atheme/templates/atheme.conf.j2
author Luke Hoersten <luke@hoersten.org>
Sat, 04 Jul 2020 13:20:11 -0500
changeset 115 1dc87d96ed8a
parent 113 d843011c249d
permissions -rw-r--r--
Added cooler cloaks.

/* This is an example configuration for Services.
 *
 * All statements end in semi-colons (';').
 * Shell style, C style, and C++ style comments may be used.
 *
 * Items marked with "(*)" are reconfigurable at runtime via REHASH.
 */

/******************************************************************************
 * MODULES SECTION.                                                           *
 ******************************************************************************/

/*
 * These are the modules included with the core distribution of Services.
 *
 * You may be interested in the atheme community modules distribution as
 * well, which adds additional features that may or may not be compatible
 * with the project paradigms intended for maintainance of the core of
 * atheme-services.
 *
 * Visit the atheme-services website for more information and to download them.
 *
 * Modules marked [experimental] will taint your atheme-services instance. Do
 * not file any bug reports with us about using Services with those modules;
 * they will be ignored.
 */

/* Dynamic security modules.
 *
 * WARNING: If you select one of these modules, the default security policy included
 * with Atheme may break.  These modules are intended for people who know what they
 * are doing and understand the implications of what they do.  Security modules which
 * are likely to break the default policy are prefixed with [!], if you are new to
 * Atheme, you should avoid enabling them.
 *
 * If you find your security policy is broken, you may debug it while allowing normal
 * operation of your IRC network by putting Atheme into "permissive mode".  To do this,
 * enable general::permissive_mode.
 *
 * [!] Infer "command:" namespace permissions   modules/security/cmdperm
 */
#loadmodule "modules/security/cmdperm";

/* Protocol module.
 *
 * Please select a protocol module. Different servers use different protocols.
 * Below is a listing of ircd's known to work with the various protocol modules
 * available.
 *
 * Asuka 1.2.1 or later                         modules/protocol/asuka
 * Bahamut 2.1.x                                modules/protocol/bahamut
 * Charybdis IRCd                               modules/protocol/charybdis
 * ChatIRCd                                     modules/protocol/chatircd1.1
 * DreamForge 4.6.7 or later                    modules/protocol/dreamforge
 * InspIRCd 2.0                                 modules/protocol/inspircd
 * ircd-ratbox 2.0 and later                    modules/protocol/ratbox
 * IRCNet ircd (ircd 2.11)                      modules/protocol/ircnet
 * ircd-seven                                   modules/protocol/ircd-seven
 * Nefarious IRCu 0.4.0 or later                modules/protocol/nefarious
 * ngIRCd 19 or later [experimental]            modules/protocol/ngircd
 * UnrealIRCd 3.2.*                             modules/protocol/unreal
 * UnrealIRCd 4 or later                        modules/protocol/unreal4
 *
 * If your IRCd vendor has supplied a module file, build it and load it here
 * instead of one above.
 */
loadmodule "modules/protocol/ngircd";

/* Protocol mixins.
 *
 * These should be used if you do not have/want certain features on your
 * network that your ircd normally has. If you do not know what this means,
 * you do not need any of them.
 *
 * Disable halfops                              modules/protocol/mixin_nohalfops
 * Disable holdnick (use enforcer clients)      modules/protocol/mixin_noholdnick
 * Disable "protect" mode on channels           modules/protocol/mixin_noprotect
 * Disable "owner" mode on channels             modules/protocol/mixin_noowner
 */
#loadmodule "modules/protocol/mixin_nohalfops";
#loadmodule "modules/protocol/mixin_noholdnick";
#loadmodule "modules/protocol/mixin_noprotect";
#loadmodule "modules/protocol/mixin_noowner";

/* Database backend module.
 *
 * Please select a database backend module. Different backends allow for
 * different ways in which the services data can be manipulated. YOU MAY
 * ONLY HAVE ONE OF THESE BACKENDS LOADED.
 *
 * The following backends are available:
 *
 * Atheme 0.1 flatfile database format          modules/backend/flatfile
 * Open Services Exchange database format       modules/backend/opensex
 *
 * Most networks will want opensex.
 */
loadmodule "modules/backend/opensex";

/* Password hashing modules.
 *
 * If you would like encryption for your services passwords, or to migrate
 * from another IRC services package which used encryption for its passwords,
 * please select a module here.
 *
 * The following encryption-capable crypto modules are available:
 *
 *   Argon2 (Password Hashing Competition 2015)    modules/crypto/argon2
 *   scrypt (Tarsnap Online Backup Service)        modules/crypto/scrypt
 *   PBKDF2 (Including support for SASL SCRAM-SHA) modules/crypto/pbkdf2v2
 *   bcrypt (EksBlowfish; from Niels Provos etc.)  modules/crypto/bcrypt
 *   SHA2-512 crypt(3) a la '$6$...'               modules/crypto/crypt3-sha2-512
 *   SHA2-256 crypt(3) a la '$5$...'               modules/crypto/crypt3-sha2-256
 *
 * If you do not load an encryption-capable crypto module, some features will
 * not work correctly, and errors will be logged on e.g. user registration
 * that it was not possible to encrypt their password. Support for running
 * without an encryption-capable crypto module will be removed in a later
 * version of this software; for now it is just *HIGHLY* discouraged.
 *
 * Note, that upon starting with an encryption-capable crypto module, YOUR
 * UNENCRYPTED PASSWORDS ARE IMMEDIATELY AND *IRREVERSIBLY* CONVERTED. Make
 * at least TWO backups of your database before experimenting with this. If
 * you have several thousand accounts, this conversion may take a long time.
 *
 * The following modules can only be used to /verify/ existing encrypted
 * passwords, for example when upgrading from an older version of this
 * software, or migrating from something else:
 *
 *   PBKDF2 v1 (Atheme <= 7.2 compatibility)       modules/crypto/pbkdf2
 *   Raw SHA2-512                                  modules/crypto/rawsha2-512
 *   Raw SHA2-256                                  modules/crypto/rawsha2-256
 *   Anope SHA2-256 (Anope 2.0 compatibility)      modules/crypto/anope-enc-sha256
 *   Raw SHA1 (Anope ~1.8 compatibility)           modules/crypto/rawsha1
 *   Raw MD5 (Anope ~1.8 compatibility)            modules/crypto/rawmd5
 *   IRCServices (+ Anope) compatibility           modules/crypto/ircservices
 *   MD5 crypt(3) (Atheme Linux compatibility)     modules/crypto/crypt3-md5
 *   DES crypt(3) (Atheme OS X compatibility)      modules/crypto/crypt3-des
 *   Base64 (Anope ~1.8 compatibility)             modules/crypto/base64
 *
 * To transition between crypto schemes, load the preferred scheme first,
 * and as users login or set new passwords, they will be migrated to the new
 * preferred scheme. Like so:
 *
 * loadmodule "modules/crypto/argon2";
 * loadmodule "modules/crypto/scrypt";
 * loadmodule "modules/crypto/pbkdf2v2";
 * loadmodule "modules/crypto/pbkdf2";
 * loadmodule "modules/crypto/crypt3-md5";
 *
 * The Argon2 module requires the argon2 reference library (./configure
 * --with-argon2) and is *NOT* available in Atheme v7.2 or earlier. If you
 * wish to use this module while retaining the possibility to downgrade to
 * v7.2, please see the crypto {} documentation below.
 *
 * The Scrypt module requires libsodium (./configure --with-libsodium) and is
 * *NOT* available in Atheme v7.2 or earlier. This module may also require a
 * 64-bit Operating System to function correctly.
 *
 * The PBKDF2v2 module has no dependencies and is recommended. If you were
 * previously using the PBKDF2 v1 module on v7.2, you must still keep it in
 * the configuration here; the PBKDF2 v2 module cannot verify its password
 * hashes. However, you should also load PBKDF2 v2 (if you don't decide to use
 * anything else), because the PBKDF2 v1 module is now verify-only.
 *
 * The bcrypt module will truncate passwords greater than 72 characters. It is
 * also capable of verifying the older $2a$ digests that contain an integer
 * wrap-around bug, as used on e.g. Anope. It is not capable of verifying the
 * PHP-bcrypt $2x$ and $2y$ digests; but $2y$ can simply be changed to $2b$.
 * All successfully-verified passwords not using $2b$ will be converted to it.
 * This is an encryption-capable module, but its use is discouraged unless you
 * need to use it for interoperability with some other piece of software.
 *
 * The crypt3-* modules depend on your platform crypt(3) supporting the
 * respective algorithms. This is not guaranteed to be the case. If you used
 * modules/crypto/posix on Linux, you need crypt3-md5. If you used
 * modules/crypto/posix on OS X, you need crypt3-des. These modules issue
 * informational messages when loaded to the effect that they might break in
 * the future. They also run selftests on load to verify that they will work.
 *
 * All available modules are listed below, in the preferred load order. The
 * modules that are commented out are not available by default (please see
 * the v7.3 release notes in NEWS.md) or may require a third-party library to
 * use. If you know that you do not need a specific module, it is better to
 * not load it, so comment it out. Do not change the order of the modules
 * below unless you need to migrate from one to the other (as described
 * above); in particular, putting verify-only modules above encryption-
 * capable modules would be a waste of CPU time every time password
 * verification for a user whose password was not encrypted by them is
 * attempted.
 *
 * Comments that start with -- describe the ./configure option necessary to
 * have this module built.
 */
#loadmodule "modules/crypto/argon2";            /* --with-argon2 */
#loadmodule "modules/crypto/scrypt";            /* --with-sodium */
loadmodule "modules/crypto/pbkdf2v2";
#loadmodule "modules/crypto/bcrypt";            /* See notes above */
loadmodule "modules/crypto/pbkdf2";             /* Verify-only, see prev. */
#loadmodule "modules/crypto/crypt3-sha2-512";   /* Needs crypt(3) support */
#loadmodule "modules/crypto/crypt3-sha2-256";   /* Needs crypt(3) support */
#loadmodule "modules/crypto/crypt3-md5";        /* --enable-legacy-pwcrypto */
#loadmodule "modules/crypto/rawsha2-512";       /* --enable-legacy-pwcrypto */
#loadmodule "modules/crypto/rawsha2-256";       /* --enable-legacy-pwcrypto */
#loadmodule "modules/crypto/anope-enc-sha256";  /* --enable-legacy-pwcrypto */
#loadmodule "modules/crypto/rawsha1";           /* --enable-legacy-pwcrypto */
#loadmodule "modules/crypto/rawmd5";            /* --enable-legacy-pwcrypto */
#loadmodule "modules/crypto/ircservices";       /* --enable-legacy-pwcrypto */
#loadmodule "modules/crypto/crypt3-des";        /* --enable-legacy-pwcrypto */
#loadmodule "modules/crypto/base64";            /* --enable-legacy-pwcrypto */

/* Authentication module.
 *
 * These allow using passwords from an external system. The password given
 * when registering a new account is also checked against the external
 * system.
 *
 * The following authentication modules are available:
 *
 * LDAP                                         modules/auth/ldap
 *
 * The LDAP module requires OpenLDAP client libraries. It uses them in a
 * synchronous manner, which means that an unresponsive LDAP server can
 * freeze services.
 */
#loadmodule "modules/auth/ldap";

/* NickServ modules.
 *
 * Here you can disable or enable certain features of NickServ, by
 * defining which modules are loaded. You can even disable NickServ
 * entirely. Please note however, that an authentication service
 * (either NickServ, or UserServ) is required for proper functionality.
 *
 * Core components                              modules/nickserv/main
 * Nickname access lists                        modules/nickserv/access
 * Bad email address blocking                   modules/nickserv/badmail
 * CertFP fingerprint managment                 modules/nickserv/cert
 * DROP command                                 modules/nickserv/drop
 * Nickname enforcement                         modules/nickserv/enforce
 * GHOST command                                modules/nickserv/ghost
 * GROUP and UNGROUP commands                   modules/nickserv/group
 * HELP command                                 modules/nickserv/help
 * Nickname expiry override (HOLD command)      modules/nickserv/hold
 * IDENTIFY command                             modules/nickserv/identify
 * INFO command                                 modules/nickserv/info
 * Last quit message in INFO                    modules/nickserv/info_lastquit
 * LIST command                                 modules/nickserv/list
 * LISTLOGINS command                           modules/nickserv/listlogins
 * LISTMAIL command                             modules/nickserv/listmail
 * LISTOWNMAIL command                          modules/nickserv/listownmail
 * LOGIN command (for no_nick_ownership)        modules/nickserv/login
 * LOGOUT command                               modules/nickserv/logout
 * MARK command                                 modules/nickserv/mark
 * Password quality validation                  modules/nickserv/pwquality
 * FREEZE command                               modules/nickserv/freeze
 * LISTCHANS command                            modules/nickserv/listchans
 * LISTGROUPS command                           modules/nickserv/listgroups
 * REGISTER command                             modules/nickserv/register
 * Bypass registration limits (REGNOLIMIT)      modules/nickserv/regnolimit
 * Password reset (RESETPASS command)           modules/nickserv/resetpass
 * RESTRICT command                             modules/nickserv/restrict
 * Password return (RETURN command)             modules/nickserv/return
 * Password retrieval (SENDPASS command)        modules/nickserv/sendpass
 * Password retrieval allowed to normal users   modules/nickserv/sendpass_user
 * Change primary nickname (SET ACCOUNTNAME)    modules/nickserv/set_accountname
 * SET EMAIL command                            modules/nickserv/set_email
 * SET EMAILMEMOS command                       modules/nickserv/set_emailmemos
 * SET ENFORCETIME command                      modules/nickserv/set_enforcetime
 * SET HIDEMAIL command                         modules/nickserv/set_hidemail
 * SET LANGUAGE command                         modules/nickserv/set_language
 * SET NEVERGROUP command                       modules/nickserv/set_nevergroup
 * SET NEVEROP command                          modules/nickserv/set_neverop
 * SET NOGREET command                          modules/nickserv/set_nogreet
 * SET NOMEMO command                           modules/nickserv/set_nomemo
 * SET NOOP command                             modules/nickserv/set_noop
 * SET NOPASSWORD command                       modules/nickserv/set_nopassword
 * SET PASSWORD command                         modules/nickserv/set_password
 * PRIVMSG instead of NOTICE (SET PRIVMSG cmd)  modules/nickserv/set_privmsg
 * Account info hiding (SET PRIVATE command)    modules/nickserv/set_private
 * SET PROPERTY command                         modules/nickserv/set_property
 * SET PUBKEY command                           modules/nickserv/set_pubkey
 * SET QUIETCHG command                         modules/nickserv/set_quietchg
 * Password retrieval uses code (SETPASS cmd)   modules/nickserv/setpass
 * STATUS command                               modules/nickserv/status
 * Nickname metadata viewer (TAXONOMY command)  modules/nickserv/taxonomy
 * VACATION command                             modules/nickserv/vacation
 * VERIFY command                               modules/nickserv/verify
 * VHOST command                                modules/nickserv/vhost
 * Delay services account registrations         modules/nickserv/waitreg
 */
loadmodule "modules/nickserv/main";
#loadmodule "modules/nickserv/access";
loadmodule "modules/nickserv/badmail";
#loadmodule "modules/nickserv/cert";
loadmodule "modules/nickserv/drop";
#loadmodule "modules/nickserv/enforce";
loadmodule "modules/nickserv/ghost";
loadmodule "modules/nickserv/group";
loadmodule "modules/nickserv/help";
loadmodule "modules/nickserv/hold";
loadmodule "modules/nickserv/identify";
loadmodule "modules/nickserv/info";
#loadmodule "modules/nickserv/info_lastquit";
loadmodule "modules/nickserv/list";
#loadmodule "modules/nickserv/listlogins";
loadmodule "modules/nickserv/listmail";
#loadmodule "modules/nickserv/listownmail";
#loadmodule "modules/nickserv/login";
loadmodule "modules/nickserv/logout";
loadmodule "modules/nickserv/mark";
#loadmodule "modules/nickserv/pwquality";
loadmodule "modules/nickserv/freeze";
loadmodule "modules/nickserv/listchans";
loadmodule "modules/nickserv/listgroups";
loadmodule "modules/nickserv/register";
loadmodule "modules/nickserv/regnolimit";
loadmodule "modules/nickserv/resetpass";
loadmodule "modules/nickserv/restrict";
loadmodule "modules/nickserv/return";
loadmodule "modules/nickserv/setpass";
#loadmodule "modules/nickserv/sendpass";
loadmodule "modules/nickserv/sendpass_user";
loadmodule "modules/nickserv/set_accountname";
loadmodule "modules/nickserv/set_email";
loadmodule "modules/nickserv/set_emailmemos";
#loadmodule "modules/nickserv/set_enforcetime";
loadmodule "modules/nickserv/set_hidemail";
loadmodule "modules/nickserv/set_language";
loadmodule "modules/nickserv/set_nevergroup";
loadmodule "modules/nickserv/set_neverop";
loadmodule "modules/nickserv/set_nogreet";
loadmodule "modules/nickserv/set_nomemo";
loadmodule "modules/nickserv/set_noop";
#loadmodule "modules/nickserv/set_nopassword";
loadmodule "modules/nickserv/set_password";
#loadmodule "modules/nickserv/set_privmsg";
#loadmodule "modules/nickserv/set_private";
loadmodule "modules/nickserv/set_property";
loadmodule "modules/nickserv/set_pubkey";
loadmodule "modules/nickserv/set_quietchg";
loadmodule "modules/nickserv/status";
loadmodule "modules/nickserv/taxonomy";
loadmodule "modules/nickserv/vacation";
loadmodule "modules/nickserv/verify";
loadmodule "modules/nickserv/vhost";
#loadmodule "modules/nickserv/waitreg";

/* ChanServ modules.
 *
 * Here you can disable or enable certain features of ChanServ, by
 * defining which modules are loaded. You can even disable ChanServ
 * entirely. Please note that ChanServ requires an authentication
 * service, either NickServ or UserServ will do.
 *
 * Core components                              modules/chanserv/main
 * ACCESS command (simplified ACL editing)      modules/chanserv/access
 * AKICK command                                modules/chanserv/akick
 * BAN/UNBAN commands                           modules/chanserv/ban
 * UNBAN self only (load ban or this not both)  modules/chanserv/unban_self
 * BANSEARCH command                            modules/chanserv/bansearch
 * CLOSE command                                modules/chanserv/close
 * CLONE command                                modules/chanserv/clone
 * CLEAR command                                modules/chanserv/clear
 * CLEAR AKICKS command                         modules/chanserv/clear_akicks
 * CLEAR BANS command                           modules/chanserv/clear_bans
 * CLEAR FLAGS command                          modules/chanserv/clear_flags
 * CLEAR USERS command                          modules/chanserv/clear_users
 * COUNT command                                modules/chanserv/count
 * DROP command                                 modules/chanserv/drop
 * Forced flags changes                         modules/chanserv/fflags
 * FLAGS command                                modules/chanserv/flags
 * Forced foundership transfers                 modules/chanserv/ftransfer
 * GETKEY command                               modules/chanserv/getkey
 * HALFOP/DEHALFOP commands                     modules/chanserv/halfop
 * HELP command                                 modules/chanserv/help
 * Channel expiry override (HOLD command)       modules/chanserv/hold
 * INFO command                                 modules/chanserv/info
 * INVITE command                               modules/chanserv/invite
 * KICK/KICKBAN commands                        modules/chanserv/kick
 * LIST command                                 modules/chanserv/list
 * MARK command                                 modules/chanserv/mark
 * Moderated channel registrations              modules/chanserv/moderate
 * OP/DEOP commands                             modules/chanserv/op
 * OWNER/DEOWNER commands                       modules/chanserv/owner
 * PROTECT/DEPROTECT commands                   modules/chanserv/protect
 * QUIET command (+q support)                   modules/chanserv/quiet
 * Channel takeover recovery (RECOVER command)  modules/chanserv/recover
 * REGISTER command                             modules/chanserv/register
 * SET EMAIL command                            modules/chanserv/set_email
 * SET ENTRYMSG command                         modules/chanserv/set_entrymsg
 * SET FANTASY command                          modules/chanserv/set_fantasy
 * SET GAMESERV command                         modules/chanserv/set_gameserv
 * SET GUARD command                            modules/chanserv/set_guard
 * SET KEEPTOPIC command                        modules/chanserv/set_keeptopic
 * SET LIMITFLAGS command                       modules/chanserv/set_limitflags
 * SET MLOCK command                            modules/chanserv/set_mlock
 * SET PREFIX command                           modules/chanserv/set_prefix
 * Channel info hiding (SET PRIVATE command)    modules/chanserv/set_private
 * SET PROPERTY command                         modules/chanserv/set_property
 * SET PUBACL command                           modules/chanserv/set_pubacl
 * SET RESTRICTED command                       modules/chanserv/set_restricted
 * SET SECURE command                           modules/chanserv/set_secure
 * SET TOPICLOCK command                        modules/chanserv/set_topiclock
 * SET URL command                              modules/chanserv/set_url
 * SET VERBOSE command                          modules/chanserv/set_verbose
 * STATUS command                               modules/chanserv/status
 * SYNC command (and automatic ACL syncing)     modules/chanserv/sync
 * Named Successor ACL flag                     modules/chanserv/successor_acl
 * Channel metadata viewer (TAXONOMY command)   modules/chanserv/taxonomy
 * TEMPLATE command                             modules/chanserv/template
 * TOPIC/TOPICAPPEND commands                   modules/chanserv/topic
 * VOICE/DEVOICE commands                       modules/chanserv/voice
 * WHY command                                  modules/chanserv/why
 * VOP/HOP/AOP/SOP commands                     modules/chanserv/xop
 *  This module provides emulation of the ircservices XOP scheme ONLY.
 *  Do not report discrepencies when using native commands to edit channel
 *  ACLs. This is intentional.
 * Flood protection                             modules/chanserv/antiflood
 *  This module should be loaded after at least chanserv/quiet if you want
 *  the autoquiet feature to work.
 */
loadmodule "modules/chanserv/main";
loadmodule "modules/chanserv/access";
loadmodule "modules/chanserv/akick";
loadmodule "modules/chanserv/ban";
#loadmodule "modules/chanserv/unban_self";
loadmodule "modules/chanserv/bansearch";
loadmodule "modules/chanserv/clone";
loadmodule "modules/chanserv/close";
loadmodule "modules/chanserv/clear";
loadmodule "modules/chanserv/clear_akicks";
loadmodule "modules/chanserv/clear_bans";
loadmodule "modules/chanserv/clear_flags";
loadmodule "modules/chanserv/clear_users";
loadmodule "modules/chanserv/count";
loadmodule "modules/chanserv/drop";
#loadmodule "modules/chanserv/fflags";
loadmodule "modules/chanserv/flags";
loadmodule "modules/chanserv/ftransfer";
loadmodule "modules/chanserv/getkey";
#loadmodule "modules/chanserv/halfop";
loadmodule "modules/chanserv/help";
loadmodule "modules/chanserv/hold";
loadmodule "modules/chanserv/info";
loadmodule "modules/chanserv/invite";
loadmodule "modules/chanserv/kick";
loadmodule "modules/chanserv/list";
loadmodule "modules/chanserv/mark";
#loadmodule "modules/chanserv/moderate";
loadmodule "modules/chanserv/op";
#loadmodule "modules/chanserv/owner";
#loadmodule "modules/chanserv/protect";
#loadmodule "modules/chanserv/quiet";
loadmodule "modules/chanserv/recover";
loadmodule "modules/chanserv/register";
loadmodule "modules/chanserv/set_email";
loadmodule "modules/chanserv/set_entrymsg";
loadmodule "modules/chanserv/set_fantasy";
#loadmodule "modules/chanserv/set_gameserv";
loadmodule "modules/chanserv/set_guard";
loadmodule "modules/chanserv/set_keeptopic";
#loadmodule "modules/chanserv/set_limitflags";
loadmodule "modules/chanserv/set_mlock";
loadmodule "modules/chanserv/set_prefix";
#loadmodule "modules/chanserv/set_private";
loadmodule "modules/chanserv/set_property";
#loadmodule "modules/chanserv/set_pubacl";
loadmodule "modules/chanserv/set_restricted";
loadmodule "modules/chanserv/set_secure";
loadmodule "modules/chanserv/set_topiclock";
loadmodule "modules/chanserv/set_url";
loadmodule "modules/chanserv/set_verbose";
loadmodule "modules/chanserv/status";
loadmodule "modules/chanserv/sync";
#loadmodule "modules/chanserv/successor_acl";
loadmodule "modules/chanserv/taxonomy";
loadmodule "modules/chanserv/template";
loadmodule "modules/chanserv/topic";
loadmodule "modules/chanserv/voice";
loadmodule "modules/chanserv/why";
#loadmodule "modules/chanserv/xop";
loadmodule "modules/chanserv/antiflood";

/* CHANFIX module.
 *
 * Here you can disable or enable certain features of CHANFIX, by
 * defining which modules are loaded.
 *
 * Core components                              modules/chanfix/main
 */
#loadmodule "modules/chanfix/main";

/* OperServ modules.
 *
 * Here you can disable or enable certain features of OperServ, by
 * defining which modules are loaded.
 *
 * Core components                              modules/operserv/main
 * AKILL system                                 modules/operserv/akill
 * CLEARCHAN command                            modules/operserv/clearchan
 * CLONES system                                modules/operserv/clones
 * COMPARE command                              modules/operserv/compare
 * GENHASH command                              modules/operserv/genhash
 * GREPLOG command                              modules/operserv/greplog
 * HELP command                                 modules/operserv/help
 * IGNORE system                                modules/operserv/ignore
 * IDENTIFY command                             modules/operserv/identify
 * INFO command                                 modules/operserv/info
 * INJECT command                               modules/operserv/inject
 * JUPE command                                 modules/operserv/jupe
 * MODE command                                 modules/operserv/mode
 * MODINSPECT command                           modules/operserv/modinspect
 * MODLIST command                              modules/operserv/modlist
 * MODLOAD command                              modules/operserv/modload
 * MODRELOAD command                            modules/operserv/modreload
 * MODUNLOAD command                            modules/operserv/modunload
 * NOOP system                                  modules/operserv/noop
 * Regex mass akill (RAKILL command)            modules/operserv/rakill
 * RAW command                                  modules/operserv/raw
 * READONLY command                             modules/operserv/readonly
 * REHASH command                               modules/operserv/rehash
 * RESTART command                              modules/operserv/restart
 * Display regex matching (RMATCH command)      modules/operserv/rmatch
 * Most common realnames (RNC command)          modules/operserv/rnc
 * RWATCH system                                modules/operserv/rwatch
 *
 * Note that ALL of these SET commands only apply until the next rehash!
 *
 * ALL of the below SET commands (deprecated)   modules/operserv/set
 * SET AKICKTIME subcommand (temporarily)       modules/operserv/set_akicktime
 * SET CHANEXPIRE subcommand (temporarily)      modules/operserv/set_chanexpire
 * SET COMMITINTERVAL subcommand (temporarily)  modules/operserv/set_commitinterval
 * SET ENFORCEPREFIX subcommand (temporarily)   modules/operserv/set_enforceprefix
 * SET KLINETIME subcommand (temporarily)       modules/operserv/set_klinetime
 * SET MAXCHANACS subcommand (temporarily)      modules/operserv/set_maxchanacs
 * SET MAXCHANS subcommand (temporarily)        modules/operserv/set_maxchans
 * SET MAXFOUNDERS subcommand (temporarily)     modules/operserv/set_maxfounders
 * SET MAXLOGINS subcommand (temporarily)       modules/operserv/set_maxlogins
 * SET MAXNICKS subcommand (temporarily)        modules/operserv/set_maxnicks
 * SET MAXUSERS subcommand (temporarily)        modules/operserv/set_maxusers
 * SET MDLIMIT subcommand (temporarily)         modules/operserv/set_mdlimit
 * SET NICKEXPIRE subcommand (temporarily)      modules/operserv/set_nickexpire
 * SET RECONTIME subcommand (temporarily)       modules/operserv/set_recontime
 * SET SPAM subcommand (temporarily)            modules/operserv/set_spam
 *
 * SGLINE system                                modules/operserv/sgline
 * SHUTDOWN command                             modules/operserv/shutdown
 * Non-config oper privileges (SOPER command)   modules/operserv/soper
 * Oper privilege display (SPECS command)       modules/operserv/specs
 * SQLINE system                                modules/operserv/sqline
 * UPDATE command                               modules/operserv/update
 * UPTIME command                               modules/operserv/uptime
 */
loadmodule "modules/operserv/main";
loadmodule "modules/operserv/akill";
#loadmodule "modules/operserv/clearchan";
#loadmodule "modules/operserv/clones";
loadmodule "modules/operserv/compare";
#loadmodule "modules/operserv/genhash";
#loadmodule "modules/operserv/greplog";
loadmodule "modules/operserv/help";
loadmodule "modules/operserv/identify";
loadmodule "modules/operserv/ignore";
loadmodule "modules/operserv/info";
loadmodule "modules/operserv/jupe";
loadmodule "modules/operserv/mode";
loadmodule "modules/operserv/modinspect";
loadmodule "modules/operserv/modlist";
loadmodule "modules/operserv/modload";
loadmodule "modules/operserv/modunload";
loadmodule "modules/operserv/modreload";
loadmodule "modules/operserv/noop";
#loadmodule "modules/operserv/rakill";
loadmodule "modules/operserv/readonly";
loadmodule "modules/operserv/rehash";
loadmodule "modules/operserv/restart";
loadmodule "modules/operserv/rmatch";
loadmodule "modules/operserv/rnc";
loadmodule "modules/operserv/rwatch";
loadmodule "modules/operserv/set";
loadmodule "modules/operserv/sgline";
loadmodule "modules/operserv/shutdown";
#loadmodule "modules/operserv/soper";
loadmodule "modules/operserv/specs";
#loadmodule "modules/operserv/sqline";
loadmodule "modules/operserv/update";
loadmodule "modules/operserv/uptime";

/* MemoServ modules.
 *
 * Here you can disable or enable certain features of MemoServ, by
 * defining which modules are loaded. You can even disable MemoServ
 * entirely.
 *
 * Core components                              modules/memoserv/main
 * HELP command                                 modules/memoserv/help
 * SEND command                                 modules/memoserv/send
 * Channel memos (SENDOPS command)              modules/memoserv/sendops
 * Group memos (SENDGROUP command)              modules/memoserv/sendgroup
 * LIST command                                 modules/memoserv/list
 * READ command                                 modules/memoserv/read
 * FORWARD command                              modules/memoserv/forward
 * DELETE command                               modules/memoserv/delete
 * IGNORE command                               modules/memoserv/ignore
 */
loadmodule "modules/memoserv/main";
loadmodule "modules/memoserv/help";
loadmodule "modules/memoserv/send";
loadmodule "modules/memoserv/sendops";
loadmodule "modules/memoserv/sendgroup";
loadmodule "modules/memoserv/list";
loadmodule "modules/memoserv/read";
loadmodule "modules/memoserv/forward";
loadmodule "modules/memoserv/delete";
loadmodule "modules/memoserv/ignore";

/* Global module.
 *
 * Like the other services, the Global noticer is a module. You can
 * disable or enable it to your liking below. Please note that the
 * Global noticer is dependent on OperServ for full functionality.
 */
loadmodule "modules/global/main";

/* InfoServ module.
 *
 * Like the other services, InfoServ is a module. You can disable or
 * enable it to your liking below.
 */
loadmodule "modules/infoserv/main";

/* SASL agent module.
 *
 * Allows clients to authenticate to services via SASL with an appropriate
 * ircd. You need the core components and at least one mechanism.
 *
 * Core components                      modules/saslserv/main
 * AUTHCOOKIE mechanism (for IRIS)      modules/saslserv/authcookie
 * ECDH-X25519-CHALLENGE mechanism      modules/saslserv/ecdh-x25519-challenge
 * ECDSA-NIST256P-CHALLENGE mechanism   modules/saslserv/ecdsa-nist256p-challenge
 * EXTERNAL mechanism (IRCv3.1+)        modules/saslserv/external
 * PLAIN mechanism                      modules/saslserv/plain
 * SCRAM-SHA-* mechanisms               modules/saslserv/scram
 *
 * ECDH-X25519-CHALLENGE support requires that Atheme be compiled against a
 * cryptographic library that provides X25519 ECDH support (BoringSSL,
 * LibreSSL, ARM mbedTLS, Nettle, Sodium). This will be checked while running
 * ./configure.
 *
 * ECDSA-NIST256P-CHALLENGE support requires that Atheme be compiled against
 * an OpenSSL with ECDSA support (not RHEL etc. unless you compile your own).
 * This will be checked while running ./configure.
 *
 * You MUST read doc/SASL-SCRAM before loading modules/saslserv/scram!
 */
loadmodule "modules/saslserv/main";
loadmodule "modules/saslserv/authcookie";
#loadmodule "modules/saslserv/ecdh-x25519-challenge";
#loadmodule "modules/saslserv/ecdsa-nist256p-challenge";
#loadmodule "modules/saslserv/external";
loadmodule "modules/saslserv/plain";
#loadmodule "modules/saslserv/scram";   /* READ doc/SASL-SCRAM FIRST! */

/* GameServ modules.
 *
 * Here you can disable or enable certain features of GameServ, by
 * defining which modules are loaded. You can even disable GameServ
 * entirely.
 *
 * Core components                              modules/gameserv/main
 * DICE/WOD commands                            modules/gameserv/dice
 * EIGHTBALL command                            modules/gameserv/eightball
 * Game-specific dice calculators               modules/gameserv/gamecalc
 * HELP commands                                modules/gameserv/help
 * LOTTERY command                              modules/gameserv/lottery
 * NAMEGEN command                              modules/gameserv/namegen
 * RPS command                                  modules/gameserv/rps
 */
#loadmodule "modules/gameserv/main";
#loadmodule "modules/gameserv/dice";
#loadmodule "modules/gameserv/eightball";
#loadmodule "modules/gameserv/gamecalc";
#loadmodule "modules/gameserv/help";
#loadmodule "modules/gameserv/lottery";
#loadmodule "modules/gameserv/namegen";
#loadmodule "modules/gameserv/rps";

/* RPGServ modules.
 *
 * Here you can disable or enable certain features of RPGServ, by
 * defining which modules are loaded. You can even disable RPGServ
 * entirely.
 *
 * Core components                              modules/rpgserv/main
 * ENABLE/DISABLE commands                      modules/rpgserv/enable
 * HELP command                                 modules/rpgserv/help
 * INFO command                                 modules/rpgserv/info
 * LIST command                                 modules/rpgserv/list
 * SEARCH command                               modules/rpgserv/search
 * SET commands                                 modules/rpgserv/set
 */
#loadmodule "modules/rpgserv/main";
#loadmodule "modules/rpgserv/enable";
#loadmodule "modules/rpgserv/help";
#loadmodule "modules/rpgserv/info";
#loadmodule "modules/rpgserv/list";
#loadmodule "modules/rpgserv/search";
#loadmodule "modules/rpgserv/set";

/* BotServ modules.
 *
 * Here you can disable or enable certain features of BotServ, by
 * defining which modules are loaded. You can even disable BotServ
 * entirely.
 *
 * Core components                              modules/botserv/main
 * HELP command                                 modules/botserv/help
 * INFO command                                 modules/botserv/info
 * NPC commands (SAY, ACT)                      modules/botserv/bottalk
 * SET FANTASY command                          modules/botserv/set_fantasy
 * SET NOBOT command                            modules/botserv/set_nobot
 * SET PRIVATE command                          modules/botserv/set_private
 * SET SAYCALLER command                        modules/botserv/set_saycaller
 */
#loadmodule "modules/botserv/main";
#loadmodule "modules/botserv/help";
#loadmodule "modules/botserv/info";
#loadmodule "modules/botserv/bottalk";
#loadmodule "modules/botserv/set_fantasy";
#loadmodule "modules/botserv/set_nobot";
#loadmodule "modules/botserv/set_private";
#loadmodule "modules/botserv/set_saycaller";

/* HostServ modules.
 *
 * Here you can disable or enable certain features of HostServ, by
 * defining which modules are loaded. You can even disable HostServ
 * entirely.
 *
 * HostServ is a more complex, and optional virtual host management service.
 * Users wishing only to set vhosts need not use it (they can use the builtin
 * vhost management of NickServ instead).
 *
 * Core components                              modules/hostserv/main
 * HELP command                                 modules/hostserv/help
 * OFFER system                                 modules/hostserv/offer
 * ON and OFF commands                          modules/hostserv/onoff
 * REQUEST system                               modules/hostserv/request
 * VHOST and LISTVHOST commands                 modules/hostserv/vhost
 * VHOSTNICK command                            modules/hostserv/vhostnick
 * GROUP command                                modules/hostserv/group
 * DROP command                                 modules/hostserv/drop
 */
#loadmodule "modules/hostserv/main";
#loadmodule "modules/hostserv/help";
#loadmodule "modules/hostserv/onoff";
#loadmodule "modules/hostserv/offer";
#loadmodule "modules/hostserv/request";
#loadmodule "modules/hostserv/vhost";
#loadmodule "modules/hostserv/vhostnick";
#loadmodule "modules/hostserv/group";
#loadmodule "modules/hostserv/drop";

/* HelpServ modules.
 * HelpServ allows users to request help from network staff in a few different ways.
 *
 * Core components                              modules/helpserv/main
 * HELPME command                               modules/helpserv/helpme
 * Help Ticket system                           modules/helpserv/ticket
 * Service List                                 modules/helpserv/services
 *
 * The ticket system works like a bugtracker ot helpdesk ticket system, HELPME
 * works like a one-time alert. You should probably only load one of the two systems.
 */
#loadmodule "modules/helpserv/main";
#loadmodule "modules/helpserv/helpme";
#loadmodule "modules/helpserv/ticket";
#loadmodule "modules/helpserv/services";

/* Channel listing service.
 *
 * Allows users to list channels with more flexibility than the /list
 * command.
 *
 * Core components                              modules/alis/main
 */
#loadmodule "modules/alis/main";

/* StatServ module.
 * StatServ provides basic statistics and split tracking.
 *
 * Core components                              modules/statserv/main
 * CHANNEL command                              modules/statserv/channel
 * NETSPLIT command                             modules/statserv/netsplit
 * SERVER command                               modules/statserv/server
 */
loadmodule "modules/statserv/main";
#loadmodule "modules/statserv/channel";
loadmodule "modules/statserv/netsplit";
loadmodule "modules/statserv/server";

/* GroupServ module.
 * GroupServ allows users to create groups to easily mass-manage channel
 * access and more.
 *
 * Core components                              modules/groupserv/main
 * ACSNOLIMIT command                           modules/groupserv/acsnolimit
 * DROP command                                 modules/groupserv/drop
 * FFLAGS command                               modules/groupserv/fflags
 * FLAGS command                                modules/groupserv/flags
 * HELP command                                 modules/groupserv/help
 * INFO command                                 modules/groupserv/info
 * JOIN command                                 modules/groupserv/join
 * LIST command                                 modules/groupserv/list
 * LISTCHANS command                            modules/groupserv/listchans
 * REGISTER command                             modules/groupserv/register
 * REGNOLIMIT command                           modules/groupserv/regnolimit
 * INVITE command                               modules/groupserv/invite
 * SET command                                  modules/groupserv/set
 * SET CHANNEL command                          modules/groupserv/set_channel
 * SET DESCRIPTION command                      modules/groupserv/set_description
 * SET EMAIL command                            modules/groupserv/set_email
 * SET GROUPNAME command                        modules/groupserv/set_groupname
 * SET JOINFLAGS command                        modules/groupserv/set_joinflags
 * SET OPEN command                             modules/groupserv/set_open
 * SET PUBLIC command                           modules/groupserv/set_public
 * SET URL command                              modules/groupserv/set_url
 *
 */
loadmodule "modules/groupserv/main";
loadmodule "modules/groupserv/acsnolimit";
loadmodule "modules/groupserv/drop";
loadmodule "modules/groupserv/fflags";
loadmodule "modules/groupserv/flags";
loadmodule "modules/groupserv/help";
loadmodule "modules/groupserv/info";
loadmodule "modules/groupserv/join";
loadmodule "modules/groupserv/list";
loadmodule "modules/groupserv/listchans";
loadmodule "modules/groupserv/register";
loadmodule "modules/groupserv/regnolimit";
#loadmodule "modules/groupserv/invite";
loadmodule "modules/groupserv/set";
loadmodule "modules/groupserv/set_channel";
loadmodule "modules/groupserv/set_description";
loadmodule "modules/groupserv/set_email";
loadmodule "modules/groupserv/set_groupname";
loadmodule "modules/groupserv/set_joinflags";
loadmodule "modules/groupserv/set_open";
loadmodule "modules/groupserv/set_public";
loadmodule "modules/groupserv/set_url";

/*
 * Various modules.
 *
 * Atheme includes an optional HTTP server that can be used for integration
 * with portal software and other useful things. To enable it, load this
 * module, and uncomment the httpd { } block towards the bottom of the config.
 *
 * HTTP Server                                  modules/misc/httpd
 */
#loadmodule "modules/misc/httpd";

/* XMLRPC server module.
 *
 * The XML-RPC handler requires modules/misc/httpd to be loaded as it merely
 * registers a path handler for XML-RPC. The path used for XML-RPC is /xmlrpc.
 *
 * XMLRPC handler for the httpd                 modules/transport/xmlrpc
 */
#loadmodule "modules/transport/xmlrpc";

/* Extended target entity types. [EXPERIMENTAL]
 *
 * Atheme can set up special target mapping entities which match multiple
 * users in channel access entries.  These target mapping entity types are
 * defined through the 'exttarget' modules listed below.
 *
 * Exttarget handling core                      modules/exttarget/main
 * $oper exttarget match type                   modules/exttarget/oper
 * $registered exttarget match type             modules/exttarget/registered
 * $channel exttarget match type                modules/exttarget/channel
 * $chanacs exttarget match type                modules/exttarget/chanacs
 * $server exttarget match type                 modules/exttarget/server
 */
#loadmodule "modules/exttarget/main";
#loadmodule "modules/exttarget/oper";
#loadmodule "modules/exttarget/registered";
#loadmodule "modules/exttarget/channel";
#loadmodule "modules/exttarget/chanacs";
#loadmodule "modules/exttarget/server";

/* Proxyscan (DNSBL) modules.
 *
 * Atheme can also check set DNS Blacklists for matches and respond
 * as set.  Activate modules here and customize further down under Proxyscan
 * section.
 */
#loadmodule "modules/proxyscan/main";
#loadmodule "modules/proxyscan/dnsbl";

/* Other modules.
 *
 * Put any other modules you want to load on startup here. The path
 * is relative to PREFIX or PREFIX/lib/atheme, depending on how Atheme
 * was compiled.
 */
#loadmodule "modules/contrib/backtrace";

/******************************************************************************
 * SERVICES RUNTIME CONFIGURATION SECTION.                                    *
 ******************************************************************************/

/*
 * This block controls the configuration options for crypto modules.
 *
 * It is recommended to either leave the values at their defaults, or
 * experiment with them so that it takes approximately 0.2-0.4 seconds
 * for users to identify. Services blocks while the password is being
 * encrypted or verified, so don't set these too large, or people can
 * hang services by trying many password attempts at once.
 *
 * A benchmark program for the Argon2, scrypt & PBKDF2 crypto code is
 * available to assist with tuning these parameters:
 *
 *     - ./configure --prefix=foo ...
 *     - make
 *     - make install
 *     - ${foo}/bin/atheme-crypto-benchmark -o
 *
 * If you wish to deploy SASL SCRAM support, please read 'doc/SASL-SCRAM' and
 * pass the '-i' flag to the included cryptographic benchmarking utility too.
 *
 * If you are using the PBKDF2 module, its performance will be significantly
 * affected by your choice of cryptographic digest library. This software can
 * currently interface with 3 libraries; in decreasing order of performance:
 *
 *     - OpenSSL (libcrypto)
 *     - GnuPG (libgcrypt)
 *     - ARM mbedTLS (libmbedcrypto)
 *
 * If you have one of these libraries available at configure-time, the PBKDF2
 * module will perform significantly better, allowing you to raise its
 * iteration count without affecting the computation time. This is indicated
 * by the output of the configure script; "Digest Frontend". The benchmark
 * program will also inform you what cryptographic digest library it is using,
 * if any.
 *
 *
 *
 * If you are migrating from crypto/argon2d (v7.2) to crypto/argon2, and you
 * wish to use the same parameters as the older module's defaults, configure
 * it like so:
 *
 *     crypto {
 *         argon2_type = "argon2d";
 *         argon2_memcost = 14;
 *         argon2_timecost = 32;
 *         argon2_threads = 1;
 *         argon2_saltlen = 32;
 *         argon2_hashlen = 64;
 *     };
 *
 *
 *
 * If you are migrating from crypto/pbkdf2 (v7.2) to crypto/pbkdf2v2, and you
 * wish to use the same parameters as the older module, configure it like so:
 *
 *     crypto {
 *         pbkdf2v2_digest = "SHA512";
 *         pbkdf2v2_rounds = 128000;
 *     };
 *
 * Note that this will still result in passwords being re-encrypted with the
 * newer module (as the older module successfully verifies them); another new
 * PBKDF2 computation with a new salt will occur, but this is still no worse
 * than an invocation of NickServ's "SET PASSWORD" command. You will still
 * need to keep the old module in your loadmodule configuration above, as the
 * new module cannot verify digests produced by the old one.
 *
 * If you wish to deploy SASL SCRAM support, please read 'doc/SASL-SCRAM'.
 * Its advice regarding parameter choice takes precedence over this!
 */
crypto {

        /* (*) argon2_type
         *
         * The algorithm type to use for new passwords.
         *
         * Argon2d is suitable for use on a dedicated machine that has
         * limited access. It provides the most resistance to GPU and ASIC
         * cracking attacks, but its operation is data-dependent; that is,
         * during its operation, keying material derived from the password
         * itself is indirectly affecting the execution choices made by the
         * algorithm. This creates a side-channel that can leak information
         * about the password to other software running on the same physical
         * machine.
         *
         * Argon2i avoids this by being data-independent. The order of memory
         * accesses, conditional execution, etc. does not depend on the
         * password, or any material derived from the password, so no side-
         * channel that can reveal any information about the password is
         * created. However, this means that it is easier to bruteforce by a
         * password cracker, which does not have to account for execution
         * differences in its implementation. This is the most suitable
         * choice for running on a virtual machine that is co-located with
         * other, untrusted, virtual machines, or on a dedicated machine that
         * runs other, untrusted, software, or has untrusted user access.
         *
         * Argon2id is a blend of both, limiting the exploitability of any
         * side-channels while retaining excellent resistance to GPU and ASIC
         * cracking. This is suitable for all but the most sensitive of
         * deployments.
         *
         * All algorithm types perform about equally as well as each other;
         * changing this will not significantly affect the computation time.
         *
         * The "argon2id" type requires a more recent libargon2 library. This
         * is indicated in your ./configure output ("checking if libargon2
         * algorithm type Argon2id appears to be usable...").
         *
         * Valid values are "argon2d", "argon2i", and "argon2id"
         * The default is "argon2id"; unless unsupported, then "argon2d".
         */
        #argon2_type = "argon2id";

        /* (*) argon2_memcost
         *
         * Memory cost (as a power of 2, in KiB) to use for new passwords.
         *
         * You should set this as high as is reasonable for the machine you
         * will be running this software on. If this results in too slow a
         * computation time, reset the time cost below to its minimum value.
         * If it is still too slow, decrement this value (halving the memory
         * usage) until it is fast enough. Alternatively, if it is still too
         * fast after setting this to its highest reasonable value, raise the
         * time cost below until it is not. A benchmark program is available
         * alongside this software to aid in this process.
         *
         * WARNING: Do *NOT* set this to more than 20 (1 GiB RAM) on a 32-bit
         *          machine or a 32-bit Operating System!
         *
         * Valid values are 3 (8 KiB RAM) to 30 (1 TiB RAM) (inclusive)
         * The default is 16 (64 MiB RAM)
         */
        #argon2_memcost = 16;

        /* (*) argon2_timecost
         *
         * Time cost (iterations over the memory pool).
         *
         * Valid values are 3 to 1,048,576 (inclusive)
         * The default is 3
         */
        #argon2_timecost = 3;

        /* (*) argon2_threads
         *
         * Number of processor threads to use for new passwords.
         *
         * If you want to increase the amount of computation effort required,
         * while not increasing the real ("wall clock") time required, raise
         * this setting to its maximum reasonable value for the machine you
         * will be running this software on.
         *
         * This software is not multi-threaded, so only one password will be
         * verified at a time. Therefore, you do NOT need to divide this by
         * the expected maximum number of simultaneous logins.
         *
         * It is pointless to set this higher than the number of hardware
         * processing threads you have; increase the time cost above instead
         * if you want to make it arbitrarily slower. Diminishing returns are
         * to be expected once you exceed the number of hardware processing
         * /cores/ you have; hyperthreading does NOT provide much (if any) of
         * a boost for this workload.
         *
         * Increasing this value will *decrease* the real time required, so
         * you may have to subsequently increase the time cost above again to
         * make it "just slow enough" once more. A benchmark program is
         * available alongside this software to aid in this process.
         *
         * WARNING: The (size of the) memory pool configured above is split
         * between the threads, which can result in too small a memory area
         * per-thread if many threads are used. If you set this value, it is
         * HIGHLY RECOMMENDED that you run the included benchmarking program
         * with the same configuration options, to confirm that it works!
         *
         * WARNING: This feature is experimental. Some of the code in this
         * software is not thread-safe, and although every effort has been
         * made to ensure that this feature will not interfere with the
         * operation of this software, this cannot be guaranteed.
         *
         * Valid values are 1 to 255 (inclusive)
         * The default is 1 (do not use any computation parallelism)
         */
        #argon2_threads = 1;

        /* (*) argon2_saltlen
         *
         * Salt length (in bytes) to use for new passwords. You should only
         * change this if absolutely necessary; for example, to interoperate
         * with other software. Its value doesn't significantly affect the
         * computation time.
         *
         * Valid values are 4 to 48 (inclusive)
         * The default is 16
         */
        #argon2_saltlen = 16;

        /* (*) argon2_hashlen
         *
         * Digest length (in bytes) to use for new passwords. You should only
         * change this if absolutely necessary; for example, to interoperate
         * with other software. Its value doesn't significantly affect the
         * computation time.
         *
         * Valid values are 16 to 128 (inclusive)
         * The default is 64
         */
        #argon2_hashlen = 64;

        /* (*) scrypt_memlimit
         *
         * Memory limit (as a power of 2, in KiB) to use for new passwords.
         *
         * You should set this as high as is reasonable for the machine you
         * will be running this software on. If this results in too slow a
         * computation time, reset the opslimit below to its default value.
         * If it is still too slow, decrement this value (halving the memory
         * usage) until it is fast enough. Alternatively, if it is still too
         * fast after setting this to its highest reasonable value, raise the
         * opslimit below until it is not. A benchmark program is available
         * alongside this software to aid in this process.
         *
         * WARNING: Do *NOT* set this to more than 20 (1 GiB RAM) on a 32-bit
         *          machine or a 32-bit Operating System!
         *
         * Valid values are 14 (16 MiB RAM) to 26 (64 GiB RAM) (inclusive)
         * The default is 14 (16 MiB RAM)
         */
        #scrypt_memlimit = 14;

        /* (*) scrypt_opslimit
         *
         * Amount of computation to perform for new passwords.
         *
         * The default value for this option is based on the default value of
         * the above option. The recommended value is (memlimit_bytes / 32).
         *
         * Valid values are 32,768 to 4,294,967,295 (inclusive)
         * The default is 524,288
         */
        #scrypt_opslimit = 524288;

        /* (*) pbkdf2v2_digest
         *
         * Cryptographic digest algorithm to use (in HMAC mode).
         *
         * Valid values are "SHA1", "SHA2-256", and "SHA2-512".
         * Additionally, the following aliases exist, for compatibility:
         *
         *   "SHA-1"   -> SHA1
         *   "SHA256"  -> SHA2-256
         *   "SHA512"  -> SHA2-512
         *   "SHA-256" -> SHA2-256
         *   "SHA-512" -> SHA2-512
         *
         * Finally, you can prefix this value with "SCRAM-" to enable the
         * computation and storage of an RFC5802/SCRAM ServerKey & StoredKey,
         * instead of a raw PBKDF2 digest (SaltedPassword). Verification of
         * plaintext passwords against these digests can still be performed
         * (for e.g. NickServ IDENTIFY or SASL PLAIN), by computing a new
         * SCRAM ServerKey from the provided password and comparing it to the
         * stored ServerKey, so setting this to a SCRAM mode does NOT prevent
         * non-SCRAM logins. For these variants, please read doc/SASL-SCRAM.
         *
         * The default is "SHA2-512"
         */
        #pbkdf2v2_digest = "SHA2-512";

        /* (*) pbkdf2v2_rounds
         *
         * This is the PBKDF2 "iteration count". You should raise this as high
         * as is reasonable for the machine you will be running services on.
         * However, note that if you are going to deploy SASL SCRAM support,
         * the *client*, NOT services, performs the PBKDF2 calculation during
         * login, so keep in mind that many mobile clients will not perform as
         * well as a server, and reduce the iteration count accordingly. Also,
         * some clients will refuse to perform a login at all if this is set
         * too high. A benchmark program is included alongside this software to
         * aid in tuning this parameter.
         *
         * Valid values are 10,000 to 5,000,000 (inclusive)
         * The default is 64,000
         */
        #pbkdf2v2_rounds = 64000;

        /* (*) pbkdf2v2_saltlen
         * You should only change this if you *really* know what you're doing
         * Valid values are 8 to 64 (inclusive)
         * The default is 32
         */
        #pbkdf2v2_saltlen = 32;

        /* (*) bcrypt_cost
         *
         * Amount of rounds to perform for new passwords (as a power of 2).
         * You should raise this as high as is reasonable. A benchmark
         * program is available alongside this software to aid in this
         * process.
         *
         * Valid values are 4 to 31 (inclusive)
         * The default is 7
         */
        #bcrypt_cost = 7;

        /* (*) crypt3_sha2_256_rounds
         * (*) crypt3_sha2_512_rounds
         *
         * Use of this option is restricted to certain C libraries!
         * At present, only GNU libc6 ("glibc") v2.7+ is known to work.
         *
         * Valid values are 5,000 to 1,000,000 (inclusive)
         * The default is 5,000
         */
        #crypt3_sha2_256_rounds = 5000;
        #crypt3_sha2_512_rounds = 5000;
};

/* The serverinfo{} block defines how we appear on the IRC network. */
serverinfo {
        /* name
         * The server name that this program uses on the IRC network.
         * This is the name you'll have to use in C:/N:Lines. It must be
         * unique on the IRC network and contain at least one dot, but does
         * not have to be equal to any DNS name.
         */
        name = "{{atheme_server_host}}";

        /* desc
         * The ``server comment'' we send to the IRC network.
         */
        desc = "Atheme IRC Services";

        /* numeric
         * Some protocol drivers (Charybdis, Ratbox2, P10, IRCNet)
         * require a server id, also known as a numeric. Please consult your
         * ircd's documentation when providing this value.
         */
        numeric = "00A";

        /* (*)recontime
         * The number of seconds before we reconnect to the uplink.
         */
        recontime = 10;

        /* (*)netname
         * The name of your network.
         */
        netname = "{{atheme_server_host}}";

        /* (*)hidehostsuffix
         * P10 +x host hiding gives <account>.<hidehostsuffix>.
         * If using +x on asuka, this must agree
         * with F:HIDDEN_HOST.
         */
        hidehostsuffix = "users.misconfigured";

        /* (*)adminname
         * The name of the person running this service.
         */
        adminname = "{{atheme_admin_name}}";

        /* (*)adminemail
         * The email address of the person running this service.
         */
        adminemail = "{{atheme_admin_email}}";

        /* (*)registeremail
         * The email address that messages should be originated from.
         * If this is not set, then "noreply.$adminemail" will be used.
         */
        registeremail = "{{atheme_admin_email}}";

        /* (*)hidden
         * If this is enabled, Atheme will indicate to the uplink IRCd
         * that it should not be included in /links output.  This only works
         * on the following IRCds at present: charybdis, ircd-seven, ratbox.
         */
        #hidden;

        /* (*)mta
         * The full path to your mail transfer agent.
         * This is used for email authorization and password retrieval.
         * Comment this out to disable sending email.
         * Warning: sending email can disclose the IP of your services
         * unless you take precautions (not discussed here further).
         */
        mta = "/usr/sbin/sendmail";

        /* (*)loglevel
         * Specify the default categories of logging information to record
         * in the master Atheme logfile, usually var/atheme.log.
         *
         * Options include:
         *      debug, all      - meta-keyword for all possible categories
         *      trace           - meta-keyword for a little bit of info
         *      misc            - like trace, but with some more miscellaneous info
         *      notice          - meta-keyword for notice-like information
         * ------------------------------------------------------------------------------
         *      error           - critical errors
         *      info            - miscillaneous log notices
         *      verbose         - A bit more verbose than info, not quite as spammy as debug
         *      commands        - all command use
         *      admin           - administrative command use
         *      register        - account and channel registrations
         *      set             - changes of account or channel settings
         *      request         - user requests (currently only vhosts)
         *      network         - log notices related to network status
         *      rawdata         - log raw data sent and received by services
         *      wallops         - <not yet used>
         */
        loglevel = { error; info; admin; network; wallops; };

        /* (*)maxlogins
         * What is the maximum number of sessions allowed to login to one
         * username? This reduces potential abuse. It is only checked on login.
         */
        maxlogins = 5;

        /* (*)maxusers
         * What are the maximum usernames that one email address can register?
         * Set to 0 to disable this check (it can be slow currently).
         */
        maxusers = 5;

        /* (*)mdlimit
         * How many metadata entries can be added to an object?
         */
        mdlimit = 30;

        /* (*)emaillimit, emailtime
         * The maximum number of emails allowed to be sent in
         * that amount of time (seconds). If this is exceeded,
         * wallops will be sent, at most one per minute.
         */
        emaillimit = 10;
        emailtime = 300;

        /* (*)auth
         * What type of username registration authorization do you want?
         * If "email", Atheme will send a confirmation email to the address to
         * ensure it's valid. If registration is not completed within one day,
         * the username will expire. If "none", no message will be sent and
         * the username will be fully registered.
         * Valid values are: email, none.
         */
        auth = none;

        /* casemapping
         * Specify the casemapping to use. Almost all TSora (and any that follow
         * the RFC correctly) ircds will use rfc1459 casemapping. Bahamut, Unreal,
         * and other ``Dalnet'' ircds will use ascii casemapping.
         * Valid values are: rfc1459, ascii.
         */
        casemapping = rfc1459;
};

/* uplink{} blocks define connections to IRC servers.
 * Multiple may be defined but only one will be used at a time (IRC
 * being a tree shaped network). Atheme does not currently link over SSL.
 * To link Atheme over ssl, please connect Atheme to a local ircd and have that
 * connect to your network over SSL.
 */
uplink "{{atheme_upstream_server}}" {
        // The server name of the ircd you're linking to goes above.

        // host
        // The hostname to connect to.
        host = "127.0.0.1";

        // vhost
        // The source IP to connect from, used on machines with multiple interfaces.
        #vhost = "192.0.2.5";

        // send_password
        // The password sent for linking.
        send_password = "{{atheme_server_pass}}";

        // receive_password
        // The password received for linking.
        receive_password = "{{atheme_server_pass}}";

        // port
        // The port to connect to.
        port = 6667;
};

/* this is an example for using an IPv6 address as an uplink */
/* uplink "irc6.example.net" {
        host = "::1";

        // password
        // If you want to have same send_password and accept_password, you
        // can specify both using 'password' instead of individually.
        password = "linkage";

        port = 6667;
};
*/

/* Services configuration.
 *
 * Each of these blocks can contain a nick, user, host, real and aliases.
 * Several of them also have options specific to the service.
 */

/* NickServ configuration.
 *
 * The nickserv {} block contains settings specific to the NickServ modules.
 *
 * NickServ provides nickname or username registration and authentication
 * services. It provides necessary authentication features required for
 * Services to operate correctly. You should make sure these settings
 * are properly configured for your network.
 */
nickserv {
        /* (*)spam
         * Have NickServ tell people about how great it and ChanServ are.
         */
        spam;

        /* no_nick_ownership
         * Enable this to disable nickname ownership (old userserv{}).
         * This changes changes "nickname" to "account" in most messages,
         * disables GHOST on users not logged in to the same account and
         * makes the spam directive ineffective.
         * It is suggested that the nick be set to UserServ, login.so
         * be loaded instead of identify.so and ghost.so not be loaded.
         */
        #no_nick_ownership;

        /* (*)nick
         * The nickname we want NickServ to have.
         */
        nick = "NickServ";

        /* (*)user
         * The username we want NickServ to have.
         */
        user = "NickServ";

        /* (*)host
         * The hostname we want NickServ to have.
         */
        host = "{{atheme_server_host}}";

        /* (*)real
         * The realname (gecos) information we want NickServ to have.
         */
        real = "Nickname Services";

        /* (*)aliases
         * Command aliases for NickServ.
         */
        aliases {
                "ID" = "IDENTIFY";
                "MYACCESS" = "LISTCHANS";
        };

        /* (*)access
         * This block allows you to modify the access level required to run
         * commands. The list of possible accesses are listed in the operclass
         * section later in this .conf . Note that you can only set the access
         * on an actual command, not an alias.
         */
        access {
        };

        /* (*)maxnicks
         * If GROUP is loaded, what are the maximum nicknames that one
         * username can register?
         */
        maxnicks = 5;

        /* (*)expire
         * The number of days before inactive registrations are expired.
         */
        expire = 30;

        /* (*)enforce_expire
         * The number of days of no use after which to ignore enforcement
         * settings on nicks.
         */
        #enforce_expire = 14;

        /* (*)enforce_delay
         * The number of seconds to delay nickchange enforcement settings
         * on nicks.
         */
        #enforce_delay = 30;

        /* (*)enforce_prefix
         * The prefix to use when changing the user's nick on enforcement
         */
        #enforce_prefix = "Guest";

        /* (*)waitreg_time
         * The amount of time (in seconds) users have to wait between
         * connecting to the network, and being able to register a services
         * account. Minimum value 0 (disables the enforced delay), default
         * value 0, maximum value 43200 (12 hours). Requires the
         * "modules/nickserv/waitreg" module to be loaded to do anything.
         */
        #waitreg_time = 0;

        /* (*)cracklib_dict
         * The location and filename prefix of the cracklib dictionaries
         * for use with nickserv/pwquality. This must be provided if you are
         * going to be using nickserv/pwquality with cracklib support enabled.
         */
        #cracklib_dict = "/var/cache/cracklib/cracklib_dict";

        /* (*)passwdqc_*
         * Please see the passwdqc.conf(5) documentation for an explanation
         * of these values. Affects modules/nickserv/pwquality if passwdqc
         * support is enabled. Default values given below.
         */
        #passwdqc_max = 288;     /* (8 <= value <= 288) */
        #passwdqc_min_n0 = 20;   /* (0 <= value <= passwdqc_max) */
        #passwdqc_min_n1 = 16;   /* (0 <= value <= passwdqc_min_n0) */
        #passwdqc_min_n2 = 16;   /* (0 <= value <= passwdqc_min_n1) */
        #passwdqc_min_n3 = 12;   /* (0 <= value <= passwdqc_min_n2) */
        #passwdqc_min_n4 = 8;    /* (0 <= value <= passwdqc_min_n3) */
        #passwdqc_words = 4;     /* (2 <= value <= 8) */

        /* (*)pwquality_warn_only
         * If this option is set and nickserv/pwquality is loaded, nickserv will just
         * warn users that their password is insecure, recommend they change it and
         * still register the nick. If this option is unset, it will refuse to
         * register the nick at all until the user chooses a better password.
         */
        #pwquality_warn_only;

        /* (*)show_custom_metadata
         * Setting this option to false will prevent user-set metadata (via SET PROPERTY)
         * from showing up in the INFO output. The TAXONOMY command will still function
         * as usual, and INFO will point this out if users have metadata set.
         */
        show_custom_metadata;

        /* (*)emailexempts
         * A list of email addresses that will be exempt from the check of how many
         * accounts one user may have. Any email address in this block may register
         * an unlimited number of accounts/usernames.
         */
        emailexempts {
        };

        /*
         * (*)shorthelp
         *
         * A list of commands that are displayed (with their full description) in the
         * output of `/msg NickServ HELP'. Commands not in this list will be listed, but
         * not with their descriptions. All commands with descriptions are still listed
         * in `/msg NickServ HELP COMMANDS' regardless of the value set here.
         *
         * Optional; defaults to "ACCESS CERT DROP GHOST GROUP IDENTIFY INFO LISTCHANS
         * LISTGROUPS LISTLOGINS LISTOWNMAIL LOGOUT REGAIN REGISTER RELEASE SENDPASS SET
         * UNGROUP".
         *
         * A command in this list will only be printed if the corresponding module is
         * loaded and the user has permission to use it. Set to an empty string to
         * disable listing command descriptions in `/msg NickServ HELP'.
         */
        #shorthelp = "";
};

/* ChanServ configuration.
 *
 * The chanserv {} block contains settings specific to the ChanServ modules.
 *
 * ChanServ provides channel registration services, which allows users to own
 * channels. It is not required, but is strongly recommended.
 */
chanserv {
        /* (*)nick
         * The nickname we want the client to have.
         */
        nick = "ChanServ";

        /* (*)user
         * The username we want the client to have.
         */
        user = "ChanServ";

        /* (*)host
         * The hostname we want the client to have.
         */
        host = "{{atheme_server_host}}";

        /* (*)real
         * The GECOS of the client.
         */
        real = "Channel Services";

        /* reggroup
         * The group that will receive Memos about
         * channel Registration requests when
         * chanserv/moderate is loaded.
         */
        #reggroup = "!Services-Team";

        /* (*)aliases
         * Command aliases for ChanServ.
         */
        aliases {
        };

        /* (*)access
         * Command access changes for ChanServ.
         */
        access {
        };

        /* (*)maxchans
         * What are the maximum channels that one username can register?
         */
        maxchans = 5;

        /* fantasy
         * Do you want to enable fantasy commands? This can
         * use a lot of CPU up, and will only work if you have
         * join_chans (in general) enabled as well.
         */
        fantasy;

        /* (*) hide_xop
         * Hide the XOP templates from sight.  This is useful if you
         * want to use templates and not have the XOP templates displayed.
         */
        #hide_xop;

        /* (*) templates
         * Defines what flags the global templates comprise.
         *
         * For the special XOP templates:
         * These should all be different and not equal to the empty set,
         * except that hop may be equal to vop to disable hop.
         * Each subsequent level should have more flags (except +VHO).
         * For optimal functioning of /cs forcexop, aop should not have
         * any of +sRf, hop should not have any of +sRfoOr and vop should
         * not have any of +sRfoOrhHt.
         * If this is not specified, the values of Atheme 0.3 are used,
         * which are generally less intuitive than these.
         * Note: changing these leaves the flags of existing channel access
         * entries unchanged, thus removing them of the view of /cs xop list.
         * Usually the channel founder can use /cs forcexop to update the
         * entries to the new levels.
         *
         * Advice:
         * If you want to add a co-founder role, remove the flags permission
         * from the SOP role, and define a co-founder role with flags
         * permissions.
         */
        templates {
                vop = "+AV";
                hop = "+AHehitrv";
                aop = "+AOehiortv";
                sop = "+AOaefhiorstv";

                founder = "+AFORaefhioqrstv";

                /* some examples (which are commented out...) */
                #member = "+Ai";
                #op = "+AOiortv";
        };

        /* (*) deftemplates
         * Defines default templates to set on new channels, as a
         * space-separated list of name=+flags pairs.
         * Note: at this time no syntax checking is done on this; it
         * is your own responsibility to make sure it is correct.
         */
        #deftemplates = "MEMBER=+Ai OP=+AOiortv";

        /* (*) changets
         * Change the channel TS to the registration time when someone
         * recreates a registered channel, ensuring that they are deopped
         * and all their modes are undone. Note that this involves ChanServ
         * joining. When the channel was not recreated no deops will be done
         * (apart from the SECURE option).
         * This also solves the "join-mode" problem where someone recreates
         * a registered channel and then sets some modes before they are
         * deopped.
         * This is currently supported for charybdis, ratbox, bahamut,
         * and inspircd 1.1+. For charybdis and ratbox it only fully
         * works with TS6, with TS5 bans and last-moment modes will
         * still apply.
         * (That can also be used to advantage, when first enabling this.)
         */
        #changets;

        /* (*) trigger
         * This setting allows you to change the trigger prefix for
         * ChanServ's in-channel command feature (disableable via chanserv::fantasy).
         * If no setting is provided, the default is used, which is "!".
         *
         * Other settings you could consider trying: ".", "~", "?", "`", "'".
         */
        trigger = "!";

        /* (*)expire
         * The number of days before inactive registrations are expired.
         */
        expire = 30;

        /* (*)maxchanacs
         * The maximum number of entries allowed in a channel's access list
         * (both channel ops and akicks), 0 for unlimited.
         */
        maxchanacs = 0;

        /* (*)maxfounders
         * The maximum number of founders allowed in a channel.
         * Note that all founders have the exact same privileges and
         * the list of founders is shown in various places.
         */
        maxfounders = 4;

        /* (*)founder_flags
         * The flags a user will get when they register a new channel.
         * This MUST include at least 'F' or it will be ignored.
         * If it is not set, Atheme will give the user all channel flags.
         */
        #founder_flags = "AFORefiorstv";

        /* (*)akick_time
         * The default expiration time (in minutes) for AKICKs.
         * Comment this option out or set to zero for permanent AKICKs
         * by default (the old behaviour).
         */
        #akick_time = 10;

        /* (*)antiflood_enforce_method
         * The enforcement method to use for flood protection by default.
         * This may be overridden by channel staff.
         * Available options are: quiet, kickban and akill.
         */
        antiflood_enforce_method = quiet;

        /* (*)show_custom_metadata
         * Setting this option to false will prevent user-set metadata (via SET PROPERTY)
         * from showing up in the INFO output. The TAXONOMY command will still function
         * as usual, and INFO will point this out if channels have metadata set.
         */
        show_custom_metadata;

        /*
         * (*)shorthelp
         *
         * A list of commands that are displayed (with their full description) in the
         * output of `/msg ChanServ HELP'. Commands not in this list will be listed, but
         * not with their descriptions. All commands with descriptions are still listed
         * in `/msg ChanServ HELP COMMANDS' regardless of the value set here.
         *
         * Optional; defaults to "AKICK BAN CLEAR DEOP DEVOICE DROP FLAGS GETKEY INFO
         * INVITE KICK KICKBAN OP QUIET REGISTER SET TOPIC UNBAN UNQUIET VOICE WHY".
         *
         * A command in this list will only be printed if the corresponding module is
         * loaded and the user has permission to use it. Set to an empty string to
         * disable listing command descriptions in `/msg ChanServ HELP'.
         */
        #shorthelp = "";
};

/* CHANFIX configuration.
 *
 * The chanfix {} block contains settings specific to the CHANFIX modules.
 *
 * CHANFIX provides channel recovery services without registration, which
 * allows users to maintain control of channels even if ChanServ is not used
 * to register them.
 */
chanfix {
        /* (*)nick
         * The nickname we want the client to have.
         */
        nick = "ChanFix";

        /* (*)user
         * The username we want the client to have.
         */
        user = "ChanFix";

        /* (*)host
         * The hostname we want the client to have.
         */
        host = "{{atheme_server_host}}";

        /* (*)real
         * The GECOS of the client.
         */
        real = "Channel Fixing Service";

        /* (*)autofix
         * Automatically fix channels if they become opless and meet fixing
         * criteria.
         */
        autofix;
};

/* Global noticing configuration.
 *
 * The global {} block contains settings specific to the Global notice module.
 *
 * The Global notice module provides the ability to mass-notify a network.
 */
global {
        /* (*)nick
         * Sets the nick used for sending out a global notice.
         */
        nick = "Global";

        /* (*)user
         * Sets the username used for this client.
         */
        user = "Global";

        /* (*)host
         * The hostname used for this client.
         */
        host = "{{atheme_server_host}}";

        /* (*)real
         * The GECOS (real name) of the client.
         */
        real = "Network Announcements";
};

/* InfoServ configuration
 *
 * The infoserv {} block contains settings specific to the InfoServ module.
 *
 * The InfoServ modules provides the ability to mass-notify a network and send
 * news to users when they connect to the network.
 */
infoserv {
        /* (*)nick
         * Sets the nick used for InfoServ and sending out informational messages.
         */
        nick = "InfoServ";

        /* (*)user
         * Sets the username used for this client.
         */
        user = "InfoServ";

        /* (*)host
         * The hostname used for this client,
         */
        host = "{{atheme_server_host}}";

        /* (*)real
         * The GECOS (real name) of the client.
         */
        real = "Information Service";

        /* (*)logoninfo_count
         * The number of InfoServ messages a user will see upon connect.
         * If there are more than this number, the user will be able to
         * see the rest with /msg infoserv list .
         */
        logoninfo_count = 3;
};

/* OperServ configuration.
 *
 * The operserv {} block contains settings specific to the OperServ modules.
 *
 * OperServ provides essential network management tools for IRC operators
 * on the IRC network.
 */
operserv {
        /* (*)nick
         * The nickname we want the Operator Service to have.
         */
        nick = "OperServ";

        /* (*)user
         * Sets the username used for this client.
         */
        user = "OperServ";

        /* (*)host
         * The hostname used for this client.
         */
        host = "{{atheme_server_host}}";

        /* (*)real
         * The GECOS (real name) of the client.
         */
        real = "Operator Services";

        /* (*)aliases
         * Command aliases for OperServ.
         */
        aliases {
        };

        /* (*)access
         * Command access changes for OperServ.
         */
        access {
        };
};

/* SaslServ configuration.
 *
 * The saslserv {} block contains settings specific to the SaslServ modules.
 *
 * SaslServ provides an authentication agent which is compatible with the
 * SASL over IRC (SASL/IRC) protocol extension.
 */
saslserv {
        /* (*)nick
         * The nickname we want SaslServ to have.
         */
        nick = "SaslServ";

        /* (*)user
         * The username we want SaslServ to have.
         */
        user = "SaslServ";

        /* (*)host
         * The hostname we want SaslServ to have.
         */
        host = "{{atheme_server_host}}";

        /* (*)real
         * The realname (gecos) information we want SaslServ to have.
         */
        real = "SASL Authentication Agent";

        /* (*)hide_server_names
         * Hide server names in the bad_password message.
         */
        #hide_server_names;
};

/* MemoServ configuration.
 *
 * The memoserv {} block contains settings specific to the MemoServ modules.
 *
 * MemoServ provides a note-taking service that you can use to send notes
 * to offline users (provided they are registered with Services).
 */
memoserv {
        /* (*)nick
         * The nickname we want MemoServ to have.
         */
        nick = "MemoServ";

        /* (*)user
         * The username we want MemoServ to have.
         */
        user = "MemoServ";

        /* (*)host
         * The hostname we want MemoServ to have.
         */
        host = "{{atheme_server_host}}";

        /* (*)real
         * The realname (gecos) information we want MemoServ to have.
         */
        real = "Memo Services";

        /* (*)aliases
         * Command aliases for MemoServ.
         */
        aliases {
        };

        /* (*)access
         * Command access changes for MemoServ.
         */
        access {
        };

        /* (*)maxmemos
         * What is the maximum amount of memos a user can have in their inbox?
         */
        maxmemos = 30;
};

/* GameServ configuration.
 *
 * The gameserv {} block contains settings specific to the GameServ modules.
 *
 * GameServ provides various in-channel commands for games.
 */
gameserv {
        /* (*)nick
         * The nickname we want GameServ to have.
         */
        nick = "GameServ";

        /* (*)user
         * Sets the username used for this client.
         */
        user = "GameServ";

        /* (*)host
         * The hostname used for this client.
         */
        host = "{{atheme_server_host}}";

        /* (*)real
         * The GECOS (real name) of the client.
         */
        real = "Game Services";

        /* (*)aliases
         * Command aliases for GameServ.
         */
        aliases {
        };

        /* (*)access
         * Command access changes for GameServ.
         */
        access {
        };
};

/* RPGServ configuration.
 *
 * The rpgserv {} block contains settings specific to the RPGServ modules.
 *
 * RPGServ provides a facility for finding roleplaying channels.
 */
rpgserv {
        /* (*)nick
         * The nickname we want RPGServ to have.
         */
        nick = "RPGServ";

        /* (*)user
         * Sets the username used for this client.
         */
        user = "RPGServ";

        /* (*)host
         * The hostname used for this client.
         */
        host = "{{atheme_server_host}}";

        /* (*)real
         * The GECOS (real name) of the client.
         */
        real = "RPG Finding Services";

        /* (*)aliases
         * Command aliases for RPGServ.
         */
        aliases {
        };

        /* (*)access
         * Command access changes for RPGServ.
         */
        access {
        };
};

/* BotServ configuration.
 *
 * The botserv {} block contains settings specific to the BotServ modules.
 *
 * BotServ provides virtual channel bots.
 */
botserv {
        /* (*)nick
         * The nickname we want BotServ to have.
         */
        nick = "BotServ";

        /* (*)user
         * Sets the username used for this client.
         */
        user = "BotServ";

        /* (*)host
         * The hostname used for this client.
         */
        host = "{{atheme_server_host}}";

        /* (*)real
         * The GECOS (real name) of the client.
         */
        real = "Bot Services";

        /* (*)min_users
         * Minimum number of users a channel must have before a Bot is allowed
         * to be assigned to that channel.
         */
        min_users = 0;
};

/* GroupServ configuration.
 *
 * The groupserv {} block contains settings specific to the GroupServ modules.
 *
 * GroupServ provides features for managing a collection of channels at once.
 *
 */
groupserv {
        /* (*)nick
         * The nickname we want GroupServ to have.
         */
        nick = "GroupServ";

        /* (*)user
         * The username we want GroupServ to have.
         */
        user = "GroupServ";

        /* (*)host
         * The hostname we want GroupServ to have.
         */
        host = "{{atheme_server_host}}";

        /* (*)real
         * The realname (gecos) information we want GroupServ to have.
         */
        real = "Group Management Services";

        /* (*)aliases
         * Command aliases for GroupServ.
         */
        aliases {
        };

        /* (*)access
         * Command access changes for GroupServ.
         */
        access {
        };

        /* (*)maxgroups
         * Maximum number of groups one username can be founder of.
         */
        maxgroups = 5;

        /* (*)maxgroupacs
         * Maximum number of access entries you may have in a group.
         */
        maxgroupacs = 100;

        /* (*)enable_open_groups
         * Setting this option will allow any group founder to mark
         * their group as "anyone can join".
         */
        enable_open_groups;

        /* (*)join_flags
         * This is the GroupServ flagset that users who JOIN a open
         * group will get upon join. Please check the groupserv/flags
         * helpfile before changing this option. Valid flagsets (for
         * example) would be: "+v" or "+cv". It is not valid to use
         * minus flags (such as "-v") here.
         */
        join_flags = "+";
};

/* HostServ configuration.
 *
 * The hostserv {} block contains settings specific to the HostServ modules.
 *
 * HostServ provides advanced virtual host management.
 */
hostserv {
        /* (*)nick
         * The nickname we want HostServ to have.
         */
        nick = "HostServ";

        /* (*)user
         * Sets the username used for this client.
         */
        user = "HostServ";

        /* (*)host
         * The hostname used for this client.
         */
        host = "{{atheme_server_host}}";

        /* (*)real
         * The GECOS (real name) of the client.
         */
        real = "Host Management Services";

        /* reggroup
         * The group that will receive Memos about
         * vHost requests.
         */
        #reggroup = "!Services-Team";

        /* (*)request_per_nick
         * Whether the request system should work per nick or per account.
         * The recommended setting is to leave this disabled, so that
         * vhosts work as consistently as possible.
         */
        #request_per_nick;

        /* (*)aliases
         * Command aliases for HostServ.
         */
        aliases {
                "APPROVE" = "ACTIVATE";
                "DENY" = "REJECT";
        };

        /* (*)access
         * Command access changes for HostServ.
         */
        access {
        };
};

/* HelpServ configuration
 *
 * The helpserv {} block contains settings specific to the HelpServ modules.
 *
 * HelpServ adds a few different ways for users to request help from network staff.
 */
helpserv {
        /* (*)nick
         * The nickname we want HelpServ to have.
         */
        nick = "HelpServ";

        /* (*)user
         * The username we want HelpServ to have.
         */
        user = "HelpServ";

        /* (*)host
         * The hostname we want HelpServ to have.
         */
        host = "{{atheme_server_host}}";

        /* (*)real
         * The realname (gecos) information we want HelpServ to have.
         */
        real = "Help Services";
};

/* StatServ configuration
 *
 * The statserv {} block contains settings specific to the StatServ modules.
 *
 * StatServ adds basic stats and split tracking.
 */
statserv {
        /* (*)nick
         * The nickname we want StatServ to have.
         */
        nick = "StatServ";

        /* (*)user
         * The username we want StatServ to have.
         */
        user = "StatServ";

        /* (*)host
         * The hostname we want StatServ to have.
         */
        host = "{{atheme_server_host}}";

        /* (*)real
         * The realname (gecos) information we want StatServ to have.
         */
        real = "Statistics Services";
};

/* ALIS configuration.
 *
 * The alis {} block contains settings specific to the ALIS modules.
 */
alis {
        /* (*)nick
         * The nickname we want ALIS to have.
         */
        nick = "ALIS";

        /* (*)user
         * The username we want ALIS to have.
         */
        user = "alis";

        /* (*)host
         * The hostname we want ALIS to have.
         */
        host = "{{atheme_server_host}}";

        /* (*)real
         * The realname (gecos) information we want ALIS to have.
         */
        real = "Channel Directory";

        /* (*)maxmatches
         * The default maximum number of channels returned in a query.
         * Privilege (chan:auspex) is required to ask for more.
         * Minimum 8, default 64, maximum 128.
         */
        #maxmatches = 64;
};

/* HTTP server configuration.
 *
 * The httpd {} block contains settings specific to the HTTP server module.
 *
 * The HTTP server in Services is used for serving XMLRPC requests. It can
 * also serve static documents and statistics pages.
 */
httpd {
        /* host
         * The host that the HTTP server will listen on.
         * Use 0.0.0.0 if you want to listen on all available hosts.
         */
        host = "0.0.0.0";

        /* host (ipv6)
         * If you want, you can have Atheme listen on an IPv6 host too.
         * Use :: if you want to listen on all available IPv6 hosts.
         */
        #host = "::";

        /* www_root
         * The directory that contains the files that should be served by the httpd.
         */
        www_root = "/var/www";

        /* port
         * The port that the HTTP server will listen on.
         */
        port = 8080;
};

/* LDAP configuration.
 *
 * The ldap {} block contains settings specific to the LDAP authentication
 * module.
 */
ldap {
        /* (*)url
         * LDAP URL of the server to use.
         */
        url = "ldap://127.0.0.1";

        /* (*)dnformat
         * Format string to convert an account name to an LDAP DN.
         * Must contain exactly one %s which will be replaced by the account
         * name.
         * Services will attempt a simple bind with this DN and the given
         * password; if this is successful the password is considered correct.
         */
        dnformat = "cn=%s,dc=jillestest,dc=com";
};

/******************************************************************************
 * LOGGING SECTION.                                                           *
 ******************************************************************************/

/*
 * logfile{} blocks can be used to set up log files other than the master
 * logfile used by services, which is controlled by serverinfo::loglevel.
 *
 * The various logging categories are:
 *      debug, all      - meta-keyword for all possible categories
 *      trace           - meta-keyword for a little bit of info
 *      misc            - like trace, but with some more miscillaneous info
 *      notice          - meta-keyword for notice-like information
 * ------------------------------------------------------------------------------
 *      error           - critical errors
 *      info            - miscillaneous log notices
 *      verbose         - A bit more verbose than info, not quite as spammy as debug
 *      commands        - all command use
 *      admin           - administrative command use
 *      register        - account and channel registrations
 *      set             - changes of account or channel settings
 *      request         - user requests (currently only vhosts)
 *      network         - log notices related to network status
 *      rawdata         - log raw data sent and received by services
 *      wallops         - <not yet used>
 *      denycmd         - security model denials (commands, permissions)
 */

/*
 * This block logs all account and channel registrations and drops,
 * and account and channel setting changes to var/account.log.
 */
logfile "var/account.log" { register; set; };

/*
 * This block logs all command use to var/commands.log.
 */
logfile "var/commands.log" { commands; };

/*
 * This block logs all security auditing information.
 */
logfile "var/audit.log" { denycmd; };

/*
 * You can log to IRC channels, and even split it by category, too.
 * This entry provides roughly the same functionality as the old snoop
 * feature.
 */
logfile "#services" { error; info; admin; request; register; denycmd; };

/*
 * This block logs to server notices.
 */
logfile "!snotices" { error; info; request; denycmd; };

/******************************************************************************
 * GENERAL PARAMETERS CONFIGURATION SECTION.                                  *
 ******************************************************************************/

/* The general {} block defines general configuration options. */
general {
        /* (*)permissive_mode
         * Whether or not security denials should be soft denials instead of
         * hard denials.  If security denials are soft denials, then they will
         * only be logged to the denial log.
         */
        #permissive_mode;

        /* (*)helpchan
         * Network help channel. Shown to users when they request
         * help for a command that doesn't exist.
         */
        #helpchan = "#help";

        /* (*)helpurl
         * Network webpage for services help. Shown to users when they
         * request help for a command that doesn't exist.
         */
        #helpurl = "http://www.stack.nl/~jilles/irc/atheme-help/";

        /* (*)silent
         * If you want to prevent services from sending
         * WALLOPS/GLOBOPS about things uncomment this.
         * Not recommended.
         */
        #silent;

        /* (*)verbose_wallops
         * If you want services to send you more information about
         * events that are occuring (in particular AKILLs), uncomment the
         * directive below.
         *
         * WARNING! This may result in large amounts of wallops/globops
         * floods.
         */
        #verbose_wallops;

        /* (*)join_chans
         * Should ChanServ be allowed to join registered channels?
         * This option is useful for the fantasy command set.
         *
         * If enabled, you can tell ChanServ to join via SET GUARD ON.
         *
         * If you use ircu-like ircd (asuka), you must
         * leave this enabled, and put guard in default cflags.
         *
         * For ratbox it is recommended to leave it on and put guard in
         * default cflags, in order that ChanServ does not have to join/part
         * to do certain things. On the other hand, enabling this increases
         * potential for bots fighting with ChanServ.
         *
         * Regardless of this option, ChanServ will temporarily join
         * channels which would otherwise be empty if necessary to enforce
         * akick/restricted/close, and to change the TS if changets is
         * enabled.
         */
        join_chans;

        /* (*)leave_chans
         * Do we leave registered channels after everyone else has left?
         * Turning this off serves little purpose, except to mark "official"
         * network channels by keeping them open, and to preserve the
         * topic and +beI lists.
         */
        leave_chans;

        /* secure
         * Do you want to require the use of /msg <service>@<services host>?
         * Turning this on helps protect against spoofers, but is disabled
         * as most networks do not presently use it.
         */
        #secure;

        /* (*)uflags
         * The default flags to set for usernames upon registration.
         * Valid values are: hold, neverop, noop, hidemail, nomemo, emailmemos,
         * enforce, privmsg, private, quietchg and none.
         */
        uflags = { hidemail; };

        /* (*)cflags
         * The default flags to set for channels upon registration.
         * Valid values are: hold, secure, verbose, verbose_ops, keeptopic,
         * topiclock, guard, private, nosync, limitflags, pubacl and none.
         */
        cflags = { verbose; guard; };

        /* (*)raw
         * Do you want to allow SRAs to use the RAW and INJECT commands?
         * These commands are for debugging. If you don't know how to use them
         * then don't enable them. They are not supported.
         */
        #raw;

        /* (*)flood_msgs
         * Do you want services to detect floods?
         * Set to how many messages before a flood is triggered.
         * Note that some messages that need a lot of processing count
         * as two or four messages.
         * If services receives `flood_msgs' within `flood_time' the user will
         * trigger the flood protection.
         * Setting this to zero disables flood protection.
         */
        flood_msgs = 7;

        /* (*)flood_time
         * Do you want services to detect floods?
         * Set to how long before the counter resets.
         * If services receives `flood_msgs' within `flood_time' the user will
         * trigger the flood protection.
         */
        flood_time = 10;

        /* (*)ratelimit_uses
         * After how many uses of a command will users be throttled.
         * After `ratelimit_uses' of a command within `ratelimit_period', users
         * will not be able to run that ratelimited command until the period is up.
         * Comment this, ratelimit_period below or both options out to disable rate limiting.
         * Currently used in helpserv/helpme, helpserv/ticket, hostserv/request,
         * nickserv/register and chanserv/register.
         */
        ratelimit_uses = 5;

        /* (*)ratelimit_period
         * After how much time (in seconds) will the ratelimit_uses counter reset.
         * After `ratelimit_uses' of a command within `ratelimit_period', users
         * will not be able to run that ratelimited command until the period is up.
         * Comment this, ratelimit_uses above or both options out to disable rate limiting.
         * Currently used in helpserv/helpme, helpserv/ticket, hostserv/request,
         * nickserv/register and chanserv/register.
         */
        ratelimit_period = 60;

        /* (*)vhost_change
         * The default number of days between vHost changes once a user has used HostServ
         * TAKE or REQUEST.  (Helps to deter rabid host-swappers and ban evaders.)
         */
        #vhost_change = 30;

        /* (*)kline_time
         * The default expire time for KLINE's in days.
         * Setting this to 0 makes all KLINE's permanent.
         */
        kline_time = 7;

        /* (*)kline_with_ident
         * KLINE user@host instead of *@host.
         * Applies to all automatic KLINE's set by services.
         */
        #kline_with_ident;

        /* (*)kline_verified_ident
         * KLINE *@host if the first character of the ident is ~,
         * irrespective of the value of kline_with_ident.
         */
        #kline_verified_ident;

        /* (*)clone_time
         * This is the default expiry time for CLONE exemptions in minutes.
         * Setting this to 0 makes all CLONE exemptions permanent.
         */
        clone_time = 0;

        /* commit_interval
         * The time between database writes in minutes.
         */
        commit_interval = 5;

        /* (*)operstring
         * The string returned in WHOIS (against services) for IRC operators.
         */
        #operstring = "is an IRC Operator";

        /* (*)servicestring
         * The string returned in WHOIS (against services) for services.
         */
        #servicestring = "is a Network Service";

        /* (*)default_clone_allowed
         * The limit after which clones will be KILLed or TKLINEd.
         * Used by operserv/clones.
         */
        default_clone_allowed = 5;

        /* (*)default_clone_warn
         * The limit after which clones will be warned that they may not
         * have any more concurrent connections. Should be lower than
         * default_clone_allowed . Used by operserv/clones.
         */
        default_clone_warn = 4;

        /* (*)clone_identified_increase_limit
         * If this option is enabled, the clone limit for a IP/host will
         * be increased by 1 per clone that's identified to services.
         * This has a limit of double the clone limits above.
         */
        clone_identified_increase_limit;

        /* (*)uplink_sendq_limit
         * The maximum amount of data that may be queued to be sent
         * to the uplink, in bytes. This should be enough to contain
         * Atheme's response to the netburst, but smaller than the
         * IRCd's sendq limit for servers.
         */
        uplink_sendq_limit = 1048576;

        /* (*)language
         * Language to use for channel and oper messages and as default
         * for users.
         */
        language = "en";

        /* exempts
         * This block contains a list of user@host masks. Users matching any
         * of these will not be automatically K:lined by services.
         */
        exempts {
        };

        /* allow_taint
         * By enabling this option, Atheme will run in configurations where
         * the upstream will not provide support.  By enabling this feature,
         * you void any perceived rights to support.
         */
        #allow_taint;

        /* (*)immune_level
         * This option allows you to customize the operlevel which gets kick
         * immunity privileges.
         *
         * The following flags are available:
         *    immune - require whatever ircd usermode is needed for kick
         *             immunity (this is the default);
         *    admin  - require admin privileges for kick immunity
         *    ircop  - require any ircop privileges for kick immunity (umode +o)
         */
        immune_level = immune;

        /* show_entity_id
         * This makes nick/user & group entity IDs visible to everyone, rather
         * than just opers with user:auspex or group:auspex privileges.
         */
        show_entity_id;

        /* load_database_mdeps
         *
         * For module dependencies listed in the services database (if any),
         * whether to load those modules on startup (if they are not already
         * loaded) or abort startup with a more helpful error message than
         * e.g. "db services.db:123: unknown directive 'BE'" --> "corestorage:
         * exiting to avoid data loss".
         *
         * Comment this out to abort startup instead of silently loading the
         * modules you need to process the database successfully. The abort
         * reason will tell you what module the database requires so that you
         * can fix your configuration file.
         */
        load_database_mdeps;
};

proxyscan {
        /* Here you can configure the details of your Proxyscan (DNS Blacklist)
         * scanner service.
         */

        nick = "Proxyscan";
        user = "dnsbl";
        host = "{{atheme_server_host}}";
        real = "Proxyscan Service";

        blacklists {
         "dnsbl.dronebl.org";
         "rbl.efnetrbl.org";
         "tor.efnet.org";
        };

        /* Available dnsbl_action's:
         * NONE - Do nothing
         * NOTIFY - Notify user that they are listed in a DNSBL and which one
         * SNOOP - Report the user to the logchannel or services channel
         * KLINE - AKILL the user from the network (default AKILL is 24 hours)
         */

        dnsbl_action = kline;
};

/******************************************************************************
 * OPERATOR AND PRIVILEGES CONFIGURATION SECTION.                             *
 ******************************************************************************/

/* Operator configuration
 * See the PRIVILEGES document for more information.
 * NOTE: All changes apply immediately upon rehash. You may need
 * to send a signal (killall -HUP atheme-services) to regain control.
 */
/* (*) Operclasses specify groups of services operator privileges */
/* The "user" operclass specifies privileges all users get.
 * This may be empty (default) in which case users get no special privileges.
 * If you use the security/cmdperm module, you will need to grant command: privileges
 * to every command that you want users to be able to use.
 */
operclass "user" { };

/* The "ircop" operclass specifies privileges all IRCops get.
 * This may be empty in which case IRCops get no privs.
 * At least chan:cmodes, chan:joinstaffonly and general:auspex are suggested.
 */
operclass "ircop" {
        privs {
                special:ircop;
        };

        privs {
                user:auspex;
                user:admin;
                user:sendpass;
                user:vhost;
                user:mark;
        };

        privs {
                chan:auspex;
                chan:admin;
                chan:cmodes;
                chan:joinstaffonly;
        };

        privs {
                general:auspex;
                general:helper;
                general:viewprivs;
                general:flood;
        };

        privs {
                operserv:omode;
                operserv:akill;
                operserv:jupe;
                operserv:global;
        };

        privs {
                group:auspex;
                group:admin;
        };
};

operclass "sra" {
        /* You can inherit privileges from a lower operclass. */
        extends "ircop";

        privs {
                user:hold;
                user:regnolimit;
        };

        privs {
                general:metadata;
                general:admin;
        };

        privs {
                #operserv:massakill;
                #operserv:akill-anymask;
                operserv:noop;
                operserv:grant;
        };

        /* needoper
         * Only grant privileges to IRC users in this oper class if they
         * are opered; other use of privilege (channel succession, XMLRPC,
         * etc.) is unaffected by this.
         *
         * This flag is *not* inherited by operclasses that extend this one;
         * you will have to set it explicitly for each operclass.
         */
        needoper;
};


/* (*) Operator blocks specify accounts with certain privileges
 * Oper classes must be defined before they are used in operator blocks.
 */
operator "jilles" {
        /* operclass */
        operclass = "sra";

        /* password
         *
         * Normally, the user needs to identify/log in using the account's
         * password, and may need to be an IRCop (see operclass::needoper
         * above). If you consider this not secure enough, you can
         * specify an additional password here, which the user must enter
         * using the OperServ IDENTIFY command, before the privileges can
         * be used.
         *
         * The password must be encrypted if a crypto module is in use.
         *
         * If you are using modules/crypto/crypt3-*, you can probably use
         * the "mkpasswd" program included with most Linux distributions.
         * Otherwise you can use modules/operserv/genhash to encrypt a
         * password for use here.
         */
        #password = "$1$3gJMO9by$0G60YE6GqmuHVH3AnFPor1";
};

/******************************************************************************
 * INCLUDE CONFIGURATION SECTION.                                             *
 ******************************************************************************/

/* You may also specify other files for inclusion.
 * For example:
 *
 * include "etc/sras.conf";
 */