X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=docs%2Fconf%2Fmodules.conf.example;h=383c6a173ac6107e1fffbd21c9418b39b9ba5006;hb=9982ec4e5b027ed24b1fda5e6fd3ab35b98de1a7;hp=8d5251aeccf2af454a13303646a3bb8b548d51e3;hpb=a22f9e6b4688f5435d23a3d91bfc6574e74c7113;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example index 8d5251aec..678139049 100644 --- a/docs/conf/modules.conf.example +++ b/docs/conf/modules.conf.example @@ -10,7 +10,7 @@ # # # By default, ALL modules are commented out. You must uncomment them # # or add lines to your config to load modules. Please refer to # -# http://wiki.inspircd.org/Modules for a list of modules and # +# https://docs.inspircd.org/3/modules for a list of modules and # # each modules link for any additional conf tags they require. # # # # ____ _ _____ _ _ ____ _ _ _ # @@ -35,7 +35,7 @@ # this module being loaded to function. # # -# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SHA256 module: Allows other modules to generate SHA256 hashes, # usually for cryptographic uses and security. @@ -47,13 +47,6 @@ # be enhanced (for example the addition of HMAC authentication). # # -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# RIPEMD160 module: Allows other modules to generate RIPEMD160 hashes, -# usually for cryptographic uses and security. -# -# IMPORTANT: -# Other modules may rely on this module being loaded to function. -# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Abbreviation module: Provides the ability to abbreviate commands a-la @@ -86,7 +79,7 @@ # read from the top of the file to the bottom. # # # # usercommand - If this is true, the alias can be run simply as # -# /aliasname. Defaults to true. # +# /ALIASNAME. Defaults to true. # # # # channelcommand - If this is true, the alias can be used as an # # in-channel alias or 'fantasy command', prefixed # @@ -123,10 +116,14 @@ # to successfully trigger. If they are not, then # # the user receives a 'no such nick' 401 numeric. # # # +# stripcolor - If this is true, the text from the user will be # +# stripped of color and format codes before # +# matching against 'text'. # +# # # uline - Setting this to true will ensure that the user # -# given in 'requires' is also on a u-lined server, # +# given in 'requires' is also on a U-lined server, # # as well as actually being on the network. If the # -# user is online, but not on a u-lined server, # +# user is online, but not on a U-lined server, # # then an oper alert is sent out as this is # # possibly a sign of a user trying to impersonate # # a service. # @@ -135,34 +132,21 @@ # If a non-oper attempts to use the alias, it will # # appear to not exist. # # # -# -# -# -# -# -# -# -# -# -# -# -# # # An example of using the format value to create an alias with two # different behaviours depending on the format of the parameters. # -# # -# # # This alias fixes a glitch in xchat 2.6.x and above and the way it # assumes IDENTIFY must be prefixed by a colon (:) character. It should -# be placed ABOVE the default NICKSERV alias (the first example) listed -# above. +# be placed ABOVE the default NICKSERV alias. # -# # # You may also add aliases to trigger based on something said in a @@ -171,7 +155,7 @@ # command must be preceded by the fantasy prefix when used. # # +# replace="SQUERY ChanServ :$1 $chan $2-" requires="ChanServ" uline="yes"> # # This would be used as "!cs ", with the channel # being automatically inserted after the command in the message to @@ -188,6 +172,20 @@ # To use, ALLTIME must be in one of your oper class blocks. # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Anticaps module: Adds channel mode +B which allows you to punish +# users that send overly capitalised messages to channels. Unlike the +# blockcaps module this module is more flexible as it has more options +# for punishment and allows channels to configure their own punishment +# policies. +# +# +# You may also configure the characters which anticaps considers to be +# lower case and upper case. Any characters not listed here are assumed +# to be punctuation and will be ignored when counting: +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Auditorium module: Adds channel mode +u which makes everyone else # except you in the channel invisible, used for large meetings etc. @@ -244,8 +242,8 @@ # If you have the blockamsg module loaded, you can configure it with # # the tag: # # # -# delay - How many seconds between two messages to force # -# them to be recognised as unrelated. # +# delay - How much time between two messages to force them # +# to be recognised as unrelated. # # action - Any of 'notice', 'noticeopers', 'silent', 'kill' # # or 'killopers'. Define how to take action when # # a user uses /amsg or /ame. # @@ -254,23 +252,29 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Block CAPS module: Adds channel mode +B, blocks all-CAPS messages. +# +# NOTE: This module is deprecated and will be removed in a future version +# of InspIRCd. You should use the anticaps module shown above instead. # # #-#-#-#-#-#-#-#-#-#-#- BLOCKCAPS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # -# percent - What percentage of the text must be caps before # -# text will be blocked. # +# percent - The percentage of a message which must be upper # +# case before it will be blocked. # +# # +# minlen - The minimum length a message must be before it # +# will be blocked. # # # -# minlen - The minimum length a line must be for the block # -# percent to have any effect. # +# lowercase - The characters which will be considered lower # +# case. # # # -# capsmap - A list of chars to be considered CAPS. Can be used # -# to add CAPS characters for your language. Also you # -# can add things like ! and space to further lock # -# down on caps usage. # +# uppercase - The characters which will be considered upper # +# case. # +# # +# lowercase="abcdefghijklmnopqrstuvwxyz" +# uppercase="ABCDEFGHIJKLMNOPQRSTUVWXYZ"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Block color module: Blocking color-coded messages with chan mode +c. @@ -282,25 +286,22 @@ # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# CallerID module: Adds usermode +g which activates hybrid-style +# CallerID module: Adds user mode +g which activates hybrid-style # callerid: block all private messages unless you /ACCEPT first. # # #-#-#-#-#-#-#-#-#-#-#- CALLERID CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# -# maxaccepts - Maximum number of entries a user can add to his # -# /ACCEPT list. Default is 16 entries. # -# operoverride - Can opers (note: ALL opers) override callerid? # -# Default is no. # -# tracknick - Preserve /accept entries when a user changes nick? # +# maxaccepts - Maximum number of entries a user can add to their # +# /ACCEPT list. Default is 30 entries. # +# tracknick - Preserve /ACCEPT entries when a user changes nick? # # If no (the default), the user is removed from # -# everyone's accept list if he changes nickname. # -# cooldown - Amount of time (in seconds) that must pass since # -# the last notification sent to a user before he can # -# be sent another. Default is 60 (1 minute). # -# +# cooldown="1m"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # CAP module: Provides the CAP negotiation mechanism required by the @@ -315,54 +316,81 @@ # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Censor module: Adds channel and user mode +G. +# Censor module: Adds channel and user mode +G which block phrases that +# are listed in the server bad words list. # # #-#-#-#-#-#-#-#-#-#-#- CENSOR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # # -# Optional - If you specify to use the censor module, then you must # -# specify some censor tags. See also: # -# http://wiki.inspircd.org/Modules/censor # -# -# +# If you have the censor module loaded you should specify one or more # +# phrases to replace/block in user messages. The config for this is # +# formatted as follows: # +# # +# Replaces "eggplant" with "aubergine" within messages: # +# # +# # +# Blocks messages that contain "fluffy capybaras": # +# # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# CGI:IRC module: Adds support for automatic host changing in CGI:IRC -# (http://cgiirc.sourceforge.net). -# Adds snomask +w for monitoring CGI:IRC connections. +# CGI:IRC module: Enables forwarding the real IP address of a user from +# a gateway to the IRC server. # # #-#-#-#-#-#-#-#-#-#-#-# CGIIRC CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# # -# Optional - If you specify to use cgiirc, then you must specify one -# or more cgihost tags which indicate authorised CGI:IRC servers which -# will be connecting to your network, and an optional cgiirc tag. -# For more information see: http://wiki.inspircd.org/Modules/cgiirc -# -# Set to yes if you want to notice opers when CGI:IRC clients connect. +# If you use the cgiirc module then you must specify the gateways which +# are authorised to forward IP/host information to your server. There +# are currently two ways to do this: +# +# The webirc method is the recommended way to allow gateways to forward +# IP/host information. When using this method the gateway sends a WEBIRC +# message to the server on connection. For more details please read the +# IRCv3 WebIRC specification at: https://ircv3.net/specs/extensions/webirc.html +# +# When using this method you must specify a wildcard mask or CIDR range +# to allow gateway connections from and at least one of either a SSL +# client certificate fingerprint for the gateway or a password to be +# sent in the WEBIRC command. +# +# +# +# +# Alternatively if your gateway does not support sending the WEBIRC +# message then you can configure InspIRCd to look for the client IP +# address in the ident sent by the user. This is not recommended as it +# only works with IPv4 connections. +# +# When using this method you must specify a wildcard mask or CIDR range to allow +# gateway connections from. You can also optionally configure the static value +# that replaces the IP in the ident to avoid leaking the real IP address of +# gateway clients (defaults to "gateway" if not set). +# +# +# +# +# By default gateway connections are logged to the +w snomask. If you +# do not want this to happen then you can uncomment this to disable it. # -# -# The type field indicates where the module should get the real -# client's IP address from, for further information, please see the -# CGI:IRC documentation. -# -# Old style: -# # Get IP from PASS -# # Get IP from ident -# # See the docs -# New style: -# # Get IP from WEBIRC -# + # IMPORTANT NOTE: # --------------- # -# When you connect CGI:IRC clients, there are two connect classes which +# When you connect gateway clients, there are two connect classes which # apply to these clients. When the client initially connects, the connect -# class which matches the CGI:IRC site's host is checked. Therefore you -# must raise the maximum local/global clients for this ip as high as you -# want to allow cgi clients. After the client has connected and is -# determined to be a cgi:irc client, the class which matches the client's +# class which matches the gateway site's host is checked. Therefore you +# must raise the maximum local/global clients for this IP as high as you +# want to allow gateway clients. After the client has connected and is +# determined to be a gateway client, the class which matches the client's # real IP is then checked. You may set this class to a lower value, so that # the real IP of the client can still be restricted to, for example, 3 # sessions maximum. @@ -379,8 +407,13 @@ # # # If hidemask is set to yes, the user will not be shown the mask when -# his/her message is blocked. -# +# their message is blocked. +# +# If maxlen is set then it defines the maximum length of a filter entry. +# +# If notifyuser is set to no, the user will not be notified when +# their message is blocked. +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Channel history module: Displays the last 'X' lines of chat to a user @@ -394,7 +427,7 @@ # If notice is set to yes, joining users will get a NOTICE before playback # telling them about the following lines being the pre-join history. # If bots is set to yes, it will also send to users marked with +B -# +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Channel logging module: Used to send snotice output to channels, to @@ -413,21 +446,23 @@ # that looks like the name of another channel on the network. # - + #allowrange=""> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Channelban: Implements extended ban j:, which stops anyone already -# in a channel matching a ban like +b j:#channel*mask from joining. +# in a channel matching a ban like +b j:#channel from joining. +# It is also possible to ban based on their status in that channel, +# like so: +b j:@#channel, this example prevents the ops from joining. # Note that by default wildcard characters * and ? are allowed in -# channel names. To disallow them, load m_channames and add characters -# 42 and 63 to denyrange (see above). +# channel names. To disallow them, load the channames module and +# add characters 42 and 63 to denyrange (see above). # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -469,19 +504,19 @@ # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Connection class ban module: Adds support for extban 'n' which +# Connection class ban module: Adds support for extban 'n' which # matches against the class name of the user's connection. # This module assumes that connection classes are named in a uniform -# way on all servers of the network. +# way on all servers of the network. Wildcards are accepted. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Clear chan module: Allows opers to masskick, masskill or mass-G/ZLine -# all users on a channel using /CLEARCHAN. +# Clear chan module: Allows opers to masskick, masskill or +# mass G/Z-line all users on a channel using /CLEARCHAN. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Cloaking module: Adds usermode +x and cloaking support. +# Cloaking module: Adds user mode +x and cloaking support. # Relies on the md5 module being loaded. # To cloak users when they connect, load the conn_umodes module and set # to include the +x mode. The example tag @@ -492,30 +527,40 @@ # # # To use cloaking, you must define a cloak key, and optionally a # # cloak prefix as shown below. The cloak key must be shared across # -# the network for correct cloaking. # +# the network for consistent cloaking and must be at least thirty # +# characters long. # # # # There are two methods of cloaking: # # # -# half Cloak only the "unique" portion of a host; show # -# the last 2 parts of the domain, /16 subnet of IPv4 # -# or /48 subnet of the IPv6 address. # +# half Cloak only the "unique" portion of a host; by # +# default show the last 2 parts of the domain, # +# /16 subnet of IPv4 or /48 subnet of the IPv6 # +# address. # +# To change the number of shown parts, modify the # +# domainparts option. # # # # full Cloak the users completely, using three slices for # # common CIDR bans (IPv4: /16, /24; IPv6: /48, /64). # # # # The methods use a single key that can be any length of text. # # An optional prefix may be specified to mark cloaked hosts. # +# # +# IMPORTANT: Changing these details will break all of your existing # +# bans. If you do not want this to happen you can define multiple # +# cloak tags. The first will be used for cloaking and the rest will # +# be used for checking if a user is banned in a channel. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # # - -#-#-#-#-#-#-#-#-#-#-#-#- CLOSE MODULE #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Close module: Allows an oper to close all unregistered connections. -# This module is oper-only and provides the /CLOSE command. -# To use, CLOSE must be in one of your oper class blocks. -# +# key="changeme" +# domainparts="3" +# prefix="net-" +# ignorecase="no"> +# +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Clones module: Adds an oper command /CLONES for detecting cloned @@ -581,7 +626,7 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Connectban: Provides IP connection throttling. Any IP range that -# connects too many times (configurable) in an hour is Z-Lined for a +# connects too many times (configurable) in an hour is Z-lined for a # (configurable) duration, and their count resets to 0. # # @@ -601,7 +646,7 @@ # # #-#-#-#-#-#-#-#-#-#-#- CONNTHROTTLE CONFIGURATION -#-#-#-#-#-#-#-#-#-# -# seconds, maxconns - Amount of connections per . +# period, maxconns - Amount of connections per . # # timeout - Time to wait after the throttle was activated # before deactivating it. Be aware that the time @@ -613,11 +658,11 @@ # bootwait - Amount of time in seconds to wait before enforcing # the throttling when the server just booted. # -# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Custom prefixes: Allows for channel prefixes to be added. +# Custom prefixes: Allows for channel prefixes to be configured. # # # name The name of the mode, must be unique from other modes. @@ -626,12 +671,17 @@ # rank A numeric rank for this prefix, defining what permissions it gives. # The rank of voice, halfop and op is 10000, 20000, and 30000, # respectively. -# ranktoset The numeric rank required to set/unset this mode. Defaults to rank. +# ranktoset The numeric rank required to set this mode. Defaults to rank. +# ranktounset The numeric rank required to unset this mode. Defaults to ranktoset. # depriv Can you remove the mode from yourself? Defaults to yes. # # # -# +# +# You can also override the configuration of prefix modes added by both the core +# and other modules by adding a customprefix tag with change="yes" specified. +# +# # # Do /RELOADMODULE customprefix after changing the settings of this module. @@ -653,7 +703,7 @@ # # #<title name="bar" password="foo" host="ident@test.org" title="Official Chat Helper" vhost="helper.test.org"> -#<title name="foo" password="fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9" hash="sha256" title="Official Chat Helper"> +#<title name="foo" password="$2a$10$UYZ4OcO8NNTCCGyCdY9SK.2GHiqGgxZfHFPOPmWuxEVWVQTtoDC7C" hash="bcrypt" title="Official Chat Helper"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # DCCALLOW module: Adds the /DCCALLOW command. @@ -677,9 +727,24 @@ #<banfile pattern="*.txt" action="allow"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Deaf module: Adds support for the usermode +d - deaf to channel -# messages and channel notices. +# Deaf module: Adds support for user modes +d and +D: +# d - deaf to channel messages and notices. +# D - deaf to user messages and notices. +# The +D user mode is not enabled by default to enable link compatibility +# with 2.0 servers. #<module name="deaf"> +# +#-#-#-#-#-#-#-#-#-#-#-#- DEAF CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# +# bypasschars - Characters that bypass deaf to a regular user. +# bypasscharsuline - Characters that bypass deaf to a U-lined user (services). +# Both of these take a list of characters that must match +# the starting character of a message. +# If 'bypasscharsuline' is empty, then 'bypasschars' will +# match for both regular and U-lined users. +# enableprivdeaf - Whether to enable user mode +D (privdeaf). +# privdeafuline - Whether U-lined users bypass user mode +D (privdeaf). +# +#<deaf bypasschars="" bypasscharsuline="!" enableprivdeaf="no" privdeafuline="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Delay join module: Adds the channel mode +D which delays all JOIN @@ -722,23 +787,61 @@ # Glob masks are accepted here also. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Devoice module: Let users devoice themselves using /DEVOICE #chan. -#<module name="devoice"> +# Disable module: Provides support for disabling commands and modes. # +#<module name="disable"> +# +#-#-#-#-#-#-#-#-#-#-#-#- DISABLE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# +# # +# If you have the disable module loaded then you need to specify the # +# commands and modes that you want disabled. Users who have not fully # +# connected yet are exempt from this module so you can e.g. disable # +# the NICK command but still allow users to connect to the server. # +# # +# commands - A space-delimited list of commands that can not be used # +# by users. You can exempt server operators from this with # +# the servers/use-disabled-commands privilege. # +# # +# chanmodes - One or more channel modes that can not be added/removed # +# by users. You can exempt server operators from this # +# with the servers/use-disabled-modes privilege. # +# # +# usermodes - One or more user modes that can not be added/removed by # +# users. You can exempt server operators from this with # +# the servers/use-disabled-modes privilege. # +# # +# fakenonexistent - Whether to pretend that a disabled command/mode # +# does not exist when executed/changed by a user. # +# Defaults to no. # +# # +# notifyopers - Whether to send a notice to snomask `a` when a user # +# is prevented from using a disabled command/mode. # +# Defaults to no. # +# # +#<disabled commands="KICK TOPIC" # +# chanmodes="kp" # +# usermodes="iw" # +# fakenonexistent="yes" # +# notifyopers="no"> # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # DNS blacklist module: Provides support for looking up IPs on one or # # more blacklists. # -#<module name="dnsbl"> # +#<module name="dnsbl"> # # -# For configuration options please see the wiki page for dnsbl at # -# http://wiki.inspircd.org/Modules/dnsbl # +# For configuration options please see the docs page for dnsbl at # +# https://docs.inspircd.org/3/modules/dnsbl # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Exempt channel operators module: Provides support for allowing # -# channel operators to be exempt from some channel modes. Supported # -# modes are blockcaps, noctcp, blockcolor, nickflood, flood, censor, # -# filter, regmoderated, nonick, nonotice, and stripcolor. # -#<module name="exemptchanops"> # +# users of a specified channel status to be exempt from some channel # +# restriction modes. Supported restrictions are: # +# anticaps, auditorium-see, auditorium-vis, blockcaps, blockcolor, # +# censor, filter, flood, nickflood, noctcp, nonick, nonotice, # +# regmoderated, stripcolor, and topiclock. # +# See <options:exemptchanops> in inspircd.conf.example for a more # +# detailed list of the restriction modes that can be exempted. # +# These are settable using: /MODE #chan +X <restriction>:<status> # +#<module name="exemptchanops"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Filter module: Provides message filtering, similar to SPAMFILTER. # @@ -758,19 +861,27 @@ # stdlib - stdlib regexps, provided via regex_stdlib, see comment # # at the <module> tag for info on availability. # # # -#<filteropts engine="glob"> # +# If notifyuser is set to no, the user will not be notified when # +# their message is blocked. # +# # +# If warnonselfmsg is set to yes when a user sends a message to # +# themself that matches a filter the filter will be ignored and a # +# warning will be sent to opers instead. This stops spambots which # +# send their spam message to themselves first to check if it is being # +# filtered by the server. # +#<filteropts engine="glob" notifyuser="yes" warnonselfmsg="no"> +# # +# Your choice of regex engine must match on all servers network-wide. # # # -# Your choice of regex engine must match on all servers network-wide. -# # To learn more about the configuration of this module, read # # examples/filter.conf.example, which covers the various types of # # filters and shows how to add exemptions. # -# +# # #-#-#-#-#-#-#-#-#-#-#- FILTER CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # # # Optional - If you specify to use the filter module, then # # specify below the path to the filter.conf file, or define some # -# <filter> tags. # +# <keyword> tags. # # # #<include file="examples/filter.conf.example"> @@ -783,31 +894,54 @@ #<module name="flashpolicyd"> # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Gecos ban: Implements extended ban 'r', which stops anyone matching -# a mask like +b r:*realname?here* from joining a channel. +# Real name ban: Implements two extended bans: # +# 'a', which matches a n!u@h+realname mask like +b a:*!*@host+*real* # +# 'r', which matches a realname mask like +b r:*realname?here* # #<module name="gecosban"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# GeoIP module: Allows the server admin to match users by country code. -# This module is in extras. Re-run configure with: -# ./configure --enable-extras=m_geoip.cpp -# and run make install, then uncomment this module to enable it. -# This module requires GeoIP to be installed on your system, -# use your package manager to find the appropriate packages -# or check the InspIRCd wiki page for this module. -#<module name="geoip"> -# -# The actual allow/ban actions are done by connect classes, not by the -# GeoIP module. An example connect class to ban people from russia or -# turkey: -# -# <connect deny="*" geoip="TR,RU"> -# -# The country code must be in capitals and should be an ISO country -# code such as TR, GB, or US. Unknown IPs (localhost, LAN IPs, etc) -# will be assigned the country code "UNK". Since connect classes are -# matched from top down, your deny classes must be above your allow -# classes for them to match. +# Geolocation ban module: Adds support for extban 'G' which matches # +# against the ISO 3166-1 alpha-2 codes for the countries that users # +# are connecting from. Users connecting from unknown origins such as # +# internal networks can be matched against using the XX alpha-2 code. # +# A full list of ISO 3166-1 alpha-2 codes can be found at # +# https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 # +#<module name="geoban"> + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Geolocation connect class module: Adds support for limiting connect # +# classes to users from specific countries. With this module you can # +# specify a space-delimited list of two character the ISO 3166-1 # +# alpha-2 codes in the "country" field of a connect class. e.g. to # +# deny connections from users in Russia or Turkey: # +# # +# <connect deny="*" country="TR RU"> # +# # +# Users connecting from unknown origins such as internal networks can # +# be matched against using the XX alpha-2 code. A full list of ISO # +# 3166-1 alpha-2 codes can be found at # +# https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 # +#<module name="geoclass"> + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# MaxMindDB geolocation module: Provides geolocation information for # +# other modules that need it using the libMaxMindDB library. # +# # +# This module is in extras. Re-run configure with: # +# ./configure --enable-extras=m_geo_maxmind.cpp +# and run make install, then uncomment this module to enable it. # +# # +# This module requires libMaxMindDB to be installed on your system. # +# Use your package manager to find the appropriate packages or check # +# the InspIRCd documentation page for this module. # +#<module name="geo_maxmind"> +# # +# If you use the geo_maxmind module you MUST provide a database file # +# to look up geolocation information in. You can either purchase this # +# from MaxMind at https://www.maxmind.com/en/geoip2-country-database # +# or use the free CC-BY-SA licensed GeoLite2 Country database which # +# can be downloaded at https://dev.maxmind.com/geoip/geoip2/geolite2/ # +#<maxmind file="GeoLite2-Country.mmdb"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Globops module: Provides the /GLOBOPS command and snomask +g. @@ -824,6 +958,12 @@ # must be in one of your oper class blocks. #<module name="globalload"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# HAProxy module: Adds support for the HAProxy PROXY v2 protocol. To +# use this module specify hook="haproxy" in the <bind> tag that HAProxy +# has been configured to connect to. +#<module name="haproxy"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # HELPOP module: Provides the /HELPOP command #<module name="helpop"> @@ -833,7 +973,7 @@ # If you specify to use the helpop module, then specify below the # # path to the helpop.conf file. # # # -#<include file="examples/inspircd.helpop-full.example"> +#<include file="examples/helpop.conf.example"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Hide chans module: Allows users to hide their channels list from non- @@ -866,6 +1006,14 @@ # Only show invite exceptions (+I) to channel members: #<hidelist mode="invex" rank="0"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Hide mode module: Allows for hiding mode changes from users who do not +# have sufficient channel privileges. +#<module name="hidemode"> +# +# Hide bans (+b) from people who are not voiced: +#<hidemode mode="ban" rank="10000"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Hide oper module: Allows opers to hide their oper status from non- # opers by setting user mode +H on themselves. @@ -878,13 +1026,12 @@ # #-#-#-#-#-#-#-#-#-#-#- HOSTCHANGE CONFIGURATION -#-#-#-#-#-#-#-#-#-# # # -# See http://wiki.inspircd.org/Modules/hostchange for help. # +# See https://docs.inspircd.org/3/modules/hostchange for help. # # # -#<host suffix="invalid.org" separator="." prefix=""> -#<hostchange mask="*@42.theanswer.example.org" action="addnick"> -#<hostchange mask="*root@*" action="suffix"> +#<hostchange mask="*@42.theanswer.example.org" action="addaccount" suffix=".users.example.com"> +#<hostchange mask="*root@*" action="addnick" prefix="example/users/"> #<hostchange mask="a@example.com" action="set" value="foo.bar.baz"> -#<hostchange mask="localhost" ports="7000,7001,7005-7007" action="set" value="blahblah.foo"> +#<hostchange mask="*@localhost" ports="7000,7001,7005-7007" action="set" value="blahblah.foo"> # hostcycle: If loaded, when a user gets a host or ident set, it will # cycle them in all their channels. If not loaded it will simply change @@ -903,9 +1050,11 @@ # If you choose to use the httpd module, then you will need to add # a <bind> tag with type "httpd", and load at least one of the other # httpd_* modules to provide pages to display. +# <bind address="127.0.0.1" port="8067" type="httpd"> +# <bind address="127.0.0.1" port="8097" type="httpd" ssl="gnutls"> # # You can adjust the timeout for HTTP connections below. All HTTP -# connections will be closed after (roughly) this many seconds. +# connections will be closed after (roughly) this time period. #<httpd timeout="20"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -925,13 +1074,22 @@ # <httpdacl path="/*" types="blacklist" blacklist="*"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# HTTP config module: Allows the configuration of the server to be -# viewed over HTTP. Requires httpd to be loaded for it to function. +# HTTP config module: Allows the server configuration to be viewed over +# HTTP via the /config path. Requires the httpd module to be loaded for +# it to function. +# +# IMPORTANT: This module exposes extremely sensitive information about +# your server and users so you *MUST* protect it using a local-only +# <bind> tag and/or the httpd_acl module. See above for details. #<module name="httpd_config"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# HTTP stats module: Provides basic stats pages over HTTP. -# Requires httpd to be loaded for it to function. +# HTTP stats module: Provides server statistics over HTTP via the /stats +# path. Requires the httpd module to be loaded for it to function. +# +# IMPORTANT: This module exposes extremely sensitive information about +# your server and users so you *MUST* protect it using a local-only +# <bind> tag and/or the httpd_acl module. See above for details. #<module name="httpd_stats"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -947,13 +1105,12 @@ # the timeout for ident lookups here. If not defined, it will default # # to 5 seconds. This is a non-blocking timeout which holds the user # # in a 'connecting' state until the lookup is complete. # -# The bind value indicates which IP to bind outbound requests to. # -# nolookupprefix: If on, the idents of users being in a connect class # +# prefixunqueried: If on, the idents of users being in a connect class# # with ident lookups disabled (i.e. <connect useident="off">) will be # # prefixed with a "~". If off, the ident of those users will not be # # prefixed. Default is off. # # -#<ident timeout="5" nolookupprefix="no"> +#<ident timeout="5" prefixunqueried="no"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Invite exception module: Adds support for channel invite exceptions @@ -963,7 +1120,7 @@ #<inviteexception bypasskey="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# IRCv3 module: Provides the following IRCv3.1 extensions: +# IRCv3 module: Provides the following IRCv3 extensions: # extended-join, away-notify and account-notify. These are optional # enhancements to the client-to-server protocol. An extension is only # active for a client when the client specifically requests it, so this @@ -971,7 +1128,7 @@ # # Further information on these extensions can be found at the IRCv3 # working group website: -# http://ircv3.org/extensions/ +# https://ircv3.net/irc/ # #<module name="ircv3"> # The following block can be used to control which extensions are @@ -980,12 +1137,23 @@ #<ircv3 accountnotify="on" awaynotify="on" extendedjoin="on"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# IRCv3 cap-notify module: Provides the cap-notify IRCv3.2 extension. -# Required for IRCv3.2 conformance. +# IRCv3 account-tag module. Adds the 'account' tag which contains the +# services account name of the message sender. +#<module name="ircv3_accounttag"> + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# IRCv3 batch module: Provides the batch IRCv3 extension which allows +# the server to inform a client that a group of messages are related to +# each other. +#<module name="ircv3_batch"> + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# IRCv3 cap-notify module: Provides the cap-notify IRCv3 extension. +# Required for IRCv3 conformance. #<module name="ircv3_capnotify"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# IRCv3 chghost module: Provides the chghost IRCv3.2 extension which +# IRCv3 chghost module: Provides the chghost IRCv3 extension which # allows capable clients to learn when the host/ident of another user # changes without cycling the user. This module is compatible with the # hostcycle module. If both are loaded, clients supporting the chghost @@ -993,30 +1161,64 @@ #<module name="ircv3_chghost"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# IRCv3 echo-message module: Provides the echo-message IRCv3.2 +# IRCv3 client-to-client tags module: Provides the message-tags IRCv3 +# extension which allows clients to add extra data to their messages. +# This is used to support new IRCv3 features such as replies and ids. +#<module name="ircv3_ctctags"> + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# IRCv3 echo-message module: Provides the echo-message IRCv3 # extension which allows capable clients to get an acknowledgement when # their messages are delivered and learn what modifications, if any, # were applied to them. #<module name="ircv3_echomessage"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# IRCv3 invite-notify module: Provides the invite-notify IRCv3.2 +# IRCv3 invite-notify module: Provides the invite-notify IRCv3 # extension which notifies supporting clients when a user invites # another user into a channel. This respects <options:announceinvites>. #<module name="ircv3_invitenotify"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Join flood module: Adds support for join flood protection +j X:Y. -# Closes the channel for 60 seconds if X users join in Y seconds. -#<module name="joinflood"> +# IRCv3 message id module: Provides the msgid IRCv3 extension which +# adds a unique identifier to each message when the message-tags cap +# has been requested. This enables support for modern features such as +# reactions and replies. +#<module name="ircv3_msgid"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Jump server module: Adds support for the RPL_REDIR numeric. -# This module is oper-only. -# To use, JUMPSERVER must be in one of your oper class blocks. -# If your server is redirecting new clients and you get disconnected, -# do a REHASH from shell to open up again. -#<module name="jumpserver"> +# IRCv3 server-time module. Adds the 'time' tag which adds a timestamp +# to all messages received from the server. +#<module name="ircv3_servertime"> + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# IRCv3 Strict Transport Security module: Provides the sts IRCv3 +# extension which allows clients connecting insecurely to upgrade their +# connections to TLS. +#<module name="ircv3_sts"> +# +# If using the ircv3_sts module you MUST define a STS policy to send +# to clients using the <sts> tag. This tag takes the following +# attributes: +# +# host - A glob match for the SNI hostname to apply this policy to. +# duration - The amount of time that the policy lasts for. Defaults to +# approximately two months by default. +# port - The port on which TLS connections to the server are being +# accepted. You MUST have a CA-verified certificate on this +# port. Self signed certificates are not acceptable. +# preload - Whether client developers can include your certificate in +# preload lists. +# +# <sts host="*.example.com" duration="60d" port="6697" preload="yes"> + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Join flood module: Adds support for join flood protection +j X:Y. +# Closes the channel for N seconds if X users join in Y seconds. +#<module name="joinflood"> +# +# The number of seconds to close the channel for: +#<joinflood duration="1m"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Anti auto rejoin: Adds support for prevention of auto-rejoin (+J). @@ -1069,7 +1271,8 @@ # allowpattern="Guest* Bot*" # # killreason="Access denied" # # verbose="yes" # -# host="$uid.$ou.inspircd.org"> # +# host="$uid.$ou.inspircd.org" # +# useusername="no"> # # # # <ldapwhitelist cidr="10.42.0.0/16"> # # # @@ -1086,6 +1289,10 @@ # regardless of if they have an account, for example guest and bot # # users. # # # +# The useusername setting chooses whether the user's username or # +# nickname is used when locating a user account, if a username isn't # +# provided in PASS. # +# # # Killreason indicates the QUIT reason to give to users if they fail # # to authenticate. # # # @@ -1140,7 +1347,7 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Map hiding module: replaces /MAP and /LINKS output to users with a # -# message to see a website, set by maphide="http://test.org/map" in # +# message to see a website, set by maphide="https://test.org/map" in # # the <security> tag, instead. # #<module name="maphide"> @@ -1148,6 +1355,12 @@ # Message flood module: Adds message/notice flood protection via # channel mode +f. #<module name="messageflood"> +# +# The weight to give each message type. TAGMSGs are considered to be +# 1/5 of a NOTICE or PRIVMSG to avoid users being accidentally flooded +# out of a channel by automatic client features such as typing +# notifications. +#<messageflood notice="1.0" privmsg="1.0" tagmsg="0.2"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # MLOCK module: Adds support for server-side enforcement of services @@ -1178,15 +1391,15 @@ # #-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# # # -# mysql is more complex than described here, see the wiki for more # -# info: http://wiki.inspircd.org/Modules/mysql # +# mysql is more complex than described here, see the docs for more # +# info: https://docs.inspircd.org/3/modules/mysql # # #<database module="mysql" name="mydb" user="myuser" pass="mypass" host="localhost" id="my_database2"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Named modes module: Allows for the display and set/unset of channel # modes via long-form mode names via +Z and the /PROP command. -# For example, to set a ban, do /mode #channel +Z ban=foo!bar@baz or +# For example, to set a ban, do /MODE #channel +Z ban=foo!bar@baz or # /PROP #channel ban=foo!bar@baz #<module name="namedmodes"> @@ -1215,6 +1428,9 @@ # Nickchange flood protection module: Provides channel mode +F X:Y # which allows up to X nick changes in Y seconds. #<module name="nickflood"> +# +# The number of seconds to prevent nick changes for: +#<nickflood duration="1m"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Nicklock module: Let opers change a user's nick and then stop that @@ -1224,9 +1440,13 @@ #<module name="nicklock"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# No CTCP module: Adds the channel mode +C to block CTCPs and extban -# 'C' to block CTCPs sent by specific users. +# No CTCP module: Adds the channel mode +C and user mode +T to block +# CTCPs and extban 'C' to block CTCPs sent by specific users. #<module name="noctcp"> +# +# The +T user mode is not enabled by default to enable link compatibility +# with 2.0 servers. You can enable it by uncommenting this: +#<noctcp enableumode="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # No kicks module: Adds the +Q channel mode and the Q: extban to deny @@ -1253,7 +1473,7 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Network business join module: # Allows an oper to join a channel using /OJOIN, giving them +Y on the -# channel which makes them immune to kick/deop/etc. +# channel which makes them immune to kicks. #<module name="ojoin"> # # Specify the prefix that +Y will grant here. @@ -1266,7 +1486,7 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper channels mode: Adds the +O channel mode and extban O:<mask> # to ban, except, etc. specific oper types. For example -# /mode #channel +iI O:* is equivalent to channel mode +O, but you +# /MODE #channel +iI O:* is equivalent to channel mode +O, but you # may also set +iI O:AdminTypeOnly to only allow admins. # Modes +I and +e work in a similar fashion. #<module name="operchans"> @@ -1307,35 +1527,31 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper prefixing module: Adds a channel prefix mode +y which is given -# to all IRC operators automatically on all channels they are in. +# to all server operators automatically on all channels they are in. # This prefix mode is more powerful than channel op and other regular # prefix modes. # -# Load this module if you want all your IRC operators to have channel -# operator powers. +# Load this module if you want all your server operators to have +# channel operator powers. #<module name="operprefix"> # # You may additionally customise the prefix character. #<operprefix prefix="!"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Oper MOTD module: Provides support for separate message of the day +# Oper MOTD module: Provides support for a separate message of the day # on oper-up. # This module is oper-only. #<module name="opermotd"> # #-#-#-#-#-#-#-#-#-#-# OPERMOTD CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # -# If you are using the opermotd module, specify the motd here. # +# If you are using the opermotd module, specify the motd file here. # # # # onoper - If on, the message is sent on /OPER, otherwise it's # # only sent when /OPERMOTD is used. # # # -# processcolors - Allow color codes to be processed in the opermotd. # -# Read the comment above <connect:allowmotdcolors> in # -# inspircd.conf.example for details. # -# # -#<opermotd file="examples/opermotd.txt.example" onoper="yes" processcolors="false"> +#<opermotd file="examples/opermotd.txt.example" onoper="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Override module: Adds support for oper override. @@ -1344,8 +1560,19 @@ # #-#-#-#-#-#-#-#-#-#-# OVERRIDE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # -# override is too complex it describe here, see the wiki: # -# http://wiki.inspircd.org/Modules/override # +# Much of override's configuration relates to your oper blocks. # +# For more information on how to allow opers to override, see: # +# https://docs.inspircd.org/3/modules/override # +# # +# noisy - If enabled, all oper overrides will be announced # +# via channel notice. # +# # +# requirekey - If enabled, overriding on join requires a channel # +# key of "override" to be specified. # +# # +# enableumode - If enabled, user mode +O is required for override. # +# # +#<override noisy="yes" requirekey="no" enableumode="true"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper levels module: Gives each oper a level and prevents actions @@ -1358,7 +1585,7 @@ # Oper modes module: Allows you to specify modes to add/remove on oper. # Specify the modes as the 'modes' parameter of the <type> tag # and/or as the 'modes' parameter of the <oper> tag. -# This module is oper-only. For the user equivalent, see the +# This module is oper-only. For the user equivalent, see the # conn_umodes module. #<module name="opermodes"> @@ -1381,11 +1608,11 @@ # cmd: Command for the user to run when it receives a connect # password. - cmd="PRIVMSG $nickrequired :IDENTIFY $pass"> + cmd="SQUERY $nickrequired :IDENTIFY $pass"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Password hash module: Allows hashed passwords to be used. -# To be useful, a hashing module like sha256 also needs to be loaded. +# To be useful, a hashing module like bcrypt also needs to be loaded. #<module name="password_hash"> # #-#-#-#-#-#-#-#-#-# PASSWORD HASH CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# @@ -1395,12 +1622,14 @@ # # <oper name="Brain" # host="ident@dialup15.isp.test.com" -# hash="sha256" -# password="01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b" +# hash="bcrypt" +# password="$2a$10$Mss9AtHHslZTLBrXqM0FB.JBwD.UTSu8A48SfrY9exrpxbsRiRTbO" # type="NetAdmin"> # -# Starting from 2.0, you can use a more secure salted hash that prevents simply -# looking up the hash's value in a rainbow table built for the hash. +# If you are using a hash algorithm which does not perform salting you can use +# HMAC to salt your passwords in order to prevent them from being looked up in +# a rainbow table. +# # hash="hmac-sha256" password="lkS1Nbtp$CyLd/WPQXizsbxFUTqFRoMvaC+zhOULEeZaQkUJj+Gg" # # Generate hashes using the /MKPASSWD command on the server. @@ -1435,11 +1664,15 @@ # # If 'listmodes' is true then all list modes (+b, +I, +e, +g...) will be # saved. Defaults to false. -#<permchanneldb filename="permchannels.conf" listmodes="true"> +# +# 'saveperiod' determines how often to check if the database needs to be +# saved to disk. Defaults to every five seconds. +#<permchanneldb filename="permchannels.conf" +# listmodes="true" +# saveperiod="5s"> #<include file="permchannels.conf"> # # You may also create channels on startup by using the <permchannels> block. -# Don't forget to set them +P in the modes, or they won't stay permanent. #<permchannels channel="#opers" modes="isP" topic="Opers only."> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1452,8 +1685,8 @@ # #-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# # # -# pgsql is more complex than described here, see the wiki for # -# more: http://wiki.inspircd.org/Modules/pgsql # +# pgsql is more complex than described here, see the docs for # +# more: https://docs.inspircd.org/3/modules/pgsql # # #<database module="pgsql" name="mydb" user="myuser" pass="mypass" host="localhost" id="my_database" ssl="no"> @@ -1461,6 +1694,10 @@ # Muteban: Implements extended ban 'm', which stops anyone matching # a mask like +b m:nick!user@host from speaking on channel. #<module name="muteban"> +# +# If notifyuser is set to no, the user will not be notified when +# their message is blocked. +#<muteban notifyuser="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Random quote module: Provides a random quote on connect. @@ -1476,21 +1713,14 @@ #<randquote file="quotes.txt"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Redirect module: Adds channel redirection mode +L. # -# Optional: <redirect:antiredirect> to add usermode +L to stop forced # -# redirection and instead print an error. # -# # -# Note: You can not update this with a simple rehash, it requires # -# reloading the module for it to take effect. # -# This also breaks linking to servers that do not have the option. # -# This defaults to false for the 2.0 version, it will be enabled in # -# all the future versions. # +# Redirect module: Adds channel mode +L which redirects users to # +# another channel when the channel has reached its user limit and # +# user mode +L which stops redirection. # #<module name="redirect"> -#<redirect antiredirect="true"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Regular expression provider for glob or wildcard (?/*) matching. -# You must have at least 1 provider loaded to use the filter or rline +# You must have at least 1 provider loaded to use the filter or R-line # modules. This module has no additional requirements, as it uses the # matching already present in InspIRCd core. #<module name="regex_glob"> @@ -1499,7 +1729,7 @@ # Regular expression provider for PCRE (Perl-Compatible Regular # Expressions). You need libpcre installed to compile and load this # module. You must have at least 1 provider loaded to use the filter or -# rline modules. +# R-line modules. #<module name="regex_pcre"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1512,7 +1742,7 @@ # Regular expression provider for POSIX regular expressions. # You shouldn't need any additional libraries on a POSIX-compatible # system (i.e.: any Linux, BSD, but not Windows). You must have at -# least 1 provider loaded to use filter or rline. +# least 1 provider loaded to use the filter or R-line modules. # On POSIX-compliant systems, regex syntax can be found by using the # command: 'man 7 regex'. #<module name="regex_posix"> @@ -1539,17 +1769,10 @@ # to compile and load this module. #<module name="regex_tre"> -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Registered users only channel creation module. If enabled, only -# registered users and opers can create new channels. -# -# You probably *DO NOT* want to load this module on a public network. -# -#<module name="regonlycreate"> - #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Remove module: Adds the /REMOVE command which is a peaceful -# alternative to /KICK. +# alternative to /KICK. It also provides the /FPART command which works +# in the same way as /REMOVE. #<module name="remove"> # # supportnokicks: If true, /REMOVE is not allowed on channels where the @@ -1559,31 +1782,47 @@ #<remove supportnokicks="true" protectedrank="50000"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# A module to block, kick or ban upon similar messages being uttered several times. -# Syntax [~*][lines]:[sec]{[:difference]}{[:matchlines]} -# ~ is to block, * is to ban, default is kick. -# lines - In mode 1 the amount of lines that has to match consecutively - In mode 2 the size of the backlog to keep for matching -# seconds - How old the message has to be before it's invalidated. -# distance - Edit distance, in percent, between two strings to trigger on. -# matchlines - When set, the function goes into mode 2. In this mode the function will trigger if this many of the last <lines> matches. +# Repeat module: Allows to block, kick or ban upon similar messages +# being uttered several times. Provides channel mode +E. +# +# Syntax: [~|*]<lines>:<sec>[:<difference>][:<backlog>] +# ~ is to block, * is to ban, default is kick. +# lines - In mode 1, the amount of lines that has to match consecutively. +# In mode 2, the size of the backlog to keep for matching. +# seconds - How old the message has to be before it's invalidated. +# difference - Edit distance, in percent, between two strings to trigger on. +# backlog - When set, the function goes into mode 2. In this mode the +# function will trigger if this many of the last <lines> matches. # # As this module can be rather CPU-intensive, it comes with some options. -# maxbacklog - Maximum size that can be specified for backlog. 0 disables multiline matching. -# maxdistance - Max percentage of difference between two lines we'll allow to match. Set to 0 to disable edit-distance matching. -# maxlines - Max lines of backlog to match against. -# maxsecs - Maximum value of seconds a user can set. 0 to allow any. -# size - Maximum number of characters to check for, can be used to truncate messages -# before they are checked, resulting in less CPU usage. Increasing this beyond 512 -# doesn't have any effect, as the maximum length of a message on IRC cannot exceed that. -#<repeat maxbacklog="20" maxlines="20" maxdistance="50" maxsecs="0" size="512"> +# maxbacklog - Maximum size that can be specified for backlog. 0 disables +# multiline matching. +# maxdistance - Max percentage of difference between two lines we'll allow +# to match. Set to 0 to disable edit-distance matching. +# maxlines - Max lines of backlog to match against. +# maxtime - Maximum period of time a user can set. 0 to allow any. +# size - Maximum number of characters to check for, can be used to +# truncate messages before they are checked, resulting in +# less CPU usage. Increasing this beyond 512 doesn't have +# any effect, as the maximum length of a message on IRC +# cannot exceed that. +#<repeat maxbacklog="20" maxdistance="50" maxlines="20" maxtime="0" size="512"> #<module name="repeat"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Restricted channels module: Allows only opers to create channels. +# Restricted channels module: Allows only opers with the +# channels/restricted-create priv and/or registered users to +# create channels. # # You probably *DO NOT* want to load this module on a public network. # #<module name="restrictchans"> +# +# allowregistered: should registered users be allowed to bypass the restrictions? +#<restrictchans allowregistered="no"> +# +# Allow any channel matching #user-* to be created, bypassing restrictchans checks +#<allowchannel name="#user-*"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Restrict message module: Allows users to only message opers. @@ -1593,7 +1832,7 @@ #<module name="restrictmsg"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# R-Line module: Ban users through regular expression patterns. +# R-line module: Ban users through regular expression patterns. #<module name="rline"> # #-#-#-#-#-#-#-#-#-#-#-#- RLINE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1601,16 +1840,18 @@ # If you wish to re-check a user when they change nickname (can be # useful under some situations, but *can* also use CPU with more users # on a server) then set 'matchonnickchange' to yes. +# If you additionally want Z-lines to be added on matches, then +# set 'zlineonmatch' to yes. # Also, this is where you set what Regular Expression engine is to be -# used. If you ever change it while running, all of your R-Lines will -# be wiped. This is the regex engine used by all R-Lines set, and +# used. If you ever change it while running, all of your R-lines will +# be wiped. This is the regex engine used by all R-lines set, and # regex_<engine> must be loaded, or rline will be non-functional # until you load it or change the engine to one that is loaded. # -#<rline matchonnickchange="yes" engine="pcre"> +#<rline matchonnickchange="yes" zlineonmatch="no" engine="pcre"> # -# Generally, you will NOT want to use 'glob' here, as this turns -# rline into just another gline. The exceptions are that rline will +# Generally, you will NOT want to use 'glob' here, as this turns an +# R-line into just another G-line. The exceptions are that R-lines will # always use the full "nick!user@host realname" string, rather than only # user@host, but beware that only the ? and * wildcards are available, # and are the only way to specify where the space can occur if you do @@ -1618,10 +1859,11 @@ # so that at least \s or [[:space:]] is available. #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# RMODE module: Adds the /RMODE command -# Allows channel mods to remove list modes en masse. -# Syntax: /rmode <channel> <mode> [pattern] -# E.g. '/rmode #Channel b m:*' will remove all mute-extbans on the channel. +# RMODE module: Adds the /RMODE command. +# Allows channel operators to remove list modes en masse, optionally +# matching a glob-based pattern. +# Syntax: /RMODE <channel> <mode> [<pattern>] +# E.g. '/RMODE #channel b m:*' will remove all mute extbans on the channel. #<module name="rmode"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1680,6 +1922,12 @@ # Layer via AUTHENTICATE. Note: You also need to have cap loaded # for SASL to work. #<module name="sasl"> +# Define the following to your services server name to improve security +# by ensuring the SASL messages are only sent to the services server +# and not to all connected servers. This prevents a rogue server from +# capturing SASL messages and disables the SASL cap when services is +# down. +#<sasl target="services.mynetwork.com"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Secure list module: Prevent /LIST in the first minute of connection, @@ -1688,18 +1936,17 @@ # #-#-#-#-#-#-#-#-#-# SECURELIST CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# # # -# Securelist can be harmful to some IRC search engines such as # -# netsplit.de and searchirc.com. To prevent securelist blocking these # -# sites from listing, define exception tags as shown below: # -#<securehost exception="*@*.searchirc.org"> +# Securelist can be harmful to some IRC search engines. To prevent # +# securelist blocking these sites from listing, define exception tags # +# as shown below: # #<securehost exception="*@*.netsplit.de"> -#<securehost exception="*@echo940.server4you.de"> #<securehost exception="*@*.ircdriven.com"> +#<securehost exception="*@*.ircs.me"> # # # Define the following variable to change how long a user must wait # # before issuing a LIST. If not defined, defaults to 60 seconds. # # # -#<securelist waittime="60"> # +#<securelist waittime="1m"> # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Servprotect module: Provides support for Austhex style +k / @@ -1719,7 +1966,7 @@ #<module name="setidle"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Services support module: Adds several usermodes such as +R and +M. +# Services support module: Adds several user modes such as +R and +M. # This module implements the 'identified' state via account names, # and is similar in operation to the way asuka and ircu handle services. # @@ -1749,10 +1996,23 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SETNAME module: Adds the /SETNAME command. #<module name="setname"> +# +#-#-#-#-#-#-#-#-#-#-#-#- SETNAME CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# +# # +# operonly - Whether the SETNAME command should only be usable by # +# server operators. Defaults to no. # +# # +# notifyopers - Whether to send a snotice to snomask `a` when a user # +# changes their real name. Defaults to to yes if # +# oper-only and no if usable by everyone. # +# # +#<setname notifyopers="yes" +# operonly="no"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Serverban: Implements extended ban 's', which stops anyone connected # to a server matching a mask like +b s:server.mask.here from joining. +# Wildcards are accepted. #<module name="serverban"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1765,7 +2025,7 @@ # they enter a command. # # This module adds one command for each <showfile> tag that shows the # # given file to the user as a series of messages or numerics. # -#<module name="showfile"> # +#<module name="showfile"> # # #-#-#-#-#-#-#-#-#-#-# SHOWFILE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# # # @@ -1778,9 +2038,6 @@ # (similar to /MOTD; the default). # # * notice: Send contents as a series of notices. # # * msg: Send contents as a series of private messages. # -# colors - If true, color codes (\c, \b, \u, etc.) will be processed # -# and sent as ANSI colors. If false (default) the file will # -# be displayed as-is. # # # # When using the method "numeric", the following extra settings are # # available: # @@ -1793,12 +2050,11 @@ # # #<showfile name="RULES" # file="rules.txt" -# colors="true" # introtext="Server rules:" # endtext="End of server rules."> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Show whois module: Adds the +W usermode which allows opers to see +# Show whois module: Adds the +W user mode which allows opers to see # when they are /WHOIS'd. # This module is oper-only by default. #<module name="showwhois"> @@ -1826,17 +2082,31 @@ # You can optionally let the user know that their command was blocked. # # You may also let SHUN affect opers (defaults to no). -#<shun enabledcommands="PING PONG QUIT PART JOIN" notifyuser="yes" affectopers="no"> +#<shun enabledcommands="ADMIN PING PONG QUIT PART JOIN" notifyuser="yes" affectopers="no"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# SSL channel mode module: Adds support for SSL-only channels via -# channel mode +z and the 'z' extban which matches SSL client -# certificate fingerprints. -# Does not do anything useful without a working SSL module (see below). +# SSL mode module: Adds support for SSL-only channels via the '+z' +# channel mode, SSL-only private messages via the '+z' user mode and +# the 'z:' extban which matches SSL client certificate fingerprints. +# +# Does not do anything useful without a working SSL module and the +# sslinfo module (see below). #<module name="sslmodes"> +# +# The +z user mode is not enabled by default to enable link compatibility +# with 2.0 servers. You can enable it by uncommenting this: +#<sslmodes enableumode="yes"> + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# SSL rehash signal module: Allows the SSL modules to be rehashed by +# sending SIGUSR1 to a running InspIRCd process. +# This modules is in extras. Re-run configure with: +# ./configure --enable-extras=m_sslrehashsignal.cpp +# and run make install, then uncomment this module to enable it. +#<module name="sslrehashsignal"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# GnuTLS SSL module: Adds support for SSL connections using GnuTLS, +# GnuTLS SSL module: Adds support for SSL/TLS connections using GnuTLS, # if enabled. You must answer 'yes' in ./configure when asked or # manually symlink the source for this module from the directory # src/modules/extra, if you want to enable this, or it will not load. @@ -1844,30 +2114,40 @@ # #-#-#-#-#-#-#-#-#-#-#- GNUTLS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # # -# ssl_gnutls is too complex to describe here, see the wiki: # -# http://wiki.inspircd.org/Modules/ssl_gnutls # +# ssl_gnutls is too complex to describe here, see the docs: # +# https://docs.inspircd.org/3/modules/ssl_gnutls # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SSL info module: Allows users to retrieve information about other -# users' peer SSL certificates and keys. This can be used by client -# scripts to validate users. For this to work, one of ssl_gnutls -# or ssl_openssl must be loaded. This module also adds the -# "* <user> is using a secure connection" whois line, the ability for -# opers to use SSL cert fingerprints to verify their identity and the -# ability to force opers to use SSL connections in order to oper up. -# It is highly recommended to load this module if you use SSL on your -# network. -# For how to use the oper features, please see the first example <oper> tag -# in opers.conf.example. +# users' peer SSL certificates and keys via the SSLINFO command. +# This can be used by client scripts to validate users. For this to +# work, one of ssl_gnutls, ssl_mbedtls or ssl_openssl must be loaded. +# This module also adds the "<user> is using a secure connection" +# and "<user> has client certificate fingerprint <fingerprint>" +# WHOIS lines, the ability for opers to use SSL cert fingerprints to +# verify their identity and the ability to force opers to use SSL +# connections in order to oper up. It is highly recommended to load +# this module if you use SSL on your network. +# For how to use the oper features, please see the first +# example <oper> tag in opers.conf.example. # #<module name="sslinfo"> +# +# If you want to prevent users from viewing SSL certificate information +# and fingerprints of other users, set operonly to yes. +#<sslinfo operonly="no"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # mbedTLS SSL module: Adds support for SSL/TLS connections using mbedTLS. #<module name="ssl_mbedtls"> +# +#-#-#-#-#-#-#-#-#-#-#- MBEDTLS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# +# # +# ssl_mbedtls is too complex to describe here, see the docs: # +# https://docs.inspircd.org/3/modules/ssl_mbedtls # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# OpenSSL SSL module: Adds support for SSL connections using OpenSSL, +# OpenSSL SSL module: Adds support for SSL/TLS connections using OpenSSL, # if enabled. You must answer 'yes' in ./configure when asked or symlink # the source for this module from the directory src/modules/extra, if # you want to enable this, or it will not load. @@ -1875,8 +2155,8 @@ # #-#-#-#-#-#-#-#-#-#-#- OPENSSL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # # -# ssl_openssl is too complex to describe here, see the wiki: # -# http://wiki.inspircd.org/Modules/ssl_openssl # +# ssl_openssl is too complex to describe here, see the docs: # +# https://docs.inspircd.org/3/modules/ssl_openssl # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Strip color module: Adds channel mode +S that strips color codes and @@ -1898,57 +2178,53 @@ # SQLite3 module: Allows other SQL modules to access SQLite3 # # databases through a unified API. # # This module is in extras. Re-run configure with: # -# ./configure --enable-extras=m_sqlite.cpp +# ./configure --enable-extras=m_sqlite3.cpp # and run make install, then uncomment this module to enable it. # # #<module name="sqlite3"> # #-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# # # -# sqlite is more complex than described here, see the wiki for more # -# info: http://wiki.inspircd.org/Modules/sqlite3 # +# sqlite is more complex than described here, see the docs for more # +# info: https://docs.inspircd.org/3/modules/sqlite3 # # #<database module="sqlite" hostname="/full/path/to/database.db" id="anytext"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SQL authentication module: Allows IRCd connections to be tied into # a database table (for example a forum). -# This module is in extras. Re-run configure with: -# ./configure --enable-extras=m_sqlauth.cpp -# and run make install, then uncomment this module to enable it. # #<module name="sqlauth"> # #-#-#-#-#-#-#-#-#-#-#- SQLAUTH CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # # -# sqlauth is too complex to describe here, see the wiki: # -# http://wiki.inspircd.org/Modules/sqlauth # +# sqlauth is too complex to describe here, see the docs: # +# https://docs.inspircd.org/3/modules/sqlauth # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# SQL oper module: Allows you to store oper credentials in an SQL table -# This module is in extras. Re-run configure with: -# ./configure --enable-extras=m_sqloper.cpp -# and run make install, then uncomment this module to enable it. +# SQL oper module: Allows you to store oper credentials in an SQL +# table. You can add additional table columns like you would config +# tags in opers.conf. Opers in opers.conf will override opers from +# this module. # #<module name="sqloper"> # #-#-#-#-#-#-#-#-#-#-#- SQLOPER CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # # # dbid - Database ID to use (see SQL modules). # -# hash - Hashing provider to use for password hashing. # # # -# See also: http://wiki.inspircd.org/Modules/sqloper # +# See also: https://docs.inspircd.org/3/modules/sqloper # # # -#<sqloper dbid="1" hash="md5"> +#<sqloper dbid="1"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # StartTLS module: Implements STARTTLS, which allows clients # # connected to non SSL enabled ports to enable SSL, if a proper SSL # -# module is loaded (either ssl_gnutls or ssl_openssl). # +# module is loaded (either ssl_gnutls, ssl_mbedtls or ssl_openssl). # #<module name="starttls"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# SVSHold module: Implements SVSHOLD. Like Q:Lines, but can only be # +# SVSHold module: Implements SVSHOLD. Like Q-lines, but can only be # # added/removed by Services. # #<module name="svshold"> # SVSHOLD does not generate server notices by default, you can turn @@ -2014,7 +2290,7 @@ # host - Vhost to set. # # #<vhost user="some_username" pass="some_password" host="some.host.test.cc"> -#<vhost user="foo" password="fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9" hash="sha256" host="some.other.host.example.com"> +#<vhost user="foo" password="$2a$10$iTuYLT6BRhRlOgzfsW9oPe62etW.oXwSpyKw5rJit64SGZanLXghO" hash="bcrypt" host="some.other.host.example.com"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Watch module: Adds the WATCH command, which is used by clients to @@ -2030,17 +2306,30 @@ # WebSocket connections. Compatible with SSL/TLS. # Requires SHA-1 hash support available in the sha1 module. #<module name="websocket"> +# +# Whether to re-encode messages as UTF-8 before sending to WebSocket +# clients. This is recommended as the WebSocket protocol requires all +# text frames to be sent as UTF-8. If you do not have this enabled +# messages will be sent as binary frames instead. +#<websocket sendastext="yes"> +# +# If you use the websocket module you MUST specify one or more origins +# which are allowed to connect to the server. You should set this as +# strict as possible to prevent malicious webpages from connecting to +# your server. +# <wsorigin allow="https://*.example.com"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# XLine database: Stores all *Lines (G/Z/K/R/any added by other modules) +# X-line database: Stores all *-lines (G/Z/K/R/any added by other modules) # in a file which is re-loaded on restart. This is useful # for two reasons: it keeps bans so users may not evade them, and on # bigger networks, server connections will take less time as there will # be a lot less bans to apply - as most of them will already be there. #<module name="xline_db"> -# Specify the filename for the xline database here. -#<xlinedb filename="data/xline.db"> +# Specify the filename for the xline database and how often to check whether +# the database needs to be saved here. +#<xlinedb filename="xline.db" saveperiod="5s"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # ____ _ _____ _ _ ____ _ _ _ #