X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=docs%2Finspircd.conf.example;h=3d9e7bd62c7c79e478a45bd4765a01dfc2007d02;hb=7758a679fadaec12fff5a0e2e1e45e90d1b5b04b;hp=40b72c1034629b3b76451f31c149b2ecba29bd85;hpb=1b4c00470148eeb7764beac24ca2a825dde5c250;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/docs/inspircd.conf.example b/docs/inspircd.conf.example index 40b72c103..3d9e7bd62 100644 --- a/docs/inspircd.conf.example +++ b/docs/inspircd.conf.example @@ -48,24 +48,36 @@ # # # # # # -# The server ID is optional, and if omitted or set to 0, is auto- # -# matically calculated from the server name and description. This is # -# similar in behaviour to the server id on ircu and charybdis ircds. # +# The server name should be a syntactically valid hostname, with at # +# least one '.', and does not need to resolve to an IP address. # +# # +# The description is freeform text. Remember you may put quotes in # +# this field by escaping it using \". # +# # +# The network field indicates the network name given in on connect # +# to clients. It is used by many clients such as mIRC to select a # +# perform list, so it should be identical on all servers on a net # +# and should not contain spaces. # +# # +# The server ID is optional, and if omitted automatically calculated # +# from the server name and description. This is similar in # +# in behaviour to the server id on ircu and charybdis ircds. # # You should only need to set this manually if there is a collision # # between two server ID's on the network. The server ID must be # -# between 1 and 999, if it is not, it will be wrapped to this range. # -# There is a range of server ID's which are suffixed by two letters # -# rather than two numbers, e.g. 1AA, 2FF, 3ZZ, which are reserved # -# for use by non-inspircd servers such as services and stats servers.# +# three digits or letters long, of which the first digit must always # +# be a number, and the other two letters may be any of 0-9 and A-Z. # +# For example, 3F9, 03J and 666 are all valid server IDs, and A9D, # +# QFX and 5eR are not. Remember, in most cases you will not need to # +# even set this value, it is calculated for you from your server # +# name and description. Changing these will change your auto- # +# generated ID. # # # @@ -89,7 +101,7 @@ # # # Enter the port and address bindings here. # # # -# bind address - specifies which address ports bind to. Leaving this # +# bind address - Specifies which address ports bind to. Leaving this # # field blank binds the port to all IP's available. # # # # port - The port number to bind to. You may specify a port # @@ -101,7 +113,7 @@ # the entire range from being bound, just that one # # port number. # # # -# type - can be 'clients' or 'servers'. The clients type is # +# type - Can be 'clients' or 'servers'. The clients type is # # a standard TCP based socket, the servers type is a # # also a TCP based connection but of a different # # format. SSL support is provided by modules, to # @@ -110,7 +122,7 @@ # # # ssl - When using m_ssl_gnutls.so or m_ssl_openssl.so # # modules, you must define this value to use ssl on # -# that port. valid values are 'gnutls' or 'openssl' # +# that port. Valid values are 'gnutls' or 'openssl' # # respectively. If the module is not loaded, this # # setting is ignored. # # # @@ -118,7 +130,7 @@ # either one of the SSL modules (m_ssl_gnutls or # # m_ssl_openssl) or m_ziplinks.so, then you may make # # use of this value. # -# setting it to 'openssl' or 'gnutls' or 'zip' # +# Setting it to 'openssl' or 'gnutls' or 'zip' # # indicates that the port should accept connections # # using the given transport name. Transports are # # layers which sit on top of a socket and change the # @@ -354,17 +366,17 @@ # your server, as well as the commands they are allowed to use. # # This works alongside with the classes specified above. # # # -# type name - a name for the combined class types. # +# type name - A name for the combined class types. # # a type name cannot contain spaces, however if you # # put an _ symbol in the name, it will be translated # # to a space when displayed in a WHOIS. # # # -# classes - specified above, used for flexibility for the # +# classes - Specified above, used for flexibility for the # # server admin to decide on which operators get # # what commands. Class names are case sensitive, # # separate multiple class names with spaces. # # # -# host - optional hostmask operators will receive on oper-up. # +# host - Optional hostmask operators will receive on oper-up. # # # # Syntax is as follows: # # # @@ -391,20 +403,20 @@ # Opers are defined here. This is a very important section. # # Remember to only make operators out of trust worthy people. # # # -# name - oper name, this is case sensitive, so it is best to # +# name - Oper name, this is case sensitive, so it is best to # # use lower-case. # # # -# password - password to oper-up, also case sensitive. # +# password - Password to oper-up, also case sensitive. # # encryption is supported via modules. You may load # # modules for MD5 or SHA256 encryption, and if you do, # # this value will be a hash value, otherwise put a # # plaintext password in this value. # # # -# host - hosts of client allowed to oper-up. # +# host - Hosts of client allowed to oper-up. # # wildcards accepted, separate multiple hosts with a # # space. You may also specify CIDR IP addresses. # # # -# fingerprint - when using the m_ssl_oper_cert.so module, you may # +# fingerprint - When using the m_ssl_oper_cert.so module, you may # # specify a key fingerprint here. This can be obtained # # using the /fingerprint command whilst the module is # # loaded, or from the notice given to you when you # @@ -419,7 +431,7 @@ # is not loaded, this configuration option has no # # effect and will be ignored. # # # -# type - defines the kind of operator. This must match a type # +# type - Defines the kind of operator. This must match a type # # tag you defined above, and is case sensitive. # # # # Syntax is as follows: # @@ -441,29 +453,29 @@ # Defines which servers can link to this one, and which servers this # # server may create outbound links to. # # # -# name - the name is the canonical name of the server, does # +# name - The name is the canonical name of the server, does # # not have to resolve - but it is expected to be set # # in the remote servers connection info. # # # -# ipaddr - valid host or IP address for remote server. These # +# ipaddr - Valid host or IP address for remote server. These # # hosts are resolved on rehash, and cached, if you # # specify a hostname; so if you find that your server # # is still trying to connect to an old IP after you # # have updated your DNS, try rehashing and then # # attempting the connect again. # # # -# port - the TCP port for the remote server. # +# port - The TCP port for the remote server. # # # -# sendpass - password to send to create an outbound connection # +# sendpass - Password to send to create an outbound connection # # to this server. # # # -# recvpass - password to receive to accept an inbound connection # +# recvpass - Password to receive to accept an inbound connection # # from this server. # # # -# autoconnect - sets the server to autoconnect. Where x is the num. # +# autoconnect - Sets the server to autoconnect. Where x is the num. # # (optional) of seconds between attempts. e.g. 300 = 5 minutes. # # # -# transport - if defined, this is a transport name implemented by # +# transport - If defined, this is a transport name implemented by # # another module. Transports are layers on top of # # plaintext connections, which alter them in certain # # ways. Currently the three supported transports are # @@ -474,7 +486,7 @@ # link to succeed. OpenSSL and GnuTLS are link- # # compatible with each other. # # # -# statshidden - when using m_spanningtree.so for linking. you may # +# statshidden - When using m_spanningtree.so for linking. you may # # set this to 'yes', and if you do, the IP address/ # # hostname of this connection will NEVER be shown to # # any opers on the network. In /stats c its address # @@ -483,7 +495,7 @@ # UNLESS the connection fails (e.g. due to a bad # # password or servername) # # # -# allowmask - when this is defined, it indicates a range of IP # +# allowmask - When this is defined, it indicates a range of IP # # addresses to allow for this link (You may use CIDR # # or wildcard form for this address). # # e.g. if your server is going to connect to you from # @@ -491,7 +503,7 @@ # into this value. If it is not defined, then only # # the ipaddr field of the server shall be allowed. # # # -# failover - if you define this option, it must be the name of a # +# failover - If you define this option, it must be the name of a # # different link tag in your configuration. This # # option causes the ircd to attempt a connection to # # the failover link in the event that the connection # @@ -509,12 +521,12 @@ # apply to autoconnected servers as well as manually # # connected ones. # # # -# timeout - if this is defined, then outbound connections will # +# timeout - If this is defined, then outbound connections will # # time out if they are not connected within this many # # seconds. If this is not defined, the default of ten # # seconds is used. # # # -# bind - if you specify this value, then when creating an # +# bind - If you specify this value, then when creating an # # outbound connection to the given server, the IP you # # place here will be bound to. This is for multi- # # homed servers which may have multiple IP addresses. # @@ -528,7 +540,7 @@ # looking for the error 'Could not assign requested # # address' in your log when connecting to servers. # # # -# hidden - if this is set to true, yes, or 1, then the server # +# hidden - If this is set to true, yes, or 1, then the server # # is completely hidden from non-opers. It does not # # show in /links and it does not show in /map. Also, # # any servers which are child servers of this one # @@ -540,7 +552,7 @@ # example to hide a non-client hub, for which clients # # do not have an IP address or resolvable hostname. # # # -# to u:line a server (give it extra privileges required for running # +# To u:line a server (give it extra privileges required for running # # services, Q, etc) you must include the tag as shown # # in the example below. You can have as many of these as you like. # # # @@ -662,7 +674,7 @@ # # # ------------------------------------------------------------------- # # # -# NOTE: if you have built InspIRCd with IPv6 support, then both # +# NOTE: If you have built InspIRCd with IPv6 support, then both # # IPv6 and IPv4 addresses are allowed here, and also in the system # # resolv.conf file. Remember that an IPv4 DNS server can still # # resolve IPv6 addresses, and vice versa. # @@ -744,11 +756,11 @@ # parts. If specified, overrides both prefixpart # # and suffixpart options. # # # -# loglevel - specifies what detail of messages to log in the # +# loglevel - Specifies what detail of messages to log in the # # log file. You may select from debug, verbose, # # default, sparse and none. # # # -# allowhalfop - allows the +h channel mode # +# allowhalfop - Allows the +h channel mode # # # # noservices - If noservices is true, yes, or 1, then the first # # user into a channel gets founder status. This is # @@ -779,7 +791,7 @@ # especially in the case of bots, and it is # # recommended that this option is enabled. # # # -# netbuffersize - size of the buffer used to receive data from # +# netbuffersize - Size of the buffer used to receive data from # # clients. The ircd may only read() this amount # # of text in one go at any time. (OPTIONAL) # # # @@ -871,8 +883,8 @@ # hint will be given (using the RPL_TEXT numeric) # # as well as the standard ERR_NEEDMOREPARAMS. # # # -# announcets - If this value is defined to yes, true or 1, then # -# a channel's timestamp is updated, the users on # +# announcets - If this value is defined to yes, true, or 1, then # +# a channels' timestamp is updated, the users on # # the channel will be informed of the change via # # a server notice to the channel with the old and # # new TS values in the timestamp. If you think this # @@ -995,28 +1007,6 @@ moronbanner="You're banned! Email haha@abuse.com with the ERROR line below for help." exemptchanops=""> -#-#-#-#-#-#-#-#-#-#-#-#-#-#- TIME SYNC OPTIONS -#-#-#-#-#-#-#-#-#-#-#-# -# Time synchronisation options for m_spanningtree linking. # -# # -# Because IRC is very time and clock dependent, InspIRCd provides its # -# own methods for synchronisation of time between servers as shown # -# in the example below, for servers that don't have ntpd running. # -# # -# enable - If this value is 'yes', 'true', or '1', time # -# synchronisation is enabled on this server. This # -# means any servers you are linked to will # -# automatically synchronise time, however you should # -# use ntpd instead where possible, NOT this option. # -# # -# master - If this value is set to yes, then this server will # -# act as the authoritative time source for the whole # -# network. All other servers will respect its time # -# without question, and match their times to it. # -# only one server should have the master value set # -# to 'yes'. # -# # - - #-#-#-#-#-#-#-#-#-#-#-#-#- WHOWAS OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# # # # This tag lets you define the behaviour of the /whowas command of # @@ -1211,14 +1201,18 @@ # # Auditorium settings: # -# +# # -# Setting this value to yes makes m_auditorium behave like unrealircd -# +u channel mode, e.g. ops see users joining, parting, etc, and users -# joining the channel see the ops. Without this flag, the mode acts -# like ircnet's +a (anonymous channels), showing only the user in the -# names list, and not even showing the ops in the list, or showing the -# ops that the user has joined. +# showops: +# Setting this value to yes makes m_auditorium behave like unrealircd +# +u channel mode, e.g. ops see users joining, parting, etc, and users +# joining the channel see the ops. Without this flag, the mode acts +# like ircnet's +a (anonymous channels), showing only the user in the +# names list, and not even showing the ops in the list, or showing the +# ops that the user has joined. +# operoverride: +# Setting this value to yes makes m_auditorium affect the userlist for +# regular users only. Opers will view all users in the channel normally. #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Ban except module: Adds support for channel ban exceptions (+e) @@ -1274,6 +1268,27 @@ # Botmode module: Adds the user mode +B # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# CallerID module: Adds usermode +g which activates hybrid-style +# callerid (== block all private messages unless you /accept first) +# +# +#-#-#-#-#-#-#-#-#-#-#- CALLERID CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# +# maxaccepts - Maximum number of entires a user can add to his # +# /accept list. Default is 16 entries. # +# operoverride - Can opers (note: ALL opers) ignore callerid mode? # +# Default is no. # +# tracknick - Preserve /accept entries when a user changes nick? # +# If no (the default), the user is removed from # +# everyone's accept list if he changes nickname. # +# cooldown - Amount of time (in seconds) that must pass since # +# the last notification sent to a user before he can # +# be sent another. Default is 60 (1 minute). # +# @@ -1543,13 +1558,23 @@ # If you have the m_denychans.so module loaded, you need to specify # # the channels to deny: # # # -# name - The channel name to deny. # +# name - The channel name to deny. (glob masks are ok) # # # # allowopers - If operators are allowed to override the deny. # # # # reason - Reason given for the deny. # # # -# +# redirect - Redirect the user to a different channel # +# # +# # +# # +# # +# Redirects will not work if the target channel is set +L. # +# # +# Additionally, you may specify channels which are allowed, even if # +# a badchan tag specifies it would be denied: # +# # +# Glob masks are accepted here also. #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Devoice Module: Let users devoice themselves. @@ -1584,6 +1609,23 @@ # Foobar module: does nothing - historical relic # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# GeoIP module: Allows the server admin to ban users by country code. +# +# +#-#-#-#-#-#-#-#-#-#-#-# GEOIP CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# +# # +# # +# # +# Set this value to true or yes to block unknown IP ranges which are # +# not in the database (usually LAN addresses, localhost, etc) # +# # +# # +# # +# Use one or more of these tags to ban countries by country code. # +# The country code must be in capitals and should be an ISO country # +# code such as TR, GB, or US. # + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Globops module: gives /GLOBOPS and usermode +g # @@ -1702,6 +1744,53 @@ # Knock module: adds the /KNOCK command and +K channel mode # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# LDAP authentication module: Adds the ability to authenticate users # +# via LDAP. This is an extra module which must be enabled explicitly # +# by symlinking it from modules/extra, and requires the OpenLDAP libs # +# # +# # +# # +# Configuration: # +# # +# # +# # +# The baserdn indicates the base DN to search in for users. Usually # +# this is 'ou=People,dc=yourdomain,dc=yourtld'. # +# # +# The attribute value indicates the attribute which is used to locate # +# a user account by name. On POSIX systems this is usually 'uid'. # +# # +# The server parameter indicates the LDAP server to connect to. The # +# ldap:// style scheme before the hostname proper is MANDITORY. # +# # +# The allowpattern value allows you to specify a wildcard mask which # +# will always be allowed to connect regardless of if they have an # +# account, for example guest users. # +# # +# Killreason indicates the QUIT reason to give to users if they fail # +# to authenticate. # +# # +# The searchscope value indicates the subtree to search under. On our # +# test system this is 'subtree'. Your mileage may vary. # +# # +# Setting the verbose value causes an oper notice to be sent out for # +# every failed authentication to the server, with an error string. # +# # +# The binddn and bindauth indicate the DN to bind to for searching, # +# and the password for the distinguished name. Some LDAP servers will # +# allow anonymous searching in which case these two values do not # +# need defining, otherwise they should be set similar to the examples # +# above. # + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Lock server module: Adds /LOCKSERV and /UNLOCKSERV commands that is # # used to temporarily close/open for new connections to the server. # @@ -1716,6 +1805,19 @@ # Msg flood module: Adds message/notice flood protection (+f) # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# MsSQL module: Allows other SQL modules to access MS SQL Server +# through a unified API. You must copy the source for this module +# from the directory src/modules/extra, plus the file m_sqlv2.h +# +# +#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# m_mssql.so is more complex than described here, see wiki for more # +# info http://www.inspircd.org/wiki/SQLServer_Service_Provider_Module # +# +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # MySQL module: Allows other SQL modules to access MySQL databases # through a unified API. You must copy the source for this module @@ -1769,28 +1871,6 @@ # Oper channels mode: Adds the +O channel mode # -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Oper hash module: Allows hashed oper passwords -# Relies on the module m_md5.so and/or m_sha256.so being loaded before -# m_oper_hash.so in the configuration file. -# -# -#-#-#-#-#-#-#-#-#-#-# OPER HASH CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# -# -# To use this module, you must define a hash type for each oper's -# password you want to hash. For example: -# -# -# -# The types of hashing available vary depending on which hashing modules -# you load, but usually if you load m_sha256.so and m_md5.so, both md5 -# and sha256 type hashing will be available (the most secure of which -# is SHA256). - #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper Join module: Forces opers to join a channel on oper-up # @@ -1833,6 +1913,28 @@ # and/or as the 'modes' parameter of the tag. # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Oper password hash module: Allows hashed oper passwords +# Relies on the module m_md5.so and/or m_sha256.so being loaded before +# m_password_hash.so in the configuration file. +# +# +#-#-#-#-#-#-#-#-#-#-# OPER HASH CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# +# +# To use this module, you must define a hash type for each oper's +# password you want to hash. For example: +# +# +# +# The types of hashing available vary depending on which hashing modules +# you load, but usually if you load m_sha256.so and m_md5.so, both md5 +# and sha256 type hashing will be available (the most secure of which +# is SHA256). + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # PostgreSQL module: Allows other SQL modules to access PgSQL databases # through a unified API. You must copy the source for this module