Weechat: Difference between revisions
imported>Rokka Added example for single file overlay. |
imported>Sdier Add glowing bear/nginx/oauth2 instructions. |
||
Line 101: | Line 101: | ||
} | } | ||
</syntaxhighlight> | |||
== Glowing Bear, nginx, TLS, and Oauth2 Proxy == | |||
One can set up Glowing Bear as a web client to Weechat. However, its best to proxy inbound connections from the internet through a more robust service with TLS enabled. Lastly, it's convenient to reuse an auth provider to provide access to internal applications. | |||
This configuration snippet can illustrate how to configure it: | |||
<syntaxhighlight lang="nix"> | |||
{ config, pkgs, ... }: | |||
{ | |||
services.weechat.enable = true; | |||
# Go read the terms at https://letsencrypt.org/repository/ | |||
security.acme.acceptTerms = false; | |||
security.acme.email = ""; | |||
services.nginx = { | |||
enable = true; | |||
recommendedGzipSettings = true; | |||
recommendedOptimisation = true; | |||
recommendedProxySettings = true; | |||
recommendedTlsSettings = true; | |||
# You'd think this is a good idea, but Safari doesn't support 1.3 on websockets yet from my testing in 2020. If one is only using Chrome, consider it. | |||
# sslProtocols = "TLSv1.3"; | |||
virtualHosts = { | |||
"irc.your.fqdn.goes.here" = { | |||
forceSSL = true; | |||
enableACME = true; | |||
locations."^~ /weechat" = { | |||
proxyPass = "http://127.0.0.1:9000"; | |||
proxyWebsockets = true; | |||
}; | |||
locations."/" = { | |||
root = pkgs.glowing-bear; | |||
}; | |||
}; | |||
}; | |||
services.oauth2.proxy = { | |||
enable = true; | |||
email.addresses = '' | |||
# your email goes here for authorization | |||
''; | |||
nginx.virtualhosts = [ | |||
"irc.your.fqdn.goes.here" | |||
]; | |||
clientID = ""; | |||
keyFile = ""; | |||
}; | |||
} | |||
</syntaxhighlight> | </syntaxhighlight> |
Revision as of 22:12, 4 June 2020
WeeChat is an extensible chat client with a command line interface.
Plugins
WeeChat can be extended with plugins, which can be written in a variety of scripting languages. As these plugins may depend on external libraries, we need to take care that those are found by WeeChat. For example the Jabber plugin depends on the xmpppy
python library, which is provided in a separate nix package. To make WeeChat find the library, we can override the weechat
nix package and add the dependency as an extra build input, e.g. by changing the ~/.nixpkgs/config.nix
as follows:
{
packageOverrides = pkgs: rec {
weechat = pkgs.weechat.override { extraBuildInputs = [ pkgs.xmpppy ]; };
};
}
Making the wechat-otr.py plugin work
As of 2018-07-14, a workaround is needed. You have to override potr to use an old, vulnerable version of pycrypto (upstream progress in fixing this issue can be found at https://github.com/python-otr/pure-python-otr/issues/68):
(weechat.override {
configure = { availablePlugins, ... }: {
plugins = [
(availablePlugins.python.withPackages (ps: [
(ps.potr.overridePythonAttrs (oldAttrs:
{
propagatedBuildInputs = [
(ps.buildPythonPackage rec {
name = "pycrypto-${version}";
version = "2.6.1";
src = pkgs.fetchurl {
url = "mirror://pypi/p/pycrypto/${name}.tar.gz";
sha256 = "0g0ayql5b9mkjam8hym6zyg6bv77lbh66rv1fyvgqb17kfc1xkpj";
};
patches = pkgs.stdenv.lib.singleton (pkgs.fetchpatch {
name = "CVE-2013-7459.patch";
url = "https://anonscm.debian.org/cgit/collab-maint/python-crypto.git"
+ "/plain/debian/patches/CVE-2013-7459.patch?h=debian/2.6.1-7";
sha256 = "01r7aghnchc1bpxgdv58qyi2085gh34bxini973xhy3ks7fq3ir9";
});
buildInputs = [ pkgs.gmp ];
preConfigure = ''
sed -i 's,/usr/include,/no-such-dir,' configure
sed -i "s!,'/usr/include/'!!" setup.py
'';
})
];
}
))
]))
];
};
})
An Example ~/.config/nixpkgs/overlays/weechat.nix, if you prefer single file overlays.
self: super:
{
weechat = super.weechat.override {
configure = { availablePlugins, ... }: {
plugins = [
(availablePlugins.python.withPackages (ps: [
(ps.potr.overridePythonAttrs (oldAttrs:
{
propagatedBuildInputs = [
(ps.buildPythonPackage rec {
name = "pycrypto-${version}";
version = "2.6.1";
src = super.fetchurl {
url = "mirror://pypi/p/pycrypto/${name}.tar.gz";
sha256 = "0g0ayql5b9mkjam8hym6zyg6bv77lbh66rv1fyvgqb17kfc1xkpj";
};
patches = super.stdenv.lib.singleton (super.fetchpatch {
name = "CVE-2013-7459.patch";
url = "https://anonscm.debian.org/cgit/collab-maint/python-crypto.git"
+ "/plain/debian/patches/CVE-2013-7459.patch?h=debian/2.6.1-7";
sha256 = "01r7aghnchc1bpxgdv58qyi2085gh34bxini973xhy3ks7fq3ir9";
});
buildInputs = [ super.gmp ];
preConfigure = ''
sed -i 's,/usr/include,/no-such-dir,' configure
sed -i "s!,'/usr/include/'!!" setup.py
'';
})
];
}
))
]))
] ++ (with availablePlugins; [ perl tcl ruby guile lua ]);
};
};
}
Glowing Bear, nginx, TLS, and Oauth2 Proxy
One can set up Glowing Bear as a web client to Weechat. However, its best to proxy inbound connections from the internet through a more robust service with TLS enabled. Lastly, it's convenient to reuse an auth provider to provide access to internal applications.
This configuration snippet can illustrate how to configure it:
{ config, pkgs, ... }:
{
services.weechat.enable = true;
# Go read the terms at https://letsencrypt.org/repository/
security.acme.acceptTerms = false;
security.acme.email = "";
services.nginx = {
enable = true;
recommendedGzipSettings = true;
recommendedOptimisation = true;
recommendedProxySettings = true;
recommendedTlsSettings = true;
# You'd think this is a good idea, but Safari doesn't support 1.3 on websockets yet from my testing in 2020. If one is only using Chrome, consider it.
# sslProtocols = "TLSv1.3";
virtualHosts = {
"irc.your.fqdn.goes.here" = {
forceSSL = true;
enableACME = true;
locations."^~ /weechat" = {
proxyPass = "http://127.0.0.1:9000";
proxyWebsockets = true;
};
locations."/" = {
root = pkgs.glowing-bear;
};
};
};
services.oauth2.proxy = {
enable = true;
email.addresses = ''
# your email goes here for authorization
'';
nginx.virtualhosts = [
"irc.your.fqdn.goes.here"
];
clientID = "";
keyFile = "";
};
}