X-Git-Url: https://git.netwichtig.de/gitweb/?a=blobdiff_plain;f=docs%2Finspircd.conf.example;h=6b89a49b832da38b36751dd455c8ab201afec057;hb=eb08ac122471f47488cf411a0d552c5285ca3e66;hp=3aa53e52c10c73146dbde425b897dbb111e0094f;hpb=21e3ab02ef92d67eb1d6d4daaabeb9d1108669b9;p=user%2Fhenk%2Fcode%2Finspircd.git diff --git a/docs/inspircd.conf.example b/docs/inspircd.conf.example index 3aa53e52c..6b89a49b8 100644 --- a/docs/inspircd.conf.example +++ b/docs/inspircd.conf.example @@ -20,7 +20,7 @@ # This is an example of the config file for InspIRCd. # # Change the options to suit your network # # # -# $Id$ +# $Id$ # # # # ____ _ _____ _ _ ____ _ _ _ # # | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # @@ -48,8 +48,33 @@ # # # # # # +# The server name should be a syntactically valid hostname, with at # +# least one '.', and does not need to resolve to an IP address. # +# # +# The description is freeform text. Remember you may put quotes in # +# this field by escaping it using \". # +# # +# The network field indicates the network name given in on connect # +# to clients. It is used by many clients such as mIRC to select a # +# perform list, so it should be identical on all servers on a net # +# and should not contain spaces. # +# # +# The server ID is optional, and if omitted automatically calculated # +# from the server name and description. This is similar in # +# in behaviour to the server id on ircu and charybdis ircds. # +# You should only need to set this manually if there is a collision # +# between two server ID's on the network. The server ID must be # +# three digits or letters long, of which the first digit must always # +# be a number, and the other two letters may be any of 0-9 and A-Z. # +# For example, 3F9, 03J and 666 are all valid server IDs, and A9D, # +# QFX and 5eR are not. Remember, in most cases you will not need to # +# even set this value, it is calculated for you from your server # +# name and description. Changing these will change your auto- # +# generated ID. # +# # # # # # # -# If InspIRCd is built for IPV6, and you wish to accept IPV4 clients, # -# then you can specify IPV4 ip addresses here to bind. You may also # -# use the 4in6 notation, ::ffff:1.2.3.4, where 1.2.3.4 is the IPV4 # +# If InspIRCd is built for IPv6, and you wish to accept IPv4 clients, # +# then you can specify IPv4 ip addresses here to bind. You may also # +# use the 4in6 notation, ::ffff:1.2.3.4, where 1.2.3.4 is the IPv4 # # address to bind the port, but as of InspIRCd 1.1.1, this is not # # required. # # # # ------------------------------------------------------------------- # # # -# PLEASE NOTE: If you have build InspIRCd as an ipv6 server, and you # +# PLEASE NOTE: If you have build InspIRCd as an IPv6 server, and you # # specify an empty bind address, the binding will be bound to ALL THE # -# IPV6 IP ADDRESSES, and not the ipv4 addresses. If you are using an # -# ipv6 enabled InspIRCd and want to bind to multiple IPV4 addresses # +# IPv6 IP ADDRESSES, and not the IPv4 addresses. If you are using an # +# IPv6 enabled InspIRCd and want to bind to multiple IPv4 addresses # # in this way, you must specify them by hand. If you have built the # -# server for ipv4 connections only, then specifying an empty bind # -# address binds the port to all ipv4 IP addresses, as expected. # +# server for IPv4 connections only, then specifying an empty bind # +# address binds the port to all IPv4 IP addresses, as expected. # # # @@ -163,7 +188,7 @@ #-#-#-#-#-#-#-#-#-#- DIE/RESTART CONFIGURATION -#-#-#-#-#-#-#-#-#-#- # # # You can configure the passwords here which you wish to use for # -# the die and restart commands. Only trusted ircops who will # +# the die and restart commands. Only trusted IRCop's who will # # need this ability should know the die and restart password. # # # # Syntax is as follows: # @@ -185,8 +210,13 @@ # config file inspircd.conf, unless the filename starts with a forward# # slash (/) in which case it is treated as an absolute path. # # # +# You may also include an executable file, in which case if you do so # +# the output of the executable on the standard output will be added # +# to your config at the point of the include tag. # +# # # Syntax is as follows: # # # +# # # # #-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# @@ -198,22 +228,39 @@ # # # Syntax is as follows: # # # -# # +# port="6660" maxchans="50" limit="999"> # +# # +# # # # -# # +# # # # # IP masks may be specified in CIDR format or wildcard format, # -# for IPV4 and IPV6. You *cannot* use hostnames in the allow or # +# for IPv4 and IPv6. You *cannot* use hostnames in the allow or # # deny field, as the state is applied before the user's DNS has # # been resolved. # # # +# You can optionally name your connect allow/deny tags. If you do # +# this, you may reference this connect tag as the parent of another # +# connect tag with the option as shown above. If # +# you do this, any options not explicitly specified in the tag will # +# be copied from the parent. # +# # +# If the value maxchans is included, this overrides all other max # +# channels related settings, including the separate oper maximum. # +# You may set this to any (sane) value you wish and it applies to # +# all users within this connect tag. # +# # # You may optionally include timeout="x" on any allow line, which # # specifies the amount of time given before an unknown connection # -# is closed if USER/NICK/PASS are not given. This value is in secs # +# is closed if USER/NICK/PASS are not given. This value is in secs. # +# # +# You may optionally limit the number of clients that are matched # +# by a single tag by specifying the maximum in the limit # +# parameter. If set to 0, there is no limit, which is the default. # # # # You should also include a flood="x" line which indicates # # the number of lines a user may place into their buffer at once # @@ -231,7 +278,7 @@ # settings as shown in the full example below. # # The ping frequency is specified in seconds, and the sendq size # # in bytes. It is recommended, although not enforced, that you # -# should never set your sendq size to less than 8k. Send Queues are # +# should never set your sendq size to less than 8K. Send Queues are # # dynamically allocated and can grow as needed up to the maximum # # size specified. # # # @@ -262,6 +309,11 @@ # only incoming connections on the specified port will match. Port # # tags may be used on connect allow and connect deny tags. # # # +# The limit value determines the maximum number of users which may # +# be in this class. Combine this with CIDR masks for various ISP # +# subnets to limit the number of users which may connect at any one # +# time from a certain ISP. Omit this value to not limit the tag. # +# # @@ -273,7 +325,8 @@ sendq="262144" recvq="8192" localmax="3" - globalmax="3"> + globalmax="3" + limit="5000"> @@ -281,14 +334,22 @@ #-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- # # -# Classes are a group of commands which are grouped together # -# and given a unique name. They used to define which commands # +# Classes are a group of commands which are grouped together and # +# given a unique name. They're used to define which commands # # are available to certain types of Operators. # # # # Syntax is as follows: # # # -# # +# # # # +# The name value indicates a name for this class. # +# The commands value indicates a list of one or more commands that # +# are allowed by this class (see also 'READ THIS BIT' below). # +# The usermodes and chanmodes values indicate lists of usermodes and # +# channel modes this oper can execute. This only applies to modes # +# that are marked oper-only such as usermode +Q and channelmode +O. # # ____ _ _____ _ _ ____ _ _ _ # # | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # # | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # @@ -305,11 +366,11 @@ # however it is provided for fast configuration (e.g. in test nets) # # # - - - - - + + + + + #-#-#-#-#-#-#-#-#-#-#-#- OPERATOR COMPOSITION -#-#-#-#-#-#-#-#-#-#-# @@ -318,17 +379,17 @@ # your server, as well as the commands they are allowed to use. # # This works alongside with the classes specified above. # # # -# type name - a name for the combined class types # +# type name - A name for the combined class types. # # a type name cannot contain spaces, however if you # # put an _ symbol in the name, it will be translated # # to a space when displayed in a WHOIS. # # # -# classes - specified above, used for flexibility for the # +# classes - Specified above, used for flexibility for the # # server admin to decide on which operators get # # what commands. Class names are case sensitive, # -# seperate multiple class names with spaces. # +# separate multiple class names with spaces. # # # -# host - optional hostmask operators will receive on oper-up. # +# host - Optional hostmask operators will receive on oper-up. # # # # Syntax is as follows: # # # @@ -353,20 +414,20 @@ #-#-#-#-#-#-#-#-#-#-#- OPERATOR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # # Opers are defined here. This is a very important section. # -# Remember to only make operators out of truthworthy people. # +# Remember to only make operators out of trust worthy people. # # # -# name - oper name, This is case sensitive, so it is best to # +# name - Oper name, this is case sensitive, so it is best to # # use lower-case. # # # -# password - password to oper-up, also case sensitive. # +# password - Password to oper-up, also case sensitive. # # encryption is supported via modules. You may load # # modules for MD5 or SHA256 encryption, and if you do, # # this value will be a hash value, otherwise put a # # plaintext password in this value. # # # -# host - hosts of client allowed to oper-up. # -# wildcards accepted, seperate multiple hosts with a # -# space. You may also specify CIDR ip addresses. # +# host - Hosts of client allowed to oper-up. # +# wildcards accepted, separate multiple hosts with a # +# space. You may also specify CIDR IP addresses. # # # # fingerprint - When using the m_ssl_oper_cert.so module, you may # # specify a key fingerprint here. This can be obtained # @@ -375,7 +436,7 @@ # connect to the ircd using a client certificate, # # and will lock this oper block to only the user who # # has that specific key/certificate pair. # -# This enhances security a great deal, however it # +# this enhances security a great deal, however it # # requires that opers use clients which can send ssl # # client certificates, if this is configured for that # # oper. Note that if the m_ssl_oper.so module is not # @@ -390,7 +451,7 @@ # # # # @@ -405,15 +466,15 @@ # Defines which servers can link to this one, and which servers this # # server may create outbound links to. # # # -# name - The name is the canocial name of the server, does # +# name - The name is the canonical name of the server, does # # not have to resolve - but it is expected to be set # # in the remote servers connection info. # # # -# ipaddr - Valid host or ip address for remote server. These # +# ipaddr - Valid host or IP address for remote server. These # # hosts are resolved on rehash, and cached, if you # -# specify a hostname, so if you find that your server # +# specify a hostname; so if you find that your server # # is still trying to connect to an old IP after you # -# have updated your dns, try rehashing and then # +# have updated your DNS, try rehashing and then # # attempting the connect again. # # # # port - The TCP port for the remote server. # @@ -438,12 +499,12 @@ # link to succeed. OpenSSL and GnuTLS are link- # # compatible with each other. # # # -# hidden - When using m_spanningtree.so for linking. you may # +# statshidden - When using m_spanningtree.so for linking. you may # # set this to 'yes', and if you do, the IP address/ # # hostname of this connection will NEVER be shown to # -# any opers on the network. In /STATS c its address # +# any opers on the network. In /stats c its address # # will show as *@, and during CONNECT and # -# inbound connections, its IP will show as # +# inbound connections, it's IP will show as # # UNLESS the connection fails (e.g. due to a bad # # password or servername) # # # @@ -482,19 +543,19 @@ # outbound connection to the given server, the IP you # # place here will be bound to. This is for multi- # # homed servers which may have multiple IP addresses. # -# If you do not define this value, the first IP that # +# if you do not define this value, the first IP that # # is not empty or localhost from your tags # # will be bound to. This is usually acceptable, # # however if your server has multiple network cards # # then you may have to manually specify the bind # # value instead of leaving it to automatic binding. # -# You can usually tell if you need to set this by # +# you can usually tell if you need to set this by # # looking for the error 'Could not assign requested # # address' in your log when connecting to servers. # # # # hidden - If this is set to true, yes, or 1, then the server # # is completely hidden from non-opers. It does not # -# show in LINKS and it does not show in MAP. Also, # +# show in /links and it does not show in /map. Also, # # any servers which are child servers of this one # # in the network will *also* be hidden. Use with # # care! You can use this to 'mask off' sections of # @@ -504,7 +565,7 @@ # example to hide a non-client hub, for which clients # # do not have an IP address or resolvable hostname. # # # -# to u:line a server (give it extra privilages required for running # +# To u:line a server (give it extra privileges required for running # # services, Q, etc) you must include the tag as shown # # in the example below. You can have as many of these as you like. # # # @@ -514,12 +575,12 @@ # # # ------------------------------------------------------------------- # # # -# NOTE: If you have built your server as an ipv6 server, then when a # -# DNS lookup of a server's host occurs, AAAA records (ipv6) are # -# priorotized over A records (ipv4). Therefore, if the server you are # -# connecting to has both an IPV6 ip address and an IPV4 ip address in # -# its DNS entry, the IPV6 address will *always* be selected. To # -# change this behaviour simply specify the IPV4 IP address rather # +# NOTE: If you have built your server as an IPv6 server, then when a # +# DNS lookup of a server's host occurs, AAAA records (IPv6) are # +# prioritised over A records (IPv4). Therefore, if the server you are # +# connecting to has both an IPv6 IP address and an IPv4 IP address in # +# its DNS entry, the IPv6 address will *always* be selected. To # +# change this behaviour simply specify the IPv4 IP address rather # # than the hostname of the server. # # # # ------------------------------------------------------------------- # @@ -531,7 +592,7 @@ # |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # # # # If you want to link servers to InspIRCd you must load the # -# m_spanningtree module! Please see the modules list below for # +# m_spanningtree.so module! Please see the modules list below for # # information on how to load this module! If you do not load this # # module, server links will NOT work! # # # @@ -551,6 +612,7 @@ timeout="15" transport="gnutls" bind="1.2.3.4" + statshidden="no" hidden="no" sendpass="outgoing!password" recvpass="incoming!password"> @@ -568,7 +630,7 @@ # permissions, and should be used with caution. Services servers are # # usually u-lined in this manner. # # # -# The 'silent' value if set to yes indicates that this server should # +# The 'silent' value, if set to yes, indicates that this server should# # not generate quit and connect notices, which can cut down on noise # # to opers on the network. # # # @@ -579,7 +641,7 @@ # # # These options let you define the path to your motd and rules # # files. If these are relative paths, they are relative to the # -# configurtion directory. # +# configuration directory. # # # -# An example of using an IPV6 nameserver +# An example of using an IPv6 nameserver # #-#-#-#-#-#-#-#-#-#-#-#-#-#-# PID FILE -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # # # Define the path to the PID file here. The PID file can be used to # # rehash the ircd from the shell or to terminate the ircd from the # -# shell using shell scripts, perl scripts etc, and to monitor the # +# shell using shell scripts, perl scripts, etc... and to monitor the # # ircd's state via cron jobs. If this is a relative path, it will be # # relative to the configuration directory, and if it is not defined, # # the default of 'inspircd.pid' is used. # @@ -651,7 +713,7 @@ #-#-#-#-#-#-#-#-#-#-#-#-#- BANLIST LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-#-# # # # Use these tags to customise the ban limits on a per channel basis. # -# the tags are read from top to bottom, and any tag found which # +# The tags are read from top to bottom, and any tag found which # # matches the channels name applies the banlimit to that channel. # # It is advisable to put an entry with the channel as '*' at the # # bottom of the list. If none are specified or no maxbans tag is # @@ -685,7 +747,7 @@ #-#-#-#-#-#-#-#-#-#-#-#-#- SERVER OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# # # -# Settings to define which features are useable on your server. # +# Settings to define which features are usable on your server. # # # # prefixquit - A prefix to be placed on the start of a client's # # quit message # @@ -697,21 +759,30 @@ # QUITS. If specified, overrides both prefixquit # # and suffixquit options. # # # -# loglevel - specifies what detail of messages to log in the # -# log file. You may select from debug, verbose, # -# default, sparse and none. # +# prefixpart - A prefix to be placed on the start of a client's # +# part message # +# # +# suffixpart - A suffix to be placed on the end of a client's # +# part message. # # # -# allowhalfop - allows the +h channel mode # +# fixedpart - A fixed part message to display for all client # +# parts. If specified, overrides both prefixpart # +# and suffixpart options. # +# # +# allowhalfop - Allows the +h channel mode # # # # noservices - If noservices is true, yes, or 1, then the first # # user into a channel gets founder status. This is # # only useful on networks running the m_chanprotect # # module without services. # # # -# qaprefixes - If qaprefixes is true, yes, or 1, then users # -# with +q or +a will get the ~ or & prefixes # -# used in unreal. This is only useful on networks # -# running the m_chanprotect module # +# qprefix - qprefix is used by the chanprotect module to give # +# a visible prefix to users set +q (founder) in chan # +# It should be set to something sensible like ~ or ! # +# If not set, no prefix is applied to users with +q # +# # +# aprefix - aprefix is the same as qprefix, except it is for # +# giving users with mode +a (protected) a prefix # # # # deprotectself - If this value is set to yes, true, or 1, then any # # user with +q or +a may remove the +q or +a from # @@ -732,100 +803,19 @@ # especially in the case of bots, and it is # # recommended that this option is enabled. # # # -# netbuffersize - size of the buffer used to receive data from # -# clients. The ircd may only read() this amount # -# of text in one go at any time. (OPTIONAL) # -# # -# maxwho - The maximum number of results returned by a /WHO # -# query. This is to prevent /WHO being used as a # -# spam vector or means of flooding an ircd. The # -# default is 128, it is not recommended to raise it # -# above 1024. Values up to 65535 are permitted. # -# # -# somaxconn - The maximum number of sockets that may be waiting # -# in the accept queue. This usually allows the ircd # -# to soak up more connections in a shorter space of # -# time when increased but please be aware there is a # -# system defined maximum value to this, the same way # -# there is a system defined maximum number of file # -# descriptors. Some systems may only allow this to # -# be up to 5 (ugh) while others such as FreeBSD will # -# default to a much nicer 128. # -# # # moduledir - This optional value indicates a runtime change of # # the location where modules are to be found. This # # does not add a supplementary directory. There can # # only be one module path. # # # -# softlimit - This optional feature allows a defined softlimit. # -# if defined sets a soft maxconnections value, has # -# to be less than the ./configure maxclients # -# # -# userstats - The userstats field is optional and specifies # -# which stats characters in /STATS may be requested # -# by non-operators. Stats characters in this field # -# are case sensitive and are allowed to users # -# independent of if they are in a module or the core # -# # -# operspywhois - If this is set then when an IRC operator uses # -# /WHOIS on a user they will see all channels, even # -# ones if channels are secret (+s), private (+p) or # -# if the target user is invisible +i. # -# # -# customversion - If you specify this configuration item, and it is # -# not set to an empty value, then when a user does # -# a /VERSION command on the ircd, this string will # -# be displayed as the second portion of the output, # -# replacing the system 'uname', compile flags and # -# socket engine/dns engine names. You may use this # -# to enhance security, or simply for vanity. # -# # -# maxtargets - The maxtargets field is optional, and if not # -# defined, defaults to 20. It indicates the maximum # -# number of targets which may be given to commands # -# such as PRIVMSG, KICK etc. # -# # -# hidesplits - When set to 'yes', will hide split server names # -# from non-opers. Non-opers will see '*.net *.split' # -# instead of the server names in the quit message, # -# identical to the way IRCu displays them. # -# # -# hidebans - When set to 'yes', will hide gline, kline, zline # -# and qline quit messages from non-opers. For # -# example, user A who is not an oper will just see # -# (G-Lined) while user B who is an oper will see the # -# text (G-Lined: Reason here) instead. # -# # -# hidewhois - When defined with a non-empty value, the given # -# text will be used in place of the user's server # -# in WHOIS, when a user is WHOISed by a non-oper. # -# For example, most nets will want to set this to # -# something like '*.netname.net' to conceal the # -# actual server the user is on. # -# # -# flatlinks - When you are using m_spanningtree.so, and this # -# value is set to true, yes or 1, /MAP and /LINKS # -# will be flattened when shown to a non-oper. # -# # -# hideulines - When you are using m_spanningtree.so, and this # -# value is set to true, yes or 1, then U-lined # -# servers will be hidden in /LINKS and /MAP. For non # -# opers. Please be aware that this will also hide # -# any leaf servers of a U-lined server, e.g. jupes. # -# # -# nouserdns - If set to 'yes', 'true' or '1', no user dns # -# lookups will be performed for connecting users. # -# this can save a lot of resources on very busy irc # -# servers. # -# # -# syntaxhints - If set to 'yes', 'true' or '1', when a user does # -# not give enough parameters for a command, a syntax # +# syntaxhints - If set to yes, true or 1, when a user does not # +# give enough parameters for a command, a syntax # # hint will be given (using the RPL_TEXT numeric) # # as well as the standard ERR_NEEDMOREPARAMS. # # # -# announcets - If this value is defined to 'yes', 'true' or '1', # -# then if a channel's timestamp is updated the users # -# on the channel will be informed of the change via # +# announcets - If this value is defined to yes, true, or 1, then # +# a channels' timestamp is updated, the users on # +# the channel will be informed of the change via # # a server notice to the channel with the old and # # new TS values in the timestamp. If you think this # # is just pointless noise, define the value to 0. # @@ -839,30 +829,6 @@ # nick!user@host is shown for who set a TOPIC last. # # if set to no, then only the nickname is shown. # # # -# announceinvites # -# - If this option is set to yes (the default), then # -# invites are announced to the channel when a user # -# invites annother user. If you consider this to be # -# unnecessary noise, explicitly set this to no. # -# # -# disablehmac - If you are linking your InspIRCd to older versions # -# then you can specify this option and set it to # -# yes. 1.1.6 and above support HMAC and challenge- # -# response for password authentication. These can # -# greatly enhance security of your server to server # -# connections when you are not using SSL (as is the # -# case with a lot of larger networks). Linking to # -# older versions of InspIRCd should not *usually* be # -# a problem, but if you have problems with HMAC # -# authentication, this option can be used to turn it # -# off. # -# # -# hidemodes - If this option is enabled, then the listmodes # -# given (e.g. +eI), will be hidden from users below # -# halfop. This is not recommended to be set on mode # -# +b, as it may break some features in popular # -# clients such as mIRC. # -# # # quietbursts - When synching or splitting from the network, a # # server can generate a lot of connect and quit # # snotices to the +C and +Q snomasks. Setting this # @@ -872,6 +838,10 @@ # such as BOPM which rely on them to scan users when # # a split heals in certain configurations. # # # +# serverpingfreq- This value, when set, allows you to change the # +# frequency of server to server PING messages. This # +# can help if you are having certain network issues. # +# # # pingwarning - This should be set to a number between 1 and 59 if # # defined, and if it is defined will cause the server# # to send out a warning via snomask +l if a server # @@ -881,69 +851,231 @@ # # # exemptchanops - This option allows channel operators to be exempted# # from certain channel modes. # -# Supported modes are +SfgNc. Defaults to off. # +# Supported modes are +SfFgNc. Defaults to off. # # # # defaultmodes - The default modes to be given to each channel on # # creation. Defaults to 'nt'. There should be no + # # or - symbols in this sequence, if you add them # # they will be ignored. You may add parameters for # -# parameterised modes. # +# modes which take them. # +# # +# moronbanner - The NOTICE to show to users who are glined, zlined # +# klined or qlined when they are disconnected. This # +# is totally freeform, you may place any text here # +# you wish. # # # + defaultmodes="nt" + moronbanner="You're banned! Email haha@abuse.com with the ERROR line below for help." + exemptchanops=""> + -#-#-#-#-#-#-#-#-#-#-#-#-#-#- TIME SYNC OPTIONS -#-#-#-#-#-#-#-#-#-#-#-# -# Time sychronization options for m_spanningtree linking. # +#-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-# +# # +# maxwho - The maximum number of results returned by a /WHO # +# query. This is to prevent /WHO being used as a # +# spam vector or means of flooding an ircd. The # +# default is 128, it is not recommended to raise it # +# above 1024. Values up to 65535 are permitted. If # +# this value is omitted, any size WHO is allowed by # +# anyone. # +# # +# somaxconn - The maximum number of sockets that may be waiting # +# in the accept queue. This usually allows the ircd # +# to soak up more connections in a shorter space of # +# time when increased but please be aware there is a # +# system defined maximum value to this, the same way # +# there is a system defined maximum number of file # +# descriptors. Some systems may only allow this to # +# be up to 5 (ugh) while others such as FreeBSD will # +# default to a much nicer 128. # +# # +# moduledir - This optional value indicates a runtime change of # +# the location where modules are to be found. This # +# does not add a supplementary directory. There can # +# only be one module path. # # # -# Because IRC is very time and clock dependent, InspIRCd provides its # -# own methods for syncronization of time between servers as shown # -# in the example below, for servers that don't have ntpd running. # +# softlimit - This optional feature allows a defined softlimit. # +# if defined sets a soft maxconnections value, has # +# to be less than the ./configure maxclients # # # -# enable - If this value is 'yes', 'true', or '1', time # -# synchronization is enabled on this server. This # -# means any servers you are linked to will # -# automatically synchronize time, however you should # -# use ntpd instead where possible, NOT this option. # +# nouserdns - If set to yes, true or 1, no user DNS lookups # +# will be performed for connecting users. This can # +# save a lot of resources on very busy IRC servers. # # # -# master - If this value is set to yes, then this server will # -# act as the authoritative time source for the whole # -# network. All other servers will respect its time # -# without question, and match their times to it. # -# only one server should have the master value set # -# to 'yes'. # +# netbuffersize - Size of the buffer used to receive data from # +# clients. The ircd may only read() this amount # +# of text in one go at any time. (OPTIONAL) # # # - + + + +#-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# +# # +# announceinvites # +# - If this option is set, then invites are announced # +# to the channel when a user invites another user. # +# If you consider this to be unnecessary noise, # +# set this to 'none'. To announce to all ops, set # +# this to 'ops' and to announce to all users set the # +# value to 'all'. # +# # +# The value 'dynamic' varies between 'ops' and 'all' # +# settings depending on if the channel is +i or not. # +# When the channel is +i, messages go only to ops, # +# and when the channel is not +i, messages go to # +# everyone. In short, the messages will go to every # +# user who has power of INVITE on the channel. This # +# is the recommended setting. # +# # +# disablehmac - If you are linking your InspIRCd to older versions # +# then you can specify this option and set it to # +# yes. 1.1.6 and above support HMAC and challenge- # +# response for password authentication. These can # +# greatly enhance security of your server to server # +# connections when you are not using SSL (as is the # +# case with a lot of larger networks). Linking to # +# older versions of InspIRCd should not *usually* be # +# a problem, but if you have problems with HMAC # +# authentication, this option can be used to turn it # +# off. # +# # +# hidemodes - If this option is enabled, then the listmodes # +# given (e.g. +eI), will be hidden from users below # +# halfop. This is not recommended to be set on mode # +# +b, as it may break some features in popular # +# clients such as mIRC. # +# # +# hidesplits - When set to 'yes', will hide split server names # +# from non-opers. Non-opers will see '*.net *.split' # +# instead of the server names in the quit message, # +# identical to the way IRCu displays them. # +# # +# hidebans - When set to 'yes', will hide gline, kline, zline # +# and qline quit messages from non-opers. For # +# example, user A who is not an oper will just see # +# (G-Lined) while user B who is an oper will see the # +# text (G-Lined: Reason here) instead. # +# # +# hidewhois - When defined with a non-empty value, the given # +# text will be used in place of the user's server # +# in WHOIS, when a user is WHOISed by a non-oper. # +# For example, most nets will want to set this to # +# something like '*.netname.net' to conceal the # +# actual server the user is on. # +# # +# flatlinks - When you are using m_spanningtree.so, and this # +# value is set to yes, true or 1, /MAP and /LINKS # +# will be flattened when shown to a non-opers. # +# # +# hideulines - When you are using m_spanningtree.so, and this # +# value is set to yes, true or 1, then U-lined # +# servers will be hidden in /LINKS and /MAP for non # +# opers. Please be aware that this will also hide # +# any leaf servers of a U-lined server, e.g. jupes. # +# # +# userstats - The userstats field is optional and specifies # +# which stats characters in /STATS may be requested # +# by non-operators. Stats characters in this field # +# are case sensitive and are allowed to users # +# independent of if they are in a module or the core # +# # +# operspywhois - If this is set then when an IRC operator uses # +# /WHOIS on a user they will see all channels, even # +# ones if channels are secret (+s), private (+p) or # +# if the target user is invisible +i. # +# # +# customversion - If you specify this configuration item, and it is # +# not set to an empty value, then when a user does # +# a /VERSION command on the ircd, this string will # +# be displayed as the second portion of the output, # +# replacing the system 'uname', compile flags and # +# socket engine/dns engine names. You may use this # +# to enhance security, or simply for vanity. # +# # +# maxtargets - The maxtargets field is optional, and if not # +# defined, defaults to 20. It indicates the maximum # +# number of targets which may be given to commands # +# such as PRIVMSG, KICK etc. # +# # + + + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Logging +# ------- +# +# Logging is covered with the tag, which you may use to change +# the behaviour of the logging of the IRCd. +# +# In InspIRCd as of 1.2, logging is pluggable and very extensible. +# Different files can log the same thing, different 'types' of log can +# go to different places, and modules can even extend the log tag +# to do what they want. +# +# An example log tag would be: +# +# which would log all information on /oper (failed and successful) to +# a file called opers.log. +# +# There are many different types which may be used, and modules may +# generate their own. A list of useful types: +# - USERS - information relating to user connection and disconnection +# - CHANNELS - information relating to joining and parting of channels. +# XXX someone doc more on this +# +# You may also log *everything* by using a type of *, and subtract things out +# of that by using -TYPE - for example "* -USERINPUT -USEROUTPUT". +# +# Channel Logging +# --------------- +# +# I'm aware this would probably better belong in the modules section, but this +# is heavily interrelated to logging, and as such will be documented here. +# +# m_chanlog is one of the modules which can alter logging to it's own thing. +# An example of this may be: +# +# +# +# +# The following log tag is highly default and uncustomised. It is recommended you +# sort out your own log tags. This is just here so you get some output. + #-#-#-#-#-#-#-#-#-#-#-#-#- WHOWAS OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# # # @@ -1028,8 +1160,10 @@ # usually for cryptographic uses and security. # # IMPORTANT: -# Other modules such as m_opermd5.so may rely on this module being -# loaded to function. +# Other modules such as m_password_hash.so may rely on this module being +# loaded to function. Certain modules such as m_spanningtree.so will +# function without this module but when it is loaded their features will +# be enhanced (for example the addition of HMAC authentication). # # @@ -1072,7 +1206,7 @@ # command "foo bar baz qux quz" then $3- will hold # # "baz qux quz" and $2 will contain "bar". You may # # also use the special variables: $nick, $ident, # -# $host and $vhost, and you may seperate multiple # +# $host and $vhost, and you may separate multiple # # commands with \n. If you wish to use the ACTUAL # # characters \ and n together in a line, you must # # use the sequence "\\n". # @@ -1139,14 +1273,18 @@ # # Auditorium settings: # -# +# # -# Setting this value to yes makes m_auditorium behave like unrealircd -# +u channel mode, e.g. ops see users joining, parting, etc, and users -# joining the channel see the ops. Without this flag, the mode acts -# like ircnet's +a (anonymous channels), showing only the user in the -# names list, and not even showing the ops in the list, or showing the -# ops that the user has joined. +# showops: +# Setting this value to yes makes m_auditorium behave like unrealircd +# +u channel mode, e.g. ops see users joining, parting, etc, and users +# joining the channel see the ops. Without this flag, the mode acts +# like ircnet's +a (anonymous channels), showing only the user in the +# names list, and not even showing the ops in the list, or showing the +# ops that the user has joined. +# operoverride: +# Setting this value to yes makes m_auditorium affect the userlist for +# regular users only. Opers will view all users in the channel normally. #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Ban except module: Adds support for channel ban exceptions (+e) @@ -1175,7 +1313,7 @@ # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Block CAPS module: Blocking all-CAPS messages with cmode +P +# Block CAPS module: Blocking all-CAPS messages with cmode +B # # # #-#-#-#-#-#-#-#-#-#-#- BLOCKCAPS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# @@ -1202,6 +1340,27 @@ # Botmode module: Adds the user mode +B # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# CallerID module: Adds usermode +g which activates hybrid-style +# callerid (== block all private messages unless you /accept first) +# +# +#-#-#-#-#-#-#-#-#-#-#- CALLERID CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# +# maxaccepts - Maximum number of entires a user can add to his # +# /accept list. Default is 16 entries. # +# operoverride - Can opers (note: ALL opers) ignore callerid mode? # +# Default is no. # +# tracknick - Preserve /accept entries when a user changes nick? # +# If no (the default), the user is removed from # +# everyone's accept list if he changes nickname. # +# cooldown - Amount of time (in seconds) that must pass since # +# the last notification sent to a user before he can # +# be sent another. Default is 60 (1 minute). # +# @@ -1226,7 +1385,7 @@ #-#-#-#-#-#-#-#-#-#-#-# CGIIRC CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# # # Optional - If you specify to use m_cgiirc, then you must specify one -# or more cgihost tags which indicate authorized CGI:IRC servers which +# or more cgihost tags which indicate authorised CGI:IRC servers which # will be connecting to your network, and an optional cgiirc tag. # For more information see: http://www.inspircd.org/wiki/CGI-IRC_Module # @@ -1237,10 +1396,27 @@ # client's IP address from, for further information, please see the # CGI:IRC documentation. # +# Old style: # # Get IP from PASS -# # Get IP from WEBIRC # # Get IP from ident # # See the docs +# New style: +# # Get IP from WEBIRC +# +# IMPORTANT NOTE: +# --------------- +# +# When you connect CGI:IRC clients, there are two connect classes which +# apply to these clients. When the client initially connects, the connect +# class which matches the cgi:irc site's host is checked. Therefore you +# must raise the maximum local/global clients for this ip as high as you +# want to allow cgi clients. After the client has connected and is +# determined to be a cgi:irc client, the class which matches the client's +# real IP is then checked. You may set this class to a lower value, so that +# the real IP of the client can still be restricted to, for example, 3 +# sessions maximum. +# #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1257,6 +1433,12 @@ # Chanprotect module: gives +q and +a channel modes # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Check module: gives /check +# Check is useful for looking up information on channels, +# users, IP addresses and hosts. +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # CHGHOST module: Adds the /CHGHOST command # @@ -1274,6 +1456,10 @@ # CHGIDENT module: Adds the /CHGIDENT command # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# CHGNAME module: Adds the /CHGNAME command +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Cloaking module: Adds usermode +x and cloaking support. # Relies on the module m_md5.so being loaded before m_cloaking.so in @@ -1286,13 +1472,24 @@ # must define cloak keys, and optionally a cloak prefix as shown # # below. When using cloaking, the cloak keys are MANDITORY and must # # be included. However, if prefix is not included, it will default # -# to your networks name from the tag. # +# to your networks name from the tag. You can also include # +# the following optional values: # +# # +# ipalways - Always cloak the IP address, not the hostname, # +# which doesn't reveal the user's ISP, but # +# results in hosts that are harder to read and # +# ban. # +# # +# lowercase - Display the cloaked hostnames in lowercase # +# characters instead of uppercase # # # # # +# prefix="mynet" # +# ipalways="false" # +# lowercase="false"> # # # # Please note that the key values will accept any number, and should # # be large numbers. Using small numbers such as "7" or "1924" will # @@ -1300,12 +1497,22 @@ # use hexdecimal numbers prefixed by "0x", as shown in this example, # # with each key eight hex digits long. # +#-#-#-#-#-#-#-#-#-#-#-#- CLOSE MODULE #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Close module: Allows an oper to close all unregistered connections. +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Clones module: Adds an oper command /CLONES for detecting cloned # users. Warning: This module may be resource intensive when its # command is issued, use with care. # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Common channels module: Adds user mode +c, which, when set, requires +# that users must share a common channel with you to PRIVMSG or NOTICE +# you. +# + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Conn-Join: Allows you to force users to join one or more channels # automatically upon connecting to the server. @@ -1367,6 +1574,22 @@ # +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Custom title module: Adds the /TITLE command which allows for trusted +# users to gain a custom whois line and a optional +# vhost can be specified. +# +# +#-#-#-#-#-#-#-#-#-#- CUSTOM TITLE CONFIGURATION -#-#-#-#-#-#-#-#-#-# +# name - The username used to identify +# password - The password used to identify +# host - Allowed hostmask [optional] +# title - Title shown in whois +# vhost - Displayed host [optional] +# +# +#<title name="bar" password="foo" host="ident@host.name" title="Official Chat Helper" vhost="helper.network.chat"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # DCCALLOW module: Adds the /DCCALLOW command #<module name="m_dccallow.so"> @@ -1393,6 +1616,14 @@ # channel messages and channel notices. #<module name="m_deaf.so"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Delay join module: Adds the channel mode +D which delays all JOIN +# messages from users until they speak. If they quit or part before +# speaking, their quit or part message will not be shown to the channel +# which helps cut down noise on large channels in a more friendly way +# than the auditorium mode. Only channel ops may set the +D mode. +#<module name="m_delayjoin.so"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Deny Channels: Deny Channels from being used by users #<module name="m_denychans.so"> @@ -1402,13 +1633,23 @@ # If you have the m_denychans.so module loaded, you need to specify # # the channels to deny: # # # -# name - The channel name to deny. # +# name - The channel name to deny. (glob masks are ok) # # # # allowopers - If operators are allowed to override the deny. # # # # reason - Reason given for the deny. # # # -#<badchan name="#gods" allowopers="yes" reason="Tortoises!"> +# redirect - Redirect the user to a different channel # +# # +#<badchan name="#gods*" allowopers="yes" reason="Tortoises!"> # +#<badchan name="#heaven" redirect="#hell" reason="Nice try!"> # +# # +# Redirects will not work if the target channel is set +L. # +# # +# Additionally, you may specify channels which are allowed, even if # +# a badchan tag specifies it would be denied: # +#<goodchan name="#godsleeps"> # +# Glob masks are accepted here also. #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Devoice Module: Let users devoice themselves. @@ -1443,6 +1684,23 @@ # Foobar module: does nothing - historical relic #<module name="m_foobar.so"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# GeoIP module: Allows the server admin to ban users by country code. +#<module name="m_geoip.so"> +# +#-#-#-#-#-#-#-#-#-#-#-# GEOIP CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# +# # +# <geoip banunknown="false"> # +# # +# Set this value to true or yes to block unknown IP ranges which are # +# not in the database (usually LAN addresses, localhost, etc) # +# # +# <geoban country="TR" reason="This country not permitted"> # +# # +# Use one or more of these tags to ban countries by country code. # +# The country code must be in capitals and should be an ISO country # +# code such as TR, GB, or US. # + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Globops module: gives /GLOBOPS and usermode +g #<module name="m_globops.so"> @@ -1483,10 +1741,11 @@ # Optional - If you choose to use the m_hostchange.so module. # # Config Help - See http://www.inspircd.org/wiki/Host_Changer_Module # # # -#<host suffix="polarbears.org"> +#<host suffix="polarbears.org" separator="." prefix=""> #<hostchange mask="*@fbi.gov" action="addnick"> #<hostchange mask="*r00t@*" action="suffix"> #<hostchange mask="a@b.com" action="set" value="blah.blah.blah"> +#<hostchange mask="localhost" ports="7000,7001,7005-7007" action="set" value="blahblah.foo"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # httpd module: Provides http server support for InspIRCd @@ -1527,7 +1786,7 @@ # the user in a 'connecting' state until the lookup is complete. # # The bind value indicates which IP to bind outbound requests to. # # # -#<ident timeout="5" bind=""> # +#<ident timeout="5" bind=""> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Invite except module: Adds support for channel invite exceptions (+I) @@ -1560,6 +1819,53 @@ # Knock module: adds the /KNOCK command and +K channel mode #<module name="m_knock.so"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# LDAP authentication module: Adds the ability to authenticate users # +# via LDAP. This is an extra module which must be enabled explicitly # +# by symlinking it from modules/extra, and requires the OpenLDAP libs # +# # +#<module name="m_ldapauth.so"> # +# # +# Configuration: # +# # +# <ldapauth baserdn="ou=People,dc=brainbox,dc=cc" # +# attribute="uid" # +# server="ldap://brainwave.brainbox.cc" # +# allowpattern="Guest*" # +# killreason="Access denied" # +# searchscope="subtree" # +# binddn="cn=Manager,dc=brainbox,dc=cc" # +# bindauth="mysecretpass" # +# verbose="yes"> # +# # +# The baserdn indicates the base DN to search in for users. Usually # +# this is 'ou=People,dc=yourdomain,dc=yourtld'. # +# # +# The attribute value indicates the attribute which is used to locate # +# a user account by name. On POSIX systems this is usually 'uid'. # +# # +# The server parameter indicates the LDAP server to connect to. The # +# ldap:// style scheme before the hostname proper is MANDITORY. # +# # +# The allowpattern value allows you to specify a wildcard mask which # +# will always be allowed to connect regardless of if they have an # +# account, for example guest users. # +# # +# Killreason indicates the QUIT reason to give to users if they fail # +# to authenticate. # +# # +# The searchscope value indicates the subtree to search under. On our # +# test system this is 'subtree'. Your mileage may vary. # +# # +# Setting the verbose value causes an oper notice to be sent out for # +# every failed authentication to the server, with an error string. # +# # +# The binddn and bindauth indicate the DN to bind to for searching, # +# and the password for the distinguished name. Some LDAP servers will # +# allow anonymous searching in which case these two values do not # +# need defining, otherwise they should be set similar to the examples # +# above. # + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Lock server module: Adds /LOCKSERV and /UNLOCKSERV commands that is # # used to temporarily close/open for new connections to the server. # @@ -1574,6 +1880,19 @@ # Msg flood module: Adds message/notice flood protection (+f) #<module name="m_messageflood.so"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# MsSQL module: Allows other SQL modules to access MS SQL Server +# through a unified API. You must copy the source for this module +# from the directory src/modules/extra, plus the file m_sqlv2.h +#<module name="m_mssql.so"> +# +#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# m_mssql.so is more complex than described here, see wiki for more # +# info http://www.inspircd.org/wiki/SQLServer_Service_Provider_Module # +# +#<database name="db" username="user" password="pass" hostname="localhost" id="db1"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # MySQL module: Allows other SQL modules to access MySQL databases # through a unified API. You must copy the source for this module @@ -1593,6 +1912,17 @@ # This is supported by mIRC, x-chat, klient, and maybe more. #<module name="m_namesx.so"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Nickban: Implements extended ban n:, which stops anyone matching +# a mask like +b n:nick!user@host from changing their nick on channel. +#<module name="m_nickban.so"> +# + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Nickchange flood protection module: Allows up to X nick changes in Y seconds. +# Provides channel mode +F. +#<module name="m_nickflood.so"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Nicklock module: Let opers change a user's nick and then stop that # user from changing their nick again. @@ -1622,37 +1952,21 @@ # Oper channels mode: Adds the +O channel mode #<module name="m_operchans.so"> -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Oper hash module: Allows hashed oper passwords -# Relies on the module m_md5.so and/or m_sha256.so being loaded before -# m_oper_hash.so in the configuration file. -#<module name="m_oper_hash.so"> -# -#-#-#-#-#-#-#-#-#-#-# OPER HASH CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# -# -# To use this module, you must define a hash type for each oper's -# password you want to hash. For example: -# -# <oper name="Brain" -# host="ident@dialup15.isp.com" -# hash="sha256" -# password="a41d730937a53b79f788c0ab13e9e1d5" -# type="NetAdmin"> -# -# The types of hashing available vary depending on which hashing modules -# you load, but usually if you load m_sha256.so and m_md5.so, both md5 -# and sha256 type hashing will be available (the most secure of which -# is SHA256). - #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper Join module: Forces opers to join a channel on oper-up #<module name="m_operjoin.so"> # #-#-#-#-#-#-#-#-#-#-# OPERJOIN CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # -# If you are using the m_operjoin.so module, specify the channel here # +# If you are using the m_operjoin.so module, specify options here: # +# # +# channel - The channel name to join, can also be a comma # +# seperated list eg. "#channel1,#channel2". # +# # +# override - Lets the oper join walking thru any modes that # +# might be set, even bans. Use "yes" or "no". # # # -#<operjoin channel="#channel"> +#<operjoin channel="#channel" override="no"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper MOTD module: Provides support for seperate message of the day @@ -1683,8 +1997,39 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper modes module: Allows you to specify modes to add/remove on oper # Specify the modes as the 'modes' parameter of the <type> tag +# and/or as the 'modes' parameter of the <oper> tag. #<module name="m_opermodes.so"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Oper password hash module: Allows hashed oper passwords +# Relies on the module m_md5.so and/or m_sha256.so being loaded before +# m_password_hash.so in the configuration file. +#<module name="m_password_hash.so"> +# +#-#-#-#-#-#-#-#-#-#-# OPER HASH CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# +# +# To use this module, you must define a hash type for each oper's +# password you want to hash. For example: +# +# <oper name="Brain" +# host="ident@dialup15.isp.com" +# hash="sha256" +# password="a41d730937a53b79f788c0ab13e9e1d5" +# type="NetAdmin"> +# +# The types of hashing available vary depending on which hashing modules +# you load, but usually if you load m_sha256.so and m_md5.so, both md5 +# and sha256 type hashing will be available (the most secure of which +# is SHA256). + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Permanent Channels module: Channels with the permanent channels mode +# will remain open even after everyone else has left the channel, and +# therefore keep things like modes, ban lists and topic. Permanent +# channels -may- need support from your Services package to function +# properly with them. This adds channel mode +P. +#<module name="m_permchannels.so"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # PostgreSQL module: Allows other SQL modules to access PgSQL databases # through a unified API. You must copy the source for this module @@ -1698,6 +2043,25 @@ # #<database name="mydb" username="myuser" password="mypass" hostname="localhost" id="my_database" ssl="no"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Quietban: Implements extended ban q:, which stops anyone matching +# a mask like +b q:nick!user@host from speaking on channel. +#<module name="m_quietban.so"> +# + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Quitban: Provides per-IP connection throttling. Any IP that disconnects +# too many times (configurable) in an hour is zlined for a (configurable) +# duration, and their count resets to 0. +# +# NOTE: This module may change name/behaviour later in 1.2. Please make sure +# you read release announcements! +# +#<quitban threshold="10" duration="10m"> +# This allows for 10 quits in an hour with a 10 minute ban if that is exceeded. +# +#<module name="m_quitban.so"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Random Quote module: provides a random quote on connect. # NOTE: Some of these may mimic fatal errors and confuse users and @@ -1739,6 +2103,16 @@ # Restrict message module: Allows users to only message opers #<module name="m_restrictmsg.so"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Ban users through regular expression patterns +#<module name="m_rline.so"> +# +#-#-#-#-#-#-#-#-#-#-#-#- RLINE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# +# If you wish to re-check a user when they change nickname (can be +# useful under some situations, but *can* also use CPU with more users +# on a server) then set the following configuration value: +#<rline matchonnickchange="yes"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Provide /LIST throttling (to prevent flooding) and /LIST safety to # prevent excess flood when the list is large. @@ -1790,9 +2164,9 @@ # Securelist can be harmful to some irc search engines such as # # netsplit.de and searchirc.com. To prevent securelist blocking these # # sites from listing, define exception tags as shown below: # -<securelist exception="*@*.searchirc.org"> -<securelist exception="*@*.netsplit.de"> -<securelist exception="*@echo940.server4you.de"> +<securehost exception="*@*.searchirc.org"> +<securehost exception="*@*.netsplit.de"> +<securehost exception="*@echo940.server4you.de"> # # # Define the following variable to change how long a user must wait # # before issuing a LIST. If not defined, defaults to 60 seconds. # @@ -1812,13 +2186,20 @@ # Services support module: Adds several usermodes such as +R and +M # this module implements the 'identified' state via user mode +r, which # is similar to the DALnet and dreamforge systems. +# +# N O T E!! +# >> This CAN NOT be used at the same time as m_services_account << +# N O T E!! #<module name="m_services.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Services support module: Adds several usermodes such as +R and +M # this module implements the 'identified' state via account names (AC) # and is similar in operation to the way asuka and ircu handle services. -# it cannot be used at the same time as m_services, above. +# +# N O T E!! +# >> This CAN NOT be used at the same time as m_services << +# N O T E!! #<module name="m_services_account.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1842,8 +2223,8 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Spy module: Adds the commands SPYLIST and SPYNAMES that let opers # see who is in a +s channel, and list +s channels, show keys of keyed -# channels the oper is not a member of etc. (standard 'abusive' features -# of many other ircds, modulized here in InspIRCd). +# channels the oper is not a member of etc. Like most standard 'abusive' +# features of many other ircds, this is modular in InspIRCd. #<module name="m_spy.so"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# @@ -1921,14 +2302,6 @@ # # Sets the maximum number of entries on a users silence list. -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# Extended SILENCE module: Adds support for /SILENCE with additional -# features to silence based on invites, channel messages, etc. -#<module name="m_silence_ext.so"> -# -# The configuration tags for this module are identical to those of -# m_silence, shown above. - #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SQLite3 module: Allows other SQL modules to access SQLite3 # # databases through a unified API. You must link the source for this # @@ -1965,7 +2338,7 @@ #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SQL logging module: Allows you to log network-wide data for your -# network in a fully normalized set of SQL tables. You must copy the +# network in a fully normalised set of SQL tables. You must copy the # source for this module from the directory src/modules/extra #<module name="m_sqllog.so"> # @@ -1986,21 +2359,26 @@ #-#-#-#-#-#-#-#-#-#-#- SQLOPER CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # # # dbid - Database ID to use (see m_sql) # +# hash - Hashing provider to use for password hashing # # # # See also: http://www.inspircd.org/wiki/SQL_Oper_Storage_Module # # # -#<sqloper dbid="1"> +#<sqloper dbid="1" hash="md5"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SVSHold module: Implements SVSHOLD. Like Q:Lines, but can only be # # added/removed by Services. # #<module name="m_svshold.so"> - #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SWHOIS module: Allows you to add arbitary lines to user WHOIS. #<module name="m_swhois.so"> +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# Taxonomy module: Adds the /TAXONOMY command, used to view all +# metadata attached to a user. +#<module name="m_taxonomy.so"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Test command module: Does nothing significant. Read: pointless. #<module name="m_testcommand.so"> @@ -2058,6 +2436,14 @@ # # Sets the maximum number of entries on a user's watch list. +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# XLine database: Stores all *Lines (G/Z/K/R/any added by other modules) +# in a file "xline.db" which can be re-loaded on restart. This is useful +# for two reasons: it keeps bans so users may not evade them, and on +# bigger networks, server connections will take less time as there will +# be a lot less bans to apply - as most of them will already be there. +#<module name="m_xline_db.so"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # XMLSocket module: Adds support for connections using the shockwave # flash XMLSocket. Note that this does not work if the client you are @@ -2146,11 +2532,12 @@ <insane hostmasks="no" ipmasks="no" nickmasks="no" trigger="95.5"> + #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- YAWN -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # # # You should already know what to do here :) # -<die value="User error. Insert new user and press any key."> +<die value="User error. Insert new user and press any key. (you didn't edit your config properly.)"> #########################################################################