X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=docs%2Fconf%2Finspircd.conf.example;h=f07f21cdd0e4121a1a6a45393dcec45c6e058a03;hb=e0dc7691c4cff3a38bc12adf10b3709d8c4901ba;hp=713dc0cb886b4b3b2e5da08942a82e69dad7d967;hpb=a4c1b1f4fcfd9cd967bf326afbbada3d91f9da34;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/docs/conf/inspircd.conf.example b/docs/conf/inspircd.conf.example index 713dc0cb8..f07f21cdd 100644 --- a/docs/conf/inspircd.conf.example +++ b/docs/conf/inspircd.conf.example @@ -50,8 +50,7 @@ # file you include will be treated as part of the configuration file # # which includes it, in simple terms the inclusion is transparent. # # # -# All paths to config files are relative to the directory that the # -# process runs in. # +# All paths to config files are relative to the config directory. # # # # You may also include an executable file, in which case if you do so # # the output of the executable on the standard output will be added # @@ -59,6 +58,7 @@ # # # Syntax is as follows: # # # +# # # # # # # Executable include example: # @@ -121,20 +121,10 @@ #-#-#-#-#-#-#-#-#-#-#-#- PORT CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- # # -# Enter the port and address bindings here. # +# Configure the port and address bindings here. # # # -# # -# ____ _ _____ _ _ ____ _ _ _ # -# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # -# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # -# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # -# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # -# # -# If you want to link servers to InspIRCd you must load the # -# spanningtree module! Please see the modules list for # -# information on how to load this module! If you do not load this # -# module, server ports will NOT work! # +# TLS (SSL) listener that binds on a TCP/IP endpoint: tag that you have defined or one - # of "openssl", "gnutls", "mbedtls" if you have not defined any. See the - # wiki page for the SSL module you are using for more details. + # sslprofile: If you want the port(s) in this bind tag to use TLS (SSL), set this + # to the name of a custom tag that you have defined. See the + # docs page for the TLS (SSL) module you are using for more details: + # + # GnuTLS: https://docs.inspircd.org/3/modules/ssl_gnutls#sslprofile + # mbedTLS: https://docs.inspircd.org/3/modules/ssl_mbedtls#sslprofile + # OpenSSL: https://docs.inspircd.org/3/modules/ssl_openssl#sslprofile # # You will need to load the ssl_openssl module for OpenSSL, ssl_gnutls # for GnuTLS and ssl_mbedtls for mbedTLS. - ssl="gnutls" + sslprofile="Clients" # defer: When this is non-zero, connections will not be handed over to # the daemon from the operating system before data is ready. @@ -175,24 +168,49 @@ # whether the interface that provides the bind address is available. This # is useful for if you are starting InspIRCd on boot when the server may # not have brought the network interfaces up yet. - free="no" -> + free="no"> + +# Plaintext listener that binds on a TCP/IP endpoint: + + + +# Listener that binds on a UNIX endpoint (not supported on Windows): +# - # Listener accepting HTML5 WebSocket connections. # Requires the websocket module and SHA-1 hashing support (provided by the sha1 # module). # -# EXPERIMENTAL: Listener that binds on a UNIX endpoint instead of a TCP/IP endpoint: -# -# You can define a custom tag which defines the SSL configuration -# for this listener. See the wiki page for the SSL module you are using for +# You can define a custom tag which defines the TLS (SSL) configuration +# for these listeners. See the docs page for the TLS (SSL) module you are using for # more details. # -# Alternatively, you can use one of the default SSL profiles which are created +# Alternatively, you can use one of the default TLS (SSL) profiles which are created # when you have not defined any: # "openssl" (requires the ssl_openssl module) # "gnutls" (requires the ssl_gnutls module) @@ -202,9 +220,6 @@ # completely link-compatible and can be used alongside each other on each end # of the link without any significant issues. - - - #-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # @@ -216,23 +231,28 @@ # -- It is important to note that connect tags are read from the -- # # TOP DOWN. This means that you should have more specific deny # # and allow tags at the top, progressively more general, followed # -# by a (should you wish to have one). # # # # Connect blocks are searched twice for each user - once when the TCP # # connection is accepted, and once when the user completes their # # registration. Most of the information (hostname, ident response, # -# password, SSL when using STARTTLS, etc) is only available during # -# the second search, so if you are trying to make a closed server, # +# password, TLS (SSL) when using STARTTLS, etc) is only available # +# during the second search. If you are trying to make a closed server # # you will probably need a connect block just for user registration. # # This can be done by using # +# To enable IRCCloud on your network uncomment this: +# + +# A connect class with set denies connections from the specified host/IP range. + deny="3ffe::0/32" -# connect:reason is the message that users will see if they match a deny block - + # reason: The message that users will see if they match a deny block. + reason="The 6bone address space is deprecated"> +# A connect class with set allows c from the specified host/IP range. + # Create hashed passwords with: /MKPASSWD #hash="bcrypt" # password: Password to use for this block/user(s) password="secret" # maxchans: Maximum number of channels a user in this class - # be in at one time. + # can be in at one time. maxchans="20" # timeout: How long the server will wait before disconnecting # a user if they do not do anything on connect. # (Note, this is a client-side thing, if the client does not - # send /nick, /user or /pass) - timeout="10" + # send /NICK, /USER or /PASS) + timeout="20" # localmax: Maximum local connections per IP (or CIDR mask, see below). localmax="3" @@ -277,13 +297,21 @@ # globalmax: Maximum global (network-wide) connections per IP (or CIDR mask, see below). globalmax="3" - # maxconnwarn: Enable warnings when localmax or globalmax are reached (defaults to on) - maxconnwarn="off" + # maxconnwarn: Enable warnings when localmax or globalmax are reached (defaults to yes) + maxconnwarn="no" # resolvehostnames: If disabled, no DNS lookups will be performed on connecting users # in this class. This can save a lot of resources on very busy servers. resolvehostnames="yes" + # useconnectban: Defines if users in this class should be exempt from connectban limits. + # This setting only has effect when the connectban module is loaded. + #useconnectban="yes" + + # useconnflood: Defines if users in this class should be exempt from connflood limits. + # This setting only has effect when the connflood module is loaded. + #useconnflood="yes" + # usednsbl: Defines whether or not users in this class are subject to DNSBL. Default is yes. # This setting only has effect when the dnsbl module is loaded. #usednsbl="yes" @@ -291,6 +319,10 @@ # useident: Defines if users in this class MUST respond to a ident query or not. useident="no" + # usests: Whether a STS policy should be advertised to users in this class. + # This setting only has effect when the ircv3_sts module is loaded. + #usests="no" + # webirc: Restricts usage of this class to the specified WebIRC gateway. # This setting only has effect when the cgiirc module is loaded. #webirc="name" @@ -298,21 +330,31 @@ # limit: How many users are allowed in this class limit="5000" - # modes: Usermodes that are set on users in this block on connect. + # modes: User modes that are set on users in this block on connect. # Enabling this option requires that the conn_umodes module be loaded. - # This entry is highly recommended to use for/with IP Cloaking/masking. - # For the example to work, this also requires that the "cloaking" + # This entry is highly recommended to use for/with IP cloaking/masking. + # For the example to work, this also requires that the cloaking # module be loaded as well. modes="+x" - # requireident, requiressl, requireaccount: require that users of this - # block have a valid ident response, use SSL, or have authenticated. - # Requires ident, sslinfo, or the services_account module, respectively. - requiressl="on" - # NOTE: For requireaccount, you must complete the signon prior to full - # connection. Currently, this is only possible by using SASL - # authentication; passforward and PRIVMSG NickServ happen after - # your final connect block has been found. + # requireident: Require that users of this block have a valid ident response. + # Requires the ident module to be loaded. + #requireident="yes" + + # requiressl: Require that users of this block use a TLS (SSL) connection. + # This can also be set to "trusted", as to only accept client certificates + # issued by a certificate authority that you can configure in the + # settings of the TLS (SSL) module that you're using. + # Requires the sslinfo module to be loaded. + #requiressl="yes" + + # requireaccount: Require that users of this block have authenticated to a + # services account. + # NOTE: You must complete the signon prior to full connection. Currently, + # this is only possible by using SASL authentication; passforward + # and PRIVMSG NickServ happen after your final connect block has been found. + # Requires the services_account module to be loaded. + #requireaccount="yes" # Alternate MOTD file for this connect class. The contents of this file are # specified using <files secretmotd="filename"> or <execfiles ...> @@ -346,14 +388,14 @@ allow="*" # maxchans: Maximum number of channels a user in this class - # be in at one time. + # can be in at one time. maxchans="20" # timeout: How long the server will wait before disconnecting # a user if they do not do anything on connect. # (Note, this is a client-side thing, if the client does not - # send /nick, /user or /pass) - timeout="10" + # send /NICK, /USER or /PASS) + timeout="20" # pingfreq: How often the server tries to ping connecting clients. pingfreq="2m" @@ -367,11 +409,11 @@ # softsendq: amount of data in a client's send queue before the server # begins delaying their commands in order to allow the sendq to drain - softsendq="8192" + softsendq="10240" # recvq: amount of data allowed in a client's queue before they are dropped. - # Entering "8K" is equivalent to "8192", see above. - recvq="8K" + # Entering "10K" is equivalent to "10240", see above. + recvq="10K" # threshold: This specifies the amount of command penalty a user is allowed to have # before being quit or fakelagged due to flood. Normal commands have a penalty of 1, @@ -394,7 +436,7 @@ # immediately killing them; their commands are held in the recvq and processed later # as the user's command penalty drops. Note that if this is enabled, flooders will # quit with "RecvQ exceeded" rather than "Excess Flood". - fakelag="on" + fakelag="yes" # localmax: Maximum local connections per IP. localmax="3" @@ -409,17 +451,22 @@ # useident: Defines if users in this class must respond to a ident query or not. useident="no" + # usests: Whether a STS policy should be advertised to users in this class. + # This setting only has effect when the ircv3_sts module is loaded. + #usests="no" + # limit: How many users are allowed in this class limit="5000" - # modes: Usermodes that are set on users in this block on connect. + # modes: User modes that are set on users in this block on connect. # Enabling this option requires that the conn_umodes module be loaded. - # This entry is highly recommended to use for/with IP Cloaking/masking. + # This entry is highly recommended to use for/with IP cloaking/masking. # For the example to work, this also requires that the cloaking # module be loaded as well. modes="+x"> + #-#-#-#-#-#-#-#-#-#-#-#- CIDR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- # # # CIDR configuration allows detection of clones and applying of # @@ -447,11 +494,11 @@ # This file has all the information about oper classes, types and o:lines. # You *MUST* edit it. -<include file="examples/opers.conf.example"> +#<include file="examples/opers.conf.example"> # This file has all the information about server links and ulined servers. # You *MUST* edit it if you intend to link servers. -<include file="examples/links.conf.example"> +#<include file="examples/links.conf.example"> #-#-#-#-#-#-#-#-#-#- MISCELLANEOUS CONFIGURATION -#-#-#-#-#-#-#-#-#-# # # @@ -492,43 +539,33 @@ # rehash the ircd from the shell or to terminate the ircd from the # # shell using shell scripts, perl scripts, etc... and to monitor the # # ircd's state via cron jobs. If this is a relative path, it will be # -# relative to the configuration directory, and if it is not defined, # -# the default of 'inspircd.pid' is used. # +# relative to the runtime directory, and if it is not defined, the # +# default of 'inspircd.pid' is used. # # # #<pid file="/path/to/inspircd.pid"> -#-#-#-#-#-#-#-#-#-#-#-#-#- BANLIST LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-#-# +#-#-#-#-#-#-#-#-#-#-#-#-#- LIST MODE LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-# # # -# Use these tags to customise the ban limits on a per channel basis. # -# The tags are read from top to bottom, and any tag found which # -# matches the channels name applies the banlimit to that channel. # +# The <maxlist> tag is used customise the maximum number of each list # +# mode that can be set on a channel. # +# The tags are read from top to bottom and the list mode limit from # +# the first tag found which matches the channel name and mode type is # +# applied to that channel. # # It is advisable to put an entry with the channel as '*' at the # -# bottom of the list. If none are specified or no maxbans tag is # +# bottom of the list. If none are specified or no maxlist tag is # # matched, the banlist size defaults to 100 entries. # # # -<banlist chan="#largechan" limit="200"> -<banlist chan="*" limit="100"> +# Allows #largechan to have up to 200 ban entries. +#<maxlist mode="ban" chan="#largechan" limit="200"> -#-#-#-#-#-#-#-#-#-#-#- DISABLED FEATURES -#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# This tag is optional, and specifies one or more features which are # -# not available to non-operators. # -# # -# For example you may wish to disable NICK and prevent non-opers from # -# changing their nicknames. # -# Note that any disabled commands take effect only after the user has # -# 'registered' (e.g. after the initial USER/NICK/PASS on connection) # -# so for example disabling NICK will not cripple your network. # -# # -# You can also define if you want to disable any channelmodes # -# or usermodes from your users. # -# # -# `fakenonexistant' will make the ircd pretend that nonexistant # -# commands simply don't exist to non-opers ("no such command"). # -# # -#<disabled commands="TOPIC MODE" usermodes="" chanmodes="" fakenonexistant="yes"> +# Allows #largechan to have up to 200 ban exception entries. +#<maxlist mode="e" chan="#largechan" limit="200"> + +# Allows all channels and list modes not previously matched to have +# up to 100 entries. +<maxlist chan="*" limit="100"> #-#-#-#-#-#-#-#-#-#-#-#-#- SERVER OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# # # @@ -624,8 +661,14 @@ # link with servers running 2.0. Defaults to yes. allowzerolimit="no" + # modesinlist: If enabled then the current channel modes will be shown + # in the /LIST response. Defaults to yes. + modesinlist="no" + # exemptchanops: Allows users with with a status mode to be exempt # from various channel restrictions. Possible restrictions are: + # - anticaps Channel mode +B - blocks messages with too many capital + # letters (requires the anticaps module). # - auditorium-see Permission required to see the full user list of # a +u channel (requires the auditorium module). # - auditorium-vis Permission required to be visible in a +u channel @@ -653,11 +696,12 @@ # - stripcolor Channel mode +S - strips formatting codes from # messages (requires the stripcolor module). # - topiclock Channel mode +t - limits changing the topic to (half)ops - # You can also configure this on a per-channel basis with a channel mode. - # See m_exemptchanops in modules.conf.example for more details. + # You can also configure this on a per-channel basis with a channel mode and + # even negate the configured exemptions below. + # See exemptchanops in modules.conf.example for more details. exemptchanops="censor:o filter:o nickflood:o nonick:v regmoderated:o" - # invitebypassmodes: This allows /invite to bypass other channel modes. + # invitebypassmodes: This allows /INVITE to bypass other channel modes. # (Such as +k, +j, +l, etc.) invitebypassmodes="yes" @@ -686,14 +730,14 @@ # connections. If defined, it sets a soft max connections value. softlimit="12800" - # clonesonconnect: If this is set to false, we won't check for clones + # clonesonconnect: If this is set to no, we won't check for clones # on initial connection, but only after the DNS check is done. # This can be useful where your main class is more restrictive # than some other class a user can be assigned after DNS lookup is complete. # Turning this option off will make the server spend more time on users we may - # potentially not want. Normally this should be neglible, though. - # Default value is true - clonesonconnect="true" + # potentially not want. Normally this should be negligible, though. + # Default value is yes + clonesonconnect="yes" # timeskipwarn: The time period that a server clock can jump by before # operators will be warned that the server is having performance issues. @@ -724,10 +768,10 @@ announceinvites="dynamic" # hideulines: If this value is set to yes, U-lined servers will - # be hidden from non-opers in /links and /map. + # be hidden from non-opers in /LINKS and /MAP. hideulines="no" - # flatlinks: If this value is set to yes, /map and /links will + # flatlinks: If this value is set to yes, /MAP and /LINKS will # be flattened when shown to non-opers. flatlinks="no" @@ -739,12 +783,12 @@ # when a remote whois (/WHOIS <nick> <nick>) is used. #hideserver="*.example.com" - # hidebans: If this value is set to yes, when a user is banned ([gkz]lined) + # hidebans: If this value is set to yes, when a user is banned ([KGZ]-lined) # only opers will see the ban message when the user is removed # from the server. hidebans="no" - # hidekills: If defined, replaces who set a /kill with a custom string. + # hidekills: If defined, replaces who executed a /KILL with a custom string. hidekills="" # hideulinekills: Hide kills from clients of ulined servers from server notices. @@ -756,7 +800,7 @@ hidesplits="no" # maxtargets: Maximum number of targets per command. - # (Commands like /notice, /privmsg, /kick, etc) + # (Commands like /NOTICE, /PRIVMSG, /KICK, etc) maxtargets="20" # customversion: A custom message to be displayed in the comments field @@ -782,25 +826,20 @@ restrictbannedusers="yes" # genericoper: Setting this value to yes makes all opers on this server - # appear as 'is an IRC operator' in their WHOIS, regardless of their + # appear as 'is a server operator' in their WHOIS, regardless of their # oper type, however oper types are still used internally. This only # affects the display in WHOIS. genericoper="no" - # userstats: /stats commands that users can run (opers can run all). + # userstats: /STATS commands that users can run (opers can run all). userstats="Pu"> #-#-#-#-#-#-#-#-#-#-#-#-# LIMITS CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# # # # This configuration tag defines the maximum sizes of various types # # on IRC, such as the maximum length of a channel name, and the # -# maximum length of a channel. Note that with the exception of the # -# identmax value all values given here are the exact values you would # -# expect to see on IRC. This contrasts with the older InspIRCd # -# releases where these values would be one character shorter than # -# defined to account for a null terminator on the end of the text. # -# # -# These values should match network-wide otherwise issues will occur. # +# maximum length of a channel. These values should match network-wide # +# otherwise issues will occur. # # # # The highest safe value you can set any of these options to is 500, # # but it is recommended that you keep them somewhat # @@ -855,13 +894,13 @@ # # An example log tag would be: # <log method="file" type="OPER" level="default" target="opers.log"> -# which would log all information on /oper (failed and successful) to +# which would log all information on /OPER (failed and successful) to # a file called opers.log. # # There are many different types which may be used, and modules may # generate their own. A list of useful types: # - USERS - information relating to user connection and disconnection -# - OPER - succesful and failed oper attempts +# - OPER - successful and failed oper attempts # - KILL - kill related messages # - FILTER - messages related to filter matches (filter module) # - CONFIG - configuration related messages @@ -899,17 +938,17 @@ #-#-#-#-#-#-#-#-#-#-#-#-#- WHOWAS OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# # # -# This tag lets you define the behaviour of the /whowas command of # +# This tag lets you define the behaviour of the /WHOWAS command of # # your server. # # # <whowas # groupsize: Maximum entries per nick shown when performing - # a /whowas nick. + # a /WHOWAS <nick>. groupsize="10" # maxgroups: Maximum number of nickgroups that can be added to - # the list so that /whowas does not use a lot of resources on + # the list so that /WHOWAS does not use a lot of resources on # large networks. maxgroups="100000" @@ -935,10 +974,10 @@ <badnick # nick: Nick to disallow. Wildcards are supported. - nick="ChanServ" + nick="Tr0ll123" - # reason: Reason to display on /nick. - reason="Reserved for a network service"> + # reason: Reason to display on /NICK. + reason="Don't use this nick."> <badhost # host: ident@hostname to ban. @@ -951,25 +990,25 @@ <badhost host="root@*" reason="Don't IRC as root!"> <badhost host="*@198.51.100.0/24" reason="This subnet is bad."> -# exception: Hosts that are exempt from [kgz]lines. +# exception: Hosts that are exempt from [KGZ]-lines. <exception # host: ident@hostname to exempt. # Wildcards and CIDR (if you specify an IP) can be used. - host="*@ircop.example.com" + host="*@serverop.example.com" - # reason: Reason for exception. Only shown in /stats e + # reason: Reason for exception. Only shown in /STATS e. reason="Oper's hostname"> #-#-#-#-#-#-#-#-#-#-#- INSANE BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-# # # -# This optional tag allows you to specify how wide a gline, eline, # -# kline, zline or qline can be before it is forbidden from being # -# set. By setting hostmasks="yes", you can allow all G, K, E lines, # +# This optional tag allows you to specify how wide a G-line, E-line, # +# K-line, Z-line or Q-line can be before it is forbidden from being # +# set. By setting hostmasks="yes", you can allow all G-, K-, E-lines, # # no matter how many users the ban would cover. This is not # -# recommended! By setting ipmasks="yes", you can allow all Z lines, # +# recommended! By setting ipmasks="yes", you can allow all Z-lines, # # no matter how many users these cover too. Needless to say we # # don't recommend you do this, or, set nickmasks="yes", which will # -# allow any qline. # +# allow any Q-line. # # # <insane @@ -1002,7 +1041,7 @@ # provide almost all the features of InspIRCd. :) # # # # The default does nothing -- we include it for simplicity for you. # -<include file="examples/modules.conf.example"> +#<include file="examples/modules.conf.example"> #-#-#-#-#-#-#-#-#-#-#-# SERVICES CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# # #