# enable SSL support, please read the module section #
# of this configuration file. #
# #
+# ssl - When using m_ssl_gnutls.so or m_ssl_openssl.so #
+# modules, you must define this value to use ssl on #
+# that port. valid values are 'gnutls' or 'openssl' #
+# respectively. If the module is not loaded, this #
+# setting is ignored. #
+# #
+# transport - If you have m_spanningtree.so loaded, along with #
+# either of the SSL modules (m_ssl_gnutls or #
+# m_ssl_openssl) or m_ziplinks.so, then you may make #
+# use of this value. #
+# setting it to 'openssl' or 'gnutls' or 'zip' #
+# indicates that the port should accept connections #
+# using the given transport name. Transports are #
+# layers which sit on top of a socket and change the #
+# way data is sent and received, e.g. encryption, #
+# compression, and other such things. Because this #
+# may not be limited in use to just encryption, #
+# the 'ssl' value used for client ports does not #
+# exist for servers, and this value is used instead. #
# ____ _ _____ _ _ ____ _ _ _ #
# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
# #
# Syntax is as follows: #
# #
-# <bind address="ip or host" port="port" type="clients"> #
-# <bind address="ip or host" port="port" type="servers"> #
+# <bind address="ip address" port="port" type="clients"> #
+# <bind address="ip address" port="port" type="servers"> #
# #
# If InspIRCd is built for IPV6, and you wish to accept IPV4 clients, #
# then you must specify your IPV6 clients in the following form: #
# default) then you do not need to prefix your addresses like this. #
# #
-<bind address="" port="6660-6669" type="clients">
+<bind address="" port="6000" type="clients">
+<bind address="" port="6660-6669" type="clients" ssl="gnutls">
+
+# When linking servers, the openssl and gnutls transports are largely
+# link-compatible and can be used alongside each other or either/or
+# on each end of the link without any significant issues.
+
<bind address="" port="7000,7001" type="servers">
+<bind address="1.2.3.4" port="7005" type="servers" transport="openssl">
#-#-#-#-#-#-#-#-#-#- DIE/RESTART CONFIGURATION -#-#-#-#-#-#-#-#-#-#-
# autoconnect - Sets the server to autoconnect. Where x is the num. #
# (optional) of seconds between attempts. e.g. 300 = 5 minutes. #
# #
-# encryptionkey - Encryption key to be used for AES encryption, where #
-# supported. Links using the spanning tree protocol #
-# support AES. The encryption key must be EXACTLY 8, #
-# 16 or 32 characters in length for a 64, 128 or 256 #
-# bit key, respectively. #
+# transport - If defined, this is a transport name implemented by #
+# another module. Transports are layers on top of #
+# plaintext connections, which alter them in certain #
+# ways. Currently the three supported transports are #
+# 'openssl' and 'gnutls' which are types of SSL #
+# encryption, and 'zip' which is for compression. #
+# If you define a transport, both ends of the #
+# connection must use a compatible transport for the #
+# link to succeed. OpenSSL and GnuTLS are link- #
+# compatible with each other. #
# #
# hidden - When using m_spanningtree.so for linking. you may #
# set this to 'yes', and if you do, the IP address/ #
# information on how to load this module! If you do not load this #
# module, server links will NOT work! #
# #
+# Also, if you define any transports, you must load the modules for #
+# these transports BEFORE you load m_spanningtree, e.g. place them #
+# above it in the configuration file. Currently this means the three #
+# modules m_ssl_gnutls, m_ziplinks and m_ssl_openssl, depending on #
+# which you choose to use. #
+# #
<link name="hub.penguin.org"
ipaddr="penguin.box.com"
autoconnect="300"
failover="hub.other.net"
timeout="15"
+ transport="gnutls"
sendpass="outgoing!password"
recvpass="incoming!password">
# opers. Please be aware that this will also hide #
# any leaf servers of a U-lined server, e.g. jupes. #
# #
-# tempdir - If defined, indicates a path where modules will be #
-# temporarily copied before loading. If not defined, #
-# defaults to /tmp. #
-# #
# nouserdns - If set to 'yes', 'true' or '1', no user dns #
# lookups will be performed for connecting users. #
# this can save a lot of resources on very busy irc #
# new TS values in the timestamp. If you think this #
# is just pointless noise, define the value to 0. #
# #
+# ircumsgprefix - Use undernet style message prefix for channel #
+# NOTICE and PRIVMSG adding the prefix to the line #
+# of text sent out. Eg. NOTICE @#test :@ testing #
+# vs off: NOTICE @#test :testing #
+#
# notimesync - If this value is 'yes', 'true', or '1', time #
# synchronization is disabled on this server. This #
# means any servers you are linked to will not #
nouserdns="no"
syntaxhints="no"
cyclehosts="yes"
+ ircumsgprefix="no"
announcets="yes"
notimesync="no"
allowhalfop="yes">
#
#<module name="m_spanningtree.so">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# MD5 Module - Allows other modules to generate MD5 hashes, usually for
+# cryptographic uses and security.
+#
+# IMPORTANT:
+# Other modules such as m_cloaking.so and m_opermd5.so may rely on
+# this module being loaded to function.
+#
+#<module name="m_md5.so">
+#
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# SHA256 Module - Allows other modules to generate SHA256 hashes,
+# usually for cryptographic uses and security.
+#
+# IMPORTANT:
+# Other modules such as m_opermd5.so may rely on this module being
+# loaded to function.
+#
+#<module name="m_sha256.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Alias module: Allows you to define server-side command aliases
#<module name="m_alias.so">
# commands to services, however they are not limited to just this use.#
# An alias tag requires the following values to be defined in it: #
# #
-# text - The text to detect at the start of the line, #
-# must be at the start of the line to trigger the #
-# alias. Cant contain spaces, but case insensitive #
+# text - The text to detect as the actual command line, #
+# Cant contain spaces, but case insensitive. #
+# You may have multiple aliases with the same #
+# command name (text="" value), however the first #
+# found will be executed if its format value is #
+# matched, or it has no format value. Aliases are #
+# read from the top of the file to the bottom. #
+# #
+# format - If this is defined, the parameters of the alias #
+# must match this glob pattern. For example if you #
+# want the first parameter to start with a # for #
+# the alias to be executed, set format="#*" in the #
+# alias definition. Note that the :'s which are #
+# part of IRC formatted lines will be preserved #
+# for matching of this text. This value is #
+# optional. #
+# #
# replace - The text to replace 'text' with. Usually this #
# will be "PRIVMSG ServiceName :$2-" or similar. #
# You may use the variables $1 through $9 in the #
# commands with \n. If you wish to use the ACTUAL #
# characters \ and n together in a line, you must #
# use the sequence "\\n". #
+# #
# requires - If you provide a value for 'requires' this means #
# the given nickname MUST be online for the alias #
# to successfully trigger. If they are not, then #
# the user receives a 'no such nick' 401 numeric. #
+# #
# uline - Defining this value with 'yes', 'true' or '1' #
# will ensure that the user given in 'requires' #
# must also be on a u-lined server, as well as #
# online, but not on a u-lined server, then an #
# oper-alert is sent out as this is possibly signs #
# of a user trying to impersonate a service. #
+# #
# operonly - Defining this value, with a value of 'yes', '1' #
# or true will make the alias oper only. If a non- #
# oper attempts to use the alias, it will appear #
#<alias text="NS" replace="PRIVMSG NickServ :$2-" requires="NickServ" uline="yes">
#<alias text="CS" replace="PRIVMSG ChanServ :$2-" requires="ChanServ" uline="yes">
#<alias text="OS" replace="PRIVMSG OperServ :$2-" requires="OperServ" uline="yes" operonly="yes">
-#<alias text="ID" replace="PRIVMSG NickServ :IDENTIFY $3" requires="NickServ" uline="yes">
+#
+# An example of using the format value to create an alias with two
+# different behaviours depending on the format of the parameters.
+#
+#<alias text="ID" format="#*" replace="PRIVMSG ChanServ :IDENTIFY $2 $3"
+# requires="ChanServ" uline="yes">
+#
+#<alias text="ID" replace="PRIVMSG NickServ :IDENTIFY $2"
+# requires="NickServ" uline="yes">
+#
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Alltime module: Shows time on all connected servers at once
-# #<module name="m_alltime.so">
+#<module name="m_alltime.so">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Antibear security module: Prevents 'bear.txt' based trojans from
#<module name="m_chgident.so">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Cloaking module: Adds usermode +x and cloaking support
+# Cloaking module: Adds usermode +x and cloaking support.
+# Relies on the module m_md5.so being loaded before m_cloaking.so in
+# the configuration file.
#<module name="m_cloaking.so">
#
#-#-#-#-#-#-#-#-#-#-#- CLOAKING CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
# #
-# Optional - If ypu specify the m_cloaking.so module as above, you #
+# Optional - If you specify the m_cloaking.so module as above, you #
# must define cloak keys, and optionally a cloak prefix as shown #
# below. When using cloaking, the cloak keys are MANDITORY and must #
# be included. However, if prefix is not included, it will default #
#
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Deaf module: adds support for ircu style usermode +d - deaf to
+# channel messages and channel notices.
+#<module name="m_deaf.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Deny Channels: Deny Channels from being used by users
#<module name="m_denychans.so">
# Oper channels mode: Adds the +O channel mode
#<module name="m_operchans.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Oper hash module: Allows hashed oper passwords
+# Relies on the module m_md5.so and/or m_sha256.so being loaded before
+# m_oper_hash.so in the configuration file.
+#<module name="m_oper_hash.so">
+#
+#-#-#-#-#-#-#-#-#-#-# OPER HASH CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
+#
+# To use this module, you must define a hash type for each oper's
+# password you want to hash. For example:
+#
+# <oper name="katsklaw"
+# host="ident@dialup15.isp.com"
+# hash="sha256"
+# password="a41d730937a53b79f788c0ab13e9e1d5"
+# type="NetAdmin">
+#
+# The types of hashing available vary depending on which hashing modules
+# you load, but usually if you load m_sha256.so and m_md5.so, both md5
+# and sha256 type hashing will be available (the most secure of which
+# is SHA256).
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper Join module: Forces opers to join a channel on oper-up
#<module name="m_operjoin.so">
# #
# If you are using the m_opermotd.so module, specify the motd here #
# #
-#<opermotd file="/path/to/oper.motd">
+#<opermotd file="oper.motd">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Override module: Adds support for oper override
# Specify the level as the 'level' parameter of the <type> tag
#<module name="m_operlevels.so">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Oper MD5 module: Allows MD5 hashed oper passwords
-#<module name="m_opermd5.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Oper SHA256 module: Allows SHA256 hashed oper passwords
-# This module is in src/modules/extra
-#<module name="m_opersha256.so">
-
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper modes module: Allows you to specify modes to add/remove on oper
# Specify the modes as the 'modes' parameter of the <type> tag
# Optional - If you specify to use the m_randquote.so module, then #
# specify below the path to the randquotes.conf file. #
# #
-#<randquote file="/path/to/inspircd/randquotes.conf">
+#<randquote file="randquotes.conf">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Redirect module: Adds channel redirection (mode +L)
# #
# m_ssl_gnutls.so is too complex it describe here, see the wiki: #
# http://www.inspircd.org/wiki/GnuTLS_SSL_Module #
+# #
+# NOTE: If you want to use this module to encrypt and sign your #
+# server to server traffic, you MUST load it before m_spanningtree in #
+# your configuration file! #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SSL Info module: Allows users to retrieve information about other
# #
# m_ssl_openssl.so is too complex it describe here, see the wiki: #
# http://www.inspircd.org/wiki/OpenSSL_SSL_Module #
+# #
+# NOTE: If you want to use this module to encrypt and sign your #
+# server to server traffic, you MUST load it before m_spanningtree in #
+# your configuration file! #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SSL Cert Oper module: Allows opers to oper up using the key fingerprint
# SILENCE module: Adds support for /SILENCE
#<module name="m_silence.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Extended SILENCE module: Adds support for /SILENCE with additional
+# features to silence based on invites, channel messages, etc.
+#<module name="m_silence_ext.so">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SQLutils module: Provides some utilities to SQL client modules, such
# as mapping queries to users and channels. You must copy the source
# maintain notify lists.
#<module name="m_watch.so">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# ZipLinks module: Adds support for zlib deflate on server to server
+# connections. Both ends of the connection must load this module.
+#
+#<module name="m_ziplink.so">
+#
+# To use this module, you must enable it as a transport type in your
+# <link> tags or <bind> tags using the transport name 'zip'.
+# See the documentation of <link> and <bind>, respectively.
+#
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#- BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# The ban tags define nick masks, host masks and ip ranges which are #
<exception host="*@ircop.host.com" reason="Opers hostname">
+#-#-#-#-#-#-#-#-#-#-#- INSANE BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# This optional tag allows you to specify how wide a gline, eline, #
+# kline, zline or qline can be before it is forbidden from being #
+# set. By setting hostmasks="yes", you can allow all G, K, E lines, #
+# no matter how many users the ban would cover. This is not #
+# recommended! By setting ipmasks="yes", you can allow all Z lines, #
+# no matter how many users these cover too. Needless to say we #
+# don't recommend you do this, or, set nickmasks="yes", which will #
+# allow any qline. #
+# #
+# The trigger value indicates how wide any mask will be before it is #
+# prevented from being set. The default value is 95.5% if this tag is #
+# not defined in your configuration file, meaning that if your #
+# network has 1000 users, a gline matching over 955 of them will be #
+# prevented from being added. #
+# #
+# Please note that remote servers (and services) are exempt from #
+# these restrictions and expected to enforce their own policies #
+# locally! #
+# #
+
+<insane hostmasks="no" ipmasks="no" nickmasks="no" trigger="95.5">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- YAWN -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# You should already know what to do here :) #