acidvegas/weechat
acidvegas/weechat
1
Fork 0
Code Issues Pull Requests Activity

Cleanup, incus container added, fuck docker for now

Browse Source
This commit is contained in:
Dionysus 2025-06-14 17:15:08 -04:00
parent e8218f6153
commit a9d1347003
Signed by: acidvegas
GPG Key ID: EF4B922DB85DC9DE
28 changed files with 145 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitattributes vendored
View File

@ -1 +0,0 @@
*.conf diff merge text

31
Dockerfile
View File

@ -1,31 +0,0 @@
FROM alpine:latest
# Install required packages
RUN apk add --no-cache curl nano openssl python3-pip weechat weechat-perl weechat-python
# Create weechat user
RUN adduser -D -h /home/weechat weechat
# Switch to weechat user
USER weechat
WORKDIR /home/weechat
# Create weechat directory structure
RUN mkdir -p .weechat/{python/autoload,perl/autoload,logs,tls} && chmod 700 .weechat
# Copy our local files into the container
COPY scripts/python/*.py .weechat/python/autoload/
COPY scripts/perl/*.pl .weechat/perl/autoload/
COPY alias.conf .weechat/
# Install Python dependencies for scripts
RUN pip3 install --user requests
# Create fifo for external commands
RUN mkfifo .weechat/weechat_fifo
# Generate SSL certificate
RUN openssl req -x509 -new -newkey rsa:4096 -sha256 -days 3650 -nodes -out .weechat/tls/cert.pem -keyout .weechat/tls/cert.pem -subj "/CN=HARDCHATS" && chmod 400 .weechat/tls/cert.pem
# Start actual weechat client
ENTRYPOINT ["weechat"]

62
README.md
View File

@ -1,13 +1,8 @@
# WeeChat # WeeChat
> backup of me weechat setup
![](preview.png) ![](preview.png)
## Table of Contents ## Table of Contents
- [Setup](#setup)
- [WeeChat](#weechat)
- [Relay](#relay)
- [Docker](#docker)
- [Settings](#settings) - [Settings](#settings)
- [Appearance](#appearance) - [Appearance](#appearance)
- [Settings](#appearance) - [Settings](#appearance)
@ -26,51 +21,6 @@
--- ---
### Setup
###### Repository for Debian (because Debian is always 7 versions behind to deem themself "stable")
```shell
sudo mkdir /root/.gnupg
sudo chmod 700 /root/.gnupg
sudo mkdir -p /usr/share/keyrings
sudo gpg --no-default-keyring --keyring /usr/share/keyrings/weechat-archive-keyring.gpg --keyserver hkps://keys.openpgp.org --recv-keys 11E9DE8848F2B65222AA75B8D1820DB22A11534E
echo "deb [signed-by=/usr/share/keyrings/weechat-archive-keyring.gpg] https://weechat.org/debian bullseye main" | sudo tee /etc/apt/sources.list.d/weechat.list
sudo apt-get update
sudo apt-get install weechat-curses weechat-plugins weechat-python weechat-perl
```
###### WeeChat
```shell
git clone https://github.com/tat3r/tdfiglet.git && cd tdfiglet && make && sudo make install && cd
weechat -P "alias,buflist,charset,exec,fifo,fset,irc,logger,perl,python,relay,script,trigger,typing" -r "/set weechat.plugin.autoload alias,buflist,charset,exec,fifo,fset,irc,logger,perl,python,relay,script,trigger,typing;/save;/quit"
rm $HOME/.weechat/weechat.log && chmod 700 $HOME/.weechat && mkdir $HOME/.weechat/tls
git clone --depth 1 https://github.com/acidvegas/weechat.git $HOME/weechat
mv $HOME/weechat/alias.conf $HOME/.weechat/alias.conf && mv $HOME/weechat/scripts/perl/*.pl $HOME/.weechat/perl/autoload/ && mv $HOME/weechat/scripts/python/*.py $HOME/.weechat/python/autoload/
mkdir $HOME/.weechat/logs
mkfifo $HOME/.weechat/weechat_fifo
openssl req -x509 -new -newkey rsa:4096 -sha256 -days 3650 -out $HOME/.weechat/tls/cert.pem -keyout $HOME/.weechat/tls/cert.pem
chmod 400 $HOME/.weechat/tls/cert.pem
```
###### Relay
```shell
certbot certonly --standalone -d chat.acid.vegas -m acid.vegas@acid.vegas
echo -e "[Unit]\nDescription=cerbot renewal\n\n[Service]\nType=oneshot\nExecStart=/usr/bin/certbot renew -n --quiet --agree-tos --deploy-hook /home/acidvegas/.local/share/weechat/renew" > /etc/systemd/system/certbot.service
echo -e "[Unit]\nDescription=cerbot renewal timer\n\n[Timer]\nOnCalendar=0/12:00:00\nRandomizedDelaySec=1h\nPersistent=true\n\n[Install]\nWantedBy=timers.target" > /etc/systemd/system/certbot.timer
systemctl enable certbot.timer && systemctl start certbot.timer
echo "#!/bin/bash" > $HOME/.local/share/weechat/renew
echo "cat /etc/letsencrypt/live/chat.acid.vegas/fullchain.pem /etc/letsencrypt/live/chat.acid.vegas/privkey.pem > $HOME/.config/weechat/tls/relay.pem" >> $HOME/.local/share/weechat/renew
echo "chown -R acidvegas:acidvegas $HOME/.weechat/tls/relay.pem && chmod 400 $HOME/.confg/weechat/tls/relay.pem" >> $HOME/.local/share/weechat/renew
echo "printf \'%b\' \'*/relay tlscertkey\n\' > /run/user/1000/weechat/weechat_fifo" >> $HOME/.local/share/weechat/renew
chmod +x $HOME/.local/share/weechat/renew
mkdir -p $HOME/.config/systemd/user
echo -e "[Unit]\nDescription=headless weechat relay service\nAfter=network.target\n\n[Service]\nType=forking\nExecStart=/usr/bin/weechat-headless --daemon\n\n[Install]\nWantedBy=default.target" > $HOME/.config/systemd/user/weechat-headless.service
systemctl --user enable weechat-headless
```
---
### Settings ### Settings
###### Appearance ###### Appearance
``` ```
@ -277,15 +227,13 @@ See [alias.conf](https://github.com/acidvegas/weechat/blob/master/alias.conf) fi
/set weechat.notify.irc.22f30 highlight /set weechat.notify.irc.22f30 highlight
/set irc.server.anope.autojoin #anope /set irc.server.anope.autojoin #anope
/set irc.serber.blackcatz #blackcatz /set irc.serber.blackcatz #blackcatz
/set irc.server.blcknd.autojoin #blcknd,#chat /set irc.server.blcknd.autojoin #blcknd
/set irc.server.buttes.autojoin #gamme /set irc.server.buttes.autojoin #gamme
/set irc.server.efnet.autojoin #2600,#efnetnews,#exchange,#irc30,#lrh /set irc.server.efnet.autojoin #2600,#efnetnews,#exchange,#irc30,#lrh
/set irc.server.gamesurge.autojoin #nfo-support,#worms /set irc.server.gamesurge.autojoin #worms
/set weechat.notify.irc.gamesurge highlight /set weechat.notify.irc.gamesurge highlight
/set irc.server.irc.autojoin #h4x /set irc.server.irc.autojoin #h4x
/set irc.server.ircstorm.autojoin #schizophrenia /set irc.server.ircstorm.autojoin #schizophrenia
/set irc.server.libera.autojoin #archlinux,#ircv3,#matrix,#music-theory,#python,#raspberrypi,#weechat
/set weechat.notify.irc.libera message
/set irc.server.malvager.autojoin #malvager /set irc.server.malvager.autojoin #malvager
/set irc.server.sandnet.autojoin #arab /set irc.server.sandnet.autojoin #arab
/set irc.server.sandnet.away_check 60 /set irc.server.sandnet.away_check 60
@ -301,7 +249,6 @@ See [alias.conf](https://github.com/acidvegas/weechat/blob/master/alias.conf) fi
/set irc.server.wormnet.realname "48 0 US 3.7.2.1" /set irc.server.wormnet.realname "48 0 US 3.7.2.1"
/set weechat.notify.irc.wormnet highlight /set weechat.notify.irc.wormnet highlight
/set irc.server.wtfux.autojoin #ED,#wtfux /set irc.server.wtfux.autojoin #ED,#wtfux
``` ```
--- ---
@ -337,6 +284,11 @@ See [alias.conf](https://github.com/acidvegas/weechat/blob/master/alias.conf) fi
``` ```
/proxy add tor socks5 127.0.0.1 9050 /proxy add tor socks5 127.0.0.1 9050
/set irc.server.CHANGEME.proxy tor /set irc.server.CHANGEME.proxy tor
/proxy add dirtysocks socks5 example.dirtysocks.com 8080 myuser mypass
/set irc.server.CHANGEME.proxy dirtysocks
/set irc.server_default.proxy tor
``` ```
--- ---

0
alias.conf → assets/alias.conf
View File

6
assets/certbot.service Normal file
View File

@ -0,0 +1,6 @@
[Unit]
Description=cerbot renewal
[Service]
Type=oneshot
ExecStart=/usr/bin/certbot renew -n --quiet --agree-tos --deploy-hook /home/agent/.local/share/weechat/renew

10
assets/certbot.timer Normal file
View File

@ -0,0 +1,10 @@
[Unit]
Description=cerbot renewal timer
[Timer]
OnCalendar=0/12:00:00
RandomizedDelaySec=1h
Persistent=true
[Install]
WantedBy=timers.target

54
assets/pmf Normal file
View File

@ -0,0 +1,54 @@
#!/bin/sh
# poor mans firewall (weechat edition) - developed by acidvegas (https://git.acid.vegas/weechat)
set -xev
# Configuration
PORT_SSH='22'
PORT_RELAY='2222'
# Kernel hardening settings
mkdir -p /etc/sysctl.d
{
printf "net.ipv4.conf.all.accept_source_route = 0\n"
printf "net.ipv6.conf.all.accept_source_route = 0\n"
printf "net.ipv4.conf.all.rp_filter = 1\n"
printf "net.ipv4.conf.default.rp_filter = 1\n"
printf "net.ipv4.conf.all.accept_redirects = 0\n"
printf "net.ipv6.conf.all.accept_redirects = 0\n"
printf "net.ipv4.conf.default.accept_redirects = 0\n"
printf "net.ipv6.conf.default.accept_redirects = 0\n"
printf "net.ipv4.conf.all.log_martians = 1\n"
printf "kernel.randomize_va_space = 2\n"
printf "fs.suid_dumpable = 0\n"
} > /etc/sysctl.d/99-custom-hardening.conf
# Apply hardening settings
sysctl -p /etc/sysctl.d/99-custom-hardening.conf
# Flush existing rules
iptables -F
iptables -X
iptables -t nat -F
iptables -t nat -X
iptables -t mangle -F
iptables -t mangle -X
# Default chain policies
iptables -P INPUT DROP
iptables -P FORWARD DROP
iptables -P OUTPUT ACCEPT
# Common Firewall rules
iptables -A INPUT -m conntrack --ctstate ESTABLISHED,RELATED -j ACCEPT
iptables -A INPUT -p icmp --icmp-type echo-request -j DROP # Disable response to ping requests
iptables -A INPUT -p icmp --icmp-type port-unreachable -j DROP
iptables -A INPUT -i lo -j ACCEPT
# Allow access
iptables -A INPUT -p tcp --dport $PORT_SSH -j ACCEPT
iptables -A INPUT -p tcp --dport $PORT_RELAY -j ACCEPT
iptables -A INPUT -p tcp --dport 80 -j ACCEPT
# Save rules
iptables-save > /etc/iptables/iptables.rules

6
assets/renew Normal file
View File

@ -0,0 +1,6 @@
#!/bin/bash
# WeeChat Relay Certificate Renewal Script - Developed by acidvegas (https://git.acid.vegas/weechat)
RELAY_DOMAIN=$1
cat /etc/letsencrypt/live/$RELAY_DOMAIN/fullchain.pem /etc/letsencrypt/live/$RELAY_DOMAIN/privkey.pem > /home/agent/.config/weechat/tls/relay.pem
chown -R agent:agent /home/agent/.weechat/tls/relay.pem && chmod 400 /home/agent/.confg/weechat/tls/relay.pem
printf '%b' '*/relay tlscertkey\n' > /home/agent/.local/share/weechat/FIFO

0
scripts/perl/antifuck.pl → assets/scripts/perl/antifuck.pl
View File

0
scripts/perl/cflood.pl → assets/scripts/perl/cflood.pl
View File

0
scripts/perl/color_popup.pl → assets/scripts/perl/color_popup.pl
View File

0
scripts/perl/fuckyou.pl → assets/scripts/perl/fuckyou.pl
View File

0
scripts/perl/hueg.pl → assets/scripts/perl/hueg.pl
View File

0
scripts/perl/keepnick.pl → assets/scripts/perl/keepnick.pl
View File

0
scripts/perl/perlexec.pl → assets/scripts/perl/perlexec.pl
View File

0
scripts/python/autosort.py → assets/scripts/python/autosort.py
View File

0
scripts/python/bufsave.py → assets/scripts/python/bufsave.py
View File

0
scripts/python/colorize_nicks.py → assets/scripts/python/colorize_nicks.py
View File

0
scripts/python/confuse.py → assets/scripts/python/confuse.py
View File

0
scripts/python/fullwidth.py → assets/scripts/python/fullwidth.py
View File

0
scripts/python/greentext.py → assets/scripts/python/greentext.py
View File

0
scripts/python/masshl.py → assets/scripts/python/masshl.py
View File

0
scripts/python/pump.py → assets/scripts/python/pump.py
View File

0
scripts/python/rainbow.py → assets/scripts/python/rainbow.py
View File

0
scripts/python/rdsp.py → assets/scripts/python/rdsp.py
View File

0
scripts/python/unifuck.py → assets/scripts/python/unifuck.py
View File

0
scripts/python/vomit.py → assets/scripts/python/vomit.py
View File

66
setup.sh Normal file → Executable file
View File

@ -1,6 +1,64 @@
#!/bin/bash #!/bin/bash
docker build -t weechat . # Weechat Incus Container Setup Script - Developed by acidvegas (https://git.acid.vegas/weechat)
docker run --restart=always -d --name weechat weechat
echo "Attach to WeeChat: docker attach weechat" set -xev
echo "Detach from WeeChat: Ctrl+p Ctrl+q"
create_container() {
incus storage create weechat-pool dir
incus launch images:debian/12 weechat-container -s weechat-pool
incus config set weechat-container boot.autostart true
sleep 10
incus exec weechat-container -- apt update -y
incus exec weechat-container -- apt upgrade -y
incus exec weechat-container -- apt install -y git nano nattended-upgrades wget
incus exec weechat-container -- useradd -m -s /bin/bash agent
incus exec weechat-container -- journalctl --vacuum-time=1d
incus exec weechat-container -- sh -c 'printf "[Journal]\nStorage=volatile\nSplitMode=none\nRuntimeMaxUse=500K\n" > /etc/systemd/journald.conf'
incus exec weechat-container -- systemctl restart systemd-journald
incus exec weechat-container -- bash -c "echo 'TERM=xterm-256color' >> /etc/environment"
incus config set weechat-container boot.autostart true
}
install_weechat() {
incus exec weechat-container -- apt install -y ca-certificates
incus exec weechat-container -- mkdir -p /etc/apt/keyrings
incus exec weechat-container -- bash -c "curl --silent https://weechat.org/dev/info/debian_repository_signing_key_asc/ > /etc/apt/keyrings/weechat.asc"
incus exec weechat-container -- bash -c "echo 'deb [arch=amd64,i386,arm64,armhf signed-by=/etc/apt/keyrings/weechat.asc] https://weechat.org/debian bookworm main' > /etc/apt/sources.list.d/weechat.list"
incus exec weechat-container -- bash -c "echo 'deb-src [arch=amd64,i386,arm64,armhf signed-by=/etc/apt/keyrings/weechat.asc] https://weechat.org/debian bookworm main' >> /etc/apt/sources.list.d/weechat.list"
incus exec weechat-container -- apt update
incus exec weechat-container -- apt install -y screen weechat-curses weechat-plugins weechat-python weechat-perl
}
configure_weechat() {
incus exec weechat-container -- su - agent -c "weechat -P 'alias,buflist,charset,exec,fifo,fset,irc,logger,perl,python,relay,script,trigger,typing' -r '/set weechat.plugin.autoload alias,buflist,charset,exec,fifo,fset,irc,logger,perl,python,relay,script,trigger,typing;/save;/quit'"
incus exec weechat-container -- su - agent -c "mkdir /home/agent/.config/weechat/tls"
incus exec weechat-container -- su - agent -c "git clone --depth 1 https://github.com/acidvegas/weechat.git /home/agent/weechat"
incus exec weechat-container -- su - agent -c "mv /home/agent/weechat/assets/alias.conf /home/agent/.config/weechat/alias.conf && mv /home/agent/weechat/assets/scripts/perl/*.pl /home/agent/.local/share/weechat/perl/autoload/ && mv /home/agent/weechat/assets/scripts/python/*.py /home/agent/.local/share/weechat/python/autoload/ && rm -rf /home/agent/weechat"
incus exec weechat-container -- su - agent -c "mkdir /home/agent/.local/share/weechat/logs"
incus exec weechat-container -- su - agent -c "mkfifo /home/agent/.local/share/weechat/FIFO"
incus exec weechat-container -- bash -c "git clone https://github.com/tat3r/tdfiglet.git && cd tdfiglet && make && sudo make install && cd && rm -rf tdfiglet"
}
configure_relay() {
RELAY_PORT=2222
RELAY_DOMAIN=big.dick.acid.vegas
CONTAINER_IP=$(incus list | grep weechat-container | awk '{print $6}')
incus config device add weechat-container weechat-certbot-port proxy listen=tcp:0.0.0.0:$RELAY_PORT connect=tcp:$CONTAINER_IP:$RELAY_PORT
incus config device add weechat-container weechat-relay-port proxy listen=tcp:0.0.0.0:80 connect=tcp:$CONTAINER_IP:80
incus file push assets/renew weechat-container/home/agent/.local/share/weechat/renew
incus exec weechat-container -- chown agent:agent /home/agent/.local/share/weechat/renew
incus exec weechat-container -- chmod +x /home/agent/.local/share/weechat/renew
incus exec weechat-container -- apt install -y certbot
incus exec weechat-container -- certbot certonly --standalone -d $RELAY_DOMAIN -m nobody@noname.gov
incus file push assets/certbot.service weechat-container/etc/systemd/system/certbot.service
incus file push assets/certbot.timer weechat-container/etc/systemd/system/certbot.timer
incus exec weechat-container -- systemctl enable certbot.timer && incus exec weechat-container -- systemctl start certbot.timer
}
create_container && install_weechat && configure_weechat && configure_relay