diff --git a/.gitattributes b/.gitattributes deleted file mode 100644 index 7b1bc7c..0000000 --- a/.gitattributes +++ /dev/null @@ -1 +0,0 @@ -*.conf diff merge text diff --git a/Dockerfile b/Dockerfile deleted file mode 100644 index e98bcdd..0000000 --- a/Dockerfile +++ /dev/null @@ -1,31 +0,0 @@ -FROM alpine:latest - -# Install required packages -RUN apk add --no-cache curl nano openssl python3-pip weechat weechat-perl weechat-python - -# Create weechat user -RUN adduser -D -h /home/weechat weechat - -# Switch to weechat user -USER weechat -WORKDIR /home/weechat - -# Create weechat directory structure -RUN mkdir -p .weechat/{python/autoload,perl/autoload,logs,tls} && chmod 700 .weechat - -# Copy our local files into the container -COPY scripts/python/*.py .weechat/python/autoload/ -COPY scripts/perl/*.pl .weechat/perl/autoload/ -COPY alias.conf .weechat/ - -# Install Python dependencies for scripts -RUN pip3 install --user requests - -# Create fifo for external commands -RUN mkfifo .weechat/weechat_fifo - -# Generate SSL certificate -RUN openssl req -x509 -new -newkey rsa:4096 -sha256 -days 3650 -nodes -out .weechat/tls/cert.pem -keyout .weechat/tls/cert.pem -subj "/CN=HARDCHATS" && chmod 400 .weechat/tls/cert.pem - -# Start actual weechat client -ENTRYPOINT ["weechat"] \ No newline at end of file diff --git a/README.md b/README.md index 9a31600..eecefb7 100644 --- a/README.md +++ b/README.md @@ -1,13 +1,8 @@ # WeeChat -> backup of me weechat setup ![](preview.png) ## Table of Contents -- [Setup](#setup) - - [WeeChat](#weechat) - - [Relay](#relay) - - [Docker](#docker) - [Settings](#settings) - [Appearance](#appearance) - [Settings](#appearance) @@ -26,51 +21,6 @@ --- -### Setup -###### Repository for Debian (because Debian is always 7 versions behind to deem themself "stable") -```shell -sudo mkdir /root/.gnupg -sudo chmod 700 /root/.gnupg -sudo mkdir -p /usr/share/keyrings -sudo gpg --no-default-keyring --keyring /usr/share/keyrings/weechat-archive-keyring.gpg --keyserver hkps://keys.openpgp.org --recv-keys 11E9DE8848F2B65222AA75B8D1820DB22A11534E -echo "deb [signed-by=/usr/share/keyrings/weechat-archive-keyring.gpg] https://weechat.org/debian bullseye main" | sudo tee /etc/apt/sources.list.d/weechat.list -sudo apt-get update -sudo apt-get install weechat-curses weechat-plugins weechat-python weechat-perl -``` - -###### WeeChat -```shell -git clone https://github.com/tat3r/tdfiglet.git && cd tdfiglet && make && sudo make install && cd -weechat -P "alias,buflist,charset,exec,fifo,fset,irc,logger,perl,python,relay,script,trigger,typing" -r "/set weechat.plugin.autoload alias,buflist,charset,exec,fifo,fset,irc,logger,perl,python,relay,script,trigger,typing;/save;/quit" -rm $HOME/.weechat/weechat.log && chmod 700 $HOME/.weechat && mkdir $HOME/.weechat/tls -git clone --depth 1 https://github.com/acidvegas/weechat.git $HOME/weechat -mv $HOME/weechat/alias.conf $HOME/.weechat/alias.conf && mv $HOME/weechat/scripts/perl/*.pl $HOME/.weechat/perl/autoload/ && mv $HOME/weechat/scripts/python/*.py $HOME/.weechat/python/autoload/ -mkdir $HOME/.weechat/logs -mkfifo $HOME/.weechat/weechat_fifo -openssl req -x509 -new -newkey rsa:4096 -sha256 -days 3650 -out $HOME/.weechat/tls/cert.pem -keyout $HOME/.weechat/tls/cert.pem -chmod 400 $HOME/.weechat/tls/cert.pem -``` - -###### Relay -```shell -certbot certonly --standalone -d chat.acid.vegas -m acid.vegas@acid.vegas -echo -e "[Unit]\nDescription=cerbot renewal\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/certbot renew -n --quiet --agree-tos --deploy-hook /home/acidvegas/.local/share/weechat/renew" > /etc/systemd/system/certbot.service -echo -e "[Unit]\nDescription=cerbot renewal timer\n\n[Timer]\nOnCalendar=0/12:00:00\nRandomizedDelaySec=1h\nPersistent=true\n\n[Install]\nWantedBy=timers.target" > /etc/systemd/system/certbot.timer -systemctl enable certbot.timer && systemctl start certbot.timer - -echo "#!/bin/bash" > $HOME/.local/share/weechat/renew -echo "cat /etc/letsencrypt/live/chat.acid.vegas/fullchain.pem /etc/letsencrypt/live/chat.acid.vegas/privkey.pem > $HOME/.config/weechat/tls/relay.pem" >> $HOME/.local/share/weechat/renew -echo "chown -R acidvegas:acidvegas $HOME/.weechat/tls/relay.pem && chmod 400 $HOME/.confg/weechat/tls/relay.pem" >> $HOME/.local/share/weechat/renew -echo "printf \'%b\' \'*/relay tlscertkey\n\' > /run/user/1000/weechat/weechat_fifo" >> $HOME/.local/share/weechat/renew -chmod +x $HOME/.local/share/weechat/renew - -mkdir -p $HOME/.config/systemd/user -echo -e "[Unit]\nDescription=headless weechat relay service\nAfter=network.target\n\n[Service]\nType=forking\nExecStart=/usr/bin/weechat-headless --daemon\n\n[Install]\nWantedBy=default.target" > $HOME/.config/systemd/user/weechat-headless.service -systemctl --user enable weechat-headless -``` - ---- - ### Settings ###### Appearance ``` @@ -277,15 +227,13 @@ See [alias.conf](https://github.com/acidvegas/weechat/blob/master/alias.conf) fi /set weechat.notify.irc.22f30 highlight /set irc.server.anope.autojoin #anope /set irc.serber.blackcatz #blackcatz -/set irc.server.blcknd.autojoin #blcknd,#chat +/set irc.server.blcknd.autojoin #blcknd /set irc.server.buttes.autojoin #gamme /set irc.server.efnet.autojoin #2600,#efnetnews,#exchange,#irc30,#lrh -/set irc.server.gamesurge.autojoin #nfo-support,#worms +/set irc.server.gamesurge.autojoin #worms /set weechat.notify.irc.gamesurge highlight /set irc.server.irc.autojoin #h4x /set irc.server.ircstorm.autojoin #schizophrenia -/set irc.server.libera.autojoin #archlinux,#ircv3,#matrix,#music-theory,#python,#raspberrypi,#weechat -/set weechat.notify.irc.libera message /set irc.server.malvager.autojoin #malvager /set irc.server.sandnet.autojoin #arab /set irc.server.sandnet.away_check 60 @@ -301,7 +249,6 @@ See [alias.conf](https://github.com/acidvegas/weechat/blob/master/alias.conf) fi /set irc.server.wormnet.realname "48 0 US 3.7.2.1" /set weechat.notify.irc.wormnet highlight /set irc.server.wtfux.autojoin #ED,#wtfux - ``` --- @@ -337,6 +284,11 @@ See [alias.conf](https://github.com/acidvegas/weechat/blob/master/alias.conf) fi ``` /proxy add tor socks5 127.0.0.1 9050 /set irc.server.CHANGEME.proxy tor + +/proxy add dirtysocks socks5 example.dirtysocks.com 8080 myuser mypass +/set irc.server.CHANGEME.proxy dirtysocks + +/set irc.server_default.proxy tor ``` --- diff --git a/alias.conf b/assets/alias.conf similarity index 100% rename from alias.conf rename to assets/alias.conf diff --git a/assets/certbot.service b/assets/certbot.service new file mode 100644 index 0000000..efc10ba --- /dev/null +++ b/assets/certbot.service @@ -0,0 +1,6 @@ +[Unit] +Description=cerbot renewal + +[Service] +Type=oneshot +ExecStart=/usr/bin/certbot renew -n --quiet --agree-tos --deploy-hook /home/agent/.local/share/weechat/renew \ No newline at end of file diff --git a/assets/certbot.timer b/assets/certbot.timer new file mode 100644 index 0000000..49db795 --- /dev/null +++ b/assets/certbot.timer @@ -0,0 +1,10 @@ +[Unit] +Description=cerbot renewal timer + +[Timer] +OnCalendar=0/12:00:00 +RandomizedDelaySec=1h +Persistent=true + +[Install] +WantedBy=timers.target \ No newline at end of file diff --git a/assets/pmf b/assets/pmf new file mode 100644 index 0000000..1b9f32b --- /dev/null +++ b/assets/pmf @@ -0,0 +1,54 @@ +#!/bin/sh +# poor mans firewall (weechat edition) - developed by acidvegas (https://git.acid.vegas/weechat) + +set -xev + +# Configuration +PORT_SSH='22' +PORT_RELAY='2222' + +# Kernel hardening settings +mkdir -p /etc/sysctl.d +{ + printf "net.ipv4.conf.all.accept_source_route = 0\n" + printf "net.ipv6.conf.all.accept_source_route = 0\n" + printf "net.ipv4.conf.all.rp_filter = 1\n" + printf "net.ipv4.conf.default.rp_filter = 1\n" + printf "net.ipv4.conf.all.accept_redirects = 0\n" + printf "net.ipv6.conf.all.accept_redirects = 0\n" + printf "net.ipv4.conf.default.accept_redirects = 0\n" + printf "net.ipv6.conf.default.accept_redirects = 0\n" + printf "net.ipv4.conf.all.log_martians = 1\n" + printf "kernel.randomize_va_space = 2\n" + printf "fs.suid_dumpable = 0\n" +} > /etc/sysctl.d/99-custom-hardening.conf + +# Apply hardening settings +sysctl -p /etc/sysctl.d/99-custom-hardening.conf + +# Flush existing rules +iptables -F +iptables -X +iptables -t nat -F +iptables -t nat -X +iptables -t mangle -F +iptables -t mangle -X + +# Default chain policies +iptables -P INPUT DROP +iptables -P FORWARD DROP +iptables -P OUTPUT ACCEPT + +# Common Firewall rules +iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT +iptables -A INPUT -p icmp --icmp-type echo-request -j DROP # Disable response to ping requests +iptables -A INPUT -p icmp --icmp-type port-unreachable -j DROP +iptables -A INPUT -i lo -j ACCEPT + +# Allow access +iptables -A INPUT -p tcp --dport $PORT_SSH -j ACCEPT +iptables -A INPUT -p tcp --dport $PORT_RELAY -j ACCEPT +iptables -A INPUT -p tcp --dport 80 -j ACCEPT + +# Save rules +iptables-save > /etc/iptables/iptables.rules \ No newline at end of file diff --git a/assets/renew b/assets/renew new file mode 100644 index 0000000..bc4272b --- /dev/null +++ b/assets/renew @@ -0,0 +1,6 @@ +#!/bin/bash +# WeeChat Relay Certificate Renewal Script - Developed by acidvegas (https://git.acid.vegas/weechat) +RELAY_DOMAIN=$1 +cat /etc/letsencrypt/live/$RELAY_DOMAIN/fullchain.pem /etc/letsencrypt/live/$RELAY_DOMAIN/privkey.pem > /home/agent/.config/weechat/tls/relay.pem +chown -R agent:agent /home/agent/.weechat/tls/relay.pem && chmod 400 /home/agent/.confg/weechat/tls/relay.pem +printf '%b' '*/relay tlscertkey\n' > /home/agent/.local/share/weechat/FIFO \ No newline at end of file diff --git a/scripts/perl/antifuck.pl b/assets/scripts/perl/antifuck.pl similarity index 100% rename from scripts/perl/antifuck.pl rename to assets/scripts/perl/antifuck.pl diff --git a/scripts/perl/cflood.pl b/assets/scripts/perl/cflood.pl similarity index 100% rename from scripts/perl/cflood.pl rename to assets/scripts/perl/cflood.pl diff --git a/scripts/perl/color_popup.pl b/assets/scripts/perl/color_popup.pl similarity index 100% rename from scripts/perl/color_popup.pl rename to assets/scripts/perl/color_popup.pl diff --git a/scripts/perl/fuckyou.pl b/assets/scripts/perl/fuckyou.pl similarity index 100% rename from scripts/perl/fuckyou.pl rename to assets/scripts/perl/fuckyou.pl diff --git a/scripts/perl/hueg.pl b/assets/scripts/perl/hueg.pl similarity index 100% rename from scripts/perl/hueg.pl rename to assets/scripts/perl/hueg.pl diff --git a/scripts/perl/keepnick.pl b/assets/scripts/perl/keepnick.pl similarity index 100% rename from scripts/perl/keepnick.pl rename to assets/scripts/perl/keepnick.pl diff --git a/scripts/perl/perlexec.pl b/assets/scripts/perl/perlexec.pl similarity index 100% rename from scripts/perl/perlexec.pl rename to assets/scripts/perl/perlexec.pl diff --git a/scripts/python/autosort.py b/assets/scripts/python/autosort.py similarity index 100% rename from scripts/python/autosort.py rename to assets/scripts/python/autosort.py diff --git a/scripts/python/bufsave.py b/assets/scripts/python/bufsave.py similarity index 100% rename from scripts/python/bufsave.py rename to assets/scripts/python/bufsave.py diff --git a/scripts/python/colorize_nicks.py b/assets/scripts/python/colorize_nicks.py similarity index 100% rename from scripts/python/colorize_nicks.py rename to assets/scripts/python/colorize_nicks.py diff --git a/scripts/python/confuse.py b/assets/scripts/python/confuse.py similarity index 100% rename from scripts/python/confuse.py rename to assets/scripts/python/confuse.py diff --git a/scripts/python/fullwidth.py b/assets/scripts/python/fullwidth.py similarity index 100% rename from scripts/python/fullwidth.py rename to assets/scripts/python/fullwidth.py diff --git a/scripts/python/greentext.py b/assets/scripts/python/greentext.py similarity index 100% rename from scripts/python/greentext.py rename to assets/scripts/python/greentext.py diff --git a/scripts/python/masshl.py b/assets/scripts/python/masshl.py similarity index 100% rename from scripts/python/masshl.py rename to assets/scripts/python/masshl.py diff --git a/scripts/python/pump.py b/assets/scripts/python/pump.py similarity index 100% rename from scripts/python/pump.py rename to assets/scripts/python/pump.py diff --git a/scripts/python/rainbow.py b/assets/scripts/python/rainbow.py similarity index 100% rename from scripts/python/rainbow.py rename to assets/scripts/python/rainbow.py diff --git a/scripts/python/rdsp.py b/assets/scripts/python/rdsp.py similarity index 100% rename from scripts/python/rdsp.py rename to assets/scripts/python/rdsp.py diff --git a/scripts/python/unifuck.py b/assets/scripts/python/unifuck.py similarity index 100% rename from scripts/python/unifuck.py rename to assets/scripts/python/unifuck.py diff --git a/scripts/python/vomit.py b/assets/scripts/python/vomit.py similarity index 100% rename from scripts/python/vomit.py rename to assets/scripts/python/vomit.py diff --git a/setup.sh b/setup.sh old mode 100644 new mode 100755 index a871388..373425e --- a/setup.sh +++ b/setup.sh @@ -1,6 +1,64 @@ #!/bin/bash -docker build -t weechat . -docker run --restart=always -d --name weechat weechat +# Weechat Incus Container Setup Script - Developed by acidvegas (https://git.acid.vegas/weechat) -echo "Attach to WeeChat: docker attach weechat" -echo "Detach from WeeChat: Ctrl+p Ctrl+q" +set -xev + +create_container() { + incus storage create weechat-pool dir + incus launch images:debian/12 weechat-container -s weechat-pool + incus config set weechat-container boot.autostart true + sleep 10 + incus exec weechat-container -- apt update -y + incus exec weechat-container -- apt upgrade -y + incus exec weechat-container -- apt install -y git nano nattended-upgrades wget + incus exec weechat-container -- useradd -m -s /bin/bash agent + incus exec weechat-container -- journalctl --vacuum-time=1d + incus exec weechat-container -- sh -c 'printf "[Journal]\nStorage=volatile\nSplitMode=none\nRuntimeMaxUse=500K\n" > /etc/systemd/journald.conf' + incus exec weechat-container -- systemctl restart systemd-journald + incus exec weechat-container -- bash -c "echo 'TERM=xterm-256color' >> /etc/environment" + incus config set weechat-container boot.autostart true +} + + +install_weechat() { + incus exec weechat-container -- apt install -y ca-certificates + incus exec weechat-container -- mkdir -p /etc/apt/keyrings + incus exec weechat-container -- bash -c "curl --silent https://weechat.org/dev/info/debian_repository_signing_key_asc/ > /etc/apt/keyrings/weechat.asc" + incus exec weechat-container -- bash -c "echo 'deb [arch=amd64,i386,arm64,armhf signed-by=/etc/apt/keyrings/weechat.asc] https://weechat.org/debian bookworm main' > /etc/apt/sources.list.d/weechat.list" + incus exec weechat-container -- bash -c "echo 'deb-src [arch=amd64,i386,arm64,armhf signed-by=/etc/apt/keyrings/weechat.asc] https://weechat.org/debian bookworm main' >> /etc/apt/sources.list.d/weechat.list" + incus exec weechat-container -- apt update + incus exec weechat-container -- apt install -y screen weechat-curses weechat-plugins weechat-python weechat-perl +} + + +configure_weechat() { + incus exec weechat-container -- su - agent -c "weechat -P 'alias,buflist,charset,exec,fifo,fset,irc,logger,perl,python,relay,script,trigger,typing' -r '/set weechat.plugin.autoload alias,buflist,charset,exec,fifo,fset,irc,logger,perl,python,relay,script,trigger,typing;/save;/quit'" + incus exec weechat-container -- su - agent -c "mkdir /home/agent/.config/weechat/tls" + incus exec weechat-container -- su - agent -c "git clone --depth 1 https://github.com/acidvegas/weechat.git /home/agent/weechat" + incus exec weechat-container -- su - agent -c "mv /home/agent/weechat/assets/alias.conf /home/agent/.config/weechat/alias.conf && mv /home/agent/weechat/assets/scripts/perl/*.pl /home/agent/.local/share/weechat/perl/autoload/ && mv /home/agent/weechat/assets/scripts/python/*.py /home/agent/.local/share/weechat/python/autoload/ && rm -rf /home/agent/weechat" + incus exec weechat-container -- su - agent -c "mkdir /home/agent/.local/share/weechat/logs" + incus exec weechat-container -- su - agent -c "mkfifo /home/agent/.local/share/weechat/FIFO" + incus exec weechat-container -- bash -c "git clone https://github.com/tat3r/tdfiglet.git && cd tdfiglet && make && sudo make install && cd && rm -rf tdfiglet" +} + + +configure_relay() { + RELAY_PORT=2222 + RELAY_DOMAIN=big.dick.acid.vegas + CONTAINER_IP=$(incus list | grep weechat-container | awk '{print $6}') + + incus config device add weechat-container weechat-certbot-port proxy listen=tcp:0.0.0.0:$RELAY_PORT connect=tcp:$CONTAINER_IP:$RELAY_PORT + incus config device add weechat-container weechat-relay-port proxy listen=tcp:0.0.0.0:80 connect=tcp:$CONTAINER_IP:80 + + incus file push assets/renew weechat-container/home/agent/.local/share/weechat/renew + incus exec weechat-container -- chown agent:agent /home/agent/.local/share/weechat/renew + incus exec weechat-container -- chmod +x /home/agent/.local/share/weechat/renew + + incus exec weechat-container -- apt install -y certbot + incus exec weechat-container -- certbot certonly --standalone -d $RELAY_DOMAIN -m nobody@noname.gov + incus file push assets/certbot.service weechat-container/etc/systemd/system/certbot.service + incus file push assets/certbot.timer weechat-container/etc/systemd/system/certbot.timer + incus exec weechat-container -- systemctl enable certbot.timer && incus exec weechat-container -- systemctl start certbot.timer +} + +create_container && install_weechat && configure_weechat && configure_relay \ No newline at end of file