From 72a62b63ebcebd370c5996f6c6b4a99004381038 Mon Sep 17 00:00:00 2001 From: DarkFeather Date: Sun, 18 Dec 2022 22:18:43 -0600 Subject: [PATCH] Seeding IRC automation after a lot of work --- roles/IRC/README.md | 44 +- roles/IRC/files/services/irc.service | 17 + roles/IRC/files/services/ircservices.service | 16 + roles/IRC/files/services/ircweb.service | 15 + roles/IRC/tasks/bots.yml | 29 + roles/IRC/tasks/daemon.yml | 60 + roles/IRC/tasks/main.yml | 9 +- roles/IRC/tasks/services.yml | 65 + roles/IRC/tasks/web.yml | 56 + roles/IRC/templates/anope/botserv.conf.j2 | 404 ++++ roles/IRC/templates/anope/chanserv.conf.j2 | 1311 ++++++++++++ roles/IRC/templates/anope/global.conf.j2 | 115 + roles/IRC/templates/anope/hostserv.conf.j2 | 188 ++ roles/IRC/templates/anope/memoserv.conf.j2 | 243 +++ roles/IRC/templates/anope/modules.conf.j2 | 797 +++++++ roles/IRC/templates/anope/nickserv.conf.j2 | 662 ++++++ roles/IRC/templates/anope/operserv.conf.j2 | 701 ++++++ roles/IRC/templates/anope/services.conf.j2 | 1183 ++++++++++ roles/IRC/templates/inspircd/inspircd.conf.j2 | 597 ++++++ roles/IRC/templates/inspircd/links.conf.j2 | 55 + roles/IRC/templates/inspircd/modules.conf.j2 | 1900 +++++++++++++++++ roles/IRC/templates/inspircd/motd.txt.j2 | 45 + roles/IRC/templates/inspircd/opers.conf.j2 | 118 + roles/IRC/templates/inspircd/rules.txt.j2 | 4 + roles/IRC/templates/kiwiirc/config.js.j2 | 259 +++ 25 files changed, 8866 insertions(+), 27 deletions(-) create mode 100644 roles/IRC/files/services/irc.service create mode 100644 roles/IRC/files/services/ircservices.service create mode 100644 roles/IRC/files/services/ircweb.service create mode 100644 roles/IRC/tasks/bots.yml create mode 100644 roles/IRC/tasks/daemon.yml create mode 100644 roles/IRC/tasks/services.yml create mode 100644 roles/IRC/tasks/web.yml create mode 100644 roles/IRC/templates/anope/botserv.conf.j2 create mode 100755 roles/IRC/templates/anope/chanserv.conf.j2 create mode 100755 roles/IRC/templates/anope/global.conf.j2 create mode 100755 roles/IRC/templates/anope/hostserv.conf.j2 create mode 100644 roles/IRC/templates/anope/memoserv.conf.j2 create mode 100644 roles/IRC/templates/anope/modules.conf.j2 create mode 100755 roles/IRC/templates/anope/nickserv.conf.j2 create mode 100755 roles/IRC/templates/anope/operserv.conf.j2 create mode 100644 roles/IRC/templates/anope/services.conf.j2 create mode 100644 roles/IRC/templates/inspircd/inspircd.conf.j2 create mode 100644 roles/IRC/templates/inspircd/links.conf.j2 create mode 100644 roles/IRC/templates/inspircd/modules.conf.j2 create mode 100644 roles/IRC/templates/inspircd/motd.txt.j2 create mode 100644 roles/IRC/templates/inspircd/opers.conf.j2 create mode 100644 roles/IRC/templates/inspircd/rules.txt.j2 create mode 100644 roles/IRC/templates/kiwiirc/config.js.j2 diff --git a/roles/IRC/README.md b/roles/IRC/README.md index bae4bf2..2096fb5 100644 --- a/roles/IRC/README.md +++ b/roles/IRC/README.md @@ -1,53 +1,53 @@ -IRC is a chat system used by members of the AniNIX network. See [[IRC#Available Clients|Available Clients]] for access methods. +IRC is a chat system used by members of the AniNIX network. # Etymology -[https://en.wikipedia.org/wiki/IRC IRC] stands for Internet Relay Chat -- it is a method of text-based communication across the network via various servers. IRC has long been the self-hosted communication medium of choice for hackers, developers, and the fringe -- though overall adoption has dropped a bit with the rise of other social media, networks like [https://freenode.org Freenode] are growing. IRChttps://royal.pingdom.com/2012/04/24/irc-is-dead-long-live-irc/ is moving to the hacker niche, and we follow along. +[IRC](https://en.wikipedia.org/wiki/IRC) stands for Internet Relay Chat -- it is a method of text-based communication across the network via various servers. IRC has long been the self-hosted communication medium of choice for hackers, developers, and the fringe -- though overall adoption has dropped a bit with the rise of other social media, networks like [Libera](https://libera.chat/) are [still growing](https://royal.pingdom.com/2012/04/24/irc-is-dead-long-live-irc/). IRC is moving to the hacker niche, and we follow along. # Relevant Files and Software The configuration for the IRC service is divided into two parts -- the daemon and services. + ## InspIRCd -The IRC daemon is powered by [https://inspircd.org/ InspIRCd 2][[Category:InspIRCd]]. Relevant configuration is in [file:///etc/inspircd/inspircd.conf the conf file] and it logs to [file:///var/log/inspircd/startup.log startup.log]. +The IRC daemon is powered by [InspIRCd](https://inspircd.org/). Relevant configuration is in `/etc/inspircd/` and it logs to journald. + ## Anope -The services component is supplied by [https://www.anope.org/ Anope 2][[Category:Anope]]. Relevant configuration is in [file:///etc/anope/services.conf the services.conf] and it logs to the [file:///var/log/anope/ the anope log]. +The services component is supplied by [Anope](https://www.anope.org/). Relevant configuration is in [the services.conf](file:///etc/anope/services.conf) and it logs to the [its own log](file:///var/log/anope/). -Anope also takes backups of [file:///var/db/anope/anope.db the anope database] to the backups folder in the same location. [[Category:TODO]] +Anope also takes backups of [the anope database](file:///var/db/anope/anope.db) to the backups folder in the same location. -Caution: Anope with version 2.0.3 has some issues with gcc6. If you start encountering segmentation faults with Anope, sign in to [[irc://anope.org#anope The Anope support IRC]]. Script a run of "sudo -u ircd gdb /usr/bin/services core". Enter "r " and when it crashes run "bt full". Quit out of everything and pastebin the file. Provide this to the support staff. +Caution: Anope with version 2.0.3 has some issues with gcc6. If you start encountering segmentation faults with Anope, sign in to `irc://anope.org#anope` (the Anope support IRC network). Script a run of "sudo -u ircd gdb /usr/bin/services core". Enter `r ` and when it crashes run `bt full`. Quit out of everything and pastebin the file. Provide this to the support staff. + +Caution: Arch's packaged version of Anope may be missing critical LDAP modules. We still install the package, but you may need to use a localized install in /opt to get it working. Anope Services' NickServ authentication can be linked to [[Sora|AniNIX::Sora]] for unified credentials.[[Category:LDAP]] ### Service entities -The following entities can be messaged personally (PM'ed) for help with "/msg help +The following entities can be messaged personally (PM'ed) for help with `/msg help` from inside an IRC client. - -[[Category:Public_Service]] * NickServ will manage IRC nicknames. * HostServ will manage IRC virtual hosts, to mask IP's. * ChanServ will manage IRC channels -- new channels can be registered on the network here. * MemoServ will manage IRC memos (short text-message-like messages between users). # Available Clients -You will need to use your own client. All IRC clients will connect to the service by providing the following information: +A [simple web client](https://irc.aninix.net) is hosted. + +For more advanced options like logging, you will need to use your own client. All IRC clients will connect to the service by providing the following information: * Host: aninix.net * Port: 6697 -* The client should accept invalid certificates. +* The client should accept only valid certificates. * The client should automatically join the #lobby channel. * The client should provide a nickname and NickServ password that the user intends to use. ### Clients by OS Some example clients can be found here. -* Linux hosts are strongly recommended to use [https://wiki.archlinux.org/index.php/Weechat weechat] inside [https://wiki.archlinux.org/index.php/Tmux tmux] with the [https://weechat.org/themes/source/crym.theme.html/ crym theme], though a Hexchat version is also available. -* Windows hosts can connect to this service using [https://hexchat.github.io/ HexChat]. -* Mac hosts can use [http://colloquy.info/downloads.html Colloquy]. -* Android hosts can use [http://www.duckspike.net/andchat/ Andchat]. -* iOS devices should use [http://colloquy.info/downloads.html Colloquy's mobile version]. +* Linux hosts are strongly recommended to use [weechat](https://wiki.archlinux.org/index.php/Weechat) inside [tmux](https://wiki.archlinux.org/index.php/Tmux). +* Windows hosts can connect to this service using [HexChat](https://hexchat.github.io/). +* Mac and iOS hosts can use [Colloquy](http://colloquy.info/downloads.html). +* Android hosts can use [AndChat](http://www.duckspike.net/andchat/). # Equivalents or Competition -Rivals to IRC include other IRC networks like [http://freenode.net Freenode], mail services like [https://inbox.google.com Google Inbox], and other chat systems like Slack, Microsoft Teams, Discord, Snapchat, WhatsApp, etc. We use Discord to provide new users with a Web-only bridge to the IRC network at https://aninix.net/irc/ -- [[IRC/Discord Bridge|documentation for our Discord hosting]] is also available.. - -# Additional Reference -{{:IRC/Commands and Modes}} - -### Helpful Reading +Rivals to IRC include other IRC networks like Libera, mail services like [Gmail](https://mail.google.com), and other chat systems like Slack, Microsoft Teams, Discord, Snapchat, WhatsApp, etc. We use Discord to provide new users with a Web-only bridge to the IRC network, but most features are only available within our own network. # Additional Reference +* [IRCHelp.org for operators](https://www.irchelp.org/ircd/ircopguide.html) +* [InspIRCd modes reference](https://docs.inspircd.org/3/user-modes/) diff --git a/roles/IRC/files/services/irc.service b/roles/IRC/files/services/irc.service new file mode 100644 index 0000000..1c3055f --- /dev/null +++ b/roles/IRC/files/services/irc.service @@ -0,0 +1,17 @@ +[Unit] +Description=AniNIX/IRC daemon +Requires=network.target +After=network.target + +[Service] +Type=forking +PIDFile=/var/lib/inspircd/inspircd.pid +ExecStart=/usr/lib/inspircd/inspircd start +ExecReload=/usr/lib/inspircd/inspircd rehash +ExecStop=/usr/lib/inspircd/inspircd stop +Restart=always +User=ircd +Group=ircd + +[Install] +WantedBy=multi-user.target diff --git a/roles/IRC/files/services/ircservices.service b/roles/IRC/files/services/ircservices.service new file mode 100644 index 0000000..044cae1 --- /dev/null +++ b/roles/IRC/files/services/ircservices.service @@ -0,0 +1,16 @@ +[Unit] +Description=AniNIX/IRC | Anope Services +Requires=network.target +After=network.target + +[Service] +Type=simple +PIDFile=/run/anope/anope.pid +ExecStart=/opt/anope/bin/services --confdir=/etc/anope/ --dbdir=/opt/anope/data --localedir=/opt/anope/locale --logdir=/var/log/anope --modulesdir=/opt/anope/lib --nofork +ExecReload=/bin/kill -1 $MAINPID +Restart=always +User=ircd +Group=ircd + +[Install] +WantedBy=multi-user.target diff --git a/roles/IRC/files/services/ircweb.service b/roles/IRC/files/services/ircweb.service new file mode 100644 index 0000000..662326e --- /dev/null +++ b/roles/IRC/files/services/ircweb.service @@ -0,0 +1,15 @@ +[Unit] +Description=AniNIX/IRC Web Client +After=network.target irc.service ircservices.service + +[Service] +WorkingDirectory=/usr/local/src/KiwiIRC/ +ExecStart=/bin/sh ./kiwi -f +ExecReload=/bin/kill -HUP $MAINPID +KillMode=control-group +Restart=always +User=ircd +Group=ircd + +[Install] +WantedBy=multi-user.target diff --git a/roles/IRC/tasks/bots.yml b/roles/IRC/tasks/bots.yml new file mode 100644 index 0000000..630f731 --- /dev/null +++ b/roles/IRC/tasks/bots.yml @@ -0,0 +1,29 @@ +--- + + - user: + name: "{{ item }}" + state: present + shell: "{{ daemon_shell | default('/sbin/nologin') }}" + local: yes + groups: ircd + loop: + - bitbot + - dsbridge + - theraven + - werewolf + + # Install TheRaven package + - package: + name: + - TheRaven + + - git: + repo: 'https://github.com/jesopo/bitbot.git' + dest: /usr/local/src/bitbot/ + clone: yes + update: yes + + - git: + repo: + + - diff --git a/roles/IRC/tasks/daemon.yml b/roles/IRC/tasks/daemon.yml new file mode 100644 index 0000000..98cba5a --- /dev/null +++ b/roles/IRC/tasks/daemon.yml @@ -0,0 +1,60 @@ +--- + + - name: Ensure directory permissions + become: yes + file: + state: directory + path: "{{ item }}" + owner: ircd + group: ircd + mode: 0750 + loop: + - "/var/log/inspircd" + - "/etc/inspircd" + + - name: Copy config and fill in attributes + register: templatefiles + become: yes + template: + src: "inspircd/{{ item }}.j2" + dest: "/etc/inspircd/{{ item }}" + owner: ircd + group: ircd + mode: 0600 + loop: + - inspircd.conf + - modules.conf + - links.conf + - opers.conf + - rules.txt + - motd.txt + + - name: Copy service file + become: yes + register: servicesfile + copy: + src: services/irc.service + dest: /usr/lib/systemd/system/irc.service + owner: root + group: root + mode: 0644 + + - name: Reload services + when: servicesfile.changed + become: yes + systemd: + daemon_reload: true + + - name: Ensure service running + become: yes + service: + name: irc + state: started + enabled: yes + + - name: Reload on config change + become: yes + when: templatefiles.changed or servicesfile.changed + service: + name: irc + state: reloaded diff --git a/roles/IRC/tasks/main.yml b/roles/IRC/tasks/main.yml index 0107254..bbd6614 100644 --- a/roles/IRC/tasks/main.yml +++ b/roles/IRC/tasks/main.yml @@ -8,12 +8,11 @@ - anope - TheRaven - - name: KiwiIRC Web Front - become: yes - git: - repo: https://github.com/prawnsalad/KiwiIRC.git - dest: /usr/local/src/KiwiIRC + - include_tasks: daemon.yml + - include_tasks: services.yml + - include_tasks: web.yml + #- include_tasks: bots.yml diff --git a/roles/IRC/tasks/services.yml b/roles/IRC/tasks/services.yml new file mode 100644 index 0000000..83e40fb --- /dev/null +++ b/roles/IRC/tasks/services.yml @@ -0,0 +1,65 @@ +--- + + - name: Ensure directory permissions + become: yes + file: + state: directory + path: "{{ item }}" + owner: ircd + group: ircd + mode: 0700 + loop: + - "/etc/anope" + - "/opt/anope" + - "/opt/anope/data" + - "/var/log/anope" + + - name: Copy config and fill in attributes + register: templatefiles + become: yes + template: + src: "anope/{{ item }}.j2" + dest: "/etc/anope/{{ item }}" + owner: ircd + group: ircd + mode: 0600 + loop: + - botserv.conf + - chanserv.conf + - global.conf + - hostserv.conf + - memoserv.conf + - modules.conf + - nickserv.conf + - operserv.conf + - services.conf + + - name: Copy service file + become: yes + register: servicesfile + copy: + src: services/ircservices.service + dest: /usr/lib/systemd/system/ircservices.service + owner: root + group: root + mode: 0644 + + - name: Reload services + when: servicesfile.changed + become: yes + systemd: + daemon_reload: true + + - name: Ensure service running + become: yes + service: + name: ircservices + state: started + enabled: yes + + - name: Reload on config change + become: yes + when: templatefiles.changed or servicesfile.changed + service: + name: ircservices + state: reloaded diff --git a/roles/IRC/tasks/web.yml b/roles/IRC/tasks/web.yml new file mode 100644 index 0000000..e17960c --- /dev/null +++ b/roles/IRC/tasks/web.yml @@ -0,0 +1,56 @@ +--- + + - name: Clone KiwiIRC + become: yes + git: + repo: https://github.com/prawnsalad/KiwiIRC.git + dest: /usr/local/src/KiwiIRC + update: no + + - name: Update permissions + become: yes + file: + path: /usr/local/src/KiwiIRC + recurse: yes + owner: ircd + group: ircd + + - name: Populate config + become: yes + register: config + template: + src: kiwiirc/config.js.j2 + dest: /usr/local/src/KiwiIRC/config.js + owner: ircd + group: ircd + mode: 0600 + + - name: Copy service file + become: yes + register: servicesfile + copy: + src: services/ircweb.service + dest: /usr/lib/systemd/system/ircweb.service + owner: root + group: root + mode: 0644 + + - name: Reload services + when: servicesfile.changed + become: yes + systemd: + daemon_reload: true + + - name: Ensure service running + become: yes + service: + name: ircweb + state: started + enabled: yes + + - name: Reload on config change + become: yes + when: config.changed or servicesfile.changed + service: + name: ircweb + state: reloaded diff --git a/roles/IRC/templates/anope/botserv.conf.j2 b/roles/IRC/templates/anope/botserv.conf.j2 new file mode 100644 index 0000000..a00c6e2 --- /dev/null +++ b/roles/IRC/templates/anope/botserv.conf.j2 @@ -0,0 +1,404 @@ +/* + * Example configuration file for BotServ. + */ + +/* + * First, create the service. If you do not want to have a 'BotServ', but do want the ability to have + * ChanServ assigned to channels for the use of fantasy commands, you may delete the below 'service' block. + * + * Note that deleting a 'service' block for a pseudoclient that is already online will not remove the + * client, the client becomes no different from a normal service bot, so you will have to use botserv/bot + * to manually delete the client. + * + * You may then want to map some of the below commands to other services, like placing botserv/bot on + * OperServ so you can delete the below client, and mapping assign and unassign to ChanServ so users are + * able to control whether or not ChanServ is in the channel. You may also want to map botserv/set/nobot + * to OperServ so you can restrict who can assign the other core service clients. + */ +service +{ + /* + * The name of the BotServ client. + * If you change this value, you probably want to change the client directive in the configuration for the botserv module too. + */ + nick = "BotServ" + + /* + * The username of the BotServ client. + */ + user = "services" + + /* + * The hostname of the BotServ client. + */ + host = "ircservices.{{ external_domain }}" + + /* + * The realname of the BotServ client. + */ + gecos = "Bot Service" + + /* + * The modes this client should use. + * Do not modify this unless you know what you are doing. + * + * These modes are very IRCd specific. If left commented, sane defaults + * are used based on what protocol module you have loaded. + * + * Note that setting this option incorrectly could potentially BREAK some, if + * not all, usefulness of the client. We will not support you if this client is + * unable to do certain things if this option is enabled. + */ + #modes = "+o" + + /* + * An optional comma separated list of channels this service should join. Outside + * of log channels this is not very useful, as the service will just idle in the + * specified channels, and will not accept any types of commands. + * + * Prefixes may be given to the channels in the form of mode characters or prefix symbols. + */ + #channels = "@#services,#mychan" +} + +/* + * Core BotServ module. + * + * Provides essential functionality for BotServ. + */ +module +{ + name = "botserv" + + /* + * The name of the client that should be BotServ. + * + * This directive is optional. + */ + client = "BotServ" + + /* + * The default bot options for newly registered channels. Note that changing these options + * will have no effect on channels which are already registered. The list must be separated + * by spaces. + * + * The options are: + * - dontkickops: Channel operators will be protected against BotServ kicks + * - dontkickvoices: Voiced users will be protected against BotServ kicks + * - greet: The channel's BotServ bot will greet incoming users that have set a greet + * in their NickServ settings + * - fantasy: Enables the use of BotServ fantasy commands in the channel + * + * This directive is optional, if left blank, there will be no defaults. + */ + defaults = "greet fantasy" + + /* + * The minimum number of users there must be in a channel before the bot joins it. The best + * value for this setting is 1 or 2. This can be 0, the service bots will not part unless + * specifically unassigned, and will keep the channel open. + */ + minusers = 1 + + /* + * The bots are currently not affected by any modes or bans when they try to join a channel. + * But some people may want to make it act like a real bot, that is, for example, remove all + * the bans affecting the bot before joining the channel, remove a ban that affects the bot + * set by a user when it is in the channel, and so on. Since it consumes a bit more CPU + * time, you should not enable this on larger networks. + * + * This directive is optional. + */ + #smartjoin = yes + + /* + * Modes to set on service bots when they join channels, comment this out for no modes + * + * This directive is optional. + */ + botmodes = "ao" + + /* + * User modes to set on service bots. Read the comment about the service:modes directive + * on why this can be a bad idea to set. + */ + #botumodes = "i" +} + +/* + * Core BotServ commands. + * + * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules + * are loaded you can then configure the commands to be added to any client you like with any name you like. + * + * Additionally, you may provide a permission name that must be in the opertype of users executing the command. + * + * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior. + */ + +/* Give it a help command. */ +command { service = "BotServ"; name = "HELP"; command = "generic/help"; } + +/* + * bs_assign + * + * Provides the commands: + * botserv/assign - Used to assign BotServ bots to channels + * botserv/unassign - Used to unassign BotServ bots + * botserv/set/nobot - Used to prohibit channels from being assigned BotServ bots. + * + * Used for assigning and unassigning bots to channels. + */ +module { name = "bs_assign" } +command { service = "BotServ"; name = "ASSIGN"; command = "botserv/assign"; } +command { service = "BotServ"; name = "UNASSIGN"; command = "botserv/unassign"; } +command { service = "BotServ"; name = "SET NOBOT"; command = "botserv/set/nobot"; permission = "botserv/set/nobot"; } + +/* + * bs_autoassign + * + * Allows service bots to be automatically assigned to channels upon registration. + */ +#module +{ + name = "bs_autoassign" + + /* + * Automatically assign ChanServ to channels upon registration. + */ + bot = "ChanServ" +} + +/* + * bs_badwords + * + * Provides the command botserv/badwords. + * + * Used for controlling the channel badword list. + */ +module +{ + name = "bs_badwords" + + /* + * The maximum number of entries a single bad words list can have. + */ + badwordsmax = 32 + + /* + * If set, BotServ will use case sensitive checking for badwords. + * + * This directive is optional. + */ + #casesensitive = yes +} +command { service = "BotServ"; name = "BADWORDS"; command = "botserv/badwords"; } + +/* + * bs_bot + * + * Provides the command botserv/bot. + * + * Used for administrating BotServ bots. + */ +module { name = "bs_bot" } +command { service = "BotServ"; name = "BOT"; command = "botserv/bot"; permission = "botserv/bot"; } + +/* + * bs_botlist + * + * Provides the command botserv/botlist. + * + * Used for listing all available bots. + */ +module { name = "bs_botlist" } +command { service = "BotServ"; name = "BOTLIST"; command = "botserv/botlist"; } + +/* + * bs_control + * + * Provides the commands botserv/act and botserv/say. + * + * Used for making the bot message a channel. + */ +module { name = "bs_control" } +command { service = "BotServ"; name = "ACT"; command = "botserv/act"; } +command { service = "BotServ"; name = "SAY"; command = "botserv/say"; } + +/* + * bs_info + * + * Provides the command botserv/info. + * + * Used for getting information on bots or channels. + */ +module { name = "bs_info" } +command { service = "BotServ"; name = "INFO"; command = "botserv/info"; } + +/* + * bs_kick + * + * Provides the commands: + * botserv/kick - Dummy help wrapper for the KICK command. + * botserv/kick/amsg - Configures BotServ's AMSG kicker. + * botserv/kick/badwords - Configures BotServ's badwords kicker. + * botserv/kick/bolds - Configures BotServ's bold text kiceker. + * botserv/kick/caps - Configures BotServ's capital letters kicker. + * botserv/kick/colors - Configures BotServ's color kicker. + * botserv/kick/flood - Configures BotServ's flood kicker. + * botserv/kick/italics - Configures BotServ's italics kicker. + * botserv/kick/repeat - Configures BotServ's repeat kicker. + * botserv/kick/reverses - Configures BotServ's reverse kicker. + * botserv/kick/underlines - Configures BotServ's reverse kicker. + * botserv/set/dontkickops - Used for preventing BotServ from kicking channel operators. + * botserv/set/dontkickvoices - Used for preventing BotServ from kicking voices. + * + * Used for configuring what bots should kick for. + */ +module +{ + name = "bs_kick" + + /* + * The amount of time that data for a user is valid in BotServ. If the data exceeds this time, + * it is reset or deleted depending on the case. Do not set it too high, otherwise your + * resources will be slightly affected. + */ + keepdata = 10m + + /* + * If set, the bots will use a kick reason that does not state the word when it is kicking. + * This is especially useful if you have young people on your network. + * + * This directive is optional. + */ + gentlebadwordreason = yes +} +command { service = "BotServ"; name = "KICK"; command = "botserv/kick"; } +command { service = "BotServ"; name = "KICK AMSG"; command = "botserv/kick/amsg"; } +command { service = "BotServ"; name = "KICK BADWORDS"; command = "botserv/kick/badwords"; } +command { service = "BotServ"; name = "KICK BOLDS"; command = "botserv/kick/bolds"; } +command { service = "BotServ"; name = "KICK CAPS"; command = "botserv/kick/caps"; } +command { service = "BotServ"; name = "KICK COLORS"; command = "botserv/kick/colors"; } +command { service = "BotServ"; name = "KICK FLOOD"; command = "botserv/kick/flood"; } +command { service = "BotServ"; name = "KICK ITALICS"; command = "botserv/kick/italics"; } +command { service = "BotServ"; name = "KICK REPEAT"; command = "botserv/kick/repeat"; } +command { service = "BotServ"; name = "KICK REVERSES"; command = "botserv/kick/reverses"; } +command { service = "BotServ"; name = "KICK UNDERLINES"; command = "botserv/kick/underlines"; } + +command { service = "BotServ"; name = "SET DONTKICKOPS"; command = "botserv/set/dontkickops"; } +command { service = "BotServ"; name = "SET DONTKICKVOICES"; command = "botserv/set/dontkickvoices"; } + + +/* + * bs_set + * + * Provides the commands: + * botserv/set/private - Used to prohibit specific BotServ bots from being assigned to channels. + */ +module { name = "bs_set" } +command { service = "BotServ"; name = "SET"; command = "botserv/set"; } +command { service = "BotServ"; name = "SET BANEXPIRE"; command = "botserv/set/banexpire"; } +command { service = "BotServ"; name = "SET PRIVATE"; command = "botserv/set/private"; permission = "botserv/set/private"; } + +/* + * greet + * + * Provides the commands: + * botserv/set/greet - Used for enabling or disabling BotServ's greet messages in a channel. + * nickserv/set/greet, nickserv/saset/greet - Used for changing a users greet message, which is displayed when they enter channels. + */ +module { name = "greet" } +command { service = "BotServ"; name = "SET GREET"; command = "botserv/set/greet"; } +command { service = "NickServ"; name = "SET GREET"; command = "nickserv/set/greet"; } +command { service = "NickServ"; name = "SASET GREET"; command = "nickserv/saset/greet"; permission = "nickserv/saset/greet"; } + +/* + * GREET privilege. + * + * Used by 'greet'. + * + * Users with this privilege have their greet shown when they join channels. + */ +privilege +{ + name = "GREET" + rank = 40 + level = 5 + flag = "g" + xop = "AOP" +} + + +/* + * fantasy + * + * Allows 'fantaisist' commands to be used in channels. + * + * Provides the commands: + * botserv/set/fantasy - Used for enabling or disabling BotServ's fantasist commands. + */ +module +{ + name = "fantasy" + + /* + * Defines the prefixes for fantasy commands in channels. One of these characters will have to be prepended + * to all fantasy commands. If you choose "!", for example, fantasy commands will be "!kick", + * "!op", etc. This directive is optional, if left out, the default fantasy character is "!". + */ + #fantasycharacter = "!." +} +command { service = "BotServ"; name = "SET FANTASY"; command = "botserv/set/fantasy"; } + +/* + * Fantasy commands + * + * Fantasy commands can be executed in channels that have a BotServ bot by prefixing the + * command with one of the fantasy characters configured in botserv's fantasycharacter + * directive. + * + * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior. + */ +fantasy { name = "ACCESS"; command = "chanserv/access"; } +fantasy { name = "AKICK"; command = "chanserv/akick"; } +fantasy { name = "AOP"; command = "chanserv/xop"; } +fantasy { name = "BAN"; command = "chanserv/ban"; } +fantasy { name = "CLONE"; command = "chanserv/clone"; } +fantasy { name = "DEHALFOP"; command = "chanserv/modes"; } +fantasy { name = "DEOP"; command = "chanserv/modes"; } +fantasy { name = "DEOWNER"; command = "chanserv/modes"; } +fantasy { name = "DEPROTECT"; command = "chanserv/modes"; } +fantasy { name = "DEVOICE"; command = "chanserv/modes"; } +fantasy { name = "DOWN"; command = "chanserv/down"; } +fantasy { name = "ENFORCE"; command = "chanserv/enforce"; } +fantasy { name = "ENTRYMSG"; command = "chanserv/entrymsg"; } +fantasy { name = "FLAGS"; command = "chanserv/flags"; } +fantasy { name = "HALFOP"; command = "chanserv/modes"; } +fantasy { name = "HELP"; command = "generic/help"; prepend_channel = false; } +fantasy { name = "HOP"; command = "chanserv/xop"; } +fantasy { name = "INFO"; command = "chanserv/info"; prepend_channel = false; } +fantasy { name = "INVITE"; command = "chanserv/invite"; } +fantasy { name = "K"; command = "chanserv/kick"; } +fantasy { name = "KB"; command = "chanserv/ban"; } +fantasy { name = "KICK"; command = "chanserv/kick"; } +fantasy { name = "LEVELS"; command = "chanserv/levels"; } +fantasy { name = "LIST"; command = "chanserv/list"; prepend_channel = false; } +fantasy { name = "LOG"; command = "chanserv/log"; } +fantasy { name = "MODE"; command = "chanserv/mode"; } +fantasy { name = "MUTE"; command = "chanserv/ban"; kick = no; mode = "QUIET"; } +fantasy { name = "OP"; command = "chanserv/modes"; } +fantasy { name = "OWNER"; command = "chanserv/modes"; } +fantasy { name = "PROTECT"; command = "chanserv/modes"; } +fantasy { name = "QOP"; command = "chanserv/xop"; } +fantasy { name = "SEEN"; command = "chanserv/seen"; prepend_channel = false; } +fantasy { name = "SOP"; command = "chanserv/xop"; } +fantasy { name = "STATUS"; command = "chanserv/status"; } +fantasy { name = "SUSPEND"; command = "chanserv/suspend"; permission = "chanserv/suspend"; } +fantasy { name = "SYNC"; command = "chanserv/sync"; } +fantasy { name = "TOPIC"; command = "chanserv/topic"; } +fantasy { name = "UNBAN"; command = "chanserv/unban"; } +fantasy { name = "UNSUSPEND"; command = "chanserv/unsuspend"; permission = "chanserv/suspend"; } +fantasy { name = "UP"; command = "chanserv/up"; } +fantasy { name = "VOICE"; command = "chanserv/modes"; } +fantasy { name = "VOP"; command = "chanserv/xop"; } diff --git a/roles/IRC/templates/anope/chanserv.conf.j2 b/roles/IRC/templates/anope/chanserv.conf.j2 new file mode 100755 index 0000000..def56ab --- /dev/null +++ b/roles/IRC/templates/anope/chanserv.conf.j2 @@ -0,0 +1,1311 @@ +/* + * Example configuration file for ChanServ. + */ + +/* + * First, create the service. + */ +service +{ + /* + * The name of the ChanServ client. + * If you change this value, you probably want to change the client directive in the configuration for the chanserv module too. + */ + nick = "ChanServ" + + /* + * The username of the ChanServ client. + */ + user = "services" + + /* + * The hostname of the ChanServ client. + */ + host = "ircservices.{{ external_domain }}" + + /* + * The realname of the ChanServ client. + */ + gecos = "Channel Registration Service" + + /* + * The modes this client should use. + * Do not modify this unless you know what you are doing. + * + * These modes are very IRCd specific. If left commented, sane defaults + * are used based on what protocol module you have loaded. + * + * Note that setting this option incorrectly could potentially BREAK some, if + * not all, usefulness of the client. We will not support you if this client is + * unable to do certain things if this option is enabled. + */ + #modes = "+o" + + /* + * An optional comma separated list of channels this service should join. Outside + * of log channels this is not very useful, as the service will just idle in the + * specified channels, and will not accept any types of commands. + * + * Prefixes may be given to the channels in the form of mode characters or prefix symbols. + */ + #channels = "@#services,#mychan" +} + +/* + * Core ChanServ module. + * + * Provides essential functionality for ChanServ. + */ +module +{ + name = "chanserv" + + /* + * The name of the client that should be ChanServ. + */ + client = "ChanServ" + + /* + * The default options for newly registered channels. Note that changing these options + * will have no effect on channels which are already registered. The list must be separated + * by spaces. + * + * The options are: + * - keeptopic: Retain topic when the channel is not in use + * - peace: Disallow users from kicking or removing modes from others who are of the same + * access level or superior + * - cs_private: Hide the channel from ChanServ's LIST command + * - restricted: Kick/ban users who are restricted from the channel + * - cs_secure: Enable channel security, requiring the user to be identified with NickServ in + * order to be considered for being on the access list of the channel + * - secureops: Only allow operator status to be given if the user is on the access list + * - securefounder: Only allow the real founder of the channel to drop the channel, change it's + * password, or change the founder or successor + * - signkick: Use of ChanServ's KICK command will cause the user's nick to be signed to the kick. + * - signkick_level: Same as above, but the kick will not be signed if the user is at the same access + * level or superior to the target + * - topiclock: Disallow the topic to be changed except with ChanServ's TOPIC command + * - persist: Keep the channel open at all times + * - noautoop: Disables autoop on the channel + * - cs_keep_modes: Enables keep modes on the channel, which retains modes when the channel is + * not in use. + * - none: No defaults + * + * This directive is optional, if left blank, the options will default to keeptopic, cs_secure, securefounder, + * and signkick. If you really want no defaults, use "none" by itself as the option. + */ + defaults = "keeptopic peace cs_secure securefounder secureops topiclock persist cs_keep_modes signkick topiclock" + + /* + * The maximum number of channels which may be registered to a single nickname. + * + * This directive is optional, but recommended. + * If not set, there will be no restriction on the numbers of channels a single nickname can have registered. + */ + maxregistered = 20 + + /* + * The length of time before a channel registration expires. + * + * This directive is optional, but recommended. + * If not set, the default is 14 days. + */ + expire = 14d + + /* + * The maximum number of entries on a channel's access list. + * If not set, the default is 1024. This can be set to 0 for unlimited. + */ + accessmax = 1024 + + /* + * The length of time ChanServ stays in a channel after kicking a user from a channel they are not + * permitted to be in. This only occurs when the user is the only one in the channel. + */ + inhabit = 15s + + /* + * Allow only IRC Operators to use ChanServ. + * + * This directive is optional. + */ + #opersonly = yes + + /* + * Modes that will not be allowed to be locked. Oper only modes such as +O + * are always restricted from regular users and are not affected by this. + * Comment out for no restrictions. + */ + #nomlock = "P" + + /* + * Modes that are required to be set and only set on all registered channels. + * These modes can not be locked or unlocked. The registered channel mode is + * automatically always required, if such a mode exists. + */ + #require = "r" + + /* + * The maximum length of the reason field for user commands such as chanserv/kick + * and chanserv/ban. + */ + reasonmax = 200 + /* + * The message formatting to use for signed kick messages. + * %n is the nick of the kicker + * %m is the message specified + */ + signkickformat = "%m (%n)" + + + /* + * If set, prevents channel access entries from containing hostmasks. + */ + disallow_hostmask_access = false + + /* + * If set, prevents channels from being on access lists. + */ + disallow_channel_access = false + + /* + * If set, ChanServ will always lower the timestamp of registered channels to their registration date. + * This prevents several race conditions where unauthorized users can join empty registered channels and set + * modes etc. prior to services deopping them. + */ + always_lower_ts = false +} + +/* + * ChanServ privilege configuration. + * + * ChanServ privileges are used to determine who has what access in channels. By default the core has its own + * set of privileges it uses for various commands, which are defined below. Privilege ranks are used to + * determine how powerful privileges are relative to other privileges, which is used by Anope to determine + * who has greater access in a channel. + * + * If you load cs_access, you may define a level for the privilege, which is used by chanserv/access and chanserv/levels. + * The levels defined will be used as the default levels for newly registered channels. + * The level "founder" is a special level which means anyone with the privilege FOUNDER on the channel + * has that permission. Additionally, the level "disabled" means that no one can use the privilege, including founders. + * + * If you load cs_flags, you may define a flag associated with that privilege for use in chanserv/flags. + * + * If you load cs_xop, you may define a XOP command to associate the privilege with. + * + * The name of privileges are uesd to associate them with channel modes. If you are using an IRCd that allows you to define additional + * channel status modes, such as InspIRCd, you can associate privileges (and thus access levels, flags, xop) with the mode by naming + * the privileges appropriately. For example, if you had a channel mode called admin, you could create AUTOADMIN, ADMIN, and ADMINME + * privileges which would automatically be associated with that channel mode. + * + * Defining new privileges here is not useful unless you have a module (eg, a third party one) made to check for + * the specific level you are defining. + * + * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior. + */ + +/* + * ACCESS_CHANGE privilege. + * + * Used by chanserv/access, chanserv/flags and chanserv/xop. + * + * Users with this permission can modify the permissions of others. + */ +privilege +{ + name = "ACCESS_CHANGE" + rank = 0 + level = 10 + flag = "f" + xop = "SOP" +} + +/* + * ACCESS_LIST privilege. + * + * Used by chanserv/access, chanserv/flags, and chanserv/xop. + * + * Users with this permission can view the access list of channels. + */ +privilege +{ + name = "ACCESS_LIST" + rank = 10 + level = 3 + flag = "f" + xop = "VOP" +} + +/* + * AKICK privilege. + * + * Used by chanserv/akick and chanserv/enforce. + * + * Users with this permission can modify the AKICK list. + */ +privilege +{ + name = "AKICK" + rank = 250 + level = 10 + flag = "K" + xop = "SOP" +} + +/* + * ASSIGN privilege. + * + * Used by botserv/assign. + * + * Users with this permission can assign and unassign BotServ bots to and from the channel. + */ +privilege +{ + name = "ASSIGN" + rank = 270 + level = "founder" + flag = "s" + xop = "QOP" +} + +/* + * AUTOHALFOP privilege. + * + * Used by the core. + * + * Users with this permission get halfop on join. + */ +privilege +{ + name = "AUTOHALFOP" + rank = 100 + level = 4 + flag = "H" + xop = "HOP" +} + +/* + * AUTOOP privilege. + * + * Used by the core. + * + * Users with this permission get op on join. + */ +privilege +{ + name = "AUTOOP" + rank = 210 + level = 5 + flag = "O" + xop = "AOP" +} + +/* + * AUTOOWNER privilege. + * + * Used by the core. + * + * Users with this permission get owner on join. + */ +privilege +{ + name = "AUTOOWNER" + rank = 330 + level = 9999 + flag = "Q" + xop = "QOP" +} + +/* + * AUTOPROTECT privilege. + * + * Used by the core. + * + * Users with this permission get admin on join. + */ +privilege +{ + name = "AUTOPROTECT" + rank = 240 + level = 10 + flag = "A" + xop = "SOP" +} + +/* + * AUTOVOICE privilege. + * + * Used by the core. + * + * Users with this permission get voice on join. + */ +privilege +{ + name = "AUTOVOICE" + rank = 50 + level = 3 + flag = "V" + xop = "VOP" +} + +/* + * BADWORDS privilege. + * + * Used by botserv/badwords. + * + * Users with this permission can modify BotServ's BADWORDS list. + */ +privilege +{ + name = "BADWORDS" + rank = 260 + level = 10 + flag = "K" + xop = "SOP" +} + +/* + * BAN privilege. + * + * Used by chanserv/ban. + * + * Users with this permission can use the BAN command. + */ +privilege +{ + name = "BAN" + rank = 150 + level = 4 + flag = "b" + xop = "HOP" +} + +/* + * FANTASIA privilege. + * + * Used by botserv/main and chanserv/xop. + * + * Users with this permission can use fantasy commands in the channel. + */ +privilege +{ + name = "FANTASIA" + rank = 30 + level = 3 + flag = "c" + xop = "VOP" +} + +/* + * FOUNDER privilege. + * + * Used by chanserv/access, chanserv/akick, + * chanserv/drop, chanserv/set/founder, + * chanserv/set/securefounder, chanserv/set/successor and chanserv/xop. + * + * Users with this permission are treated as founders and can use + * commands restricted to founders. + */ +privilege +{ + name = "FOUNDER" + rank = 360 + level = 10000 + flag = "F" + xop = "QOP" +} + +/* + * GETKEY privilege. + * + * Used by chanserv/getkey and nickserv/ajoin. + * + * Users with this permission can get they channel key with GETKEY and + * can use nickserv/ajoin to join channels with keys. + */ +privilege +{ + name = "GETKEY" + rank = 180 + level = 5 + flag = "G" + xop = "AOP" +} + +/* + * HALFOP privilege. + * + * Used by chanserv/mode, chanserv/halfop and chanserv/dehalfop. + * + * Users with this permission can use ChanServ to halfop and dehalfop + * others in the channel. + */ +privilege +{ + name = "HALFOP" + rank = 120 + level = 5 + flag = "h" + xop = "AOP" +} + +/* + * HALFOPME privilege. + * + * Used by chanserv/mode, chanserv/halfop and chanserv/dehalfop. + * + * Users with this permission can use ChanServ to halfop and dehalfop + * themselves in the channel. + */ +privilege +{ + name = "HALFOPME" + rank = 110 + level = 4 + flag = "h" + xop = "HOP" +} + +/* + * INFO privilege. + * + * Used by botserv/info and chanserv/info. + * + * Users with this permission are allowed to get the full INFO output + * from BotServ and ChanServ. + */ +privilege +{ + name = "INFO" + rank = 80 + level = 9999 + flag = "I" + xop = "QOP" +} + +/* + * INVITE privilege. + * + * Used by chanserv/invite and nickserv/ajoin. + * + * Users with this permission can invite users through ChanServ and + * join invite only channels with nickserv/ajoin. + */ +privilege +{ + name = "INVITE" + rank = 190 + level = 5 + flag = "i" + xop = "AOP" +} + +/* + * KICK privilege. + * + * Used by chanserv/kick. + * + * Users with this permission can use the KICK command. + */ +privilege +{ + name = "KICK" + rank = 130 + level = 4 + flag = "k" + xop = "HOP" +} + +/* + * MEMO privilege. + * + * Used by memoserv/del, memoserv/ignore, memoserv/info, memoserv/list, + * memoserv/main, memoserv/read and memoserv/set. + * + * Users with this permission can manage channel memos. + */ +privilege +{ + name = "MEMO" + rank = 280 + level = 10 + flag = "m" + xop = "SOP" +} + +/* + * MODE privilege. + * + * Used by chanserv/mode. + * + * Users with this permission can set modes through ChanServ and change + * the mode lock. + */ +privilege +{ + name = "MODE" + rank = 170 + level = 9999 + flag = "s" + xop = "QOP" +} + +/* + * NOKICK privilege. + * + * Used by botserv/kick. + * + * Users with this permission are spared from automated BotServ kicks. + */ +privilege +{ + name = "NOKICK" + rank = 20 + level = 1 + flag = "N" + xop = "VOP" +} + +/* + * OP privilege. + * + * Used by chanserv/mode, chanserv/modes. + * + * Users with this permission can use ChanServ to op and deop + * others in the channel. + */ +privilege +{ + name = "OP" + rank = 230 + level = 5 + flag = "o" + xop = "SOP" +} + +/* + * OPME privilege. + * + * Used by chanserv/mode, chanserv/modes. + * + * Users with this permission can use ChanServ to op and deop + * themselves in the channel. + */ +privilege +{ + name = "OPME" + rank = 220 + level = 5 + flag = "o" + xop = "AOP" +} + +/* + * OWNER privilege. + * + * Used by chanserv/mode and chanserv/modes. + * + * Users with this permission can use ChanServ to owner and deowner + * others in the channel. + */ +privilege +{ + name = "OWNER" + rank = 350 + level = "founder" + flag = "q" + xop = "QOP" +} + +/* + * OWNERME privilege. + * + * Used by chanserv/mode and chanserv/modes. + * + * Users with this permission can use ChanServ to owner and deowner + * themselves in the channel. + */ +privilege +{ + name = "OWNERME" + rank = 340 + level = 9999 + flag = "q" + xop = "QOP" +} + +/* + * PROTECT privilege. + * + * Used by chanserv/mode and chanserv/modes. + * + * Users with this permission can use ChanServ to protect and deprotect + * others in the channel. + */ +privilege +{ + name = "PROTECT" + rank = 310 + level = 9999 + flag = "a" + xop = "QOP" +} + +/* + * PROTECTME privilege. + * + * Used by chanserv/mode and chanserv/modes. + * + * Users with this permission can use ChanServ to protect and deprotect + * themselves in the channel. + */ +privilege +{ + name = "PROTECTME" + rank = 300 + level = 10 + flag = "a" + xop = "AOP" +} + +/* + * SAY privilege. + * + * Used by botserv/control. + * + * Users with this permission can use the BotServ bot in the channel to + * say or do a /me with the provided message. + */ +privilege +{ + name = "SAY" + rank = 90 + level = 5 + flag = "B" + xop = "AOP" +} + +/* + * SET privilege. + * + * Used by botserv/kick, botserv/set, chanserv/clone, chanserv/log, + * chanserv/saset/noexpire and chanserv/set. + * + * Users with this permission can set what BotServ will kick for, change + * BotServ and ChanServ settings, clone ChanServ channel setings, and + * set ChanServ logging options. + */ +privilege +{ + name = "SET" + rank = 320 + level = 9999 + flag = "s" + xop = "QOP" +} + +/* + * SIGNKICK privilege. + * + * Used by chanserv/ban and chanserv/kick. + * + * Users with this permission won't get their nick shown in the kick + * through ChanServ when the setting SIGNKICK is set to LEVEL. + */ +privilege +{ + name = "SIGNKICK" + rank = 140 + level = 9999 + flag = "K" + xop = "QOP" +} + +/* + * TOPIC privilege. + * + * Used by chanserv/topic. + * + * Users with this permission can change the channel topic through ChanServ. + */ +privilege +{ + name = "TOPIC" + rank = 160 + level = 5 + flag = "t" + xop = "AOP" +} + +/* + * UNBAN privilege. + * + * Used by chanserv/unban. + * + * Users with this permission can unban themselves and others through ChanServ. + */ +privilege +{ + name = "UNBAN" + rank = 200 + level = 4 + flag = "u" + xop = "HOP" +} + +/* + * VOICE privilege. + * + * Used by chanserv/mode and chanserv/modes. + * + * Users with this permission can use ChanServ to voice and devoice + * others in the channel. + */ +privilege +{ + name = "VOICE" + rank = 70 + level = 4 + flag = "v" + xop = "HOP" +} + +/* + * VOICEME privilege. + * + * Used by chanserv/mode and chanserv/modes. + * + * Users with this permission can use ChanServ to voice and devoice + * themselves in the channel. + */ +privilege +{ + name = "VOICEME" + rank = 60 + level = 3 + flag = "v" + xop = "VOP" +} + +/* + * Core ChanServ commands. + * + * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules + * are loaded you can then configure the commands to be added to any client you like with any name you like. + * + * Additionally, you may provide a permission name that must be in the opertype of users executing the command. + * + * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior. + */ + +/* Command group configuration for ChanServ. + * + * Commands may optionally be placed into groups to make ChanServ's HELP output easier to understand. + * Remove the following groups to use the old behavior of simply listing all ChanServ commands from HELP. + */ +command_group +{ + name = "chanserv/access" + description = _("Used to manage the list of privileged users") +} + +command_group +{ + name = "chanserv/status" + description = _("Used to modify the channel status of you or other users") +} + +command_group +{ + name = "chanserv/management" + description = _("Used to manage channels") +} + +command_group +{ + name = "chanserv/admin" + description = _("Services Operator commands") +} + +/* Give it a help command. */ +command { service = "ChanServ"; name = "HELP"; command = "generic/help"; } + +/* + * cs_access + * + * Provides commands chanserv/access and chanserv/levels. + * Provides the access system "levels". + * + * Used for giving users access in channels using a levels system. Allows allows redefining which privileges + * are representated by given level on a per channel basis. + * + * The "LIST" subcommand of chanserv/access will show every access entry on the channel, including access + * entries not added by cs_access. The "level" of these entries will be the representation of the access + * entry by the other access system, which could be an XOP command name, or a set of flags. + */ +module { name = "cs_access" } +command { service = "ChanServ"; name = "ACCESS"; command = "chanserv/access"; group = "chanserv/access"; } +command { service = "ChanServ"; name = "LEVELS"; command = "chanserv/levels"; group = "chanserv/access"; } + +/* + * cs_akick + * + * Provides the command chanserv/akick. + * + * Used for preventing users from joining channels. + */ +module +{ + name = "cs_akick" + + /* + * The maximum number of entries on a channel's autokick list. + */ + autokickmax = 32 + + /* + * The default reason for an autokick if none is given. + */ + autokickreason = "User has been banned from the channel" +} +command { service = "ChanServ"; name = "AKICK"; command = "chanserv/akick"; group = "chanserv/management"; } + +/* + * cs_ban + * + * Provides the command chanserv/ban. + * + * The configuration option 'kick' may be set in a command block for this command to control + * whether or not users will be kicked from the channel once banned. The default is 'yes'. + * + * The configuration option 'mode' may be set to control which mode is set, such as BAN or QUIET. + * The default is BAN. + * + * Used for banning users from channels. + */ +module { name = "cs_ban" } +command { service = "ChanServ"; name = "BAN"; command = "chanserv/ban"; } + +/* + * cs_clone + * + * Provides the command chanserv/clone. + * + * Used for copying channel settings from one channel to another. + */ +module { name = "cs_clone" } +command { service = "ChanServ"; name = "CLONE"; command = "chanserv/clone"; group = "chanserv/management"; } + +/* + * cs_drop + * + * Provides the command chanserv/drop. + * + * Used for unregistering channels. + */ +module { name = "cs_drop" } +command { service = "ChanServ"; name = "DROP"; command = "chanserv/drop"; } + +/* + * cs_enforce + * + * Provides the command chanserv/enforce. + * + * Used to enforce various channel settings such as secureops and restricted. + */ +module { name = "cs_enforce" } +command { service = "ChanServ"; name = "ENFORCE"; command = "chanserv/enforce"; group = "chanserv/management"; } + +/* + * cs_entrymsg + * + * Provides the command chanserv/entrymsg. + * + * Used to configure entry messages sent to users when they join a channel. + */ +module +{ + name = "cs_entrymsg" + + /* The maximum number of entrymsgs allowed per channel. If not set, defaults to 5. */ + maxentries = 5 +} +command { service = "ChanServ"; name = "ENTRYMSG"; command = "chanserv/entrymsg"; group = "chanserv/management"; } + +/* + * cs_flags + * + * Provides the command chanserv/flags. + * Provides the access system "flags". + * + * Used for giving users access in channels. + * + * The "LIST" subcommand of chanserv/flags will show every access entry on the channel, including access + * entries not added by cs_flags. The "Flags" of these entries will be the flags representation of the + * privilege set granted by the access entry. + */ +module { name = "cs_flags" } +command { service = "ChanServ"; name = "FLAGS"; command = "chanserv/flags"; group = "chanserv/access"; } + +/* + * cs_getkey + * + * Provides the command chanserv/getkey. + * + * Used for getting the key for channels. + */ +module { name = "cs_getkey" } +command { service = "ChanServ"; name = "GETKEY"; command = "chanserv/getkey"; } + +/* + * cs_info + * + * Provides the command chanserv/info. + * + * Used for getting information about channels. + */ +module { name = "cs_info" } +command { service = "ChanServ"; name = "INFO"; command = "chanserv/info"; } + +/* + * cs_invite + * + * Provides the command chanserv/invite. + * + * Used for inviting yourself in to channels. + */ +module { name = "cs_invite" } +command { service = "ChanServ"; name = "INVITE"; command = "chanserv/invite"; } + +/* + * cs_kick + * + * Provides the command chanserv/kick. + * + * Used for kicking users from channels. + */ +module { name = "cs_kick" } +command { service = "ChanServ"; name = "KICK"; command = "chanserv/kick"; } + +/* + * cs_list + * + * Provides the commands: + * chanserv/list - Used for retrieving and searching the registered channel list. + * chanserv/set/private - Used for setting whether channels should show up in chanserv/list. + */ +module +{ + name = "cs_list" + + /* + * The maximum number of channels to be returned for a ChanServ LIST command. + */ + listmax = 50 +} +command { service = "ChanServ"; name = "LIST"; command = "chanserv/list"; } + +command { service = "ChanServ"; name = "SET PRIVATE"; command = "chanserv/set/private"; } + + +/* + * cs_log + * + * Provides the command chanserv/log. + * + * Use for configuring what actions on channels are logged and where. + */ +module +{ + name = "cs_log" + + /* Default log settings for newly registered channels */ + + #default + { + command = "chanserv/modes" + method = "MESSAGE @" + } + + #default + { + service = "ChanServ" + command = "ACCESS" + method = "MESSAGE @" + } + + #default + { + command = "chanserv/xop" + method = "MESSAGE @" + } + + #default + { + service = "ChanServ" + command = "FLAGS" + method = "MESSAGE @" + } +} +command { service = "ChanServ"; name = "LOG"; command = "chanserv/log"; group = "chanserv/management"; } + +/* + * cs_mode + * + * Provides the command chanserv/mode and chanserv/modes. + * + * Used for changing mode locks and changing modes. Multiple commands may be mapped to chanserv/modes, the + * configuration directive 'set' and 'unset' are used to tell chanserv/modes which modes should be set or + * unset when the command is executed. + */ +module +{ + name = "cs_mode" + + /* + * Default modes for mode lock, these are set on newly registered channels. + * + * If not set, the default is +nt. + */ + mlock = "+nt" +} +command { service = "ChanServ"; name = "MODE"; command = "chanserv/mode"; group = "chanserv/management"; } + +command { service = "ChanServ"; name = "OWNER"; command = "chanserv/modes"; group = "chanserv/status"; set = "OWNER" } +command { service = "ChanServ"; name = "DEOWNER"; command = "chanserv/modes"; group = "chanserv/status"; unset = "OWNER" } + +command { service = "ChanServ"; name = "PROTECT"; command = "chanserv/modes"; group = "chanserv/status"; set = "PROTECT" } +command { service = "ChanServ"; name = "DEPROTECT"; command = "chanserv/modes"; group = "chanserv/status"; unset = "PROTECT" } + +command { service = "ChanServ"; name = "OP"; command = "chanserv/modes"; group = "chanserv/status"; set = "OP" } +command { service = "ChanServ"; name = "DEOP"; command = "chanserv/modes"; group = "chanserv/status"; unset = "OP" } + +command { service = "ChanServ"; name = "HALFOP"; command = "chanserv/modes"; group = "chanserv/status"; set = "HALFOP" } +command { service = "ChanServ"; name = "DEHALFOP"; command = "chanserv/modes"; group = "chanserv/status"; unset = "HALFOP" } + +command { service = "ChanServ"; name = "VOICE"; command = "chanserv/modes"; group = "chanserv/status"; set = "VOICE" } +command { service = "ChanServ"; name = "DEVOICE"; command = "chanserv/modes"; group = "chanserv/status"; unset = "VOICE" } + + +/* + * cs_register + * + * Provides the commands chanserv/register. + * + * Used for registering channels. + */ +module { name = "cs_register" } +command { service = "ChanServ"; name = "REGISTER"; command = "chanserv/register"; } + +/* + * cs_seen + * + * Provides the commands chanserv/seen and operserv/seen. + * + * Records the last time a user was seen and what they were doing and allows users to request this data. + * Also allows administrators to view stats about seen data and purge the database. + */ +module +{ + name = "cs_seen" + + /* If set, uses the older 1.8 style seen, which is less resource intensive */ + simple = false + + /* Sets the time to keep seen entries in the seen database. */ + purgetime = "30d" + + /* Sets the delay between checks for expired seen entries. */ + expiretimeout = "1d" +} +command { service = "OperServ"; name = "SEEN"; command = "operserv/seen"; permission = "operserv/seen"; } + +/* + * cs_set + * + * Provides the commands: + * chanserv/set and chanserv/saset - Dummy help wrappers for the SET commands. + * chanserv/set/autoop - Used for configuring whether or not ChanServ automatically gives channel status to users. + * chanserv/set/bantype - Used for controlling what format of bans are placed on channels. + * chanserv/set/description - Used for changing channels descriptions. + * chanserv/set/founder - Used for changing a channel's founder. + * chanserv/set/keepmodes - Used for enabling or disabling keepmodes, which retains channel modes. + * chanserv/set/peace - Used for configuring if users are able to kick other users with higher access than them. + * chanserv/set/persist - Used for setting whether ChanServ should stay in channels after the last user leaves. + * chanserv/set/restricted - Used for setting whether users not on a channel's access list can join. + * chanserv/set/secure - Used for setting whether users who are recognized for accounts should have their access in channels. + * chanserv/set/securefounder - Used for setting whether users with founder level access in channels have true founder or not. + * chanserv/set/secureops - Used for restricting who can have channel op privilege in a channel to those whom have access in the channel. + * chanserv/set/signkick - Used for setting signkick, which appends the kicker's name to kicks sent through ChanServ. + * chanserv/set/successor - Used for setting channel successors, which become channel founders if the founders' account expires. + * chanserv/saset/noexpire - Used for setting noexpire, which prevents channels from expiring. + * + * This is a dummy command to provide a help wrapper for the various SET commands. + */ +module +{ + name = "cs_set" + + /* + * The default ban type for newly registered channels. + * + * defbantype can be: + * + * 0: ban in the form of *!user@host + * 1: ban in the form of *!*user@host + * 2: ban in the form of *!*@host + * 3: ban in the form of *!*user@*.domain + */ + defbantype = 2 + + /* + * If set, persisent channels have their creation times lowered to their + * original registration dates. + */ + persist_lower_ts = true +} +command { service = "ChanServ"; name = "SET"; command = "chanserv/set"; group = "chanserv/management"; } +command { service = "ChanServ"; name = "SET AUTOOP"; command = "chanserv/set/autoop"; } +command { service = "ChanServ"; name = "SET BANTYPE"; command = "chanserv/set/bantype"; } +command { service = "ChanServ"; name = "SET DESCRIPTION"; command = "chanserv/set/description"; } +command { service = "ChanServ"; name = "SET DESC"; command = "chanserv/set/description"; } +command { service = "ChanServ"; name = "SET FOUNDER"; command = "chanserv/set/founder"; } +command { service = "ChanServ"; name = "SET KEEPMODES"; command = "chanserv/set/keepmodes"; } +command { service = "ChanServ"; name = "SET PEACE"; command = "chanserv/set/peace"; } +command { service = "ChanServ"; name = "SET PERSIST"; command = "chanserv/set/persist"; } +command { service = "ChanServ"; name = "SET RESTRICTED"; command = "chanserv/set/restricted"; } +command { service = "ChanServ"; name = "SET SECURE"; command = "chanserv/set/secure"; } +command { service = "ChanServ"; name = "SET SECUREFOUNDER"; command = "chanserv/set/securefounder"; } +command { service = "ChanServ"; name = "SET SECUREOPS"; command = "chanserv/set/secureops"; } +command { service = "ChanServ"; name = "SET SIGNKICK"; command = "chanserv/set/signkick"; } +command { service = "ChanServ"; name = "SET SUCCESSOR"; command = "chanserv/set/successor"; } +command { service = "ChanServ"; name = "SET NOEXPIRE"; command = "chanserv/saset/noexpire"; permission = "chanserv/saset/noexpire"; } + +/* + * cs_set_misc + * + * Provides the command chanserv/set/misc. + * + * Allows you to create arbitrary commands to set data, and have that data show up in chanserv/info. + * A field named misc_description may be given for use with help output. + */ +module { name = "cs_set_misc" } +command { service = "ChanServ"; name = "SET URL"; command = "chanserv/set/misc"; misc_description = _("Associate a URL with the channel"); } +command { service = "ChanServ"; name = "SET EMAIL"; command = "chanserv/set/misc"; misc_description = _("Associate an E-mail address with the channel"); } + +/* + * cs_status + * + * Provides the command chanserv/status. + * + * Used for determining a user's access on a channel and whether + * or not they match any autokick entries. + */ +module { name = "cs_status" } +command { service = "ChanServ"; name = "STATUS"; command = "chanserv/status"; } + +/* + * cs_suspend + * + * Provides the commands chanserv/suspend and chanserv/unsuspend. + * + * Used for suspending and unsuspending channels. Suspended channels can not be used but their settings are stored. + */ +module +{ + name = "cs_suspend" + + /* + * The length of time before a suspended channel expires. + * + * This directive is optional. + * If not set, the default is never. + */ + expire = 90d + + /* + * Settings to show to non-opers in ChanServ's INFO output. + * Comment to completely disable showing any information about + * suspended channels to non-opers. + */ + show = "suspended, by, reason, on, expires" +} +command { service = "ChanServ"; name = "SUSPEND"; command = "chanserv/suspend"; permission = "chanserv/suspend"; group = "chanserv/admin"; } +command { service = "ChanServ"; name = "UNSUSPEND"; command = "chanserv/unsuspend"; permission = "chanserv/suspend"; group = "chanserv/admin"; } + +/* + * cs_sync + * + * Provides the command chanserv/sync. + * + * Used to sync users channel status modes with what access they have. + */ +module { name = "cs_sync" } +command { service = "ChanServ"; name = "SYNC"; command = "chanserv/sync"; group = "chanserv/management"; } + +/* + * cs_topic + * + * Provides the commands: + * chanserv/topic - Used for changing the channel topic. Useful in conjunction with chanserv/set/topiclock. + * chanserv/set/keeptopic - Used for configuring if ChanServ is to restore the channel topic when a channel is created. + * + */ +module { name = "cs_topic" } +command { service = "ChanServ"; name = "TOPIC"; command = "chanserv/topic"; group = "chanserv/management"; } +command { service = "ChanServ"; name = "SET KEEPTOPIC"; command = "chanserv/set/keeptopic"; } + +/* + * cs_unban + * + * Provides the command chanserv/unban. + * + * Used for unbanning users from channels. + */ +module { name = "cs_unban" } +command { service = "ChanServ"; name = "UNBAN"; command = "chanserv/unban"; } + +/* + * cs_updown + * + * Provides the commands chanserv/up and chanserv/down. + * + * Used for setting or removing your status modes on a channel. + */ +module { name = "cs_updown" } +command { service = "ChanServ"; name = "DOWN"; command = "chanserv/down"; group = "chanserv/status"; } +command { service = "ChanServ"; name = "UP"; command = "chanserv/up"; group = "chanserv/status"; } + +/* + * cs_xop + * + * Provides the command chanserv/xop. + * Provides the access system "XOP". + * + * Used for giving users access in channels. Many commands may be linked to chanserv/xop, but the + * privileges given by each is determined by the privilege:xop settings above. These commands should + * be ordered from highest to lowest, as each command inherits the privileges of the commands below + * it. + * + * The "LIST" subcommand of chanserv/xop will show only XOP access entries of the given XOP type. You + * can not view the entire access list at once, and instead should use another access system to do that. + */ +module { name = "cs_xop" } +command { service = "ChanServ"; name = "QOP"; command = "chanserv/xop"; group = "chanserv/access"; } +command { service = "ChanServ"; name = "SOP"; command = "chanserv/xop"; group = "chanserv/access"; } +command { service = "ChanServ"; name = "AOP"; command = "chanserv/xop"; group = "chanserv/access"; } +command { service = "ChanServ"; name = "HOP"; command = "chanserv/xop"; group = "chanserv/access"; } +command { service = "ChanServ"; name = "VOP"; command = "chanserv/xop"; group = "chanserv/access"; } + + +/* + * Extra ChanServ related modules. + */ + +/* + * cs_statusupdate + * + * This module automatically updates users status on channels when the + * channel's access list is modified. + */ +module { name = "cs_statusupdate" } diff --git a/roles/IRC/templates/anope/global.conf.j2 b/roles/IRC/templates/anope/global.conf.j2 new file mode 100755 index 0000000..0f74931 --- /dev/null +++ b/roles/IRC/templates/anope/global.conf.j2 @@ -0,0 +1,115 @@ +/* + * Example configuration file for Global. + */ + +/* + * First, create the service. + */ +service +{ + /* + * The name of the Global client. + * If you change this value, you probably want to change the client directive in the configuration for the global module too. + */ + nick = "Global" + + /* + * The username of the Global client. + */ + user = "services" + + /* + * The hostname of the Global client. + */ + host = "ircservices.{{ external_domain }}" + + /* + * The realname of the Global client. + */ + gecos = "Global Noticer" + + /* + * The modes this client should use. + * Do not modify this unless you know what you are doing. + * + * These modes are very IRCd specific. If left commented, sane defaults + * are used based on what protocol module you have loaded. + * + * Note that setting this option incorrectly could potentially BREAK some, if + * not all, usefulness of the client. We will not support you if this client is + * unable to do certain things if this option is enabled. + */ + #modes = "+o" + + /* + * An optional comma separated list of channels this service should join. Outside + * of log channels this is not very useful, as the service will just idle in the + * specified channels, and will not accept any types of commands. + * + * Prefixes may be given to the channels in the form of mode characters or prefix symbols. + */ + #channels = "@#services,#mychan" +} + +/* + * Core Global module. + * + * Provides essential functionality for Global. + */ +module +{ + name = "global" + + /* + * The name of the client that should be Global. + */ + client = "Global" + + /* + * This is the global message that will be sent when Services are being + * shutdown/restarted. + * + * This directive is optional. + */ + #globaloncycledown = "Services are restarting, they will be back shortly - please be good while we're gone" + + /* + * This is the global message that will be sent when Services (re)join the + * network. + * + * This directive is optional. + */ + #globaloncycleup = "Services are now back online - have a nice day" + + /* + * If set, Services will hide the IRC Operator's nick in a global + * message/notice. + * + * This directive is optional. + */ + #anonymousglobal = yes +} + +/* + * Core Global commands. + * + * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules + * are loaded you can then configure the commands to be added to any client you like with any name you like. + * + * Additionally, you may provide a permission name that must be in the opertype of users executing the command. + * + * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior. + */ + +/* Give it a help command. */ +command { service = "Global"; name = "HELP"; command = "generic/help"; } + +/* + * gl_global + * + * Provides the command global/global. + * + * Used for sending a message to every online user. + */ +module { name = "gl_global" } +command { service = "Global"; name = "GLOBAL"; command = "global/global"; permission = "global/global"; } diff --git a/roles/IRC/templates/anope/hostserv.conf.j2 b/roles/IRC/templates/anope/hostserv.conf.j2 new file mode 100755 index 0000000..2d19976 --- /dev/null +++ b/roles/IRC/templates/anope/hostserv.conf.j2 @@ -0,0 +1,188 @@ +/* + * Example configuration file for HostServ. + */ + +/* + * First, create the service. + */ +service +{ + /* + * The name of the HostServ client. + * If you change this value, you probably want to change the client directive in the configuration for the hostserv module too. + */ + nick = "HostServ" + + /* + * The username of the HostServ client. + */ + user = "services" + + /* + * The hostname of the HostServ client. + */ + host = "ircservices.{{ external_domain }}" + + /* + * The realname of the HostServ client. + */ + gecos = "vHost Service" + + /* + * The modes this client should use. + * Do not modify this unless you know what you are doing. + * + * These modes are very IRCd specific. If left commented, sane defaults + * are used based on what protocol module you have loaded. + * + * Note that setting this option incorrectly could potentially BREAK some, if + * not all, usefulness of the client. We will not support you if this client is + * unable to do certain things if this option is enabled. + */ + #modes = "+o" + + /* + * An optional comma separated list of channels this service should join. Outside + * of log channels this is not very useful, as the service will just idle in the + * specified channels, and will not accept any types of commands. + * + * Prefixes may be given to the channels in the form of mode characters or prefix symbols. + */ + #channels = "@#services,#mychan" +} + +/* + * Core HostServ module. + * + * Provides essential functionality for HostServ. + */ +module +{ + name = "hostserv" + + /* + * The name of the client that should be HostServ. + */ + client = "HostServ" + + /* + * If enabled, vhosts are activated on users immediately when they are set. + */ + activate_on_set = false +} + +/* + * Core HostServ commands. + * + * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules + * are loaded you can then configure the commands to be added to any client you like with any name you like. + * + * Additionally, you may provide a permission name that must be in the opertype of users executing the command. + * + * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior. + */ + +/* Give it a help command. */ +command { service = "HostServ"; name = "HELP"; command = "generic/help"; } + +/* + * hs_del + * + * Provides the commands hostserv/del and hostserv/delall. + * + * Used for removing users' vHosts. + */ +module { name = "hs_del" } +command { service = "HostServ"; name = "DEL"; command = "hostserv/del"; permission = "hostserv/del"; } +command { service = "HostServ"; name = "DELALL"; command = "hostserv/delall"; permission = "hostserv/del"; } + +/* + * hs_group + * + * Provides the command hostserv/group. + * + * Used for grouping one vHost to many nicks. + */ +module +{ + name = "hs_group" + + /* + * Upon nickserv/group, this option syncs the nick's main vHost to the grouped nick. + */ + syncongroup = false + + /* + * This makes vhosts act as if they are per account. + */ + synconset = false +} +command { service = "HostServ"; name = "GROUP"; command = "hostserv/group"; } + +/* + * hs_list + * + * Provides the command hostserv/list. + * + * Used for listing actively set vHosts. + */ +module { name = "hs_list" } +command { service = "HostServ"; name = "LIST"; command = "hostserv/list"; permission = "hostserv/list"; } + +/* + * hs_off + * + * Provides the command hostserv/off. + * + * Used for turning off your vHost. + */ +module { name = "hs_off" } +command { service = "HostServ"; name = "OFF"; command = "hostserv/off"; } + +/* + * hs_on + * + * Provides the command hostserv/on. + * + * Used for turning on your vHost. + */ +module { name = "hs_on" } +command { service = "HostServ"; name = "ON"; command = "hostserv/on"; } + +/* + * hs_request + * + * Provides the commands hostserv/request, hostserv/activate, hostserv/reject, and hostserv/waiting. + * + * Used to manage vHosts requested by users. + */ +module +{ + name = "hs_request" + + /* + * If set, Services will send a memo to the user requesting a vHost when it's been + * approved or rejected. + */ + memouser = yes + + /* + * If set, Services will send a memo to all Services staff when a new vHost is requested. + */ + memooper = yes +} +command { service = "HostServ"; name = "REQUEST"; command = "hostserv/request"; } +command { service = "HostServ"; name = "ACTIVATE"; command = "hostserv/activate"; permission = "hostserv/set"; } +command { service = "HostServ"; name = "REJECT"; command = "hostserv/reject"; permission = "hostserv/set"; } +command { service = "HostServ"; name = "WAITING"; command = "hostserv/waiting"; permission = "hostserv/set"; } + +/* + * hs_set + * + * Provides the commands hostserv/set and hostserv/setall. + * + * Used for setting users' vHosts. + */ +module { name = "hs_set" } +command { service = "HostServ"; name = "SET"; command = "hostserv/set"; permission = "hostserv/set"; } +command { service = "HostServ"; name = "SETALL"; command = "hostserv/setall"; permission = "hostserv/set"; } diff --git a/roles/IRC/templates/anope/memoserv.conf.j2 b/roles/IRC/templates/anope/memoserv.conf.j2 new file mode 100644 index 0000000..520e2d8 --- /dev/null +++ b/roles/IRC/templates/anope/memoserv.conf.j2 @@ -0,0 +1,243 @@ +/* + * Example configuration file for MemoServ. + */ + +/* + * First, create the service. + */ +service +{ + /* + * The name of the MemoServ client. + * If you change this value, you probably want to change the client directive in the configuration for the memoserv module too. + */ + nick = "MemoServ" + + /* + * The username of the MemoServ client. + */ + user = "services" + + /* + * The hostname of the MemoServ client. + */ + host = "ircservices.{{ external_domain }}" + + /* + * The realname of the MemoServ client. + */ + gecos = "Memo Service" + + /* + * The modes this client should use. + * Do not modify this unless you know what you are doing. + * + * These modes are very IRCd specific. If left commented, sane defaults + * are used based on what protocol module you have loaded. + * + * Note that setting this option incorrectly could potentially BREAK some, if + * not all, usefulness of the client. We will not support you if this client is + * unable to do certain things if this option is enabled. + */ + #modes = "+o" + + /* + * An optional comma separated list of channels this service should join. Outside + * of log channels this is not very useful, as the service will just idle in the + * specified channels, and will not accept any types of commands. + * + * Prefixes may be given to the channels in the form of mode characters or prefix symbols. + */ + #channels = "@#services,#mychan" +} + +/* + * Core MemoServ module. + * + * Provides essential functionality for MemoServ. + */ +module +{ + name = "memoserv" + /* + * The name of the client that should be MemoServ. Clients are configured + * with the service blocks. + */ + client = "MemoServ" + + /* + * The maximum number of memos a user is allowed to keep by default. Normal users may set the + * limit anywhere between 0 and this value. Services Admins can change it to any value or + * disable it. + * + * This directive is optional, but recommended. If not set, the limit is disabled + * by default, and normal users can set any limit they want. + */ + maxmemos = 20 + + /* + * The delay between consecutive uses of the MemoServ SEND command. This can help prevent spam + * as well as denial-of-service attacks from sending large numbers of memos and filling up disk + * space (and memory). The default 3-second wait means a maximum average of 150 bytes of memo + * per second per user under the current IRC protocol. + * + * This directive is optional, but recommended. + */ + senddelay = 3s +} + +/* + * Core MemoServ commands. + * + * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules + * are loaded you can then configure the commands to be added to any client you like with any name you like. + * + * Additionally, you may provide a permission name that must be in the opertype of users executing the command. + * + * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior. + */ + +/* Give it a help command. */ +command { service = "MemoServ"; name = "HELP"; command = "generic/help"; } + +/* + * ms_cancel + * + * Provides the command memoserv/cancel. + * + * Used to cancel memos already sent but not yet read. + */ +module { name = "ms_cancel" } +command { service = "MemoServ"; name = "CANCEL"; command = "memoserv/cancel"; } + +/* + * ms_check + * + * Provides the command memoserv/check. + * + * Used to check if a sent memo has been read. + */ +module { name = "ms_check" } +command { service = "MemoServ"; name = "CHECK"; command = "memoserv/check"; } + +/* + * ms_del + * + * Provides the command memoserv/del. + * + * Used to delete your memos. + */ +module { name = "ms_del" } +command { service = "MemoServ"; name = "DEL"; command = "memoserv/del"; } + +/* + * ms_ignore + * + * Provides the command memoserv/ignore. + * + * Used to ignore memos from specific users. + */ +module +{ + name = "ms_ignore" + + /* + * The maximum number of entries that may be on a memo ignore list. + * + * This directive is optional. + */ + max = 32 +} +command { service = "MemoServ"; name = "IGNORE"; command = "memoserv/ignore"; } + +/* + * ms_info + * + * Provides the command memoserv/info. + * + * Used to show memo related information about an account or a channel. + */ +module { name = "ms_info" } +command { service = "MemoServ"; name = "INFO"; command = "memoserv/info"; } + +/* + * ms_list + * + * Provides the command memoserv/list. + * + * Used to list your current memos. + */ +module { name = "ms_list" } +command { service = "MemoServ"; name = "LIST"; command = "memoserv/list"; } + +/* + * ms_read + * + * Provides the command memoserv/read. + * + * Used to read your memos. + */ +module { name = "ms_read" } +command { service = "MemoServ"; name = "READ"; command = "memoserv/read"; } + +/* + * ms_rsend + * + * Provides the command memoserv/rsend. + * + * Used to send a memo requiring a receipt be sent back once it is read. + * + * Requires configuring memoserv:memoreceipt. + */ +#module +{ + name = "ms_rsend" + + /* + * Only allow Services Operators to use ms_rsend. + * + * This directive is optional. + */ + operonly = false +} +#command { service = "MemoServ"; name = "RSEND"; command = "memoserv/rsend"; } + +/* + * ms_send + * + * Provides the command memoserv/send. + * + * Used to send memos. + */ +module { name = "ms_send" } +command { service = "MemoServ"; name = "SEND"; command = "memoserv/send"; } + +/* + * ms_sendall + * + * Provides the command memoserv/sendall. + * + * Used to send a mass memo to every registered user. + */ +module { name = "ms_sendall" } +command { service = "MemoServ"; name = "SENDALL"; command = "memoserv/sendall"; permission = "memoserv/sendall"; } + +/* + * ms_set + * + * Provides the command memoserv/set. + * + * Used to set settings such as how you are notified of new memos, and your memo limit. + */ +module { name = "ms_set" } +command { service = "MemoServ"; name = "SET"; command = "memoserv/set"; } + +/* + * ms_staff + * + * Provides the command memoserv/staff. + * + * Used to send a memo to all registered staff members. + */ +module { name = "ms_staff" } +command { service = "MemoServ"; name = "STAFF"; command = "memoserv/staff"; permission = "memoserv/staff"; } diff --git a/roles/IRC/templates/anope/modules.conf.j2 b/roles/IRC/templates/anope/modules.conf.j2 new file mode 100644 index 0000000..fea0f3b --- /dev/null +++ b/roles/IRC/templates/anope/modules.conf.j2 @@ -0,0 +1,797 @@ +/* + * [OPTIONAL] Non-Core Modules + * + * The following blocks are used to load all non-core modules, including 3rd-party modules. + * Modules can be prevented from loading by commenting out the line, other modules can be added by + * adding a module block. These modules will be loaded prior to Services connecting to your network. + * + * Note that some of these modules are labeled EXTRA, and must be enabled prior to compiling by + * running the 'extras' script on Linux and UNIX. + */ + +/* + * help + * + * Provides the command generic/help. + * + * This is a generic help command that can be used with any client. + */ +module { name = "help" } + +/* + * m_ldap [EXTRA] + * + * This module allows other modules to use LDAP. By itself, this module does nothing useful. + */ +module +{ + name = "m_ldap" + + ldap + { + server = "ldap://127.0.0.1" + port = 389 + + /* + * Admin credentials used for performing searches and adding users. + */ + admin_binddn = "uid=binduser,{{ ldap['userou'] }},{{ ldap['orgdn'] }}" + admin_password = "{{ secrets['Sora']['bindpassword'] }}" + } +} + +/* + * m_ldap_authentication [EXTRA] + * + * This module allows many commands such as IDENTIFY, RELEASE, RECOVER, GHOST, etc. use + * LDAP to authenticate users. Requires m_ldap. +*/ +module +{ + name = "m_ldap_authentication" + + /* + * The distinguished name used for searching for users's accounts. + */ + basedn = "{{ ldap['userou'] }},{{ ldap['orgdn'] }}" + + /* + * The search filter used to look up users's accounts. + * %account is replaced with the user's account. + * %object_class is replaced with the object_class configured below. + */ + search_filter = "uid=%account" + + /* + * The object class used by LDAP to store user account information. + * This is used for adding new users to LDAP if registration is allowed. + */ + object_class = "organizationalPerson" + + /* + * The attribute value used for account names. + */ + username_attribute = "uid" + + /* + * The attribute value used for email addresses. + * This directive is optional. + */ + email_attribute = "email" + + /* + * The attribute value used for passwords. + * Used when registering new accounts in LDAP. + */ + password_attribute = "userPassword" + + /* + * If set, the reason to give the users who try to register with nickserv, + * including nick registration from grouping. + * + * If not set, then registration is not blocked. + */ + #disable_register_reason = "To register on this network, contact a netadmin in #lobby. They will need to add an AniNIX/Sora LDAP account for you." + + /* + * If set, the reason to give the users who try to "/msg NickServ SET EMAIL". + * If not set, then email changing is not blocked. + */ + disable_email_reason = "Not allowed -- this network does not use email for account management." +} + +/* + * m_dns + * + * Adds support for the DNS protocol. By itself this module does nothing useful, + * but other modules such as m_dnsbl and os_dns require this. + */ +#module +{ + name = "m_dns" + + /* + * The nameserver to use for resolving hostnames, must be an IP or a resolver configuration file. + * The below should work fine on all unix like systems. Windows users will have to find their nameservers + * from ipconfig /all and put the IP here. + */ + nameserver = "/etc/resolv.conf" + #nameserver = "127.0.0.1" + + /* + * How long to wait in seconds before a DNS query has timed out. + */ + timeout = 5 + + + /* Only edit below if you are expecting to use os_dns or otherwise answer DNS queries. */ + + /* + * The IP and port services use to listen for DNS queries. + * Note that ports less than 1024 are privileged on UNIX/Linux systems, and + * require Anope to be started as root. If you do this, it is recommended you + * set options:user and options:group so Anope can change users after binding + * to this port. + */ + ip = "0.0.0.0" + port = 53 + + + /* + * SOA record information. + */ + + /* E-mail address of the DNS administrator. */ + admin = "admin@example.com" + + /* This should be the names of the public facing nameservers serving the records. */ + nameservers = "ns1.example.com ns2.example.com" + + /* The time slave servers are allowed to cache. This should be reasonably low + * if you want your records to be updated without much delay. + */ + refresh = 3600 + + /* A notify block. There should probably be one per nameserver listed in 'nameservers'. + */ + notify + { + ip = "192.0.2.0" + port = 53 + } +} + +/* + * m_dnsbl + * + * Allows configurable DNS blacklists to check connecting users against. If a user + * is found on the blacklist they will be immediately banned. This is a crucial module + * to prevent bot attacks. + */ +#module +{ + name = "m_dnsbl" + + /* + * If set, Services will check clients against the DNSBLs when services connect to its uplink. + * This is not recommended, and on large networks will open a very large amount of DNS queries. + * Whilst services are not drastically affected by this, your nameserver/DNSBL might care. + */ + check_on_connect = no + + /* + * If set, Services will check clients when coming back from a netsplit. This can cause a large number + * of DNS queries open at once. Whilst services are not drastically affected by this, your nameserver/DNSBL + * might care. + */ + check_on_netburst = no + + /* + * If set, OperServ will add clients found in the DNSBL to the akill list. Without it, OperServ simply sends + * a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being fill up by bots. + */ + add_to_akill = yes + + blacklist + { + /* Name of the blacklist. */ + name = "rbl.efnetrbl.org" + + /* How long to set the ban for. */ + time = 4h + + /* Reason for akill. + * %n is the nick of the user + * %u is the ident/username of the user + * %g is the realname of the user + * %h is the hostname of the user + * %i is the IP of the user + * %r is the reply reason (configured below). Will be nothing if not configured. + * %N is the network name set in networkinfo:networkname + */ + reason = "You are listed in the efnet RBL, visit http://rbl.efnetrbl.org/?i=%i for info" + + /* Replies to ban and their reason. If no relies are configured, all replies get banned. */ + reply + { + code = 1 + reason = "Open Proxy" + } + + #reply + { + code = 2 + reason = "spamtrap666" + } + + #reply + { + code = 3 + reason = "spamtrap50" + } + + reply + { + code = 4 + reason = "TOR" + + /* + * If set, users identified to services at the time the result comes back + * will not be banned. + */ + #allow_account = yes + } + + reply + { + code = 5 + reason = "Drones / Flooding" + } + } + + #blacklist + { + name = "dnsbl.dronebl.org" + time = 4h + reason = "You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded?ip=%i&network=%N" + } + + /* Exempt localhost from DNSBL checks */ + exempt { ip = "127.0.0.1" } +} + +/* + * m_helpchan + * + * Gives users who are op in the specified help channel usermode +h (helpop). + */ +#module +{ + name = "m_helpchan" + + helpchannel = "#help" +} + +/* + * m_httpd + * + * Allows services to serve web pages. By itself, this module does nothing useful. + * + * Note that using this will allow users to get the IP of your services. + * To prevent this we recommend using a reverse proxy or a tunnel. + */ +#module +{ + name = "m_httpd" + + httpd + { + /* Name of this service. */ + name = "httpd/main" + + /* IP to listen on. */ + ip = "0.0.0.0" + + /* Port to listen on. */ + port = 8080 + + /* Time before connections to this server are timed out. */ + timeout = 30 + + /* Listen using SSL. Requires an SSL module. */ + #ssl = yes + + /* If you are using a reverse proxy that sends one of the + * extforward_headers set below, set this to its IP. + * This allows services to obtain the real IP of users by + * reading the forwarded-for HTTP header. + */ + #extforward_ip = "192.168.0.255" + + /* The header to look for. These probably work as is. */ + extforward_header = "X-Forwarded-For Forwarded-For" + } +} + + + +/* + * m_ldap_oper [EXTRA] + * + * This module dynamically ties users to Anope opertypes when they identify + * via LDAP group membership. Requires m_ldap. + * + * Note that this doesn't give the user privileges on the IRCd, only in Services. + */ +#module +{ + name = "m_ldap_oper" + + /* + * An optional binddn to use when searching for groups. + * %a is replaced with the account name of the user. + */ + #binddn = "cn=Manager,dc=anope,dc=org" + + /* + * An optional password to bind with. + */ + #password = "secret" + + /* + * The base DN where the groups are. + */ + basedn = "ou=groups,dc=anope,dc=org" + + /* + * The filter to use when searching for users. + * %a is replaced with the account name of the user. + */ + filter = "(member=uid=%a,ou=users,dc=anope,dc=org)" + + /* + * The attribute of the group that is the name of the opertype. + * The cn attribute should match a known opertype in the config. + */ + opertype_attribute = "cn" +} + +/* + * m_mysql [EXTRA] + * + * This module allows other modules to use MySQL. + */ +#module +{ + name = "m_mysql" + + mysql + { + /* The name of this service. */ + name = "mysql/main" + database = "anope" + server = "127.0.0.1" + username = "anope" + password = + port = 3306 + } +} +/* + * m_redis + * + * This module allows other modules to use Redis. + */ +#module +{ + name = "m_redis" + + /* A redis database */ + redis + { + /* The name of this service */ + name = "redis/main" + + /* + * The redis database to use. New connections default to 0. + */ + db = 0 + + ip = "127.0.0.1" + port = 6379 + } +} + +/* + * m_regex_pcre [EXTRA] + * + * Provides the regex engine regex/pcre, which uses the Perl Compatible Regular Expressions library. + */ +#module { name = "m_regex_pcre" } + +/* + * m_regex_posix [EXTRA] + * + * Provides the regex engine regex/posix, which uses the POSIX compliant regular expressions. + * This is likely the only regex module you will not need extra libraries for. + */ +#module { name = "m_regex_posix" } + +/* + * m_regex_tre [EXTRA] + * + * Provides the regex engine regex/tre, which uses the TRE regex library. + */ +#module { name = "m_regex_tre" } + +/* + * m_rewrite + * + * Allows rewriting commands sent to/from clients. + */ +#module { name = "m_rewrite" } +#command +{ + service = "ChanServ"; name = "CLEAR"; command = "rewrite" + + /* Enable m_rewrite. */ + rewrite = true + + /* Source message to match. A $ can be used to match anything. */ + rewrite_source = "CLEAR $ USERS" + + /* + * Message to rewrite the source message to. A $ followed by a number, eg $0, gets + * replaced by the number-th word from the source_message, starting from 0. + */ + rewrite_target = "KICK $1 *" + + /* + * The command description. This only shows up in HELP's output. + * Comment this option to prevent the command from showing in the + * HELP command. + */ + rewrite_description = "Clears all users from a channel" +} + +/* + * m_proxyscan + * + * This module allows you to scan connecting clients for open proxies. + * Note that using this will allow users to get the IP of your services. + * + * Currently the two supported proxy types are HTTP and SOCKS5. + * + * The proxy scanner works by attempting to connect to clients when they + * connect to the network, and if they have a proxy running instruct it to connect + * back to services. If services are able to connect through the proxy to itself + * then it knows it is an insecure proxy, and will ban it. + */ +#module +{ + name = "m_proxyscan" + + /* + * The target IP services tells the proxy to connect back to. This must be a publicly + * available IP that remote proxies can connect to. + */ + #target_ip = "127.0.0.1" + + /* + * The port services tells the proxy to connect to. + */ + target_port = 7226 + + /* + * The listen IP services listen on for incoming connections from suspected proxies. + * This probably will be the same as target_ip, but may not be if you are behind a firewall (NAT). + */ + #listen_ip = "127.0.0.1" + + /* + * The port services should listen on for incoming connections from suspected proxies. + * This most likely will be the same as target_port. + */ + listen_port = 7226 + + /* + * An optional notice sent to clients upon connect. + */ + #connect_notice = "We will now scan your host for insecure proxies. If you do not consent to this scan please disconnect immediately." + + /* + * Who the notice should be sent from. + */ + #connect_source = "OperServ" + + /* + * If set, OperServ will add infected clients to the akill list. Without it, OperServ simply sends + * a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being filled up by bots. + */ + add_to_akill = yes + + /* + * How long before connections should be timed out. + */ + timeout = 5 + + proxyscan + { + /* The type of proxy to check for. A comma separated list is allowed. */ + type = "HTTP" + + /* The ports to check. */ + port = "80,8080" + + /* How long to set the ban for. */ + time = 4h + + /* + * The reason to ban the user for. + * %h is replaced with the type of proxy found. + * %i is replaced with the IP of proxy found. + * %p is replaced with the port. + */ + reason = "You have an open proxy running on your host (%t:%i:%p)" + } +} + +/* + * m_sasl + * + * Some IRCds allow "SASL" authentication to let users identify to Services + * during the IRCd user registration process. If this module is loaded, Services will allow + * authenticating users through this mechanism. Supported mechanisms are: + * PLAIN, EXTERNAL. + */ +#module { name = "m_sasl" } + +/* + * m_sasl_dh-aes [EXTRA] + * + * Add the DH-AES mechanism to SASL. + * Requires m_sasl to be loaded. + * Requires openssl. + */ +#module { name = "m_sasl_dh-aes" } + +/* + * m_sasl_dh-blowfish [EXTRA] + * + * Add the DH-BLOWFISH mechanism to SASL. + * Requires m_sasl to be loaded. + * Requires openssl. + */ +#module { name = "m_sasl_dh-blowfish" } + +/* + * m_ssl_gnutls [EXTRA] + * + * This module provides SSL services to Anope using GnuTLS, for example to + * connect to the uplink server(s) via SSL. + * + * You may only load either m_ssl_gnutls or m_ssl_openssl, bot not both. + */ +#module +{ + name = "m_ssl_gnutls" + + /* + * An optional certificate and key for m_ssl_gnutls to give to the uplink. + * + * You can generate your own certificate and key pair by using: + * + * certtool --generate-privkey --bits 2048 --outfile anope.key + * certtool --generate-self-signed --load-privkey anope.key --outfile anope.crt + * + */ + cert = "data/anope.crt" + key = "data/anope.key" + + /* + * Diffie-Hellman parameters to use when acting as a server. This is only + * required for TLS servers that want to use ephemeral DH cipher suites. + * + * This is NOT required for Anope to connect to the uplink server(s) via SSL. + * + * You can generate DH parameters by using: + * + * certtool --generate-dh-params --bits 2048 --outfile dhparams.pem + * + */ +# dhparams = "data/dhparams.pem" +} + +/* + * m_ssl_openssl [EXTRA] + * + * This module provides SSL services to Anope using OpenSSL, for example to + * connect to the uplink server(s) via SSL. + * + * You may only load either m_ssl_openssl or m_ssl_gnutls, bot not both. + * + */ +#module +{ + name = "m_ssl_openssl" + + /* + * An optional certificate and key for m_ssl_openssl to give to the uplink. + * + * You can generate your own certificate and key pair by using: + * + * openssl genrsa -out anope.key 2048 + * openssl req -new -x509 -key anope.key -out anope.crt -days 1095 + */ + cert = "data/anope.crt" + key = "data/anope.key" + + /* + * As of 2014 SSL 3.0 is considered insecure, but it might be enabled + * on some systems by default for compatibility reasons. + * You can use the following option to enable or disable it explicitly. + * Leaving this option not set defaults to the default system behavior. + */ + #sslv3 = no +} + +/* + * m_sql_authentication [EXTRA] + * + * This module allows authenticating users against an external SQL database using a custom + * query. + */ +#module +{ + name = "m_sql_authentication" + + /* SQL engine to use. Should be configured elsewhere with m_mysql, m_sqlite, etc. */ + engine = "mysql/main" + + /* Query to execute to authenticate. A non empty result from this query is considered a success, + * and the user will be authenticated. + * + * @a@ is replaced with the user's account name + * @p@ is replaced with the user's password + * @n@ is replaced with the user's nickname + * @i@ is replaced with the user's IP + * + * Note that @n@ and @i@ may not always exist in the case of a user identifying outside of the normal + * nickserv/identify command, such as through the web panel. + * + * Furthermore, if a field named email is returned from this query the user's email is + * set to its value. + * + * + * We've included some example queries for some popular website/forum systems. + * + * Drupal 6: "SELECT `mail` AS `email` FROM `users` WHERE `name` = @a@ AND `pass` = MD5(@p@) AND `status` = 1" + * e107 cms: "SELECT `user_email` AS `email` FROM `e107_user` WHERE `user_loginname` = @a@ AND `user_password` = MD5(@p@)" + * SMF Forum: "SELECT `email_address` AS `email` FROM `smf_members` WHERE `member_name` = @a@ AND `passwd` = SHA1(CONCAT(LOWER(@a@), @p@))" + * vBulletin: "SELECT `email` FROM `user` WHERE `username` = @a@ AND `password` = MD5(CONCAT(MD5(@p@), `salt`))" + * IP.Board: "SELECT `email` FROM `ibf_members` WHERE `name` = @a@ AND `members_pass_hash` = MD5(CONCAT(MD5(`members_pass_salt`), MD5(@p@)))" + */ + query = "SELECT `email_addr` AS `email` FROM `my_users` WHERE `username` = @a@ AND `password` = MD5(CONCAT('salt', @p@))" + + /* + * If set, the reason to give the users who try to "/msg NickServ REGISTER". + * If not set, then registration is not blocked. + */ + #disable_reason = "To register on this network visit http://some.misconfigured.site/register" + + /* + * If set, the reason to give the users who try to "/msg NickServ SET EMAIL". + * If not set, then email changing is not blocked. + */ + #disable_email_reason = "To change your email address visit http://some.misconfigured.site" +} + +/* + * m_sql_log [EXTRA] + * + * This module adds an additional target option to log{} blocks + * that allows logging Service's logs to SQL. To log to SQL, add + * the SQL service name to log:targets prefixed by sql_log:. For + * example: + * + * log + * { + * targets = "services.log sql_log:mysql/main" + * ... + * } + * + * By default this module logs to the table `logs`, and will create + * it if it doesn't exist. This module does not create any indexes (keys) + * on the table and it is recommended you add them yourself as necessary. + */ +#module { name = "m_sql_log" } + +/* + * m_sql_oper [EXTRA] + * + * This module allows granting users services operator privileges and possibly IRC Operator + * privileges based on an external SQL database using a custom query. + */ +#module +{ + name = "m_sql_oper" + + /* SQL engine to use. Should be configured elsewhere with m_mysql, m_sqlite, etc. */ + engine = "mysql/main" + + /* Query to execute to determine if a user should have operator privileges. + * A field named opertype must be returned in order to link the user to their oper type. + * The oper types must be configured earlier in services.conf. + * + * If a field named modes is returned from this query then those modes are set on the user. + * Without this, only a simple +o is sent. + * + * @a@ is replaced with the user's account name + * @i@ is replaced with the user's IP + */ + query = "SELECT `opertype` FROM `my_users` WHERE `user_name` = @a@" +} + +/* + * m_sqlite [EXTRA] + * + * This module allows other modules to use SQLite. + */ +#module +{ + name = "m_sqlite" + + /* A SQLite database */ + sqlite + { + /* The name of this service. */ + name = "sqlite/main" + + /* The database name, it will be created if it does not exist. */ + database = "anope.db" + } +} + +/* + * webcpanel + * + * This module creates a web configuration panel that allows users and operators to perform any task + * as they could over IRC. If you are using the default configuration you should be able to access + * this panel by visiting http://127.0.0.1:8080 in your web browser from the machine Anope is running on. + * + * This module requires m_httpd. + */ +#module +{ + name = "webcpanel" + + /* Web server to use. */ + server = "httpd/main"; + + /* Template to use. */ + template = "default"; + + /* Page title. */ + title = "Anope IRC Services"; +} + +/* + * m_xmlrpc + * + * Allows remote applications (websites) to execute queries in real time to retrieve data from Anope. + * By itself this module does nothing, but allows other modules (m_xmlrpc_main) to receive and send XMLRPC queries. + */ +#module +{ + name = "m_xmlrpc" + + /* Web service to use. Requires m_httpd. */ + server = "httpd/main" +} + +/* + * m_xmlrpc_main + * + * Adds the main XMLRPC core functions. + * Requires m_xmlrpc. + */ +#module { name = "m_xmlrpc_main" } diff --git a/roles/IRC/templates/anope/nickserv.conf.j2 b/roles/IRC/templates/anope/nickserv.conf.j2 new file mode 100755 index 0000000..7fa5b17 --- /dev/null +++ b/roles/IRC/templates/anope/nickserv.conf.j2 @@ -0,0 +1,662 @@ +/* + * Example configuration file for NickServ. + */ + +/* + * First, create the service. + */ +service +{ + /* + * The name of the NickServ client. + * If you change this value, you probably want to change the client directive in the configuration for the nickserv module too. + */ + nick = "NickServ" + + /* + * The username of the NickServ client. + */ + user = "services" + + /* + * The hostname of the NickServ client. + */ + host = "ircservices.{{ external_domain }}" + + /* + * The realname of the NickServ client. + */ + gecos = "Nickname Registration Service" + + /* + * The modes this client should use. + * Do not modify this unless you know what you are doing. + * + * These modes are very IRCd specific. If left commented, sane defaults + * are used based on what protocol module you have loaded. + * + * Note that setting this option incorrectly could potentially BREAK some, if + * not all, usefulness of the client. We will not support you if this client is + * unable to do certain things if this option is enabled. + */ + #modes = "+o" + + /* + * An optional comma separated list of channels this service should join. Outside + * of log channels this is not very useful, as the service will just idle in the + * specified channels, and will not accept any types of commands. + * + * Prefixes may be given to the channels in the form of mode characters or prefix symbols. + */ + #channels = "@#services,#mychan" +} + +/* + * Core NickServ module. + * + * Provides essential functionality for NickServ. + */ +module +{ + name = "nickserv" + + /* + * The name of the client that should be NickServ. + */ + client = "NickServ" + + /* + * Force users to give an e-mail address when they register a nick. + * + * This directive defaults to "yes" and is recommended to be enabled. This is required if e-mail registration is enabled. + */ + forceemail = no + + /* + * Require users who change their email address to confirm they + * own their new email. + */ + confirmemailchanges = no + + /* + * A message sent to users on connect if they use an unregistered nick. + * + * This directive is optional. + */ + unregistered_notice = "Your nickname is not registered. If you would like it registered, contact a netadmin (identified by ^) in #lobby to get it registered." + + /* + * The default options for newly registered nicks. Note that changing these options + * will have no effect on nicks which are already registered. The list must be separated + * by spaces. + * + * The options are: + * - killprotect: Kill nick if not identified within 60 seconds + * - kill_quick: Kill nick if not identified within 20 seconds, this one overrides the above + * option and the above must be specified with this one + * - ns_secure: Enable nickname security, requiring the nick's password before any operations + * can be done on it + * - ns_private: Hide the nick from NickServ's LIST command + * - hide_email: Hide's the nick's e-mail address from NickServ's INFO command + * - hide_mask: Hide's the nick's last or current user@host from NickServ's INFO command + * - hide_quit: Hide's the nick's last quit message + * - memo_signon: Notify user if they have a new memo when they sign into the nick + * - memo_receive: Notify user if they have a new memo as soon as it's received + * - memo_mail: Notify user if they have a new memo by mail + * - autoop: User will be automatically opped in channels they enter and have access to + * - msg: Services messages will be sent as PRIVMSGs instead of NOTICEs, requires + * options:useprivmsg to be enabled as well + * - ns_keepmodes: Enables keepmodes, which retains user modes across sessions + * + * This directive is optional, if left blank, the options will default to ns_secure, memo_signon, and + * memo_receive. If you really want no defaults, use "none" by itself as the option. + */ + defaults = "ns_secure ns_private hide_email hide_mask memo_signon memo_receive autoop killprotect" + + /* + * The minimum length of time between consecutive uses of NickServ's REGISTER command. This + * directive is optional, but recommended. If not set, this restriction will be disabled. + */ + regdelay = 30s + + /* + * The length of time before a nick's registration expires. + * + * This directive is optional, but recommended. If not set, the default is 21 days. + */ + expire = 3650d + + /* + * Prevents the use of the ACCESS and CERT (excluding their LIST subcommand), DROP, FORBID, SUSPEND, + * GETPASS and SET PASSWORD commands by services operators on other services operators. + * + * This directive is optional, but recommended. + */ + secureadmins = yes + + /* + * If set, Services will set the channel modes a user has access to upon identifying, assuming + * they are not already set. + * + * This directive is optional. + */ + modeonid = yes + + /* + * If set, Services will set these user modes on any user who identifies. + * + * This directive is optional. + */ + #modesonid = "+R" + + /* + * If set, Services will not show netsplits in the last quit message field + * of NickServ's INFO command. + */ + hidenetsplitquit = no + + /* + * If set, is the length of time NickServ's killquick and kill options wait before + * forcing users off of protected nicknames. + */ + killquick = 20s + kill = 60s + + /* + * If set, forbids the registration of nicks that contain an existing + * nick with Services access. For example, if Tester is a Services Oper, + * you can't register NewTester or Tester123 unless you are an IRC + * Operator. + * + * NOTE: If you enable this, you will have to be logged in as an IRC + * operator in order to register a Services Root nick when setting up + * Anope for the first time. + * + * This directive is optional. + */ + restrictopernicks = yes + + /* + * The username, and possibly hostname, used for fake users created when Services needs to + * hold a nickname. + */ + enforceruser = "enforcer" + enforcerhost = "ircservices.{{ external_domain }}" + + /* + * The length of time Services hold nicknames. + * + * This directive is optional, but recommended. If not set it defaults to 1 minute. + */ + releasetimeout = 1m + + /* + * When a user's nick is forcibly changed to enforce a "nick kill", their new nick will start + * with this value. The rest will be made up of 6 or 7 digits. + * Make sure this is a valid nick and Nicklen+7 is not longer than the allowed Nicklen on your ircd. + * + * This directive is optional. If not set it defaults to "Guest" + */ + guestnickprefix = "Guest" + + /* + * If set, Services do not allow ownership of nick names, only ownership of accounts. + */ + nonicknameownership = no + + /* + * The maximum length of passwords + * + * This directive is optional. If not set it defaults to 32. + */ + passlen = 32 +} + +/* + * Core NickServ commands. + * + * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules + * are loaded you can then configure the commands to be added to any client you like with any name you like. + * + * Additionally, you may provide a permission name that must be in the opertype of users executing the command. + * + * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior. + */ + +/* Command group configuration for NickServ. + * + * Commands may optionally be placed into groups to make NickServ's HELP output easier to understand. + * Remove the following groups to use the old behavior of simply listing all NickServ commands from HELP. + */ +command_group +{ + name = "nickserv/admin" + description = _("Services Operator commands") +} + +/* Give it a help command. */ +command { service = "NickServ"; name = "HELP"; command = "generic/help"; } + +/* + * ns_access + * + * Provides the command nickserv/access. + * + * Used for configuring what hosts have access to your account. + */ +module +{ + name = "ns_access" + + /* + * The maximum number of entries allowed on a nickname's access list. + * If not set, the default is 32. This number cannot be set to 0. + */ + accessmax = 32 + + /* + * If set, Services will add the usermask of registering users to the access list of their + * newly created account. If not set, users will always have to identify to NickServ before + * being recognized, unless they manually add an address to the access list of their account. + * This directive is optional. + */ + addaccessonreg = yes +} +command { service = "NickServ"; name = "ACCESS"; command = "nickserv/access"; } + +/* + * ns_ajoin + * + * Provides the command nickserv/ajoin. + * + * Used for configuring channels to join once you identify. + */ +module +{ + name = "ns_ajoin" + + /* + * The maximum number of channels a user can have on NickServ's AJOIN command. + */ + ajoinmax = 50 +} +command { service = "NickServ"; name = "AJOIN"; command = "nickserv/ajoin"; } + +/* + * ns_alist + * + * Provides the command nickserv/alist. + * + * Used for viewing what channels you have access to. + */ +module { name = "ns_alist" } +command { service = "NickServ"; name = "ALIST"; command = "nickserv/alist"; } + +/* + * ns_cert + * + * Provides the command nickserv/cert. + * + * Used for configuring your SSL certificate list, which can be used to automatically identify you. + * +module +{ + name = "ns_cert" + + /* + * The maximum number of entries allowed on a nickname's certificate fingerprint list. + * The default is 5. This number cannot be set to 0. + * + max = 5 +} +command { service = "NickServ"; name = "CERT"; command = "nickserv/cert"; } +*/ +/* + * ns_drop + * + * Provides the command nickserv/drop. + * + * Used for unregistering names. + */ +module { name = "ns_drop" } +command { service = "NickServ"; name = "DROP"; command = "nickserv/drop"; } + +/* + * ns_getemail + * + * Provides the command nickserv/getemail. + * + * Used for getting registered accounts by searching for emails. + */ +module { name = "ns_getemail" } +command { service = "NickServ"; name = "GETEMAIL"; command = "nickserv/getemail"; permission = "nickserv/getemail"; group = "nickserv/admin"; } + +/* + * ns_getpass + * + * Provides the command nickserv/getpass. + * + * Used for getting users passwords. + * + * Requires no encryption is being used. + */ +#module { name = "ns_getpass" } +#command { service = "NickServ"; name = "GETPASS"; command = "nickserv/getpass"; permission = "nickserv/getpass"; } + +/* + * ns_group + * + * Provides the commands nickserv/group, nickserv/glist, and nickserv/ungroup. + * + * Used for controlling nick groups. + */ +module +{ + name = "ns_group" + + /* + * The maximum number of nicks allowed in a group. + * + * This directive is optional, but recommended. If not set or set to 0, no limits will be applied. + */ + maxaliases = 16 + + /* + * If set, the NickServ GROUP command won't allow any group changes. This is recommended to + * prevent users from accidentally dropping their nicks, as it forces users to explicitly + * drop their nicks before adding it to another group. + * + * This directive is optional, but recommended. + */ + nogroupchange = yes +} +command { service = "NickServ"; name = "GLIST"; command = "nickserv/glist"; } +command { service = "NickServ"; name = "GROUP"; command = "nickserv/group"; } +command { service = "NickServ"; name = "UNGROUP"; command = "nickserv/ungroup"; } + +/* + * ns_identify + * + * Provides the command nickserv/identify. + * + * Used for identifying to accounts. + */ +module { name = "ns_identify" } +command { service = "NickServ"; name = "ID"; command = "nickserv/identify"; hide = true; } +command { service = "NickServ"; name = "IDENTIFY"; command = "nickserv/identify"; } + +/* + * ns_info + * + * Provides the commands: + * nickserv/info. - Used for gathering information about an account. + * nickserv/set/hide, nickserv/saset/hide - Used for configuring which options are publically shown in nickserv/info. + * + */ +module { name = "ns_info" } +command { service = "NickServ"; name = "INFO"; command = "nickserv/info"; } + +command { service = "NickServ"; name = "SET HIDE"; command = "nickserv/set/hide"; } +command { service = "NickServ"; name = "SASET HIDE"; command = "nickserv/saset/hide"; permission = "nickserv/saset/hide"; } + + +/* + * ns_list + * + * Provides the commands: + * nickserv/list - Used for retrieving and searching the registered account list. + * nickserv/set/private, nickserv/saset/private - Used for configuring whether or a users account shows up in nickserv/list. + * + */ +module +{ + name = "ns_list" + + /* + * The maximum number of nicks to be returned for a NickServ LIST command. + */ + listmax = 50 +} +command { service = "NickServ"; name = "LIST"; command = "nickserv/list"; } + +command { service = "NickServ"; name = "SET PRIVATE"; command = "nickserv/set/private"; } +command { service = "NickServ"; name = "SASET PRIVATE"; command = "nickserv/saset/private"; permission = "nickserv/saset/private"; } + + +/* + * ns_logout + * + * Provides the command nickserv/logout. + * + * Used for logging out of your account. + */ +module { name = "ns_logout" } +command { service = "NickServ"; name = "LOGOUT"; command = "nickserv/logout"; } + +/* + * ns_recover + * + * Provides the command nickserv/recover. + * + * Used for recovering your nick from services or another user. + */ +module +{ + name = "ns_recover" + + /* + * If set, Services will svsnick and svsjoin users who use the recover + * command on an identified user to the nick and channels of the recovered user. + * + * This directive is opional. + */ + restoreonrecover = yes +} +command { service = "NickServ"; name = "RECOVER"; command = "nickserv/recover"; } +# Uncomment below to emulate 1.8's behavior of ghost and release. +#command { service = "NickServ"; name = "GHOST"; command = "nickserv/recover"; } +#command { service = "NickServ"; name = "RELEASE"; command = "nickserv/recover"; } + +/* + * ns_register + * + * Provides the commands nickserv/confirm, nickserv/register, and nickserv/resend. + * + * Used for registering accounts. + */ +module +{ + name = "ns_register" + + /* + * Registration confirmation setting. Set to "none" for no registration confirmation, + * "mail" for email confirmation, and "admin" to have services operators manually confirm + * every registration. Set to "disable" to completely disable all registrations. + */ + registration = "none" + + /* + * The minimum length of time between consecutive uses of NickServ's RESEND command. + * + * This directive is optional, but recommended. If not set, this restriction will be disabled. + */ + resenddelay = 90s + + /* + * Prevents users from registering their nick if they are not connected + * for at least the given number of seconds. + * + * This directive is optional. + */ + #nickregdelay = 30s + + /* + * The length of time a user using an unconfirmed account has + * before the account will be released for general use again. + */ + #unconfirmedexpire = 1d +} +#command { service = "NickServ"; name = "CONFIRM"; command = "nickserv/confirm"; } +command { service = "NickServ"; name = "REGISTER"; command = "nickserv/register"; } +#command { service = "NickServ"; name = "RESEND"; command = "nickserv/resend"; } + +/* + * ns_resetpass + * + * Provides the command nickserv/resetpass. + * + * Used for resetting passwords by emailing users a temporary one. + */ +/*module { name = "ns_resetpass" } +command { service = "NickServ"; name = "RESETPASS"; command = "nickserv/resetpass"; } +*/ + +/* + * ns_set + * + * Provides the commands: + * nickserv/set, nickserv/saset - Dummy help wrappers for the SET and SASET commands. + * nickserv/set/autoop, nickserv/saset/autoop - Determines whether or not modes are automatically set users when joining a channel. + * nickserv/set/display, nickserv/saset/display - Used for setting a users display name. + * nickserv/set/email, nickserv/saset/email - Used for setting a users email address. + * nickserv/set/keepmodes, nickserv/saset/keepmodes - Configure whether or not services should retain a user's modes across sessions. + * nickserv/set/kill, nickserv/saset/kill - Used for configuring nickname protection. + * nickserv/set/language, nickserv/saset/language - Used for configuring what language services use. + * nickserv/set/message, nickserv/saset/message - Used to configure how services send messages to you. + * nickserv/set/password, nickserv/saset/password - Used for changing a users password. + * nickserv/set/secure, nickserv/saset/secure - Used for configuring whether a user can identify by simply being recognized by nickserv/access. + * nickserv/saset/noexpire - Used for configuring noexpire, which prevents nicks from expiring. + */ +module +{ + name = "ns_set" + + /* + * Allow the use of the IMMED option in the NickServ SET KILL command. + * + * This directive is optional. + */ + #allowkillimmed = yes +} + +command { service = "NickServ"; name = "SET"; command = "nickserv/set"; } +command { service = "NickServ"; name = "SASET"; command = "nickserv/saset"; permission = "nickserv/saset/"; group = "nickserv/admin"; } + +command { service = "NickServ"; name = "SET AUTOOP"; command = "nickserv/set/autoop"; } +command { service = "NickServ"; name = "SASET AUTOOP"; command = "nickserv/saset/autoop"; permission = "nickserv/saset/autoop"; } + +command { service = "NickServ"; name = "SET DISPLAY"; command = "nickserv/set/display"; } +command { service = "NickServ"; name = "SASET DISPLAY"; command = "nickserv/saset/display"; permission = "nickserv/saset/display"; } + +command { service = "NickServ"; name = "SET EMAIL"; command = "nickserv/set/email"; } +command { service = "NickServ"; name = "SASET EMAIL"; command = "nickserv/saset/email"; permission = "nickserv/saset/email"; } + +command { service = "NickServ"; name = "SET KEEPMODES"; command = "nickserv/set/keepmodes"; } +command { service = "NickServ"; name = "SASET KEEPMODES"; command = "nickserv/saset/keepmodes"; permission = "nickserv/saset/keepmodes"; } + +command { service = "NickServ"; name = "SET KILL"; command = "nickserv/set/kill"; } +command { service = "NickServ"; name = "SASET KILL"; command = "nickserv/saset/kill"; permission = "nickserv/saset/kill"; } + +command { service = "NickServ"; name = "SET LANGUAGE"; command = "nickserv/set/language"; } +command { service = "NickServ"; name = "SASET LANGUAGE"; command = "nickserv/saset/language"; permission = "nickserv/saset/language"; } + +command { service = "NickServ"; name = "SET MESSAGE"; command = "nickserv/set/message"; } +command { service = "NickServ"; name = "SASET MESSAGE"; command = "nickserv/saset/message"; permission = "nickserv/saset/message"; } + +/* command { service = "NickServ"; name = "SET PASSWORD"; command = "nickserv/set/password"; } +command { service = "NickServ"; name = "SASET PASSWORD"; command = "nickserv/saset/password"; permission = "nickserv/saset/password"; } +*/ +command { service = "NickServ"; name = "SET SECURE"; command = "nickserv/set/secure"; } +command { service = "NickServ"; name = "SASET SECURE"; command = "nickserv/saset/secure"; permission = "nickserv/saset/secure"; } + +command { service = "NickServ"; name = "SASET NOEXPIRE"; command = "nickserv/saset/noexpire"; permission = "nickserv/saset/noexpire"; } + + +/* + * ns_set_misc + * + * Provides the command nickserv/set/misc. + * + * Allows you to create arbitrary commands to set data, and have that data show up in nickserv/info. + * A field named misc_description may be given for use with help output. + */ +module { name = "ns_set_misc" } +command { service = "NickServ"; name = "SET URL"; command = "nickserv/set/misc"; misc_description = _("Associate a URL with your account"); } +command { service = "NickServ"; name = "SASET URL"; command = "nickserv/saset/misc"; misc_description = _("Associate a URL with this account"); permission = "nickserv/saset/url"; group = "nickserv/admin"; } +#command { service = "NickServ"; name = "SET ICQ"; command = "nickserv/set/misc"; misc_description = _("Associate an ICQ account with your account"); } +#command { service = "NickServ"; name = "SASET ICQ"; command = "nickserv/saset/misc"; misc_description = _("Associate an ICQ account with this account"); permission = "nickserv/saset/icq"; group = "nickserv/admin"; } +#command { service = "NickServ"; name = "SET TWITTER"; command = "nickserv/set/misc"; misc_description = _("Associate a Twitter account with your account"); } +#command { service = "NickServ"; name = "SASET TWITTER"; command = "nickserv/saset/misc"; misc_description = _("Associate a Twitter account with this account"); permission = "nickserv/saset/twitter"; group = "nickserv/admin"; } +#command { service = "NickServ"; name = "SET FACEBOOK"; command = "nickserv/set/misc"; misc_description = _("Associate a Facebook URL with your account"); } +#command { service = "NickServ"; name = "SASET FACEBOOK"; command = "nickserv/saset/misc"; misc_description = _("Associate a Facebook URL with this account"); permission = "nickserv/saset/facebook"; group = "nickserv/admin"; } + +/* + * ns_status + * + * Provides the nickserv/status command. + * + * Used to determine if a user is recognized or identified by services. + */ +module { name = "ns_status" } +command { service = "NickServ"; name = "STATUS"; command = "nickserv/status"; } + +/* + * ns_suspend + * + * Provides the commands nickserv/suspend and nickserv/unsuspend. + * + * Used to suspend and unsuspend nicknames. Suspended nicknames can not be used but their settings are preserved. + */ +module +{ + name = "ns_suspend" + + /* + * The length of time before a suspended nick becomes unsuspended. + * + * This directive is optional. If not set, the default is never. + */ + #suspendexpire = 90d + + /* + * Settings to show to non-opers in NickServ's INFO output. + * Comment to completely disable showing any information about + * suspended nicknames to non-opers. + */ + show = "suspended, by, reason, on, expires" +} +command { service = "NickServ"; name = "SUSPEND"; command = "nickserv/suspend"; permission = "nickserv/suspend"; group = "nickserv/admin"; } +command { service = "NickServ"; name = "UNSUSPEND"; command = "nickserv/unsuspend"; permission = "nickserv/suspend"; group = "nickserv/admin"; } + +/* + * ns_update + * + * Provides the command nickserv/update. + * + * Used to update your status on all channels, turn on your vHost, etc. + */ +module { name = "ns_update" } +command { service = "NickServ"; name = "UPDATE"; command = "nickserv/update"; } + + +/* + * Extra NickServ related modules. + */ + +/* + * ns_maxemail + * + * Limits how many times the same email address may be used in Anope + * to register accounts. + */ +#module +{ + name = "ns_maxemail" + + /* + * The limit to how many registered nicks can use the same e-mail address. If set to 0 or left + * commented, there will be no limit enforced when registering new accounts or using + * /msg NickServ SET EMAIL. + */ + maxemails = 1 +} diff --git a/roles/IRC/templates/anope/operserv.conf.j2 b/roles/IRC/templates/anope/operserv.conf.j2 new file mode 100755 index 0000000..bb82d1f --- /dev/null +++ b/roles/IRC/templates/anope/operserv.conf.j2 @@ -0,0 +1,701 @@ +/* + * Example configuration file for OperServ. + */ + +/* + * First, create the service. + */ +service +{ + /* + * The name of the OperServ client. + * If you change this value, you probably want to change the client directive in the configuration for the operserv module too. + */ + nick = "OperServ" + + /* + * The username of the OperServ client. + */ + user = "services" + + /* + * The hostname of the OperServ client. + */ + host = "ircservices.{{ external_domain }}" + + /* + * The realname of the OperServ client. + */ + gecos = "Operator Service" + + /* + * The modes this client should use. + * Do not modify this unless you know what you are doing. + * + * These modes are very IRCd specific. If left commented, sane defaults + * are used based on what protocol module you have loaded. + * + * Note that setting this option incorrectly could potentially BREAK some, if + * not all, usefulness of the client. We will not support you if this client is + * unable to do certain things if this option is enabled. + */ + #modes = "+o" + + /* + * An optional comma separated list of channels this service should join. Outside + * of log channels this is not very useful, as the service will just idle in the + * specified channels, and will not accept any types of commands. + * + * Prefixes may be given to the channels in the form of mode characters or prefix symbols. + */ + #channels = "@#services,#mychan" +} + +/* + * Core OperServ module. + * + * Provides essential functionality for OperServ. + */ +module +{ + name = "operserv" + + /* + * The name of the client that should be OperServ. + */ + client = "OperServ" + + /* + * These define the default expiration times for, respectively, AKILLs, CHANKILLs, SNLINEs, + * and SQLINEs. + */ + autokillexpiry = 30d + chankillexpiry = 30d + snlineexpiry = 30d + sqlineexpiry = 30d + + /* + * If set, this option will make Services send an AKILL command immediately after it has been + * added with AKILL ADD. This eliminates the need for killing the user after the AKILL has + * been added. + * + * This directive is optional, but recommended. + */ + akillonadd = yes + + /* + * If set, this option will make Services send an (SVS)KILL command immediately after SNLINE ADD. + * This eliminates the need for killing the user after the SNLINE has been added. + * + * This directive is optional. + */ + killonsnline = yes + + /* + * If set, this option will make Services send an (SVS)KILL command immediately after SQLINE ADD. + * This eliminates the need for killing the user after the SQLINE has been added. + * + * This directive is optional. + */ + killonsqline = yes + + /* + * Adds the nickname of the IRC Operator issuing an AKILL to the kill reason. + * + * This directive is optional. + */ + addakiller = yes + + /* + * Adds akill IDs to akills. Akill IDs are given to users in their ban reason and can be used to easily view, + * modify, or remove an akill from the ID. + */ + akillids = yes + + /* + * If set, only IRC Operators will be permitted to use OperServ, regardless of command access restrictions. + * + * This directive is optional, but recommended. + */ + opersonly = yes +} + +/* + * Core OperServ commands. + * + * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules + * are loaded you can then configure the commands to be added to any client you like with any name you like. + * + * Additionally, you may provide a permission name that must be in the opertype of users executing the command. + * + * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior. + */ + +/* Give it a help command. */ +command { service = "OperServ"; name = "HELP"; command = "generic/help"; } + +/* + * os_akill + * + * Provides the command operserv/akill. + * + * Used to ban users from the network. + */ +module { name = "os_akill" } +command { service = "OperServ"; name = "AKILL"; command = "operserv/akill"; permission = "operserv/akill"; } + +/* + * os_chankill + * + * Provides the command operserv/chankill. + * + * Used to akill users from an entire channel. + */ +module { name = "os_chankill" } +command { service = "OperServ"; name = "CHANKILL"; command = "operserv/chankill"; permission = "operserv/chankill"; } + +/* + * os_session + * + * Provides the commands operserv/exception and operserv/session. + * + * This module enables session limiting. Session limiting prevents users from connecting more than a certain + * number of times from the same IP at the same time - thus preventing most types of cloning. + * Once a host reaches it's session limit, all clients attempting to connect from that host will + * be killed. Exceptions to the default session limit can be defined via the exception list. + * + * Used to manage the session limit exception list, and view currently active sessions. + */ +module +{ + name = "os_session" + + /* + * Default session limit per host. Once a host reaches its session limit, all clients attempting + * to connect from that host will be killed. + * + * This directive is required if os_session is loaded. + */ + defaultsessionlimit = 3 + + /* + * The maximum session limit that may be set for a host in an exception. + * + * This directive is required if os_session is loaded. + */ + maxsessionlimit = 100 + + /* + * Sets the default expiry time for session exceptions. + * + * This directive is required if os_session is loaded. + */ + exceptionexpiry = 1d + + /* + * The message that will be NOTICE'd to a user just before they are removed from the network because + * their host's session limit has been exceeded. It may be used to give a slightly more descriptive + * reason for the impending kill as opposed to simply "Session limit exceeded". + * + * This directive is optional, if not set, nothing will be sent. + */ + sessionlimitexceeded = "The session limit for your IP %IP% has been exceeded." + + /* + * Same as above, but should be used to provide a website address where users can find out more + * about session limits and how to go about applying for an exception. + * + * Note: This directive has been intentionally commented out in an effort to remind you to change + * the URL it contains. It is recommended that you supply an address/URL where people can get help + * regarding session limits. + * + * This directive is optional, if not set, nothing will be sent. + */ + #sessionlimitdetailsloc = "Please visit http://your.website.url/ for more information about session limits." + + /* + * If set and is not 0, this directive tells Services to add an AKILL if the number of subsequent kills + * for the same host exceeds this value, preventing the network from experiencing KILL floods. + * + * This directive is optional. + */ + maxsessionkill = 15 + + /* + * Sets the expiry time for AKILLs set for hosts exceeding the maxsessionkill directive limit. + * + * This directive is optional, if not set, defaults to 30 minutes. + */ + sessionautokillexpiry = 30m + + /* + * Sets the CIDR value used to determine which IP addresses represent the same person. + * By default this would limit 3 connections per IPv4 IP and 3 connections per IPv6 IP. + * If you are receiving IPv6 clone attacks it may be useful to set session_ipv6_cidr to + * 64 or 48. + */ + session_ipv4_cidr = 32 + session_ipv6_cidr = 128 +} +command { service = "OperServ"; name = "EXCEPTION"; command = "operserv/exception"; permission = "operserv/exception"; } +command { service = "OperServ"; name = "SESSION"; command = "operserv/session"; permission = "operserv/session"; } + + +/* + * os_defcon + * + * Provides the command operserv/defcon. + * + * Allows you to set services in defcon mode, which can be used to restrict services access + * during bot attacks. + */ +module +{ + name = "os_defcon" + + /* + * Default DefCon level (1-5) to use when starting Services up. Level 5 constitutes normal operation + * while level 1 constitutes the most restrictive operation. If this setting is left out or set to + * 0, DefCon will be disabled and the rest of this block will be ignored. + */ + defaultlevel = 5 + + /* + * The following 4 directives define what operations will take place when DefCon is set to levels + * 1 through 4. Each level is a list that must be separated by spaces. + * + * The following operations can be defined at each level: + * - nonewchannels: Disables registering new channels + * - nonewnicks: Disables registering new nicks + * - nomlockchanges: Disables changing MLOCK on registered channels + * - forcechanmodes: Forces all channels to have the modes given in the later chanmodes directive + * - reducedsessions: Reduces the session limit to the value given in the later sessionlimit directive + * - nonewclients: KILL any new clients trying to connect + * - operonly: Services will ignore all non-IRCops + * - silentoperonly: Services will silently ignore all non-IRCops + * - akillnewclients: AKILL any new clients trying to connect + * - nonewmemos: No new memos will be sent to block MemoServ attacks + */ + level4 = "nonewchannels nonewnicks nomlockchanges reducedsessions" + level3 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions" + level2 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions silentoperonly" + level1 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions silentoperonly akillnewclients" + + /* + * New session limit to use when a DefCon level is using "reduced" session limiting. + */ + sessionlimit = 2 + + /* + * Length of time to add an AKILL for when DefCon is preventing new clients from connecting to the + * network. + */ + akillexpire = 5m + + /* + * The channel modes to set on all channels when the DefCon channel mode system is in use. + * + * Note 1: Choose these modes carefully, because when DefCon switches to a level which does NOT have + * the mode setting selected, Services will set the reverse on all channels, e.g. if this setting + * is +RN when DefCon is used, all channels will be set to +RN, when DefCon is removed, all + * channels will be set to -RN. You don't want to set this to +k for example, because when DefCon + * is removed, all channels are set -k, removing the key from previously keyed channels. + * + * Note 2: MLOCKed modes will not be lost. + */ + chanmodes = "+Ri" + + /* + * This value can be used to automatically return the network to DefCon level 5 after the specified + * time period, just in case any IRC Operator forgets to remove a DefCon setting. + * + * This directive is optional. + */ + timeout = 15m + + /* + * If set, Services will send a global message on DefCon level changes. + * + * This directive is optional. + */ + globalondefcon = yes + + /* + * If set, Services will send the global message defined in the message directive on DefCon level + * changes. + * + * This directive is optional. + */ + #globalondefconmore = yes + + /* + * Defines the message that will be sent on DefCon level changes when globalondefconmore is set. + * + * This directive is required only when globalondefconmore is set. + */ + #message = "Put your message to send your users here. Don't forget to uncomment globalondefconmore" + + /* + * Defines the message that will be sent when DefCon is returned to level 5. This directive is optional, + * and will also override globalondefcon and globalondefconmore when set. + */ + offmessage = "Services are now back to normal; sorry for any inconvenience" + + /* + * Defines the reason to use when clients are KILLed or AKILLed from the network while the proper + * DefCon operation is in effect. + */ + akillreason = "This network is currently not accepting connections. We are working on diagnostics, so please try again later." +} +command { service = "OperServ"; name = "DEFCON"; command = "operserv/defcon"; } + +/* + * os_dns + * + * Provides the command operserv/dns. + * + * This module requires that m_dns is loaded. + * + * This module allows controlling a DNS zone. This is useful for + * controlling what servers users are placed on for load balancing, + * and to automatically remove split servers. + * + * To use this module you must set a nameserver record for services + * so that DNS queries go to services. + * + * Alternatively, you may use a slave DNS server to hide service's IP, + * provide query caching, and provide better fault tolerance. + * + * To do this using BIND, configure similar to: + * + * options { max-refresh-time 60; }; + * zone "irc.example.com" IN { + * type slave; + * masters { 127.0.0.1 port 5353; }; + * }; + * + * Where 127.0.0.1:5353 is the IP and port services are listening on. + * We recommend you externally firewall both UDP and TCP to the port + * Anope is listening on. + * + * Finally set a NS record for irc.example.com. to BIND or services. + */ +#module +{ + name = "os_dns" + + /* TTL for records. This should be very low if your records change often. */ + ttl = 1m + + /* If a server drops this many users the server is automatically removed from the DNS zone. + * This directive is optional. + */ + user_drop_mark = 50 + + /* The time used for user_drop_mark. */ + user_drop_time = 1m + + /* When a server is removed from the zone for dropping users, it is readded after this time. + * This directive is optional. + */ + user_drop_readd_time = 5m + + /* If set, when a server splits, it is automatically removed from the zone. */ + remove_split_servers = yes + + /* If set, when a server connects to the network, it will be automatically added to + * the zone if it is a known server. + */ + readd_connected_servers = no +} +#command { service = "OperServ"; name = "DNS"; command = "operserv/dns"; permission = "operserv/dns"; } + +/* + * os_config + * + * Provides the command operserv/config. + * + * Used to view and set configuration options while services are running. + */ +module { name = "os_config" } +command { service = "OperServ"; name = "CONFIG"; command = "operserv/config"; permission = "operserv/config"; } + +/* + * os_forbid + * + * Provides the command operserv/forbid. + * + * Used to forbid specific nicks, channels, emails, etc. from being used. + */ +module { name = "os_forbid" } +command { service = "OperServ"; name = "FORBID"; command = "operserv/forbid"; permission = "operserv/forbid"; } + +/* + * os_ignore + * + * Provides the command operserv/ignore. + * + * Used to make Services ignore users. + */ +module { name = "os_ignore" } +command { service = "OperServ"; name = "IGNORE"; command = "operserv/ignore"; permission = "operserv/ignore"; } + +/* + * os_info + * + * Provides the command operserv/info. + * + * Used to add oper only notes to users and channels. + */ +module { name = "os_info" } +command { service = "OperServ"; name = "INFO"; command = "operserv/info"; permission = "operserv/info"; } + +/* + * os_jupe + * + * Provides the command operserv/jupe. + * + * Used to disconnect servers from the network and prevent them from relinking. + */ +module { name = "os_jupe" } +command { service = "OperServ"; name = "JUPE"; command = "operserv/jupe"; permission = "operserv/jupe"; } + +/* + * os_kick + * + * Provides the command operserv/kick. + * + * Used to kick users from channels. + */ +module { name = "os_kick" } +command { service = "OperServ"; name = "KICK"; command = "operserv/kick"; permission = "operserv/kick"; } + +/* + * os_kill + * + * Provides the command operserv/kill. + * + * Used to forcibly disconnect users from the network. + */ +module { name = "os_kill" } +command { service = "OperServ"; name = "KILL"; command = "operserv/kill"; permission = "operserv/kill"; } + +/* + * os_list + * + * Provides the commands operserv/chanlist and operserv/userlist. + * + * Used to list and search the channels and users currently on the network. + */ +module { name = "os_list" } +command { service = "OperServ"; name = "CHANLIST"; command = "operserv/chanlist"; permission = "operserv/chanlist"; } +command { service = "OperServ"; name = "USERLIST"; command = "operserv/userlist"; permission = "operserv/userlist"; } + +/* + * os_login + * + * Provides the commands operserv/login and operserv/logout. + * + * Used to login to OperServ, only required if your oper block requires this. + */ +module { name = "os_login" } +command { service = "OperServ"; name = "LOGIN"; command = "operserv/login"; } +command { service = "OperServ"; name = "LOGOUT"; command = "operserv/logout"; } + +/* + * os_logsearch + * + * Provides the command operserv/logsearch. + * + * Used to search services log files. + */ +module +{ + name = "os_logsearch" + + /* The log file name to search. There should be a log{} block configured to log + * to a file of this name. + */ + logname = "services.log" +} +command { service = "OperServ"; name = "LOGSEARCH"; command = "operserv/logsearch"; permission = "operserv/logsearch"; } + +/* + * os_mode + * + * Provides the commands operserv/mode and operserv/umode. + * + * Used to change user and channel modes. + */ +module { name = "os_mode" } +command { service = "OperServ"; name = "UMODE"; command = "operserv/umode"; permission = "operserv/umode"; } +command { service = "OperServ"; name = "MODE"; command = "operserv/mode"; permission = "operserv/mode"; } + +/* + * os_modinfo + * + * Provides the commands operserv/modinfo and operserv/modlist. + * + * Used to show information about loaded modules. + */ +module { name = "os_modinfo" } +command { service = "OperServ"; name = "MODINFO"; command = "operserv/modinfo"; permission = "operserv/modinfo"; } +command { service = "OperServ"; name = "MODLIST"; command = "operserv/modlist"; permission = "operserv/modinfo"; } + +/* + * os_module + * + * Provides the commands operserv/modload, operserv/modreload, and operserv/modunload. + * + * Used to load, reload, and unload modules. + */ +module { name = "os_module" } +command { service = "OperServ"; name = "MODLOAD"; command = "operserv/modload"; permission = "operserv/modload"; } +command { service = "OperServ"; name = "MODRELOAD"; command = "operserv/modreload"; permission = "operserv/modload"; } +command { service = "OperServ"; name = "MODUNLOAD"; command = "operserv/modunload"; permission = "operserv/modload"; } + +/* + * os_news + * + * Provides the commands operserv/logonnews, operserv/opernews, and operserv/randomnews. + * + * Used to configure news notices shown to users when they connect, and opers when they oper. + */ +module +{ + name = "os_news" + + /* + * The service bot names to use to send news to users on connection + * and to opers when they oper. + */ + announcer = "Global" + oper_announcer = "OperServ" + + /* + * The number of LOGON/OPER news items to display when a user logs on. + * + * This directive is optional, if not set it will default to 3. + */ + #newscount = 3 +} +command { service = "OperServ"; name = "LOGONNEWS"; command = "operserv/logonnews"; permission = "operserv/news"; } +command { service = "OperServ"; name = "OPERNEWS"; command = "operserv/opernews"; permission = "operserv/news"; } +command { service = "OperServ"; name = "RANDOMNEWS"; command = "operserv/randomnews"; permission = "operserv/news"; } + +/* + * os_noop + * + * Provides the command operserv/noop. + * + * Used to NOOP a server, which prevents users from opering on that server. + */ +module { name = "os_noop" } +command { service = "OperServ"; name = "NOOP"; command = "operserv/noop"; permission = "operserv/noop"; } + +/* + * os_oline + * + * Provides the command operserv/oline. + * + * Used to set oper flags on users, and is specific to UnrealIRCd. + * See /helpop ?svso on your IRCd for more information. + * + * module { name = "os_oline" } + * command { service = "OperServ"; name = "OLINE"; command = "operserv/oline"; permission = "operserv/oline"; } + */ +/* + * os_oper + * + * Provides the command operserv/oper. + * + * Used to configure opers and show information about opertypes. + */ +module { name = "os_oper" } +command { service = "OperServ"; name = "OPER"; command = "operserv/oper"; permission = "operserv/oper"; } + +/* + * os_reload + * + * Provides the command operserv/reload. + * + * Used to reload the services.conf configuration file. + */ +module { name = "os_reload" } +command { service = "OperServ"; name = "RELOAD"; command = "operserv/reload"; permission = "operserv/reload"; } + +/* + * os_set + * + * Provides the command operserv/set. + * + * Used to set various settings such as superadmin, debug mode, etc. + */ +module +{ + name = "os_set" + + /* + * If set, Services Admins will be able to use SUPERADMIN [ON|OFF] which will temporarily grant + * them extra privileges such as being a founder on ALL channels. + * + * This directive is optional. + */ + superadmin = yes +} +command { service = "OperServ"; name = "SET"; command = "operserv/set"; permission = "operserv/set"; } + +/* + * os_shutdown + * + * Provides the commands operserv/quit, operserv/restart, and operserv/shutdown. + * + * Used to quit, restart, or shutdown services. + */ +module { name = "os_shutdown" } +command { service = "OperServ"; name = "QUIT"; command = "operserv/quit"; permission = "operserv/quit"; } +command { service = "OperServ"; name = "RESTART"; command = "operserv/restart"; permission = "operserv/restart"; } +command { service = "OperServ"; name = "SHUTDOWN"; command = "operserv/shutdown"; permission = "operserv/shutdown"; } + +/* + * os_stats + * + * Provides the operserv/stats command. + * + * Used to show statistics about services. + */ +module { name = "os_stats" } +command { service = "OperServ"; name = "STATS"; command = "operserv/stats"; permission = "operserv/stats"; } + +/* + * os_svs + * + * Provides the commands operserv/svsnick, operserv/svsjoin, and operserv/svspart. + * + * Used to force users to change nicks, join and part channels. + */ +module { name = "os_svs" } +command { service = "OperServ"; name = "SVSNICK"; command = "operserv/svsnick"; permission = "operserv/svs"; } +command { service = "OperServ"; name = "SVSJOIN"; command = "operserv/svsjoin"; permission = "operserv/svs"; } +command { service = "OperServ"; name = "SVSPART"; command = "operserv/svspart"; permission = "operserv/svs"; } + +/* + * os_sxline + * + * Provides the operserv/snline and operserv/sqline commands. + * + * Used to ban real names, nick names, and possibly channels. + */ +module { name = "os_sxline" } +command { service = "OperServ"; name = "SNLINE"; command = "operserv/snline"; permission = "operserv/snline"; } +command { service = "OperServ"; name = "SQLINE"; command = "operserv/sqline"; permission = "operserv/sqline"; } + +/* + * os_update + * + * Provides the operserv/update command. + * + * Use to immediately update the databases. + */ +module { name = "os_update" } +command { service = "OperServ"; name = "UPDATE"; command = "operserv/update"; permission = "operserv/update"; } diff --git a/roles/IRC/templates/anope/services.conf.j2 b/roles/IRC/templates/anope/services.conf.j2 new file mode 100644 index 0000000..7584968 --- /dev/null +++ b/roles/IRC/templates/anope/services.conf.j2 @@ -0,0 +1,1183 @@ +/* + * Example configuration file for Services. After making the appropriate + * changes to this file, place it in the Services data directory (as + * specified in the "configure" script, default /home/username/services/data) + * under the name "services.conf". + * + * The format of this file is fairly simple: three types of comments are supported: + * - All text after a '#' on a line is ignored, as in shell scripting + * - All text after '//' on a line is ignored, as in C++ + * - A block of text like this one is ignored, as in C + * + * Outside of comments, there are three structures: blocks, keys, and values. + * + * A block is a named container, which contains a number of key to value pairs + * - you may think of this as an array. + * + * A block is created like so: + * foobar + * { + * moo = "cow" + * foo = bar + * } + * + * Keys are case insensitive. Values depend on what key - generally, information is + * given in the key comment. The quoting of values (and most other syntax) is quite + * flexible, however, please do not forget to quote your strings: + * + * "This is a parameter string with spaces in it" + * + * If you need to include a double quote inside a quoted string, precede it + * by a backslash: + * + * "This string has \"double quotes\" in it" + * + * Time parameters can be specified either as an integer representing a + * number of seconds (e.g. "3600" = 1 hour), or as an integer with a unit + * specifier: "s" = seconds, "m" = minutes, "h" = hours, "d" = days. + * Combinations (such as "1h30m") are not permitted. Examples (all of which + * represent the same length of time, one day): + * + * "86400", "86400s", "1440m", "24h", "1d" + * + * CAUTION: + * Please note that your services might _CRASH_ if you add more format- + * strings (%s, %d, etc.) to custom messages than Anope needs. Use the + * default messages to see how many format-strings are needed. + * + * In the documentation for each directive, one of the following will be + * included to indicate whether an option is required: + * + * [REQUIRED] + * Indicates a directive which must be given. Without it, Services will + * not start. + * + * [RECOMMENDED] + * Indicates a directive which may be omitted, but omitting it may cause + * undesirable side effects. + * + * [OPTIONAL] + * Indicates a directive which is optional. If not given, the feature + * will typically be disabled. If this is not the case, more + * information will be given in the documentation. + * + * [DISCOURAGED] + * Indicates a directive which may cause undesirable side effects if + * specified. + * + * [DEPRECATED] + * Indicates a directive which will disappear in a future version of + * Services, usually because its functionality has been either + * superseded by that of other directives or incorporated into the main + * program. + */ + +/* + * [OPTIONAL] Defines + * + * You can define values to other values, which can be used to easially change + * every value in the configuration. For example, use: + * + * define + * { + * name = "ChanServ" + * value = "ChannelServ" + * } + * + * To replace every occurance of ChanServ with ChannelServ in the configuration file, + * and in every included configuration file (such as chanserv.example.conf). + */ + +/* + * The services.host define is used in multiple different locations throughout the + * configuration for services clients hostnames. + */ +define +{ + name = "ircservices.{{ external_domain }}" + value = "ircservices.{{ external_domain }}" +} + +/* + * [OPTIONAL] Additional Includes + * + * You can include additional configuration files here. + * You may also include executable files, which will be executed and + * the output from it will be included into your configuration. + */ + +/* +include +{ + type = "file" + name = "some.conf" +} + +include +{ + type = "executable" + name = "/usr/bin/wget -q -O - http://some.misconfigured.network.com/services.conf" +} +*/ + +/* + * [REQUIRED] IRCd Config + * + * This section is used to set up Anope to connect to your IRC network. + * This section can be included multiple times, and Anope will attempt to + * connect to each server until it finally connects. + */ +uplink +{ + /* + * The IP or hostname of the IRC server you wish to connect Services to. + * Usually, you will want to connect Services over 127.0.0.1 (aka localhost). + * + * NOTE: On some shell providers, this will not be an option. + */ + host = "10.0.1.3" + + /* + * Enable if Services should connect using IPv6. + */ + ipv6 = no + + /* + * Enable if Services should connect using SSL. + * You must have m_ssl loaded for this to work. + */ + ssl = no + + /* + * The port to connect to. + * The IRCd *MUST* be configured to listen on this port, and to accept + * server connections. + * + * Refer to your IRCd documentation for how this is to be done. + */ + port = 8067 + + /* + * The password to send to the IRC server for authentication. + * This must match the link block on your IRCd. + * + * Refer to your IRCd documentation for more information on link blocks. + */ + password = "{{ secrets['IRC']['servicespass'] }}" +} + +/* + * [REQUIRED] Server Information + * + * This section contains information about the Services server. + */ +serverinfo +{ + /* + * The hostname that Services will be seen as, it must have no conflicts with any + * other server names on the rest of your IRC network. Note that it does not have + * to be an existing hostname, just one that isn't on your network already. + */ + name = "ircservices.{{ external_domain }}" + + /* + * The text which should appear as the server's information in /whois and similar + * queries. + */ + description = "{{ organization['displayname'] }}/IRCServices" + + /* + * The local address that Services will bind to before connecting to the remote + * server. This may be useful for multihomed hosts. If ommited, Services will let + * the Operating System choose the local address. This directive is optional. + * + * If you don't know what this means or don't need to use it, just leave this + * directive commented out. + */ + #localhost = "ircservices.{{ external_domain }}" + + /* + * What Server ID to use for this connection? + * Note: This should *ONLY* be used for TS6/P10 IRCds. Refer to your IRCd documentation + * to see if this is needed. + */ + #id = "00A" + + /* + * The filename containing the Services process ID. The path is relative to the + * services root directory. If not given, defaults to "data/services.pid". + */ + pid = "/var/lib/anope/runtime/services.pid" + + /* + * The filename containing the Message of the Day. The path is relative to the + * services root directory. If not given, defaults to "conf/services.motd". + */ + motd = "/var/lib/anope/services.motd" +} + +/* + * [REQUIRED] Protocol module + * + * This directive tells Anope which IRCd Protocol to speak when connecting. + * You MUST modify this to match the IRCd you run. + * + * Supported: + * - bahamut + * - inspircd11 + * - inspircd12 + * - inspircd20 + * - plexus + * - ratbox + * - unreal + */ +module +{ + name = "inspircd20" + + /* + * Some protocol modules can enforce mode locks server-side. This reduces the spam caused by + * services immediately reversing mode changes for locked modes. + * + * If the protocol module you have loaded does not support this, this setting will have no effect. + */ + use_server_side_mlock = yes + + /* + * Some protocol modules can enforce topic locks server-side. This reduces the spam caused by + * services immediately reversing topic changes. + * + * If the protocol module you have loaded does not support this, this setting will have no effect. + */ + use_server_side_topiclock = yes +} +/* + * [REQUIRED] Network Information + * + * This section contains information about the IRC network that Services will be + * connecting to. + */ +networkinfo +{ + /* + * This is the name of the network that Services will be running on. + */ + networkname = "{{ organization['displayname'] }}/IRC" + + /* + * Set this to the maximum allowed nick length on your network. + * Be sure to set this correctly, as setting this wrong can result in + * Services being disconnected from the network. This directive is optional, + * but recommended. + */ + nicklen = 12 + + /* Set this to the maximum allowed ident length on your network. + * Be sure to set this correctly, as setting this wrong can result in + * Services being disconnected from the network. This directive is optional, + * but recommended. + */ + userlen = 64 + + /* Set this to the maximum allowed hostname length on your network. + * Be sure to set this correctly, as setting this wrong can result in + * Services being disconnected from the network. This directive is optional, + * but recommended. + */ + hostlen = 64 + + /* This is the maximum channel length ? + * Added 11-12-2015 for testing + */ + chanlen = 20 + + /* Adding vhost definitions. + */ + vhost_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-" +} + +/* + * [REQUIRED] Services Options + * + * This section contains various options which determine how Services will operate. + */ +options +{ + /* + * The case mapping used by services. This must be set to a valid locale name + * installed on your machine. Services use this case map to compare, with + * case insensitivity, things such as nick names, channel names, etc. + * + * We provide two special casemaps shipped with Anope, ascii and rfc1459. + * + * This value should be set to what your IRCd uses, which is probably rfc1459, + * however Anope has always used ascii for comparison, so the default is ascii. + * + * Changing this value once set is not recommended. + */ + casemap = "ascii" + + /* + * The maximum length of passwords + */ + passlen = 32 + + /* + * This key is used to initiate the random number generator. This number + * MUST be random as you want your passcodes to be random. Don't give this + * key to anyone! Keep it private! + * + * NOTE: If you don't uncomment this or keep the default values, any talented + * programmer would be able to easily "guess" random strings used to mask + * information. Be safe, and come up with a 7-digit number. + * + * This directive is optional, but highly recommended. + */ + seed = 7861233 + + /* + * Allows Services to continue file write operations (i.e. database saving) + * even if the original file cannot be backed up. Enabling this option may + * allow Services to continue operation under conditions where it might + * otherwise fail, such as a nearly-full disk. + * + * NOTE: Enabling this option can cause irrecoverable data loss under some + * conditions, so make CERTAIN you know what you're doing when you enable it! + * + * This directive is optional, and you are discouraged against enabling it. + */ + #nobackupokay = yes + + /* + * If set, Services will perform more stringent checks on passwords. If this + * isn't set, Services will only disallow a password if it is the same as the + * entity (nickname name) with which it is associated. When set, however, + * Services will also check that the password is at least five + * characters long, and in the future will probably check other things + * as well. + * + * This directive is optional, but recommended. + */ + strictpasswords = yes + + /* + * Sets the number of invalid password tries before Services removes a user + * from the network. If a user enters a number of invalid passwords equal to + * the given amount for any Services function or combination of functions + * during a single IRC session (subject to badpasstimeout, below), Services + * will issues a /KILL for the user. If not given, Services will ignore + * failed password attempts (though they will be logged in any case). + * + * This directive is optional, but recommended. + */ + badpasslimit = 5 + + /* + * Sets the time after which invalid passwords are forgotten about. If a user + * does not enter any incorrect passwords in this amount of time, the incorrect + * password count will reset to zero. If not given, the timeout will be + * disabled, and the incorrect password count will never be reset until the user + * disconnects. + * + * This directive is optional. + */ + badpasstimeout = 1h + + /* + * Sets the delay between automatic database updates. This time is reset by + * the OperServ UPDATE command. + */ + updatetimeout = 5m + + /* + * Sets the delay between checks for expired nicknames and channels. The + * OperServ UPDATE command will also cause a check for expiration and reset + * this timer. + */ + expiretimeout = 30m + + /* + * Sets the timeout period for reading from the uplink. + */ + readtimeout = 5s + + /* + * Sets the interval between sending warning messages for program errors via + * WALLOPS/GLOBOPS. + */ + warningtimeout = 4h + + /* + * Sets the (maximum) frequency at which the timeout list is checked. This, + * combined with readtimeout above, determines how accurately timed events, + * such as nick kills, occur; it also determines how much CPU time Services + * will use doing this. Higher values will cause less accurate timing but + * less CPU usage. + * + * This shouldn't be set any higher than 10 seconds, and 1 second is best + * if your system is powerful enough (or your network small enough) to + * handle it. 0 will cause the timeout list to be checked every time + * through the main loop, which will probably slow down Services too much + * to be useful on most networks. + * + * Note that this value is not an absolute limit on the period between + * checks of the timeout list; the previous may be as great as readtimeout + * (above) during periods of inactivity. + * + * If this directive is not given, it will default to 0. See the 2nd paragraph + * above for performance impacts if you do this. + */ + timeoutcheck = 3s + + /* + * Sets the number of days backups of databases are kept. If you don't give it, + * or if you set it to 0, Services won't backup the databases. + * + * NOTE: Services must run 24 hours a day for this feature to work. + * + * This directive is optional, but recommended. + */ + keepbackups = 15 + + /* + * If set, Services will require a reason when a FORBID is added, else the + * reason is optional. This directive also applies to SUSPENDed channels as + * well. + * + * This directive is optional. + */ + forceforbidreason = yes + + /* + * If set, this will allow users to let Services send PRIVMSGs to them + * instead of NOTICEs. Also see the defmsg option of nickserv:defaults, + * which also toggles the default communication (PRIVMSG or NOTICE) to + * use for unregistered users. + * + * This is a feature that is against the IRC RFC and should be used ONLY + * if absolutely necessary. + * + * This directive is optional, and not recommended. + */ + #useprivmsg = yes + + /* + * If set, will force Services to only respond to PRIVMSGs addresses to + * Nick@ServerName - e.g. NickServ@localhost.net. This should be used in + * conjunction with IRCd aliases. This directive is optional. + * + * When using Bahamut, this option will NOT work if the uplink server is + * configured as a services hub. The serviceshub option is not designed to + * be used with Anope. + */ + #usestrictprivmsg = yes + + /* + * If set, Services will only show /stats o to IRC Operators. This directive + * is optional. + */ + #hidestatso = yes + + /* + * Prevents users from registering their nick if they are not connected + * for at least the given number of seconds. + * + * This directive is optional. + */ + #nickregdelay = 30 + + /* + * If set, forbids the registration of nicks that contain an existing + * nick with Services access. For example, if Tester is a Services Oper, + * you can't register NewTester or Tester123 unless you are an IRC + * Operator. + * + * NOTE: If you enable this, you will have to be logged in as an IRC + * operator in order to register a Services Root nick when setting up + * Anope for the first time. + * + * This directive is optional. + */ + #restrictopernicks = yes + + /* + * The number of LOGON/OPER news items to display when a user logs on. + * + * This directive is optional, if no set it will default to 3. + */ + #newscount = 3 + + /* + * A space-separated list of ulined servers on your network, it is assumed that + * the servers in this list are allowed to set channel modes and Services will + * not attempt to reverse their mode changes. + * + * WARNING: Do NOT put your normal IRC user servers in this directive. + * + * This directive is optional. + */ + #ulineservers = "stats.your.network" + + /* + * Modes to set on service bots when they join channels, comment this out for no modes + * + * This directive is optional. + */ + botmodes = "ao" + + /* + * How long to wait between connection retries, in seconds. + */ + retrywait = 60 + + /* + * If set, Services will hide commands that users don't have the privileges to execute + * from HELP output. + */ + hideprivilegedcommands = no + + /* + * If set, Services do not allow ownership of nick names, only ownership of accounts. + */ + nonicknameownership = no + + /* The regex engine to use, as provided by the regex modules. + * Leave commented to disable regex matching. + * + * Note for this to work the regex module providing the regex engine must be loaded. + */ + regexengine = "regex/pcre" +} + +/* + * [OPTIONAL] BotServ + * + * Includes botserv.example.conf, which is necessary for BotServ functionality. + * + * Remove this block to disable BotServ. + +include +{ + type = "file" + name = "botserv.conf" +} +*/ /* TODO: This is disabled for now. */ + +/* + * [RECOMMENDED] ChanServ + * + * Includes chanserv.example.conf, which is necessary for ChanServ functionality. + * + * Remove this block to disable ChanServ. + */ +include +{ + type = "file" + name = "chanserv.conf" +} + +/* + * [RECOMMENDED] Global + * + * Includes global.example.conf, which is necessary for Global functionality. + * + * Remove this block to disable Global. + */ +include +{ + type = "file" + name = "global.conf" +} + +/* + * [OPTIONAL] HostServ + * + * Includes hostserv.example.conf, which is necessary for HostServ functionality. + * + * Remove this block to disable HostServ. + */ +include +{ + type = "file" + name = "hostserv.conf" +} + +/* + * [OPTIONAL] MemoServ + * + * Includes memoserv.example.conf, which is necessary for MemoServ functionality. + * + * Remove this block to disable MemoServ. + */ +include +{ + type = "file" + name = "memoserv.conf" +} + +/* + * [OPTIONAL] NickServ + * + * Includes memoserv.example.conf, which is necessary for NickServ functionality. + * + * Remove this block to disable NickServ. + */ +include +{ + type = "file" + name = "nickserv.conf" +} + +/* + * [RECOMMENDED] OperServ + * + * Includes operserv.example.conf, which is necessary for OperServ functionality. + * + * Remove this block to disable OperServ. + */ +include +{ + type = "file" + name = "operserv.conf" +} + +/* + * [RECOMMENDED] Logging Configuration + * + * This section is used for configuring what is logged and where it is logged to. + * You may have multiple log blocks if you wish. Remember to properly secure any + * channels you choose to have Anope log to! + */ +log +{ + /* + * Target(s) to log to, which may be one of the following: + * - a channel name + * - a filename + * - globops + */ + target = "anope-services.log #services" + + /* Log to both services.log and the channel #services + * + * Note that some older IRCds, such as Ratbox, require services to be in the + * log channel to be able to message it. To do this, configure service:channels to + * join your logging channel. + */ + #target = "services.log #services" + + /* + * The source(s) to only accept log messages from. Leave commented to allow all sources. + * This can be a users name, a channel name, one of our clients (eg, OperServ), or a server name. + */ + #source = "" + + /* + * The number of days to keep logfiles, only useful if you are logging to a file. + * Set to 0 to never delete old logfiles. + * + * Note that Anope must run 24 hours a day for this feature to work correctly. + */ + logage = 7 + + /* + * What types of log messages should be logged by this block. There are nine general categories: + * + * admin - Execution of admin commands (OperServ, etc). + * override - A services operator using their powers to execute a command they couldn't normally. + * commands - Execution of general commands. + * servers - Server actions, linking, squitting, etc. + * channels - Actions in channels such as joins, parts, kicks, etc. + * users - User actions such as connecting, disconnecting, changing name, etc. + * other - All other messages without a category. + * rawio - Logs raw input and output from services + * debug - Debug messages (log files can become VERY large from this). + * + * These options determine what messages from the categories should be logged. Wildcards are accepted, and + * you can also negate values with a ~. For example, "~operserv/akill operserv/*" would log all operserv + * messages except for operserv/akill. Note that processing stops at the first matching option, which + * means "* ~operserv/*" would log everything because * matches everything. + * + * Valid admin, override, and command options are: + * pesudo-serv/commandname (eg, operserv/akill, chanserv/set) + * + * Valid server options are: + * connect, quit, sync, squit + * + * Valid channel options are: + * create, destroy, join, part, kick, leave, mode + * + * Valid user options are: + * connect, disconnect, quit, nick, ident, host, mode, maxusers, oper + * + * Rawio and debug are simple yes/no answers, there are no types for them. + * + * Note that modules may add their own values to these options. + */ + admin = "operserv/*" + override = "chanserv/* nickserv/* memoserv/set botserv/* ~botserv/set" + commands = "~operserv/* *" + servers = "*" + #channels = "~mode *" + users = "connect disconnect nick" + other = "*" + rawio = no + debug = no +} + +/* + * A log block to globops some useful things. + */ +log +{ + target = "globops" + admin = "global/* operserv/mode operserv/kick operserv/akill operserv/s*line operserv/noop operserv/jupe operserv/oline operserv/set operserv/svsnick nickserv/getpass */drop" + servers = "squit" + users = "oper" + other = "expire/* bados akill/*" +} + +/* + * [RECOMMENDED] Oper Access Config + * + * This section is used to set up staff access to restricted oper only commands. + * You may define groups of commands and privileges, as well as who may use them. + * + * This block is recommended, as without it you will be unable to access most oper commands. + * It replaces the old ServicesRoot directive amongst others. + * + * The command names below are defaults and are configured in the *serv.conf's. If you configure + * additional commands with permissions, such as commands from third party modules, the permissions + * must be included in the opertype block before the command can be used. + * + * Available privileges: + * botserv/administration - Can perform certain BotServ administrative tasks + * chanserv/access/modify - Can modify channel access and akick lists + * chanserv/auspex - Can see any information with /chanserv info + * chanserv/no-register-limit - May register an unlimited number of channels and nicknames + * chanserv/set - Can modify the settings of any channel (incl. changing of the owner!) + * memoserv/info - Can see any information with /memoserv info + * memoserv/set-limit - Can set the limit of max stored memos on any user and channel + * memoserv/no-limit - Can send memos through limits and throttles + * nickserv/access - Can modify other users access list + * nickserv/auspex - Can see any information with /nickserv info + * nickserv/confirm - Can confirm other users nicknames + * nickserv/drop - Can drop other users nicks + * + * Available commands: + * botserv/bot/del botserv/bot/add botserv/bot/change botserv/assign/private + * botserv/botlist botserv/set/private botserv/set/nobot + * + * chanserv/access/list chanserv/drop chanserv/getkey chanserv/invite + * chanserv/list chanserv/suspend chanserv/topic chanserv/clearusers + * + * chanserv/saset/bantype chanserv/saset/description chanserv/saset/email + * chanserv/saset/founder chanserv/saset/keeptopic chanserv/saset/restricted + * chanserv/saset/peace chanserv/saset/persist chanserv/saset/private + * chanserv/saset/secure chanserv/saset/securefounder chanserv/saset/secureops + * chanserv/saset/signkick chanserv/saset/successor chanserv/saset/topiclock + * chanserv/saset/url chanserv/saset/noexpire + * + * memoserv/sendall memoserv/staff + * + * nickserv/getpass nickserv/sendpass nickserv/getemail nickserv/suspend + * nickserv/resetpass nickserv/release nickserv/list + * + * nickserv/saset/autoop nickserv/saset/email nickserv/saset/greet + * nickserv/saset/icq nickserv/saset/kill nickserv/saset/language nickserv/saset/message + * nickserv/saset/private nickserv/saset/secure nickserv/saset/url nickserv/saset/noexpire + * + * hostserv/set hostserv/del + * + * global/global + * + * operserv/news operserv/stats operserv/kick operserv/exception + * operserv/mode operserv/session operserv/modlist operserv/ignore + * operserv/chankill operserv/akill operserv/sqline operserv/snline + * operserv/szline operserv/oper operserv/config operserv/umode + * operserv/modload operserv/jupe operserv/set operserv/noop + * operserv/quit operserv/update operserv/reload operserv/restart + * operserv/shutdown operserv/svsnick operserv/oline operserv/kill + * + * Firstly, we define 'opertypes' which are named whatever we want ('Network Administrator', etc). + * These can contain commands for oper-only strings (see above) which grants access to that specific command, + * and privileges (which grant access to more general permissions for the named area). + * Wildcard entries are permitted for both, e.g. 'commands = "operserv/*"' for all OperServ commands. + * + * Below are some default example types, but this is by no means exhaustive, + * and it is recommended that you configure them to your needs. + */ + +opertype +{ + /* The name of this opertype */ + name = "Helper" + + /* What commands (see above) this opertype has */ + commands = "hostserv/*" +} + +opertype +{ + /* The name of this opertype */ + name = "Services Operator" + + /* What opertype(s) this inherits from. Seperate with a comma. */ + inherits = "Helper, Another Helper" + + /* What commands (see above) this opertype may use */ + commands = "chanserv/list chanserv/suspend chanserv/topic memoserv/staff nickserv/list nickserv/sendpass nickserv/resetpass nickserv/suspend operserv/mode operserv/chankill operserv/szline operserv/akill operserv/session operserv/modlist operserv/sqline operserv/oper operserv/kick operserv/ignore operserv/snline" + + /* What privs (see above) this opertype has */ + privs = "chanserv/auspex chanserv/no-register-limit memoserv/* nickserv/auspex nickserv/confirm" + + /* + * Modes to be set on users when they identify to accounts linked to this opertype. + * + * This can be used to automatically oper users who identify for services operator accounts, and is + * useful for setting modes such as Plexus's user mode +N. + * + * Note that some IRCds, such as InspIRCd, do not allow directly setting +o, and this will not work. + */ + #modes = "+o" +} + +opertype +{ + name = "Services Administrator" + + inherits = "Services Operator" + + commands = "chanserv/access/list chanserv/drop chanserv/getkey chanserv/saset/noexpire memoserv/sendall nickserv/saset/* nickserv/getemail operserv/news operserv/jupe operserv/svsnick operserv/stats operserv/oline operserv/noop operserv/forbid global/*" + + privs = "*" +} + +opertype +{ + name = "Services Root" + + commands = "*" + + privs = "*" +} + +/* + * After defining different types of operators in the above opertype section, we now define who is in these groups + * through 'oper' blocks, similar to ircd access. + * + * The default is to comment these out (so NOBODY will have Services access). + * You probably want to add yourself and a few other people at minimum. + * + * As with all permissions, make sure to only give trustworthy people access to Services. + */ + +/* Include services operators from YAML */ +{% for oper in secrets['IRC']['opers'] %} +oper +{ + name = "{{ oper }}" + type = "Services Root" + require_oper = "yes" +} +{% endfor %} + +/* + * [OPTIONAL] Mail Config + * + * This section contains settings related to the use of e-mail from Services. + * If the usemail directive is set to yes, unless specified otherwise, all other + * directives are required. + * + * NOTE: Users can find the IP of the machine services is running on by examining + * mail headers. If you do not want your IP known, you should set up a mail relay + * to strip the relevant headers. + */ +mail +{ + /* + * If set, this option enables the mail commands in Services. You may choose + * to disable it if you have no Sendmail-compatible mailer installed. Whilst + * this directive (and entire block) is optional, it is required if the + * nickserv:emailregistration is set to yes. + */ + usemail = no + + /* + * This is the command-line that will be used to call the mailer to send an + * e-mail. It must be called with all the parameters needed to make it + * scan the mail input to find the mail recipient; consult your mailer + * documentation. + * + * Postfix users must use the compatible sendmail utility provided with + * it. This one usually needs no parameters on the command-line. Most + * sendmail applications (or replacements of it) require the -t option + * to be used. + */ + sendmailpath = "/usr/sbin/sendmail -t" + + /* + * This is the e-mail address from which all the e-mails are to be sent from. + * It should really exist. + */ + sendfrom = "services@localhost.net" + + /* + * If set, SENDPASS and RESETPASS will be restricted to IRC operators. + * This directive is optional. + * + * WARNING: If you choose to not enable this option, you should limit the + * number of processes that the services user can have at a time (you can + * create a special user for this; remember to NEVER launch Services as + * root). + */ + restrict = yes + + /* + * This controls the minimum amount of time a user must wait before sending + * another e-mail after they have sent one. It also controls the minimum time + * a user must wait before they can receive another e-mail. + * + * This feature prevents users from being mail bombed using Services and + * it is highly recommended that it be used. + * + * This directive is optional, but highly recommended. + */ + delay = 5m + + /* + * If set, Services will not attempt to put quotes around the TO: fields + * in e-mails. + * + * This directive is optional, and as far as we know, it's only needed + * if you are using ESMTP or QMail to send out e-mails. + */ + #dontquoteaddresses = yes + + /* + * The subject and message of emails sent to users when they register accounts. + */ + registration_subject = "Nickname Registration for %n" + registration_message = "Hi, + + You have requested to register the nickname %n on %N. + Please type \" /msg NickServ confirm %c \" to complete registration. + + If you don't know why this mail was sent to you, please ignore it silently. + %N administrators." + + /* + * The subject and message of emails sent to users when they request a new password. + */ + reset_subject = "N/A" /* "Reset password request for %n" */ + reset_message = "N/A" /* "Hi, You have requested to have the password for %n reset. To reset your password, type \"/msg NickServ CONFIRM %n %c\". If you don't know why this mail was sent to you, please ignore it silently. %N administrators." */ + + /* + * The subject and message of emails sent to users when they request SENDPASS. + */ + sendpass_subject = "N/A" /* "Nickname password for %n" */ + sendpass_message = "N/A" /* "Hi, You have requested to receive the password of nickname %n by e-mail. The password is %p. For security purposes, you should change it as soon as you receive this mail. If you don't know why this mail was sent to you, please ignore it silently. %N administrators." */ + + /* + * The subject and message of emails sent to users when they request a new email address. + */ + emailchange_subject = "Email confirmation" + emailchange_message = "Hi, + + You have requested to change your email address to %e. + Please type \" /msg NickServ confirm %c \" to confirm this change. + + If you don't know why this mail was sent to you, please ignore it silently. + + %N administrators." + + /* + * The subject and message of emails sent to users when they recieve a new memo. + */ + memo_subject = "New memo" + memo_message = "Hi %n + You've just received a new memo from %s. This is memo number %d. + + Memo text: + + %t" +} + +/* + * [OPTIONAL] DNS Config + * + * This section is used to configure DNS. + * At this time DNS is only used by a few modules (m_dnsbl) + * and is not required by the core to function. + */ +dns +{ + /* + * The nameserver to use for resolving hostnames, must be an IP or a resolver configuration file. + * The below should work fine on all unix like systems. Windows users will have to find their nameservers + * from ipconfig /all and put the IP here + */ + nameserver = "/etc/resolv.conf" + #nameserver = "127.0.0.1" + + /* + * How long to wait in seconds before a DNS query has timed out + */ + timeout = 5 +} + +/* + * [REQUIRED] Database configuration. + * + * This section is used to configure databases used by Anope. + * You should at least load one database method, otherwise any data you + * have will not be stored! + */ + +/* + * [DEPRECATED] db_old + * + * This is the old binary database format from late Anope 1.7.x, Anope 1.8.x, and + * early Anope 1.9.x. This module only loads these databases, and will NOT save them. + * You should only use this to upgrade old databases to a newer database format by loading + * other database modules in addition to this one, which will be used when saving databases. + */ +#module { name = "db_old" } +db_old +{ + /* + * This is the encryption type used by the databases. This must be set correctly or + * your passwords will not work. Valid options are: md5, oldmd5, sha1, and plain. + */ + #hash = "md5" +} + +/* + * [DEPRECATED] db_plain + * + * This is the flatfile database format from Anope-1.9.2 to Anope-1.9.5. + * To convert from this format, load both this and db_flatfile. Be sure to name db_flatfile's + * target database to something else. Start Anope then shut down so the new database will be written. + * Then unload this and restart Anope, loading from the new database. + */ +#module { name = "db_plain" } +/*db_plain + *{ + * + * The database name db_plain should use + * + * database = "/var/db/anope/anope.db" +}*/ + +/* + * db_flatfile + * + * This is the default flatfile database format. + */ +module { name = "db_flatfile" } +db_flatfile +{ + /* + * The database name db_flatfile should use + */ + database = "anope.db" +} + +/* + * db_sql + * + * This module allows saving and loading databases using one of the SQL engines. + * This module loads the databases once on startup, then incrementally updates + * objects in the database as they are changed within Anope in real time. Changes + * to the SQL tables not done by Anope will have no effect and will be overwritten. + * + */ +#module { name = "db_sql" } + +/* + * db_sql_live + * + * This module allows saving and loading databases using one of the SQL engines. + * This module reads and writes to SQL in real time. Changes to the SQL tables + * will be immediately reflected into Anope. This module should not be loaded + * in conjunction with db_sql. + */ +#module { name = "db_sql_live" } + +db_sql +{ + /* + * The SQL service db_sql(_live) should use, these are configured in modules.conf. + * For MySQL, this should probably be mysql/main. + */ + engine = "sqlite/main" + + /* + * An optional prefix to prepended to the name of each created table. + * Do not use the same prefix for other programs. + */ + #prefix = "anope_db_" +} + +/* + * [REQUIRED] Encryption modules. + * + * The encryption modules are used when dealing with passwords. This determines how + * the passwords are stored in the databases, and does not add any security as + * far as transmitting passwords over the network goes. + * + * Without any encryption modules, passwords will be stored in plain text, allowing + * for passwords to be recovered later but isn't secure therefore is not recommended. + * + * The other encryption modules use one-way encryption, so the passwords can not + * be recovered later if those are used. + * + * NOTE: enc_old is Anope's previous (broken) MD5 implementation, if your databases + * were made using that module, continue to use it and do not use enc_md5. + * + * NOTE: enc_sha1 relies on how the OS stores 2+ byte data internally, and is + * potentially broken when moving between 2 different OSes, such as moving from + * Linux to Windows. It is recommended that you use enc_sha256 instead if you want + * to use an SHA-based encryption. If you choose to do so, it is also recommended + * that you first try to get everyone's passwords converted to enc_sha256 before + * switching OSes by placing enc_sha256 at the beginning of the list. + * + * The first encryption module loaded is the primary encryption module. All new passwords are + * encrypted by this module. Old passwords stored in another encryption method are + * automatically re-encrypted by the primary encryption module on next identify. + */ +#module { name = "enc_md5" } +#module { name = "enc_sha1" } +module { name = "enc_sha256" } + +/* + * When using enc_none, passwords will be stored without encryption in plain + * text, allowing for passwords to be recovered later. This isn't secure therefore + * is not recommended. + */ +#module { name = "enc_none" } + +/* + * enc_old is Anope's previous (broken) MD5 implementation, if your databases + * were made using that module, load it here to allow conversion to the primary + * encryption method. + */ +#module { name = "enc_old" } + +/* Extra (optional) modules */ +include +{ + type = "file" + name = "modules.conf" +} + +/* + * Chanstats Modules + * Requires a MySQL Database + */ + +#include +#{ +# type = "file" +# name = "chanstats.example.conf" +#} diff --git a/roles/IRC/templates/inspircd/inspircd.conf.j2 b/roles/IRC/templates/inspircd/inspircd.conf.j2 new file mode 100644 index 0000000..74af23c --- /dev/null +++ b/roles/IRC/templates/inspircd/inspircd.conf.j2 @@ -0,0 +1,597 @@ +#-#-#-#-#-#-#-#-#-# INCLUDE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# # +# + + + + + + +#-#-#-#-#-#-#-#-#-#-#-# VARIABLE DEFINITIONS -#-#-#-#-#-#-#-#-#-#-#-# +# # +# You can define variables that will be substituted later in the # +# configuration file. This can be useful to allow settings to be # +# easily changed, or to parameterize a remote includes. # +# # +# Variables may be redefined and may reference other variables. # +# Value expansion happens at the time the tag is read. # +# # +# Using variable definitions REQUIRES that the config format be # +# changed to "xml" from the default "compat" that uses escape # +# sequences such as "\"" and "\n", and does not support # + +# +# + +#-#-#-#-#-#-#-#-#-#-#-#- SERVER DESCRIPTION -#-#-#-#-#-#-#-#-#-#-#-#- +# # +# Here is where you enter the information about your server. # +# # + + + +#-#-#-#-#-#-#-#-#-#-#-#- ADMIN INFORMATION -#-#-#-#-#-#-#-#-#-#-#-# +# # +# Describes the Server Administrator's real name (optionally), # +# nick, and email address. # +# # + + +#-#-#-#-#-#-#-#-#-#-#-#- PORT CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- +# # +# Enter the port and address bindings here. # +# # +# j + + + + + + + + + + + + + + + +#-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# +# # +# This is where you can configure which connections are allowed # +# and denied access onto your server. The password is optional. # +# You may have as many of these as you require. To allow/deny all # +# connections, use a '*' or 0.0.0.0/0. # +# # +# -- It is important to note that connect tags are read from the -- # +# TOP DOWN. This means that you should have more specific deny # +# and allow tags at the top, progressively more general, followed # +# by a # + +# +# + + + +#-#-#-#-#-#-#-#-#-#-#-#- CIDR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- +# # +# CIDR configuration allows detection of clones and applying of # +# throttle limits across a CIDR range. (A CIDR range is a group of # +# IPs, for example, the CIDR range 192.168.1.0-192.168.1.255 may be # +# represented as 192.168.1.0/24). This means that abuse across an ISP # +# is detected and curtailed much easier. Here is a good chart that # +# shows how many IPs the different CIDRs correspond to: # +# http://en.wikipedia.org/wiki/CIDR#Prefix_aggregation # +# # + + +#-#-#-#-#-#-#-#-#-#-#-# MAXIMUM CHANNELS -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# # + + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-# DNS SERVER -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# If these values are not defined, InspIRCd uses the default DNS resolver +# of your system. +# +# + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-# PID FILE -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# Define the path to the PID file here. The PID file can be used to # +# rehash the ircd from the shell or to terminate the ircd from the # +# shell using shell scripts, perl scripts, etc... and to monitor the # +# ircd's state via cron jobs. If this is a relative path, it will be # +# relative to the configuration directory, and if it is not defined, # +# the default of 'inspircd.pid' is used. # +# # + + +#-#-#-#-#-#-#-#-#-#-#-#-#- BANLIST LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# Use these tags to customise the ban limits on a per channel basis. # +# The tags are read from top to bottom, and any tag found which # +# matches the channels name applies the banlimit to that channel. # +# It is advisable to put an entry with the channel as '*' at the # +# bottom of the list. If none are specified or no maxbans tag is # +# matched, the banlist size defaults to 64 entries. # +# # +# + + +#-#-#-#-#-#-#-#-#-#-#- DISABLED FEATURES -#-#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# This tag is optional, and specifies one or more features which are # +# not available to non-operators. # +# # +# For example you may wish to disable NICK and prevent non-opers from # +# changing their nicknames. # +# Note that any disabled commands take effect only after the user has # +# 'registered' (e.g. after the initial USER/NICK/PASS on connection) # +# so for example disabling NICK will not cripple your network. # +# # +# You can also define if you want to disable any channelmodes # +# or usermodes from your users. # +# # +# `fakenonexistant' will make the ircd pretend that nonexistant # +# commands simply don't exist to non-opers ("no such command"). # +# # +# + + +#-#-#-#-#-#-#-#-#-#-#-#-#- SERVER OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# Settings to define which features are usable on your server. # +# # + + + + # suffixpart: What (if anything) users' part message + # should be suffixed with. + suffixpart=""" + + # fixedquit: Set all users' quit messages to this value. + #fixedquit="" + + # fixedpart: Set all users' part messages in all channels + # to this value. + #fixedpart="" + + # syntaxhints: If enabled, if a user fails to send the correct parameters + # for a command, the ircd will give back some help text of what + # the correct parameters are. + syntaxhints="no" + + # cyclehosts: If enabled, when a user gets a host set, it will cycle + # them in all their channels. If not, it will simply change their host + # without cycling them. + cyclehosts="no" + + # cyclehostsfromuser: If enabled, the source of the mode change for + # cyclehosts will be the user who cycled. This can look nicer, but + # triggers anti-takeover mechanisms of some obsolete bots. + cyclehostsfromuser="no" + + # ircumsgprefix: Use undernet-style message prefixing for NOTICE and + # PRIVMSG. If enabled, it will add users' prefix to the line, if not, + # it will just message the user normally. + ircumsgprefix="no" + + # announcets: If set to yes, when the timestamp on a channel changes, all users + # in the channel will be sent a NOTICE about it. + announcets="yes" + + # allowmismatch: Setting this option to yes will allow servers to link even + # if they don't have the same "optionally common" modules loaded. Setting this to + # yes may introduce some desyncs and unwanted behaviour. + allowmismatch="no" + + # defaultbind: Sets the default for tags without an address. Choices are + # ipv4 or ipv6; if not specified, IPv6 will be used if your system has support, + # falling back to IPv4 otherwise. + defaultbind="auto" + + # hostintopic: If enabled, channels will show the host of the topic setter + # in the topic. If set to no, it will only show the nick of the topic setter. + hostintopic="yes" + + # pingwarning: If a server does not respond to a ping within x seconds, + # it will send a notice to opers with snomask +l informing that the server + # is about to ping timeout. + pingwarning="15" + + # serverpingfreq: How often pings are sent between servers (in seconds). + serverpingfreq="60" + + # defaultmodes: What modes are set on a empty channel when a user + # joins it and it is unregistered. + defaultmodes="not" + + # moronbanner: This is the text that is sent to a user when they are + # banned from the server. + moronbanner="You're banned! Contact {{ organization['email'] }} with the ERROR line below for help." + + # exemptchanops: exemptions for channel access restrictions based on prefix. + exemptchanops="nonick:v flood:o" + + # invitebypassmodes: This allows /invite to bypass other channel modes. + # (Such as +k, +j, +l, etc.) + invitebypassmodes="yes" + + # nosnoticestack: This prevents snotices from 'stacking' and giving you + # the message saying '(last message repeated X times)'. Defaults to no. + nosnoticestack="no" + + # welcomenotice: When turned on, this sends a NOTICE to connecting users + # with the text Welcome to ! after successful registration. + # Defaults to yes. + welcomenotice="yes"> + + +#-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-# +# # + + + +#-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# +# # + +