ansible-roles: ergo/templates/config.yaml.j2@35f2b1e680ed (annotated)

170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	1	# This is the default config file for Ergo.
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	2	# It contains recommended defaults for all settings, including some behaviors
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	3	# that differ from conventional ircds. See conventional.yaml for a config
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	4	# with more "mainstream" behavior.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	5	#
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	6	# If you are setting up a new ergo server, you should copy this file
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	7	# to a new one named 'ircd.yaml', then read the whole file to see which
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	8	# settings you want to customize. If you don't understand a setting, or
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	9	# aren't sure what behavior you want, most of the defaults are fine
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	10	# to start with (you can change them later, even on a running server).
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	11	# However, there are a few that you should probably change up front:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	12	# 1. network.name (a human-readable name that identifies your network,
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	13	# no spaces or special characters) and server.name (consider using the
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	14	# domain name of your server)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	15	# 2. if you have valid TLS certificates (for example, from letsencrypt.org),
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	16	# you should enable them in server.listeners in place of the default
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	17	# self-signed certificates
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	18	# 3. the operator password in the 'opers' section
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	19	# 4. by default, message history is enabled, using in-memory history storage
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	20	# and with messages expiring after 7 days. depending on your needs, you may
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	21	# want to disable history entirely, remove the expiration time, switch to
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	22	# persistent history stored in MySQL, or do something else entirely. See
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	23	# the 'history' section of the config.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	24
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	25	# network configuration
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	26	network:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	27	# name of the network
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	28	name: {{ergo_network_name}}
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	29
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	30	# server configuration
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	31	server:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	32	# server name
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	33	name: {{ergo_server_name}}
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	34
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	35	# addresses to listen on
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	36	listeners:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	37	# The standard plaintext port for IRC is 6667. Allowing plaintext over the
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	38	# public Internet poses serious security and privacy issues. Accordingly,
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	39	# we recommend using plaintext only on local (loopback) interfaces:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	40	# "127.0.0.1:6667": # (loopback ipv4, localhost-only)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	41	# "[::1]:6667": # (loopback ipv6, localhost-only)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	42	# If you need to serve plaintext on public interfaces, comment out the above
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	43	# two lines and uncomment the line below (which listens on all interfaces):
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	44	# ":6667":
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	45	# Alternately, if you have a TLS certificate issued by a recognized CA,
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	46	# you can configure port 6667 as an STS-only listener that only serves
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	47	# "redirects" to the TLS port, but doesn't allow chat. See the manual
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	48	# for details.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	49
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	50	# The standard SSL/TLS port for IRC is 6697. This will listen on all interfaces:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	51	# ":6697":
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	52	# tls:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	53	# cert: fullchain.pem
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	54	# key: privkey.pem
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	55	# # 'proxy' should typically be false. It's only for Kubernetes-style load
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	56	# # balancing that does not terminate TLS, but sends an initial PROXY line
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	57	# # in plaintext.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	58	# proxy: false
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	59
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	60	# Example of a Unix domain socket for proxying:
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	61	"/var/ergo/socket":
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	62
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	63	# Example of a Tor listener: any connection that comes in on this listener will
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	64	# be considered a Tor connection. It is strongly recommended that this listener
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	65	# not be on a public interface --- it should be on 127.0.0.0/8 or unix domain:
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	66	# "/hidden_service_sockets/ergo_tor_sock":
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	67	# tor: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	68
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	69	# Example of a WebSocket listener:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	70	# ":8097":
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	71	# websocket: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	72	# tls:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	73	# cert: fullchain.pem
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	74	# key: privkey.pem
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	75
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	76	# sets the permissions for Unix listen sockets. on a typical Linux system,
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	77	# the default is 0775 or 0755, which prevents other users/groups from connecting
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	78	# to the socket. With 0777, it behaves like a normal TCP socket
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	79	# where anyone can connect.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	80	unix-bind-mode: 0777
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	81
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	82	# configure the behavior of Tor listeners (ignored if you didn't enable any):
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	83	tor-listeners:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	84	# if this is true, connections from Tor must authenticate with SASL
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	85	require-sasl: false
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	86
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	87	# what hostname should be displayed for Tor connections?
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	88	vhost: "tor-network.onion"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	89
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	90	# allow at most this many connections at once (0 for no limit):
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	91	max-connections: 64
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	92
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	93	# connection throttling (limit how many connection attempts are allowed at once):
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	94	throttle-duration: 10m
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	95	# set to 0 to disable throttling:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	96	max-connections-per-duration: 64
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	97
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	98	# strict transport security, to get clients to automagically use TLS
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	99	sts:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	100	# whether to advertise STS
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	101	#
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	102	# to stop advertising STS, leave this enabled and set 'duration' below to "0". this will
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	103	# advertise to connecting users that the STS policy they have saved is no longer valid
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	104	enabled: false
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	105
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	106	# how long clients should be forced to use TLS for.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	107	# setting this to a too-long time will mean bad things if you later remove your TLS.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	108	# the default duration below is 1 month, 2 days and 5 minutes.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	109	duration: 1mo2d5m
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	110
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	111	# tls port - you should be listening on this port above
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	112	port: 6697
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	113
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	114	# should clients include this STS policy when they ship their inbuilt preload lists?
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	115	preload: false
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	116
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	117	websockets:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	118	# Restrict the origin of WebSocket connections by matching the "Origin" HTTP
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	119	# header. This settings makes ergo reject every WebSocket connection,
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	120	# except when it originates from one of the hosts in this list. Use this to
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	121	# prevent malicious websites from making their visitors connect to ergo
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	122	# without their knowledge. An empty list means that there are no restrictions.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	123	allowed-origins:
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	124	# - "https://ergo.io"
a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	125	# - "https://*.ergo.io"
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	126
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	127	# casemapping controls what kinds of strings are permitted as identifiers (nicknames,
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	128	# channel names, account names, etc.), and how they are normalized for case.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	129	# with the recommended default of 'precis', utf-8 identifiers that are "sane"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	130	# (according to RFC 8265) are allowed, and the server additionally tries to protect
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	131	# against confusable characters ("homoglyph attacks").
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	132	# the other options are 'ascii' (traditional ASCII-only identifiers), and 'permissive',
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	133	# which allows identifiers to contain unusual characters like emoji, but makes users
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	134	# vulnerable to homoglyph attacks. unless you're really confident in your decision,
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	135	# we recommend leaving this value at its default (changing it once the network is
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	136	# already up and running is problematic).
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	137	casemapping: "precis"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	138
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	139	# whether to look up user hostnames with reverse DNS.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	140	# (disabling this will expose user IPs instead of hostnames;
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	141	# to make IP/hostname information private, see the ip-cloaking section)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	142	lookup-hostnames: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	143	# whether to confirm hostname lookups using "forward-confirmed reverse DNS", i.e., for
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	144	# any hostname returned from reverse DNS, resolve it back to an IP address and reject it
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	145	# unless it matches the connecting IP
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	146	forward-confirm-hostnames: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	147
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	148	# use ident protocol to get usernames
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	149	check-ident: false
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	150
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	151	# password to login to the server
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	152	# generated using "ergo genpasswd"
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	153	#password: ""
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	154
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	155	# motd filename
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	156	# if you change the motd, you should move it to ircd.motd
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	157	motd: "/etc/ergo/motd"
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	158
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	159	# motd formatting codes
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	160	# if this is true, the motd is escaped using formatting codes like $c, $b, and $i
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	161	motd-formatting: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	162
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	163	# addresses/CIDRs the PROXY command can be used from
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	164	# this should be restricted to localhost (127.0.0.1/8, ::1/128, and unix sockets),
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	165	# unless you have a good reason. you should also add these addresses to the
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	166	# connection limits and throttling exemption lists.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	167	proxy-allowed-from:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	168	- localhost
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	169	# - "192.168.1.1"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	170	# - "192.168.10.1/24"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	171
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	172	# controls the use of the WEBIRC command (by IRC<->web interfaces, bouncers and similar)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	173	webirc:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	174	# one webirc block -- should correspond to one set of gateways
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	175	-
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	176	# SHA-256 fingerprint of the TLS certificate the gateway must use to connect
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	177	# (comment this out to use passwords only)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	178	fingerprint: "abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	179
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	180	# password the gateway uses to connect, made with ergo genpasswd
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	181	password: "$2a$04$abcdef0123456789abcdef0123456789abcdef0123456789abcde"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	182
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	183	# addresses/CIDRs that can use this webirc command
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	184	# you should also add these addresses to the connection limits and throttling exemption lists
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	185	hosts:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	186	- localhost
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	187	# - "192.168.1.1"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	188	# - "192.168.10.1/24"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	189
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	190	# allow use of the RESUME extension over plaintext connections:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	191	# do not enable this unless the ircd is only accessible over internal networks
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	192	allow-plaintext-resume: false
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	193
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	194	# maximum length of clients' sendQ in bytes
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	195	# this should be big enough to hold bursts of channel/direct messages
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	196	max-sendq: 96k
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	197
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	198	# compatibility with legacy clients
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	199	compatibility:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	200	# many clients require that the final parameter of certain messages be an
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	201	# RFC1459 trailing parameter, i.e., prefixed with :, whether or not this is
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	202	# actually required. this forces Ergo to send those parameters
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	203	# as trailings. this is recommended unless you're testing clients for conformance;
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	204	# defaults to true when unset for that reason.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	205	force-trailing: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	206
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	207	# some clients (ZNC 1.6.x and lower, Pidgin 2.12 and lower) do not
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	208	# respond correctly to SASL messages with the server name as a prefix:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	209	# https://github.com/znc/znc/issues/1212
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	210	# this works around that bug, allowing them to use SASL.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	211	send-unprefixed-sasl: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	212
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	213	# IP-based DoS protection
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	214	ip-limits:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	215	# whether to limit the total number of concurrent connections per IP/CIDR
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	216	count: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	217	# maximum concurrent connections per IP/CIDR
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	218	max-concurrent-connections: 16
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	219
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	220	# whether to restrict the rate of new connections per IP/CIDR
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	221	throttle: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	222	# how long to keep track of connections for
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	223	window: 10m
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	224	# maximum number of new connections per IP/CIDR within the given duration
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	225	max-connections-per-window: 32
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	226	# how long to ban offenders for. after banning them, the number of connections is
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	227	# reset, which lets you use /UNDLINE to unban people
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	228	throttle-ban-duration: 10m
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	229
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	230	# how wide the CIDR should be for IPv4 (a /32 is a fully specified IPv4 address)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	231	cidr-len-ipv4: 32
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	232	# how wide the CIDR should be for IPv6 (a /64 is the typical prefix assigned
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	233	# by an ISP to an individual customer for their LAN)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	234	cidr-len-ipv6: 64
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	235
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	236	# IPs/networks which are exempted from connection limits
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	237	exempted:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	238	- "localhost"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	239	# - "192.168.1.1"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	240	# - "2001:0db8::/32"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	241
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	242	# custom connection limits for certain IPs/networks. note that CIDR
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	243	# widths defined here override the default CIDR width --- the limit
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	244	# will apply to the entire CIDR no matter how large or small it is
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	245	custom-limits:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	246	# "8.8.0.0/16":
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	247	# max-concurrent-connections: 128
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	248	# max-connections-per-window: 1024
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	249
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	250	# IP cloaking hides users' IP addresses from other users and from channel admins
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	251	# (but not from server admins), while still allowing channel admins to ban
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	252	# offending IP addresses or networks. In place of hostnames derived from reverse
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	253	# DNS, users see fake domain names like pwbs2ui4377257x8.ergo. These names are
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	254	# generated deterministically from the underlying IP address, but if the underlying
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	255	# IP is not already known, it is infeasible to recover it from the cloaked name.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	256	ip-cloaking:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	257	# whether to enable IP cloaking
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	258	enabled: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	259
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	260	# fake TLD at the end of the hostname, e.g., pwbs2ui4377257x8.irc
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	261	# you may want to use your network name here
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	262	netname: "usr.{{ergo_network_name}}"
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	263
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	264	# the cloaked hostname is derived only from the CIDR (most significant bits
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	265	# of the IP address), up to a configurable number of bits. this is the
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	266	# granularity at which bans will take effect for IPv4. Note that changing
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	267	# this value will invalidate any stored bans.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	268	cidr-len-ipv4: 32
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	269
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	270	# analogous granularity for IPv6
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	271	cidr-len-ipv6: 64
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	272
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	273	# number of bits of hash output to include in the cloaked hostname.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	274	# more bits means less likelihood of distinct IPs colliding,
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	275	# at the cost of a longer cloaked hostname. if this value is set to 0,
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	276	# all users will receive simply `netname` as their cloaked hostname.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	277	num-bits: 64
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	278
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	279	# secure-nets identifies IPs and CIDRs which are secure at layer 3,
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	280	# for example, because they are on a trusted internal LAN or a VPN.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	281	# plaintext connections from these IPs and CIDRs will be considered
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	282	# secure (clients will receive the +Z mode and be allowed to resume
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	283	# or reattach to secure connections). note that loopback IPs are always
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	284	# considered secure:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	285	secure-nets:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	286	# - "10.0.0.0/8"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	287
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	288	# ergo will write files to disk under certain circumstances, e.g.,
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	289	# CPU profiling or data export. by default, these files will be written
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	290	# to the working directory. set this to customize:
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	291	output-path: "/var/ergo"
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	292
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	293	# account options
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	294	accounts:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	295	# is account authentication enabled, i.e., can users log into existing accounts?
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	296	authentication-enabled: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	297
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	298	# account registration
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	299	registration:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	300	# can users register new accounts for themselves? if this is false, operators with
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	301	# the `accreg` capability can still create accounts with `/NICKSERV SAREGISTER`
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	302	enabled: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	303
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	304	# global throttle on new account creation
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	305	throttling:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	306	enabled: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	307	# window
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	308	duration: 10m
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	309	# number of attempts allowed within the window
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	310	max-attempts: 30
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	311
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	312	# this is the bcrypt cost we'll use for account passwords
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	313	bcrypt-cost: 9
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	314
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	315	# length of time a user has to verify their account before it can be re-registered
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	316	verify-timeout: "32h"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	317
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	318	# callbacks to allow
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	319	enabled-callbacks:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	320	- none # no verification needed, will instantly register successfully
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	321
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	322	# example configuration for sending verification emails
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	323	# callbacks:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	324	# mailto:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	325	# sender: "[email protected]"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	326	# require-tls: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	327	# helo-domain: "my.network" # defaults to server name if unset
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	328	# dkim:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	329	# domain: "my.network"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	330	# selector: "20200229"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	331	# key-file: "dkim.pem"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	332	# # to use an MTA/smarthost instead of sending email directly:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	333	# # mta:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	334	# # server: localhost
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	335	# # port: 25
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	336	# # username: "admin"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	337	# # password: "hunter2"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	338	# blacklist-regexes:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	339	# # - ".*@mailinator.com"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	340
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	341	# throttle account login attempts (to prevent either password guessing, or DoS
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	342	# attacks on the server aimed at forcing repeated expensive bcrypt computations)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	343	login-throttling:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	344	enabled: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	345
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	346	# window
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	347	duration: 1m
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	348
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	349	# number of attempts allowed within the window
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	350	max-attempts: 3
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	351
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	352	# some clients (notably Pidgin and Hexchat) offer only a single password field,
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	353	# which makes it impossible to specify a separate server password (for the PASS
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	354	# command) and SASL password. if this option is set to true, a client that
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	355	# successfully authenticates with SASL will not be required to send
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	356	# PASS as well, so it can be configured to authenticate with SASL only.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	357	skip-server-password: false
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	358
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	359	# enable login to accounts via the PASS command, e.g., PASS account:password
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	360	# this is sometimes useful for compatibility with old clients that don't support SASL
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	361	login-via-pass-command: false
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	362
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	363	# require-sasl controls whether clients are required to have accounts
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	364	# (and sign into them using SASL) to connect to the server
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	365	require-sasl:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	366	# if this is enabled, all clients must authenticate with SASL while connecting
116 837cf4c1b717 updated irc settings. Luke Hoersten <luke@hoersten.org> parents: 115 diff changeset	367	enabled: true
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	368
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	369	# IPs/CIDRs which are exempted from the account requirement
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	370	exempted:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	371	- "localhost"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	372	# - '10.10.0.0/16'
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	373
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	374	# nick-reservation controls how, and whether, nicknames are linked to accounts
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	375	nick-reservation:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	376	# is there any enforcement of reserved nicknames?
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	377	enabled: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	378
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	379	# how many nicknames, in addition to the account name, can be reserved?
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	380	additional-nick-limit: 2
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	381
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	382	# method describes how nickname reservation is handled
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	383	# timeout: let the user change to the registered nickname, give them X seconds
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	384	# to login and then rename them if they haven't done so
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	385	# strict: don't let the user change to the registered nickname unless they're
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	386	# already logged-in using SASL or NickServ
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	387	# optional: no enforcement by default, but allow users to opt in to
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	388	# the enforcement level of their choice
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	389	#
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	390	# 'optional' matches the behavior of other NickServs, but 'strict' is
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	391	# preferable if all your users can enable SASL.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	392	method: strict
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	393
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	394	# allow users to set their own nickname enforcement status, e.g.,
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	395	# to opt out of strict enforcement
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	396	allow-custom-enforcement: false
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	397
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	398	# rename-timeout - this is how long users have 'til they're renamed
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	399	rename-timeout: 30s
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	400
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	401	# format for guest nicknames:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	402	# 1. these nicknames cannot be registered or reserved
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	403	# 2. if a client is automatically renamed by the server,
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	404	# this is the template that will be used (e.g., Guest-nccj6rgmt97cg)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	405	# 3. if enforce-guest-format (see below) is enabled, clients without
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	406	# a registered account will have this template applied to their
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	407	# nicknames (e.g., 'katie' will become 'Guest-katie')
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	408	guest-nickname-format: "Guest-*"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	409
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	410	# when enabled, forces users not logged into an account to use
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	411	# a nickname matching the guest template. a caveat: this may prevent
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	412	# users from choosing nicknames in scripts different from the guest
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	413	# nickname format.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	414	force-guest-format: false
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	415
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	416	# when enabled, forces users logged into an account to use the
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	417	# account name as their nickname. when combined with strict nickname
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	418	# enforcement, this lets users treat nicknames and account names
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	419	# as equivalent for the purpose of ban/invite/exception lists.
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	420	force-nick-equals-account: {{ergo_force_nick_equals_account}}
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	421
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	422	# multiclient controls whether ergo allows multiple connections to
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	423	# attach to the same client/nickname identity; this is part of the
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	424	# functionality traditionally provided by a bouncer like ZNC
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	425	multiclient:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	426	# when disabled, each connection must use a separate nickname (as is the
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	427	# typical behavior of IRC servers). when enabled, a new connection that
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	428	# has authenticated with SASL can associate itself with an existing
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	429	# client
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	430	enabled: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	431
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	432	# if this is disabled, clients have to opt in to bouncer functionality
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	433	# using nickserv or the cap system. if it's enabled, they can opt out
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	434	# via nickserv
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	435	allowed-by-default: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	436
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	437	# whether to allow clients that remain on the server even
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	438	# when they have no active connections. The possible values are:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	439	# "disabled", "opt-in", "opt-out", or "mandatory".
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	440	always-on: "opt-in"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	441
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	442	# whether to mark always-on clients away when they have no active connections:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	443	auto-away: "opt-in"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	444
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	445	# vhosts controls the assignment of vhosts (strings displayed in place of the user's
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	446	# hostname/IP) by the HostServ service
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	447	vhosts:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	448	# are vhosts enabled at all?
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	449	enabled: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	450
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	451	# maximum length of a vhost
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	452	max-length: 64
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	453
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	454	# regexp for testing the validity of a vhost
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	455	# (make sure any changes you make here are RFC-compliant)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	456	valid-regexp: '^[0-9A-Za-z.\-_/]+$'
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	457
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	458	# options controlling users requesting vhosts:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	459	user-requests:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	460	# can users request vhosts at all? if this is false, operators with the
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	461	# 'vhosts' capability can still assign vhosts manually
116 837cf4c1b717 updated irc settings. Luke Hoersten <luke@hoersten.org> parents: 115 diff changeset	462	enabled: true
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	463
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	464	# if uncommented, all new vhost requests will be dumped into the given
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	465	# channel, so opers can review them as they are sent in. ensure that you
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	466	# have registered and restricted the channel appropriately before you
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	467	# uncomment this.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	468	#channel: "#vhosts"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	469
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	470	# after a user's vhost has been approved or rejected, they need to wait
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	471	# this long (starting from the time of their original request)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	472	# before they can request a new one.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	473	cooldown: 168h
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	474
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	475	# vhosts that users can take without approval, using `/HS TAKE`
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	476	offer-list:
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	477	#- "ergo.test"
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	478
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	479	# modes that are set by default when a user connects
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	480	# if unset, no user modes will be set by default
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	481	# +i is invisible (a user's channels are hidden from whois replies)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	482	# see /QUOTE HELP umodes for more user modes
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	483	default-user-modes: +i
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	484
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	485	# support for deferring password checking to an external LDAP server
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	486	# you should probably ignore this section! consult the grafana docs for details:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	487	# https://grafana.com/docs/grafana/latest/auth/ldap/
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	488	# you will probably want to set require-sasl and disable accounts.registration.enabled
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	489	# ldap:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	490	# enabled: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	491	# # should we automatically create users if their LDAP login succeeds?
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	492	# autocreate: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	493	# # example configuration that works with Forum Systems's testing server:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	494	# # https://www.forumsys.com/tutorials/integration-how-to/ldap/online-ldap-test-server/
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	495	# host: "ldap.forumsys.com"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	496	# port: 389
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	497	# timeout: 30s
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	498	# # example "single-bind" configuration, where we bind directly to the user's entry:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	499	# bind-dn: "uid=%s,dc=example,dc=com"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	500	# # example "admin bind" configuration, where we bind to an initial admin user,
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	501	# # then search for the user's entry with a search filter:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	502	# #search-base-dns:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	503	# # - "dc=example,dc=com"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	504	# #bind-dn: "cn=read-only-admin,dc=example,dc=com"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	505	# #bind-password: "password"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	506	# #search-filter: "(uid=%s)"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	507	# # example of requiring that users be in a particular group
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	508	# # (note that this is an OR over the listed groups, not an AND):
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	509	# #require-groups:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	510	# # - "ou=mathematicians,dc=example,dc=com"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	511	# #group-search-filter-user-attribute: "dn"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	512	# #group-search-filter: "(uniqueMember=%s)"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	513	# #group-search-base-dns:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	514	# # - "dc=example,dc=com"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	515	# # example of group membership testing via user attributes, as in AD
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	516	# # or with OpenLDAP's "memberOf overlay" (overrides group-search-filter):
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	517	# attributes:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	518	# member-of: "memberOf"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	519
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	520	# channel options
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	521	channels:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	522	# modes that are set when new channels are created
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	523	# +n is no-external-messages and +t is op-only-topic
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	524	# see /QUOTE HELP cmodes for more channel modes
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	525	default-modes: +nt
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	526
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	527	# how many channels can a client be in at once?
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	528	max-channels-per-client: 100
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	529
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	530	# if this is true, new channels can only be created by operators with the
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	531	# `chanreg` operator capability
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	532	operator-only-creation: false
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	533
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	534	# channel registration - requires an account
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	535	registration:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	536	# can users register new channels?
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	537	enabled: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	538
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	539	# restrict new channel registrations to operators only?
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	540	# (operators can then transfer channels to regular users using /CS TRANSFER)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	541	operator-only: false
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	542
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	543	# how many channels can each account register?
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	544	max-channels-per-account: 15
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	545
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	546	# as a crude countermeasure against spambots, anonymous connections younger
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	547	# than this value will get an empty response to /LIST (a time period of 0 disables)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	548	list-delay: 0s
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	549
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	550	# operator classes
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	551	oper-classes:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	552	# local operator
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	553	"local-oper":
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	554	# title shown in WHOIS
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	555	title: Local Operator
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	556
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	557	# capability names
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	558	capabilities:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	559	- "local_kill"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	560	- "local_ban"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	561	- "local_unban"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	562	- "nofakelag"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	563	- "roleplay"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	564
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	565	# network operator
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	566	"network-oper":
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	567	# title shown in WHOIS
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	568	title: Network Operator
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	569
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	570	# oper class this extends from
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	571	extends: "local-oper"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	572
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	573	# capability names
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	574	capabilities:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	575	- "remote_kill"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	576	- "remote_ban"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	577	- "remote_unban"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	578
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	579	# server admin
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	580	"server-admin":
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	581	# title shown in WHOIS
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	582	title: Server Admin
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	583
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	584	# oper class this extends from
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	585	extends: "local-oper"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	586
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	587	# capability names
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	588	capabilities:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	589	- "rehash"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	590	- "die"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	591	- "accreg"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	592	- "sajoin"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	593	- "samode"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	594	- "vhosts"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	595	- "chanreg"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	596	- "history"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	597
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	598	# ircd operators
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	599	opers:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	600	# operator named 'admin'; log in with /OPER admin [password]
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	601	admin:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	602	# which capabilities this oper has access to
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	603	class: "server-admin"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	604
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	605	# custom whois line
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	606	whois-line: "server admin"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	607
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	608	# custom hostname
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	609	vhost: "opr.{{ergo_network_name}}"
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	610
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	611	# modes are the modes to auto-set upon opering-up
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	612	modes: +is acjknoqtuxv
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	613
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	614	# operators can be authenticated either by password (with the /OPER command),
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	615	# or by certificate fingerprint, or both. if a password hash is set, then a
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	616	# password is required to oper up (e.g., /OPER dan mypassword). to generate
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	617	# the hash, use `ergo genpasswd`.
a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	618	password: "{{ergo_oper_pass_hash}}"
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	619
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	620	# if a SHA-256 certificate fingerprint is configured here, then it will be
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	621	# required to /OPER. if you comment out the password hash above, then you can
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	622	# /OPER without a password.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	623	#fingerprint: "abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	624	# if 'auto' is set (and no password hash is set), operator permissions will be
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	625	# granted automatically as soon as you connect with the right fingerprint.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	626	#auto: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	627
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	628	# logging, takes inspiration from Insp
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	629	logging:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	630	-
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	631	# how to log these messages
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	632	#
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	633	# file log to a file
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	634	# stdout log to stdout
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	635	# stderr log to stderr
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	636	# (you can specify multiple methods, e.g., to log to both stderr and a file)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	637	method: stdout
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	638
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	639	# filename to log to, if file method is selected
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	640	# filename: ircd.log
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	641
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	642	# type(s) of logs to keep here. you can use - to exclude those types
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	643	#
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	644	# exclusions take precedent over inclusions, so if you exclude a type it will NEVER
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	645	# be logged, even if you explicitly include it
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	646	#
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	647	# useful types include:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	648	# * everything (usually used with exclusing some types below)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	649	# server server startup, rehash, and shutdown events
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	650	# accounts account registration and authentication
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	651	# channels channel creation and operations
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	652	# commands command calling and operations
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	653	# opers oper actions, authentication, etc
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	654	# services actions related to NickServ, ChanServ, etc.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	655	# internal unexpected runtime behavior, including potential bugs
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	656	# userinput raw lines sent by users
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	657	# useroutput raw lines sent to users
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	658	type: "* -userinput -useroutput"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	659
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	660	# one of: debug info warn error
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	661	level: info
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	662	#-
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	663	# # example of a file log that avoids logging IP addresses
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	664	# method: file
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	665	# filename: ircd.log
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	666	# type: "* -userinput -useroutput -connect-ip"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	667	# level: debug
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	668
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	669	# debug options
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	670	debug:
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	671	# when enabled, ergo will attempt to recover from certain kinds of
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	672	# client-triggered runtime errors that would normally crash the server.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	673	# this makes the server more resilient to DoS, but could result in incorrect
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	674	# behavior. deployments that would prefer to "start from scratch", e.g., by
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	675	# letting the process crash and auto-restarting it with systemd, can set
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	676	# this to false.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	677	recover-from-errors: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	678
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	679	# optionally expose a pprof http endpoint: https://golang.org/pkg/net/http/pprof/
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	680	# it is strongly recommended that you don't expose this on a public interface;
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	681	# if you need to access it remotely, you can use an SSH tunnel.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	682	# set to `null`, "", leave blank, or omit to disable
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	683	# pprof-listener: "localhost:6060"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	684
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	685	# datastore configuration
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	686	datastore:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	687	# path to the datastore
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	688	path: "/var/ergo/ergo.db"
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	689
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	690	# if the database schema requires an upgrade, `autoupgrade` will attempt to
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	691	# perform it automatically on startup. the database will be backed
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	692	# up, and if the upgrade fails, the original database will be restored.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	693	autoupgrade: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	694
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	695	# connection information for MySQL (currently only used for persistent history):
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	696	mysql:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	697	enabled: false
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	698	host: "localhost"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	699	port: 3306
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	700	# if socket-path is set, it will be used instead of host:port
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	701	#socket-path: "/var/run/mysqld/mysqld.sock"
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	702	user: "ergo"
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	703	password: "hunter2"
170 a20a6d03747f Updated versions: minecraft, miniflux, pleroma, writefreely, ergo-oragono. Luke Hoersten <luke@hoersten.org> parents: 142 diff changeset	704	history-database: "ergo_history"
114 34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	705	timeout: 3s
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	706
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	707	# languages config
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	708	languages:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	709	# whether to load languages
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	710	enabled: false
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	711
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	712	# default language to use for new clients
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	713	# 'en' is the default English language in the code
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	714	default: en
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	715
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	716	# which directory contains our language files
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	717	path: languages
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	718
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	719	# limits - these need to be the same across the network
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	720	limits:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	721	# nicklen is the max nick length allowed
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	722	nicklen: 32
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	723
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	724	# identlen is the max ident length allowed
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	725	identlen: 20
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	726
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	727	# channellen is the max channel length allowed
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	728	channellen: 64
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	729
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	730	# awaylen is the maximum length of an away message
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	731	awaylen: 500
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	732
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	733	# kicklen is the maximum length of a kick message
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	734	kicklen: 1000
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	735
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	736	# topiclen is the maximum length of a channel topic
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	737	topiclen: 1000
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	738
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	739	# maximum number of monitor entries a client can have
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	740	monitor-entries: 100
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	741
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	742	# whowas entries to store
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	743	whowas-entries: 100
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	744
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	745	# maximum length of channel lists (beI modes)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	746	chan-list-modes: 60
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	747
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	748	# maximum number of messages to accept during registration (prevents
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	749	# DoS / resource exhaustion attacks):
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	750	registration-messages: 1024
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	751
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	752	# message length limits for the new multiline cap
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	753	multiline:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	754	max-bytes: 4096 # 0 means disabled
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	755	max-lines: 100 # 0 means no limit
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	756
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	757	# fakelag: prevents clients from spamming commands too rapidly
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	758	fakelag:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	759	# whether to enforce fakelag
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	760	enabled: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	761
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	762	# time unit for counting command rates
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	763	window: 1s
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	764
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	765	# clients can send this many commands without fakelag being imposed
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	766	burst-limit: 5
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	767
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	768	# once clients have exceeded their burst allowance, they can send only
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	769	# this many commands per `window`:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	770	messages-per-window: 2
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	771
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	772	# client status resets to the default state if they go this long without
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	773	# sending any commands:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	774	cooldown: 2s
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	775
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	776	# the roleplay commands are semi-standardized extensions to IRC that allow
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	777	# sending and receiving messages from pseudo-nicknames. this can be used either
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	778	# for actual roleplaying, or for bridging IRC with other protocols.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	779	roleplay:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	780	# are roleplay commands enabled at all? (channels and clients still have to
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	781	# opt in individually with the +E mode)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	782	enabled: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	783
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	784	# require the "roleplay" oper capability to send roleplay messages?
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	785	require-oper: false
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	786
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	787	# require channel operator permissions to send roleplay messages?
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	788	require-chanops: false
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	789
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	790	# add the real nickname, in parentheses, to the end of every roleplay message?
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	791	add-suffix: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	792
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	793	# history message storage: this is used by CHATHISTORY, HISTORY, znc.in/playback,
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	794	# various autoreplay features, and the resume extension
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	795	history:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	796	# should we store messages for later playback?
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	797	# by default, messages are stored in RAM only; they do not persist
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	798	# across server restarts. however, you may want to understand how message
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	799	# history interacts with the GDPR and/or any data privacy laws that apply
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	800	# in your country and the countries of your users.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	801	enabled: true
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	802
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	803	# how many channel-specific events (messages, joins, parts) should be tracked per channel?
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	804	channel-length: 2048
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	805
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	806	# how many direct messages and notices should be tracked per user?
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	807	client-length: 256
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	808
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	809	# how long should we try to preserve messages?
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	810	# if `autoresize-window` is 0, the in-memory message buffers are preallocated to
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	811	# their maximum length. if it is nonzero, the buffers are initially small and
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	812	# are dynamically expanded up to the maximum length. if the buffer is full
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	813	# and the oldest message is older than `autoresize-window`, then it will overwrite
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	814	# the oldest message rather than resize; otherwise, it will expand if possible.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	815	autoresize-window: 3d
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	816
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	817	# number of messages to automatically play back on channel join (0 to disable):
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	818	autoreplay-on-join: 0
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	819
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	820	# maximum number of CHATHISTORY messages that can be
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	821	# requested at once (0 disables support for CHATHISTORY)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	822	chathistory-maxmessages: 100
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	823
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	824	# maximum number of messages that can be replayed at once during znc emulation
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	825	# (znc.in/playback, or automatic replay on initial reattach to a persistent client):
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	826	znc-maxmessages: 2048
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	827
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	828	# options to delete old messages, or prevent them from being retrieved
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	829	restrictions:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	830	# if this is set, messages older than this cannot be retrieved by anyone
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	831	# (and will eventually be deleted from persistent storage, if that's enabled)
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	832	expire-time: 1w
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	833
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	834	# if this is set, logged-in users cannot retrieve messages older than their
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	835	# account registration date, and logged-out users cannot retrieve messages
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	836	# older than their sign-on time (modulo grace-period, see below):
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	837	enforce-registration-date: false
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	838
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	839	# but if this is set, you can retrieve messages that are up to `grace-period`
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	840	# older than the above cutoff time. this is recommended to allow logged-out
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	841	# users to do session resumption / query history after disconnections.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	842	grace-period: 1h
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	843
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	844	# options to store history messages in a persistent database (currently only MySQL):
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	845	persistent:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	846	enabled: false
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	847
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	848	# store unregistered channel messages in the persistent database?
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	849	unregistered-channels: false
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	850
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	851	# for a registered channel, the channel owner can potentially customize
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	852	# the history storage setting. as the server operator, your options are
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	853	# 'disabled' (no persistent storage, regardless of per-channel setting),
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	854	# 'opt-in', 'opt-out', and 'mandatory' (force persistent storage, ignoring
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	855	# per-channel setting):
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	856	registered-channels: "opt-out"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	857
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	858	# direct messages are only stored in the database for logged-in clients;
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	859	# you can control how they are stored here (same options as above).
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	860	# if you enable this, strict nickname reservation is strongly recommended
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	861	# as well.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	862	direct-messages: "opt-out"
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	863
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	864	# options to control how messages are stored and deleted:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	865	retention:
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	866	# allow users to delete their own messages from history?
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	867	allow-individual-delete: false
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	868
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	869	# if persistent history is enabled, create additional index tables,
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	870	# allowing deletion of JSON export of an account's messages. this
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	871	# may be needed for compliance with data privacy regulations.
34c8632d763d Added oragono role. Luke Hoersten <luke@hoersten.org> parents: diff changeset	872	enable-account-indexing: false

author	Luke Hoersten <luke@hoersten.org>
	Sun, 08 Jan 2023 21:50:33 -0600
changeset 206	35f2b1e680ed
parent 170	a20a6d03747f
permissions	-rw-r--r--