summaryrefslogtreecommitdiff
path: root/docs/conf/modules/charybdis.conf.example
blob: 97436c54891a0e2bebe1267bdbc55ca3c0275519 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
<module name="md5">
<module name="sha256">
<module name="alias">
<alias text="NICKSERV" replace="PRIVMSG NickServ :$2-" requires="NickServ" uline="yes">
<alias text="CHANSERV" replace="PRIVMSG ChanServ :$2-" requires="ChanServ" uline="yes">
<alias text="OPERSERV" replace="PRIVMSG OperServ :$2-" requires="OperServ" uline="yes" operonly="yes">
<alias text="BOTSERV" replace="PRIVMSG BotServ :$2-" requires="BotServ" uline="yes">
<alias text="HOSTSERV" replace="PRIVMSG HostServ :$2-" requires="HostServ" uline="yes">
<alias text="MEMOSERV" replace="PRIVMSG MemoServ :$2-" requires="MemoServ" uline="yes">
<alias text="NS" replace="PRIVMSG NickServ :$2-" requires="NickServ" uline="yes">
<alias text="CS" replace="PRIVMSG ChanServ :$2-" requires="ChanServ" uline="yes">
<alias text="OS" replace="PRIVMSG OperServ :$2-" requires="OperServ" uline="yes" operonly="yes">
<alias text="BS" replace="PRIVMSG BotServ :$2-" requires="BotServ" uline="yes">
<alias text="HS" replace="PRIVMSG HostServ :$2-" requires="HostServ" uline="yes">
<alias text="MS" replace="PRIVMSG MemoServ :$2-" requires="MemoServ" uline="yes">
<alias text="ID" replace="PRIVMSG NickServ :IDENTIFY $2" requires="NickServ" uline="yes">

<module name="banexception">
<module name="banredirect">
<module name="blockcolor">
<module name="callerid">
<callerid maxaccepts="16"
          operoverride="no"
          tracknick="no"
          cooldown="60">

<module name="cap">
<module name="cban">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# CGI:IRC module: Adds support for automatic host changing in CGI:IRC
# (http://cgiirc.sourceforge.net).
#<module name="cgiirc">
#
#-#-#-#-#-#-#-#-#-#-#-# CGIIRC  CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
#
# Optional - If you specify to use cgiirc, then you must specify one
# or more cgihost tags which indicate authorised CGI:IRC servers which
# will be connecting to your network, and an optional cgiirc tag.
# For more information see: https://wiki.inspircd.org/Modules/3.0/cgiirc
#
# Set to yes if you want to notice opers when CGI clients connect
# <cgiirc opernotice="no">
#
# The type field indicates where the module should get the real
# client's IP address from, for further information, please see the
# CGI:IRC documentation.
#
# Old style:
# <cgihost type="pass" mask="www.mysite.com">       # Get IP from PASS
# <cgihost type="ident" mask="otherbox.mysite.com"> # Get IP from ident
# <cgihost type="passfirst" mask="www.mysite.com">  # See the docs
# New style:
# <cgihost type="webirc" password="foobar"
#   mask="somebox.mysite.com">                      # Get IP from WEBIRC
#
# IMPORTANT NOTE:
# ---------------
#
# When you connect CGI:IRC clients, there are two connect classes which
# apply to these clients. When the client initially connects, the connect
# class which matches the cgi:irc site's host is checked. Therefore you
# must raise the maximum local/global clients for this ip as high as you
# want to allow cgi clients. After the client has connected and is
# determined to be a cgi:irc client, the class which matches the client's
# real IP is then checked. You may set this class to a lower value, so that
# the real IP of the client can still be restricted to, for example, 3
# sessions maximum.
#

<module name="chancreate">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Channel names module: Allows disabling channels which have certain
# characters in the channel name such as bold, colorcodes, etc. which
# can be quite annoying and allow users to on occasion have a channel
# that looks like the name of another channel on the network.
<module name="channames">

<channames
	# denyrange: characters or range of characters to deny in channel
	# names.
	denyrange="2"

	# allowrange: characters or range of characters to specifically allow
	# in channel names.
	allowrange="">

<module name="channelban">
<module name="chghost">
<hostname charmap="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-_/0123456789">
<module name="chgident">
<module name="chgname">
<module name="cloaking">
#
#-#-#-#-#-#-#-#-#-#-#- CLOAKING  CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# If you specify the cloaking module as above, you must define        #
# cloak keys, and optionally a cloak prefix as shown below. The cloak #
# keys must be shared across the network for correct cloaking.        #
#                                                                     #
# There are four methods of cloaking:                                 #
#                                                                     #
#   half           Cloak only the "unique" portion of a host; show    #
#                  the last 2 parts of the domain, /16 subnet of IPv4 #
#                  or /48 subnet of the IPv6 address.                 #
#                                                                     #
#   full           Cloak the users completely, using three slices for #
#                  common CIDR bans (IPv4: /16, /24; IPv6: /48, /64)  #
#                                                                     #
# These methods use a single key that can be any length of text.      #
# An optional prefix may be specified to mark cloaked hosts.          #
#                                                                     #
# The following methods are maintained for backwards compatibility;   #
# they are slightly less secure, and always hide unresolved IPs       #
#                                                                     #
#   compat-host    InspIRCd 1.2-compatible host-based cloaking        #
#   compat-ip      InspIRCd 1.2-compatible ip-always cloaking         #
#                                                                     #
# You must specify key1, key2, key3, key4 for the compat cloaking     #
# modes; the values must be less than 0x80000000 and should be picked #
# at random. Prefix is mandatory, will default to network name if not #
# specified, and will always have a "-" appended.                     #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#
<cloak mode="half"
       key="secret"
       prefix="net-">

<module name="close">
<module name="conn_umodes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Connectban: Provides IP connection throttling. Any IP range that connects
# too many times (configurable) in an hour is zlined for a (configurable)
# duration, and their count resets to 0.
#
# ipv4cidr and ipv6cidr allow you to turn the comparison from individual
# IP addresses (32 and 128 bits) into CIDR masks, to allow for throttling
# over whole ISPs/blocks of IPs, which may be needed to prevent attacks.
#
#<connectban threshold="10" duration="10m" ipv4cidr="32" ipv6cidr="128">
# This allows for 10 connections in an hour with a 10 minute ban if that is exceeded.
#
#<module name="connectban">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Connection throttle module.
#<module name="connflood">
#
#-#-#-#-#-#-#-#-#-#-#- CONTHROTTLE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
#  seconds, maxconns -  Amount of connections per <seconds>.
#
#  timeout           -  Time to wait after the throttle was activated
#                       before deactivating it. Be aware that the time
#                       is seconds + timeout.
#
#  quitmsg           -  The message that users get if they attempt to
#                       connect while the throttle is active.
#
#  bootwait          -  Amount of time to wait before enforcing the
#                       throttling when the server just booted.
#
#<connflood seconds="30" maxconns="3" timeout="30"
#   quitmsg="Throttled" bootwait="10">

<module name="deaf">
<module name="dnsbl">
<module name="gecosban">
<module name="globalload">
<module name="ident">
<ident timeout="1">
<module name="inviteexception">
<module name="joinflood">
<module name="knock">
<module name="namesx">
<module name="operchans">
<module name="operlog">
<module name="opermodes">
<module name="password_hash">
<module name="permchannels">
<module name="muteban">
<module name="redirect">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Regular expression provider for glob or wildcard (?/*) matching.
# You must have at least 1 provider loaded to use the filter or the
# rline modules. This module has no additional requirements, as it uses
# the matching already present in InspIRCd core.
#<module name="regex_glob">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Regular expression provider for PCRE (Perl-Compatible Regular
# Expressions). You need libpcre installed to compile and load this
# module. You must have at least 1 provider loaded to use the filter or
# the rline module.
#<module name="regex_pcre">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Regular expression provider for POSIX regular expressions.
# You shouldn't need any additional libraries on a POSIX-compatible
# system (ie: any Linux, BSD, but not Windows). You must have at least
# 1 provider loaded to use the filter or the rline module.
# On POSIX-compliant systems, regex syntax can be found by using the
# command: 'man 7 regex'.
#<module name="regex_posix">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Registered users only channel creation
# Allows only registered users and opers to create new channels.
#
# You probably *DO NOT* want to load this module on a public network.
#
#<module name="regonlycreate">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Ban users through regular expression patterns
#<module name="rline">
#
#-#-#-#-#-#-#-#-#-#-#-#- RLINE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
#
# If you wish to re-check a user when they change nickname (can be
# useful under some situations, but *can* also use CPU with more users
# on a server) then set the following configuration value:
# Also, this is where you set what Regular Expression engine is to be
# used. If you ever change it while running, all of your R-Lines will be
# wiped. This is the regex engine used by all R-Lines set, and
# regex_<engine> must be loaded, or rline will be nonfunctional
# until you load it or change the engine to one that is loaded.
#
#<rline matchonnickchange="yes" engine="pcre">
#
# Generally, you will NOT want to use 'glob' here, as this turns
# rline into just another gline. The exceptions are that rline will
# always use the full nick!user@host realname string, rather than only
# user@host, but beware that only the ? and * wildcards are available,
# and are the only way to specify where the space can occur if you do
# use glob. For this reason, is recommended to use a real regex engine
# so that at least \s or [[:space:]] is available.

<module name="sasl">
<module name="servprotect">
<module name="services_account">
<module name="sethost">
<module name="serverban">
<module name="showwhois">
<showwhois opersonly="yes" showfromopers="yes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SSL channel mode module: Adds support for SSL-only channels via
# channel mode +z and the 'z' extban which matches SSL client
# certificate fingerprints.
# Does not do anything useful without a working SSL module (see below).
#<module name="sslmodes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# GnuTLS SSL module: Adds support for SSL connections using GnuTLS,
# if enabled. You must answer 'yes' in ./configure when asked or
# manually symlink the source for this module from the directory
# src/modules/extra, if you want to enable this, or it will not load.
#<module name="ssl_gnutls">
#
#-#-#-#-#-#-#-#-#-#-#-  GNUTLS CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# ssl_gnutls is too complex to describe here, see the wiki:           #
# https://wiki.inspircd.org/Modules/3.0/ssl_gnutls                    #

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SSL Info module: Allows users to retrieve information about other
# user's peer SSL certificates and keys. This can be used by client
# scripts to validate users. For this to work, one of ssl_gnutls
# or ssl_openssl must be loaded. This module also adds the
# "* <user> is using a secure connection" whois line, the ability for
# opers to use SSL cert fingerprints to verify their identity and the
# ability to force opers to use SSL connections in order to oper up.
# It is highly recommended to load this module especially if
# you use SSL on your network.
# For how to use the oper features, please see the first example <oper> tag
# in opers.conf.example.
#
#<module name="sslinfo">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# OpenSSL SSL module: Adds support for SSL connections using OpenSSL,
# if enabled. You must answer 'yes' in ./configure when asked or symlink
# the source for this module from the directory src/modules/extra, if
# you want to enable this, or it will not load.
#<module name="ssl_openssl">
#
#-#-#-#-#-#-#-#-#-#-#- OPENSSL CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# ssl_openssl is too complex to describe here, see the wiki:          #
# https://wiki.inspircd.org/Modules/3.0/ssl_openssl                   #

<module name="stripcolor">
<module name="svshold">
<module name="tline">
<module name="uhnames">
<module name="watch">
<watch maxentries="32">
<module name="xline_db">

<module name="spanningtree">