Weechat

From NixOS Wiki
Revision as of 22:12, 4 June 2020 by imported>Sdier (Add glowing bear/nginx/oauth2 instructions.)

WeeChat is an extensible chat client with a command line interface.

Plugins

WeeChat can be extended with plugins, which can be written in a variety of scripting languages. As these plugins may depend on external libraries, we need to take care that those are found by WeeChat. For example the Jabber plugin depends on the xmpppy python library, which is provided in a separate nix package. To make WeeChat find the library, we can override the weechat nix package and add the dependency as an extra build input, e.g. by changing the ~/.nixpkgs/config.nix as follows:

{
  packageOverrides = pkgs: rec {
    weechat = pkgs.weechat.override { extraBuildInputs = [ pkgs.xmpppy ]; };
  };
}

Making the wechat-otr.py plugin work

As of 2018-07-14, a workaround is needed. You have to override potr to use an old, vulnerable version of pycrypto (upstream progress in fixing this issue can be found at https://github.com/python-otr/pure-python-otr/issues/68):

      (weechat.override {
        configure = { availablePlugins, ... }: {
          plugins = [
            (availablePlugins.python.withPackages (ps: [
              (ps.potr.overridePythonAttrs (oldAttrs:
                {
                  propagatedBuildInputs = [
                    (ps.buildPythonPackage rec {
                      name = "pycrypto-${version}";
                      version = "2.6.1";

                      src = pkgs.fetchurl {
                        url = "mirror://pypi/p/pycrypto/${name}.tar.gz";
                        sha256 = "0g0ayql5b9mkjam8hym6zyg6bv77lbh66rv1fyvgqb17kfc1xkpj";
                      };

                      patches = pkgs.stdenv.lib.singleton (pkgs.fetchpatch {
                        name = "CVE-2013-7459.patch";
                        url = "https://anonscm.debian.org/cgit/collab-maint/python-crypto.git"
                          + "/plain/debian/patches/CVE-2013-7459.patch?h=debian/2.6.1-7";
                        sha256 = "01r7aghnchc1bpxgdv58qyi2085gh34bxini973xhy3ks7fq3ir9";
                      });

                      buildInputs = [ pkgs.gmp ];

                      preConfigure = ''
                        sed -i 's,/usr/include,/no-such-dir,' configure
                        sed -i "s!,'/usr/include/'!!" setup.py
                      '';
                    })
                  ];
                }
              ))
            ]))
          ];
        };
      })

An Example ~/.config/nixpkgs/overlays/weechat.nix, if you prefer single file overlays.

self: super:

{
  weechat = super.weechat.override {
    configure = { availablePlugins, ... }: {
      plugins = [
        (availablePlugins.python.withPackages (ps: [
          (ps.potr.overridePythonAttrs (oldAttrs:
            {
              propagatedBuildInputs = [
                (ps.buildPythonPackage rec {
                  name = "pycrypto-${version}";
                  version = "2.6.1";

                  src = super.fetchurl {
                    url = "mirror://pypi/p/pycrypto/${name}.tar.gz";
                    sha256 = "0g0ayql5b9mkjam8hym6zyg6bv77lbh66rv1fyvgqb17kfc1xkpj";
                  };

                  patches = super.stdenv.lib.singleton (super.fetchpatch {
                    name = "CVE-2013-7459.patch";
                    url = "https://anonscm.debian.org/cgit/collab-maint/python-crypto.git"
                      + "/plain/debian/patches/CVE-2013-7459.patch?h=debian/2.6.1-7";
                    sha256 = "01r7aghnchc1bpxgdv58qyi2085gh34bxini973xhy3ks7fq3ir9";
                  });

                  buildInputs = [ super.gmp ];

                  preConfigure = ''
                    sed -i 's,/usr/include,/no-such-dir,' configure
                    sed -i "s!,'/usr/include/'!!" setup.py
                  '';
                })
              ];
            }
          ))
        ]))
      ] ++ (with availablePlugins; [ perl tcl ruby guile lua ]);
    };
  };
}

Glowing Bear, nginx, TLS, and Oauth2 Proxy

One can set up Glowing Bear as a web client to Weechat. However, its best to proxy inbound connections from the internet through a more robust service with TLS enabled. Lastly, it's convenient to reuse an auth provider to provide access to internal applications.

This configuration snippet can illustrate how to configure it:

{ config, pkgs, ... }:
{
  services.weechat.enable = true;

  # Go read the terms at https://letsencrypt.org/repository/
  security.acme.acceptTerms = false;
  security.acme.email = "";

  services.nginx = {
    enable = true;
    recommendedGzipSettings = true;
    recommendedOptimisation = true;
    recommendedProxySettings = true;
    recommendedTlsSettings = true;
    # You'd think this is a good idea, but Safari doesn't support 1.3 on websockets yet from my testing in 2020.  If one is only using Chrome, consider it.
    # sslProtocols = "TLSv1.3";
    virtualHosts = {
      "irc.your.fqdn.goes.here" = {
        forceSSL = true;
        enableACME = true;
        locations."^~ /weechat" = {
          proxyPass = "http://127.0.0.1:9000";
          proxyWebsockets = true;
        };
        locations."/" = {
          root = pkgs.glowing-bear;
        };
      };
    };

    services.oauth2.proxy = {
      enable = true;
      email.addresses = ''
        # your email goes here for authorization
      '';
      nginx.virtualhosts = [
        "irc.your.fqdn.goes.here"
      ];
      clientID = "";
      keyFile = "";
    };
}