« back to all changes in this revision
Viewing changes to debian/patches/ircd.conf
- browse files at revision 2
- compare with another revision
- download diff
- download tarball
- view history from revision 2
- Committer: Package Import Robot
- Author(s): Antoine Beaupré
- Date: 2011-11-10 23:07:37 UTC
- Revision ID: package-import@ubuntu.com-20111110230737-3dnv6kgi02swy3y5
Tags: 3.3.0-5
add all undocumented copyrights - some files do not have copyright
headers still, it is assumed they are GPL-2
headers still, it is assumed they are GPL-2
- files added:
- .pc
- .pc/cleanup-bandb-properly
- .pc/cleanup-bandb-properly/bandb
- .pc/fix-paths
- .pc/fix-paths/include
- .pc/ircd.conf
- .pc/ircd.conf/doc
- .pc/no-rpath
- .pc/no_hardcoded_bandb_dpath
- .pc/no_hardcoded_bandb_dpath/src
- .pc/non-static-sqlite
- .pc/non-static-sqlite/bandb
- debian
- debian/patches
- debian/source
- files removed:
- doc/example.conf
- files modified:
- bandb/Makefile.in
added
removed
debian/patches/ircd.conf
1
Description: rename the example.conf file to ircd.conf
2
The example.conf is really a good sample ircd.conf file. Since we
3
would like to ship a working config for the Debian package, it would
4
better to install the ircd.conf directly. This should not affect
5
existing installs because make install actually checks if the config
6
file exists.
7
Author: Antoine Beaupré <anarcat@koumbit.org>
8
Bug-Debian: http://bugs.debian.org/485553
9
10
Bug: http://jira.atheme.org/browse/CHARY-4
11
Forwarded: http://jira.atheme.org/secure/attachment/10719/ircd.conf
12
Last-Update: 2011-11-03
13
14
--- charybdis-3.3.0.orig/doc/Makefile.in
15
+++ charybdis-3.3.0/doc/Makefile.in
16
@@ -30,7 +30,7 @@ automoduledir = @moduledir@/autoload
17
mandir = @mandir@/man8
18
MANPAGES = ircd.8
19
20
-CONFS = example.conf reference.conf
21
+CONFS = ircd.conf reference.conf
22
DEFAULTCONFS = kline.conf dline.conf xline.conf resv.conf
23
24
SSL_LIBS = @SSL_LIBS@
25
--- /dev/null
26
+++ charybdis-3.3.0/doc/ircd.conf
27
@@ -0,0 +1,500 @@
28
+/* doc/example.conf - brief example configuration file
29
+ *
30
+ * Copyright (C) 2000-2002 Hybrid Development Team
31
+ * Copyright (C) 2002-2005 ircd-ratbox development team
32
+ * Copyright (C) 2005-2006 charybdis development team
33
+ *
34
+ * $Id: example.conf 3582 2007-11-17 21:55:48Z jilles $
35
+ *
36
+ * See reference.conf for more information.
37
+ */
38
+
39
+/* Extensions */
40
+#loadmodule "extensions/chm_operonly_compat.so";
41
+#loadmodule "extensions/chm_quietunreg_compat.so";
42
+#loadmodule "extensions/chm_sslonly_compat.so";
43
+#loadmodule "extensions/createauthonly.so";
44
+#loadmodule "extensions/extb_account.so";
45
+#loadmodule "extensions/extb_canjoin.so";
46
+#loadmodule "extensions/extb_channel.so";
47
+#loadmodule "extensions/extb_extgecos.so";
48
+#loadmodule "extensions/extb_oper.so";
49
+#loadmodule "extensions/extb_realname.so";
50
+#loadmodule "extensions/extb_server.so";
51
+#loadmodule "extensions/extb_ssl.so";
52
+#loadmodule "extensions/hurt.so";
53
+#loadmodule "extensions/m_findforwards.so";
54
+#loadmodule "extensions/m_identify.so";
55
+#loadmodule "extensions/no_oper_invis.so";
56
+#loadmodule "extensions/sno_farconnect.so";
57
+#loadmodule "extensions/sno_globalkline.so";
58
+#loadmodule "extensions/sno_globaloper.so";
59
+#loadmodule "extensions/sno_whois.so";
60
+
61
+/*
62
+ * IP cloaking extensions: use ip_cloaking_4.0
63
+ * if you're linking 3.2 and later, otherwise use
64
+ * ip_cloaking.so, for compatibility with older 3.x
65
+ * releases.
66
+ */
67
+
68
+#loadmodule "extensions/ip_cloaking_4.0.so";
69
+#loadmodule "extensions/ip_cloaking.so";
70
+
71
+serverinfo {
72
+ name = "hades.arpa";
73
+ sid = "42X";
74
+ description = "charybdis test server";
75
+ network_name = "AthemeNET";
76
+ network_desc = "Your IRC network.";
77
+ hub = yes;
78
+
79
+ /* On multi-homed hosts you may need the following. These define
80
+ * the addresses we connect from to other servers. */
81
+ /* for IPv4 */
82
+ #vhost = "192.169.0.1";
83
+ /* for IPv6 */
84
+ #vhost6 = "3ffe:80e8:546::2";
85
+
86
+ /* ssl_private_key: our ssl private key */
87
+ #ssl_private_key = "etc/test.key";
88
+
89
+ /* ssl_cert: certificate for our ssl server */
90
+ #ssl_cert = "etc/test.cert";
91
+
92
+ /* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
93
+ #ssl_dh_params = "etc/dh.pem";
94
+
95
+ /* ssld_count: number of ssld processes you want to start, if you
96
+ * have a really busy server, using N-1 where N is the number of
97
+ * cpu/cpu cores you have might be useful. A number greater than one
98
+ * can also be useful in case of bugs in ssld and because ssld needs
99
+ * two file descriptors per SSL connection.
100
+ */
101
+ #ssld_count = 1;
102
+
103
+ /* default max clients: the default maximum number of clients
104
+ * allowed to connect. This can be changed once ircd has started by
105
+ * issuing:
106
+ * /quote set maxclients <limit>
107
+ */
108
+ default_max_clients = 1024;
109
+};
110
+
111
+admin {
112
+ name = "Lazy admin (lazya)";
113
+ description = "AthemeNET client server";
114
+ email = "nobody@127.0.0.1";
115
+};
116
+
117
+log {
118
+ fname_userlog = "/var/log/charybdis/userlog";
119
+ #fname_fuserlog = "/var/log/charybdis/fuserlog";
120
+ fname_operlog = "/var/log/charybdis/operlog";
121
+ #fname_foperlog = "/var/log/charybdis/foperlog";
122
+ fname_serverlog = "/var/log/charybdis/serverlog";
123
+ #fname_klinelog = "/var/log/charybdis/klinelog";
124
+ fname_killlog = "/var/log/charybdis/killlog";
125
+ fname_operspylog = "/var/log/charybdis/operspylog";
126
+ #fname_ioerrorlog = "/var/log/charybdis/ioerror";
127
+};
128
+
129
+/* class {} blocks MUST be specified before anything that uses them. That
130
+ * means they must be defined before auth {} and before connect {}.
131
+ */
132
+class "users" {
133
+ ping_time = 2 minutes;
134
+ number_per_ident = 10;
135
+ number_per_ip = 10;
136
+ number_per_ip_global = 50;
137
+ cidr_ipv4_bitlen = 24;
138
+ cidr_ipv6_bitlen = 64;
139
+ number_per_cidr = 200;
140
+ max_number = 3000;
141
+ sendq = 400 kbytes;
142
+};
143
+
144
+class "opers" {
145
+ ping_time = 5 minutes;
146
+ number_per_ip = 10;
147
+ max_number = 1000;
148
+ sendq = 1 megabyte;
149
+};
150
+
151
+class "server" {
152
+ ping_time = 5 minutes;
153
+ connectfreq = 5 minutes;
154
+ max_number = 1;
155
+ sendq = 4 megabytes;
156
+};
157
+
158
+listen {
159
+ /* If you want to listen on a specific IP only, specify host.
160
+ * host definitions apply only to the following port line.
161
+ */
162
+ #host = "192.169.0.1";
163
+ port = 5000, 6665 .. 6669;
164
+ sslport = 6697;
165
+
166
+ /* Listen on IPv6 (if you used host= above). */
167
+ #host = "3ffe:1234:a:b:c::d";
168
+ #port = 5000, 6665 .. 6669;
169
+ #sslport = 9999;
170
+};
171
+
172
+/* auth {}: allow users to connect to the ircd (OLD I:)
173
+ * auth {} blocks MUST be specified in order of precedence. The first one
174
+ * that matches a user will be used. So place spoofs first, then specials,
175
+ * then general access, then restricted.
176
+ */
177
+auth {
178
+ /* user: the user@host allowed to connect. Multiple IPv4/IPv6 user
179
+ * lines are permitted per auth block. This is matched against the
180
+ * hostname and IP address (using :: shortening for IPv6 and
181
+ * prepending a 0 if it starts with a colon) and can also use CIDR
182
+ * masks.
183
+ */
184
+ user = "*@172.16.0.0/12";
185
+ user = "*@fc00::*";
186
+
187
+ /* password: an optional password that is required to use this block.
188
+ * By default this is not encrypted, specify the flag "encrypted" in
189
+ * flags = ...; below if it is.
190
+ */
191
+ password = "letmein";
192
+
193
+ /* spoof: fake the users user@host to be be this. You may either
194
+ * specify a host or a user@host to spoof to. This is free-form,
195
+ * just do everyone a favour and dont abuse it. (OLD I: = flag)
196
+ */
197
+ spoof = "I.still.hate.packets";
198
+
199
+ /* Possible flags in auth:
200
+ *
201
+ * encrypted | password is encrypted with mkpasswd
202
+ * spoof_notice | give a notice when spoofing hosts
203
+ * exceed_limit (old > flag) | allow user to exceed class user limits
204
+ * kline_exempt (old ^ flag) | exempt this user from k/g/xlines&dnsbls
205
+ * dnsbl_exempt | exempt this user from dnsbls
206
+ * spambot_exempt | exempt this user from spambot checks
207
+ * shide_exempt | exempt this user from serverhiding
208
+ * jupe_exempt | exempt this user from generating
209
+ * warnings joining juped channels
210
+ * resv_exempt | exempt this user from resvs
211
+ * flood_exempt | exempt this user from flood limits
212
+ * USE WITH CAUTION.
213
+ * no_tilde (old - flag) | don't prefix ~ to username if no ident
214
+ * need_ident (old + flag) | require ident for user in this class
215
+ * need_ssl | require SSL/TLS for user in this class
216
+ * need_sasl | require SASL id for user in this class
217
+ */
218
+ flags = kline_exempt, exceed_limit;
219
+
220
+ /* class: the class the user is placed in */
221
+ class = "opers";
222
+};
223
+
224
+auth {
225
+ user = "*@*";
226
+ class = "users";
227
+};
228
+
229
+/* privset {} blocks MUST be specified before anything that uses them. That
230
+ * means they must be defined before operator {}.
231
+ */
232
+privset "local_op" {
233
+ privs = oper:local_kill, oper:operwall;
234
+};
235
+
236
+privset "server_bot" {
237
+ extends = "local_op";
238
+ privs = oper:kline, oper:remoteban, snomask:nick_changes;
239
+};
240
+
241
+privset "global_op" {
242
+ extends = "local_op";
243
+ privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline,
244
+ oper:resv, oper:mass_notice, oper:remoteban;
245
+};
246
+
247
+privset "admin" {
248
+ extends = "global_op";
249
+ privs = oper:admin, oper:die, oper:rehash, oper:spy;
250
+};
251
+
252
+operator "god" {
253
+ /* name: the name of the oper must go above */
254
+
255
+ /* user: the user@host required for this operator. CIDR *is*
256
+ * supported now. auth{} spoofs work here, other spoofs do not.
257
+ * multiple user="" lines are supported.
258
+ */
259
+ user = "*god@127.0.0.1";
260
+
261
+ /* password: the password required to oper. Unless ~encrypted is
262
+ * contained in flags = ...; this will need to be encrypted using
263
+ * mkpasswd, MD5 is supported
264
+ */
265
+ password = "etcnjl8juSU1E";
266
+
267
+ /* rsa key: the public key for this oper when using Challenge.
268
+ * A password should not be defined when this is used, see
269
+ * doc/challenge.txt for more information.
270
+ */
271
+ #rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
272
+
273
+ /* umodes: the specific umodes this oper gets when they oper.
274
+ * If this is specified an oper will not be given oper_umodes
275
+ * These are described above oper_only_umodes in general {};
276
+ */
277
+ #umodes = locops, servnotice, operwall, wallop;
278
+
279
+ /* fingerprint: if specified, the oper's client certificate
280
+ * fingerprint will be checked against the specified fingerprint
281
+ * below.
282
+ */
283
+ #fingerprint = "c77106576abf7f9f90cca0f63874a60f2e40a64b";
284
+
285
+ /* snomask: specific server notice mask on oper up.
286
+ * If this is specified an oper will not be given oper_snomask.
287
+ */
288
+ snomask = "+Zbfkrsuy";
289
+
290
+ /* flags: misc options for the operator. You may prefix an option
291
+ * with ~ to disable it, e.g. ~encrypted.
292
+ *
293
+ * Default flags are encrypted.
294
+ *
295
+ * Available options:
296
+ *
297
+ * encrypted: the password above is encrypted [DEFAULT]
298
+ * need_ssl: must be using SSL/TLS to oper up
299
+ */
300
+ flags = encrypted;
301
+
302
+ /* privset: privileges set to grant */
303
+ privset = "admin";
304
+};
305
+
306
+#connect "irc.uplink.com" {
307
+# host = "192.168.0.1";
308
+# send_password = "password";
309
+# accept_password = "anotherpassword";
310
+# port = 6666;
311
+# hub_mask = "*";
312
+# class = "server";
313
+# flags = compressed, topicburst;
314
+#
315
+# /* If the connection is IPv6, uncomment below.
316
+# * Use 0::1, not ::1, for IPv6 localhost. */
317
+# #aftype = ipv6;
318
+#};
319
+#
320
+#connect "ssl.uplink.com" {
321
+# host = "192.168.0.1";
322
+# send_password = "password";
323
+# accept_password = "anotherpassword";
324
+# port = 9999;
325
+# hub_mask = "*";
326
+# class = "server";
327
+# flags = ssl, topicburst;
328
+#};
329
+
330
+service {
331
+ name = "services.int";
332
+};
333
+
334
+cluster {
335
+ name = "*";
336
+ flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv;
337
+};
338
+
339
+shared {
340
+ oper = "*@*", "*";
341
+ flags = all, rehash;
342
+};
343
+
344
+/* exempt {}: IPs that are exempt from Dlines and rejectcache. (OLD d:) */
345
+exempt {
346
+ ip = "127.0.0.1";
347
+};
348
+
349
+channel {
350
+ use_invex = yes;
351
+ use_except = yes;
352
+ use_knock = yes;
353
+ use_forward = yes;
354
+ knock_delay = 5 minutes;
355
+ knock_delay_channel = 1 minute;
356
+ max_chans_per_user = 15;
357
+ max_bans = 100;
358
+ max_bans_large = 500;
359
+ default_split_user_count = 0;
360
+ default_split_server_count = 0;
361
+ no_create_on_split = no;
362
+ no_join_on_split = no;
363
+ burst_topicwho = yes;
364
+ kick_on_split_riding = no;
365
+ only_ascii_channels = no;
366
+ resv_forcepart = yes;
367
+ channel_target_change = yes;
368
+};
369
+
370
+serverhide {
371
+ flatten_links = yes;
372
+ links_delay = 5 minutes;
373
+ hidden = no;
374
+ disable_hidden = no;
375
+};
376
+
377
+/* These are the blacklist settings.
378
+ * You can have multiple combinations of host and rejection reasons.
379
+ * They are used in pairs of one host/rejection reason.
380
+ *
381
+ * These settings should be adequate for most networks, and are (presently)
382
+ * required for use on AthemeNet.
383
+ *
384
+ * Word to the wise: Do not use blacklists like SPEWS for blocking IRC
385
+ * connections.
386
+ *
387
+ * As of charybdis 2.1.3, you can do some keyword substitution on the rejection
388
+ * reason. The available keyword substitutions are:
389
+ *
390
+ * ${ip} - the user's IP
391
+ * ${host} - the user's canonical hostname
392
+ * ${dnsbl-host} - the dnsbl hostname the lookup was done against
393
+ * ${nick} - the user's nickname
394
+ * ${network-name} - the name of the network
395
+ *
396
+ * Note: AHBL (the providers of the below *.ahbl.org BLs) request that they be
397
+ * contacted, via email, at admins@2mbit.com before using these BLs.
398
+ * See <http://www.ahbl.org/services.php> for more information.
399
+ */
400
+blacklist {
401
+ host = "rbl.efnetrbl.org";
402
+ reject_reason = "${nick}, your IP (${ip}) is listed in EFnet's RBL. For assistance, see http://efnetrbl.org/?i=${ip}";
403
+
404
+# host = "ircbl.ahbl.org";
405
+# reject_reason = "${nick}, your IP (${ip}) is listed in ${dnsbl-host} for having an open proxy. In order to protect ${network-name} from abuse, we are not allowing connections with open proxies to connect.";
406
+#
407
+# host = "tor.ahbl.org";
408
+# reject_reason = "${nick}, your IP (${ip}) is listed as a TOR exit node. In order to protect ${network-name} from tor-based abuse, we are not allowing TOR exit nodes to connect to our network.";
409
+};
410
+
411
+alias "NickServ" {
412
+ target = "NickServ";
413
+};
414
+
415
+alias "ChanServ" {
416
+ target = "ChanServ";
417
+};
418
+
419
+alias "OperServ" {
420
+ target = "OperServ";
421
+};
422
+
423
+alias "MemoServ" {
424
+ target = "MemoServ";
425
+};
426
+
427
+alias "NS" {
428
+ target = "NickServ";
429
+};
430
+
431
+alias "CS" {
432
+ target = "ChanServ";
433
+};
434
+
435
+alias "OS" {
436
+ target = "OperServ";
437
+};
438
+
439
+alias "MS" {
440
+ target = "MemoServ";
441
+};
442
+
443
+general {
444
+ hide_error_messages = opers;
445
+ hide_spoof_ips = yes;
446
+
447
+ /*
448
+ * default_umodes: umodes to enable on connect.
449
+ * If you have enabled the new ip_cloaking_4.0 module, and you want
450
+ * to make use of it, add +x to this option, i.e.:
451
+ * default_umodes = "+ix";
452
+ *
453
+ * If you have enabled the old ip_cloaking module, and you want
454
+ * to make use of it, add +h to this option, i.e.:
455
+ * default_umodes = "+ih";
456
+ */
457
+ default_umodes = "+i";
458
+
459
+ default_operstring = "is an IRC Operator";
460
+ default_adminstring = "is a Server Administrator";
461
+ servicestring = "is a Network Service";
462
+ disable_fake_channels = no;
463
+ tkline_expire_notices = no;
464
+ default_floodcount = 10;
465
+ failed_oper_notice = yes;
466
+ dots_in_ident=2;
467
+ min_nonwildcard = 4;
468
+ min_nonwildcard_simple = 3;
469
+ max_accept = 100;
470
+ max_monitor = 100;
471
+ anti_nick_flood = yes;
472
+ max_nick_time = 20 seconds;
473
+ max_nick_changes = 5;
474
+ anti_spam_exit_message_time = 5 minutes;
475
+ ts_warn_delta = 30 seconds;
476
+ ts_max_delta = 5 minutes;
477
+ client_exit = yes;
478
+ collision_fnc = yes;
479
+ global_snotices = yes;
480
+ dline_with_reason = yes;
481
+ kline_delay = 0 seconds;
482
+ kline_with_reason = yes;
483
+ kline_reason = "K-Lined";
484
+ identify_service = "NickServ@services.int";
485
+ identify_command = "IDENTIFY";
486
+ non_redundant_klines = yes;
487
+ warn_no_nline = yes;
488
+ use_propagated_bans = yes;
489
+ stats_e_disabled = no;
490
+ stats_c_oper_only=no;
491
+ stats_h_oper_only=no;
492
+ stats_y_oper_only=no;
493
+ stats_o_oper_only=yes;
494
+ stats_P_oper_only=no;
495
+ stats_i_oper_only=masked;
496
+ stats_k_oper_only=masked;
497
+ map_oper_only = no;
498
+ operspy_admin_only = no;
499
+ operspy_dont_care_user_info = no;
500
+ caller_id_wait = 1 minute;
501
+ pace_wait_simple = 1 second;
502
+ pace_wait = 10 seconds;
503
+ short_motd = no;
504
+ ping_cookie = no;
505
+ connect_timeout = 30 seconds;
506
+ default_ident_timeout = 5;
507
+ disable_auth = no;
508
+ no_oper_flood = yes;
509
+ max_targets = 4;
510
+ client_flood = 20;
511
+ use_whois_actually = no;
512
+ oper_only_umodes = operwall, locops, servnotice;
513
+ oper_umodes = locops, servnotice, operwall, wallop;
514
+ oper_snomask = "+s";
515
+ burst_away = yes;
516
+ nick_delay = 0 seconds; # 15 minutes if you want to enable this
517
+ reject_ban_time = 1 minute;
518
+ reject_after_count = 3;
519
+ reject_duration = 5 minutes;
520
+ throttle_duration = 60;
521
+ throttle_count = 4;
522
+};
523
+
524
+modules {
525
+ path = "modules";
526
+ path = "modules/autoload";
527
+};
528
diff --git a/doc/example.conf b/doc/example.conf
529
deleted file mode 100755
530
index 5e1895f..0000000
531
--- a/doc/example.conf
532
+++ /dev/null
533
@@ -1,500 +0,0 @@
534
-/* doc/example.conf - brief example configuration file
535
- *
536
- * Copyright (C) 2000-2002 Hybrid Development Team
537
- * Copyright (C) 2002-2005 ircd-ratbox development team
538
- * Copyright (C) 2005-2006 charybdis development team
539
- *
540
- * $Id: example.conf 3582 2007-11-17 21:55:48Z jilles $
541
- *
542
- * See reference.conf for more information.
543
- */
544
-
545
-/* Extensions */
546
-#loadmodule "extensions/chm_operonly_compat.so";
547
-#loadmodule "extensions/chm_quietunreg_compat.so";
548
-#loadmodule "extensions/chm_sslonly_compat.so";
549
-#loadmodule "extensions/createauthonly.so";
550
-#loadmodule "extensions/extb_account.so";
551
-#loadmodule "extensions/extb_canjoin.so";
552
-#loadmodule "extensions/extb_channel.so";
553
-#loadmodule "extensions/extb_extgecos.so";
554
-#loadmodule "extensions/extb_oper.so";
555
-#loadmodule "extensions/extb_realname.so";
556
-#loadmodule "extensions/extb_server.so";
557
-#loadmodule "extensions/extb_ssl.so";
558
-#loadmodule "extensions/hurt.so";
559
-#loadmodule "extensions/m_findforwards.so";
560
-#loadmodule "extensions/m_identify.so";
561
-#loadmodule "extensions/no_oper_invis.so";
562
-#loadmodule "extensions/sno_farconnect.so";
563
-#loadmodule "extensions/sno_globalkline.so";
564
-#loadmodule "extensions/sno_globaloper.so";
565
-#loadmodule "extensions/sno_whois.so";
566
-
567
-/*
568
- * IP cloaking extensions: use ip_cloaking_4.0
569
- * if you're linking 3.2 and later, otherwise use
570
- * ip_cloaking.so, for compatibility with older 3.x
571
- * releases.
572
- */
573
-
574
-#loadmodule "extensions/ip_cloaking_4.0.so";
575
-#loadmodule "extensions/ip_cloaking.so";
576
-
577
-serverinfo {
578
- name = "hades.arpa";
579
- sid = "42X";
580
- description = "charybdis test server";
581
- network_name = "AthemeNET";
582
- network_desc = "Your IRC network.";
583
- hub = yes;
584
-
585
- /* On multi-homed hosts you may need the following. These define
586
- * the addresses we connect from to other servers. */
587
- /* for IPv4 */
588
- #vhost = "192.169.0.1";
589
- /* for IPv6 */
590
- #vhost6 = "3ffe:80e8:546::2";
591
-
592
- /* ssl_private_key: our ssl private key */
593
- ssl_private_key = "etc/test.key";
594
-
595
- /* ssl_cert: certificate for our ssl server */
596
- ssl_cert = "etc/test.cert";
597
-
598
- /* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
599
- ssl_dh_params = "etc/dh.pem";
600
-
601
- /* ssld_count: number of ssld processes you want to start, if you
602
- * have a really busy server, using N-1 where N is the number of
603
- * cpu/cpu cores you have might be useful. A number greater than one
604
- * can also be useful in case of bugs in ssld and because ssld needs
605
- * two file descriptors per SSL connection.
606
- */
607
- ssld_count = 1;
608
-
609
- /* default max clients: the default maximum number of clients
610
- * allowed to connect. This can be changed once ircd has started by
611
- * issuing:
612
- * /quote set maxclients <limit>
613
- */
614
- default_max_clients = 1024;
615
-};
616
-
617
-admin {
618
- name = "Lazy admin (lazya)";
619
- description = "AthemeNET client server";
620
- email = "nobody@127.0.0.1";
621
-};
622
-
623
-log {
624
- fname_userlog = "logs/userlog";
625
- #fname_fuserlog = "logs/fuserlog";
626
- fname_operlog = "logs/operlog";
627
- #fname_foperlog = "logs/foperlog";
628
- fname_serverlog = "logs/serverlog";
629
- #fname_klinelog = "logs/klinelog";
630
- fname_killlog = "logs/killlog";
631
- fname_operspylog = "logs/operspylog";
632
- #fname_ioerrorlog = "logs/ioerror";
633
-};
634
-
635
-/* class {} blocks MUST be specified before anything that uses them. That
636
- * means they must be defined before auth {} and before connect {}.
637
- */
638
-class "users" {
639
- ping_time = 2 minutes;
640
- number_per_ident = 10;
641
- number_per_ip = 10;
642
- number_per_ip_global = 50;
643
- cidr_ipv4_bitlen = 24;
644
- cidr_ipv6_bitlen = 64;
645
- number_per_cidr = 200;
646
- max_number = 3000;
647
- sendq = 400 kbytes;
648
-};
649
-
650
-class "opers" {
651
- ping_time = 5 minutes;
652
- number_per_ip = 10;
653
- max_number = 1000;
654
- sendq = 1 megabyte;
655
-};
656
-
657
-class "server" {
658
- ping_time = 5 minutes;
659
- connectfreq = 5 minutes;
660
- max_number = 1;
661
- sendq = 4 megabytes;
662
-};
663
-
664
-listen {
665
- /* If you want to listen on a specific IP only, specify host.
666
- * host definitions apply only to the following port line.
667
- */
668
- #host = "192.169.0.1";
669
- port = 5000, 6665 .. 6669;
670
- sslport = 6697;
671
-
672
- /* Listen on IPv6 (if you used host= above). */
673
- #host = "3ffe:1234:a:b:c::d";
674
- #port = 5000, 6665 .. 6669;
675
- #sslport = 9999;
676
-};
677
-
678
-/* auth {}: allow users to connect to the ircd (OLD I:)
679
- * auth {} blocks MUST be specified in order of precedence. The first one
680
- * that matches a user will be used. So place spoofs first, then specials,
681
- * then general access, then restricted.
682
- */
683
-auth {
684
- /* user: the user@host allowed to connect. Multiple IPv4/IPv6 user
685
- * lines are permitted per auth block. This is matched against the
686
- * hostname and IP address (using :: shortening for IPv6 and
687
- * prepending a 0 if it starts with a colon) and can also use CIDR
688
- * masks.
689
- */
690
- user = "*@172.16.0.0/12";
691
- user = "*test@123D:B567:*";
692
-
693
- /* password: an optional password that is required to use this block.
694
- * By default this is not encrypted, specify the flag "encrypted" in
695
- * flags = ...; below if it is.
696
- */
697
- password = "letmein";
698
-
699
- /* spoof: fake the users user@host to be be this. You may either
700
- * specify a host or a user@host to spoof to. This is free-form,
701
- * just do everyone a favour and dont abuse it. (OLD I: = flag)
702
- */
703
- spoof = "I.still.hate.packets";
704
-
705
- /* Possible flags in auth:
706
- *
707
- * encrypted | password is encrypted with mkpasswd
708
- * spoof_notice | give a notice when spoofing hosts
709
- * exceed_limit (old > flag) | allow user to exceed class user limits
710
- * kline_exempt (old ^ flag) | exempt this user from k/g/xlines&dnsbls
711
- * dnsbl_exempt | exempt this user from dnsbls
712
- * spambot_exempt | exempt this user from spambot checks
713
- * shide_exempt | exempt this user from serverhiding
714
- * jupe_exempt | exempt this user from generating
715
- * warnings joining juped channels
716
- * resv_exempt | exempt this user from resvs
717
- * flood_exempt | exempt this user from flood limits
718
- * USE WITH CAUTION.
719
- * no_tilde (old - flag) | don't prefix ~ to username if no ident
720
- * need_ident (old + flag) | require ident for user in this class
721
- * need_ssl | require SSL/TLS for user in this class
722
- * need_sasl | require SASL id for user in this class
723
- */
724
- flags = kline_exempt, exceed_limit;
725
-
726
- /* class: the class the user is placed in */
727
- class = "opers";
728
-};
729
-
730
-auth {
731
- user = "*@*";
732
- class = "users";
733
-};
734
-
735
-/* privset {} blocks MUST be specified before anything that uses them. That
736
- * means they must be defined before operator {}.
737
- */
738
-privset "local_op" {
739
- privs = oper:local_kill, oper:operwall;
740
-};
741
-
742
-privset "server_bot" {
743
- extends = "local_op";
744
- privs = oper:kline, oper:remoteban, snomask:nick_changes;
745
-};
746
-
747
-privset "global_op" {
748
- extends = "local_op";
749
- privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline,
750
- oper:resv, oper:mass_notice, oper:remoteban;
751
-};
752
-
753
-privset "admin" {
754
- extends = "global_op";
755
- privs = oper:admin, oper:die, oper:rehash, oper:spy;
756
-};
757
-
758
-operator "god" {
759
- /* name: the name of the oper must go above */
760
-
761
- /* user: the user@host required for this operator. CIDR *is*
762
- * supported now. auth{} spoofs work here, other spoofs do not.
763
- * multiple user="" lines are supported.
764
- */
765
- user = "*god@127.0.0.1";
766
-
767
- /* password: the password required to oper. Unless ~encrypted is
768
- * contained in flags = ...; this will need to be encrypted using
769
- * mkpasswd, MD5 is supported
770
- */
771
- password = "etcnjl8juSU1E";
772
-
773
- /* rsa key: the public key for this oper when using Challenge.
774
- * A password should not be defined when this is used, see
775
- * doc/challenge.txt for more information.
776
- */
777
- #rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
778
-
779
- /* umodes: the specific umodes this oper gets when they oper.
780
- * If this is specified an oper will not be given oper_umodes
781
- * These are described above oper_only_umodes in general {};
782
- */
783
- #umodes = locops, servnotice, operwall, wallop;
784
-
785
- /* fingerprint: if specified, the oper's client certificate
786
- * fingerprint will be checked against the specified fingerprint
787
- * below.
788
- */
789
- #fingerprint = "c77106576abf7f9f90cca0f63874a60f2e40a64b";
790
-
791
- /* snomask: specific server notice mask on oper up.
792
- * If this is specified an oper will not be given oper_snomask.
793
- */
794
- snomask = "+Zbfkrsuy";
795
-
796
- /* flags: misc options for the operator. You may prefix an option
797
- * with ~ to disable it, e.g. ~encrypted.
798
- *
799
- * Default flags are encrypted.
800
- *
801
- * Available options:
802
- *
803
- * encrypted: the password above is encrypted [DEFAULT]
804
- * need_ssl: must be using SSL/TLS to oper up
805
- */
806
- flags = encrypted;
807
-
808
- /* privset: privileges set to grant */
809
- privset = "admin";
810
-};
811
-
812
-connect "irc.uplink.com" {
813
- host = "192.168.0.1";
814
- send_password = "password";
815
- accept_password = "anotherpassword";
816
- port = 6666;
817
- hub_mask = "*";
818
- class = "server";
819
- flags = compressed, topicburst;
820
-
821
- /* If the connection is IPv6, uncomment below.
822
- * Use 0::1, not ::1, for IPv6 localhost. */
823
- #aftype = ipv6;
824
-};
825
-
826
-connect "ssl.uplink.com" {
827
- host = "192.168.0.1";
828
- send_password = "password";
829
- accept_password = "anotherpassword";
830
- port = 9999;
831
- hub_mask = "*";
832
- class = "server";
833
- flags = ssl, topicburst;
834
-};
835
-
836
-service {
837
- name = "services.int";
838
-};
839
-
840
-cluster {
841
- name = "*";
842
- flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv;
843
-};
844
-
845
-shared {
846
- oper = "*@*", "*";
847
- flags = all, rehash;
848
-};
849
-
850
-/* exempt {}: IPs that are exempt from Dlines and rejectcache. (OLD d:) */
851
-exempt {
852
- ip = "127.0.0.1";
853
-};
854
-
855
-channel {
856
- use_invex = yes;
857
- use_except = yes;
858
- use_knock = yes;
859
- use_forward = yes;
860
- knock_delay = 5 minutes;
861
- knock_delay_channel = 1 minute;
862
- max_chans_per_user = 15;
863
- max_bans = 100;
864
- max_bans_large = 500;
865
- default_split_user_count = 0;
866
- default_split_server_count = 0;
867
- no_create_on_split = no;
868
- no_join_on_split = no;
869
- burst_topicwho = yes;
870
- kick_on_split_riding = no;
871
- only_ascii_channels = no;
872
- resv_forcepart = yes;
873
- channel_target_change = yes;
874
-};
875
-
876
-serverhide {
877
- flatten_links = yes;
878
- links_delay = 5 minutes;
879
- hidden = no;
880
- disable_hidden = no;
881
-};
882
-
883
-/* These are the blacklist settings.
884
- * You can have multiple combinations of host and rejection reasons.
885
- * They are used in pairs of one host/rejection reason.
886
- *
887
- * These settings should be adequate for most networks, and are (presently)
888
- * required for use on AthemeNet.
889
- *
890
- * Word to the wise: Do not use blacklists like SPEWS for blocking IRC
891
- * connections.
892
- *
893
- * As of charybdis 2.1.3, you can do some keyword substitution on the rejection
894
- * reason. The available keyword substitutions are:
895
- *
896
- * ${ip} - the user's IP
897
- * ${host} - the user's canonical hostname
898
- * ${dnsbl-host} - the dnsbl hostname the lookup was done against
899
- * ${nick} - the user's nickname
900
- * ${network-name} - the name of the network
901
- *
902
- * Note: AHBL (the providers of the below *.ahbl.org BLs) request that they be
903
- * contacted, via email, at admins@2mbit.com before using these BLs.
904
- * See <http://www.ahbl.org/services.php> for more information.
905
- */
906
-blacklist {
907
- host = "rbl.efnetrbl.org";
908
- reject_reason = "${nick}, your IP (${ip}) is listed in EFnet's RBL. For assistance, see http://efnetrbl.org/?i=${ip}";
909
-
910
-# host = "ircbl.ahbl.org";
911
-# reject_reason = "${nick}, your IP (${ip}) is listed in ${dnsbl-host} for having an open proxy. In order to protect ${network-name} from abuse, we are not allowing connections with open proxies to connect.";
912
-#
913
-# host = "tor.ahbl.org";
914
-# reject_reason = "${nick}, your IP (${ip}) is listed as a TOR exit node. In order to protect ${network-name} from tor-based abuse, we are not allowing TOR exit nodes to connect to our network.";
915
-};
916
-
917
-alias "NickServ" {
918
- target = "NickServ";
919
-};
920
-
921
-alias "ChanServ" {
922
- target = "ChanServ";
923
-};
924
-
925
-alias "OperServ" {
926
- target = "OperServ";
927
-};
928
-
929
-alias "MemoServ" {
930
- target = "MemoServ";
931
-};
932
-
933
-alias "NS" {
934
- target = "NickServ";
935
-};
936
-
937
-alias "CS" {
938
- target = "ChanServ";
939
-};
940
-
941
-alias "OS" {
942
- target = "OperServ";
943
-};
944
-
945
-alias "MS" {
946
- target = "MemoServ";
947
-};
948
-
949
-general {
950
- hide_error_messages = opers;
951
- hide_spoof_ips = yes;
952
-
953
- /*
954
- * default_umodes: umodes to enable on connect.
955
- * If you have enabled the new ip_cloaking_4.0 module, and you want
956
- * to make use of it, add +x to this option, i.e.:
957
- * default_umodes = "+ix";
958
- *
959
- * If you have enabled the old ip_cloaking module, and you want
960
- * to make use of it, add +h to this option, i.e.:
961
- * default_umodes = "+ih";
962
- */
963
- default_umodes = "+i";
964
-
965
- default_operstring = "is an IRC Operator";
966
- default_adminstring = "is a Server Administrator";
967
- servicestring = "is a Network Service";
968
- disable_fake_channels = no;
969
- tkline_expire_notices = no;
970
- default_floodcount = 10;
971
- failed_oper_notice = yes;
972
- dots_in_ident=2;
973
- min_nonwildcard = 4;
974
- min_nonwildcard_simple = 3;
975
- max_accept = 100;
976
- max_monitor = 100;
977
- anti_nick_flood = yes;
978
- max_nick_time = 20 seconds;
979
- max_nick_changes = 5;
980
- anti_spam_exit_message_time = 5 minutes;
981
- ts_warn_delta = 30 seconds;
982
- ts_max_delta = 5 minutes;
983
- client_exit = yes;
984
- collision_fnc = yes;
985
- global_snotices = yes;
986
- dline_with_reason = yes;
987
- kline_delay = 0 seconds;
988
- kline_with_reason = yes;
989
- kline_reason = "K-Lined";
990
- identify_service = "NickServ@services.int";
991
- identify_command = "IDENTIFY";
992
- non_redundant_klines = yes;
993
- warn_no_nline = yes;
994
- use_propagated_bans = yes;
995
- stats_e_disabled = no;
996
- stats_c_oper_only=no;
997
- stats_h_oper_only=no;
998
- stats_y_oper_only=no;
999
- stats_o_oper_only=yes;
1000
- stats_P_oper_only=no;
1001
- stats_i_oper_only=masked;
1002
- stats_k_oper_only=masked;
1003
- map_oper_only = no;
1004
- operspy_admin_only = no;
1005
- operspy_dont_care_user_info = no;
1006
- caller_id_wait = 1 minute;
1007
- pace_wait_simple = 1 second;
1008
- pace_wait = 10 seconds;
1009
- short_motd = no;
1010
- ping_cookie = no;
1011
- connect_timeout = 30 seconds;
1012
- default_ident_timeout = 5;
1013
- disable_auth = no;
1014
- no_oper_flood = yes;
1015
- max_targets = 4;
1016
- client_flood = 20;
1017
- use_whois_actually = no;
1018
- oper_only_umodes = operwall, locops, servnotice;
1019
- oper_umodes = locops, servnotice, operwall, wallop;
1020
- oper_snomask = "+s";
1021
- burst_away = yes;
1022
- nick_delay = 0 seconds; # 15 minutes if you want to enable this
1023
- reject_ban_time = 1 minute;
1024
- reject_after_count = 3;
1025
- reject_duration = 5 minutes;
1026
- throttle_duration = 60;
1027
- throttle_count = 4;
1028
-};
1029
-
1030
-modules {
1031
- path = "modules";
1032
- path = "modules/autoload";
1033
-};
Loggerhead is a web-based interface for Breezy
Version: 2.0.1