Ecosyste.ms: Awesome
An open API service indexing awesome lists of open source software.
https://github.com/denisse-dev/irc-bouncer
Creates a Hardened ZNC IRC Bouncer that uses Tor to connect to IRC networks like LiberaChat or OFTC
https://github.com/denisse-dev/irc-bouncer
ansible ansible-playbook archlinux irc irc-networks linode linux packer packer-template proxychains terraform tor tor-network znc znc-irc-bouncer znc-server
Last synced: 2 months ago
JSON representation
Creates a Hardened ZNC IRC Bouncer that uses Tor to connect to IRC networks like LiberaChat or OFTC
- Host: GitHub
- URL: https://github.com/denisse-dev/irc-bouncer
- Owner: denisse-dev
- License: gpl-3.0
- Created: 2020-01-01T22:32:29.000Z (almost 5 years ago)
- Default Branch: main
- Last Pushed: 2022-01-11T16:59:32.000Z (almost 3 years ago)
- Last Synced: 2024-05-01T14:43:49.419Z (8 months ago)
- Topics: ansible, ansible-playbook, archlinux, irc, irc-networks, linode, linux, packer, packer-template, proxychains, terraform, tor, tor-network, znc, znc-irc-bouncer, znc-server
- Language: HCL
- Homepage:
- Size: 745 KB
- Stars: 22
- Watchers: 2
- Forks: 1
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
- License: LICENSE
Awesome Lists containing this project
README
# About
This repository contains Terraform, Packer, and Ansible configuration to deploy an Arch Linux Linode instance that hosts a ZNC IRC bouncer that uses Tor, an Onion service to access the bouncer webadmin and a Tor middle relay.
# Pre requisites
- A [Linode API Token](https://www.linode.com/docs/products/tools/linode-api/guides/get-access-token/) with **Read/Write** access for the **Images** and **Linodes** scopes.
- The following packages:
- [ansible](https://archlinux.org/packages/community/any/ansible/)
- [packer](https://archlinux.org/packages/community/x86_64/packer/)
- [terraform](https://archlinux.org/packages/community/x86_64/terraform/)# Deploying the bouncer
## Build image
1. To export Packer variables:
```bash
set +o history # unset bash history
unset HISTFILE # unset zsh historyexport PKR_VAR_linode_token=
export PKR_VAR_user=
export PKR_VAR_ssh_keys=
export PKR_VAR_control_pass=
```2. To install packer plugins:
```bash
packer init packer
```3. To build an image:
```bash
packer build packer
```The following variables are shown in STDOUT and are required for the next steps:
1. **znc_cert_fingerprint**
1. **liberachat_fingerprint**
1. **oftc_fingerprint**
1. **hidden_service**
1. **linode_image**![Screenshot of Ansible's output showing three certificate variables ](img/fingerprints.svg)
## Deploy image
1. To export Terraform variables:
```bash
set +o history # unset bash history
unset HISTFILE # unset zsh historyexport TF_VAR_linode_token=
export TF_VAR_image=
```2. To deploy an instance
```bash
terraform -chdir=terraform init
terraform -chdir=terraform apply
```3. To connect to the instance:
```bash
ssh @ -p
```You're required to set-up your password upon first login:
![Terminal showing how to set password of the instance user](img/set-password.svg)
First login:
![Terminal showing the first SSH login](img/first-login.svg)
## Access ZNC's webadmin
- To get the Onion Service URL:
```bash
cat /var/lib/tor/hidden_service/hostname
```- To get ZNC's port
```bash
sed --quiet --expression '/Port/p' /var/lib/znc/.znc/configs/znc.conf
```Access ZNC's webadmin using the onion service and the port, (ex. `http://owgtuxw3dd2m2cyii5nzxk6bohzggragerdvzdsev6uhjyb3cfn2u5yd.onion:15763/`):
![Screenshot showing ZNC's user interface via an Onion Service](img/onion-service.png)
# Connecting to the bouncer
The following stpes are done in an IRC client like WeeChat.
## Add SSL certificates for [SASL External](https://en.wikipedia.org/wiki/Simple_Authentication_and_Security_Layer) authentication
### Adding the LiberaChat network:
1. To connect to LiberaChat directly:
```bash
/server add liberachat-direct irc.libera.chat/6697 -ssl
/set irc.server.liberachat-direct.nicks
/save
/connect liberachat-direct
```2. To add the SSL certificate to LiberaChat:
```bash
/msg NickServ cert add
```3. To connect to LiberaChat using ZNC:
```bash
/server add liberachat-znc /6697 -ssl -username=/liberachat -password=
/set irc.server.liberachat-znc.ssl_fingerprint
/save
/connect liberachat-znc
```3. To use SASL External:
```bash
/query *sasl Mechanism EXTERNAL
```4. To accept LiberaChat's SSL fingerprint:
Move to the ***status** buffer, then add the certificate:
```bash
/znc AddTrustedServerFingerprint
```5. To use clientbuffer:
```bash
/query *clientbuffer AddClient
/disconnect -all
/set irc.server.liberachat-znc.username "@/liberachat"
```### Adding the OFTC network:
1. To connect to OFTC:
```bash
/server add oftc-direct irc.oftc.net/6697 -ssl
/set irc.server.oftc.nicks
/save
/connect oftc-direct
```2. To add the SSL certificate to OFTC:
```bash
/msg NickServ cert add
```3. To use SASL External:
```bash
/server add oftc-znc -ssl -username=/oftc -password=
/set irc.server.oftc-znc.ssl_fingerprint
/save
/connect oftc-znc
/query *sasl Mechanism EXTERNAL
```4. To accept LiberaChat's SSL fingerprint:
Move to the ***status** buffer, then add the certificate:
```bash
/znc AddTrustedServerFingerprint
```5. To use clientbuffer:
```bash
/query *clientbuffer AddClient
/disconnect -all
/set irc.server.oftc-znc.username "@/oftc"
```## Monitoring
The following services are accessible from the Tor network:
| Service | Port |
| ----------- | ---- |
| grafana | 3000 |
| prometheus | 9090 |
| prometheus-node-exporter | 9100 |Access a service (ex. Grafana) using the Onion Adress and the port, ex (**owgtuxw3dd2m2cyii5nzxk6bohzggragerdvzdsev6uhjyb3cfn2u5yd.onion:3000/**):
![ZNC dashboard](img/dashboard.png)