X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=docs%2Fconf%2Fmodules.conf.example;h=0b149775bc480cc9d422f77ac8f7d15995233262;hb=e0dc7691c4cff3a38bc12adf10b3709d8c4901ba;hp=3bf1c2e993b309098d323cb9d311e9454e957773;hpb=02beded762ccc71c7f87ec8bb32b8d614960ab90;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index 3bf1c2e99..0b149775b 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -78,13 +78,13 @@ # matched, or it has no format value. Aliases are # # read from the top of the file to the bottom. # # # -# usercommand - If this is true, the alias can be run simply as # -# /ALIASNAME. Defaults to true. # +# usercommand - If set to yes, the alias can be run simply as # +# /ALIASNAME. Defaults to yes. # # # -# channelcommand - If this is true, the alias can be used as an # +# channelcommand - If set to yes, the alias can be used as an # # in-channel alias or 'fantasy command', prefixed # # by the fantasy prefix character, !aliasname by # -# default. Defaults to false. # +# default. Defaults to no. # # # # format - If this is defined, the parameters of the alias # # must match this glob pattern. For example if you # @@ -116,7 +116,11 @@ # to successfully trigger. If they are not, then # # the user receives a 'no such nick' 401 numeric. # # # -# uline - Setting this to true will ensure that the user # +# stripcolor - If set to yes, the text from the user will be # +# stripped of color and format codes before # +# matching against 'text'. # +# # +# uline - Setting this to yes will ensure that the user # # given in 'requires' is also on a U-lined server, # # as well as actually being on the network. If the # # user is online, but not on a U-lined server, # @@ -124,7 +128,7 @@ # possibly a sign of a user trying to impersonate # # a service. # # # -# operonly - If true, this will make the alias oper only. # +# operonly - If yes, this will make the alias oper only. # # If a non-oper attempts to use the alias, it will # # appear to not exist. # # # @@ -173,7 +177,7 @@ # users that send overly capitalised messages to channels. Unlike the # blockcaps module this module is more flexible as it has more options # for punishment and allows channels to configure their own punishment -# policies. +# policies. # # # You may also configure the characters which anticaps considers to be @@ -182,6 +186,30 @@ # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Argon2 module: Allows other modules to generate Argon2 hashes, +# usually for cryptographic uses and security. +# This module makes the algorithms argon2i, argon2d and argon2id +# available for use. +# Note that this module is extra, and must be enabled explicitly +# to build. It depends on libargon2. +# +# +# memory: Memory hardness, in KiB. E.g. 131072 KiB = 128 MiB. +# iterations: Time hardness in iterations. (def. 3) +# lanes: How many parallel chains can be run. (def. 1) +# threads: Maximum amount of threads each invocation can spawn. (def. 1) +# length: Output length in bytes. (def. 32) +# saltlength: Salt length in bytes. (def. 16) +# version: Algorithm version, 10 or 13. (def. 13) +# The parameters can be customized as follows: +# +# Defines the parameters that are common for all the variants (i/d/id). +# Can be overridden on individual basis, e.g. +# +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Auditorium module: Adds channel mode +u which makes everyone else # except you in the channel invisible, used for large meetings etc. @@ -206,7 +234,7 @@ # For example +w o:*!Attila@127.0.0.1 will op anyone matching that mask # on join. This can be combined with extbans, for example +w o:R:Brain # will op anyone identified to the account "Brain". -# Another useful combination is with SSL client certificate +# Another useful combination is with TLS (SSL) client certificate # fingerprints: +w h:z:72db600734bb9546c1bdd02377bc21d2a9690d48 will # give halfop to the user(s) having the given certificate. # @@ -310,6 +338,9 @@ # This module is oper-only and provides /CBAN. # To use, CBAN must be in one of your oper class blocks. # +# CBAN does not allow glob channelmasks by default for compatibility +# reasons. You can enable glob support by uncommenting the next line. +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Censor module: Adds channel and user mode +G which block phrases that @@ -344,14 +375,14 @@ # message to the server on connection. For more details please read the # IRCv3 WebIRC specification at: https://ircv3.net/specs/extensions/webirc.html # -# When using this method you must specify a wildcard mask or CIDR range -# to allow gateway connections from and at least one of either a SSL -# client certificate fingerprint for the gateway or a password to be -# sent in the WEBIRC command. +# When using this method you must specify one or more wildcard masks +# or CIDR ranges to allow gateway connections from and at least one of +# either a TLS (SSL) client certificate fingerprint for the gateway or +# a password to be sent in the WEBIRC command. # # +# mask="192.0.2.0/24 198.51.100.*"> # # # -# Set the maximum number of lines allowed to be stored per channel below. -# This is the hard limit for 'X'. -# If notice is set to yes, joining users will get a NOTICE before playback -# telling them about the following lines being the pre-join history. -# If bots is set to yes, it will also send to users marked with +B -# +#-#-#-#-#-#-#-#-#-#-#- CHANHISTORY CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# +# # +# bots - Whether to send channel history to bots. Defaults to yes. # +# # +# enableumode - Whether to enable the +N user mode which allows users # +# to opt-out of receiving channel history. Defaults to # +# no. # +# # +# maxlines - The maximum number of lines of chat history to send to a # +# joining users. Defaults to 50. # +# # +# prefixmsg - Whether to send an explanatory message to clients that # +# don't support the chathistory batch type. Defaults to # +# yes. # +# # +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Channel logging module: Used to send snotice output to channels, to @@ -550,11 +595,13 @@ # +# prefix="net-" +# ignorecase="no"> # # +# prefix="net-" +# ignorecase="no"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Clones module: Adds an oper command /CLONES for detecting cloned @@ -564,6 +611,21 @@ # To use, CLONES must be in one of your oper class blocks. # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Codepage module: Allows using a custom 8-bit codepage for nicknames +# and case mapping. +# +# +# You should include one of the following files to set your codepage: +# +# +# +# +# +# You can also define a custom codepage. For details on how to do this +# please refer to the docs site: +# https://docs.inspircd.org/3/modules/codepage + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Common channels module: Adds user mode +c, which, when set, requires # that users must share a common channel with you to PRIVMSG or NOTICE @@ -611,7 +673,7 @@ # killonbadreply - Whether to kill the user if they send the wrong # # PONG reply. # # # -# +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Channel cycle module: Adds the /CYCLE command which is a server-side @@ -653,7 +715,7 @@ # the throttling when the server just booted. # # +# quitmsg="Throttled" bootwait="2m"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Custom prefixes: Allows for channel prefixes to be configured. @@ -675,7 +737,7 @@ # You can also override the configuration of prefix modes added by both the core # and other modules by adding a customprefix tag with change="yes" specified. # -# +# # # Do /RELOADMODULE customprefix after changing the settings of this module. @@ -823,7 +885,17 @@ # # # # For configuration options please see the docs page for dnsbl at # -# https://docs.inspircd.org/3/modules/dnsbl # +# https://docs.inspircd.org/3/modules/dnsbl. You can also use one or # +# more of the following example configs for popular DNSBLs: # +# # +# DroneBL (https://dronebl.org) # +# +# # +# EFnet RBL (https://rbl.efnetrbl.org) # +# +# # +# dan.me.uk Tor exit node DNSBL (https://www.dan.me.uk/dnsbl) # +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Exempt channel operators module: Provides support for allowing # @@ -835,6 +907,8 @@ # See in inspircd.conf.example for a more # # detailed list of the restriction modes that can be exempted. # # These are settable using: /MODE #chan +X : # +# Furthermore, the exemptions configured in # +# can also be negated by using: /MODE #chan +X :* # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -922,7 +996,7 @@ # other modules that need it using the libMaxMindDB library. # # # # This module is in extras. Re-run configure with: # -# ./configure --enable-extras=m_geo_maxmind.cpp +# ./configure --enable-extras geo_maxmind # and run make install, then uncomment this module to enable it. # # # # This module requires libMaxMindDB to be installed on your system. # @@ -975,9 +1049,9 @@ # # # This mode can optionally prevent opers from seeing channels on a +I -# user, for more privacy if set to true. +# user, for more privacy if set to yes. # This setting is not recommended for most mainstream networks. -# +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Hide list module: Allows for hiding the list of listmodes from users @@ -1045,7 +1119,7 @@ # a tag with type "httpd", and load at least one of the other # httpd_* modules to provide pages to display. # -# +# # # You can adjust the timeout for HTTP connections below. All HTTP # connections will be closed after (roughly) this time period. @@ -1099,10 +1173,10 @@ # the timeout for ident lookups here. If not defined, it will default # # to 5 seconds. This is a non-blocking timeout which holds the user # # in a 'connecting' state until the lookup is complete. # -# prefixunqueried: If on, the idents of users being in a connect class# -# with ident lookups disabled (i.e. ) will be # -# prefixed with a "~". If off, the ident of those users will not be # -# prefixed. Default is off. # +# prefixunqueried: If yes, the idents of users in a connect class # +# with ident lookups disabled (i.e. ) will be # +# prefixed with a "~". If no, the ident of those users will not be # +# prefixed. Default is no. # # # @@ -1128,7 +1202,7 @@ # The following block can be used to control which extensions are # enabled. Note that extended-join can be incompatible with delayjoin # and host cycling. -# +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # IRCv3 account-tag module. Adds the 'account' tag which contains the @@ -1156,9 +1230,14 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # IRCv3 client-to-client tags module: Provides the message-tags IRCv3 -# extension which allows clients to add extra data to their messages. +# extension which allows clients to add extra data to their messages. # This is used to support new IRCv3 features such as replies and ids. # +# +# If you want to only allow client tags that are intended for processing +# by the server you can disable the following setting. Doing this is not +# recommended though as it may break clients. +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # IRCv3 echo-message module: Provides the echo-message IRCv3 @@ -1173,6 +1252,12 @@ # another user into a channel. This respects . # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# IRCv3 labeled-response module: Provides the labeled-response IRCv3 +# extension which allows server responses to be associated with the +# client message which caused them to be sent. +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # IRCv3 message id module: Provides the msgid IRCv3 extension which # adds a unique identifier to each message when the message-tags cap @@ -1197,22 +1282,35 @@ # # host - A glob match for the SNI hostname to apply this policy to. # duration - The amount of time that the policy lasts for. Defaults to -# approximately two months by default. +# five minutes by default. You should raise this to a month +# or two once you know that your config is valid. # port - The port on which TLS connections to the server are being # accepted. You MUST have a CA-verified certificate on this # port. Self signed certificates are not acceptable. # preload - Whether client developers can include your certificate in # preload lists. # -# +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Join flood module: Adds support for join flood protection +j X:Y. # Closes the channel for N seconds if X users join in Y seconds. # # -# The number of seconds to close the channel for: -# +# duration: The number of seconds to close a channel for when it is +# being flooded with joins. +# +# bootwait: The number of seconds to disengage joinflood for after +# a server boots. This allows users to reconnect without +# being throttled by joinflood. +# +# splitwait: The number of seconds to disengage joinflood for after +# a server splits. This allows users to reconnect without +# being throttled by joinflood. +# +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Anti auto rejoin: Adds support for prevention of auto-rejoin (+J). @@ -1235,7 +1333,7 @@ # LDAP module: Allows other SQL modules to access a LDAP database # through a unified API. # This modules is in extras. Re-run configure with: -# ./configure --enable-extras=m_ldap.cpp +# ./configure --enable-extras ldap # and run make install, then uncomment this module to enable it. # # @@ -1298,7 +1396,7 @@ # repeated to whitelist multiple CIDRs. # # # # ldaprequire allows further filtering on the LDAP user, by requiring # -# certain LDAP attibutes to have a given value. It can be repeated, # +# certain LDAP attributes to have a given value. It can be repeated, # # in which case the list will act as an OR list, that is, the # # authentication will succeed if any of the requirements in the list # # is satisfied. # @@ -1379,7 +1477,7 @@ # MySQL module: Allows other SQL modules to access MySQL databases # through a unified API. # This module is in extras. Re-run configure with: -# ./configure --enable-extras=m_mysql.cpp +# ./configure --enable-extras mysql # and run make install, then uncomment this module to enable it. # # @@ -1398,15 +1496,18 @@ # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# NAMESX module: Provides support for the NAMESX extension which allows -# clients to see all the prefixes set on a user without getting confused. -# This is supported by mIRC, x-chat, klient, and maybe more. +# NAMESX module: Provides support for the IRCv3 multi-prefix capability +# and legacy NAMESX extension which allow clients to see all the prefix +# modes set on a user. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # National characters module: # 1) Allows using national characters in nicknames. # 2) Allows using custom (national) casemapping over the network. +# +# This module is incredibly poorly written and documented. You should +# probably use the codepage module instead for 8-bit codepages. # # # file - Location of the file which contains casemapping rules. If this @@ -1423,7 +1524,7 @@ # which allows up to X nick changes in Y seconds. # # -# The number of seconds to prevent nick changes for: +# The time period to prevent nick changes for: # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1516,8 +1617,8 @@ # # # If the following option is on then all oper commands will be sent to -# the snomask 'r'. The default is off. -# +# the snomask 'r'. The default is no. +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper prefixing module: Adds a channel prefix mode +y which is given @@ -1566,7 +1667,7 @@ # # # enableumode - If enabled, user mode +O is required for override. # # # -# +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper levels module: Gives each oper a level and prevents actions @@ -1656,13 +1757,13 @@ # whenever +P is set, unset, or the topic/modes on a +P channel is changed. # If you want to do this, set the filename below, and uncomment the include. # -# If 'listmodes' is true then all list modes (+b, +I, +e, +g...) will be -# saved. Defaults to false. +# If 'listmodes' is yes then all list modes (+b, +I, +e, +g...) will be +# saved. Defaults to no. # # 'saveperiod' determines how often to check if the database needs to be # saved to disk. Defaults to every five seconds. # # # @@ -1673,7 +1774,7 @@ # PostgreSQL module: Allows other SQL modules to access PgSQL databases # through a unified API. # This module is in extras. Re-run configure with: -# ./configure --enable-extras=m_pgsql.cpp +# ./configure --enable-extras pgsql # and run make install, then uncomment this module to enable it. # # @@ -1769,11 +1870,11 @@ # in the same way as /REMOVE. # # -# supportnokicks: If true, /REMOVE is not allowed on channels where the -# nokicks (+Q) mode is set. Defaults to false. +# supportnokicks: If yes, /REMOVE is not allowed on channels where the +# nokicks (+Q) mode is set. Defaults to no. # protectedrank: Members having this rank or above may not be /REMOVE'd # by anyone. Set to 0 to disable this feature. Defaults to 50000. -# +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Repeat module: Allows to block, kick or ban upon similar messages @@ -1800,7 +1901,13 @@ # less CPU usage. Increasing this beyond 512 doesn't have # any effect, as the maximum length of a message on IRC # cannot exceed that. -# +# kickmessage - Kick message when * is specified +# # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1879,7 +1986,7 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SAMODE module: Adds the /SAMODE command which allows server operators # to change modes on a channel without requiring them to have any -# channel priviliges. Also allows changing user modes for any user. +# channel privileges. Also allows changing user modes for any user. # This module is oper-only. # To use, SAMODE must be in one of your oper class blocks. # @@ -1906,7 +2013,7 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SATOPIC module: Adds the /SATOPIC command which allows changing the -# topic on a channel without requiring any channel priviliges. +# topic on a channel without requiring any channel privileges. # This module is oper-only. # To use, SATOPIC must be in one of your oper class blocks. # @@ -1916,12 +2023,14 @@ # Layer via AUTHENTICATE. Note: You also need to have cap loaded # for SASL to work. # -# Define the following to your services server name to improve security -# by ensuring the SASL messages are only sent to the services server -# and not to all connected servers. This prevents a rogue server from -# capturing SASL messages and disables the SASL cap when services is -# down. -# + +# You must define to the name of your services server so +# that InspIRCd knows where to send SASL authentication messages and +# when it should enable the SASL capability. +# You can also define to require users to use TLS (SSL) +# in order to be able to use SASL. +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Secure list module: Prevent /LIST in the first minute of connection, @@ -1934,13 +2043,22 @@ # securelist blocking these sites from listing, define exception tags # # as shown below: # # -# -# # # -# Define the following variable to change how long a user must wait # -# before issuing a LIST. If not defined, defaults to 60 seconds. # +# exemptregistered - Whether the waiting period applies to users who # +# are logged in to a services account. # +# Defaults to no. # +# # +# showmsg - Whether to tell users that they need to wait for a while # +# before they can use the /LIST command. # +# Defaults to no. # # # -# # +# waittime - The time period that a user must be connected for before # +# they can use the /LIST command. # +# Defaults to 1 minute. # +# # +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Servprotect module: Provides support for Austhex style +k / @@ -2068,22 +2186,41 @@ # To use, SHUN must be in one of your oper class blocks. # # -# You may also configure which commands you wish a user to be able to -# perform when shunned. It should be noted that if a shunned user -# issues QUIT or PART then their message will be removed, as if they -# did not issue one. +# Configuration: +# +# affectopers: Whether server operators are exempt from shuns. This +# option is deprecated; you should instead give exempt +# server operators the servers/ignore-shun privilege. +# +# allowconnect: Whether to only apply shuns to users who are fully +# connected to the server. +# +# allowtags: Whether to allow client tags to be attached to enabled +# commands. # -# You can optionally let the user know that their command was blocked. +# cleanedcommands: The commands that, if enabled, should be cleaned +# of any message content if a shunned user tries to +# execute them. # -# You may also let SHUN affect opers (defaults to no). -# +# enabledcommands: The commands that a shunned user is allowed to +# execute. +# +# notifyuser: Whether to notify shunned users that a command they tried +# to execute has been blocked. +# +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# SSL mode module: Adds support for SSL-only channels via the '+z' -# channel mode, SSL-only private messages via the '+z' user mode and -# the 'z:' extban which matches SSL client certificate fingerprints. +# SSL mode module: Adds support for TLS (SSL)-only channels via the '+z' +# channel mode, TLS (SSL)-only private messages via the '+z' user mode and +# the 'z:' extban which matches TLS (SSL) client certificate fingerprints. # -# Does not do anything useful without a working SSL module and the +# Does not do anything useful without a working TLS (SSL) module and the # sslinfo module (see below). # # @@ -2092,15 +2229,15 @@ # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# SSL rehash signal module: Allows the SSL modules to be rehashed by +# SSL rehash signal module: Allows the TLS (SSL) modules to be rehashed by # sending SIGUSR1 to a running InspIRCd process. -# This modules is in extras. Re-run configure with: -# ./configure --enable-extras=m_sslrehashsignal.cpp +# This module is in extras. Re-run configure with: +# ./configure --enable-extras sslrehashsignal # and run make install, then uncomment this module to enable it. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# GnuTLS SSL module: Adds support for SSL/TLS connections using GnuTLS, +# GnuTLS SSL module: Adds support for TLS (SSL) connections using GnuTLS, # if enabled. You must answer 'yes' in ./configure when asked or # manually symlink the source for this module from the directory # src/modules/extra, if you want to enable this, or it will not load. @@ -2113,26 +2250,26 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SSL info module: Allows users to retrieve information about other -# users' peer SSL certificates and keys via the SSLINFO command. +# users' peer TLS (SSL) certificates and keys via the SSLINFO command. # This can be used by client scripts to validate users. For this to # work, one of ssl_gnutls, ssl_mbedtls or ssl_openssl must be loaded. # This module also adds the " is using a secure connection" -# and " has client certificate fingerprint " -# WHOIS lines, the ability for opers to use SSL cert fingerprints to -# verify their identity and the ability to force opers to use SSL +# and " has TLS (SSL) client certificate fingerprint " +# WHOIS lines, the ability for opers to use TLS (SSL) cert fingerprints to +# verify their identity and the ability to force opers to use TLS (SSL) # connections in order to oper up. It is highly recommended to load -# this module if you use SSL on your network. +# this module if you use TLS (SSL) on your network. # For how to use the oper features, please see the first # example tag in opers.conf.example. # # # -# If you want to prevent users from viewing SSL certificate information +# If you want to prevent users from viewing TLS (SSL) certificate information # and fingerprints of other users, set operonly to yes. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# mbedTLS SSL module: Adds support for SSL/TLS connections using mbedTLS. +# mbedTLS TLS (SSL) module: Adds support for TLS (SSL) connections using mbedTLS. # # #-#-#-#-#-#-#-#-#-#-#- MBEDTLS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# @@ -2141,7 +2278,7 @@ # https://docs.inspircd.org/3/modules/ssl_mbedtls # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# OpenSSL SSL module: Adds support for SSL/TLS connections using OpenSSL, +# OpenSSL TLS (SSL) module: Adds support for TLS (SSL) connections using OpenSSL, # if enabled. You must answer 'yes' in ./configure when asked or symlink # the source for this module from the directory src/modules/extra, if # you want to enable this, or it will not load. @@ -2172,7 +2309,7 @@ # SQLite3 module: Allows other SQL modules to access SQLite3 # # databases through a unified API. # # This module is in extras. Re-run configure with: # -# ./configure --enable-extras=m_sqlite3.cpp +# ./configure --enable-extras sqlite3 # and run make install, then uncomment this module to enable it. # # # @@ -2213,8 +2350,9 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # StartTLS module: Implements STARTTLS, which allows clients # -# connected to non SSL enabled ports to enable SSL, if a proper SSL # -# module is loaded (either ssl_gnutls, ssl_mbedtls or ssl_openssl). # +# connected to non TLS (SSL) enabled ports to enable TLS (SSL), if # +# a proper TLS (SSL) module is loaded (either ssl_gnutls, # +# ssl_mbedtls or ssl_openssl). # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -2223,7 +2361,7 @@ # # SVSHOLD does not generate server notices by default, you can turn # notices on by uncommenting the next line. -# +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SWHOIS module: Allows you to add arbitrary lines to user WHOIS. @@ -2234,6 +2372,9 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Timed bans module: Adds timed channel bans with the /TBAN command. # +# By default, it sends a notice to channel operators when timed ban is +# set and when it is removed by server. +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Test line module: Adds the /TLINE command, used to test how many @@ -2248,11 +2389,9 @@ # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# UHNAMES support module: Adds support for the IRCX style UHNAMES -# extension, which displays ident and hostname in the names list for -# each user, saving clients from doing a WHO on the channel. -# If a client does not support UHNAMES it will not enable it, this will -# not break incompatible clients. +# UHNAMES support module: Adds support for the IRCv3 userhost-in-names +# capability and legacy UHNAMES extension which display the ident and +# hostname of users in the NAMES list. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -2292,20 +2431,27 @@ # # # Set the maximum number of entries on a user's watch list below. -# +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # WebSocket module: Adds HTML5 WebSocket support. # Specify hook="websocket" in a tag to make that port accept -# WebSocket connections. Compatible with SSL/TLS. +# WebSocket connections. Compatible with TLS (SSL). # Requires SHA-1 hash support available in the sha1 module. # # -# Whether to re-encode messages as UTF-8 before sending to WebSocket -# clients. This is recommended as the WebSocket protocol requires all -# text frames to be sent as UTF-8. If you do not have this enabled -# messages will be sent as binary frames instead. -# +# proxyranges: A space-delimited list of glob or CIDR matches to trust +# the X-Real-IP or X-Forwarded-For headers from. If enabled +# the server will use the IP address specified by those HTTP +# headers. You should NOT enable this unless you are using +# a HTTP proxy like nginx as it will allow IP spoofing. +# sendastext: Whether to re-encode messages as UTF-8 before sending to +# WebSocket clients. This is recommended as the WebSocket +# protocol requires all text frames to be sent as UTF-8. +# If you do not have this enabled messages will be sent as +# binary frames instead. +# # # If you use the websocket module you MUST specify one or more origins # which are allowed to connect to the server. You should set this as