X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=docs%2Fconf%2Finspircd.conf.example;h=f65f6f5dea3803f3d55cd3f4a5f4870982940c33;hb=f2e3fd5952b23209b084bde4f464e6643c8a00ff;hp=fd7973f39d28511f963bb6d016369a01ca44939d;hpb=a1d46b8bffb1dfce883d0a59b67a86934c260fba;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/docs/conf/inspircd.conf.example b/docs/conf/inspircd.conf.example index fd7973f39..f65f6f5de 100644 --- a/docs/conf/inspircd.conf.example +++ b/docs/conf/inspircd.conf.example @@ -14,11 +14,11 @@ # |___/ # # # ##################################||#################################### - #||# + #||# ##################################||#################################### # # # This is an example of the config file for InspIRCd. # -# Change the options to suit your network # +# Change the options to suit your network. # # # # # # ____ _ _____ _ _ ____ _ _ _ # @@ -33,10 +33,6 @@ # something new or different to this version and you SHOULD READ IT. # # # ######################################################################## -# # -# Unalphabeticalise the modules list at your own risk # -# # -######################################################################## #-#-#-#-#-#-#-#-#-# CONFIGURATION FORMAT #-#-#-#-#-#-#-#-#-#-#-#-#-#- # # @@ -65,8 +61,8 @@ # # # # # # -# Executable Include Example: # -# +# Executable include example: # +# # # @@ -89,7 +85,7 @@ @@ -136,7 +131,7 @@ # |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # # # # If you want to link servers to InspIRCd you must load the # -# m_spanningtree.so module! Please see the modules list for # +# spanningtree module! Please see the modules list for # # information on how to load this module! If you do not load this # # module, server ports will NOT work! # @@ -156,15 +151,18 @@ # to this bind section. type="clients" - # ssl: If you want this bind section to use SSL, define either - # gnutls or openssl here. The appropriate SSL modules must be loaded - # for ssl to work. If you do not want this bind section to support ssl, - # just remove or comment out this option. + # ssl: If you want the port(s) in this bind tag to use SSL, set this to + # the name of a custom tag that you have defined or one + # of "openssl", "gnutls", "mbedtls" if you have not defined any. See the + # wiki page for the SSL module you are using for more details. + # + # You will need to load the ssl_openssl module for OpenSSL, ssl_gnutls + # for GnuTLS and ssl_mbedtls for mbedTLS. ssl="gnutls" # defer: When this is non-zero, connections will not be handed over to # the daemon from the operating system before data is ready. - # In Linux, the value indicates the number of seconds we'll wait for a + # In Linux, the value indicates the time period we'll wait for a # connection to come up with data. Don't set it too low! # In BSD the value is ignored; only zero and non-zero is possible. # Windows ignores this parameter completely. @@ -172,46 +170,40 @@ # To change it on a running bind, you'll have to comment it out, # rehash, comment it in and rehash again. defer="0" + + # free: When this is enabled the listener will be created regardless of + # whether the interface that provides the bind address is available. This + # is useful for if you are starting InspIRCd on boot when the server may + # not have brought the network interfaces up yet. + free="no" > -# When linking servers, the openssl and gnutls implementations are completely -# link-compatible and can be used alongside each other -# on each end of the link without any significant issues. -# Supported ssl types are: "openssl" and "gnutls". -# You must load, m_ssl_openssl for openssl -# or m_ssl_gnutls for gnutls. - - - +# Listener accepting HTML5 WebSocket connections. +# Requires the websocket module and SHA-1 hashing support (provided by the sha1 +# module). +# +# EXPERIMENTAL: Listener that binds on a UNIX endpoint instead of a TCP/IP endpoint: +# -#-#-#-#-#-#-#-#-#-#- DIE/RESTART CONFIGURATION -#-#-#-#-#-#-#-#-#-#- -# # -# You can configure the passwords here which you wish to use for # -# the die and restart commands. Only trusted IRCop's who will # -# need this ability should know the die and restart password. # -# # - - - #hash="sha256" - - # diepass: Password for opers to use if they need to shutdown (die) - # a server. - diepass="" +# You can define a custom tag which defines the SSL configuration +# for this listener. See the wiki page for the SSL module you are using for +# more details. +# +# Alternatively, you can use one of the default SSL profiles which are created +# when you have not defined any: +# "openssl" (requires the ssl_openssl module) +# "gnutls" (requires the ssl_gnutls module) +# "mbedtls" (requires the ssl_mbedtls module) +# +# When linking servers, the OpenSSL, GnuTLS, and mbedTLS implementations are +# completely link-compatible and can be used alongside each other on each end +# of the link without any significant issues. - # restartpass: Password for opers to use if they need to restart - # a server. - restartpass=""> + + #-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# @@ -236,7 +228,7 @@ + deny="192.0.2.*"> # connect:reason is the message that users will see if they match a deny block @@ -252,26 +244,29 @@ # you only want to adjust sendq and a password parent="main" - # allow: What IP addresses/hosts to allow for this block. - allow="196.12.*" + # allow: The IP address or hostname of clients that can use this + # class. You can specify either an exact match, a glob match, or + # a CIDR range here. + allow="203.0.113.*" - # hash: what hash this password is hashed with. requires the module - # for selected hash (m_md5.so, m_sha256.so or m_ripemd160.so) be - # loaded and the password hashing module (m_password_hash.so) - # loaded. Options here are: "md5", "sha256" and "ripemd160". - # Optional, but recommended. Create hashed password with: - # /mkpasswd - #hash="sha256" + # hash: the hash function this password is hashed with. Requires the + # module for the selected function (bcrypt, md5, sha1, or sha256) and + # the password hashing module (password_hash) to be loaded. + # + # You may also use any of the above other than bcrypt prefixed with + # either "hmac-" or "pbkdf2-hmac-" (requires the pbkdf2 module). + # Create hashed passwords with: /mkpasswd + #hash="bcrypt" # password: Password to use for this block/user(s) password="secret" # maxchans: Maximum number of channels a user in this class - # be in at one time. This overrides every other maxchans setting. - #maxchans="30" + # be in at one time. + maxchans="20" - # timeout: How long (in seconds) the server will wait before - # disconnecting a user if they do not do anything on connect. + # timeout: How long the server will wait before disconnecting + # a user if they do not do anything on connect. # (Note, this is a client-side thing, if the client does not # send /nick, /user or /pass) timeout="10" @@ -282,7 +277,7 @@ # globalmax: Maximum global (network-wide) connections per IP (or CIDR mask, see below). globalmax="3" - # maxconnwarn: Enable warnings when localmax or globalmax is hit (defaults to on) + # maxconnwarn: Enable warnings when localmax or globalmax are reached (defaults to on) maxconnwarn="off" # resolvehostnames: If disabled, no DNS lookups will be performed on connecting users @@ -290,25 +285,29 @@ resolvehostnames="yes" # usednsbl: Defines whether or not users in this class are subject to DNSBL. Default is yes. - # This setting only has effect when m_dnsbl is loaded. + # This setting only has effect when the dnsbl module is loaded. #usednsbl="yes" # useident: Defines if users in this class MUST respond to a ident query or not. useident="no" + # webirc: Restricts usage of this class to the specified WebIRC gateway. + # This setting only has effect when the cgiirc module is loaded. + #webirc="name" + # limit: How many users are allowed in this class limit="5000" # modes: Usermodes that are set on users in this block on connect. - # Enabling this option requires that the m_conn_umodes module be loaded. + # Enabling this option requires that the conn_umodes module be loaded. # This entry is highly recommended to use for/with IP Cloaking/masking. - # For the example to work, this also requires that the m_cloaking + # For the example to work, this also requires that the "cloaking" # module be loaded as well. modes="+x" # requireident, requiressl, requireaccount: require that users of this # block have a valid ident response, use SSL, or have authenticated. - # Requires m_ident, m_sslinfo, or m_services_account respectively. + # Requires ident, sslinfo, or the services_account module, respectively. requiressl="on" # NOTE: For requireaccount, you must complete the signon prior to full # connection. Currently, this is only possible by using SASL @@ -317,53 +316,62 @@ # Alternate MOTD file for this connect class. The contents of this file are # specified using or + # + # NOTE: the following escape sequences for IRC formatting characters can be + # used in your MOTD: + # Bold: \b + # Color: \c[,] + # Italic: \i + # Monospace: \m (not widely supported) + # Reset: \x + # Reverse: \r + # Strikethrough: \s (not widely supported) + # Underline: \u + # See https://defs.ircdocs.horse/info/formatting.html for more information + # on client support for formatting characters. motd="secretmotd" - # Allow color codes to be processed in the message of the day file. - # the following characters are valid color code escapes: - # \002 or \b = Bold - # \037 or \u = Underline - # \003 or \c = Color (with a code postfixed to this char) - # \017 or \x = Stop all color sequences - allowmotdcolors="false" - - # port: What port this user is allowed to connect on. (optional) - # The port MUST be set to listen in the bind blocks above. - port="6697"> + # port: What port range this user is allowed to connect on. (optional) + # The ports MUST be set to listen in the bind blocks above. + port="6697,9999"> @@ -420,7 +428,8 @@ # represented as 192.168.1.0/24). This means that abuse across an ISP # # is detected and curtailed much easier. Here is a good chart that # # shows how many IPs the different CIDRs correspond to: # -# http://en.wikipedia.org/wiki/CIDR#Prefix_aggregation # +# https://en.wikipedia.org/wiki/IPv4_subnetting_reference # +# https://en.wikipedia.org/wiki/IPv6_subnetting_reference # # # - -#-#-#-#-#-#-#-#-#-#-#-# MAXIMUM CHANNELS -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # - - +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-# DNS SERVER -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # If these values are not defined, InspIRCd uses the default DNS resolver @@ -475,13 +474,13 @@ # server: DNS server to use to attempt to resolve IP's to hostnames. # in most cases, you won't need to change this, as inspircd will # automatically detect the nameserver depending on /etc/resolv.conf - # (or, on windows, your set nameservers in the registry.) + # (or, on Windows, your set nameservers in the registry.) # Note that this must be an IP address and not a hostname, because # there is no resolver to resolve the name until this is defined! # # server="127.0.0.1" - # timeout: seconds to wait to try to resolve DNS/hostname. + # timeout: time to wait to try to resolve DNS/hostname. timeout="5"> # An example of using an IPv6 nameserver @@ -499,18 +498,27 @@ # -#-#-#-#-#-#-#-#-#-#-#-#-#- BANLIST LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-#-# +#-#-#-#-#-#-#-#-#-#-#-#-#- LIST MODE LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-# # # -# Use these tags to customise the ban limits on a per channel basis. # -# The tags are read from top to bottom, and any tag found which # -# matches the channels name applies the banlimit to that channel. # +# The tag is used customise the maximum number of each list # +# mode that can be set on a channel. # +# The tags are read from top to bottom and the list mode limit from # +# the first tag found which matches the channel name and mode type is # +# applied to that channel. # # It is advisable to put an entry with the channel as '*' at the # -# bottom of the list. If none are specified or no maxbans tag is # -# matched, the banlist size defaults to 64 entries. # +# bottom of the list. If none are specified or no maxlist tag is # +# matched, the banlist size defaults to 100 entries. # # # - - +# Allows #largechan to have up to 200 ban entries. +# + +# Allows #largechan to have up to 200 ban exception entries. +# + +# Allows all channels and list modes not previously matched to have +# up to 100 entries. + #-#-#-#-#-#-#-#-#-#-#- DISABLED FEATURES -#-#-#-#-#-#-#-#-#-#-#-#-#-# # # @@ -531,36 +539,26 @@ # # # - -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- RTFM LINE -#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # -# Just remove this... Its here to make you read ALL of the config # -# file options ;) # - - - - - #-#-#-#-#-#-#-#-#-#-#-#-#- SERVER OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# # # # Settings to define which features are usable on your server. # # # - # suffixpart: What (if anything) a users' part message + # suffixpart: What (if anything) users' part message # should be suffixed with. suffixpart=""" @@ -576,23 +574,26 @@ # the correct parameters are. syntaxhints="no" + # casemapping: This sets the case mapping method to be used by the + # server. This MUST be the same on all servers. Possible values are: + # "ascii" (recommended) + # "rfc1459" (default, required for linking to 2.0 servers) + # NOTE: if you are using the nationalchars module this setting will be + # ignored. You should use instead. + casemapping="ascii" + # cyclehostsfromuser: If enabled, the source of the mode change for # cyclehosts will be the user who cycled. This can look nicer, but # triggers anti-takeover mechanisms of some obsolete bots. cyclehostsfromuser="no" - # ircumsgprefix: Use undernet-style message prefixing for NOTICE and - # PRIVMSG. If enabled, it will add users' prefix to the line, if not, - # it will just message the user normally. - ircumsgprefix="no" - - # announcets: If set to yes, when the TimeStamp on a channel changes, all users - # in channel will be sent a NOTICE about it. + # announcets: If set to yes, when the timestamp on a channel changes, all users + # in the channel will be sent a NOTICE about it. announcets="yes" # allowmismatch: Setting this option to yes will allow servers to link even - # if they don't have the same VF_OPTCOMMON modules loaded. Setting this to - # yes may introduce some desyncs and weirdness. + # if they don't have the same "optionally common" modules loaded. Setting this to + # yes may introduce some desyncs and unwanted behaviour. allowmismatch="no" # defaultbind: Sets the default for tags without an address. Choices are @@ -600,32 +601,73 @@ # falling back to IPv4 otherwise. defaultbind="auto" - # hostintopic: If enabled, channels will show the host of the topicsetter - # in the topic. If set to no, it will only show the nick of the topicsetter. + # hostintopic: If enabled, channels will show the host of the topic setter + # in the topic. If set to no, it will only show the nick of the topic setter. hostintopic="yes" - # pingwarning: If a server does not respond to a ping within x seconds, + # pingwarning: If a server does not respond to a ping within this period, # it will send a notice to opers with snomask +l informing that the server # is about to ping timeout. pingwarning="15" - # serverpingfreq: How often pings are sent between servers (in seconds). - serverpingfreq="60" + # serverpingfreq: How often pings are sent between servers. + serverpingfreq="1m" + + # splitwhois: Whether to split private/secret channels from normal channels + # in WHOIS responses. Possible values for this are: + # 'no' - list all channels together in the WHOIS response regardless of type. + # 'split' - split private/secret channels to a separate WHOIS response numeric. + # 'splitmsg' - the same as split but also send a message explaining the split. + splitwhois="no" # defaultmodes: What modes are set on a empty channel when a user - # joins it and it is unregistered. This is similar to Asuka's - # autochanmodes. + # joins it and it is unregistered. defaultmodes="not" # xlinemessage: This is the text that is sent to a user when they are # banned from the server. xlinemessage="You're banned! Email irc@example.com with the ERROR line below for help." - # exemptchanops: exemptions for channel access restrictions based on prefix. - exemptchanops="nonick:v flood:o" + # allowzerolimit: If enabled then allow a limit of 0 to be set on channels. + # This is non-standard behaviour and should only be enabled if you need to + # link with servers running 2.0. Defaults to yes. + allowzerolimit="no" + + # exemptchanops: Allows users with with a status mode to be exempt + # from various channel restrictions. Possible restrictions are: + # - auditorium-see Permission required to see the full user list of + # a +u channel (requires the auditorium module). + # - auditorium-vis Permission required to be visible in a +u channel + # (requires the auditorium module). + # - blockcaps Channel mode +B - blocks messages with too many capital + # letters (requires the blockcaps module). + # - blockcolor Channel mode +c - blocks messages with formatting codes + # (requires the blockcolor module). + # - censor Channel mode +G - censors messages based on the network + # configuration (requires the censor module). + # - filter Channel mode +g - blocks messages containing the given + # glob mask (requires the chanfilter module). + # - flood Channel mode +f - kicks (and bans) on text flood of a + # specified rate (requires the messageflood module). + # - nickflood Channel mode +F - blocks nick changes after a specified + # rate (requires the nickflood module). + # - noctcp Channel mode +C - blocks any CTCPs to the channel + # (requires the noctcp module). + # - nonick Channel mode +N - prevents users on the channel from + # changing nicks (requires the nonicks module). + # - nonotice Channel mode +T - blocks /NOTICEs to the channel + # (requires the nonotice module). + # - regmoderated Channel mode +M - blocks unregistered users from + # speaking (requires the services account module). + # - stripcolor Channel mode +S - strips formatting codes from + # messages (requires the stripcolor module). + # - topiclock Channel mode +t - limits changing the topic to (half)ops + # You can also configure this on a per-channel basis with a channel mode. + # See m_exemptchanops in modules.conf.example for more details. + exemptchanops="censor:o filter:o nickflood:o nonick:v regmoderated:o" # invitebypassmodes: This allows /invite to bypass other channel modes. - # (Such as +k, +j, +l, etc) + # (Such as +k, +j, +l, etc.) invitebypassmodes="yes" # nosnoticestack: This prevents snotices from 'stacking' and giving you @@ -644,7 +686,7 @@ # somaxconn: The maximum number of connections that may be waiting # in the accept queue. This is *NOT* the total maximum number of # connections per server. Some systems may only allow this to be up - # to 5, while others (such as linux and *BSD) default to 128. + # to 5, while others (such as Linux and *BSD) default to 128. # Setting this above the limit imposed by your OS can have undesired # effects. somaxconn="128" @@ -662,6 +704,10 @@ # Default value is true clonesonconnect="true" + # timeskipwarn: The time period that a server clock can jump by before + # operators will be warned that the server is having performance issues. + timeskipwarn="2s" + # quietbursts: When syncing or splitting from a network, a server # can generate a lot of connect and quit messages to opers with # +C and +Q snomasks. Setting this to yes squelches those messages, @@ -674,7 +720,7 @@