian (because Debian is always 7 versions behind to deem themself "stable")
-```shell
-sudo mkdir /root/.gnupg
-sudo chmod 700 /root/.gnupg
-sudo mkdir -p /usr/share/keyrings
-sudo gpg --no-default-keyring --keyring /usr/share/keyrings/weechat-archive-keyring.gpg --keyserver hkps://keys.openpgp.org --recv-keys 11E9DE8848F2B65222AA75B8D1820DB22A11534E
-echo "deb [signed-by=/usr/share/keyrings/weechat-archive-keyring.gpg] https://weechat.org/debian bullseye main" | sudo tee /etc/apt/sources.list.d/weechat.list
-sudo apt-get update
-sudo apt-get install weechat-curses weechat-plugins weechat-python weechat-perl
-```
-
-###### WeeChat
-```shell
-git clone https://github.com/tat3r/tdfiglet.git && cd tdfiglet && make && sudo make install && cd
-weechat -P "alias,buflist,charset,exec,fifo,fset,irc,logger,perl,python,relay,script,trigger,typing" -r "/set weechat.plugin.autoload alias,buflist,charset,exec,fifo,fset,irc,logger,perl,python,relay,script,trigger,typing;/save;/quit"
-rm $HOME/.weechat/weechat.log && chmod 700 $HOME/.weechat && mkdir $HOME/.weechat/tls
-git clone --depth 1 https://github.com/acidvegas/weechat.git $HOME/weechat
-mv $HOME/weechat/alias.conf $HOME/.weechat/alias.conf && mv $HOME/weechat/scripts/perl/*.pl $HOME/.weechat/perl/autoload/ && mv $HOME/weechat/scripts/python/*.py $HOME/.weechat/python/autoload/
-mkdir $HOME/.weechat/logs
-mkfifo $HOME/.weechat/weechat_fifo
-openssl req -x509 -new -newkey rsa:4096 -sha256 -days 3650 -out $HOME/.weechat/tls/cert.pem -keyout $HOME/.weechat/tls/cert.pem
-chmod 400 $HOME/.weechat/tls/cert.pem
-```
-
-###### Relay
-```shell
-certbot certonly --standalone -d chat.acid.vegas -m acid.vegas@acid.vegas
-echo -e "[Unit]\nDescription=cerbot renewal\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/certbot renew -n --quiet --agree-tos --deploy-hook /home/acidvegas/.local/share/weechat/renew" > /etc/systemd/system/certbot.service
-echo -e "[Unit]\nDescription=cerbot renewal timer\n\n[Timer]\nOnCalendar=0/12:00:00\nRandomizedDelaySec=1h\nPersistent=true\n\n[Install]\nWantedBy=timers.target" > /etc/systemd/system/certbot.timer
-systemctl enable certbot.timer && systemctl start certbot.timer
-
-echo "#!/bin/bash" > $HOME/.local/share/weechat/renew
-echo "cat /etc/letsencrypt/live/chat.acid.vegas/fullchain.pem /etc/letsencrypt/live/chat.acid.vegas/privkey.pem > $HOME/.config/weechat/tls/relay.pem" >> $HOME/.local/share/weechat/renew
-echo "chown -R acidvegas:acidvegas $HOME/.weechat/tls/relay.pem && chmod 400 $HOME/.confg/weechat/tls/relay.pem" >> $HOME/.local/share/weechat/renew
-echo "printf \'%b\' \'*/relay tlscertkey\n\' > /run/user/1000/weechat/weechat_fifo" >> $HOME/.local/share/weechat/renew
-chmod +x $HOME/.local/share/weechat/renew
-
-mkdir -p $HOME/.config/systemd/user
-echo -e "[Unit]\nDescription=headless weechat relay service\nAfter=network.target\n\n[Service]\nType=forking\nExecStart=/usr/bin/weechat-headless --daemon\n\n[Install]\nWantedBy=default.target" > $HOME/.config/systemd/user/weechat-headless.service
-systemctl --user enable weechat-headless
-```
-
----
-
### Settings
###### Appearance
```
@@ -277,15 +227,13 @@ See [alias.conf](https://github.com/acidvegas/weechat/blob/master/alias.conf) fi
/set weechat.notify.irc.22f30 highlight
/set irc.server.anope.autojoin #anope
/set irc.serber.blackcatz #blackcatz
-/set irc.server.blcknd.autojoin #blcknd,#chat
+/set irc.server.blcknd.autojoin #blcknd
/set irc.server.buttes.autojoin #gamme
/set irc.server.efnet.autojoin #2600,#efnetnews,#exchange,#irc30,#lrh
-/set irc.server.gamesurge.autojoin #nfo-support,#worms
+/set irc.server.gamesurge.autojoin #worms
/set weechat.notify.irc.gamesurge highlight
/set irc.server.irc.autojoin #h4x
/set irc.server.ircstorm.autojoin #schizophrenia
-/set irc.server.libera.autojoin #archlinux,#ircv3,#matrix,#music-theory,#python,#raspberrypi,#weechat
-/set weechat.notify.irc.libera message
/set irc.server.malvager.autojoin #malvager
/set irc.server.sandnet.autojoin #arab
/set irc.server.sandnet.away_check 60
@@ -301,7 +249,6 @@ See [alias.conf](https://github.com/acidvegas/weechat/blob/master/alias.conf) fi
/set irc.server.wormnet.realname "48 0 US 3.7.2.1"
/set weechat.notify.irc.wormnet highlight
/set irc.server.wtfux.autojoin #ED,#wtfux
-
```
---
@@ -337,6 +284,11 @@ See [alias.conf](https://github.com/acidvegas/weechat/blob/master/alias.conf) fi
```
/proxy add tor socks5 127.0.0.1 9050
/set irc.server.CHANGEME.proxy tor
+
+/proxy add dirtysocks socks5 example.dirtysocks.com 8080 myuser mypass
+/set irc.server.CHANGEME.proxy dirtysocks
+
+/set irc.server_default.proxy tor
```
---
diff --git a/alias.conf b/assets/alias.conf
diff --git a/assets/certbot.service b/assets/certbot.service
@@ -0,0 +1,6 @@
+[Unit]
+Description=cerbot renewal
+
+[Service]
+Type=oneshot
+ExecStart=/usr/bin/certbot renew -n --quiet --agree-tos --deploy-hook /home/agent/.local/share/weechat/renew
+\ No newline at end of file
diff --git a/assets/certbot.timer b/assets/certbot.timer
@@ -0,0 +1,10 @@
+[Unit]
+Description=cerbot renewal timer
+
+[Timer]
+OnCalendar=0/12:00:00
+RandomizedDelaySec=1h
+Persistent=true
+
+[Install]
+WantedBy=timers.target
+\ No newline at end of file
diff --git a/assets/pmf b/assets/pmf
@@ -0,0 +1,54 @@
+#!/bin/sh
+# poor mans firewall (weechat edition) - developed by acidvegas (https://git.acid.vegas/weechat)
+
+set -xev
+
+# Configuration
+PORT_SSH='22'
+PORT_RELAY='2222'
+
+# Kernel hardening settings
+mkdir -p /etc/sysctl.d
+{
+ printf "net.ipv4.conf.all.accept_source_route = 0\n"
+ printf "net.ipv6.conf.all.accept_source_route = 0\n"
+ printf "net.ipv4.conf.all.rp_filter = 1\n"
+ printf "net.ipv4.conf.default.rp_filter = 1\n"
+ printf "net.ipv4.conf.all.accept_redirects = 0\n"
+ printf "net.ipv6.conf.all.accept_redirects = 0\n"
+ printf "net.ipv4.conf.default.accept_redirects = 0\n"
+ printf "net.ipv6.conf.default.accept_redirects = 0\n"
+ printf "net.ipv4.conf.all.log_martians = 1\n"
+ printf "kernel.randomize_va_space = 2\n"
+ printf "fs.suid_dumpable = 0\n"
+} > /etc/sysctl.d/99-custom-hardening.conf
+
+# Apply hardening settings
+sysctl -p /etc/sysctl.d/99-custom-hardening.conf
+
+# Flush existing rules
+iptables -F
+iptables -X
+iptables -t nat -F
+iptables -t nat -X
+iptables -t mangle -F
+iptables -t mangle -X
+
+# Default chain policies
+iptables -P INPUT DROP
+iptables -P FORWARD DROP
+iptables -P OUTPUT ACCEPT
+
+# Common Firewall rules
+iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
+iptables -A INPUT -p icmp --icmp-type echo-request -j DROP # Disable response to ping requests
+iptables -A INPUT -p icmp --icmp-type port-unreachable -j DROP
+iptables -A INPUT -i lo -j ACCEPT
+
+# Allow access
+iptables -A INPUT -p tcp --dport $PORT_SSH -j ACCEPT
+iptables -A INPUT -p tcp --dport $PORT_RELAY -j ACCEPT
+iptables -A INPUT -p tcp --dport 80 -j ACCEPT
+
+# Save rules
+iptables-save > /etc/iptables/iptables.rules
+\ No newline at end of file
diff --git a/assets/renew b/assets/renew
@@ -0,0 +1,6 @@
+#!/bin/bash
+# WeeChat Relay Certificate Renewal Script - Developed by acidvegas (https://git.acid.vegas/weechat)
+RELAY_DOMAIN=$1
+cat /etc/letsencrypt/live/$RELAY_DOMAIN/fullchain.pem /etc/letsencrypt/live/$RELAY_DOMAIN/privkey.pem > /home/agent/.config/weechat/tls/relay.pem
+chown -R agent:agent /home/agent/.weechat/tls/relay.pem && chmod 400 /home/agent/.confg/weechat/tls/relay.pem
+printf '%b' '*/relay tlscertkey\n' > /home/agent/.local/share/weechat/FIFO
+\ No newline at end of file
diff --git a/scripts/perl/antifuck.pl b/assets/scripts/perl/antifuck.pl
diff --git a/scripts/perl/cflood.pl b/assets/scripts/perl/cflood.pl
diff --git a/scripts/perl/color_popup.pl b/assets/scripts/perl/color_popup.pl
diff --git a/scripts/perl/fuckyou.pl b/assets/scripts/perl/fuckyou.pl
diff --git a/scripts/perl/hueg.pl b/assets/scripts/perl/hueg.pl
diff --git a/scripts/perl/keepnick.pl b/assets/scripts/perl/keepnick.pl
diff --git a/scripts/perl/perlexec.pl b/assets/scripts/perl/perlexec.pl
diff --git a/scripts/python/autosort.py b/assets/scripts/python/autosort.py
diff --git a/scripts/python/bufsave.py b/assets/scripts/python/bufsave.py
diff --git a/scripts/python/colorize_nicks.py b/assets/scripts/python/colorize_nicks.py
diff --git a/scripts/python/confuse.py b/assets/scripts/python/confuse.py
diff --git a/scripts/python/fullwidth.py b/assets/scripts/python/fullwidth.py
diff --git a/scripts/python/greentext.py b/assets/scripts/python/greentext.py
diff --git a/scripts/python/masshl.py b/assets/scripts/python/masshl.py
diff --git a/scripts/python/pump.py b/assets/scripts/python/pump.py
diff --git a/scripts/python/rainbow.py b/assets/scripts/python/rainbow.py
diff --git a/scripts/python/rdsp.py b/assets/scripts/python/rdsp.py
diff --git a/scripts/python/unifuck.py b/assets/scripts/python/unifuck.py
diff --git a/scripts/python/vomit.py b/assets/scripts/python/vomit.py
diff --git a/setup.sh b/setup.sh
@@ -1,6 +1,64 @@
#!/bin/bash
-docker build -t weechat .
-docker run --restart=always -d --name weechat weechat
+# Weechat Incus Container Setup Script - Developed by acidvegas (https://git.acid.vegas/weechat)
-echo "Attach to WeeChat: docker attach weechat"
-echo "Detach from WeeChat: Ctrl+p Ctrl+q"
+set -xev
+
+create_container() {
+ incus storage create weechat-pool dir
+ incus launch images:debian/12 weechat-container -s weechat-pool
+ incus config set weechat-container boot.autostart true
+ sleep 10
+ incus exec weechat-container -- apt update -y
+ incus exec weechat-container -- apt upgrade -y
+ incus exec weechat-container -- apt install -y git nano nattended-upgrades wget
+ incus exec weechat-container -- useradd -m -s /bin/bash agent
+ incus exec weechat-container -- journalctl --vacuum-time=1d
+ incus exec weechat-container -- sh -c 'printf "[Journal]\nStorage=volatile\nSplitMode=none\nRuntimeMaxUse=500K\n" > /etc/systemd/journald.conf'
+ incus exec weechat-container -- systemctl restart systemd-journald
+ incus exec weechat-container -- bash -c "echo 'TERM=xterm-256color' >> /etc/environment"
+ incus config set weechat-container boot.autostart true
+}
+
+
+install_weechat() {
+ incus exec weechat-container -- apt install -y ca-certificates
+ incus exec weechat-container -- mkdir -p /etc/apt/keyrings
+ incus exec weechat-container -- bash -c "curl --silent https://weechat.org/dev/info/debian_repository_signing_key_asc/ > /etc/apt/keyrings/weechat.asc"
+ incus exec weechat-container -- bash -c "echo 'deb [arch=amd64,i386,arm64,armhf signed-by=/etc/apt/keyrings/weechat.asc] https://weechat.org/debian bookworm main' > /etc/apt/sources.list.d/weechat.list"
+ incus exec weechat-container -- bash -c "echo 'deb-src [arch=amd64,i386,arm64,armhf signed-by=/etc/apt/keyrings/weechat.asc] https://weechat.org/debian bookworm main' >> /etc/apt/sources.list.d/weechat.list"
+ incus exec weechat-container -- apt update
+ incus exec weechat-container -- apt install -y screen weechat-curses weechat-plugins weechat-python weechat-perl
+}
+
+
+configure_weechat() {
+ incus exec weechat-container -- su - agent -c "weechat -P 'alias,buflist,charset,exec,fifo,fset,irc,logger,perl,python,relay,script,trigger,typing' -r '/set weechat.plugin.autoload alias,buflist,charset,exec,fifo,fset,irc,logger,perl,python,relay,script,trigger,typing;/save;/quit'"
+ incus exec weechat-container -- su - agent -c "mkdir /home/agent/.config/weechat/tls"
+ incus exec weechat-container -- su - agent -c "git clone --depth 1 https://github.com/acidvegas/weechat.git /home/agent/weechat"
+ incus exec weechat-container -- su - agent -c "mv /home/agent/weechat/assets/alias.conf /home/agent/.config/weechat/alias.conf && mv /home/agent/weechat/assets/scripts/perl/*.pl /home/agent/.local/share/weechat/perl/autoload/ && mv /home/agent/weechat/assets/scripts/python/*.py /home/agent/.local/share/weechat/python/autoload/ && rm -rf /home/agent/weechat"
+ incus exec weechat-container -- su - agent -c "mkdir /home/agent/.local/share/weechat/logs"
+ incus exec weechat-container -- su - agent -c "mkfifo /home/agent/.local/share/weechat/FIFO"
+ incus exec weechat-container -- bash -c "git clone https://github.com/tat3r/tdfiglet.git && cd tdfiglet && make && sudo make install && cd && rm -rf tdfiglet"
+}
+
+
+configure_relay() {
+ RELAY_PORT=2222
+ RELAY_DOMAIN=big.dick.acid.vegas
+ CONTAINER_IP=$(incus list | grep weechat-container | awk '{print $6}')
+
+ incus config device add weechat-container weechat-certbot-port proxy listen=tcp:0.0.0.0:$RELAY_PORT connect=tcp:$CONTAINER_IP:$RELAY_PORT
+ incus config device add weechat-container weechat-relay-port proxy listen=tcp:0.0.0.0:80 connect=tcp:$CONTAINER_IP:80
+
+ incus file push assets/renew weechat-container/home/agent/.local/share/weechat/renew
+ incus exec weechat-container -- chown agent:agent /home/agent/.local/share/weechat/renew
+ incus exec weechat-container -- chmod +x /home/agent/.local/share/weechat/renew
+
+ incus exec weechat-container -- apt install -y certbot
+ incus exec weechat-container -- certbot certonly --standalone -d $RELAY_DOMAIN -m nobody@noname.gov
+ incus file push assets/certbot.service weechat-container/etc/systemd/system/certbot.service
+ incus file push assets/certbot.timer weechat-container/etc/systemd/system/certbot.timer
+ incus exec weechat-container -- systemctl enable certbot.timer && incus exec weechat-container -- systemctl start certbot.timer
+}
+
+create_container && install_weechat && configure_weechat && configure_relay
+\ No newline at end of file
| | | | | | | | | | | | | | | | | | | | | | | | | | | |
