atheme/templates/atheme.conf.j2
changeset 113 d843011c249d
equal deleted inserted replaced
112:22c06d6916bf 113:d843011c249d
       
     1 /* This is an example configuration for Services.
       
     2  *
       
     3  * All statements end in semi-colons (';').
       
     4  * Shell style, C style, and C++ style comments may be used.
       
     5  *
       
     6  * Items marked with "(*)" are reconfigurable at runtime via REHASH.
       
     7  */
       
     8 
       
     9 /******************************************************************************
       
    10  * MODULES SECTION.                                                           *
       
    11  ******************************************************************************/
       
    12 
       
    13 /*
       
    14  * These are the modules included with the core distribution of Services.
       
    15  *
       
    16  * You may be interested in the atheme community modules distribution as
       
    17  * well, which adds additional features that may or may not be compatible
       
    18  * with the project paradigms intended for maintainance of the core of
       
    19  * atheme-services.
       
    20  *
       
    21  * Visit the atheme-services website for more information and to download them.
       
    22  *
       
    23  * Modules marked [experimental] will taint your atheme-services instance. Do
       
    24  * not file any bug reports with us about using Services with those modules;
       
    25  * they will be ignored.
       
    26  */
       
    27 
       
    28 /* Dynamic security modules.
       
    29  *
       
    30  * WARNING: If you select one of these modules, the default security policy included
       
    31  * with Atheme may break.  These modules are intended for people who know what they
       
    32  * are doing and understand the implications of what they do.  Security modules which
       
    33  * are likely to break the default policy are prefixed with [!], if you are new to
       
    34  * Atheme, you should avoid enabling them.
       
    35  *
       
    36  * If you find your security policy is broken, you may debug it while allowing normal
       
    37  * operation of your IRC network by putting Atheme into "permissive mode".  To do this,
       
    38  * enable general::permissive_mode.
       
    39  *
       
    40  * [!] Infer "command:" namespace permissions   modules/security/cmdperm
       
    41  */
       
    42 #loadmodule "modules/security/cmdperm";
       
    43 
       
    44 /* Protocol module.
       
    45  *
       
    46  * Please select a protocol module. Different servers use different protocols.
       
    47  * Below is a listing of ircd's known to work with the various protocol modules
       
    48  * available.
       
    49  *
       
    50  * Asuka 1.2.1 or later                         modules/protocol/asuka
       
    51  * Bahamut 2.1.x                                modules/protocol/bahamut
       
    52  * Charybdis IRCd                               modules/protocol/charybdis
       
    53  * ChatIRCd                                     modules/protocol/chatircd1.1
       
    54  * DreamForge 4.6.7 or later                    modules/protocol/dreamforge
       
    55  * InspIRCd 2.0                                 modules/protocol/inspircd
       
    56  * ircd-ratbox 2.0 and later                    modules/protocol/ratbox
       
    57  * IRCNet ircd (ircd 2.11)                      modules/protocol/ircnet
       
    58  * ircd-seven                                   modules/protocol/ircd-seven
       
    59  * Nefarious IRCu 0.4.0 or later                modules/protocol/nefarious
       
    60  * ngIRCd 19 or later [experimental]            modules/protocol/ngircd
       
    61  * UnrealIRCd 3.2.*                             modules/protocol/unreal
       
    62  * UnrealIRCd 4 or later                        modules/protocol/unreal4
       
    63  *
       
    64  * If your IRCd vendor has supplied a module file, build it and load it here
       
    65  * instead of one above.
       
    66  */
       
    67 loadmodule "modules/protocol/ngircd";
       
    68 
       
    69 /* Protocol mixins.
       
    70  *
       
    71  * These should be used if you do not have/want certain features on your
       
    72  * network that your ircd normally has. If you do not know what this means,
       
    73  * you do not need any of them.
       
    74  *
       
    75  * Disable halfops                              modules/protocol/mixin_nohalfops
       
    76  * Disable holdnick (use enforcer clients)      modules/protocol/mixin_noholdnick
       
    77  * Disable "protect" mode on channels           modules/protocol/mixin_noprotect
       
    78  * Disable "owner" mode on channels             modules/protocol/mixin_noowner
       
    79  */
       
    80 #loadmodule "modules/protocol/mixin_nohalfops";
       
    81 #loadmodule "modules/protocol/mixin_noholdnick";
       
    82 #loadmodule "modules/protocol/mixin_noprotect";
       
    83 #loadmodule "modules/protocol/mixin_noowner";
       
    84 
       
    85 /* Database backend module.
       
    86  *
       
    87  * Please select a database backend module. Different backends allow for
       
    88  * different ways in which the services data can be manipulated. YOU MAY
       
    89  * ONLY HAVE ONE OF THESE BACKENDS LOADED.
       
    90  *
       
    91  * The following backends are available:
       
    92  *
       
    93  * Atheme 0.1 flatfile database format          modules/backend/flatfile
       
    94  * Open Services Exchange database format       modules/backend/opensex
       
    95  *
       
    96  * Most networks will want opensex.
       
    97  */
       
    98 loadmodule "modules/backend/opensex";
       
    99 
       
   100 /* Password hashing modules.
       
   101  *
       
   102  * If you would like encryption for your services passwords, or to migrate
       
   103  * from another IRC services package which used encryption for its passwords,
       
   104  * please select a module here.
       
   105  *
       
   106  * The following encryption-capable crypto modules are available:
       
   107  *
       
   108  *   Argon2 (Password Hashing Competition 2015)    modules/crypto/argon2
       
   109  *   scrypt (Tarsnap Online Backup Service)        modules/crypto/scrypt
       
   110  *   PBKDF2 (Including support for SASL SCRAM-SHA) modules/crypto/pbkdf2v2
       
   111  *   bcrypt (EksBlowfish; from Niels Provos etc.)  modules/crypto/bcrypt
       
   112  *   SHA2-512 crypt(3) a la '$6$...'               modules/crypto/crypt3-sha2-512
       
   113  *   SHA2-256 crypt(3) a la '$5$...'               modules/crypto/crypt3-sha2-256
       
   114  *
       
   115  * If you do not load an encryption-capable crypto module, some features will
       
   116  * not work correctly, and errors will be logged on e.g. user registration
       
   117  * that it was not possible to encrypt their password. Support for running
       
   118  * without an encryption-capable crypto module will be removed in a later
       
   119  * version of this software; for now it is just *HIGHLY* discouraged.
       
   120  *
       
   121  * Note, that upon starting with an encryption-capable crypto module, YOUR
       
   122  * UNENCRYPTED PASSWORDS ARE IMMEDIATELY AND *IRREVERSIBLY* CONVERTED. Make
       
   123  * at least TWO backups of your database before experimenting with this. If
       
   124  * you have several thousand accounts, this conversion may take a long time.
       
   125  *
       
   126  * The following modules can only be used to /verify/ existing encrypted
       
   127  * passwords, for example when upgrading from an older version of this
       
   128  * software, or migrating from something else:
       
   129  *
       
   130  *   PBKDF2 v1 (Atheme <= 7.2 compatibility)       modules/crypto/pbkdf2
       
   131  *   Raw SHA2-512                                  modules/crypto/rawsha2-512
       
   132  *   Raw SHA2-256                                  modules/crypto/rawsha2-256
       
   133  *   Anope SHA2-256 (Anope 2.0 compatibility)      modules/crypto/anope-enc-sha256
       
   134  *   Raw SHA1 (Anope ~1.8 compatibility)           modules/crypto/rawsha1
       
   135  *   Raw MD5 (Anope ~1.8 compatibility)            modules/crypto/rawmd5
       
   136  *   IRCServices (+ Anope) compatibility           modules/crypto/ircservices
       
   137  *   MD5 crypt(3) (Atheme Linux compatibility)     modules/crypto/crypt3-md5
       
   138  *   DES crypt(3) (Atheme OS X compatibility)      modules/crypto/crypt3-des
       
   139  *   Base64 (Anope ~1.8 compatibility)             modules/crypto/base64
       
   140  *
       
   141  * To transition between crypto schemes, load the preferred scheme first,
       
   142  * and as users login or set new passwords, they will be migrated to the new
       
   143  * preferred scheme. Like so:
       
   144  *
       
   145  * loadmodule "modules/crypto/argon2";
       
   146  * loadmodule "modules/crypto/scrypt";
       
   147  * loadmodule "modules/crypto/pbkdf2v2";
       
   148  * loadmodule "modules/crypto/pbkdf2";
       
   149  * loadmodule "modules/crypto/crypt3-md5";
       
   150  *
       
   151  * The Argon2 module requires the argon2 reference library (./configure
       
   152  * --with-argon2) and is *NOT* available in Atheme v7.2 or earlier. If you
       
   153  * wish to use this module while retaining the possibility to downgrade to
       
   154  * v7.2, please see the crypto {} documentation below.
       
   155  *
       
   156  * The Scrypt module requires libsodium (./configure --with-libsodium) and is
       
   157  * *NOT* available in Atheme v7.2 or earlier. This module may also require a
       
   158  * 64-bit Operating System to function correctly.
       
   159  *
       
   160  * The PBKDF2v2 module has no dependencies and is recommended. If you were
       
   161  * previously using the PBKDF2 v1 module on v7.2, you must still keep it in
       
   162  * the configuration here; the PBKDF2 v2 module cannot verify its password
       
   163  * hashes. However, you should also load PBKDF2 v2 (if you don't decide to use
       
   164  * anything else), because the PBKDF2 v1 module is now verify-only.
       
   165  *
       
   166  * The bcrypt module will truncate passwords greater than 72 characters. It is
       
   167  * also capable of verifying the older $2a$ digests that contain an integer
       
   168  * wrap-around bug, as used on e.g. Anope. It is not capable of verifying the
       
   169  * PHP-bcrypt $2x$ and $2y$ digests; but $2y$ can simply be changed to $2b$.
       
   170  * All successfully-verified passwords not using $2b$ will be converted to it.
       
   171  * This is an encryption-capable module, but its use is discouraged unless you
       
   172  * need to use it for interoperability with some other piece of software.
       
   173  *
       
   174  * The crypt3-* modules depend on your platform crypt(3) supporting the
       
   175  * respective algorithms. This is not guaranteed to be the case. If you used
       
   176  * modules/crypto/posix on Linux, you need crypt3-md5. If you used
       
   177  * modules/crypto/posix on OS X, you need crypt3-des. These modules issue
       
   178  * informational messages when loaded to the effect that they might break in
       
   179  * the future. They also run selftests on load to verify that they will work.
       
   180  *
       
   181  * All available modules are listed below, in the preferred load order. The
       
   182  * modules that are commented out are not available by default (please see
       
   183  * the v7.3 release notes in NEWS.md) or may require a third-party library to
       
   184  * use. If you know that you do not need a specific module, it is better to
       
   185  * not load it, so comment it out. Do not change the order of the modules
       
   186  * below unless you need to migrate from one to the other (as described
       
   187  * above); in particular, putting verify-only modules above encryption-
       
   188  * capable modules would be a waste of CPU time every time password
       
   189  * verification for a user whose password was not encrypted by them is
       
   190  * attempted.
       
   191  *
       
   192  * Comments that start with -- describe the ./configure option necessary to
       
   193  * have this module built.
       
   194  */
       
   195 #loadmodule "modules/crypto/argon2";            /* --with-argon2 */
       
   196 #loadmodule "modules/crypto/scrypt";            /* --with-sodium */
       
   197 loadmodule "modules/crypto/pbkdf2v2";
       
   198 #loadmodule "modules/crypto/bcrypt";            /* See notes above */
       
   199 loadmodule "modules/crypto/pbkdf2";             /* Verify-only, see prev. */
       
   200 #loadmodule "modules/crypto/crypt3-sha2-512";   /* Needs crypt(3) support */
       
   201 #loadmodule "modules/crypto/crypt3-sha2-256";   /* Needs crypt(3) support */
       
   202 #loadmodule "modules/crypto/crypt3-md5";        /* --enable-legacy-pwcrypto */
       
   203 #loadmodule "modules/crypto/rawsha2-512";       /* --enable-legacy-pwcrypto */
       
   204 #loadmodule "modules/crypto/rawsha2-256";       /* --enable-legacy-pwcrypto */
       
   205 #loadmodule "modules/crypto/anope-enc-sha256";  /* --enable-legacy-pwcrypto */
       
   206 #loadmodule "modules/crypto/rawsha1";           /* --enable-legacy-pwcrypto */
       
   207 #loadmodule "modules/crypto/rawmd5";            /* --enable-legacy-pwcrypto */
       
   208 #loadmodule "modules/crypto/ircservices";       /* --enable-legacy-pwcrypto */
       
   209 #loadmodule "modules/crypto/crypt3-des";        /* --enable-legacy-pwcrypto */
       
   210 #loadmodule "modules/crypto/base64";            /* --enable-legacy-pwcrypto */
       
   211 
       
   212 /* Authentication module.
       
   213  *
       
   214  * These allow using passwords from an external system. The password given
       
   215  * when registering a new account is also checked against the external
       
   216  * system.
       
   217  *
       
   218  * The following authentication modules are available:
       
   219  *
       
   220  * LDAP                                         modules/auth/ldap
       
   221  *
       
   222  * The LDAP module requires OpenLDAP client libraries. It uses them in a
       
   223  * synchronous manner, which means that an unresponsive LDAP server can
       
   224  * freeze services.
       
   225  */
       
   226 #loadmodule "modules/auth/ldap";
       
   227 
       
   228 /* NickServ modules.
       
   229  *
       
   230  * Here you can disable or enable certain features of NickServ, by
       
   231  * defining which modules are loaded. You can even disable NickServ
       
   232  * entirely. Please note however, that an authentication service
       
   233  * (either NickServ, or UserServ) is required for proper functionality.
       
   234  *
       
   235  * Core components                              modules/nickserv/main
       
   236  * Nickname access lists                        modules/nickserv/access
       
   237  * Bad email address blocking                   modules/nickserv/badmail
       
   238  * CertFP fingerprint managment                 modules/nickserv/cert
       
   239  * DROP command                                 modules/nickserv/drop
       
   240  * Nickname enforcement                         modules/nickserv/enforce
       
   241  * GHOST command                                modules/nickserv/ghost
       
   242  * GROUP and UNGROUP commands                   modules/nickserv/group
       
   243  * HELP command                                 modules/nickserv/help
       
   244  * Nickname expiry override (HOLD command)      modules/nickserv/hold
       
   245  * IDENTIFY command                             modules/nickserv/identify
       
   246  * INFO command                                 modules/nickserv/info
       
   247  * Last quit message in INFO                    modules/nickserv/info_lastquit
       
   248  * LIST command                                 modules/nickserv/list
       
   249  * LISTLOGINS command                           modules/nickserv/listlogins
       
   250  * LISTMAIL command                             modules/nickserv/listmail
       
   251  * LISTOWNMAIL command                          modules/nickserv/listownmail
       
   252  * LOGIN command (for no_nick_ownership)        modules/nickserv/login
       
   253  * LOGOUT command                               modules/nickserv/logout
       
   254  * MARK command                                 modules/nickserv/mark
       
   255  * Password quality validation                  modules/nickserv/pwquality
       
   256  * FREEZE command                               modules/nickserv/freeze
       
   257  * LISTCHANS command                            modules/nickserv/listchans
       
   258  * LISTGROUPS command                           modules/nickserv/listgroups
       
   259  * REGISTER command                             modules/nickserv/register
       
   260  * Bypass registration limits (REGNOLIMIT)      modules/nickserv/regnolimit
       
   261  * Password reset (RESETPASS command)           modules/nickserv/resetpass
       
   262  * RESTRICT command                             modules/nickserv/restrict
       
   263  * Password return (RETURN command)             modules/nickserv/return
       
   264  * Password retrieval (SENDPASS command)        modules/nickserv/sendpass
       
   265  * Password retrieval allowed to normal users   modules/nickserv/sendpass_user
       
   266  * Change primary nickname (SET ACCOUNTNAME)    modules/nickserv/set_accountname
       
   267  * SET EMAIL command                            modules/nickserv/set_email
       
   268  * SET EMAILMEMOS command                       modules/nickserv/set_emailmemos
       
   269  * SET ENFORCETIME command                      modules/nickserv/set_enforcetime
       
   270  * SET HIDEMAIL command                         modules/nickserv/set_hidemail
       
   271  * SET LANGUAGE command                         modules/nickserv/set_language
       
   272  * SET NEVERGROUP command                       modules/nickserv/set_nevergroup
       
   273  * SET NEVEROP command                          modules/nickserv/set_neverop
       
   274  * SET NOGREET command                          modules/nickserv/set_nogreet
       
   275  * SET NOMEMO command                           modules/nickserv/set_nomemo
       
   276  * SET NOOP command                             modules/nickserv/set_noop
       
   277  * SET NOPASSWORD command                       modules/nickserv/set_nopassword
       
   278  * SET PASSWORD command                         modules/nickserv/set_password
       
   279  * PRIVMSG instead of NOTICE (SET PRIVMSG cmd)  modules/nickserv/set_privmsg
       
   280  * Account info hiding (SET PRIVATE command)    modules/nickserv/set_private
       
   281  * SET PROPERTY command                         modules/nickserv/set_property
       
   282  * SET PUBKEY command                           modules/nickserv/set_pubkey
       
   283  * SET QUIETCHG command                         modules/nickserv/set_quietchg
       
   284  * Password retrieval uses code (SETPASS cmd)   modules/nickserv/setpass
       
   285  * STATUS command                               modules/nickserv/status
       
   286  * Nickname metadata viewer (TAXONOMY command)  modules/nickserv/taxonomy
       
   287  * VACATION command                             modules/nickserv/vacation
       
   288  * VERIFY command                               modules/nickserv/verify
       
   289  * VHOST command                                modules/nickserv/vhost
       
   290  * Delay services account registrations         modules/nickserv/waitreg
       
   291  */
       
   292 loadmodule "modules/nickserv/main";
       
   293 #loadmodule "modules/nickserv/access";
       
   294 loadmodule "modules/nickserv/badmail";
       
   295 #loadmodule "modules/nickserv/cert";
       
   296 loadmodule "modules/nickserv/drop";
       
   297 #loadmodule "modules/nickserv/enforce";
       
   298 loadmodule "modules/nickserv/ghost";
       
   299 loadmodule "modules/nickserv/group";
       
   300 loadmodule "modules/nickserv/help";
       
   301 loadmodule "modules/nickserv/hold";
       
   302 loadmodule "modules/nickserv/identify";
       
   303 loadmodule "modules/nickserv/info";
       
   304 #loadmodule "modules/nickserv/info_lastquit";
       
   305 loadmodule "modules/nickserv/list";
       
   306 #loadmodule "modules/nickserv/listlogins";
       
   307 loadmodule "modules/nickserv/listmail";
       
   308 #loadmodule "modules/nickserv/listownmail";
       
   309 #loadmodule "modules/nickserv/login";
       
   310 loadmodule "modules/nickserv/logout";
       
   311 loadmodule "modules/nickserv/mark";
       
   312 #loadmodule "modules/nickserv/pwquality";
       
   313 loadmodule "modules/nickserv/freeze";
       
   314 loadmodule "modules/nickserv/listchans";
       
   315 loadmodule "modules/nickserv/listgroups";
       
   316 loadmodule "modules/nickserv/register";
       
   317 loadmodule "modules/nickserv/regnolimit";
       
   318 loadmodule "modules/nickserv/resetpass";
       
   319 loadmodule "modules/nickserv/restrict";
       
   320 loadmodule "modules/nickserv/return";
       
   321 loadmodule "modules/nickserv/setpass";
       
   322 #loadmodule "modules/nickserv/sendpass";
       
   323 loadmodule "modules/nickserv/sendpass_user";
       
   324 loadmodule "modules/nickserv/set_accountname";
       
   325 loadmodule "modules/nickserv/set_email";
       
   326 loadmodule "modules/nickserv/set_emailmemos";
       
   327 #loadmodule "modules/nickserv/set_enforcetime";
       
   328 loadmodule "modules/nickserv/set_hidemail";
       
   329 loadmodule "modules/nickserv/set_language";
       
   330 loadmodule "modules/nickserv/set_nevergroup";
       
   331 loadmodule "modules/nickserv/set_neverop";
       
   332 loadmodule "modules/nickserv/set_nogreet";
       
   333 loadmodule "modules/nickserv/set_nomemo";
       
   334 loadmodule "modules/nickserv/set_noop";
       
   335 #loadmodule "modules/nickserv/set_nopassword";
       
   336 loadmodule "modules/nickserv/set_password";
       
   337 #loadmodule "modules/nickserv/set_privmsg";
       
   338 #loadmodule "modules/nickserv/set_private";
       
   339 loadmodule "modules/nickserv/set_property";
       
   340 loadmodule "modules/nickserv/set_pubkey";
       
   341 loadmodule "modules/nickserv/set_quietchg";
       
   342 loadmodule "modules/nickserv/status";
       
   343 loadmodule "modules/nickserv/taxonomy";
       
   344 loadmodule "modules/nickserv/vacation";
       
   345 loadmodule "modules/nickserv/verify";
       
   346 loadmodule "modules/nickserv/vhost";
       
   347 #loadmodule "modules/nickserv/waitreg";
       
   348 
       
   349 /* ChanServ modules.
       
   350  *
       
   351  * Here you can disable or enable certain features of ChanServ, by
       
   352  * defining which modules are loaded. You can even disable ChanServ
       
   353  * entirely. Please note that ChanServ requires an authentication
       
   354  * service, either NickServ or UserServ will do.
       
   355  *
       
   356  * Core components                              modules/chanserv/main
       
   357  * ACCESS command (simplified ACL editing)      modules/chanserv/access
       
   358  * AKICK command                                modules/chanserv/akick
       
   359  * BAN/UNBAN commands                           modules/chanserv/ban
       
   360  * UNBAN self only (load ban or this not both)  modules/chanserv/unban_self
       
   361  * BANSEARCH command                            modules/chanserv/bansearch
       
   362  * CLOSE command                                modules/chanserv/close
       
   363  * CLONE command                                modules/chanserv/clone
       
   364  * CLEAR command                                modules/chanserv/clear
       
   365  * CLEAR AKICKS command                         modules/chanserv/clear_akicks
       
   366  * CLEAR BANS command                           modules/chanserv/clear_bans
       
   367  * CLEAR FLAGS command                          modules/chanserv/clear_flags
       
   368  * CLEAR USERS command                          modules/chanserv/clear_users
       
   369  * COUNT command                                modules/chanserv/count
       
   370  * DROP command                                 modules/chanserv/drop
       
   371  * Forced flags changes                         modules/chanserv/fflags
       
   372  * FLAGS command                                modules/chanserv/flags
       
   373  * Forced foundership transfers                 modules/chanserv/ftransfer
       
   374  * GETKEY command                               modules/chanserv/getkey
       
   375  * HALFOP/DEHALFOP commands                     modules/chanserv/halfop
       
   376  * HELP command                                 modules/chanserv/help
       
   377  * Channel expiry override (HOLD command)       modules/chanserv/hold
       
   378  * INFO command                                 modules/chanserv/info
       
   379  * INVITE command                               modules/chanserv/invite
       
   380  * KICK/KICKBAN commands                        modules/chanserv/kick
       
   381  * LIST command                                 modules/chanserv/list
       
   382  * MARK command                                 modules/chanserv/mark
       
   383  * Moderated channel registrations              modules/chanserv/moderate
       
   384  * OP/DEOP commands                             modules/chanserv/op
       
   385  * OWNER/DEOWNER commands                       modules/chanserv/owner
       
   386  * PROTECT/DEPROTECT commands                   modules/chanserv/protect
       
   387  * QUIET command (+q support)                   modules/chanserv/quiet
       
   388  * Channel takeover recovery (RECOVER command)  modules/chanserv/recover
       
   389  * REGISTER command                             modules/chanserv/register
       
   390  * SET EMAIL command                            modules/chanserv/set_email
       
   391  * SET ENTRYMSG command                         modules/chanserv/set_entrymsg
       
   392  * SET FANTASY command                          modules/chanserv/set_fantasy
       
   393  * SET GAMESERV command                         modules/chanserv/set_gameserv
       
   394  * SET GUARD command                            modules/chanserv/set_guard
       
   395  * SET KEEPTOPIC command                        modules/chanserv/set_keeptopic
       
   396  * SET LIMITFLAGS command                       modules/chanserv/set_limitflags
       
   397  * SET MLOCK command                            modules/chanserv/set_mlock
       
   398  * SET PREFIX command                           modules/chanserv/set_prefix
       
   399  * Channel info hiding (SET PRIVATE command)    modules/chanserv/set_private
       
   400  * SET PROPERTY command                         modules/chanserv/set_property
       
   401  * SET PUBACL command                           modules/chanserv/set_pubacl
       
   402  * SET RESTRICTED command                       modules/chanserv/set_restricted
       
   403  * SET SECURE command                           modules/chanserv/set_secure
       
   404  * SET TOPICLOCK command                        modules/chanserv/set_topiclock
       
   405  * SET URL command                              modules/chanserv/set_url
       
   406  * SET VERBOSE command                          modules/chanserv/set_verbose
       
   407  * STATUS command                               modules/chanserv/status
       
   408  * SYNC command (and automatic ACL syncing)     modules/chanserv/sync
       
   409  * Named Successor ACL flag                     modules/chanserv/successor_acl
       
   410  * Channel metadata viewer (TAXONOMY command)   modules/chanserv/taxonomy
       
   411  * TEMPLATE command                             modules/chanserv/template
       
   412  * TOPIC/TOPICAPPEND commands                   modules/chanserv/topic
       
   413  * VOICE/DEVOICE commands                       modules/chanserv/voice
       
   414  * WHY command                                  modules/chanserv/why
       
   415  * VOP/HOP/AOP/SOP commands                     modules/chanserv/xop
       
   416  *  This module provides emulation of the ircservices XOP scheme ONLY.
       
   417  *  Do not report discrepencies when using native commands to edit channel
       
   418  *  ACLs. This is intentional.
       
   419  * Flood protection                             modules/chanserv/antiflood
       
   420  *  This module should be loaded after at least chanserv/quiet if you want
       
   421  *  the autoquiet feature to work.
       
   422  */
       
   423 loadmodule "modules/chanserv/main";
       
   424 loadmodule "modules/chanserv/access";
       
   425 loadmodule "modules/chanserv/akick";
       
   426 loadmodule "modules/chanserv/ban";
       
   427 #loadmodule "modules/chanserv/unban_self";
       
   428 loadmodule "modules/chanserv/bansearch";
       
   429 loadmodule "modules/chanserv/clone";
       
   430 loadmodule "modules/chanserv/close";
       
   431 loadmodule "modules/chanserv/clear";
       
   432 loadmodule "modules/chanserv/clear_akicks";
       
   433 loadmodule "modules/chanserv/clear_bans";
       
   434 loadmodule "modules/chanserv/clear_flags";
       
   435 loadmodule "modules/chanserv/clear_users";
       
   436 loadmodule "modules/chanserv/count";
       
   437 loadmodule "modules/chanserv/drop";
       
   438 #loadmodule "modules/chanserv/fflags";
       
   439 loadmodule "modules/chanserv/flags";
       
   440 loadmodule "modules/chanserv/ftransfer";
       
   441 loadmodule "modules/chanserv/getkey";
       
   442 #loadmodule "modules/chanserv/halfop";
       
   443 loadmodule "modules/chanserv/help";
       
   444 loadmodule "modules/chanserv/hold";
       
   445 loadmodule "modules/chanserv/info";
       
   446 loadmodule "modules/chanserv/invite";
       
   447 loadmodule "modules/chanserv/kick";
       
   448 loadmodule "modules/chanserv/list";
       
   449 loadmodule "modules/chanserv/mark";
       
   450 #loadmodule "modules/chanserv/moderate";
       
   451 loadmodule "modules/chanserv/op";
       
   452 #loadmodule "modules/chanserv/owner";
       
   453 #loadmodule "modules/chanserv/protect";
       
   454 #loadmodule "modules/chanserv/quiet";
       
   455 loadmodule "modules/chanserv/recover";
       
   456 loadmodule "modules/chanserv/register";
       
   457 loadmodule "modules/chanserv/set_email";
       
   458 loadmodule "modules/chanserv/set_entrymsg";
       
   459 loadmodule "modules/chanserv/set_fantasy";
       
   460 #loadmodule "modules/chanserv/set_gameserv";
       
   461 loadmodule "modules/chanserv/set_guard";
       
   462 loadmodule "modules/chanserv/set_keeptopic";
       
   463 #loadmodule "modules/chanserv/set_limitflags";
       
   464 loadmodule "modules/chanserv/set_mlock";
       
   465 loadmodule "modules/chanserv/set_prefix";
       
   466 #loadmodule "modules/chanserv/set_private";
       
   467 loadmodule "modules/chanserv/set_property";
       
   468 #loadmodule "modules/chanserv/set_pubacl";
       
   469 loadmodule "modules/chanserv/set_restricted";
       
   470 loadmodule "modules/chanserv/set_secure";
       
   471 loadmodule "modules/chanserv/set_topiclock";
       
   472 loadmodule "modules/chanserv/set_url";
       
   473 loadmodule "modules/chanserv/set_verbose";
       
   474 loadmodule "modules/chanserv/status";
       
   475 loadmodule "modules/chanserv/sync";
       
   476 #loadmodule "modules/chanserv/successor_acl";
       
   477 loadmodule "modules/chanserv/taxonomy";
       
   478 loadmodule "modules/chanserv/template";
       
   479 loadmodule "modules/chanserv/topic";
       
   480 loadmodule "modules/chanserv/voice";
       
   481 loadmodule "modules/chanserv/why";
       
   482 #loadmodule "modules/chanserv/xop";
       
   483 loadmodule "modules/chanserv/antiflood";
       
   484 
       
   485 /* CHANFIX module.
       
   486  *
       
   487  * Here you can disable or enable certain features of CHANFIX, by
       
   488  * defining which modules are loaded.
       
   489  *
       
   490  * Core components                              modules/chanfix/main
       
   491  */
       
   492 #loadmodule "modules/chanfix/main";
       
   493 
       
   494 /* OperServ modules.
       
   495  *
       
   496  * Here you can disable or enable certain features of OperServ, by
       
   497  * defining which modules are loaded.
       
   498  *
       
   499  * Core components                              modules/operserv/main
       
   500  * AKILL system                                 modules/operserv/akill
       
   501  * CLEARCHAN command                            modules/operserv/clearchan
       
   502  * CLONES system                                modules/operserv/clones
       
   503  * COMPARE command                              modules/operserv/compare
       
   504  * GENHASH command                              modules/operserv/genhash
       
   505  * GREPLOG command                              modules/operserv/greplog
       
   506  * HELP command                                 modules/operserv/help
       
   507  * IGNORE system                                modules/operserv/ignore
       
   508  * IDENTIFY command                             modules/operserv/identify
       
   509  * INFO command                                 modules/operserv/info
       
   510  * INJECT command                               modules/operserv/inject
       
   511  * JUPE command                                 modules/operserv/jupe
       
   512  * MODE command                                 modules/operserv/mode
       
   513  * MODINSPECT command                           modules/operserv/modinspect
       
   514  * MODLIST command                              modules/operserv/modlist
       
   515  * MODLOAD command                              modules/operserv/modload
       
   516  * MODRELOAD command                            modules/operserv/modreload
       
   517  * MODUNLOAD command                            modules/operserv/modunload
       
   518  * NOOP system                                  modules/operserv/noop
       
   519  * Regex mass akill (RAKILL command)            modules/operserv/rakill
       
   520  * RAW command                                  modules/operserv/raw
       
   521  * READONLY command                             modules/operserv/readonly
       
   522  * REHASH command                               modules/operserv/rehash
       
   523  * RESTART command                              modules/operserv/restart
       
   524  * Display regex matching (RMATCH command)      modules/operserv/rmatch
       
   525  * Most common realnames (RNC command)          modules/operserv/rnc
       
   526  * RWATCH system                                modules/operserv/rwatch
       
   527  *
       
   528  * Note that ALL of these SET commands only apply until the next rehash!
       
   529  *
       
   530  * ALL of the below SET commands (deprecated)   modules/operserv/set
       
   531  * SET AKICKTIME subcommand (temporarily)       modules/operserv/set_akicktime
       
   532  * SET CHANEXPIRE subcommand (temporarily)      modules/operserv/set_chanexpire
       
   533  * SET COMMITINTERVAL subcommand (temporarily)  modules/operserv/set_commitinterval
       
   534  * SET ENFORCEPREFIX subcommand (temporarily)   modules/operserv/set_enforceprefix
       
   535  * SET KLINETIME subcommand (temporarily)       modules/operserv/set_klinetime
       
   536  * SET MAXCHANACS subcommand (temporarily)      modules/operserv/set_maxchanacs
       
   537  * SET MAXCHANS subcommand (temporarily)        modules/operserv/set_maxchans
       
   538  * SET MAXFOUNDERS subcommand (temporarily)     modules/operserv/set_maxfounders
       
   539  * SET MAXLOGINS subcommand (temporarily)       modules/operserv/set_maxlogins
       
   540  * SET MAXNICKS subcommand (temporarily)        modules/operserv/set_maxnicks
       
   541  * SET MAXUSERS subcommand (temporarily)        modules/operserv/set_maxusers
       
   542  * SET MDLIMIT subcommand (temporarily)         modules/operserv/set_mdlimit
       
   543  * SET NICKEXPIRE subcommand (temporarily)      modules/operserv/set_nickexpire
       
   544  * SET RECONTIME subcommand (temporarily)       modules/operserv/set_recontime
       
   545  * SET SPAM subcommand (temporarily)            modules/operserv/set_spam
       
   546  *
       
   547  * SGLINE system                                modules/operserv/sgline
       
   548  * SHUTDOWN command                             modules/operserv/shutdown
       
   549  * Non-config oper privileges (SOPER command)   modules/operserv/soper
       
   550  * Oper privilege display (SPECS command)       modules/operserv/specs
       
   551  * SQLINE system                                modules/operserv/sqline
       
   552  * UPDATE command                               modules/operserv/update
       
   553  * UPTIME command                               modules/operserv/uptime
       
   554  */
       
   555 loadmodule "modules/operserv/main";
       
   556 loadmodule "modules/operserv/akill";
       
   557 #loadmodule "modules/operserv/clearchan";
       
   558 #loadmodule "modules/operserv/clones";
       
   559 loadmodule "modules/operserv/compare";
       
   560 #loadmodule "modules/operserv/genhash";
       
   561 #loadmodule "modules/operserv/greplog";
       
   562 loadmodule "modules/operserv/help";
       
   563 loadmodule "modules/operserv/identify";
       
   564 loadmodule "modules/operserv/ignore";
       
   565 loadmodule "modules/operserv/info";
       
   566 loadmodule "modules/operserv/jupe";
       
   567 loadmodule "modules/operserv/mode";
       
   568 loadmodule "modules/operserv/modinspect";
       
   569 loadmodule "modules/operserv/modlist";
       
   570 loadmodule "modules/operserv/modload";
       
   571 loadmodule "modules/operserv/modunload";
       
   572 loadmodule "modules/operserv/modreload";
       
   573 loadmodule "modules/operserv/noop";
       
   574 #loadmodule "modules/operserv/rakill";
       
   575 loadmodule "modules/operserv/readonly";
       
   576 loadmodule "modules/operserv/rehash";
       
   577 loadmodule "modules/operserv/restart";
       
   578 loadmodule "modules/operserv/rmatch";
       
   579 loadmodule "modules/operserv/rnc";
       
   580 loadmodule "modules/operserv/rwatch";
       
   581 loadmodule "modules/operserv/set";
       
   582 loadmodule "modules/operserv/sgline";
       
   583 loadmodule "modules/operserv/shutdown";
       
   584 #loadmodule "modules/operserv/soper";
       
   585 loadmodule "modules/operserv/specs";
       
   586 #loadmodule "modules/operserv/sqline";
       
   587 loadmodule "modules/operserv/update";
       
   588 loadmodule "modules/operserv/uptime";
       
   589 
       
   590 /* MemoServ modules.
       
   591  *
       
   592  * Here you can disable or enable certain features of MemoServ, by
       
   593  * defining which modules are loaded. You can even disable MemoServ
       
   594  * entirely.
       
   595  *
       
   596  * Core components                              modules/memoserv/main
       
   597  * HELP command                                 modules/memoserv/help
       
   598  * SEND command                                 modules/memoserv/send
       
   599  * Channel memos (SENDOPS command)              modules/memoserv/sendops
       
   600  * Group memos (SENDGROUP command)              modules/memoserv/sendgroup
       
   601  * LIST command                                 modules/memoserv/list
       
   602  * READ command                                 modules/memoserv/read
       
   603  * FORWARD command                              modules/memoserv/forward
       
   604  * DELETE command                               modules/memoserv/delete
       
   605  * IGNORE command                               modules/memoserv/ignore
       
   606  */
       
   607 loadmodule "modules/memoserv/main";
       
   608 loadmodule "modules/memoserv/help";
       
   609 loadmodule "modules/memoserv/send";
       
   610 loadmodule "modules/memoserv/sendops";
       
   611 loadmodule "modules/memoserv/sendgroup";
       
   612 loadmodule "modules/memoserv/list";
       
   613 loadmodule "modules/memoserv/read";
       
   614 loadmodule "modules/memoserv/forward";
       
   615 loadmodule "modules/memoserv/delete";
       
   616 loadmodule "modules/memoserv/ignore";
       
   617 
       
   618 /* Global module.
       
   619  *
       
   620  * Like the other services, the Global noticer is a module. You can
       
   621  * disable or enable it to your liking below. Please note that the
       
   622  * Global noticer is dependent on OperServ for full functionality.
       
   623  */
       
   624 loadmodule "modules/global/main";
       
   625 
       
   626 /* InfoServ module.
       
   627  *
       
   628  * Like the other services, InfoServ is a module. You can disable or
       
   629  * enable it to your liking below.
       
   630  */
       
   631 loadmodule "modules/infoserv/main";
       
   632 
       
   633 /* SASL agent module.
       
   634  *
       
   635  * Allows clients to authenticate to services via SASL with an appropriate
       
   636  * ircd. You need the core components and at least one mechanism.
       
   637  *
       
   638  * Core components                      modules/saslserv/main
       
   639  * AUTHCOOKIE mechanism (for IRIS)      modules/saslserv/authcookie
       
   640  * ECDH-X25519-CHALLENGE mechanism      modules/saslserv/ecdh-x25519-challenge
       
   641  * ECDSA-NIST256P-CHALLENGE mechanism   modules/saslserv/ecdsa-nist256p-challenge
       
   642  * EXTERNAL mechanism (IRCv3.1+)        modules/saslserv/external
       
   643  * PLAIN mechanism                      modules/saslserv/plain
       
   644  * SCRAM-SHA-* mechanisms               modules/saslserv/scram
       
   645  *
       
   646  * ECDH-X25519-CHALLENGE support requires that Atheme be compiled against a
       
   647  * cryptographic library that provides X25519 ECDH support (BoringSSL,
       
   648  * LibreSSL, ARM mbedTLS, Nettle, Sodium). This will be checked while running
       
   649  * ./configure.
       
   650  *
       
   651  * ECDSA-NIST256P-CHALLENGE support requires that Atheme be compiled against
       
   652  * an OpenSSL with ECDSA support (not RHEL etc. unless you compile your own).
       
   653  * This will be checked while running ./configure.
       
   654  *
       
   655  * You MUST read doc/SASL-SCRAM before loading modules/saslserv/scram!
       
   656  */
       
   657 loadmodule "modules/saslserv/main";
       
   658 loadmodule "modules/saslserv/authcookie";
       
   659 #loadmodule "modules/saslserv/ecdh-x25519-challenge";
       
   660 #loadmodule "modules/saslserv/ecdsa-nist256p-challenge";
       
   661 #loadmodule "modules/saslserv/external";
       
   662 loadmodule "modules/saslserv/plain";
       
   663 #loadmodule "modules/saslserv/scram";   /* READ doc/SASL-SCRAM FIRST! */
       
   664 
       
   665 /* GameServ modules.
       
   666  *
       
   667  * Here you can disable or enable certain features of GameServ, by
       
   668  * defining which modules are loaded. You can even disable GameServ
       
   669  * entirely.
       
   670  *
       
   671  * Core components                              modules/gameserv/main
       
   672  * DICE/WOD commands                            modules/gameserv/dice
       
   673  * EIGHTBALL command                            modules/gameserv/eightball
       
   674  * Game-specific dice calculators               modules/gameserv/gamecalc
       
   675  * HELP commands                                modules/gameserv/help
       
   676  * LOTTERY command                              modules/gameserv/lottery
       
   677  * NAMEGEN command                              modules/gameserv/namegen
       
   678  * RPS command                                  modules/gameserv/rps
       
   679  */
       
   680 #loadmodule "modules/gameserv/main";
       
   681 #loadmodule "modules/gameserv/dice";
       
   682 #loadmodule "modules/gameserv/eightball";
       
   683 #loadmodule "modules/gameserv/gamecalc";
       
   684 #loadmodule "modules/gameserv/help";
       
   685 #loadmodule "modules/gameserv/lottery";
       
   686 #loadmodule "modules/gameserv/namegen";
       
   687 #loadmodule "modules/gameserv/rps";
       
   688 
       
   689 /* RPGServ modules.
       
   690  *
       
   691  * Here you can disable or enable certain features of RPGServ, by
       
   692  * defining which modules are loaded. You can even disable RPGServ
       
   693  * entirely.
       
   694  *
       
   695  * Core components                              modules/rpgserv/main
       
   696  * ENABLE/DISABLE commands                      modules/rpgserv/enable
       
   697  * HELP command                                 modules/rpgserv/help
       
   698  * INFO command                                 modules/rpgserv/info
       
   699  * LIST command                                 modules/rpgserv/list
       
   700  * SEARCH command                               modules/rpgserv/search
       
   701  * SET commands                                 modules/rpgserv/set
       
   702  */
       
   703 #loadmodule "modules/rpgserv/main";
       
   704 #loadmodule "modules/rpgserv/enable";
       
   705 #loadmodule "modules/rpgserv/help";
       
   706 #loadmodule "modules/rpgserv/info";
       
   707 #loadmodule "modules/rpgserv/list";
       
   708 #loadmodule "modules/rpgserv/search";
       
   709 #loadmodule "modules/rpgserv/set";
       
   710 
       
   711 /* BotServ modules.
       
   712  *
       
   713  * Here you can disable or enable certain features of BotServ, by
       
   714  * defining which modules are loaded. You can even disable BotServ
       
   715  * entirely.
       
   716  *
       
   717  * Core components                              modules/botserv/main
       
   718  * HELP command                                 modules/botserv/help
       
   719  * INFO command                                 modules/botserv/info
       
   720  * NPC commands (SAY, ACT)                      modules/botserv/bottalk
       
   721  * SET FANTASY command                          modules/botserv/set_fantasy
       
   722  * SET NOBOT command                            modules/botserv/set_nobot
       
   723  * SET PRIVATE command                          modules/botserv/set_private
       
   724  * SET SAYCALLER command                        modules/botserv/set_saycaller
       
   725  */
       
   726 #loadmodule "modules/botserv/main";
       
   727 #loadmodule "modules/botserv/help";
       
   728 #loadmodule "modules/botserv/info";
       
   729 #loadmodule "modules/botserv/bottalk";
       
   730 #loadmodule "modules/botserv/set_fantasy";
       
   731 #loadmodule "modules/botserv/set_nobot";
       
   732 #loadmodule "modules/botserv/set_private";
       
   733 #loadmodule "modules/botserv/set_saycaller";
       
   734 
       
   735 /* HostServ modules.
       
   736  *
       
   737  * Here you can disable or enable certain features of HostServ, by
       
   738  * defining which modules are loaded. You can even disable HostServ
       
   739  * entirely.
       
   740  *
       
   741  * HostServ is a more complex, and optional virtual host management service.
       
   742  * Users wishing only to set vhosts need not use it (they can use the builtin
       
   743  * vhost management of NickServ instead).
       
   744  *
       
   745  * Core components                              modules/hostserv/main
       
   746  * HELP command                                 modules/hostserv/help
       
   747  * OFFER system                                 modules/hostserv/offer
       
   748  * ON and OFF commands                          modules/hostserv/onoff
       
   749  * REQUEST system                               modules/hostserv/request
       
   750  * VHOST and LISTVHOST commands                 modules/hostserv/vhost
       
   751  * VHOSTNICK command                            modules/hostserv/vhostnick
       
   752  * GROUP command                                modules/hostserv/group
       
   753  * DROP command                                 modules/hostserv/drop
       
   754  */
       
   755 #loadmodule "modules/hostserv/main";
       
   756 #loadmodule "modules/hostserv/help";
       
   757 #loadmodule "modules/hostserv/onoff";
       
   758 #loadmodule "modules/hostserv/offer";
       
   759 #loadmodule "modules/hostserv/request";
       
   760 #loadmodule "modules/hostserv/vhost";
       
   761 #loadmodule "modules/hostserv/vhostnick";
       
   762 #loadmodule "modules/hostserv/group";
       
   763 #loadmodule "modules/hostserv/drop";
       
   764 
       
   765 /* HelpServ modules.
       
   766  * HelpServ allows users to request help from network staff in a few different ways.
       
   767  *
       
   768  * Core components                              modules/helpserv/main
       
   769  * HELPME command                               modules/helpserv/helpme
       
   770  * Help Ticket system                           modules/helpserv/ticket
       
   771  * Service List                                 modules/helpserv/services
       
   772  *
       
   773  * The ticket system works like a bugtracker ot helpdesk ticket system, HELPME
       
   774  * works like a one-time alert. You should probably only load one of the two systems.
       
   775  */
       
   776 #loadmodule "modules/helpserv/main";
       
   777 #loadmodule "modules/helpserv/helpme";
       
   778 #loadmodule "modules/helpserv/ticket";
       
   779 #loadmodule "modules/helpserv/services";
       
   780 
       
   781 /* Channel listing service.
       
   782  *
       
   783  * Allows users to list channels with more flexibility than the /list
       
   784  * command.
       
   785  *
       
   786  * Core components                              modules/alis/main
       
   787  */
       
   788 #loadmodule "modules/alis/main";
       
   789 
       
   790 /* StatServ module.
       
   791  * StatServ provides basic statistics and split tracking.
       
   792  *
       
   793  * Core components                              modules/statserv/main
       
   794  * CHANNEL command                              modules/statserv/channel
       
   795  * NETSPLIT command                             modules/statserv/netsplit
       
   796  * SERVER command                               modules/statserv/server
       
   797  */
       
   798 loadmodule "modules/statserv/main";
       
   799 #loadmodule "modules/statserv/channel";
       
   800 loadmodule "modules/statserv/netsplit";
       
   801 loadmodule "modules/statserv/server";
       
   802 
       
   803 /* GroupServ module.
       
   804  * GroupServ allows users to create groups to easily mass-manage channel
       
   805  * access and more.
       
   806  *
       
   807  * Core components                              modules/groupserv/main
       
   808  * ACSNOLIMIT command                           modules/groupserv/acsnolimit
       
   809  * DROP command                                 modules/groupserv/drop
       
   810  * FFLAGS command                               modules/groupserv/fflags
       
   811  * FLAGS command                                modules/groupserv/flags
       
   812  * HELP command                                 modules/groupserv/help
       
   813  * INFO command                                 modules/groupserv/info
       
   814  * JOIN command                                 modules/groupserv/join
       
   815  * LIST command                                 modules/groupserv/list
       
   816  * LISTCHANS command                            modules/groupserv/listchans
       
   817  * REGISTER command                             modules/groupserv/register
       
   818  * REGNOLIMIT command                           modules/groupserv/regnolimit
       
   819  * INVITE command                               modules/groupserv/invite
       
   820  * SET command                                  modules/groupserv/set
       
   821  * SET CHANNEL command                          modules/groupserv/set_channel
       
   822  * SET DESCRIPTION command                      modules/groupserv/set_description
       
   823  * SET EMAIL command                            modules/groupserv/set_email
       
   824  * SET GROUPNAME command                        modules/groupserv/set_groupname
       
   825  * SET JOINFLAGS command                        modules/groupserv/set_joinflags
       
   826  * SET OPEN command                             modules/groupserv/set_open
       
   827  * SET PUBLIC command                           modules/groupserv/set_public
       
   828  * SET URL command                              modules/groupserv/set_url
       
   829  *
       
   830  */
       
   831 loadmodule "modules/groupserv/main";
       
   832 loadmodule "modules/groupserv/acsnolimit";
       
   833 loadmodule "modules/groupserv/drop";
       
   834 loadmodule "modules/groupserv/fflags";
       
   835 loadmodule "modules/groupserv/flags";
       
   836 loadmodule "modules/groupserv/help";
       
   837 loadmodule "modules/groupserv/info";
       
   838 loadmodule "modules/groupserv/join";
       
   839 loadmodule "modules/groupserv/list";
       
   840 loadmodule "modules/groupserv/listchans";
       
   841 loadmodule "modules/groupserv/register";
       
   842 loadmodule "modules/groupserv/regnolimit";
       
   843 #loadmodule "modules/groupserv/invite";
       
   844 loadmodule "modules/groupserv/set";
       
   845 loadmodule "modules/groupserv/set_channel";
       
   846 loadmodule "modules/groupserv/set_description";
       
   847 loadmodule "modules/groupserv/set_email";
       
   848 loadmodule "modules/groupserv/set_groupname";
       
   849 loadmodule "modules/groupserv/set_joinflags";
       
   850 loadmodule "modules/groupserv/set_open";
       
   851 loadmodule "modules/groupserv/set_public";
       
   852 loadmodule "modules/groupserv/set_url";
       
   853 
       
   854 /*
       
   855  * Various modules.
       
   856  *
       
   857  * Atheme includes an optional HTTP server that can be used for integration
       
   858  * with portal software and other useful things. To enable it, load this
       
   859  * module, and uncomment the httpd { } block towards the bottom of the config.
       
   860  *
       
   861  * HTTP Server                                  modules/misc/httpd
       
   862  */
       
   863 #loadmodule "modules/misc/httpd";
       
   864 
       
   865 /* XMLRPC server module.
       
   866  *
       
   867  * The XML-RPC handler requires modules/misc/httpd to be loaded as it merely
       
   868  * registers a path handler for XML-RPC. The path used for XML-RPC is /xmlrpc.
       
   869  *
       
   870  * XMLRPC handler for the httpd                 modules/transport/xmlrpc
       
   871  */
       
   872 #loadmodule "modules/transport/xmlrpc";
       
   873 
       
   874 /* Extended target entity types. [EXPERIMENTAL]
       
   875  *
       
   876  * Atheme can set up special target mapping entities which match multiple
       
   877  * users in channel access entries.  These target mapping entity types are
       
   878  * defined through the 'exttarget' modules listed below.
       
   879  *
       
   880  * Exttarget handling core                      modules/exttarget/main
       
   881  * $oper exttarget match type                   modules/exttarget/oper
       
   882  * $registered exttarget match type             modules/exttarget/registered
       
   883  * $channel exttarget match type                modules/exttarget/channel
       
   884  * $chanacs exttarget match type                modules/exttarget/chanacs
       
   885  * $server exttarget match type                 modules/exttarget/server
       
   886  */
       
   887 #loadmodule "modules/exttarget/main";
       
   888 #loadmodule "modules/exttarget/oper";
       
   889 #loadmodule "modules/exttarget/registered";
       
   890 #loadmodule "modules/exttarget/channel";
       
   891 #loadmodule "modules/exttarget/chanacs";
       
   892 #loadmodule "modules/exttarget/server";
       
   893 
       
   894 /* Proxyscan (DNSBL) modules.
       
   895  *
       
   896  * Atheme can also check set DNS Blacklists for matches and respond
       
   897  * as set.  Activate modules here and customize further down under Proxyscan
       
   898  * section.
       
   899  */
       
   900 #loadmodule "modules/proxyscan/main";
       
   901 #loadmodule "modules/proxyscan/dnsbl";
       
   902 
       
   903 /* Other modules.
       
   904  *
       
   905  * Put any other modules you want to load on startup here. The path
       
   906  * is relative to PREFIX or PREFIX/lib/atheme, depending on how Atheme
       
   907  * was compiled.
       
   908  */
       
   909 #loadmodule "modules/contrib/backtrace";
       
   910 
       
   911 /******************************************************************************
       
   912  * SERVICES RUNTIME CONFIGURATION SECTION.                                    *
       
   913  ******************************************************************************/
       
   914 
       
   915 /*
       
   916  * This block controls the configuration options for crypto modules.
       
   917  *
       
   918  * It is recommended to either leave the values at their defaults, or
       
   919  * experiment with them so that it takes approximately 0.2-0.4 seconds
       
   920  * for users to identify. Services blocks while the password is being
       
   921  * encrypted or verified, so don't set these too large, or people can
       
   922  * hang services by trying many password attempts at once.
       
   923  *
       
   924  * A benchmark program for the Argon2, scrypt & PBKDF2 crypto code is
       
   925  * available to assist with tuning these parameters:
       
   926  *
       
   927  *     - ./configure --prefix=foo ...
       
   928  *     - make
       
   929  *     - make install
       
   930  *     - ${foo}/bin/atheme-crypto-benchmark -o
       
   931  *
       
   932  * If you wish to deploy SASL SCRAM support, please read 'doc/SASL-SCRAM' and
       
   933  * pass the '-i' flag to the included cryptographic benchmarking utility too.
       
   934  *
       
   935  * If you are using the PBKDF2 module, its performance will be significantly
       
   936  * affected by your choice of cryptographic digest library. This software can
       
   937  * currently interface with 3 libraries; in decreasing order of performance:
       
   938  *
       
   939  *     - OpenSSL (libcrypto)
       
   940  *     - GnuPG (libgcrypt)
       
   941  *     - ARM mbedTLS (libmbedcrypto)
       
   942  *
       
   943  * If you have one of these libraries available at configure-time, the PBKDF2
       
   944  * module will perform significantly better, allowing you to raise its
       
   945  * iteration count without affecting the computation time. This is indicated
       
   946  * by the output of the configure script; "Digest Frontend". The benchmark
       
   947  * program will also inform you what cryptographic digest library it is using,
       
   948  * if any.
       
   949  *
       
   950  *
       
   951  *
       
   952  * If you are migrating from crypto/argon2d (v7.2) to crypto/argon2, and you
       
   953  * wish to use the same parameters as the older module's defaults, configure
       
   954  * it like so:
       
   955  *
       
   956  *     crypto {
       
   957  *         argon2_type = "argon2d";
       
   958  *         argon2_memcost = 14;
       
   959  *         argon2_timecost = 32;
       
   960  *         argon2_threads = 1;
       
   961  *         argon2_saltlen = 32;
       
   962  *         argon2_hashlen = 64;
       
   963  *     };
       
   964  *
       
   965  *
       
   966  *
       
   967  * If you are migrating from crypto/pbkdf2 (v7.2) to crypto/pbkdf2v2, and you
       
   968  * wish to use the same parameters as the older module, configure it like so:
       
   969  *
       
   970  *     crypto {
       
   971  *         pbkdf2v2_digest = "SHA512";
       
   972  *         pbkdf2v2_rounds = 128000;
       
   973  *     };
       
   974  *
       
   975  * Note that this will still result in passwords being re-encrypted with the
       
   976  * newer module (as the older module successfully verifies them); another new
       
   977  * PBKDF2 computation with a new salt will occur, but this is still no worse
       
   978  * than an invocation of NickServ's "SET PASSWORD" command. You will still
       
   979  * need to keep the old module in your loadmodule configuration above, as the
       
   980  * new module cannot verify digests produced by the old one.
       
   981  *
       
   982  * If you wish to deploy SASL SCRAM support, please read 'doc/SASL-SCRAM'.
       
   983  * Its advice regarding parameter choice takes precedence over this!
       
   984  */
       
   985 crypto {
       
   986 
       
   987         /* (*) argon2_type
       
   988          *
       
   989          * The algorithm type to use for new passwords.
       
   990          *
       
   991          * Argon2d is suitable for use on a dedicated machine that has
       
   992          * limited access. It provides the most resistance to GPU and ASIC
       
   993          * cracking attacks, but its operation is data-dependent; that is,
       
   994          * during its operation, keying material derived from the password
       
   995          * itself is indirectly affecting the execution choices made by the
       
   996          * algorithm. This creates a side-channel that can leak information
       
   997          * about the password to other software running on the same physical
       
   998          * machine.
       
   999          *
       
  1000          * Argon2i avoids this by being data-independent. The order of memory
       
  1001          * accesses, conditional execution, etc. does not depend on the
       
  1002          * password, or any material derived from the password, so no side-
       
  1003          * channel that can reveal any information about the password is
       
  1004          * created. However, this means that it is easier to bruteforce by a
       
  1005          * password cracker, which does not have to account for execution
       
  1006          * differences in its implementation. This is the most suitable
       
  1007          * choice for running on a virtual machine that is co-located with
       
  1008          * other, untrusted, virtual machines, or on a dedicated machine that
       
  1009          * runs other, untrusted, software, or has untrusted user access.
       
  1010          *
       
  1011          * Argon2id is a blend of both, limiting the exploitability of any
       
  1012          * side-channels while retaining excellent resistance to GPU and ASIC
       
  1013          * cracking. This is suitable for all but the most sensitive of
       
  1014          * deployments.
       
  1015          *
       
  1016          * All algorithm types perform about equally as well as each other;
       
  1017          * changing this will not significantly affect the computation time.
       
  1018          *
       
  1019          * The "argon2id" type requires a more recent libargon2 library. This
       
  1020          * is indicated in your ./configure output ("checking if libargon2
       
  1021          * algorithm type Argon2id appears to be usable...").
       
  1022          *
       
  1023          * Valid values are "argon2d", "argon2i", and "argon2id"
       
  1024          * The default is "argon2id"; unless unsupported, then "argon2d".
       
  1025          */
       
  1026         #argon2_type = "argon2id";
       
  1027 
       
  1028         /* (*) argon2_memcost
       
  1029          *
       
  1030          * Memory cost (as a power of 2, in KiB) to use for new passwords.
       
  1031          *
       
  1032          * You should set this as high as is reasonable for the machine you
       
  1033          * will be running this software on. If this results in too slow a
       
  1034          * computation time, reset the time cost below to its minimum value.
       
  1035          * If it is still too slow, decrement this value (halving the memory
       
  1036          * usage) until it is fast enough. Alternatively, if it is still too
       
  1037          * fast after setting this to its highest reasonable value, raise the
       
  1038          * time cost below until it is not. A benchmark program is available
       
  1039          * alongside this software to aid in this process.
       
  1040          *
       
  1041          * WARNING: Do *NOT* set this to more than 20 (1 GiB RAM) on a 32-bit
       
  1042          *          machine or a 32-bit Operating System!
       
  1043          *
       
  1044          * Valid values are 3 (8 KiB RAM) to 30 (1 TiB RAM) (inclusive)
       
  1045          * The default is 16 (64 MiB RAM)
       
  1046          */
       
  1047         #argon2_memcost = 16;
       
  1048 
       
  1049         /* (*) argon2_timecost
       
  1050          *
       
  1051          * Time cost (iterations over the memory pool).
       
  1052          *
       
  1053          * Valid values are 3 to 1,048,576 (inclusive)
       
  1054          * The default is 3
       
  1055          */
       
  1056         #argon2_timecost = 3;
       
  1057 
       
  1058         /* (*) argon2_threads
       
  1059          *
       
  1060          * Number of processor threads to use for new passwords.
       
  1061          *
       
  1062          * If you want to increase the amount of computation effort required,
       
  1063          * while not increasing the real ("wall clock") time required, raise
       
  1064          * this setting to its maximum reasonable value for the machine you
       
  1065          * will be running this software on.
       
  1066          *
       
  1067          * This software is not multi-threaded, so only one password will be
       
  1068          * verified at a time. Therefore, you do NOT need to divide this by
       
  1069          * the expected maximum number of simultaneous logins.
       
  1070          *
       
  1071          * It is pointless to set this higher than the number of hardware
       
  1072          * processing threads you have; increase the time cost above instead
       
  1073          * if you want to make it arbitrarily slower. Diminishing returns are
       
  1074          * to be expected once you exceed the number of hardware processing
       
  1075          * /cores/ you have; hyperthreading does NOT provide much (if any) of
       
  1076          * a boost for this workload.
       
  1077          *
       
  1078          * Increasing this value will *decrease* the real time required, so
       
  1079          * you may have to subsequently increase the time cost above again to
       
  1080          * make it "just slow enough" once more. A benchmark program is
       
  1081          * available alongside this software to aid in this process.
       
  1082          *
       
  1083          * WARNING: The (size of the) memory pool configured above is split
       
  1084          * between the threads, which can result in too small a memory area
       
  1085          * per-thread if many threads are used. If you set this value, it is
       
  1086          * HIGHLY RECOMMENDED that you run the included benchmarking program
       
  1087          * with the same configuration options, to confirm that it works!
       
  1088          *
       
  1089          * WARNING: This feature is experimental. Some of the code in this
       
  1090          * software is not thread-safe, and although every effort has been
       
  1091          * made to ensure that this feature will not interfere with the
       
  1092          * operation of this software, this cannot be guaranteed.
       
  1093          *
       
  1094          * Valid values are 1 to 255 (inclusive)
       
  1095          * The default is 1 (do not use any computation parallelism)
       
  1096          */
       
  1097         #argon2_threads = 1;
       
  1098 
       
  1099         /* (*) argon2_saltlen
       
  1100          *
       
  1101          * Salt length (in bytes) to use for new passwords. You should only
       
  1102          * change this if absolutely necessary; for example, to interoperate
       
  1103          * with other software. Its value doesn't significantly affect the
       
  1104          * computation time.
       
  1105          *
       
  1106          * Valid values are 4 to 48 (inclusive)
       
  1107          * The default is 16
       
  1108          */
       
  1109         #argon2_saltlen = 16;
       
  1110 
       
  1111         /* (*) argon2_hashlen
       
  1112          *
       
  1113          * Digest length (in bytes) to use for new passwords. You should only
       
  1114          * change this if absolutely necessary; for example, to interoperate
       
  1115          * with other software. Its value doesn't significantly affect the
       
  1116          * computation time.
       
  1117          *
       
  1118          * Valid values are 16 to 128 (inclusive)
       
  1119          * The default is 64
       
  1120          */
       
  1121         #argon2_hashlen = 64;
       
  1122 
       
  1123         /* (*) scrypt_memlimit
       
  1124          *
       
  1125          * Memory limit (as a power of 2, in KiB) to use for new passwords.
       
  1126          *
       
  1127          * You should set this as high as is reasonable for the machine you
       
  1128          * will be running this software on. If this results in too slow a
       
  1129          * computation time, reset the opslimit below to its default value.
       
  1130          * If it is still too slow, decrement this value (halving the memory
       
  1131          * usage) until it is fast enough. Alternatively, if it is still too
       
  1132          * fast after setting this to its highest reasonable value, raise the
       
  1133          * opslimit below until it is not. A benchmark program is available
       
  1134          * alongside this software to aid in this process.
       
  1135          *
       
  1136          * WARNING: Do *NOT* set this to more than 20 (1 GiB RAM) on a 32-bit
       
  1137          *          machine or a 32-bit Operating System!
       
  1138          *
       
  1139          * Valid values are 14 (16 MiB RAM) to 26 (64 GiB RAM) (inclusive)
       
  1140          * The default is 14 (16 MiB RAM)
       
  1141          */
       
  1142         #scrypt_memlimit = 14;
       
  1143 
       
  1144         /* (*) scrypt_opslimit
       
  1145          *
       
  1146          * Amount of computation to perform for new passwords.
       
  1147          *
       
  1148          * The default value for this option is based on the default value of
       
  1149          * the above option. The recommended value is (memlimit_bytes / 32).
       
  1150          *
       
  1151          * Valid values are 32,768 to 4,294,967,295 (inclusive)
       
  1152          * The default is 524,288
       
  1153          */
       
  1154         #scrypt_opslimit = 524288;
       
  1155 
       
  1156         /* (*) pbkdf2v2_digest
       
  1157          *
       
  1158          * Cryptographic digest algorithm to use (in HMAC mode).
       
  1159          *
       
  1160          * Valid values are "SHA1", "SHA2-256", and "SHA2-512".
       
  1161          * Additionally, the following aliases exist, for compatibility:
       
  1162          *
       
  1163          *   "SHA-1"   -> SHA1
       
  1164          *   "SHA256"  -> SHA2-256
       
  1165          *   "SHA512"  -> SHA2-512
       
  1166          *   "SHA-256" -> SHA2-256
       
  1167          *   "SHA-512" -> SHA2-512
       
  1168          *
       
  1169          * Finally, you can prefix this value with "SCRAM-" to enable the
       
  1170          * computation and storage of an RFC5802/SCRAM ServerKey & StoredKey,
       
  1171          * instead of a raw PBKDF2 digest (SaltedPassword). Verification of
       
  1172          * plaintext passwords against these digests can still be performed
       
  1173          * (for e.g. NickServ IDENTIFY or SASL PLAIN), by computing a new
       
  1174          * SCRAM ServerKey from the provided password and comparing it to the
       
  1175          * stored ServerKey, so setting this to a SCRAM mode does NOT prevent
       
  1176          * non-SCRAM logins. For these variants, please read doc/SASL-SCRAM.
       
  1177          *
       
  1178          * The default is "SHA2-512"
       
  1179          */
       
  1180         #pbkdf2v2_digest = "SHA2-512";
       
  1181 
       
  1182         /* (*) pbkdf2v2_rounds
       
  1183          *
       
  1184          * This is the PBKDF2 "iteration count". You should raise this as high
       
  1185          * as is reasonable for the machine you will be running services on.
       
  1186          * However, note that if you are going to deploy SASL SCRAM support,
       
  1187          * the *client*, NOT services, performs the PBKDF2 calculation during
       
  1188          * login, so keep in mind that many mobile clients will not perform as
       
  1189          * well as a server, and reduce the iteration count accordingly. Also,
       
  1190          * some clients will refuse to perform a login at all if this is set
       
  1191          * too high. A benchmark program is included alongside this software to
       
  1192          * aid in tuning this parameter.
       
  1193          *
       
  1194          * Valid values are 10,000 to 5,000,000 (inclusive)
       
  1195          * The default is 64,000
       
  1196          */
       
  1197         #pbkdf2v2_rounds = 64000;
       
  1198 
       
  1199         /* (*) pbkdf2v2_saltlen
       
  1200          * You should only change this if you *really* know what you're doing
       
  1201          * Valid values are 8 to 64 (inclusive)
       
  1202          * The default is 32
       
  1203          */
       
  1204         #pbkdf2v2_saltlen = 32;
       
  1205 
       
  1206         /* (*) bcrypt_cost
       
  1207          *
       
  1208          * Amount of rounds to perform for new passwords (as a power of 2).
       
  1209          * You should raise this as high as is reasonable. A benchmark
       
  1210          * program is available alongside this software to aid in this
       
  1211          * process.
       
  1212          *
       
  1213          * Valid values are 4 to 31 (inclusive)
       
  1214          * The default is 7
       
  1215          */
       
  1216         #bcrypt_cost = 7;
       
  1217 
       
  1218         /* (*) crypt3_sha2_256_rounds
       
  1219          * (*) crypt3_sha2_512_rounds
       
  1220          *
       
  1221          * Use of this option is restricted to certain C libraries!
       
  1222          * At present, only GNU libc6 ("glibc") v2.7+ is known to work.
       
  1223          *
       
  1224          * Valid values are 5,000 to 1,000,000 (inclusive)
       
  1225          * The default is 5,000
       
  1226          */
       
  1227         #crypt3_sha2_256_rounds = 5000;
       
  1228         #crypt3_sha2_512_rounds = 5000;
       
  1229 };
       
  1230 
       
  1231 /* The serverinfo{} block defines how we appear on the IRC network. */
       
  1232 serverinfo {
       
  1233         /* name
       
  1234          * The server name that this program uses on the IRC network.
       
  1235          * This is the name you'll have to use in C:/N:Lines. It must be
       
  1236          * unique on the IRC network and contain at least one dot, but does
       
  1237          * not have to be equal to any DNS name.
       
  1238          */
       
  1239         name = "{{atheme_server_host}}";
       
  1240 
       
  1241         /* desc
       
  1242          * The ``server comment'' we send to the IRC network.
       
  1243          */
       
  1244         desc = "Atheme IRC Services";
       
  1245 
       
  1246         /* numeric
       
  1247          * Some protocol drivers (Charybdis, Ratbox2, P10, IRCNet)
       
  1248          * require a server id, also known as a numeric. Please consult your
       
  1249          * ircd's documentation when providing this value.
       
  1250          */
       
  1251         numeric = "00A";
       
  1252 
       
  1253         /* (*)recontime
       
  1254          * The number of seconds before we reconnect to the uplink.
       
  1255          */
       
  1256         recontime = 10;
       
  1257 
       
  1258         /* (*)netname
       
  1259          * The name of your network.
       
  1260          */
       
  1261         netname = "{{atheme_server_host}}";
       
  1262 
       
  1263         /* (*)hidehostsuffix
       
  1264          * P10 +x host hiding gives <account>.<hidehostsuffix>.
       
  1265          * If using +x on asuka, this must agree
       
  1266          * with F:HIDDEN_HOST.
       
  1267          */
       
  1268         hidehostsuffix = "users.misconfigured";
       
  1269 
       
  1270         /* (*)adminname
       
  1271          * The name of the person running this service.
       
  1272          */
       
  1273         adminname = "{{atheme_admin_name}}";
       
  1274 
       
  1275         /* (*)adminemail
       
  1276          * The email address of the person running this service.
       
  1277          */
       
  1278         adminemail = "{{atheme_admin_email}}";
       
  1279 
       
  1280         /* (*)registeremail
       
  1281          * The email address that messages should be originated from.
       
  1282          * If this is not set, then "noreply.$adminemail" will be used.
       
  1283          */
       
  1284         registeremail = "{{atheme_admin_email}}";
       
  1285 
       
  1286         /* (*)hidden
       
  1287          * If this is enabled, Atheme will indicate to the uplink IRCd
       
  1288          * that it should not be included in /links output.  This only works
       
  1289          * on the following IRCds at present: charybdis, ircd-seven, ratbox.
       
  1290          */
       
  1291         #hidden;
       
  1292 
       
  1293         /* (*)mta
       
  1294          * The full path to your mail transfer agent.
       
  1295          * This is used for email authorization and password retrieval.
       
  1296          * Comment this out to disable sending email.
       
  1297          * Warning: sending email can disclose the IP of your services
       
  1298          * unless you take precautions (not discussed here further).
       
  1299          */
       
  1300         mta = "/usr/sbin/sendmail";
       
  1301 
       
  1302         /* (*)loglevel
       
  1303          * Specify the default categories of logging information to record
       
  1304          * in the master Atheme logfile, usually var/atheme.log.
       
  1305          *
       
  1306          * Options include:
       
  1307          *      debug, all      - meta-keyword for all possible categories
       
  1308          *      trace           - meta-keyword for a little bit of info
       
  1309          *      misc            - like trace, but with some more miscellaneous info
       
  1310          *      notice          - meta-keyword for notice-like information
       
  1311          * ------------------------------------------------------------------------------
       
  1312          *      error           - critical errors
       
  1313          *      info            - miscillaneous log notices
       
  1314          *      verbose         - A bit more verbose than info, not quite as spammy as debug
       
  1315          *      commands        - all command use
       
  1316          *      admin           - administrative command use
       
  1317          *      register        - account and channel registrations
       
  1318          *      set             - changes of account or channel settings
       
  1319          *      request         - user requests (currently only vhosts)
       
  1320          *      network         - log notices related to network status
       
  1321          *      rawdata         - log raw data sent and received by services
       
  1322          *      wallops         - <not yet used>
       
  1323          */
       
  1324         loglevel = { error; info; admin; network; wallops; };
       
  1325 
       
  1326         /* (*)maxlogins
       
  1327          * What is the maximum number of sessions allowed to login to one
       
  1328          * username? This reduces potential abuse. It is only checked on login.
       
  1329          */
       
  1330         maxlogins = 5;
       
  1331 
       
  1332         /* (*)maxusers
       
  1333          * What are the maximum usernames that one email address can register?
       
  1334          * Set to 0 to disable this check (it can be slow currently).
       
  1335          */
       
  1336         maxusers = 5;
       
  1337 
       
  1338         /* (*)mdlimit
       
  1339          * How many metadata entries can be added to an object?
       
  1340          */
       
  1341         mdlimit = 30;
       
  1342 
       
  1343         /* (*)emaillimit, emailtime
       
  1344          * The maximum number of emails allowed to be sent in
       
  1345          * that amount of time (seconds). If this is exceeded,
       
  1346          * wallops will be sent, at most one per minute.
       
  1347          */
       
  1348         emaillimit = 10;
       
  1349         emailtime = 300;
       
  1350 
       
  1351         /* (*)auth
       
  1352          * What type of username registration authorization do you want?
       
  1353          * If "email", Atheme will send a confirmation email to the address to
       
  1354          * ensure it's valid. If registration is not completed within one day,
       
  1355          * the username will expire. If "none", no message will be sent and
       
  1356          * the username will be fully registered.
       
  1357          * Valid values are: email, none.
       
  1358          */
       
  1359         auth = none;
       
  1360 
       
  1361         /* casemapping
       
  1362          * Specify the casemapping to use. Almost all TSora (and any that follow
       
  1363          * the RFC correctly) ircds will use rfc1459 casemapping. Bahamut, Unreal,
       
  1364          * and other ``Dalnet'' ircds will use ascii casemapping.
       
  1365          * Valid values are: rfc1459, ascii.
       
  1366          */
       
  1367         casemapping = rfc1459;
       
  1368 };
       
  1369 
       
  1370 /* uplink{} blocks define connections to IRC servers.
       
  1371  * Multiple may be defined but only one will be used at a time (IRC
       
  1372  * being a tree shaped network). Atheme does not currently link over SSL.
       
  1373  * To link Atheme over ssl, please connect Atheme to a local ircd and have that
       
  1374  * connect to your network over SSL.
       
  1375  */
       
  1376 uplink "{{atheme_upstream_server}}" {
       
  1377         // The server name of the ircd you're linking to goes above.
       
  1378 
       
  1379         // host
       
  1380         // The hostname to connect to.
       
  1381         host = "127.0.0.1";
       
  1382 
       
  1383         // vhost
       
  1384         // The source IP to connect from, used on machines with multiple interfaces.
       
  1385         #vhost = "192.0.2.5";
       
  1386 
       
  1387         // send_password
       
  1388         // The password sent for linking.
       
  1389         send_password = "{{atheme_server_pass}}";
       
  1390 
       
  1391         // receive_password
       
  1392         // The password received for linking.
       
  1393         receive_password = "{{atheme_server_pass}}";
       
  1394 
       
  1395         // port
       
  1396         // The port to connect to.
       
  1397         port = 6667;
       
  1398 };
       
  1399 
       
  1400 /* this is an example for using an IPv6 address as an uplink */
       
  1401 /* uplink "irc6.example.net" {
       
  1402         host = "::1";
       
  1403 
       
  1404         // password
       
  1405         // If you want to have same send_password and accept_password, you
       
  1406         // can specify both using 'password' instead of individually.
       
  1407         password = "linkage";
       
  1408 
       
  1409         port = 6667;
       
  1410 };
       
  1411 */
       
  1412 
       
  1413 /* Services configuration.
       
  1414  *
       
  1415  * Each of these blocks can contain a nick, user, host, real and aliases.
       
  1416  * Several of them also have options specific to the service.
       
  1417  */
       
  1418 
       
  1419 /* NickServ configuration.
       
  1420  *
       
  1421  * The nickserv {} block contains settings specific to the NickServ modules.
       
  1422  *
       
  1423  * NickServ provides nickname or username registration and authentication
       
  1424  * services. It provides necessary authentication features required for
       
  1425  * Services to operate correctly. You should make sure these settings
       
  1426  * are properly configured for your network.
       
  1427  */
       
  1428 nickserv {
       
  1429         /* (*)spam
       
  1430          * Have NickServ tell people about how great it and ChanServ are.
       
  1431          */
       
  1432         spam;
       
  1433 
       
  1434         /* no_nick_ownership
       
  1435          * Enable this to disable nickname ownership (old userserv{}).
       
  1436          * This changes changes "nickname" to "account" in most messages,
       
  1437          * disables GHOST on users not logged in to the same account and
       
  1438          * makes the spam directive ineffective.
       
  1439          * It is suggested that the nick be set to UserServ, login.so
       
  1440          * be loaded instead of identify.so and ghost.so not be loaded.
       
  1441          */
       
  1442         #no_nick_ownership;
       
  1443 
       
  1444         /* (*)nick
       
  1445          * The nickname we want NickServ to have.
       
  1446          */
       
  1447         nick = "NickServ";
       
  1448 
       
  1449         /* (*)user
       
  1450          * The username we want NickServ to have.
       
  1451          */
       
  1452         user = "NickServ";
       
  1453 
       
  1454         /* (*)host
       
  1455          * The hostname we want NickServ to have.
       
  1456          */
       
  1457         host = "{{atheme_server_host}}";
       
  1458 
       
  1459         /* (*)real
       
  1460          * The realname (gecos) information we want NickServ to have.
       
  1461          */
       
  1462         real = "Nickname Services";
       
  1463 
       
  1464         /* (*)aliases
       
  1465          * Command aliases for NickServ.
       
  1466          */
       
  1467         aliases {
       
  1468                 "ID" = "IDENTIFY";
       
  1469                 "MYACCESS" = "LISTCHANS";
       
  1470         };
       
  1471 
       
  1472         /* (*)access
       
  1473          * This block allows you to modify the access level required to run
       
  1474          * commands. The list of possible accesses are listed in the operclass
       
  1475          * section later in this .conf . Note that you can only set the access
       
  1476          * on an actual command, not an alias.
       
  1477          */
       
  1478         access {
       
  1479         };
       
  1480 
       
  1481         /* (*)maxnicks
       
  1482          * If GROUP is loaded, what are the maximum nicknames that one
       
  1483          * username can register?
       
  1484          */
       
  1485         maxnicks = 5;
       
  1486 
       
  1487         /* (*)expire
       
  1488          * The number of days before inactive registrations are expired.
       
  1489          */
       
  1490         expire = 30;
       
  1491 
       
  1492         /* (*)enforce_expire
       
  1493          * The number of days of no use after which to ignore enforcement
       
  1494          * settings on nicks.
       
  1495          */
       
  1496         #enforce_expire = 14;
       
  1497 
       
  1498         /* (*)enforce_delay
       
  1499          * The number of seconds to delay nickchange enforcement settings
       
  1500          * on nicks.
       
  1501          */
       
  1502         #enforce_delay = 30;
       
  1503 
       
  1504         /* (*)enforce_prefix
       
  1505          * The prefix to use when changing the user's nick on enforcement
       
  1506          */
       
  1507         #enforce_prefix = "Guest";
       
  1508 
       
  1509         /* (*)waitreg_time
       
  1510          * The amount of time (in seconds) users have to wait between
       
  1511          * connecting to the network, and being able to register a services
       
  1512          * account. Minimum value 0 (disables the enforced delay), default
       
  1513          * value 0, maximum value 43200 (12 hours). Requires the
       
  1514          * "modules/nickserv/waitreg" module to be loaded to do anything.
       
  1515          */
       
  1516         #waitreg_time = 0;
       
  1517 
       
  1518         /* (*)cracklib_dict
       
  1519          * The location and filename prefix of the cracklib dictionaries
       
  1520          * for use with nickserv/pwquality. This must be provided if you are
       
  1521          * going to be using nickserv/pwquality with cracklib support enabled.
       
  1522          */
       
  1523         #cracklib_dict = "/var/cache/cracklib/cracklib_dict";
       
  1524 
       
  1525         /* (*)passwdqc_*
       
  1526          * Please see the passwdqc.conf(5) documentation for an explanation
       
  1527          * of these values. Affects modules/nickserv/pwquality if passwdqc
       
  1528          * support is enabled. Default values given below.
       
  1529          */
       
  1530         #passwdqc_max = 288;     /* (8 <= value <= 288) */
       
  1531         #passwdqc_min_n0 = 20;   /* (0 <= value <= passwdqc_max) */
       
  1532         #passwdqc_min_n1 = 16;   /* (0 <= value <= passwdqc_min_n0) */
       
  1533         #passwdqc_min_n2 = 16;   /* (0 <= value <= passwdqc_min_n1) */
       
  1534         #passwdqc_min_n3 = 12;   /* (0 <= value <= passwdqc_min_n2) */
       
  1535         #passwdqc_min_n4 = 8;    /* (0 <= value <= passwdqc_min_n3) */
       
  1536         #passwdqc_words = 4;     /* (2 <= value <= 8) */
       
  1537 
       
  1538         /* (*)pwquality_warn_only
       
  1539          * If this option is set and nickserv/pwquality is loaded, nickserv will just
       
  1540          * warn users that their password is insecure, recommend they change it and
       
  1541          * still register the nick. If this option is unset, it will refuse to
       
  1542          * register the nick at all until the user chooses a better password.
       
  1543          */
       
  1544         #pwquality_warn_only;
       
  1545 
       
  1546         /* (*)show_custom_metadata
       
  1547          * Setting this option to false will prevent user-set metadata (via SET PROPERTY)
       
  1548          * from showing up in the INFO output. The TAXONOMY command will still function
       
  1549          * as usual, and INFO will point this out if users have metadata set.
       
  1550          */
       
  1551         show_custom_metadata;
       
  1552 
       
  1553         /* (*)emailexempts
       
  1554          * A list of email addresses that will be exempt from the check of how many
       
  1555          * accounts one user may have. Any email address in this block may register
       
  1556          * an unlimited number of accounts/usernames.
       
  1557          */
       
  1558         emailexempts {
       
  1559         };
       
  1560 
       
  1561         /*
       
  1562          * (*)shorthelp
       
  1563          *
       
  1564          * A list of commands that are displayed (with their full description) in the
       
  1565          * output of `/msg NickServ HELP'. Commands not in this list will be listed, but
       
  1566          * not with their descriptions. All commands with descriptions are still listed
       
  1567          * in `/msg NickServ HELP COMMANDS' regardless of the value set here.
       
  1568          *
       
  1569          * Optional; defaults to "ACCESS CERT DROP GHOST GROUP IDENTIFY INFO LISTCHANS
       
  1570          * LISTGROUPS LISTLOGINS LISTOWNMAIL LOGOUT REGAIN REGISTER RELEASE SENDPASS SET
       
  1571          * UNGROUP".
       
  1572          *
       
  1573          * A command in this list will only be printed if the corresponding module is
       
  1574          * loaded and the user has permission to use it. Set to an empty string to
       
  1575          * disable listing command descriptions in `/msg NickServ HELP'.
       
  1576          */
       
  1577         #shorthelp = "";
       
  1578 };
       
  1579 
       
  1580 /* ChanServ configuration.
       
  1581  *
       
  1582  * The chanserv {} block contains settings specific to the ChanServ modules.
       
  1583  *
       
  1584  * ChanServ provides channel registration services, which allows users to own
       
  1585  * channels. It is not required, but is strongly recommended.
       
  1586  */
       
  1587 chanserv {
       
  1588         /* (*)nick
       
  1589          * The nickname we want the client to have.
       
  1590          */
       
  1591         nick = "ChanServ";
       
  1592 
       
  1593         /* (*)user
       
  1594          * The username we want the client to have.
       
  1595          */
       
  1596         user = "ChanServ";
       
  1597 
       
  1598         /* (*)host
       
  1599          * The hostname we want the client to have.
       
  1600          */
       
  1601         host = "{{atheme_server_host}}";
       
  1602 
       
  1603         /* (*)real
       
  1604          * The GECOS of the client.
       
  1605          */
       
  1606         real = "Channel Services";
       
  1607 
       
  1608         /* reggroup
       
  1609          * The group that will receive Memos about
       
  1610          * channel Registration requests when
       
  1611          * chanserv/moderate is loaded.
       
  1612          */
       
  1613         #reggroup = "!Services-Team";
       
  1614 
       
  1615         /* (*)aliases
       
  1616          * Command aliases for ChanServ.
       
  1617          */
       
  1618         aliases {
       
  1619         };
       
  1620 
       
  1621         /* (*)access
       
  1622          * Command access changes for ChanServ.
       
  1623          */
       
  1624         access {
       
  1625         };
       
  1626 
       
  1627         /* (*)maxchans
       
  1628          * What are the maximum channels that one username can register?
       
  1629          */
       
  1630         maxchans = 5;
       
  1631 
       
  1632         /* fantasy
       
  1633          * Do you want to enable fantasy commands? This can
       
  1634          * use a lot of CPU up, and will only work if you have
       
  1635          * join_chans (in general) enabled as well.
       
  1636          */
       
  1637         fantasy;
       
  1638 
       
  1639         /* (*) hide_xop
       
  1640          * Hide the XOP templates from sight.  This is useful if you
       
  1641          * want to use templates and not have the XOP templates displayed.
       
  1642          */
       
  1643         #hide_xop;
       
  1644 
       
  1645         /* (*) templates
       
  1646          * Defines what flags the global templates comprise.
       
  1647          *
       
  1648          * For the special XOP templates:
       
  1649          * These should all be different and not equal to the empty set,
       
  1650          * except that hop may be equal to vop to disable hop.
       
  1651          * Each subsequent level should have more flags (except +VHO).
       
  1652          * For optimal functioning of /cs forcexop, aop should not have
       
  1653          * any of +sRf, hop should not have any of +sRfoOr and vop should
       
  1654          * not have any of +sRfoOrhHt.
       
  1655          * If this is not specified, the values of Atheme 0.3 are used,
       
  1656          * which are generally less intuitive than these.
       
  1657          * Note: changing these leaves the flags of existing channel access
       
  1658          * entries unchanged, thus removing them of the view of /cs xop list.
       
  1659          * Usually the channel founder can use /cs forcexop to update the
       
  1660          * entries to the new levels.
       
  1661          *
       
  1662          * Advice:
       
  1663          * If you want to add a co-founder role, remove the flags permission
       
  1664          * from the SOP role, and define a co-founder role with flags
       
  1665          * permissions.
       
  1666          */
       
  1667         templates {
       
  1668                 vop = "+AV";
       
  1669                 hop = "+AHehitrv";
       
  1670                 aop = "+AOehiortv";
       
  1671                 sop = "+AOaefhiorstv";
       
  1672 
       
  1673                 founder = "+AFORaefhioqrstv";
       
  1674 
       
  1675                 /* some examples (which are commented out...) */
       
  1676                 #member = "+Ai";
       
  1677                 #op = "+AOiortv";
       
  1678         };
       
  1679 
       
  1680         /* (*) deftemplates
       
  1681          * Defines default templates to set on new channels, as a
       
  1682          * space-separated list of name=+flags pairs.
       
  1683          * Note: at this time no syntax checking is done on this; it
       
  1684          * is your own responsibility to make sure it is correct.
       
  1685          */
       
  1686         #deftemplates = "MEMBER=+Ai OP=+AOiortv";
       
  1687 
       
  1688         /* (*) changets
       
  1689          * Change the channel TS to the registration time when someone
       
  1690          * recreates a registered channel, ensuring that they are deopped
       
  1691          * and all their modes are undone. Note that this involves ChanServ
       
  1692          * joining. When the channel was not recreated no deops will be done
       
  1693          * (apart from the SECURE option).
       
  1694          * This also solves the "join-mode" problem where someone recreates
       
  1695          * a registered channel and then sets some modes before they are
       
  1696          * deopped.
       
  1697          * This is currently supported for charybdis, ratbox, bahamut,
       
  1698          * and inspircd 1.1+. For charybdis and ratbox it only fully
       
  1699          * works with TS6, with TS5 bans and last-moment modes will
       
  1700          * still apply.
       
  1701          * (That can also be used to advantage, when first enabling this.)
       
  1702          */
       
  1703         #changets;
       
  1704 
       
  1705         /* (*) trigger
       
  1706          * This setting allows you to change the trigger prefix for
       
  1707          * ChanServ's in-channel command feature (disableable via chanserv::fantasy).
       
  1708          * If no setting is provided, the default is used, which is "!".
       
  1709          *
       
  1710          * Other settings you could consider trying: ".", "~", "?", "`", "'".
       
  1711          */
       
  1712         trigger = "!";
       
  1713 
       
  1714         /* (*)expire
       
  1715          * The number of days before inactive registrations are expired.
       
  1716          */
       
  1717         expire = 30;
       
  1718 
       
  1719         /* (*)maxchanacs
       
  1720          * The maximum number of entries allowed in a channel's access list
       
  1721          * (both channel ops and akicks), 0 for unlimited.
       
  1722          */
       
  1723         maxchanacs = 0;
       
  1724 
       
  1725         /* (*)maxfounders
       
  1726          * The maximum number of founders allowed in a channel.
       
  1727          * Note that all founders have the exact same privileges and
       
  1728          * the list of founders is shown in various places.
       
  1729          */
       
  1730         maxfounders = 4;
       
  1731 
       
  1732         /* (*)founder_flags
       
  1733          * The flags a user will get when they register a new channel.
       
  1734          * This MUST include at least 'F' or it will be ignored.
       
  1735          * If it is not set, Atheme will give the user all channel flags.
       
  1736          */
       
  1737         #founder_flags = "AFORefiorstv";
       
  1738 
       
  1739         /* (*)akick_time
       
  1740          * The default expiration time (in minutes) for AKICKs.
       
  1741          * Comment this option out or set to zero for permanent AKICKs
       
  1742          * by default (the old behaviour).
       
  1743          */
       
  1744         #akick_time = 10;
       
  1745 
       
  1746         /* (*)antiflood_enforce_method
       
  1747          * The enforcement method to use for flood protection by default.
       
  1748          * This may be overridden by channel staff.
       
  1749          * Available options are: quiet, kickban and akill.
       
  1750          */
       
  1751         antiflood_enforce_method = quiet;
       
  1752 
       
  1753         /* (*)show_custom_metadata
       
  1754          * Setting this option to false will prevent user-set metadata (via SET PROPERTY)
       
  1755          * from showing up in the INFO output. The TAXONOMY command will still function
       
  1756          * as usual, and INFO will point this out if channels have metadata set.
       
  1757          */
       
  1758         show_custom_metadata;
       
  1759 
       
  1760         /*
       
  1761          * (*)shorthelp
       
  1762          *
       
  1763          * A list of commands that are displayed (with their full description) in the
       
  1764          * output of `/msg ChanServ HELP'. Commands not in this list will be listed, but
       
  1765          * not with their descriptions. All commands with descriptions are still listed
       
  1766          * in `/msg ChanServ HELP COMMANDS' regardless of the value set here.
       
  1767          *
       
  1768          * Optional; defaults to "AKICK BAN CLEAR DEOP DEVOICE DROP FLAGS GETKEY INFO
       
  1769          * INVITE KICK KICKBAN OP QUIET REGISTER SET TOPIC UNBAN UNQUIET VOICE WHY".
       
  1770          *
       
  1771          * A command in this list will only be printed if the corresponding module is
       
  1772          * loaded and the user has permission to use it. Set to an empty string to
       
  1773          * disable listing command descriptions in `/msg ChanServ HELP'.
       
  1774          */
       
  1775         #shorthelp = "";
       
  1776 };
       
  1777 
       
  1778 /* CHANFIX configuration.
       
  1779  *
       
  1780  * The chanfix {} block contains settings specific to the CHANFIX modules.
       
  1781  *
       
  1782  * CHANFIX provides channel recovery services without registration, which
       
  1783  * allows users to maintain control of channels even if ChanServ is not used
       
  1784  * to register them.
       
  1785  */
       
  1786 chanfix {
       
  1787         /* (*)nick
       
  1788          * The nickname we want the client to have.
       
  1789          */
       
  1790         nick = "ChanFix";
       
  1791 
       
  1792         /* (*)user
       
  1793          * The username we want the client to have.
       
  1794          */
       
  1795         user = "ChanFix";
       
  1796 
       
  1797         /* (*)host
       
  1798          * The hostname we want the client to have.
       
  1799          */
       
  1800         host = "{{atheme_server_host}}";
       
  1801 
       
  1802         /* (*)real
       
  1803          * The GECOS of the client.
       
  1804          */
       
  1805         real = "Channel Fixing Service";
       
  1806 
       
  1807         /* (*)autofix
       
  1808          * Automatically fix channels if they become opless and meet fixing
       
  1809          * criteria.
       
  1810          */
       
  1811         autofix;
       
  1812 };
       
  1813 
       
  1814 /* Global noticing configuration.
       
  1815  *
       
  1816  * The global {} block contains settings specific to the Global notice module.
       
  1817  *
       
  1818  * The Global notice module provides the ability to mass-notify a network.
       
  1819  */
       
  1820 global {
       
  1821         /* (*)nick
       
  1822          * Sets the nick used for sending out a global notice.
       
  1823          */
       
  1824         nick = "Global";
       
  1825 
       
  1826         /* (*)user
       
  1827          * Sets the username used for this client.
       
  1828          */
       
  1829         user = "Global";
       
  1830 
       
  1831         /* (*)host
       
  1832          * The hostname used for this client.
       
  1833          */
       
  1834         host = "{{atheme_server_host}}";
       
  1835 
       
  1836         /* (*)real
       
  1837          * The GECOS (real name) of the client.
       
  1838          */
       
  1839         real = "Network Announcements";
       
  1840 };
       
  1841 
       
  1842 /* InfoServ configuration
       
  1843  *
       
  1844  * The infoserv {} block contains settings specific to the InfoServ module.
       
  1845  *
       
  1846  * The InfoServ modules provides the ability to mass-notify a network and send
       
  1847  * news to users when they connect to the network.
       
  1848  */
       
  1849 infoserv {
       
  1850         /* (*)nick
       
  1851          * Sets the nick used for InfoServ and sending out informational messages.
       
  1852          */
       
  1853         nick = "InfoServ";
       
  1854 
       
  1855         /* (*)user
       
  1856          * Sets the username used for this client.
       
  1857          */
       
  1858         user = "InfoServ";
       
  1859 
       
  1860         /* (*)host
       
  1861          * The hostname used for this client,
       
  1862          */
       
  1863         host = "{{atheme_server_host}}";
       
  1864 
       
  1865         /* (*)real
       
  1866          * The GECOS (real name) of the client.
       
  1867          */
       
  1868         real = "Information Service";
       
  1869 
       
  1870         /* (*)logoninfo_count
       
  1871          * The number of InfoServ messages a user will see upon connect.
       
  1872          * If there are more than this number, the user will be able to
       
  1873          * see the rest with /msg infoserv list .
       
  1874          */
       
  1875         logoninfo_count = 3;
       
  1876 };
       
  1877 
       
  1878 /* OperServ configuration.
       
  1879  *
       
  1880  * The operserv {} block contains settings specific to the OperServ modules.
       
  1881  *
       
  1882  * OperServ provides essential network management tools for IRC operators
       
  1883  * on the IRC network.
       
  1884  */
       
  1885 operserv {
       
  1886         /* (*)nick
       
  1887          * The nickname we want the Operator Service to have.
       
  1888          */
       
  1889         nick = "OperServ";
       
  1890 
       
  1891         /* (*)user
       
  1892          * Sets the username used for this client.
       
  1893          */
       
  1894         user = "OperServ";
       
  1895 
       
  1896         /* (*)host
       
  1897          * The hostname used for this client.
       
  1898          */
       
  1899         host = "{{atheme_server_host}}";
       
  1900 
       
  1901         /* (*)real
       
  1902          * The GECOS (real name) of the client.
       
  1903          */
       
  1904         real = "Operator Services";
       
  1905 
       
  1906         /* (*)aliases
       
  1907          * Command aliases for OperServ.
       
  1908          */
       
  1909         aliases {
       
  1910         };
       
  1911 
       
  1912         /* (*)access
       
  1913          * Command access changes for OperServ.
       
  1914          */
       
  1915         access {
       
  1916         };
       
  1917 };
       
  1918 
       
  1919 /* SaslServ configuration.
       
  1920  *
       
  1921  * The saslserv {} block contains settings specific to the SaslServ modules.
       
  1922  *
       
  1923  * SaslServ provides an authentication agent which is compatible with the
       
  1924  * SASL over IRC (SASL/IRC) protocol extension.
       
  1925  */
       
  1926 saslserv {
       
  1927         /* (*)nick
       
  1928          * The nickname we want SaslServ to have.
       
  1929          */
       
  1930         nick = "SaslServ";
       
  1931 
       
  1932         /* (*)user
       
  1933          * The username we want SaslServ to have.
       
  1934          */
       
  1935         user = "SaslServ";
       
  1936 
       
  1937         /* (*)host
       
  1938          * The hostname we want SaslServ to have.
       
  1939          */
       
  1940         host = "{{atheme_server_host}}";
       
  1941 
       
  1942         /* (*)real
       
  1943          * The realname (gecos) information we want SaslServ to have.
       
  1944          */
       
  1945         real = "SASL Authentication Agent";
       
  1946 
       
  1947         /* (*)hide_server_names
       
  1948          * Hide server names in the bad_password message.
       
  1949          */
       
  1950         #hide_server_names;
       
  1951 };
       
  1952 
       
  1953 /* MemoServ configuration.
       
  1954  *
       
  1955  * The memoserv {} block contains settings specific to the MemoServ modules.
       
  1956  *
       
  1957  * MemoServ provides a note-taking service that you can use to send notes
       
  1958  * to offline users (provided they are registered with Services).
       
  1959  */
       
  1960 memoserv {
       
  1961         /* (*)nick
       
  1962          * The nickname we want MemoServ to have.
       
  1963          */
       
  1964         nick = "MemoServ";
       
  1965 
       
  1966         /* (*)user
       
  1967          * The username we want MemoServ to have.
       
  1968          */
       
  1969         user = "MemoServ";
       
  1970 
       
  1971         /* (*)host
       
  1972          * The hostname we want MemoServ to have.
       
  1973          */
       
  1974         host = "{{atheme_server_host}}";
       
  1975 
       
  1976         /* (*)real
       
  1977          * The realname (gecos) information we want MemoServ to have.
       
  1978          */
       
  1979         real = "Memo Services";
       
  1980 
       
  1981         /* (*)aliases
       
  1982          * Command aliases for MemoServ.
       
  1983          */
       
  1984         aliases {
       
  1985         };
       
  1986 
       
  1987         /* (*)access
       
  1988          * Command access changes for MemoServ.
       
  1989          */
       
  1990         access {
       
  1991         };
       
  1992 
       
  1993         /* (*)maxmemos
       
  1994          * What is the maximum amount of memos a user can have in their inbox?
       
  1995          */
       
  1996         maxmemos = 30;
       
  1997 };
       
  1998 
       
  1999 /* GameServ configuration.
       
  2000  *
       
  2001  * The gameserv {} block contains settings specific to the GameServ modules.
       
  2002  *
       
  2003  * GameServ provides various in-channel commands for games.
       
  2004  */
       
  2005 gameserv {
       
  2006         /* (*)nick
       
  2007          * The nickname we want GameServ to have.
       
  2008          */
       
  2009         nick = "GameServ";
       
  2010 
       
  2011         /* (*)user
       
  2012          * Sets the username used for this client.
       
  2013          */
       
  2014         user = "GameServ";
       
  2015 
       
  2016         /* (*)host
       
  2017          * The hostname used for this client.
       
  2018          */
       
  2019         host = "{{atheme_server_host}}";
       
  2020 
       
  2021         /* (*)real
       
  2022          * The GECOS (real name) of the client.
       
  2023          */
       
  2024         real = "Game Services";
       
  2025 
       
  2026         /* (*)aliases
       
  2027          * Command aliases for GameServ.
       
  2028          */
       
  2029         aliases {
       
  2030         };
       
  2031 
       
  2032         /* (*)access
       
  2033          * Command access changes for GameServ.
       
  2034          */
       
  2035         access {
       
  2036         };
       
  2037 };
       
  2038 
       
  2039 /* RPGServ configuration.
       
  2040  *
       
  2041  * The rpgserv {} block contains settings specific to the RPGServ modules.
       
  2042  *
       
  2043  * RPGServ provides a facility for finding roleplaying channels.
       
  2044  */
       
  2045 rpgserv {
       
  2046         /* (*)nick
       
  2047          * The nickname we want RPGServ to have.
       
  2048          */
       
  2049         nick = "RPGServ";
       
  2050 
       
  2051         /* (*)user
       
  2052          * Sets the username used for this client.
       
  2053          */
       
  2054         user = "RPGServ";
       
  2055 
       
  2056         /* (*)host
       
  2057          * The hostname used for this client.
       
  2058          */
       
  2059         host = "{{atheme_server_host}}";
       
  2060 
       
  2061         /* (*)real
       
  2062          * The GECOS (real name) of the client.
       
  2063          */
       
  2064         real = "RPG Finding Services";
       
  2065 
       
  2066         /* (*)aliases
       
  2067          * Command aliases for RPGServ.
       
  2068          */
       
  2069         aliases {
       
  2070         };
       
  2071 
       
  2072         /* (*)access
       
  2073          * Command access changes for RPGServ.
       
  2074          */
       
  2075         access {
       
  2076         };
       
  2077 };
       
  2078 
       
  2079 /* BotServ configuration.
       
  2080  *
       
  2081  * The botserv {} block contains settings specific to the BotServ modules.
       
  2082  *
       
  2083  * BotServ provides virtual channel bots.
       
  2084  */
       
  2085 botserv {
       
  2086         /* (*)nick
       
  2087          * The nickname we want BotServ to have.
       
  2088          */
       
  2089         nick = "BotServ";
       
  2090 
       
  2091         /* (*)user
       
  2092          * Sets the username used for this client.
       
  2093          */
       
  2094         user = "BotServ";
       
  2095 
       
  2096         /* (*)host
       
  2097          * The hostname used for this client.
       
  2098          */
       
  2099         host = "{{atheme_server_host}}";
       
  2100 
       
  2101         /* (*)real
       
  2102          * The GECOS (real name) of the client.
       
  2103          */
       
  2104         real = "Bot Services";
       
  2105 
       
  2106         /* (*)min_users
       
  2107          * Minimum number of users a channel must have before a Bot is allowed
       
  2108          * to be assigned to that channel.
       
  2109          */
       
  2110         min_users = 0;
       
  2111 };
       
  2112 
       
  2113 /* GroupServ configuration.
       
  2114  *
       
  2115  * The groupserv {} block contains settings specific to the GroupServ modules.
       
  2116  *
       
  2117  * GroupServ provides features for managing a collection of channels at once.
       
  2118  *
       
  2119  */
       
  2120 groupserv {
       
  2121         /* (*)nick
       
  2122          * The nickname we want GroupServ to have.
       
  2123          */
       
  2124         nick = "GroupServ";
       
  2125 
       
  2126         /* (*)user
       
  2127          * The username we want GroupServ to have.
       
  2128          */
       
  2129         user = "GroupServ";
       
  2130 
       
  2131         /* (*)host
       
  2132          * The hostname we want GroupServ to have.
       
  2133          */
       
  2134         host = "{{atheme_server_host}}";
       
  2135 
       
  2136         /* (*)real
       
  2137          * The realname (gecos) information we want GroupServ to have.
       
  2138          */
       
  2139         real = "Group Management Services";
       
  2140 
       
  2141         /* (*)aliases
       
  2142          * Command aliases for GroupServ.
       
  2143          */
       
  2144         aliases {
       
  2145         };
       
  2146 
       
  2147         /* (*)access
       
  2148          * Command access changes for GroupServ.
       
  2149          */
       
  2150         access {
       
  2151         };
       
  2152 
       
  2153         /* (*)maxgroups
       
  2154          * Maximum number of groups one username can be founder of.
       
  2155          */
       
  2156         maxgroups = 5;
       
  2157 
       
  2158         /* (*)maxgroupacs
       
  2159          * Maximum number of access entries you may have in a group.
       
  2160          */
       
  2161         maxgroupacs = 100;
       
  2162 
       
  2163         /* (*)enable_open_groups
       
  2164          * Setting this option will allow any group founder to mark
       
  2165          * their group as "anyone can join".
       
  2166          */
       
  2167         enable_open_groups;
       
  2168 
       
  2169         /* (*)join_flags
       
  2170          * This is the GroupServ flagset that users who JOIN a open
       
  2171          * group will get upon join. Please check the groupserv/flags
       
  2172          * helpfile before changing this option. Valid flagsets (for
       
  2173          * example) would be: "+v" or "+cv". It is not valid to use
       
  2174          * minus flags (such as "-v") here.
       
  2175          */
       
  2176         join_flags = "+";
       
  2177 };
       
  2178 
       
  2179 /* HostServ configuration.
       
  2180  *
       
  2181  * The hostserv {} block contains settings specific to the HostServ modules.
       
  2182  *
       
  2183  * HostServ provides advanced virtual host management.
       
  2184  */
       
  2185 hostserv {
       
  2186         /* (*)nick
       
  2187          * The nickname we want HostServ to have.
       
  2188          */
       
  2189         nick = "HostServ";
       
  2190 
       
  2191         /* (*)user
       
  2192          * Sets the username used for this client.
       
  2193          */
       
  2194         user = "HostServ";
       
  2195 
       
  2196         /* (*)host
       
  2197          * The hostname used for this client.
       
  2198          */
       
  2199         host = "{{atheme_server_host}}";
       
  2200 
       
  2201         /* (*)real
       
  2202          * The GECOS (real name) of the client.
       
  2203          */
       
  2204         real = "Host Management Services";
       
  2205 
       
  2206         /* reggroup
       
  2207          * The group that will receive Memos about
       
  2208          * vHost requests.
       
  2209          */
       
  2210         #reggroup = "!Services-Team";
       
  2211 
       
  2212         /* (*)request_per_nick
       
  2213          * Whether the request system should work per nick or per account.
       
  2214          * The recommended setting is to leave this disabled, so that
       
  2215          * vhosts work as consistently as possible.
       
  2216          */
       
  2217         #request_per_nick;
       
  2218 
       
  2219         /* (*)aliases
       
  2220          * Command aliases for HostServ.
       
  2221          */
       
  2222         aliases {
       
  2223                 "APPROVE" = "ACTIVATE";
       
  2224                 "DENY" = "REJECT";
       
  2225         };
       
  2226 
       
  2227         /* (*)access
       
  2228          * Command access changes for HostServ.
       
  2229          */
       
  2230         access {
       
  2231         };
       
  2232 };
       
  2233 
       
  2234 /* HelpServ configuration
       
  2235  *
       
  2236  * The helpserv {} block contains settings specific to the HelpServ modules.
       
  2237  *
       
  2238  * HelpServ adds a few different ways for users to request help from network staff.
       
  2239  */
       
  2240 helpserv {
       
  2241         /* (*)nick
       
  2242          * The nickname we want HelpServ to have.
       
  2243          */
       
  2244         nick = "HelpServ";
       
  2245 
       
  2246         /* (*)user
       
  2247          * The username we want HelpServ to have.
       
  2248          */
       
  2249         user = "HelpServ";
       
  2250 
       
  2251         /* (*)host
       
  2252          * The hostname we want HelpServ to have.
       
  2253          */
       
  2254         host = "{{atheme_server_host}}";
       
  2255 
       
  2256         /* (*)real
       
  2257          * The realname (gecos) information we want HelpServ to have.
       
  2258          */
       
  2259         real = "Help Services";
       
  2260 };
       
  2261 
       
  2262 /* StatServ configuration
       
  2263  *
       
  2264  * The statserv {} block contains settings specific to the StatServ modules.
       
  2265  *
       
  2266  * StatServ adds basic stats and split tracking.
       
  2267  */
       
  2268 statserv {
       
  2269         /* (*)nick
       
  2270          * The nickname we want StatServ to have.
       
  2271          */
       
  2272         nick = "StatServ";
       
  2273 
       
  2274         /* (*)user
       
  2275          * The username we want StatServ to have.
       
  2276          */
       
  2277         user = "StatServ";
       
  2278 
       
  2279         /* (*)host
       
  2280          * The hostname we want StatServ to have.
       
  2281          */
       
  2282         host = "{{atheme_server_host}}";
       
  2283 
       
  2284         /* (*)real
       
  2285          * The realname (gecos) information we want StatServ to have.
       
  2286          */
       
  2287         real = "Statistics Services";
       
  2288 };
       
  2289 
       
  2290 /* ALIS configuration.
       
  2291  *
       
  2292  * The alis {} block contains settings specific to the ALIS modules.
       
  2293  */
       
  2294 alis {
       
  2295         /* (*)nick
       
  2296          * The nickname we want ALIS to have.
       
  2297          */
       
  2298         nick = "ALIS";
       
  2299 
       
  2300         /* (*)user
       
  2301          * The username we want ALIS to have.
       
  2302          */
       
  2303         user = "alis";
       
  2304 
       
  2305         /* (*)host
       
  2306          * The hostname we want ALIS to have.
       
  2307          */
       
  2308         host = "{{atheme_server_host}}";
       
  2309 
       
  2310         /* (*)real
       
  2311          * The realname (gecos) information we want ALIS to have.
       
  2312          */
       
  2313         real = "Channel Directory";
       
  2314 
       
  2315         /* (*)maxmatches
       
  2316          * The default maximum number of channels returned in a query.
       
  2317          * Privilege (chan:auspex) is required to ask for more.
       
  2318          * Minimum 8, default 64, maximum 128.
       
  2319          */
       
  2320         #maxmatches = 64;
       
  2321 };
       
  2322 
       
  2323 /* HTTP server configuration.
       
  2324  *
       
  2325  * The httpd {} block contains settings specific to the HTTP server module.
       
  2326  *
       
  2327  * The HTTP server in Services is used for serving XMLRPC requests. It can
       
  2328  * also serve static documents and statistics pages.
       
  2329  */
       
  2330 httpd {
       
  2331         /* host
       
  2332          * The host that the HTTP server will listen on.
       
  2333          * Use 0.0.0.0 if you want to listen on all available hosts.
       
  2334          */
       
  2335         host = "0.0.0.0";
       
  2336 
       
  2337         /* host (ipv6)
       
  2338          * If you want, you can have Atheme listen on an IPv6 host too.
       
  2339          * Use :: if you want to listen on all available IPv6 hosts.
       
  2340          */
       
  2341         #host = "::";
       
  2342 
       
  2343         /* www_root
       
  2344          * The directory that contains the files that should be served by the httpd.
       
  2345          */
       
  2346         www_root = "/var/www";
       
  2347 
       
  2348         /* port
       
  2349          * The port that the HTTP server will listen on.
       
  2350          */
       
  2351         port = 8080;
       
  2352 };
       
  2353 
       
  2354 /* LDAP configuration.
       
  2355  *
       
  2356  * The ldap {} block contains settings specific to the LDAP authentication
       
  2357  * module.
       
  2358  */
       
  2359 ldap {
       
  2360         /* (*)url
       
  2361          * LDAP URL of the server to use.
       
  2362          */
       
  2363         url = "ldap://127.0.0.1";
       
  2364 
       
  2365         /* (*)dnformat
       
  2366          * Format string to convert an account name to an LDAP DN.
       
  2367          * Must contain exactly one %s which will be replaced by the account
       
  2368          * name.
       
  2369          * Services will attempt a simple bind with this DN and the given
       
  2370          * password; if this is successful the password is considered correct.
       
  2371          */
       
  2372         dnformat = "cn=%s,dc=jillestest,dc=com";
       
  2373 };
       
  2374 
       
  2375 /******************************************************************************
       
  2376  * LOGGING SECTION.                                                           *
       
  2377  ******************************************************************************/
       
  2378 
       
  2379 /*
       
  2380  * logfile{} blocks can be used to set up log files other than the master
       
  2381  * logfile used by services, which is controlled by serverinfo::loglevel.
       
  2382  *
       
  2383  * The various logging categories are:
       
  2384  *      debug, all      - meta-keyword for all possible categories
       
  2385  *      trace           - meta-keyword for a little bit of info
       
  2386  *      misc            - like trace, but with some more miscillaneous info
       
  2387  *      notice          - meta-keyword for notice-like information
       
  2388  * ------------------------------------------------------------------------------
       
  2389  *      error           - critical errors
       
  2390  *      info            - miscillaneous log notices
       
  2391  *      verbose         - A bit more verbose than info, not quite as spammy as debug
       
  2392  *      commands        - all command use
       
  2393  *      admin           - administrative command use
       
  2394  *      register        - account and channel registrations
       
  2395  *      set             - changes of account or channel settings
       
  2396  *      request         - user requests (currently only vhosts)
       
  2397  *      network         - log notices related to network status
       
  2398  *      rawdata         - log raw data sent and received by services
       
  2399  *      wallops         - <not yet used>
       
  2400  *      denycmd         - security model denials (commands, permissions)
       
  2401  */
       
  2402 
       
  2403 /*
       
  2404  * This block logs all account and channel registrations and drops,
       
  2405  * and account and channel setting changes to var/account.log.
       
  2406  */
       
  2407 logfile "var/account.log" { register; set; };
       
  2408 
       
  2409 /*
       
  2410  * This block logs all command use to var/commands.log.
       
  2411  */
       
  2412 logfile "var/commands.log" { commands; };
       
  2413 
       
  2414 /*
       
  2415  * This block logs all security auditing information.
       
  2416  */
       
  2417 logfile "var/audit.log" { denycmd; };
       
  2418 
       
  2419 /*
       
  2420  * You can log to IRC channels, and even split it by category, too.
       
  2421  * This entry provides roughly the same functionality as the old snoop
       
  2422  * feature.
       
  2423  */
       
  2424 logfile "#services" { error; info; admin; request; register; denycmd; };
       
  2425 
       
  2426 /*
       
  2427  * This block logs to server notices.
       
  2428  */
       
  2429 logfile "!snotices" { error; info; request; denycmd; };
       
  2430 
       
  2431 /******************************************************************************
       
  2432  * GENERAL PARAMETERS CONFIGURATION SECTION.                                  *
       
  2433  ******************************************************************************/
       
  2434 
       
  2435 /* The general {} block defines general configuration options. */
       
  2436 general {
       
  2437         /* (*)permissive_mode
       
  2438          * Whether or not security denials should be soft denials instead of
       
  2439          * hard denials.  If security denials are soft denials, then they will
       
  2440          * only be logged to the denial log.
       
  2441          */
       
  2442         #permissive_mode;
       
  2443 
       
  2444         /* (*)helpchan
       
  2445          * Network help channel. Shown to users when they request
       
  2446          * help for a command that doesn't exist.
       
  2447          */
       
  2448         #helpchan = "#help";
       
  2449 
       
  2450         /* (*)helpurl
       
  2451          * Network webpage for services help. Shown to users when they
       
  2452          * request help for a command that doesn't exist.
       
  2453          */
       
  2454         #helpurl = "http://www.stack.nl/~jilles/irc/atheme-help/";
       
  2455 
       
  2456         /* (*)silent
       
  2457          * If you want to prevent services from sending
       
  2458          * WALLOPS/GLOBOPS about things uncomment this.
       
  2459          * Not recommended.
       
  2460          */
       
  2461         #silent;
       
  2462 
       
  2463         /* (*)verbose_wallops
       
  2464          * If you want services to send you more information about
       
  2465          * events that are occuring (in particular AKILLs), uncomment the
       
  2466          * directive below.
       
  2467          *
       
  2468          * WARNING! This may result in large amounts of wallops/globops
       
  2469          * floods.
       
  2470          */
       
  2471         #verbose_wallops;
       
  2472 
       
  2473         /* (*)join_chans
       
  2474          * Should ChanServ be allowed to join registered channels?
       
  2475          * This option is useful for the fantasy command set.
       
  2476          *
       
  2477          * If enabled, you can tell ChanServ to join via SET GUARD ON.
       
  2478          *
       
  2479          * If you use ircu-like ircd (asuka), you must
       
  2480          * leave this enabled, and put guard in default cflags.
       
  2481          *
       
  2482          * For ratbox it is recommended to leave it on and put guard in
       
  2483          * default cflags, in order that ChanServ does not have to join/part
       
  2484          * to do certain things. On the other hand, enabling this increases
       
  2485          * potential for bots fighting with ChanServ.
       
  2486          *
       
  2487          * Regardless of this option, ChanServ will temporarily join
       
  2488          * channels which would otherwise be empty if necessary to enforce
       
  2489          * akick/restricted/close, and to change the TS if changets is
       
  2490          * enabled.
       
  2491          */
       
  2492         join_chans;
       
  2493 
       
  2494         /* (*)leave_chans
       
  2495          * Do we leave registered channels after everyone else has left?
       
  2496          * Turning this off serves little purpose, except to mark "official"
       
  2497          * network channels by keeping them open, and to preserve the
       
  2498          * topic and +beI lists.
       
  2499          */
       
  2500         leave_chans;
       
  2501 
       
  2502         /* secure
       
  2503          * Do you want to require the use of /msg <service>@<services host>?
       
  2504          * Turning this on helps protect against spoofers, but is disabled
       
  2505          * as most networks do not presently use it.
       
  2506          */
       
  2507         #secure;
       
  2508 
       
  2509         /* (*)uflags
       
  2510          * The default flags to set for usernames upon registration.
       
  2511          * Valid values are: hold, neverop, noop, hidemail, nomemo, emailmemos,
       
  2512          * enforce, privmsg, private, quietchg and none.
       
  2513          */
       
  2514         uflags = { hidemail; };
       
  2515 
       
  2516         /* (*)cflags
       
  2517          * The default flags to set for channels upon registration.
       
  2518          * Valid values are: hold, secure, verbose, verbose_ops, keeptopic,
       
  2519          * topiclock, guard, private, nosync, limitflags, pubacl and none.
       
  2520          */
       
  2521         cflags = { verbose; guard; };
       
  2522 
       
  2523         /* (*)raw
       
  2524          * Do you want to allow SRAs to use the RAW and INJECT commands?
       
  2525          * These commands are for debugging. If you don't know how to use them
       
  2526          * then don't enable them. They are not supported.
       
  2527          */
       
  2528         #raw;
       
  2529 
       
  2530         /* (*)flood_msgs
       
  2531          * Do you want services to detect floods?
       
  2532          * Set to how many messages before a flood is triggered.
       
  2533          * Note that some messages that need a lot of processing count
       
  2534          * as two or four messages.
       
  2535          * If services receives `flood_msgs' within `flood_time' the user will
       
  2536          * trigger the flood protection.
       
  2537          * Setting this to zero disables flood protection.
       
  2538          */
       
  2539         flood_msgs = 7;
       
  2540 
       
  2541         /* (*)flood_time
       
  2542          * Do you want services to detect floods?
       
  2543          * Set to how long before the counter resets.
       
  2544          * If services receives `flood_msgs' within `flood_time' the user will
       
  2545          * trigger the flood protection.
       
  2546          */
       
  2547         flood_time = 10;
       
  2548 
       
  2549         /* (*)ratelimit_uses
       
  2550          * After how many uses of a command will users be throttled.
       
  2551          * After `ratelimit_uses' of a command within `ratelimit_period', users
       
  2552          * will not be able to run that ratelimited command until the period is up.
       
  2553          * Comment this, ratelimit_period below or both options out to disable rate limiting.
       
  2554          * Currently used in helpserv/helpme, helpserv/ticket, hostserv/request,
       
  2555          * nickserv/register and chanserv/register.
       
  2556          */
       
  2557         ratelimit_uses = 5;
       
  2558 
       
  2559         /* (*)ratelimit_period
       
  2560          * After how much time (in seconds) will the ratelimit_uses counter reset.
       
  2561          * After `ratelimit_uses' of a command within `ratelimit_period', users
       
  2562          * will not be able to run that ratelimited command until the period is up.
       
  2563          * Comment this, ratelimit_uses above or both options out to disable rate limiting.
       
  2564          * Currently used in helpserv/helpme, helpserv/ticket, hostserv/request,
       
  2565          * nickserv/register and chanserv/register.
       
  2566          */
       
  2567         ratelimit_period = 60;
       
  2568 
       
  2569         /* (*)vhost_change
       
  2570          * The default number of days between vHost changes once a user has used HostServ
       
  2571          * TAKE or REQUEST.  (Helps to deter rabid host-swappers and ban evaders.)
       
  2572          */
       
  2573         #vhost_change = 30;
       
  2574 
       
  2575         /* (*)kline_time
       
  2576          * The default expire time for KLINE's in days.
       
  2577          * Setting this to 0 makes all KLINE's permanent.
       
  2578          */
       
  2579         kline_time = 7;
       
  2580 
       
  2581         /* (*)kline_with_ident
       
  2582          * KLINE user@host instead of *@host.
       
  2583          * Applies to all automatic KLINE's set by services.
       
  2584          */
       
  2585         #kline_with_ident;
       
  2586 
       
  2587         /* (*)kline_verified_ident
       
  2588          * KLINE *@host if the first character of the ident is ~,
       
  2589          * irrespective of the value of kline_with_ident.
       
  2590          */
       
  2591         #kline_verified_ident;
       
  2592 
       
  2593         /* (*)clone_time
       
  2594          * This is the default expiry time for CLONE exemptions in minutes.
       
  2595          * Setting this to 0 makes all CLONE exemptions permanent.
       
  2596          */
       
  2597         clone_time = 0;
       
  2598 
       
  2599         /* commit_interval
       
  2600          * The time between database writes in minutes.
       
  2601          */
       
  2602         commit_interval = 5;
       
  2603 
       
  2604         /* (*)operstring
       
  2605          * The string returned in WHOIS (against services) for IRC operators.
       
  2606          */
       
  2607         #operstring = "is an IRC Operator";
       
  2608 
       
  2609         /* (*)servicestring
       
  2610          * The string returned in WHOIS (against services) for services.
       
  2611          */
       
  2612         #servicestring = "is a Network Service";
       
  2613 
       
  2614         /* (*)default_clone_allowed
       
  2615          * The limit after which clones will be KILLed or TKLINEd.
       
  2616          * Used by operserv/clones.
       
  2617          */
       
  2618         default_clone_allowed = 5;
       
  2619 
       
  2620         /* (*)default_clone_warn
       
  2621          * The limit after which clones will be warned that they may not
       
  2622          * have any more concurrent connections. Should be lower than
       
  2623          * default_clone_allowed . Used by operserv/clones.
       
  2624          */
       
  2625         default_clone_warn = 4;
       
  2626 
       
  2627         /* (*)clone_identified_increase_limit
       
  2628          * If this option is enabled, the clone limit for a IP/host will
       
  2629          * be increased by 1 per clone that's identified to services.
       
  2630          * This has a limit of double the clone limits above.
       
  2631          */
       
  2632         clone_identified_increase_limit;
       
  2633 
       
  2634         /* (*)uplink_sendq_limit
       
  2635          * The maximum amount of data that may be queued to be sent
       
  2636          * to the uplink, in bytes. This should be enough to contain
       
  2637          * Atheme's response to the netburst, but smaller than the
       
  2638          * IRCd's sendq limit for servers.
       
  2639          */
       
  2640         uplink_sendq_limit = 1048576;
       
  2641 
       
  2642         /* (*)language
       
  2643          * Language to use for channel and oper messages and as default
       
  2644          * for users.
       
  2645          */
       
  2646         language = "en";
       
  2647 
       
  2648         /* exempts
       
  2649          * This block contains a list of user@host masks. Users matching any
       
  2650          * of these will not be automatically K:lined by services.
       
  2651          */
       
  2652         exempts {
       
  2653         };
       
  2654 
       
  2655         /* allow_taint
       
  2656          * By enabling this option, Atheme will run in configurations where
       
  2657          * the upstream will not provide support.  By enabling this feature,
       
  2658          * you void any perceived rights to support.
       
  2659          */
       
  2660         #allow_taint;
       
  2661 
       
  2662         /* (*)immune_level
       
  2663          * This option allows you to customize the operlevel which gets kick
       
  2664          * immunity privileges.
       
  2665          *
       
  2666          * The following flags are available:
       
  2667          *    immune - require whatever ircd usermode is needed for kick
       
  2668          *             immunity (this is the default);
       
  2669          *    admin  - require admin privileges for kick immunity
       
  2670          *    ircop  - require any ircop privileges for kick immunity (umode +o)
       
  2671          */
       
  2672         immune_level = immune;
       
  2673 
       
  2674         /* show_entity_id
       
  2675          * This makes nick/user & group entity IDs visible to everyone, rather
       
  2676          * than just opers with user:auspex or group:auspex privileges.
       
  2677          */
       
  2678         show_entity_id;
       
  2679 
       
  2680         /* load_database_mdeps
       
  2681          *
       
  2682          * For module dependencies listed in the services database (if any),
       
  2683          * whether to load those modules on startup (if they are not already
       
  2684          * loaded) or abort startup with a more helpful error message than
       
  2685          * e.g. "db services.db:123: unknown directive 'BE'" --> "corestorage:
       
  2686          * exiting to avoid data loss".
       
  2687          *
       
  2688          * Comment this out to abort startup instead of silently loading the
       
  2689          * modules you need to process the database successfully. The abort
       
  2690          * reason will tell you what module the database requires so that you
       
  2691          * can fix your configuration file.
       
  2692          */
       
  2693         load_database_mdeps;
       
  2694 };
       
  2695 
       
  2696 proxyscan {
       
  2697         /* Here you can configure the details of your Proxyscan (DNS Blacklist)
       
  2698          * scanner service.
       
  2699          */
       
  2700 
       
  2701         nick = "Proxyscan";
       
  2702         user = "dnsbl";
       
  2703         host = "{{atheme_server_host}}";
       
  2704         real = "Proxyscan Service";
       
  2705 
       
  2706         blacklists {
       
  2707          "dnsbl.dronebl.org";
       
  2708          "rbl.efnetrbl.org";
       
  2709          "tor.efnet.org";
       
  2710         };
       
  2711 
       
  2712         /* Available dnsbl_action's:
       
  2713          * NONE - Do nothing
       
  2714          * NOTIFY - Notify user that they are listed in a DNSBL and which one
       
  2715          * SNOOP - Report the user to the logchannel or services channel
       
  2716          * KLINE - AKILL the user from the network (default AKILL is 24 hours)
       
  2717          */
       
  2718 
       
  2719         dnsbl_action = kline;
       
  2720 };
       
  2721 
       
  2722 /******************************************************************************
       
  2723  * OPERATOR AND PRIVILEGES CONFIGURATION SECTION.                             *
       
  2724  ******************************************************************************/
       
  2725 
       
  2726 /* Operator configuration
       
  2727  * See the PRIVILEGES document for more information.
       
  2728  * NOTE: All changes apply immediately upon rehash. You may need
       
  2729  * to send a signal (killall -HUP atheme-services) to regain control.
       
  2730  */
       
  2731 /* (*) Operclasses specify groups of services operator privileges */
       
  2732 /* The "user" operclass specifies privileges all users get.
       
  2733  * This may be empty (default) in which case users get no special privileges.
       
  2734  * If you use the security/cmdperm module, you will need to grant command: privileges
       
  2735  * to every command that you want users to be able to use.
       
  2736  */
       
  2737 operclass "user" { };
       
  2738 
       
  2739 /* The "ircop" operclass specifies privileges all IRCops get.
       
  2740  * This may be empty in which case IRCops get no privs.
       
  2741  * At least chan:cmodes, chan:joinstaffonly and general:auspex are suggested.
       
  2742  */
       
  2743 operclass "ircop" {
       
  2744         privs {
       
  2745                 special:ircop;
       
  2746         };
       
  2747 
       
  2748         privs {
       
  2749                 user:auspex;
       
  2750                 user:admin;
       
  2751                 user:sendpass;
       
  2752                 user:vhost;
       
  2753                 user:mark;
       
  2754         };
       
  2755 
       
  2756         privs {
       
  2757                 chan:auspex;
       
  2758                 chan:admin;
       
  2759                 chan:cmodes;
       
  2760                 chan:joinstaffonly;
       
  2761         };
       
  2762 
       
  2763         privs {
       
  2764                 general:auspex;
       
  2765                 general:helper;
       
  2766                 general:viewprivs;
       
  2767                 general:flood;
       
  2768         };
       
  2769 
       
  2770         privs {
       
  2771                 operserv:omode;
       
  2772                 operserv:akill;
       
  2773                 operserv:jupe;
       
  2774                 operserv:global;
       
  2775         };
       
  2776 
       
  2777         privs {
       
  2778                 group:auspex;
       
  2779                 group:admin;
       
  2780         };
       
  2781 };
       
  2782 
       
  2783 operclass "sra" {
       
  2784         /* You can inherit privileges from a lower operclass. */
       
  2785         extends "ircop";
       
  2786 
       
  2787         privs {
       
  2788                 user:hold;
       
  2789                 user:regnolimit;
       
  2790         };
       
  2791 
       
  2792         privs {
       
  2793                 general:metadata;
       
  2794                 general:admin;
       
  2795         };
       
  2796 
       
  2797         privs {
       
  2798                 #operserv:massakill;
       
  2799                 #operserv:akill-anymask;
       
  2800                 operserv:noop;
       
  2801                 operserv:grant;
       
  2802         };
       
  2803 
       
  2804         /* needoper
       
  2805          * Only grant privileges to IRC users in this oper class if they
       
  2806          * are opered; other use of privilege (channel succession, XMLRPC,
       
  2807          * etc.) is unaffected by this.
       
  2808          *
       
  2809          * This flag is *not* inherited by operclasses that extend this one;
       
  2810          * you will have to set it explicitly for each operclass.
       
  2811          */
       
  2812         needoper;
       
  2813 };
       
  2814 
       
  2815 
       
  2816 /* (*) Operator blocks specify accounts with certain privileges
       
  2817  * Oper classes must be defined before they are used in operator blocks.
       
  2818  */
       
  2819 operator "jilles" {
       
  2820         /* operclass */
       
  2821         operclass = "sra";
       
  2822 
       
  2823         /* password
       
  2824          *
       
  2825          * Normally, the user needs to identify/log in using the account's
       
  2826          * password, and may need to be an IRCop (see operclass::needoper
       
  2827          * above). If you consider this not secure enough, you can
       
  2828          * specify an additional password here, which the user must enter
       
  2829          * using the OperServ IDENTIFY command, before the privileges can
       
  2830          * be used.
       
  2831          *
       
  2832          * The password must be encrypted if a crypto module is in use.
       
  2833          *
       
  2834          * If you are using modules/crypto/crypt3-*, you can probably use
       
  2835          * the "mkpasswd" program included with most Linux distributions.
       
  2836          * Otherwise you can use modules/operserv/genhash to encrypt a
       
  2837          * password for use here.
       
  2838          */
       
  2839         #password = "$1$3gJMO9by$0G60YE6GqmuHVH3AnFPor1";
       
  2840 };
       
  2841 
       
  2842 /******************************************************************************
       
  2843  * INCLUDE CONFIGURATION SECTION.                                             *
       
  2844  ******************************************************************************/
       
  2845 
       
  2846 /* You may also specify other files for inclusion.
       
  2847  * For example:
       
  2848  *
       
  2849  * include "etc/sras.conf";
       
  2850  */