# matched, or it has no format value. Aliases are #
# read from the top of the file to the bottom. #
# #
-# usercommand - If this is true, the alias can be run simply as #
-# /ALIASNAME. Defaults to true. #
+# usercommand - If set to yes, the alias can be run simply as #
+# /ALIASNAME. Defaults to yes. #
# #
-# channelcommand - If this is true, the alias can be used as an #
+# channelcommand - If set to yes, the alias can be used as an #
# in-channel alias or 'fantasy command', prefixed #
# by the fantasy prefix character, !aliasname by #
-# default. Defaults to false. #
+# default. Defaults to no. #
# #
# format - If this is defined, the parameters of the alias #
# must match this glob pattern. For example if you #
# to successfully trigger. If they are not, then #
# the user receives a 'no such nick' 401 numeric. #
# #
-# stripcolor - If this is true, the text from the user will be #
+# stripcolor - If set to yes, the text from the user will be #
# stripped of color and format codes before #
# matching against 'text'. #
# #
-# uline - Setting this to true will ensure that the user #
+# uline - Setting this to yes will ensure that the user #
# given in 'requires' is also on a U-lined server, #
# as well as actually being on the network. If the #
# user is online, but not on a U-lined server, #
# possibly a sign of a user trying to impersonate #
# a service. #
# #
-# operonly - If true, this will make the alias oper only. #
+# operonly - If yes, this will make the alias oper only. #
# If a non-oper attempts to use the alias, it will #
# appear to not exist. #
# #
# users that send overly capitalised messages to channels. Unlike the
# blockcaps module this module is more flexible as it has more options
# for punishment and allows channels to configure their own punishment
-# policies.
+# policies.
#<module name="anticaps">
#
# You may also configure the characters which anticaps considers to be
# <anticaps lowercase="abcdefghijklmnopqrstuvwxyz"
# uppercase="ABCDEFGHIJKLMNOPQRSTUVWXYZ">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Argon2 module: Allows other modules to generate Argon2 hashes,
+# usually for cryptographic uses and security.
+# This module makes the algorithms argon2i, argon2d and argon2id
+# available for use.
+# Note that this module is extra, and must be enabled explicitly
+# to build. It depends on libargon2.
+#<module name="argon2">
+#
+# memory: Memory hardness, in KiB. E.g. 131072 KiB = 128 MiB.
+# iterations: Time hardness in iterations. (def. 3)
+# lanes: How many parallel chains can be run. (def. 1)
+# threads: Maximum amount of threads each invocation can spawn. (def. 1)
+# length: Output length in bytes. (def. 32)
+# saltlength: Salt length in bytes. (def. 16)
+# version: Algorithm version, 10 or 13. (def. 13)
+# The parameters can be customized as follows:
+#<argon2 iterations="3" memory="131074" length="32" saltlength="16">
+# Defines the parameters that are common for all the variants (i/d/id).
+# Can be overridden on individual basis, e.g.
+#<argon2i iterations="4">
+#<argon2d memory="131074"
+#<argon2id iterations="5" memory="262144" length="64" saltlength="32">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Auditorium module: Adds channel mode +u which makes everyone else
# except you in the channel invisible, used for large meetings etc.
# For example +w o:*!Attila@127.0.0.1 will op anyone matching that mask
# on join. This can be combined with extbans, for example +w o:R:Brain
# will op anyone identified to the account "Brain".
-# Another useful combination is with SSL client certificate
+# Another useful combination is with TLS (SSL) client certificate
# fingerprints: +w h:z:72db600734bb9546c1bdd02377bc21d2a9690d48 will
# give halfop to the user(s) having the given certificate.
#<module name="autoop">
# This module is oper-only and provides /CBAN.
# To use, CBAN must be in one of your oper class blocks.
#<module name="cban">
+# CBAN does not allow glob channelmasks by default for compatibility
+# reasons. You can enable glob support by uncommenting the next line.
+#<cban glob="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Censor module: Adds channel and user mode +G which block phrases that
# message to the server on connection. For more details please read the
# IRCv3 WebIRC specification at: https://ircv3.net/specs/extensions/webirc.html
#
-# When using this method you must specify a wildcard mask or CIDR range
-# to allow gateway connections from and at least one of either a SSL
-# client certificate fingerprint for the gateway or a password to be
-# sent in the WEBIRC command.
+# When using this method you must specify one or more wildcard masks
+# or CIDR ranges to allow gateway connections from and at least one of
+# either a TLS (SSL) client certificate fingerprint for the gateway or
+# a password to be sent in the WEBIRC command.
#
# <cgihost type="webirc"
# fingerprint="bd90547b59c1942b85f382bc059318f4c6ca54c5"
-# mask="192.0.2.0/24">
+# mask="192.0.2.0/24 198.51.100.*">
# <cgihost type="webirc"
# password="$2a$10$WEUpX9GweJiEF1WxBDSkeODBstIBMlVPweQTG9cKM8/Vd58BeM5cW"
# hash="bcrypt"
# address in the ident sent by the user. This is not recommended as it
# only works with IPv4 connections.
#
-# When using this method you must specify a wildcard mask or CIDR range to allow
-# gateway connections from. You can also optionally configure the static value
-# that replaces the IP in the ident to avoid leaking the real IP address of
-# gateway clients (defaults to "gateway" if not set).
+# When using this method you must specify one or more wildcard masks
+# or CIDR ranges to allow gateway connections from. You can also
+# optionally configure the static value that replaces the IP in the
+# ident to avoid leaking the real IP address of gateway clients
+# (defaults to "gateway" if not set).
#
# <cgihost type="ident"
-# mask="198.51.100.0/24"
+# mask="198.51.100.0/24 203.0.113.*"
# newident="wibble">
# <cgihost type="ident"
# mask="*.ident.gateway.example.com"
# the current topic of conversation is when joining the channel.
#<module name="chanhistory">
#
-# Set the maximum number of lines allowed to be stored per channel below.
-# This is the hard limit for 'X'.
-# If notice is set to yes, joining users will get a NOTICE before playback
-# telling them about the following lines being the pre-join history.
-# If bots is set to yes, it will also send to users marked with +B
-#<chanhistory maxlines="50" notice="yes" bots="yes">
+#-#-#-#-#-#-#-#-#-#-#- CHANHISTORY CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+# #
+# bots - Whether to send channel history to bots. Defaults to yes. #
+# #
+# enableumode - Whether to enable the +N user mode which allows users #
+# to opt-out of receiving channel history. Defaults to #
+# no. #
+# #
+# maxlines - The maximum number of lines of chat history to send to a #
+# joining users. Defaults to 50. #
+# #
+# prefixmsg - Whether to send an explanatory message to clients that #
+# don't support the chathistory batch type. Defaults to #
+# yes. #
+# #
+#<chanhistory bots="yes"
+# enableumode="yes"
+# maxlines="50"
+# prefixmsg="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Channel logging module: Used to send snotice output to channels, to
# To use, CLONES must be in one of your oper class blocks.
#<module name="clones">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Codepage module: Allows using a custom 8-bit codepage for nicknames
+# and case mapping.
+#<module name="codepage">
+#
+# You should include one of the following files to set your codepage:
+#<include file="examples/codepages/ascii.conf.example">
+#<include file="examples/codepages/iso-8859-1.conf.example">
+#<include file="examples/codepages/iso-8859-2.conf.example">
+#<include file="examples/codepages/rfc1459.conf.example">
+#<include file="examples/codepages/strict-rfc1459.conf.example">
+#
+# You can also define a custom codepage. For details on how to do this
+# please refer to the docs site:
+# https://docs.inspircd.org/3/modules/codepage
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Common channels module: Adds user mode +c, which, when set, requires
# that users must share a common channel with you to PRIVMSG or NOTICE
# killonbadreply - Whether to kill the user if they send the wrong #
# PONG reply. #
# #
-#<waitpong sendsnotice="yes" killonbadreply="yes">
+#<waitpong sendsnotice="no" killonbadreply="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Channel cycle module: Adds the /CYCLE command which is a server-side
# the throttling when the server just booted.
#
#<connflood period="30" maxconns="3" timeout="30"
-# quitmsg="Throttled" bootwait="10">
+# quitmsg="Throttled" bootwait="2m">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Custom prefixes: Allows for channel prefixes to be configured.
#<module name="dnsbl">
# #
# For configuration options please see the docs page for dnsbl at #
-# https://docs.inspircd.org/3/modules/dnsbl #
+# https://docs.inspircd.org/3/modules/dnsbl. You can also use one or #
+# more of the following example configs for popular DNSBLs: #
+# #
+# DroneBL (https://dronebl.org) #
+#<include file="examples/providers/dronebl.conf.example">
+# #
+# EFnet RBL (https://rbl.efnetrbl.org) #
+#<include file="examples/providers/efnet-rbl.conf.example">
+# #
+# dan.me.uk Tor exit node DNSBL (https://www.dan.me.uk/dnsbl) #
+#<include file="examples/providers/torexit.conf.example">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Exempt channel operators module: Provides support for allowing #
# See <options:exemptchanops> in inspircd.conf.example for a more #
# detailed list of the restriction modes that can be exempted. #
# These are settable using: /MODE #chan +X <restriction>:<status> #
+# Furthermore, the exemptions configured in <options:exemptchanops> #
+# can also be negated by using: /MODE #chan +X <restriction>:* #
#<module name="exemptchanops">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# tre - TRE regexps, provided via regex_tre, requires libtre. #
# posix - POSIX regexps, provided via regex_posix, not available #
# on Windows, no dependencies on other operating systems. #
-# stdlib - stdlib regexps, provided via regex_stdlib, see comment #
-# at the <module> tag for info on availability. #
+# stdregex - stdlib regexps, provided via regex_stdlib, see comment #
+# at the <module> tag for info on availability. #
# #
# If notifyuser is set to no, the user will not be notified when #
# their message is blocked. #
# other modules that need it using the libMaxMindDB library. #
# #
# This module is in extras. Re-run configure with: #
-# ./configure --enable-extras=m_geo_maxmind.cpp
+# ./configure --enable-extras geo_maxmind
# and run make install, then uncomment this module to enable it. #
# #
# This module requires libMaxMindDB to be installed on your system. #
#<module name="hidechans">
#
# This mode can optionally prevent opers from seeing channels on a +I
-# user, for more privacy if set to true.
+# user, for more privacy if set to yes.
# This setting is not recommended for most mainstream networks.
-#<hidechans affectsopers="false">
+#<hidechans affectsopers="no">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Hide list module: Allows for hiding the list of listmodes from users
# a <bind> tag with type "httpd", and load at least one of the other
# httpd_* modules to provide pages to display.
# <bind address="127.0.0.1" port="8067" type="httpd">
-# <bind address="127.0.0.1" port="8097" type="httpd" ssl="gnutls">
+# <bind address="127.0.0.1" port="8097" type="httpd" sslprofile="Clients">
#
# You can adjust the timeout for HTTP connections below. All HTTP
# connections will be closed after (roughly) this time period.
# the timeout for ident lookups here. If not defined, it will default #
# to 5 seconds. This is a non-blocking timeout which holds the user #
# in a 'connecting' state until the lookup is complete. #
-# prefixunqueried: If on, the idents of users being in a connect class#
-# with ident lookups disabled (i.e. <connect useident="off">) will be #
-# prefixed with a "~". If off, the ident of those users will not be #
-# prefixed. Default is off. #
+# prefixunqueried: If yes, the idents of users in a connect class #
+# with ident lookups disabled (i.e. <connect useident="no">) will be #
+# prefixed with a "~". If no, the ident of those users will not be #
+# prefixed. Default is no. #
#
#<ident timeout="5" prefixunqueried="no">
# The following block can be used to control which extensions are
# enabled. Note that extended-join can be incompatible with delayjoin
# and host cycling.
-#<ircv3 accountnotify="on" awaynotify="on" extendedjoin="on">
+#<ircv3 accountnotify="yes" awaynotify="yes" extendedjoin="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 account-tag module. Adds the 'account' tag which contains the
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 client-to-client tags module: Provides the message-tags IRCv3
-# extension which allows clients to add extra data to their messages.
+# extension which allows clients to add extra data to their messages.
# This is used to support new IRCv3 features such as replies and ids.
#<module name="ircv3_ctctags">
+#
+# If you want to only allow client tags that are intended for processing
+# by the server you can disable the following setting. Doing this is not
+# recommended though as it may break clients.
+#<ctctags allowclientonlytags="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 echo-message module: Provides the echo-message IRCv3
# another user into a channel. This respects <options:announceinvites>.
#<module name="ircv3_invitenotify">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# IRCv3 labeled-response module: Provides the labeled-response IRCv3
+# extension which allows server responses to be associated with the
+# client message which caused them to be sent.
+#<module name="ircv3_labeledresponse">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 message id module: Provides the msgid IRCv3 extension which
# adds a unique identifier to each message when the message-tags cap
#
# host - A glob match for the SNI hostname to apply this policy to.
# duration - The amount of time that the policy lasts for. Defaults to
-# approximately two months by default.
+# five minutes by default. You should raise this to a month
+# or two once you know that your config is valid.
# port - The port on which TLS connections to the server are being
# accepted. You MUST have a CA-verified certificate on this
# port. Self signed certificates are not acceptable.
# preload - Whether client developers can include your certificate in
# preload lists.
#
-# <sts host="*.example.com" duration="60d" port="6697" preload="yes">
+# <sts host="*.example.com" duration="5m" port="6697" preload="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Join flood module: Adds support for join flood protection +j X:Y.
# Closes the channel for N seconds if X users join in Y seconds.
#<module name="joinflood">
#
-# The number of seconds to close the channel for:
-#<joinflood duration="1m">
+# duration: The number of seconds to close a channel for when it is
+# being flooded with joins.
+#
+# bootwait: The number of seconds to disengage joinflood for after
+# a server boots. This allows users to reconnect without
+# being throttled by joinflood.
+#
+# splitwait: The number of seconds to disengage joinflood for after
+# a server splits. This allows users to reconnect without
+# being throttled by joinflood.
+#
+#<joinflood duration="1m"
+# bootwait="30s"
+# splitwait="30s">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Anti auto rejoin: Adds support for prevention of auto-rejoin (+J).
# LDAP module: Allows other SQL modules to access a LDAP database
# through a unified API.
# This modules is in extras. Re-run configure with:
-# ./configure --enable-extras=m_ldap.cpp
+# ./configure --enable-extras ldap
# and run make install, then uncomment this module to enable it.
#
#<module name="ldap">
# repeated to whitelist multiple CIDRs. #
# #
# ldaprequire allows further filtering on the LDAP user, by requiring #
-# certain LDAP attibutes to have a given value. It can be repeated, #
+# certain LDAP attributes to have a given value. It can be repeated, #
# in which case the list will act as an OR list, that is, the #
# authentication will succeed if any of the requirements in the list #
# is satisfied. #
# MySQL module: Allows other SQL modules to access MySQL databases
# through a unified API.
# This module is in extras. Re-run configure with:
-# ./configure --enable-extras=m_mysql.cpp
+# ./configure --enable-extras mysql
# and run make install, then uncomment this module to enable it.
#<module name="mysql">
#
#<module name="namedmodes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# NAMESX module: Provides support for the NAMESX extension which allows
-# clients to see all the prefixes set on a user without getting confused.
-# This is supported by mIRC, x-chat, klient, and maybe more.
+# NAMESX module: Provides support for the IRCv3 multi-prefix capability
+# and legacy NAMESX extension which allow clients to see all the prefix
+# modes set on a user.
#<module name="namesx">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# National characters module:
# 1) Allows using national characters in nicknames.
# 2) Allows using custom (national) casemapping over the network.
+#
+# This module is incredibly poorly written and documented. You should
+# probably use the codepage module instead for 8-bit codepages.
#<module name="nationalchars">
#
# file - Location of the file which contains casemapping rules. If this
# which allows up to X nick changes in Y seconds.
#<module name="nickflood">
#
-# The number of seconds to prevent nick changes for:
+# The time period to prevent nick changes for:
#<nickflood duration="1m">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#<module name="operlog">
#
# If the following option is on then all oper commands will be sent to
-# the snomask 'r'. The default is off.
-#<operlog tosnomask="off">
+# the snomask 'r'. The default is no.
+#<operlog tosnomask="no">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper prefixing module: Adds a channel prefix mode +y which is given
# #
# enableumode - If enabled, user mode +O is required for override. #
# #
-#<override noisy="yes" requirekey="no" enableumode="true">
+#<override noisy="yes" requirekey="no" enableumode="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper levels module: Gives each oper a level and prevents actions
# whenever +P is set, unset, or the topic/modes on a +P channel is changed.
# If you want to do this, set the filename below, and uncomment the include.
#
-# If 'listmodes' is true then all list modes (+b, +I, +e, +g...) will be
-# saved. Defaults to false.
+# If 'listmodes' is yes then all list modes (+b, +I, +e, +g...) will be
+# saved. Defaults to no.
#
# 'saveperiod' determines how often to check if the database needs to be
# saved to disk. Defaults to every five seconds.
#<permchanneldb filename="permchannels.conf"
-# listmodes="true"
+# listmodes="yes"
# saveperiod="5s">
-#<include file="permchannels.conf">
+#<include file="permchannels.conf" missingokay="yes">
#
# You may also create channels on startup by using the <permchannels> block.
#<permchannels channel="#opers" modes="isP" topic="Opers only.">
# PostgreSQL module: Allows other SQL modules to access PgSQL databases
# through a unified API.
# This module is in extras. Re-run configure with:
-# ./configure --enable-extras=m_pgsql.cpp
+# ./configure --enable-extras pgsql
# and run make install, then uncomment this module to enable it.
#<module name="pgsql">
#
# in the same way as /REMOVE.
#<module name="remove">
#
-# supportnokicks: If true, /REMOVE is not allowed on channels where the
-# nokicks (+Q) mode is set. Defaults to false.
+# supportnokicks: If yes, /REMOVE is not allowed on channels where the
+# nokicks (+Q) mode is set. Defaults to no.
# protectedrank: Members having this rank or above may not be /REMOVE'd
# by anyone. Set to 0 to disable this feature. Defaults to 50000.
-#<remove supportnokicks="true" protectedrank="50000">
+#<remove supportnokicks="yes" protectedrank="50000">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Repeat module: Allows to block, kick or ban upon similar messages
# less CPU usage. Increasing this beyond 512 doesn't have
# any effect, as the maximum length of a message on IRC
# cannot exceed that.
-#<repeat maxbacklog="20" maxdistance="50" maxlines="20" maxtime="0" size="512">
+# kickmessage - Kick message when * is specified
+#<repeat maxbacklog="20"
+# maxdistance="50"
+# maxlines="20"
+# maxtime="0s"
+# size="512"
+# kickmessage="Repeat flood">
#<module name="repeat">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SAMODE module: Adds the /SAMODE command which allows server operators
# to change modes on a channel without requiring them to have any
-# channel priviliges. Also allows changing user modes for any user.
+# channel privileges. Also allows changing user modes for any user.
# This module is oper-only.
# To use, SAMODE must be in one of your oper class blocks.
#<module name="samode">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SATOPIC module: Adds the /SATOPIC command which allows changing the
-# topic on a channel without requiring any channel priviliges.
+# topic on a channel without requiring any channel privileges.
# This module is oper-only.
# To use, SATOPIC must be in one of your oper class blocks.
#<module name="satopic">
# Layer via AUTHENTICATE. Note: You also need to have cap loaded
# for SASL to work.
#<module name="sasl">
-# Define the following to your services server name to improve security
-# by ensuring the SASL messages are only sent to the services server
-# and not to all connected servers. This prevents a rogue server from
-# capturing SASL messages and disables the SASL cap when services is
-# down.
-#<sasl target="services.mynetwork.com">
+
+# You must define <sasl:target> to the name of your services server so
+# that InspIRCd knows where to send SASL authentication messages and
+# when it should enable the SASL capability.
+# You can also define <sasl:requiressl> to require users to use TLS (SSL)
+# in order to be able to use SASL.
+#<sasl target="services.mynetwork.com"
+# requiressl="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Secure list module: Prevent /LIST in the first minute of connection,
# securelist blocking these sites from listing, define exception tags #
# as shown below: #
#<securehost exception="*@*.netsplit.de">
-#<securehost exception="*@*.ircdriven.com">
-#<securehost exception="*@*.ircs.me">
# #
-# Define the following variable to change how long a user must wait #
-# before issuing a LIST. If not defined, defaults to 60 seconds. #
+# exemptregistered - Whether the waiting period applies to users who #
+# are logged in to a services account. #
+# Defaults to no. #
+# #
+# showmsg - Whether to tell users that they need to wait for a while #
+# before they can use the /LIST command. #
+# Defaults to no. #
# #
-#<securelist waittime="1m"> #
+# waittime - The time period that a user must be connected for before #
+# they can use the /LIST command. #
+# Defaults to 1 minute. #
+# #
+#<securelist exemptregistered="yes"
+# showmsg="yes"
+# waittime="1m">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Servprotect module: Provides support for Austhex style +k /
# To use, SHUN must be in one of your oper class blocks.
#<module name="shun">
#
-# You may also configure which commands you wish a user to be able to
-# perform when shunned. It should be noted that if a shunned user
-# issues QUIT or PART then their message will be removed, as if they
-# did not issue one.
+# Configuration:
+#
+# affectopers: Whether server operators are exempt from shuns. This
+# option is deprecated; you should instead give exempt
+# server operators the servers/ignore-shun privilege.
+#
+# allowconnect: Whether to only apply shuns to users who are fully
+# connected to the server.
+#
+# allowtags: Whether to allow client tags to be attached to enabled
+# commands.
#
-# You can optionally let the user know that their command was blocked.
+# cleanedcommands: The commands that, if enabled, should be cleaned
+# of any message content if a shunned user tries to
+# execute them.
#
-# You may also let SHUN affect opers (defaults to no).
-#<shun enabledcommands="ADMIN PING PONG QUIT PART JOIN" notifyuser="yes" affectopers="no">
+# enabledcommands: The commands that a shunned user is allowed to
+# execute.
+#
+# notifyuser: Whether to notify shunned users that a command they tried
+# to execute has been blocked.
+#
+#<shun enabledcommands="ADMIN OPER PING PONG QUIT PART JOIN"
+# cleanedcommands="AWAY PART QUIT"
+# affectopers="no"
+# allowconnect="no"
+# allowtags="no"
+# notifyuser="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SSL mode module: Adds support for SSL-only channels via the '+z'
-# channel mode, SSL-only private messages via the '+z' user mode and
-# the 'z:' extban which matches SSL client certificate fingerprints.
+# SSL mode module: Adds support for TLS (SSL)-only channels via the '+z'
+# channel mode, TLS (SSL)-only private messages via the '+z' user mode and
+# the 'z:' extban which matches TLS (SSL) client certificate fingerprints.
#
-# Does not do anything useful without a working SSL module and the
+# Does not do anything useful without a working TLS (SSL) module and the
# sslinfo module (see below).
#<module name="sslmodes">
#
#<sslmodes enableumode="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SSL rehash signal module: Allows the SSL modules to be rehashed by
+# SSL rehash signal module: Allows the TLS (SSL) modules to be rehashed by
# sending SIGUSR1 to a running InspIRCd process.
-# This modules is in extras. Re-run configure with:
-# ./configure --enable-extras=m_sslrehashsignal.cpp
+# This module is in extras. Re-run configure with:
+# ./configure --enable-extras sslrehashsignal
# and run make install, then uncomment this module to enable it.
#<module name="sslrehashsignal">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# GnuTLS SSL module: Adds support for SSL/TLS connections using GnuTLS,
+# GnuTLS SSL module: Adds support for TLS (SSL) connections using GnuTLS,
# if enabled. You must answer 'yes' in ./configure when asked or
# manually symlink the source for this module from the directory
# src/modules/extra, if you want to enable this, or it will not load.
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SSL info module: Allows users to retrieve information about other
-# users' peer SSL certificates and keys via the SSLINFO command.
+# users' peer TLS (SSL) certificates and keys via the SSLINFO command.
# This can be used by client scripts to validate users. For this to
# work, one of ssl_gnutls, ssl_mbedtls or ssl_openssl must be loaded.
# This module also adds the "<user> is using a secure connection"
-# and "<user> has client certificate fingerprint <fingerprint>"
-# WHOIS lines, the ability for opers to use SSL cert fingerprints to
-# verify their identity and the ability to force opers to use SSL
+# and "<user> has TLS (SSL) client certificate fingerprint <fingerprint>"
+# WHOIS lines, the ability for opers to use TLS (SSL) cert fingerprints to
+# verify their identity and the ability to force opers to use TLS (SSL)
# connections in order to oper up. It is highly recommended to load
-# this module if you use SSL on your network.
+# this module if you use TLS (SSL) on your network.
# For how to use the oper features, please see the first
# example <oper> tag in opers.conf.example.
#
#<module name="sslinfo">
#
-# If you want to prevent users from viewing SSL certificate information
+# If you want to prevent users from viewing TLS (SSL) certificate information
# and fingerprints of other users, set operonly to yes.
#<sslinfo operonly="no">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# mbedTLS SSL module: Adds support for SSL/TLS connections using mbedTLS.
+# mbedTLS TLS (SSL) module: Adds support for TLS (SSL) connections using mbedTLS.
#<module name="ssl_mbedtls">
#
#-#-#-#-#-#-#-#-#-#-#- MBEDTLS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
# https://docs.inspircd.org/3/modules/ssl_mbedtls #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# OpenSSL SSL module: Adds support for SSL/TLS connections using OpenSSL,
+# OpenSSL TLS (SSL) module: Adds support for TLS (SSL) connections using OpenSSL,
# if enabled. You must answer 'yes' in ./configure when asked or symlink
# the source for this module from the directory src/modules/extra, if
# you want to enable this, or it will not load.
# SQLite3 module: Allows other SQL modules to access SQLite3 #
# databases through a unified API. #
# This module is in extras. Re-run configure with: #
-# ./configure --enable-extras=m_sqlite3.cpp
+# ./configure --enable-extras sqlite3
# and run make install, then uncomment this module to enable it. #
#
#<module name="sqlite3">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# StartTLS module: Implements STARTTLS, which allows clients #
-# connected to non SSL enabled ports to enable SSL, if a proper SSL #
-# module is loaded (either ssl_gnutls, ssl_mbedtls or ssl_openssl). #
+# connected to non TLS (SSL) enabled ports to enable TLS (SSL), if #
+# a proper TLS (SSL) module is loaded (either ssl_gnutls, #
+# ssl_mbedtls or ssl_openssl). #
#<module name="starttls">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#<module name="svshold">
# SVSHOLD does not generate server notices by default, you can turn
# notices on by uncommenting the next line.
-#<svshold silent="false">
+#<svshold silent="no">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SWHOIS module: Allows you to add arbitrary lines to user WHOIS.
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Timed bans module: Adds timed channel bans with the /TBAN command.
#<module name="timedbans">
+# By default, it sends a notice to channel operators when timed ban is
+# set and when it is removed by server.
+#<timedbans sendnotice="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Test line module: Adds the /TLINE command, used to test how many
#<module name="topiclock">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# UHNAMES support module: Adds support for the IRCX style UHNAMES
-# extension, which displays ident and hostname in the names list for
-# each user, saving clients from doing a WHO on the channel.
-# If a client does not support UHNAMES it will not enable it, this will
-# not break incompatible clients.
+# UHNAMES support module: Adds support for the IRCv3 userhost-in-names
+# capability and legacy UHNAMES extension which display the ident and
+# hostname of users in the NAMES list.
#<module name="uhnames">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#<module name="watch">
#
# Set the maximum number of entries on a user's watch list below.
-#<watch maxentries="32">
+#<watch maxwatch="32">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# WebSocket module: Adds HTML5 WebSocket support.
# Specify hook="websocket" in a <bind> tag to make that port accept
-# WebSocket connections. Compatible with SSL/TLS.
+# WebSocket connections. Compatible with TLS (SSL).
# Requires SHA-1 hash support available in the sha1 module.
#<module name="websocket">
#
-# Whether to re-encode messages as UTF-8 before sending to WebSocket
-# clients. This is recommended as the WebSocket protocol requires all
-# text frames to be sent as UTF-8. If you do not have this enabled
-# messages will be sent as binary frames instead.
-#<websocket sendastext="yes">
+# proxyranges: A space-delimited list of glob or CIDR matches to trust
+# the X-Real-IP or X-Forwarded-For headers from. If enabled
+# the server will use the IP address specified by those HTTP
+# headers. You should NOT enable this unless you are using
+# a HTTP proxy like nginx as it will allow IP spoofing.
+# sendastext: Whether to re-encode messages as UTF-8 before sending to
+# WebSocket clients. This is recommended as the WebSocket
+# protocol requires all text frames to be sent as UTF-8.
+# If you do not have this enabled messages will be sent as
+# binary frames instead.
+#<websocket proxyranges="192.0.2.0/24 198.51.100.*"
+# sendastext="yes">
#
# If you use the websocket module you MUST specify one or more origins
# which are allowed to connect to the server. You should set this as
projects / user / henk / code / inspircd.git / blobdiff