--- a/atheme/templates/atheme.conf.j2 Sat Jul 04 17:48:36 2020 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,2850 +0,0 @@
-/* This is an example configuration for Services.
- *
- * All statements end in semi-colons (';').
- * Shell style, C style, and C++ style comments may be used.
- *
- * Items marked with "(*)" are reconfigurable at runtime via REHASH.
- */
-
-/******************************************************************************
- * MODULES SECTION. *
- ******************************************************************************/
-
-/*
- * These are the modules included with the core distribution of Services.
- *
- * You may be interested in the atheme community modules distribution as
- * well, which adds additional features that may or may not be compatible
- * with the project paradigms intended for maintainance of the core of
- * atheme-services.
- *
- * Visit the atheme-services website for more information and to download them.
- *
- * Modules marked [experimental] will taint your atheme-services instance. Do
- * not file any bug reports with us about using Services with those modules;
- * they will be ignored.
- */
-
-/* Dynamic security modules.
- *
- * WARNING: If you select one of these modules, the default security policy included
- * with Atheme may break. These modules are intended for people who know what they
- * are doing and understand the implications of what they do. Security modules which
- * are likely to break the default policy are prefixed with [!], if you are new to
- * Atheme, you should avoid enabling them.
- *
- * If you find your security policy is broken, you may debug it while allowing normal
- * operation of your IRC network by putting Atheme into "permissive mode". To do this,
- * enable general::permissive_mode.
- *
- * [!] Infer "command:" namespace permissions modules/security/cmdperm
- */
-#loadmodule "modules/security/cmdperm";
-
-/* Protocol module.
- *
- * Please select a protocol module. Different servers use different protocols.
- * Below is a listing of ircd's known to work with the various protocol modules
- * available.
- *
- * Asuka 1.2.1 or later modules/protocol/asuka
- * Bahamut 2.1.x modules/protocol/bahamut
- * Charybdis IRCd modules/protocol/charybdis
- * ChatIRCd modules/protocol/chatircd1.1
- * DreamForge 4.6.7 or later modules/protocol/dreamforge
- * InspIRCd 2.0 modules/protocol/inspircd
- * ircd-ratbox 2.0 and later modules/protocol/ratbox
- * IRCNet ircd (ircd 2.11) modules/protocol/ircnet
- * ircd-seven modules/protocol/ircd-seven
- * Nefarious IRCu 0.4.0 or later modules/protocol/nefarious
- * ngIRCd 19 or later [experimental] modules/protocol/ngircd
- * UnrealIRCd 3.2.* modules/protocol/unreal
- * UnrealIRCd 4 or later modules/protocol/unreal4
- *
- * If your IRCd vendor has supplied a module file, build it and load it here
- * instead of one above.
- */
-loadmodule "modules/protocol/ngircd";
-
-/* Protocol mixins.
- *
- * These should be used if you do not have/want certain features on your
- * network that your ircd normally has. If you do not know what this means,
- * you do not need any of them.
- *
- * Disable halfops modules/protocol/mixin_nohalfops
- * Disable holdnick (use enforcer clients) modules/protocol/mixin_noholdnick
- * Disable "protect" mode on channels modules/protocol/mixin_noprotect
- * Disable "owner" mode on channels modules/protocol/mixin_noowner
- */
-#loadmodule "modules/protocol/mixin_nohalfops";
-#loadmodule "modules/protocol/mixin_noholdnick";
-#loadmodule "modules/protocol/mixin_noprotect";
-#loadmodule "modules/protocol/mixin_noowner";
-
-/* Database backend module.
- *
- * Please select a database backend module. Different backends allow for
- * different ways in which the services data can be manipulated. YOU MAY
- * ONLY HAVE ONE OF THESE BACKENDS LOADED.
- *
- * The following backends are available:
- *
- * Atheme 0.1 flatfile database format modules/backend/flatfile
- * Open Services Exchange database format modules/backend/opensex
- *
- * Most networks will want opensex.
- */
-loadmodule "modules/backend/opensex";
-
-/* Password hashing modules.
- *
- * If you would like encryption for your services passwords, or to migrate
- * from another IRC services package which used encryption for its passwords,
- * please select a module here.
- *
- * The following encryption-capable crypto modules are available:
- *
- * Argon2 (Password Hashing Competition 2015) modules/crypto/argon2
- * scrypt (Tarsnap Online Backup Service) modules/crypto/scrypt
- * PBKDF2 (Including support for SASL SCRAM-SHA) modules/crypto/pbkdf2v2
- * bcrypt (EksBlowfish; from Niels Provos etc.) modules/crypto/bcrypt
- * SHA2-512 crypt(3) a la '$6$...' modules/crypto/crypt3-sha2-512
- * SHA2-256 crypt(3) a la '$5$...' modules/crypto/crypt3-sha2-256
- *
- * If you do not load an encryption-capable crypto module, some features will
- * not work correctly, and errors will be logged on e.g. user registration
- * that it was not possible to encrypt their password. Support for running
- * without an encryption-capable crypto module will be removed in a later
- * version of this software; for now it is just *HIGHLY* discouraged.
- *
- * Note, that upon starting with an encryption-capable crypto module, YOUR
- * UNENCRYPTED PASSWORDS ARE IMMEDIATELY AND *IRREVERSIBLY* CONVERTED. Make
- * at least TWO backups of your database before experimenting with this. If
- * you have several thousand accounts, this conversion may take a long time.
- *
- * The following modules can only be used to /verify/ existing encrypted
- * passwords, for example when upgrading from an older version of this
- * software, or migrating from something else:
- *
- * PBKDF2 v1 (Atheme <= 7.2 compatibility) modules/crypto/pbkdf2
- * Raw SHA2-512 modules/crypto/rawsha2-512
- * Raw SHA2-256 modules/crypto/rawsha2-256
- * Anope SHA2-256 (Anope 2.0 compatibility) modules/crypto/anope-enc-sha256
- * Raw SHA1 (Anope ~1.8 compatibility) modules/crypto/rawsha1
- * Raw MD5 (Anope ~1.8 compatibility) modules/crypto/rawmd5
- * IRCServices (+ Anope) compatibility modules/crypto/ircservices
- * MD5 crypt(3) (Atheme Linux compatibility) modules/crypto/crypt3-md5
- * DES crypt(3) (Atheme OS X compatibility) modules/crypto/crypt3-des
- * Base64 (Anope ~1.8 compatibility) modules/crypto/base64
- *
- * To transition between crypto schemes, load the preferred scheme first,
- * and as users login or set new passwords, they will be migrated to the new
- * preferred scheme. Like so:
- *
- * loadmodule "modules/crypto/argon2";
- * loadmodule "modules/crypto/scrypt";
- * loadmodule "modules/crypto/pbkdf2v2";
- * loadmodule "modules/crypto/pbkdf2";
- * loadmodule "modules/crypto/crypt3-md5";
- *
- * The Argon2 module requires the argon2 reference library (./configure
- * --with-argon2) and is *NOT* available in Atheme v7.2 or earlier. If you
- * wish to use this module while retaining the possibility to downgrade to
- * v7.2, please see the crypto {} documentation below.
- *
- * The Scrypt module requires libsodium (./configure --with-libsodium) and is
- * *NOT* available in Atheme v7.2 or earlier. This module may also require a
- * 64-bit Operating System to function correctly.
- *
- * The PBKDF2v2 module has no dependencies and is recommended. If you were
- * previously using the PBKDF2 v1 module on v7.2, you must still keep it in
- * the configuration here; the PBKDF2 v2 module cannot verify its password
- * hashes. However, you should also load PBKDF2 v2 (if you don't decide to use
- * anything else), because the PBKDF2 v1 module is now verify-only.
- *
- * The bcrypt module will truncate passwords greater than 72 characters. It is
- * also capable of verifying the older $2a$ digests that contain an integer
- * wrap-around bug, as used on e.g. Anope. It is not capable of verifying the
- * PHP-bcrypt $2x$ and $2y$ digests; but $2y$ can simply be changed to $2b$.
- * All successfully-verified passwords not using $2b$ will be converted to it.
- * This is an encryption-capable module, but its use is discouraged unless you
- * need to use it for interoperability with some other piece of software.
- *
- * The crypt3-* modules depend on your platform crypt(3) supporting the
- * respective algorithms. This is not guaranteed to be the case. If you used
- * modules/crypto/posix on Linux, you need crypt3-md5. If you used
- * modules/crypto/posix on OS X, you need crypt3-des. These modules issue
- * informational messages when loaded to the effect that they might break in
- * the future. They also run selftests on load to verify that they will work.
- *
- * All available modules are listed below, in the preferred load order. The
- * modules that are commented out are not available by default (please see
- * the v7.3 release notes in NEWS.md) or may require a third-party library to
- * use. If you know that you do not need a specific module, it is better to
- * not load it, so comment it out. Do not change the order of the modules
- * below unless you need to migrate from one to the other (as described
- * above); in particular, putting verify-only modules above encryption-
- * capable modules would be a waste of CPU time every time password
- * verification for a user whose password was not encrypted by them is
- * attempted.
- *
- * Comments that start with -- describe the ./configure option necessary to
- * have this module built.
- */
-#loadmodule "modules/crypto/argon2"; /* --with-argon2 */
-#loadmodule "modules/crypto/scrypt"; /* --with-sodium */
-loadmodule "modules/crypto/pbkdf2v2";
-#loadmodule "modules/crypto/bcrypt"; /* See notes above */
-loadmodule "modules/crypto/pbkdf2"; /* Verify-only, see prev. */
-#loadmodule "modules/crypto/crypt3-sha2-512"; /* Needs crypt(3) support */
-#loadmodule "modules/crypto/crypt3-sha2-256"; /* Needs crypt(3) support */
-#loadmodule "modules/crypto/crypt3-md5"; /* --enable-legacy-pwcrypto */
-#loadmodule "modules/crypto/rawsha2-512"; /* --enable-legacy-pwcrypto */
-#loadmodule "modules/crypto/rawsha2-256"; /* --enable-legacy-pwcrypto */
-#loadmodule "modules/crypto/anope-enc-sha256"; /* --enable-legacy-pwcrypto */
-#loadmodule "modules/crypto/rawsha1"; /* --enable-legacy-pwcrypto */
-#loadmodule "modules/crypto/rawmd5"; /* --enable-legacy-pwcrypto */
-#loadmodule "modules/crypto/ircservices"; /* --enable-legacy-pwcrypto */
-#loadmodule "modules/crypto/crypt3-des"; /* --enable-legacy-pwcrypto */
-#loadmodule "modules/crypto/base64"; /* --enable-legacy-pwcrypto */
-
-/* Authentication module.
- *
- * These allow using passwords from an external system. The password given
- * when registering a new account is also checked against the external
- * system.
- *
- * The following authentication modules are available:
- *
- * LDAP modules/auth/ldap
- *
- * The LDAP module requires OpenLDAP client libraries. It uses them in a
- * synchronous manner, which means that an unresponsive LDAP server can
- * freeze services.
- */
-#loadmodule "modules/auth/ldap";
-
-/* NickServ modules.
- *
- * Here you can disable or enable certain features of NickServ, by
- * defining which modules are loaded. You can even disable NickServ
- * entirely. Please note however, that an authentication service
- * (either NickServ, or UserServ) is required for proper functionality.
- *
- * Core components modules/nickserv/main
- * Nickname access lists modules/nickserv/access
- * Bad email address blocking modules/nickserv/badmail
- * CertFP fingerprint managment modules/nickserv/cert
- * DROP command modules/nickserv/drop
- * Nickname enforcement modules/nickserv/enforce
- * GHOST command modules/nickserv/ghost
- * GROUP and UNGROUP commands modules/nickserv/group
- * HELP command modules/nickserv/help
- * Nickname expiry override (HOLD command) modules/nickserv/hold
- * IDENTIFY command modules/nickserv/identify
- * INFO command modules/nickserv/info
- * Last quit message in INFO modules/nickserv/info_lastquit
- * LIST command modules/nickserv/list
- * LISTLOGINS command modules/nickserv/listlogins
- * LISTMAIL command modules/nickserv/listmail
- * LISTOWNMAIL command modules/nickserv/listownmail
- * LOGIN command (for no_nick_ownership) modules/nickserv/login
- * LOGOUT command modules/nickserv/logout
- * MARK command modules/nickserv/mark
- * Password quality validation modules/nickserv/pwquality
- * FREEZE command modules/nickserv/freeze
- * LISTCHANS command modules/nickserv/listchans
- * LISTGROUPS command modules/nickserv/listgroups
- * REGISTER command modules/nickserv/register
- * Bypass registration limits (REGNOLIMIT) modules/nickserv/regnolimit
- * Password reset (RESETPASS command) modules/nickserv/resetpass
- * RESTRICT command modules/nickserv/restrict
- * Password return (RETURN command) modules/nickserv/return
- * Password retrieval (SENDPASS command) modules/nickserv/sendpass
- * Password retrieval allowed to normal users modules/nickserv/sendpass_user
- * Change primary nickname (SET ACCOUNTNAME) modules/nickserv/set_accountname
- * SET EMAIL command modules/nickserv/set_email
- * SET EMAILMEMOS command modules/nickserv/set_emailmemos
- * SET ENFORCETIME command modules/nickserv/set_enforcetime
- * SET HIDEMAIL command modules/nickserv/set_hidemail
- * SET LANGUAGE command modules/nickserv/set_language
- * SET NEVERGROUP command modules/nickserv/set_nevergroup
- * SET NEVEROP command modules/nickserv/set_neverop
- * SET NOGREET command modules/nickserv/set_nogreet
- * SET NOMEMO command modules/nickserv/set_nomemo
- * SET NOOP command modules/nickserv/set_noop
- * SET NOPASSWORD command modules/nickserv/set_nopassword
- * SET PASSWORD command modules/nickserv/set_password
- * PRIVMSG instead of NOTICE (SET PRIVMSG cmd) modules/nickserv/set_privmsg
- * Account info hiding (SET PRIVATE command) modules/nickserv/set_private
- * SET PROPERTY command modules/nickserv/set_property
- * SET PUBKEY command modules/nickserv/set_pubkey
- * SET QUIETCHG command modules/nickserv/set_quietchg
- * Password retrieval uses code (SETPASS cmd) modules/nickserv/setpass
- * STATUS command modules/nickserv/status
- * Nickname metadata viewer (TAXONOMY command) modules/nickserv/taxonomy
- * VACATION command modules/nickserv/vacation
- * VERIFY command modules/nickserv/verify
- * VHOST command modules/nickserv/vhost
- * Delay services account registrations modules/nickserv/waitreg
- */
-loadmodule "modules/nickserv/main";
-#loadmodule "modules/nickserv/access";
-loadmodule "modules/nickserv/badmail";
-#loadmodule "modules/nickserv/cert";
-loadmodule "modules/nickserv/drop";
-#loadmodule "modules/nickserv/enforce";
-loadmodule "modules/nickserv/ghost";
-loadmodule "modules/nickserv/group";
-loadmodule "modules/nickserv/help";
-loadmodule "modules/nickserv/hold";
-loadmodule "modules/nickserv/identify";
-loadmodule "modules/nickserv/info";
-#loadmodule "modules/nickserv/info_lastquit";
-loadmodule "modules/nickserv/list";
-#loadmodule "modules/nickserv/listlogins";
-loadmodule "modules/nickserv/listmail";
-#loadmodule "modules/nickserv/listownmail";
-#loadmodule "modules/nickserv/login";
-loadmodule "modules/nickserv/logout";
-loadmodule "modules/nickserv/mark";
-#loadmodule "modules/nickserv/pwquality";
-loadmodule "modules/nickserv/freeze";
-loadmodule "modules/nickserv/listchans";
-loadmodule "modules/nickserv/listgroups";
-loadmodule "modules/nickserv/register";
-loadmodule "modules/nickserv/regnolimit";
-loadmodule "modules/nickserv/resetpass";
-loadmodule "modules/nickserv/restrict";
-loadmodule "modules/nickserv/return";
-loadmodule "modules/nickserv/setpass";
-#loadmodule "modules/nickserv/sendpass";
-loadmodule "modules/nickserv/sendpass_user";
-loadmodule "modules/nickserv/set_accountname";
-loadmodule "modules/nickserv/set_email";
-loadmodule "modules/nickserv/set_emailmemos";
-#loadmodule "modules/nickserv/set_enforcetime";
-loadmodule "modules/nickserv/set_hidemail";
-loadmodule "modules/nickserv/set_language";
-loadmodule "modules/nickserv/set_nevergroup";
-loadmodule "modules/nickserv/set_neverop";
-loadmodule "modules/nickserv/set_nogreet";
-loadmodule "modules/nickserv/set_nomemo";
-loadmodule "modules/nickserv/set_noop";
-#loadmodule "modules/nickserv/set_nopassword";
-loadmodule "modules/nickserv/set_password";
-#loadmodule "modules/nickserv/set_privmsg";
-#loadmodule "modules/nickserv/set_private";
-loadmodule "modules/nickserv/set_property";
-loadmodule "modules/nickserv/set_pubkey";
-loadmodule "modules/nickserv/set_quietchg";
-loadmodule "modules/nickserv/status";
-loadmodule "modules/nickserv/taxonomy";
-loadmodule "modules/nickserv/vacation";
-loadmodule "modules/nickserv/verify";
-loadmodule "modules/nickserv/vhost";
-#loadmodule "modules/nickserv/waitreg";
-
-/* ChanServ modules.
- *
- * Here you can disable or enable certain features of ChanServ, by
- * defining which modules are loaded. You can even disable ChanServ
- * entirely. Please note that ChanServ requires an authentication
- * service, either NickServ or UserServ will do.
- *
- * Core components modules/chanserv/main
- * ACCESS command (simplified ACL editing) modules/chanserv/access
- * AKICK command modules/chanserv/akick
- * BAN/UNBAN commands modules/chanserv/ban
- * UNBAN self only (load ban or this not both) modules/chanserv/unban_self
- * BANSEARCH command modules/chanserv/bansearch
- * CLOSE command modules/chanserv/close
- * CLONE command modules/chanserv/clone
- * CLEAR command modules/chanserv/clear
- * CLEAR AKICKS command modules/chanserv/clear_akicks
- * CLEAR BANS command modules/chanserv/clear_bans
- * CLEAR FLAGS command modules/chanserv/clear_flags
- * CLEAR USERS command modules/chanserv/clear_users
- * COUNT command modules/chanserv/count
- * DROP command modules/chanserv/drop
- * Forced flags changes modules/chanserv/fflags
- * FLAGS command modules/chanserv/flags
- * Forced foundership transfers modules/chanserv/ftransfer
- * GETKEY command modules/chanserv/getkey
- * HALFOP/DEHALFOP commands modules/chanserv/halfop
- * HELP command modules/chanserv/help
- * Channel expiry override (HOLD command) modules/chanserv/hold
- * INFO command modules/chanserv/info
- * INVITE command modules/chanserv/invite
- * KICK/KICKBAN commands modules/chanserv/kick
- * LIST command modules/chanserv/list
- * MARK command modules/chanserv/mark
- * Moderated channel registrations modules/chanserv/moderate
- * OP/DEOP commands modules/chanserv/op
- * OWNER/DEOWNER commands modules/chanserv/owner
- * PROTECT/DEPROTECT commands modules/chanserv/protect
- * QUIET command (+q support) modules/chanserv/quiet
- * Channel takeover recovery (RECOVER command) modules/chanserv/recover
- * REGISTER command modules/chanserv/register
- * SET EMAIL command modules/chanserv/set_email
- * SET ENTRYMSG command modules/chanserv/set_entrymsg
- * SET FANTASY command modules/chanserv/set_fantasy
- * SET GAMESERV command modules/chanserv/set_gameserv
- * SET GUARD command modules/chanserv/set_guard
- * SET KEEPTOPIC command modules/chanserv/set_keeptopic
- * SET LIMITFLAGS command modules/chanserv/set_limitflags
- * SET MLOCK command modules/chanserv/set_mlock
- * SET PREFIX command modules/chanserv/set_prefix
- * Channel info hiding (SET PRIVATE command) modules/chanserv/set_private
- * SET PROPERTY command modules/chanserv/set_property
- * SET PUBACL command modules/chanserv/set_pubacl
- * SET RESTRICTED command modules/chanserv/set_restricted
- * SET SECURE command modules/chanserv/set_secure
- * SET TOPICLOCK command modules/chanserv/set_topiclock
- * SET URL command modules/chanserv/set_url
- * SET VERBOSE command modules/chanserv/set_verbose
- * STATUS command modules/chanserv/status
- * SYNC command (and automatic ACL syncing) modules/chanserv/sync
- * Named Successor ACL flag modules/chanserv/successor_acl
- * Channel metadata viewer (TAXONOMY command) modules/chanserv/taxonomy
- * TEMPLATE command modules/chanserv/template
- * TOPIC/TOPICAPPEND commands modules/chanserv/topic
- * VOICE/DEVOICE commands modules/chanserv/voice
- * WHY command modules/chanserv/why
- * VOP/HOP/AOP/SOP commands modules/chanserv/xop
- * This module provides emulation of the ircservices XOP scheme ONLY.
- * Do not report discrepencies when using native commands to edit channel
- * ACLs. This is intentional.
- * Flood protection modules/chanserv/antiflood
- * This module should be loaded after at least chanserv/quiet if you want
- * the autoquiet feature to work.
- */
-loadmodule "modules/chanserv/main";
-loadmodule "modules/chanserv/access";
-loadmodule "modules/chanserv/akick";
-loadmodule "modules/chanserv/ban";
-#loadmodule "modules/chanserv/unban_self";
-loadmodule "modules/chanserv/bansearch";
-loadmodule "modules/chanserv/clone";
-loadmodule "modules/chanserv/close";
-loadmodule "modules/chanserv/clear";
-loadmodule "modules/chanserv/clear_akicks";
-loadmodule "modules/chanserv/clear_bans";
-loadmodule "modules/chanserv/clear_flags";
-loadmodule "modules/chanserv/clear_users";
-loadmodule "modules/chanserv/count";
-loadmodule "modules/chanserv/drop";
-#loadmodule "modules/chanserv/fflags";
-loadmodule "modules/chanserv/flags";
-loadmodule "modules/chanserv/ftransfer";
-loadmodule "modules/chanserv/getkey";
-#loadmodule "modules/chanserv/halfop";
-loadmodule "modules/chanserv/help";
-loadmodule "modules/chanserv/hold";
-loadmodule "modules/chanserv/info";
-loadmodule "modules/chanserv/invite";
-loadmodule "modules/chanserv/kick";
-loadmodule "modules/chanserv/list";
-loadmodule "modules/chanserv/mark";
-#loadmodule "modules/chanserv/moderate";
-loadmodule "modules/chanserv/op";
-#loadmodule "modules/chanserv/owner";
-#loadmodule "modules/chanserv/protect";
-#loadmodule "modules/chanserv/quiet";
-loadmodule "modules/chanserv/recover";
-loadmodule "modules/chanserv/register";
-loadmodule "modules/chanserv/set_email";
-loadmodule "modules/chanserv/set_entrymsg";
-loadmodule "modules/chanserv/set_fantasy";
-#loadmodule "modules/chanserv/set_gameserv";
-loadmodule "modules/chanserv/set_guard";
-loadmodule "modules/chanserv/set_keeptopic";
-#loadmodule "modules/chanserv/set_limitflags";
-loadmodule "modules/chanserv/set_mlock";
-loadmodule "modules/chanserv/set_prefix";
-#loadmodule "modules/chanserv/set_private";
-loadmodule "modules/chanserv/set_property";
-#loadmodule "modules/chanserv/set_pubacl";
-loadmodule "modules/chanserv/set_restricted";
-loadmodule "modules/chanserv/set_secure";
-loadmodule "modules/chanserv/set_topiclock";
-loadmodule "modules/chanserv/set_url";
-loadmodule "modules/chanserv/set_verbose";
-loadmodule "modules/chanserv/status";
-loadmodule "modules/chanserv/sync";
-#loadmodule "modules/chanserv/successor_acl";
-loadmodule "modules/chanserv/taxonomy";
-loadmodule "modules/chanserv/template";
-loadmodule "modules/chanserv/topic";
-loadmodule "modules/chanserv/voice";
-loadmodule "modules/chanserv/why";
-#loadmodule "modules/chanserv/xop";
-loadmodule "modules/chanserv/antiflood";
-
-/* CHANFIX module.
- *
- * Here you can disable or enable certain features of CHANFIX, by
- * defining which modules are loaded.
- *
- * Core components modules/chanfix/main
- */
-#loadmodule "modules/chanfix/main";
-
-/* OperServ modules.
- *
- * Here you can disable or enable certain features of OperServ, by
- * defining which modules are loaded.
- *
- * Core components modules/operserv/main
- * AKILL system modules/operserv/akill
- * CLEARCHAN command modules/operserv/clearchan
- * CLONES system modules/operserv/clones
- * COMPARE command modules/operserv/compare
- * GENHASH command modules/operserv/genhash
- * GREPLOG command modules/operserv/greplog
- * HELP command modules/operserv/help
- * IGNORE system modules/operserv/ignore
- * IDENTIFY command modules/operserv/identify
- * INFO command modules/operserv/info
- * INJECT command modules/operserv/inject
- * JUPE command modules/operserv/jupe
- * MODE command modules/operserv/mode
- * MODINSPECT command modules/operserv/modinspect
- * MODLIST command modules/operserv/modlist
- * MODLOAD command modules/operserv/modload
- * MODRELOAD command modules/operserv/modreload
- * MODUNLOAD command modules/operserv/modunload
- * NOOP system modules/operserv/noop
- * Regex mass akill (RAKILL command) modules/operserv/rakill
- * RAW command modules/operserv/raw
- * READONLY command modules/operserv/readonly
- * REHASH command modules/operserv/rehash
- * RESTART command modules/operserv/restart
- * Display regex matching (RMATCH command) modules/operserv/rmatch
- * Most common realnames (RNC command) modules/operserv/rnc
- * RWATCH system modules/operserv/rwatch
- *
- * Note that ALL of these SET commands only apply until the next rehash!
- *
- * ALL of the below SET commands (deprecated) modules/operserv/set
- * SET AKICKTIME subcommand (temporarily) modules/operserv/set_akicktime
- * SET CHANEXPIRE subcommand (temporarily) modules/operserv/set_chanexpire
- * SET COMMITINTERVAL subcommand (temporarily) modules/operserv/set_commitinterval
- * SET ENFORCEPREFIX subcommand (temporarily) modules/operserv/set_enforceprefix
- * SET KLINETIME subcommand (temporarily) modules/operserv/set_klinetime
- * SET MAXCHANACS subcommand (temporarily) modules/operserv/set_maxchanacs
- * SET MAXCHANS subcommand (temporarily) modules/operserv/set_maxchans
- * SET MAXFOUNDERS subcommand (temporarily) modules/operserv/set_maxfounders
- * SET MAXLOGINS subcommand (temporarily) modules/operserv/set_maxlogins
- * SET MAXNICKS subcommand (temporarily) modules/operserv/set_maxnicks
- * SET MAXUSERS subcommand (temporarily) modules/operserv/set_maxusers
- * SET MDLIMIT subcommand (temporarily) modules/operserv/set_mdlimit
- * SET NICKEXPIRE subcommand (temporarily) modules/operserv/set_nickexpire
- * SET RECONTIME subcommand (temporarily) modules/operserv/set_recontime
- * SET SPAM subcommand (temporarily) modules/operserv/set_spam
- *
- * SGLINE system modules/operserv/sgline
- * SHUTDOWN command modules/operserv/shutdown
- * Non-config oper privileges (SOPER command) modules/operserv/soper
- * Oper privilege display (SPECS command) modules/operserv/specs
- * SQLINE system modules/operserv/sqline
- * UPDATE command modules/operserv/update
- * UPTIME command modules/operserv/uptime
- */
-loadmodule "modules/operserv/main";
-loadmodule "modules/operserv/akill";
-#loadmodule "modules/operserv/clearchan";
-#loadmodule "modules/operserv/clones";
-loadmodule "modules/operserv/compare";
-#loadmodule "modules/operserv/genhash";
-#loadmodule "modules/operserv/greplog";
-loadmodule "modules/operserv/help";
-loadmodule "modules/operserv/identify";
-loadmodule "modules/operserv/ignore";
-loadmodule "modules/operserv/info";
-loadmodule "modules/operserv/jupe";
-loadmodule "modules/operserv/mode";
-loadmodule "modules/operserv/modinspect";
-loadmodule "modules/operserv/modlist";
-loadmodule "modules/operserv/modload";
-loadmodule "modules/operserv/modunload";
-loadmodule "modules/operserv/modreload";
-loadmodule "modules/operserv/noop";
-#loadmodule "modules/operserv/rakill";
-loadmodule "modules/operserv/readonly";
-loadmodule "modules/operserv/rehash";
-loadmodule "modules/operserv/restart";
-loadmodule "modules/operserv/rmatch";
-loadmodule "modules/operserv/rnc";
-loadmodule "modules/operserv/rwatch";
-loadmodule "modules/operserv/set";
-loadmodule "modules/operserv/sgline";
-loadmodule "modules/operserv/shutdown";
-#loadmodule "modules/operserv/soper";
-loadmodule "modules/operserv/specs";
-#loadmodule "modules/operserv/sqline";
-loadmodule "modules/operserv/update";
-loadmodule "modules/operserv/uptime";
-
-/* MemoServ modules.
- *
- * Here you can disable or enable certain features of MemoServ, by
- * defining which modules are loaded. You can even disable MemoServ
- * entirely.
- *
- * Core components modules/memoserv/main
- * HELP command modules/memoserv/help
- * SEND command modules/memoserv/send
- * Channel memos (SENDOPS command) modules/memoserv/sendops
- * Group memos (SENDGROUP command) modules/memoserv/sendgroup
- * LIST command modules/memoserv/list
- * READ command modules/memoserv/read
- * FORWARD command modules/memoserv/forward
- * DELETE command modules/memoserv/delete
- * IGNORE command modules/memoserv/ignore
- */
-loadmodule "modules/memoserv/main";
-loadmodule "modules/memoserv/help";
-loadmodule "modules/memoserv/send";
-loadmodule "modules/memoserv/sendops";
-loadmodule "modules/memoserv/sendgroup";
-loadmodule "modules/memoserv/list";
-loadmodule "modules/memoserv/read";
-loadmodule "modules/memoserv/forward";
-loadmodule "modules/memoserv/delete";
-loadmodule "modules/memoserv/ignore";
-
-/* Global module.
- *
- * Like the other services, the Global noticer is a module. You can
- * disable or enable it to your liking below. Please note that the
- * Global noticer is dependent on OperServ for full functionality.
- */
-loadmodule "modules/global/main";
-
-/* InfoServ module.
- *
- * Like the other services, InfoServ is a module. You can disable or
- * enable it to your liking below.
- */
-loadmodule "modules/infoserv/main";
-
-/* SASL agent module.
- *
- * Allows clients to authenticate to services via SASL with an appropriate
- * ircd. You need the core components and at least one mechanism.
- *
- * Core components modules/saslserv/main
- * AUTHCOOKIE mechanism (for IRIS) modules/saslserv/authcookie
- * ECDH-X25519-CHALLENGE mechanism modules/saslserv/ecdh-x25519-challenge
- * ECDSA-NIST256P-CHALLENGE mechanism modules/saslserv/ecdsa-nist256p-challenge
- * EXTERNAL mechanism (IRCv3.1+) modules/saslserv/external
- * PLAIN mechanism modules/saslserv/plain
- * SCRAM-SHA-* mechanisms modules/saslserv/scram
- *
- * ECDH-X25519-CHALLENGE support requires that Atheme be compiled against a
- * cryptographic library that provides X25519 ECDH support (BoringSSL,
- * LibreSSL, ARM mbedTLS, Nettle, Sodium). This will be checked while running
- * ./configure.
- *
- * ECDSA-NIST256P-CHALLENGE support requires that Atheme be compiled against
- * an OpenSSL with ECDSA support (not RHEL etc. unless you compile your own).
- * This will be checked while running ./configure.
- *
- * You MUST read doc/SASL-SCRAM before loading modules/saslserv/scram!
- */
-loadmodule "modules/saslserv/main";
-loadmodule "modules/saslserv/authcookie";
-#loadmodule "modules/saslserv/ecdh-x25519-challenge";
-#loadmodule "modules/saslserv/ecdsa-nist256p-challenge";
-#loadmodule "modules/saslserv/external";
-loadmodule "modules/saslserv/plain";
-#loadmodule "modules/saslserv/scram"; /* READ doc/SASL-SCRAM FIRST! */
-
-/* GameServ modules.
- *
- * Here you can disable or enable certain features of GameServ, by
- * defining which modules are loaded. You can even disable GameServ
- * entirely.
- *
- * Core components modules/gameserv/main
- * DICE/WOD commands modules/gameserv/dice
- * EIGHTBALL command modules/gameserv/eightball
- * Game-specific dice calculators modules/gameserv/gamecalc
- * HELP commands modules/gameserv/help
- * LOTTERY command modules/gameserv/lottery
- * NAMEGEN command modules/gameserv/namegen
- * RPS command modules/gameserv/rps
- */
-#loadmodule "modules/gameserv/main";
-#loadmodule "modules/gameserv/dice";
-#loadmodule "modules/gameserv/eightball";
-#loadmodule "modules/gameserv/gamecalc";
-#loadmodule "modules/gameserv/help";
-#loadmodule "modules/gameserv/lottery";
-#loadmodule "modules/gameserv/namegen";
-#loadmodule "modules/gameserv/rps";
-
-/* RPGServ modules.
- *
- * Here you can disable or enable certain features of RPGServ, by
- * defining which modules are loaded. You can even disable RPGServ
- * entirely.
- *
- * Core components modules/rpgserv/main
- * ENABLE/DISABLE commands modules/rpgserv/enable
- * HELP command modules/rpgserv/help
- * INFO command modules/rpgserv/info
- * LIST command modules/rpgserv/list
- * SEARCH command modules/rpgserv/search
- * SET commands modules/rpgserv/set
- */
-#loadmodule "modules/rpgserv/main";
-#loadmodule "modules/rpgserv/enable";
-#loadmodule "modules/rpgserv/help";
-#loadmodule "modules/rpgserv/info";
-#loadmodule "modules/rpgserv/list";
-#loadmodule "modules/rpgserv/search";
-#loadmodule "modules/rpgserv/set";
-
-/* BotServ modules.
- *
- * Here you can disable or enable certain features of BotServ, by
- * defining which modules are loaded. You can even disable BotServ
- * entirely.
- *
- * Core components modules/botserv/main
- * HELP command modules/botserv/help
- * INFO command modules/botserv/info
- * NPC commands (SAY, ACT) modules/botserv/bottalk
- * SET FANTASY command modules/botserv/set_fantasy
- * SET NOBOT command modules/botserv/set_nobot
- * SET PRIVATE command modules/botserv/set_private
- * SET SAYCALLER command modules/botserv/set_saycaller
- */
-#loadmodule "modules/botserv/main";
-#loadmodule "modules/botserv/help";
-#loadmodule "modules/botserv/info";
-#loadmodule "modules/botserv/bottalk";
-#loadmodule "modules/botserv/set_fantasy";
-#loadmodule "modules/botserv/set_nobot";
-#loadmodule "modules/botserv/set_private";
-#loadmodule "modules/botserv/set_saycaller";
-
-/* HostServ modules.
- *
- * Here you can disable or enable certain features of HostServ, by
- * defining which modules are loaded. You can even disable HostServ
- * entirely.
- *
- * HostServ is a more complex, and optional virtual host management service.
- * Users wishing only to set vhosts need not use it (they can use the builtin
- * vhost management of NickServ instead).
- *
- * Core components modules/hostserv/main
- * HELP command modules/hostserv/help
- * OFFER system modules/hostserv/offer
- * ON and OFF commands modules/hostserv/onoff
- * REQUEST system modules/hostserv/request
- * VHOST and LISTVHOST commands modules/hostserv/vhost
- * VHOSTNICK command modules/hostserv/vhostnick
- * GROUP command modules/hostserv/group
- * DROP command modules/hostserv/drop
- */
-#loadmodule "modules/hostserv/main";
-#loadmodule "modules/hostserv/help";
-#loadmodule "modules/hostserv/onoff";
-#loadmodule "modules/hostserv/offer";
-#loadmodule "modules/hostserv/request";
-#loadmodule "modules/hostserv/vhost";
-#loadmodule "modules/hostserv/vhostnick";
-#loadmodule "modules/hostserv/group";
-#loadmodule "modules/hostserv/drop";
-
-/* HelpServ modules.
- * HelpServ allows users to request help from network staff in a few different ways.
- *
- * Core components modules/helpserv/main
- * HELPME command modules/helpserv/helpme
- * Help Ticket system modules/helpserv/ticket
- * Service List modules/helpserv/services
- *
- * The ticket system works like a bugtracker ot helpdesk ticket system, HELPME
- * works like a one-time alert. You should probably only load one of the two systems.
- */
-#loadmodule "modules/helpserv/main";
-#loadmodule "modules/helpserv/helpme";
-#loadmodule "modules/helpserv/ticket";
-#loadmodule "modules/helpserv/services";
-
-/* Channel listing service.
- *
- * Allows users to list channels with more flexibility than the /list
- * command.
- *
- * Core components modules/alis/main
- */
-#loadmodule "modules/alis/main";
-
-/* StatServ module.
- * StatServ provides basic statistics and split tracking.
- *
- * Core components modules/statserv/main
- * CHANNEL command modules/statserv/channel
- * NETSPLIT command modules/statserv/netsplit
- * SERVER command modules/statserv/server
- */
-loadmodule "modules/statserv/main";
-#loadmodule "modules/statserv/channel";
-loadmodule "modules/statserv/netsplit";
-loadmodule "modules/statserv/server";
-
-/* GroupServ module.
- * GroupServ allows users to create groups to easily mass-manage channel
- * access and more.
- *
- * Core components modules/groupserv/main
- * ACSNOLIMIT command modules/groupserv/acsnolimit
- * DROP command modules/groupserv/drop
- * FFLAGS command modules/groupserv/fflags
- * FLAGS command modules/groupserv/flags
- * HELP command modules/groupserv/help
- * INFO command modules/groupserv/info
- * JOIN command modules/groupserv/join
- * LIST command modules/groupserv/list
- * LISTCHANS command modules/groupserv/listchans
- * REGISTER command modules/groupserv/register
- * REGNOLIMIT command modules/groupserv/regnolimit
- * INVITE command modules/groupserv/invite
- * SET command modules/groupserv/set
- * SET CHANNEL command modules/groupserv/set_channel
- * SET DESCRIPTION command modules/groupserv/set_description
- * SET EMAIL command modules/groupserv/set_email
- * SET GROUPNAME command modules/groupserv/set_groupname
- * SET JOINFLAGS command modules/groupserv/set_joinflags
- * SET OPEN command modules/groupserv/set_open
- * SET PUBLIC command modules/groupserv/set_public
- * SET URL command modules/groupserv/set_url
- *
- */
-loadmodule "modules/groupserv/main";
-loadmodule "modules/groupserv/acsnolimit";
-loadmodule "modules/groupserv/drop";
-loadmodule "modules/groupserv/fflags";
-loadmodule "modules/groupserv/flags";
-loadmodule "modules/groupserv/help";
-loadmodule "modules/groupserv/info";
-loadmodule "modules/groupserv/join";
-loadmodule "modules/groupserv/list";
-loadmodule "modules/groupserv/listchans";
-loadmodule "modules/groupserv/register";
-loadmodule "modules/groupserv/regnolimit";
-#loadmodule "modules/groupserv/invite";
-loadmodule "modules/groupserv/set";
-loadmodule "modules/groupserv/set_channel";
-loadmodule "modules/groupserv/set_description";
-loadmodule "modules/groupserv/set_email";
-loadmodule "modules/groupserv/set_groupname";
-loadmodule "modules/groupserv/set_joinflags";
-loadmodule "modules/groupserv/set_open";
-loadmodule "modules/groupserv/set_public";
-loadmodule "modules/groupserv/set_url";
-
-/*
- * Various modules.
- *
- * Atheme includes an optional HTTP server that can be used for integration
- * with portal software and other useful things. To enable it, load this
- * module, and uncomment the httpd { } block towards the bottom of the config.
- *
- * HTTP Server modules/misc/httpd
- */
-#loadmodule "modules/misc/httpd";
-
-/* XMLRPC server module.
- *
- * The XML-RPC handler requires modules/misc/httpd to be loaded as it merely
- * registers a path handler for XML-RPC. The path used for XML-RPC is /xmlrpc.
- *
- * XMLRPC handler for the httpd modules/transport/xmlrpc
- */
-#loadmodule "modules/transport/xmlrpc";
-
-/* Extended target entity types. [EXPERIMENTAL]
- *
- * Atheme can set up special target mapping entities which match multiple
- * users in channel access entries. These target mapping entity types are
- * defined through the 'exttarget' modules listed below.
- *
- * Exttarget handling core modules/exttarget/main
- * $oper exttarget match type modules/exttarget/oper
- * $registered exttarget match type modules/exttarget/registered
- * $channel exttarget match type modules/exttarget/channel
- * $chanacs exttarget match type modules/exttarget/chanacs
- * $server exttarget match type modules/exttarget/server
- */
-#loadmodule "modules/exttarget/main";
-#loadmodule "modules/exttarget/oper";
-#loadmodule "modules/exttarget/registered";
-#loadmodule "modules/exttarget/channel";
-#loadmodule "modules/exttarget/chanacs";
-#loadmodule "modules/exttarget/server";
-
-/* Proxyscan (DNSBL) modules.
- *
- * Atheme can also check set DNS Blacklists for matches and respond
- * as set. Activate modules here and customize further down under Proxyscan
- * section.
- */
-#loadmodule "modules/proxyscan/main";
-#loadmodule "modules/proxyscan/dnsbl";
-
-/* Other modules.
- *
- * Put any other modules you want to load on startup here. The path
- * is relative to PREFIX or PREFIX/lib/atheme, depending on how Atheme
- * was compiled.
- */
-#loadmodule "modules/contrib/backtrace";
-
-/******************************************************************************
- * SERVICES RUNTIME CONFIGURATION SECTION. *
- ******************************************************************************/
-
-/*
- * This block controls the configuration options for crypto modules.
- *
- * It is recommended to either leave the values at their defaults, or
- * experiment with them so that it takes approximately 0.2-0.4 seconds
- * for users to identify. Services blocks while the password is being
- * encrypted or verified, so don't set these too large, or people can
- * hang services by trying many password attempts at once.
- *
- * A benchmark program for the Argon2, scrypt & PBKDF2 crypto code is
- * available to assist with tuning these parameters:
- *
- * - ./configure --prefix=foo ...
- * - make
- * - make install
- * - ${foo}/bin/atheme-crypto-benchmark -o
- *
- * If you wish to deploy SASL SCRAM support, please read 'doc/SASL-SCRAM' and
- * pass the '-i' flag to the included cryptographic benchmarking utility too.
- *
- * If you are using the PBKDF2 module, its performance will be significantly
- * affected by your choice of cryptographic digest library. This software can
- * currently interface with 3 libraries; in decreasing order of performance:
- *
- * - OpenSSL (libcrypto)
- * - GnuPG (libgcrypt)
- * - ARM mbedTLS (libmbedcrypto)
- *
- * If you have one of these libraries available at configure-time, the PBKDF2
- * module will perform significantly better, allowing you to raise its
- * iteration count without affecting the computation time. This is indicated
- * by the output of the configure script; "Digest Frontend". The benchmark
- * program will also inform you what cryptographic digest library it is using,
- * if any.
- *
- *
- *
- * If you are migrating from crypto/argon2d (v7.2) to crypto/argon2, and you
- * wish to use the same parameters as the older module's defaults, configure
- * it like so:
- *
- * crypto {
- * argon2_type = "argon2d";
- * argon2_memcost = 14;
- * argon2_timecost = 32;
- * argon2_threads = 1;
- * argon2_saltlen = 32;
- * argon2_hashlen = 64;
- * };
- *
- *
- *
- * If you are migrating from crypto/pbkdf2 (v7.2) to crypto/pbkdf2v2, and you
- * wish to use the same parameters as the older module, configure it like so:
- *
- * crypto {
- * pbkdf2v2_digest = "SHA512";
- * pbkdf2v2_rounds = 128000;
- * };
- *
- * Note that this will still result in passwords being re-encrypted with the
- * newer module (as the older module successfully verifies them); another new
- * PBKDF2 computation with a new salt will occur, but this is still no worse
- * than an invocation of NickServ's "SET PASSWORD" command. You will still
- * need to keep the old module in your loadmodule configuration above, as the
- * new module cannot verify digests produced by the old one.
- *
- * If you wish to deploy SASL SCRAM support, please read 'doc/SASL-SCRAM'.
- * Its advice regarding parameter choice takes precedence over this!
- */
-crypto {
-
- /* (*) argon2_type
- *
- * The algorithm type to use for new passwords.
- *
- * Argon2d is suitable for use on a dedicated machine that has
- * limited access. It provides the most resistance to GPU and ASIC
- * cracking attacks, but its operation is data-dependent; that is,
- * during its operation, keying material derived from the password
- * itself is indirectly affecting the execution choices made by the
- * algorithm. This creates a side-channel that can leak information
- * about the password to other software running on the same physical
- * machine.
- *
- * Argon2i avoids this by being data-independent. The order of memory
- * accesses, conditional execution, etc. does not depend on the
- * password, or any material derived from the password, so no side-
- * channel that can reveal any information about the password is
- * created. However, this means that it is easier to bruteforce by a
- * password cracker, which does not have to account for execution
- * differences in its implementation. This is the most suitable
- * choice for running on a virtual machine that is co-located with
- * other, untrusted, virtual machines, or on a dedicated machine that
- * runs other, untrusted, software, or has untrusted user access.
- *
- * Argon2id is a blend of both, limiting the exploitability of any
- * side-channels while retaining excellent resistance to GPU and ASIC
- * cracking. This is suitable for all but the most sensitive of
- * deployments.
- *
- * All algorithm types perform about equally as well as each other;
- * changing this will not significantly affect the computation time.
- *
- * The "argon2id" type requires a more recent libargon2 library. This
- * is indicated in your ./configure output ("checking if libargon2
- * algorithm type Argon2id appears to be usable...").
- *
- * Valid values are "argon2d", "argon2i", and "argon2id"
- * The default is "argon2id"; unless unsupported, then "argon2d".
- */
- #argon2_type = "argon2id";
-
- /* (*) argon2_memcost
- *
- * Memory cost (as a power of 2, in KiB) to use for new passwords.
- *
- * You should set this as high as is reasonable for the machine you
- * will be running this software on. If this results in too slow a
- * computation time, reset the time cost below to its minimum value.
- * If it is still too slow, decrement this value (halving the memory
- * usage) until it is fast enough. Alternatively, if it is still too
- * fast after setting this to its highest reasonable value, raise the
- * time cost below until it is not. A benchmark program is available
- * alongside this software to aid in this process.
- *
- * WARNING: Do *NOT* set this to more than 20 (1 GiB RAM) on a 32-bit
- * machine or a 32-bit Operating System!
- *
- * Valid values are 3 (8 KiB RAM) to 30 (1 TiB RAM) (inclusive)
- * The default is 16 (64 MiB RAM)
- */
- #argon2_memcost = 16;
-
- /* (*) argon2_timecost
- *
- * Time cost (iterations over the memory pool).
- *
- * Valid values are 3 to 1,048,576 (inclusive)
- * The default is 3
- */
- #argon2_timecost = 3;
-
- /* (*) argon2_threads
- *
- * Number of processor threads to use for new passwords.
- *
- * If you want to increase the amount of computation effort required,
- * while not increasing the real ("wall clock") time required, raise
- * this setting to its maximum reasonable value for the machine you
- * will be running this software on.
- *
- * This software is not multi-threaded, so only one password will be
- * verified at a time. Therefore, you do NOT need to divide this by
- * the expected maximum number of simultaneous logins.
- *
- * It is pointless to set this higher than the number of hardware
- * processing threads you have; increase the time cost above instead
- * if you want to make it arbitrarily slower. Diminishing returns are
- * to be expected once you exceed the number of hardware processing
- * /cores/ you have; hyperthreading does NOT provide much (if any) of
- * a boost for this workload.
- *
- * Increasing this value will *decrease* the real time required, so
- * you may have to subsequently increase the time cost above again to
- * make it "just slow enough" once more. A benchmark program is
- * available alongside this software to aid in this process.
- *
- * WARNING: The (size of the) memory pool configured above is split
- * between the threads, which can result in too small a memory area
- * per-thread if many threads are used. If you set this value, it is
- * HIGHLY RECOMMENDED that you run the included benchmarking program
- * with the same configuration options, to confirm that it works!
- *
- * WARNING: This feature is experimental. Some of the code in this
- * software is not thread-safe, and although every effort has been
- * made to ensure that this feature will not interfere with the
- * operation of this software, this cannot be guaranteed.
- *
- * Valid values are 1 to 255 (inclusive)
- * The default is 1 (do not use any computation parallelism)
- */
- #argon2_threads = 1;
-
- /* (*) argon2_saltlen
- *
- * Salt length (in bytes) to use for new passwords. You should only
- * change this if absolutely necessary; for example, to interoperate
- * with other software. Its value doesn't significantly affect the
- * computation time.
- *
- * Valid values are 4 to 48 (inclusive)
- * The default is 16
- */
- #argon2_saltlen = 16;
-
- /* (*) argon2_hashlen
- *
- * Digest length (in bytes) to use for new passwords. You should only
- * change this if absolutely necessary; for example, to interoperate
- * with other software. Its value doesn't significantly affect the
- * computation time.
- *
- * Valid values are 16 to 128 (inclusive)
- * The default is 64
- */
- #argon2_hashlen = 64;
-
- /* (*) scrypt_memlimit
- *
- * Memory limit (as a power of 2, in KiB) to use for new passwords.
- *
- * You should set this as high as is reasonable for the machine you
- * will be running this software on. If this results in too slow a
- * computation time, reset the opslimit below to its default value.
- * If it is still too slow, decrement this value (halving the memory
- * usage) until it is fast enough. Alternatively, if it is still too
- * fast after setting this to its highest reasonable value, raise the
- * opslimit below until it is not. A benchmark program is available
- * alongside this software to aid in this process.
- *
- * WARNING: Do *NOT* set this to more than 20 (1 GiB RAM) on a 32-bit
- * machine or a 32-bit Operating System!
- *
- * Valid values are 14 (16 MiB RAM) to 26 (64 GiB RAM) (inclusive)
- * The default is 14 (16 MiB RAM)
- */
- #scrypt_memlimit = 14;
-
- /* (*) scrypt_opslimit
- *
- * Amount of computation to perform for new passwords.
- *
- * The default value for this option is based on the default value of
- * the above option. The recommended value is (memlimit_bytes / 32).
- *
- * Valid values are 32,768 to 4,294,967,295 (inclusive)
- * The default is 524,288
- */
- #scrypt_opslimit = 524288;
-
- /* (*) pbkdf2v2_digest
- *
- * Cryptographic digest algorithm to use (in HMAC mode).
- *
- * Valid values are "SHA1", "SHA2-256", and "SHA2-512".
- * Additionally, the following aliases exist, for compatibility:
- *
- * "SHA-1" -> SHA1
- * "SHA256" -> SHA2-256
- * "SHA512" -> SHA2-512
- * "SHA-256" -> SHA2-256
- * "SHA-512" -> SHA2-512
- *
- * Finally, you can prefix this value with "SCRAM-" to enable the
- * computation and storage of an RFC5802/SCRAM ServerKey & StoredKey,
- * instead of a raw PBKDF2 digest (SaltedPassword). Verification of
- * plaintext passwords against these digests can still be performed
- * (for e.g. NickServ IDENTIFY or SASL PLAIN), by computing a new
- * SCRAM ServerKey from the provided password and comparing it to the
- * stored ServerKey, so setting this to a SCRAM mode does NOT prevent
- * non-SCRAM logins. For these variants, please read doc/SASL-SCRAM.
- *
- * The default is "SHA2-512"
- */
- #pbkdf2v2_digest = "SHA2-512";
-
- /* (*) pbkdf2v2_rounds
- *
- * This is the PBKDF2 "iteration count". You should raise this as high
- * as is reasonable for the machine you will be running services on.
- * However, note that if you are going to deploy SASL SCRAM support,
- * the *client*, NOT services, performs the PBKDF2 calculation during
- * login, so keep in mind that many mobile clients will not perform as
- * well as a server, and reduce the iteration count accordingly. Also,
- * some clients will refuse to perform a login at all if this is set
- * too high. A benchmark program is included alongside this software to
- * aid in tuning this parameter.
- *
- * Valid values are 10,000 to 5,000,000 (inclusive)
- * The default is 64,000
- */
- #pbkdf2v2_rounds = 64000;
-
- /* (*) pbkdf2v2_saltlen
- * You should only change this if you *really* know what you're doing
- * Valid values are 8 to 64 (inclusive)
- * The default is 32
- */
- #pbkdf2v2_saltlen = 32;
-
- /* (*) bcrypt_cost
- *
- * Amount of rounds to perform for new passwords (as a power of 2).
- * You should raise this as high as is reasonable. A benchmark
- * program is available alongside this software to aid in this
- * process.
- *
- * Valid values are 4 to 31 (inclusive)
- * The default is 7
- */
- #bcrypt_cost = 7;
-
- /* (*) crypt3_sha2_256_rounds
- * (*) crypt3_sha2_512_rounds
- *
- * Use of this option is restricted to certain C libraries!
- * At present, only GNU libc6 ("glibc") v2.7+ is known to work.
- *
- * Valid values are 5,000 to 1,000,000 (inclusive)
- * The default is 5,000
- */
- #crypt3_sha2_256_rounds = 5000;
- #crypt3_sha2_512_rounds = 5000;
-};
-
-/* The serverinfo{} block defines how we appear on the IRC network. */
-serverinfo {
- /* name
- * The server name that this program uses on the IRC network.
- * This is the name you'll have to use in C:/N:Lines. It must be
- * unique on the IRC network and contain at least one dot, but does
- * not have to be equal to any DNS name.
- */
- name = "{{atheme_server_host}}";
-
- /* desc
- * The ``server comment'' we send to the IRC network.
- */
- desc = "Atheme IRC Services";
-
- /* numeric
- * Some protocol drivers (Charybdis, Ratbox2, P10, IRCNet)
- * require a server id, also known as a numeric. Please consult your
- * ircd's documentation when providing this value.
- */
- numeric = "00A";
-
- /* (*)recontime
- * The number of seconds before we reconnect to the uplink.
- */
- recontime = 10;
-
- /* (*)netname
- * The name of your network.
- */
- netname = "{{atheme_server_host}}";
-
- /* (*)hidehostsuffix
- * P10 +x host hiding gives <account>.<hidehostsuffix>.
- * If using +x on asuka, this must agree
- * with F:HIDDEN_HOST.
- */
- hidehostsuffix = "users.misconfigured";
-
- /* (*)adminname
- * The name of the person running this service.
- */
- adminname = "{{atheme_admin_name}}";
-
- /* (*)adminemail
- * The email address of the person running this service.
- */
- adminemail = "{{atheme_admin_email}}";
-
- /* (*)registeremail
- * The email address that messages should be originated from.
- * If this is not set, then "noreply.$adminemail" will be used.
- */
- registeremail = "{{atheme_admin_email}}";
-
- /* (*)hidden
- * If this is enabled, Atheme will indicate to the uplink IRCd
- * that it should not be included in /links output. This only works
- * on the following IRCds at present: charybdis, ircd-seven, ratbox.
- */
- #hidden;
-
- /* (*)mta
- * The full path to your mail transfer agent.
- * This is used for email authorization and password retrieval.
- * Comment this out to disable sending email.
- * Warning: sending email can disclose the IP of your services
- * unless you take precautions (not discussed here further).
- */
- mta = "/usr/sbin/sendmail";
-
- /* (*)loglevel
- * Specify the default categories of logging information to record
- * in the master Atheme logfile, usually var/atheme.log.
- *
- * Options include:
- * debug, all - meta-keyword for all possible categories
- * trace - meta-keyword for a little bit of info
- * misc - like trace, but with some more miscellaneous info
- * notice - meta-keyword for notice-like information
- * ------------------------------------------------------------------------------
- * error - critical errors
- * info - miscillaneous log notices
- * verbose - A bit more verbose than info, not quite as spammy as debug
- * commands - all command use
- * admin - administrative command use
- * register - account and channel registrations
- * set - changes of account or channel settings
- * request - user requests (currently only vhosts)
- * network - log notices related to network status
- * rawdata - log raw data sent and received by services
- * wallops - <not yet used>
- */
- loglevel = { error; info; admin; network; wallops; };
-
- /* (*)maxlogins
- * What is the maximum number of sessions allowed to login to one
- * username? This reduces potential abuse. It is only checked on login.
- */
- maxlogins = 5;
-
- /* (*)maxusers
- * What are the maximum usernames that one email address can register?
- * Set to 0 to disable this check (it can be slow currently).
- */
- maxusers = 5;
-
- /* (*)mdlimit
- * How many metadata entries can be added to an object?
- */
- mdlimit = 30;
-
- /* (*)emaillimit, emailtime
- * The maximum number of emails allowed to be sent in
- * that amount of time (seconds). If this is exceeded,
- * wallops will be sent, at most one per minute.
- */
- emaillimit = 10;
- emailtime = 300;
-
- /* (*)auth
- * What type of username registration authorization do you want?
- * If "email", Atheme will send a confirmation email to the address to
- * ensure it's valid. If registration is not completed within one day,
- * the username will expire. If "none", no message will be sent and
- * the username will be fully registered.
- * Valid values are: email, none.
- */
- auth = none;
-
- /* casemapping
- * Specify the casemapping to use. Almost all TSora (and any that follow
- * the RFC correctly) ircds will use rfc1459 casemapping. Bahamut, Unreal,
- * and other ``Dalnet'' ircds will use ascii casemapping.
- * Valid values are: rfc1459, ascii.
- */
- casemapping = rfc1459;
-};
-
-/* uplink{} blocks define connections to IRC servers.
- * Multiple may be defined but only one will be used at a time (IRC
- * being a tree shaped network). Atheme does not currently link over SSL.
- * To link Atheme over ssl, please connect Atheme to a local ircd and have that
- * connect to your network over SSL.
- */
-uplink "{{atheme_upstream_server}}" {
- // The server name of the ircd you're linking to goes above.
-
- // host
- // The hostname to connect to.
- host = "127.0.0.1";
-
- // vhost
- // The source IP to connect from, used on machines with multiple interfaces.
- #vhost = "192.0.2.5";
-
- // send_password
- // The password sent for linking.
- send_password = "{{atheme_server_pass}}";
-
- // receive_password
- // The password received for linking.
- receive_password = "{{atheme_server_pass}}";
-
- // port
- // The port to connect to.
- port = 6667;
-};
-
-/* this is an example for using an IPv6 address as an uplink */
-/* uplink "irc6.example.net" {
- host = "::1";
-
- // password
- // If you want to have same send_password and accept_password, you
- // can specify both using 'password' instead of individually.
- password = "linkage";
-
- port = 6667;
-};
-*/
-
-/* Services configuration.
- *
- * Each of these blocks can contain a nick, user, host, real and aliases.
- * Several of them also have options specific to the service.
- */
-
-/* NickServ configuration.
- *
- * The nickserv {} block contains settings specific to the NickServ modules.
- *
- * NickServ provides nickname or username registration and authentication
- * services. It provides necessary authentication features required for
- * Services to operate correctly. You should make sure these settings
- * are properly configured for your network.
- */
-nickserv {
- /* (*)spam
- * Have NickServ tell people about how great it and ChanServ are.
- */
- spam;
-
- /* no_nick_ownership
- * Enable this to disable nickname ownership (old userserv{}).
- * This changes changes "nickname" to "account" in most messages,
- * disables GHOST on users not logged in to the same account and
- * makes the spam directive ineffective.
- * It is suggested that the nick be set to UserServ, login.so
- * be loaded instead of identify.so and ghost.so not be loaded.
- */
- #no_nick_ownership;
-
- /* (*)nick
- * The nickname we want NickServ to have.
- */
- nick = "NickServ";
-
- /* (*)user
- * The username we want NickServ to have.
- */
- user = "NickServ";
-
- /* (*)host
- * The hostname we want NickServ to have.
- */
- host = "{{atheme_server_host}}";
-
- /* (*)real
- * The realname (gecos) information we want NickServ to have.
- */
- real = "Nickname Services";
-
- /* (*)aliases
- * Command aliases for NickServ.
- */
- aliases {
- "ID" = "IDENTIFY";
- "MYACCESS" = "LISTCHANS";
- };
-
- /* (*)access
- * This block allows you to modify the access level required to run
- * commands. The list of possible accesses are listed in the operclass
- * section later in this .conf . Note that you can only set the access
- * on an actual command, not an alias.
- */
- access {
- };
-
- /* (*)maxnicks
- * If GROUP is loaded, what are the maximum nicknames that one
- * username can register?
- */
- maxnicks = 5;
-
- /* (*)expire
- * The number of days before inactive registrations are expired.
- */
- expire = 30;
-
- /* (*)enforce_expire
- * The number of days of no use after which to ignore enforcement
- * settings on nicks.
- */
- #enforce_expire = 14;
-
- /* (*)enforce_delay
- * The number of seconds to delay nickchange enforcement settings
- * on nicks.
- */
- #enforce_delay = 30;
-
- /* (*)enforce_prefix
- * The prefix to use when changing the user's nick on enforcement
- */
- #enforce_prefix = "Guest";
-
- /* (*)waitreg_time
- * The amount of time (in seconds) users have to wait between
- * connecting to the network, and being able to register a services
- * account. Minimum value 0 (disables the enforced delay), default
- * value 0, maximum value 43200 (12 hours). Requires the
- * "modules/nickserv/waitreg" module to be loaded to do anything.
- */
- #waitreg_time = 0;
-
- /* (*)cracklib_dict
- * The location and filename prefix of the cracklib dictionaries
- * for use with nickserv/pwquality. This must be provided if you are
- * going to be using nickserv/pwquality with cracklib support enabled.
- */
- #cracklib_dict = "/var/cache/cracklib/cracklib_dict";
-
- /* (*)passwdqc_*
- * Please see the passwdqc.conf(5) documentation for an explanation
- * of these values. Affects modules/nickserv/pwquality if passwdqc
- * support is enabled. Default values given below.
- */
- #passwdqc_max = 288; /* (8 <= value <= 288) */
- #passwdqc_min_n0 = 20; /* (0 <= value <= passwdqc_max) */
- #passwdqc_min_n1 = 16; /* (0 <= value <= passwdqc_min_n0) */
- #passwdqc_min_n2 = 16; /* (0 <= value <= passwdqc_min_n1) */
- #passwdqc_min_n3 = 12; /* (0 <= value <= passwdqc_min_n2) */
- #passwdqc_min_n4 = 8; /* (0 <= value <= passwdqc_min_n3) */
- #passwdqc_words = 4; /* (2 <= value <= 8) */
-
- /* (*)pwquality_warn_only
- * If this option is set and nickserv/pwquality is loaded, nickserv will just
- * warn users that their password is insecure, recommend they change it and
- * still register the nick. If this option is unset, it will refuse to
- * register the nick at all until the user chooses a better password.
- */
- #pwquality_warn_only;
-
- /* (*)show_custom_metadata
- * Setting this option to false will prevent user-set metadata (via SET PROPERTY)
- * from showing up in the INFO output. The TAXONOMY command will still function
- * as usual, and INFO will point this out if users have metadata set.
- */
- show_custom_metadata;
-
- /* (*)emailexempts
- * A list of email addresses that will be exempt from the check of how many
- * accounts one user may have. Any email address in this block may register
- * an unlimited number of accounts/usernames.
- */
- emailexempts {
- };
-
- /*
- * (*)shorthelp
- *
- * A list of commands that are displayed (with their full description) in the
- * output of `/msg NickServ HELP'. Commands not in this list will be listed, but
- * not with their descriptions. All commands with descriptions are still listed
- * in `/msg NickServ HELP COMMANDS' regardless of the value set here.
- *
- * Optional; defaults to "ACCESS CERT DROP GHOST GROUP IDENTIFY INFO LISTCHANS
- * LISTGROUPS LISTLOGINS LISTOWNMAIL LOGOUT REGAIN REGISTER RELEASE SENDPASS SET
- * UNGROUP".
- *
- * A command in this list will only be printed if the corresponding module is
- * loaded and the user has permission to use it. Set to an empty string to
- * disable listing command descriptions in `/msg NickServ HELP'.
- */
- #shorthelp = "";
-};
-
-/* ChanServ configuration.
- *
- * The chanserv {} block contains settings specific to the ChanServ modules.
- *
- * ChanServ provides channel registration services, which allows users to own
- * channels. It is not required, but is strongly recommended.
- */
-chanserv {
- /* (*)nick
- * The nickname we want the client to have.
- */
- nick = "ChanServ";
-
- /* (*)user
- * The username we want the client to have.
- */
- user = "ChanServ";
-
- /* (*)host
- * The hostname we want the client to have.
- */
- host = "{{atheme_server_host}}";
-
- /* (*)real
- * The GECOS of the client.
- */
- real = "Channel Services";
-
- /* reggroup
- * The group that will receive Memos about
- * channel Registration requests when
- * chanserv/moderate is loaded.
- */
- #reggroup = "!Services-Team";
-
- /* (*)aliases
- * Command aliases for ChanServ.
- */
- aliases {
- };
-
- /* (*)access
- * Command access changes for ChanServ.
- */
- access {
- };
-
- /* (*)maxchans
- * What are the maximum channels that one username can register?
- */
- maxchans = 5;
-
- /* fantasy
- * Do you want to enable fantasy commands? This can
- * use a lot of CPU up, and will only work if you have
- * join_chans (in general) enabled as well.
- */
- fantasy;
-
- /* (*) hide_xop
- * Hide the XOP templates from sight. This is useful if you
- * want to use templates and not have the XOP templates displayed.
- */
- #hide_xop;
-
- /* (*) templates
- * Defines what flags the global templates comprise.
- *
- * For the special XOP templates:
- * These should all be different and not equal to the empty set,
- * except that hop may be equal to vop to disable hop.
- * Each subsequent level should have more flags (except +VHO).
- * For optimal functioning of /cs forcexop, aop should not have
- * any of +sRf, hop should not have any of +sRfoOr and vop should
- * not have any of +sRfoOrhHt.
- * If this is not specified, the values of Atheme 0.3 are used,
- * which are generally less intuitive than these.
- * Note: changing these leaves the flags of existing channel access
- * entries unchanged, thus removing them of the view of /cs xop list.
- * Usually the channel founder can use /cs forcexop to update the
- * entries to the new levels.
- *
- * Advice:
- * If you want to add a co-founder role, remove the flags permission
- * from the SOP role, and define a co-founder role with flags
- * permissions.
- */
- templates {
- vop = "+AV";
- hop = "+AHehitrv";
- aop = "+AOehiortv";
- sop = "+AOaefhiorstv";
-
- founder = "+AFORaefhioqrstv";
-
- /* some examples (which are commented out...) */
- #member = "+Ai";
- #op = "+AOiortv";
- };
-
- /* (*) deftemplates
- * Defines default templates to set on new channels, as a
- * space-separated list of name=+flags pairs.
- * Note: at this time no syntax checking is done on this; it
- * is your own responsibility to make sure it is correct.
- */
- #deftemplates = "MEMBER=+Ai OP=+AOiortv";
-
- /* (*) changets
- * Change the channel TS to the registration time when someone
- * recreates a registered channel, ensuring that they are deopped
- * and all their modes are undone. Note that this involves ChanServ
- * joining. When the channel was not recreated no deops will be done
- * (apart from the SECURE option).
- * This also solves the "join-mode" problem where someone recreates
- * a registered channel and then sets some modes before they are
- * deopped.
- * This is currently supported for charybdis, ratbox, bahamut,
- * and inspircd 1.1+. For charybdis and ratbox it only fully
- * works with TS6, with TS5 bans and last-moment modes will
- * still apply.
- * (That can also be used to advantage, when first enabling this.)
- */
- #changets;
-
- /* (*) trigger
- * This setting allows you to change the trigger prefix for
- * ChanServ's in-channel command feature (disableable via chanserv::fantasy).
- * If no setting is provided, the default is used, which is "!".
- *
- * Other settings you could consider trying: ".", "~", "?", "`", "'".
- */
- trigger = "!";
-
- /* (*)expire
- * The number of days before inactive registrations are expired.
- */
- expire = 30;
-
- /* (*)maxchanacs
- * The maximum number of entries allowed in a channel's access list
- * (both channel ops and akicks), 0 for unlimited.
- */
- maxchanacs = 0;
-
- /* (*)maxfounders
- * The maximum number of founders allowed in a channel.
- * Note that all founders have the exact same privileges and
- * the list of founders is shown in various places.
- */
- maxfounders = 4;
-
- /* (*)founder_flags
- * The flags a user will get when they register a new channel.
- * This MUST include at least 'F' or it will be ignored.
- * If it is not set, Atheme will give the user all channel flags.
- */
- #founder_flags = "AFORefiorstv";
-
- /* (*)akick_time
- * The default expiration time (in minutes) for AKICKs.
- * Comment this option out or set to zero for permanent AKICKs
- * by default (the old behaviour).
- */
- #akick_time = 10;
-
- /* (*)antiflood_enforce_method
- * The enforcement method to use for flood protection by default.
- * This may be overridden by channel staff.
- * Available options are: quiet, kickban and akill.
- */
- antiflood_enforce_method = quiet;
-
- /* (*)show_custom_metadata
- * Setting this option to false will prevent user-set metadata (via SET PROPERTY)
- * from showing up in the INFO output. The TAXONOMY command will still function
- * as usual, and INFO will point this out if channels have metadata set.
- */
- show_custom_metadata;
-
- /*
- * (*)shorthelp
- *
- * A list of commands that are displayed (with their full description) in the
- * output of `/msg ChanServ HELP'. Commands not in this list will be listed, but
- * not with their descriptions. All commands with descriptions are still listed
- * in `/msg ChanServ HELP COMMANDS' regardless of the value set here.
- *
- * Optional; defaults to "AKICK BAN CLEAR DEOP DEVOICE DROP FLAGS GETKEY INFO
- * INVITE KICK KICKBAN OP QUIET REGISTER SET TOPIC UNBAN UNQUIET VOICE WHY".
- *
- * A command in this list will only be printed if the corresponding module is
- * loaded and the user has permission to use it. Set to an empty string to
- * disable listing command descriptions in `/msg ChanServ HELP'.
- */
- #shorthelp = "";
-};
-
-/* CHANFIX configuration.
- *
- * The chanfix {} block contains settings specific to the CHANFIX modules.
- *
- * CHANFIX provides channel recovery services without registration, which
- * allows users to maintain control of channels even if ChanServ is not used
- * to register them.
- */
-chanfix {
- /* (*)nick
- * The nickname we want the client to have.
- */
- nick = "ChanFix";
-
- /* (*)user
- * The username we want the client to have.
- */
- user = "ChanFix";
-
- /* (*)host
- * The hostname we want the client to have.
- */
- host = "{{atheme_server_host}}";
-
- /* (*)real
- * The GECOS of the client.
- */
- real = "Channel Fixing Service";
-
- /* (*)autofix
- * Automatically fix channels if they become opless and meet fixing
- * criteria.
- */
- autofix;
-};
-
-/* Global noticing configuration.
- *
- * The global {} block contains settings specific to the Global notice module.
- *
- * The Global notice module provides the ability to mass-notify a network.
- */
-global {
- /* (*)nick
- * Sets the nick used for sending out a global notice.
- */
- nick = "Global";
-
- /* (*)user
- * Sets the username used for this client.
- */
- user = "Global";
-
- /* (*)host
- * The hostname used for this client.
- */
- host = "{{atheme_server_host}}";
-
- /* (*)real
- * The GECOS (real name) of the client.
- */
- real = "Network Announcements";
-};
-
-/* InfoServ configuration
- *
- * The infoserv {} block contains settings specific to the InfoServ module.
- *
- * The InfoServ modules provides the ability to mass-notify a network and send
- * news to users when they connect to the network.
- */
-infoserv {
- /* (*)nick
- * Sets the nick used for InfoServ and sending out informational messages.
- */
- nick = "InfoServ";
-
- /* (*)user
- * Sets the username used for this client.
- */
- user = "InfoServ";
-
- /* (*)host
- * The hostname used for this client,
- */
- host = "{{atheme_server_host}}";
-
- /* (*)real
- * The GECOS (real name) of the client.
- */
- real = "Information Service";
-
- /* (*)logoninfo_count
- * The number of InfoServ messages a user will see upon connect.
- * If there are more than this number, the user will be able to
- * see the rest with /msg infoserv list .
- */
- logoninfo_count = 3;
-};
-
-/* OperServ configuration.
- *
- * The operserv {} block contains settings specific to the OperServ modules.
- *
- * OperServ provides essential network management tools for IRC operators
- * on the IRC network.
- */
-operserv {
- /* (*)nick
- * The nickname we want the Operator Service to have.
- */
- nick = "OperServ";
-
- /* (*)user
- * Sets the username used for this client.
- */
- user = "OperServ";
-
- /* (*)host
- * The hostname used for this client.
- */
- host = "{{atheme_server_host}}";
-
- /* (*)real
- * The GECOS (real name) of the client.
- */
- real = "Operator Services";
-
- /* (*)aliases
- * Command aliases for OperServ.
- */
- aliases {
- };
-
- /* (*)access
- * Command access changes for OperServ.
- */
- access {
- };
-};
-
-/* SaslServ configuration.
- *
- * The saslserv {} block contains settings specific to the SaslServ modules.
- *
- * SaslServ provides an authentication agent which is compatible with the
- * SASL over IRC (SASL/IRC) protocol extension.
- */
-saslserv {
- /* (*)nick
- * The nickname we want SaslServ to have.
- */
- nick = "SaslServ";
-
- /* (*)user
- * The username we want SaslServ to have.
- */
- user = "SaslServ";
-
- /* (*)host
- * The hostname we want SaslServ to have.
- */
- host = "{{atheme_server_host}}";
-
- /* (*)real
- * The realname (gecos) information we want SaslServ to have.
- */
- real = "SASL Authentication Agent";
-
- /* (*)hide_server_names
- * Hide server names in the bad_password message.
- */
- #hide_server_names;
-};
-
-/* MemoServ configuration.
- *
- * The memoserv {} block contains settings specific to the MemoServ modules.
- *
- * MemoServ provides a note-taking service that you can use to send notes
- * to offline users (provided they are registered with Services).
- */
-memoserv {
- /* (*)nick
- * The nickname we want MemoServ to have.
- */
- nick = "MemoServ";
-
- /* (*)user
- * The username we want MemoServ to have.
- */
- user = "MemoServ";
-
- /* (*)host
- * The hostname we want MemoServ to have.
- */
- host = "{{atheme_server_host}}";
-
- /* (*)real
- * The realname (gecos) information we want MemoServ to have.
- */
- real = "Memo Services";
-
- /* (*)aliases
- * Command aliases for MemoServ.
- */
- aliases {
- };
-
- /* (*)access
- * Command access changes for MemoServ.
- */
- access {
- };
-
- /* (*)maxmemos
- * What is the maximum amount of memos a user can have in their inbox?
- */
- maxmemos = 30;
-};
-
-/* GameServ configuration.
- *
- * The gameserv {} block contains settings specific to the GameServ modules.
- *
- * GameServ provides various in-channel commands for games.
- */
-gameserv {
- /* (*)nick
- * The nickname we want GameServ to have.
- */
- nick = "GameServ";
-
- /* (*)user
- * Sets the username used for this client.
- */
- user = "GameServ";
-
- /* (*)host
- * The hostname used for this client.
- */
- host = "{{atheme_server_host}}";
-
- /* (*)real
- * The GECOS (real name) of the client.
- */
- real = "Game Services";
-
- /* (*)aliases
- * Command aliases for GameServ.
- */
- aliases {
- };
-
- /* (*)access
- * Command access changes for GameServ.
- */
- access {
- };
-};
-
-/* RPGServ configuration.
- *
- * The rpgserv {} block contains settings specific to the RPGServ modules.
- *
- * RPGServ provides a facility for finding roleplaying channels.
- */
-rpgserv {
- /* (*)nick
- * The nickname we want RPGServ to have.
- */
- nick = "RPGServ";
-
- /* (*)user
- * Sets the username used for this client.
- */
- user = "RPGServ";
-
- /* (*)host
- * The hostname used for this client.
- */
- host = "{{atheme_server_host}}";
-
- /* (*)real
- * The GECOS (real name) of the client.
- */
- real = "RPG Finding Services";
-
- /* (*)aliases
- * Command aliases for RPGServ.
- */
- aliases {
- };
-
- /* (*)access
- * Command access changes for RPGServ.
- */
- access {
- };
-};
-
-/* BotServ configuration.
- *
- * The botserv {} block contains settings specific to the BotServ modules.
- *
- * BotServ provides virtual channel bots.
- */
-botserv {
- /* (*)nick
- * The nickname we want BotServ to have.
- */
- nick = "BotServ";
-
- /* (*)user
- * Sets the username used for this client.
- */
- user = "BotServ";
-
- /* (*)host
- * The hostname used for this client.
- */
- host = "{{atheme_server_host}}";
-
- /* (*)real
- * The GECOS (real name) of the client.
- */
- real = "Bot Services";
-
- /* (*)min_users
- * Minimum number of users a channel must have before a Bot is allowed
- * to be assigned to that channel.
- */
- min_users = 0;
-};
-
-/* GroupServ configuration.
- *
- * The groupserv {} block contains settings specific to the GroupServ modules.
- *
- * GroupServ provides features for managing a collection of channels at once.
- *
- */
-groupserv {
- /* (*)nick
- * The nickname we want GroupServ to have.
- */
- nick = "GroupServ";
-
- /* (*)user
- * The username we want GroupServ to have.
- */
- user = "GroupServ";
-
- /* (*)host
- * The hostname we want GroupServ to have.
- */
- host = "{{atheme_server_host}}";
-
- /* (*)real
- * The realname (gecos) information we want GroupServ to have.
- */
- real = "Group Management Services";
-
- /* (*)aliases
- * Command aliases for GroupServ.
- */
- aliases {
- };
-
- /* (*)access
- * Command access changes for GroupServ.
- */
- access {
- };
-
- /* (*)maxgroups
- * Maximum number of groups one username can be founder of.
- */
- maxgroups = 5;
-
- /* (*)maxgroupacs
- * Maximum number of access entries you may have in a group.
- */
- maxgroupacs = 100;
-
- /* (*)enable_open_groups
- * Setting this option will allow any group founder to mark
- * their group as "anyone can join".
- */
- enable_open_groups;
-
- /* (*)join_flags
- * This is the GroupServ flagset that users who JOIN a open
- * group will get upon join. Please check the groupserv/flags
- * helpfile before changing this option. Valid flagsets (for
- * example) would be: "+v" or "+cv". It is not valid to use
- * minus flags (such as "-v") here.
- */
- join_flags = "+";
-};
-
-/* HostServ configuration.
- *
- * The hostserv {} block contains settings specific to the HostServ modules.
- *
- * HostServ provides advanced virtual host management.
- */
-hostserv {
- /* (*)nick
- * The nickname we want HostServ to have.
- */
- nick = "HostServ";
-
- /* (*)user
- * Sets the username used for this client.
- */
- user = "HostServ";
-
- /* (*)host
- * The hostname used for this client.
- */
- host = "{{atheme_server_host}}";
-
- /* (*)real
- * The GECOS (real name) of the client.
- */
- real = "Host Management Services";
-
- /* reggroup
- * The group that will receive Memos about
- * vHost requests.
- */
- #reggroup = "!Services-Team";
-
- /* (*)request_per_nick
- * Whether the request system should work per nick or per account.
- * The recommended setting is to leave this disabled, so that
- * vhosts work as consistently as possible.
- */
- #request_per_nick;
-
- /* (*)aliases
- * Command aliases for HostServ.
- */
- aliases {
- "APPROVE" = "ACTIVATE";
- "DENY" = "REJECT";
- };
-
- /* (*)access
- * Command access changes for HostServ.
- */
- access {
- };
-};
-
-/* HelpServ configuration
- *
- * The helpserv {} block contains settings specific to the HelpServ modules.
- *
- * HelpServ adds a few different ways for users to request help from network staff.
- */
-helpserv {
- /* (*)nick
- * The nickname we want HelpServ to have.
- */
- nick = "HelpServ";
-
- /* (*)user
- * The username we want HelpServ to have.
- */
- user = "HelpServ";
-
- /* (*)host
- * The hostname we want HelpServ to have.
- */
- host = "{{atheme_server_host}}";
-
- /* (*)real
- * The realname (gecos) information we want HelpServ to have.
- */
- real = "Help Services";
-};
-
-/* StatServ configuration
- *
- * The statserv {} block contains settings specific to the StatServ modules.
- *
- * StatServ adds basic stats and split tracking.
- */
-statserv {
- /* (*)nick
- * The nickname we want StatServ to have.
- */
- nick = "StatServ";
-
- /* (*)user
- * The username we want StatServ to have.
- */
- user = "StatServ";
-
- /* (*)host
- * The hostname we want StatServ to have.
- */
- host = "{{atheme_server_host}}";
-
- /* (*)real
- * The realname (gecos) information we want StatServ to have.
- */
- real = "Statistics Services";
-};
-
-/* ALIS configuration.
- *
- * The alis {} block contains settings specific to the ALIS modules.
- */
-alis {
- /* (*)nick
- * The nickname we want ALIS to have.
- */
- nick = "ALIS";
-
- /* (*)user
- * The username we want ALIS to have.
- */
- user = "alis";
-
- /* (*)host
- * The hostname we want ALIS to have.
- */
- host = "{{atheme_server_host}}";
-
- /* (*)real
- * The realname (gecos) information we want ALIS to have.
- */
- real = "Channel Directory";
-
- /* (*)maxmatches
- * The default maximum number of channels returned in a query.
- * Privilege (chan:auspex) is required to ask for more.
- * Minimum 8, default 64, maximum 128.
- */
- #maxmatches = 64;
-};
-
-/* HTTP server configuration.
- *
- * The httpd {} block contains settings specific to the HTTP server module.
- *
- * The HTTP server in Services is used for serving XMLRPC requests. It can
- * also serve static documents and statistics pages.
- */
-httpd {
- /* host
- * The host that the HTTP server will listen on.
- * Use 0.0.0.0 if you want to listen on all available hosts.
- */
- host = "0.0.0.0";
-
- /* host (ipv6)
- * If you want, you can have Atheme listen on an IPv6 host too.
- * Use :: if you want to listen on all available IPv6 hosts.
- */
- #host = "::";
-
- /* www_root
- * The directory that contains the files that should be served by the httpd.
- */
- www_root = "/var/www";
-
- /* port
- * The port that the HTTP server will listen on.
- */
- port = 8080;
-};
-
-/* LDAP configuration.
- *
- * The ldap {} block contains settings specific to the LDAP authentication
- * module.
- */
-ldap {
- /* (*)url
- * LDAP URL of the server to use.
- */
- url = "ldap://127.0.0.1";
-
- /* (*)dnformat
- * Format string to convert an account name to an LDAP DN.
- * Must contain exactly one %s which will be replaced by the account
- * name.
- * Services will attempt a simple bind with this DN and the given
- * password; if this is successful the password is considered correct.
- */
- dnformat = "cn=%s,dc=jillestest,dc=com";
-};
-
-/******************************************************************************
- * LOGGING SECTION. *
- ******************************************************************************/
-
-/*
- * logfile{} blocks can be used to set up log files other than the master
- * logfile used by services, which is controlled by serverinfo::loglevel.
- *
- * The various logging categories are:
- * debug, all - meta-keyword for all possible categories
- * trace - meta-keyword for a little bit of info
- * misc - like trace, but with some more miscillaneous info
- * notice - meta-keyword for notice-like information
- * ------------------------------------------------------------------------------
- * error - critical errors
- * info - miscillaneous log notices
- * verbose - A bit more verbose than info, not quite as spammy as debug
- * commands - all command use
- * admin - administrative command use
- * register - account and channel registrations
- * set - changes of account or channel settings
- * request - user requests (currently only vhosts)
- * network - log notices related to network status
- * rawdata - log raw data sent and received by services
- * wallops - <not yet used>
- * denycmd - security model denials (commands, permissions)
- */
-
-/*
- * This block logs all account and channel registrations and drops,
- * and account and channel setting changes to var/account.log.
- */
-logfile "var/account.log" { register; set; };
-
-/*
- * This block logs all command use to var/commands.log.
- */
-logfile "var/commands.log" { commands; };
-
-/*
- * This block logs all security auditing information.
- */
-logfile "var/audit.log" { denycmd; };
-
-/*
- * You can log to IRC channels, and even split it by category, too.
- * This entry provides roughly the same functionality as the old snoop
- * feature.
- */
-logfile "#services" { error; info; admin; request; register; denycmd; };
-
-/*
- * This block logs to server notices.
- */
-logfile "!snotices" { error; info; request; denycmd; };
-
-/******************************************************************************
- * GENERAL PARAMETERS CONFIGURATION SECTION. *
- ******************************************************************************/
-
-/* The general {} block defines general configuration options. */
-general {
- /* (*)permissive_mode
- * Whether or not security denials should be soft denials instead of
- * hard denials. If security denials are soft denials, then they will
- * only be logged to the denial log.
- */
- #permissive_mode;
-
- /* (*)helpchan
- * Network help channel. Shown to users when they request
- * help for a command that doesn't exist.
- */
- #helpchan = "#help";
-
- /* (*)helpurl
- * Network webpage for services help. Shown to users when they
- * request help for a command that doesn't exist.
- */
- #helpurl = "http://www.stack.nl/~jilles/irc/atheme-help/";
-
- /* (*)silent
- * If you want to prevent services from sending
- * WALLOPS/GLOBOPS about things uncomment this.
- * Not recommended.
- */
- #silent;
-
- /* (*)verbose_wallops
- * If you want services to send you more information about
- * events that are occuring (in particular AKILLs), uncomment the
- * directive below.
- *
- * WARNING! This may result in large amounts of wallops/globops
- * floods.
- */
- #verbose_wallops;
-
- /* (*)join_chans
- * Should ChanServ be allowed to join registered channels?
- * This option is useful for the fantasy command set.
- *
- * If enabled, you can tell ChanServ to join via SET GUARD ON.
- *
- * If you use ircu-like ircd (asuka), you must
- * leave this enabled, and put guard in default cflags.
- *
- * For ratbox it is recommended to leave it on and put guard in
- * default cflags, in order that ChanServ does not have to join/part
- * to do certain things. On the other hand, enabling this increases
- * potential for bots fighting with ChanServ.
- *
- * Regardless of this option, ChanServ will temporarily join
- * channels which would otherwise be empty if necessary to enforce
- * akick/restricted/close, and to change the TS if changets is
- * enabled.
- */
- join_chans;
-
- /* (*)leave_chans
- * Do we leave registered channels after everyone else has left?
- * Turning this off serves little purpose, except to mark "official"
- * network channels by keeping them open, and to preserve the
- * topic and +beI lists.
- */
- leave_chans;
-
- /* secure
- * Do you want to require the use of /msg <service>@<services host>?
- * Turning this on helps protect against spoofers, but is disabled
- * as most networks do not presently use it.
- */
- #secure;
-
- /* (*)uflags
- * The default flags to set for usernames upon registration.
- * Valid values are: hold, neverop, noop, hidemail, nomemo, emailmemos,
- * enforce, privmsg, private, quietchg and none.
- */
- uflags = { hidemail; };
-
- /* (*)cflags
- * The default flags to set for channels upon registration.
- * Valid values are: hold, secure, verbose, verbose_ops, keeptopic,
- * topiclock, guard, private, nosync, limitflags, pubacl and none.
- */
- cflags = { verbose; guard; };
-
- /* (*)raw
- * Do you want to allow SRAs to use the RAW and INJECT commands?
- * These commands are for debugging. If you don't know how to use them
- * then don't enable them. They are not supported.
- */
- #raw;
-
- /* (*)flood_msgs
- * Do you want services to detect floods?
- * Set to how many messages before a flood is triggered.
- * Note that some messages that need a lot of processing count
- * as two or four messages.
- * If services receives `flood_msgs' within `flood_time' the user will
- * trigger the flood protection.
- * Setting this to zero disables flood protection.
- */
- flood_msgs = 7;
-
- /* (*)flood_time
- * Do you want services to detect floods?
- * Set to how long before the counter resets.
- * If services receives `flood_msgs' within `flood_time' the user will
- * trigger the flood protection.
- */
- flood_time = 10;
-
- /* (*)ratelimit_uses
- * After how many uses of a command will users be throttled.
- * After `ratelimit_uses' of a command within `ratelimit_period', users
- * will not be able to run that ratelimited command until the period is up.
- * Comment this, ratelimit_period below or both options out to disable rate limiting.
- * Currently used in helpserv/helpme, helpserv/ticket, hostserv/request,
- * nickserv/register and chanserv/register.
- */
- ratelimit_uses = 5;
-
- /* (*)ratelimit_period
- * After how much time (in seconds) will the ratelimit_uses counter reset.
- * After `ratelimit_uses' of a command within `ratelimit_period', users
- * will not be able to run that ratelimited command until the period is up.
- * Comment this, ratelimit_uses above or both options out to disable rate limiting.
- * Currently used in helpserv/helpme, helpserv/ticket, hostserv/request,
- * nickserv/register and chanserv/register.
- */
- ratelimit_period = 60;
-
- /* (*)vhost_change
- * The default number of days between vHost changes once a user has used HostServ
- * TAKE or REQUEST. (Helps to deter rabid host-swappers and ban evaders.)
- */
- #vhost_change = 30;
-
- /* (*)kline_time
- * The default expire time for KLINE's in days.
- * Setting this to 0 makes all KLINE's permanent.
- */
- kline_time = 7;
-
- /* (*)kline_with_ident
- * KLINE user@host instead of *@host.
- * Applies to all automatic KLINE's set by services.
- */
- #kline_with_ident;
-
- /* (*)kline_verified_ident
- * KLINE *@host if the first character of the ident is ~,
- * irrespective of the value of kline_with_ident.
- */
- #kline_verified_ident;
-
- /* (*)clone_time
- * This is the default expiry time for CLONE exemptions in minutes.
- * Setting this to 0 makes all CLONE exemptions permanent.
- */
- clone_time = 0;
-
- /* commit_interval
- * The time between database writes in minutes.
- */
- commit_interval = 5;
-
- /* (*)operstring
- * The string returned in WHOIS (against services) for IRC operators.
- */
- #operstring = "is an IRC Operator";
-
- /* (*)servicestring
- * The string returned in WHOIS (against services) for services.
- */
- #servicestring = "is a Network Service";
-
- /* (*)default_clone_allowed
- * The limit after which clones will be KILLed or TKLINEd.
- * Used by operserv/clones.
- */
- default_clone_allowed = 5;
-
- /* (*)default_clone_warn
- * The limit after which clones will be warned that they may not
- * have any more concurrent connections. Should be lower than
- * default_clone_allowed . Used by operserv/clones.
- */
- default_clone_warn = 4;
-
- /* (*)clone_identified_increase_limit
- * If this option is enabled, the clone limit for a IP/host will
- * be increased by 1 per clone that's identified to services.
- * This has a limit of double the clone limits above.
- */
- clone_identified_increase_limit;
-
- /* (*)uplink_sendq_limit
- * The maximum amount of data that may be queued to be sent
- * to the uplink, in bytes. This should be enough to contain
- * Atheme's response to the netburst, but smaller than the
- * IRCd's sendq limit for servers.
- */
- uplink_sendq_limit = 1048576;
-
- /* (*)language
- * Language to use for channel and oper messages and as default
- * for users.
- */
- language = "en";
-
- /* exempts
- * This block contains a list of user@host masks. Users matching any
- * of these will not be automatically K:lined by services.
- */
- exempts {
- };
-
- /* allow_taint
- * By enabling this option, Atheme will run in configurations where
- * the upstream will not provide support. By enabling this feature,
- * you void any perceived rights to support.
- */
- #allow_taint;
-
- /* (*)immune_level
- * This option allows you to customize the operlevel which gets kick
- * immunity privileges.
- *
- * The following flags are available:
- * immune - require whatever ircd usermode is needed for kick
- * immunity (this is the default);
- * admin - require admin privileges for kick immunity
- * ircop - require any ircop privileges for kick immunity (umode +o)
- */
- immune_level = immune;
-
- /* show_entity_id
- * This makes nick/user & group entity IDs visible to everyone, rather
- * than just opers with user:auspex or group:auspex privileges.
- */
- show_entity_id;
-
- /* load_database_mdeps
- *
- * For module dependencies listed in the services database (if any),
- * whether to load those modules on startup (if they are not already
- * loaded) or abort startup with a more helpful error message than
- * e.g. "db services.db:123: unknown directive 'BE'" --> "corestorage:
- * exiting to avoid data loss".
- *
- * Comment this out to abort startup instead of silently loading the
- * modules you need to process the database successfully. The abort
- * reason will tell you what module the database requires so that you
- * can fix your configuration file.
- */
- load_database_mdeps;
-};
-
-proxyscan {
- /* Here you can configure the details of your Proxyscan (DNS Blacklist)
- * scanner service.
- */
-
- nick = "Proxyscan";
- user = "dnsbl";
- host = "{{atheme_server_host}}";
- real = "Proxyscan Service";
-
- blacklists {
- "dnsbl.dronebl.org";
- "rbl.efnetrbl.org";
- "tor.efnet.org";
- };
-
- /* Available dnsbl_action's:
- * NONE - Do nothing
- * NOTIFY - Notify user that they are listed in a DNSBL and which one
- * SNOOP - Report the user to the logchannel or services channel
- * KLINE - AKILL the user from the network (default AKILL is 24 hours)
- */
-
- dnsbl_action = kline;
-};
-
-/******************************************************************************
- * OPERATOR AND PRIVILEGES CONFIGURATION SECTION. *
- ******************************************************************************/
-
-/* Operator configuration
- * See the PRIVILEGES document for more information.
- * NOTE: All changes apply immediately upon rehash. You may need
- * to send a signal (killall -HUP atheme-services) to regain control.
- */
-/* (*) Operclasses specify groups of services operator privileges */
-/* The "user" operclass specifies privileges all users get.
- * This may be empty (default) in which case users get no special privileges.
- * If you use the security/cmdperm module, you will need to grant command: privileges
- * to every command that you want users to be able to use.
- */
-operclass "user" { };
-
-/* The "ircop" operclass specifies privileges all IRCops get.
- * This may be empty in which case IRCops get no privs.
- * At least chan:cmodes, chan:joinstaffonly and general:auspex are suggested.
- */
-operclass "ircop" {
- privs {
- special:ircop;
- };
-
- privs {
- user:auspex;
- user:admin;
- user:sendpass;
- user:vhost;
- user:mark;
- };
-
- privs {
- chan:auspex;
- chan:admin;
- chan:cmodes;
- chan:joinstaffonly;
- };
-
- privs {
- general:auspex;
- general:helper;
- general:viewprivs;
- general:flood;
- };
-
- privs {
- operserv:omode;
- operserv:akill;
- operserv:jupe;
- operserv:global;
- };
-
- privs {
- group:auspex;
- group:admin;
- };
-};
-
-operclass "sra" {
- /* You can inherit privileges from a lower operclass. */
- extends "ircop";
-
- privs {
- user:hold;
- user:regnolimit;
- };
-
- privs {
- general:metadata;
- general:admin;
- };
-
- privs {
- #operserv:massakill;
- #operserv:akill-anymask;
- operserv:noop;
- operserv:grant;
- };
-
- /* needoper
- * Only grant privileges to IRC users in this oper class if they
- * are opered; other use of privilege (channel succession, XMLRPC,
- * etc.) is unaffected by this.
- *
- * This flag is *not* inherited by operclasses that extend this one;
- * you will have to set it explicitly for each operclass.
- */
- needoper;
-};
-
-
-/* (*) Operator blocks specify accounts with certain privileges
- * Oper classes must be defined before they are used in operator blocks.
- */
-operator "jilles" {
- /* operclass */
- operclass = "sra";
-
- /* password
- *
- * Normally, the user needs to identify/log in using the account's
- * password, and may need to be an IRCop (see operclass::needoper
- * above). If you consider this not secure enough, you can
- * specify an additional password here, which the user must enter
- * using the OperServ IDENTIFY command, before the privileges can
- * be used.
- *
- * The password must be encrypted if a crypto module is in use.
- *
- * If you are using modules/crypto/crypt3-*, you can probably use
- * the "mkpasswd" program included with most Linux distributions.
- * Otherwise you can use modules/operserv/genhash to encrypt a
- * password for use here.
- */
- #password = "$1$3gJMO9by$0G60YE6GqmuHVH3AnFPor1";
-};
-
-/******************************************************************************
- * INCLUDE CONFIGURATION SECTION. *
- ******************************************************************************/
-
-/* You may also specify other files for inclusion.
- * For example:
- *
- * include "etc/sras.conf";
- */
--- a/ngircd/templates/ngircd.conf.j2 Sat Jul 04 17:48:36 2020 -0500
+++ /dev/null Thu Jan 01 00:00:00 1970 +0000
@@ -1,422 +0,0 @@
-#
-# This is a sample configuration file for the ngIRCd IRC daemon, which must
-# be customized to the local preferences and needs.
-#
-# Comments are started with "#" or ";".
-#
-# A lot of configuration options in this file start with a ";". You have
-# to remove the ";" in front of each variable to actually set a value!
-# The disabled variables are shown with example values for completeness only
-# and the daemon is using compiled-in default settings.
-#
-# Use "ngircd --configtest" (see manual page ngircd(8)) to validate that the
-# server interprets the configuration file as expected!
-#
-# Please see ngircd.conf(5) for a complete list of configuration options
-# and their descriptions.
-#
-# The original can be found at:
-# /usr/share/doc/ngircd/sample-ngircd.conf.gz
-
-[Global]
- # The [Global] section of this file is used to define the main
- # configuration of the server, like the server name and the ports
- # on which the server should be listening.
- # These settings depend on your personal preferences, so you should
- # make sure that they correspond to your installation and setup!
-
- # Server name in the IRC network, must contain at least one dot
- # (".") and be unique in the IRC network. Required!
- Name = {{ngircd_name}}
-
- # Information about the server and the administrator, used by the
- # ADMIN command. Not required by server but by RFC!
- AdminInfo1 = {{ngircd_admin_name}}
- ;AdminInfo2 = Debian City
- AdminEMail = {{ngircd_admin_email}}
-
- # Text file which contains the ngIRCd help text. This file is required
- # to display help texts when using the "HELP <cmd>" command.
- ;HelpFile = /usr/share/doc/ngircd/Commands.txt
-
- # Info text of the server. This will be shown by WHOIS and
- # LINKS requests for example.
- Info = {{ngircd_name}}
-
- # Comma separated list of IP addresses on which the server should
- # listen. Default values are:
- # "0.0.0.0" or (if compiled with IPv6 support) "::,0.0.0.0"
- # so the server listens on all IP addresses of the system by default.
- Listen = 127.0.0.1
-
- # Text file with the "message of the day" (MOTD). This message will
- # be shown to all users connecting to the server:
- MotdFile = /etc/ngircd/ngircd.motd
-
- # A simple Phrase (<127 chars) if you don't want to use a motd file.
- ;MotdPhrase = "Hello. This is the Debian default MOTD sentence"
-
- # The name of the IRC network to which this server belongs. This name
- # is optional, should only contain ASCII characters, and can't contain
- # spaces. It is only used to inform clients. The default is empty,
- # so no network name is announced to clients.
- ;Network = aIRCnetwork
-
- # Global password for all users needed to connect to the server.
- # (Default: not set)
- ;Password = wealllikedebian
-
- # This tells ngIRCd to write its current process ID to a file.
- # Note that the pidfile is written AFTER chroot and switching the
- # user ID, e.g. the directory the pidfile resides in must be
- # writable by the ngIRCd user and exist in the chroot directory.
- # Keep this setting in sync with PIDFILE in /etc/init.d/ngircd
- PidFile = /var/run/ngircd/ngircd.pid
-
- # Ports on which the server should listen. There may be more than
- # one port, separated with ",". (Default: 6667)
- ;Ports = 6667, 6668, 6669
-
- # Group ID under which the ngIRCd should run; you can use the name
- # of the group or the numerical ID. ATTENTION: For this to work the
- # server must have been started with root privileges!
- # Keep this setting in sync with DAEMONUSER in the init script and/or
- # the Group= setting in service file.
- ServerGID = irc
-
- # User ID under which the server should run; you can use the name
- # of the user or the numerical ID. ATTENTION: For this to work the
- # server must have been started with root privileges! In addition,
- # the configuration and MOTD files must be readable by this user,
- # otherwise RESTART and REHASH won't work!
- # Keep this setting in sync with DAEMONUSER in the init script and/or
- # the User= setting in service file.
- ServerUID = irc
-
-[Limits]
- # Define some limits and timeouts for this ngIRCd instance. Default
- # values should be safe, but it is wise to double-check :-)
-
- # The server tries every <ConnectRetry> seconds to establish a link
- # to not yet (or no longer) connected servers.
- ConnectRetry = 60
-
- # Number of seconds after which the whole daemon should shutdown when
- # no connections are left active after handling at least one client
- # (0: never, which is the default).
- # This can be useful for testing or when ngIRCd is started using
- # "socket activation" with systemd(8), for example.
- ;IdleTimeout = 0
-
- # Maximum number of simultaneous in- and outbound connections the
- # server is allowed to accept (0: unlimited):
- MaxConnections = 500
-
- # Maximum number of simultaneous connections from a single IP address
- # the server will accept (0: unlimited):
- MaxConnectionsIP = 10
-
- # Maximum number of channels a user can be member of (0: no limit):
- MaxJoins = 10
-
- # Maximum length of an user nickname (Default: 9, as in RFC 2812).
- # Please note that all servers in an IRC network MUST use the same
- # maximum nickname length!
- ;MaxNickLength = 9
-
- # Maximum penalty time increase in seconds, per penalty event. Set to -1
- # for no limit (the default), 0 to disable penalties altogether. The
- # daemon doesn't use penalty increases higher than 2 seconds during
- # normal operation, so values greater than 1 rarely make sense.
- ;MaxPenaltyTime = -1
-
- # Maximum number of channels returned in response to a /list
- # command (0: unlimited):
- ;MaxListSize = 100
-
- # After <PingTimeout> seconds of inactivity the server will send a
- # PING to the peer to test whether it is alive or not.
- PingTimeout = 120
-
- # If a client fails to answer a PING with a PONG within <PongTimeout>
- # seconds, it will be disconnected by the server.
- PongTimeout = 20
-
-[Options]
- # Optional features and configuration options to further tweak the
- # behavior of ngIRCd. If you want to get started quickly, you most
- # probably don't have to make changes here -- they are all optional.
-
- # List of allowed channel types (channel prefixes) for newly created
- # channels on the local server. By default, all supported channel
- # types are allowed. Set this variable to the empty string to disallow
- # creation of new channels by local clients at all.
- ;AllowedChannelTypes = #&+
-
- # Are remote IRC operators allowed to control this server, e.g.
- # use commands like CONNECT, SQUIT, DIE, ...?
- ;AllowRemoteOper = no
-
- # A directory to chroot in when everything is initialized. It
- # doesn't need to be populated if ngIRCd is compiled as a static
- # binary. By default ngIRCd won't use the chroot() feature.
- # ATTENTION: For this to work the server must have been started
- # with root privileges!
- ;ChrootDir = /var/empty
-
- # Set this hostname for every client instead of the real one.
- # Use %x to add the hashed value of the original hostname.
- {% if ngircd_cloak is defined %}
- CloakHost = {{ngircd_cloak}}
- {% endif %}
-
- # Use this hostname for hostname cloaking on clients that have the
- # user mode "+x" set, instead of the name of the server.
- # Use %x to add the hashed value of the original hostname.
- ;CloakHostModeX = cloaked.user
-
- # The Salt for cloaked hostname hashing. When undefined a random
- # hash is generated after each server start.
- ;CloakHostSalt = abcdefghijklmnopqrstuvwxyz
-
- # Set every clients' user name to their nickname
- ;CloakUserToNick = yes
-
- # Try to connect to other IRC servers using IPv4 and IPv6, if possible.
- ;ConnectIPv6 = yes
- ;ConnectIPv4 = yes
-
- # Default user mode(s) to set on new local clients. Please note that
- # only modes can be set that the client could set using regular MODE
- # commands, you can't set "a" (away) for example! Default: none.
- ;DefaultUserModes = i
-
- # Do DNS lookups when a client connects to the server.
- ;DNS = yes
-
- # Do IDENT lookups if ngIRCd has been compiled with support for it.
- # Users identified using IDENT are registered without the "~" character
- # prepended to their user name.
- ;Ident = yes
-
- # Directory containing configuration snippets (*.conf), that should
- # be read in after parsing this configuration file.
- ;IncludeDir = /etc/ngircd/conf.d
-
- # Enhance user privacy slightly (useful for IRC server on TOR or I2P)
- # by censoring some information like idle time, logon time, etc.
- ;MorePrivacy = no
-
- # Normally ngIRCd doesn't send any messages to a client until it is
- # registered. Enable this option to let the daemon send "NOTICE *"
- # messages to clients while connecting.
- ;NoticeBeforeRegistration = no
-
- # Should IRC Operators be allowed to use the MODE command even if
- # they are not(!) channel-operators?
- OperCanUseMode = yes
-
- # Should IRC Operators get AutoOp (+o) in persistent (+P) channels?
- ;OperChanPAutoOp = yes
-
- # Mask IRC Operator mode requests as if they were coming from the
- # server? (This is a compatibility hack for ircd-irc2 servers)
- ;OperServerMode = no
-
- # Use PAM if ngIRCd has been compiled with support for it.
- # Users identified using PAM are registered without the "~" character
- # prepended to their user name.
- PAM = no
-
- # When PAM is enabled, all clients are required to be authenticated
- # using PAM; connecting to the server without successful PAM
- # authentication isn't possible.
- # If this option is set, clients not sending a password are still
- # allowed to connect: they won't become "identified" and keep the "~"
- # character prepended to their supplied user name.
- # Please note: To make some use of this behavior, it most probably
- # isn't useful to enable "Ident", "PAM" and "PAMIsOptional" at the
- # same time, because you wouldn't be able to distinguish between
- # Ident'ified and PAM-authenticated users: both don't have a "~"
- # character prepended to their respective user names!
- ;PAMIsOptional = no
-
- # When PAM is enabled, this value determines the used PAM
- # configuration.
- # This setting allows to run multiple ngIRCd instances with
- # different PAM configurations on each instance.
- # If you set it to "ngircd-foo", PAM will use
- # /etc/pam.d/ngircd-foo instead of the default
- # /etc/pam.d/ngircd.
- ;PAMServiceName = ngircd
-
- # Let ngIRCd send an "authentication PING" when a new client connects,
- # and register this client only after receiving the corresponding
- # "PONG" reply.
- ;RequireAuthPing = no
-
- # Silently drop all incoming CTCP requests.
- ;ScrubCTCP = no
-
- # Syslog "facility" to which ngIRCd should send log messages.
- # Possible values are system dependent, but most probably auth, daemon,
- # user and local1 through local7 are possible values; see syslog(3).
- # Default is "local5" for historical reasons, you probably want to
- # change this to "daemon", for example.
- SyslogFacility = local1
-
- # Password required for using the WEBIRC command used by some
- # Web-to-IRC gateways. If not set/empty, the WEBIRC command can't
- # be used. (Default: not set)
- ;WebircPassword = xyz
-
-[SSL]
- # SSL-related configuration options. Please note that this section
- # is only available when ngIRCd is compiled with support for SSL!
- # So don't forget to remove the ";" above if this is the case ...
-
- # SSL Server Key Certificate
- ;CertFile = /etc/ssl/certs/server.crt
-
- # Select cipher suites allowed for SSL/TLS connections. This defaults
- # to HIGH:!aNULL:@STRENGTH (OpenSSL) or SECURE128 (GnuTLS).
- # See 'man 1ssl ciphers' (OpenSSL) or 'man 3 gnutls_priority_init'
- # (GnuTLS) for details.
- # For OpenSSL:
- ;CipherList = HIGH:!aNULL:@STRENGTH:!SSLv3
- # For GnuTLS (this Debian package was linked against GnuTLS):
- CipherList = SECURE128:-VERS-SSL3.0
-
- # Diffie-Hellman parameters
- ;DHFile = /etc/ngircd/dhparams.pem
-
- # SSL Server Key
- ;KeyFile = /etc/ssl/private/server.key
-
- # password to decrypt SSLKeyFile (OpenSSL only)
- # Note that this Debian package is linked against GnuTLS so this
- # option has no effect.
- ;KeyFilePassword = secret
-
- # Additional Listen Ports that expect SSL/TLS encrypted connections
- ;Ports = 6697, 9999
-
-{% for op in ngircd_ops %}
-[Operator]
- # [Operator] sections are used to define IRC Operators. There may be
- # more than one [Operator] block, one for each local operator.
-
- # ID of the operator (may be different of the nickname)
- Name = {{op.name}}
-
- # Password of the IRC operator
- Password = {{op.pass}}
-
- # Optional Mask from which /OPER will be accepted
- # Mask = *[email protected]
- {% if op.mask is defined %}
- Mask = {{op.mask}}
- {% endif %}
-
-{% endfor %}
-[Server]
-{% for server in ngircd_servers %}
- # Other servers are configured in [Server] sections. If you
- # configure a port for the connection, then this ngircd tries to
- # connect to the other server on the given port; if not it waits
- # for the other server to connect.
- # There may be more than one server block, one for each server.
- #
- # Server Groups:
- # The ngIRCd allows "server groups": You can assign an "ID" to every
- # server with which you want this ngIRCd to link. If a server of a
- # group won't answer, the ngIRCd tries to connect to the next server
- # in the given group. But the ngircd never tries to connect to two
- # servers with the same group ID.
-
- # IRC name of the remote server, must match the "Name" variable in
- # the [Global] section of the other server (when using ngIRCd).
- Name = {{server.name}}
-
- # Internet host name or IP address of the peer (only required when
- # this server should establish the connection).
- # Host = connect-to-host.example.net
- {% if server.host is defined %}
- Host = {{server.host}}
- {% endif %}
-
- # IP address to use as _source_ address for the connection. if
- # unspecified, ngircd will let the operating system pick an address.
- ;Bind = 10.0.0.1
-
- # Port of the server to which the ngIRCd should connect. If you
- # assign no port the ngIRCd waits for incoming connections.
- ;Port = 6667
-
- # Own password for the connection. This password has to be configured
- # as "PeerPassword" on the other server.
- MyPassword = {{server.pass}}
-
- # Foreign password for this connection. This password has to be
- # configured as "MyPassword" on the other server.
- PeerPassword = {{server.pass}}
-
- # Group of this server (optional)
- ;Group = 123
-
- # Set the "Passive" option to "yes" if you don't want this ngIRCd to
- # connect to the configured peer (same as leaving the "Port" variable
- # empty). The advantage of this option is that you can actually
- # configure a port an use the IRC command CONNECT more easily to
- # manually connect this specific server later.
- ;Passive = no
-
- # Connect to the remote server using TLS/SSL (Default: false)
- ;SSLConnect = yes
-
- # Define a (case insensitive) list of masks matching nicknames that
- # should be treated as IRC services when introduced via this remote
- # server, separated by commas (",").
- # REGULAR SERVERS DON'T NEED this parameter, so leave it empty
- # (which is the default).
- # When you are connecting IRC services which mask as a IRC server
- # and which use "virtual users" to communicate with, for example
- # "NickServ" and "ChanServ", you should set this parameter to
- # something like "*Serv" or "NickServ,ChanServ,XyzServ".
- {% if server.service_mask is defined %}
- ServiceMask = {{server.service_mask}}
- {% endif %}
-
-{% endfor %}
-
-[Channel]
- # Pre-defined channels can be configured in [Channel] sections.
- # Such channels are created by the server when starting up and even
- # persist when there are no more members left.
- # Persistent channels are marked with the mode 'P', which can be set
- # and unset by IRC operators like other modes on the fly.
- # There may be more than one [Channel] block, one for each channel.
-
- # Name of the channel
- ;Name = #ngircd
-
- # Topic for this channel
- ;Topic = Our ngircd testing channel
-
- # Initial channel modes
- ;Modes = tnk
-
- # initial channel password (mode k)
- ;Key = Secret
-
- # Key file, syntax for each line: "<user>:<nick>:<key>".
- # Default: none.
- ;KeyFile = /etc/ngircd/#chan.key
-
- # maximum users per channel (mode l)
- ;MaxUsers = 23
-
-[Channel]
- # More [Channel] sections, if you like ...
-
-# -eof-