ansible-roles: comparison atheme/templates/atheme.conf.j2

equal deleted inserted replaced

-:22c06d6916bf
+:d843011c249d
+/* This is an example configuration for Services.
+*
+* All statements end in semi-colons (';').
+* Shell style, C style, and C++ style comments may be used.
+*
+* Items marked with "(*)" are reconfigurable at runtime via REHASH.
+*/
+/******************************************************************************
+* MODULES SECTION.                                                           *
+******************************************************************************/
+/*
+* These are the modules included with the core distribution of Services.
+*
+* You may be interested in the atheme community modules distribution as
+* well, which adds additional features that may or may not be compatible
+* with the project paradigms intended for maintainance of the core of
+* atheme-services.
+*
+* Visit the atheme-services website for more information and to download them.
+*
+* Modules marked [experimental] will taint your atheme-services instance. Do
+* not file any bug reports with us about using Services with those modules;
+* they will be ignored.
+*/
+/* Dynamic security modules.
+*
+* WARNING: If you select one of these modules, the default security policy included
+* with Atheme may break.  These modules are intended for people who know what they
+* are doing and understand the implications of what they do.  Security modules which
+* are likely to break the default policy are prefixed with [!], if you are new to
+* Atheme, you should avoid enabling them.
+*
+* If you find your security policy is broken, you may debug it while allowing normal
+* operation of your IRC network by putting Atheme into "permissive mode".  To do this,
+* enable general::permissive_mode.
+*
+* [!] Infer "command:" namespace permissions   modules/security/cmdperm
+*/
+#loadmodule "modules/security/cmdperm";
+/* Protocol module.
+*
+* Please select a protocol module. Different servers use different protocols.
+* Below is a listing of ircd's known to work with the various protocol modules
+* available.
+*
+* Asuka 1.2.1 or later                         modules/protocol/asuka
+* Bahamut 2.1.x                                modules/protocol/bahamut
+* Charybdis IRCd                               modules/protocol/charybdis
+* ChatIRCd                                     modules/protocol/chatircd1.1
+* DreamForge 4.6.7 or later                    modules/protocol/dreamforge
+* InspIRCd 2.0                                 modules/protocol/inspircd
+* ircd-ratbox 2.0 and later                    modules/protocol/ratbox
+* IRCNet ircd (ircd 2.11)                      modules/protocol/ircnet
+* ircd-seven                                   modules/protocol/ircd-seven
+* Nefarious IRCu 0.4.0 or later                modules/protocol/nefarious
+* ngIRCd 19 or later [experimental]            modules/protocol/ngircd
+* UnrealIRCd 3.2.*                             modules/protocol/unreal
+* UnrealIRCd 4 or later                        modules/protocol/unreal4
+*
+* If your IRCd vendor has supplied a module file, build it and load it here
+* instead of one above.
+*/
+loadmodule "modules/protocol/ngircd";
+/* Protocol mixins.
+*
+* These should be used if you do not have/want certain features on your
+* network that your ircd normally has. If you do not know what this means,
+* you do not need any of them.
+*
+* Disable halfops                              modules/protocol/mixin_nohalfops
+* Disable holdnick (use enforcer clients)      modules/protocol/mixin_noholdnick
+* Disable "protect" mode on channels           modules/protocol/mixin_noprotect
+* Disable "owner" mode on channels             modules/protocol/mixin_noowner
+*/
+#loadmodule "modules/protocol/mixin_nohalfops";
+#loadmodule "modules/protocol/mixin_noholdnick";
+#loadmodule "modules/protocol/mixin_noprotect";
+#loadmodule "modules/protocol/mixin_noowner";
+/* Database backend module.
+*
+* Please select a database backend module. Different backends allow for
+* different ways in which the services data can be manipulated. YOU MAY
+* ONLY HAVE ONE OF THESE BACKENDS LOADED.
+*
+* The following backends are available:
+*
+* Atheme 0.1 flatfile database format          modules/backend/flatfile
+* Open Services Exchange database format       modules/backend/opensex
+*
+* Most networks will want opensex.
+*/
+loadmodule "modules/backend/opensex";
+/* Password hashing modules.
+*
+* If you would like encryption for your services passwords, or to migrate
+* from another IRC services package which used encryption for its passwords,
+* please select a module here.
+*
+* The following encryption-capable crypto modules are available:
+*
+*   Argon2 (Password Hashing Competition 2015)    modules/crypto/argon2
+*   scrypt (Tarsnap Online Backup Service)        modules/crypto/scrypt
+*   PBKDF2 (Including support for SASL SCRAM-SHA) modules/crypto/pbkdf2v2
+*   bcrypt (EksBlowfish; from Niels Provos etc.)  modules/crypto/bcrypt
+*   SHA2-512 crypt(3) a la '$6$...'               modules/crypto/crypt3-sha2-512
+*   SHA2-256 crypt(3) a la '$5$...'               modules/crypto/crypt3-sha2-256
+*
+* If you do not load an encryption-capable crypto module, some features will
+* not work correctly, and errors will be logged on e.g. user registration
+* that it was not possible to encrypt their password. Support for running
+* without an encryption-capable crypto module will be removed in a later
+* version of this software; for now it is just *HIGHLY* discouraged.
+*
+* Note, that upon starting with an encryption-capable crypto module, YOUR
+* UNENCRYPTED PASSWORDS ARE IMMEDIATELY AND *IRREVERSIBLY* CONVERTED. Make
+* at least TWO backups of your database before experimenting with this. If
+* you have several thousand accounts, this conversion may take a long time.
+*
+* The following modules can only be used to /verify/ existing encrypted
+* passwords, for example when upgrading from an older version of this
+* software, or migrating from something else:
+*
+*   PBKDF2 v1 (Atheme <= 7.2 compatibility)       modules/crypto/pbkdf2
+*   Raw SHA2-512                                  modules/crypto/rawsha2-512
+*   Raw SHA2-256                                  modules/crypto/rawsha2-256
+*   Anope SHA2-256 (Anope 2.0 compatibility)      modules/crypto/anope-enc-sha256
+*   Raw SHA1 (Anope ~1.8 compatibility)           modules/crypto/rawsha1
+*   Raw MD5 (Anope ~1.8 compatibility)            modules/crypto/rawmd5
+*   IRCServices (+ Anope) compatibility           modules/crypto/ircservices
+*   MD5 crypt(3) (Atheme Linux compatibility)     modules/crypto/crypt3-md5
+*   DES crypt(3) (Atheme OS X compatibility)      modules/crypto/crypt3-des
+*   Base64 (Anope ~1.8 compatibility)             modules/crypto/base64
+*
+* To transition between crypto schemes, load the preferred scheme first,
+* and as users login or set new passwords, they will be migrated to the new
+* preferred scheme. Like so:
+*
+* loadmodule "modules/crypto/argon2";
+* loadmodule "modules/crypto/scrypt";
+* loadmodule "modules/crypto/pbkdf2v2";
+* loadmodule "modules/crypto/pbkdf2";
+* loadmodule "modules/crypto/crypt3-md5";
+*
+* The Argon2 module requires the argon2 reference library (./configure
+* --with-argon2) and is *NOT* available in Atheme v7.2 or earlier. If you
+* wish to use this module while retaining the possibility to downgrade to
+* v7.2, please see the crypto {} documentation below.
+*
+* The Scrypt module requires libsodium (./configure --with-libsodium) and is
+* *NOT* available in Atheme v7.2 or earlier. This module may also require a
+* 64-bit Operating System to function correctly.
+*
+* The PBKDF2v2 module has no dependencies and is recommended. If you were
+* previously using the PBKDF2 v1 module on v7.2, you must still keep it in
+* the configuration here; the PBKDF2 v2 module cannot verify its password
+* hashes. However, you should also load PBKDF2 v2 (if you don't decide to use
+* anything else), because the PBKDF2 v1 module is now verify-only.
+*
+* The bcrypt module will truncate passwords greater than 72 characters. It is
+* also capable of verifying the older $2a$ digests that contain an integer
+* wrap-around bug, as used on e.g. Anope. It is not capable of verifying the
+* PHP-bcrypt $2x$ and $2y$ digests; but $2y$ can simply be changed to $2b$.
+* All successfully-verified passwords not using $2b$ will be converted to it.
+* This is an encryption-capable module, but its use is discouraged unless you
+* need to use it for interoperability with some other piece of software.
+*
+* The crypt3-* modules depend on your platform crypt(3) supporting the
+* respective algorithms. This is not guaranteed to be the case. If you used
+* modules/crypto/posix on Linux, you need crypt3-md5. If you used
+* modules/crypto/posix on OS X, you need crypt3-des. These modules issue
+* informational messages when loaded to the effect that they might break in
+* the future. They also run selftests on load to verify that they will work.
+*
+* All available modules are listed below, in the preferred load order. The
+* modules that are commented out are not available by default (please see
+* the v7.3 release notes in NEWS.md) or may require a third-party library to
+* use. If you know that you do not need a specific module, it is better to
+* not load it, so comment it out. Do not change the order of the modules
+* below unless you need to migrate from one to the other (as described
+* above); in particular, putting verify-only modules above encryption-
+* capable modules would be a waste of CPU time every time password
+* verification for a user whose password was not encrypted by them is
+* attempted.
+*
+* Comments that start with -- describe the ./configure option necessary to
+* have this module built.
+*/
+#loadmodule "modules/crypto/argon2";            /* --with-argon2 */
+#loadmodule "modules/crypto/scrypt";            /* --with-sodium */
+loadmodule "modules/crypto/pbkdf2v2";
+#loadmodule "modules/crypto/bcrypt";            /* See notes above */
+loadmodule "modules/crypto/pbkdf2";             /* Verify-only, see prev. */
+#loadmodule "modules/crypto/crypt3-sha2-512";   /* Needs crypt(3) support */
+#loadmodule "modules/crypto/crypt3-sha2-256";   /* Needs crypt(3) support */
+#loadmodule "modules/crypto/crypt3-md5";        /* --enable-legacy-pwcrypto */
+#loadmodule "modules/crypto/rawsha2-512";       /* --enable-legacy-pwcrypto */
+#loadmodule "modules/crypto/rawsha2-256";       /* --enable-legacy-pwcrypto */
+#loadmodule "modules/crypto/anope-enc-sha256";  /* --enable-legacy-pwcrypto */
+#loadmodule "modules/crypto/rawsha1";           /* --enable-legacy-pwcrypto */
+#loadmodule "modules/crypto/rawmd5";            /* --enable-legacy-pwcrypto */
+#loadmodule "modules/crypto/ircservices";       /* --enable-legacy-pwcrypto */
+#loadmodule "modules/crypto/crypt3-des";        /* --enable-legacy-pwcrypto */
+#loadmodule "modules/crypto/base64";            /* --enable-legacy-pwcrypto */
+/* Authentication module.
+*
+* These allow using passwords from an external system. The password given
+* when registering a new account is also checked against the external
+* system.
+*
+* The following authentication modules are available:
+*
+* LDAP                                         modules/auth/ldap
+*
+* The LDAP module requires OpenLDAP client libraries. It uses them in a
+* synchronous manner, which means that an unresponsive LDAP server can
+* freeze services.
+*/
+#loadmodule "modules/auth/ldap";
+/* NickServ modules.
+*
+* Here you can disable or enable certain features of NickServ, by
+* defining which modules are loaded. You can even disable NickServ
+* entirely. Please note however, that an authentication service
+* (either NickServ, or UserServ) is required for proper functionality.
+*
+* Core components                              modules/nickserv/main
+* Nickname access lists                        modules/nickserv/access
+* Bad email address blocking                   modules/nickserv/badmail
+* CertFP fingerprint managment                 modules/nickserv/cert
+* DROP command                                 modules/nickserv/drop
+* Nickname enforcement                         modules/nickserv/enforce
+* GHOST command                                modules/nickserv/ghost
+* GROUP and UNGROUP commands                   modules/nickserv/group
+* HELP command                                 modules/nickserv/help
+* Nickname expiry override (HOLD command)      modules/nickserv/hold
+* IDENTIFY command                             modules/nickserv/identify
+* INFO command                                 modules/nickserv/info
+* Last quit message in INFO                    modules/nickserv/info_lastquit
+* LIST command                                 modules/nickserv/list
+* LISTLOGINS command                           modules/nickserv/listlogins
+* LISTMAIL command                             modules/nickserv/listmail
+* LISTOWNMAIL command                          modules/nickserv/listownmail
+* LOGIN command (for no_nick_ownership)        modules/nickserv/login
+* LOGOUT command                               modules/nickserv/logout
+* MARK command                                 modules/nickserv/mark
+* Password quality validation                  modules/nickserv/pwquality
+* FREEZE command                               modules/nickserv/freeze
+* LISTCHANS command                            modules/nickserv/listchans
+* LISTGROUPS command                           modules/nickserv/listgroups
+* REGISTER command                             modules/nickserv/register
+* Bypass registration limits (REGNOLIMIT)      modules/nickserv/regnolimit
+* Password reset (RESETPASS command)           modules/nickserv/resetpass
+* RESTRICT command                             modules/nickserv/restrict
+* Password return (RETURN command)             modules/nickserv/return
+* Password retrieval (SENDPASS command)        modules/nickserv/sendpass
+* Password retrieval allowed to normal users   modules/nickserv/sendpass_user
+* Change primary nickname (SET ACCOUNTNAME)    modules/nickserv/set_accountname
+* SET EMAIL command                            modules/nickserv/set_email
+* SET EMAILMEMOS command                       modules/nickserv/set_emailmemos
+* SET ENFORCETIME command                      modules/nickserv/set_enforcetime
+* SET HIDEMAIL command                         modules/nickserv/set_hidemail
+* SET LANGUAGE command                         modules/nickserv/set_language
+* SET NEVERGROUP command                       modules/nickserv/set_nevergroup
+* SET NEVEROP command                          modules/nickserv/set_neverop
+* SET NOGREET command                          modules/nickserv/set_nogreet
+* SET NOMEMO command                           modules/nickserv/set_nomemo
+* SET NOOP command                             modules/nickserv/set_noop
+* SET NOPASSWORD command                       modules/nickserv/set_nopassword
+* SET PASSWORD command                         modules/nickserv/set_password
+* PRIVMSG instead of NOTICE (SET PRIVMSG cmd)  modules/nickserv/set_privmsg
+* Account info hiding (SET PRIVATE command)    modules/nickserv/set_private
+* SET PROPERTY command                         modules/nickserv/set_property
+* SET PUBKEY command                           modules/nickserv/set_pubkey
+* SET QUIETCHG command                         modules/nickserv/set_quietchg
+* Password retrieval uses code (SETPASS cmd)   modules/nickserv/setpass
+* STATUS command                               modules/nickserv/status
+* Nickname metadata viewer (TAXONOMY command)  modules/nickserv/taxonomy
+* VACATION command                             modules/nickserv/vacation
+* VERIFY command                               modules/nickserv/verify
+* VHOST command                                modules/nickserv/vhost
+* Delay services account registrations         modules/nickserv/waitreg
+*/
+loadmodule "modules/nickserv/main";
+#loadmodule "modules/nickserv/access";
+loadmodule "modules/nickserv/badmail";
+#loadmodule "modules/nickserv/cert";
+loadmodule "modules/nickserv/drop";
+#loadmodule "modules/nickserv/enforce";
+loadmodule "modules/nickserv/ghost";
+loadmodule "modules/nickserv/group";
+loadmodule "modules/nickserv/help";
+loadmodule "modules/nickserv/hold";
+loadmodule "modules/nickserv/identify";
+loadmodule "modules/nickserv/info";
+#loadmodule "modules/nickserv/info_lastquit";
+loadmodule "modules/nickserv/list";
+#loadmodule "modules/nickserv/listlogins";
+loadmodule "modules/nickserv/listmail";
+#loadmodule "modules/nickserv/listownmail";
+#loadmodule "modules/nickserv/login";
+loadmodule "modules/nickserv/logout";
+loadmodule "modules/nickserv/mark";
+#loadmodule "modules/nickserv/pwquality";
+loadmodule "modules/nickserv/freeze";
+loadmodule "modules/nickserv/listchans";
+loadmodule "modules/nickserv/listgroups";
+loadmodule "modules/nickserv/register";
+loadmodule "modules/nickserv/regnolimit";
+loadmodule "modules/nickserv/resetpass";
+loadmodule "modules/nickserv/restrict";
+loadmodule "modules/nickserv/return";
+loadmodule "modules/nickserv/setpass";
+#loadmodule "modules/nickserv/sendpass";
+loadmodule "modules/nickserv/sendpass_user";
+loadmodule "modules/nickserv/set_accountname";
+loadmodule "modules/nickserv/set_email";
+loadmodule "modules/nickserv/set_emailmemos";
+#loadmodule "modules/nickserv/set_enforcetime";
+loadmodule "modules/nickserv/set_hidemail";
+loadmodule "modules/nickserv/set_language";
+loadmodule "modules/nickserv/set_nevergroup";
+loadmodule "modules/nickserv/set_neverop";
+loadmodule "modules/nickserv/set_nogreet";
+loadmodule "modules/nickserv/set_nomemo";
+loadmodule "modules/nickserv/set_noop";
+#loadmodule "modules/nickserv/set_nopassword";
+loadmodule "modules/nickserv/set_password";
+#loadmodule "modules/nickserv/set_privmsg";
+#loadmodule "modules/nickserv/set_private";
+loadmodule "modules/nickserv/set_property";
+loadmodule "modules/nickserv/set_pubkey";
+loadmodule "modules/nickserv/set_quietchg";
+loadmodule "modules/nickserv/status";
+loadmodule "modules/nickserv/taxonomy";
+loadmodule "modules/nickserv/vacation";
+loadmodule "modules/nickserv/verify";
+loadmodule "modules/nickserv/vhost";
+#loadmodule "modules/nickserv/waitreg";
+/* ChanServ modules.
+*
+* Here you can disable or enable certain features of ChanServ, by
+* defining which modules are loaded. You can even disable ChanServ
+* entirely. Please note that ChanServ requires an authentication
+* service, either NickServ or UserServ will do.
+*
+* Core components                              modules/chanserv/main
+* ACCESS command (simplified ACL editing)      modules/chanserv/access
+* AKICK command                                modules/chanserv/akick
+* BAN/UNBAN commands                           modules/chanserv/ban
+* UNBAN self only (load ban or this not both)  modules/chanserv/unban_self
+* BANSEARCH command                            modules/chanserv/bansearch
+* CLOSE command                                modules/chanserv/close
+* CLONE command                                modules/chanserv/clone
+* CLEAR command                                modules/chanserv/clear
+* CLEAR AKICKS command                         modules/chanserv/clear_akicks
+* CLEAR BANS command                           modules/chanserv/clear_bans
+* CLEAR FLAGS command                          modules/chanserv/clear_flags
+* CLEAR USERS command                          modules/chanserv/clear_users
+* COUNT command                                modules/chanserv/count
+* DROP command                                 modules/chanserv/drop
+* Forced flags changes                         modules/chanserv/fflags
+* FLAGS command                                modules/chanserv/flags
+* Forced foundership transfers                 modules/chanserv/ftransfer
+* GETKEY command                               modules/chanserv/getkey
+* HALFOP/DEHALFOP commands                     modules/chanserv/halfop
+* HELP command                                 modules/chanserv/help
+* Channel expiry override (HOLD command)       modules/chanserv/hold
+* INFO command                                 modules/chanserv/info
+* INVITE command                               modules/chanserv/invite
+* KICK/KICKBAN commands                        modules/chanserv/kick
+* LIST command                                 modules/chanserv/list
+* MARK command                                 modules/chanserv/mark
+* Moderated channel registrations              modules/chanserv/moderate
+* OP/DEOP commands                             modules/chanserv/op
+* OWNER/DEOWNER commands                       modules/chanserv/owner
+* PROTECT/DEPROTECT commands                   modules/chanserv/protect
+* QUIET command (+q support)                   modules/chanserv/quiet
+* Channel takeover recovery (RECOVER command)  modules/chanserv/recover
+* REGISTER command                             modules/chanserv/register
+* SET EMAIL command                            modules/chanserv/set_email
+* SET ENTRYMSG command                         modules/chanserv/set_entrymsg
+* SET FANTASY command                          modules/chanserv/set_fantasy
+* SET GAMESERV command                         modules/chanserv/set_gameserv
+* SET GUARD command                            modules/chanserv/set_guard
+* SET KEEPTOPIC command                        modules/chanserv/set_keeptopic
+* SET LIMITFLAGS command                       modules/chanserv/set_limitflags
+* SET MLOCK command                            modules/chanserv/set_mlock
+* SET PREFIX command                           modules/chanserv/set_prefix
+* Channel info hiding (SET PRIVATE command)    modules/chanserv/set_private
+* SET PROPERTY command                         modules/chanserv/set_property
+* SET PUBACL command                           modules/chanserv/set_pubacl
+* SET RESTRICTED command                       modules/chanserv/set_restricted
+* SET SECURE command                           modules/chanserv/set_secure
+* SET TOPICLOCK command                        modules/chanserv/set_topiclock
+* SET URL command                              modules/chanserv/set_url
+* SET VERBOSE command                          modules/chanserv/set_verbose
+* STATUS command                               modules/chanserv/status
+* SYNC command (and automatic ACL syncing)     modules/chanserv/sync
+* Named Successor ACL flag                     modules/chanserv/successor_acl
+* Channel metadata viewer (TAXONOMY command)   modules/chanserv/taxonomy
+* TEMPLATE command                             modules/chanserv/template
+* TOPIC/TOPICAPPEND commands                   modules/chanserv/topic
+* VOICE/DEVOICE commands                       modules/chanserv/voice
+* WHY command                                  modules/chanserv/why
+* VOP/HOP/AOP/SOP commands                     modules/chanserv/xop
+*  This module provides emulation of the ircservices XOP scheme ONLY.
+*  Do not report discrepencies when using native commands to edit channel
+*  ACLs. This is intentional.
+* Flood protection                             modules/chanserv/antiflood
+*  This module should be loaded after at least chanserv/quiet if you want
+*  the autoquiet feature to work.
+*/
+loadmodule "modules/chanserv/main";
+loadmodule "modules/chanserv/access";
+loadmodule "modules/chanserv/akick";
+loadmodule "modules/chanserv/ban";
+#loadmodule "modules/chanserv/unban_self";
+loadmodule "modules/chanserv/bansearch";
+loadmodule "modules/chanserv/clone";
+loadmodule "modules/chanserv/close";
+loadmodule "modules/chanserv/clear";
+loadmodule "modules/chanserv/clear_akicks";
+loadmodule "modules/chanserv/clear_bans";
+loadmodule "modules/chanserv/clear_flags";
+loadmodule "modules/chanserv/clear_users";
+loadmodule "modules/chanserv/count";
+loadmodule "modules/chanserv/drop";
+#loadmodule "modules/chanserv/fflags";
+loadmodule "modules/chanserv/flags";
+loadmodule "modules/chanserv/ftransfer";
+loadmodule "modules/chanserv/getkey";
+#loadmodule "modules/chanserv/halfop";
+loadmodule "modules/chanserv/help";
+loadmodule "modules/chanserv/hold";
+loadmodule "modules/chanserv/info";
+loadmodule "modules/chanserv/invite";
+loadmodule "modules/chanserv/kick";
+loadmodule "modules/chanserv/list";
+loadmodule "modules/chanserv/mark";
+#loadmodule "modules/chanserv/moderate";
+loadmodule "modules/chanserv/op";
+#loadmodule "modules/chanserv/owner";
+#loadmodule "modules/chanserv/protect";
+#loadmodule "modules/chanserv/quiet";
+loadmodule "modules/chanserv/recover";
+loadmodule "modules/chanserv/register";
+loadmodule "modules/chanserv/set_email";
+loadmodule "modules/chanserv/set_entrymsg";
+loadmodule "modules/chanserv/set_fantasy";
+#loadmodule "modules/chanserv/set_gameserv";
+loadmodule "modules/chanserv/set_guard";
+loadmodule "modules/chanserv/set_keeptopic";
+#loadmodule "modules/chanserv/set_limitflags";
+loadmodule "modules/chanserv/set_mlock";
+loadmodule "modules/chanserv/set_prefix";
+#loadmodule "modules/chanserv/set_private";
+loadmodule "modules/chanserv/set_property";
+#loadmodule "modules/chanserv/set_pubacl";
+loadmodule "modules/chanserv/set_restricted";
+loadmodule "modules/chanserv/set_secure";
+loadmodule "modules/chanserv/set_topiclock";
+loadmodule "modules/chanserv/set_url";
+loadmodule "modules/chanserv/set_verbose";
+loadmodule "modules/chanserv/status";
+loadmodule "modules/chanserv/sync";
+#loadmodule "modules/chanserv/successor_acl";
+loadmodule "modules/chanserv/taxonomy";
+loadmodule "modules/chanserv/template";
+loadmodule "modules/chanserv/topic";
+loadmodule "modules/chanserv/voice";
+loadmodule "modules/chanserv/why";
+#loadmodule "modules/chanserv/xop";
+loadmodule "modules/chanserv/antiflood";
+/* CHANFIX module.
+*
+* Here you can disable or enable certain features of CHANFIX, by
+* defining which modules are loaded.
+*
+* Core components                              modules/chanfix/main
+*/
+#loadmodule "modules/chanfix/main";
+/* OperServ modules.
+*
+* Here you can disable or enable certain features of OperServ, by
+* defining which modules are loaded.
+*
+* Core components                              modules/operserv/main
+* AKILL system                                 modules/operserv/akill
+* CLEARCHAN command                            modules/operserv/clearchan
+* CLONES system                                modules/operserv/clones
+* COMPARE command                              modules/operserv/compare
+* GENHASH command                              modules/operserv/genhash
+* GREPLOG command                              modules/operserv/greplog
+* HELP command                                 modules/operserv/help
+* IGNORE system                                modules/operserv/ignore
+* IDENTIFY command                             modules/operserv/identify
+* INFO command                                 modules/operserv/info
+* INJECT command                               modules/operserv/inject
+* JUPE command                                 modules/operserv/jupe
+* MODE command                                 modules/operserv/mode
+* MODINSPECT command                           modules/operserv/modinspect
+* MODLIST command                              modules/operserv/modlist
+* MODLOAD command                              modules/operserv/modload
+* MODRELOAD command                            modules/operserv/modreload
+* MODUNLOAD command                            modules/operserv/modunload
+* NOOP system                                  modules/operserv/noop
+* Regex mass akill (RAKILL command)            modules/operserv/rakill
+* RAW command                                  modules/operserv/raw
+* READONLY command                             modules/operserv/readonly
+* REHASH command                               modules/operserv/rehash
+* RESTART command                              modules/operserv/restart
+* Display regex matching (RMATCH command)      modules/operserv/rmatch
+* Most common realnames (RNC command)          modules/operserv/rnc
+* RWATCH system                                modules/operserv/rwatch
+*
+* Note that ALL of these SET commands only apply until the next rehash!
+*
+* ALL of the below SET commands (deprecated)   modules/operserv/set
+* SET AKICKTIME subcommand (temporarily)       modules/operserv/set_akicktime
+* SET CHANEXPIRE subcommand (temporarily)      modules/operserv/set_chanexpire
+* SET COMMITINTERVAL subcommand (temporarily)  modules/operserv/set_commitinterval
+* SET ENFORCEPREFIX subcommand (temporarily)   modules/operserv/set_enforceprefix
+* SET KLINETIME subcommand (temporarily)       modules/operserv/set_klinetime
+* SET MAXCHANACS subcommand (temporarily)      modules/operserv/set_maxchanacs
+* SET MAXCHANS subcommand (temporarily)        modules/operserv/set_maxchans
+* SET MAXFOUNDERS subcommand (temporarily)     modules/operserv/set_maxfounders
+* SET MAXLOGINS subcommand (temporarily)       modules/operserv/set_maxlogins
+* SET MAXNICKS subcommand (temporarily)        modules/operserv/set_maxnicks
+* SET MAXUSERS subcommand (temporarily)        modules/operserv/set_maxusers
+* SET MDLIMIT subcommand (temporarily)         modules/operserv/set_mdlimit
+* SET NICKEXPIRE subcommand (temporarily)      modules/operserv/set_nickexpire
+* SET RECONTIME subcommand (temporarily)       modules/operserv/set_recontime
+* SET SPAM subcommand (temporarily)            modules/operserv/set_spam
+*
+* SGLINE system                                modules/operserv/sgline
+* SHUTDOWN command                             modules/operserv/shutdown
+* Non-config oper privileges (SOPER command)   modules/operserv/soper
+* Oper privilege display (SPECS command)       modules/operserv/specs
+* SQLINE system                                modules/operserv/sqline
+* UPDATE command                               modules/operserv/update
+* UPTIME command                               modules/operserv/uptime
+*/
+loadmodule "modules/operserv/main";
+loadmodule "modules/operserv/akill";
+#loadmodule "modules/operserv/clearchan";
+#loadmodule "modules/operserv/clones";
+loadmodule "modules/operserv/compare";
+#loadmodule "modules/operserv/genhash";
+#loadmodule "modules/operserv/greplog";
+loadmodule "modules/operserv/help";
+loadmodule "modules/operserv/identify";
+loadmodule "modules/operserv/ignore";
+loadmodule "modules/operserv/info";
+loadmodule "modules/operserv/jupe";
+loadmodule "modules/operserv/mode";
+loadmodule "modules/operserv/modinspect";
+loadmodule "modules/operserv/modlist";
+loadmodule "modules/operserv/modload";
+loadmodule "modules/operserv/modunload";
+loadmodule "modules/operserv/modreload";
+loadmodule "modules/operserv/noop";
+#loadmodule "modules/operserv/rakill";
+loadmodule "modules/operserv/readonly";
+loadmodule "modules/operserv/rehash";
+loadmodule "modules/operserv/restart";
+loadmodule "modules/operserv/rmatch";
+loadmodule "modules/operserv/rnc";
+loadmodule "modules/operserv/rwatch";
+loadmodule "modules/operserv/set";
+loadmodule "modules/operserv/sgline";
+loadmodule "modules/operserv/shutdown";
+#loadmodule "modules/operserv/soper";
+loadmodule "modules/operserv/specs";
+#loadmodule "modules/operserv/sqline";
+loadmodule "modules/operserv/update";
+loadmodule "modules/operserv/uptime";
+/* MemoServ modules.
+*
+* Here you can disable or enable certain features of MemoServ, by
+* defining which modules are loaded. You can even disable MemoServ
+* entirely.
+*
+* Core components                              modules/memoserv/main
+* HELP command                                 modules/memoserv/help
+* SEND command                                 modules/memoserv/send
+* Channel memos (SENDOPS command)              modules/memoserv/sendops
+* Group memos (SENDGROUP command)              modules/memoserv/sendgroup
+* LIST command                                 modules/memoserv/list
+* READ command                                 modules/memoserv/read
+* FORWARD command                              modules/memoserv/forward
+* DELETE command                               modules/memoserv/delete
+* IGNORE command                               modules/memoserv/ignore
+*/
+loadmodule "modules/memoserv/main";
+loadmodule "modules/memoserv/help";
+loadmodule "modules/memoserv/send";
+loadmodule "modules/memoserv/sendops";
+loadmodule "modules/memoserv/sendgroup";
+loadmodule "modules/memoserv/list";
+loadmodule "modules/memoserv/read";
+loadmodule "modules/memoserv/forward";
+loadmodule "modules/memoserv/delete";
+loadmodule "modules/memoserv/ignore";
+/* Global module.
+*
+* Like the other services, the Global noticer is a module. You can
+* disable or enable it to your liking below. Please note that the
+* Global noticer is dependent on OperServ for full functionality.
+*/
+loadmodule "modules/global/main";
+/* InfoServ module.
+*
+* Like the other services, InfoServ is a module. You can disable or
+* enable it to your liking below.
+*/
+loadmodule "modules/infoserv/main";
+/* SASL agent module.
+*
+* Allows clients to authenticate to services via SASL with an appropriate
+* ircd. You need the core components and at least one mechanism.
+*
+* Core components                      modules/saslserv/main
+* AUTHCOOKIE mechanism (for IRIS)      modules/saslserv/authcookie
+* ECDH-X25519-CHALLENGE mechanism      modules/saslserv/ecdh-x25519-challenge
+* ECDSA-NIST256P-CHALLENGE mechanism   modules/saslserv/ecdsa-nist256p-challenge
+* EXTERNAL mechanism (IRCv3.1+)        modules/saslserv/external
+* PLAIN mechanism                      modules/saslserv/plain
+* SCRAM-SHA-* mechanisms               modules/saslserv/scram
+*
+* ECDH-X25519-CHALLENGE support requires that Atheme be compiled against a
+* cryptographic library that provides X25519 ECDH support (BoringSSL,
+* LibreSSL, ARM mbedTLS, Nettle, Sodium). This will be checked while running
+* ./configure.
+*
+* ECDSA-NIST256P-CHALLENGE support requires that Atheme be compiled against
+* an OpenSSL with ECDSA support (not RHEL etc. unless you compile your own).
+* This will be checked while running ./configure.
+*
+* You MUST read doc/SASL-SCRAM before loading modules/saslserv/scram!
+*/
+loadmodule "modules/saslserv/main";
+loadmodule "modules/saslserv/authcookie";
+#loadmodule "modules/saslserv/ecdh-x25519-challenge";
+#loadmodule "modules/saslserv/ecdsa-nist256p-challenge";
+#loadmodule "modules/saslserv/external";
+loadmodule "modules/saslserv/plain";
+#loadmodule "modules/saslserv/scram";   /* READ doc/SASL-SCRAM FIRST! */
+/* GameServ modules.
+*
+* Here you can disable or enable certain features of GameServ, by
+* defining which modules are loaded. You can even disable GameServ
+* entirely.
+*
+* Core components                              modules/gameserv/main
+* DICE/WOD commands                            modules/gameserv/dice
+* EIGHTBALL command                            modules/gameserv/eightball
+* Game-specific dice calculators               modules/gameserv/gamecalc
+* HELP commands                                modules/gameserv/help
+* LOTTERY command                              modules/gameserv/lottery
+* NAMEGEN command                              modules/gameserv/namegen
+* RPS command                                  modules/gameserv/rps
+*/
+#loadmodule "modules/gameserv/main";
+#loadmodule "modules/gameserv/dice";
+#loadmodule "modules/gameserv/eightball";
+#loadmodule "modules/gameserv/gamecalc";
+#loadmodule "modules/gameserv/help";
+#loadmodule "modules/gameserv/lottery";
+#loadmodule "modules/gameserv/namegen";
+#loadmodule "modules/gameserv/rps";
+/* RPGServ modules.
+*
+* Here you can disable or enable certain features of RPGServ, by
+* defining which modules are loaded. You can even disable RPGServ
+* entirely.
+*
+* Core components                              modules/rpgserv/main
+* ENABLE/DISABLE commands                      modules/rpgserv/enable
+* HELP command                                 modules/rpgserv/help
+* INFO command                                 modules/rpgserv/info
+* LIST command                                 modules/rpgserv/list
+* SEARCH command                               modules/rpgserv/search
+* SET commands                                 modules/rpgserv/set
+*/
+#loadmodule "modules/rpgserv/main";
+#loadmodule "modules/rpgserv/enable";
+#loadmodule "modules/rpgserv/help";
+#loadmodule "modules/rpgserv/info";
+#loadmodule "modules/rpgserv/list";
+#loadmodule "modules/rpgserv/search";
+#loadmodule "modules/rpgserv/set";
+/* BotServ modules.
+*
+* Here you can disable or enable certain features of BotServ, by
+* defining which modules are loaded. You can even disable BotServ
+* entirely.
+*
+* Core components                              modules/botserv/main
+* HELP command                                 modules/botserv/help
+* INFO command                                 modules/botserv/info
+* NPC commands (SAY, ACT)                      modules/botserv/bottalk
+* SET FANTASY command                          modules/botserv/set_fantasy
+* SET NOBOT command                            modules/botserv/set_nobot
+* SET PRIVATE command                          modules/botserv/set_private
+* SET SAYCALLER command                        modules/botserv/set_saycaller
+*/
+#loadmodule "modules/botserv/main";
+#loadmodule "modules/botserv/help";
+#loadmodule "modules/botserv/info";
+#loadmodule "modules/botserv/bottalk";
+#loadmodule "modules/botserv/set_fantasy";
+#loadmodule "modules/botserv/set_nobot";
+#loadmodule "modules/botserv/set_private";
+#loadmodule "modules/botserv/set_saycaller";
+/* HostServ modules.
+*
+* Here you can disable or enable certain features of HostServ, by
+* defining which modules are loaded. You can even disable HostServ
+* entirely.
+*
+* HostServ is a more complex, and optional virtual host management service.
+* Users wishing only to set vhosts need not use it (they can use the builtin
+* vhost management of NickServ instead).
+*
+* Core components                              modules/hostserv/main
+* HELP command                                 modules/hostserv/help
+* OFFER system                                 modules/hostserv/offer
+* ON and OFF commands                          modules/hostserv/onoff
+* REQUEST system                               modules/hostserv/request
+* VHOST and LISTVHOST commands                 modules/hostserv/vhost
+* VHOSTNICK command                            modules/hostserv/vhostnick
+* GROUP command                                modules/hostserv/group
+* DROP command                                 modules/hostserv/drop
+*/
+#loadmodule "modules/hostserv/main";
+#loadmodule "modules/hostserv/help";
+#loadmodule "modules/hostserv/onoff";
+#loadmodule "modules/hostserv/offer";
+#loadmodule "modules/hostserv/request";
+#loadmodule "modules/hostserv/vhost";
+#loadmodule "modules/hostserv/vhostnick";
+#loadmodule "modules/hostserv/group";
+#loadmodule "modules/hostserv/drop";
+/* HelpServ modules.
+* HelpServ allows users to request help from network staff in a few different ways.
+*
+* Core components                              modules/helpserv/main
+* HELPME command                               modules/helpserv/helpme
+* Help Ticket system                           modules/helpserv/ticket
+* Service List                                 modules/helpserv/services
+*
+* The ticket system works like a bugtracker ot helpdesk ticket system, HELPME
+* works like a one-time alert. You should probably only load one of the two systems.
+*/
+#loadmodule "modules/helpserv/main";
+#loadmodule "modules/helpserv/helpme";
+#loadmodule "modules/helpserv/ticket";
+#loadmodule "modules/helpserv/services";
+/* Channel listing service.
+*
+* Allows users to list channels with more flexibility than the /list
+* command.
+*
+* Core components                              modules/alis/main
+*/
+#loadmodule "modules/alis/main";
+/* StatServ module.
+* StatServ provides basic statistics and split tracking.
+*
+* Core components                              modules/statserv/main
+* CHANNEL command                              modules/statserv/channel
+* NETSPLIT command                             modules/statserv/netsplit
+* SERVER command                               modules/statserv/server
+*/
+loadmodule "modules/statserv/main";
+#loadmodule "modules/statserv/channel";
+loadmodule "modules/statserv/netsplit";
+loadmodule "modules/statserv/server";
+/* GroupServ module.
+* GroupServ allows users to create groups to easily mass-manage channel
+* access and more.
+*
+* Core components                              modules/groupserv/main
+* ACSNOLIMIT command                           modules/groupserv/acsnolimit
+* DROP command                                 modules/groupserv/drop
+* FFLAGS command                               modules/groupserv/fflags
+* FLAGS command                                modules/groupserv/flags
+* HELP command                                 modules/groupserv/help
+* INFO command                                 modules/groupserv/info
+* JOIN command                                 modules/groupserv/join
+* LIST command                                 modules/groupserv/list
+* LISTCHANS command                            modules/groupserv/listchans
+* REGISTER command                             modules/groupserv/register
+* REGNOLIMIT command                           modules/groupserv/regnolimit
+* INVITE command                               modules/groupserv/invite
+* SET command                                  modules/groupserv/set
+* SET CHANNEL command                          modules/groupserv/set_channel
+* SET DESCRIPTION command                      modules/groupserv/set_description
+* SET EMAIL command                            modules/groupserv/set_email
+* SET GROUPNAME command                        modules/groupserv/set_groupname
+* SET JOINFLAGS command                        modules/groupserv/set_joinflags
+* SET OPEN command                             modules/groupserv/set_open
+* SET PUBLIC command                           modules/groupserv/set_public
+* SET URL command                              modules/groupserv/set_url
+*
+*/
+loadmodule "modules/groupserv/main";
+loadmodule "modules/groupserv/acsnolimit";
+loadmodule "modules/groupserv/drop";
+loadmodule "modules/groupserv/fflags";
+loadmodule "modules/groupserv/flags";
+loadmodule "modules/groupserv/help";
+loadmodule "modules/groupserv/info";
+loadmodule "modules/groupserv/join";
+loadmodule "modules/groupserv/list";
+loadmodule "modules/groupserv/listchans";
+loadmodule "modules/groupserv/register";
+loadmodule "modules/groupserv/regnolimit";
+#loadmodule "modules/groupserv/invite";
+loadmodule "modules/groupserv/set";
+loadmodule "modules/groupserv/set_channel";
+loadmodule "modules/groupserv/set_description";
+loadmodule "modules/groupserv/set_email";
+loadmodule "modules/groupserv/set_groupname";
+loadmodule "modules/groupserv/set_joinflags";
+loadmodule "modules/groupserv/set_open";
+loadmodule "modules/groupserv/set_public";
+loadmodule "modules/groupserv/set_url";
+/*
+* Various modules.
+*
+* Atheme includes an optional HTTP server that can be used for integration
+* with portal software and other useful things. To enable it, load this
+* module, and uncomment the httpd { } block towards the bottom of the config.
+*
+* HTTP Server                                  modules/misc/httpd
+*/
+#loadmodule "modules/misc/httpd";
+/* XMLRPC server module.
+*
+* The XML-RPC handler requires modules/misc/httpd to be loaded as it merely
+* registers a path handler for XML-RPC. The path used for XML-RPC is /xmlrpc.
+*
+* XMLRPC handler for the httpd                 modules/transport/xmlrpc
+*/
+#loadmodule "modules/transport/xmlrpc";
+/* Extended target entity types. [EXPERIMENTAL]
+*
+* Atheme can set up special target mapping entities which match multiple
+* users in channel access entries.  These target mapping entity types are
+* defined through the 'exttarget' modules listed below.
+*
+* Exttarget handling core                      modules/exttarget/main
+* $oper exttarget match type                   modules/exttarget/oper
+* $registered exttarget match type             modules/exttarget/registered
+* $channel exttarget match type                modules/exttarget/channel
+* $chanacs exttarget match type                modules/exttarget/chanacs
+* $server exttarget match type                 modules/exttarget/server
+*/
+#loadmodule "modules/exttarget/main";
+#loadmodule "modules/exttarget/oper";
+#loadmodule "modules/exttarget/registered";
+#loadmodule "modules/exttarget/channel";
+#loadmodule "modules/exttarget/chanacs";
+#loadmodule "modules/exttarget/server";
+/* Proxyscan (DNSBL) modules.
+*
+* Atheme can also check set DNS Blacklists for matches and respond
+* as set.  Activate modules here and customize further down under Proxyscan
+* section.
+*/
+#loadmodule "modules/proxyscan/main";
+#loadmodule "modules/proxyscan/dnsbl";
+/* Other modules.
+*
+* Put any other modules you want to load on startup here. The path
+* is relative to PREFIX or PREFIX/lib/atheme, depending on how Atheme
+* was compiled.
+*/
+#loadmodule "modules/contrib/backtrace";
+/******************************************************************************
+* SERVICES RUNTIME CONFIGURATION SECTION.                                    *
+******************************************************************************/
+/*
+* This block controls the configuration options for crypto modules.
+*
+* It is recommended to either leave the values at their defaults, or
+* experiment with them so that it takes approximately 0.2-0.4 seconds
+* for users to identify. Services blocks while the password is being
+* encrypted or verified, so don't set these too large, or people can
+* hang services by trying many password attempts at once.
+*
+* A benchmark program for the Argon2, scrypt & PBKDF2 crypto code is
+* available to assist with tuning these parameters:
+*
+*     - ./configure --prefix=foo ...
+*     - make
+*     - make install
+*     - ${foo}/bin/atheme-crypto-benchmark -o
+*
+* If you wish to deploy SASL SCRAM support, please read 'doc/SASL-SCRAM' and
+* pass the '-i' flag to the included cryptographic benchmarking utility too.
+*
+* If you are using the PBKDF2 module, its performance will be significantly
+* affected by your choice of cryptographic digest library. This software can
+* currently interface with 3 libraries; in decreasing order of performance:
+*
+*     - OpenSSL (libcrypto)
+*     - GnuPG (libgcrypt)
+*     - ARM mbedTLS (libmbedcrypto)
+*
+* If you have one of these libraries available at configure-time, the PBKDF2
+* module will perform significantly better, allowing you to raise its
+* iteration count without affecting the computation time. This is indicated
+* by the output of the configure script; "Digest Frontend". The benchmark
+* program will also inform you what cryptographic digest library it is using,
+* if any.
+*
+*
+*
+* If you are migrating from crypto/argon2d (v7.2) to crypto/argon2, and you
+* wish to use the same parameters as the older module's defaults, configure
+* it like so:
+*
+*     crypto {
+*         argon2_type = "argon2d";
+*         argon2_memcost = 14;
+*         argon2_timecost = 32;
+*         argon2_threads = 1;
+*         argon2_saltlen = 32;
+*         argon2_hashlen = 64;
+*     };
+*
+*
+*
+* If you are migrating from crypto/pbkdf2 (v7.2) to crypto/pbkdf2v2, and you
+* wish to use the same parameters as the older module, configure it like so:
+*
+*     crypto {
+*         pbkdf2v2_digest = "SHA512";
+*         pbkdf2v2_rounds = 128000;
+*     };
+*
+* Note that this will still result in passwords being re-encrypted with the
+* newer module (as the older module successfully verifies them); another new
+* PBKDF2 computation with a new salt will occur, but this is still no worse
+* than an invocation of NickServ's "SET PASSWORD" command. You will still
+* need to keep the old module in your loadmodule configuration above, as the
+* new module cannot verify digests produced by the old one.
+*
+* If you wish to deploy SASL SCRAM support, please read 'doc/SASL-SCRAM'.
+* Its advice regarding parameter choice takes precedence over this!
+*/
+crypto {
+/* (*) argon2_type
+*
+* The algorithm type to use for new passwords.
+*
+* Argon2d is suitable for use on a dedicated machine that has
+* limited access. It provides the most resistance to GPU and ASIC
+* cracking attacks, but its operation is data-dependent; that is,
+* during its operation, keying material derived from the password
+* itself is indirectly affecting the execution choices made by the
+* algorithm. This creates a side-channel that can leak information
+* about the password to other software running on the same physical
+* machine.
+*
+* Argon2i avoids this by being data-independent. The order of memory
+* accesses, conditional execution, etc. does not depend on the
+* password, or any material derived from the password, so no side-
+* channel that can reveal any information about the password is
+* created. However, this means that it is easier to bruteforce by a
+* password cracker, which does not have to account for execution
+* differences in its implementation. This is the most suitable
+* choice for running on a virtual machine that is co-located with
+* other, untrusted, virtual machines, or on a dedicated machine that
+* runs other, untrusted, software, or has untrusted user access.
+*
+* Argon2id is a blend of both, limiting the exploitability of any
+* side-channels while retaining excellent resistance to GPU and ASIC
+* cracking. This is suitable for all but the most sensitive of
+* deployments.
+*
+* All algorithm types perform about equally as well as each other;
+* changing this will not significantly affect the computation time.
+*
+* The "argon2id" type requires a more recent libargon2 library. This
+* is indicated in your ./configure output ("checking if libargon2
+* algorithm type Argon2id appears to be usable...").
+*
+* Valid values are "argon2d", "argon2i", and "argon2id"
+* The default is "argon2id"; unless unsupported, then "argon2d".
+*/
+#argon2_type = "argon2id";
+/* (*) argon2_memcost
+*
+* Memory cost (as a power of 2, in KiB) to use for new passwords.
+*
+* You should set this as high as is reasonable for the machine you
+* will be running this software on. If this results in too slow a
+* computation time, reset the time cost below to its minimum value.
+* If it is still too slow, decrement this value (halving the memory
+* usage) until it is fast enough. Alternatively, if it is still too
+* fast after setting this to its highest reasonable value, raise the
+* time cost below until it is not. A benchmark program is available
+* alongside this software to aid in this process.
+*
+* WARNING: Do *NOT* set this to more than 20 (1 GiB RAM) on a 32-bit
+*          machine or a 32-bit Operating System!
+*
+* Valid values are 3 (8 KiB RAM) to 30 (1 TiB RAM) (inclusive)
+* The default is 16 (64 MiB RAM)
+*/
+#argon2_memcost = 16;
+/* (*) argon2_timecost
+*
+* Time cost (iterations over the memory pool).
+*
+* Valid values are 3 to 1,048,576 (inclusive)
+* The default is 3
+*/
+#argon2_timecost = 3;
+/* (*) argon2_threads
+*
+* Number of processor threads to use for new passwords.
+*
+* If you want to increase the amount of computation effort required,
+* while not increasing the real ("wall clock") time required, raise
+* this setting to its maximum reasonable value for the machine you
+* will be running this software on.
+*
+* This software is not multi-threaded, so only one password will be
+* verified at a time. Therefore, you do NOT need to divide this by
+* the expected maximum number of simultaneous logins.
+*
+* It is pointless to set this higher than the number of hardware
+* processing threads you have; increase the time cost above instead
+* if you want to make it arbitrarily slower. Diminishing returns are
+* to be expected once you exceed the number of hardware processing
+* /cores/ you have; hyperthreading does NOT provide much (if any) of
+* a boost for this workload.
+*
+* Increasing this value will *decrease* the real time required, so
+* you may have to subsequently increase the time cost above again to
+* make it "just slow enough" once more. A benchmark program is
+* available alongside this software to aid in this process.
+*
+* WARNING: The (size of the) memory pool configured above is split
+* between the threads, which can result in too small a memory area
+* per-thread if many threads are used. If you set this value, it is
+* HIGHLY RECOMMENDED that you run the included benchmarking program
+* with the same configuration options, to confirm that it works!
+*
+* WARNING: This feature is experimental. Some of the code in this
+* software is not thread-safe, and although every effort has been
+* made to ensure that this feature will not interfere with the
+* operation of this software, this cannot be guaranteed.
+*
+* Valid values are 1 to 255 (inclusive)
+* The default is 1 (do not use any computation parallelism)
+*/
+#argon2_threads = 1;
+/* (*) argon2_saltlen
+*
+* Salt length (in bytes) to use for new passwords. You should only
+* change this if absolutely necessary; for example, to interoperate
+* with other software. Its value doesn't significantly affect the
+* computation time.
+*
+* Valid values are 4 to 48 (inclusive)
+* The default is 16
+*/
+#argon2_saltlen = 16;
+/* (*) argon2_hashlen
+*
+* Digest length (in bytes) to use for new passwords. You should only
+* change this if absolutely necessary; for example, to interoperate
+* with other software. Its value doesn't significantly affect the
+* computation time.
+*
+* Valid values are 16 to 128 (inclusive)
+* The default is 64
+*/
+#argon2_hashlen = 64;
+/* (*) scrypt_memlimit
+*
+* Memory limit (as a power of 2, in KiB) to use for new passwords.
+*
+* You should set this as high as is reasonable for the machine you
+* will be running this software on. If this results in too slow a
+* computation time, reset the opslimit below to its default value.
+* If it is still too slow, decrement this value (halving the memory
+* usage) until it is fast enough. Alternatively, if it is still too
+* fast after setting this to its highest reasonable value, raise the
+* opslimit below until it is not. A benchmark program is available
+* alongside this software to aid in this process.
+*
+* WARNING: Do *NOT* set this to more than 20 (1 GiB RAM) on a 32-bit
+*          machine or a 32-bit Operating System!
+*
+* Valid values are 14 (16 MiB RAM) to 26 (64 GiB RAM) (inclusive)
+* The default is 14 (16 MiB RAM)
+*/
+#scrypt_memlimit = 14;
+/* (*) scrypt_opslimit
+*
+* Amount of computation to perform for new passwords.
+*
+* The default value for this option is based on the default value of
+* the above option. The recommended value is (memlimit_bytes / 32).
+*
+* Valid values are 32,768 to 4,294,967,295 (inclusive)
+* The default is 524,288
+*/
+#scrypt_opslimit = 524288;
+/* (*) pbkdf2v2_digest
+*
+* Cryptographic digest algorithm to use (in HMAC mode).
+*
+* Valid values are "SHA1", "SHA2-256", and "SHA2-512".
+* Additionally, the following aliases exist, for compatibility:
+*
+*   "SHA-1"   -> SHA1
+*   "SHA256"  -> SHA2-256
+*   "SHA512"  -> SHA2-512
+*   "SHA-256" -> SHA2-256
+*   "SHA-512" -> SHA2-512
+*
+* Finally, you can prefix this value with "SCRAM-" to enable the
+* computation and storage of an RFC5802/SCRAM ServerKey & StoredKey,
+* instead of a raw PBKDF2 digest (SaltedPassword). Verification of
+* plaintext passwords against these digests can still be performed
+* (for e.g. NickServ IDENTIFY or SASL PLAIN), by computing a new
+* SCRAM ServerKey from the provided password and comparing it to the
+* stored ServerKey, so setting this to a SCRAM mode does NOT prevent
+* non-SCRAM logins. For these variants, please read doc/SASL-SCRAM.
+*
+* The default is "SHA2-512"
+*/
+#pbkdf2v2_digest = "SHA2-512";
+/* (*) pbkdf2v2_rounds
+*
+* This is the PBKDF2 "iteration count". You should raise this as high
+* as is reasonable for the machine you will be running services on.
+* However, note that if you are going to deploy SASL SCRAM support,
+* the *client*, NOT services, performs the PBKDF2 calculation during
+* login, so keep in mind that many mobile clients will not perform as
+* well as a server, and reduce the iteration count accordingly. Also,
+* some clients will refuse to perform a login at all if this is set
+* too high. A benchmark program is included alongside this software to
+* aid in tuning this parameter.
+*
+* Valid values are 10,000 to 5,000,000 (inclusive)
+* The default is 64,000
+*/
+#pbkdf2v2_rounds = 64000;
+/* (*) pbkdf2v2_saltlen
+* You should only change this if you *really* know what you're doing
+* Valid values are 8 to 64 (inclusive)
+* The default is 32
+*/
+#pbkdf2v2_saltlen = 32;
+/* (*) bcrypt_cost
+*
+* Amount of rounds to perform for new passwords (as a power of 2).
+* You should raise this as high as is reasonable. A benchmark
+* program is available alongside this software to aid in this
+* process.
+*
+* Valid values are 4 to 31 (inclusive)
+* The default is 7
+*/
+#bcrypt_cost = 7;
+/* (*) crypt3_sha2_256_rounds
+* (*) crypt3_sha2_512_rounds
+*
+* Use of this option is restricted to certain C libraries!
+* At present, only GNU libc6 ("glibc") v2.7+ is known to work.
+*
+* Valid values are 5,000 to 1,000,000 (inclusive)
+* The default is 5,000
+*/
+#crypt3_sha2_256_rounds = 5000;
+#crypt3_sha2_512_rounds = 5000;
+};
+/* The serverinfo{} block defines how we appear on the IRC network. */
+serverinfo {
+/* name
+* The server name that this program uses on the IRC network.
+* This is the name you'll have to use in C:/N:Lines. It must be
+* unique on the IRC network and contain at least one dot, but does
+* not have to be equal to any DNS name.
+*/
+name = "{{atheme_server_host}}";
+/* desc
+* The ``server comment'' we send to the IRC network.
+*/
+desc = "Atheme IRC Services";
+/* numeric
+* Some protocol drivers (Charybdis, Ratbox2, P10, IRCNet)
+* require a server id, also known as a numeric. Please consult your
+* ircd's documentation when providing this value.
+*/
+numeric = "00A";
+/* (*)recontime
+* The number of seconds before we reconnect to the uplink.
+*/
+recontime = 10;
+/* (*)netname
+* The name of your network.
+*/
+netname = "{{atheme_server_host}}";
+/* (*)hidehostsuffix
+* P10 +x host hiding gives <account>.<hidehostsuffix>.
+* If using +x on asuka, this must agree
+* with F:HIDDEN_HOST.
+*/
+hidehostsuffix = "users.misconfigured";
+/* (*)adminname
+* The name of the person running this service.
+*/
+adminname = "{{atheme_admin_name}}";
+/* (*)adminemail
+* The email address of the person running this service.
+*/
+adminemail = "{{atheme_admin_email}}";
+/* (*)registeremail
+* The email address that messages should be originated from.
+* If this is not set, then "noreply.$adminemail" will be used.
+*/
+registeremail = "{{atheme_admin_email}}";
+/* (*)hidden
+* If this is enabled, Atheme will indicate to the uplink IRCd
+* that it should not be included in /links output.  This only works
+* on the following IRCds at present: charybdis, ircd-seven, ratbox.
+*/
+#hidden;
+/* (*)mta
+* The full path to your mail transfer agent.
+* This is used for email authorization and password retrieval.
+* Comment this out to disable sending email.
+* Warning: sending email can disclose the IP of your services
+* unless you take precautions (not discussed here further).
+*/
+mta = "/usr/sbin/sendmail";
+/* (*)loglevel
+* Specify the default categories of logging information to record
+* in the master Atheme logfile, usually var/atheme.log.
+*
+* Options include:
+*      debug, all      - meta-keyword for all possible categories
+*      trace           - meta-keyword for a little bit of info
+*      misc            - like trace, but with some more miscellaneous info
+*      notice          - meta-keyword for notice-like information
+* ------------------------------------------------------------------------------
+*      error           - critical errors
+*      info            - miscillaneous log notices
+*      verbose         - A bit more verbose than info, not quite as spammy as debug
+*      commands        - all command use
+*      admin           - administrative command use
+*      register        - account and channel registrations
+*      set             - changes of account or channel settings
+*      request         - user requests (currently only vhosts)
+*      network         - log notices related to network status
+*      rawdata         - log raw data sent and received by services
+*      wallops         - <not yet used>
+*/
+loglevel = { error; info; admin; network; wallops; };
+/* (*)maxlogins
+* What is the maximum number of sessions allowed to login to one
+* username? This reduces potential abuse. It is only checked on login.
+*/
+maxlogins = 5;
+/* (*)maxusers
+* What are the maximum usernames that one email address can register?
+* Set to 0 to disable this check (it can be slow currently).
+*/
+maxusers = 5;
+/* (*)mdlimit
+* How many metadata entries can be added to an object?
+*/
+mdlimit = 30;
+/* (*)emaillimit, emailtime
+* The maximum number of emails allowed to be sent in
+* that amount of time (seconds). If this is exceeded,
+* wallops will be sent, at most one per minute.
+*/
+emaillimit = 10;
+emailtime = 300;
+/* (*)auth
+* What type of username registration authorization do you want?
+* If "email", Atheme will send a confirmation email to the address to
+* ensure it's valid. If registration is not completed within one day,
+* the username will expire. If "none", no message will be sent and
+* the username will be fully registered.
+* Valid values are: email, none.
+*/
+auth = none;
+/* casemapping
+* Specify the casemapping to use. Almost all TSora (and any that follow
+* the RFC correctly) ircds will use rfc1459 casemapping. Bahamut, Unreal,
+* and other ``Dalnet'' ircds will use ascii casemapping.
+* Valid values are: rfc1459, ascii.
+*/
+casemapping = rfc1459;
+};
+/* uplink{} blocks define connections to IRC servers.
+* Multiple may be defined but only one will be used at a time (IRC
+* being a tree shaped network). Atheme does not currently link over SSL.
+* To link Atheme over ssl, please connect Atheme to a local ircd and have that
+* connect to your network over SSL.
+*/
+uplink "{{atheme_upstream_server}}" {
+// The server name of the ircd you're linking to goes above.
+// host
+// The hostname to connect to.
+host = "127.0.0.1";
+// vhost
+// The source IP to connect from, used on machines with multiple interfaces.
+#vhost = "192.0.2.5";
+// send_password
+// The password sent for linking.
+send_password = "{{atheme_server_pass}}";
+// receive_password
+// The password received for linking.
+receive_password = "{{atheme_server_pass}}";
+// port
+// The port to connect to.
+port = 6667;
+};
+/* this is an example for using an IPv6 address as an uplink */
+/* uplink "irc6.example.net" {
+host = "::1";
+// password
+// If you want to have same send_password and accept_password, you
+// can specify both using 'password' instead of individually.
+password = "linkage";
+port = 6667;
+};
+*/
+/* Services configuration.
+*
+* Each of these blocks can contain a nick, user, host, real and aliases.
+* Several of them also have options specific to the service.
+*/
+/* NickServ configuration.
+*
+* The nickserv {} block contains settings specific to the NickServ modules.
+*
+* NickServ provides nickname or username registration and authentication
+* services. It provides necessary authentication features required for
+* Services to operate correctly. You should make sure these settings
+* are properly configured for your network.
+*/
+nickserv {
+/* (*)spam
+* Have NickServ tell people about how great it and ChanServ are.
+*/
+spam;
+/* no_nick_ownership
+* Enable this to disable nickname ownership (old userserv{}).
+* This changes changes "nickname" to "account" in most messages,
+* disables GHOST on users not logged in to the same account and
+* makes the spam directive ineffective.
+* It is suggested that the nick be set to UserServ, login.so
+* be loaded instead of identify.so and ghost.so not be loaded.
+*/
+#no_nick_ownership;
+/* (*)nick
+* The nickname we want NickServ to have.
+*/
+nick = "NickServ";
+/* (*)user
+* The username we want NickServ to have.
+*/
+user = "NickServ";
+/* (*)host
+* The hostname we want NickServ to have.
+*/
+host = "{{atheme_server_host}}";
+/* (*)real
+* The realname (gecos) information we want NickServ to have.
+*/
+real = "Nickname Services";
+/* (*)aliases
+* Command aliases for NickServ.
+*/
+aliases {
+"ID" = "IDENTIFY";
+"MYACCESS" = "LISTCHANS";
+};
+/* (*)access
+* This block allows you to modify the access level required to run
+* commands. The list of possible accesses are listed in the operclass
+* section later in this .conf . Note that you can only set the access
+* on an actual command, not an alias.
+*/
+access {
+};
+/* (*)maxnicks
+* If GROUP is loaded, what are the maximum nicknames that one
+* username can register?
+*/
+maxnicks = 5;
+/* (*)expire
+* The number of days before inactive registrations are expired.
+*/
+expire = 30;
+/* (*)enforce_expire
+* The number of days of no use after which to ignore enforcement
+* settings on nicks.
+*/
+#enforce_expire = 14;
+/* (*)enforce_delay
+* The number of seconds to delay nickchange enforcement settings
+* on nicks.
+*/
+#enforce_delay = 30;
+/* (*)enforce_prefix
+* The prefix to use when changing the user's nick on enforcement
+*/
+#enforce_prefix = "Guest";
+/* (*)waitreg_time
+* The amount of time (in seconds) users have to wait between
+* connecting to the network, and being able to register a services
+* account. Minimum value 0 (disables the enforced delay), default
+* value 0, maximum value 43200 (12 hours). Requires the
+* "modules/nickserv/waitreg" module to be loaded to do anything.
+*/
+#waitreg_time = 0;
+/* (*)cracklib_dict
+* The location and filename prefix of the cracklib dictionaries
+* for use with nickserv/pwquality. This must be provided if you are
+* going to be using nickserv/pwquality with cracklib support enabled.
+*/
+#cracklib_dict = "/var/cache/cracklib/cracklib_dict";
+/* (*)passwdqc_*
+* Please see the passwdqc.conf(5) documentation for an explanation
+* of these values. Affects modules/nickserv/pwquality if passwdqc
+* support is enabled. Default values given below.
+*/
+#passwdqc_max = 288;     /* (8 <= value <= 288) */
+#passwdqc_min_n0 = 20;   /* (0 <= value <= passwdqc_max) */
+#passwdqc_min_n1 = 16;   /* (0 <= value <= passwdqc_min_n0) */
+#passwdqc_min_n2 = 16;   /* (0 <= value <= passwdqc_min_n1) */
+#passwdqc_min_n3 = 12;   /* (0 <= value <= passwdqc_min_n2) */
+#passwdqc_min_n4 = 8;    /* (0 <= value <= passwdqc_min_n3) */
+#passwdqc_words = 4;     /* (2 <= value <= 8) */
+/* (*)pwquality_warn_only
+* If this option is set and nickserv/pwquality is loaded, nickserv will just
+* warn users that their password is insecure, recommend they change it and
+* still register the nick. If this option is unset, it will refuse to
+* register the nick at all until the user chooses a better password.
+*/
+#pwquality_warn_only;
+/* (*)show_custom_metadata
+* Setting this option to false will prevent user-set metadata (via SET PROPERTY)
+* from showing up in the INFO output. The TAXONOMY command will still function
+* as usual, and INFO will point this out if users have metadata set.
+*/
+show_custom_metadata;
+/* (*)emailexempts
+* A list of email addresses that will be exempt from the check of how many
+* accounts one user may have. Any email address in this block may register
+* an unlimited number of accounts/usernames.
+*/
+emailexempts {
+};
+/*
+* (*)shorthelp
+*
+* A list of commands that are displayed (with their full description) in the
+* output of `/msg NickServ HELP'. Commands not in this list will be listed, but
+* not with their descriptions. All commands with descriptions are still listed
+* in `/msg NickServ HELP COMMANDS' regardless of the value set here.
+*
+* Optional; defaults to "ACCESS CERT DROP GHOST GROUP IDENTIFY INFO LISTCHANS
+* LISTGROUPS LISTLOGINS LISTOWNMAIL LOGOUT REGAIN REGISTER RELEASE SENDPASS SET
+* UNGROUP".
+*
+* A command in this list will only be printed if the corresponding module is
+* loaded and the user has permission to use it. Set to an empty string to
+* disable listing command descriptions in `/msg NickServ HELP'.
+*/
+#shorthelp = "";
+};
+/* ChanServ configuration.
+*
+* The chanserv {} block contains settings specific to the ChanServ modules.
+*
+* ChanServ provides channel registration services, which allows users to own
+* channels. It is not required, but is strongly recommended.
+*/
+chanserv {
+/* (*)nick
+* The nickname we want the client to have.
+*/
+nick = "ChanServ";
+/* (*)user
+* The username we want the client to have.
+*/
+user = "ChanServ";
+/* (*)host
+* The hostname we want the client to have.
+*/
+host = "{{atheme_server_host}}";
+/* (*)real
+* The GECOS of the client.
+*/
+real = "Channel Services";
+/* reggroup
+* The group that will receive Memos about
+* channel Registration requests when
+* chanserv/moderate is loaded.
+*/
+#reggroup = "!Services-Team";
+/* (*)aliases
+* Command aliases for ChanServ.
+*/
+aliases {
+};
+/* (*)access
+* Command access changes for ChanServ.
+*/
+access {
+};
+/* (*)maxchans
+* What are the maximum channels that one username can register?
+*/
+maxchans = 5;
+/* fantasy
+* Do you want to enable fantasy commands? This can
+* use a lot of CPU up, and will only work if you have
+* join_chans (in general) enabled as well.
+*/
+fantasy;
+/* (*) hide_xop
+* Hide the XOP templates from sight.  This is useful if you
+* want to use templates and not have the XOP templates displayed.
+*/
+#hide_xop;
+/* (*) templates
+* Defines what flags the global templates comprise.
+*
+* For the special XOP templates:
+* These should all be different and not equal to the empty set,
+* except that hop may be equal to vop to disable hop.
+* Each subsequent level should have more flags (except +VHO).
+* For optimal functioning of /cs forcexop, aop should not have
+* any of +sRf, hop should not have any of +sRfoOr and vop should
+* not have any of +sRfoOrhHt.
+* If this is not specified, the values of Atheme 0.3 are used,
+* which are generally less intuitive than these.
+* Note: changing these leaves the flags of existing channel access
+* entries unchanged, thus removing them of the view of /cs xop list.
+* Usually the channel founder can use /cs forcexop to update the
+* entries to the new levels.
+*
+* Advice:
+* If you want to add a co-founder role, remove the flags permission
+* from the SOP role, and define a co-founder role with flags
+* permissions.
+*/
+templates {
+vop = "+AV";
+hop = "+AHehitrv";
+aop = "+AOehiortv";
+sop = "+AOaefhiorstv";
+founder = "+AFORaefhioqrstv";
+/* some examples (which are commented out...) */
+#member = "+Ai";
+#op = "+AOiortv";
+};
+/* (*) deftemplates
+* Defines default templates to set on new channels, as a
+* space-separated list of name=+flags pairs.
+* Note: at this time no syntax checking is done on this; it
+* is your own responsibility to make sure it is correct.
+*/
+#deftemplates = "MEMBER=+Ai OP=+AOiortv";
+/* (*) changets
+* Change the channel TS to the registration time when someone
+* recreates a registered channel, ensuring that they are deopped
+* and all their modes are undone. Note that this involves ChanServ
+* joining. When the channel was not recreated no deops will be done
+* (apart from the SECURE option).
+* This also solves the "join-mode" problem where someone recreates
+* a registered channel and then sets some modes before they are
+* deopped.
+* This is currently supported for charybdis, ratbox, bahamut,
+* and inspircd 1.1+. For charybdis and ratbox it only fully
+* works with TS6, with TS5 bans and last-moment modes will
+* still apply.
+* (That can also be used to advantage, when first enabling this.)
+*/
+#changets;
+/* (*) trigger
+* This setting allows you to change the trigger prefix for
+* ChanServ's in-channel command feature (disableable via chanserv::fantasy).
+* If no setting is provided, the default is used, which is "!".
+*
+* Other settings you could consider trying: ".", "~", "?", "`", "'".
+*/
+trigger = "!";
+/* (*)expire
+* The number of days before inactive registrations are expired.
+*/
+expire = 30;
+/* (*)maxchanacs
+* The maximum number of entries allowed in a channel's access list
+* (both channel ops and akicks), 0 for unlimited.
+*/
+maxchanacs = 0;
+/* (*)maxfounders
+* The maximum number of founders allowed in a channel.
+* Note that all founders have the exact same privileges and
+* the list of founders is shown in various places.
+*/
+maxfounders = 4;
+/* (*)founder_flags
+* The flags a user will get when they register a new channel.
+* This MUST include at least 'F' or it will be ignored.
+* If it is not set, Atheme will give the user all channel flags.
+*/
+#founder_flags = "AFORefiorstv";
+/* (*)akick_time
+* The default expiration time (in minutes) for AKICKs.
+* Comment this option out or set to zero for permanent AKICKs
+* by default (the old behaviour).
+*/
+#akick_time = 10;
+/* (*)antiflood_enforce_method
+* The enforcement method to use for flood protection by default.
+* This may be overridden by channel staff.
+* Available options are: quiet, kickban and akill.
+*/
+antiflood_enforce_method = quiet;
+/* (*)show_custom_metadata
+* Setting this option to false will prevent user-set metadata (via SET PROPERTY)
+* from showing up in the INFO output. The TAXONOMY command will still function
+* as usual, and INFO will point this out if channels have metadata set.
+*/
+show_custom_metadata;
+/*
+* (*)shorthelp
+*
+* A list of commands that are displayed (with their full description) in the
+* output of `/msg ChanServ HELP'. Commands not in this list will be listed, but
+* not with their descriptions. All commands with descriptions are still listed
+* in `/msg ChanServ HELP COMMANDS' regardless of the value set here.
+*
+* Optional; defaults to "AKICK BAN CLEAR DEOP DEVOICE DROP FLAGS GETKEY INFO
+* INVITE KICK KICKBAN OP QUIET REGISTER SET TOPIC UNBAN UNQUIET VOICE WHY".
+*
+* A command in this list will only be printed if the corresponding module is
+* loaded and the user has permission to use it. Set to an empty string to
+* disable listing command descriptions in `/msg ChanServ HELP'.
+*/
+#shorthelp = "";
+};
+/* CHANFIX configuration.
+*
+* The chanfix {} block contains settings specific to the CHANFIX modules.
+*
+* CHANFIX provides channel recovery services without registration, which
+* allows users to maintain control of channels even if ChanServ is not used
+* to register them.
+*/
+chanfix {
+/* (*)nick
+* The nickname we want the client to have.
+*/
+nick = "ChanFix";
+/* (*)user
+* The username we want the client to have.
+*/
+user = "ChanFix";
+/* (*)host
+* The hostname we want the client to have.
+*/
+host = "{{atheme_server_host}}";
+/* (*)real
+* The GECOS of the client.
+*/
+real = "Channel Fixing Service";
+/* (*)autofix
+* Automatically fix channels if they become opless and meet fixing
+* criteria.
+*/
+autofix;
+};
+/* Global noticing configuration.
+*
+* The global {} block contains settings specific to the Global notice module.
+*
+* The Global notice module provides the ability to mass-notify a network.
+*/
+global {
+/* (*)nick
+* Sets the nick used for sending out a global notice.
+*/
+nick = "Global";
+/* (*)user
+* Sets the username used for this client.
+*/
+user = "Global";
+/* (*)host
+* The hostname used for this client.
+*/
+host = "{{atheme_server_host}}";
+/* (*)real
+* The GECOS (real name) of the client.
+*/
+real = "Network Announcements";
+};
+/* InfoServ configuration
+*
+* The infoserv {} block contains settings specific to the InfoServ module.
+*
+* The InfoServ modules provides the ability to mass-notify a network and send
+* news to users when they connect to the network.
+*/
+infoserv {
+/* (*)nick
+* Sets the nick used for InfoServ and sending out informational messages.
+*/
+nick = "InfoServ";
+/* (*)user
+* Sets the username used for this client.
+*/
+user = "InfoServ";
+/* (*)host
+* The hostname used for this client,
+*/
+host = "{{atheme_server_host}}";
+/* (*)real
+* The GECOS (real name) of the client.
+*/
+real = "Information Service";
+/* (*)logoninfo_count
+* The number of InfoServ messages a user will see upon connect.
+* If there are more than this number, the user will be able to
+* see the rest with /msg infoserv list .
+*/
+logoninfo_count = 3;
+};
+/* OperServ configuration.
+*
+* The operserv {} block contains settings specific to the OperServ modules.
+*
+* OperServ provides essential network management tools for IRC operators
+* on the IRC network.
+*/
+operserv {
+/* (*)nick
+* The nickname we want the Operator Service to have.
+*/
+nick = "OperServ";
+/* (*)user
+* Sets the username used for this client.
+*/
+user = "OperServ";
+/* (*)host
+* The hostname used for this client.
+*/
+host = "{{atheme_server_host}}";
+/* (*)real
+* The GECOS (real name) of the client.
+*/
+real = "Operator Services";
+/* (*)aliases
+* Command aliases for OperServ.
+*/
+aliases {
+};
+/* (*)access
+* Command access changes for OperServ.
+*/
+access {
+};
+};
+/* SaslServ configuration.
+*
+* The saslserv {} block contains settings specific to the SaslServ modules.
+*
+* SaslServ provides an authentication agent which is compatible with the
+* SASL over IRC (SASL/IRC) protocol extension.
+*/
+saslserv {
+/* (*)nick
+* The nickname we want SaslServ to have.
+*/
+nick = "SaslServ";
+/* (*)user
+* The username we want SaslServ to have.
+*/
+user = "SaslServ";
+/* (*)host
+* The hostname we want SaslServ to have.
+*/
+host = "{{atheme_server_host}}";
+/* (*)real
+* The realname (gecos) information we want SaslServ to have.
+*/
+real = "SASL Authentication Agent";
+/* (*)hide_server_names
+* Hide server names in the bad_password message.
+*/
+#hide_server_names;
+};
+/* MemoServ configuration.
+*
+* The memoserv {} block contains settings specific to the MemoServ modules.
+*
+* MemoServ provides a note-taking service that you can use to send notes
+* to offline users (provided they are registered with Services).
+*/
+memoserv {
+/* (*)nick
+* The nickname we want MemoServ to have.
+*/
+nick = "MemoServ";
+/* (*)user
+* The username we want MemoServ to have.
+*/
+user = "MemoServ";
+/* (*)host
+* The hostname we want MemoServ to have.
+*/
+host = "{{atheme_server_host}}";
+/* (*)real
+* The realname (gecos) information we want MemoServ to have.
+*/
+real = "Memo Services";
+/* (*)aliases
+* Command aliases for MemoServ.
+*/
+aliases {
+};
+/* (*)access
+* Command access changes for MemoServ.
+*/
+access {
+};
+/* (*)maxmemos
+* What is the maximum amount of memos a user can have in their inbox?
+*/
+maxmemos = 30;
+};
+/* GameServ configuration.
+*
+* The gameserv {} block contains settings specific to the GameServ modules.
+*
+* GameServ provides various in-channel commands for games.
+*/
+gameserv {
+/* (*)nick
+* The nickname we want GameServ to have.
+*/
+nick = "GameServ";
+/* (*)user
+* Sets the username used for this client.
+*/
+user = "GameServ";
+/* (*)host
+* The hostname used for this client.
+*/
+host = "{{atheme_server_host}}";
+/* (*)real
+* The GECOS (real name) of the client.
+*/
+real = "Game Services";
+/* (*)aliases
+* Command aliases for GameServ.
+*/
+aliases {
+};
+/* (*)access
+* Command access changes for GameServ.
+*/
+access {
+};
+};
+/* RPGServ configuration.
+*
+* The rpgserv {} block contains settings specific to the RPGServ modules.
+*
+* RPGServ provides a facility for finding roleplaying channels.
+*/
+rpgserv {
+/* (*)nick
+* The nickname we want RPGServ to have.
+*/
+nick = "RPGServ";
+/* (*)user
+* Sets the username used for this client.
+*/
+user = "RPGServ";
+/* (*)host
+* The hostname used for this client.
+*/
+host = "{{atheme_server_host}}";
+/* (*)real
+* The GECOS (real name) of the client.
+*/
+real = "RPG Finding Services";
+/* (*)aliases
+* Command aliases for RPGServ.
+*/
+aliases {
+};
+/* (*)access
+* Command access changes for RPGServ.
+*/
+access {
+};
+};
+/* BotServ configuration.
+*
+* The botserv {} block contains settings specific to the BotServ modules.
+*
+* BotServ provides virtual channel bots.
+*/
+botserv {
+/* (*)nick
+* The nickname we want BotServ to have.
+*/
+nick = "BotServ";
+/* (*)user
+* Sets the username used for this client.
+*/
+user = "BotServ";
+/* (*)host
+* The hostname used for this client.
+*/
+host = "{{atheme_server_host}}";
+/* (*)real
+* The GECOS (real name) of the client.
+*/
+real = "Bot Services";
+/* (*)min_users
+* Minimum number of users a channel must have before a Bot is allowed
+* to be assigned to that channel.
+*/
+min_users = 0;
+};
+/* GroupServ configuration.
+*
+* The groupserv {} block contains settings specific to the GroupServ modules.
+*
+* GroupServ provides features for managing a collection of channels at once.
+*
+*/
+groupserv {
+/* (*)nick
+* The nickname we want GroupServ to have.
+*/
+nick = "GroupServ";
+/* (*)user
+* The username we want GroupServ to have.
+*/
+user = "GroupServ";
+/* (*)host
+* The hostname we want GroupServ to have.
+*/
+host = "{{atheme_server_host}}";
+/* (*)real
+* The realname (gecos) information we want GroupServ to have.
+*/
+real = "Group Management Services";
+/* (*)aliases
+* Command aliases for GroupServ.
+*/
+aliases {
+};
+/* (*)access
+* Command access changes for GroupServ.
+*/
+access {
+};
+/* (*)maxgroups
+* Maximum number of groups one username can be founder of.
+*/
+maxgroups = 5;
+/* (*)maxgroupacs
+* Maximum number of access entries you may have in a group.
+*/
+maxgroupacs = 100;
+/* (*)enable_open_groups
+* Setting this option will allow any group founder to mark
+* their group as "anyone can join".
+*/
+enable_open_groups;
+/* (*)join_flags
+* This is the GroupServ flagset that users who JOIN a open
+* group will get upon join. Please check the groupserv/flags
+* helpfile before changing this option. Valid flagsets (for
+* example) would be: "+v" or "+cv". It is not valid to use
+* minus flags (such as "-v") here.
+*/
+join_flags = "+";
+};
+/* HostServ configuration.
+*
+* The hostserv {} block contains settings specific to the HostServ modules.
+*
+* HostServ provides advanced virtual host management.
+*/
+hostserv {
+/* (*)nick
+* The nickname we want HostServ to have.
+*/
+nick = "HostServ";
+/* (*)user
+* Sets the username used for this client.
+*/
+user = "HostServ";
+/* (*)host
+* The hostname used for this client.
+*/
+host = "{{atheme_server_host}}";
+/* (*)real
+* The GECOS (real name) of the client.
+*/
+real = "Host Management Services";
+/* reggroup
+* The group that will receive Memos about
+* vHost requests.
+*/
+#reggroup = "!Services-Team";
+/* (*)request_per_nick
+* Whether the request system should work per nick or per account.
+* The recommended setting is to leave this disabled, so that
+* vhosts work as consistently as possible.
+*/
+#request_per_nick;
+/* (*)aliases
+* Command aliases for HostServ.
+*/
+aliases {
+"APPROVE" = "ACTIVATE";
+"DENY" = "REJECT";
+};
+/* (*)access
+* Command access changes for HostServ.
+*/
+access {
+};
+};
+/* HelpServ configuration
+*
+* The helpserv {} block contains settings specific to the HelpServ modules.
+*
+* HelpServ adds a few different ways for users to request help from network staff.
+*/
+helpserv {
+/* (*)nick
+* The nickname we want HelpServ to have.
+*/
+nick = "HelpServ";
+/* (*)user
+* The username we want HelpServ to have.
+*/
+user = "HelpServ";
+/* (*)host
+* The hostname we want HelpServ to have.
+*/
+host = "{{atheme_server_host}}";
+/* (*)real
+* The realname (gecos) information we want HelpServ to have.
+*/
+real = "Help Services";
+};
+/* StatServ configuration
+*
+* The statserv {} block contains settings specific to the StatServ modules.
+*
+* StatServ adds basic stats and split tracking.
+*/
+statserv {
+/* (*)nick
+* The nickname we want StatServ to have.
+*/
+nick = "StatServ";
+/* (*)user
+* The username we want StatServ to have.
+*/
+user = "StatServ";
+/* (*)host
+* The hostname we want StatServ to have.
+*/
+host = "{{atheme_server_host}}";
+/* (*)real
+* The realname (gecos) information we want StatServ to have.
+*/
+real = "Statistics Services";
+};
+/* ALIS configuration.
+*
+* The alis {} block contains settings specific to the ALIS modules.
+*/
+alis {
+/* (*)nick
+* The nickname we want ALIS to have.
+*/
+nick = "ALIS";
+/* (*)user
+* The username we want ALIS to have.
+*/
+user = "alis";
+/* (*)host
+* The hostname we want ALIS to have.
+*/
+host = "{{atheme_server_host}}";
+/* (*)real
+* The realname (gecos) information we want ALIS to have.
+*/
+real = "Channel Directory";
+/* (*)maxmatches
+* The default maximum number of channels returned in a query.
+* Privilege (chan:auspex) is required to ask for more.
+* Minimum 8, default 64, maximum 128.
+*/
+#maxmatches = 64;
+};
+/* HTTP server configuration.
+*
+* The httpd {} block contains settings specific to the HTTP server module.
+*
+* The HTTP server in Services is used for serving XMLRPC requests. It can
+* also serve static documents and statistics pages.
+*/
+httpd {
+/* host
+* The host that the HTTP server will listen on.
+* Use 0.0.0.0 if you want to listen on all available hosts.
+*/
+host = "0.0.0.0";
+/* host (ipv6)
+* If you want, you can have Atheme listen on an IPv6 host too.
+* Use :: if you want to listen on all available IPv6 hosts.
+*/
+#host = "::";
+/* www_root
+* The directory that contains the files that should be served by the httpd.
+*/
+www_root = "/var/www";
+/* port
+* The port that the HTTP server will listen on.
+*/
+port = 8080;
+};
+/* LDAP configuration.
+*
+* The ldap {} block contains settings specific to the LDAP authentication
+* module.
+*/
+ldap {
+/* (*)url
+* LDAP URL of the server to use.
+*/
+url = "ldap://127.0.0.1";
+/* (*)dnformat
+* Format string to convert an account name to an LDAP DN.
+* Must contain exactly one %s which will be replaced by the account
+* name.
+* Services will attempt a simple bind with this DN and the given
+* password; if this is successful the password is considered correct.
+*/
+dnformat = "cn=%s,dc=jillestest,dc=com";
+};
+/******************************************************************************
+* LOGGING SECTION.                                                           *
+******************************************************************************/
+/*
+* logfile{} blocks can be used to set up log files other than the master
+* logfile used by services, which is controlled by serverinfo::loglevel.
+*
+* The various logging categories are:
+*      debug, all      - meta-keyword for all possible categories
+*      trace           - meta-keyword for a little bit of info
+*      misc            - like trace, but with some more miscillaneous info
+*      notice          - meta-keyword for notice-like information
+* ------------------------------------------------------------------------------
+*      error           - critical errors
+*      info            - miscillaneous log notices
+*      verbose         - A bit more verbose than info, not quite as spammy as debug
+*      commands        - all command use
+*      admin           - administrative command use
+*      register        - account and channel registrations
+*      set             - changes of account or channel settings
+*      request         - user requests (currently only vhosts)
+*      network         - log notices related to network status
+*      rawdata         - log raw data sent and received by services
+*      wallops         - <not yet used>
+*      denycmd         - security model denials (commands, permissions)
+*/
+/*
+* This block logs all account and channel registrations and drops,
+* and account and channel setting changes to var/account.log.
+*/
+logfile "var/account.log" { register; set; };
+/*
+* This block logs all command use to var/commands.log.
+*/
+logfile "var/commands.log" { commands; };
+/*
+* This block logs all security auditing information.
+*/
+logfile "var/audit.log" { denycmd; };
+/*
+* You can log to IRC channels, and even split it by category, too.
+* This entry provides roughly the same functionality as the old snoop
+* feature.
+*/
+logfile "#services" { error; info; admin; request; register; denycmd; };
+/*
+* This block logs to server notices.
+*/
+logfile "!snotices" { error; info; request; denycmd; };
+/******************************************************************************
+* GENERAL PARAMETERS CONFIGURATION SECTION.                                  *
+******************************************************************************/
+/* The general {} block defines general configuration options. */
+general {
+/* (*)permissive_mode
+* Whether or not security denials should be soft denials instead of
+* hard denials.  If security denials are soft denials, then they will
+* only be logged to the denial log.
+*/
+#permissive_mode;
+/* (*)helpchan
+* Network help channel. Shown to users when they request
+* help for a command that doesn't exist.
+*/
+#helpchan = "#help";
+/* (*)helpurl
+* Network webpage for services help. Shown to users when they
+* request help for a command that doesn't exist.
+*/
+#helpurl = "http://www.stack.nl/~jilles/irc/atheme-help/";
+/* (*)silent
+* If you want to prevent services from sending
+* WALLOPS/GLOBOPS about things uncomment this.
+* Not recommended.
+*/
+#silent;
+/* (*)verbose_wallops
+* If you want services to send you more information about
+* events that are occuring (in particular AKILLs), uncomment the
+* directive below.
+*
+* WARNING! This may result in large amounts of wallops/globops
+* floods.
+*/
+#verbose_wallops;
+/* (*)join_chans
+* Should ChanServ be allowed to join registered channels?
+* This option is useful for the fantasy command set.
+*
+* If enabled, you can tell ChanServ to join via SET GUARD ON.
+*
+* If you use ircu-like ircd (asuka), you must
+* leave this enabled, and put guard in default cflags.
+*
+* For ratbox it is recommended to leave it on and put guard in
+* default cflags, in order that ChanServ does not have to join/part
+* to do certain things. On the other hand, enabling this increases
+* potential for bots fighting with ChanServ.
+*
+* Regardless of this option, ChanServ will temporarily join
+* channels which would otherwise be empty if necessary to enforce
+* akick/restricted/close, and to change the TS if changets is
+* enabled.
+*/
+join_chans;
+/* (*)leave_chans
+* Do we leave registered channels after everyone else has left?
+* Turning this off serves little purpose, except to mark "official"
+* network channels by keeping them open, and to preserve the
+* topic and +beI lists.
+*/
+leave_chans;
+/* secure
+* Do you want to require the use of /msg <service>@<services host>?
+* Turning this on helps protect against spoofers, but is disabled
+* as most networks do not presently use it.
+*/
+#secure;
+/* (*)uflags
+* The default flags to set for usernames upon registration.
+* Valid values are: hold, neverop, noop, hidemail, nomemo, emailmemos,
+* enforce, privmsg, private, quietchg and none.
+*/
+uflags = { hidemail; };
+/* (*)cflags
+* The default flags to set for channels upon registration.
+* Valid values are: hold, secure, verbose, verbose_ops, keeptopic,
+* topiclock, guard, private, nosync, limitflags, pubacl and none.
+*/
+cflags = { verbose; guard; };
+/* (*)raw
+* Do you want to allow SRAs to use the RAW and INJECT commands?
+* These commands are for debugging. If you don't know how to use them
+* then don't enable them. They are not supported.
+*/
+#raw;
+/* (*)flood_msgs
+* Do you want services to detect floods?
+* Set to how many messages before a flood is triggered.
+* Note that some messages that need a lot of processing count
+* as two or four messages.
+* If services receives `flood_msgs' within `flood_time' the user will
+* trigger the flood protection.
+* Setting this to zero disables flood protection.
+*/
+flood_msgs = 7;
+/* (*)flood_time
+* Do you want services to detect floods?
+* Set to how long before the counter resets.
+* If services receives `flood_msgs' within `flood_time' the user will
+* trigger the flood protection.
+*/
+flood_time = 10;
+/* (*)ratelimit_uses
+* After how many uses of a command will users be throttled.
+* After `ratelimit_uses' of a command within `ratelimit_period', users
+* will not be able to run that ratelimited command until the period is up.
+* Comment this, ratelimit_period below or both options out to disable rate limiting.
+* Currently used in helpserv/helpme, helpserv/ticket, hostserv/request,
+* nickserv/register and chanserv/register.
+*/
+ratelimit_uses = 5;
+/* (*)ratelimit_period
+* After how much time (in seconds) will the ratelimit_uses counter reset.
+* After `ratelimit_uses' of a command within `ratelimit_period', users
+* will not be able to run that ratelimited command until the period is up.
+* Comment this, ratelimit_uses above or both options out to disable rate limiting.
+* Currently used in helpserv/helpme, helpserv/ticket, hostserv/request,
+* nickserv/register and chanserv/register.
+*/
+ratelimit_period = 60;
+/* (*)vhost_change
+* The default number of days between vHost changes once a user has used HostServ
+* TAKE or REQUEST.  (Helps to deter rabid host-swappers and ban evaders.)
+*/
+#vhost_change = 30;
+/* (*)kline_time
+* The default expire time for KLINE's in days.
+* Setting this to 0 makes all KLINE's permanent.
+*/
+kline_time = 7;
+/* (*)kline_with_ident
+* KLINE user@host instead of *@host.
+* Applies to all automatic KLINE's set by services.
+*/
+#kline_with_ident;
+/* (*)kline_verified_ident
+* KLINE *@host if the first character of the ident is ~,
+* irrespective of the value of kline_with_ident.
+*/
+#kline_verified_ident;
+/* (*)clone_time
+* This is the default expiry time for CLONE exemptions in minutes.
+* Setting this to 0 makes all CLONE exemptions permanent.
+*/
+clone_time = 0;
+/* commit_interval
+* The time between database writes in minutes.
+*/
+commit_interval = 5;
+/* (*)operstring
+* The string returned in WHOIS (against services) for IRC operators.
+*/
+#operstring = "is an IRC Operator";
+/* (*)servicestring
+* The string returned in WHOIS (against services) for services.
+*/
+#servicestring = "is a Network Service";
+/* (*)default_clone_allowed
+* The limit after which clones will be KILLed or TKLINEd.
+* Used by operserv/clones.
+*/
+default_clone_allowed = 5;
+/* (*)default_clone_warn
+* The limit after which clones will be warned that they may not
+* have any more concurrent connections. Should be lower than
+* default_clone_allowed . Used by operserv/clones.
+*/
+default_clone_warn = 4;
+/* (*)clone_identified_increase_limit
+* If this option is enabled, the clone limit for a IP/host will
+* be increased by 1 per clone that's identified to services.
+* This has a limit of double the clone limits above.
+*/
+clone_identified_increase_limit;
+/* (*)uplink_sendq_limit
+* The maximum amount of data that may be queued to be sent
+* to the uplink, in bytes. This should be enough to contain
+* Atheme's response to the netburst, but smaller than the
+* IRCd's sendq limit for servers.
+*/
+uplink_sendq_limit = 1048576;
+/* (*)language
+* Language to use for channel and oper messages and as default
+* for users.
+*/
+language = "en";
+/* exempts
+* This block contains a list of user@host masks. Users matching any
+* of these will not be automatically K:lined by services.
+*/
+exempts {
+};
+/* allow_taint
+* By enabling this option, Atheme will run in configurations where
+* the upstream will not provide support.  By enabling this feature,
+* you void any perceived rights to support.
+*/
+#allow_taint;
+/* (*)immune_level
+* This option allows you to customize the operlevel which gets kick
+* immunity privileges.
+*
+* The following flags are available:
+*    immune - require whatever ircd usermode is needed for kick
+*             immunity (this is the default);
+*    admin  - require admin privileges for kick immunity
+*    ircop  - require any ircop privileges for kick immunity (umode +o)
+*/
+immune_level = immune;
+/* show_entity_id
+* This makes nick/user & group entity IDs visible to everyone, rather
+* than just opers with user:auspex or group:auspex privileges.
+*/
+show_entity_id;
+/* load_database_mdeps
+*
+* For module dependencies listed in the services database (if any),
+* whether to load those modules on startup (if they are not already
+* loaded) or abort startup with a more helpful error message than
+* e.g. "db services.db:123: unknown directive 'BE'" --> "corestorage:
+* exiting to avoid data loss".
+*
+* Comment this out to abort startup instead of silently loading the
+* modules you need to process the database successfully. The abort
+* reason will tell you what module the database requires so that you
+* can fix your configuration file.
+*/
+load_database_mdeps;
+};
+proxyscan {
+/* Here you can configure the details of your Proxyscan (DNS Blacklist)
+* scanner service.
+*/
+nick = "Proxyscan";
+user = "dnsbl";
+host = "{{atheme_server_host}}";
+real = "Proxyscan Service";
+blacklists {
+"dnsbl.dronebl.org";
+"rbl.efnetrbl.org";
+"tor.efnet.org";
+};
+/* Available dnsbl_action's:
+* NONE - Do nothing
+* NOTIFY - Notify user that they are listed in a DNSBL and which one
+* SNOOP - Report the user to the logchannel or services channel
+* KLINE - AKILL the user from the network (default AKILL is 24 hours)
+*/
+dnsbl_action = kline;
+};
+/******************************************************************************
+* OPERATOR AND PRIVILEGES CONFIGURATION SECTION.                             *
+******************************************************************************/
+/* Operator configuration
+* See the PRIVILEGES document for more information.
+* NOTE: All changes apply immediately upon rehash. You may need
+* to send a signal (killall -HUP atheme-services) to regain control.
+*/
+/* (*) Operclasses specify groups of services operator privileges */
+/* The "user" operclass specifies privileges all users get.
+* This may be empty (default) in which case users get no special privileges.
+* If you use the security/cmdperm module, you will need to grant command: privileges
+* to every command that you want users to be able to use.
+*/
+operclass "user" { };
+/* The "ircop" operclass specifies privileges all IRCops get.
+* This may be empty in which case IRCops get no privs.
+* At least chan:cmodes, chan:joinstaffonly and general:auspex are suggested.
+*/
+operclass "ircop" {
+privs {
+special:ircop;
+};
+privs {
+user:auspex;
+user:admin;
+user:sendpass;
+user:vhost;
+user:mark;
+};
+privs {
+chan:auspex;
+chan:admin;
+chan:cmodes;
+chan:joinstaffonly;
+};
+privs {
+general:auspex;
+general:helper;
+general:viewprivs;
+general:flood;
+};
+privs {
+operserv:omode;
+operserv:akill;
+operserv:jupe;
+operserv:global;
+};
+privs {
+group:auspex;
+group:admin;
+};
+};
+operclass "sra" {
+/* You can inherit privileges from a lower operclass. */
+extends "ircop";
+privs {
+user:hold;
+user:regnolimit;
+};
+privs {
+general:metadata;
+general:admin;
+};
+privs {
+#operserv:massakill;
+#operserv:akill-anymask;
+operserv:noop;
+operserv:grant;
+};
+/* needoper
+* Only grant privileges to IRC users in this oper class if they
+* are opered; other use of privilege (channel succession, XMLRPC,
+* etc.) is unaffected by this.
+*
+* This flag is *not* inherited by operclasses that extend this one;
+* you will have to set it explicitly for each operclass.
+*/
+needoper;
+};
+/* (*) Operator blocks specify accounts with certain privileges
+* Oper classes must be defined before they are used in operator blocks.
+*/
+operator "jilles" {
+/* operclass */
+operclass = "sra";
+/* password
+*
+* Normally, the user needs to identify/log in using the account's
+* password, and may need to be an IRCop (see operclass::needoper
+* above). If you consider this not secure enough, you can
+* specify an additional password here, which the user must enter
+* using the OperServ IDENTIFY command, before the privileges can
+* be used.
+*
+* The password must be encrypted if a crypto module is in use.
+*
+* If you are using modules/crypto/crypt3-*, you can probably use
+* the "mkpasswd" program included with most Linux distributions.
+* Otherwise you can use modules/operserv/genhash to encrypt a
+* password for use here.
+*/
+#password = "$1$3gJMO9by$0G60YE6GqmuHVH3AnFPor1";
+};
+/******************************************************************************
+* INCLUDE CONFIGURATION SECTION.                                             *
+******************************************************************************/
+/* You may also specify other files for inclusion.
+* For example:
+*
+* include "etc/sras.conf";
+*/