# HG changeset patch # User Luke Hoersten # Date 1593904027 18000 # Node ID 3f0ce0a546638dc25a7b4a00108034ed0ccd34e3 # Parent 837cf4c1b717deadc7214f7246388040a4e942a5 Removed ngircd and atheme roles in favor of oragono. diff -r 837cf4c1b717 -r 3f0ce0a54663 atheme/handlers/main.yaml --- a/atheme/handlers/main.yaml Sat Jul 04 17:48:36 2020 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,5 +0,0 @@ ---- - -- name: restart atheme - become: yes - systemd: name="atheme-services.service" enabled="yes" daemon_reload="yes" state="restarted" diff -r 837cf4c1b717 -r 3f0ce0a54663 atheme/tasks/main.yaml --- a/atheme/tasks/main.yaml Sat Jul 04 17:48:36 2020 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,17 +0,0 @@ ---- - -- name: apt install atheme - become: yes - apt: name="atheme-services" - notify: restart atheme - -- name: configure atheme - become: yes - template: - src: "atheme.conf.j2" - dest: "/etc/atheme/atheme.conf" - notify: restart atheme - -- name: start atheme service - become: yes - systemd: name="atheme-services.service" state="started" enabled="yes" daemon_reload="yes" diff -r 837cf4c1b717 -r 3f0ce0a54663 atheme/templates/atheme.conf.j2 --- a/atheme/templates/atheme.conf.j2 Sat Jul 04 17:48:36 2020 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,2850 +0,0 @@ -/* This is an example configuration for Services. - * - * All statements end in semi-colons (';'). - * Shell style, C style, and C++ style comments may be used. - * - * Items marked with "(*)" are reconfigurable at runtime via REHASH. - */ - -/****************************************************************************** - * MODULES SECTION. * - ******************************************************************************/ - -/* - * These are the modules included with the core distribution of Services. - * - * You may be interested in the atheme community modules distribution as - * well, which adds additional features that may or may not be compatible - * with the project paradigms intended for maintainance of the core of - * atheme-services. - * - * Visit the atheme-services website for more information and to download them. - * - * Modules marked [experimental] will taint your atheme-services instance. Do - * not file any bug reports with us about using Services with those modules; - * they will be ignored. - */ - -/* Dynamic security modules. - * - * WARNING: If you select one of these modules, the default security policy included - * with Atheme may break. These modules are intended for people who know what they - * are doing and understand the implications of what they do. Security modules which - * are likely to break the default policy are prefixed with [!], if you are new to - * Atheme, you should avoid enabling them. - * - * If you find your security policy is broken, you may debug it while allowing normal - * operation of your IRC network by putting Atheme into "permissive mode". To do this, - * enable general::permissive_mode. - * - * [!] Infer "command:" namespace permissions modules/security/cmdperm - */ -#loadmodule "modules/security/cmdperm"; - -/* Protocol module. - * - * Please select a protocol module. Different servers use different protocols. - * Below is a listing of ircd's known to work with the various protocol modules - * available. - * - * Asuka 1.2.1 or later modules/protocol/asuka - * Bahamut 2.1.x modules/protocol/bahamut - * Charybdis IRCd modules/protocol/charybdis - * ChatIRCd modules/protocol/chatircd1.1 - * DreamForge 4.6.7 or later modules/protocol/dreamforge - * InspIRCd 2.0 modules/protocol/inspircd - * ircd-ratbox 2.0 and later modules/protocol/ratbox - * IRCNet ircd (ircd 2.11) modules/protocol/ircnet - * ircd-seven modules/protocol/ircd-seven - * Nefarious IRCu 0.4.0 or later modules/protocol/nefarious - * ngIRCd 19 or later [experimental] modules/protocol/ngircd - * UnrealIRCd 3.2.* modules/protocol/unreal - * UnrealIRCd 4 or later modules/protocol/unreal4 - * - * If your IRCd vendor has supplied a module file, build it and load it here - * instead of one above. - */ -loadmodule "modules/protocol/ngircd"; - -/* Protocol mixins. - * - * These should be used if you do not have/want certain features on your - * network that your ircd normally has. If you do not know what this means, - * you do not need any of them. - * - * Disable halfops modules/protocol/mixin_nohalfops - * Disable holdnick (use enforcer clients) modules/protocol/mixin_noholdnick - * Disable "protect" mode on channels modules/protocol/mixin_noprotect - * Disable "owner" mode on channels modules/protocol/mixin_noowner - */ -#loadmodule "modules/protocol/mixin_nohalfops"; -#loadmodule "modules/protocol/mixin_noholdnick"; -#loadmodule "modules/protocol/mixin_noprotect"; -#loadmodule "modules/protocol/mixin_noowner"; - -/* Database backend module. - * - * Please select a database backend module. Different backends allow for - * different ways in which the services data can be manipulated. YOU MAY - * ONLY HAVE ONE OF THESE BACKENDS LOADED. - * - * The following backends are available: - * - * Atheme 0.1 flatfile database format modules/backend/flatfile - * Open Services Exchange database format modules/backend/opensex - * - * Most networks will want opensex. - */ -loadmodule "modules/backend/opensex"; - -/* Password hashing modules. - * - * If you would like encryption for your services passwords, or to migrate - * from another IRC services package which used encryption for its passwords, - * please select a module here. - * - * The following encryption-capable crypto modules are available: - * - * Argon2 (Password Hashing Competition 2015) modules/crypto/argon2 - * scrypt (Tarsnap Online Backup Service) modules/crypto/scrypt - * PBKDF2 (Including support for SASL SCRAM-SHA) modules/crypto/pbkdf2v2 - * bcrypt (EksBlowfish; from Niels Provos etc.) modules/crypto/bcrypt - * SHA2-512 crypt(3) a la '$6$...' modules/crypto/crypt3-sha2-512 - * SHA2-256 crypt(3) a la '$5$...' modules/crypto/crypt3-sha2-256 - * - * If you do not load an encryption-capable crypto module, some features will - * not work correctly, and errors will be logged on e.g. user registration - * that it was not possible to encrypt their password. Support for running - * without an encryption-capable crypto module will be removed in a later - * version of this software; for now it is just *HIGHLY* discouraged. - * - * Note, that upon starting with an encryption-capable crypto module, YOUR - * UNENCRYPTED PASSWORDS ARE IMMEDIATELY AND *IRREVERSIBLY* CONVERTED. Make - * at least TWO backups of your database before experimenting with this. If - * you have several thousand accounts, this conversion may take a long time. - * - * The following modules can only be used to /verify/ existing encrypted - * passwords, for example when upgrading from an older version of this - * software, or migrating from something else: - * - * PBKDF2 v1 (Atheme <= 7.2 compatibility) modules/crypto/pbkdf2 - * Raw SHA2-512 modules/crypto/rawsha2-512 - * Raw SHA2-256 modules/crypto/rawsha2-256 - * Anope SHA2-256 (Anope 2.0 compatibility) modules/crypto/anope-enc-sha256 - * Raw SHA1 (Anope ~1.8 compatibility) modules/crypto/rawsha1 - * Raw MD5 (Anope ~1.8 compatibility) modules/crypto/rawmd5 - * IRCServices (+ Anope) compatibility modules/crypto/ircservices - * MD5 crypt(3) (Atheme Linux compatibility) modules/crypto/crypt3-md5 - * DES crypt(3) (Atheme OS X compatibility) modules/crypto/crypt3-des - * Base64 (Anope ~1.8 compatibility) modules/crypto/base64 - * - * To transition between crypto schemes, load the preferred scheme first, - * and as users login or set new passwords, they will be migrated to the new - * preferred scheme. Like so: - * - * loadmodule "modules/crypto/argon2"; - * loadmodule "modules/crypto/scrypt"; - * loadmodule "modules/crypto/pbkdf2v2"; - * loadmodule "modules/crypto/pbkdf2"; - * loadmodule "modules/crypto/crypt3-md5"; - * - * The Argon2 module requires the argon2 reference library (./configure - * --with-argon2) and is *NOT* available in Atheme v7.2 or earlier. If you - * wish to use this module while retaining the possibility to downgrade to - * v7.2, please see the crypto {} documentation below. - * - * The Scrypt module requires libsodium (./configure --with-libsodium) and is - * *NOT* available in Atheme v7.2 or earlier. This module may also require a - * 64-bit Operating System to function correctly. - * - * The PBKDF2v2 module has no dependencies and is recommended. If you were - * previously using the PBKDF2 v1 module on v7.2, you must still keep it in - * the configuration here; the PBKDF2 v2 module cannot verify its password - * hashes. However, you should also load PBKDF2 v2 (if you don't decide to use - * anything else), because the PBKDF2 v1 module is now verify-only. - * - * The bcrypt module will truncate passwords greater than 72 characters. It is - * also capable of verifying the older $2a$ digests that contain an integer - * wrap-around bug, as used on e.g. Anope. It is not capable of verifying the - * PHP-bcrypt $2x$ and $2y$ digests; but $2y$ can simply be changed to $2b$. - * All successfully-verified passwords not using $2b$ will be converted to it. - * This is an encryption-capable module, but its use is discouraged unless you - * need to use it for interoperability with some other piece of software. - * - * The crypt3-* modules depend on your platform crypt(3) supporting the - * respective algorithms. This is not guaranteed to be the case. If you used - * modules/crypto/posix on Linux, you need crypt3-md5. If you used - * modules/crypto/posix on OS X, you need crypt3-des. These modules issue - * informational messages when loaded to the effect that they might break in - * the future. They also run selftests on load to verify that they will work. - * - * All available modules are listed below, in the preferred load order. The - * modules that are commented out are not available by default (please see - * the v7.3 release notes in NEWS.md) or may require a third-party library to - * use. If you know that you do not need a specific module, it is better to - * not load it, so comment it out. Do not change the order of the modules - * below unless you need to migrate from one to the other (as described - * above); in particular, putting verify-only modules above encryption- - * capable modules would be a waste of CPU time every time password - * verification for a user whose password was not encrypted by them is - * attempted. - * - * Comments that start with -- describe the ./configure option necessary to - * have this module built. - */ -#loadmodule "modules/crypto/argon2"; /* --with-argon2 */ -#loadmodule "modules/crypto/scrypt"; /* --with-sodium */ -loadmodule "modules/crypto/pbkdf2v2"; -#loadmodule "modules/crypto/bcrypt"; /* See notes above */ -loadmodule "modules/crypto/pbkdf2"; /* Verify-only, see prev. */ -#loadmodule "modules/crypto/crypt3-sha2-512"; /* Needs crypt(3) support */ -#loadmodule "modules/crypto/crypt3-sha2-256"; /* Needs crypt(3) support */ -#loadmodule "modules/crypto/crypt3-md5"; /* --enable-legacy-pwcrypto */ -#loadmodule "modules/crypto/rawsha2-512"; /* --enable-legacy-pwcrypto */ -#loadmodule "modules/crypto/rawsha2-256"; /* --enable-legacy-pwcrypto */ -#loadmodule "modules/crypto/anope-enc-sha256"; /* --enable-legacy-pwcrypto */ -#loadmodule "modules/crypto/rawsha1"; /* --enable-legacy-pwcrypto */ -#loadmodule "modules/crypto/rawmd5"; /* --enable-legacy-pwcrypto */ -#loadmodule "modules/crypto/ircservices"; /* --enable-legacy-pwcrypto */ -#loadmodule "modules/crypto/crypt3-des"; /* --enable-legacy-pwcrypto */ -#loadmodule "modules/crypto/base64"; /* --enable-legacy-pwcrypto */ - -/* Authentication module. - * - * These allow using passwords from an external system. The password given - * when registering a new account is also checked against the external - * system. - * - * The following authentication modules are available: - * - * LDAP modules/auth/ldap - * - * The LDAP module requires OpenLDAP client libraries. It uses them in a - * synchronous manner, which means that an unresponsive LDAP server can - * freeze services. - */ -#loadmodule "modules/auth/ldap"; - -/* NickServ modules. - * - * Here you can disable or enable certain features of NickServ, by - * defining which modules are loaded. You can even disable NickServ - * entirely. Please note however, that an authentication service - * (either NickServ, or UserServ) is required for proper functionality. - * - * Core components modules/nickserv/main - * Nickname access lists modules/nickserv/access - * Bad email address blocking modules/nickserv/badmail - * CertFP fingerprint managment modules/nickserv/cert - * DROP command modules/nickserv/drop - * Nickname enforcement modules/nickserv/enforce - * GHOST command modules/nickserv/ghost - * GROUP and UNGROUP commands modules/nickserv/group - * HELP command modules/nickserv/help - * Nickname expiry override (HOLD command) modules/nickserv/hold - * IDENTIFY command modules/nickserv/identify - * INFO command modules/nickserv/info - * Last quit message in INFO modules/nickserv/info_lastquit - * LIST command modules/nickserv/list - * LISTLOGINS command modules/nickserv/listlogins - * LISTMAIL command modules/nickserv/listmail - * LISTOWNMAIL command modules/nickserv/listownmail - * LOGIN command (for no_nick_ownership) modules/nickserv/login - * LOGOUT command modules/nickserv/logout - * MARK command modules/nickserv/mark - * Password quality validation modules/nickserv/pwquality - * FREEZE command modules/nickserv/freeze - * LISTCHANS command modules/nickserv/listchans - * LISTGROUPS command modules/nickserv/listgroups - * REGISTER command modules/nickserv/register - * Bypass registration limits (REGNOLIMIT) modules/nickserv/regnolimit - * Password reset (RESETPASS command) modules/nickserv/resetpass - * RESTRICT command modules/nickserv/restrict - * Password return (RETURN command) modules/nickserv/return - * Password retrieval (SENDPASS command) modules/nickserv/sendpass - * Password retrieval allowed to normal users modules/nickserv/sendpass_user - * Change primary nickname (SET ACCOUNTNAME) modules/nickserv/set_accountname - * SET EMAIL command modules/nickserv/set_email - * SET EMAILMEMOS command modules/nickserv/set_emailmemos - * SET ENFORCETIME command modules/nickserv/set_enforcetime - * SET HIDEMAIL command modules/nickserv/set_hidemail - * SET LANGUAGE command modules/nickserv/set_language - * SET NEVERGROUP command modules/nickserv/set_nevergroup - * SET NEVEROP command modules/nickserv/set_neverop - * SET NOGREET command modules/nickserv/set_nogreet - * SET NOMEMO command modules/nickserv/set_nomemo - * SET NOOP command modules/nickserv/set_noop - * SET NOPASSWORD command modules/nickserv/set_nopassword - * SET PASSWORD command modules/nickserv/set_password - * PRIVMSG instead of NOTICE (SET PRIVMSG cmd) modules/nickserv/set_privmsg - * Account info hiding (SET PRIVATE command) modules/nickserv/set_private - * SET PROPERTY command modules/nickserv/set_property - * SET PUBKEY command modules/nickserv/set_pubkey - * SET QUIETCHG command modules/nickserv/set_quietchg - * Password retrieval uses code (SETPASS cmd) modules/nickserv/setpass - * STATUS command modules/nickserv/status - * Nickname metadata viewer (TAXONOMY command) modules/nickserv/taxonomy - * VACATION command modules/nickserv/vacation - * VERIFY command modules/nickserv/verify - * VHOST command modules/nickserv/vhost - * Delay services account registrations modules/nickserv/waitreg - */ -loadmodule "modules/nickserv/main"; -#loadmodule "modules/nickserv/access"; -loadmodule "modules/nickserv/badmail"; -#loadmodule "modules/nickserv/cert"; -loadmodule "modules/nickserv/drop"; -#loadmodule "modules/nickserv/enforce"; -loadmodule "modules/nickserv/ghost"; -loadmodule "modules/nickserv/group"; -loadmodule "modules/nickserv/help"; -loadmodule "modules/nickserv/hold"; -loadmodule "modules/nickserv/identify"; -loadmodule "modules/nickserv/info"; -#loadmodule "modules/nickserv/info_lastquit"; -loadmodule "modules/nickserv/list"; -#loadmodule "modules/nickserv/listlogins"; -loadmodule "modules/nickserv/listmail"; -#loadmodule "modules/nickserv/listownmail"; -#loadmodule "modules/nickserv/login"; -loadmodule "modules/nickserv/logout"; -loadmodule "modules/nickserv/mark"; -#loadmodule "modules/nickserv/pwquality"; -loadmodule "modules/nickserv/freeze"; -loadmodule "modules/nickserv/listchans"; -loadmodule "modules/nickserv/listgroups"; -loadmodule "modules/nickserv/register"; -loadmodule "modules/nickserv/regnolimit"; -loadmodule "modules/nickserv/resetpass"; -loadmodule "modules/nickserv/restrict"; -loadmodule "modules/nickserv/return"; -loadmodule "modules/nickserv/setpass"; -#loadmodule "modules/nickserv/sendpass"; -loadmodule "modules/nickserv/sendpass_user"; -loadmodule "modules/nickserv/set_accountname"; -loadmodule "modules/nickserv/set_email"; -loadmodule "modules/nickserv/set_emailmemos"; -#loadmodule "modules/nickserv/set_enforcetime"; -loadmodule "modules/nickserv/set_hidemail"; -loadmodule "modules/nickserv/set_language"; -loadmodule "modules/nickserv/set_nevergroup"; -loadmodule "modules/nickserv/set_neverop"; -loadmodule "modules/nickserv/set_nogreet"; -loadmodule "modules/nickserv/set_nomemo"; -loadmodule "modules/nickserv/set_noop"; -#loadmodule "modules/nickserv/set_nopassword"; -loadmodule "modules/nickserv/set_password"; -#loadmodule "modules/nickserv/set_privmsg"; -#loadmodule "modules/nickserv/set_private"; -loadmodule "modules/nickserv/set_property"; -loadmodule "modules/nickserv/set_pubkey"; -loadmodule "modules/nickserv/set_quietchg"; -loadmodule "modules/nickserv/status"; -loadmodule "modules/nickserv/taxonomy"; -loadmodule "modules/nickserv/vacation"; -loadmodule "modules/nickserv/verify"; -loadmodule "modules/nickserv/vhost"; -#loadmodule "modules/nickserv/waitreg"; - -/* ChanServ modules. - * - * Here you can disable or enable certain features of ChanServ, by - * defining which modules are loaded. You can even disable ChanServ - * entirely. Please note that ChanServ requires an authentication - * service, either NickServ or UserServ will do. - * - * Core components modules/chanserv/main - * ACCESS command (simplified ACL editing) modules/chanserv/access - * AKICK command modules/chanserv/akick - * BAN/UNBAN commands modules/chanserv/ban - * UNBAN self only (load ban or this not both) modules/chanserv/unban_self - * BANSEARCH command modules/chanserv/bansearch - * CLOSE command modules/chanserv/close - * CLONE command modules/chanserv/clone - * CLEAR command modules/chanserv/clear - * CLEAR AKICKS command modules/chanserv/clear_akicks - * CLEAR BANS command modules/chanserv/clear_bans - * CLEAR FLAGS command modules/chanserv/clear_flags - * CLEAR USERS command modules/chanserv/clear_users - * COUNT command modules/chanserv/count - * DROP command modules/chanserv/drop - * Forced flags changes modules/chanserv/fflags - * FLAGS command modules/chanserv/flags - * Forced foundership transfers modules/chanserv/ftransfer - * GETKEY command modules/chanserv/getkey - * HALFOP/DEHALFOP commands modules/chanserv/halfop - * HELP command modules/chanserv/help - * Channel expiry override (HOLD command) modules/chanserv/hold - * INFO command modules/chanserv/info - * INVITE command modules/chanserv/invite - * KICK/KICKBAN commands modules/chanserv/kick - * LIST command modules/chanserv/list - * MARK command modules/chanserv/mark - * Moderated channel registrations modules/chanserv/moderate - * OP/DEOP commands modules/chanserv/op - * OWNER/DEOWNER commands modules/chanserv/owner - * PROTECT/DEPROTECT commands modules/chanserv/protect - * QUIET command (+q support) modules/chanserv/quiet - * Channel takeover recovery (RECOVER command) modules/chanserv/recover - * REGISTER command modules/chanserv/register - * SET EMAIL command modules/chanserv/set_email - * SET ENTRYMSG command modules/chanserv/set_entrymsg - * SET FANTASY command modules/chanserv/set_fantasy - * SET GAMESERV command modules/chanserv/set_gameserv - * SET GUARD command modules/chanserv/set_guard - * SET KEEPTOPIC command modules/chanserv/set_keeptopic - * SET LIMITFLAGS command modules/chanserv/set_limitflags - * SET MLOCK command modules/chanserv/set_mlock - * SET PREFIX command modules/chanserv/set_prefix - * Channel info hiding (SET PRIVATE command) modules/chanserv/set_private - * SET PROPERTY command modules/chanserv/set_property - * SET PUBACL command modules/chanserv/set_pubacl - * SET RESTRICTED command modules/chanserv/set_restricted - * SET SECURE command modules/chanserv/set_secure - * SET TOPICLOCK command modules/chanserv/set_topiclock - * SET URL command modules/chanserv/set_url - * SET VERBOSE command modules/chanserv/set_verbose - * STATUS command modules/chanserv/status - * SYNC command (and automatic ACL syncing) modules/chanserv/sync - * Named Successor ACL flag modules/chanserv/successor_acl - * Channel metadata viewer (TAXONOMY command) modules/chanserv/taxonomy - * TEMPLATE command modules/chanserv/template - * TOPIC/TOPICAPPEND commands modules/chanserv/topic - * VOICE/DEVOICE commands modules/chanserv/voice - * WHY command modules/chanserv/why - * VOP/HOP/AOP/SOP commands modules/chanserv/xop - * This module provides emulation of the ircservices XOP scheme ONLY. - * Do not report discrepencies when using native commands to edit channel - * ACLs. This is intentional. - * Flood protection modules/chanserv/antiflood - * This module should be loaded after at least chanserv/quiet if you want - * the autoquiet feature to work. - */ -loadmodule "modules/chanserv/main"; -loadmodule "modules/chanserv/access"; -loadmodule "modules/chanserv/akick"; -loadmodule "modules/chanserv/ban"; -#loadmodule "modules/chanserv/unban_self"; -loadmodule "modules/chanserv/bansearch"; -loadmodule "modules/chanserv/clone"; -loadmodule "modules/chanserv/close"; -loadmodule "modules/chanserv/clear"; -loadmodule "modules/chanserv/clear_akicks"; -loadmodule "modules/chanserv/clear_bans"; -loadmodule "modules/chanserv/clear_flags"; -loadmodule "modules/chanserv/clear_users"; -loadmodule "modules/chanserv/count"; -loadmodule "modules/chanserv/drop"; -#loadmodule "modules/chanserv/fflags"; -loadmodule "modules/chanserv/flags"; -loadmodule "modules/chanserv/ftransfer"; -loadmodule "modules/chanserv/getkey"; -#loadmodule "modules/chanserv/halfop"; -loadmodule "modules/chanserv/help"; -loadmodule "modules/chanserv/hold"; -loadmodule "modules/chanserv/info"; -loadmodule "modules/chanserv/invite"; -loadmodule "modules/chanserv/kick"; -loadmodule "modules/chanserv/list"; -loadmodule "modules/chanserv/mark"; -#loadmodule "modules/chanserv/moderate"; -loadmodule "modules/chanserv/op"; -#loadmodule "modules/chanserv/owner"; -#loadmodule "modules/chanserv/protect"; -#loadmodule "modules/chanserv/quiet"; -loadmodule "modules/chanserv/recover"; -loadmodule "modules/chanserv/register"; -loadmodule "modules/chanserv/set_email"; -loadmodule "modules/chanserv/set_entrymsg"; -loadmodule "modules/chanserv/set_fantasy"; -#loadmodule "modules/chanserv/set_gameserv"; -loadmodule "modules/chanserv/set_guard"; -loadmodule "modules/chanserv/set_keeptopic"; -#loadmodule "modules/chanserv/set_limitflags"; -loadmodule "modules/chanserv/set_mlock"; -loadmodule "modules/chanserv/set_prefix"; -#loadmodule "modules/chanserv/set_private"; -loadmodule "modules/chanserv/set_property"; -#loadmodule "modules/chanserv/set_pubacl"; -loadmodule "modules/chanserv/set_restricted"; -loadmodule "modules/chanserv/set_secure"; -loadmodule "modules/chanserv/set_topiclock"; -loadmodule "modules/chanserv/set_url"; -loadmodule "modules/chanserv/set_verbose"; -loadmodule "modules/chanserv/status"; -loadmodule "modules/chanserv/sync"; -#loadmodule "modules/chanserv/successor_acl"; -loadmodule "modules/chanserv/taxonomy"; -loadmodule "modules/chanserv/template"; -loadmodule "modules/chanserv/topic"; -loadmodule "modules/chanserv/voice"; -loadmodule "modules/chanserv/why"; -#loadmodule "modules/chanserv/xop"; -loadmodule "modules/chanserv/antiflood"; - -/* CHANFIX module. - * - * Here you can disable or enable certain features of CHANFIX, by - * defining which modules are loaded. - * - * Core components modules/chanfix/main - */ -#loadmodule "modules/chanfix/main"; - -/* OperServ modules. - * - * Here you can disable or enable certain features of OperServ, by - * defining which modules are loaded. - * - * Core components modules/operserv/main - * AKILL system modules/operserv/akill - * CLEARCHAN command modules/operserv/clearchan - * CLONES system modules/operserv/clones - * COMPARE command modules/operserv/compare - * GENHASH command modules/operserv/genhash - * GREPLOG command modules/operserv/greplog - * HELP command modules/operserv/help - * IGNORE system modules/operserv/ignore - * IDENTIFY command modules/operserv/identify - * INFO command modules/operserv/info - * INJECT command modules/operserv/inject - * JUPE command modules/operserv/jupe - * MODE command modules/operserv/mode - * MODINSPECT command modules/operserv/modinspect - * MODLIST command modules/operserv/modlist - * MODLOAD command modules/operserv/modload - * MODRELOAD command modules/operserv/modreload - * MODUNLOAD command modules/operserv/modunload - * NOOP system modules/operserv/noop - * Regex mass akill (RAKILL command) modules/operserv/rakill - * RAW command modules/operserv/raw - * READONLY command modules/operserv/readonly - * REHASH command modules/operserv/rehash - * RESTART command modules/operserv/restart - * Display regex matching (RMATCH command) modules/operserv/rmatch - * Most common realnames (RNC command) modules/operserv/rnc - * RWATCH system modules/operserv/rwatch - * - * Note that ALL of these SET commands only apply until the next rehash! - * - * ALL of the below SET commands (deprecated) modules/operserv/set - * SET AKICKTIME subcommand (temporarily) modules/operserv/set_akicktime - * SET CHANEXPIRE subcommand (temporarily) modules/operserv/set_chanexpire - * SET COMMITINTERVAL subcommand (temporarily) modules/operserv/set_commitinterval - * SET ENFORCEPREFIX subcommand (temporarily) modules/operserv/set_enforceprefix - * SET KLINETIME subcommand (temporarily) modules/operserv/set_klinetime - * SET MAXCHANACS subcommand (temporarily) modules/operserv/set_maxchanacs - * SET MAXCHANS subcommand (temporarily) modules/operserv/set_maxchans - * SET MAXFOUNDERS subcommand (temporarily) modules/operserv/set_maxfounders - * SET MAXLOGINS subcommand (temporarily) modules/operserv/set_maxlogins - * SET MAXNICKS subcommand (temporarily) modules/operserv/set_maxnicks - * SET MAXUSERS subcommand (temporarily) modules/operserv/set_maxusers - * SET MDLIMIT subcommand (temporarily) modules/operserv/set_mdlimit - * SET NICKEXPIRE subcommand (temporarily) modules/operserv/set_nickexpire - * SET RECONTIME subcommand (temporarily) modules/operserv/set_recontime - * SET SPAM subcommand (temporarily) modules/operserv/set_spam - * - * SGLINE system modules/operserv/sgline - * SHUTDOWN command modules/operserv/shutdown - * Non-config oper privileges (SOPER command) modules/operserv/soper - * Oper privilege display (SPECS command) modules/operserv/specs - * SQLINE system modules/operserv/sqline - * UPDATE command modules/operserv/update - * UPTIME command modules/operserv/uptime - */ -loadmodule "modules/operserv/main"; -loadmodule "modules/operserv/akill"; -#loadmodule "modules/operserv/clearchan"; -#loadmodule "modules/operserv/clones"; -loadmodule "modules/operserv/compare"; -#loadmodule "modules/operserv/genhash"; -#loadmodule "modules/operserv/greplog"; -loadmodule "modules/operserv/help"; -loadmodule "modules/operserv/identify"; -loadmodule "modules/operserv/ignore"; -loadmodule "modules/operserv/info"; -loadmodule "modules/operserv/jupe"; -loadmodule "modules/operserv/mode"; -loadmodule "modules/operserv/modinspect"; -loadmodule "modules/operserv/modlist"; -loadmodule "modules/operserv/modload"; -loadmodule "modules/operserv/modunload"; -loadmodule "modules/operserv/modreload"; -loadmodule "modules/operserv/noop"; -#loadmodule "modules/operserv/rakill"; -loadmodule "modules/operserv/readonly"; -loadmodule "modules/operserv/rehash"; -loadmodule "modules/operserv/restart"; -loadmodule "modules/operserv/rmatch"; -loadmodule "modules/operserv/rnc"; -loadmodule "modules/operserv/rwatch"; -loadmodule "modules/operserv/set"; -loadmodule "modules/operserv/sgline"; -loadmodule "modules/operserv/shutdown"; -#loadmodule "modules/operserv/soper"; -loadmodule "modules/operserv/specs"; -#loadmodule "modules/operserv/sqline"; -loadmodule "modules/operserv/update"; -loadmodule "modules/operserv/uptime"; - -/* MemoServ modules. - * - * Here you can disable or enable certain features of MemoServ, by - * defining which modules are loaded. You can even disable MemoServ - * entirely. - * - * Core components modules/memoserv/main - * HELP command modules/memoserv/help - * SEND command modules/memoserv/send - * Channel memos (SENDOPS command) modules/memoserv/sendops - * Group memos (SENDGROUP command) modules/memoserv/sendgroup - * LIST command modules/memoserv/list - * READ command modules/memoserv/read - * FORWARD command modules/memoserv/forward - * DELETE command modules/memoserv/delete - * IGNORE command modules/memoserv/ignore - */ -loadmodule "modules/memoserv/main"; -loadmodule "modules/memoserv/help"; -loadmodule "modules/memoserv/send"; -loadmodule "modules/memoserv/sendops"; -loadmodule "modules/memoserv/sendgroup"; -loadmodule "modules/memoserv/list"; -loadmodule "modules/memoserv/read"; -loadmodule "modules/memoserv/forward"; -loadmodule "modules/memoserv/delete"; -loadmodule "modules/memoserv/ignore"; - -/* Global module. - * - * Like the other services, the Global noticer is a module. You can - * disable or enable it to your liking below. Please note that the - * Global noticer is dependent on OperServ for full functionality. - */ -loadmodule "modules/global/main"; - -/* InfoServ module. - * - * Like the other services, InfoServ is a module. You can disable or - * enable it to your liking below. - */ -loadmodule "modules/infoserv/main"; - -/* SASL agent module. - * - * Allows clients to authenticate to services via SASL with an appropriate - * ircd. You need the core components and at least one mechanism. - * - * Core components modules/saslserv/main - * AUTHCOOKIE mechanism (for IRIS) modules/saslserv/authcookie - * ECDH-X25519-CHALLENGE mechanism modules/saslserv/ecdh-x25519-challenge - * ECDSA-NIST256P-CHALLENGE mechanism modules/saslserv/ecdsa-nist256p-challenge - * EXTERNAL mechanism (IRCv3.1+) modules/saslserv/external - * PLAIN mechanism modules/saslserv/plain - * SCRAM-SHA-* mechanisms modules/saslserv/scram - * - * ECDH-X25519-CHALLENGE support requires that Atheme be compiled against a - * cryptographic library that provides X25519 ECDH support (BoringSSL, - * LibreSSL, ARM mbedTLS, Nettle, Sodium). This will be checked while running - * ./configure. - * - * ECDSA-NIST256P-CHALLENGE support requires that Atheme be compiled against - * an OpenSSL with ECDSA support (not RHEL etc. unless you compile your own). - * This will be checked while running ./configure. - * - * You MUST read doc/SASL-SCRAM before loading modules/saslserv/scram! - */ -loadmodule "modules/saslserv/main"; -loadmodule "modules/saslserv/authcookie"; -#loadmodule "modules/saslserv/ecdh-x25519-challenge"; -#loadmodule "modules/saslserv/ecdsa-nist256p-challenge"; -#loadmodule "modules/saslserv/external"; -loadmodule "modules/saslserv/plain"; -#loadmodule "modules/saslserv/scram"; /* READ doc/SASL-SCRAM FIRST! */ - -/* GameServ modules. - * - * Here you can disable or enable certain features of GameServ, by - * defining which modules are loaded. You can even disable GameServ - * entirely. - * - * Core components modules/gameserv/main - * DICE/WOD commands modules/gameserv/dice - * EIGHTBALL command modules/gameserv/eightball - * Game-specific dice calculators modules/gameserv/gamecalc - * HELP commands modules/gameserv/help - * LOTTERY command modules/gameserv/lottery - * NAMEGEN command modules/gameserv/namegen - * RPS command modules/gameserv/rps - */ -#loadmodule "modules/gameserv/main"; -#loadmodule "modules/gameserv/dice"; -#loadmodule "modules/gameserv/eightball"; -#loadmodule "modules/gameserv/gamecalc"; -#loadmodule "modules/gameserv/help"; -#loadmodule "modules/gameserv/lottery"; -#loadmodule "modules/gameserv/namegen"; -#loadmodule "modules/gameserv/rps"; - -/* RPGServ modules. - * - * Here you can disable or enable certain features of RPGServ, by - * defining which modules are loaded. You can even disable RPGServ - * entirely. - * - * Core components modules/rpgserv/main - * ENABLE/DISABLE commands modules/rpgserv/enable - * HELP command modules/rpgserv/help - * INFO command modules/rpgserv/info - * LIST command modules/rpgserv/list - * SEARCH command modules/rpgserv/search - * SET commands modules/rpgserv/set - */ -#loadmodule "modules/rpgserv/main"; -#loadmodule "modules/rpgserv/enable"; -#loadmodule "modules/rpgserv/help"; -#loadmodule "modules/rpgserv/info"; -#loadmodule "modules/rpgserv/list"; -#loadmodule "modules/rpgserv/search"; -#loadmodule "modules/rpgserv/set"; - -/* BotServ modules. - * - * Here you can disable or enable certain features of BotServ, by - * defining which modules are loaded. You can even disable BotServ - * entirely. - * - * Core components modules/botserv/main - * HELP command modules/botserv/help - * INFO command modules/botserv/info - * NPC commands (SAY, ACT) modules/botserv/bottalk - * SET FANTASY command modules/botserv/set_fantasy - * SET NOBOT command modules/botserv/set_nobot - * SET PRIVATE command modules/botserv/set_private - * SET SAYCALLER command modules/botserv/set_saycaller - */ -#loadmodule "modules/botserv/main"; -#loadmodule "modules/botserv/help"; -#loadmodule "modules/botserv/info"; -#loadmodule "modules/botserv/bottalk"; -#loadmodule "modules/botserv/set_fantasy"; -#loadmodule "modules/botserv/set_nobot"; -#loadmodule "modules/botserv/set_private"; -#loadmodule "modules/botserv/set_saycaller"; - -/* HostServ modules. - * - * Here you can disable or enable certain features of HostServ, by - * defining which modules are loaded. You can even disable HostServ - * entirely. - * - * HostServ is a more complex, and optional virtual host management service. - * Users wishing only to set vhosts need not use it (they can use the builtin - * vhost management of NickServ instead). - * - * Core components modules/hostserv/main - * HELP command modules/hostserv/help - * OFFER system modules/hostserv/offer - * ON and OFF commands modules/hostserv/onoff - * REQUEST system modules/hostserv/request - * VHOST and LISTVHOST commands modules/hostserv/vhost - * VHOSTNICK command modules/hostserv/vhostnick - * GROUP command modules/hostserv/group - * DROP command modules/hostserv/drop - */ -#loadmodule "modules/hostserv/main"; -#loadmodule "modules/hostserv/help"; -#loadmodule "modules/hostserv/onoff"; -#loadmodule "modules/hostserv/offer"; -#loadmodule "modules/hostserv/request"; -#loadmodule "modules/hostserv/vhost"; -#loadmodule "modules/hostserv/vhostnick"; -#loadmodule "modules/hostserv/group"; -#loadmodule "modules/hostserv/drop"; - -/* HelpServ modules. - * HelpServ allows users to request help from network staff in a few different ways. - * - * Core components modules/helpserv/main - * HELPME command modules/helpserv/helpme - * Help Ticket system modules/helpserv/ticket - * Service List modules/helpserv/services - * - * The ticket system works like a bugtracker ot helpdesk ticket system, HELPME - * works like a one-time alert. You should probably only load one of the two systems. - */ -#loadmodule "modules/helpserv/main"; -#loadmodule "modules/helpserv/helpme"; -#loadmodule "modules/helpserv/ticket"; -#loadmodule "modules/helpserv/services"; - -/* Channel listing service. - * - * Allows users to list channels with more flexibility than the /list - * command. - * - * Core components modules/alis/main - */ -#loadmodule "modules/alis/main"; - -/* StatServ module. - * StatServ provides basic statistics and split tracking. - * - * Core components modules/statserv/main - * CHANNEL command modules/statserv/channel - * NETSPLIT command modules/statserv/netsplit - * SERVER command modules/statserv/server - */ -loadmodule "modules/statserv/main"; -#loadmodule "modules/statserv/channel"; -loadmodule "modules/statserv/netsplit"; -loadmodule "modules/statserv/server"; - -/* GroupServ module. - * GroupServ allows users to create groups to easily mass-manage channel - * access and more. - * - * Core components modules/groupserv/main - * ACSNOLIMIT command modules/groupserv/acsnolimit - * DROP command modules/groupserv/drop - * FFLAGS command modules/groupserv/fflags - * FLAGS command modules/groupserv/flags - * HELP command modules/groupserv/help - * INFO command modules/groupserv/info - * JOIN command modules/groupserv/join - * LIST command modules/groupserv/list - * LISTCHANS command modules/groupserv/listchans - * REGISTER command modules/groupserv/register - * REGNOLIMIT command modules/groupserv/regnolimit - * INVITE command modules/groupserv/invite - * SET command modules/groupserv/set - * SET CHANNEL command modules/groupserv/set_channel - * SET DESCRIPTION command modules/groupserv/set_description - * SET EMAIL command modules/groupserv/set_email - * SET GROUPNAME command modules/groupserv/set_groupname - * SET JOINFLAGS command modules/groupserv/set_joinflags - * SET OPEN command modules/groupserv/set_open - * SET PUBLIC command modules/groupserv/set_public - * SET URL command modules/groupserv/set_url - * - */ -loadmodule "modules/groupserv/main"; -loadmodule "modules/groupserv/acsnolimit"; -loadmodule "modules/groupserv/drop"; -loadmodule "modules/groupserv/fflags"; -loadmodule "modules/groupserv/flags"; -loadmodule "modules/groupserv/help"; -loadmodule "modules/groupserv/info"; -loadmodule "modules/groupserv/join"; -loadmodule "modules/groupserv/list"; -loadmodule "modules/groupserv/listchans"; -loadmodule "modules/groupserv/register"; -loadmodule "modules/groupserv/regnolimit"; -#loadmodule "modules/groupserv/invite"; -loadmodule "modules/groupserv/set"; -loadmodule "modules/groupserv/set_channel"; -loadmodule "modules/groupserv/set_description"; -loadmodule "modules/groupserv/set_email"; -loadmodule "modules/groupserv/set_groupname"; -loadmodule "modules/groupserv/set_joinflags"; -loadmodule "modules/groupserv/set_open"; -loadmodule "modules/groupserv/set_public"; -loadmodule "modules/groupserv/set_url"; - -/* - * Various modules. - * - * Atheme includes an optional HTTP server that can be used for integration - * with portal software and other useful things. To enable it, load this - * module, and uncomment the httpd { } block towards the bottom of the config. - * - * HTTP Server modules/misc/httpd - */ -#loadmodule "modules/misc/httpd"; - -/* XMLRPC server module. - * - * The XML-RPC handler requires modules/misc/httpd to be loaded as it merely - * registers a path handler for XML-RPC. The path used for XML-RPC is /xmlrpc. - * - * XMLRPC handler for the httpd modules/transport/xmlrpc - */ -#loadmodule "modules/transport/xmlrpc"; - -/* Extended target entity types. [EXPERIMENTAL] - * - * Atheme can set up special target mapping entities which match multiple - * users in channel access entries. These target mapping entity types are - * defined through the 'exttarget' modules listed below. - * - * Exttarget handling core modules/exttarget/main - * $oper exttarget match type modules/exttarget/oper - * $registered exttarget match type modules/exttarget/registered - * $channel exttarget match type modules/exttarget/channel - * $chanacs exttarget match type modules/exttarget/chanacs - * $server exttarget match type modules/exttarget/server - */ -#loadmodule "modules/exttarget/main"; -#loadmodule "modules/exttarget/oper"; -#loadmodule "modules/exttarget/registered"; -#loadmodule "modules/exttarget/channel"; -#loadmodule "modules/exttarget/chanacs"; -#loadmodule "modules/exttarget/server"; - -/* Proxyscan (DNSBL) modules. - * - * Atheme can also check set DNS Blacklists for matches and respond - * as set. Activate modules here and customize further down under Proxyscan - * section. - */ -#loadmodule "modules/proxyscan/main"; -#loadmodule "modules/proxyscan/dnsbl"; - -/* Other modules. - * - * Put any other modules you want to load on startup here. The path - * is relative to PREFIX or PREFIX/lib/atheme, depending on how Atheme - * was compiled. - */ -#loadmodule "modules/contrib/backtrace"; - -/****************************************************************************** - * SERVICES RUNTIME CONFIGURATION SECTION. * - ******************************************************************************/ - -/* - * This block controls the configuration options for crypto modules. - * - * It is recommended to either leave the values at their defaults, or - * experiment with them so that it takes approximately 0.2-0.4 seconds - * for users to identify. Services blocks while the password is being - * encrypted or verified, so don't set these too large, or people can - * hang services by trying many password attempts at once. - * - * A benchmark program for the Argon2, scrypt & PBKDF2 crypto code is - * available to assist with tuning these parameters: - * - * - ./configure --prefix=foo ... - * - make - * - make install - * - ${foo}/bin/atheme-crypto-benchmark -o - * - * If you wish to deploy SASL SCRAM support, please read 'doc/SASL-SCRAM' and - * pass the '-i' flag to the included cryptographic benchmarking utility too. - * - * If you are using the PBKDF2 module, its performance will be significantly - * affected by your choice of cryptographic digest library. This software can - * currently interface with 3 libraries; in decreasing order of performance: - * - * - OpenSSL (libcrypto) - * - GnuPG (libgcrypt) - * - ARM mbedTLS (libmbedcrypto) - * - * If you have one of these libraries available at configure-time, the PBKDF2 - * module will perform significantly better, allowing you to raise its - * iteration count without affecting the computation time. This is indicated - * by the output of the configure script; "Digest Frontend". The benchmark - * program will also inform you what cryptographic digest library it is using, - * if any. - * - * - * - * If you are migrating from crypto/argon2d (v7.2) to crypto/argon2, and you - * wish to use the same parameters as the older module's defaults, configure - * it like so: - * - * crypto { - * argon2_type = "argon2d"; - * argon2_memcost = 14; - * argon2_timecost = 32; - * argon2_threads = 1; - * argon2_saltlen = 32; - * argon2_hashlen = 64; - * }; - * - * - * - * If you are migrating from crypto/pbkdf2 (v7.2) to crypto/pbkdf2v2, and you - * wish to use the same parameters as the older module, configure it like so: - * - * crypto { - * pbkdf2v2_digest = "SHA512"; - * pbkdf2v2_rounds = 128000; - * }; - * - * Note that this will still result in passwords being re-encrypted with the - * newer module (as the older module successfully verifies them); another new - * PBKDF2 computation with a new salt will occur, but this is still no worse - * than an invocation of NickServ's "SET PASSWORD" command. You will still - * need to keep the old module in your loadmodule configuration above, as the - * new module cannot verify digests produced by the old one. - * - * If you wish to deploy SASL SCRAM support, please read 'doc/SASL-SCRAM'. - * Its advice regarding parameter choice takes precedence over this! - */ -crypto { - - /* (*) argon2_type - * - * The algorithm type to use for new passwords. - * - * Argon2d is suitable for use on a dedicated machine that has - * limited access. It provides the most resistance to GPU and ASIC - * cracking attacks, but its operation is data-dependent; that is, - * during its operation, keying material derived from the password - * itself is indirectly affecting the execution choices made by the - * algorithm. This creates a side-channel that can leak information - * about the password to other software running on the same physical - * machine. - * - * Argon2i avoids this by being data-independent. The order of memory - * accesses, conditional execution, etc. does not depend on the - * password, or any material derived from the password, so no side- - * channel that can reveal any information about the password is - * created. However, this means that it is easier to bruteforce by a - * password cracker, which does not have to account for execution - * differences in its implementation. This is the most suitable - * choice for running on a virtual machine that is co-located with - * other, untrusted, virtual machines, or on a dedicated machine that - * runs other, untrusted, software, or has untrusted user access. - * - * Argon2id is a blend of both, limiting the exploitability of any - * side-channels while retaining excellent resistance to GPU and ASIC - * cracking. This is suitable for all but the most sensitive of - * deployments. - * - * All algorithm types perform about equally as well as each other; - * changing this will not significantly affect the computation time. - * - * The "argon2id" type requires a more recent libargon2 library. This - * is indicated in your ./configure output ("checking if libargon2 - * algorithm type Argon2id appears to be usable..."). - * - * Valid values are "argon2d", "argon2i", and "argon2id" - * The default is "argon2id"; unless unsupported, then "argon2d". - */ - #argon2_type = "argon2id"; - - /* (*) argon2_memcost - * - * Memory cost (as a power of 2, in KiB) to use for new passwords. - * - * You should set this as high as is reasonable for the machine you - * will be running this software on. If this results in too slow a - * computation time, reset the time cost below to its minimum value. - * If it is still too slow, decrement this value (halving the memory - * usage) until it is fast enough. Alternatively, if it is still too - * fast after setting this to its highest reasonable value, raise the - * time cost below until it is not. A benchmark program is available - * alongside this software to aid in this process. - * - * WARNING: Do *NOT* set this to more than 20 (1 GiB RAM) on a 32-bit - * machine or a 32-bit Operating System! - * - * Valid values are 3 (8 KiB RAM) to 30 (1 TiB RAM) (inclusive) - * The default is 16 (64 MiB RAM) - */ - #argon2_memcost = 16; - - /* (*) argon2_timecost - * - * Time cost (iterations over the memory pool). - * - * Valid values are 3 to 1,048,576 (inclusive) - * The default is 3 - */ - #argon2_timecost = 3; - - /* (*) argon2_threads - * - * Number of processor threads to use for new passwords. - * - * If you want to increase the amount of computation effort required, - * while not increasing the real ("wall clock") time required, raise - * this setting to its maximum reasonable value for the machine you - * will be running this software on. - * - * This software is not multi-threaded, so only one password will be - * verified at a time. Therefore, you do NOT need to divide this by - * the expected maximum number of simultaneous logins. - * - * It is pointless to set this higher than the number of hardware - * processing threads you have; increase the time cost above instead - * if you want to make it arbitrarily slower. Diminishing returns are - * to be expected once you exceed the number of hardware processing - * /cores/ you have; hyperthreading does NOT provide much (if any) of - * a boost for this workload. - * - * Increasing this value will *decrease* the real time required, so - * you may have to subsequently increase the time cost above again to - * make it "just slow enough" once more. A benchmark program is - * available alongside this software to aid in this process. - * - * WARNING: The (size of the) memory pool configured above is split - * between the threads, which can result in too small a memory area - * per-thread if many threads are used. If you set this value, it is - * HIGHLY RECOMMENDED that you run the included benchmarking program - * with the same configuration options, to confirm that it works! - * - * WARNING: This feature is experimental. Some of the code in this - * software is not thread-safe, and although every effort has been - * made to ensure that this feature will not interfere with the - * operation of this software, this cannot be guaranteed. - * - * Valid values are 1 to 255 (inclusive) - * The default is 1 (do not use any computation parallelism) - */ - #argon2_threads = 1; - - /* (*) argon2_saltlen - * - * Salt length (in bytes) to use for new passwords. You should only - * change this if absolutely necessary; for example, to interoperate - * with other software. Its value doesn't significantly affect the - * computation time. - * - * Valid values are 4 to 48 (inclusive) - * The default is 16 - */ - #argon2_saltlen = 16; - - /* (*) argon2_hashlen - * - * Digest length (in bytes) to use for new passwords. You should only - * change this if absolutely necessary; for example, to interoperate - * with other software. Its value doesn't significantly affect the - * computation time. - * - * Valid values are 16 to 128 (inclusive) - * The default is 64 - */ - #argon2_hashlen = 64; - - /* (*) scrypt_memlimit - * - * Memory limit (as a power of 2, in KiB) to use for new passwords. - * - * You should set this as high as is reasonable for the machine you - * will be running this software on. If this results in too slow a - * computation time, reset the opslimit below to its default value. - * If it is still too slow, decrement this value (halving the memory - * usage) until it is fast enough. Alternatively, if it is still too - * fast after setting this to its highest reasonable value, raise the - * opslimit below until it is not. A benchmark program is available - * alongside this software to aid in this process. - * - * WARNING: Do *NOT* set this to more than 20 (1 GiB RAM) on a 32-bit - * machine or a 32-bit Operating System! - * - * Valid values are 14 (16 MiB RAM) to 26 (64 GiB RAM) (inclusive) - * The default is 14 (16 MiB RAM) - */ - #scrypt_memlimit = 14; - - /* (*) scrypt_opslimit - * - * Amount of computation to perform for new passwords. - * - * The default value for this option is based on the default value of - * the above option. The recommended value is (memlimit_bytes / 32). - * - * Valid values are 32,768 to 4,294,967,295 (inclusive) - * The default is 524,288 - */ - #scrypt_opslimit = 524288; - - /* (*) pbkdf2v2_digest - * - * Cryptographic digest algorithm to use (in HMAC mode). - * - * Valid values are "SHA1", "SHA2-256", and "SHA2-512". - * Additionally, the following aliases exist, for compatibility: - * - * "SHA-1" -> SHA1 - * "SHA256" -> SHA2-256 - * "SHA512" -> SHA2-512 - * "SHA-256" -> SHA2-256 - * "SHA-512" -> SHA2-512 - * - * Finally, you can prefix this value with "SCRAM-" to enable the - * computation and storage of an RFC5802/SCRAM ServerKey & StoredKey, - * instead of a raw PBKDF2 digest (SaltedPassword). Verification of - * plaintext passwords against these digests can still be performed - * (for e.g. NickServ IDENTIFY or SASL PLAIN), by computing a new - * SCRAM ServerKey from the provided password and comparing it to the - * stored ServerKey, so setting this to a SCRAM mode does NOT prevent - * non-SCRAM logins. For these variants, please read doc/SASL-SCRAM. - * - * The default is "SHA2-512" - */ - #pbkdf2v2_digest = "SHA2-512"; - - /* (*) pbkdf2v2_rounds - * - * This is the PBKDF2 "iteration count". You should raise this as high - * as is reasonable for the machine you will be running services on. - * However, note that if you are going to deploy SASL SCRAM support, - * the *client*, NOT services, performs the PBKDF2 calculation during - * login, so keep in mind that many mobile clients will not perform as - * well as a server, and reduce the iteration count accordingly. Also, - * some clients will refuse to perform a login at all if this is set - * too high. A benchmark program is included alongside this software to - * aid in tuning this parameter. - * - * Valid values are 10,000 to 5,000,000 (inclusive) - * The default is 64,000 - */ - #pbkdf2v2_rounds = 64000; - - /* (*) pbkdf2v2_saltlen - * You should only change this if you *really* know what you're doing - * Valid values are 8 to 64 (inclusive) - * The default is 32 - */ - #pbkdf2v2_saltlen = 32; - - /* (*) bcrypt_cost - * - * Amount of rounds to perform for new passwords (as a power of 2). - * You should raise this as high as is reasonable. A benchmark - * program is available alongside this software to aid in this - * process. - * - * Valid values are 4 to 31 (inclusive) - * The default is 7 - */ - #bcrypt_cost = 7; - - /* (*) crypt3_sha2_256_rounds - * (*) crypt3_sha2_512_rounds - * - * Use of this option is restricted to certain C libraries! - * At present, only GNU libc6 ("glibc") v2.7+ is known to work. - * - * Valid values are 5,000 to 1,000,000 (inclusive) - * The default is 5,000 - */ - #crypt3_sha2_256_rounds = 5000; - #crypt3_sha2_512_rounds = 5000; -}; - -/* The serverinfo{} block defines how we appear on the IRC network. */ -serverinfo { - /* name - * The server name that this program uses on the IRC network. - * This is the name you'll have to use in C:/N:Lines. It must be - * unique on the IRC network and contain at least one dot, but does - * not have to be equal to any DNS name. - */ - name = "{{atheme_server_host}}"; - - /* desc - * The ``server comment'' we send to the IRC network. - */ - desc = "Atheme IRC Services"; - - /* numeric - * Some protocol drivers (Charybdis, Ratbox2, P10, IRCNet) - * require a server id, also known as a numeric. Please consult your - * ircd's documentation when providing this value. - */ - numeric = "00A"; - - /* (*)recontime - * The number of seconds before we reconnect to the uplink. - */ - recontime = 10; - - /* (*)netname - * The name of your network. - */ - netname = "{{atheme_server_host}}"; - - /* (*)hidehostsuffix - * P10 +x host hiding gives .. - * If using +x on asuka, this must agree - * with F:HIDDEN_HOST. - */ - hidehostsuffix = "users.misconfigured"; - - /* (*)adminname - * The name of the person running this service. - */ - adminname = "{{atheme_admin_name}}"; - - /* (*)adminemail - * The email address of the person running this service. - */ - adminemail = "{{atheme_admin_email}}"; - - /* (*)registeremail - * The email address that messages should be originated from. - * If this is not set, then "noreply.$adminemail" will be used. - */ - registeremail = "{{atheme_admin_email}}"; - - /* (*)hidden - * If this is enabled, Atheme will indicate to the uplink IRCd - * that it should not be included in /links output. This only works - * on the following IRCds at present: charybdis, ircd-seven, ratbox. - */ - #hidden; - - /* (*)mta - * The full path to your mail transfer agent. - * This is used for email authorization and password retrieval. - * Comment this out to disable sending email. - * Warning: sending email can disclose the IP of your services - * unless you take precautions (not discussed here further). - */ - mta = "/usr/sbin/sendmail"; - - /* (*)loglevel - * Specify the default categories of logging information to record - * in the master Atheme logfile, usually var/atheme.log. - * - * Options include: - * debug, all - meta-keyword for all possible categories - * trace - meta-keyword for a little bit of info - * misc - like trace, but with some more miscellaneous info - * notice - meta-keyword for notice-like information - * ------------------------------------------------------------------------------ - * error - critical errors - * info - miscillaneous log notices - * verbose - A bit more verbose than info, not quite as spammy as debug - * commands - all command use - * admin - administrative command use - * register - account and channel registrations - * set - changes of account or channel settings - * request - user requests (currently only vhosts) - * network - log notices related to network status - * rawdata - log raw data sent and received by services - * wallops - - */ - loglevel = { error; info; admin; network; wallops; }; - - /* (*)maxlogins - * What is the maximum number of sessions allowed to login to one - * username? This reduces potential abuse. It is only checked on login. - */ - maxlogins = 5; - - /* (*)maxusers - * What are the maximum usernames that one email address can register? - * Set to 0 to disable this check (it can be slow currently). - */ - maxusers = 5; - - /* (*)mdlimit - * How many metadata entries can be added to an object? - */ - mdlimit = 30; - - /* (*)emaillimit, emailtime - * The maximum number of emails allowed to be sent in - * that amount of time (seconds). If this is exceeded, - * wallops will be sent, at most one per minute. - */ - emaillimit = 10; - emailtime = 300; - - /* (*)auth - * What type of username registration authorization do you want? - * If "email", Atheme will send a confirmation email to the address to - * ensure it's valid. If registration is not completed within one day, - * the username will expire. If "none", no message will be sent and - * the username will be fully registered. - * Valid values are: email, none. - */ - auth = none; - - /* casemapping - * Specify the casemapping to use. Almost all TSora (and any that follow - * the RFC correctly) ircds will use rfc1459 casemapping. Bahamut, Unreal, - * and other ``Dalnet'' ircds will use ascii casemapping. - * Valid values are: rfc1459, ascii. - */ - casemapping = rfc1459; -}; - -/* uplink{} blocks define connections to IRC servers. - * Multiple may be defined but only one will be used at a time (IRC - * being a tree shaped network). Atheme does not currently link over SSL. - * To link Atheme over ssl, please connect Atheme to a local ircd and have that - * connect to your network over SSL. - */ -uplink "{{atheme_upstream_server}}" { - // The server name of the ircd you're linking to goes above. - - // host - // The hostname to connect to. - host = "127.0.0.1"; - - // vhost - // The source IP to connect from, used on machines with multiple interfaces. - #vhost = "192.0.2.5"; - - // send_password - // The password sent for linking. - send_password = "{{atheme_server_pass}}"; - - // receive_password - // The password received for linking. - receive_password = "{{atheme_server_pass}}"; - - // port - // The port to connect to. - port = 6667; -}; - -/* this is an example for using an IPv6 address as an uplink */ -/* uplink "irc6.example.net" { - host = "::1"; - - // password - // If you want to have same send_password and accept_password, you - // can specify both using 'password' instead of individually. - password = "linkage"; - - port = 6667; -}; -*/ - -/* Services configuration. - * - * Each of these blocks can contain a nick, user, host, real and aliases. - * Several of them also have options specific to the service. - */ - -/* NickServ configuration. - * - * The nickserv {} block contains settings specific to the NickServ modules. - * - * NickServ provides nickname or username registration and authentication - * services. It provides necessary authentication features required for - * Services to operate correctly. You should make sure these settings - * are properly configured for your network. - */ -nickserv { - /* (*)spam - * Have NickServ tell people about how great it and ChanServ are. - */ - spam; - - /* no_nick_ownership - * Enable this to disable nickname ownership (old userserv{}). - * This changes changes "nickname" to "account" in most messages, - * disables GHOST on users not logged in to the same account and - * makes the spam directive ineffective. - * It is suggested that the nick be set to UserServ, login.so - * be loaded instead of identify.so and ghost.so not be loaded. - */ - #no_nick_ownership; - - /* (*)nick - * The nickname we want NickServ to have. - */ - nick = "NickServ"; - - /* (*)user - * The username we want NickServ to have. - */ - user = "NickServ"; - - /* (*)host - * The hostname we want NickServ to have. - */ - host = "{{atheme_server_host}}"; - - /* (*)real - * The realname (gecos) information we want NickServ to have. - */ - real = "Nickname Services"; - - /* (*)aliases - * Command aliases for NickServ. - */ - aliases { - "ID" = "IDENTIFY"; - "MYACCESS" = "LISTCHANS"; - }; - - /* (*)access - * This block allows you to modify the access level required to run - * commands. The list of possible accesses are listed in the operclass - * section later in this .conf . Note that you can only set the access - * on an actual command, not an alias. - */ - access { - }; - - /* (*)maxnicks - * If GROUP is loaded, what are the maximum nicknames that one - * username can register? - */ - maxnicks = 5; - - /* (*)expire - * The number of days before inactive registrations are expired. - */ - expire = 30; - - /* (*)enforce_expire - * The number of days of no use after which to ignore enforcement - * settings on nicks. - */ - #enforce_expire = 14; - - /* (*)enforce_delay - * The number of seconds to delay nickchange enforcement settings - * on nicks. - */ - #enforce_delay = 30; - - /* (*)enforce_prefix - * The prefix to use when changing the user's nick on enforcement - */ - #enforce_prefix = "Guest"; - - /* (*)waitreg_time - * The amount of time (in seconds) users have to wait between - * connecting to the network, and being able to register a services - * account. Minimum value 0 (disables the enforced delay), default - * value 0, maximum value 43200 (12 hours). Requires the - * "modules/nickserv/waitreg" module to be loaded to do anything. - */ - #waitreg_time = 0; - - /* (*)cracklib_dict - * The location and filename prefix of the cracklib dictionaries - * for use with nickserv/pwquality. This must be provided if you are - * going to be using nickserv/pwquality with cracklib support enabled. - */ - #cracklib_dict = "/var/cache/cracklib/cracklib_dict"; - - /* (*)passwdqc_* - * Please see the passwdqc.conf(5) documentation for an explanation - * of these values. Affects modules/nickserv/pwquality if passwdqc - * support is enabled. Default values given below. - */ - #passwdqc_max = 288; /* (8 <= value <= 288) */ - #passwdqc_min_n0 = 20; /* (0 <= value <= passwdqc_max) */ - #passwdqc_min_n1 = 16; /* (0 <= value <= passwdqc_min_n0) */ - #passwdqc_min_n2 = 16; /* (0 <= value <= passwdqc_min_n1) */ - #passwdqc_min_n3 = 12; /* (0 <= value <= passwdqc_min_n2) */ - #passwdqc_min_n4 = 8; /* (0 <= value <= passwdqc_min_n3) */ - #passwdqc_words = 4; /* (2 <= value <= 8) */ - - /* (*)pwquality_warn_only - * If this option is set and nickserv/pwquality is loaded, nickserv will just - * warn users that their password is insecure, recommend they change it and - * still register the nick. If this option is unset, it will refuse to - * register the nick at all until the user chooses a better password. - */ - #pwquality_warn_only; - - /* (*)show_custom_metadata - * Setting this option to false will prevent user-set metadata (via SET PROPERTY) - * from showing up in the INFO output. The TAXONOMY command will still function - * as usual, and INFO will point this out if users have metadata set. - */ - show_custom_metadata; - - /* (*)emailexempts - * A list of email addresses that will be exempt from the check of how many - * accounts one user may have. Any email address in this block may register - * an unlimited number of accounts/usernames. - */ - emailexempts { - }; - - /* - * (*)shorthelp - * - * A list of commands that are displayed (with their full description) in the - * output of `/msg NickServ HELP'. Commands not in this list will be listed, but - * not with their descriptions. All commands with descriptions are still listed - * in `/msg NickServ HELP COMMANDS' regardless of the value set here. - * - * Optional; defaults to "ACCESS CERT DROP GHOST GROUP IDENTIFY INFO LISTCHANS - * LISTGROUPS LISTLOGINS LISTOWNMAIL LOGOUT REGAIN REGISTER RELEASE SENDPASS SET - * UNGROUP". - * - * A command in this list will only be printed if the corresponding module is - * loaded and the user has permission to use it. Set to an empty string to - * disable listing command descriptions in `/msg NickServ HELP'. - */ - #shorthelp = ""; -}; - -/* ChanServ configuration. - * - * The chanserv {} block contains settings specific to the ChanServ modules. - * - * ChanServ provides channel registration services, which allows users to own - * channels. It is not required, but is strongly recommended. - */ -chanserv { - /* (*)nick - * The nickname we want the client to have. - */ - nick = "ChanServ"; - - /* (*)user - * The username we want the client to have. - */ - user = "ChanServ"; - - /* (*)host - * The hostname we want the client to have. - */ - host = "{{atheme_server_host}}"; - - /* (*)real - * The GECOS of the client. - */ - real = "Channel Services"; - - /* reggroup - * The group that will receive Memos about - * channel Registration requests when - * chanserv/moderate is loaded. - */ - #reggroup = "!Services-Team"; - - /* (*)aliases - * Command aliases for ChanServ. - */ - aliases { - }; - - /* (*)access - * Command access changes for ChanServ. - */ - access { - }; - - /* (*)maxchans - * What are the maximum channels that one username can register? - */ - maxchans = 5; - - /* fantasy - * Do you want to enable fantasy commands? This can - * use a lot of CPU up, and will only work if you have - * join_chans (in general) enabled as well. - */ - fantasy; - - /* (*) hide_xop - * Hide the XOP templates from sight. This is useful if you - * want to use templates and not have the XOP templates displayed. - */ - #hide_xop; - - /* (*) templates - * Defines what flags the global templates comprise. - * - * For the special XOP templates: - * These should all be different and not equal to the empty set, - * except that hop may be equal to vop to disable hop. - * Each subsequent level should have more flags (except +VHO). - * For optimal functioning of /cs forcexop, aop should not have - * any of +sRf, hop should not have any of +sRfoOr and vop should - * not have any of +sRfoOrhHt. - * If this is not specified, the values of Atheme 0.3 are used, - * which are generally less intuitive than these. - * Note: changing these leaves the flags of existing channel access - * entries unchanged, thus removing them of the view of /cs xop list. - * Usually the channel founder can use /cs forcexop to update the - * entries to the new levels. - * - * Advice: - * If you want to add a co-founder role, remove the flags permission - * from the SOP role, and define a co-founder role with flags - * permissions. - */ - templates { - vop = "+AV"; - hop = "+AHehitrv"; - aop = "+AOehiortv"; - sop = "+AOaefhiorstv"; - - founder = "+AFORaefhioqrstv"; - - /* some examples (which are commented out...) */ - #member = "+Ai"; - #op = "+AOiortv"; - }; - - /* (*) deftemplates - * Defines default templates to set on new channels, as a - * space-separated list of name=+flags pairs. - * Note: at this time no syntax checking is done on this; it - * is your own responsibility to make sure it is correct. - */ - #deftemplates = "MEMBER=+Ai OP=+AOiortv"; - - /* (*) changets - * Change the channel TS to the registration time when someone - * recreates a registered channel, ensuring that they are deopped - * and all their modes are undone. Note that this involves ChanServ - * joining. When the channel was not recreated no deops will be done - * (apart from the SECURE option). - * This also solves the "join-mode" problem where someone recreates - * a registered channel and then sets some modes before they are - * deopped. - * This is currently supported for charybdis, ratbox, bahamut, - * and inspircd 1.1+. For charybdis and ratbox it only fully - * works with TS6, with TS5 bans and last-moment modes will - * still apply. - * (That can also be used to advantage, when first enabling this.) - */ - #changets; - - /* (*) trigger - * This setting allows you to change the trigger prefix for - * ChanServ's in-channel command feature (disableable via chanserv::fantasy). - * If no setting is provided, the default is used, which is "!". - * - * Other settings you could consider trying: ".", "~", "?", "`", "'". - */ - trigger = "!"; - - /* (*)expire - * The number of days before inactive registrations are expired. - */ - expire = 30; - - /* (*)maxchanacs - * The maximum number of entries allowed in a channel's access list - * (both channel ops and akicks), 0 for unlimited. - */ - maxchanacs = 0; - - /* (*)maxfounders - * The maximum number of founders allowed in a channel. - * Note that all founders have the exact same privileges and - * the list of founders is shown in various places. - */ - maxfounders = 4; - - /* (*)founder_flags - * The flags a user will get when they register a new channel. - * This MUST include at least 'F' or it will be ignored. - * If it is not set, Atheme will give the user all channel flags. - */ - #founder_flags = "AFORefiorstv"; - - /* (*)akick_time - * The default expiration time (in minutes) for AKICKs. - * Comment this option out or set to zero for permanent AKICKs - * by default (the old behaviour). - */ - #akick_time = 10; - - /* (*)antiflood_enforce_method - * The enforcement method to use for flood protection by default. - * This may be overridden by channel staff. - * Available options are: quiet, kickban and akill. - */ - antiflood_enforce_method = quiet; - - /* (*)show_custom_metadata - * Setting this option to false will prevent user-set metadata (via SET PROPERTY) - * from showing up in the INFO output. The TAXONOMY command will still function - * as usual, and INFO will point this out if channels have metadata set. - */ - show_custom_metadata; - - /* - * (*)shorthelp - * - * A list of commands that are displayed (with their full description) in the - * output of `/msg ChanServ HELP'. Commands not in this list will be listed, but - * not with their descriptions. All commands with descriptions are still listed - * in `/msg ChanServ HELP COMMANDS' regardless of the value set here. - * - * Optional; defaults to "AKICK BAN CLEAR DEOP DEVOICE DROP FLAGS GETKEY INFO - * INVITE KICK KICKBAN OP QUIET REGISTER SET TOPIC UNBAN UNQUIET VOICE WHY". - * - * A command in this list will only be printed if the corresponding module is - * loaded and the user has permission to use it. Set to an empty string to - * disable listing command descriptions in `/msg ChanServ HELP'. - */ - #shorthelp = ""; -}; - -/* CHANFIX configuration. - * - * The chanfix {} block contains settings specific to the CHANFIX modules. - * - * CHANFIX provides channel recovery services without registration, which - * allows users to maintain control of channels even if ChanServ is not used - * to register them. - */ -chanfix { - /* (*)nick - * The nickname we want the client to have. - */ - nick = "ChanFix"; - - /* (*)user - * The username we want the client to have. - */ - user = "ChanFix"; - - /* (*)host - * The hostname we want the client to have. - */ - host = "{{atheme_server_host}}"; - - /* (*)real - * The GECOS of the client. - */ - real = "Channel Fixing Service"; - - /* (*)autofix - * Automatically fix channels if they become opless and meet fixing - * criteria. - */ - autofix; -}; - -/* Global noticing configuration. - * - * The global {} block contains settings specific to the Global notice module. - * - * The Global notice module provides the ability to mass-notify a network. - */ -global { - /* (*)nick - * Sets the nick used for sending out a global notice. - */ - nick = "Global"; - - /* (*)user - * Sets the username used for this client. - */ - user = "Global"; - - /* (*)host - * The hostname used for this client. - */ - host = "{{atheme_server_host}}"; - - /* (*)real - * The GECOS (real name) of the client. - */ - real = "Network Announcements"; -}; - -/* InfoServ configuration - * - * The infoserv {} block contains settings specific to the InfoServ module. - * - * The InfoServ modules provides the ability to mass-notify a network and send - * news to users when they connect to the network. - */ -infoserv { - /* (*)nick - * Sets the nick used for InfoServ and sending out informational messages. - */ - nick = "InfoServ"; - - /* (*)user - * Sets the username used for this client. - */ - user = "InfoServ"; - - /* (*)host - * The hostname used for this client, - */ - host = "{{atheme_server_host}}"; - - /* (*)real - * The GECOS (real name) of the client. - */ - real = "Information Service"; - - /* (*)logoninfo_count - * The number of InfoServ messages a user will see upon connect. - * If there are more than this number, the user will be able to - * see the rest with /msg infoserv list . - */ - logoninfo_count = 3; -}; - -/* OperServ configuration. - * - * The operserv {} block contains settings specific to the OperServ modules. - * - * OperServ provides essential network management tools for IRC operators - * on the IRC network. - */ -operserv { - /* (*)nick - * The nickname we want the Operator Service to have. - */ - nick = "OperServ"; - - /* (*)user - * Sets the username used for this client. - */ - user = "OperServ"; - - /* (*)host - * The hostname used for this client. - */ - host = "{{atheme_server_host}}"; - - /* (*)real - * The GECOS (real name) of the client. - */ - real = "Operator Services"; - - /* (*)aliases - * Command aliases for OperServ. - */ - aliases { - }; - - /* (*)access - * Command access changes for OperServ. - */ - access { - }; -}; - -/* SaslServ configuration. - * - * The saslserv {} block contains settings specific to the SaslServ modules. - * - * SaslServ provides an authentication agent which is compatible with the - * SASL over IRC (SASL/IRC) protocol extension. - */ -saslserv { - /* (*)nick - * The nickname we want SaslServ to have. - */ - nick = "SaslServ"; - - /* (*)user - * The username we want SaslServ to have. - */ - user = "SaslServ"; - - /* (*)host - * The hostname we want SaslServ to have. - */ - host = "{{atheme_server_host}}"; - - /* (*)real - * The realname (gecos) information we want SaslServ to have. - */ - real = "SASL Authentication Agent"; - - /* (*)hide_server_names - * Hide server names in the bad_password message. - */ - #hide_server_names; -}; - -/* MemoServ configuration. - * - * The memoserv {} block contains settings specific to the MemoServ modules. - * - * MemoServ provides a note-taking service that you can use to send notes - * to offline users (provided they are registered with Services). - */ -memoserv { - /* (*)nick - * The nickname we want MemoServ to have. - */ - nick = "MemoServ"; - - /* (*)user - * The username we want MemoServ to have. - */ - user = "MemoServ"; - - /* (*)host - * The hostname we want MemoServ to have. - */ - host = "{{atheme_server_host}}"; - - /* (*)real - * The realname (gecos) information we want MemoServ to have. - */ - real = "Memo Services"; - - /* (*)aliases - * Command aliases for MemoServ. - */ - aliases { - }; - - /* (*)access - * Command access changes for MemoServ. - */ - access { - }; - - /* (*)maxmemos - * What is the maximum amount of memos a user can have in their inbox? - */ - maxmemos = 30; -}; - -/* GameServ configuration. - * - * The gameserv {} block contains settings specific to the GameServ modules. - * - * GameServ provides various in-channel commands for games. - */ -gameserv { - /* (*)nick - * The nickname we want GameServ to have. - */ - nick = "GameServ"; - - /* (*)user - * Sets the username used for this client. - */ - user = "GameServ"; - - /* (*)host - * The hostname used for this client. - */ - host = "{{atheme_server_host}}"; - - /* (*)real - * The GECOS (real name) of the client. - */ - real = "Game Services"; - - /* (*)aliases - * Command aliases for GameServ. - */ - aliases { - }; - - /* (*)access - * Command access changes for GameServ. - */ - access { - }; -}; - -/* RPGServ configuration. - * - * The rpgserv {} block contains settings specific to the RPGServ modules. - * - * RPGServ provides a facility for finding roleplaying channels. - */ -rpgserv { - /* (*)nick - * The nickname we want RPGServ to have. - */ - nick = "RPGServ"; - - /* (*)user - * Sets the username used for this client. - */ - user = "RPGServ"; - - /* (*)host - * The hostname used for this client. - */ - host = "{{atheme_server_host}}"; - - /* (*)real - * The GECOS (real name) of the client. - */ - real = "RPG Finding Services"; - - /* (*)aliases - * Command aliases for RPGServ. - */ - aliases { - }; - - /* (*)access - * Command access changes for RPGServ. - */ - access { - }; -}; - -/* BotServ configuration. - * - * The botserv {} block contains settings specific to the BotServ modules. - * - * BotServ provides virtual channel bots. - */ -botserv { - /* (*)nick - * The nickname we want BotServ to have. - */ - nick = "BotServ"; - - /* (*)user - * Sets the username used for this client. - */ - user = "BotServ"; - - /* (*)host - * The hostname used for this client. - */ - host = "{{atheme_server_host}}"; - - /* (*)real - * The GECOS (real name) of the client. - */ - real = "Bot Services"; - - /* (*)min_users - * Minimum number of users a channel must have before a Bot is allowed - * to be assigned to that channel. - */ - min_users = 0; -}; - -/* GroupServ configuration. - * - * The groupserv {} block contains settings specific to the GroupServ modules. - * - * GroupServ provides features for managing a collection of channels at once. - * - */ -groupserv { - /* (*)nick - * The nickname we want GroupServ to have. - */ - nick = "GroupServ"; - - /* (*)user - * The username we want GroupServ to have. - */ - user = "GroupServ"; - - /* (*)host - * The hostname we want GroupServ to have. - */ - host = "{{atheme_server_host}}"; - - /* (*)real - * The realname (gecos) information we want GroupServ to have. - */ - real = "Group Management Services"; - - /* (*)aliases - * Command aliases for GroupServ. - */ - aliases { - }; - - /* (*)access - * Command access changes for GroupServ. - */ - access { - }; - - /* (*)maxgroups - * Maximum number of groups one username can be founder of. - */ - maxgroups = 5; - - /* (*)maxgroupacs - * Maximum number of access entries you may have in a group. - */ - maxgroupacs = 100; - - /* (*)enable_open_groups - * Setting this option will allow any group founder to mark - * their group as "anyone can join". - */ - enable_open_groups; - - /* (*)join_flags - * This is the GroupServ flagset that users who JOIN a open - * group will get upon join. Please check the groupserv/flags - * helpfile before changing this option. Valid flagsets (for - * example) would be: "+v" or "+cv". It is not valid to use - * minus flags (such as "-v") here. - */ - join_flags = "+"; -}; - -/* HostServ configuration. - * - * The hostserv {} block contains settings specific to the HostServ modules. - * - * HostServ provides advanced virtual host management. - */ -hostserv { - /* (*)nick - * The nickname we want HostServ to have. - */ - nick = "HostServ"; - - /* (*)user - * Sets the username used for this client. - */ - user = "HostServ"; - - /* (*)host - * The hostname used for this client. - */ - host = "{{atheme_server_host}}"; - - /* (*)real - * The GECOS (real name) of the client. - */ - real = "Host Management Services"; - - /* reggroup - * The group that will receive Memos about - * vHost requests. - */ - #reggroup = "!Services-Team"; - - /* (*)request_per_nick - * Whether the request system should work per nick or per account. - * The recommended setting is to leave this disabled, so that - * vhosts work as consistently as possible. - */ - #request_per_nick; - - /* (*)aliases - * Command aliases for HostServ. - */ - aliases { - "APPROVE" = "ACTIVATE"; - "DENY" = "REJECT"; - }; - - /* (*)access - * Command access changes for HostServ. - */ - access { - }; -}; - -/* HelpServ configuration - * - * The helpserv {} block contains settings specific to the HelpServ modules. - * - * HelpServ adds a few different ways for users to request help from network staff. - */ -helpserv { - /* (*)nick - * The nickname we want HelpServ to have. - */ - nick = "HelpServ"; - - /* (*)user - * The username we want HelpServ to have. - */ - user = "HelpServ"; - - /* (*)host - * The hostname we want HelpServ to have. - */ - host = "{{atheme_server_host}}"; - - /* (*)real - * The realname (gecos) information we want HelpServ to have. - */ - real = "Help Services"; -}; - -/* StatServ configuration - * - * The statserv {} block contains settings specific to the StatServ modules. - * - * StatServ adds basic stats and split tracking. - */ -statserv { - /* (*)nick - * The nickname we want StatServ to have. - */ - nick = "StatServ"; - - /* (*)user - * The username we want StatServ to have. - */ - user = "StatServ"; - - /* (*)host - * The hostname we want StatServ to have. - */ - host = "{{atheme_server_host}}"; - - /* (*)real - * The realname (gecos) information we want StatServ to have. - */ - real = "Statistics Services"; -}; - -/* ALIS configuration. - * - * The alis {} block contains settings specific to the ALIS modules. - */ -alis { - /* (*)nick - * The nickname we want ALIS to have. - */ - nick = "ALIS"; - - /* (*)user - * The username we want ALIS to have. - */ - user = "alis"; - - /* (*)host - * The hostname we want ALIS to have. - */ - host = "{{atheme_server_host}}"; - - /* (*)real - * The realname (gecos) information we want ALIS to have. - */ - real = "Channel Directory"; - - /* (*)maxmatches - * The default maximum number of channels returned in a query. - * Privilege (chan:auspex) is required to ask for more. - * Minimum 8, default 64, maximum 128. - */ - #maxmatches = 64; -}; - -/* HTTP server configuration. - * - * The httpd {} block contains settings specific to the HTTP server module. - * - * The HTTP server in Services is used for serving XMLRPC requests. It can - * also serve static documents and statistics pages. - */ -httpd { - /* host - * The host that the HTTP server will listen on. - * Use 0.0.0.0 if you want to listen on all available hosts. - */ - host = "0.0.0.0"; - - /* host (ipv6) - * If you want, you can have Atheme listen on an IPv6 host too. - * Use :: if you want to listen on all available IPv6 hosts. - */ - #host = "::"; - - /* www_root - * The directory that contains the files that should be served by the httpd. - */ - www_root = "/var/www"; - - /* port - * The port that the HTTP server will listen on. - */ - port = 8080; -}; - -/* LDAP configuration. - * - * The ldap {} block contains settings specific to the LDAP authentication - * module. - */ -ldap { - /* (*)url - * LDAP URL of the server to use. - */ - url = "ldap://127.0.0.1"; - - /* (*)dnformat - * Format string to convert an account name to an LDAP DN. - * Must contain exactly one %s which will be replaced by the account - * name. - * Services will attempt a simple bind with this DN and the given - * password; if this is successful the password is considered correct. - */ - dnformat = "cn=%s,dc=jillestest,dc=com"; -}; - -/****************************************************************************** - * LOGGING SECTION. * - ******************************************************************************/ - -/* - * logfile{} blocks can be used to set up log files other than the master - * logfile used by services, which is controlled by serverinfo::loglevel. - * - * The various logging categories are: - * debug, all - meta-keyword for all possible categories - * trace - meta-keyword for a little bit of info - * misc - like trace, but with some more miscillaneous info - * notice - meta-keyword for notice-like information - * ------------------------------------------------------------------------------ - * error - critical errors - * info - miscillaneous log notices - * verbose - A bit more verbose than info, not quite as spammy as debug - * commands - all command use - * admin - administrative command use - * register - account and channel registrations - * set - changes of account or channel settings - * request - user requests (currently only vhosts) - * network - log notices related to network status - * rawdata - log raw data sent and received by services - * wallops - - * denycmd - security model denials (commands, permissions) - */ - -/* - * This block logs all account and channel registrations and drops, - * and account and channel setting changes to var/account.log. - */ -logfile "var/account.log" { register; set; }; - -/* - * This block logs all command use to var/commands.log. - */ -logfile "var/commands.log" { commands; }; - -/* - * This block logs all security auditing information. - */ -logfile "var/audit.log" { denycmd; }; - -/* - * You can log to IRC channels, and even split it by category, too. - * This entry provides roughly the same functionality as the old snoop - * feature. - */ -logfile "#services" { error; info; admin; request; register; denycmd; }; - -/* - * This block logs to server notices. - */ -logfile "!snotices" { error; info; request; denycmd; }; - -/****************************************************************************** - * GENERAL PARAMETERS CONFIGURATION SECTION. * - ******************************************************************************/ - -/* The general {} block defines general configuration options. */ -general { - /* (*)permissive_mode - * Whether or not security denials should be soft denials instead of - * hard denials. If security denials are soft denials, then they will - * only be logged to the denial log. - */ - #permissive_mode; - - /* (*)helpchan - * Network help channel. Shown to users when they request - * help for a command that doesn't exist. - */ - #helpchan = "#help"; - - /* (*)helpurl - * Network webpage for services help. Shown to users when they - * request help for a command that doesn't exist. - */ - #helpurl = "http://www.stack.nl/~jilles/irc/atheme-help/"; - - /* (*)silent - * If you want to prevent services from sending - * WALLOPS/GLOBOPS about things uncomment this. - * Not recommended. - */ - #silent; - - /* (*)verbose_wallops - * If you want services to send you more information about - * events that are occuring (in particular AKILLs), uncomment the - * directive below. - * - * WARNING! This may result in large amounts of wallops/globops - * floods. - */ - #verbose_wallops; - - /* (*)join_chans - * Should ChanServ be allowed to join registered channels? - * This option is useful for the fantasy command set. - * - * If enabled, you can tell ChanServ to join via SET GUARD ON. - * - * If you use ircu-like ircd (asuka), you must - * leave this enabled, and put guard in default cflags. - * - * For ratbox it is recommended to leave it on and put guard in - * default cflags, in order that ChanServ does not have to join/part - * to do certain things. On the other hand, enabling this increases - * potential for bots fighting with ChanServ. - * - * Regardless of this option, ChanServ will temporarily join - * channels which would otherwise be empty if necessary to enforce - * akick/restricted/close, and to change the TS if changets is - * enabled. - */ - join_chans; - - /* (*)leave_chans - * Do we leave registered channels after everyone else has left? - * Turning this off serves little purpose, except to mark "official" - * network channels by keeping them open, and to preserve the - * topic and +beI lists. - */ - leave_chans; - - /* secure - * Do you want to require the use of /msg @? - * Turning this on helps protect against spoofers, but is disabled - * as most networks do not presently use it. - */ - #secure; - - /* (*)uflags - * The default flags to set for usernames upon registration. - * Valid values are: hold, neverop, noop, hidemail, nomemo, emailmemos, - * enforce, privmsg, private, quietchg and none. - */ - uflags = { hidemail; }; - - /* (*)cflags - * The default flags to set for channels upon registration. - * Valid values are: hold, secure, verbose, verbose_ops, keeptopic, - * topiclock, guard, private, nosync, limitflags, pubacl and none. - */ - cflags = { verbose; guard; }; - - /* (*)raw - * Do you want to allow SRAs to use the RAW and INJECT commands? - * These commands are for debugging. If you don't know how to use them - * then don't enable them. They are not supported. - */ - #raw; - - /* (*)flood_msgs - * Do you want services to detect floods? - * Set to how many messages before a flood is triggered. - * Note that some messages that need a lot of processing count - * as two or four messages. - * If services receives `flood_msgs' within `flood_time' the user will - * trigger the flood protection. - * Setting this to zero disables flood protection. - */ - flood_msgs = 7; - - /* (*)flood_time - * Do you want services to detect floods? - * Set to how long before the counter resets. - * If services receives `flood_msgs' within `flood_time' the user will - * trigger the flood protection. - */ - flood_time = 10; - - /* (*)ratelimit_uses - * After how many uses of a command will users be throttled. - * After `ratelimit_uses' of a command within `ratelimit_period', users - * will not be able to run that ratelimited command until the period is up. - * Comment this, ratelimit_period below or both options out to disable rate limiting. - * Currently used in helpserv/helpme, helpserv/ticket, hostserv/request, - * nickserv/register and chanserv/register. - */ - ratelimit_uses = 5; - - /* (*)ratelimit_period - * After how much time (in seconds) will the ratelimit_uses counter reset. - * After `ratelimit_uses' of a command within `ratelimit_period', users - * will not be able to run that ratelimited command until the period is up. - * Comment this, ratelimit_uses above or both options out to disable rate limiting. - * Currently used in helpserv/helpme, helpserv/ticket, hostserv/request, - * nickserv/register and chanserv/register. - */ - ratelimit_period = 60; - - /* (*)vhost_change - * The default number of days between vHost changes once a user has used HostServ - * TAKE or REQUEST. (Helps to deter rabid host-swappers and ban evaders.) - */ - #vhost_change = 30; - - /* (*)kline_time - * The default expire time for KLINE's in days. - * Setting this to 0 makes all KLINE's permanent. - */ - kline_time = 7; - - /* (*)kline_with_ident - * KLINE user@host instead of *@host. - * Applies to all automatic KLINE's set by services. - */ - #kline_with_ident; - - /* (*)kline_verified_ident - * KLINE *@host if the first character of the ident is ~, - * irrespective of the value of kline_with_ident. - */ - #kline_verified_ident; - - /* (*)clone_time - * This is the default expiry time for CLONE exemptions in minutes. - * Setting this to 0 makes all CLONE exemptions permanent. - */ - clone_time = 0; - - /* commit_interval - * The time between database writes in minutes. - */ - commit_interval = 5; - - /* (*)operstring - * The string returned in WHOIS (against services) for IRC operators. - */ - #operstring = "is an IRC Operator"; - - /* (*)servicestring - * The string returned in WHOIS (against services) for services. - */ - #servicestring = "is a Network Service"; - - /* (*)default_clone_allowed - * The limit after which clones will be KILLed or TKLINEd. - * Used by operserv/clones. - */ - default_clone_allowed = 5; - - /* (*)default_clone_warn - * The limit after which clones will be warned that they may not - * have any more concurrent connections. Should be lower than - * default_clone_allowed . Used by operserv/clones. - */ - default_clone_warn = 4; - - /* (*)clone_identified_increase_limit - * If this option is enabled, the clone limit for a IP/host will - * be increased by 1 per clone that's identified to services. - * This has a limit of double the clone limits above. - */ - clone_identified_increase_limit; - - /* (*)uplink_sendq_limit - * The maximum amount of data that may be queued to be sent - * to the uplink, in bytes. This should be enough to contain - * Atheme's response to the netburst, but smaller than the - * IRCd's sendq limit for servers. - */ - uplink_sendq_limit = 1048576; - - /* (*)language - * Language to use for channel and oper messages and as default - * for users. - */ - language = "en"; - - /* exempts - * This block contains a list of user@host masks. Users matching any - * of these will not be automatically K:lined by services. - */ - exempts { - }; - - /* allow_taint - * By enabling this option, Atheme will run in configurations where - * the upstream will not provide support. By enabling this feature, - * you void any perceived rights to support. - */ - #allow_taint; - - /* (*)immune_level - * This option allows you to customize the operlevel which gets kick - * immunity privileges. - * - * The following flags are available: - * immune - require whatever ircd usermode is needed for kick - * immunity (this is the default); - * admin - require admin privileges for kick immunity - * ircop - require any ircop privileges for kick immunity (umode +o) - */ - immune_level = immune; - - /* show_entity_id - * This makes nick/user & group entity IDs visible to everyone, rather - * than just opers with user:auspex or group:auspex privileges. - */ - show_entity_id; - - /* load_database_mdeps - * - * For module dependencies listed in the services database (if any), - * whether to load those modules on startup (if they are not already - * loaded) or abort startup with a more helpful error message than - * e.g. "db services.db:123: unknown directive 'BE'" --> "corestorage: - * exiting to avoid data loss". - * - * Comment this out to abort startup instead of silently loading the - * modules you need to process the database successfully. The abort - * reason will tell you what module the database requires so that you - * can fix your configuration file. - */ - load_database_mdeps; -}; - -proxyscan { - /* Here you can configure the details of your Proxyscan (DNS Blacklist) - * scanner service. - */ - - nick = "Proxyscan"; - user = "dnsbl"; - host = "{{atheme_server_host}}"; - real = "Proxyscan Service"; - - blacklists { - "dnsbl.dronebl.org"; - "rbl.efnetrbl.org"; - "tor.efnet.org"; - }; - - /* Available dnsbl_action's: - * NONE - Do nothing - * NOTIFY - Notify user that they are listed in a DNSBL and which one - * SNOOP - Report the user to the logchannel or services channel - * KLINE - AKILL the user from the network (default AKILL is 24 hours) - */ - - dnsbl_action = kline; -}; - -/****************************************************************************** - * OPERATOR AND PRIVILEGES CONFIGURATION SECTION. * - ******************************************************************************/ - -/* Operator configuration - * See the PRIVILEGES document for more information. - * NOTE: All changes apply immediately upon rehash. You may need - * to send a signal (killall -HUP atheme-services) to regain control. - */ -/* (*) Operclasses specify groups of services operator privileges */ -/* The "user" operclass specifies privileges all users get. - * This may be empty (default) in which case users get no special privileges. - * If you use the security/cmdperm module, you will need to grant command: privileges - * to every command that you want users to be able to use. - */ -operclass "user" { }; - -/* The "ircop" operclass specifies privileges all IRCops get. - * This may be empty in which case IRCops get no privs. - * At least chan:cmodes, chan:joinstaffonly and general:auspex are suggested. - */ -operclass "ircop" { - privs { - special:ircop; - }; - - privs { - user:auspex; - user:admin; - user:sendpass; - user:vhost; - user:mark; - }; - - privs { - chan:auspex; - chan:admin; - chan:cmodes; - chan:joinstaffonly; - }; - - privs { - general:auspex; - general:helper; - general:viewprivs; - general:flood; - }; - - privs { - operserv:omode; - operserv:akill; - operserv:jupe; - operserv:global; - }; - - privs { - group:auspex; - group:admin; - }; -}; - -operclass "sra" { - /* You can inherit privileges from a lower operclass. */ - extends "ircop"; - - privs { - user:hold; - user:regnolimit; - }; - - privs { - general:metadata; - general:admin; - }; - - privs { - #operserv:massakill; - #operserv:akill-anymask; - operserv:noop; - operserv:grant; - }; - - /* needoper - * Only grant privileges to IRC users in this oper class if they - * are opered; other use of privilege (channel succession, XMLRPC, - * etc.) is unaffected by this. - * - * This flag is *not* inherited by operclasses that extend this one; - * you will have to set it explicitly for each operclass. - */ - needoper; -}; - - -/* (*) Operator blocks specify accounts with certain privileges - * Oper classes must be defined before they are used in operator blocks. - */ -operator "jilles" { - /* operclass */ - operclass = "sra"; - - /* password - * - * Normally, the user needs to identify/log in using the account's - * password, and may need to be an IRCop (see operclass::needoper - * above). If you consider this not secure enough, you can - * specify an additional password here, which the user must enter - * using the OperServ IDENTIFY command, before the privileges can - * be used. - * - * The password must be encrypted if a crypto module is in use. - * - * If you are using modules/crypto/crypt3-*, you can probably use - * the "mkpasswd" program included with most Linux distributions. - * Otherwise you can use modules/operserv/genhash to encrypt a - * password for use here. - */ - #password = "$1$3gJMO9by$0G60YE6GqmuHVH3AnFPor1"; -}; - -/****************************************************************************** - * INCLUDE CONFIGURATION SECTION. * - ******************************************************************************/ - -/* You may also specify other files for inclusion. - * For example: - * - * include "etc/sras.conf"; - */ diff -r 837cf4c1b717 -r 3f0ce0a54663 ngircd/handlers/main.yaml --- a/ngircd/handlers/main.yaml Sat Jul 04 17:48:36 2020 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,5 +0,0 @@ ---- - -- name: restart ngircd - become: yes - systemd: name="ngircd.service" state="restarted" daemon_reload="yes" diff -r 837cf4c1b717 -r 3f0ce0a54663 ngircd/tasks/main.yaml --- a/ngircd/tasks/main.yaml Sat Jul 04 17:48:36 2020 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,24 +0,0 @@ ---- - -- name: apt install ngircd - become: yes - apt: name="ngircd" - notify: restart ngircd - -- name: configure ngircd - become: yes - template: - src: "ngircd.conf.j2" - dest: "/etc/ngircd/ngircd.conf" - notify: restart ngircd - -- name: copy motd file - become: yes - copy: - src: "{{ngircd_motd_src}}" - dest: "/etc/ngircd/ngircd.motd" - notify: restart ngircd - -- name: start ngircd service - become: yes - systemd: name="ngircd" state="started" enabled="yes" daemon_reload="yes" diff -r 837cf4c1b717 -r 3f0ce0a54663 ngircd/templates/ngircd.conf.j2 --- a/ngircd/templates/ngircd.conf.j2 Sat Jul 04 17:48:36 2020 -0500 +++ /dev/null Thu Jan 01 00:00:00 1970 +0000 @@ -1,422 +0,0 @@ -# -# This is a sample configuration file for the ngIRCd IRC daemon, which must -# be customized to the local preferences and needs. -# -# Comments are started with "#" or ";". -# -# A lot of configuration options in this file start with a ";". You have -# to remove the ";" in front of each variable to actually set a value! -# The disabled variables are shown with example values for completeness only -# and the daemon is using compiled-in default settings. -# -# Use "ngircd --configtest" (see manual page ngircd(8)) to validate that the -# server interprets the configuration file as expected! -# -# Please see ngircd.conf(5) for a complete list of configuration options -# and their descriptions. -# -# The original can be found at: -# /usr/share/doc/ngircd/sample-ngircd.conf.gz - -[Global] - # The [Global] section of this file is used to define the main - # configuration of the server, like the server name and the ports - # on which the server should be listening. - # These settings depend on your personal preferences, so you should - # make sure that they correspond to your installation and setup! - - # Server name in the IRC network, must contain at least one dot - # (".") and be unique in the IRC network. Required! - Name = {{ngircd_name}} - - # Information about the server and the administrator, used by the - # ADMIN command. Not required by server but by RFC! - AdminInfo1 = {{ngircd_admin_name}} - ;AdminInfo2 = Debian City - AdminEMail = {{ngircd_admin_email}} - - # Text file which contains the ngIRCd help text. This file is required - # to display help texts when using the "HELP " command. - ;HelpFile = /usr/share/doc/ngircd/Commands.txt - - # Info text of the server. This will be shown by WHOIS and - # LINKS requests for example. - Info = {{ngircd_name}} - - # Comma separated list of IP addresses on which the server should - # listen. Default values are: - # "0.0.0.0" or (if compiled with IPv6 support) "::,0.0.0.0" - # so the server listens on all IP addresses of the system by default. - Listen = 127.0.0.1 - - # Text file with the "message of the day" (MOTD). This message will - # be shown to all users connecting to the server: - MotdFile = /etc/ngircd/ngircd.motd - - # A simple Phrase (<127 chars) if you don't want to use a motd file. - ;MotdPhrase = "Hello. This is the Debian default MOTD sentence" - - # The name of the IRC network to which this server belongs. This name - # is optional, should only contain ASCII characters, and can't contain - # spaces. It is only used to inform clients. The default is empty, - # so no network name is announced to clients. - ;Network = aIRCnetwork - - # Global password for all users needed to connect to the server. - # (Default: not set) - ;Password = wealllikedebian - - # This tells ngIRCd to write its current process ID to a file. - # Note that the pidfile is written AFTER chroot and switching the - # user ID, e.g. the directory the pidfile resides in must be - # writable by the ngIRCd user and exist in the chroot directory. - # Keep this setting in sync with PIDFILE in /etc/init.d/ngircd - PidFile = /var/run/ngircd/ngircd.pid - - # Ports on which the server should listen. There may be more than - # one port, separated with ",". (Default: 6667) - ;Ports = 6667, 6668, 6669 - - # Group ID under which the ngIRCd should run; you can use the name - # of the group or the numerical ID. ATTENTION: For this to work the - # server must have been started with root privileges! - # Keep this setting in sync with DAEMONUSER in the init script and/or - # the Group= setting in service file. - ServerGID = irc - - # User ID under which the server should run; you can use the name - # of the user or the numerical ID. ATTENTION: For this to work the - # server must have been started with root privileges! In addition, - # the configuration and MOTD files must be readable by this user, - # otherwise RESTART and REHASH won't work! - # Keep this setting in sync with DAEMONUSER in the init script and/or - # the User= setting in service file. - ServerUID = irc - -[Limits] - # Define some limits and timeouts for this ngIRCd instance. Default - # values should be safe, but it is wise to double-check :-) - - # The server tries every seconds to establish a link - # to not yet (or no longer) connected servers. - ConnectRetry = 60 - - # Number of seconds after which the whole daemon should shutdown when - # no connections are left active after handling at least one client - # (0: never, which is the default). - # This can be useful for testing or when ngIRCd is started using - # "socket activation" with systemd(8), for example. - ;IdleTimeout = 0 - - # Maximum number of simultaneous in- and outbound connections the - # server is allowed to accept (0: unlimited): - MaxConnections = 500 - - # Maximum number of simultaneous connections from a single IP address - # the server will accept (0: unlimited): - MaxConnectionsIP = 10 - - # Maximum number of channels a user can be member of (0: no limit): - MaxJoins = 10 - - # Maximum length of an user nickname (Default: 9, as in RFC 2812). - # Please note that all servers in an IRC network MUST use the same - # maximum nickname length! - ;MaxNickLength = 9 - - # Maximum penalty time increase in seconds, per penalty event. Set to -1 - # for no limit (the default), 0 to disable penalties altogether. The - # daemon doesn't use penalty increases higher than 2 seconds during - # normal operation, so values greater than 1 rarely make sense. - ;MaxPenaltyTime = -1 - - # Maximum number of channels returned in response to a /list - # command (0: unlimited): - ;MaxListSize = 100 - - # After seconds of inactivity the server will send a - # PING to the peer to test whether it is alive or not. - PingTimeout = 120 - - # If a client fails to answer a PING with a PONG within - # seconds, it will be disconnected by the server. - PongTimeout = 20 - -[Options] - # Optional features and configuration options to further tweak the - # behavior of ngIRCd. If you want to get started quickly, you most - # probably don't have to make changes here -- they are all optional. - - # List of allowed channel types (channel prefixes) for newly created - # channels on the local server. By default, all supported channel - # types are allowed. Set this variable to the empty string to disallow - # creation of new channels by local clients at all. - ;AllowedChannelTypes = #&+ - - # Are remote IRC operators allowed to control this server, e.g. - # use commands like CONNECT, SQUIT, DIE, ...? - ;AllowRemoteOper = no - - # A directory to chroot in when everything is initialized. It - # doesn't need to be populated if ngIRCd is compiled as a static - # binary. By default ngIRCd won't use the chroot() feature. - # ATTENTION: For this to work the server must have been started - # with root privileges! - ;ChrootDir = /var/empty - - # Set this hostname for every client instead of the real one. - # Use %x to add the hashed value of the original hostname. - {% if ngircd_cloak is defined %} - CloakHost = {{ngircd_cloak}} - {% endif %} - - # Use this hostname for hostname cloaking on clients that have the - # user mode "+x" set, instead of the name of the server. - # Use %x to add the hashed value of the original hostname. - ;CloakHostModeX = cloaked.user - - # The Salt for cloaked hostname hashing. When undefined a random - # hash is generated after each server start. - ;CloakHostSalt = abcdefghijklmnopqrstuvwxyz - - # Set every clients' user name to their nickname - ;CloakUserToNick = yes - - # Try to connect to other IRC servers using IPv4 and IPv6, if possible. - ;ConnectIPv6 = yes - ;ConnectIPv4 = yes - - # Default user mode(s) to set on new local clients. Please note that - # only modes can be set that the client could set using regular MODE - # commands, you can't set "a" (away) for example! Default: none. - ;DefaultUserModes = i - - # Do DNS lookups when a client connects to the server. - ;DNS = yes - - # Do IDENT lookups if ngIRCd has been compiled with support for it. - # Users identified using IDENT are registered without the "~" character - # prepended to their user name. - ;Ident = yes - - # Directory containing configuration snippets (*.conf), that should - # be read in after parsing this configuration file. - ;IncludeDir = /etc/ngircd/conf.d - - # Enhance user privacy slightly (useful for IRC server on TOR or I2P) - # by censoring some information like idle time, logon time, etc. - ;MorePrivacy = no - - # Normally ngIRCd doesn't send any messages to a client until it is - # registered. Enable this option to let the daemon send "NOTICE *" - # messages to clients while connecting. - ;NoticeBeforeRegistration = no - - # Should IRC Operators be allowed to use the MODE command even if - # they are not(!) channel-operators? - OperCanUseMode = yes - - # Should IRC Operators get AutoOp (+o) in persistent (+P) channels? - ;OperChanPAutoOp = yes - - # Mask IRC Operator mode requests as if they were coming from the - # server? (This is a compatibility hack for ircd-irc2 servers) - ;OperServerMode = no - - # Use PAM if ngIRCd has been compiled with support for it. - # Users identified using PAM are registered without the "~" character - # prepended to their user name. - PAM = no - - # When PAM is enabled, all clients are required to be authenticated - # using PAM; connecting to the server without successful PAM - # authentication isn't possible. - # If this option is set, clients not sending a password are still - # allowed to connect: they won't become "identified" and keep the "~" - # character prepended to their supplied user name. - # Please note: To make some use of this behavior, it most probably - # isn't useful to enable "Ident", "PAM" and "PAMIsOptional" at the - # same time, because you wouldn't be able to distinguish between - # Ident'ified and PAM-authenticated users: both don't have a "~" - # character prepended to their respective user names! - ;PAMIsOptional = no - - # When PAM is enabled, this value determines the used PAM - # configuration. - # This setting allows to run multiple ngIRCd instances with - # different PAM configurations on each instance. - # If you set it to "ngircd-foo", PAM will use - # /etc/pam.d/ngircd-foo instead of the default - # /etc/pam.d/ngircd. - ;PAMServiceName = ngircd - - # Let ngIRCd send an "authentication PING" when a new client connects, - # and register this client only after receiving the corresponding - # "PONG" reply. - ;RequireAuthPing = no - - # Silently drop all incoming CTCP requests. - ;ScrubCTCP = no - - # Syslog "facility" to which ngIRCd should send log messages. - # Possible values are system dependent, but most probably auth, daemon, - # user and local1 through local7 are possible values; see syslog(3). - # Default is "local5" for historical reasons, you probably want to - # change this to "daemon", for example. - SyslogFacility = local1 - - # Password required for using the WEBIRC command used by some - # Web-to-IRC gateways. If not set/empty, the WEBIRC command can't - # be used. (Default: not set) - ;WebircPassword = xyz - -[SSL] - # SSL-related configuration options. Please note that this section - # is only available when ngIRCd is compiled with support for SSL! - # So don't forget to remove the ";" above if this is the case ... - - # SSL Server Key Certificate - ;CertFile = /etc/ssl/certs/server.crt - - # Select cipher suites allowed for SSL/TLS connections. This defaults - # to HIGH:!aNULL:@STRENGTH (OpenSSL) or SECURE128 (GnuTLS). - # See 'man 1ssl ciphers' (OpenSSL) or 'man 3 gnutls_priority_init' - # (GnuTLS) for details. - # For OpenSSL: - ;CipherList = HIGH:!aNULL:@STRENGTH:!SSLv3 - # For GnuTLS (this Debian package was linked against GnuTLS): - CipherList = SECURE128:-VERS-SSL3.0 - - # Diffie-Hellman parameters - ;DHFile = /etc/ngircd/dhparams.pem - - # SSL Server Key - ;KeyFile = /etc/ssl/private/server.key - - # password to decrypt SSLKeyFile (OpenSSL only) - # Note that this Debian package is linked against GnuTLS so this - # option has no effect. - ;KeyFilePassword = secret - - # Additional Listen Ports that expect SSL/TLS encrypted connections - ;Ports = 6697, 9999 - -{% for op in ngircd_ops %} -[Operator] - # [Operator] sections are used to define IRC Operators. There may be - # more than one [Operator] block, one for each local operator. - - # ID of the operator (may be different of the nickname) - Name = {{op.name}} - - # Password of the IRC operator - Password = {{op.pass}} - - # Optional Mask from which /OPER will be accepted - # Mask = *!ident@somewhere.example.com - {% if op.mask is defined %} - Mask = {{op.mask}} - {% endif %} - -{% endfor %} -[Server] -{% for server in ngircd_servers %} - # Other servers are configured in [Server] sections. If you - # configure a port for the connection, then this ngircd tries to - # connect to the other server on the given port; if not it waits - # for the other server to connect. - # There may be more than one server block, one for each server. - # - # Server Groups: - # The ngIRCd allows "server groups": You can assign an "ID" to every - # server with which you want this ngIRCd to link. If a server of a - # group won't answer, the ngIRCd tries to connect to the next server - # in the given group. But the ngircd never tries to connect to two - # servers with the same group ID. - - # IRC name of the remote server, must match the "Name" variable in - # the [Global] section of the other server (when using ngIRCd). - Name = {{server.name}} - - # Internet host name or IP address of the peer (only required when - # this server should establish the connection). - # Host = connect-to-host.example.net - {% if server.host is defined %} - Host = {{server.host}} - {% endif %} - - # IP address to use as _source_ address for the connection. if - # unspecified, ngircd will let the operating system pick an address. - ;Bind = 10.0.0.1 - - # Port of the server to which the ngIRCd should connect. If you - # assign no port the ngIRCd waits for incoming connections. - ;Port = 6667 - - # Own password for the connection. This password has to be configured - # as "PeerPassword" on the other server. - MyPassword = {{server.pass}} - - # Foreign password for this connection. This password has to be - # configured as "MyPassword" on the other server. - PeerPassword = {{server.pass}} - - # Group of this server (optional) - ;Group = 123 - - # Set the "Passive" option to "yes" if you don't want this ngIRCd to - # connect to the configured peer (same as leaving the "Port" variable - # empty). The advantage of this option is that you can actually - # configure a port an use the IRC command CONNECT more easily to - # manually connect this specific server later. - ;Passive = no - - # Connect to the remote server using TLS/SSL (Default: false) - ;SSLConnect = yes - - # Define a (case insensitive) list of masks matching nicknames that - # should be treated as IRC services when introduced via this remote - # server, separated by commas (","). - # REGULAR SERVERS DON'T NEED this parameter, so leave it empty - # (which is the default). - # When you are connecting IRC services which mask as a IRC server - # and which use "virtual users" to communicate with, for example - # "NickServ" and "ChanServ", you should set this parameter to - # something like "*Serv" or "NickServ,ChanServ,XyzServ". - {% if server.service_mask is defined %} - ServiceMask = {{server.service_mask}} - {% endif %} - -{% endfor %} - -[Channel] - # Pre-defined channels can be configured in [Channel] sections. - # Such channels are created by the server when starting up and even - # persist when there are no more members left. - # Persistent channels are marked with the mode 'P', which can be set - # and unset by IRC operators like other modes on the fly. - # There may be more than one [Channel] block, one for each channel. - - # Name of the channel - ;Name = #ngircd - - # Topic for this channel - ;Topic = Our ngircd testing channel - - # Initial channel modes - ;Modes = tnk - - # initial channel password (mode k) - ;Key = Secret - - # Key file, syntax for each line: "::". - # Default: none. - ;KeyFile = /etc/ngircd/#chan.key - - # maximum users per channel (mode l) - ;MaxUsers = 23 - -[Channel] - # More [Channel] sections, if you like ... - -# -eof-