# to successfully trigger. If they are not, then #
# the user receives a 'no such nick' 401 numeric. #
# #
+# stripcolor - If this is true, the text from the user will be #
+# stripped of color and format codes before #
+# matching against 'text'. #
+# #
# uline - Setting this to true will ensure that the user #
# given in 'requires' is also on a U-lined server, #
# as well as actually being on the network. If the #
#<module name="chanfilter">
#
# If hidemask is set to yes, the user will not be shown the mask when
-# his/her message is blocked.
+# their message is blocked.
#
# If maxlen is set then it defines the maximum length of a filter entry.
#
# If notifyuser is set to no, the user will not be notified when
-# his/her message is blocked.
+# their message is blocked.
#<chanfilter hidemask="yes" maxlen="50" notifyuser="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#<cloak mode="half"
# key="changeme"
# domainparts="3"
-# prefix="net-">
+# prefix="net-"
+# ignorecase="no">
#
#<cloak mode="full"
# key="changeme"
-# prefix="net-">
+# prefix="net-"
+# ignorecase="no">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Clones module: Adds an oper command /CLONES for detecting cloned
# bootwait - Amount of time in seconds to wait before enforcing
# the throttling when the server just booted.
#
-#<connflood seconds="30" maxconns="3" timeout="30"
-# quitmsg="Throttled" bootwait="10">
+#<connflood period="30" maxconns="3" timeout="30"
+# quitmsg="Throttled" bootwait="2m">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Custom prefixes: Allows for channel prefixes to be configured.
# You can also override the configuration of prefix modes added by both the core
# and other modules by adding a customprefix tag with change="yes" specified.
# <customprefix name="op" change="yes" rank="30000" ranktoset="30000">
-# <customprefix name="voice" change="yes" rank="10000" ranktoset="10000" depriv="no">
+# <customprefix name="voice" change="yes" rank="10000" ranktoset="20000" depriv="no">
#
# Do /RELOADMODULE customprefix after changing the settings of this module.
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Exempt channel operators module: Provides support for allowing #
# users of a specified channel status to be exempt from some channel #
-# restriction modes. Supported restrictions are #
-# blockcaps, blockcolor, censor, filter, flood, nickflood, noctcp, #
-# nonick, nonotice, regmoderated, stripcolor, and topiclock. #
+# restriction modes. Supported restrictions are: #
+# anticaps, auditorium-see, auditorium-vis, blockcaps, blockcolor, #
+# censor, filter, flood, nickflood, noctcp, nonick, nonotice, #
+# regmoderated, stripcolor, and topiclock. #
# See <options:exemptchanops> in inspircd.conf.example for a more #
# detailed list of the restriction modes that can be exempted. #
# These are settable using: /MODE #chan +X <restriction>:<status> #
# at the <module> tag for info on availability. #
# #
# If notifyuser is set to no, the user will not be notified when #
-# his/her message is blocked. #
-#<filteropts engine="glob" notifyuser="yes">
+# their message is blocked. #
+# #
+# If warnonselfmsg is set to yes when a user sends a message to #
+# themself that matches a filter the filter will be ignored and a #
+# warning will be sent to opers instead. This stops spambots which #
+# send their spam message to themselves first to check if it is being #
+# filtered by the server. #
+#<filteropts engine="glob" notifyuser="yes" warnonselfmsg="no">
# #
# Your choice of regex engine must match on all servers network-wide. #
# #
# another user into a channel. This respects <options:announceinvites>.
#<module name="ircv3_invitenotify">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# IRCv3 message id module: Provides the msgid IRCv3 extension which
+# adds a unique identifier to each message when the message-tags cap
+# has been requested. This enables support for modern features such as
+# reactions and replies.
+#<module name="ircv3_msgid">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 server-time module. Adds the 'time' tag which adds a timestamp
# to all messages received from the server.
# Message flood module: Adds message/notice flood protection via
# channel mode +f.
#<module name="messageflood">
+#
+# The weight to give each message type. TAGMSGs are considered to be
+# 1/5 of a NOTICE or PRIVMSG to avoid users being accidentally flooded
+# out of a channel by automatic client features such as typing
+# notifications.
+#<messageflood notice="1.0" privmsg="1.0" tagmsg="0.2">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# MLOCK module: Adds support for server-side enforcement of services
#
# If 'listmodes' is true then all list modes (+b, +I, +e, +g...) will be
# saved. Defaults to false.
-#<permchanneldb filename="permchannels.conf" listmodes="true">
+#
+# 'saveperiod' determines how often to check if the database needs to be
+# saved to disk. Defaults to every five seconds.
+#<permchanneldb filename="permchannels.conf"
+# listmodes="true"
+# saveperiod="5s">
#<include file="permchannels.conf">
#
# You may also create channels on startup by using the <permchannels> block.
#<module name="muteban">
#
# If notifyuser is set to no, the user will not be notified when
-# his/her message is blocked.
+# their message is blocked.
#<muteban notifyuser="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#<module name="sslrehashsignal">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# GnuTLS SSL module: Adds support for SSL connections using GnuTLS,
+# GnuTLS SSL module: Adds support for SSL/TLS connections using GnuTLS,
# if enabled. You must answer 'yes' in ./configure when asked or
# manually symlink the source for this module from the directory
# src/modules/extra, if you want to enable this, or it will not load.
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SSL info module: Allows users to retrieve information about other
-# users' peer SSL certificates and keys. This can be used by client
-# scripts to validate users. For this to work, one of ssl_gnutls
-# or ssl_openssl must be loaded. This module also adds the
-# "* <user> is using a secure connection" whois line, the ability for
-# opers to use SSL cert fingerprints to verify their identity and the
-# ability to force opers to use SSL connections in order to oper up.
-# It is highly recommended to load this module if you use SSL on your
-# network.
-# For how to use the oper features, please see the first example <oper> tag
-# in opers.conf.example.
+# users' peer SSL certificates and keys via the SSLINFO command.
+# This can be used by client scripts to validate users. For this to
+# work, one of ssl_gnutls, ssl_mbedtls or ssl_openssl must be loaded.
+# This module also adds the "<user> is using a secure connection"
+# and "<user> has client certificate fingerprint <fingerprint>"
+# WHOIS lines, the ability for opers to use SSL cert fingerprints to
+# verify their identity and the ability to force opers to use SSL
+# connections in order to oper up. It is highly recommended to load
+# this module if you use SSL on your network.
+# For how to use the oper features, please see the first
+# example <oper> tag in opers.conf.example.
#
#<module name="sslinfo">
+#
+# If you want to prevent users from viewing SSL certificate information
+# and fingerprints of other users, set operonly to yes.
+#<sslinfo operonly="no">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# mbedTLS SSL module: Adds support for SSL/TLS connections using mbedTLS.
#<module name="ssl_mbedtls">
+#
+#-#-#-#-#-#-#-#-#-#-#- MBEDTLS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# ssl_mbedtls is too complex to describe here, see the docs: #
+# https://docs.inspircd.org/3/modules/ssl_mbedtls #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# OpenSSL SSL module: Adds support for SSL connections using OpenSSL,
+# OpenSSL SSL module: Adds support for SSL/TLS connections using OpenSSL,
# if enabled. You must answer 'yes' in ./configure when asked or symlink
# the source for this module from the directory src/modules/extra, if
# you want to enable this, or it will not load.
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# StartTLS module: Implements STARTTLS, which allows clients #
# connected to non SSL enabled ports to enable SSL, if a proper SSL #
-# module is loaded (either ssl_gnutls or ssl_openssl). #
+# module is loaded (either ssl_gnutls, ssl_mbedtls or ssl_openssl). #
#<module name="starttls">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Requires SHA-1 hash support available in the sha1 module.
#<module name="websocket">
#
-# Whether to re-encode messages as UTF-8 before sending to WebSocket
-# clients. This is recommended as the WebSocket protocol requires all
-# text frames to be sent as UTF-8. If you do not have this enabled
-# messages will be sent as binary frames instead.
-#<websocket sendastext="yes">
+# behindproxy: Whether the server is behind a proxy that sends the
+# X-Real-IP or X-Forwarded-For headers. If enabled the
+# server will use the IP address specified by those HTTP
+# headers. You should NOT enable this unless you are using
+# a HTTP proxy like nginx as it will allow IP spoofing.
+# sendastext: Whether to re-encode messages as UTF-8 before sending to
+# WebSocket clients. This is recommended as the WebSocket
+# protocol requires all text frames to be sent as UTF-8.
+# If you do not have this enabled messages will be sent as
+# binary frames instead.
+#<websocket behindproxy="no"
+# sendastext="yes">
#
# If you use the websocket module you MUST specify one or more origins
# which are allowed to connect to the server. You should set this as
# strict as possible to prevent malicious webpages from connecting to
# your server.
-# <wsorigin allow="https://*.example.com/">
+# <wsorigin allow="https://*.example.com">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# X-line database: Stores all *-lines (G/Z/K/R/any added by other modules)
# be a lot less bans to apply - as most of them will already be there.
#<module name="xline_db">
-# Specify the filename for the xline database here.
-#<xlinedb filename="xline.db">
+# Specify the filename for the xline database and how often to check whether
+# the database needs to be saved here.
+#<xlinedb filename="xline.db" saveperiod="5s">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# ____ _ _____ _ _ ____ _ _ _ #
projects / user / henk / code / inspircd.git / blobdiff