#-#-#-#-#-#-#-#-#-#-#-#-  CLASS CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-
#                                                                     #
#   Classes are a group of commands which are grouped together and    #
#   given a unique name. They're used to define which commands        #
#   are available to certain types of Operators.                      #
#                                                                     #
#                                                                     #
#  Note: It is possible to make a class which covers all available    #
#  commands. To do this, specify commands="*". This is not really     #
#  recommended, as it negates the whole purpose of the class system,  #
#  however it is provided for fast configuration (e.g. in test nets)  #
#                                                                     #

<class
     name="Shutdown"

     # commands: oper commands that users of this class can run.
     commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOAD GUNLOADMODULE GRELOADMODULE SAJOIN SAPART SANICK SAQUIT SATOPIC"

     # privs: special privileges that users with this class may utilise.
     #  VIEWING:
     #   - channels/auspex: allows opers with this priv to see more detail about channels than normal users.
     #   - users/auspex: allows opers with this priv to view more details about users than normal users.
     #   - servers/auspex: allows opers with this priv to see more detail about server information than normal users.
     # ACTIONS:
     #   - users/mass-message: allows opers with this priv to PRIVMSG and NOTICE to a server mask (e.g. NOTICE $*)
     #   - channels/high-join-limit: allows opers with this priv to join <channels:opers> total channels instead of <channels:users> total channels.
     #   - channels/set-permanent: allows opers with this priv to set +P on channels with m_permchannels.
     # PERMISSIONS:
     #   - users/flood/no-throttle: allows opers with this priv to send commands without being throttled (*NOTE)
     #   - users/flood/increased-buffers: allows opers with this priv to send and recieve data without worrying about being disconnected for exceeding limits (*NOTE)
     #
     # *NOTE: These privs are potantially dangerous, as they grant users with them the ability to hammer your server's CPU/RAM as much as they want, essentially.
     privs="users/auspex channels/auspex servers/auspex users/mass-message channels/high-join-limit channels/set-permanent users/flood/no-throttle users/flood/increased-buffers"

     # usermodes: Oper-only usermodes that opers with this class can use.
     usermodes="*"

     # chanmodes: Oper-only channel modes that opers with this class can use.
     chanmodes="*">

<class name="ServerLink" commands="CONNECT SQUIT CONNECT MKPASSWD ALLTIME SWHOIS CLOSE JUMPSERVER LOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex">
<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK SHUN CLONES CBAN" usermodes="*" chanmodes="*">
<class name="OperChat" commands="WALLOPS GLOBOPS SETIDLE" usermodes="*" chanmodes="*" privs="users/mass-message">
<class name="HostCloak" commands="SETHOST SETIDENT SETNAME CHGHOST CHGIDENT TAXONOMY" usermodes="*" chanmodes="*" privs="users/auspex">


#-#-#-#-#-#-#-#-#-#-#-#-  OPERATOR COMPOSITION   -#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
#   This is where you specify which types of operators you have on    #
#   your server, as well as the commands they are allowed to use.     #
#   This works alongside with the classes specified above.            #
#                                                                     #

<type
    # name: Name of type. Used in actual olines below.
    # Cannot contain spaces. If you would like a space, use
    # the _ character instead and it will translate to a space on whois.
    name="NetAdmin"

    # classes: classes (above blocks) that this type belongs to.
    classes="OperChat BanControl HostCloak Shutdown ServerLink"

    # vhost: host oper gets on oper-up. This is optional.
    vhost="netadmin.omega.org.za"

    # modes: usermodes besides +o that are set on a oper of this type
    # when they oper up. Used for snomasks and other things.
    # Requires that m_opermodes.so be loaded.
    modes="+s +cCqQ">

<type name="GlobalOp" classes="OperChat BanControl HostCloak ServerLink" vhost="ircop.omega.org.za">
<type name="Helper" classes="HostCloak" vhost="helper.omega.org.za">


#-#-#-#-#-#-#-#-#-#-#-  OPERATOR CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
#   Opers are defined here. This is a very important section.         #
#   Remember to only make operators out of trust worthy people.       #
#                                                                     #

# oline with plain-text password
<oper
      # name: oper login that is used to oper up (/oper name password).
      # Remember: This is case sensitive
      name="Brain"

      # password: case-sensitive, unhashed...yea...self-explanatory.
      password="s3cret"

      # host: What hostnames/IP's are allowed to oper up with this oline.
      # Multiple options can be separated by spaces and CIDR's are allowed.
      # You CAN use just * or *@* for this section, but it is not recommended
      # for security reasons.
      host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"

      # ** ADVANCED ** This option is disabled by default.
      # fingerprint: When using the m_sslinfo module, you may specify
      # a key fingerprint here. This can be obtained by using the /sslinfo
      # command while the module is loaded, and is also noticed on connect.
      # This enhances security by verifying that the person opering up has
      # a matching SSL client certificate, which is very difficult to
      # forge (impossible unless preimage attacks on the hash exist).
      # If m_sslinfo isn't loaded, this option will be ignored.
      #fingerprint="67cb9dc013248a829bb2171ed11becd4"

      # autologin: if an SSL fingerprint for this oper is specified, you can
      # have the oper block automatically log in. This moves all security of the
      # oper block to the protection of the client certificate, so be sure that
      # the private key is well-protected! Requires m_sslinfo.
      #autologin="on"

      # sslonly: This oper can only oper up if they're using a SSL connection.
      # Setting this option adds a decent bit of security. Highly recommended
      # if the oper is on wifi, or specifically, unsecured wifi. Note that it
      # is redundant to specify this option if you specify a fingerprint.
      # This setting only takes effect if m_sslinfo is loaded.
      #sslonly="yes"

      # vhost: overrides the vhost in the type block. Class and modes may also
      # be overridden
      vhost="brain.netadmin.omega"

      # type: What oper type this oline is. See the block above for list
      # of types. NOTE: This is case-sensitive as well.
      type="NetAdmin">

# oline with plain-text password and no comments..for all who like copy & paste
<oper
      name="Brain"
      password="s3cret"
      host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"
      #fingerprint="67cb9dc013248a829bb2171ed11becd4"
      type="NetAdmin">

# oline with hashed password. It is highly recommended to use hashed passwords.
<oper
      # name: oper login that is used to oper up (/oper name password).
      # Remember: This is case sensitive
      name="Brain"

      # hash: what hash this password is hashed with. requires the module
      # for selected hash (m_md5.so, m_sha256.so or m_ripemd160.so) be
      # loaded and the password hashing module (m_password_hash.so)
      # loaded. Options here are: "md5", "sha256" and "ripemd160".
      # Create hashed password with: /mkpasswd <hash> <password>
      hash="sha256"

      # password: a hash of your password (see above option) hashed
      # with /mkpasswd <hash> <password> . See m_password_hash in modules.conf
      # for more information about password hashing.
      password="1ec1c26b50d5d3c58d9583181af8076655fe00756bf7285940ba3670f99fcba0"

      # host: What hostnames/IP's are allowed to oper up with this oline.
      # Multiple options can be separated by spaces and CIDR's are allowed.
      # You CAN use just * or *@* for this section, but it is not recommended
      # for security reasons.
      host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"

      # type: What oper type this oline is. See the block above for list
      # of types. NOTE: This is case-sensitive as well.
      type="NetAdmin">