1 #-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
3 # Classes are a group of commands which are grouped together and #
4 # given a unique name. They're used to define which commands #
5 # are available to certain types of Operators. #
8 # Note: It is possible to make a class which covers all available #
9 # commands. To do this, specify commands="*". This is not really #
10 # recommended, as it negates the whole purpose of the class system, #
11 # however it is provided for fast configuration (e.g. in test nets). #
17 # commands: Oper-only commands that opers of this class can run.
18 commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOADMODULE GLOADMODULE GUNLOADMODULE GRELOADMODULE"
20 # privs: Special privileges that users with this class may utilise.
22 # - channels/auspex: allows opers with this priv to see more detail about channels than normal users.
23 # - users/auspex: allows opers with this priv to view more details about users than normal users, e.g. real host and IP.
24 # - users/channel-spy: allows opers with this priv to view the private/secret channels that a user is on.
25 # - servers/auspex: allows opers with this priv to see more detail about server information than normal users.
27 # - users/mass-message: allows opers with this priv to PRIVMSG and NOTICE to a server mask (e.g. NOTICE $*)
28 # - users/samode-usermodes: allows opers with this priv to change the user modes of any other user using /SAMODE
30 #. - channels/ignore-nonicks: allows opers with this priv to change their nick when on a +N channel.
31 # - users/flood/no-fakelag: prevents opers from being penalized with fake lag for flooding (*NOTE)
32 # - users/flood/no-throttle: allows opers with this priv to send commands without being throttled (*NOTE)
33 # - users/flood/increased-buffers: allows opers with this priv to send and receive data without worrying about being disconnected for exceeding limits (*NOTE)
34 #. - users/callerid-override: allows opers with this priv to message people using callerid without being on their callerid list.
36 # *NOTE: These privs are potentially dangerous, as they grant users with them the ability to hammer your server's CPU/RAM as much as they want, essentially.
37 privs="users/auspex channels/auspex servers/auspex users/mass-message users/flood/no-throttle users/flood/increased-buffers"
39 # usermodes: Oper-only usermodes that opers with this class can use.
42 # chanmodes: Oper-only channel modes that opers with this class can use.
45 <class name="SACommands" commands="SAJOIN SAPART SANICK SAQUIT SATOPIC SAKICK SAMODE OJOIN">
46 <class name="ServerLink" commands="CONNECT SQUIT RCONNECT RSQUIT MKPASSWD ALLTIME SWHOIS JUMPSERVER LOCKSERV UNLOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex">
47 <class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES CBAN CLOSE" usermodes="*" chanmodes="*">
48 <class name="OperChat" commands="WALLOPS GLOBOPS" usermodes="*" chanmodes="*" privs="users/mass-message">
49 <class name="HostCloak" commands="SETHOST SETIDENT SETIDLE CHGNAME CHGHOST CHGIDENT" usermodes="*" chanmodes="*" privs="users/auspex">
52 #-#-#-#-#-#-#-#-#-#-#-#- OPERATOR COMPOSITION -#-#-#-#-#-#-#-#-#-#-#
54 # This is where you specify which types of operators you have on #
55 # your server, as well as the commands they are allowed to use. #
56 # This works alongside with the classes specified above. #
60 # name: Name of type. Used in actual server operator accounts below.
63 # classes: Classes (blocks above) that this type belongs to.
64 classes="SACommands OperChat BanControl HostCloak Shutdown ServerLink"
66 # vhost: Host opers of this type get when they log in (oper up). This is optional.
67 vhost="netadmin.omega.example.org"
69 # maxchans: Maximum number of channels opers of this type can be in at once.
72 # modes: User modes besides +o that are set on an oper of this type
73 # when they oper up. Used for snomasks and other things.
74 # Requires the opermodes module be loaded.
77 <type name="GlobalOp" classes="SACommands OperChat BanControl HostCloak ServerLink" vhost="ircop.omega.example.org">
78 <type name="Helper" classes="HostCloak" vhost="helper.omega.example.org">
81 #-#-#-#-#-#-#-#-#-#-#- OPERATOR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
83 # Opers are defined here. This is a very important section. #
84 # Remember to only make operators out of trustworthy people. #
87 # Operator account with a plain-text password.
89 # name: Oper login that is used to oper up (/oper name password).
90 # Remember: This is case sensitive.
93 # password: Case-sensitive, unhashed (plaintext).
96 # host: What hostnames and IPs are allowed to use this operator account.
97 # Multiple options can be separated by spaces and CIDRs are allowed.
98 # You can use just * or *@* for this section, but it is not recommended
99 # for security reasons.
100 host="attila@inspircd.org *@2001:db8::/32"
102 # ** ADVANCED ** This option is disabled by default.
103 # fingerprint: When using the sslinfo module, you may specify
104 # a key fingerprint here. This can be obtained by using the /sslinfo
105 # command while the module is loaded, and is also noticed on connect.
106 # This enhances security by verifying that the person opering up has
107 # a matching SSL client certificate, which is very difficult to
108 # forge (impossible unless preimage attacks on the hash exist).
109 # If the sslinfo module isn't loaded, this option will be ignored.
110 #fingerprint="67cb9dc013248a829bb2171ed11becd4"
112 # autologin: If an SSL certificate fingerprint for this oper is specified,
113 # you can have the oper block automatically log in. This moves all security
114 # of the oper block to the protection of the client certificate, so be sure
115 # that the private key is well-protected! Requires the sslinfo module.
118 # sslonly: If on, this oper can only oper up if they're using a SSL connection.
119 # Setting this option adds a decent bit of security. Highly recommended
120 # if the oper is on wifi, or specifically, unsecured wifi. Note that it
121 # is redundant to specify this option if you specify a fingerprint.
122 # This setting only takes effect if the sslinfo module is loaded.
125 # vhost: Overrides the vhost in the type block. Class and modes may also
127 vhost="attila.example.org"
129 # type: Which type of operator this person is; see the block
130 # above for the list of types. NOTE: This is case-sensitive as well.
133 # Operator with a plaintext password and no comments, for easy copy & paste.
136 password="youshouldhashthis"
137 host="brain@dialup15.isp.test.com *@localhost *@example.com *@2001:db8::/32"
138 #fingerprint="67cb9dc013248a829bb2171ed11becd4"
141 # Operator with a hashed password. It is highly recommended to use hashed passwords.
143 # name: Oper login that is used to oper up (/oper name password).
144 # Remember: This is case sensitive.
147 # hash: the hash function this password is hashed with. Requires the
148 # module for the selected function (bcrypt, md5, sha1, or sha256) and
149 # the password hashing module (password_hash) to be loaded.
151 # You may also use any of the above other than bcrypt prefixed with
152 # either "hmac-" or "pbkdf2-hmac-" (requires the pbkdf2 module).
153 # Create hashed passwords with: /mkpasswd <hash> <password>
156 # password: A hash of the password (see above option) hashed
157 # with /mkpasswd <hash> <password>. See the password_hash module
158 # in modules.conf for more information about password hashing.
159 password="qQmv3LcF$Qh63wzmtUqWp9OXnLwe7yv1GcBwHpq59k2a0UrY8xe0"
161 # host: What hostnames and IPs are allowed to use this operator account.
162 # Multiple options can be separated by spaces and CIDRs are allowed.
163 # You can use just * or *@* for this section, but it is not recommended
164 # for security reasons.
165 host="*@127.0.0.1 *@192.0.2.40 *@198.51.100.4"
167 # type: Which type of operator this person is; see the block
168 # above for the list of types. NOTE: This is case-sensitive as well.