# #
# By default, ALL modules are commented out. You must uncomment them #
# or add lines to your config to load modules. Please refer to #
-# https://wiki.inspircd.org/3.0/Modules for a list of modules and #
+# https://docs.inspircd.org/3/modules for a list of modules and #
# each modules link for any additional conf tags they require. #
# #
# ____ _ _____ _ _ ____ _ _ _ #
# to successfully trigger. If they are not, then #
# the user receives a 'no such nick' 401 numeric. #
# #
+# stripcolor - If this is true, the text from the user will be #
+# stripped of color and format codes before #
+# matching against 'text'. #
+# #
# uline - Setting this to true will ensure that the user #
-# given in 'requires' is also on a u-lined server, #
+# given in 'requires' is also on a U-lined server, #
# as well as actually being on the network. If the #
-# user is online, but not on a u-lined server, #
+# user is online, but not on a U-lined server, #
# then an oper alert is sent out as this is #
# possibly a sign of a user trying to impersonate #
# a service. #
# An example of using the format value to create an alias with two
# different behaviours depending on the format of the parameters.
#
-#<alias text="ID" format="#*" replace="PRIVMSG ChanServ :IDENTIFY $2 $3"
+#<alias text="ID" format="#*" replace="SQUERY ChanServ :IDENTIFY $2 $3"
# requires="ChanServ" uline="yes">
#
-#<alias text="ID" replace="PRIVMSG NickServ :IDENTIFY $2"
+#<alias text="ID" replace="SQUERY NickServ :IDENTIFY $2"
# requires="NickServ" uline="yes">
#
# This alias fixes a glitch in xchat 2.6.x and above and the way it
# assumes IDENTIFY must be prefixed by a colon (:) character. It should
# be placed ABOVE the default NICKSERV alias.
#
-#<alias text="NICKSERV" format=":IDENTIFY *" replace="PRIVMSG NickServ :IDENTIFY $3-"
+#<alias text="NICKSERV" format=":IDENTIFY *" replace="SQUERY NickServ :IDENTIFY $3-"
# requires="NickServ" uline="yes">
#
# You may also add aliases to trigger based on something said in a
# command must be preceded by the fantasy prefix when used.
#
#<alias text="CS" usercommand="no" channelcommand="yes"
-# replace="PRIVMSG ChanServ :$1 $chan $2-" requires="ChanServ" uline="yes">
+# replace="SQUERY ChanServ :$1 $chan $2-" requires="ChanServ" uline="yes">
#
# This would be used as "!cs <command> <options>", with the channel
# being automatically inserted after the command in the message to
# users that send overly capitalised messages to channels. Unlike the
# blockcaps module this module is more flexible as it has more options
# for punishment and allows channels to configure their own punishment
-# policies.
+# policies.
#<module name="anticaps">
#
# You may also configure the characters which anticaps considers to be
# For example +w o:*!Attila@127.0.0.1 will op anyone matching that mask
# on join. This can be combined with extbans, for example +w o:R:Brain
# will op anyone identified to the account "Brain".
-# Another useful combination is with SSL client certificate
+# Another useful combination is with TLS (SSL) client certificate
# fingerprints: +w h:z:72db600734bb9546c1bdd02377bc21d2a9690d48 will
# give halfop to the user(s) having the given certificate.
#<module name="autoop">
#<module name="botmode">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# CallerID module: Adds usermode +g which activates hybrid-style
+# CallerID module: Adds user mode +g which activates hybrid-style
# callerid: block all private messages unless you /ACCEPT first.
#<module name="callerid">
#
# The webirc method is the recommended way to allow gateways to forward
# IP/host information. When using this method the gateway sends a WEBIRC
# message to the server on connection. For more details please read the
-# IRCv3 WebIRC specification at http://ircv3.net/specs/extensions/webirc.html.
+# IRCv3 WebIRC specification at: https://ircv3.net/specs/extensions/webirc.html
#
# When using this method you must specify a wildcard mask or CIDR range
-# to allow gateway connections from and at least one of either a SSL
+# to allow gateway connections from and at least one of either a TLS (SSL)
# client certificate fingerprint for the gateway or a password to be
# sent in the WEBIRC command.
#
#<module name="chanfilter">
#
# If hidemask is set to yes, the user will not be shown the mask when
-# his/her message is blocked.
+# their message is blocked.
#
# If maxlen is set then it defines the maximum length of a filter entry.
#
# If notifyuser is set to no, the user will not be notified when
-# his/her message is blocked.
+# their message is blocked.
#<chanfilter hidemask="yes" maxlen="50" notifyuser="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#
# Set the maximum number of lines allowed to be stored per channel below.
# This is the hard limit for 'X'.
-# If notice is set to yes, joining users will get a NOTICE before playback
-# telling them about the following lines being the pre-join history.
+# If prefixmsg is set to yes, joining users without batch support will get
+# a NOTICE before playback telling them about the following lines being
+# the pre-join history.
# If bots is set to yes, it will also send to users marked with +B
-#<chanhistory maxlines="50" notice="yes" bots="yes">
+#<chanhistory maxlines="50" prefixmsg="yes" bots="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Channel logging module: Used to send snotice output to channels, to
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Channelban: Implements extended ban j:, which stops anyone already
-# in a channel matching a ban like +b j:#channel*mask from joining.
+# in a channel matching a ban like +b j:#channel from joining.
+# It is also possible to ban based on their status in that channel,
+# like so: +b j:@#channel, this example prevents the ops from joining.
# Note that by default wildcard characters * and ? are allowed in
-# channel names. To disallow them, load m_channames and add characters
-# 42 and 63 to denyrange (see above).
+# channel names. To disallow them, load the channames module and
+# add characters 42 and 63 to denyrange (see above).
#<module name="channelban">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Connection class ban module: Adds support for extban 'n' which
# matches against the class name of the user's connection.
# This module assumes that connection classes are named in a uniform
-# way on all servers of the network.
+# way on all servers of the network. Wildcards are accepted.
#<module name="classban">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#<module name="clearchan">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Cloaking module: Adds usermode +x and cloaking support.
+# Cloaking module: Adds user mode +x and cloaking support.
# Relies on the md5 module being loaded.
# To cloak users when they connect, load the conn_umodes module and set
# <connect:modes> to include the +x mode. The example <connect> tag
#<cloak mode="half"
# key="changeme"
# domainparts="3"
-# prefix="net-">
+# prefix="net-"
+# ignorecase="no">
#
#<cloak mode="full"
# key="changeme"
-# prefix="net-">
+# prefix="net-"
+# ignorecase="no">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Clones module: Adds an oper command /CLONES for detecting cloned
# To use, CLONES must be in one of your oper class blocks.
#<module name="clones">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Codepage module: Allows using a custom 8-bit codepage for nicknames
+# and case mapping.
+#
+# You should include one of the following files to set your codepage:
+#<include file="examples/codepages/ascii.conf.example">
+#<include file="examples/codepages/latin1.conf.example">
+#<include file="examples/codepages/rfc1459.conf.example">
+#<include file="examples/codepages/strict-rfc1459.conf.example">
+#
+# You can also define a custom codepage. For details on how to do this
+# please refer to the docs site:
+# https://docs.inspircd.org/3/modules/codepage
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Common channels module: Adds user mode +c, which, when set, requires
# that users must share a common channel with you to PRIVMSG or NOTICE
# killonbadreply - Whether to kill the user if they send the wrong #
# PONG reply. #
# #
-#<waitpong sendsnotice="yes" killonbadreply="yes">
+#<waitpong sendsnotice="no" killonbadreply="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Channel cycle module: Adds the /CYCLE command which is a server-side
# bootwait - Amount of time in seconds to wait before enforcing
# the throttling when the server just booted.
#
-#<connflood seconds="30" maxconns="3" timeout="30"
-# quitmsg="Throttled" bootwait="10">
+#<connflood period="30" maxconns="3" timeout="30"
+# quitmsg="Throttled" bootwait="2m">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Custom prefixes: Allows for channel prefixes to be configured.
# You can also override the configuration of prefix modes added by both the core
# and other modules by adding a customprefix tag with change="yes" specified.
# <customprefix name="op" change="yes" rank="30000" ranktoset="30000">
-# <customprefix name="voice" change="yes" rank="10000" ranktoset="10000" depriv="no">
+# <customprefix name="voice" change="yes" rank="10000" ranktoset="20000" depriv="no">
#
# Do /RELOADMODULE customprefix after changing the settings of this module.
#<banfile pattern="*.txt" action="allow">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Deaf module: Adds support for the usermode +d - deaf to channel
-# messages and channel notices.
+# Deaf module: Adds support for user modes +d and +D:
+# d - deaf to channel messages and notices.
+# D - deaf to user messages and notices.
+# The +D user mode is not enabled by default to enable link compatibility
+# with 2.0 servers.
#<module name="deaf">
+#
+#-#-#-#-#-#-#-#-#-#-#-#- DEAF CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
+# bypasschars - Characters that bypass deaf to a regular user.
+# bypasscharsuline - Characters that bypass deaf to a U-lined user (services).
+# Both of these take a list of characters that must match
+# the starting character of a message.
+# If 'bypasscharsuline' is empty, then 'bypasschars' will
+# match for both regular and U-lined users.
+# enableprivdeaf - Whether to enable user mode +D (privdeaf).
+# privdeafuline - Whether U-lined users bypass user mode +D (privdeaf).
+#
+#<deaf bypasschars="" bypasscharsuline="!" enableprivdeaf="no" privdeafuline="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Delay join module: Adds the channel mode +D which delays all JOIN
# more blacklists. #
#<module name="dnsbl">
# #
-# For configuration options please see the wiki page for dnsbl at #
-# https://wiki.inspircd.org/Modules/3.0/dnsbl #
+# For configuration options please see the docs page for dnsbl at #
+# https://docs.inspircd.org/3/modules/dnsbl #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Exempt channel operators module: Provides support for allowing #
# users of a specified channel status to be exempt from some channel #
-# restriction modes. Supported restrictions are #
-# blockcaps, blockcolor, censor, filter, flood, nickflood, noctcp, #
-# nonick, nonotice, regmoderated, stripcolor, and topiclock. #
+# restriction modes. Supported restrictions are: #
+# anticaps, auditorium-see, auditorium-vis, blockcaps, blockcolor, #
+# censor, filter, flood, nickflood, noctcp, nonick, nonotice, #
+# regmoderated, stripcolor, and topiclock. #
# See <options:exemptchanops> in inspircd.conf.example for a more #
# detailed list of the restriction modes that can be exempted. #
# These are settable using: /MODE #chan +X <restriction>:<status> #
# at the <module> tag for info on availability. #
# #
# If notifyuser is set to no, the user will not be notified when #
-# his/her message is blocked. #
-#<filteropts engine="glob" notifyuser="yes">
+# their message is blocked. #
+# #
+# If warnonselfmsg is set to yes when a user sends a message to #
+# themself that matches a filter the filter will be ignored and a #
+# warning will be sent to opers instead. This stops spambots which #
+# send their spam message to themselves first to check if it is being #
+# filtered by the server. #
+#<filteropts engine="glob" notifyuser="yes" warnonselfmsg="no">
# #
# Your choice of regex engine must match on all servers network-wide. #
# #
#<module name="gecosban">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# GeoIP module: Allows the server admin to match users by country code.
-# This module is in extras. Re-run configure with:
-# ./configure --enable-extras=m_geoip.cpp
-# and run make install, then uncomment this module to enable it.
-# This module requires GeoIP to be installed on your system,
-# use your package manager to find the appropriate packages
-# or check the InspIRCd wiki page for this module.
-#<module name="geoip">
-#
-# The actual allow/ban actions are done by connect classes, not by the
-# GeoIP module. An example connect class to ban people from russia or
-# turkey:
-#
-# <connect deny="*" geoip="TR,RU">
-#
-# If enabled you can also ban people from channnels by country code
-# using the G: extban (e.g. /MODE #channel +b G:US).
-# <geoip extban="yes">
-#
-# The country code must be in capitals and should be an ISO country
-# code such as TR, GB, or US. Unknown IPs (localhost, LAN IPs, etc)
-# will be assigned the country code "UNK". Since connect classes are
-# matched from top down, your deny classes must be above your allow
-# classes for them to match.
+# Geolocation ban module: Adds support for extban 'G' which matches #
+# against the ISO 3166-1 alpha-2 codes for the countries that users #
+# are connecting from. Users connecting from unknown origins such as #
+# internal networks can be matched against using the XX alpha-2 code. #
+# A full list of ISO 3166-1 alpha-2 codes can be found at #
+# https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 #
+#<module name="geoban">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Geolocation connect class module: Adds support for limiting connect #
+# classes to users from specific countries. With this module you can #
+# specify a space-delimited list of two character the ISO 3166-1 #
+# alpha-2 codes in the "country" field of a connect class. e.g. to #
+# deny connections from users in Russia or Turkey: #
+# #
+# <connect deny="*" country="TR RU"> #
+# #
+# Users connecting from unknown origins such as internal networks can #
+# be matched against using the XX alpha-2 code. A full list of ISO #
+# 3166-1 alpha-2 codes can be found at #
+# https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 #
+#<module name="geoclass">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# MaxMindDB geolocation module: Provides geolocation information for #
+# other modules that need it using the libMaxMindDB library. #
+# #
+# This module is in extras. Re-run configure with: #
+# ./configure --enable-extras geo_maxmind
+# and run make install, then uncomment this module to enable it. #
+# #
+# This module requires libMaxMindDB to be installed on your system. #
+# Use your package manager to find the appropriate packages or check #
+# the InspIRCd documentation page for this module. #
+#<module name="geo_maxmind">
+# #
+# If you use the geo_maxmind module you MUST provide a database file #
+# to look up geolocation information in. You can either purchase this #
+# from MaxMind at https://www.maxmind.com/en/geoip2-country-database #
+# or use the free CC-BY-SA licensed GeoLite2 Country database which #
+# can be downloaded at https://dev.maxmind.com/geoip/geoip2/geolite2/ #
+#<maxmind file="GeoLite2-Country.mmdb">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Globops module: Provides the /GLOBOPS command and snomask +g.
#
#-#-#-#-#-#-#-#-#-#-#- HOSTCHANGE CONFIGURATION -#-#-#-#-#-#-#-#-#-#
# #
-# See https://wiki.inspircd.org/Modules/3.0/hostchange for help. #
+# See https://docs.inspircd.org/3/modules/hostchange for help. #
# #
#<hostchange mask="*@42.theanswer.example.org" action="addaccount" suffix=".users.example.com">
#<hostchange mask="*root@*" action="addnick" prefix="example/users/">
#
# Further information on these extensions can be found at the IRCv3
# working group website:
-# http://ircv3.net/irc/
+# https://ircv3.net/irc/
#
#<module name="ircv3">
# The following block can be used to control which extensions are
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 client-to-client tags module: Provides the message-tags IRCv3
-# extension which allows clients to add extra data to their messages.
+# extension which allows clients to add extra data to their messages.
# This is used to support new IRCv3 features such as replies and ids.
#<module name="ircv3_ctctags">
+#
+# If you want to only allow client tags that are intended for processing
+# by the server you can disable the following setting. Doing this is not
+# recommended though as it may break clients.
+#<ctctags allowclientonlytags="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 echo-message module: Provides the echo-message IRCv3
# another user into a channel. This respects <options:announceinvites>.
#<module name="ircv3_invitenotify">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# IRCv3 labeled-response module: Provides the labeled-response IRCv3
+# extension which allows server responses to be associated with the
+# client message which caused them to be sent.
+#<module name="ircv3_labeledresponse">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# IRCv3 message id module: Provides the msgid IRCv3 extension which
+# adds a unique identifier to each message when the message-tags cap
+# has been requested. This enables support for modern features such as
+# reactions and replies.
+#<module name="ircv3_msgid">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 server-time module. Adds the 'time' tag which adds a timestamp
# to all messages received from the server.
#
# host - A glob match for the SNI hostname to apply this policy to.
# duration - The amount of time that the policy lasts for. Defaults to
-# approximately two months by default.
+# five minutes by default. You should raise this to a month
+# or two once you know that your config is valid.
# port - The port on which TLS connections to the server are being
# accepted. You MUST have a CA-verified certificate on this
# port. Self signed certificates are not acceptable.
# preload - Whether client developers can include your certificate in
# preload lists.
#
-# <sts host="*.example.com" duration="60d" port="6697" preload="yes">
+# <sts host="*.example.com" duration="5m" port="6697" preload="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Join flood module: Adds support for join flood protection +j X:Y.
# LDAP module: Allows other SQL modules to access a LDAP database
# through a unified API.
# This modules is in extras. Re-run configure with:
-# ./configure --enable-extras=m_ldap.cpp
+# ./configure --enable-extras ldap
# and run make install, then uncomment this module to enable it.
#
#<module name="ldap">
# repeated to whitelist multiple CIDRs. #
# #
# ldaprequire allows further filtering on the LDAP user, by requiring #
-# certain LDAP attibutes to have a given value. It can be repeated, #
+# certain LDAP attributes to have a given value. It can be repeated, #
# in which case the list will act as an OR list, that is, the #
# authentication will succeed if any of the requirements in the list #
# is satisfied. #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Map hiding module: replaces /MAP and /LINKS output to users with a #
-# message to see a website, set by maphide="http://test.org/map" in #
+# message to see a website, set by maphide="https://test.org/map" in #
# the <security> tag, instead. #
#<module name="maphide">
# Message flood module: Adds message/notice flood protection via
# channel mode +f.
#<module name="messageflood">
+#
+# The weight to give each message type. TAGMSGs are considered to be
+# 1/5 of a NOTICE or PRIVMSG to avoid users being accidentally flooded
+# out of a channel by automatic client features such as typing
+# notifications.
+#<messageflood notice="1.0" privmsg="1.0" tagmsg="0.2">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# MLOCK module: Adds support for server-side enforcement of services
# MySQL module: Allows other SQL modules to access MySQL databases
# through a unified API.
# This module is in extras. Re-run configure with:
-# ./configure --enable-extras=m_mysql.cpp
+# ./configure --enable-extras mysql
# and run make install, then uncomment this module to enable it.
#<module name="mysql">
#
#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
# #
-# mysql is more complex than described here, see the wiki for more #
-# info: https://wiki.inspircd.org/Modules/3.0/mysql #
+# mysql is more complex than described here, see the docs for more #
+# info: https://docs.inspircd.org/3/modules/mysql #
#
#<database module="mysql" name="mydb" user="myuser" pass="mypass" host="localhost" id="my_database2">
# National characters module:
# 1) Allows using national characters in nicknames.
# 2) Allows using custom (national) casemapping over the network.
+#
+# This module is incredibly poorly written and documented. You should
+# probably use the codepage module instead for 8-bit codepages.
#<module name="nationalchars">
#
# file - Location of the file which contains casemapping rules. If this
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Network business join module:
# Allows an oper to join a channel using /OJOIN, giving them +Y on the
-# channel which makes them immune to kick/deop/etc.
+# channel which makes them immune to kicks.
#<module name="ojoin">
#
# Specify the prefix that +Y will grant here.
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper prefixing module: Adds a channel prefix mode +y which is given
-# to all IRC operators automatically on all channels they are in.
+# to all server operators automatically on all channels they are in.
# This prefix mode is more powerful than channel op and other regular
# prefix modes.
#
-# Load this module if you want all your IRC operators to have channel
-# operator powers.
+# Load this module if you want all your server operators to have
+# channel operator powers.
#<module name="operprefix">
#
# You may additionally customise the prefix character.
#<operprefix prefix="!">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Oper MOTD module: Provides support for separate message of the day
+# Oper MOTD module: Provides support for a separate message of the day
# on oper-up.
# This module is oper-only.
#<module name="opermotd">
#
#-#-#-#-#-#-#-#-#-#-# OPERMOTD CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
# #
-# If you are using the opermotd module, specify the motd here. #
+# If you are using the opermotd module, specify the motd file here. #
# #
# onoper - If on, the message is sent on /OPER, otherwise it's #
# only sent when /OPERMOTD is used. #
# #
# Much of override's configuration relates to your oper blocks. #
# For more information on how to allow opers to override, see: #
-# https://wiki.inspircd.org/Modules/3.0/override #
+# https://docs.inspircd.org/3/modules/override #
# #
# noisy - If enabled, all oper overrides will be announced #
# via channel notice. #
# #
# requirekey - If enabled, overriding on join requires a channel #
-# key of "override" to be specified #
+# key of "override" to be specified. #
# #
-# enableumode - If enabled, usermode +O is required for override. #
+# enableumode - If enabled, user mode +O is required for override. #
# #
-#<override noisy="yes" requirekey="no" enableumode="true">
+#<override noisy="yes" requirekey="no" enableumode="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper levels module: Gives each oper a level and prevents actions
# cmd: Command for the user to run when it receives a connect
# password.
- cmd="PRIVMSG $nickrequired :IDENTIFY $pass">
+ cmd="SQUERY $nickrequired :IDENTIFY $pass">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Password hash module: Allows hashed passwords to be used.
#
# If 'listmodes' is true then all list modes (+b, +I, +e, +g...) will be
# saved. Defaults to false.
-#<permchanneldb filename="permchannels.conf" listmodes="true">
+#
+# 'saveperiod' determines how often to check if the database needs to be
+# saved to disk. Defaults to every five seconds.
+#<permchanneldb filename="permchannels.conf"
+# listmodes="yes"
+# saveperiod="5s">
#<include file="permchannels.conf">
#
# You may also create channels on startup by using the <permchannels> block.
# PostgreSQL module: Allows other SQL modules to access PgSQL databases
# through a unified API.
# This module is in extras. Re-run configure with:
-# ./configure --enable-extras=m_pgsql.cpp
+# ./configure --enable-extras pgsql
# and run make install, then uncomment this module to enable it.
#<module name="pgsql">
#
#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
# #
-# pgsql is more complex than described here, see the wiki for #
-# more: https://wiki.inspircd.org/Modules/3.0/pgsql #
+# pgsql is more complex than described here, see the docs for #
+# more: https://docs.inspircd.org/3/modules/pgsql #
#
#<database module="pgsql" name="mydb" user="myuser" pass="mypass" host="localhost" id="my_database" ssl="no">
#<module name="muteban">
#
# If notifyuser is set to no, the user will not be notified when
-# his/her message is blocked.
+# their message is blocked.
#<muteban notifyuser="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# nokicks (+Q) mode is set. Defaults to false.
# protectedrank: Members having this rank or above may not be /REMOVE'd
# by anyone. Set to 0 to disable this feature. Defaults to 50000.
-#<remove supportnokicks="true" protectedrank="50000">
+#<remove supportnokicks="yes" protectedrank="50000">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Repeat module: Allows to block, kick or ban upon similar messages
# less CPU usage. Increasing this beyond 512 doesn't have
# any effect, as the maximum length of a message on IRC
# cannot exceed that.
-#<repeat maxbacklog="20" maxdistance="50 maxlines="20" maxtime="0" size="512">
+#<repeat maxbacklog="20" maxdistance="50" maxlines="20" maxtime="0" size="512">
#<module name="repeat">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# If you wish to re-check a user when they change nickname (can be
# useful under some situations, but *can* also use CPU with more users
# on a server) then set 'matchonnickchange' to yes.
+# If you additionally want Z-lines to be added on matches, then
+# set 'zlineonmatch' to yes.
# Also, this is where you set what Regular Expression engine is to be
# used. If you ever change it while running, all of your R-lines will
# be wiped. This is the regex engine used by all R-lines set, and
# regex_<engine> must be loaded, or rline will be non-functional
# until you load it or change the engine to one that is loaded.
#
-#<rline matchonnickchange="yes" engine="pcre">
+#<rline matchonnickchange="yes" zlineonmatch="no" engine="pcre">
#
# Generally, you will NOT want to use 'glob' here, as this turns an
# R-line into just another G-line. The exceptions are that R-lines will
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SAMODE module: Adds the /SAMODE command which allows server operators
# to change modes on a channel without requiring them to have any
-# channel priviliges. Also allows changing user modes for any user.
+# channel privileges. Also allows changing user modes for any user.
# This module is oper-only.
# To use, SAMODE must be in one of your oper class blocks.
#<module name="samode">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SATOPIC module: Adds the /SATOPIC command which allows changing the
-# topic on a channel without requiring any channel priviliges.
+# topic on a channel without requiring any channel privileges.
# This module is oper-only.
# To use, SATOPIC must be in one of your oper class blocks.
#<module name="satopic">
# Layer via AUTHENTICATE. Note: You also need to have cap loaded
# for SASL to work.
#<module name="sasl">
-# Define the following to your services server name to improve security
-# by ensuring the SASL messages are only sent to the services server
-# and not to all connected servers. This prevents a rogue server from
-# capturing SASL messages and disables the SASL cap when services is
-# down.
-#<sasl target="services.mynetwork.com">
+
+# You must define <sasl:target> to the name of your services server so
+# that InspIRCd knows where to send SASL authentication messages and
+# when it should enable the SASL capability.
+# You can also define <sasl:requiressl> to require users to use TLS (SSL)
+# in order to be able to use SASL.
+#<sasl target="services.mynetwork.com"
+# requiressl="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Secure list module: Prevent /LIST in the first minute of connection,
#<securehost exception="*@*.ircdriven.com">
#<securehost exception="*@*.ircs.me">
# #
-# Define the following variable to change how long a user must wait #
-# before issuing a LIST. If not defined, defaults to 60 seconds. #
+# exemptregistered - Whether the waiting period applies to users who #
+# are logged in to a services account. #
+# Defaults to no. #
+# #
+# showmsg - Whether to tell users that they need to wait for a while #
+# before they can use the /LIST command. #
+# Defaults to no. #
+# #
+# waittime - The time period that a user must be connected for before #
+# they can use the /LIST command. #
+# Defaults to 1 minute. #
# #
-#<securelist waittime="1m"> #
+#<securelist exemptregistered="yes"
+# showmsg="yes"
+# waittime="1m">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Servprotect module: Provides support for Austhex style +k /
#<module name="setidle">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Services support module: Adds several usermodes such as +R and +M.
+# Services support module: Adds several user modes such as +R and +M.
# This module implements the 'identified' state via account names,
# and is similar in operation to the way asuka and ircu handle services.
#
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Serverban: Implements extended ban 's', which stops anyone connected
# to a server matching a mask like +b s:server.mask.here from joining.
+# Wildcards are accepted.
#<module name="serverban">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# endtext="End of server rules.">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Show whois module: Adds the +W usermode which allows opers to see
+# Show whois module: Adds the +W user mode which allows opers to see
# when they are /WHOIS'd.
# This module is oper-only by default.
#<module name="showwhois">
# You can optionally let the user know that their command was blocked.
#
# You may also let SHUN affect opers (defaults to no).
-#<shun enabledcommands="ADMIN PING PONG QUIT PART JOIN" notifyuser="yes" affectopers="no">
+#<shun enabledcommands="ADMIN OPER PING PONG QUIT PART JOIN" notifyuser="yes" affectopers="no">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SSL mode module: Adds support for SSL-only channels via the '+z'
-# channel mode, SSL-only private messages via the '+z' user mode and
-# the 'z:' extban which matches SSL client certificate fingerprints.
+# SSL mode module: Adds support for TLS (SSL)-only channels via the '+z'
+# channel mode, TLS (SSL)-only private messages via the '+z' user mode and
+# the 'z:' extban which matches TLS (SSL) client certificate fingerprints.
#
-# Does not do anything useful without a working SSL module and the
+# Does not do anything useful without a working TLS (SSL) module and the
# sslinfo module (see below).
#<module name="sslmodes">
#
#<sslmodes enableumode="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SSL rehash signal module: Allows the SSL modules to be rehashed by
+# SSL rehash signal module: Allows the TLS (SSL) modules to be rehashed by
# sending SIGUSR1 to a running InspIRCd process.
-# This modules is in extras. Re-run configure with:
-# ./configure --enable-extras=m_sslrehashsignal.cpp
+# This module is in extras. Re-run configure with:
+# ./configure --enable-extras sslrehashsignal
# and run make install, then uncomment this module to enable it.
#<module name="sslrehashsignal">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# GnuTLS SSL module: Adds support for SSL connections using GnuTLS,
+# GnuTLS SSL module: Adds support for TLS (SSL) connections using GnuTLS,
# if enabled. You must answer 'yes' in ./configure when asked or
# manually symlink the source for this module from the directory
# src/modules/extra, if you want to enable this, or it will not load.
#
#-#-#-#-#-#-#-#-#-#-#- GNUTLS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
# #
-# ssl_gnutls is too complex to describe here, see the wiki: #
-# https://wiki.inspircd.org/Modules/3.0/ssl_gnutls #
+# ssl_gnutls is too complex to describe here, see the docs: #
+# https://docs.inspircd.org/3/modules/ssl_gnutls #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SSL info module: Allows users to retrieve information about other
-# users' peer SSL certificates and keys. This can be used by client
-# scripts to validate users. For this to work, one of ssl_gnutls
-# or ssl_openssl must be loaded. This module also adds the
-# "* <user> is using a secure connection" whois line, the ability for
-# opers to use SSL cert fingerprints to verify their identity and the
-# ability to force opers to use SSL connections in order to oper up.
-# It is highly recommended to load this module if you use SSL on your
-# network.
-# For how to use the oper features, please see the first example <oper> tag
-# in opers.conf.example.
+# users' peer TLS (SSL) certificates and keys via the SSLINFO command.
+# This can be used by client scripts to validate users. For this to
+# work, one of ssl_gnutls, ssl_mbedtls or ssl_openssl must be loaded.
+# This module also adds the "<user> is using a secure connection"
+# and "<user> has TLS (SSL) client certificate fingerprint <fingerprint>"
+# WHOIS lines, the ability for opers to use TLS (SSL) cert fingerprints to
+# verify their identity and the ability to force opers to use TLS (SSL)
+# connections in order to oper up. It is highly recommended to load
+# this module if you use TLS (SSL) on your network.
+# For how to use the oper features, please see the first
+# example <oper> tag in opers.conf.example.
#
#<module name="sslinfo">
+#
+# If you want to prevent users from viewing TLS (SSL) certificate information
+# and fingerprints of other users, set operonly to yes.
+#<sslinfo operonly="no">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# mbedTLS SSL module: Adds support for SSL/TLS connections using mbedTLS.
+# mbedTLS TLS (SSL) module: Adds support for TLS (SSL) connections using mbedTLS.
#<module name="ssl_mbedtls">
+#
+#-#-#-#-#-#-#-#-#-#-#- MBEDTLS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# ssl_mbedtls is too complex to describe here, see the docs: #
+# https://docs.inspircd.org/3/modules/ssl_mbedtls #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# OpenSSL SSL module: Adds support for SSL connections using OpenSSL,
+# OpenSSL TLS (SSL) module: Adds support for TLS (SSL) connections using OpenSSL,
# if enabled. You must answer 'yes' in ./configure when asked or symlink
# the source for this module from the directory src/modules/extra, if
# you want to enable this, or it will not load.
#
#-#-#-#-#-#-#-#-#-#-#- OPENSSL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
# #
-# ssl_openssl is too complex to describe here, see the wiki: #
-# https://wiki.inspircd.org/Modules/3.0/ssl_openssl #
+# ssl_openssl is too complex to describe here, see the docs: #
+# https://docs.inspircd.org/3/modules/ssl_openssl #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Strip color module: Adds channel mode +S that strips color codes and
# SQLite3 module: Allows other SQL modules to access SQLite3 #
# databases through a unified API. #
# This module is in extras. Re-run configure with: #
-# ./configure --enable-extras=m_sqlite3.cpp
+# ./configure --enable-extras sqlite3
# and run make install, then uncomment this module to enable it. #
#
#<module name="sqlite3">
#
#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
# #
-# sqlite is more complex than described here, see the wiki for more #
-# info: https://wiki.inspircd.org/Modules/3.0/sqlite3 #
+# sqlite is more complex than described here, see the docs for more #
+# info: https://docs.inspircd.org/3/modules/sqlite3 #
#
#<database module="sqlite" hostname="/full/path/to/database.db" id="anytext">
#
#-#-#-#-#-#-#-#-#-#-#- SQLAUTH CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
# #
-# sqlauth is too complex to describe here, see the wiki: #
-# https://wiki.inspircd.org/Modules/3.0/sqlauth #
+# sqlauth is too complex to describe here, see the docs: #
+# https://docs.inspircd.org/3/modules/sqlauth #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SQL oper module: Allows you to store oper credentials in an SQL
# #
# dbid - Database ID to use (see SQL modules). #
# #
-# See also: https://wiki.inspircd.org/Modules/3.0/sqloper #
+# See also: https://docs.inspircd.org/3/modules/sqloper #
# #
#<sqloper dbid="1">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# StartTLS module: Implements STARTTLS, which allows clients #
-# connected to non SSL enabled ports to enable SSL, if a proper SSL #
-# module is loaded (either ssl_gnutls or ssl_openssl). #
+# connected to non TLS (SSL) enabled ports to enable TLS (SSL), if #
+# a proper TLS (SSL) module is loaded (either ssl_gnutls, #
+# ssl_mbedtls or ssl_openssl). #
#<module name="starttls">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# WebSocket module: Adds HTML5 WebSocket support.
# Specify hook="websocket" in a <bind> tag to make that port accept
-# WebSocket connections. Compatible with SSL/TLS.
+# WebSocket connections. Compatible with TLS (SSL).
# Requires SHA-1 hash support available in the sha1 module.
#<module name="websocket">
#
-# Whether to re-encode messages as UTF-8 before sending to WebSocket
-# clients. This is recommended as the WebSocket protocol requires all
-# text frames to be sent as UTF-8. If you do not have this enabled
-# messages will be sent as binary frames instead.
-#<websocket sendastext="yes">
+# proxyranges: A space-delimited list of glob or CIDR matches to trust
+# the X-Real-IP or X-Forwarded-For headers from. If enabled
+# the server will use the IP address specified by those HTTP
+# headers. You should NOT enable this unless you are using
+# a HTTP proxy like nginx as it will allow IP spoofing.
+# sendastext: Whether to re-encode messages as UTF-8 before sending to
+# WebSocket clients. This is recommended as the WebSocket
+# protocol requires all text frames to be sent as UTF-8.
+# If you do not have this enabled messages will be sent as
+# binary frames instead.
+#<websocket proxyranges="192.0.2.0/24 198.51.100.*"
+# sendastext="yes">
#
# If you use the websocket module you MUST specify one or more origins
# which are allowed to connect to the server. You should set this as
# strict as possible to prevent malicious webpages from connecting to
# your server.
-# <wsorigin allow="https://*.example.com/">
+# <wsorigin allow="https://*.example.com">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# XLine database: Stores all *-lines (G/Z/K/R/any added by other modules)
+# X-line database: Stores all *-lines (G/Z/K/R/any added by other modules)
# in a file which is re-loaded on restart. This is useful
# for two reasons: it keeps bans so users may not evade them, and on
# bigger networks, server connections will take less time as there will
# be a lot less bans to apply - as most of them will already be there.
#<module name="xline_db">
-# Specify the filename for the xline database here.
-#<xlinedb filename="xline.db">
+# Specify the filename for the xline database and how often to check whether
+# the database needs to be saved here.
+#<xlinedb filename="xline.db" saveperiod="5s">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# ____ _ _____ _ _ ____ _ _ _ #