Removing large amounts of extra commenting and old/unused features; SASL support
This commit is contained in:
parent
e9fde0d8c9
commit
49b67de7ec
@ -7,6 +7,8 @@
|
|||||||
dest: /usr/local/src/KiwiIRC
|
dest: /usr/local/src/KiwiIRC
|
||||||
update: no
|
update: no
|
||||||
|
|
||||||
|
# Need to capture AniNIX skinning of client as well as client build process.
|
||||||
|
|
||||||
- name: Update permissions
|
- name: Update permissions
|
||||||
become: yes
|
become: yes
|
||||||
file:
|
file:
|
||||||
|
@ -543,7 +543,7 @@ module
|
|||||||
* authenticating users through this mechanism. Supported mechanisms are:
|
* authenticating users through this mechanism. Supported mechanisms are:
|
||||||
* PLAIN, EXTERNAL.
|
* PLAIN, EXTERNAL.
|
||||||
*/
|
*/
|
||||||
#module { name = "m_sasl" }
|
module { name = "m_sasl" }
|
||||||
|
|
||||||
/*
|
/*
|
||||||
* m_sasl_dh-aes [EXTRA]
|
* m_sasl_dh-aes [EXTRA]
|
||||||
@ -631,7 +631,7 @@ module
|
|||||||
* You can use the following option to enable or disable it explicitly.
|
* You can use the following option to enable or disable it explicitly.
|
||||||
* Leaving this option not set defaults to the default system behavior.
|
* Leaving this option not set defaults to the default system behavior.
|
||||||
*/
|
*/
|
||||||
#sslv3 = no
|
sslv3 = no
|
||||||
}
|
}
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -1,563 +1,166 @@
|
|||||||
#-#-#-#-#-#-#-#-#-# INCLUDE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#-#
|
# Includes
|
||||||
#<include file="file.conf"> #
|
<config format="xml">
|
||||||
#<include executable="/path/to/executable parameters"> #
|
|
||||||
#<include executable="/usr/bin/wget -q -O - http://example.com/inspircd.conf">
|
|
||||||
<include file="/etc/inspircd/opers.conf">
|
<include file="/etc/inspircd/opers.conf">
|
||||||
<include file="/etc/inspircd/links.conf">
|
<include file="/etc/inspircd/links.conf">
|
||||||
<include file="/etc/inspircd/modules.conf">
|
<include file="/etc/inspircd/modules.conf">
|
||||||
<files motd="/etc/inspircd/motd.txt" rules="/etc/inspircd/rules.txt">
|
<files motd="/etc/inspircd/motd.txt" rules="/etc/inspircd/rules.txt">
|
||||||
|
|
||||||
|
# Server Definition
|
||||||
#-#-#-#-#-#-#-#-#-#-#-# VARIABLE DEFINITIONS -#-#-#-#-#-#-#-#-#-#-#-#
|
|
||||||
# #
|
|
||||||
# You can define variables that will be substituted later in the #
|
|
||||||
# configuration file. This can be useful to allow settings to be #
|
|
||||||
# easily changed, or to parameterize a remote includes. #
|
|
||||||
# #
|
|
||||||
# Variables may be redefined and may reference other variables. #
|
|
||||||
# Value expansion happens at the time the tag is read. #
|
|
||||||
# #
|
|
||||||
# Using variable definitions REQUIRES that the config format be #
|
|
||||||
# changed to "xml" from the default "compat" that uses escape #
|
|
||||||
# sequences such as "\"" and "\n", and does not support <define> #
|
|
||||||
<config format="xml">
|
|
||||||
#<define name="bindip" value="1.2.2.3">
|
|
||||||
#<define name="localips" value="&bindip;/24">
|
|
||||||
|
|
||||||
#-#-#-#-#-#-#-#-#-#-#-#- SERVER DESCRIPTION -#-#-#-#-#-#-#-#-#-#-#-#-
|
|
||||||
# #
|
|
||||||
# Here is where you enter the information about your server. #
|
|
||||||
# #
|
|
||||||
<server
|
<server
|
||||||
name="{{ external_domain }}"
|
name="{{ external_domain }}"
|
||||||
description="{{ organization['displayname'] }}/IRC"
|
description="{{ organization['displayname'] }}/IRC"
|
||||||
#id="97K"
|
network="{{ organization['displayname'] }}/IRC">
|
||||||
network="{{ organization['displayname'] }}/IRC">
|
|
||||||
|
|
||||||
|
|
||||||
#-#-#-#-#-#-#-#-#-#-#-#- ADMIN INFORMATION -#-#-#-#-#-#-#-#-#-#-#-#
|
|
||||||
# #
|
|
||||||
# Describes the Server Administrator's real name (optionally), #
|
|
||||||
# nick, and email address. #
|
|
||||||
# #
|
|
||||||
<admin
|
<admin
|
||||||
name="{{ organization['admin'] }}"
|
name="{{ organization['admin'] }}"
|
||||||
nick="{{ organization['admin'] }}"
|
nick="{{ organization['admin'] }}"
|
||||||
email="{{ organization['email'] }}">
|
email="{{ organization['email'] }}">
|
||||||
|
|
||||||
#-#-#-#-#-#-#-#-#-#-#-#- PORT CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
|
# Connection Information
|
||||||
# #
|
|
||||||
# Enter the port and address bindings here. #
|
|
||||||
# #
|
|
||||||
# j
|
|
||||||
<define name="subnetips" value="10.0.1.0/24">
|
<define name="subnetips" value="10.0.1.0/24">
|
||||||
<define name="localhost" value="127.0.0.1/32">
|
<define name="localhost" value="127.0.0.1/32">
|
||||||
|
<cidr
|
||||||
|
ipv4clone="32"
|
||||||
|
ipv6clone="128">
|
||||||
|
|
||||||
<bind
|
|
||||||
address=""
|
|
||||||
port="6697"
|
|
||||||
sslprofile="clients"
|
|
||||||
type="clients">
|
|
||||||
|
|
||||||
<bind address="" port="6667" type="clients">
|
|
||||||
|
|
||||||
|
# Plaintext on local only for bots and servers
|
||||||
<bind address="" port="8067" type="servers">
|
<bind address="" port="8067" type="servers">
|
||||||
|
<bind address="" port="6667" type="clients">
|
||||||
|
<connect
|
||||||
|
name="local"
|
||||||
|
parent="main"
|
||||||
|
allow="127.0.0.1"
|
||||||
|
localmax="20"
|
||||||
|
globalmax="20"
|
||||||
|
limit="20"
|
||||||
|
requiressl="off"
|
||||||
|
modes="+Bwx"
|
||||||
|
threshold="200"
|
||||||
|
port="6667">
|
||||||
|
|
||||||
|
# SSL for external connections
|
||||||
|
<bind
|
||||||
|
address=""
|
||||||
|
port="6697"
|
||||||
|
sslprofile="clients"
|
||||||
|
type="clients">
|
||||||
|
<connect
|
||||||
|
name="main"
|
||||||
|
allow="*"
|
||||||
|
commandrate="1000"
|
||||||
|
fakelag="on"
|
||||||
|
globalmax="500"
|
||||||
|
hardsendq="1M"
|
||||||
|
limit="500"
|
||||||
|
localmax="500"
|
||||||
|
maxconnwarn="on"
|
||||||
|
modes="+wx"
|
||||||
|
pingfreq="120"
|
||||||
|
port="6697"
|
||||||
|
recvq="8192"
|
||||||
|
requiressl="on"
|
||||||
|
resolvehostnames="on"
|
||||||
|
softsendq="8192"
|
||||||
|
threshold="25"
|
||||||
|
timeout="10"
|
||||||
|
useident="no">
|
||||||
|
<sslprofile
|
||||||
|
name="clients"
|
||||||
|
provider="openssl"
|
||||||
|
cafile="/etc/letsencrypt/live/{{ ssl['identity'] }}/fullchain.pem"
|
||||||
|
certfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/cert.pem" keyfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/privkey.pem"
|
||||||
|
ciphers="{{ ssl['ciphersuite'] }}"
|
||||||
|
hash="sha256"
|
||||||
|
renegotiation="no"
|
||||||
|
requestclientcert="no"
|
||||||
|
sslv3="no"
|
||||||
|
tlsv1="no"
|
||||||
|
tlsv11="no"
|
||||||
|
tlsv12="yes"
|
||||||
|
tlsv13="yes">
|
||||||
<openssl onrehash="yes">
|
<openssl onrehash="yes">
|
||||||
|
|
||||||
<sslprofile
|
|
||||||
name="clients"
|
|
||||||
provider="openssl"
|
|
||||||
cafile="/etc/letsencrypt/live/{{ ssl['identity'] }}/fullchain.pem"
|
|
||||||
certfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/cert.pem"
|
|
||||||
keyfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/privkey.pem"
|
|
||||||
ciphers="{{ ssl['ciphersuite'] }}"
|
|
||||||
hash="sha256"
|
|
||||||
renegotiation="no"
|
|
||||||
requestclientcert="no"
|
|
||||||
sslv3="no"
|
|
||||||
tlsv1="no"
|
|
||||||
tlsv11="no"
|
|
||||||
tlsv12="yes"
|
|
||||||
tlsv13="yes">
|
|
||||||
|
|
||||||
|
|
||||||
|
# Performance
|
||||||
#-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
|
|
||||||
# #
|
|
||||||
# This is where you can configure which connections are allowed #
|
|
||||||
# and denied access onto your server. The password is optional. #
|
|
||||||
# You may have as many of these as you require. To allow/deny all #
|
|
||||||
# connections, use a '*' or 0.0.0.0/0. #
|
|
||||||
# #
|
|
||||||
# -- It is important to note that connect tags are read from the -- #
|
|
||||||
# TOP DOWN. This means that you should have more specific deny #
|
|
||||||
# and allow tags at the top, progressively more general, followed #
|
|
||||||
# by a <connect allow="*" (should you wish to have one). #
|
|
||||||
# #
|
|
||||||
# Connect blocks are searched twice for each user - once when the TCP #
|
|
||||||
# connection is accepted, and once when the user completes their #
|
|
||||||
# registration. Most of the information (hostname, ident response, #
|
|
||||||
# password, SSL when using STARTTLS, etc) is only available during #
|
|
||||||
# the second search, so if you are trying to make a closed server, #
|
|
||||||
# you will probably need a connect block just for user registration. #
|
|
||||||
# This can be done by using <connect registered="no"> #
|
|
||||||
|
|
||||||
#<connect deny="192.0.2.*">
|
|
||||||
#<connect deny="3ffe::0/32" reason="The 6bone address space is deprecated">
|
|
||||||
<connect
|
|
||||||
name="local"
|
|
||||||
parent="main"
|
|
||||||
allow="127.0.0.1"
|
|
||||||
localmax="20"
|
|
||||||
globalmax="20"
|
|
||||||
limit="20"
|
|
||||||
requiressl="off"
|
|
||||||
threshold="200"
|
|
||||||
port="6667">
|
|
||||||
<connect
|
|
||||||
name="main"
|
|
||||||
allow="*"
|
|
||||||
commandrate="1000"
|
|
||||||
fakelag="on"
|
|
||||||
globalmax="500"
|
|
||||||
hardsendq="1M"
|
|
||||||
limit="500"
|
|
||||||
localmax="500"
|
|
||||||
maxconnwarn="on"
|
|
||||||
modes="+wx"
|
|
||||||
pingfreq="120"
|
|
||||||
port="6697"
|
|
||||||
recvq="8192"
|
|
||||||
requiressl="on"
|
|
||||||
resolvehostnames="on"
|
|
||||||
softsendq="8192"
|
|
||||||
threshold="25"
|
|
||||||
timeout="10"
|
|
||||||
useident="no">
|
|
||||||
|
|
||||||
#-#-#-#-#-#-#-#-#-#-#-#- CIDR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
|
|
||||||
# #
|
|
||||||
# CIDR configuration allows detection of clones and applying of #
|
|
||||||
# throttle limits across a CIDR range. (A CIDR range is a group of #
|
|
||||||
# IPs, for example, the CIDR range 192.168.1.0-192.168.1.255 may be #
|
|
||||||
# represented as 192.168.1.0/24). This means that abuse across an ISP #
|
|
||||||
# is detected and curtailed much easier. Here is a good chart that #
|
|
||||||
# shows how many IPs the different CIDRs correspond to: #
|
|
||||||
# http://en.wikipedia.org/wiki/CIDR#Prefix_aggregation #
|
|
||||||
# #
|
|
||||||
<cidr
|
|
||||||
# ipv4clone: specifies how many bits of an IP address should be
|
|
||||||
# looked at for clones. The default only looks for clones on a
|
|
||||||
# single IP address of a user. You do not want to set this
|
|
||||||
# extremely low. (Values are 0-32).
|
|
||||||
ipv4clone="32"
|
|
||||||
# ipv6clone: specifies how many bits of an IP address should be
|
|
||||||
# looked at for clones. The default only looks for clones on a
|
|
||||||
# single IP address of a user. You do not want to set this
|
|
||||||
# extremely low. (Values are 0-128).
|
|
||||||
ipv6clone="128">
|
|
||||||
|
|
||||||
#-#-#-#-#-#-#-#-#-#-#-# MAXIMUM CHANNELS -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
|
|
||||||
# #
|
|
||||||
<channels users="20" opers="60">
|
|
||||||
|
|
||||||
#-#-#-#-#-#-#-#-#-#-#-#-#-#-# DNS SERVER -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
|
|
||||||
# If these values are not defined, InspIRCd uses the default DNS resolver
|
|
||||||
# of your system.
|
|
||||||
#<dns server="127.0.0.1" timeout="5">
|
|
||||||
#<dns server="::1" timeout="5">
|
|
||||||
|
|
||||||
#-#-#-#-#-#-#-#-#-#-#-#-#-#-# PID FILE -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
|
|
||||||
# #
|
|
||||||
# Define the path to the PID file here. The PID file can be used to #
|
|
||||||
# rehash the ircd from the shell or to terminate the ircd from the #
|
|
||||||
# shell using shell scripts, perl scripts, etc... and to monitor the #
|
|
||||||
# ircd's state via cron jobs. If this is a relative path, it will be #
|
|
||||||
# relative to the configuration directory, and if it is not defined, #
|
|
||||||
# the default of 'inspircd.pid' is used. #
|
|
||||||
# #
|
|
||||||
<pid file="/var/lib/inspircd/inspircd.pid">
|
|
||||||
|
|
||||||
#-#-#-#-#-#-#-#-#-#-#-#-#- BANLIST LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-#-#
|
|
||||||
# #
|
|
||||||
# Use these tags to customise the ban limits on a per channel basis. #
|
|
||||||
# The tags are read from top to bottom, and any tag found which #
|
|
||||||
# matches the channels name applies the banlimit to that channel. #
|
|
||||||
# It is advisable to put an entry with the channel as '*' at the #
|
|
||||||
# bottom of the list. If none are specified or no maxbans tag is #
|
|
||||||
# matched, the banlist size defaults to 64 entries. #
|
|
||||||
# #
|
|
||||||
#<banlist chan="#largechan" limit="128">
|
|
||||||
<maxlist chan="*" limit="60">
|
|
||||||
|
|
||||||
#-#-#-#-#-#-#-#-#-#-#- DISABLED FEATURES -#-#-#-#-#-#-#-#-#-#-#-#-#-#
|
|
||||||
# #
|
|
||||||
# This tag is optional, and specifies one or more features which are #
|
|
||||||
# not available to non-operators. #
|
|
||||||
# #
|
|
||||||
# For example you may wish to disable NICK and prevent non-opers from #
|
|
||||||
# changing their nicknames. #
|
|
||||||
# Note that any disabled commands take effect only after the user has #
|
|
||||||
# 'registered' (e.g. after the initial USER/NICK/PASS on connection) #
|
|
||||||
# so for example disabling NICK will not cripple your network. #
|
|
||||||
# #
|
|
||||||
# You can also define if you want to disable any channelmodes #
|
|
||||||
# or usermodes from your users. #
|
|
||||||
# #
|
|
||||||
# `fakenonexistant' will make the ircd pretend that nonexistant #
|
|
||||||
# commands simply don't exist to non-opers ("no such command"). #
|
|
||||||
# #
|
|
||||||
#<disabled commands="TOPIC MODE" usermodes="" chanmodes="" fakenonexistant="yes">
|
|
||||||
|
|
||||||
|
|
||||||
#-#-#-#-#-#-#-#-#-#-#-#-#- SERVER OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#
|
|
||||||
# #
|
|
||||||
# Settings to define which features are usable on your server. #
|
|
||||||
# #
|
|
||||||
|
|
||||||
<options
|
|
||||||
# prefixquit: What (if anything) users' quit messages
|
|
||||||
# should be prefixed with.
|
|
||||||
prefixquit="Quit: "
|
|
||||||
|
|
||||||
# suffixquit: What (if anything) users' quit messages
|
|
||||||
# should be suffixed with.
|
|
||||||
suffixquit=""
|
|
||||||
|
|
||||||
# prefixpart: What (if anything) users' part messages
|
|
||||||
# should be prefixed with.
|
|
||||||
prefixpart="""
|
|
||||||
# NOTE: Use "\"" instead of """ if not using <config format="xml">
|
|
||||||
|
|
||||||
# suffixpart: What (if anything) users' part message
|
|
||||||
# should be suffixed with.
|
|
||||||
suffixpart="""
|
|
||||||
|
|
||||||
# fixedquit: Set all users' quit messages to this value.
|
|
||||||
#fixedquit=""
|
|
||||||
|
|
||||||
# fixedpart: Set all users' part messages in all channels
|
|
||||||
# to this value.
|
|
||||||
#fixedpart=""
|
|
||||||
|
|
||||||
# syntaxhints: If enabled, if a user fails to send the correct parameters
|
|
||||||
# for a command, the ircd will give back some help text of what
|
|
||||||
# the correct parameters are.
|
|
||||||
syntaxhints="no"
|
|
||||||
|
|
||||||
# cyclehosts: If enabled, when a user gets a host set, it will cycle
|
|
||||||
# them in all their channels. If not, it will simply change their host
|
|
||||||
# without cycling them.
|
|
||||||
cyclehosts="no"
|
|
||||||
|
|
||||||
# cyclehostsfromuser: If enabled, the source of the mode change for
|
|
||||||
# cyclehosts will be the user who cycled. This can look nicer, but
|
|
||||||
# triggers anti-takeover mechanisms of some obsolete bots.
|
|
||||||
cyclehostsfromuser="no"
|
|
||||||
|
|
||||||
# ircumsgprefix: Use undernet-style message prefixing for NOTICE and
|
|
||||||
# PRIVMSG. If enabled, it will add users' prefix to the line, if not,
|
|
||||||
# it will just message the user normally.
|
|
||||||
ircumsgprefix="no"
|
|
||||||
|
|
||||||
# announcets: If set to yes, when the timestamp on a channel changes, all users
|
|
||||||
# in the channel will be sent a NOTICE about it.
|
|
||||||
announcets="yes"
|
|
||||||
|
|
||||||
# allowmismatch: Setting this option to yes will allow servers to link even
|
|
||||||
# if they don't have the same "optionally common" modules loaded. Setting this to
|
|
||||||
# yes may introduce some desyncs and unwanted behaviour.
|
|
||||||
allowmismatch="no"
|
|
||||||
|
|
||||||
# defaultbind: Sets the default for <bind> tags without an address. Choices are
|
|
||||||
# ipv4 or ipv6; if not specified, IPv6 will be used if your system has support,
|
|
||||||
# falling back to IPv4 otherwise.
|
|
||||||
defaultbind="auto"
|
|
||||||
|
|
||||||
# hostintopic: If enabled, channels will show the host of the topic setter
|
|
||||||
# in the topic. If set to no, it will only show the nick of the topic setter.
|
|
||||||
hostintopic="yes"
|
|
||||||
|
|
||||||
# pingwarning: If a server does not respond to a ping within x seconds,
|
|
||||||
# it will send a notice to opers with snomask +l informing that the server
|
|
||||||
# is about to ping timeout.
|
|
||||||
pingwarning="15"
|
|
||||||
|
|
||||||
# serverpingfreq: How often pings are sent between servers (in seconds).
|
|
||||||
serverpingfreq="60"
|
|
||||||
|
|
||||||
# defaultmodes: What modes are set on a empty channel when a user
|
|
||||||
# joins it and it is unregistered.
|
|
||||||
defaultmodes="not"
|
|
||||||
|
|
||||||
# moronbanner: This is the text that is sent to a user when they are
|
|
||||||
# banned from the server.
|
|
||||||
moronbanner="You're banned! Contact {{ organization['email'] }} with the ERROR line below for help."
|
|
||||||
|
|
||||||
# exemptchanops: exemptions for channel access restrictions based on prefix.
|
|
||||||
exemptchanops="nonick:v flood:o"
|
|
||||||
|
|
||||||
# invitebypassmodes: This allows /invite to bypass other channel modes.
|
|
||||||
# (Such as +k, +j, +l, etc.)
|
|
||||||
invitebypassmodes="yes"
|
|
||||||
|
|
||||||
# nosnoticestack: This prevents snotices from 'stacking' and giving you
|
|
||||||
# the message saying '(last message repeated X times)'. Defaults to no.
|
|
||||||
nosnoticestack="no"
|
|
||||||
|
|
||||||
# welcomenotice: When turned on, this sends a NOTICE to connecting users
|
|
||||||
# with the text Welcome to <networkname>! after successful registration.
|
|
||||||
# Defaults to yes.
|
|
||||||
welcomenotice="yes">
|
|
||||||
|
|
||||||
|
|
||||||
#-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#
|
|
||||||
# #
|
|
||||||
|
|
||||||
<performance
|
<performance
|
||||||
# netbuffersize: Size of the buffer used to receive data from clients.
|
netbuffersize="10240"
|
||||||
# The ircd may only read this amount of text in 1 go at any time.
|
somaxconn="128"
|
||||||
netbuffersize="10240"
|
limitsomaxconn="true"
|
||||||
|
softlimit="1024"
|
||||||
# somaxconn: The maximum number of connections that may be waiting
|
quietbursts="yes">
|
||||||
# in the accept queue. This is *NOT* the total maximum number of
|
|
||||||
# connections per server. Some systems may only allow this to be up
|
|
||||||
# to 5, while others (such as Linux and *BSD) default to 128.
|
|
||||||
somaxconn="128"
|
|
||||||
|
|
||||||
# limitsomaxconn: By default, somaxconn (see above) is limited to a
|
|
||||||
# safe maximum value in the 2.0 branch for compatibility reasons.
|
|
||||||
# This setting can be used to disable this limit, forcing InspIRCd
|
|
||||||
# to use the value specified above.
|
|
||||||
limitsomaxconn="true"
|
|
||||||
|
|
||||||
# softlimit: This optional feature allows a defined softlimit for
|
|
||||||
# connections. If defined, it sets a soft max connections value.
|
|
||||||
softlimit="1024"
|
|
||||||
|
|
||||||
# quietbursts: When syncing or splitting from a network, a server
|
|
||||||
# can generate a lot of connect and quit messages to opers with
|
|
||||||
# +C and +Q snomasks. Setting this to yes squelches those messages,
|
|
||||||
# which makes it easier for opers, but degrades the functionality of
|
|
||||||
# bots like BOPM during netsplits.
|
|
||||||
quietbursts="yes">
|
|
||||||
|
|
||||||
#-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#
|
|
||||||
# #
|
|
||||||
|
|
||||||
<security
|
|
||||||
|
|
||||||
# announceinvites: This option controls which members of the channel
|
|
||||||
# receive an announcement when someone is INVITEd. Available values:
|
|
||||||
# 'none' - don't send invite announcements
|
|
||||||
# 'all' - send invite announcements to all members
|
|
||||||
# 'ops' - send invite announcements to ops and higher ranked users
|
|
||||||
# 'dynamic' - send invite announcements to halfops (if available) and
|
|
||||||
# higher ranked users. This is the recommended setting.
|
|
||||||
announceinvites="dynamic"
|
|
||||||
|
|
||||||
# hidemodes: If enabled, then the listmodes given will be hidden
|
|
||||||
# from users below halfop. This is not recommended to be set on +b
|
|
||||||
# as it may break some functionality in popular clients such as mIRC.
|
|
||||||
hidemodes="eI"
|
|
||||||
|
|
||||||
# hideulines: If this value is set to yes, U-lined servers will
|
|
||||||
# be hidden from non-opers in /links and /map.
|
|
||||||
hideulines="no"
|
|
||||||
|
|
||||||
# flatlinks: If this value is set to yes, /map and /links will
|
|
||||||
# be flattened when shown to non-opers.
|
|
||||||
flatlinks="no"
|
|
||||||
|
|
||||||
# hidewhois: When defined, the given text will be used in place
|
|
||||||
# of the server a user is on when whoised by a non-oper. Most
|
|
||||||
# networks will want to set this to something like "*.netname.net"
|
|
||||||
# to conceal the actual server a user is on.
|
|
||||||
# Note that enabling this will cause users' idle times to only be
|
|
||||||
# shown when the format /WHOIS <nick> <nick> is used.
|
|
||||||
hidewhois=""
|
|
||||||
|
|
||||||
# hidebans: If this value is set to yes, when a user is banned ([gkz]lined)
|
|
||||||
# only opers will see the ban message when the user is removed
|
|
||||||
# from the server.
|
|
||||||
hidebans="no"
|
|
||||||
|
|
||||||
# hidekills: If defined, replaces who set a /kill with a custom string.
|
|
||||||
hidekills=""
|
|
||||||
|
|
||||||
# hidesplits: If enabled, non-opers will not be able to see which
|
|
||||||
# servers split in a netsplit, they will only be able to see that one
|
|
||||||
# occurred (If their client has netsplit detection).
|
|
||||||
hidesplits="yes"
|
|
||||||
|
|
||||||
# maxtargets: Maximum number of targets per command.
|
|
||||||
# (Commands like /notice, /privmsg, /kick, etc)
|
|
||||||
maxtargets="20"
|
|
||||||
|
|
||||||
# customversion: Displays a custom string when a user /version's
|
|
||||||
# the ircd. This may be set for security reasons or vanity reasons.
|
|
||||||
customversion=""
|
|
||||||
|
|
||||||
# operspywhois: show opers (users/auspex) the +s channels a user is in. Values:
|
|
||||||
# splitmsg Split with an explanatory message
|
|
||||||
# yes Split with no explanatory message
|
|
||||||
# no Do not show
|
|
||||||
operspywhois="yes"
|
|
||||||
|
|
||||||
# runasuser: If this is set, InspIRCd will attempt to switch
|
|
||||||
# to run as this user, which allows binding of ports under 1024.
|
|
||||||
# You should NOT set this unless you are starting as root.
|
|
||||||
# NOT SUPPORTED/NEEDED UNDER WINDOWS.
|
|
||||||
#runasuser="ircd"
|
|
||||||
|
|
||||||
# runasgroup: If this is set, InspIRCd will attempt to switch
|
|
||||||
# to run as this group, which allows binding of ports under 1024.
|
|
||||||
# You should NOT set this unless you are starting as root.
|
|
||||||
# NOT SUPPORTED/NEEDED UNDER WINDOWS.
|
|
||||||
#runasgroup="ircd"
|
|
||||||
|
|
||||||
# restrictbannedusers: If this is set to yes, InspIRCd will not allow users
|
|
||||||
# banned on a channel to change nickname or message channels they are
|
|
||||||
# banned on.
|
|
||||||
restrictbannedusers="yes"
|
|
||||||
|
|
||||||
# genericoper: Setting this value to yes makes all opers on this server
|
|
||||||
# appear as 'is an IRC operator' in their WHOIS, regardless of their
|
|
||||||
# oper type, however oper types are still used internally. This only
|
|
||||||
# affects the display in WHOIS.
|
|
||||||
genericoper="no"
|
|
||||||
|
|
||||||
# userstats: /stats commands that users can run (opers can run all).
|
|
||||||
userstats="Pu">
|
|
||||||
|
|
||||||
#-#-#-#-#-#-#-#-#-#-#-#-# LIMITS CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#
|
|
||||||
# #
|
|
||||||
# This configuration tag defines the maximum sizes of various types #
|
|
||||||
# on IRC, such as the maximum length of a channel name, and the #
|
|
||||||
# maximum length of a channel. Note that with the exception of the #
|
|
||||||
# identmax value all values given here are the exact values you would #
|
|
||||||
# expect to see on IRC. This contrasts with the older InspIRCd #
|
|
||||||
# releases where these values would be one character shorter than #
|
|
||||||
# defined to account for a null terminator on the end of the text. #
|
|
||||||
# #
|
|
||||||
# These values should match network-wide otherwise issues will occur. #
|
|
||||||
# #
|
|
||||||
# The highest safe value you can set any of these options to is 500, #
|
|
||||||
# but it is recommended that you keep them somewhat #
|
|
||||||
# near their defaults (or lower). #
|
|
||||||
|
|
||||||
<limits
|
|
||||||
# maxnick: Maximum length of a nickname.
|
|
||||||
maxnick="12"
|
|
||||||
|
|
||||||
# maxchan: Maximum length of a channel name.
|
|
||||||
maxchan="20"
|
|
||||||
|
|
||||||
# maxmodes: Maximum number of mode changes per line.
|
|
||||||
maxmodes="20"
|
|
||||||
|
|
||||||
# maxident: Maximum length of a ident/username.
|
|
||||||
maxident="64"
|
|
||||||
|
|
||||||
# maxquit: Maximum length of a quit message.
|
|
||||||
maxquit="255"
|
|
||||||
|
|
||||||
# maxtopic: Maximum length of a channel topic.
|
|
||||||
maxtopic="307"
|
|
||||||
|
|
||||||
# maxkick: Maximum length of a kick message.
|
|
||||||
maxkick="255"
|
|
||||||
|
|
||||||
# maxgecos: Maximum length of a GECOS (realname).
|
|
||||||
maxgecos="128"
|
|
||||||
|
|
||||||
# maxaway: Maximum length of an away message.
|
|
||||||
maxaway="200">
|
|
||||||
|
|
||||||
|
|
||||||
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
|
|
||||||
# Logging
|
|
||||||
# -------
|
|
||||||
#
|
|
||||||
# Logging is covered with the <log> tag, which you may use to change
|
|
||||||
# the behaviour of the logging of the IRCd.
|
|
||||||
#
|
|
||||||
# In InspIRCd as of 1.2, logging is pluggable and very extensible.
|
|
||||||
# Different files can log the same thing, different 'types' of log can
|
|
||||||
# go to different places, and modules can even extend the log tag
|
|
||||||
# to do what they want.
|
|
||||||
#
|
|
||||||
# An example log tag would be:
|
|
||||||
# <log method="file" type="OPER" level="default" target="logs/opers.log">
|
|
||||||
# which would log all information on /oper (failed and successful) to
|
|
||||||
# a file called opers.log.
|
|
||||||
#
|
|
||||||
# There are many different types which may be used, and modules may
|
|
||||||
# generate their own. A list of useful types:
|
|
||||||
# - USERS - information relating to user connection and disconnection
|
|
||||||
# - OPER - succesful and failed oper attempts
|
|
||||||
# - KILL - kill related messages
|
|
||||||
# - snomask - server notices (*all* snomasks will be logged)
|
|
||||||
# - FILTER - messages related to filter matches (m_filter)
|
|
||||||
# - CONFIG - configuration related messages
|
|
||||||
# - COMMAND - die and restart messages, and messages related to unknown user types
|
|
||||||
# - SOCKET - socket engine informational/error messages
|
|
||||||
# - MODULE - module related messages
|
|
||||||
# - STARTUP - messages related to starting up the server
|
|
||||||
#
|
|
||||||
# You may also log *everything* by using a type of *, and subtract things out
|
|
||||||
# of that by using -TYPE - for example "* -USERINPUT -USEROUTPUT".
|
|
||||||
#
|
|
||||||
# Useful levels are:
|
|
||||||
# - default (general messages, including errors)
|
|
||||||
# - sparse (misc error messages)
|
|
||||||
# - debug (debug messages)
|
|
||||||
#
|
|
||||||
# Some types only produce output in the debug level, those are:
|
|
||||||
# - BANCACHE - ban cache debug messages
|
|
||||||
# - CHANNELS - information relating to joining/creating channels
|
|
||||||
# - CULLLIST - debug messages related to issues with removing users
|
|
||||||
# - RESOLVER - DNS related debug messages
|
|
||||||
# - CONNECTCLASS - Connection class debug messages
|
|
||||||
# - USERINPUT
|
|
||||||
# - USEROUTPUT
|
|
||||||
#
|
|
||||||
# The following log tag is highly default and uncustomised. It is recommended you
|
|
||||||
# sort out your own log tags. This is just here so you get some output.
|
|
||||||
|
|
||||||
<log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="/var/log/inspircd/inspircd.log" flush="1">
|
<log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="/var/log/inspircd/inspircd.log" flush="1">
|
||||||
|
<pid file="/var/lib/inspircd/inspircd.pid">
|
||||||
|
<options
|
||||||
|
|
||||||
#-#-#-#-#-#-#-#-#-#-#-#-#- WHOWAS OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#
|
prefixquit="Quit: "
|
||||||
# #
|
suffixquit=""
|
||||||
# This tag lets you define the behaviour of the /whowas command of #
|
prefixpart="""
|
||||||
# your server. #
|
suffixpart="""
|
||||||
# #
|
|
||||||
|
|
||||||
|
syntaxhints="no"
|
||||||
|
|
||||||
|
cyclehosts="no"
|
||||||
|
cyclehostsfromuser="no"
|
||||||
|
|
||||||
|
ircumsgprefix="no"
|
||||||
|
|
||||||
|
announcets="yes"
|
||||||
|
|
||||||
|
allowmismatch="no"
|
||||||
|
|
||||||
|
defaultbind="auto"
|
||||||
|
|
||||||
|
hostintopic="yes"
|
||||||
|
|
||||||
|
pingwarning="15"
|
||||||
|
serverpingfreq="60"
|
||||||
|
|
||||||
|
defaultmodes="not"
|
||||||
|
|
||||||
|
moronbanner="You're banned! Contact {{ organization['email'] }} with the ERROR line below for help."
|
||||||
|
exemptchanops="nonick:v flood:o"
|
||||||
|
invitebypassmodes="yes"
|
||||||
|
nosnoticestack="no"
|
||||||
|
|
||||||
|
welcomenotice="yes">
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
# Security and Controls
|
||||||
|
<security
|
||||||
|
announceinvites="dynamic"
|
||||||
|
hidemodes="eI"
|
||||||
|
hideulines="no"
|
||||||
|
flatlinks="no"
|
||||||
|
hidewhois=""
|
||||||
|
hidebans="no"
|
||||||
|
hidekills=""
|
||||||
|
hidesplits="yes"
|
||||||
|
maxtargets="20"
|
||||||
|
customversion=""
|
||||||
|
operspywhois="yes"
|
||||||
|
restrictbannedusers="yes"
|
||||||
|
genericoper="no"
|
||||||
|
userstats="Pu">
|
||||||
|
<limits
|
||||||
|
maxnick="12"
|
||||||
|
maxchan="20"
|
||||||
|
maxmodes="20"
|
||||||
|
maxident="64"
|
||||||
|
maxquit="255"
|
||||||
|
maxtopic="307"
|
||||||
|
maxkick="255"
|
||||||
|
maxgecos="128"
|
||||||
|
maxaway="200">
|
||||||
|
<channels users="20" opers="60">
|
||||||
|
<maxlist chan="*" limit="60">
|
||||||
<whowas
|
<whowas
|
||||||
# groupsize: Maximum entries per nick shown when performing
|
groupsize="10"
|
||||||
# a /whowas nick.
|
maxgroups="100000"
|
||||||
groupsize="10"
|
maxkeep="1d">
|
||||||
|
|
||||||
# maxgroups: Maximum number of nickgroups that can be added to
|
# Ban options
|
||||||
# the list so that /whowas does not use a lot of resources on
|
|
||||||
# large networks.
|
|
||||||
maxgroups="100000"
|
|
||||||
|
|
||||||
# maxkeep: Maximum time a nick is kept in the whowas list
|
|
||||||
# before being pruned. Time may be specified in seconds,
|
|
||||||
# or in the following format: 1y2w3d4h5m6s. Minimum is
|
|
||||||
# 1 hour.
|
|
||||||
maxkeep="1d">
|
|
||||||
|
|
||||||
#-#-#-#-#-#-#-#-#-#-#-#-#-#- BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-#
|
|
||||||
# #
|
|
||||||
# The ban tags define nick masks, host masks and ip ranges which are #
|
|
||||||
# banned from your server. All details in these tags are local to #
|
|
||||||
# Your server. #
|
|
||||||
# #
|
|
||||||
|
|
||||||
#<badip ipmask="192.0.2.*" reason="Nope.">
|
|
||||||
<badnick nick="*Serv" reason="Reserved for Services">
|
<badnick nick="*Serv" reason="Reserved for Services">
|
||||||
<badhost host="*@*malware*" reason="Malware">
|
<badhost host="*@*malware*" reason="Malware">
|
||||||
<badhost host="root@*" reason="Don't IRC as root!">
|
<badhost host="root@*" reason="Don't IRC as root!">
|
||||||
@ -565,34 +168,8 @@
|
|||||||
<exception host="{{ organization['admin'] }}@127.0.0.1" reason="localhost">
|
<exception host="{{ organization['admin'] }}@127.0.0.1" reason="localhost">
|
||||||
<exception host="{{ organization['admin'] }}@{{ external_domain }}" reason="localhost">
|
<exception host="{{ organization['admin'] }}@{{ external_domain }}" reason="localhost">
|
||||||
<exception host="{{ organization['admin'] }}@*.{{ external_domain }}" reason="localhost">
|
<exception host="{{ organization['admin'] }}@*.{{ external_domain }}" reason="localhost">
|
||||||
|
|
||||||
#-#-#-#-#-#-#-#-#-#-#- INSANE BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-#
|
|
||||||
# #
|
|
||||||
# This optional tag allows you to specify how wide a gline, eline, #
|
|
||||||
# kline, zline or qline can be before it is forbidden from being #
|
|
||||||
# set. By setting hostmasks="yes", you can allow all G, K, E lines, #
|
|
||||||
# no matter how many users the ban would cover. This is not #
|
|
||||||
# recommended! By setting ipmasks="yes", you can allow all Z lines, #
|
|
||||||
# no matter how many users these cover too. Needless to say we #
|
|
||||||
# don't recommend you do this, or, set nickmasks="yes", which will #
|
|
||||||
# allow any qline. #
|
|
||||||
# #
|
|
||||||
<insane
|
<insane
|
||||||
# hostmasks: Allow bans with insane hostmasks. (over-reaching bans)
|
hostmasks="no"
|
||||||
hostmasks="no"
|
ipmasks="no"
|
||||||
# ipmasks: Allow bans with insane ipmasks. (over-reaching bans)
|
nickmasks="no"
|
||||||
ipmasks="no"
|
trigger="99">
|
||||||
# nickmasks: Allow bans with insane nickmasks. (over-reaching bans)
|
|
||||||
nickmasks="no"
|
|
||||||
# trigger: What percentage of users on the network to trigger
|
|
||||||
# specifying an insane ban as. The default is 95.5%, which means
|
|
||||||
# if you have a 1000 user network, a ban will not be allowed if it
|
|
||||||
# will be banning 955 or more users.
|
|
||||||
trigger="99">
|
|
||||||
|
|
||||||
#########################################################################
|
|
||||||
# #
|
|
||||||
# - InspIRCd Development Team - #
|
|
||||||
# http://www.inspircd.org #
|
|
||||||
# #
|
|
||||||
#########################################################################
|
|
||||||
|
@ -1,35 +1,5 @@
|
|||||||
#-#-#-#-#-#-#-#-#-#-#- SERVER LINK CONFIGURATION -#-#-#-#-#-#-#-#-#-#
|
|
||||||
# #
|
|
||||||
# Defines which servers can link to this one, and which servers this #
|
|
||||||
# server may create outbound links to. #
|
|
||||||
# #
|
|
||||||
# ____ _ _____ _ _ ____ _ _ _ #
|
|
||||||
# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
|
|
||||||
# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
|
|
||||||
# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| #
|
|
||||||
# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) #
|
|
||||||
# #
|
|
||||||
# If you want to link servers to InspIRCd you must load the #
|
|
||||||
# m_spanningtree.so module! #
|
|
||||||
# #
|
|
||||||
# #
|
|
||||||
|
|
||||||
# Server link block
|
|
||||||
#<link name="hub.example.org"
|
|
||||||
# ipaddr="penguin.example.org"
|
|
||||||
# port="7000"
|
|
||||||
# allowmask="203.0.113.0/24"
|
|
||||||
# timeout="300"
|
|
||||||
# ssl="gnutls"
|
|
||||||
# bind="1.2.3.4"
|
|
||||||
# statshidden="no"
|
|
||||||
# hidden="no"
|
|
||||||
# sendpass="outgoing!password"
|
|
||||||
# recvpass="incoming!password">
|
|
||||||
{{ secrets['IRC']['links'] }}
|
{{ secrets['IRC']['links'] }}
|
||||||
|
|
||||||
# Link block for services. Options are the same as for the first
|
|
||||||
# link block (depending on what your services package supports).
|
|
||||||
<link name="ircservices.{{ external_domain }}"
|
<link name="ircservices.{{ external_domain }}"
|
||||||
ipaddr="core.{{ replica_domain }}"
|
ipaddr="core.{{ replica_domain }}"
|
||||||
port="8067"
|
port="8067"
|
||||||
@ -37,19 +7,4 @@
|
|||||||
sendpass="{{ secrets['IRC']['servicespass'] }}"
|
sendpass="{{ secrets['IRC']['servicespass'] }}"
|
||||||
recvpass="{{ secrets['IRC']['servicespass'] }}">
|
recvpass="{{ secrets['IRC']['servicespass'] }}">
|
||||||
|
|
||||||
# Simple autoconnect block. This enables automatic connection to a hub
|
|
||||||
#<autoconnect period="300" server="hub.example.org">
|
|
||||||
|
|
||||||
#<autoconnect period="120" server="hub.us.example.org hub.eu.example.org leaf.eu.example.org">
|
|
||||||
|
|
||||||
|
|
||||||
#-#-#-#-#-#-#-#-#-#-#-#- ULINES CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
|
|
||||||
# This tag defines a ulined server. A U-Lined server has special #
|
|
||||||
# permissions, and should be used with caution. Services servers are #
|
|
||||||
# usually u-lined in this manner. #
|
|
||||||
# #
|
|
||||||
# The 'silent' value, if set to yes, indicates that this server should#
|
|
||||||
# not generate quit and connect notices, which can cut down on noise #
|
|
||||||
# to opers on the network. #
|
|
||||||
# #
|
|
||||||
<uline server="ircservices.{{ external_domain }}" silent="no">
|
<uline server="ircservices.{{ external_domain }}" silent="no">
|
||||||
|
File diff suppressed because it is too large
Load Diff
@ -1,118 +1,12 @@
|
|||||||
#-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
|
# We are not yet deeply using the class system -- only NetAdmins should be managing the network. Most management will be through services.
|
||||||
# #
|
<class name="NetAdmin" commands="*" usermodes="*" chanmodes="*" privs="*">
|
||||||
# Classes are a group of commands which are grouped together and #
|
|
||||||
# given a unique name. They're used to define which commands #
|
|
||||||
# are available to certain types of Operators. #
|
|
||||||
# #
|
|
||||||
# #
|
|
||||||
# Note: It is possible to make a class which covers all available #
|
|
||||||
# commands. To do this, specify commands="*". This is not really #
|
|
||||||
# recommended, as it negates the whole purpose of the class system, #
|
|
||||||
# however it is provided for fast configuration (e.g. in test nets). #
|
|
||||||
# #
|
|
||||||
|
|
||||||
<class
|
|
||||||
name="Shutdown"
|
|
||||||
|
|
||||||
# commands: Oper-only commands that opers of this class can run.
|
|
||||||
commands="CLOSE DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOADMODULE GLOADMODULE GUNLOADMODULE GRELOADMODULE"
|
|
||||||
|
|
||||||
# privs: Special privileges that users with this class may utilise.
|
|
||||||
# VIEWING:
|
|
||||||
# - channels/auspex: allows opers with this priv to see more detail about channels than normal users.
|
|
||||||
# - users/auspex: allows opers with this priv to view more details about users than normal users, e.g. real host and IP.
|
|
||||||
# - servers/auspex: allows opers with this priv to see more detail about server information than normal users.
|
|
||||||
# ACTIONS:
|
|
||||||
# - users/mass-message: allows opers with this priv to PRIVMSG and NOTICE to a server mask (e.g. NOTICE $*)
|
|
||||||
# - channels/high-join-limit: allows opers with this priv to join <channels:opers> total channels instead of <channels:users> total channels.
|
|
||||||
# PERMISSIONS:
|
|
||||||
# - users/flood/no-fakelag: prevents opers from being penalized with fake lag for flooding (*NOTE)
|
|
||||||
# - users/flood/no-throttle: allows opers with this priv to send commands without being throttled (*NOTE)
|
|
||||||
# - users/flood/increased-buffers: allows opers with this priv to send and receive data without worrying about being disconnected for exceeding limits (*NOTE)
|
|
||||||
#
|
|
||||||
# *NOTE: These privs are potentially dangerous, as they grant users with them the ability to hammer your server's CPU/RAM as much as they want, essentially.
|
|
||||||
privs="users/auspex channels/auspex servers/auspex users/mass-message channels/high-join-limit users/flood/no-throttle users/flood/increased-buffers channels/ignore-noctcp channels/restricted-create users/ignore-commonchans users/ignore-noctcp users/ignore-privdeaf users/samode-usermodes"
|
|
||||||
|
|
||||||
# usermodes: Oper-only usermodes that opers with this class can use.
|
|
||||||
usermodes="*"
|
|
||||||
|
|
||||||
# chanmodes: Oper-only channel modes that opers with this class can use.
|
|
||||||
chanmodes="*">
|
|
||||||
|
|
||||||
<class name="SACommands" commands="SAJOIN SAPART SANICK SAQUIT SATOPIC SAKICK SAMODE OJOIN CHECK">
|
|
||||||
<class name="ServerLink" commands="CONNECT SQUIT RCONNECT RSQUIT MKPASSWD ALLTIME SWHOIS JUMPSERVER LOCKSERV UNLOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex">
|
|
||||||
<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES CBAN CLOSE" usermodes="*" chanmodes="*">
|
|
||||||
<class name="OperChat" commands="WALLOPS GLOBOPS" usermodes="*" chanmodes="*" privs="users/mass-message">
|
|
||||||
<class name="HostCloak" commands="SETHOST SETIDENT SETIDLE CHGNAME CHGHOST CHGIDENT" usermodes="*" chanmodes="*" privs="users/auspex">
|
|
||||||
|
|
||||||
|
|
||||||
#-#-#-#-#-#-#-#-#-#-#-#- OPERATOR COMPOSITION -#-#-#-#-#-#-#-#-#-#-#
|
|
||||||
# #
|
|
||||||
# This is where you specify which types of operators you have on #
|
|
||||||
# your server, as well as the commands they are allowed to use. #
|
|
||||||
# This works alongside with the classes specified above. #
|
|
||||||
# #
|
|
||||||
|
|
||||||
<type
|
<type
|
||||||
# name: Name of type. Used in actual server operator accounts below.
|
|
||||||
# Cannot contain spaces. If you would like a space, use
|
|
||||||
# the _ character instead and it will translate to a space on whois.
|
|
||||||
name="NetAdmin"
|
name="NetAdmin"
|
||||||
|
classes="NetAdmin"
|
||||||
# classes: Classes (blocks above) that this type belongs to.
|
|
||||||
classes="SACommands OperChat BanControl HostCloak Shutdown ServerLink"
|
|
||||||
|
|
||||||
# vhost: Host opers of this type get when they log in (oper up). This is optional.
|
|
||||||
vhost="{{ external_domain }}"
|
vhost="{{ external_domain }}"
|
||||||
|
|
||||||
# modes: User modes besides +o that are set on an oper of this type
|
|
||||||
# when they oper up. Used for snomasks and other things.
|
|
||||||
# Requires that m_opermodes.so be loaded.
|
|
||||||
# Set all watchlists for NetAdmins.
|
|
||||||
modes="+s +aAcCjkKlLoOqQr">
|
modes="+s +aAcCjkKlLoOqQr">
|
||||||
<type name="GlobalOp" classes="SACommands OperChat BanControl HostCloak ServerLink" vhost="{{ external_domain }}">
|
|
||||||
<type name="Helper" classes="HostCloak" vhost="{{ external_domain }}">
|
|
||||||
|
|
||||||
|
# Operators are tracked in the vault.
|
||||||
#-#-#-#-#-#-#-#-#-#-#- OPERATOR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
|
|
||||||
# #
|
|
||||||
# Opers are defined here. This is a very important section. #
|
|
||||||
# Remember to only make operators out of trustworthy people. #
|
|
||||||
# #
|
|
||||||
|
|
||||||
# Unhashed operblock
|
|
||||||
#<oper
|
|
||||||
# name="Brain"
|
|
||||||
# password="youshouldhashthis"
|
|
||||||
# host="brain@dialup15.isp.test.com *@localhost *@example.com *@2001:db8::/32"
|
|
||||||
# #fingerprint="67cb9dc013248a829bb2171ed11becd4"
|
|
||||||
# type="NetAdmin">
|
|
||||||
#
|
|
||||||
{% for oper in secrets['IRC']['opers'] %}
|
{% for oper in secrets['IRC']['opers'] %}
|
||||||
<oper name="{{ oper }}" password="{{ secrets['IRC']['opers'][oper] }}" hash="sha256" host="*@127.0.0.1 *@10.0.1.* *@localhost *@aninix.net" type="NetAdmin">
|
<oper name="{{ oper }}" password="{{ secrets['IRC']['opers'][oper] }}" hash="sha256" host="*@127.0.0.1 *@10.0.1.* *@localhost *@aninix.net" type="NetAdmin">
|
||||||
{% endfor %}
|
{% endfor %}
|
||||||
|
|
||||||
#-#-#-#-#-#-#-#-#-#- DIE/RESTART CONFIGURATION -#-#-#-#-#-#-#-#-#-#-
|
|
||||||
# #
|
|
||||||
# You can configure the passwords here which you wish to use for #
|
|
||||||
# the /DIE and /RESTART commands. Only trusted ircops who will #
|
|
||||||
# need this ability should know the die and restart password. #
|
|
||||||
# #
|
|
||||||
<power
|
|
||||||
# hash: what hash these passwords are hashed with.
|
|
||||||
# Requires the module for selected hash (m_md5.so, m_sha256.so
|
|
||||||
# or m_ripemd160.so) be loaded and the password hashing module
|
|
||||||
# (m_password_hash.so) loaded.
|
|
||||||
# Options here are: "md5", "sha256" and "ripemd160", or one of
|
|
||||||
# these prefixed with "hmac-", e.g.: "hmac-sha256".
|
|
||||||
# Optional, but recommended. Create hashed passwords with:
|
|
||||||
# /mkpasswd <hash> <password>
|
|
||||||
hash="sha256"
|
|
||||||
|
|
||||||
# diepass: Password for opers to use if they need to shutdown (die)
|
|
||||||
# a server.
|
|
||||||
diepass="{{ secrets['IRC']['diepass'] }}"
|
|
||||||
|
|
||||||
# restartpass: Password for opers to use if they need to restart
|
|
||||||
# a server.
|
|
||||||
restartpass="{{ secrets['IRC']['restartpass'] }}">
|
|
||||||
|
Loading…
Reference in New Issue
Block a user