X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=docs%2Fconf%2Fmodules.conf.example;h=b2d759ff817c75e8131518e6b97aab39d6384dd9;hb=96cc8bf4813877724d011531da1923aa457d8542;hp=93e26059c73d812e4a64fb5f2675c4850f954381;hpb=bb4aa10ed82612624da45d0c9592ddf7f2f51ab5;p=user%2Fhenk%2Fcode%2Finspircd.git

diff --git a/docs/conf/modules.conf.example b/docs/conf/modules.conf.example
index 93e26059c..b2d759ff8 100644
--- a/docs/conf/modules.conf.example
+++ b/docs/conf/modules.conf.example
@@ -10,7 +10,7 @@
 #                                                                     #
 #  By default, ALL modules are commented out. You must uncomment them #
 #  or add lines to your config to load modules. Please refer to       #
-#  http://wiki.inspircd.org/Modules for a list of modules and         #
+#  https://wiki.inspircd.org/3.0/Modules for a list of modules and    #
 #  each modules link for any additional conf tags they require.       #
 #                                                                     #
 #    ____                _   _____ _     _       ____  _ _   _        #
@@ -231,8 +231,8 @@
 # If you have the blockamsg module loaded, you can configure it with  #
 # the <blockamsg> tag:                                                #
 #                                                                     #
-# delay          -   How many seconds between two messages to force   #
-#                    them to be recognised as unrelated.              #
+# delay          -   How much time between two messages to force them #
+#                    to be recognised as unrelated.                   #
 # action         -   Any of 'notice', 'noticeopers', 'silent', 'kill' #
 #                    or 'killopers'. Define how to take action when   #
 #                    a user uses /amsg or /ame.                       #
@@ -281,13 +281,13 @@
 # tracknick      - Preserve /accept entries when a user changes nick? #
 #                  If no (the default), the user is removed from      #
 #                  everyone's accept list if he changes nickname.     #
-# cooldown       - Amount of time (in seconds) that must pass since   #
-#                  the last notification sent to a user before he can #
-#                  be sent another. Default is 60 (1 minute).         #
+# cooldown       - Amount of time that must pass since the last       #
+#                  notification sent to a user before he can be sent  #
+#                  another. Default is 1 minute.                      #
 #<callerid maxaccepts="16"
 #          operoverride="no"
 #          tracknick="no"
-#          cooldown="60">
+#          cooldown="1m">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # CAP module: Provides the CAP negotiation mechanism required by the
@@ -309,47 +309,63 @@
 #                                                                     #
 # Optional - If you specify to use the censor module, then you must   #
 # specify some censor tags. See also:                                 #
-# http://wiki.inspircd.org/Modules/censor                             #
+# https://wiki.inspircd.org/Modules/3.0/censor                        #
 #
 #<include file="examples/censor.conf.example">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# CGI:IRC module: Adds support for automatic host changing in CGI:IRC
-# (http://cgiirc.sourceforge.net).
-# Adds snomask +w for monitoring CGI:IRC connections.
+# CGI:IRC module: Enables forwarding the real IP address of a user from
+# a gateway to the IRC server.
 #<module name="cgiirc">
 #
 #-#-#-#-#-#-#-#-#-#-#-# CGIIRC  CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
 #
-# Optional - If you specify to use cgiirc, then you must specify one
-# or more cgihost tags which indicate authorised CGI:IRC servers which
-# will be connecting to your network, and an optional cgiirc tag.
-# For more information see: http://wiki.inspircd.org/Modules/cgiirc
-#
-# Set to yes if you want to notice opers when CGI:IRC clients connect.
+# If you use the cgiirc module then you must specify the gateways which
+# are authorised to forward IP/host information to your server. There
+# are currently two ways to do this:
+#
+# The webirc method is the recommended way to allow gateways to forward
+# IP/host information. When using this method the gateway sends a WEBIRC
+# message to the server on connection. For more details please read the
+# IRCv3 WebIRC specification at http://ircv3.net/specs/extensions/webirc.html.
+#
+# When using this method you must specify a wildcard mask or CIDR range
+# to allow gateway connections from and at least one of either a SSL
+# client certificate fingerprint for the gateway or a password to be
+# sent in the WEBIRC command.
+#
+# <cgihost type="webirc"
+#          fingerprint="bd90547b59c1942b85f382bc059318f4c6ca54c5"
+#          mask="192.0.2.0/24">
+# <cgihost type="webirc"
+#          password="$2a$10$WEUpX9GweJiEF1WxBDSkeODBstIBMlVPweQTG9cKM8/Vd58BeM5cW"
+#          hash="bcrypt"
+#          mask="*.webirc.gateway.example.com">
+#
+# Alternatively if your gateway does not support sending the WEBIRC
+# message then you can configure InspIRCd to look for the client IP
+# address in the ident sent by the user. This is not recommended as it
+# only works with IPv4 connections.
+#
+# When using this method you must specify a wildcard mask or CIDR range to
+# allow gateway connections from.
+#
+# <cgihost type="ident" mask="198.51.100.0/24">
+# <cgihost type="ident" mask="*.ident.gateway.example.com">
+#
+# By default gateway connections are logged to the +w snomask. If you
+# do not want this to happen then you can uncomment this to disable it.
 # <cgiirc opernotice="no">
-#
-# The type field indicates where the module should get the real
-# client's IP address from, for further information, please see the
-# CGI:IRC documentation.
-#
-# Old style:
-# <cgihost type="pass" mask="www.example.com">       # Get IP from PASS
-# <cgihost type="ident" mask="otherbox.example.com"> # Get IP from ident
-# <cgihost type="passfirst" mask="www.example.com">  # See the docs
-# New style:
-# <cgihost type="webirc" password="foobar"
-#   mask="somebox.example.com">                      # Get IP from WEBIRC
-#
+
 # IMPORTANT NOTE:
 # ---------------
 #
-# When you connect CGI:IRC clients, there are two connect classes which
+# When you connect gateway clients, there are two connect classes which
 # apply to these clients. When the client initially connects, the connect
-# class which matches the CGI:IRC site's host is checked. Therefore you
-# must raise the maximum local/global clients for this ip as high as you
-# want to allow cgi clients. After the client has connected and is
-# determined to be a cgi:irc client, the class which matches the client's
+# class which matches the gateway site's host is checked. Therefore you
+# must raise the maximum local/global clients for this IP as high as you
+# want to allow gateway clients. After the client has connected and is
+# determined to be a gateway client, the class which matches the client's
 # real IP is then checked. You may set this class to a lower value, so that
 # the real IP of the client can still be restricted to, for example, 3
 # sessions maximum.
@@ -483,9 +499,12 @@
 #                                                                     #
 # There are two methods of cloaking:                                  #
 #                                                                     #
-#   half           Cloak only the "unique" portion of a host; show    #
-#                  the last 2 parts of the domain, /16 subnet of IPv4 #
-#                  or /48 subnet of the IPv6 address.                 #
+#   half           Cloak only the "unique" portion of a host; by      #
+#                  default show the last 2 parts of the domain,       #
+#                  /16 subnet of IPv4 or /48 subnet of the IPv6       #
+#                  address.                                           #
+#                  To change the number of shown parts, modify the    #
+#                  domainparts option.                                #
 #                                                                     #
 #   full           Cloak the users completely, using three slices for #
 #                  common CIDR bans (IPv4: /16, /24; IPv6: /48, /64). #
@@ -496,6 +515,7 @@
 #
 #<cloak mode="half"
 #       key="secret"
+#       domainparts="3"
 #       prefix="net-">
 
 #-#-#-#-#-#-#-#-#-#-#-#- CLOSE MODULE #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
@@ -588,7 +608,7 @@
 #<module name="connflood">
 #
 #-#-#-#-#-#-#-#-#-#-#- CONNTHROTTLE CONFIGURATION  -#-#-#-#-#-#-#-#-#-#
-#  seconds, maxconns -  Amount of connections per <seconds>.
+#  period, maxconns -  Amount of connections per <period>.
 #
 #  timeout           -  Time to wait after the throttle was activated
 #                       before deactivating it. Be aware that the time
@@ -604,7 +624,7 @@
 #   quitmsg="Throttled" bootwait="10">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Custom prefixes: Allows for channel prefixes to be added.
+# Custom prefixes: Allows for channel prefixes to be configured.
 #<module name="customprefix">
 #
 # name       The name of the mode, must be unique from other modes.
@@ -613,12 +633,17 @@
 # rank       A numeric rank for this prefix, defining what permissions it gives.
 #            The rank of voice, halfop and op is 10000, 20000, and 30000,
 #            respectively.
-# ranktoset  The numeric rank required to set/unset this mode. Defaults to rank.
+# ranktoset  The numeric rank required to set this mode. Defaults to rank.
+# ranktounset The numeric rank required to unset this mode. Defaults to ranktoset.
 # depriv     Can you remove the mode from yourself? Defaults to yes.
 #<customprefix name="founder" letter="q" prefix="~" rank="50000" ranktoset="50000">
 #<customprefix name="admin" letter="a" prefix="&amp;" rank="40000" ranktoset="50000">
 #<customprefix name="halfop" letter="h" prefix="%" rank="20000" ranktoset="30000">
-#<customprefix name="halfvoice" letter="V" prefix="-" rank="1" ranktoset="20000">
+#
+# You can also override the configuration of prefix modes added by both the core
+# and other modules by adding a customprefix tag with change="yes" specified.
+# <customprefix name="op" change="yes" rank="30000" ranktoset="30000">
+# <customprefix name="voice" change="yes" rank="10000" ranktoset="10000" depriv="no">
 #
 # Do /RELOADMODULE customprefix after changing the settings of this module.
 
@@ -708,17 +733,13 @@
 #<goodchan name="#funtimes">                                          #
 # Glob masks are accepted here also.                                  #
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Devoice module: Let users devoice themselves using /DEVOICE #chan.
-#<module name="devoice">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # DNS blacklist module: Provides support for looking up IPs on one or #
 # more blacklists.                                                    #
 #<module name="dnsbl">                                                #
 #                                                                     #
 # For configuration options please see the wiki page for dnsbl at     #
-# http://wiki.inspircd.org/Modules/dnsbl                              #
+# https://wiki.inspircd.org/Modules/3.0/dnsbl                         #
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Exempt channel operators module: Provides support for allowing      #
@@ -865,7 +886,7 @@
 #
 #-#-#-#-#-#-#-#-#-#-#-  HOSTCHANGE  CONFIGURATION  -#-#-#-#-#-#-#-#-#-#
 #                                                                     #
-# See http://wiki.inspircd.org/Modules/hostchange for help.           #
+# See https://wiki.inspircd.org/Modules/3.0/hostchange for help.      #
 #                                                                     #
 #<host suffix="invalid.org" separator="." prefix="">
 #<hostchange mask="*@42.theanswer.example.org" action="addnick">
@@ -892,7 +913,7 @@
 # httpd_* modules to provide pages to display.
 #
 # You can adjust the timeout for HTTP connections below. All HTTP
-# connections will be closed after (roughly) this many seconds.
+# connections will be closed after (roughly) this time period.
 #<httpd timeout="20">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
@@ -950,7 +971,7 @@
 #<inviteexception bypasskey="yes">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# IRCv3 module: Provides the following IRCv3.1 extensions:
+# IRCv3 module: Provides the following IRCv3 extensions:
 # extended-join, away-notify and account-notify. These are optional
 # enhancements to the client-to-server protocol. An extension is only
 # active for a client when the client specifically requests it, so this
@@ -958,7 +979,7 @@
 #
 # Further information on these extensions can be found at the IRCv3
 # working group website:
-# http://ircv3.org/extensions/
+# http://ircv3.net/irc/
 #
 #<module name="ircv3">
 # The following block can be used to control which extensions are
@@ -992,6 +1013,27 @@
 # another user into a channel. This respects <options:announceinvites>.
 #<module name="ircv3_invitenotify">
 
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# IRCv3 Strict Transport Security module: Provides the sts IRCv3.2
+# extension which allows clients connecting insecurely to upgrade their
+# connections to TLS.
+#<module name="ircv3_sts">
+#
+# If using the ircv3_sts module you MUST define a STS policy to send
+# to clients using the <sts> tag. This tag takes the following
+# attributes:
+#
+# host     - A glob match for the SNI hostname to apply this policy to.
+# duration - The amount of time that the policy lasts for. Defaults to
+#            approximately two months by default.
+# port     - The port on which TLS connections to the server are being
+#            accepted. You MUST have a CA-verified certificate on this
+#            port. Self signed certificates are not acceptable.
+# preload  - Whether client developers can include your certificate in
+#            preload lists.
+#
+# <sts host="*.example.com" duration="60d" port="6697" preload="yes">
+
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Join flood module: Adds support for join flood protection +j X:Y.
 # Closes the channel for N seconds if X users join in Y seconds.
@@ -1174,7 +1216,7 @@
 #-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#-#
 #                                                                     #
 # mysql is more complex than described here, see the wiki for more    #
-# info: http://wiki.inspircd.org/Modules/mysql                        #
+# info: https://wiki.inspircd.org/Modules/3.0/mysql                   #
 #
 #<database module="mysql" name="mydb" user="myuser" pass="mypass" host="localhost" id="my_database2">
 
@@ -1451,8 +1493,8 @@
 #
 #-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#-#
 #                                                                     #
-# pgsql is more complex than described here, see the wiki for    #
-# more: http://wiki.inspircd.org/Modules/pgsql                        #
+# pgsql is more complex than described here, see the wiki for         #
+# more: https://wiki.inspircd.org/Modules/3.0/pgsql                   #
 #
 #<database module="pgsql" name="mydb" user="myuser" pass="mypass" host="localhost" id="my_database" ssl="no">
 
@@ -1570,11 +1612,11 @@
 # maxbacklog - Maximum size that can be specified for backlog. 0 disables multiline matching.
 # maxdistance - Max percentage of difference between two lines we'll allow to match. Set to 0 to disable edit-distance matching.
 # maxlines - Max lines of backlog to match against.
-# maxsecs - Maximum value of seconds a user can set. 0 to allow any.
+# maxtime - Maximum period of time a user can set. 0 to allow any.
 # size - Maximum number of characters to check for, can be used to truncate messages
 # before they are checked, resulting in less CPU usage. Increasing this beyond 512
 # doesn't have any effect, as the maximum length of a message on IRC cannot exceed that.
-#<repeat maxbacklog="20" maxlines="20" maxdistance="50" maxsecs="0" size="512">
+#<repeat maxbacklog="20" maxlines="20" maxdistance="50" maxtime="0" size="512">
 #<module name="repeat">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
@@ -1679,6 +1721,12 @@
 # Layer via AUTHENTICATE. Note: You also need to have cap loaded
 # for SASL to work.
 #<module name="sasl">
+# Define the following to your services server name to improve security
+# by ensuring the SASL messages are only sent to the services server
+# and not to all connected servers. This prevents a rogue server from
+# capturing SASL messages and disables the SASL cap when services is
+# down.
+#<sasl target="services.mynetwork.com">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Secure list module: Prevent /LIST in the first minute of connection,
@@ -1692,12 +1740,12 @@
 # as shown below:                                                     #
 #<securehost exception="*@*.netsplit.de">
 #<securehost exception="*@*.ircdriven.com">
-#<securehost exception="*@*.irc-source.com">
+#<securehost exception="*@*.ircs.me">
 #                                                                     #
 # Define the following variable to change how long a user must wait   #
 # before issuing a LIST. If not defined, defaults to 60 seconds.      #
 #                                                                     #
-#<securelist waittime="60">                                           #
+#<securelist waittime="1m">                                           #
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Servprotect module: Provides support for Austhex style +k /
@@ -1824,7 +1872,7 @@
 # You can optionally let the user know that their command was blocked.
 #
 # You may also let SHUN affect opers (defaults to no).
-#<shun enabledcommands="PING PONG QUIT PART JOIN" notifyuser="yes" affectopers="no">
+#<shun enabledcommands="ADMIN PING PONG QUIT PART JOIN" notifyuser="yes" affectopers="no">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # SSL channel mode module: Adds support for SSL-only channels via
@@ -1844,7 +1892,7 @@
 #-#-#-#-#-#-#-#-#-#-#-  GNUTLS CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#
 #                                                                     #
 # ssl_gnutls is too complex to describe here, see the wiki:           #
-# http://wiki.inspircd.org/Modules/ssl_gnutls                         #
+# https://wiki.inspircd.org/Modules/3.0/ssl_gnutls                    #
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # SSL info module: Allows users to retrieve information about other
@@ -1875,7 +1923,7 @@
 #-#-#-#-#-#-#-#-#-#-#- OPENSSL CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#
 #                                                                     #
 # ssl_openssl is too complex to describe here, see the wiki:          #
-# http://wiki.inspircd.org/Modules/ssl_openssl                        #
+# https://wiki.inspircd.org/Modules/3.0/ssl_openssl                   #
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Strip color module: Adds channel mode +S that strips color codes and
@@ -1897,7 +1945,7 @@
 # SQLite3 module: Allows other SQL modules to access SQLite3          #
 # databases through a unified API.                                    #
 # This module is in extras. Re-run configure with:                    #
-# ./configure --enable-extras=m_sqlite.cpp
+# ./configure --enable-extras=m_sqlite3.cpp
 # and run make install, then uncomment this module to enable it.      #
 #
 #<module name="sqlite3">
@@ -1905,7 +1953,7 @@
 #-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#-#
 #                                                                     #
 # sqlite is more complex than described here, see the wiki for more   #
-# info: http://wiki.inspircd.org/Modules/sqlite3                      #
+# info: https://wiki.inspircd.org/Modules/3.0/sqlite3                 #
 #
 #<database module="sqlite" hostname="/full/path/to/database.db" id="anytext">
 
@@ -1921,7 +1969,7 @@
 #-#-#-#-#-#-#-#-#-#-#- SQLAUTH CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#
 #                                                                     #
 # sqlauth is too complex to describe here, see the wiki:              #
-# http://wiki.inspircd.org/Modules/sqlauth                            #
+# https://wiki.inspircd.org/Modules/3.0/sqlauth                       #
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # SQL oper module: Allows you to store oper credentials in an SQL table
@@ -1936,7 +1984,7 @@
 # dbid       - Database ID to use (see SQL modules).                  #
 # hash       - Hashing provider to use for password hashing.          #
 #                                                                     #
-# See also: http://wiki.inspircd.org/Modules/sqloper                  #
+# See also: https://wiki.inspircd.org/Modules/3.0/sqloper             #
 #                                                                     #
 #<sqloper dbid="1" hash="bcrypt">