X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=docs%2Fconf%2Finspircd.conf.example;h=9f4581fb3faf7f970c85b0c38347bed2993aff48;hb=8512726adf455358d2e467dcc79fc9913ccbcf6b;hp=254e6a35500a15a990559c0a8e4d668c754411da;hpb=f62654a6859998f9d63eb22702c572d5ebcff15c;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/docs/conf/inspircd.conf.example b/docs/conf/inspircd.conf.example index 254e6a355..9f4581fb3 100644 --- a/docs/conf/inspircd.conf.example +++ b/docs/conf/inspircd.conf.example @@ -62,7 +62,7 @@ # # # # # Executable include example: # -# +# # # @@ -85,7 +85,7 @@ @@ -132,7 +131,7 @@ # |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # # # # If you want to link servers to InspIRCd you must load the # -# m_spanningtree.so module! Please see the modules list for # +# spanningtree module! Please see the modules list for # # information on how to load this module! If you do not load this # # module, server ports will NOT work! # @@ -152,15 +151,18 @@ # to this bind section. type="clients" - # ssl: If you want the port(s) in this bind tag to use SSL, set this - # to either "gnutls" or "openssl". The appropriate SSL module must be - # loaded for SSL to work. If you do not want the port(s) in this bind - # tag to support SSL, just remove or comment out this option. + # ssl: If you want the port(s) in this bind tag to use SSL, set this to + # the name of a custom tag that you have defined or one + # of "openssl", "gnutls", "mbedtls" if you have not defined any. See the + # wiki page for the SSL module you are using for more details. + # + # You will need to load the ssl_openssl module for OpenSSL, ssl_gnutls + # for GnuTLS and ssl_mbedtls for mbedTLS. ssl="gnutls" # defer: When this is non-zero, connections will not be handed over to # the daemon from the operating system before data is ready. - # In Linux, the value indicates the number of seconds we'll wait for a + # In Linux, the value indicates the time period we'll wait for a # connection to come up with data. Don't set it too low! # In BSD the value is ignored; only zero and non-zero is possible. # Windows ignores this parameter completely. @@ -168,45 +170,40 @@ # To change it on a running bind, you'll have to comment it out, # rehash, comment it in and rehash again. defer="0" + + # free: When this is enabled the listener will be created regardless of + # whether the interface that provides the bind address is available. This + # is useful for if you are starting InspIRCd on boot when the server may + # not have brought the network interfaces up yet. + free="no" > -# When linking servers, the OpenSSL and GnuTLS implementations are completely -# link-compatible and can be used alongside each other -# on each end of the link without any significant issues. -# Supported SSL types are: "openssl" and "gnutls". -# You must load m_ssl_openssl for OpenSSL or m_ssl_gnutls for GnuTLS. - - - - - -#-#-#-#-#-#-#-#-#-#- DIE/RESTART CONFIGURATION -#-#-#-#-#-#-#-#-#-#- -# # -# You can configure the passwords here which you wish to use for # -# the /DIE and /RESTART commands. Only trusted IRCop's who will # -# need this ability should know the die and restart password. # -# # +# Listener accepting HTML5 WebSocket connections. +# Requires the websocket module and SHA-1 hashing support (provided by the sha1 +# module). +# - - #hash="sha256" +# EXPERIMENTAL: Listener that binds on a UNIX endpoint instead of a TCP/IP endpoint: +# - # diepass: Password for opers to use if they need to shutdown (die) - # a server. - diepass="" +# You can define a custom tag which defines the SSL configuration +# for this listener. See the wiki page for the SSL module you are using for +# more details. +# +# Alternatively, you can use one of the default SSL profiles which are created +# when you have not defined any: +# "openssl" (requires the ssl_openssl module) +# "gnutls" (requires the ssl_gnutls module) +# "mbedtls" (requires the ssl_mbedtls module) +# +# When linking servers, the OpenSSL, GnuTLS, and mbedTLS implementations are +# completely link-compatible and can be used alongside each other on each end +# of the link without any significant issues. - # restartpass: Password for opers to use if they need to restart - # a server. - restartpass=""> + + #-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# @@ -247,16 +244,19 @@ # you only want to adjust sendq and a password parent="main" - # allow: What IP addresses/hosts to allow for this block. + # allow: The IP address or hostname of clients that can use this + # class. You can specify either an exact match, a glob match, or + # a CIDR range here. allow="203.0.113.*" - # hash: what hash this password is hashed with. requires the module - # for selected hash (m_md5.so, m_sha256.so or m_ripemd160.so) be - # loaded and the password hashing module (m_password_hash.so) - # loaded. Options here are: "md5", "sha256" and "ripemd160". - # Optional, but recommended. Create hashed passwords with: - # /mkpasswd - #hash="sha256" + # hash: the hash function this password is hashed with. Requires the + # module for the selected function (bcrypt, md5, sha1, or sha256) and + # the password hashing module (password_hash) to be loaded. + # + # You may also use any of the above other than bcrypt prefixed with + # either "hmac-" or "pbkdf2-hmac-" (requires the pbkdf2 module). + # Create hashed passwords with: /mkpasswd + #hash="bcrypt" # password: Password to use for this block/user(s) password="secret" @@ -265,8 +265,8 @@ # be in at one time. maxchans="20" - # timeout: How long (in seconds) the server will wait before - # disconnecting a user if they do not do anything on connect. + # timeout: How long the server will wait before disconnecting + # a user if they do not do anything on connect. # (Note, this is a client-side thing, if the client does not # send /nick, /user or /pass) timeout="10" @@ -277,7 +277,7 @@ # globalmax: Maximum global (network-wide) connections per IP (or CIDR mask, see below). globalmax="3" - # maxconnwarn: Enable warnings when localmax or globalmax is hit (defaults to on) + # maxconnwarn: Enable warnings when localmax or globalmax are reached (defaults to on) maxconnwarn="off" # resolvehostnames: If disabled, no DNS lookups will be performed on connecting users @@ -285,25 +285,29 @@ resolvehostnames="yes" # usednsbl: Defines whether or not users in this class are subject to DNSBL. Default is yes. - # This setting only has effect when m_dnsbl is loaded. + # This setting only has effect when the dnsbl module is loaded. #usednsbl="yes" # useident: Defines if users in this class MUST respond to a ident query or not. useident="no" + # webirc: Restricts usage of this class to the specified WebIRC gateway. + # This setting only has effect when the cgiirc module is loaded. + #webirc="name" + # limit: How many users are allowed in this class limit="5000" # modes: Usermodes that are set on users in this block on connect. - # Enabling this option requires that the m_conn_umodes module be loaded. + # Enabling this option requires that the conn_umodes module be loaded. # This entry is highly recommended to use for/with IP Cloaking/masking. - # For the example to work, this also requires that the m_cloaking + # For the example to work, this also requires that the "cloaking" # module be loaded as well. modes="+x" # requireident, requiressl, requireaccount: require that users of this # block have a valid ident response, use SSL, or have authenticated. - # Requires m_ident, m_sslinfo, or m_services_account respectively. + # Requires ident, sslinfo, or the services_account module, respectively. requiressl="on" # NOTE: For requireaccount, you must complete the signon prior to full # connection. Currently, this is only possible by using SASL @@ -312,40 +316,46 @@ # Alternate MOTD file for this connect class. The contents of this file are # specified using or + # + # NOTE: the following escape sequences for IRC formatting characters can be + # used in your MOTD: + # Bold: \b + # Color: \c[,] + # Italic: \i + # Monospace: \m (not widely supported) + # Reset: \x + # Strikethrough: \s (not widely supported) + # Underline: \u + # See https://defs.ircdocs.horse/info/formatting.html for more information + # on client support for formatting characters. motd="secretmotd" - # Allow color codes to be processed in the message of the day file. - # the following characters are valid color code escapes: - # \002 or \b = Bold - # \037 or \u = Underline - # \003 or \c = Color (with a code postfixed to this char) - # \017 or \x = Stop all color sequences - allowmotdcolors="false" - - # port: What port this user is allowed to connect on. (optional) - # The port MUST be set to listen in the bind blocks above. - port="6697"> + # port: What port range this user is allowed to connect on. (optional) + # The ports MUST be set to listen in the bind blocks above. + port="6697,9999"> @@ -417,7 +427,8 @@ # represented as 192.168.1.0/24). This means that abuse across an ISP # # is detected and curtailed much easier. Here is a good chart that # # shows how many IPs the different CIDRs correspond to: # -# http://en.wikipedia.org/wiki/CIDR#Prefix_aggregation # +# https://en.wikipedia.org/wiki/IPv4_subnetting_reference # +# https://en.wikipedia.org/wiki/IPv6_subnetting_reference # # # +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-# DNS SERVER -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # If these values are not defined, InspIRCd uses the default DNS resolver @@ -468,7 +479,7 @@ # # server="127.0.0.1" - # timeout: seconds to wait to try to resolve DNS/hostname. + # timeout: time to wait to try to resolve DNS/hostname. timeout="5"> # An example of using an IPv6 nameserver @@ -493,11 +504,11 @@ # matches the channels name applies the banlimit to that channel. # # It is advisable to put an entry with the channel as '*' at the # # bottom of the list. If none are specified or no maxbans tag is # -# matched, the banlist size defaults to 64 entries. # +# matched, the banlist size defaults to 100 entries. # # # - - + + #-#-#-#-#-#-#-#-#-#-#- DISABLED FEATURES -#-#-#-#-#-#-#-#-#-#-#-#-#-# # # @@ -563,23 +574,26 @@ # the correct parameters are. syntaxhints="no" + # casemapping: This sets the case mapping method to be used by the + # server. This MUST be the same on all servers. Possible values are: + # "ascii" (recommended) + # "rfc1459" (default, required for linking to 2.0 servers) + # NOTE: if you are using the nationalchars module this setting will be + # ignored. You should use instead. + casemapping="ascii" + # cyclehostsfromuser: If enabled, the source of the mode change for # cyclehosts will be the user who cycled. This can look nicer, but # triggers anti-takeover mechanisms of some obsolete bots. cyclehostsfromuser="no" - # ircumsgprefix: Use undernet-style message prefixing for NOTICE and - # PRIVMSG. If enabled, it will add users' prefix to the line, if not, - # it will just message the user normally. - ircumsgprefix="no" - # announcets: If set to yes, when the timestamp on a channel changes, all users # in the channel will be sent a NOTICE about it. announcets="yes" # allowmismatch: Setting this option to yes will allow servers to link even # if they don't have the same "optionally common" modules loaded. Setting this to - # yes may introduce some desyncs and weirdness. + # yes may introduce some desyncs and unwanted behaviour. allowmismatch="no" # defaultbind: Sets the default for tags without an address. Choices are @@ -591,13 +605,20 @@ # in the topic. If set to no, it will only show the nick of the topic setter. hostintopic="yes" - # pingwarning: If a server does not respond to a ping within x seconds, + # pingwarning: If a server does not respond to a ping within this period, # it will send a notice to opers with snomask +l informing that the server # is about to ping timeout. pingwarning="15" - # serverpingfreq: How often pings are sent between servers (in seconds). - serverpingfreq="60" + # serverpingfreq: How often pings are sent between servers. + serverpingfreq="1m" + + # splitwhois: Whether to split private/secret channels from normal channels + # in WHOIS responses. Possible values for this are: + # 'no' - list all channels together in the WHOIS response regardless of type. + # 'split' - split private/secret channels to a separate WHOIS response numeric. + # 'splitmsg' - the same as split but also send a message explaining the split. + splitwhois="no" # defaultmodes: What modes are set on a empty channel when a user # joins it and it is unregistered. @@ -607,8 +628,43 @@ # banned from the server. xlinemessage="You're banned! Email irc@example.com with the ERROR line below for help." - # exemptchanops: exemptions for channel access restrictions based on prefix. - exemptchanops="nonick:v flood:o" + # allowzerolimit: If enabled then allow a limit of 0 to be set on channels. + # This is non-standard behaviour and should only be enabled if you need to + # link with servers running 2.0. Defaults to yes. + allowzerolimit="no" + + # exemptchanops: Allows users with with a status mode to be exempt + # from various channel restrictions. Possible restrictions are: + # - auditorium-see Permission required to see the full user list of + # a +u channel (requires the auditorium module). + # - auditorium-vis Permission required to be visible in a +u channel + # (requires the auditorium module). + # - blockcaps Channel mode +B - blocks messages with too many capital + # letters (requires the blockcaps module). + # - blockcolor Channel mode +c - blocks messages with formatting codes + # (requires the blockcolor module). + # - censor Channel mode +G - censors messages based on the network + # configuration (requires the censor module). + # - filter Channel mode +g - blocks messages containing the given + # glob mask (requires the chanfilter module). + # - flood Channel mode +f - kicks (and bans) on text flood of a + # specified rate (requires the messageflood module). + # - nickflood Channel mode +F - blocks nick changes after a specified + # rate (requires the nickflood module). + # - noctcp Channel mode +C - blocks any CTCPs to the channel + # (requires the noctcp module). + # - nonick Channel mode +N - prevents users on the channel from + # changing nicks (requires the nonicks module). + # - nonotice Channel mode +T - blocks /NOTICEs to the channel + # (requires the nonotice module). + # - regmoderated Channel mode +M - blocks unregistered users from + # speaking (requires the services account module). + # - stripcolor Channel mode +S - strips formatting codes from + # messages (requires the stripcolor module). + # - topiclock Channel mode +t - limits changing the topic to (half)ops + # You can also configure this on a per-channel basis with a channel mode. + # See m_exemptchanops in modules.conf.example for more details. + exemptchanops="censor:o filter:o nickflood:o nonick:v regmoderated:o" # invitebypassmodes: This allows /invite to bypass other channel modes. # (Such as +k, +j, +l, etc.) @@ -660,7 +716,7 @@