summaryrefslogtreecommitdiff
path: root/conf/opers.conf.example
blob: c16416a48e6c7c2705cdbcfefb07c568ab04b452 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
#-#-#-#-#-#-#-#-#-#-#-#-  CLASS CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-
#                                                                     #
#   Classes are a group of commands which are grouped together and    #
#   given a unique name. They're used to define which commands        #
#   are available to certain types of Operators.                      #
#                                                                     #
#                                                                     #
#  Note: It is possible to make a class which covers all available    #
#  commands. To do this, specify commands="*". This is not really     #
#  recommended, as it negates the whole purpose of the class system,  #
#  however it is provided for fast configuration (e.g. in test nets)  #
#                                                                     #

<class
     name="Shutdown" 

     # commands: oper commands that users of this class can run.
     commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOAD" 

     # privs: special priviledges that users with this class may utilise.
     #  VIEWING:
     #   - channels/auspex: allows opers with this priv to see more detail about channels than normal users.
     #   - users/auspex: allows opers with this priv to view more details about users than normal users.
     #   - servers/auspex: allows opers with this priv to see more detail about server information than normal users.
     # ACTIONS:
     #   - users/mass-message: allows opers with this priv to PRIVMSG and NOTICE to a server mask (e.g. NOTICE $*)
     #   - channels/high-join-limit: allows opers with this priv to join <channels:opers> total channels instead of <channels:users> total channels.
     #   - channels/set-permanent: allows opers with this priv to set +P on channels with m_permchannels.
     # PERMISSIONS:
     #   - users/flood/no-throttle: allows opers with this priv to send commands without being throttled (*NOTE)
     #   - users/flood/increased-buffers: allows opers with this priv to send and recieve data without worrying about being disconnected for exceeding limits (*NOTE)
     #
     # *NOTE: These privs are potantially dangerous, as they grant users with them the ability to hammer your server's CPU/RAM as much as they want, essentially.
     privs="users/auspex channels/auspex servers/auspex users/mass-message channels/high-join-limit channels/set-permanent users/flood/no-throttle users/flood/increased-buffers"

     # usermodes: Oper-only usermodes that opers with this class can use.
     usermodes="*" 

     # chanmodes: Oper-only channel modes that opers with this class can use.
     chanmodes="*">

<class name="ServerLink" commands="CONNECT SQUIT RCONNECT MKPASSWD MKSHA256" usermodes="*" chanmodes="*">
<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE" usermodes="*" chanmodes="*">
<class name="OperChat" commands="WALLOPS GLOBOPS SETIDLE SPYLIST SPYNAMES" usermodes="*" chanmodes="*">
<class name="HostCloak" commands="SETHOST SETIDENT SETNAME CHGHOST CHGIDENT" usermodes="*" chanmodes="*">


#-#-#-#-#-#-#-#-#-#-#-#-  OPERATOR COMPOSITION   -#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
#   This is where you specify which types of operators you have on    #
#   your server, as well as the commands they are allowed to use.     #
#   This works alongside with the classes specified above.            #
#                                                                     #

<type
    # name: Name of type. Used in actual olines below.
    # Cannot contain spaces. If you would like a space, use
    # the _ character instead and it will translate to a space on whois.
    name="NetAdmin"

    # classes: classes (above blocks) that this type belongs to.
    classes="OperChat BanControl HostCloak Shutdown ServerLink"

    # host: host oper gets on oper-up. This is optional. 
    host="netadmin.omega.org.za"

    # modes: usermodes besides +o that are set on a oper of this type
    # when they oper up. Used for snomasks and other things.
    # Requires that m_opermodes.so be loaded.
    modes="+s +cCqQ">

<type name="GlobalOp" classes="OperChat BanControl HostCloak ServerLink" host="ircop.omega.org.za">
<type name="Helper" classes="HostCloak" host="helper.omega.org.za">


#-#-#-#-#-#-#-#-#-#-#-  OPERATOR CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
#   Opers are defined here. This is a very important section.         #
#   Remember to only make operators out of trust worthy people.       #
#                                                                     #

# oline with plain-text password
<oper 
      # name: oper login that is used to oper up (/oper name password).
      # Remember: This is case sensitive
      name="Brain"

      # password: case-sensitive, unhashed...yea...self-explanatory.
      password="s3cret"

      # host: What hostnames/IP's are allowed to oper up with this oline.
      # Multiple options can be separated by spaces and CIDR's are allowed.
      host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"

      # ** ADVANCED ** This option is disabled by default.
      # fingerprint: When using the m_oper_ssl_cert module, you may specify
      # a key fingerprint here. This can be obtained by using the
      # /fingerprint command while the module is loaded. This enhances
      # security by verifying that the person opering up has the matching
      # key/certificate combination. This enhances security a great deal.
      # If m_oper_ssl and/or m_ssl_gnutls/m_ssl_openssl aren't loaded,
      # this option will be ignored.
      #fingerprint="67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4"

      # type: What oper type this oline is. See the block above for list
      # of types. NOTE: This is case-sensitive as well.
      type="NetAdmin">

# oline with plain-text password and no comments..for all who like copy & paste
<oper
      name="Brain"
      password="s3cret"
      host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"
      #fingerprint="67:CB:9D:C0:13:24:8A:82:9B:B2:17:1E:D1:1B:EC:D4"
      type="NetAdmin">

# oline with hashed password. It is highly recommended to use hashed passwords.
<oper 
      # name: oper login that is used to oper up (/oper name password).
      # Remember: This is case sensitive
      name="Brain"

      # hash: what hash this password is hashed with. requires the module
      # for selected hash (m_md5.so, m_sha256.so or m_ripemd160.so) be
      # loaded and the oper password hashing module (m_password_hash.so)
      # loaded. Options here are: "md5", "sha256" and "ripemd160".
      hash="sha256"

      # password: a hash of your password (see above option) hashed
      # with /mkpasswd *hash* *password* . See m_password_hash in modules.conf
      # for more information about password hashing.
      password="1ec1c26b50d5d3c58d9583181af8076655fe00756bf7285940ba3670f99fcba0"

      # host: What hostnames/IP's are allowed to oper up with this oline.
      # Multiple options can be separated by spaces and CIDR's are allowed.
      host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"

      # type: What oper type this oline is. See the block above for list
      # of types. NOTE: This is case-sensitive as well.
      type="NetAdmin">