1
Description: rename the example.conf file to ircd.conf
2
The example.conf is really a good sample ircd.conf file. Since we
3
would like to ship a working config for the Debian package, it would
4
better to install the ircd.conf directly. This should not affect
5
existing installs because make install actually checks if the config
7
Author: Antoine Beaupré <anarcat@koumbit.org>
8
Bug-Debian: http://bugs.debian.org/485553
10
Bug: http://jira.atheme.org/browse/CHARY-4
11
Forwarded: http://jira.atheme.org/secure/attachment/10719/ircd.conf
12
Last-Update: 2011-11-03
14
--- charybdis-3.3.0.orig/doc/Makefile.in
15
+++ charybdis-3.3.0/doc/Makefile.in
16
@@ -30,7 +30,7 @@ automoduledir = @moduledir@/autoload
17
mandir = @mandir@/man8
20
-CONFS = example.conf reference.conf
21
+CONFS = ircd.conf reference.conf
22
DEFAULTCONFS = kline.conf dline.conf xline.conf resv.conf
26
+++ charybdis-3.3.0/doc/ircd.conf
28
+/* doc/example.conf - brief example configuration file
30
+ * Copyright (C) 2000-2002 Hybrid Development Team
31
+ * Copyright (C) 2002-2005 ircd-ratbox development team
32
+ * Copyright (C) 2005-2006 charybdis development team
34
+ * $Id: example.conf 3582 2007-11-17 21:55:48Z jilles $
36
+ * See reference.conf for more information.
40
+#loadmodule "extensions/chm_operonly_compat.so";
41
+#loadmodule "extensions/chm_quietunreg_compat.so";
42
+#loadmodule "extensions/chm_sslonly_compat.so";
43
+#loadmodule "extensions/createauthonly.so";
44
+#loadmodule "extensions/extb_account.so";
45
+#loadmodule "extensions/extb_canjoin.so";
46
+#loadmodule "extensions/extb_channel.so";
47
+#loadmodule "extensions/extb_extgecos.so";
48
+#loadmodule "extensions/extb_oper.so";
49
+#loadmodule "extensions/extb_realname.so";
50
+#loadmodule "extensions/extb_server.so";
51
+#loadmodule "extensions/extb_ssl.so";
52
+#loadmodule "extensions/hurt.so";
53
+#loadmodule "extensions/m_findforwards.so";
54
+#loadmodule "extensions/m_identify.so";
55
+#loadmodule "extensions/no_oper_invis.so";
56
+#loadmodule "extensions/sno_farconnect.so";
57
+#loadmodule "extensions/sno_globalkline.so";
58
+#loadmodule "extensions/sno_globaloper.so";
59
+#loadmodule "extensions/sno_whois.so";
62
+ * IP cloaking extensions: use ip_cloaking_4.0
63
+ * if you're linking 3.2 and later, otherwise use
64
+ * ip_cloaking.so, for compatibility with older 3.x
68
+#loadmodule "extensions/ip_cloaking_4.0.so";
69
+#loadmodule "extensions/ip_cloaking.so";
72
+ name = "hades.arpa";
74
+ description = "charybdis test server";
75
+ network_name = "AthemeNET";
76
+ network_desc = "Your IRC network.";
79
+ /* On multi-homed hosts you may need the following. These define
80
+ * the addresses we connect from to other servers. */
82
+ #vhost = "192.169.0.1";
84
+ #vhost6 = "3ffe:80e8:546::2";
86
+ /* ssl_private_key: our ssl private key */
87
+ #ssl_private_key = "etc/test.key";
89
+ /* ssl_cert: certificate for our ssl server */
90
+ #ssl_cert = "etc/test.cert";
92
+ /* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
93
+ #ssl_dh_params = "etc/dh.pem";
95
+ /* ssld_count: number of ssld processes you want to start, if you
96
+ * have a really busy server, using N-1 where N is the number of
97
+ * cpu/cpu cores you have might be useful. A number greater than one
98
+ * can also be useful in case of bugs in ssld and because ssld needs
99
+ * two file descriptors per SSL connection.
103
+ /* default max clients: the default maximum number of clients
104
+ * allowed to connect. This can be changed once ircd has started by
106
+ * /quote set maxclients <limit>
108
+ default_max_clients = 1024;
112
+ name = "Lazy admin (lazya)";
113
+ description = "AthemeNET client server";
114
+ email = "nobody@127.0.0.1";
118
+ fname_userlog = "/var/log/charybdis/userlog";
119
+ #fname_fuserlog = "/var/log/charybdis/fuserlog";
120
+ fname_operlog = "/var/log/charybdis/operlog";
121
+ #fname_foperlog = "/var/log/charybdis/foperlog";
122
+ fname_serverlog = "/var/log/charybdis/serverlog";
123
+ #fname_klinelog = "/var/log/charybdis/klinelog";
124
+ fname_killlog = "/var/log/charybdis/killlog";
125
+ fname_operspylog = "/var/log/charybdis/operspylog";
126
+ #fname_ioerrorlog = "/var/log/charybdis/ioerror";
129
+/* class {} blocks MUST be specified before anything that uses them. That
130
+ * means they must be defined before auth {} and before connect {}.
133
+ ping_time = 2 minutes;
134
+ number_per_ident = 10;
135
+ number_per_ip = 10;
136
+ number_per_ip_global = 50;
137
+ cidr_ipv4_bitlen = 24;
138
+ cidr_ipv6_bitlen = 64;
139
+ number_per_cidr = 200;
141
+ sendq = 400 kbytes;
145
+ ping_time = 5 minutes;
146
+ number_per_ip = 10;
148
+ sendq = 1 megabyte;
152
+ ping_time = 5 minutes;
153
+ connectfreq = 5 minutes;
155
+ sendq = 4 megabytes;
159
+ /* If you want to listen on a specific IP only, specify host.
160
+ * host definitions apply only to the following port line.
162
+ #host = "192.169.0.1";
163
+ port = 5000, 6665 .. 6669;
166
+ /* Listen on IPv6 (if you used host= above). */
167
+ #host = "3ffe:1234:a:b:c::d";
168
+ #port = 5000, 6665 .. 6669;
172
+/* auth {}: allow users to connect to the ircd (OLD I:)
173
+ * auth {} blocks MUST be specified in order of precedence. The first one
174
+ * that matches a user will be used. So place spoofs first, then specials,
175
+ * then general access, then restricted.
178
+ /* user: the user@host allowed to connect. Multiple IPv4/IPv6 user
179
+ * lines are permitted per auth block. This is matched against the
180
+ * hostname and IP address (using :: shortening for IPv6 and
181
+ * prepending a 0 if it starts with a colon) and can also use CIDR
184
+ user = "*@172.16.0.0/12";
185
+ user = "*@fc00::*";
187
+ /* password: an optional password that is required to use this block.
188
+ * By default this is not encrypted, specify the flag "encrypted" in
189
+ * flags = ...; below if it is.
191
+ password = "letmein";
193
+ /* spoof: fake the users user@host to be be this. You may either
194
+ * specify a host or a user@host to spoof to. This is free-form,
195
+ * just do everyone a favour and dont abuse it. (OLD I: = flag)
197
+ spoof = "I.still.hate.packets";
199
+ /* Possible flags in auth:
201
+ * encrypted | password is encrypted with mkpasswd
202
+ * spoof_notice | give a notice when spoofing hosts
203
+ * exceed_limit (old > flag) | allow user to exceed class user limits
204
+ * kline_exempt (old ^ flag) | exempt this user from k/g/xlines&dnsbls
205
+ * dnsbl_exempt | exempt this user from dnsbls
206
+ * spambot_exempt | exempt this user from spambot checks
207
+ * shide_exempt | exempt this user from serverhiding
208
+ * jupe_exempt | exempt this user from generating
209
+ * warnings joining juped channels
210
+ * resv_exempt | exempt this user from resvs
211
+ * flood_exempt | exempt this user from flood limits
212
+ * USE WITH CAUTION.
213
+ * no_tilde (old - flag) | don't prefix ~ to username if no ident
214
+ * need_ident (old + flag) | require ident for user in this class
215
+ * need_ssl | require SSL/TLS for user in this class
216
+ * need_sasl | require SASL id for user in this class
218
+ flags = kline_exempt, exceed_limit;
220
+ /* class: the class the user is placed in */
229
+/* privset {} blocks MUST be specified before anything that uses them. That
230
+ * means they must be defined before operator {}.
232
+privset "local_op" {
233
+ privs = oper:local_kill, oper:operwall;
236
+privset "server_bot" {
237
+ extends = "local_op";
238
+ privs = oper:kline, oper:remoteban, snomask:nick_changes;
241
+privset "global_op" {
242
+ extends = "local_op";
243
+ privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline,
244
+ oper:resv, oper:mass_notice, oper:remoteban;
248
+ extends = "global_op";
249
+ privs = oper:admin, oper:die, oper:rehash, oper:spy;
253
+ /* name: the name of the oper must go above */
255
+ /* user: the user@host required for this operator. CIDR *is*
256
+ * supported now. auth{} spoofs work here, other spoofs do not.
257
+ * multiple user="" lines are supported.
259
+ user = "*god@127.0.0.1";
261
+ /* password: the password required to oper. Unless ~encrypted is
262
+ * contained in flags = ...; this will need to be encrypted using
263
+ * mkpasswd, MD5 is supported
265
+ password = "etcnjl8juSU1E";
267
+ /* rsa key: the public key for this oper when using Challenge.
268
+ * A password should not be defined when this is used, see
269
+ * doc/challenge.txt for more information.
271
+ #rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
273
+ /* umodes: the specific umodes this oper gets when they oper.
274
+ * If this is specified an oper will not be given oper_umodes
275
+ * These are described above oper_only_umodes in general {};
277
+ #umodes = locops, servnotice, operwall, wallop;
279
+ /* fingerprint: if specified, the oper's client certificate
280
+ * fingerprint will be checked against the specified fingerprint
283
+ #fingerprint = "c77106576abf7f9f90cca0f63874a60f2e40a64b";
285
+ /* snomask: specific server notice mask on oper up.
286
+ * If this is specified an oper will not be given oper_snomask.
288
+ snomask = "+Zbfkrsuy";
290
+ /* flags: misc options for the operator. You may prefix an option
291
+ * with ~ to disable it, e.g. ~encrypted.
293
+ * Default flags are encrypted.
295
+ * Available options:
297
+ * encrypted: the password above is encrypted [DEFAULT]
298
+ * need_ssl: must be using SSL/TLS to oper up
302
+ /* privset: privileges set to grant */
306
+#connect "irc.uplink.com" {
307
+# host = "192.168.0.1";
308
+# send_password = "password";
309
+# accept_password = "anotherpassword";
313
+# flags = compressed, topicburst;
315
+# /* If the connection is IPv6, uncomment below.
316
+# * Use 0::1, not ::1, for IPv6 localhost. */
320
+#connect "ssl.uplink.com" {
321
+# host = "192.168.0.1";
322
+# send_password = "password";
323
+# accept_password = "anotherpassword";
327
+# flags = ssl, topicburst;
331
+ name = "services.int";
336
+ flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv;
341
+ flags = all, rehash;
344
+/* exempt {}: IPs that are exempt from Dlines and rejectcache. (OLD d:) */
354
+ knock_delay = 5 minutes;
355
+ knock_delay_channel = 1 minute;
356
+ max_chans_per_user = 15;
358
+ max_bans_large = 500;
359
+ default_split_user_count = 0;
360
+ default_split_server_count = 0;
361
+ no_create_on_split = no;
362
+ no_join_on_split = no;
363
+ burst_topicwho = yes;
364
+ kick_on_split_riding = no;
365
+ only_ascii_channels = no;
366
+ resv_forcepart = yes;
367
+ channel_target_change = yes;
371
+ flatten_links = yes;
372
+ links_delay = 5 minutes;
374
+ disable_hidden = no;
377
+/* These are the blacklist settings.
378
+ * You can have multiple combinations of host and rejection reasons.
379
+ * They are used in pairs of one host/rejection reason.
381
+ * These settings should be adequate for most networks, and are (presently)
382
+ * required for use on AthemeNet.
384
+ * Word to the wise: Do not use blacklists like SPEWS for blocking IRC
387
+ * As of charybdis 2.1.3, you can do some keyword substitution on the rejection
388
+ * reason. The available keyword substitutions are:
390
+ * ${ip} - the user's IP
391
+ * ${host} - the user's canonical hostname
392
+ * ${dnsbl-host} - the dnsbl hostname the lookup was done against
393
+ * ${nick} - the user's nickname
394
+ * ${network-name} - the name of the network
396
+ * Note: AHBL (the providers of the below *.ahbl.org BLs) request that they be
397
+ * contacted, via email, at admins@2mbit.com before using these BLs.
398
+ * See <http://www.ahbl.org/services.php> for more information.
401
+ host = "rbl.efnetrbl.org";
402
+ reject_reason = "${nick}, your IP (${ip}) is listed in EFnet's RBL. For assistance, see http://efnetrbl.org/?i=${ip}";
404
+# host = "ircbl.ahbl.org";
405
+# reject_reason = "${nick}, your IP (${ip}) is listed in ${dnsbl-host} for having an open proxy. In order to protect ${network-name} from abuse, we are not allowing connections with open proxies to connect.";
407
+# host = "tor.ahbl.org";
408
+# reject_reason = "${nick}, your IP (${ip}) is listed as a TOR exit node. In order to protect ${network-name} from tor-based abuse, we are not allowing TOR exit nodes to connect to our network.";
412
+ target = "NickServ";
416
+ target = "ChanServ";
420
+ target = "OperServ";
424
+ target = "MemoServ";
428
+ target = "NickServ";
432
+ target = "ChanServ";
436
+ target = "OperServ";
440
+ target = "MemoServ";
444
+ hide_error_messages = opers;
445
+ hide_spoof_ips = yes;
448
+ * default_umodes: umodes to enable on connect.
449
+ * If you have enabled the new ip_cloaking_4.0 module, and you want
450
+ * to make use of it, add +x to this option, i.e.:
451
+ * default_umodes = "+ix";
453
+ * If you have enabled the old ip_cloaking module, and you want
454
+ * to make use of it, add +h to this option, i.e.:
455
+ * default_umodes = "+ih";
457
+ default_umodes = "+i";
459
+ default_operstring = "is an IRC Operator";
460
+ default_adminstring = "is a Server Administrator";
461
+ servicestring = "is a Network Service";
462
+ disable_fake_channels = no;
463
+ tkline_expire_notices = no;
464
+ default_floodcount = 10;
465
+ failed_oper_notice = yes;
467
+ min_nonwildcard = 4;
468
+ min_nonwildcard_simple = 3;
471
+ anti_nick_flood = yes;
472
+ max_nick_time = 20 seconds;
473
+ max_nick_changes = 5;
474
+ anti_spam_exit_message_time = 5 minutes;
475
+ ts_warn_delta = 30 seconds;
476
+ ts_max_delta = 5 minutes;
478
+ collision_fnc = yes;
479
+ global_snotices = yes;
480
+ dline_with_reason = yes;
481
+ kline_delay = 0 seconds;
482
+ kline_with_reason = yes;
483
+ kline_reason = "K-Lined";
484
+ identify_service = "NickServ@services.int";
485
+ identify_command = "IDENTIFY";
486
+ non_redundant_klines = yes;
487
+ warn_no_nline = yes;
488
+ use_propagated_bans = yes;
489
+ stats_e_disabled = no;
490
+ stats_c_oper_only=no;
491
+ stats_h_oper_only=no;
492
+ stats_y_oper_only=no;
493
+ stats_o_oper_only=yes;
494
+ stats_P_oper_only=no;
495
+ stats_i_oper_only=masked;
496
+ stats_k_oper_only=masked;
497
+ map_oper_only = no;
498
+ operspy_admin_only = no;
499
+ operspy_dont_care_user_info = no;
500
+ caller_id_wait = 1 minute;
501
+ pace_wait_simple = 1 second;
502
+ pace_wait = 10 seconds;
505
+ connect_timeout = 30 seconds;
506
+ default_ident_timeout = 5;
508
+ no_oper_flood = yes;
511
+ use_whois_actually = no;
512
+ oper_only_umodes = operwall, locops, servnotice;
513
+ oper_umodes = locops, servnotice, operwall, wallop;
514
+ oper_snomask = "+s";
516
+ nick_delay = 0 seconds; # 15 minutes if you want to enable this
517
+ reject_ban_time = 1 minute;
518
+ reject_after_count = 3;
519
+ reject_duration = 5 minutes;
520
+ throttle_duration = 60;
521
+ throttle_count = 4;
526
+ path = "modules/autoload";
528
diff --git a/doc/example.conf b/doc/example.conf
529
deleted file mode 100755
530
index 5e1895f..0000000
531
--- a/doc/example.conf
534
-/* doc/example.conf - brief example configuration file
536
- * Copyright (C) 2000-2002 Hybrid Development Team
537
- * Copyright (C) 2002-2005 ircd-ratbox development team
538
- * Copyright (C) 2005-2006 charybdis development team
540
- * $Id: example.conf 3582 2007-11-17 21:55:48Z jilles $
542
- * See reference.conf for more information.
546
-#loadmodule "extensions/chm_operonly_compat.so";
547
-#loadmodule "extensions/chm_quietunreg_compat.so";
548
-#loadmodule "extensions/chm_sslonly_compat.so";
549
-#loadmodule "extensions/createauthonly.so";
550
-#loadmodule "extensions/extb_account.so";
551
-#loadmodule "extensions/extb_canjoin.so";
552
-#loadmodule "extensions/extb_channel.so";
553
-#loadmodule "extensions/extb_extgecos.so";
554
-#loadmodule "extensions/extb_oper.so";
555
-#loadmodule "extensions/extb_realname.so";
556
-#loadmodule "extensions/extb_server.so";
557
-#loadmodule "extensions/extb_ssl.so";
558
-#loadmodule "extensions/hurt.so";
559
-#loadmodule "extensions/m_findforwards.so";
560
-#loadmodule "extensions/m_identify.so";
561
-#loadmodule "extensions/no_oper_invis.so";
562
-#loadmodule "extensions/sno_farconnect.so";
563
-#loadmodule "extensions/sno_globalkline.so";
564
-#loadmodule "extensions/sno_globaloper.so";
565
-#loadmodule "extensions/sno_whois.so";
568
- * IP cloaking extensions: use ip_cloaking_4.0
569
- * if you're linking 3.2 and later, otherwise use
570
- * ip_cloaking.so, for compatibility with older 3.x
574
-#loadmodule "extensions/ip_cloaking_4.0.so";
575
-#loadmodule "extensions/ip_cloaking.so";
578
- name = "hades.arpa";
580
- description = "charybdis test server";
581
- network_name = "AthemeNET";
582
- network_desc = "Your IRC network.";
585
- /* On multi-homed hosts you may need the following. These define
586
- * the addresses we connect from to other servers. */
588
- #vhost = "192.169.0.1";
590
- #vhost6 = "3ffe:80e8:546::2";
592
- /* ssl_private_key: our ssl private key */
593
- ssl_private_key = "etc/test.key";
595
- /* ssl_cert: certificate for our ssl server */
596
- ssl_cert = "etc/test.cert";
598
- /* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
599
- ssl_dh_params = "etc/dh.pem";
601
- /* ssld_count: number of ssld processes you want to start, if you
602
- * have a really busy server, using N-1 where N is the number of
603
- * cpu/cpu cores you have might be useful. A number greater than one
604
- * can also be useful in case of bugs in ssld and because ssld needs
605
- * two file descriptors per SSL connection.
609
- /* default max clients: the default maximum number of clients
610
- * allowed to connect. This can be changed once ircd has started by
612
- * /quote set maxclients <limit>
614
- default_max_clients = 1024;
618
- name = "Lazy admin (lazya)";
619
- description = "AthemeNET client server";
620
- email = "nobody@127.0.0.1";
624
- fname_userlog = "logs/userlog";
625
- #fname_fuserlog = "logs/fuserlog";
626
- fname_operlog = "logs/operlog";
627
- #fname_foperlog = "logs/foperlog";
628
- fname_serverlog = "logs/serverlog";
629
- #fname_klinelog = "logs/klinelog";
630
- fname_killlog = "logs/killlog";
631
- fname_operspylog = "logs/operspylog";
632
- #fname_ioerrorlog = "logs/ioerror";
635
-/* class {} blocks MUST be specified before anything that uses them. That
636
- * means they must be defined before auth {} and before connect {}.
639
- ping_time = 2 minutes;
640
- number_per_ident = 10;
641
- number_per_ip = 10;
642
- number_per_ip_global = 50;
643
- cidr_ipv4_bitlen = 24;
644
- cidr_ipv6_bitlen = 64;
645
- number_per_cidr = 200;
647
- sendq = 400 kbytes;
651
- ping_time = 5 minutes;
652
- number_per_ip = 10;
654
- sendq = 1 megabyte;
658
- ping_time = 5 minutes;
659
- connectfreq = 5 minutes;
661
- sendq = 4 megabytes;
665
- /* If you want to listen on a specific IP only, specify host.
666
- * host definitions apply only to the following port line.
668
- #host = "192.169.0.1";
669
- port = 5000, 6665 .. 6669;
672
- /* Listen on IPv6 (if you used host= above). */
673
- #host = "3ffe:1234:a:b:c::d";
674
- #port = 5000, 6665 .. 6669;
678
-/* auth {}: allow users to connect to the ircd (OLD I:)
679
- * auth {} blocks MUST be specified in order of precedence. The first one
680
- * that matches a user will be used. So place spoofs first, then specials,
681
- * then general access, then restricted.
684
- /* user: the user@host allowed to connect. Multiple IPv4/IPv6 user
685
- * lines are permitted per auth block. This is matched against the
686
- * hostname and IP address (using :: shortening for IPv6 and
687
- * prepending a 0 if it starts with a colon) and can also use CIDR
690
- user = "*@172.16.0.0/12";
691
- user = "*test@123D:B567:*";
693
- /* password: an optional password that is required to use this block.
694
- * By default this is not encrypted, specify the flag "encrypted" in
695
- * flags = ...; below if it is.
697
- password = "letmein";
699
- /* spoof: fake the users user@host to be be this. You may either
700
- * specify a host or a user@host to spoof to. This is free-form,
701
- * just do everyone a favour and dont abuse it. (OLD I: = flag)
703
- spoof = "I.still.hate.packets";
705
- /* Possible flags in auth:
707
- * encrypted | password is encrypted with mkpasswd
708
- * spoof_notice | give a notice when spoofing hosts
709
- * exceed_limit (old > flag) | allow user to exceed class user limits
710
- * kline_exempt (old ^ flag) | exempt this user from k/g/xlines&dnsbls
711
- * dnsbl_exempt | exempt this user from dnsbls
712
- * spambot_exempt | exempt this user from spambot checks
713
- * shide_exempt | exempt this user from serverhiding
714
- * jupe_exempt | exempt this user from generating
715
- * warnings joining juped channels
716
- * resv_exempt | exempt this user from resvs
717
- * flood_exempt | exempt this user from flood limits
718
- * USE WITH CAUTION.
719
- * no_tilde (old - flag) | don't prefix ~ to username if no ident
720
- * need_ident (old + flag) | require ident for user in this class
721
- * need_ssl | require SSL/TLS for user in this class
722
- * need_sasl | require SASL id for user in this class
724
- flags = kline_exempt, exceed_limit;
726
- /* class: the class the user is placed in */
735
-/* privset {} blocks MUST be specified before anything that uses them. That
736
- * means they must be defined before operator {}.
738
-privset "local_op" {
739
- privs = oper:local_kill, oper:operwall;
742
-privset "server_bot" {
743
- extends = "local_op";
744
- privs = oper:kline, oper:remoteban, snomask:nick_changes;
747
-privset "global_op" {
748
- extends = "local_op";
749
- privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline,
750
- oper:resv, oper:mass_notice, oper:remoteban;
754
- extends = "global_op";
755
- privs = oper:admin, oper:die, oper:rehash, oper:spy;
759
- /* name: the name of the oper must go above */
761
- /* user: the user@host required for this operator. CIDR *is*
762
- * supported now. auth{} spoofs work here, other spoofs do not.
763
- * multiple user="" lines are supported.
765
- user = "*god@127.0.0.1";
767
- /* password: the password required to oper. Unless ~encrypted is
768
- * contained in flags = ...; this will need to be encrypted using
769
- * mkpasswd, MD5 is supported
771
- password = "etcnjl8juSU1E";
773
- /* rsa key: the public key for this oper when using Challenge.
774
- * A password should not be defined when this is used, see
775
- * doc/challenge.txt for more information.
777
- #rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
779
- /* umodes: the specific umodes this oper gets when they oper.
780
- * If this is specified an oper will not be given oper_umodes
781
- * These are described above oper_only_umodes in general {};
783
- #umodes = locops, servnotice, operwall, wallop;
785
- /* fingerprint: if specified, the oper's client certificate
786
- * fingerprint will be checked against the specified fingerprint
789
- #fingerprint = "c77106576abf7f9f90cca0f63874a60f2e40a64b";
791
- /* snomask: specific server notice mask on oper up.
792
- * If this is specified an oper will not be given oper_snomask.
794
- snomask = "+Zbfkrsuy";
796
- /* flags: misc options for the operator. You may prefix an option
797
- * with ~ to disable it, e.g. ~encrypted.
799
- * Default flags are encrypted.
801
- * Available options:
803
- * encrypted: the password above is encrypted [DEFAULT]
804
- * need_ssl: must be using SSL/TLS to oper up
808
- /* privset: privileges set to grant */
812
-connect "irc.uplink.com" {
813
- host = "192.168.0.1";
814
- send_password = "password";
815
- accept_password = "anotherpassword";
819
- flags = compressed, topicburst;
821
- /* If the connection is IPv6, uncomment below.
822
- * Use 0::1, not ::1, for IPv6 localhost. */
826
-connect "ssl.uplink.com" {
827
- host = "192.168.0.1";
828
- send_password = "password";
829
- accept_password = "anotherpassword";
833
- flags = ssl, topicburst;
837
- name = "services.int";
842
- flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv;
847
- flags = all, rehash;
850
-/* exempt {}: IPs that are exempt from Dlines and rejectcache. (OLD d:) */
860
- knock_delay = 5 minutes;
861
- knock_delay_channel = 1 minute;
862
- max_chans_per_user = 15;
864
- max_bans_large = 500;
865
- default_split_user_count = 0;
866
- default_split_server_count = 0;
867
- no_create_on_split = no;
868
- no_join_on_split = no;
869
- burst_topicwho = yes;
870
- kick_on_split_riding = no;
871
- only_ascii_channels = no;
872
- resv_forcepart = yes;
873
- channel_target_change = yes;
877
- flatten_links = yes;
878
- links_delay = 5 minutes;
880
- disable_hidden = no;
883
-/* These are the blacklist settings.
884
- * You can have multiple combinations of host and rejection reasons.
885
- * They are used in pairs of one host/rejection reason.
887
- * These settings should be adequate for most networks, and are (presently)
888
- * required for use on AthemeNet.
890
- * Word to the wise: Do not use blacklists like SPEWS for blocking IRC
893
- * As of charybdis 2.1.3, you can do some keyword substitution on the rejection
894
- * reason. The available keyword substitutions are:
896
- * ${ip} - the user's IP
897
- * ${host} - the user's canonical hostname
898
- * ${dnsbl-host} - the dnsbl hostname the lookup was done against
899
- * ${nick} - the user's nickname
900
- * ${network-name} - the name of the network
902
- * Note: AHBL (the providers of the below *.ahbl.org BLs) request that they be
903
- * contacted, via email, at admins@2mbit.com before using these BLs.
904
- * See <http://www.ahbl.org/services.php> for more information.
907
- host = "rbl.efnetrbl.org";
908
- reject_reason = "${nick}, your IP (${ip}) is listed in EFnet's RBL. For assistance, see http://efnetrbl.org/?i=${ip}";
910
-# host = "ircbl.ahbl.org";
911
-# reject_reason = "${nick}, your IP (${ip}) is listed in ${dnsbl-host} for having an open proxy. In order to protect ${network-name} from abuse, we are not allowing connections with open proxies to connect.";
913
-# host = "tor.ahbl.org";
914
-# reject_reason = "${nick}, your IP (${ip}) is listed as a TOR exit node. In order to protect ${network-name} from tor-based abuse, we are not allowing TOR exit nodes to connect to our network.";
918
- target = "NickServ";
922
- target = "ChanServ";
926
- target = "OperServ";
930
- target = "MemoServ";
934
- target = "NickServ";
938
- target = "ChanServ";
942
- target = "OperServ";
946
- target = "MemoServ";
950
- hide_error_messages = opers;
951
- hide_spoof_ips = yes;
954
- * default_umodes: umodes to enable on connect.
955
- * If you have enabled the new ip_cloaking_4.0 module, and you want
956
- * to make use of it, add +x to this option, i.e.:
957
- * default_umodes = "+ix";
959
- * If you have enabled the old ip_cloaking module, and you want
960
- * to make use of it, add +h to this option, i.e.:
961
- * default_umodes = "+ih";
963
- default_umodes = "+i";
965
- default_operstring = "is an IRC Operator";
966
- default_adminstring = "is a Server Administrator";
967
- servicestring = "is a Network Service";
968
- disable_fake_channels = no;
969
- tkline_expire_notices = no;
970
- default_floodcount = 10;
971
- failed_oper_notice = yes;
973
- min_nonwildcard = 4;
974
- min_nonwildcard_simple = 3;
977
- anti_nick_flood = yes;
978
- max_nick_time = 20 seconds;
979
- max_nick_changes = 5;
980
- anti_spam_exit_message_time = 5 minutes;
981
- ts_warn_delta = 30 seconds;
982
- ts_max_delta = 5 minutes;
984
- collision_fnc = yes;
985
- global_snotices = yes;
986
- dline_with_reason = yes;
987
- kline_delay = 0 seconds;
988
- kline_with_reason = yes;
989
- kline_reason = "K-Lined";
990
- identify_service = "NickServ@services.int";
991
- identify_command = "IDENTIFY";
992
- non_redundant_klines = yes;
993
- warn_no_nline = yes;
994
- use_propagated_bans = yes;
995
- stats_e_disabled = no;
996
- stats_c_oper_only=no;
997
- stats_h_oper_only=no;
998
- stats_y_oper_only=no;
999
- stats_o_oper_only=yes;
1000
- stats_P_oper_only=no;
1001
- stats_i_oper_only=masked;
1002
- stats_k_oper_only=masked;
1003
- map_oper_only = no;
1004
- operspy_admin_only = no;
1005
- operspy_dont_care_user_info = no;
1006
- caller_id_wait = 1 minute;
1007
- pace_wait_simple = 1 second;
1008
- pace_wait = 10 seconds;
1011
- connect_timeout = 30 seconds;
1012
- default_ident_timeout = 5;
1013
- disable_auth = no;
1014
- no_oper_flood = yes;
1016
- client_flood = 20;
1017
- use_whois_actually = no;
1018
- oper_only_umodes = operwall, locops, servnotice;
1019
- oper_umodes = locops, servnotice, operwall, wallop;
1020
- oper_snomask = "+s";
1022
- nick_delay = 0 seconds; # 15 minutes if you want to enable this
1023
- reject_ban_time = 1 minute;
1024
- reject_after_count = 3;
1025
- reject_duration = 5 minutes;
1026
- throttle_duration = 60;
1027
- throttle_count = 4;
1032
- path = "modules/autoload";