/* * Example configuration file for OperServ. */ /* * First, create the service. */ service { /* * The name of the OperServ client. * If you change this value, you probably want to change the client directive in the configuration for the operserv module too. */ nick = "OperServ" /* * The username of the OperServ client. */ user = "services" /* * The hostname of the OperServ client. */ host = "ircservices.{{ external_domain }}" /* * The realname of the OperServ client. */ gecos = "Operator Service" /* * The modes this client should use. * Do not modify this unless you know what you are doing. * * These modes are very IRCd specific. If left commented, sane defaults * are used based on what protocol module you have loaded. * * Note that setting this option incorrectly could potentially BREAK some, if * not all, usefulness of the client. We will not support you if this client is * unable to do certain things if this option is enabled. */ #modes = "+o" /* * An optional comma separated list of channels this service should join. Outside * of log channels this is not very useful, as the service will just idle in the * specified channels, and will not accept any types of commands. * * Prefixes may be given to the channels in the form of mode characters or prefix symbols. */ #channels = "@#services,#mychan" } /* * Core OperServ module. * * Provides essential functionality for OperServ. */ module { name = "operserv" /* * The name of the client that should be OperServ. */ client = "OperServ" /* * These define the default expiration times for, respectively, AKILLs, CHANKILLs, SNLINEs, * and SQLINEs. */ autokillexpiry = 30d chankillexpiry = 30d snlineexpiry = 30d sqlineexpiry = 30d /* * If set, this option will make Services send an AKILL command immediately after it has been * added with AKILL ADD. This eliminates the need for killing the user after the AKILL has * been added. * * This directive is optional, but recommended. */ akillonadd = yes /* * If set, this option will make Services send an (SVS)KILL command immediately after SNLINE ADD. * This eliminates the need for killing the user after the SNLINE has been added. * * This directive is optional. */ killonsnline = yes /* * If set, this option will make Services send an (SVS)KILL command immediately after SQLINE ADD. * This eliminates the need for killing the user after the SQLINE has been added. * * This directive is optional. */ killonsqline = yes /* * Adds the nickname of the IRC Operator issuing an AKILL to the kill reason. * * This directive is optional. */ addakiller = yes /* * Adds akill IDs to akills. Akill IDs are given to users in their ban reason and can be used to easily view, * modify, or remove an akill from the ID. */ akillids = yes /* * If set, only IRC Operators will be permitted to use OperServ, regardless of command access restrictions. * * This directive is optional, but recommended. */ opersonly = yes } /* * Core OperServ commands. * * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules * are loaded you can then configure the commands to be added to any client you like with any name you like. * * Additionally, you may provide a permission name that must be in the opertype of users executing the command. * * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior. */ /* Give it a help command. */ command { service = "OperServ"; name = "HELP"; command = "generic/help"; } /* * os_akill * * Provides the command operserv/akill. * * Used to ban users from the network. */ module { name = "os_akill" } command { service = "OperServ"; name = "AKILL"; command = "operserv/akill"; permission = "operserv/akill"; } /* * os_chankill * * Provides the command operserv/chankill. * * Used to akill users from an entire channel. */ module { name = "os_chankill" } command { service = "OperServ"; name = "CHANKILL"; command = "operserv/chankill"; permission = "operserv/chankill"; } /* * os_session * * Provides the commands operserv/exception and operserv/session. * * This module enables session limiting. Session limiting prevents users from connecting more than a certain * number of times from the same IP at the same time - thus preventing most types of cloning. * Once a host reaches it's session limit, all clients attempting to connect from that host will * be killed. Exceptions to the default session limit can be defined via the exception list. * * Used to manage the session limit exception list, and view currently active sessions. */ module { name = "os_session" /* * Default session limit per host. Once a host reaches its session limit, all clients attempting * to connect from that host will be killed. * * This directive is required if os_session is loaded. */ defaultsessionlimit = 3 /* * The maximum session limit that may be set for a host in an exception. * * This directive is required if os_session is loaded. */ maxsessionlimit = 100 /* * Sets the default expiry time for session exceptions. * * This directive is required if os_session is loaded. */ exceptionexpiry = 1d /* * The message that will be NOTICE'd to a user just before they are removed from the network because * their host's session limit has been exceeded. It may be used to give a slightly more descriptive * reason for the impending kill as opposed to simply "Session limit exceeded". * * This directive is optional, if not set, nothing will be sent. */ sessionlimitexceeded = "The session limit for your IP %IP% has been exceeded." /* * Same as above, but should be used to provide a website address where users can find out more * about session limits and how to go about applying for an exception. * * Note: This directive has been intentionally commented out in an effort to remind you to change * the URL it contains. It is recommended that you supply an address/URL where people can get help * regarding session limits. * * This directive is optional, if not set, nothing will be sent. */ #sessionlimitdetailsloc = "Please visit http://your.website.url/ for more information about session limits." /* * If set and is not 0, this directive tells Services to add an AKILL if the number of subsequent kills * for the same host exceeds this value, preventing the network from experiencing KILL floods. * * This directive is optional. */ maxsessionkill = 15 /* * Sets the expiry time for AKILLs set for hosts exceeding the maxsessionkill directive limit. * * This directive is optional, if not set, defaults to 30 minutes. */ sessionautokillexpiry = 30m /* * Sets the CIDR value used to determine which IP addresses represent the same person. * By default this would limit 3 connections per IPv4 IP and 3 connections per IPv6 IP. * If you are receiving IPv6 clone attacks it may be useful to set session_ipv6_cidr to * 64 or 48. */ session_ipv4_cidr = 32 session_ipv6_cidr = 128 } command { service = "OperServ"; name = "EXCEPTION"; command = "operserv/exception"; permission = "operserv/exception"; } command { service = "OperServ"; name = "SESSION"; command = "operserv/session"; permission = "operserv/session"; } /* * os_defcon * * Provides the command operserv/defcon. * * Allows you to set services in defcon mode, which can be used to restrict services access * during bot attacks. */ module { name = "os_defcon" /* * Default DefCon level (1-5) to use when starting Services up. Level 5 constitutes normal operation * while level 1 constitutes the most restrictive operation. If this setting is left out or set to * 0, DefCon will be disabled and the rest of this block will be ignored. */ defaultlevel = 5 /* * The following 4 directives define what operations will take place when DefCon is set to levels * 1 through 4. Each level is a list that must be separated by spaces. * * The following operations can be defined at each level: * - nonewchannels: Disables registering new channels * - nonewnicks: Disables registering new nicks * - nomlockchanges: Disables changing MLOCK on registered channels * - forcechanmodes: Forces all channels to have the modes given in the later chanmodes directive * - reducedsessions: Reduces the session limit to the value given in the later sessionlimit directive * - nonewclients: KILL any new clients trying to connect * - operonly: Services will ignore all non-IRCops * - silentoperonly: Services will silently ignore all non-IRCops * - akillnewclients: AKILL any new clients trying to connect * - nonewmemos: No new memos will be sent to block MemoServ attacks */ level4 = "nonewchannels nonewnicks nomlockchanges reducedsessions" level3 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions" level2 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions silentoperonly" level1 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions silentoperonly akillnewclients" /* * New session limit to use when a DefCon level is using "reduced" session limiting. */ sessionlimit = 2 /* * Length of time to add an AKILL for when DefCon is preventing new clients from connecting to the * network. */ akillexpire = 5m /* * The channel modes to set on all channels when the DefCon channel mode system is in use. * * Note 1: Choose these modes carefully, because when DefCon switches to a level which does NOT have * the mode setting selected, Services will set the reverse on all channels, e.g. if this setting * is +RN when DefCon is used, all channels will be set to +RN, when DefCon is removed, all * channels will be set to -RN. You don't want to set this to +k for example, because when DefCon * is removed, all channels are set -k, removing the key from previously keyed channels. * * Note 2: MLOCKed modes will not be lost. */ chanmodes = "+Ri" /* * This value can be used to automatically return the network to DefCon level 5 after the specified * time period, just in case any IRC Operator forgets to remove a DefCon setting. * * This directive is optional. */ timeout = 15m /* * If set, Services will send a global message on DefCon level changes. * * This directive is optional. */ globalondefcon = yes /* * If set, Services will send the global message defined in the message directive on DefCon level * changes. * * This directive is optional. */ #globalondefconmore = yes /* * Defines the message that will be sent on DefCon level changes when globalondefconmore is set. * * This directive is required only when globalondefconmore is set. */ #message = "Put your message to send your users here. Don't forget to uncomment globalondefconmore" /* * Defines the message that will be sent when DefCon is returned to level 5. This directive is optional, * and will also override globalondefcon and globalondefconmore when set. */ offmessage = "Services are now back to normal; sorry for any inconvenience" /* * Defines the reason to use when clients are KILLed or AKILLed from the network while the proper * DefCon operation is in effect. */ akillreason = "This network is currently not accepting connections. We are working on diagnostics, so please try again later." } command { service = "OperServ"; name = "DEFCON"; command = "operserv/defcon"; } /* * os_dns * * Provides the command operserv/dns. * * This module requires that m_dns is loaded. * * This module allows controlling a DNS zone. This is useful for * controlling what servers users are placed on for load balancing, * and to automatically remove split servers. * * To use this module you must set a nameserver record for services * so that DNS queries go to services. * * Alternatively, you may use a slave DNS server to hide service's IP, * provide query caching, and provide better fault tolerance. * * To do this using BIND, configure similar to: * * options { max-refresh-time 60; }; * zone "irc.example.com" IN { * type slave; * masters { 127.0.0.1 port 5353; }; * }; * * Where 127.0.0.1:5353 is the IP and port services are listening on. * We recommend you externally firewall both UDP and TCP to the port * Anope is listening on. * * Finally set a NS record for irc.example.com. to BIND or services. */ #module { name = "os_dns" /* TTL for records. This should be very low if your records change often. */ ttl = 1m /* If a server drops this many users the server is automatically removed from the DNS zone. * This directive is optional. */ user_drop_mark = 50 /* The time used for user_drop_mark. */ user_drop_time = 1m /* When a server is removed from the zone for dropping users, it is readded after this time. * This directive is optional. */ user_drop_readd_time = 5m /* If set, when a server splits, it is automatically removed from the zone. */ remove_split_servers = yes /* If set, when a server connects to the network, it will be automatically added to * the zone if it is a known server. */ readd_connected_servers = no } #command { service = "OperServ"; name = "DNS"; command = "operserv/dns"; permission = "operserv/dns"; } /* * os_config * * Provides the command operserv/config. * * Used to view and set configuration options while services are running. */ module { name = "os_config" } command { service = "OperServ"; name = "CONFIG"; command = "operserv/config"; permission = "operserv/config"; } /* * os_forbid * * Provides the command operserv/forbid. * * Used to forbid specific nicks, channels, emails, etc. from being used. */ module { name = "os_forbid" } command { service = "OperServ"; name = "FORBID"; command = "operserv/forbid"; permission = "operserv/forbid"; } /* * os_ignore * * Provides the command operserv/ignore. * * Used to make Services ignore users. */ module { name = "os_ignore" } command { service = "OperServ"; name = "IGNORE"; command = "operserv/ignore"; permission = "operserv/ignore"; } /* * os_info * * Provides the command operserv/info. * * Used to add oper only notes to users and channels. */ module { name = "os_info" } command { service = "OperServ"; name = "INFO"; command = "operserv/info"; permission = "operserv/info"; } /* * os_jupe * * Provides the command operserv/jupe. * * Used to disconnect servers from the network and prevent them from relinking. */ module { name = "os_jupe" } command { service = "OperServ"; name = "JUPE"; command = "operserv/jupe"; permission = "operserv/jupe"; } /* * os_kick * * Provides the command operserv/kick. * * Used to kick users from channels. */ module { name = "os_kick" } command { service = "OperServ"; name = "KICK"; command = "operserv/kick"; permission = "operserv/kick"; } /* * os_kill * * Provides the command operserv/kill. * * Used to forcibly disconnect users from the network. */ module { name = "os_kill" } command { service = "OperServ"; name = "KILL"; command = "operserv/kill"; permission = "operserv/kill"; } /* * os_list * * Provides the commands operserv/chanlist and operserv/userlist. * * Used to list and search the channels and users currently on the network. */ module { name = "os_list" } command { service = "OperServ"; name = "CHANLIST"; command = "operserv/chanlist"; permission = "operserv/chanlist"; } command { service = "OperServ"; name = "USERLIST"; command = "operserv/userlist"; permission = "operserv/userlist"; } /* * os_login * * Provides the commands operserv/login and operserv/logout. * * Used to login to OperServ, only required if your oper block requires this. */ module { name = "os_login" } command { service = "OperServ"; name = "LOGIN"; command = "operserv/login"; } command { service = "OperServ"; name = "LOGOUT"; command = "operserv/logout"; } /* * os_logsearch * * Provides the command operserv/logsearch. * * Used to search services log files. */ module { name = "os_logsearch" /* The log file name to search. There should be a log{} block configured to log * to a file of this name. */ logname = "services.log" } command { service = "OperServ"; name = "LOGSEARCH"; command = "operserv/logsearch"; permission = "operserv/logsearch"; } /* * os_mode * * Provides the commands operserv/mode and operserv/umode. * * Used to change user and channel modes. */ module { name = "os_mode" } command { service = "OperServ"; name = "UMODE"; command = "operserv/umode"; permission = "operserv/umode"; } command { service = "OperServ"; name = "MODE"; command = "operserv/mode"; permission = "operserv/mode"; } /* * os_modinfo * * Provides the commands operserv/modinfo and operserv/modlist. * * Used to show information about loaded modules. */ module { name = "os_modinfo" } command { service = "OperServ"; name = "MODINFO"; command = "operserv/modinfo"; permission = "operserv/modinfo"; } command { service = "OperServ"; name = "MODLIST"; command = "operserv/modlist"; permission = "operserv/modinfo"; } /* * os_module * * Provides the commands operserv/modload, operserv/modreload, and operserv/modunload. * * Used to load, reload, and unload modules. */ module { name = "os_module" } command { service = "OperServ"; name = "MODLOAD"; command = "operserv/modload"; permission = "operserv/modload"; } command { service = "OperServ"; name = "MODRELOAD"; command = "operserv/modreload"; permission = "operserv/modload"; } command { service = "OperServ"; name = "MODUNLOAD"; command = "operserv/modunload"; permission = "operserv/modload"; } /* * os_news * * Provides the commands operserv/logonnews, operserv/opernews, and operserv/randomnews. * * Used to configure news notices shown to users when they connect, and opers when they oper. */ module { name = "os_news" /* * The service bot names to use to send news to users on connection * and to opers when they oper. */ announcer = "Global" oper_announcer = "OperServ" /* * The number of LOGON/OPER news items to display when a user logs on. * * This directive is optional, if not set it will default to 3. */ #newscount = 3 } command { service = "OperServ"; name = "LOGONNEWS"; command = "operserv/logonnews"; permission = "operserv/news"; } command { service = "OperServ"; name = "OPERNEWS"; command = "operserv/opernews"; permission = "operserv/news"; } command { service = "OperServ"; name = "RANDOMNEWS"; command = "operserv/randomnews"; permission = "operserv/news"; } /* * os_noop * * Provides the command operserv/noop. * * Used to NOOP a server, which prevents users from opering on that server. */ module { name = "os_noop" } command { service = "OperServ"; name = "NOOP"; command = "operserv/noop"; permission = "operserv/noop"; } /* * os_oline * * Provides the command operserv/oline. * * Used to set oper flags on users, and is specific to UnrealIRCd. * See /helpop ?svso on your IRCd for more information. * * module { name = "os_oline" } * command { service = "OperServ"; name = "OLINE"; command = "operserv/oline"; permission = "operserv/oline"; } */ /* * os_oper * * Provides the command operserv/oper. * * Used to configure opers and show information about opertypes. */ module { name = "os_oper" } command { service = "OperServ"; name = "OPER"; command = "operserv/oper"; permission = "operserv/oper"; } /* * os_reload * * Provides the command operserv/reload. * * Used to reload the services.conf configuration file. */ module { name = "os_reload" } command { service = "OperServ"; name = "RELOAD"; command = "operserv/reload"; permission = "operserv/reload"; } /* * os_set * * Provides the command operserv/set. * * Used to set various settings such as superadmin, debug mode, etc. */ module { name = "os_set" /* * If set, Services Admins will be able to use SUPERADMIN [ON|OFF] which will temporarily grant * them extra privileges such as being a founder on ALL channels. * * This directive is optional. */ superadmin = yes } command { service = "OperServ"; name = "SET"; command = "operserv/set"; permission = "operserv/set"; } /* * os_shutdown * * Provides the commands operserv/quit, operserv/restart, and operserv/shutdown. * * Used to quit, restart, or shutdown services. */ module { name = "os_shutdown" } command { service = "OperServ"; name = "QUIT"; command = "operserv/quit"; permission = "operserv/quit"; } command { service = "OperServ"; name = "RESTART"; command = "operserv/restart"; permission = "operserv/restart"; } command { service = "OperServ"; name = "SHUTDOWN"; command = "operserv/shutdown"; permission = "operserv/shutdown"; } /* * os_stats * * Provides the operserv/stats command. * * Used to show statistics about services. */ module { name = "os_stats" } command { service = "OperServ"; name = "STATS"; command = "operserv/stats"; permission = "operserv/stats"; } /* * os_svs * * Provides the commands operserv/svsnick, operserv/svsjoin, and operserv/svspart. * * Used to force users to change nicks, join and part channels. */ module { name = "os_svs" } command { service = "OperServ"; name = "SVSNICK"; command = "operserv/svsnick"; permission = "operserv/svs"; } command { service = "OperServ"; name = "SVSJOIN"; command = "operserv/svsjoin"; permission = "operserv/svs"; } command { service = "OperServ"; name = "SVSPART"; command = "operserv/svspart"; permission = "operserv/svs"; } /* * os_sxline * * Provides the operserv/snline and operserv/sqline commands. * * Used to ban real names, nick names, and possibly channels. */ module { name = "os_sxline" } command { service = "OperServ"; name = "SNLINE"; command = "operserv/snline"; permission = "operserv/snline"; } command { service = "OperServ"; name = "SQLINE"; command = "operserv/sqline"; permission = "operserv/sqline"; } /* * os_update * * Provides the operserv/update command. * * Use to immediately update the databases. */ module { name = "os_update" } command { service = "OperServ"; name = "UPDATE"; command = "operserv/update"; permission = "operserv/update"; }