Got ngircd + atheme services roles working.
/* This is an example configuration for Services.
*
* All statements end in semi-colons (';').
* Shell style, C style, and C++ style comments may be used.
*
* Items marked with "(*)" are reconfigurable at runtime via REHASH.
*/
/******************************************************************************
* MODULES SECTION. *
******************************************************************************/
/*
* These are the modules included with the core distribution of Services.
*
* You may be interested in the atheme community modules distribution as
* well, which adds additional features that may or may not be compatible
* with the project paradigms intended for maintainance of the core of
* atheme-services.
*
* Visit the atheme-services website for more information and to download them.
*
* Modules marked [experimental] will taint your atheme-services instance. Do
* not file any bug reports with us about using Services with those modules;
* they will be ignored.
*/
/* Dynamic security modules.
*
* WARNING: If you select one of these modules, the default security policy included
* with Atheme may break. These modules are intended for people who know what they
* are doing and understand the implications of what they do. Security modules which
* are likely to break the default policy are prefixed with [!], if you are new to
* Atheme, you should avoid enabling them.
*
* If you find your security policy is broken, you may debug it while allowing normal
* operation of your IRC network by putting Atheme into "permissive mode". To do this,
* enable general::permissive_mode.
*
* [!] Infer "command:" namespace permissions modules/security/cmdperm
*/
#loadmodule "modules/security/cmdperm";
/* Protocol module.
*
* Please select a protocol module. Different servers use different protocols.
* Below is a listing of ircd's known to work with the various protocol modules
* available.
*
* Asuka 1.2.1 or later modules/protocol/asuka
* Bahamut 2.1.x modules/protocol/bahamut
* Charybdis IRCd modules/protocol/charybdis
* ChatIRCd modules/protocol/chatircd1.1
* DreamForge 4.6.7 or later modules/protocol/dreamforge
* InspIRCd 2.0 modules/protocol/inspircd
* ircd-ratbox 2.0 and later modules/protocol/ratbox
* IRCNet ircd (ircd 2.11) modules/protocol/ircnet
* ircd-seven modules/protocol/ircd-seven
* Nefarious IRCu 0.4.0 or later modules/protocol/nefarious
* ngIRCd 19 or later [experimental] modules/protocol/ngircd
* UnrealIRCd 3.2.* modules/protocol/unreal
* UnrealIRCd 4 or later modules/protocol/unreal4
*
* If your IRCd vendor has supplied a module file, build it and load it here
* instead of one above.
*/
loadmodule "modules/protocol/ngircd";
/* Protocol mixins.
*
* These should be used if you do not have/want certain features on your
* network that your ircd normally has. If you do not know what this means,
* you do not need any of them.
*
* Disable halfops modules/protocol/mixin_nohalfops
* Disable holdnick (use enforcer clients) modules/protocol/mixin_noholdnick
* Disable "protect" mode on channels modules/protocol/mixin_noprotect
* Disable "owner" mode on channels modules/protocol/mixin_noowner
*/
#loadmodule "modules/protocol/mixin_nohalfops";
#loadmodule "modules/protocol/mixin_noholdnick";
#loadmodule "modules/protocol/mixin_noprotect";
#loadmodule "modules/protocol/mixin_noowner";
/* Database backend module.
*
* Please select a database backend module. Different backends allow for
* different ways in which the services data can be manipulated. YOU MAY
* ONLY HAVE ONE OF THESE BACKENDS LOADED.
*
* The following backends are available:
*
* Atheme 0.1 flatfile database format modules/backend/flatfile
* Open Services Exchange database format modules/backend/opensex
*
* Most networks will want opensex.
*/
loadmodule "modules/backend/opensex";
/* Password hashing modules.
*
* If you would like encryption for your services passwords, or to migrate
* from another IRC services package which used encryption for its passwords,
* please select a module here.
*
* The following encryption-capable crypto modules are available:
*
* Argon2 (Password Hashing Competition 2015) modules/crypto/argon2
* scrypt (Tarsnap Online Backup Service) modules/crypto/scrypt
* PBKDF2 (Including support for SASL SCRAM-SHA) modules/crypto/pbkdf2v2
* bcrypt (EksBlowfish; from Niels Provos etc.) modules/crypto/bcrypt
* SHA2-512 crypt(3) a la '$6$...' modules/crypto/crypt3-sha2-512
* SHA2-256 crypt(3) a la '$5$...' modules/crypto/crypt3-sha2-256
*
* If you do not load an encryption-capable crypto module, some features will
* not work correctly, and errors will be logged on e.g. user registration
* that it was not possible to encrypt their password. Support for running
* without an encryption-capable crypto module will be removed in a later
* version of this software; for now it is just *HIGHLY* discouraged.
*
* Note, that upon starting with an encryption-capable crypto module, YOUR
* UNENCRYPTED PASSWORDS ARE IMMEDIATELY AND *IRREVERSIBLY* CONVERTED. Make
* at least TWO backups of your database before experimenting with this. If
* you have several thousand accounts, this conversion may take a long time.
*
* The following modules can only be used to /verify/ existing encrypted
* passwords, for example when upgrading from an older version of this
* software, or migrating from something else:
*
* PBKDF2 v1 (Atheme <= 7.2 compatibility) modules/crypto/pbkdf2
* Raw SHA2-512 modules/crypto/rawsha2-512
* Raw SHA2-256 modules/crypto/rawsha2-256
* Anope SHA2-256 (Anope 2.0 compatibility) modules/crypto/anope-enc-sha256
* Raw SHA1 (Anope ~1.8 compatibility) modules/crypto/rawsha1
* Raw MD5 (Anope ~1.8 compatibility) modules/crypto/rawmd5
* IRCServices (+ Anope) compatibility modules/crypto/ircservices
* MD5 crypt(3) (Atheme Linux compatibility) modules/crypto/crypt3-md5
* DES crypt(3) (Atheme OS X compatibility) modules/crypto/crypt3-des
* Base64 (Anope ~1.8 compatibility) modules/crypto/base64
*
* To transition between crypto schemes, load the preferred scheme first,
* and as users login or set new passwords, they will be migrated to the new
* preferred scheme. Like so:
*
* loadmodule "modules/crypto/argon2";
* loadmodule "modules/crypto/scrypt";
* loadmodule "modules/crypto/pbkdf2v2";
* loadmodule "modules/crypto/pbkdf2";
* loadmodule "modules/crypto/crypt3-md5";
*
* The Argon2 module requires the argon2 reference library (./configure
* --with-argon2) and is *NOT* available in Atheme v7.2 or earlier. If you
* wish to use this module while retaining the possibility to downgrade to
* v7.2, please see the crypto {} documentation below.
*
* The Scrypt module requires libsodium (./configure --with-libsodium) and is
* *NOT* available in Atheme v7.2 or earlier. This module may also require a
* 64-bit Operating System to function correctly.
*
* The PBKDF2v2 module has no dependencies and is recommended. If you were
* previously using the PBKDF2 v1 module on v7.2, you must still keep it in
* the configuration here; the PBKDF2 v2 module cannot verify its password
* hashes. However, you should also load PBKDF2 v2 (if you don't decide to use
* anything else), because the PBKDF2 v1 module is now verify-only.
*
* The bcrypt module will truncate passwords greater than 72 characters. It is
* also capable of verifying the older $2a$ digests that contain an integer
* wrap-around bug, as used on e.g. Anope. It is not capable of verifying the
* PHP-bcrypt $2x$ and $2y$ digests; but $2y$ can simply be changed to $2b$.
* All successfully-verified passwords not using $2b$ will be converted to it.
* This is an encryption-capable module, but its use is discouraged unless you
* need to use it for interoperability with some other piece of software.
*
* The crypt3-* modules depend on your platform crypt(3) supporting the
* respective algorithms. This is not guaranteed to be the case. If you used
* modules/crypto/posix on Linux, you need crypt3-md5. If you used
* modules/crypto/posix on OS X, you need crypt3-des. These modules issue
* informational messages when loaded to the effect that they might break in
* the future. They also run selftests on load to verify that they will work.
*
* All available modules are listed below, in the preferred load order. The
* modules that are commented out are not available by default (please see
* the v7.3 release notes in NEWS.md) or may require a third-party library to
* use. If you know that you do not need a specific module, it is better to
* not load it, so comment it out. Do not change the order of the modules
* below unless you need to migrate from one to the other (as described
* above); in particular, putting verify-only modules above encryption-
* capable modules would be a waste of CPU time every time password
* verification for a user whose password was not encrypted by them is
* attempted.
*
* Comments that start with -- describe the ./configure option necessary to
* have this module built.
*/
#loadmodule "modules/crypto/argon2"; /* --with-argon2 */
#loadmodule "modules/crypto/scrypt"; /* --with-sodium */
loadmodule "modules/crypto/pbkdf2v2";
#loadmodule "modules/crypto/bcrypt"; /* See notes above */
loadmodule "modules/crypto/pbkdf2"; /* Verify-only, see prev. */
#loadmodule "modules/crypto/crypt3-sha2-512"; /* Needs crypt(3) support */
#loadmodule "modules/crypto/crypt3-sha2-256"; /* Needs crypt(3) support */
#loadmodule "modules/crypto/crypt3-md5"; /* --enable-legacy-pwcrypto */
#loadmodule "modules/crypto/rawsha2-512"; /* --enable-legacy-pwcrypto */
#loadmodule "modules/crypto/rawsha2-256"; /* --enable-legacy-pwcrypto */
#loadmodule "modules/crypto/anope-enc-sha256"; /* --enable-legacy-pwcrypto */
#loadmodule "modules/crypto/rawsha1"; /* --enable-legacy-pwcrypto */
#loadmodule "modules/crypto/rawmd5"; /* --enable-legacy-pwcrypto */
#loadmodule "modules/crypto/ircservices"; /* --enable-legacy-pwcrypto */
#loadmodule "modules/crypto/crypt3-des"; /* --enable-legacy-pwcrypto */
#loadmodule "modules/crypto/base64"; /* --enable-legacy-pwcrypto */
/* Authentication module.
*
* These allow using passwords from an external system. The password given
* when registering a new account is also checked against the external
* system.
*
* The following authentication modules are available:
*
* LDAP modules/auth/ldap
*
* The LDAP module requires OpenLDAP client libraries. It uses them in a
* synchronous manner, which means that an unresponsive LDAP server can
* freeze services.
*/
#loadmodule "modules/auth/ldap";
/* NickServ modules.
*
* Here you can disable or enable certain features of NickServ, by
* defining which modules are loaded. You can even disable NickServ
* entirely. Please note however, that an authentication service
* (either NickServ, or UserServ) is required for proper functionality.
*
* Core components modules/nickserv/main
* Nickname access lists modules/nickserv/access
* Bad email address blocking modules/nickserv/badmail
* CertFP fingerprint managment modules/nickserv/cert
* DROP command modules/nickserv/drop
* Nickname enforcement modules/nickserv/enforce
* GHOST command modules/nickserv/ghost
* GROUP and UNGROUP commands modules/nickserv/group
* HELP command modules/nickserv/help
* Nickname expiry override (HOLD command) modules/nickserv/hold
* IDENTIFY command modules/nickserv/identify
* INFO command modules/nickserv/info
* Last quit message in INFO modules/nickserv/info_lastquit
* LIST command modules/nickserv/list
* LISTLOGINS command modules/nickserv/listlogins
* LISTMAIL command modules/nickserv/listmail
* LISTOWNMAIL command modules/nickserv/listownmail
* LOGIN command (for no_nick_ownership) modules/nickserv/login
* LOGOUT command modules/nickserv/logout
* MARK command modules/nickserv/mark
* Password quality validation modules/nickserv/pwquality
* FREEZE command modules/nickserv/freeze
* LISTCHANS command modules/nickserv/listchans
* LISTGROUPS command modules/nickserv/listgroups
* REGISTER command modules/nickserv/register
* Bypass registration limits (REGNOLIMIT) modules/nickserv/regnolimit
* Password reset (RESETPASS command) modules/nickserv/resetpass
* RESTRICT command modules/nickserv/restrict
* Password return (RETURN command) modules/nickserv/return
* Password retrieval (SENDPASS command) modules/nickserv/sendpass
* Password retrieval allowed to normal users modules/nickserv/sendpass_user
* Change primary nickname (SET ACCOUNTNAME) modules/nickserv/set_accountname
* SET EMAIL command modules/nickserv/set_email
* SET EMAILMEMOS command modules/nickserv/set_emailmemos
* SET ENFORCETIME command modules/nickserv/set_enforcetime
* SET HIDEMAIL command modules/nickserv/set_hidemail
* SET LANGUAGE command modules/nickserv/set_language
* SET NEVERGROUP command modules/nickserv/set_nevergroup
* SET NEVEROP command modules/nickserv/set_neverop
* SET NOGREET command modules/nickserv/set_nogreet
* SET NOMEMO command modules/nickserv/set_nomemo
* SET NOOP command modules/nickserv/set_noop
* SET NOPASSWORD command modules/nickserv/set_nopassword
* SET PASSWORD command modules/nickserv/set_password
* PRIVMSG instead of NOTICE (SET PRIVMSG cmd) modules/nickserv/set_privmsg
* Account info hiding (SET PRIVATE command) modules/nickserv/set_private
* SET PROPERTY command modules/nickserv/set_property
* SET PUBKEY command modules/nickserv/set_pubkey
* SET QUIETCHG command modules/nickserv/set_quietchg
* Password retrieval uses code (SETPASS cmd) modules/nickserv/setpass
* STATUS command modules/nickserv/status
* Nickname metadata viewer (TAXONOMY command) modules/nickserv/taxonomy
* VACATION command modules/nickserv/vacation
* VERIFY command modules/nickserv/verify
* VHOST command modules/nickserv/vhost
* Delay services account registrations modules/nickserv/waitreg
*/
loadmodule "modules/nickserv/main";
#loadmodule "modules/nickserv/access";
loadmodule "modules/nickserv/badmail";
#loadmodule "modules/nickserv/cert";
loadmodule "modules/nickserv/drop";
#loadmodule "modules/nickserv/enforce";
loadmodule "modules/nickserv/ghost";
loadmodule "modules/nickserv/group";
loadmodule "modules/nickserv/help";
loadmodule "modules/nickserv/hold";
loadmodule "modules/nickserv/identify";
loadmodule "modules/nickserv/info";
#loadmodule "modules/nickserv/info_lastquit";
loadmodule "modules/nickserv/list";
#loadmodule "modules/nickserv/listlogins";
loadmodule "modules/nickserv/listmail";
#loadmodule "modules/nickserv/listownmail";
#loadmodule "modules/nickserv/login";
loadmodule "modules/nickserv/logout";
loadmodule "modules/nickserv/mark";
#loadmodule "modules/nickserv/pwquality";
loadmodule "modules/nickserv/freeze";
loadmodule "modules/nickserv/listchans";
loadmodule "modules/nickserv/listgroups";
loadmodule "modules/nickserv/register";
loadmodule "modules/nickserv/regnolimit";
loadmodule "modules/nickserv/resetpass";
loadmodule "modules/nickserv/restrict";
loadmodule "modules/nickserv/return";
loadmodule "modules/nickserv/setpass";
#loadmodule "modules/nickserv/sendpass";
loadmodule "modules/nickserv/sendpass_user";
loadmodule "modules/nickserv/set_accountname";
loadmodule "modules/nickserv/set_email";
loadmodule "modules/nickserv/set_emailmemos";
#loadmodule "modules/nickserv/set_enforcetime";
loadmodule "modules/nickserv/set_hidemail";
loadmodule "modules/nickserv/set_language";
loadmodule "modules/nickserv/set_nevergroup";
loadmodule "modules/nickserv/set_neverop";
loadmodule "modules/nickserv/set_nogreet";
loadmodule "modules/nickserv/set_nomemo";
loadmodule "modules/nickserv/set_noop";
#loadmodule "modules/nickserv/set_nopassword";
loadmodule "modules/nickserv/set_password";
#loadmodule "modules/nickserv/set_privmsg";
#loadmodule "modules/nickserv/set_private";
loadmodule "modules/nickserv/set_property";
loadmodule "modules/nickserv/set_pubkey";
loadmodule "modules/nickserv/set_quietchg";
loadmodule "modules/nickserv/status";
loadmodule "modules/nickserv/taxonomy";
loadmodule "modules/nickserv/vacation";
loadmodule "modules/nickserv/verify";
loadmodule "modules/nickserv/vhost";
#loadmodule "modules/nickserv/waitreg";
/* ChanServ modules.
*
* Here you can disable or enable certain features of ChanServ, by
* defining which modules are loaded. You can even disable ChanServ
* entirely. Please note that ChanServ requires an authentication
* service, either NickServ or UserServ will do.
*
* Core components modules/chanserv/main
* ACCESS command (simplified ACL editing) modules/chanserv/access
* AKICK command modules/chanserv/akick
* BAN/UNBAN commands modules/chanserv/ban
* UNBAN self only (load ban or this not both) modules/chanserv/unban_self
* BANSEARCH command modules/chanserv/bansearch
* CLOSE command modules/chanserv/close
* CLONE command modules/chanserv/clone
* CLEAR command modules/chanserv/clear
* CLEAR AKICKS command modules/chanserv/clear_akicks
* CLEAR BANS command modules/chanserv/clear_bans
* CLEAR FLAGS command modules/chanserv/clear_flags
* CLEAR USERS command modules/chanserv/clear_users
* COUNT command modules/chanserv/count
* DROP command modules/chanserv/drop
* Forced flags changes modules/chanserv/fflags
* FLAGS command modules/chanserv/flags
* Forced foundership transfers modules/chanserv/ftransfer
* GETKEY command modules/chanserv/getkey
* HALFOP/DEHALFOP commands modules/chanserv/halfop
* HELP command modules/chanserv/help
* Channel expiry override (HOLD command) modules/chanserv/hold
* INFO command modules/chanserv/info
* INVITE command modules/chanserv/invite
* KICK/KICKBAN commands modules/chanserv/kick
* LIST command modules/chanserv/list
* MARK command modules/chanserv/mark
* Moderated channel registrations modules/chanserv/moderate
* OP/DEOP commands modules/chanserv/op
* OWNER/DEOWNER commands modules/chanserv/owner
* PROTECT/DEPROTECT commands modules/chanserv/protect
* QUIET command (+q support) modules/chanserv/quiet
* Channel takeover recovery (RECOVER command) modules/chanserv/recover
* REGISTER command modules/chanserv/register
* SET EMAIL command modules/chanserv/set_email
* SET ENTRYMSG command modules/chanserv/set_entrymsg
* SET FANTASY command modules/chanserv/set_fantasy
* SET GAMESERV command modules/chanserv/set_gameserv
* SET GUARD command modules/chanserv/set_guard
* SET KEEPTOPIC command modules/chanserv/set_keeptopic
* SET LIMITFLAGS command modules/chanserv/set_limitflags
* SET MLOCK command modules/chanserv/set_mlock
* SET PREFIX command modules/chanserv/set_prefix
* Channel info hiding (SET PRIVATE command) modules/chanserv/set_private
* SET PROPERTY command modules/chanserv/set_property
* SET PUBACL command modules/chanserv/set_pubacl
* SET RESTRICTED command modules/chanserv/set_restricted
* SET SECURE command modules/chanserv/set_secure
* SET TOPICLOCK command modules/chanserv/set_topiclock
* SET URL command modules/chanserv/set_url
* SET VERBOSE command modules/chanserv/set_verbose
* STATUS command modules/chanserv/status
* SYNC command (and automatic ACL syncing) modules/chanserv/sync
* Named Successor ACL flag modules/chanserv/successor_acl
* Channel metadata viewer (TAXONOMY command) modules/chanserv/taxonomy
* TEMPLATE command modules/chanserv/template
* TOPIC/TOPICAPPEND commands modules/chanserv/topic
* VOICE/DEVOICE commands modules/chanserv/voice
* WHY command modules/chanserv/why
* VOP/HOP/AOP/SOP commands modules/chanserv/xop
* This module provides emulation of the ircservices XOP scheme ONLY.
* Do not report discrepencies when using native commands to edit channel
* ACLs. This is intentional.
* Flood protection modules/chanserv/antiflood
* This module should be loaded after at least chanserv/quiet if you want
* the autoquiet feature to work.
*/
loadmodule "modules/chanserv/main";
loadmodule "modules/chanserv/access";
loadmodule "modules/chanserv/akick";
loadmodule "modules/chanserv/ban";
#loadmodule "modules/chanserv/unban_self";
loadmodule "modules/chanserv/bansearch";
loadmodule "modules/chanserv/clone";
loadmodule "modules/chanserv/close";
loadmodule "modules/chanserv/clear";
loadmodule "modules/chanserv/clear_akicks";
loadmodule "modules/chanserv/clear_bans";
loadmodule "modules/chanserv/clear_flags";
loadmodule "modules/chanserv/clear_users";
loadmodule "modules/chanserv/count";
loadmodule "modules/chanserv/drop";
#loadmodule "modules/chanserv/fflags";
loadmodule "modules/chanserv/flags";
loadmodule "modules/chanserv/ftransfer";
loadmodule "modules/chanserv/getkey";
#loadmodule "modules/chanserv/halfop";
loadmodule "modules/chanserv/help";
loadmodule "modules/chanserv/hold";
loadmodule "modules/chanserv/info";
loadmodule "modules/chanserv/invite";
loadmodule "modules/chanserv/kick";
loadmodule "modules/chanserv/list";
loadmodule "modules/chanserv/mark";
#loadmodule "modules/chanserv/moderate";
loadmodule "modules/chanserv/op";
#loadmodule "modules/chanserv/owner";
#loadmodule "modules/chanserv/protect";
#loadmodule "modules/chanserv/quiet";
loadmodule "modules/chanserv/recover";
loadmodule "modules/chanserv/register";
loadmodule "modules/chanserv/set_email";
loadmodule "modules/chanserv/set_entrymsg";
loadmodule "modules/chanserv/set_fantasy";
#loadmodule "modules/chanserv/set_gameserv";
loadmodule "modules/chanserv/set_guard";
loadmodule "modules/chanserv/set_keeptopic";
#loadmodule "modules/chanserv/set_limitflags";
loadmodule "modules/chanserv/set_mlock";
loadmodule "modules/chanserv/set_prefix";
#loadmodule "modules/chanserv/set_private";
loadmodule "modules/chanserv/set_property";
#loadmodule "modules/chanserv/set_pubacl";
loadmodule "modules/chanserv/set_restricted";
loadmodule "modules/chanserv/set_secure";
loadmodule "modules/chanserv/set_topiclock";
loadmodule "modules/chanserv/set_url";
loadmodule "modules/chanserv/set_verbose";
loadmodule "modules/chanserv/status";
loadmodule "modules/chanserv/sync";
#loadmodule "modules/chanserv/successor_acl";
loadmodule "modules/chanserv/taxonomy";
loadmodule "modules/chanserv/template";
loadmodule "modules/chanserv/topic";
loadmodule "modules/chanserv/voice";
loadmodule "modules/chanserv/why";
#loadmodule "modules/chanserv/xop";
loadmodule "modules/chanserv/antiflood";
/* CHANFIX module.
*
* Here you can disable or enable certain features of CHANFIX, by
* defining which modules are loaded.
*
* Core components modules/chanfix/main
*/
#loadmodule "modules/chanfix/main";
/* OperServ modules.
*
* Here you can disable or enable certain features of OperServ, by
* defining which modules are loaded.
*
* Core components modules/operserv/main
* AKILL system modules/operserv/akill
* CLEARCHAN command modules/operserv/clearchan
* CLONES system modules/operserv/clones
* COMPARE command modules/operserv/compare
* GENHASH command modules/operserv/genhash
* GREPLOG command modules/operserv/greplog
* HELP command modules/operserv/help
* IGNORE system modules/operserv/ignore
* IDENTIFY command modules/operserv/identify
* INFO command modules/operserv/info
* INJECT command modules/operserv/inject
* JUPE command modules/operserv/jupe
* MODE command modules/operserv/mode
* MODINSPECT command modules/operserv/modinspect
* MODLIST command modules/operserv/modlist
* MODLOAD command modules/operserv/modload
* MODRELOAD command modules/operserv/modreload
* MODUNLOAD command modules/operserv/modunload
* NOOP system modules/operserv/noop
* Regex mass akill (RAKILL command) modules/operserv/rakill
* RAW command modules/operserv/raw
* READONLY command modules/operserv/readonly
* REHASH command modules/operserv/rehash
* RESTART command modules/operserv/restart
* Display regex matching (RMATCH command) modules/operserv/rmatch
* Most common realnames (RNC command) modules/operserv/rnc
* RWATCH system modules/operserv/rwatch
*
* Note that ALL of these SET commands only apply until the next rehash!
*
* ALL of the below SET commands (deprecated) modules/operserv/set
* SET AKICKTIME subcommand (temporarily) modules/operserv/set_akicktime
* SET CHANEXPIRE subcommand (temporarily) modules/operserv/set_chanexpire
* SET COMMITINTERVAL subcommand (temporarily) modules/operserv/set_commitinterval
* SET ENFORCEPREFIX subcommand (temporarily) modules/operserv/set_enforceprefix
* SET KLINETIME subcommand (temporarily) modules/operserv/set_klinetime
* SET MAXCHANACS subcommand (temporarily) modules/operserv/set_maxchanacs
* SET MAXCHANS subcommand (temporarily) modules/operserv/set_maxchans
* SET MAXFOUNDERS subcommand (temporarily) modules/operserv/set_maxfounders
* SET MAXLOGINS subcommand (temporarily) modules/operserv/set_maxlogins
* SET MAXNICKS subcommand (temporarily) modules/operserv/set_maxnicks
* SET MAXUSERS subcommand (temporarily) modules/operserv/set_maxusers
* SET MDLIMIT subcommand (temporarily) modules/operserv/set_mdlimit
* SET NICKEXPIRE subcommand (temporarily) modules/operserv/set_nickexpire
* SET RECONTIME subcommand (temporarily) modules/operserv/set_recontime
* SET SPAM subcommand (temporarily) modules/operserv/set_spam
*
* SGLINE system modules/operserv/sgline
* SHUTDOWN command modules/operserv/shutdown
* Non-config oper privileges (SOPER command) modules/operserv/soper
* Oper privilege display (SPECS command) modules/operserv/specs
* SQLINE system modules/operserv/sqline
* UPDATE command modules/operserv/update
* UPTIME command modules/operserv/uptime
*/
loadmodule "modules/operserv/main";
loadmodule "modules/operserv/akill";
#loadmodule "modules/operserv/clearchan";
#loadmodule "modules/operserv/clones";
loadmodule "modules/operserv/compare";
#loadmodule "modules/operserv/genhash";
#loadmodule "modules/operserv/greplog";
loadmodule "modules/operserv/help";
loadmodule "modules/operserv/identify";
loadmodule "modules/operserv/ignore";
loadmodule "modules/operserv/info";
loadmodule "modules/operserv/jupe";
loadmodule "modules/operserv/mode";
loadmodule "modules/operserv/modinspect";
loadmodule "modules/operserv/modlist";
loadmodule "modules/operserv/modload";
loadmodule "modules/operserv/modunload";
loadmodule "modules/operserv/modreload";
loadmodule "modules/operserv/noop";
#loadmodule "modules/operserv/rakill";
loadmodule "modules/operserv/readonly";
loadmodule "modules/operserv/rehash";
loadmodule "modules/operserv/restart";
loadmodule "modules/operserv/rmatch";
loadmodule "modules/operserv/rnc";
loadmodule "modules/operserv/rwatch";
loadmodule "modules/operserv/set";
loadmodule "modules/operserv/sgline";
loadmodule "modules/operserv/shutdown";
#loadmodule "modules/operserv/soper";
loadmodule "modules/operserv/specs";
#loadmodule "modules/operserv/sqline";
loadmodule "modules/operserv/update";
loadmodule "modules/operserv/uptime";
/* MemoServ modules.
*
* Here you can disable or enable certain features of MemoServ, by
* defining which modules are loaded. You can even disable MemoServ
* entirely.
*
* Core components modules/memoserv/main
* HELP command modules/memoserv/help
* SEND command modules/memoserv/send
* Channel memos (SENDOPS command) modules/memoserv/sendops
* Group memos (SENDGROUP command) modules/memoserv/sendgroup
* LIST command modules/memoserv/list
* READ command modules/memoserv/read
* FORWARD command modules/memoserv/forward
* DELETE command modules/memoserv/delete
* IGNORE command modules/memoserv/ignore
*/
loadmodule "modules/memoserv/main";
loadmodule "modules/memoserv/help";
loadmodule "modules/memoserv/send";
loadmodule "modules/memoserv/sendops";
loadmodule "modules/memoserv/sendgroup";
loadmodule "modules/memoserv/list";
loadmodule "modules/memoserv/read";
loadmodule "modules/memoserv/forward";
loadmodule "modules/memoserv/delete";
loadmodule "modules/memoserv/ignore";
/* Global module.
*
* Like the other services, the Global noticer is a module. You can
* disable or enable it to your liking below. Please note that the
* Global noticer is dependent on OperServ for full functionality.
*/
loadmodule "modules/global/main";
/* InfoServ module.
*
* Like the other services, InfoServ is a module. You can disable or
* enable it to your liking below.
*/
loadmodule "modules/infoserv/main";
/* SASL agent module.
*
* Allows clients to authenticate to services via SASL with an appropriate
* ircd. You need the core components and at least one mechanism.
*
* Core components modules/saslserv/main
* AUTHCOOKIE mechanism (for IRIS) modules/saslserv/authcookie
* ECDH-X25519-CHALLENGE mechanism modules/saslserv/ecdh-x25519-challenge
* ECDSA-NIST256P-CHALLENGE mechanism modules/saslserv/ecdsa-nist256p-challenge
* EXTERNAL mechanism (IRCv3.1+) modules/saslserv/external
* PLAIN mechanism modules/saslserv/plain
* SCRAM-SHA-* mechanisms modules/saslserv/scram
*
* ECDH-X25519-CHALLENGE support requires that Atheme be compiled against a
* cryptographic library that provides X25519 ECDH support (BoringSSL,
* LibreSSL, ARM mbedTLS, Nettle, Sodium). This will be checked while running
* ./configure.
*
* ECDSA-NIST256P-CHALLENGE support requires that Atheme be compiled against
* an OpenSSL with ECDSA support (not RHEL etc. unless you compile your own).
* This will be checked while running ./configure.
*
* You MUST read doc/SASL-SCRAM before loading modules/saslserv/scram!
*/
loadmodule "modules/saslserv/main";
loadmodule "modules/saslserv/authcookie";
#loadmodule "modules/saslserv/ecdh-x25519-challenge";
#loadmodule "modules/saslserv/ecdsa-nist256p-challenge";
#loadmodule "modules/saslserv/external";
loadmodule "modules/saslserv/plain";
#loadmodule "modules/saslserv/scram"; /* READ doc/SASL-SCRAM FIRST! */
/* GameServ modules.
*
* Here you can disable or enable certain features of GameServ, by
* defining which modules are loaded. You can even disable GameServ
* entirely.
*
* Core components modules/gameserv/main
* DICE/WOD commands modules/gameserv/dice
* EIGHTBALL command modules/gameserv/eightball
* Game-specific dice calculators modules/gameserv/gamecalc
* HELP commands modules/gameserv/help
* LOTTERY command modules/gameserv/lottery
* NAMEGEN command modules/gameserv/namegen
* RPS command modules/gameserv/rps
*/
#loadmodule "modules/gameserv/main";
#loadmodule "modules/gameserv/dice";
#loadmodule "modules/gameserv/eightball";
#loadmodule "modules/gameserv/gamecalc";
#loadmodule "modules/gameserv/help";
#loadmodule "modules/gameserv/lottery";
#loadmodule "modules/gameserv/namegen";
#loadmodule "modules/gameserv/rps";
/* RPGServ modules.
*
* Here you can disable or enable certain features of RPGServ, by
* defining which modules are loaded. You can even disable RPGServ
* entirely.
*
* Core components modules/rpgserv/main
* ENABLE/DISABLE commands modules/rpgserv/enable
* HELP command modules/rpgserv/help
* INFO command modules/rpgserv/info
* LIST command modules/rpgserv/list
* SEARCH command modules/rpgserv/search
* SET commands modules/rpgserv/set
*/
#loadmodule "modules/rpgserv/main";
#loadmodule "modules/rpgserv/enable";
#loadmodule "modules/rpgserv/help";
#loadmodule "modules/rpgserv/info";
#loadmodule "modules/rpgserv/list";
#loadmodule "modules/rpgserv/search";
#loadmodule "modules/rpgserv/set";
/* BotServ modules.
*
* Here you can disable or enable certain features of BotServ, by
* defining which modules are loaded. You can even disable BotServ
* entirely.
*
* Core components modules/botserv/main
* HELP command modules/botserv/help
* INFO command modules/botserv/info
* NPC commands (SAY, ACT) modules/botserv/bottalk
* SET FANTASY command modules/botserv/set_fantasy
* SET NOBOT command modules/botserv/set_nobot
* SET PRIVATE command modules/botserv/set_private
* SET SAYCALLER command modules/botserv/set_saycaller
*/
#loadmodule "modules/botserv/main";
#loadmodule "modules/botserv/help";
#loadmodule "modules/botserv/info";
#loadmodule "modules/botserv/bottalk";
#loadmodule "modules/botserv/set_fantasy";
#loadmodule "modules/botserv/set_nobot";
#loadmodule "modules/botserv/set_private";
#loadmodule "modules/botserv/set_saycaller";
/* HostServ modules.
*
* Here you can disable or enable certain features of HostServ, by
* defining which modules are loaded. You can even disable HostServ
* entirely.
*
* HostServ is a more complex, and optional virtual host management service.
* Users wishing only to set vhosts need not use it (they can use the builtin
* vhost management of NickServ instead).
*
* Core components modules/hostserv/main
* HELP command modules/hostserv/help
* OFFER system modules/hostserv/offer
* ON and OFF commands modules/hostserv/onoff
* REQUEST system modules/hostserv/request
* VHOST and LISTVHOST commands modules/hostserv/vhost
* VHOSTNICK command modules/hostserv/vhostnick
* GROUP command modules/hostserv/group
* DROP command modules/hostserv/drop
*/
#loadmodule "modules/hostserv/main";
#loadmodule "modules/hostserv/help";
#loadmodule "modules/hostserv/onoff";
#loadmodule "modules/hostserv/offer";
#loadmodule "modules/hostserv/request";
#loadmodule "modules/hostserv/vhost";
#loadmodule "modules/hostserv/vhostnick";
#loadmodule "modules/hostserv/group";
#loadmodule "modules/hostserv/drop";
/* HelpServ modules.
* HelpServ allows users to request help from network staff in a few different ways.
*
* Core components modules/helpserv/main
* HELPME command modules/helpserv/helpme
* Help Ticket system modules/helpserv/ticket
* Service List modules/helpserv/services
*
* The ticket system works like a bugtracker ot helpdesk ticket system, HELPME
* works like a one-time alert. You should probably only load one of the two systems.
*/
#loadmodule "modules/helpserv/main";
#loadmodule "modules/helpserv/helpme";
#loadmodule "modules/helpserv/ticket";
#loadmodule "modules/helpserv/services";
/* Channel listing service.
*
* Allows users to list channels with more flexibility than the /list
* command.
*
* Core components modules/alis/main
*/
#loadmodule "modules/alis/main";
/* StatServ module.
* StatServ provides basic statistics and split tracking.
*
* Core components modules/statserv/main
* CHANNEL command modules/statserv/channel
* NETSPLIT command modules/statserv/netsplit
* SERVER command modules/statserv/server
*/
loadmodule "modules/statserv/main";
#loadmodule "modules/statserv/channel";
loadmodule "modules/statserv/netsplit";
loadmodule "modules/statserv/server";
/* GroupServ module.
* GroupServ allows users to create groups to easily mass-manage channel
* access and more.
*
* Core components modules/groupserv/main
* ACSNOLIMIT command modules/groupserv/acsnolimit
* DROP command modules/groupserv/drop
* FFLAGS command modules/groupserv/fflags
* FLAGS command modules/groupserv/flags
* HELP command modules/groupserv/help
* INFO command modules/groupserv/info
* JOIN command modules/groupserv/join
* LIST command modules/groupserv/list
* LISTCHANS command modules/groupserv/listchans
* REGISTER command modules/groupserv/register
* REGNOLIMIT command modules/groupserv/regnolimit
* INVITE command modules/groupserv/invite
* SET command modules/groupserv/set
* SET CHANNEL command modules/groupserv/set_channel
* SET DESCRIPTION command modules/groupserv/set_description
* SET EMAIL command modules/groupserv/set_email
* SET GROUPNAME command modules/groupserv/set_groupname
* SET JOINFLAGS command modules/groupserv/set_joinflags
* SET OPEN command modules/groupserv/set_open
* SET PUBLIC command modules/groupserv/set_public
* SET URL command modules/groupserv/set_url
*
*/
loadmodule "modules/groupserv/main";
loadmodule "modules/groupserv/acsnolimit";
loadmodule "modules/groupserv/drop";
loadmodule "modules/groupserv/fflags";
loadmodule "modules/groupserv/flags";
loadmodule "modules/groupserv/help";
loadmodule "modules/groupserv/info";
loadmodule "modules/groupserv/join";
loadmodule "modules/groupserv/list";
loadmodule "modules/groupserv/listchans";
loadmodule "modules/groupserv/register";
loadmodule "modules/groupserv/regnolimit";
#loadmodule "modules/groupserv/invite";
loadmodule "modules/groupserv/set";
loadmodule "modules/groupserv/set_channel";
loadmodule "modules/groupserv/set_description";
loadmodule "modules/groupserv/set_email";
loadmodule "modules/groupserv/set_groupname";
loadmodule "modules/groupserv/set_joinflags";
loadmodule "modules/groupserv/set_open";
loadmodule "modules/groupserv/set_public";
loadmodule "modules/groupserv/set_url";
/*
* Various modules.
*
* Atheme includes an optional HTTP server that can be used for integration
* with portal software and other useful things. To enable it, load this
* module, and uncomment the httpd { } block towards the bottom of the config.
*
* HTTP Server modules/misc/httpd
*/
#loadmodule "modules/misc/httpd";
/* XMLRPC server module.
*
* The XML-RPC handler requires modules/misc/httpd to be loaded as it merely
* registers a path handler for XML-RPC. The path used for XML-RPC is /xmlrpc.
*
* XMLRPC handler for the httpd modules/transport/xmlrpc
*/
#loadmodule "modules/transport/xmlrpc";
/* Extended target entity types. [EXPERIMENTAL]
*
* Atheme can set up special target mapping entities which match multiple
* users in channel access entries. These target mapping entity types are
* defined through the 'exttarget' modules listed below.
*
* Exttarget handling core modules/exttarget/main
* $oper exttarget match type modules/exttarget/oper
* $registered exttarget match type modules/exttarget/registered
* $channel exttarget match type modules/exttarget/channel
* $chanacs exttarget match type modules/exttarget/chanacs
* $server exttarget match type modules/exttarget/server
*/
#loadmodule "modules/exttarget/main";
#loadmodule "modules/exttarget/oper";
#loadmodule "modules/exttarget/registered";
#loadmodule "modules/exttarget/channel";
#loadmodule "modules/exttarget/chanacs";
#loadmodule "modules/exttarget/server";
/* Proxyscan (DNSBL) modules.
*
* Atheme can also check set DNS Blacklists for matches and respond
* as set. Activate modules here and customize further down under Proxyscan
* section.
*/
#loadmodule "modules/proxyscan/main";
#loadmodule "modules/proxyscan/dnsbl";
/* Other modules.
*
* Put any other modules you want to load on startup here. The path
* is relative to PREFIX or PREFIX/lib/atheme, depending on how Atheme
* was compiled.
*/
#loadmodule "modules/contrib/backtrace";
/******************************************************************************
* SERVICES RUNTIME CONFIGURATION SECTION. *
******************************************************************************/
/*
* This block controls the configuration options for crypto modules.
*
* It is recommended to either leave the values at their defaults, or
* experiment with them so that it takes approximately 0.2-0.4 seconds
* for users to identify. Services blocks while the password is being
* encrypted or verified, so don't set these too large, or people can
* hang services by trying many password attempts at once.
*
* A benchmark program for the Argon2, scrypt & PBKDF2 crypto code is
* available to assist with tuning these parameters:
*
* - ./configure --prefix=foo ...
* - make
* - make install
* - ${foo}/bin/atheme-crypto-benchmark -o
*
* If you wish to deploy SASL SCRAM support, please read 'doc/SASL-SCRAM' and
* pass the '-i' flag to the included cryptographic benchmarking utility too.
*
* If you are using the PBKDF2 module, its performance will be significantly
* affected by your choice of cryptographic digest library. This software can
* currently interface with 3 libraries; in decreasing order of performance:
*
* - OpenSSL (libcrypto)
* - GnuPG (libgcrypt)
* - ARM mbedTLS (libmbedcrypto)
*
* If you have one of these libraries available at configure-time, the PBKDF2
* module will perform significantly better, allowing you to raise its
* iteration count without affecting the computation time. This is indicated
* by the output of the configure script; "Digest Frontend". The benchmark
* program will also inform you what cryptographic digest library it is using,
* if any.
*
*
*
* If you are migrating from crypto/argon2d (v7.2) to crypto/argon2, and you
* wish to use the same parameters as the older module's defaults, configure
* it like so:
*
* crypto {
* argon2_type = "argon2d";
* argon2_memcost = 14;
* argon2_timecost = 32;
* argon2_threads = 1;
* argon2_saltlen = 32;
* argon2_hashlen = 64;
* };
*
*
*
* If you are migrating from crypto/pbkdf2 (v7.2) to crypto/pbkdf2v2, and you
* wish to use the same parameters as the older module, configure it like so:
*
* crypto {
* pbkdf2v2_digest = "SHA512";
* pbkdf2v2_rounds = 128000;
* };
*
* Note that this will still result in passwords being re-encrypted with the
* newer module (as the older module successfully verifies them); another new
* PBKDF2 computation with a new salt will occur, but this is still no worse
* than an invocation of NickServ's "SET PASSWORD" command. You will still
* need to keep the old module in your loadmodule configuration above, as the
* new module cannot verify digests produced by the old one.
*
* If you wish to deploy SASL SCRAM support, please read 'doc/SASL-SCRAM'.
* Its advice regarding parameter choice takes precedence over this!
*/
crypto {
/* (*) argon2_type
*
* The algorithm type to use for new passwords.
*
* Argon2d is suitable for use on a dedicated machine that has
* limited access. It provides the most resistance to GPU and ASIC
* cracking attacks, but its operation is data-dependent; that is,
* during its operation, keying material derived from the password
* itself is indirectly affecting the execution choices made by the
* algorithm. This creates a side-channel that can leak information
* about the password to other software running on the same physical
* machine.
*
* Argon2i avoids this by being data-independent. The order of memory
* accesses, conditional execution, etc. does not depend on the
* password, or any material derived from the password, so no side-
* channel that can reveal any information about the password is
* created. However, this means that it is easier to bruteforce by a
* password cracker, which does not have to account for execution
* differences in its implementation. This is the most suitable
* choice for running on a virtual machine that is co-located with
* other, untrusted, virtual machines, or on a dedicated machine that
* runs other, untrusted, software, or has untrusted user access.
*
* Argon2id is a blend of both, limiting the exploitability of any
* side-channels while retaining excellent resistance to GPU and ASIC
* cracking. This is suitable for all but the most sensitive of
* deployments.
*
* All algorithm types perform about equally as well as each other;
* changing this will not significantly affect the computation time.
*
* The "argon2id" type requires a more recent libargon2 library. This
* is indicated in your ./configure output ("checking if libargon2
* algorithm type Argon2id appears to be usable...").
*
* Valid values are "argon2d", "argon2i", and "argon2id"
* The default is "argon2id"; unless unsupported, then "argon2d".
*/
#argon2_type = "argon2id";
/* (*) argon2_memcost
*
* Memory cost (as a power of 2, in KiB) to use for new passwords.
*
* You should set this as high as is reasonable for the machine you
* will be running this software on. If this results in too slow a
* computation time, reset the time cost below to its minimum value.
* If it is still too slow, decrement this value (halving the memory
* usage) until it is fast enough. Alternatively, if it is still too
* fast after setting this to its highest reasonable value, raise the
* time cost below until it is not. A benchmark program is available
* alongside this software to aid in this process.
*
* WARNING: Do *NOT* set this to more than 20 (1 GiB RAM) on a 32-bit
* machine or a 32-bit Operating System!
*
* Valid values are 3 (8 KiB RAM) to 30 (1 TiB RAM) (inclusive)
* The default is 16 (64 MiB RAM)
*/
#argon2_memcost = 16;
/* (*) argon2_timecost
*
* Time cost (iterations over the memory pool).
*
* Valid values are 3 to 1,048,576 (inclusive)
* The default is 3
*/
#argon2_timecost = 3;
/* (*) argon2_threads
*
* Number of processor threads to use for new passwords.
*
* If you want to increase the amount of computation effort required,
* while not increasing the real ("wall clock") time required, raise
* this setting to its maximum reasonable value for the machine you
* will be running this software on.
*
* This software is not multi-threaded, so only one password will be
* verified at a time. Therefore, you do NOT need to divide this by
* the expected maximum number of simultaneous logins.
*
* It is pointless to set this higher than the number of hardware
* processing threads you have; increase the time cost above instead
* if you want to make it arbitrarily slower. Diminishing returns are
* to be expected once you exceed the number of hardware processing
* /cores/ you have; hyperthreading does NOT provide much (if any) of
* a boost for this workload.
*
* Increasing this value will *decrease* the real time required, so
* you may have to subsequently increase the time cost above again to
* make it "just slow enough" once more. A benchmark program is
* available alongside this software to aid in this process.
*
* WARNING: The (size of the) memory pool configured above is split
* between the threads, which can result in too small a memory area
* per-thread if many threads are used. If you set this value, it is
* HIGHLY RECOMMENDED that you run the included benchmarking program
* with the same configuration options, to confirm that it works!
*
* WARNING: This feature is experimental. Some of the code in this
* software is not thread-safe, and although every effort has been
* made to ensure that this feature will not interfere with the
* operation of this software, this cannot be guaranteed.
*
* Valid values are 1 to 255 (inclusive)
* The default is 1 (do not use any computation parallelism)
*/
#argon2_threads = 1;
/* (*) argon2_saltlen
*
* Salt length (in bytes) to use for new passwords. You should only
* change this if absolutely necessary; for example, to interoperate
* with other software. Its value doesn't significantly affect the
* computation time.
*
* Valid values are 4 to 48 (inclusive)
* The default is 16
*/
#argon2_saltlen = 16;
/* (*) argon2_hashlen
*
* Digest length (in bytes) to use for new passwords. You should only
* change this if absolutely necessary; for example, to interoperate
* with other software. Its value doesn't significantly affect the
* computation time.
*
* Valid values are 16 to 128 (inclusive)
* The default is 64
*/
#argon2_hashlen = 64;
/* (*) scrypt_memlimit
*
* Memory limit (as a power of 2, in KiB) to use for new passwords.
*
* You should set this as high as is reasonable for the machine you
* will be running this software on. If this results in too slow a
* computation time, reset the opslimit below to its default value.
* If it is still too slow, decrement this value (halving the memory
* usage) until it is fast enough. Alternatively, if it is still too
* fast after setting this to its highest reasonable value, raise the
* opslimit below until it is not. A benchmark program is available
* alongside this software to aid in this process.
*
* WARNING: Do *NOT* set this to more than 20 (1 GiB RAM) on a 32-bit
* machine or a 32-bit Operating System!
*
* Valid values are 14 (16 MiB RAM) to 26 (64 GiB RAM) (inclusive)
* The default is 14 (16 MiB RAM)
*/
#scrypt_memlimit = 14;
/* (*) scrypt_opslimit
*
* Amount of computation to perform for new passwords.
*
* The default value for this option is based on the default value of
* the above option. The recommended value is (memlimit_bytes / 32).
*
* Valid values are 32,768 to 4,294,967,295 (inclusive)
* The default is 524,288
*/
#scrypt_opslimit = 524288;
/* (*) pbkdf2v2_digest
*
* Cryptographic digest algorithm to use (in HMAC mode).
*
* Valid values are "SHA1", "SHA2-256", and "SHA2-512".
* Additionally, the following aliases exist, for compatibility:
*
* "SHA-1" -> SHA1
* "SHA256" -> SHA2-256
* "SHA512" -> SHA2-512
* "SHA-256" -> SHA2-256
* "SHA-512" -> SHA2-512
*
* Finally, you can prefix this value with "SCRAM-" to enable the
* computation and storage of an RFC5802/SCRAM ServerKey & StoredKey,
* instead of a raw PBKDF2 digest (SaltedPassword). Verification of
* plaintext passwords against these digests can still be performed
* (for e.g. NickServ IDENTIFY or SASL PLAIN), by computing a new
* SCRAM ServerKey from the provided password and comparing it to the
* stored ServerKey, so setting this to a SCRAM mode does NOT prevent
* non-SCRAM logins. For these variants, please read doc/SASL-SCRAM.
*
* The default is "SHA2-512"
*/
#pbkdf2v2_digest = "SHA2-512";
/* (*) pbkdf2v2_rounds
*
* This is the PBKDF2 "iteration count". You should raise this as high
* as is reasonable for the machine you will be running services on.
* However, note that if you are going to deploy SASL SCRAM support,
* the *client*, NOT services, performs the PBKDF2 calculation during
* login, so keep in mind that many mobile clients will not perform as
* well as a server, and reduce the iteration count accordingly. Also,
* some clients will refuse to perform a login at all if this is set
* too high. A benchmark program is included alongside this software to
* aid in tuning this parameter.
*
* Valid values are 10,000 to 5,000,000 (inclusive)
* The default is 64,000
*/
#pbkdf2v2_rounds = 64000;
/* (*) pbkdf2v2_saltlen
* You should only change this if you *really* know what you're doing
* Valid values are 8 to 64 (inclusive)
* The default is 32
*/
#pbkdf2v2_saltlen = 32;
/* (*) bcrypt_cost
*
* Amount of rounds to perform for new passwords (as a power of 2).
* You should raise this as high as is reasonable. A benchmark
* program is available alongside this software to aid in this
* process.
*
* Valid values are 4 to 31 (inclusive)
* The default is 7
*/
#bcrypt_cost = 7;
/* (*) crypt3_sha2_256_rounds
* (*) crypt3_sha2_512_rounds
*
* Use of this option is restricted to certain C libraries!
* At present, only GNU libc6 ("glibc") v2.7+ is known to work.
*
* Valid values are 5,000 to 1,000,000 (inclusive)
* The default is 5,000
*/
#crypt3_sha2_256_rounds = 5000;
#crypt3_sha2_512_rounds = 5000;
};
/* The serverinfo{} block defines how we appear on the IRC network. */
serverinfo {
/* name
* The server name that this program uses on the IRC network.
* This is the name you'll have to use in C:/N:Lines. It must be
* unique on the IRC network and contain at least one dot, but does
* not have to be equal to any DNS name.
*/
name = "{{atheme_server_host}}";
/* desc
* The ``server comment'' we send to the IRC network.
*/
desc = "Atheme IRC Services";
/* numeric
* Some protocol drivers (Charybdis, Ratbox2, P10, IRCNet)
* require a server id, also known as a numeric. Please consult your
* ircd's documentation when providing this value.
*/
numeric = "00A";
/* (*)recontime
* The number of seconds before we reconnect to the uplink.
*/
recontime = 10;
/* (*)netname
* The name of your network.
*/
netname = "{{atheme_server_host}}";
/* (*)hidehostsuffix
* P10 +x host hiding gives <account>.<hidehostsuffix>.
* If using +x on asuka, this must agree
* with F:HIDDEN_HOST.
*/
hidehostsuffix = "users.misconfigured";
/* (*)adminname
* The name of the person running this service.
*/
adminname = "{{atheme_admin_name}}";
/* (*)adminemail
* The email address of the person running this service.
*/
adminemail = "{{atheme_admin_email}}";
/* (*)registeremail
* The email address that messages should be originated from.
* If this is not set, then "noreply.$adminemail" will be used.
*/
registeremail = "{{atheme_admin_email}}";
/* (*)hidden
* If this is enabled, Atheme will indicate to the uplink IRCd
* that it should not be included in /links output. This only works
* on the following IRCds at present: charybdis, ircd-seven, ratbox.
*/
#hidden;
/* (*)mta
* The full path to your mail transfer agent.
* This is used for email authorization and password retrieval.
* Comment this out to disable sending email.
* Warning: sending email can disclose the IP of your services
* unless you take precautions (not discussed here further).
*/
mta = "/usr/sbin/sendmail";
/* (*)loglevel
* Specify the default categories of logging information to record
* in the master Atheme logfile, usually var/atheme.log.
*
* Options include:
* debug, all - meta-keyword for all possible categories
* trace - meta-keyword for a little bit of info
* misc - like trace, but with some more miscellaneous info
* notice - meta-keyword for notice-like information
* ------------------------------------------------------------------------------
* error - critical errors
* info - miscillaneous log notices
* verbose - A bit more verbose than info, not quite as spammy as debug
* commands - all command use
* admin - administrative command use
* register - account and channel registrations
* set - changes of account or channel settings
* request - user requests (currently only vhosts)
* network - log notices related to network status
* rawdata - log raw data sent and received by services
* wallops - <not yet used>
*/
loglevel = { error; info; admin; network; wallops; };
/* (*)maxlogins
* What is the maximum number of sessions allowed to login to one
* username? This reduces potential abuse. It is only checked on login.
*/
maxlogins = 5;
/* (*)maxusers
* What are the maximum usernames that one email address can register?
* Set to 0 to disable this check (it can be slow currently).
*/
maxusers = 5;
/* (*)mdlimit
* How many metadata entries can be added to an object?
*/
mdlimit = 30;
/* (*)emaillimit, emailtime
* The maximum number of emails allowed to be sent in
* that amount of time (seconds). If this is exceeded,
* wallops will be sent, at most one per minute.
*/
emaillimit = 10;
emailtime = 300;
/* (*)auth
* What type of username registration authorization do you want?
* If "email", Atheme will send a confirmation email to the address to
* ensure it's valid. If registration is not completed within one day,
* the username will expire. If "none", no message will be sent and
* the username will be fully registered.
* Valid values are: email, none.
*/
auth = none;
/* casemapping
* Specify the casemapping to use. Almost all TSora (and any that follow
* the RFC correctly) ircds will use rfc1459 casemapping. Bahamut, Unreal,
* and other ``Dalnet'' ircds will use ascii casemapping.
* Valid values are: rfc1459, ascii.
*/
casemapping = rfc1459;
};
/* uplink{} blocks define connections to IRC servers.
* Multiple may be defined but only one will be used at a time (IRC
* being a tree shaped network). Atheme does not currently link over SSL.
* To link Atheme over ssl, please connect Atheme to a local ircd and have that
* connect to your network over SSL.
*/
uplink "{{atheme_upstream_server}}" {
// The server name of the ircd you're linking to goes above.
// host
// The hostname to connect to.
host = "127.0.0.1";
// vhost
// The source IP to connect from, used on machines with multiple interfaces.
#vhost = "192.0.2.5";
// send_password
// The password sent for linking.
send_password = "{{atheme_server_pass}}";
// receive_password
// The password received for linking.
receive_password = "{{atheme_server_pass}}";
// port
// The port to connect to.
port = 6667;
};
/* this is an example for using an IPv6 address as an uplink */
/* uplink "irc6.example.net" {
host = "::1";
// password
// If you want to have same send_password and accept_password, you
// can specify both using 'password' instead of individually.
password = "linkage";
port = 6667;
};
*/
/* Services configuration.
*
* Each of these blocks can contain a nick, user, host, real and aliases.
* Several of them also have options specific to the service.
*/
/* NickServ configuration.
*
* The nickserv {} block contains settings specific to the NickServ modules.
*
* NickServ provides nickname or username registration and authentication
* services. It provides necessary authentication features required for
* Services to operate correctly. You should make sure these settings
* are properly configured for your network.
*/
nickserv {
/* (*)spam
* Have NickServ tell people about how great it and ChanServ are.
*/
spam;
/* no_nick_ownership
* Enable this to disable nickname ownership (old userserv{}).
* This changes changes "nickname" to "account" in most messages,
* disables GHOST on users not logged in to the same account and
* makes the spam directive ineffective.
* It is suggested that the nick be set to UserServ, login.so
* be loaded instead of identify.so and ghost.so not be loaded.
*/
#no_nick_ownership;
/* (*)nick
* The nickname we want NickServ to have.
*/
nick = "NickServ";
/* (*)user
* The username we want NickServ to have.
*/
user = "NickServ";
/* (*)host
* The hostname we want NickServ to have.
*/
host = "{{atheme_server_host}}";
/* (*)real
* The realname (gecos) information we want NickServ to have.
*/
real = "Nickname Services";
/* (*)aliases
* Command aliases for NickServ.
*/
aliases {
"ID" = "IDENTIFY";
"MYACCESS" = "LISTCHANS";
};
/* (*)access
* This block allows you to modify the access level required to run
* commands. The list of possible accesses are listed in the operclass
* section later in this .conf . Note that you can only set the access
* on an actual command, not an alias.
*/
access {
};
/* (*)maxnicks
* If GROUP is loaded, what are the maximum nicknames that one
* username can register?
*/
maxnicks = 5;
/* (*)expire
* The number of days before inactive registrations are expired.
*/
expire = 30;
/* (*)enforce_expire
* The number of days of no use after which to ignore enforcement
* settings on nicks.
*/
#enforce_expire = 14;
/* (*)enforce_delay
* The number of seconds to delay nickchange enforcement settings
* on nicks.
*/
#enforce_delay = 30;
/* (*)enforce_prefix
* The prefix to use when changing the user's nick on enforcement
*/
#enforce_prefix = "Guest";
/* (*)waitreg_time
* The amount of time (in seconds) users have to wait between
* connecting to the network, and being able to register a services
* account. Minimum value 0 (disables the enforced delay), default
* value 0, maximum value 43200 (12 hours). Requires the
* "modules/nickserv/waitreg" module to be loaded to do anything.
*/
#waitreg_time = 0;
/* (*)cracklib_dict
* The location and filename prefix of the cracklib dictionaries
* for use with nickserv/pwquality. This must be provided if you are
* going to be using nickserv/pwquality with cracklib support enabled.
*/
#cracklib_dict = "/var/cache/cracklib/cracklib_dict";
/* (*)passwdqc_*
* Please see the passwdqc.conf(5) documentation for an explanation
* of these values. Affects modules/nickserv/pwquality if passwdqc
* support is enabled. Default values given below.
*/
#passwdqc_max = 288; /* (8 <= value <= 288) */
#passwdqc_min_n0 = 20; /* (0 <= value <= passwdqc_max) */
#passwdqc_min_n1 = 16; /* (0 <= value <= passwdqc_min_n0) */
#passwdqc_min_n2 = 16; /* (0 <= value <= passwdqc_min_n1) */
#passwdqc_min_n3 = 12; /* (0 <= value <= passwdqc_min_n2) */
#passwdqc_min_n4 = 8; /* (0 <= value <= passwdqc_min_n3) */
#passwdqc_words = 4; /* (2 <= value <= 8) */
/* (*)pwquality_warn_only
* If this option is set and nickserv/pwquality is loaded, nickserv will just
* warn users that their password is insecure, recommend they change it and
* still register the nick. If this option is unset, it will refuse to
* register the nick at all until the user chooses a better password.
*/
#pwquality_warn_only;
/* (*)show_custom_metadata
* Setting this option to false will prevent user-set metadata (via SET PROPERTY)
* from showing up in the INFO output. The TAXONOMY command will still function
* as usual, and INFO will point this out if users have metadata set.
*/
show_custom_metadata;
/* (*)emailexempts
* A list of email addresses that will be exempt from the check of how many
* accounts one user may have. Any email address in this block may register
* an unlimited number of accounts/usernames.
*/
emailexempts {
};
/*
* (*)shorthelp
*
* A list of commands that are displayed (with their full description) in the
* output of `/msg NickServ HELP'. Commands not in this list will be listed, but
* not with their descriptions. All commands with descriptions are still listed
* in `/msg NickServ HELP COMMANDS' regardless of the value set here.
*
* Optional; defaults to "ACCESS CERT DROP GHOST GROUP IDENTIFY INFO LISTCHANS
* LISTGROUPS LISTLOGINS LISTOWNMAIL LOGOUT REGAIN REGISTER RELEASE SENDPASS SET
* UNGROUP".
*
* A command in this list will only be printed if the corresponding module is
* loaded and the user has permission to use it. Set to an empty string to
* disable listing command descriptions in `/msg NickServ HELP'.
*/
#shorthelp = "";
};
/* ChanServ configuration.
*
* The chanserv {} block contains settings specific to the ChanServ modules.
*
* ChanServ provides channel registration services, which allows users to own
* channels. It is not required, but is strongly recommended.
*/
chanserv {
/* (*)nick
* The nickname we want the client to have.
*/
nick = "ChanServ";
/* (*)user
* The username we want the client to have.
*/
user = "ChanServ";
/* (*)host
* The hostname we want the client to have.
*/
host = "{{atheme_server_host}}";
/* (*)real
* The GECOS of the client.
*/
real = "Channel Services";
/* reggroup
* The group that will receive Memos about
* channel Registration requests when
* chanserv/moderate is loaded.
*/
#reggroup = "!Services-Team";
/* (*)aliases
* Command aliases for ChanServ.
*/
aliases {
};
/* (*)access
* Command access changes for ChanServ.
*/
access {
};
/* (*)maxchans
* What are the maximum channels that one username can register?
*/
maxchans = 5;
/* fantasy
* Do you want to enable fantasy commands? This can
* use a lot of CPU up, and will only work if you have
* join_chans (in general) enabled as well.
*/
fantasy;
/* (*) hide_xop
* Hide the XOP templates from sight. This is useful if you
* want to use templates and not have the XOP templates displayed.
*/
#hide_xop;
/* (*) templates
* Defines what flags the global templates comprise.
*
* For the special XOP templates:
* These should all be different and not equal to the empty set,
* except that hop may be equal to vop to disable hop.
* Each subsequent level should have more flags (except +VHO).
* For optimal functioning of /cs forcexop, aop should not have
* any of +sRf, hop should not have any of +sRfoOr and vop should
* not have any of +sRfoOrhHt.
* If this is not specified, the values of Atheme 0.3 are used,
* which are generally less intuitive than these.
* Note: changing these leaves the flags of existing channel access
* entries unchanged, thus removing them of the view of /cs xop list.
* Usually the channel founder can use /cs forcexop to update the
* entries to the new levels.
*
* Advice:
* If you want to add a co-founder role, remove the flags permission
* from the SOP role, and define a co-founder role with flags
* permissions.
*/
templates {
vop = "+AV";
hop = "+AHehitrv";
aop = "+AOehiortv";
sop = "+AOaefhiorstv";
founder = "+AFORaefhioqrstv";
/* some examples (which are commented out...) */
#member = "+Ai";
#op = "+AOiortv";
};
/* (*) deftemplates
* Defines default templates to set on new channels, as a
* space-separated list of name=+flags pairs.
* Note: at this time no syntax checking is done on this; it
* is your own responsibility to make sure it is correct.
*/
#deftemplates = "MEMBER=+Ai OP=+AOiortv";
/* (*) changets
* Change the channel TS to the registration time when someone
* recreates a registered channel, ensuring that they are deopped
* and all their modes are undone. Note that this involves ChanServ
* joining. When the channel was not recreated no deops will be done
* (apart from the SECURE option).
* This also solves the "join-mode" problem where someone recreates
* a registered channel and then sets some modes before they are
* deopped.
* This is currently supported for charybdis, ratbox, bahamut,
* and inspircd 1.1+. For charybdis and ratbox it only fully
* works with TS6, with TS5 bans and last-moment modes will
* still apply.
* (That can also be used to advantage, when first enabling this.)
*/
#changets;
/* (*) trigger
* This setting allows you to change the trigger prefix for
* ChanServ's in-channel command feature (disableable via chanserv::fantasy).
* If no setting is provided, the default is used, which is "!".
*
* Other settings you could consider trying: ".", "~", "?", "`", "'".
*/
trigger = "!";
/* (*)expire
* The number of days before inactive registrations are expired.
*/
expire = 30;
/* (*)maxchanacs
* The maximum number of entries allowed in a channel's access list
* (both channel ops and akicks), 0 for unlimited.
*/
maxchanacs = 0;
/* (*)maxfounders
* The maximum number of founders allowed in a channel.
* Note that all founders have the exact same privileges and
* the list of founders is shown in various places.
*/
maxfounders = 4;
/* (*)founder_flags
* The flags a user will get when they register a new channel.
* This MUST include at least 'F' or it will be ignored.
* If it is not set, Atheme will give the user all channel flags.
*/
#founder_flags = "AFORefiorstv";
/* (*)akick_time
* The default expiration time (in minutes) for AKICKs.
* Comment this option out or set to zero for permanent AKICKs
* by default (the old behaviour).
*/
#akick_time = 10;
/* (*)antiflood_enforce_method
* The enforcement method to use for flood protection by default.
* This may be overridden by channel staff.
* Available options are: quiet, kickban and akill.
*/
antiflood_enforce_method = quiet;
/* (*)show_custom_metadata
* Setting this option to false will prevent user-set metadata (via SET PROPERTY)
* from showing up in the INFO output. The TAXONOMY command will still function
* as usual, and INFO will point this out if channels have metadata set.
*/
show_custom_metadata;
/*
* (*)shorthelp
*
* A list of commands that are displayed (with their full description) in the
* output of `/msg ChanServ HELP'. Commands not in this list will be listed, but
* not with their descriptions. All commands with descriptions are still listed
* in `/msg ChanServ HELP COMMANDS' regardless of the value set here.
*
* Optional; defaults to "AKICK BAN CLEAR DEOP DEVOICE DROP FLAGS GETKEY INFO
* INVITE KICK KICKBAN OP QUIET REGISTER SET TOPIC UNBAN UNQUIET VOICE WHY".
*
* A command in this list will only be printed if the corresponding module is
* loaded and the user has permission to use it. Set to an empty string to
* disable listing command descriptions in `/msg ChanServ HELP'.
*/
#shorthelp = "";
};
/* CHANFIX configuration.
*
* The chanfix {} block contains settings specific to the CHANFIX modules.
*
* CHANFIX provides channel recovery services without registration, which
* allows users to maintain control of channels even if ChanServ is not used
* to register them.
*/
chanfix {
/* (*)nick
* The nickname we want the client to have.
*/
nick = "ChanFix";
/* (*)user
* The username we want the client to have.
*/
user = "ChanFix";
/* (*)host
* The hostname we want the client to have.
*/
host = "{{atheme_server_host}}";
/* (*)real
* The GECOS of the client.
*/
real = "Channel Fixing Service";
/* (*)autofix
* Automatically fix channels if they become opless and meet fixing
* criteria.
*/
autofix;
};
/* Global noticing configuration.
*
* The global {} block contains settings specific to the Global notice module.
*
* The Global notice module provides the ability to mass-notify a network.
*/
global {
/* (*)nick
* Sets the nick used for sending out a global notice.
*/
nick = "Global";
/* (*)user
* Sets the username used for this client.
*/
user = "Global";
/* (*)host
* The hostname used for this client.
*/
host = "{{atheme_server_host}}";
/* (*)real
* The GECOS (real name) of the client.
*/
real = "Network Announcements";
};
/* InfoServ configuration
*
* The infoserv {} block contains settings specific to the InfoServ module.
*
* The InfoServ modules provides the ability to mass-notify a network and send
* news to users when they connect to the network.
*/
infoserv {
/* (*)nick
* Sets the nick used for InfoServ and sending out informational messages.
*/
nick = "InfoServ";
/* (*)user
* Sets the username used for this client.
*/
user = "InfoServ";
/* (*)host
* The hostname used for this client,
*/
host = "{{atheme_server_host}}";
/* (*)real
* The GECOS (real name) of the client.
*/
real = "Information Service";
/* (*)logoninfo_count
* The number of InfoServ messages a user will see upon connect.
* If there are more than this number, the user will be able to
* see the rest with /msg infoserv list .
*/
logoninfo_count = 3;
};
/* OperServ configuration.
*
* The operserv {} block contains settings specific to the OperServ modules.
*
* OperServ provides essential network management tools for IRC operators
* on the IRC network.
*/
operserv {
/* (*)nick
* The nickname we want the Operator Service to have.
*/
nick = "OperServ";
/* (*)user
* Sets the username used for this client.
*/
user = "OperServ";
/* (*)host
* The hostname used for this client.
*/
host = "{{atheme_server_host}}";
/* (*)real
* The GECOS (real name) of the client.
*/
real = "Operator Services";
/* (*)aliases
* Command aliases for OperServ.
*/
aliases {
};
/* (*)access
* Command access changes for OperServ.
*/
access {
};
};
/* SaslServ configuration.
*
* The saslserv {} block contains settings specific to the SaslServ modules.
*
* SaslServ provides an authentication agent which is compatible with the
* SASL over IRC (SASL/IRC) protocol extension.
*/
saslserv {
/* (*)nick
* The nickname we want SaslServ to have.
*/
nick = "SaslServ";
/* (*)user
* The username we want SaslServ to have.
*/
user = "SaslServ";
/* (*)host
* The hostname we want SaslServ to have.
*/
host = "{{atheme_server_host}}";
/* (*)real
* The realname (gecos) information we want SaslServ to have.
*/
real = "SASL Authentication Agent";
/* (*)hide_server_names
* Hide server names in the bad_password message.
*/
#hide_server_names;
};
/* MemoServ configuration.
*
* The memoserv {} block contains settings specific to the MemoServ modules.
*
* MemoServ provides a note-taking service that you can use to send notes
* to offline users (provided they are registered with Services).
*/
memoserv {
/* (*)nick
* The nickname we want MemoServ to have.
*/
nick = "MemoServ";
/* (*)user
* The username we want MemoServ to have.
*/
user = "MemoServ";
/* (*)host
* The hostname we want MemoServ to have.
*/
host = "{{atheme_server_host}}";
/* (*)real
* The realname (gecos) information we want MemoServ to have.
*/
real = "Memo Services";
/* (*)aliases
* Command aliases for MemoServ.
*/
aliases {
};
/* (*)access
* Command access changes for MemoServ.
*/
access {
};
/* (*)maxmemos
* What is the maximum amount of memos a user can have in their inbox?
*/
maxmemos = 30;
};
/* GameServ configuration.
*
* The gameserv {} block contains settings specific to the GameServ modules.
*
* GameServ provides various in-channel commands for games.
*/
gameserv {
/* (*)nick
* The nickname we want GameServ to have.
*/
nick = "GameServ";
/* (*)user
* Sets the username used for this client.
*/
user = "GameServ";
/* (*)host
* The hostname used for this client.
*/
host = "{{atheme_server_host}}";
/* (*)real
* The GECOS (real name) of the client.
*/
real = "Game Services";
/* (*)aliases
* Command aliases for GameServ.
*/
aliases {
};
/* (*)access
* Command access changes for GameServ.
*/
access {
};
};
/* RPGServ configuration.
*
* The rpgserv {} block contains settings specific to the RPGServ modules.
*
* RPGServ provides a facility for finding roleplaying channels.
*/
rpgserv {
/* (*)nick
* The nickname we want RPGServ to have.
*/
nick = "RPGServ";
/* (*)user
* Sets the username used for this client.
*/
user = "RPGServ";
/* (*)host
* The hostname used for this client.
*/
host = "{{atheme_server_host}}";
/* (*)real
* The GECOS (real name) of the client.
*/
real = "RPG Finding Services";
/* (*)aliases
* Command aliases for RPGServ.
*/
aliases {
};
/* (*)access
* Command access changes for RPGServ.
*/
access {
};
};
/* BotServ configuration.
*
* The botserv {} block contains settings specific to the BotServ modules.
*
* BotServ provides virtual channel bots.
*/
botserv {
/* (*)nick
* The nickname we want BotServ to have.
*/
nick = "BotServ";
/* (*)user
* Sets the username used for this client.
*/
user = "BotServ";
/* (*)host
* The hostname used for this client.
*/
host = "{{atheme_server_host}}";
/* (*)real
* The GECOS (real name) of the client.
*/
real = "Bot Services";
/* (*)min_users
* Minimum number of users a channel must have before a Bot is allowed
* to be assigned to that channel.
*/
min_users = 0;
};
/* GroupServ configuration.
*
* The groupserv {} block contains settings specific to the GroupServ modules.
*
* GroupServ provides features for managing a collection of channels at once.
*
*/
groupserv {
/* (*)nick
* The nickname we want GroupServ to have.
*/
nick = "GroupServ";
/* (*)user
* The username we want GroupServ to have.
*/
user = "GroupServ";
/* (*)host
* The hostname we want GroupServ to have.
*/
host = "{{atheme_server_host}}";
/* (*)real
* The realname (gecos) information we want GroupServ to have.
*/
real = "Group Management Services";
/* (*)aliases
* Command aliases for GroupServ.
*/
aliases {
};
/* (*)access
* Command access changes for GroupServ.
*/
access {
};
/* (*)maxgroups
* Maximum number of groups one username can be founder of.
*/
maxgroups = 5;
/* (*)maxgroupacs
* Maximum number of access entries you may have in a group.
*/
maxgroupacs = 100;
/* (*)enable_open_groups
* Setting this option will allow any group founder to mark
* their group as "anyone can join".
*/
enable_open_groups;
/* (*)join_flags
* This is the GroupServ flagset that users who JOIN a open
* group will get upon join. Please check the groupserv/flags
* helpfile before changing this option. Valid flagsets (for
* example) would be: "+v" or "+cv". It is not valid to use
* minus flags (such as "-v") here.
*/
join_flags = "+";
};
/* HostServ configuration.
*
* The hostserv {} block contains settings specific to the HostServ modules.
*
* HostServ provides advanced virtual host management.
*/
hostserv {
/* (*)nick
* The nickname we want HostServ to have.
*/
nick = "HostServ";
/* (*)user
* Sets the username used for this client.
*/
user = "HostServ";
/* (*)host
* The hostname used for this client.
*/
host = "{{atheme_server_host}}";
/* (*)real
* The GECOS (real name) of the client.
*/
real = "Host Management Services";
/* reggroup
* The group that will receive Memos about
* vHost requests.
*/
#reggroup = "!Services-Team";
/* (*)request_per_nick
* Whether the request system should work per nick or per account.
* The recommended setting is to leave this disabled, so that
* vhosts work as consistently as possible.
*/
#request_per_nick;
/* (*)aliases
* Command aliases for HostServ.
*/
aliases {
"APPROVE" = "ACTIVATE";
"DENY" = "REJECT";
};
/* (*)access
* Command access changes for HostServ.
*/
access {
};
};
/* HelpServ configuration
*
* The helpserv {} block contains settings specific to the HelpServ modules.
*
* HelpServ adds a few different ways for users to request help from network staff.
*/
helpserv {
/* (*)nick
* The nickname we want HelpServ to have.
*/
nick = "HelpServ";
/* (*)user
* The username we want HelpServ to have.
*/
user = "HelpServ";
/* (*)host
* The hostname we want HelpServ to have.
*/
host = "{{atheme_server_host}}";
/* (*)real
* The realname (gecos) information we want HelpServ to have.
*/
real = "Help Services";
};
/* StatServ configuration
*
* The statserv {} block contains settings specific to the StatServ modules.
*
* StatServ adds basic stats and split tracking.
*/
statserv {
/* (*)nick
* The nickname we want StatServ to have.
*/
nick = "StatServ";
/* (*)user
* The username we want StatServ to have.
*/
user = "StatServ";
/* (*)host
* The hostname we want StatServ to have.
*/
host = "{{atheme_server_host}}";
/* (*)real
* The realname (gecos) information we want StatServ to have.
*/
real = "Statistics Services";
};
/* ALIS configuration.
*
* The alis {} block contains settings specific to the ALIS modules.
*/
alis {
/* (*)nick
* The nickname we want ALIS to have.
*/
nick = "ALIS";
/* (*)user
* The username we want ALIS to have.
*/
user = "alis";
/* (*)host
* The hostname we want ALIS to have.
*/
host = "{{atheme_server_host}}";
/* (*)real
* The realname (gecos) information we want ALIS to have.
*/
real = "Channel Directory";
/* (*)maxmatches
* The default maximum number of channels returned in a query.
* Privilege (chan:auspex) is required to ask for more.
* Minimum 8, default 64, maximum 128.
*/
#maxmatches = 64;
};
/* HTTP server configuration.
*
* The httpd {} block contains settings specific to the HTTP server module.
*
* The HTTP server in Services is used for serving XMLRPC requests. It can
* also serve static documents and statistics pages.
*/
httpd {
/* host
* The host that the HTTP server will listen on.
* Use 0.0.0.0 if you want to listen on all available hosts.
*/
host = "0.0.0.0";
/* host (ipv6)
* If you want, you can have Atheme listen on an IPv6 host too.
* Use :: if you want to listen on all available IPv6 hosts.
*/
#host = "::";
/* www_root
* The directory that contains the files that should be served by the httpd.
*/
www_root = "/var/www";
/* port
* The port that the HTTP server will listen on.
*/
port = 8080;
};
/* LDAP configuration.
*
* The ldap {} block contains settings specific to the LDAP authentication
* module.
*/
ldap {
/* (*)url
* LDAP URL of the server to use.
*/
url = "ldap://127.0.0.1";
/* (*)dnformat
* Format string to convert an account name to an LDAP DN.
* Must contain exactly one %s which will be replaced by the account
* name.
* Services will attempt a simple bind with this DN and the given
* password; if this is successful the password is considered correct.
*/
dnformat = "cn=%s,dc=jillestest,dc=com";
};
/******************************************************************************
* LOGGING SECTION. *
******************************************************************************/
/*
* logfile{} blocks can be used to set up log files other than the master
* logfile used by services, which is controlled by serverinfo::loglevel.
*
* The various logging categories are:
* debug, all - meta-keyword for all possible categories
* trace - meta-keyword for a little bit of info
* misc - like trace, but with some more miscillaneous info
* notice - meta-keyword for notice-like information
* ------------------------------------------------------------------------------
* error - critical errors
* info - miscillaneous log notices
* verbose - A bit more verbose than info, not quite as spammy as debug
* commands - all command use
* admin - administrative command use
* register - account and channel registrations
* set - changes of account or channel settings
* request - user requests (currently only vhosts)
* network - log notices related to network status
* rawdata - log raw data sent and received by services
* wallops - <not yet used>
* denycmd - security model denials (commands, permissions)
*/
/*
* This block logs all account and channel registrations and drops,
* and account and channel setting changes to var/account.log.
*/
logfile "var/account.log" { register; set; };
/*
* This block logs all command use to var/commands.log.
*/
logfile "var/commands.log" { commands; };
/*
* This block logs all security auditing information.
*/
logfile "var/audit.log" { denycmd; };
/*
* You can log to IRC channels, and even split it by category, too.
* This entry provides roughly the same functionality as the old snoop
* feature.
*/
logfile "#services" { error; info; admin; request; register; denycmd; };
/*
* This block logs to server notices.
*/
logfile "!snotices" { error; info; request; denycmd; };
/******************************************************************************
* GENERAL PARAMETERS CONFIGURATION SECTION. *
******************************************************************************/
/* The general {} block defines general configuration options. */
general {
/* (*)permissive_mode
* Whether or not security denials should be soft denials instead of
* hard denials. If security denials are soft denials, then they will
* only be logged to the denial log.
*/
#permissive_mode;
/* (*)helpchan
* Network help channel. Shown to users when they request
* help for a command that doesn't exist.
*/
#helpchan = "#help";
/* (*)helpurl
* Network webpage for services help. Shown to users when they
* request help for a command that doesn't exist.
*/
#helpurl = "http://www.stack.nl/~jilles/irc/atheme-help/";
/* (*)silent
* If you want to prevent services from sending
* WALLOPS/GLOBOPS about things uncomment this.
* Not recommended.
*/
#silent;
/* (*)verbose_wallops
* If you want services to send you more information about
* events that are occuring (in particular AKILLs), uncomment the
* directive below.
*
* WARNING! This may result in large amounts of wallops/globops
* floods.
*/
#verbose_wallops;
/* (*)join_chans
* Should ChanServ be allowed to join registered channels?
* This option is useful for the fantasy command set.
*
* If enabled, you can tell ChanServ to join via SET GUARD ON.
*
* If you use ircu-like ircd (asuka), you must
* leave this enabled, and put guard in default cflags.
*
* For ratbox it is recommended to leave it on and put guard in
* default cflags, in order that ChanServ does not have to join/part
* to do certain things. On the other hand, enabling this increases
* potential for bots fighting with ChanServ.
*
* Regardless of this option, ChanServ will temporarily join
* channels which would otherwise be empty if necessary to enforce
* akick/restricted/close, and to change the TS if changets is
* enabled.
*/
join_chans;
/* (*)leave_chans
* Do we leave registered channels after everyone else has left?
* Turning this off serves little purpose, except to mark "official"
* network channels by keeping them open, and to preserve the
* topic and +beI lists.
*/
leave_chans;
/* secure
* Do you want to require the use of /msg <service>@<services host>?
* Turning this on helps protect against spoofers, but is disabled
* as most networks do not presently use it.
*/
#secure;
/* (*)uflags
* The default flags to set for usernames upon registration.
* Valid values are: hold, neverop, noop, hidemail, nomemo, emailmemos,
* enforce, privmsg, private, quietchg and none.
*/
uflags = { hidemail; };
/* (*)cflags
* The default flags to set for channels upon registration.
* Valid values are: hold, secure, verbose, verbose_ops, keeptopic,
* topiclock, guard, private, nosync, limitflags, pubacl and none.
*/
cflags = { verbose; guard; };
/* (*)raw
* Do you want to allow SRAs to use the RAW and INJECT commands?
* These commands are for debugging. If you don't know how to use them
* then don't enable them. They are not supported.
*/
#raw;
/* (*)flood_msgs
* Do you want services to detect floods?
* Set to how many messages before a flood is triggered.
* Note that some messages that need a lot of processing count
* as two or four messages.
* If services receives `flood_msgs' within `flood_time' the user will
* trigger the flood protection.
* Setting this to zero disables flood protection.
*/
flood_msgs = 7;
/* (*)flood_time
* Do you want services to detect floods?
* Set to how long before the counter resets.
* If services receives `flood_msgs' within `flood_time' the user will
* trigger the flood protection.
*/
flood_time = 10;
/* (*)ratelimit_uses
* After how many uses of a command will users be throttled.
* After `ratelimit_uses' of a command within `ratelimit_period', users
* will not be able to run that ratelimited command until the period is up.
* Comment this, ratelimit_period below or both options out to disable rate limiting.
* Currently used in helpserv/helpme, helpserv/ticket, hostserv/request,
* nickserv/register and chanserv/register.
*/
ratelimit_uses = 5;
/* (*)ratelimit_period
* After how much time (in seconds) will the ratelimit_uses counter reset.
* After `ratelimit_uses' of a command within `ratelimit_period', users
* will not be able to run that ratelimited command until the period is up.
* Comment this, ratelimit_uses above or both options out to disable rate limiting.
* Currently used in helpserv/helpme, helpserv/ticket, hostserv/request,
* nickserv/register and chanserv/register.
*/
ratelimit_period = 60;
/* (*)vhost_change
* The default number of days between vHost changes once a user has used HostServ
* TAKE or REQUEST. (Helps to deter rabid host-swappers and ban evaders.)
*/
#vhost_change = 30;
/* (*)kline_time
* The default expire time for KLINE's in days.
* Setting this to 0 makes all KLINE's permanent.
*/
kline_time = 7;
/* (*)kline_with_ident
* KLINE user@host instead of *@host.
* Applies to all automatic KLINE's set by services.
*/
#kline_with_ident;
/* (*)kline_verified_ident
* KLINE *@host if the first character of the ident is ~,
* irrespective of the value of kline_with_ident.
*/
#kline_verified_ident;
/* (*)clone_time
* This is the default expiry time for CLONE exemptions in minutes.
* Setting this to 0 makes all CLONE exemptions permanent.
*/
clone_time = 0;
/* commit_interval
* The time between database writes in minutes.
*/
commit_interval = 5;
/* (*)operstring
* The string returned in WHOIS (against services) for IRC operators.
*/
#operstring = "is an IRC Operator";
/* (*)servicestring
* The string returned in WHOIS (against services) for services.
*/
#servicestring = "is a Network Service";
/* (*)default_clone_allowed
* The limit after which clones will be KILLed or TKLINEd.
* Used by operserv/clones.
*/
default_clone_allowed = 5;
/* (*)default_clone_warn
* The limit after which clones will be warned that they may not
* have any more concurrent connections. Should be lower than
* default_clone_allowed . Used by operserv/clones.
*/
default_clone_warn = 4;
/* (*)clone_identified_increase_limit
* If this option is enabled, the clone limit for a IP/host will
* be increased by 1 per clone that's identified to services.
* This has a limit of double the clone limits above.
*/
clone_identified_increase_limit;
/* (*)uplink_sendq_limit
* The maximum amount of data that may be queued to be sent
* to the uplink, in bytes. This should be enough to contain
* Atheme's response to the netburst, but smaller than the
* IRCd's sendq limit for servers.
*/
uplink_sendq_limit = 1048576;
/* (*)language
* Language to use for channel and oper messages and as default
* for users.
*/
language = "en";
/* exempts
* This block contains a list of user@host masks. Users matching any
* of these will not be automatically K:lined by services.
*/
exempts {
};
/* allow_taint
* By enabling this option, Atheme will run in configurations where
* the upstream will not provide support. By enabling this feature,
* you void any perceived rights to support.
*/
#allow_taint;
/* (*)immune_level
* This option allows you to customize the operlevel which gets kick
* immunity privileges.
*
* The following flags are available:
* immune - require whatever ircd usermode is needed for kick
* immunity (this is the default);
* admin - require admin privileges for kick immunity
* ircop - require any ircop privileges for kick immunity (umode +o)
*/
immune_level = immune;
/* show_entity_id
* This makes nick/user & group entity IDs visible to everyone, rather
* than just opers with user:auspex or group:auspex privileges.
*/
show_entity_id;
/* load_database_mdeps
*
* For module dependencies listed in the services database (if any),
* whether to load those modules on startup (if they are not already
* loaded) or abort startup with a more helpful error message than
* e.g. "db services.db:123: unknown directive 'BE'" --> "corestorage:
* exiting to avoid data loss".
*
* Comment this out to abort startup instead of silently loading the
* modules you need to process the database successfully. The abort
* reason will tell you what module the database requires so that you
* can fix your configuration file.
*/
load_database_mdeps;
};
proxyscan {
/* Here you can configure the details of your Proxyscan (DNS Blacklist)
* scanner service.
*/
nick = "Proxyscan";
user = "dnsbl";
host = "{{atheme_server_host}}";
real = "Proxyscan Service";
blacklists {
"dnsbl.dronebl.org";
"rbl.efnetrbl.org";
"tor.efnet.org";
};
/* Available dnsbl_action's:
* NONE - Do nothing
* NOTIFY - Notify user that they are listed in a DNSBL and which one
* SNOOP - Report the user to the logchannel or services channel
* KLINE - AKILL the user from the network (default AKILL is 24 hours)
*/
dnsbl_action = kline;
};
/******************************************************************************
* OPERATOR AND PRIVILEGES CONFIGURATION SECTION. *
******************************************************************************/
/* Operator configuration
* See the PRIVILEGES document for more information.
* NOTE: All changes apply immediately upon rehash. You may need
* to send a signal (killall -HUP atheme-services) to regain control.
*/
/* (*) Operclasses specify groups of services operator privileges */
/* The "user" operclass specifies privileges all users get.
* This may be empty (default) in which case users get no special privileges.
* If you use the security/cmdperm module, you will need to grant command: privileges
* to every command that you want users to be able to use.
*/
operclass "user" { };
/* The "ircop" operclass specifies privileges all IRCops get.
* This may be empty in which case IRCops get no privs.
* At least chan:cmodes, chan:joinstaffonly and general:auspex are suggested.
*/
operclass "ircop" {
privs {
special:ircop;
};
privs {
user:auspex;
user:admin;
user:sendpass;
user:vhost;
user:mark;
};
privs {
chan:auspex;
chan:admin;
chan:cmodes;
chan:joinstaffonly;
};
privs {
general:auspex;
general:helper;
general:viewprivs;
general:flood;
};
privs {
operserv:omode;
operserv:akill;
operserv:jupe;
operserv:global;
};
privs {
group:auspex;
group:admin;
};
};
operclass "sra" {
/* You can inherit privileges from a lower operclass. */
extends "ircop";
privs {
user:hold;
user:regnolimit;
};
privs {
general:metadata;
general:admin;
};
privs {
#operserv:massakill;
#operserv:akill-anymask;
operserv:noop;
operserv:grant;
};
/* needoper
* Only grant privileges to IRC users in this oper class if they
* are opered; other use of privilege (channel succession, XMLRPC,
* etc.) is unaffected by this.
*
* This flag is *not* inherited by operclasses that extend this one;
* you will have to set it explicitly for each operclass.
*/
needoper;
};
/* (*) Operator blocks specify accounts with certain privileges
* Oper classes must be defined before they are used in operator blocks.
*/
operator "jilles" {
/* operclass */
operclass = "sra";
/* password
*
* Normally, the user needs to identify/log in using the account's
* password, and may need to be an IRCop (see operclass::needoper
* above). If you consider this not secure enough, you can
* specify an additional password here, which the user must enter
* using the OperServ IDENTIFY command, before the privileges can
* be used.
*
* The password must be encrypted if a crypto module is in use.
*
* If you are using modules/crypto/crypt3-*, you can probably use
* the "mkpasswd" program included with most Linux distributions.
* Otherwise you can use modules/operserv/genhash to encrypt a
* password for use here.
*/
#password = "$1$3gJMO9by$0G60YE6GqmuHVH3AnFPor1";
};
/******************************************************************************
* INCLUDE CONFIGURATION SECTION. *
******************************************************************************/
/* You may also specify other files for inclusion.
* For example:
*
* include "etc/sras.conf";
*/