X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=docs%2Fconf%2Finspircd.conf.example;h=890c9cc4cbf61684d36ffdb969b5325e46af01cd;hb=4047a143fc1d16350db70c94b9ea77d79de05714;hp=bd4629ecae7083511feb772039f3e521de737e88;hpb=a84ac5c11226c6e339bd0daafcb047e2fabba464;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/docs/conf/inspircd.conf.example b/docs/conf/inspircd.conf.example index bd4629eca..890c9cc4c 100644 --- a/docs/conf/inspircd.conf.example +++ b/docs/conf/inspircd.conf.example @@ -34,6 +34,15 @@ # # ######################################################################## +#-#-#-#-#-#-#-#-#-# CONFIGURATION FORMAT #-#-#-#-#-#-#-#-#-#-#-#-#-#- +# # +# In order to maintain compatibility with older configuration files, # +# you can change the configuration parser to parse as it did in # +# previous releases. When using the "compat" format, you need to use # +# C++ escape sequences (e.g. \n) instead of XML ones (e.g. &nl;) and # +# can not use to create macros. # +# + #-#-#-#-#-#-#-#-#-# INCLUDE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#-# # # # This optional tag allows you to include another config file # @@ -53,7 +62,7 @@ # # # # # Executable include example: # -# +# # # @@ -65,11 +74,6 @@ # # # Variables may be redefined and may reference other variables. # # Value expansion happens at the time the tag is read. # -# # -# Using variable definitions REQUIRES that the config format be # -# changed to "xml" from the default "compat" that uses escape # -# sequences such as "\"" and "\n", and does not support # - @@ -81,7 +85,7 @@ @@ -128,7 +131,7 @@ # |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # # # # If you want to link servers to InspIRCd you must load the # -# m_spanningtree.so module! Please see the modules list for # +# spanningtree module! Please see the modules list for # # information on how to load this module! If you do not load this # # module, server ports will NOT work! # @@ -148,50 +151,59 @@ # to this bind section. type="clients" - # ssl: If you want this bind section to use SSL, define either - # gnutls or openssl here. The appropriate SSL modules must be loaded - # for ssl to work. If you do not want this bind section to support ssl, - # just remove or comment out this option. + # ssl: If you want the port(s) in this bind tag to use SSL, set this to + # the name of a custom tag that you have defined or one + # of "openssl", "gnutls", "mbedtls" if you have not defined any. See the + # wiki page for the SSL module you are using for more details. + # + # You will need to load the ssl_openssl module for OpenSSL, ssl_gnutls + # for GnuTLS and ssl_mbedtls for mbedTLS. ssl="gnutls" + + # defer: When this is non-zero, connections will not be handed over to + # the daemon from the operating system before data is ready. + # In Linux, the value indicates the time period we'll wait for a + # connection to come up with data. Don't set it too low! + # In BSD the value is ignored; only zero and non-zero is possible. + # Windows ignores this parameter completely. + # Note: This does not take effect on rehash. + # To change it on a running bind, you'll have to comment it out, + # rehash, comment it in and rehash again. + defer="0" + + # free: When this is enabled the listener will be created regardless of + # whether the interface that provides the bind address is available. This + # is useful for if you are starting InspIRCd on boot when the server may + # not have brought the network interfaces up yet. + free="no" > -# When linking servers, the OpenSSL and GnuTLS implementations are completely -# link-compatible and can be used alongside each other -# on each end of the link without any significant issues. -# Supported ssl types are: "openssl" and "gnutls". -# You must load, m_ssl_openssl for OpenSSL or m_ssl_gnutls for GnuTLS. - - - - +# Listener accepting HTML5 WebSocket connections. +# Requires the websocket module and SHA-1 hashing support (provided by the sha1 +# module). +# -#-#-#-#-#-#-#-#-#-#- DIE/RESTART CONFIGURATION -#-#-#-#-#-#-#-#-#-#- -# # -# You can configure the passwords here which you wish to use for # -# the /DIE and /RESTART commands. Only trusted IRCop's who will # -# need this ability should know the die and restart password. # -# # +# EXPERIMENTAL: Listener that binds on a UNIX endpoint instead of a TCP/IP endpoint: +# - - #hash="sha256" - - # diepass: Password for opers to use if they need to shutdown (die) - # a server. - diepass="" +# You can define a custom tag which defines the SSL configuration +# for this listener. See the wiki page for the SSL module you are using for +# more details. +# +# Alternatively, you can use one of the default SSL profiles which are created +# when you have not defined any: +# "openssl" (requires the ssl_openssl module) +# "gnutls" (requires the ssl_gnutls module) +# "mbedtls" (requires the ssl_mbedtls module) +# +# When linking servers, the OpenSSL, GnuTLS, and mbedTLS implementations are +# completely link-compatible and can be used alongside each other on each end +# of the link without any significant issues. - # restartpass: Password for opers to use if they need to restart - # a server. - restartpass=""> + + #-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# @@ -232,26 +244,29 @@ # you only want to adjust sendq and a password parent="main" - # allow: What IP addresses/hosts to allow for this block. + # allow: The IP address or hostname of clients that can use this + # class. You can specify either an exact match, a glob match, or + # a CIDR range here. allow="203.0.113.*" - # hash: what hash this password is hashed with. requires the module - # for selected hash (m_md5.so, m_sha256.so or m_ripemd160.so) be - # loaded and the password hashing module (m_password_hash.so) - # loaded. Options here are: "md5", "sha256" and "ripemd160". - # Optional, but recommended. Create hashed passwords with: - # /mkpasswd - #hash="sha256" + # hash: the hash function this password is hashed with. Requires the + # module for the selected function (bcrypt, md5, sha1, or sha256) and + # the password hashing module (password_hash) to be loaded. + # + # You may also use any of the above other than bcrypt prefixed with + # either "hmac-" or "pbkdf2-hmac-" (requires the pbkdf2 module). + # Create hashed passwords with: /mkpasswd + #hash="bcrypt" # password: Password to use for this block/user(s) password="secret" # maxchans: Maximum number of channels a user in this class - # be in at one time. This overrides every other maxchans setting. - #maxchans="30" + # be in at one time. + maxchans="20" - # timeout: How long (in seconds) the server will wait before - # disconnecting a user if they do not do anything on connect. + # timeout: How long the server will wait before disconnecting + # a user if they do not do anything on connect. # (Note, this is a client-side thing, if the client does not # send /nick, /user or /pass) timeout="10" @@ -262,29 +277,37 @@ # globalmax: Maximum global (network-wide) connections per IP (or CIDR mask, see below). globalmax="3" - # maxconnwarn: Enable warnings when localmax or globalmax is hit (defaults to on) + # maxconnwarn: Enable warnings when localmax or globalmax are reached (defaults to on) maxconnwarn="off" + # resolvehostnames: If disabled, no DNS lookups will be performed on connecting users + # in this class. This can save a lot of resources on very busy servers. + resolvehostnames="yes" + # usednsbl: Defines whether or not users in this class are subject to DNSBL. Default is yes. - # This setting only has effect when m_dnsbl is loaded. + # This setting only has effect when the dnsbl module is loaded. #usednsbl="yes" # useident: Defines if users in this class MUST respond to a ident query or not. useident="no" + # webirc: Restricts usage of this class to the specified WebIRC gateway. + # This setting only has effect when the cgiirc module is loaded. + #webirc="name" + # limit: How many users are allowed in this class limit="5000" # modes: Usermodes that are set on users in this block on connect. - # Enabling this option requires that the m_conn_umodes module be loaded. + # Enabling this option requires that the conn_umodes module be loaded. # This entry is highly recommended to use for/with IP Cloaking/masking. - # For the example to work, this also requires that the m_cloaking + # For the example to work, this also requires that the "cloaking" # module be loaded as well. modes="+x" # requireident, requiressl, requireaccount: require that users of this # block have a valid ident response, use SSL, or have authenticated. - # Requires m_ident, m_sslinfo, or m_services_account respectively. + # Requires ident, sslinfo, or the services_account module, respectively. requiressl="on" # NOTE: For requireaccount, you must complete the signon prior to full # connection. Currently, this is only possible by using SASL @@ -293,40 +316,47 @@ # Alternate MOTD file for this connect class. The contents of this file are # specified using or + # + # NOTE: the following escape sequences for IRC formatting characters can be + # used in your MOTD: + # Bold: \b + # Color: \c[,] + # Italic: \i + # Monospace: \m (not widely supported) + # Reset: \x + # Reverse: \r + # Strikethrough: \s (not widely supported) + # Underline: \u + # See https://defs.ircdocs.horse/info/formatting.html for more information + # on client support for formatting characters. motd="secretmotd" - # Allow color codes to be processed in the message of the day file. - # the following characters are valid color code escapes: - # \002 or \b = Bold - # \037 or \u = Underline - # \003 or \c = Color (with a code postfixed to this char) - # \017 or \x = Stop all color sequences - allowmotdcolors="false" - - # port: What port this user is allowed to connect on. (optional) - # The port MUST be set to listen in the bind blocks above. - port="6697"> + # port: What port range this user is allowed to connect on. (optional) + # The ports MUST be set to listen in the bind blocks above. + port="6697,9999"> @@ -394,7 +428,8 @@ # represented as 192.168.1.0/24). This means that abuse across an ISP # # is detected and curtailed much easier. Here is a good chart that # # shows how many IPs the different CIDRs correspond to: # -# http://en.wikipedia.org/wiki/CIDR#Prefix_aggregation # +# https://en.wikipedia.org/wiki/IPv4_subnetting_reference # +# https://en.wikipedia.org/wiki/IPv6_subnetting_reference # # # + # This file has all the information about server links and ulined servers. # You *MUST* edit it if you intend to link servers. - + #-#-#-#-#-#-#-#-#-#- MISCELLANEOUS CONFIGURATION -#-#-#-#-#-#-#-#-#-# # # @@ -424,23 +459,12 @@ # Files block - contains files whose contents are used by the ircd # # motd - displayed on connect and when a user executes /MOTD -# rules - displayed when the user executes /RULES # Modules can also define their own files - + # Example of an executable file include. Note this will be read on rehash, # not when the command is run. -# - -#-#-#-#-#-#-#-#-#-#-#-# MAXIMUM CHANNELS -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # - - +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-# DNS SERVER -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # If these values are not defined, InspIRCd uses the default DNS resolver @@ -450,13 +474,13 @@ # server: DNS server to use to attempt to resolve IP's to hostnames. # in most cases, you won't need to change this, as inspircd will # automatically detect the nameserver depending on /etc/resolv.conf - # (or, on windows, your set nameservers in the registry.) + # (or, on Windows, your set nameservers in the registry.) # Note that this must be an IP address and not a hostname, because # there is no resolver to resolve the name until this is defined! # # server="127.0.0.1" - # timeout: seconds to wait to try to resolve DNS/hostname. + # timeout: time to wait to try to resolve DNS/hostname. timeout="5"> # An example of using an IPv6 nameserver @@ -474,47 +498,27 @@ # -#-#-#-#-#-#-#-#-#-#-#-#-#- BANLIST LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-#-# +#-#-#-#-#-#-#-#-#-#-#-#-#- LIST MODE LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-# # # -# Use these tags to customise the ban limits on a per channel basis. # -# The tags are read from top to bottom, and any tag found which # -# matches the channels name applies the banlimit to that channel. # +# The tag is used customise the maximum number of each list # +# mode that can be set on a channel. # +# The tags are read from top to bottom and the list mode limit from # +# the first tag found which matches the channel name and mode type is # +# applied to that channel. # # It is advisable to put an entry with the channel as '*' at the # -# bottom of the list. If none are specified or no maxbans tag is # -# matched, the banlist size defaults to 64 entries. # +# bottom of the list. If none are specified or no maxlist tag is # +# matched, the banlist size defaults to 100 entries. # # # - - - -#-#-#-#-#-#-#-#-#-#-#- DISABLED FEATURES -#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# This tag is optional, and specifies one or more features which are # -# not available to non-operators. # -# # -# For example you may wish to disable NICK and prevent non-opers from # -# changing their nicknames. # -# Note that any disabled commands take effect only after the user has # -# 'registered' (e.g. after the initial USER/NICK/PASS on connection) # -# so for example disabling NICK will not cripple your network. # -# # -# You can also define if you want to disable any channelmodes # -# or usermodes from your users. # -# # -# `fakenonexistant' will make the ircd pretend that nonexistant # -# commands simply don't exist to non-opers ("no such command"). # -# # -# - - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- RTFM LINE -#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# Just remove this... Its here to make you read ALL of the config # -# file options ;) # - - +# Allows #largechan to have up to 200 ban entries. +# +# Allows #largechan to have up to 200 ban exception entries. +# +# Allows all channels and list modes not previously matched to have +# up to 100 entries. + #-#-#-#-#-#-#-#-#-#-#-#-#- SERVER OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# # # @@ -551,28 +555,26 @@ # the correct parameters are. syntaxhints="no" - # cyclehosts: If enabled, when a user gets a host set, it will cycle - # them in all their channels. If not, it will simply change their host - # without cycling them. - cyclehosts="yes" + # casemapping: This sets the case mapping method to be used by the + # server. This MUST be the same on all servers. Possible values are: + # "ascii" (recommended) + # "rfc1459" (default, required for linking to 2.0 servers) + # NOTE: if you are using the nationalchars module this setting will be + # ignored. You should use instead. + casemapping="ascii" # cyclehostsfromuser: If enabled, the source of the mode change for # cyclehosts will be the user who cycled. This can look nicer, but # triggers anti-takeover mechanisms of some obsolete bots. cyclehostsfromuser="no" - # ircumsgprefix: Use undernet-style message prefixing for NOTICE and - # PRIVMSG. If enabled, it will add users' prefix to the line, if not, - # it will just message the user normally. - ircumsgprefix="no" - # announcets: If set to yes, when the timestamp on a channel changes, all users # in the channel will be sent a NOTICE about it. announcets="yes" # allowmismatch: Setting this option to yes will allow servers to link even # if they don't have the same "optionally common" modules loaded. Setting this to - # yes may introduce some desyncs and weirdness. + # yes may introduce some desyncs and unwanted behaviour. allowmismatch="no" # defaultbind: Sets the default for tags without an address. Choices are @@ -584,24 +586,66 @@ # in the topic. If set to no, it will only show the nick of the topic setter. hostintopic="yes" - # pingwarning: If a server does not respond to a ping within x seconds, + # pingwarning: If a server does not respond to a ping within this period, # it will send a notice to opers with snomask +l informing that the server # is about to ping timeout. pingwarning="15" - # serverpingfreq: How often pings are sent between servers (in seconds). - serverpingfreq="60" + # serverpingfreq: How often pings are sent between servers. + serverpingfreq="1m" + + # splitwhois: Whether to split private/secret channels from normal channels + # in WHOIS responses. Possible values for this are: + # 'no' - list all channels together in the WHOIS response regardless of type. + # 'split' - split private/secret channels to a separate WHOIS response numeric. + # 'splitmsg' - the same as split but also send a message explaining the split. + splitwhois="no" # defaultmodes: What modes are set on a empty channel when a user # joins it and it is unregistered. - defaultmodes="nt" + defaultmodes="not" - # moronbanner: This is the text that is sent to a user when they are + # xlinemessage: This is the text that is sent to a user when they are # banned from the server. - moronbanner="You're banned! Email abuse@example.com with the ERROR line below for help." - - # exemptchanops: exemptions for channel access restrictions based on prefix. - exemptchanops="nonick:v flood:o" + xlinemessage="You're banned! Email irc@example.com with the ERROR line below for help." + + # allowzerolimit: If enabled then allow a limit of 0 to be set on channels. + # This is non-standard behaviour and should only be enabled if you need to + # link with servers running 2.0. Defaults to yes. + allowzerolimit="no" + + # exemptchanops: Allows users with with a status mode to be exempt + # from various channel restrictions. Possible restrictions are: + # - auditorium-see Permission required to see the full user list of + # a +u channel (requires the auditorium module). + # - auditorium-vis Permission required to be visible in a +u channel + # (requires the auditorium module). + # - blockcaps Channel mode +B - blocks messages with too many capital + # letters (requires the blockcaps module). + # - blockcolor Channel mode +c - blocks messages with formatting codes + # (requires the blockcolor module). + # - censor Channel mode +G - censors messages based on the network + # configuration (requires the censor module). + # - filter Channel mode +g - blocks messages containing the given + # glob mask (requires the chanfilter module). + # - flood Channel mode +f - kicks (and bans) on text flood of a + # specified rate (requires the messageflood module). + # - nickflood Channel mode +F - blocks nick changes after a specified + # rate (requires the nickflood module). + # - noctcp Channel mode +C - blocks any CTCPs to the channel + # (requires the noctcp module). + # - nonick Channel mode +N - prevents users on the channel from + # changing nicks (requires the nonicks module). + # - nonotice Channel mode +T - blocks /NOTICEs to the channel + # (requires the nonotice module). + # - regmoderated Channel mode +M - blocks unregistered users from + # speaking (requires the services account module). + # - stripcolor Channel mode +S - strips formatting codes from + # messages (requires the stripcolor module). + # - topiclock Channel mode +t - limits changing the topic to (half)ops + # You can also configure this on a per-channel basis with a channel mode. + # See m_exemptchanops in modules.conf.example for more details. + exemptchanops="censor:o filter:o nickflood:o nonick:v regmoderated:o" # invitebypassmodes: This allows /invite to bypass other channel modes. # (Such as +k, +j, +l, etc.) @@ -609,12 +653,7 @@ # nosnoticestack: This prevents snotices from 'stacking' and giving you # the message saying '(last message repeated X times)'. Defaults to no. - nosnoticestack="no" - - # welcomenotice: When turned on, this sends a NOTICE to connecting users - # with the text Welcome to ! after successful registration. - # Defaults to yes. - welcomenotice="yes"> + nosnoticestack="no"> #-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-# @@ -628,34 +667,42 @@ # somaxconn: The maximum number of connections that may be waiting # in the accept queue. This is *NOT* the total maximum number of # connections per server. Some systems may only allow this to be up - # to 5, while others (such as linux and *BSD) default to 128. + # to 5, while others (such as Linux and *BSD) default to 128. + # Setting this above the limit imposed by your OS can have undesired + # effects. somaxconn="128" - # limitsomaxconn: By default, somaxconn (see above) is limited to a - # safe maximum value in the 2.0 branch for compatibility reasons. - # This setting can be used to disable this limit, forcing InspIRCd - # to use the value specified above. - limitsomaxconn="true" - # softlimit: This optional feature allows a defined softlimit for # connections. If defined, it sets a soft max connections value. softlimit="12800" + # clonesonconnect: If this is set to false, we won't check for clones + # on initial connection, but only after the DNS check is done. + # This can be useful where your main class is more restrictive + # than some other class a user can be assigned after DNS lookup is complete. + # Turning this option off will make the server spend more time on users we may + # potentially not want. Normally this should be neglible, though. + # Default value is true + clonesonconnect="true" + + # timeskipwarn: The time period that a server clock can jump by before + # operators will be warned that the server is having performance issues. + timeskipwarn="2s" + # quietbursts: When syncing or splitting from a network, a server # can generate a lot of connect and quit messages to opers with # +C and +Q snomasks. Setting this to yes squelches those messages, # which makes it easier for opers, but degrades the functionality of # bots like BOPM during netsplits. - quietbursts="yes" - - # nouserdns: If enabled, no DNS lookups will be performed on - # connecting users. This can save a lot of resources on very busy servers. - nouserdns="no"> + quietbursts="yes"> #-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# # #