X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=docs%2Fconf%2Finspircd.conf.example;h=f07f21cdd0e4121a1a6a45393dcec45c6e058a03;hb=e0dc7691c4cff3a38bc12adf10b3709d8c4901ba;hp=8ec6616bd5dd82d68afb8819286f5a5c4d2cd2a9;hpb=a137eb1c2649e702efee7cb1a50b4da467f9d4bd;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/docs/conf/inspircd.conf.example b/docs/conf/inspircd.conf.example index 8ec6616bd..f07f21cdd 100644 --- a/docs/conf/inspircd.conf.example +++ b/docs/conf/inspircd.conf.example @@ -34,6 +34,15 @@ # # ######################################################################## +#-#-#-#-#-#-#-#-#-# CONFIGURATION FORMAT #-#-#-#-#-#-#-#-#-#-#-#-#-#- +# # +# In order to maintain compatibility with older configuration files, # +# you can change the configuration parser to parse as it did in # +# previous releases. When using the "compat" format, you need to use # +# C++ escape sequences (e.g. \n) instead of XML ones (e.g. &nl;) and # +# can not use to create macros. # +# + #-#-#-#-#-#-#-#-#-# INCLUDE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#-# # # # This optional tag allows you to include another config file # @@ -41,8 +50,7 @@ # file you include will be treated as part of the configuration file # # which includes it, in simple terms the inclusion is transparent. # # # -# All paths to config files are relative to the directory that the # -# process runs in. # +# All paths to config files are relative to the config directory. # # # # You may also include an executable file, in which case if you do so # # the output of the executable on the standard output will be added # @@ -50,10 +58,11 @@ # # # Syntax is as follows: # # # +# # # # # # # Executable include example: # -# +# # # @@ -65,11 +74,6 @@ # # # Variables may be redefined and may reference other variables. # # Value expansion happens at the time the tag is read. # -# # -# Using variable definitions REQUIRES that the config format be # -# changed to "xml" from the default "compat" that uses escape # -# sequences such as "\"" and "\n", and does not support # - @@ -93,8 +97,7 @@ #id="97K" # network: Network name given on connect to clients. - # Should be the same on all servers on the network and - # not contain spaces. + # Should be the same on all servers on the network. network="Omega"> @@ -118,20 +121,10 @@ #-#-#-#-#-#-#-#-#-#-#-#- PORT CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- # # -# Enter the port and address bindings here. # -# # -# # -# ____ _ _____ _ _ ____ _ _ _ # -# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # -# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # -# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # -# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # +# Configure the port and address bindings here. # # # -# If you want to link servers to InspIRCd you must load the # -# m_spanningtree.so module! Please see the modules list for # -# information on how to load this module! If you do not load this # -# module, server ports will NOT work! # +# TLS (SSL) listener that binds on a TCP/IP endpoint: - - - -# When linking servers, the OpenSSL and GnuTLS implementations are completely -# link-compatible and can be used alongside each other -# on each end of the link without any significant issues. -# Supported SSL types are: "openssl" and "gnutls". -# You must load m_ssl_openssl for OpenSSL or m_ssl_gnutls for GnuTLS. - - - - - -#-#-#-#-#-#-#-#-#-#- DIE/RESTART CONFIGURATION -#-#-#-#-#-#-#-#-#-#- -# # -# You can configure the passwords here which you wish to use for # -# the /DIE and /RESTART commands. Only trusted ircops who will # -# need this ability should know the die and restart password. # -# # - - - #hash="sha256" - - # diepass: Password for opers to use if they need to shutdown (die) - # a server. - # - # IMPORTANT: leaving this field empty does not disable the use of - # the DIE command. In order to prevent the use of this command you - # should remove it from the command privileges of your opers. - diepass="" - - # restartpass: Password for opers to use if they need to restart - # a server. - # - # IMPORTANT: leaving this field empty does not disable the use of - # the RESTART command. In order to prevent the use of this command - # you should remove it from the command privileges of your opers. - restartpass=""> + # sslprofile: If you want the port(s) in this bind tag to use TLS (SSL), set this + # to the name of a custom tag that you have defined. See the + # docs page for the TLS (SSL) module you are using for more details: + # + # GnuTLS: https://docs.inspircd.org/3/modules/ssl_gnutls#sslprofile + # mbedTLS: https://docs.inspircd.org/3/modules/ssl_mbedtls#sslprofile + # OpenSSL: https://docs.inspircd.org/3/modules/ssl_openssl#sslprofile + # + # You will need to load the ssl_openssl module for OpenSSL, ssl_gnutls + # for GnuTLS and ssl_mbedtls for mbedTLS. + sslprofile="Clients" + + # defer: When this is non-zero, connections will not be handed over to + # the daemon from the operating system before data is ready. + # In Linux, the value indicates the time period we'll wait for a + # connection to come up with data. Don't set it too low! + # In BSD the value is ignored; only zero and non-zero is possible. + # Windows ignores this parameter completely. + # Note: This does not take effect on rehash. + # To change it on a running bind, you'll have to comment it out, + # rehash, comment it in and rehash again. + defer="0" + + # free: When this is enabled the listener will be created regardless of + # whether the interface that provides the bind address is available. This + # is useful for if you are starting InspIRCd on boot when the server may + # not have brought the network interfaces up yet. + free="no"> + +# Plaintext listener that binds on a TCP/IP endpoint: + + + +# Listener that binds on a UNIX endpoint (not supported on Windows): +# + + +# Listener accepting HTML5 WebSocket connections. +# Requires the websocket module and SHA-1 hashing support (provided by the sha1 +# module). +# + + +# You can define a custom tag which defines the TLS (SSL) configuration +# for these listeners. See the docs page for the TLS (SSL) module you are using for +# more details. +# +# Alternatively, you can use one of the default TLS (SSL) profiles which are created +# when you have not defined any: +# "openssl" (requires the ssl_openssl module) +# "gnutls" (requires the ssl_gnutls module) +# "mbedtls" (requires the ssl_mbedtls module) +# +# When linking servers, the OpenSSL, GnuTLS, and mbedTLS implementations are +# completely link-compatible and can be used alongside each other on each end +# of the link without any significant issues. #-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# @@ -212,23 +231,28 @@ # -- It is important to note that connect tags are read from the -- # # TOP DOWN. This means that you should have more specific deny # # and allow tags at the top, progressively more general, followed # -# by a (should you wish to have one). # # # # Connect blocks are searched twice for each user - once when the TCP # # connection is accepted, and once when the user completes their # # registration. Most of the information (hostname, ident response, # -# password, SSL when using STARTTLS, etc) is only available during # -# the second search, so if you are trying to make a closed server, # +# password, TLS (SSL) when using STARTTLS, etc) is only available # +# during the second search. If you are trying to make a closed server # # you will probably need a connect block just for user registration. # # This can be done by using # +# To enable IRCCloud on your network uncomment this: +# + +# A connect class with set denies connections from the specified host/IP range. + deny="3ffe::0/32" -# connect:reason is the message that users will see if they match a deny block - + # reason: The message that users will see if they match a deny block. + reason="The 6bone address space is deprecated"> +# A connect class with set allows c from the specified host/IP range. - #hash="sha256" + # hash: the hash function this password is hashed with. Requires the + # module for the selected function (bcrypt, md5, sha1, or sha256) and + # the password hashing module (password_hash) to be loaded. + # + # You may also use any of the above other than bcrypt prefixed with + # either "hmac-" or "pbkdf2-hmac-" (requires the pbkdf2 module). + # Create hashed passwords with: /MKPASSWD + #hash="bcrypt" # password: Password to use for this block/user(s) password="secret" # maxchans: Maximum number of channels a user in this class - # be in at one time. This overrides every other maxchans setting. - #maxchans="30" + # can be in at one time. + maxchans="20" - # timeout: How long (in seconds) the server will wait before - # disconnecting a user if they do not do anything on connect. + # timeout: How long the server will wait before disconnecting + # a user if they do not do anything on connect. # (Note, this is a client-side thing, if the client does not - # send /nick, /user or /pass) - timeout="10" + # send /NICK, /USER or /PASS) + timeout="20" # localmax: Maximum local connections per IP (or CIDR mask, see below). localmax="3" @@ -270,71 +297,108 @@ # globalmax: Maximum global (network-wide) connections per IP (or CIDR mask, see below). globalmax="3" - # maxconnwarn: Enable warnings when localmax or globalmax are reached (defaults to on) - maxconnwarn="off" + # maxconnwarn: Enable warnings when localmax or globalmax are reached (defaults to yes) + maxconnwarn="no" + + # resolvehostnames: If disabled, no DNS lookups will be performed on connecting users + # in this class. This can save a lot of resources on very busy servers. + resolvehostnames="yes" + + # useconnectban: Defines if users in this class should be exempt from connectban limits. + # This setting only has effect when the connectban module is loaded. + #useconnectban="yes" + + # useconnflood: Defines if users in this class should be exempt from connflood limits. + # This setting only has effect when the connflood module is loaded. + #useconnflood="yes" # usednsbl: Defines whether or not users in this class are subject to DNSBL. Default is yes. - # This setting only has effect when m_dnsbl is loaded. + # This setting only has effect when the dnsbl module is loaded. #usednsbl="yes" # useident: Defines if users in this class MUST respond to a ident query or not. useident="no" + # usests: Whether a STS policy should be advertised to users in this class. + # This setting only has effect when the ircv3_sts module is loaded. + #usests="no" + + # webirc: Restricts usage of this class to the specified WebIRC gateway. + # This setting only has effect when the cgiirc module is loaded. + #webirc="name" + # limit: How many users are allowed in this class limit="5000" - # modes: Usermodes that are set on users in this block on connect. - # Enabling this option requires that the m_conn_umodes module be loaded. - # This entry is highly recommended to use for/with IP Cloaking/masking. - # For the example to work, this also requires that the m_cloaking + # modes: User modes that are set on users in this block on connect. + # Enabling this option requires that the conn_umodes module be loaded. + # This entry is highly recommended to use for/with IP cloaking/masking. + # For the example to work, this also requires that the cloaking # module be loaded as well. modes="+x" - # requireident, requiressl, requireaccount: require that users of this - # block have a valid ident response, use SSL, or have authenticated. - # Requires m_ident, m_sslinfo, or m_services_account respectively. - requiressl="on" - # NOTE: For requireaccount, you must complete the signon prior to full - # connection. Currently, this is only possible by using SASL - # authentication; passforward and PRIVMSG NickServ happen after - # your final connect block has been found. + # requireident: Require that users of this block have a valid ident response. + # Requires the ident module to be loaded. + #requireident="yes" + + # requiressl: Require that users of this block use a TLS (SSL) connection. + # This can also be set to "trusted", as to only accept client certificates + # issued by a certificate authority that you can configure in the + # settings of the TLS (SSL) module that you're using. + # Requires the sslinfo module to be loaded. + #requiressl="yes" + + # requireaccount: Require that users of this block have authenticated to a + # services account. + # NOTE: You must complete the signon prior to full connection. Currently, + # this is only possible by using SASL authentication; passforward + # and PRIVMSG NickServ happen after your final connect block has been found. + # Requires the services_account module to be loaded. + #requireaccount="yes" # Alternate MOTD file for this connect class. The contents of this file are # specified using <files secretmotd="filename"> or <execfiles ...> + # + # NOTE: the following escape sequences for IRC formatting characters can be + # used in your MOTD: + # Bold: \b + # Color: \c<fg>[,<bg>] + # Italic: \i + # Monospace: \m (not widely supported) + # Reset: \x + # Reverse: \r + # Strikethrough: \s (not widely supported) + # Underline: \u + # See https://defs.ircdocs.horse/info/formatting.html for more information + # on client support for formatting characters. motd="secretmotd" - # Allow color codes to be processed in the message of the day file. - # the following characters are valid color code escapes: - # \002 or \b = Bold - # \037 or \u = Underline - # \003 or \c = Color (with a code postfixed to this char) - # \017 or \x = Stop all color sequences - allowmotdcolors="false" - - # port: What port this user is allowed to connect on. (optional) - # The port MUST be set to listen in the bind blocks above. - port="6697"> + # port: What port range this user is allowed to connect on. (optional) + # The ports MUST be set to listen in the bind blocks above. + port="6697,9999"> <connect # name: Name to use for this connect block. Mainly used for # connect class inheriting. name="main" - # allow: What IP addresses/hosts to allow for this block. + # allow: The IP address or hostname of clients that can use this + # class. You can specify either an exact match, a glob match, or + # a CIDR range here. allow="*" # maxchans: Maximum number of channels a user in this class - # be in at one time. This overrides every other maxchans setting. - #maxchans="30" + # can be in at one time. + maxchans="20" - # timeout: How long (in seconds) the server will wait before - # disconnecting a user if they do not do anything on connect. + # timeout: How long the server will wait before disconnecting + # a user if they do not do anything on connect. # (Note, this is a client-side thing, if the client does not - # send /nick, /user or /pass) - timeout="10" + # send /NICK, /USER or /PASS) + timeout="20" - # pingfreq: How often (in seconds) the server tries to ping connecting clients. - pingfreq="120" + # pingfreq: How often the server tries to ping connecting clients. + pingfreq="2m" # hardsendq: maximum amount of data allowed in a client's send queue # before they are dropped. Keep this value higher than the length of @@ -345,11 +409,11 @@ # softsendq: amount of data in a client's send queue before the server # begins delaying their commands in order to allow the sendq to drain - softsendq="8192" + softsendq="10240" # recvq: amount of data allowed in a client's queue before they are dropped. - # Entering "8K" is equivalent to "8192", see above. - recvq="8K" + # Entering "10K" is equivalent to "10240", see above. + recvq="10K" # threshold: This specifies the amount of command penalty a user is allowed to have # before being quit or fakelagged due to flood. Normal commands have a penalty of 1, @@ -372,7 +436,7 @@ # immediately killing them; their commands are held in the recvq and processed later # as the user's command penalty drops. Note that if this is enabled, flooders will # quit with "RecvQ exceeded" rather than "Excess Flood". - fakelag="on" + fakelag="yes" # localmax: Maximum local connections per IP. localmax="3" @@ -380,20 +444,29 @@ # globalmax: Maximum global (network-wide) connections per IP. globalmax="3" + # resolvehostnames: If disabled, no DNS lookups will be performed on connecting users + # in this class. This can save a lot of resources on very busy servers. + resolvehostnames="yes" + # useident: Defines if users in this class must respond to a ident query or not. useident="no" + # usests: Whether a STS policy should be advertised to users in this class. + # This setting only has effect when the ircv3_sts module is loaded. + #usests="no" + # limit: How many users are allowed in this class limit="5000" - # modes: Usermodes that are set on users in this block on connect. - # Enabling this option requires that the m_conn_umodes module be loaded. - # This entry is highly recommended to use for/with IP Cloaking/masking. - # For the example to work, this also requires that the m_cloaking + # modes: User modes that are set on users in this block on connect. + # Enabling this option requires that the conn_umodes module be loaded. + # This entry is highly recommended to use for/with IP cloaking/masking. + # For the example to work, this also requires that the cloaking # module be loaded as well. modes="+x"> + #-#-#-#-#-#-#-#-#-#-#-#- CIDR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- # # # CIDR configuration allows detection of clones and applying of # @@ -421,11 +494,11 @@ # This file has all the information about oper classes, types and o:lines. # You *MUST* edit it. -<include file="conf/examples/opers.conf.example"> +#<include file="examples/opers.conf.example"> # This file has all the information about server links and ulined servers. # You *MUST* edit it if you intend to link servers. -<include file="conf/examples/links.conf.example"> +#<include file="examples/links.conf.example"> #-#-#-#-#-#-#-#-#-#- MISCELLANEOUS CONFIGURATION -#-#-#-#-#-#-#-#-#-# # # @@ -433,23 +506,12 @@ # Files block - contains files whose contents are used by the ircd # # motd - displayed on connect and when a user executes /MOTD -# rules - displayed when the user executes /RULES # Modules can also define their own files -<files motd="conf/examples/motd.txt.example" rules="conf/examples/rules.txt.example"> +<files motd="examples/motd.txt.example"> # Example of an executable file include. Note this will be read on rehash, # not when the command is run. -#<execfiles rules="wget -O - http://www.example.com/rules.txt"> - -#-#-#-#-#-#-#-#-#-#-#-# MAXIMUM CHANNELS -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # - -<channels - # users: Maximum number of channels a user can be in at once. - users="20" - - # opers: Maximum number of channels an oper can be in at once. - opers="60"> +#<execfiles motd="wget -O - https://www.example.com/motd.txt"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-# DNS SERVER -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # If these values are not defined, InspIRCd uses the default DNS resolver @@ -465,7 +527,7 @@ # # server="127.0.0.1" - # timeout: seconds to wait to try to resolve DNS/hostname. + # timeout: time to wait to try to resolve DNS/hostname. timeout="5"> # An example of using an IPv6 nameserver @@ -477,53 +539,33 @@ # rehash the ircd from the shell or to terminate the ircd from the # # shell using shell scripts, perl scripts, etc... and to monitor the # # ircd's state via cron jobs. If this is a relative path, it will be # -# relative to the configuration directory, and if it is not defined, # -# the default of 'inspircd.pid' is used. # +# relative to the runtime directory, and if it is not defined, the # +# default of 'inspircd.pid' is used. # # # #<pid file="/path/to/inspircd.pid"> -#-#-#-#-#-#-#-#-#-#-#-#-#- BANLIST LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-#-# +#-#-#-#-#-#-#-#-#-#-#-#-#- LIST MODE LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-# # # -# Use these tags to customise the ban limits on a per channel basis. # -# The tags are read from top to bottom, and any tag found which # -# matches the channels name applies the banlimit to that channel. # +# The <maxlist> tag is used customise the maximum number of each list # +# mode that can be set on a channel. # +# The tags are read from top to bottom and the list mode limit from # +# the first tag found which matches the channel name and mode type is # +# applied to that channel. # # It is advisable to put an entry with the channel as '*' at the # -# bottom of the list. If none are specified or no maxbans tag is # -# matched, the banlist size defaults to 64 entries. # -# # - -<banlist chan="#largechan" limit="128"> -<banlist chan="*" limit="69"> - -#-#-#-#-#-#-#-#-#-#-#- DISABLED FEATURES -#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# This tag is optional, and specifies one or more features which are # -# not available to non-operators. # +# bottom of the list. If none are specified or no maxlist tag is # +# matched, the banlist size defaults to 100 entries. # # # -# For example you may wish to disable NICK and prevent non-opers from # -# changing their nicknames. # -# Note that any disabled commands take effect only after the user has # -# 'registered' (e.g. after the initial USER/NICK/PASS on connection) # -# so for example disabling NICK will not cripple your network. # -# # -# You can also define if you want to disable any channelmodes # -# or usermodes from your users. # -# # -# `fakenonexistant' will make the ircd pretend that nonexistant # -# commands simply don't exist to non-opers ("no such command"). # -# # -#<disabled commands="TOPIC MODE" usermodes="" chanmodes="" fakenonexistant="yes"> +# Allows #largechan to have up to 200 ban entries. +#<maxlist mode="ban" chan="#largechan" limit="200"> -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- RTFM LINE -#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# Just remove this... Its here to make you read ALL of the config # -# file options ;) # - -<die value="You should probably edit your config *PROPERLY* and try again."> - +# Allows #largechan to have up to 200 ban exception entries. +#<maxlist mode="e" chan="#largechan" limit="200"> +# Allows all channels and list modes not previously matched to have +# up to 100 entries. +<maxlist chan="*" limit="100"> #-#-#-#-#-#-#-#-#-#-#-#-#- SERVER OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# # # @@ -560,21 +602,19 @@ # the correct parameters are. syntaxhints="no" - # cyclehosts: If enabled, when a user gets a host set, it will cycle - # them in all their channels. If not, it will simply change their host - # without cycling them. - cyclehosts="yes" + # casemapping: This sets the case mapping method to be used by the + # server. This MUST be the same on all servers. Possible values are: + # "ascii" (recommended) + # "rfc1459" (default, required for linking to 2.0 servers) + # NOTE: if you are using the nationalchars module this setting will be + # ignored. You should use <nationalchars:casemapping> instead. + casemapping="ascii" # cyclehostsfromuser: If enabled, the source of the mode change for # cyclehosts will be the user who cycled. This can look nicer, but # triggers anti-takeover mechanisms of some obsolete bots. cyclehostsfromuser="no" - # ircumsgprefix: Use undernet-style message prefixing for NOTICE and - # PRIVMSG. If enabled, it will add users' prefix to the line, if not, - # it will just message the user normally. - ircumsgprefix="no" - # announcets: If set to yes, when the timestamp on a channel changes, all users # in the channel will be sent a NOTICE about it. announcets="yes" @@ -593,37 +633,81 @@ # in the topic. If set to no, it will only show the nick of the topic setter. hostintopic="yes" - # pingwarning: If a server does not respond to a ping within x seconds, + # pingwarning: If a server does not respond to a ping within this period, # it will send a notice to opers with snomask +l informing that the server # is about to ping timeout. pingwarning="15" - # serverpingfreq: How often pings are sent between servers (in seconds). - serverpingfreq="60" + # serverpingfreq: How often pings are sent between servers. + serverpingfreq="1m" + + # splitwhois: Whether to split private/secret channels from normal channels + # in WHOIS responses. Possible values for this are: + # 'no' - list all channels together in the WHOIS response regardless of type. + # 'split' - split private/secret channels to a separate WHOIS response numeric. + # 'splitmsg' - the same as split but also send a message explaining the split. + splitwhois="no" # defaultmodes: What modes are set on a empty channel when a user # joins it and it is unregistered. - defaultmodes="nt" + defaultmodes="not" - # moronbanner: This is the text that is sent to a user when they are + # xlinemessage: This is the text that is sent to a user when they are # banned from the server. - moronbanner="You're banned! Email abuse@example.com with the ERROR line below for help." - - # exemptchanops: exemptions for channel access restrictions based on prefix. - exemptchanops="nonick:v flood:o" - - # invitebypassmodes: This allows /invite to bypass other channel modes. + xlinemessage="You're banned! Email irc@example.com with the ERROR line below for help." + + # allowzerolimit: If enabled then allow a limit of 0 to be set on channels. + # This is non-standard behaviour and should only be enabled if you need to + # link with servers running 2.0. Defaults to yes. + allowzerolimit="no" + + # modesinlist: If enabled then the current channel modes will be shown + # in the /LIST response. Defaults to yes. + modesinlist="no" + + # exemptchanops: Allows users with with a status mode to be exempt + # from various channel restrictions. Possible restrictions are: + # - anticaps Channel mode +B - blocks messages with too many capital + # letters (requires the anticaps module). + # - auditorium-see Permission required to see the full user list of + # a +u channel (requires the auditorium module). + # - auditorium-vis Permission required to be visible in a +u channel + # (requires the auditorium module). + # - blockcaps Channel mode +B - blocks messages with too many capital + # letters (requires the blockcaps module). + # - blockcolor Channel mode +c - blocks messages with formatting codes + # (requires the blockcolor module). + # - censor Channel mode +G - censors messages based on the network + # configuration (requires the censor module). + # - filter Channel mode +g - blocks messages containing the given + # glob mask (requires the chanfilter module). + # - flood Channel mode +f - kicks (and bans) on text flood of a + # specified rate (requires the messageflood module). + # - nickflood Channel mode +F - blocks nick changes after a specified + # rate (requires the nickflood module). + # - noctcp Channel mode +C - blocks any CTCPs to the channel + # (requires the noctcp module). + # - nonick Channel mode +N - prevents users on the channel from + # changing nicks (requires the nonicks module). + # - nonotice Channel mode +T - blocks /NOTICEs to the channel + # (requires the nonotice module). + # - regmoderated Channel mode +M - blocks unregistered users from + # speaking (requires the services account module). + # - stripcolor Channel mode +S - strips formatting codes from + # messages (requires the stripcolor module). + # - topiclock Channel mode +t - limits changing the topic to (half)ops + # You can also configure this on a per-channel basis with a channel mode and + # even negate the configured exemptions below. + # See exemptchanops in modules.conf.example for more details. + exemptchanops="censor:o filter:o nickflood:o nonick:v regmoderated:o" + + # invitebypassmodes: This allows /INVITE to bypass other channel modes. # (Such as +k, +j, +l, etc.) invitebypassmodes="yes" # nosnoticestack: This prevents snotices from 'stacking' and giving you # the message saying '(last message repeated X times)'. Defaults to no. - nosnoticestack="no" - - # welcomenotice: When turned on, this sends a NOTICE to connecting users - # with the text Welcome to <networkname>! after successful registration. - # Defaults to yes. - welcomenotice="yes"> + nosnoticestack="no"> #-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-# @@ -638,33 +722,41 @@ # in the accept queue. This is *NOT* the total maximum number of # connections per server. Some systems may only allow this to be up # to 5, while others (such as Linux and *BSD) default to 128. + # Setting this above the limit imposed by your OS can have undesired + # effects. somaxconn="128" - # limitsomaxconn: By default, somaxconn (see above) is limited to a - # safe maximum value in the 2.0 branch for compatibility reasons. - # This setting can be used to disable this limit, forcing InspIRCd - # to use the value specified above. - limitsomaxconn="true" - # softlimit: This optional feature allows a defined softlimit for # connections. If defined, it sets a soft max connections value. softlimit="12800" + # clonesonconnect: If this is set to no, we won't check for clones + # on initial connection, but only after the DNS check is done. + # This can be useful where your main class is more restrictive + # than some other class a user can be assigned after DNS lookup is complete. + # Turning this option off will make the server spend more time on users we may + # potentially not want. Normally this should be negligible, though. + # Default value is yes + clonesonconnect="yes" + + # timeskipwarn: The time period that a server clock can jump by before + # operators will be warned that the server is having performance issues. + timeskipwarn="2s" + # quietbursts: When syncing or splitting from a network, a server # can generate a lot of connect and quit messages to opers with # +C and +Q snomasks. Setting this to yes squelches those messages, # which makes it easier for opers, but degrades the functionality of # bots like BOPM during netsplits. - quietbursts="yes" - - # nouserdns: If enabled, no DNS lookups will be performed on - # connecting users. This can save a lot of resources on very busy servers. - nouserdns="no"> + quietbursts="yes"> #-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# # # <security + # allowcoreunload: If this value is set to yes, Opers will be able to + # unload core modules (e.g. core_privmsg). + allowcoreunload="no" # announceinvites: This option controls which members of the channel # receive an announcement when someone is INVITEd. Available values: @@ -675,33 +767,28 @@ # higher ranked users. This is the recommended setting. announceinvites="dynamic" - # hidemodes: If enabled, then the listmodes given will be hidden - # from users below halfop. This is not recommended to be set on +b - # as it may break some functionality in popular clients such as mIRC. - hidemodes="eI" - # hideulines: If this value is set to yes, U-lined servers will - # be hidden from non-opers in /links and /map. + # be hidden from non-opers in /LINKS and /MAP. hideulines="no" - # flatlinks: If this value is set to yes, /map and /links will + # flatlinks: If this value is set to yes, /MAP and /LINKS will # be flattened when shown to non-opers. flatlinks="no" - # hidewhois: When defined, the given text will be used in place - # of the server a user is on when whoised by a non-oper. Most - # networks will want to set this to something like "*.netname.net" - # to conceal the actual server a user is on. - # Note that enabling this will cause users' idle times to only be - # shown when the format /WHOIS <nick> <nick> is used. - hidewhois="" + # hideserver: When defined, the given text will be used in place + # of the server name in public messages. As with <server:name> this + # does not need to resolve but does need to be a valid hostname. + # + # NOTE: enabling this will cause users' idle times to only be shown + # when a remote whois (/WHOIS <nick> <nick>) is used. + #hideserver="*.example.com" - # hidebans: If this value is set to yes, when a user is banned ([gkz]lined) + # hidebans: If this value is set to yes, when a user is banned ([KGZ]-lined) # only opers will see the ban message when the user is removed # from the server. hidebans="no" - # hidekills: If defined, replaces who set a /kill with a custom string. + # hidekills: If defined, replaces who executed a /KILL with a custom string. hidekills="" # hideulinekills: Hide kills from clients of ulined servers from server notices. @@ -713,19 +800,13 @@ hidesplits="no" # maxtargets: Maximum number of targets per command. - # (Commands like /notice, /privmsg, /kick, etc) + # (Commands like /NOTICE, /PRIVMSG, /KICK, etc) maxtargets="20" - # customversion: Displays a custom string when a user /version's - # the ircd. This may be set for security reasons or vanity reasons. + # customversion: A custom message to be displayed in the comments field + # of the VERSION command response. This does not hide the InspIRCd version. customversion="" - # operspywhois: show opers (users/auspex) the +s channels a user is in. Values: - # splitmsg Split with an explanatory message - # yes Split with no explanatory message - # no Do not show - operspywhois="no" - # runasuser: If this is set, InspIRCd will attempt to switch # to run as this user, which allows binding of ports under 1024. # You should NOT set this unless you are starting as root. @@ -740,29 +821,25 @@ # restrictbannedusers: If this is set to yes, InspIRCd will not allow users # banned on a channel to change nickname or message channels they are - # banned on. + # banned on. This can also be set to silent to restrict the user but not + # notify them. restrictbannedusers="yes" # genericoper: Setting this value to yes makes all opers on this server - # appear as 'is an IRC operator' in their WHOIS, regardless of their + # appear as 'is a server operator' in their WHOIS, regardless of their # oper type, however oper types are still used internally. This only # affects the display in WHOIS. genericoper="no" - # userstats: /stats commands that users can run (opers can run all). + # userstats: /STATS commands that users can run (opers can run all). userstats="Pu"> #-#-#-#-#-#-#-#-#-#-#-#-# LIMITS CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# # # # This configuration tag defines the maximum sizes of various types # # on IRC, such as the maximum length of a channel name, and the # -# maximum length of a channel. Note that with the exception of the # -# identmax value all values given here are the exact values you would # -# expect to see on IRC. This contrasts with the older InspIRCd # -# releases where these values would be one character shorter than # -# defined to account for a null terminator on the end of the text. # -# # -# These values should match network-wide otherwise issues will occur. # +# maximum length of a channel. These values should match network-wide # +# otherwise issues will occur. # # # # The highest safe value you can set any of these options to is 500, # # but it is recommended that you keep them somewhat # @@ -770,7 +847,7 @@ <limits # maxnick: Maximum length of a nickname. - maxnick="31" + maxnick="30" # maxchan: Maximum length of a channel name. maxchan="64" @@ -779,7 +856,10 @@ maxmodes="20" # maxident: Maximum length of a ident/username. - maxident="11" + maxident="10" + + # maxhost: Maximum length of a hostname. + maxhost="64" # maxquit: Maximum length of a quit message. maxquit="255" @@ -790,12 +870,20 @@ # maxkick: Maximum length of a kick message. maxkick="255" - # maxgecos: Maximum length of a GECOS (realname). - maxgecos="128" + # maxreal: Maximum length of a real name. + maxreal="128" # maxaway: Maximum length of an away message. maxaway="200"> +#-#-#-#-#-#-#-#-#-#-#-#-# PATHS CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# +# # +# This configuration tag defines the location that InspIRCd stores # +# various types of files such as configuration files, log files and # +# modules. You will probably not need to change these from the values # +# set when InspIRCd was built unless you are using a binary package # +# where you do not have the ability to set build time configuration. # +#<path configdir="conf" datadir="data" logdir="logs" moduledir="modules"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Logging @@ -805,17 +893,16 @@ # the behaviour of the logging of the IRCd. # # An example log tag would be: -# <log method="file" type="OPER" level="default" target="logs/opers.log"> -# which would log all information on /oper (failed and successful) to +# <log method="file" type="OPER" level="default" target="opers.log"> +# which would log all information on /OPER (failed and successful) to # a file called opers.log. # # There are many different types which may be used, and modules may # generate their own. A list of useful types: # - USERS - information relating to user connection and disconnection -# - OPER - succesful and failed oper attempts +# - OPER - successful and failed oper attempts # - KILL - kill related messages -# - snomask - server notices (*all* snomasks will be logged) -# - FILTER - messages related to filter matches (m_filter) +# - FILTER - messages related to filter matches (filter module) # - CONFIG - configuration related messages # - COMMAND - die and restart messages, and messages related to unknown user types # - SOCKET - socket engine informational/error messages @@ -839,24 +926,29 @@ # - USERINPUT # - USEROUTPUT # +# If your server is producing a high levels of log messages you can also set the +# flush="[positive number]" attribute to specify how many log messages should be +# buffered before flushing to disk. You should probably not specify this unless +# you are having problems. +# # The following log tag is highly default and uncustomised. It is recommended you # sort out your own log tags. This is just here so you get some output. -<log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="logs/ircd.log"> +<log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="ircd.log"> #-#-#-#-#-#-#-#-#-#-#-#-#- WHOWAS OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# # # -# This tag lets you define the behaviour of the /whowas command of # +# This tag lets you define the behaviour of the /WHOWAS command of # # your server. # # # <whowas # groupsize: Maximum entries per nick shown when performing - # a /whowas nick. + # a /WHOWAS <nick>. groupsize="10" # maxgroups: Maximum number of nickgroups that can be added to - # the list so that /whowas does not use a lot of resources on + # the list so that /WHOWAS does not use a lot of resources on # large networks. maxgroups="100000" @@ -882,14 +974,10 @@ <badnick # nick: Nick to disallow. Wildcards are supported. - nick="ChanServ" + nick="Tr0ll123" - # reason: Reason to display on /nick. - reason="Reserved For Services"> - -<badnick nick="NickServ" reason="Reserved For Services"> -<badnick nick="OperServ" reason="Reserved For Services"> -<badnick nick="MemoServ" reason="Reserved For Services"> + # reason: Reason to display on /NICK. + reason="Don't use this nick."> <badhost # host: ident@hostname to ban. @@ -902,25 +990,25 @@ <badhost host="root@*" reason="Don't IRC as root!"> <badhost host="*@198.51.100.0/24" reason="This subnet is bad."> -# exception: Hosts that are exempt from [kgz]lines. +# exception: Hosts that are exempt from [KGZ]-lines. <exception # host: ident@hostname to exempt. # Wildcards and CIDR (if you specify an IP) can be used. - host="*@ircop.example.com" + host="*@serverop.example.com" - # reason: Reason for exception. Only shown in /stats e + # reason: Reason for exception. Only shown in /STATS e. reason="Oper's hostname"> #-#-#-#-#-#-#-#-#-#-#- INSANE BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-# # # -# This optional tag allows you to specify how wide a gline, eline, # -# kline, zline or qline can be before it is forbidden from being # -# set. By setting hostmasks="yes", you can allow all G, K, E lines, # +# This optional tag allows you to specify how wide a G-line, E-line, # +# K-line, Z-line or Q-line can be before it is forbidden from being # +# set. By setting hostmasks="yes", you can allow all G-, K-, E-lines, # # no matter how many users the ban would cover. This is not # -# recommended! By setting ipmasks="yes", you can allow all Z lines, # +# recommended! By setting ipmasks="yes", you can allow all Z-lines, # # no matter how many users these cover too. Needless to say we # # don't recommend you do this, or, set nickmasks="yes", which will # -# allow any qline. # +# allow any Q-line. # # # <insane @@ -939,13 +1027,6 @@ # will be banning 955 or more users. trigger="95.5"> - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- YAWN -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# You should already know what to do here :) # - -<die value="User error. You didn't edit your config properly. Go back and try again."> - #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# MODULES #-#-#-#-#-#-#-#-#-#-#-#-#-#-# # ____ _ _____ _ _ ____ _ _ _ # # | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # @@ -960,23 +1041,22 @@ # provide almost all the features of InspIRCd. :) # # # # The default does nothing -- we include it for simplicity for you. # -<include file="conf/examples/modules.conf.example"> +#<include file="examples/modules.conf.example"> -# Here are some pre-built modules.conf files that closely match the -# default configurations of some popular IRCd's. You still may want to -# look over them and make sure if everything is correct for you and setup -# the proper SSL information. +#-#-#-#-#-#-#-#-#-#-#-# SERVICES CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# +# # +# If you use services you will probably want to include one of the # +# following files which set up aliases, nick reservations and filter # +# exemptions for services pseudoclients: # # -# *NOTE*: These files have no comments for what the modules do. If you -# are interested in that, please read the modules.conf.example. It is also -# recommended that you make your own modules file based on modules.conf.example. - -# Settings similar to UnrealIRCd defaults. -#<include file="conf/examples/modules/unrealircd.conf.example"> - -# Settings similar to Charybdis IRCd defaults. -#<include file="conf/examples/modules/charybdis.conf.example"> - +# Anope users should uncomment this: +#<include file="examples/services/anope.conf.example"> +# +# Atheme users should uncomment this: +#<include file="examples/services/atheme.conf.example"> +# +# Users of other services should uncomment this: +#<include file="examples/services/generic.conf.example"> ######################################################################### # #