X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=docs%2Finspircd.conf.example;h=6b89a49b832da38b36751dd455c8ab201afec057;hb=eb08ac122471f47488cf411a0d552c5285ca3e66;hp=1a2188cb851a2d5bffecc664081fbb2f84d5965c;hpb=3cddc21bae68b84598579e6e438cd23dffae16fc;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/docs/inspircd.conf.example b/docs/inspircd.conf.example index 1a2188cb8..6b89a49b8 100644 --- a/docs/inspircd.conf.example +++ b/docs/inspircd.conf.example @@ -51,21 +51,34 @@ # id="serverid" # # network="MyNetwork"> # # # -# The server ID is optional, and if omitted or set to 0, is auto- # -# matically calculated from the server name and description. This is # -# similar in behaviour to the server id on ircu and charybdis ircds. # +# The server name should be a syntactically valid hostname, with at # +# least one '.', and does not need to resolve to an IP address. # +# # +# The description is freeform text. Remember you may put quotes in # +# this field by escaping it using \". # +# # +# The network field indicates the network name given in on connect # +# to clients. It is used by many clients such as mIRC to select a # +# perform list, so it should be identical on all servers on a net # +# and should not contain spaces. # +# # +# The server ID is optional, and if omitted automatically calculated # +# from the server name and description. This is similar in # +# in behaviour to the server id on ircu and charybdis ircds. # # You should only need to set this manually if there is a collision # # between two server ID's on the network. The server ID must be # -# between 1 and 999, if it is not, it will be wrapped to this range. # -# There is a range of server ID's which are suffixed by two letters # -# rather than two numbers, e.g. 1AA, 2FF, 3ZZ, which are reserved # -# for use by non-inspircd servers such as services and stats servers.# +# three digits or letters long, of which the first digit must always # +# be a number, and the other two letters may be any of 0-9 and A-Z. # +# For example, 3F9, 03J and 666 are all valid server IDs, and A9D, # +# QFX and 5eR are not. Remember, in most cases you will not need to # +# even set this value, it is calculated for you from your server # +# name and description. Changing these will change your auto- # +# generated ID. # # # + network="Omega"> #-#-#-#-#-#-#-#-#-#-#-#- ADMIN INFORMATION -#-#-#-#-#-#-#-#-#-#-#-# @@ -88,7 +101,7 @@ # # # Enter the port and address bindings here. # # # -# bind address - specifies which address ports bind to. Leaving this # +# bind address - Specifies which address ports bind to. Leaving this # # field blank binds the port to all IP's available. # # # # port - The port number to bind to. You may specify a port # @@ -100,7 +113,7 @@ # the entire range from being bound, just that one # # port number. # # # -# type - can be 'clients' or 'servers'. The clients type is # +# type - Can be 'clients' or 'servers'. The clients type is # # a standard TCP based socket, the servers type is a # # also a TCP based connection but of a different # # format. SSL support is provided by modules, to # @@ -109,7 +122,7 @@ # # # ssl - When using m_ssl_gnutls.so or m_ssl_openssl.so # # modules, you must define this value to use ssl on # -# that port. valid values are 'gnutls' or 'openssl' # +# that port. Valid values are 'gnutls' or 'openssl' # # respectively. If the module is not loaded, this # # setting is ignored. # # # @@ -117,7 +130,7 @@ # either one of the SSL modules (m_ssl_gnutls or # # m_ssl_openssl) or m_ziplinks.so, then you may make # # use of this value. # -# setting it to 'openssl' or 'gnutls' or 'zip' # +# Setting it to 'openssl' or 'gnutls' or 'zip' # # indicates that the port should accept connections # # using the given transport name. Transports are # # layers which sit on top of a socket and change the # @@ -197,8 +210,13 @@ # config file inspircd.conf, unless the filename starts with a forward# # slash (/) in which case it is treated as an absolute path. # # # +# You may also include an executable file, in which case if you do so # +# the output of the executable on the standard output will be added # +# to your config at the point of the include tag. # +# # # Syntax is as follows: # # # +# # # # #-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# @@ -322,8 +340,16 @@ # # # Syntax is as follows: # # # -# # +# # # # +# The name value indicates a name for this class. # +# The commands value indicates a list of one or more commands that # +# are allowed by this class (see also 'READ THIS BIT' below). # +# The usermodes and chanmodes values indicate lists of usermodes and # +# channel modes this oper can execute. This only applies to modes # +# that are marked oper-only such as usermode +Q and channelmode +O. # # ____ _ _____ _ _ ____ _ _ _ # # | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # # | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # @@ -340,11 +366,11 @@ # however it is provided for fast configuration (e.g. in test nets) # # # - - - - - + + + + + #-#-#-#-#-#-#-#-#-#-#-#- OPERATOR COMPOSITION -#-#-#-#-#-#-#-#-#-#-# @@ -353,17 +379,17 @@ # your server, as well as the commands they are allowed to use. # # This works alongside with the classes specified above. # # # -# type name - a name for the combined class types. # +# type name - A name for the combined class types. # # a type name cannot contain spaces, however if you # # put an _ symbol in the name, it will be translated # # to a space when displayed in a WHOIS. # # # -# classes - specified above, used for flexibility for the # +# classes - Specified above, used for flexibility for the # # server admin to decide on which operators get # # what commands. Class names are case sensitive, # # separate multiple class names with spaces. # # # -# host - optional hostmask operators will receive on oper-up. # +# host - Optional hostmask operators will receive on oper-up. # # # # Syntax is as follows: # # # @@ -390,20 +416,20 @@ # Opers are defined here. This is a very important section. # # Remember to only make operators out of trust worthy people. # # # -# name - oper name, this is case sensitive, so it is best to # +# name - Oper name, this is case sensitive, so it is best to # # use lower-case. # # # -# password - password to oper-up, also case sensitive. # +# password - Password to oper-up, also case sensitive. # # encryption is supported via modules. You may load # # modules for MD5 or SHA256 encryption, and if you do, # # this value will be a hash value, otherwise put a # # plaintext password in this value. # # # -# host - hosts of client allowed to oper-up. # +# host - Hosts of client allowed to oper-up. # # wildcards accepted, separate multiple hosts with a # # space. You may also specify CIDR IP addresses. # # # -# fingerprint - when using the m_ssl_oper_cert.so module, you may # +# fingerprint - When using the m_ssl_oper_cert.so module, you may # # specify a key fingerprint here. This can be obtained # # using the /fingerprint command whilst the module is # # loaded, or from the notice given to you when you # @@ -418,7 +444,7 @@ # is not loaded, this configuration option has no # # effect and will be ignored. # # # -# type - defines the kind of operator. This must match a type # +# type - Defines the kind of operator. This must match a type # # tag you defined above, and is case sensitive. # # # # Syntax is as follows: # @@ -440,29 +466,29 @@ # Defines which servers can link to this one, and which servers this # # server may create outbound links to. # # # -# name - the name is the canonical name of the server, does # +# name - The name is the canonical name of the server, does # # not have to resolve - but it is expected to be set # # in the remote servers connection info. # # # -# ipaddr - valid host or IP address for remote server. These # +# ipaddr - Valid host or IP address for remote server. These # # hosts are resolved on rehash, and cached, if you # # specify a hostname; so if you find that your server # # is still trying to connect to an old IP after you # # have updated your DNS, try rehashing and then # # attempting the connect again. # # # -# port - the TCP port for the remote server. # +# port - The TCP port for the remote server. # # # -# sendpass - password to send to create an outbound connection # +# sendpass - Password to send to create an outbound connection # # to this server. # # # -# recvpass - password to receive to accept an inbound connection # +# recvpass - Password to receive to accept an inbound connection # # from this server. # # # -# autoconnect - sets the server to autoconnect. Where x is the num. # +# autoconnect - Sets the server to autoconnect. Where x is the num. # # (optional) of seconds between attempts. e.g. 300 = 5 minutes. # # # -# transport - if defined, this is a transport name implemented by # +# transport - If defined, this is a transport name implemented by # # another module. Transports are layers on top of # # plaintext connections, which alter them in certain # # ways. Currently the three supported transports are # @@ -473,7 +499,7 @@ # link to succeed. OpenSSL and GnuTLS are link- # # compatible with each other. # # # -# statshidden - when using m_spanningtree.so for linking. you may # +# statshidden - When using m_spanningtree.so for linking. you may # # set this to 'yes', and if you do, the IP address/ # # hostname of this connection will NEVER be shown to # # any opers on the network. In /stats c its address # @@ -482,7 +508,7 @@ # UNLESS the connection fails (e.g. due to a bad # # password or servername) # # # -# allowmask - when this is defined, it indicates a range of IP # +# allowmask - When this is defined, it indicates a range of IP # # addresses to allow for this link (You may use CIDR # # or wildcard form for this address). # # e.g. if your server is going to connect to you from # @@ -490,7 +516,7 @@ # into this value. If it is not defined, then only # # the ipaddr field of the server shall be allowed. # # # -# failover - if you define this option, it must be the name of a # +# failover - If you define this option, it must be the name of a # # different link tag in your configuration. This # # option causes the ircd to attempt a connection to # # the failover link in the event that the connection # @@ -508,12 +534,12 @@ # apply to autoconnected servers as well as manually # # connected ones. # # # -# timeout - if this is defined, then outbound connections will # +# timeout - If this is defined, then outbound connections will # # time out if they are not connected within this many # # seconds. If this is not defined, the default of ten # # seconds is used. # # # -# bind - if you specify this value, then when creating an # +# bind - If you specify this value, then when creating an # # outbound connection to the given server, the IP you # # place here will be bound to. This is for multi- # # homed servers which may have multiple IP addresses. # @@ -527,7 +553,7 @@ # looking for the error 'Could not assign requested # # address' in your log when connecting to servers. # # # -# hidden - if this is set to true, yes, or 1, then the server # +# hidden - If this is set to true, yes, or 1, then the server # # is completely hidden from non-opers. It does not # # show in /links and it does not show in /map. Also, # # any servers which are child servers of this one # @@ -539,7 +565,7 @@ # example to hide a non-client hub, for which clients # # do not have an IP address or resolvable hostname. # # # -# to u:line a server (give it extra privileges required for running # +# To u:line a server (give it extra privileges required for running # # services, Q, etc) you must include the tag as shown # # in the example below. You can have as many of these as you like. # # # @@ -661,7 +687,7 @@ # # # ------------------------------------------------------------------- # # # -# NOTE: if you have built InspIRCd with IPv6 support, then both # +# NOTE: If you have built InspIRCd with IPv6 support, then both # # IPv6 and IPv4 addresses are allowed here, and also in the system # # resolv.conf file. Remember that an IPv4 DNS server can still # # resolve IPv6 addresses, and vice versa. # @@ -721,7 +747,7 @@ #-#-#-#-#-#-#-#-#-#-#-#-#- SERVER OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# # # -# Settings to define which features are usable on your server. # +# Settings to define which features are usable on your server. # # # # prefixquit - A prefix to be placed on the start of a client's # # quit message # @@ -743,21 +769,20 @@ # parts. If specified, overrides both prefixpart # # and suffixpart options. # # # -# loglevel - specifies what detail of messages to log in the # -# log file. You may select from debug, verbose, # -# default, sparse and none. # -# # -# allowhalfop - allows the +h channel mode # +# allowhalfop - Allows the +h channel mode # # # # noservices - If noservices is true, yes, or 1, then the first # # user into a channel gets founder status. This is # # only useful on networks running the m_chanprotect # # module without services. # # # -# qaprefixes - If qaprefixes is true, yes, or 1, then users # -# with +q or +a will get the ~ or & prefixes # -# used in unreal. This is only useful on networks # -# running the m_chanprotect module # +# qprefix - qprefix is used by the chanprotect module to give # +# a visible prefix to users set +q (founder) in chan # +# It should be set to something sensible like ~ or ! # +# If not set, no prefix is applied to users with +q # +# # +# aprefix - aprefix is the same as qprefix, except it is for # +# giving users with mode +a (protected) a prefix # # # # deprotectself - If this value is set to yes, true, or 1, then any # # user with +q or +a may remove the +q or +a from # @@ -778,100 +803,18 @@ # especially in the case of bots, and it is # # recommended that this option is enabled. # # # -# netbuffersize - size of the buffer used to receive data from # -# clients. The ircd may only read() this amount # -# of text in one go at any time. (OPTIONAL) # -# # -# maxwho - The maximum number of results returned by a /WHO # -# query. This is to prevent /WHO being used as a # -# spam vector or means of flooding an ircd. The # -# default is 128, it is not recommended to raise it # -# above 1024. Values up to 65535 are permitted. If # -# this value is omitted, any size WHO is allowed by # -# anyone. # -# # -# somaxconn - The maximum number of sockets that may be waiting # -# in the accept queue. This usually allows the ircd # -# to soak up more connections in a shorter space of # -# time when increased but please be aware there is a # -# system defined maximum value to this, the same way # -# there is a system defined maximum number of file # -# descriptors. Some systems may only allow this to # -# be up to 5 (ugh) while others such as FreeBSD will # -# default to a much nicer 128. # -# # # moduledir - This optional value indicates a runtime change of # # the location where modules are to be found. This # # does not add a supplementary directory. There can # # only be one module path. # # # -# softlimit - This optional feature allows a defined softlimit. # -# if defined sets a soft maxconnections value, has # -# to be less than the ./configure maxclients # -# # -# userstats - The userstats field is optional and specifies # -# which stats characters in /STATS may be requested # -# by non-operators. Stats characters in this field # -# are case sensitive and are allowed to users # -# independent of if they are in a module or the core # -# # -# operspywhois - If this is set then when an IRC operator uses # -# /WHOIS on a user they will see all channels, even # -# ones if channels are secret (+s), private (+p) or # -# if the target user is invisible +i. # -# # -# customversion - If you specify this configuration item, and it is # -# not set to an empty value, then when a user does # -# a /VERSION command on the ircd, this string will # -# be displayed as the second portion of the output, # -# replacing the system 'uname', compile flags and # -# socket engine/dns engine names. You may use this # -# to enhance security, or simply for vanity. # -# # -# maxtargets - The maxtargets field is optional, and if not # -# defined, defaults to 20. It indicates the maximum # -# number of targets which may be given to commands # -# such as PRIVMSG, KICK etc. # -# # -# hidesplits - When set to 'yes', will hide split server names # -# from non-opers. Non-opers will see '*.net *.split' # -# instead of the server names in the quit message, # -# identical to the way IRCu displays them. # -# # -# hidebans - When set to 'yes', will hide gline, kline, zline # -# and qline quit messages from non-opers. For # -# example, user A who is not an oper will just see # -# (G-Lined) while user B who is an oper will see the # -# text (G-Lined: Reason here) instead. # -# # -# hidewhois - When defined with a non-empty value, the given # -# text will be used in place of the user's server # -# in WHOIS, when a user is WHOISed by a non-oper. # -# For example, most nets will want to set this to # -# something like '*.netname.net' to conceal the # -# actual server the user is on. # -# # -# flatlinks - When you are using m_spanningtree.so, and this # -# value is set to yes, true or 1, /MAP and /LINKS # -# will be flattened when shown to a non-opers. # -# # -# hideulines - When you are using m_spanningtree.so, and this # -# value is set to yes, true or 1, then U-lined # -# servers will be hidden in /LINKS and /MAP for non # -# opers. Please be aware that this will also hide # -# any leaf servers of a U-lined server, e.g. jupes. # -# # -# nouserdns - If set to yes, true or 1, no user DNS lookups # -# will be performed for connecting users. This can # -# save a lot of resources on very busy IRC servers. # -# # # syntaxhints - If set to yes, true or 1, when a user does not # # give enough parameters for a command, a syntax # # hint will be given (using the RPL_TEXT numeric) # # as well as the standard ERR_NEEDMOREPARAMS. # # # -# announcets - If this value is defined to yes, true or 1, then # -# a channel's timestamp is updated, the users on # +# announcets - If this value is defined to yes, true, or 1, then # +# a channels' timestamp is updated, the users on # # the channel will be informed of the change via # # a server notice to the channel with the old and # # new TS values in the timestamp. If you think this # @@ -886,40 +829,6 @@ # nick!user@host is shown for who set a TOPIC last. # # if set to no, then only the nickname is shown. # # # -# announceinvites # -# - If this option is set, then invites are announced # -# to the channel when a user invites another user. # -# If you consider this to be unnecessary noise, # -# set this to 'none'. To announce to all ops, set # -# this to 'ops' and to announce to all users set the # -# value to 'all'. # -# # -# The value 'dynamic' varies between 'ops' and 'all' # -# settings depending on if the channel is +i or not. # -# When the channel is +i, messages go only to ops, # -# and when the channel is not +i, messages go to # -# everyone. In short, the messages will go to every # -# user who has power of INVITE on the channel. This # -# is the recommended setting. # -# # -# disablehmac - If you are linking your InspIRCd to older versions # -# then you can specify this option and set it to # -# yes. 1.1.6 and above support HMAC and challenge- # -# response for password authentication. These can # -# greatly enhance security of your server to server # -# connections when you are not using SSL (as is the # -# case with a lot of larger networks). Linking to # -# older versions of InspIRCd should not *usually* be # -# a problem, but if you have problems with HMAC # -# authentication, this option can be used to turn it # -# off. # -# # -# hidemodes - If this option is enabled, then the listmodes # -# given (e.g. +eI), will be hidden from users below # -# halfop. This is not recommended to be set on mode # -# +b, as it may break some features in popular # -# clients such as mIRC. # -# # # quietbursts - When synching or splitting from the network, a # # server can generate a lot of connect and quit # # snotices to the +C and +Q snomasks. Setting this # @@ -957,64 +866,216 @@ # # + defaultmodes="nt" + moronbanner="You're banned! Email haha@abuse.com with the ERROR line below for help." + exemptchanops=""> + -#-#-#-#-#-#-#-#-#-#-#-#-#-#- TIME SYNC OPTIONS -#-#-#-#-#-#-#-#-#-#-#-# -# Time synchronisation options for m_spanningtree linking. # +#-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-# +# # +# maxwho - The maximum number of results returned by a /WHO # +# query. This is to prevent /WHO being used as a # +# spam vector or means of flooding an ircd. The # +# default is 128, it is not recommended to raise it # +# above 1024. Values up to 65535 are permitted. If # +# this value is omitted, any size WHO is allowed by # +# anyone. # +# # +# somaxconn - The maximum number of sockets that may be waiting # +# in the accept queue. This usually allows the ircd # +# to soak up more connections in a shorter space of # +# time when increased but please be aware there is a # +# system defined maximum value to this, the same way # +# there is a system defined maximum number of file # +# descriptors. Some systems may only allow this to # +# be up to 5 (ugh) while others such as FreeBSD will # +# default to a much nicer 128. # +# # +# moduledir - This optional value indicates a runtime change of # +# the location where modules are to be found. This # +# does not add a supplementary directory. There can # +# only be one module path. # +# # +# softlimit - This optional feature allows a defined softlimit. # +# if defined sets a soft maxconnections value, has # +# to be less than the ./configure maxclients # +# # +# nouserdns - If set to yes, true or 1, no user DNS lookups # +# will be performed for connecting users. This can # +# save a lot of resources on very busy IRC servers. # +# # +# netbuffersize - Size of the buffer used to receive data from # +# clients. The ircd may only read() this amount # +# of text in one go at any time. (OPTIONAL) # +# # + + + +#-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# +# # +# announceinvites # +# - If this option is set, then invites are announced # +# to the channel when a user invites another user. # +# If you consider this to be unnecessary noise, # +# set this to 'none'. To announce to all ops, set # +# this to 'ops' and to announce to all users set the # +# value to 'all'. # +# # +# The value 'dynamic' varies between 'ops' and 'all' # +# settings depending on if the channel is +i or not. # +# When the channel is +i, messages go only to ops, # +# and when the channel is not +i, messages go to # +# everyone. In short, the messages will go to every # +# user who has power of INVITE on the channel. This # +# is the recommended setting. # +# # +# disablehmac - If you are linking your InspIRCd to older versions # +# then you can specify this option and set it to # +# yes. 1.1.6 and above support HMAC and challenge- # +# response for password authentication. These can # +# greatly enhance security of your server to server # +# connections when you are not using SSL (as is the # +# case with a lot of larger networks). Linking to # +# older versions of InspIRCd should not *usually* be # +# a problem, but if you have problems with HMAC # +# authentication, this option can be used to turn it # +# off. # +# # +# hidemodes - If this option is enabled, then the listmodes # +# given (e.g. +eI), will be hidden from users below # +# halfop. This is not recommended to be set on mode # +# +b, as it may break some features in popular # +# clients such as mIRC. # +# # +# hidesplits - When set to 'yes', will hide split server names # +# from non-opers. Non-opers will see '*.net *.split' # +# instead of the server names in the quit message, # +# identical to the way IRCu displays them. # # # -# Because IRC is very time and clock dependent, InspIRCd provides its # -# own methods for synchronisation of time between servers as shown # -# in the example below, for servers that don't have ntpd running. # +# hidebans - When set to 'yes', will hide gline, kline, zline # +# and qline quit messages from non-opers. For # +# example, user A who is not an oper will just see # +# (G-Lined) while user B who is an oper will see the # +# text (G-Lined: Reason here) instead. # +# # +# hidewhois - When defined with a non-empty value, the given # +# text will be used in place of the user's server # +# in WHOIS, when a user is WHOISed by a non-oper. # +# For example, most nets will want to set this to # +# something like '*.netname.net' to conceal the # +# actual server the user is on. # # # -# enable - If this value is 'yes', 'true', or '1', time # -# synchronisation is enabled on this server. This # -# means any servers you are linked to will # -# automatically synchronise time, however you should # -# use ntpd instead where possible, NOT this option. # +# flatlinks - When you are using m_spanningtree.so, and this # +# value is set to yes, true or 1, /MAP and /LINKS # +# will be flattened when shown to a non-opers. # # # -# master - If this value is set to yes, then this server will # -# act as the authoritative time source for the whole # -# network. All other servers will respect its time # -# without question, and match their times to it. # -# only one server should have the master value set # -# to 'yes'. # +# hideulines - When you are using m_spanningtree.so, and this # +# value is set to yes, true or 1, then U-lined # +# servers will be hidden in /LINKS and /MAP for non # +# opers. Please be aware that this will also hide # +# any leaf servers of a U-lined server, e.g. jupes. # # # - +# userstats - The userstats field is optional and specifies # +# which stats characters in /STATS may be requested # +# by non-operators. Stats characters in this field # +# are case sensitive and are allowed to users # +# independent of if they are in a module or the core # +# # +# operspywhois - If this is set then when an IRC operator uses # +# /WHOIS on a user they will see all channels, even # +# ones if channels are secret (+s), private (+p) or # +# if the target user is invisible +i. # +# # +# customversion - If you specify this configuration item, and it is # +# not set to an empty value, then when a user does # +# a /VERSION command on the ircd, this string will # +# be displayed as the second portion of the output, # +# replacing the system 'uname', compile flags and # +# socket engine/dns engine names. You may use this # +# to enhance security, or simply for vanity. # +# # +# maxtargets - The maxtargets field is optional, and if not # +# defined, defaults to 20. It indicates the maximum # +# number of targets which may be given to commands # +# such as PRIVMSG, KICK etc. # +# # + + + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Logging +# ------- +# +# Logging is covered with the tag, which you may use to change +# the behaviour of the logging of the IRCd. +# +# In InspIRCd as of 1.2, logging is pluggable and very extensible. +# Different files can log the same thing, different 'types' of log can +# go to different places, and modules can even extend the log tag +# to do what they want. +# +# An example log tag would be: +# +# which would log all information on /oper (failed and successful) to +# a file called opers.log. +# +# There are many different types which may be used, and modules may +# generate their own. A list of useful types: +# - USERS - information relating to user connection and disconnection +# - CHANNELS - information relating to joining and parting of channels. +# XXX someone doc more on this +# +# You may also log *everything* by using a type of *, and subtract things out +# of that by using -TYPE - for example "* -USERINPUT -USEROUTPUT". +# +# Channel Logging +# --------------- +# +# I'm aware this would probably better belong in the modules section, but this +# is heavily interrelated to logging, and as such will be documented here. +# +# m_chanlog is one of the modules which can alter logging to it's own thing. +# An example of this may be: +# +# +# +# +# The following log tag is highly default and uncustomised. It is recommended you +# sort out your own log tags. This is just here so you get some output. + #-#-#-#-#-#-#-#-#-#-#-#-#- WHOWAS OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# # # @@ -1099,8 +1160,10 @@ # usually for cryptographic uses and security. # # IMPORTANT: -# Other modules such as m_opermd5.so may rely on this module being -# loaded to function. +# Other modules such as m_password_hash.so may rely on this module being +# loaded to function. Certain modules such as m_spanningtree.so will +# function without this module but when it is loaded their features will +# be enhanced (for example the addition of HMAC authentication). # # @@ -1210,14 +1273,18 @@ # # Auditorium settings: # -# +# # -# Setting this value to yes makes m_auditorium behave like unrealircd -# +u channel mode, e.g. ops see users joining, parting, etc, and users -# joining the channel see the ops. Without this flag, the mode acts -# like ircnet's +a (anonymous channels), showing only the user in the -# names list, and not even showing the ops in the list, or showing the -# ops that the user has joined. +# showops: +# Setting this value to yes makes m_auditorium behave like unrealircd +# +u channel mode, e.g. ops see users joining, parting, etc, and users +# joining the channel see the ops. Without this flag, the mode acts +# like ircnet's +a (anonymous channels), showing only the user in the +# names list, and not even showing the ops in the list, or showing the +# ops that the user has joined. +# operoverride: +# Setting this value to yes makes m_auditorium affect the userlist for +# regular users only. Opers will view all users in the channel normally. #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Ban except module: Adds support for channel ban exceptions (+e) @@ -1246,7 +1313,7 @@ # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Block CAPS module: Blocking all-CAPS messages with cmode +P +# Block CAPS module: Blocking all-CAPS messages with cmode +B # # # #-#-#-#-#-#-#-#-#-#-#- BLOCKCAPS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# @@ -1329,10 +1396,13 @@ # client's IP address from, for further information, please see the # CGI:IRC documentation. # +# Old style: # # Get IP from PASS -# # Get IP from WEBIRC # # Get IP from ident # # See the docs +# New style: +# # Get IP from WEBIRC # # IMPORTANT NOTE: # --------------- @@ -1569,7 +1639,12 @@ # # # reason - Reason given for the deny. # # # +# redirect - Redirect the user to a different channel # +# # # # +# # +# # +# Redirects will not work if the target channel is set +L. # # # # Additionally, you may specify channels which are allowed, even if # # a badchan tag specifies it would be denied: # @@ -1609,6 +1684,23 @@ # Foobar module: does nothing - historical relic # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# GeoIP module: Allows the server admin to ban users by country code. +# +# +#-#-#-#-#-#-#-#-#-#-#-# GEOIP CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# +# # +# # +# # +# Set this value to true or yes to block unknown IP ranges which are # +# not in the database (usually LAN addresses, localhost, etc) # +# # +# # +# # +# Use one or more of these tags to ban countries by country code. # +# The country code must be in capitals and should be an ISO country # +# code such as TR, GB, or US. # + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Globops module: gives /GLOBOPS and usermode +g # @@ -1694,7 +1786,7 @@ # the user in a 'connecting' state until the lookup is complete. # # The bind value indicates which IP to bind outbound requests to. # # # -# # +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Invite except module: Adds support for channel invite exceptions (+I) @@ -1727,6 +1819,53 @@ # Knock module: adds the /KNOCK command and +K channel mode # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# LDAP authentication module: Adds the ability to authenticate users # +# via LDAP. This is an extra module which must be enabled explicitly # +# by symlinking it from modules/extra, and requires the OpenLDAP libs # +# # +# # +# # +# Configuration: # +# # +# # +# # +# The baserdn indicates the base DN to search in for users. Usually # +# this is 'ou=People,dc=yourdomain,dc=yourtld'. # +# # +# The attribute value indicates the attribute which is used to locate # +# a user account by name. On POSIX systems this is usually 'uid'. # +# # +# The server parameter indicates the LDAP server to connect to. The # +# ldap:// style scheme before the hostname proper is MANDITORY. # +# # +# The allowpattern value allows you to specify a wildcard mask which # +# will always be allowed to connect regardless of if they have an # +# account, for example guest users. # +# # +# Killreason indicates the QUIT reason to give to users if they fail # +# to authenticate. # +# # +# The searchscope value indicates the subtree to search under. On our # +# test system this is 'subtree'. Your mileage may vary. # +# # +# Setting the verbose value causes an oper notice to be sent out for # +# every failed authentication to the server, with an error string. # +# # +# The binddn and bindauth indicate the DN to bind to for searching, # +# and the password for the distinguished name. Some LDAP servers will # +# allow anonymous searching in which case these two values do not # +# need defining, otherwise they should be set similar to the examples # +# above. # + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Lock server module: Adds /LOCKSERV and /UNLOCKSERV commands that is # # used to temporarily close/open for new connections to the server. # @@ -1741,6 +1880,19 @@ # Msg flood module: Adds message/notice flood protection (+f) # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# MsSQL module: Allows other SQL modules to access MS SQL Server +# through a unified API. You must copy the source for this module +# from the directory src/modules/extra, plus the file m_sqlv2.h +# +# +#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# m_mssql.so is more complex than described here, see wiki for more # +# info http://www.inspircd.org/wiki/SQLServer_Service_Provider_Module # +# +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # MySQL module: Allows other SQL modules to access MySQL databases # through a unified API. You must copy the source for this module @@ -1760,6 +1912,12 @@ # This is supported by mIRC, x-chat, klient, and maybe more. # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Nickban: Implements extended ban n:, which stops anyone matching +# a mask like +b n:nick!user@host from changing their nick on channel. +# +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Nickchange flood protection module: Allows up to X nick changes in Y seconds. # Provides channel mode +F. @@ -1794,37 +1952,21 @@ # Oper channels mode: Adds the +O channel mode # -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Oper hash module: Allows hashed oper passwords -# Relies on the module m_md5.so and/or m_sha256.so being loaded before -# m_oper_hash.so in the configuration file. -# -# -#-#-#-#-#-#-#-#-#-#-# OPER HASH CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# -# -# To use this module, you must define a hash type for each oper's -# password you want to hash. For example: -# -# -# -# The types of hashing available vary depending on which hashing modules -# you load, but usually if you load m_sha256.so and m_md5.so, both md5 -# and sha256 type hashing will be available (the most secure of which -# is SHA256). - #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper Join module: Forces opers to join a channel on oper-up # # #-#-#-#-#-#-#-#-#-#-# OPERJOIN CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # -# If you are using the m_operjoin.so module, specify the channel here # +# If you are using the m_operjoin.so module, specify options here: # # # -# +# channel - The channel name to join, can also be a comma # +# seperated list eg. "#channel1,#channel2". # +# # +# override - Lets the oper join walking thru any modes that # +# might be set, even bans. Use "yes" or "no". # +# # +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper MOTD module: Provides support for seperate message of the day @@ -1858,6 +2000,36 @@ # and/or as the 'modes' parameter of the tag. # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Oper password hash module: Allows hashed oper passwords +# Relies on the module m_md5.so and/or m_sha256.so being loaded before +# m_password_hash.so in the configuration file. +# +# +#-#-#-#-#-#-#-#-#-#-# OPER HASH CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# +# +# To use this module, you must define a hash type for each oper's +# password you want to hash. For example: +# +# +# +# The types of hashing available vary depending on which hashing modules +# you load, but usually if you load m_sha256.so and m_md5.so, both md5 +# and sha256 type hashing will be available (the most secure of which +# is SHA256). + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Permanent Channels module: Channels with the permanent channels mode +# will remain open even after everyone else has left the channel, and +# therefore keep things like modes, ban lists and topic. Permanent +# channels -may- need support from your Services package to function +# properly with them. This adds channel mode +P. +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # PostgreSQL module: Allows other SQL modules to access PgSQL databases # through a unified API. You must copy the source for this module @@ -1871,6 +2043,25 @@ # # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Quietban: Implements extended ban q:, which stops anyone matching +# a mask like +b q:nick!user@host from speaking on channel. +# +# + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Quitban: Provides per-IP connection throttling. Any IP that disconnects +# too many times (configurable) in an hour is zlined for a (configurable) +# duration, and their count resets to 0. +# +# NOTE: This module may change name/behaviour later in 1.2. Please make sure +# you read release announcements! +# +# +# This allows for 10 quits in an hour with a 10 minute ban if that is exceeded. +# +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Random Quote module: provides a random quote on connect. # NOTE: Some of these may mimic fatal errors and confuse users and @@ -1912,6 +2103,16 @@ # Restrict message module: Allows users to only message opers # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Ban users through regular expression patterns +# +# +#-#-#-#-#-#-#-#-#-#-#-#- RLINE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# +# If you wish to re-check a user when they change nickname (can be +# useful under some situations, but *can* also use CPU with more users +# on a server) then set the following configuration value: +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Provide /LIST throttling (to prevent flooding) and /LIST safety to # prevent excess flood when the list is large. @@ -2101,14 +2302,6 @@ # # Sets the maximum number of entries on a users silence list. -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Extended SILENCE module: Adds support for /SILENCE with additional -# features to silence based on invites, channel messages, etc. -# -# -# The configuration tags for this module are identical to those of -# m_silence, shown above. - #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SQLite3 module: Allows other SQL modules to access SQLite3 # # databases through a unified API. You must link the source for this # @@ -2166,10 +2359,11 @@ #-#-#-#-#-#-#-#-#-#-#- SQLOPER CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # # # dbid - Database ID to use (see m_sql) # +# hash - Hashing provider to use for password hashing # # # # See also: http://www.inspircd.org/wiki/SQL_Oper_Storage_Module # # # -# +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SVSHold module: Implements SVSHOLD. Like Q:Lines, but can only be # @@ -2242,6 +2436,14 @@ # # Sets the maximum number of entries on a user's watch list. +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# XLine database: Stores all *Lines (G/Z/K/R/any added by other modules) +# in a file "xline.db" which can be re-loaded on restart. This is useful +# for two reasons: it keeps bans so users may not evade them, and on +# bigger networks, server connections will take less time as there will +# be a lot less bans to apply - as most of them will already be there. +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # XMLSocket module: Adds support for connections using the shockwave # flash XMLSocket. Note that this does not work if the client you are @@ -2330,6 +2532,7 @@ + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- YAWN -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # # # You should already know what to do here :) #