# file you include will be treated as part of the configuration file #
# which includes it, in simple terms the inclusion is transparent. #
# #
-# All paths to config files are relative to the directory that the #
-# process runs in. #
+# All paths to config files are relative to the config directory. #
# #
# You may also include an executable file, in which case if you do so #
# the output of the executable on the standard output will be added #
# #
# Syntax is as follows: #
#<include file="file.conf"> #
+#<include directory="modules"> #
#<include executable="/path/to/executable parameters"> #
# #
# Executable include example: #
#-#-#-#-#-#-#-#-#-#-#-#- PORT CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
# #
-# Enter the port and address bindings here. #
+# Configure the port and address bindings here. #
# #
-# #
-# ____ _ _____ _ _ ____ _ _ _ #
-# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
-# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
-# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| #
-# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) #
-# #
-# If you want to link servers to InspIRCd you must load the #
-# spanningtree module! Please see the modules list for #
-# information on how to load this module! If you do not load this #
-# module, server ports will NOT work! #
+# TLS (SSL) listener that binds on a TCP/IP endpoint:
<bind
# address: IP address to bind to if the box that you are hosting
# on has more than one IP, else the ircd will try to bind to all
# to this bind section.
type="clients"
- # ssl: If you want the port(s) in this bind tag to use SSL, set this to
- # the name of a custom <sslprofile> tag that you have defined or one
- # of "openssl", "gnutls", "mbedtls" if you have not defined any. See the
- # docs page for the SSL module you are using for more details.
+ # sslprofile: If you want the port(s) in this bind tag to use TLS (SSL), set this
+ # to the name of a custom <sslprofile> tag that you have defined. See the
+ # docs page for the TLS (SSL) module you are using for more details:
+ #
+ # GnuTLS: https://docs.inspircd.org/3/modules/ssl_gnutls#sslprofile
+ # mbedTLS: https://docs.inspircd.org/3/modules/ssl_mbedtls#sslprofile
+ # OpenSSL: https://docs.inspircd.org/3/modules/ssl_openssl#sslprofile
#
# You will need to load the ssl_openssl module for OpenSSL, ssl_gnutls
# for GnuTLS and ssl_mbedtls for mbedTLS.
- ssl="gnutls"
+ sslprofile="Clients"
# defer: When this is non-zero, connections will not be handed over to
# the daemon from the operating system before data is ready.
# whether the interface that provides the bind address is available. This
# is useful for if you are starting InspIRCd on boot when the server may
# not have brought the network interfaces up yet.
- free="no"
->
+ free="no">
+
+# Plaintext listener that binds on a TCP/IP endpoint:
+<bind address="" port="6667" type="clients">
+
+
+# Listener that binds on a UNIX endpoint (not supported on Windows):
+#<bind
+
+ # path: The location to store the UNIX socket
+ #path="/tmp/inspircd.sock"
+
+ # type: Type of bind block this is. It can either be clients or
+ # servers. Whichever you select will be the only type able to connect
+ # to this bind section.
+ #type="clients"
+
+ # permissions: The octal permissions to set on the UNIX socket after it has
+ # been created. If you are not familiar with octal permissions you should
+ # not define this or refer to http://permissions-calculator.org for help.
+ # Note: This does not take effect on rehash.
+ # To change it on a running bind, you'll have to comment it out,
+ # rehash, comment it in and rehash again.
+ #permissions=""
+
+ # replace: if the UNIX socket path already exists then remove it before
+ # attempting to create the new one. This is strongly recommended as it
+ # allows InspIRCd to create sockets in cases where it previously did not
+ # shut down cleanly and left a zombie socket behind.
+ #replace="yes">
-<bind address="" port="6660-6669" type="clients">
# Listener accepting HTML5 WebSocket connections.
# Requires the websocket module and SHA-1 hashing support (provided by the sha1
# module).
#<bind address="" port="7002" type="clients" hook="websocket">
-# EXPERIMENTAL: Listener that binds on a UNIX endpoint instead of a TCP/IP endpoint:
-#<bind path="/tmp/inspircd.sock" type="clients">
-# You can define a custom <sslprofile> tag which defines the SSL configuration
-# for this listener. See the docs page for the SSL module you are using for
+# You can define a custom <sslprofile> tag which defines the TLS (SSL) configuration
+# for these listeners. See the docs page for the TLS (SSL) module you are using for
# more details.
#
-# Alternatively, you can use one of the default SSL profiles which are created
+# Alternatively, you can use one of the default TLS (SSL) profiles which are created
# when you have not defined any:
# "openssl" (requires the ssl_openssl module)
# "gnutls" (requires the ssl_gnutls module)
# completely link-compatible and can be used alongside each other on each end
# of the link without any significant issues.
-<bind address="" port="7000,7001" type="servers">
-<bind address="1.2.3.4" port="7005" type="servers" ssl="openssl">
-
#-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
# #
# Connect blocks are searched twice for each user - once when the TCP #
# connection is accepted, and once when the user completes their #
# registration. Most of the information (hostname, ident response, #
-# password, SSL when using STARTTLS, etc) is only available during #
-# the second search, so if you are trying to make a closed server, #
+# password, TLS (SSL) when using STARTTLS, etc) is only available #
+# during the second search. If you are trying to make a closed server #
# you will probably need a connect block just for user registration. #
# This can be done by using <connect registered="no"> #
+# To enable IRCCloud on your network uncomment this:
+#<include file="examples/providers/irccloud.conf.example">
+
+# A connect class with <connect:deny> set denies connections from the specified host/IP range.
<connect
# deny: Will not let people connect if they have specified host/IP.
- deny="192.0.2.*">
+ deny="3ffe::0/32"
-# connect:reason is the message that users will see if they match a deny block
-<connect deny="3ffe::0/32" reason="The 6bone address space is deprecated">
+ # reason: The message that users will see if they match a deny block.
+ reason="The 6bone address space is deprecated">
+# A connect class with <connect:allow> set allows c from the specified host/IP range.
<connect
# name: Name to use for this connect block. Mainly used for
# connect class inheriting.
password="secret"
# maxchans: Maximum number of channels a user in this class
- # be in at one time.
+ # can be in at one time.
maxchans="20"
# timeout: How long the server will wait before disconnecting
# a user if they do not do anything on connect.
# (Note, this is a client-side thing, if the client does not
# send /NICK, /USER or /PASS)
- timeout="10"
+ timeout="20"
# localmax: Maximum local connections per IP (or CIDR mask, see below).
localmax="3"
# globalmax: Maximum global (network-wide) connections per IP (or CIDR mask, see below).
globalmax="3"
- # maxconnwarn: Enable warnings when localmax or globalmax are reached (defaults to on)
- maxconnwarn="off"
+ # maxconnwarn: Enable warnings when localmax or globalmax are reached (defaults to yes)
+ maxconnwarn="no"
# resolvehostnames: If disabled, no DNS lookups will be performed on connecting users
# in this class. This can save a lot of resources on very busy servers.
resolvehostnames="yes"
+ # useconnectban: Defines if users in this class should be exempt from connectban limits.
+ # This setting only has effect when the connectban module is loaded.
+ #useconnectban="yes"
+
+ # useconnflood: Defines if users in this class should be exempt from connflood limits.
+ # This setting only has effect when the connflood module is loaded.
+ #useconnflood="yes"
+
# usednsbl: Defines whether or not users in this class are subject to DNSBL. Default is yes.
# This setting only has effect when the dnsbl module is loaded.
#usednsbl="yes"
# useident: Defines if users in this class MUST respond to a ident query or not.
useident="no"
+ # usests: Whether a STS policy should be advertised to users in this class.
+ # This setting only has effect when the ircv3_sts module is loaded.
+ #usests="no"
+
# webirc: Restricts usage of this class to the specified WebIRC gateway.
# This setting only has effect when the cgiirc module is loaded.
#webirc="name"
# module be loaded as well.
modes="+x"
- # requireident, requiressl, requireaccount: require that users of this
- # block have a valid ident response, use SSL, or have authenticated.
- # Requires ident, sslinfo, or the services_account module, respectively.
- requiressl="on"
- # NOTE: For requireaccount, you must complete the signon prior to full
- # connection. Currently, this is only possible by using SASL
- # authentication; passforward and PRIVMSG NickServ happen after
- # your final connect block has been found.
+ # requireident: Require that users of this block have a valid ident response.
+ # Requires the ident module to be loaded.
+ #requireident="yes"
+
+ # requiressl: Require that users of this block use a TLS (SSL) connection.
+ # This can also be set to "trusted", as to only accept client certificates
+ # issued by a certificate authority that you can configure in the
+ # settings of the TLS (SSL) module that you're using.
+ # Requires the sslinfo module to be loaded.
+ #requiressl="yes"
+
+ # requireaccount: Require that users of this block have authenticated to a
+ # services account.
+ # NOTE: You must complete the signon prior to full connection. Currently,
+ # this is only possible by using SASL authentication; passforward
+ # and PRIVMSG NickServ happen after your final connect block has been found.
+ # Requires the services_account module to be loaded.
+ #requireaccount="yes"
# Alternate MOTD file for this connect class. The contents of this file are
# specified using <files secretmotd="filename"> or <execfiles ...>
allow="*"
# maxchans: Maximum number of channels a user in this class
- # be in at one time.
+ # can be in at one time.
maxchans="20"
# timeout: How long the server will wait before disconnecting
# a user if they do not do anything on connect.
# (Note, this is a client-side thing, if the client does not
# send /NICK, /USER or /PASS)
- timeout="10"
+ timeout="20"
# pingfreq: How often the server tries to ping connecting clients.
pingfreq="2m"
# immediately killing them; their commands are held in the recvq and processed later
# as the user's command penalty drops. Note that if this is enabled, flooders will
# quit with "RecvQ exceeded" rather than "Excess Flood".
- fakelag="on"
+ fakelag="yes"
# localmax: Maximum local connections per IP.
localmax="3"
# useident: Defines if users in this class must respond to a ident query or not.
useident="no"
+ # usests: Whether a STS policy should be advertised to users in this class.
+ # This setting only has effect when the ircv3_sts module is loaded.
+ #usests="no"
+
# limit: How many users are allowed in this class
limit="5000"
modes="+x">
+
#-#-#-#-#-#-#-#-#-#-#-#- CIDR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
# #
# CIDR configuration allows detection of clones and applying of #
# This file has all the information about oper classes, types and o:lines.
# You *MUST* edit it.
-<include file="examples/opers.conf.example">
+#<include file="examples/opers.conf.example">
# This file has all the information about server links and ulined servers.
# You *MUST* edit it if you intend to link servers.
-<include file="examples/links.conf.example">
+#<include file="examples/links.conf.example">
#-#-#-#-#-#-#-#-#-#- MISCELLANEOUS CONFIGURATION -#-#-#-#-#-#-#-#-#-#
# #
# rehash the ircd from the shell or to terminate the ircd from the #
# shell using shell scripts, perl scripts, etc... and to monitor the #
# ircd's state via cron jobs. If this is a relative path, it will be #
-# relative to the configuration directory, and if it is not defined, #
-# the default of 'inspircd.pid' is used. #
+# relative to the runtime directory, and if it is not defined, the #
+# default of 'inspircd.pid' is used. #
# #
#<pid file="/path/to/inspircd.pid">
# link with servers running 2.0. Defaults to yes.
allowzerolimit="no"
+ # modesinlist: If enabled then the current channel modes will be shown
+ # in the /LIST response. Defaults to yes.
+ modesinlist="no"
+
# exemptchanops: Allows users with with a status mode to be exempt
# from various channel restrictions. Possible restrictions are:
+ # - anticaps Channel mode +B - blocks messages with too many capital
+ # letters (requires the anticaps module).
# - auditorium-see Permission required to see the full user list of
# a +u channel (requires the auditorium module).
# - auditorium-vis Permission required to be visible in a +u channel
# - stripcolor Channel mode +S - strips formatting codes from
# messages (requires the stripcolor module).
# - topiclock Channel mode +t - limits changing the topic to (half)ops
- # You can also configure this on a per-channel basis with a channel mode.
- # See m_exemptchanops in modules.conf.example for more details.
+ # You can also configure this on a per-channel basis with a channel mode and
+ # even negate the configured exemptions below.
+ # See exemptchanops in modules.conf.example for more details.
exemptchanops="censor:o filter:o nickflood:o nonick:v regmoderated:o"
# invitebypassmodes: This allows /INVITE to bypass other channel modes.
# connections. If defined, it sets a soft max connections value.
softlimit="12800"
- # clonesonconnect: If this is set to false, we won't check for clones
+ # clonesonconnect: If this is set to no, we won't check for clones
# on initial connection, but only after the DNS check is done.
# This can be useful where your main class is more restrictive
# than some other class a user can be assigned after DNS lookup is complete.
# Turning this option off will make the server spend more time on users we may
- # potentially not want. Normally this should be neglible, though.
- # Default value is true
- clonesonconnect="true"
+ # potentially not want. Normally this should be negligible, though.
+ # Default value is yes
+ clonesonconnect="yes"
# timeskipwarn: The time period that a server clock can jump by before
# operators will be warned that the server is having performance issues.
# #
# This configuration tag defines the maximum sizes of various types #
# on IRC, such as the maximum length of a channel name, and the #
-# maximum length of a channel. Note that with the exception of the #
-# identmax value all values given here are the exact values you would #
-# expect to see on IRC. This contrasts with the older InspIRCd #
-# releases where these values would be one character shorter than #
-# defined to account for a null terminator on the end of the text. #
-# #
-# These values should match network-wide otherwise issues will occur. #
+# maximum length of a channel. These values should match network-wide #
+# otherwise issues will occur. #
# #
# The highest safe value you can set any of these options to is 500, #
# but it is recommended that you keep them somewhat #
# There are many different types which may be used, and modules may
# generate their own. A list of useful types:
# - USERS - information relating to user connection and disconnection
-# - OPER - succesful and failed oper attempts
+# - OPER - successful and failed oper attempts
# - KILL - kill related messages
# - FILTER - messages related to filter matches (filter module)
# - CONFIG - configuration related messages
<badnick
# nick: Nick to disallow. Wildcards are supported.
- nick="ChanServ"
+ nick="Tr0ll123"
# reason: Reason to display on /NICK.
- reason="Reserved for a network service">
+ reason="Don't use this nick.">
<badhost
# host: ident@hostname to ban.
# provide almost all the features of InspIRCd. :) #
# #
# The default does nothing -- we include it for simplicity for you. #
-<include file="examples/modules.conf.example">
+#<include file="examples/modules.conf.example">
#-#-#-#-#-#-#-#-#-#-#-# SERVICES CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#
# #