SHOW:
|
|
- or go back to the newest paste.
1 | /* | |
2 | * Example configuration file for Services. After making the appropriate | |
3 | * changes to this file, place it in the Services conf directory (as | |
4 | * specified in the "configure" script, default /home/username/services/conf) | |
5 | * under the name "services.conf". | |
6 | * | |
7 | * The format of this file is fairly simple: three types of comments are supported: | |
8 | * - All text after a '#' on a line is ignored, as in shell scripting | |
9 | * - All text after '//' on a line is ignored, as in C++ | |
10 | * - A block of text like this one is ignored, as in C | |
11 | * | |
12 | * Outside of comments, there are three structures: blocks, keys, and values. | |
13 | * | |
14 | * A block is a named container, which contains a number of key to value pairs | |
15 | * - you may think of this as an array. | |
16 | * | |
17 | * A block is created like so: | |
18 | * foobar | |
19 | * { | |
20 | * moo = "cow" | |
21 | * foo = bar | |
22 | * } | |
23 | * | |
24 | * Note that nameless blocks are allowed and are often used with comments to allow | |
25 | * easily commenting an entire block, for example: | |
26 | * #foobar | |
27 | * { | |
28 | * moo = "cow" | |
29 | * foo = bar | |
30 | * } | |
31 | * is an entirely commented block. | |
32 | * | |
33 | * Keys are case insensitive. Values depend on what key - generally, information is | |
34 | * given in the key comment. The quoting of values (and most other syntax) is quite | |
35 | * flexible, however, please do not forget to quote your strings: | |
36 | * | |
37 | * "This is a parameter string with spaces in it" | |
38 | * | |
39 | * If you need to include a double quote inside a quoted string, precede it | |
40 | * by a backslash: | |
41 | * | |
42 | * "This string has \"double quotes\" in it" | |
43 | * | |
44 | * Time parameters can be specified either as an integer representing a | |
45 | * number of seconds (e.g. "3600" = 1 hour), or as an integer with a unit | |
46 | * specifier: "s" = seconds, "m" = minutes, "h" = hours, "d" = days. | |
47 | * Combinations (such as "1h30m") are not permitted. Examples (all of which | |
48 | * represent the same length of time, one day): | |
49 | * | |
50 | * "86400", "86400s", "1440m", "24h", "1d" | |
51 | * | |
52 | * In the documentation for each directive, one of the following will be | |
53 | * included to indicate whether an option is required: | |
54 | * | |
55 | * [REQUIRED] | |
56 | * Indicates a directive which must be given. Without it, Services will | |
57 | * not start. | |
58 | * | |
59 | * [RECOMMENDED] | |
60 | * Indicates a directive which may be omitted, but omitting it may cause | |
61 | * undesirable side effects. | |
62 | * | |
63 | * [OPTIONAL] | |
64 | * Indicates a directive which is optional. If not given, the feature | |
65 | * will typically be disabled. If this is not the case, more | |
66 | * information will be given in the documentation. | |
67 | * | |
68 | * [DISCOURAGED] | |
69 | * Indicates a directive which may cause undesirable side effects if | |
70 | * specified. | |
71 | * | |
72 | * [DEPRECATED] | |
73 | * Indicates a directive which will disappear in a future version of | |
74 | * Services, usually because its functionality has been either | |
75 | * superseded by that of other directives or incorporated into the main | |
76 | * program. | |
77 | */ | |
78 | ||
79 | /* | |
80 | * [OPTIONAL] Defines | |
81 | * | |
82 | * You can define values to other values, which can be used to easily change | |
83 | * every value in the configuration. For example, use: | |
84 | * | |
85 | * define | |
86 | * { | |
87 | * name = "ChanServ" | |
88 | * value = "ChannelServ" | |
89 | * } | |
90 | * | |
91 | * To replace every occurrence of ChanServ with ChannelServ in the configuration file, | |
92 | * and in every included configuration file (such as chanserv.example.conf). | |
93 | */ | |
94 | ||
95 | /* | |
96 | * The services.host define is used in multiple different locations throughout the | |
97 | * configuration for services clients hostnames. | |
98 | */ | |
99 | #define | |
100 | #{ | |
101 | # name = "services.host" | |
102 | # value = "services.localhost.net" | |
103 | #} | |
104 | # | |
105 | /* | |
106 | * [OPTIONAL] Additional Includes | |
107 | * | |
108 | * You can include additional configuration files here. | |
109 | * You may also include executable files, which will be executed and | |
110 | * the output from it will be included into your configuration. | |
111 | */ | |
112 | ||
113 | #include | |
114 | { | |
115 | type = "file" | |
116 | name = "some.conf" | |
117 | } | |
118 | ||
119 | #include | |
120 | { | |
121 | type = "executable" | |
122 | name = "/usr/bin/wget -q -O - http://some.misconfigured.network.com/services.conf" | |
123 | } | |
124 | ||
125 | /* | |
126 | * [REQUIRED] IRCd Config | |
127 | * | |
128 | * This section is used to set up Anope to connect to your IRC network. | |
129 | * This section can be included multiple times, and Anope will attempt to | |
130 | * connect to each server until it finally connects. | |
131 | * | |
132 | * Each uplink IRCd should have a corresponding configuration to allow Services | |
133 | * to link to it. | |
134 | * | |
135 | * An example configuration for InspIRCd that is compatible with the below uplink | |
136 | * and serverinfo configuration would look like: | |
137 | * | |
138 | * <link name="services.localhost.net" | |
139 | * ipaddr="127.0.0.1" | |
140 | * port="7000" | |
141 | * sendpass="mypassword" | |
142 | * recvpass="mypassword"> | |
143 | * <uline server="services.localhost.net" silent="yes"> | |
144 | * <bind address="127.0.0.1" port="7000" type="servers"> | |
145 | * | |
146 | * An example configuration for UnrealIRCd that is compatible with the below uplink | |
147 | * and serverinfo configuration would look like: | |
148 | * | |
149 | * link services.localhost.net | |
150 | * { | |
151 | * username *; | |
152 | * hostname *; | |
153 | * bind-ip "127.0.0.1"; | |
154 | * port 7000; | |
155 | * hub *; | |
156 | * password-connect "mypassword"; | |
157 | * password-receive "mypassword"; | |
158 | * class servers; | |
159 | * }; | |
160 | * ulines { services.localhost.net; }; | |
161 | * listen 127.0.0.1:7000; | |
162 | */ | |
163 | uplink | |
164 | { | |
165 | /* | |
166 | * The IP or hostname of the IRC server you wish to connect Services to. | |
167 | * Usually, you will want to connect Services over 127.0.0.1 (aka localhost). | |
168 | * | |
169 | * NOTE: On some shell providers, this will not be an option. | |
170 | */ | |
171 | host = "127.0.0.1" | |
172 | ||
173 | /* | |
174 | * Enable if Services should connect using IPv6. | |
175 | */ | |
176 | ipv6 = no | |
177 | ||
178 | /* | |
179 | * Enable if Services should connect using SSL. | |
180 | * You must have m_ssl loaded for this to work. | |
181 | */ | |
182 | ssl = no | |
183 | ||
184 | /* | |
185 | * The port to connect to. | |
186 | * The IRCd *MUST* be configured to listen on this port, and to accept | |
187 | * server connections. | |
188 | * | |
189 | * Refer to your IRCd documentation for how this is to be done. | |
190 | */ | |
191 | - | port = 8067 |
191 | + | port = 6667 |
192 | ||
193 | /* | |
194 | * The password to send to the IRC server for authentication. | |
195 | * This must match the link block on your IRCd. | |
196 | * | |
197 | * Refer to your IRCd documentation for more information on link blocks. | |
198 | */ | |
199 | password = "PASSHERE" | |
200 | } | |
201 | ||
202 | /* | |
203 | * [REQUIRED] Server Information | |
204 | * | |
205 | * This section contains information about the Services server. | |
206 | */ | |
207 | serverinfo | |
208 | { | |
209 | /* | |
210 | * The hostname that Services will be seen as, it must have no conflicts with any | |
211 | * other server names on the rest of your IRC network. Note that it does not have | |
212 | * to be an existing hostname, just one that isn't on your network already. | |
213 | */ | |
214 | name = "services.qc2011-my.com" | |
215 | ||
216 | /* | |
217 | * The text which should appear as the server's information in /whois and similar | |
218 | * queries. | |
219 | */ | |
220 | description = "QC_2011" | |
221 | ||
222 | /* | |
223 | * The local address that Services will bind to before connecting to the remote | |
224 | * server. This may be useful for multihomed hosts. If omitted, Services will let | |
225 | * the Operating System choose the local address. This directive is optional. | |
226 | * | |
227 | * If you don't know what this means or don't need to use it, just leave this | |
228 | * directive commented out. | |
229 | */ | |
230 | #localhost = "Yes" | |
231 | ||
232 | /* | |
233 | * What Server ID to use for this connection? | |
234 | * Note: This should *ONLY* be used for TS6/P10 IRCds. Refer to your IRCd documentation | |
235 | * to see if this is needed. | |
236 | */ | |
237 | #id = "00A" | |
238 | ||
239 | /* | |
240 | * The filename containing the Services process ID. The path is relative to the | |
241 | * services root directory. | |
242 | */ | |
243 | pid = "data/services.pid" | |
244 | ||
245 | /* | |
246 | * The filename containing the Message of the Day. The path is relative to the | |
247 | * services root directory. | |
248 | */ | |
249 | motd = "conf/services.motd" | |
250 | } | |
251 | ||
252 | /* | |
253 | * [REQUIRED] Protocol module | |
254 | * | |
255 | * This directive tells Anope which IRCd Protocol to speak when connecting. | |
256 | * You MUST modify this to match the IRCd you run. | |
257 | * | |
258 | * Supported: | |
259 | * - bahamut | |
260 | * - charybdis | |
261 | * - hybrid | |
262 | * - inspircd12 | |
263 | * - inspircd20 | |
264 | * - ngircd | |
265 | * - plexus | |
266 | * - ratbox | |
267 | * - unreal | |
268 | */ | |
269 | module | |
270 | { | |
271 | name = "unreal" | |
272 | ||
273 | /* | |
274 | * Some protocol modules can enforce mode locks server-side. This reduces the spam caused by | |
275 | * services immediately reversing mode changes for locked modes. | |
276 | * | |
277 | * If the protocol module you have loaded does not support this, this setting will have no effect. | |
278 | */ | |
279 | use_server_side_mlock = yes | |
280 | ||
281 | /* | |
282 | * Some protocol modules can enforce topic locks server-side. This reduces the spam caused by | |
283 | * services immediately reversing topic changes. | |
284 | * | |
285 | * If the protocol module you have loaded does not support this, this setting will have no effect. | |
286 | */ | |
287 | use_server_side_topiclock = yes | |
288 | ||
289 | /* | |
290 | * Some IRCds allow "SASL" authentication to let users identify to Services | |
291 | * during the IRCd user registration process. If set, Services will allow | |
292 | * authenticating users through this mechanism. | |
293 | */ | |
294 | sasl = yes | |
295 | } | |
296 | ||
297 | /* | |
298 | * [REQUIRED] Network Information | |
299 | * | |
300 | * This section contains information about the IRC network that Services will be | |
301 | * connecting to. | |
302 | */ | |
303 | networkinfo | |
304 | { | |
305 | /* | |
306 | * This is the name of the network that Services will be running on. | |
307 | */ | |
308 | - | networkname = "FreeChat-v1.0b" |
308 | + | networkname = "FreeChat v1.0b" |
309 | ||
310 | /* | |
311 | * Set this to the maximum allowed nick length on your network. | |
312 | * Be sure to set this correctly, as setting this wrong can result in | |
313 | * Services being disconnected from the network. | |
314 | */ | |
315 | nicklen = 31 | |
316 | ||
317 | /* Set this to the maximum allowed ident length on your network. | |
318 | * Be sure to set this correctly, as setting this wrong can result in | |
319 | * Services being disconnected from the network. | |
320 | */ | |
321 | userlen = 10 | |
322 | ||
323 | /* Set this to the maximum allowed hostname length on your network. | |
324 | * Be sure to set this correctly, as setting this wrong can result in | |
325 | * Services being disconnected from the network. | |
326 | */ | |
327 | hostlen = 64 | |
328 | ||
329 | /* Set this to the maximum allowed channel length on your network. | |
330 | */ | |
331 | chanlen = 32 | |
332 | ||
333 | /* The maximum number of list modes settable on a channel (such as b, e, I). | |
334 | * Comment out or set to 0 to disable. | |
335 | */ | |
336 | modelistsize = 100 | |
337 | ||
338 | /* | |
339 | * The characters allowed in hostnames. This is used for validating hostnames given | |
340 | * to services, such as BotServ bot hostnames and user vhosts. Changing this is not | |
341 | * recommended unless you know for sure your IRCd supports whatever characters you are | |
342 | * wanting to use. Telling services to set a vHost containing characters your IRCd | |
343 | * disallows could potentially break the IRCd and/or Services. | |
344 | * | |
345 | * It is recommended you DON'T change this. | |
346 | */ | |
347 | vhost_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-" | |
348 | ||
349 | /* | |
350 | * If set to true, allows vHosts to not contain dots (.). | |
351 | * Newer IRCds generally do not have a problem with this, but the same warning as | |
352 | * vhost_chars applies. | |
353 | * | |
354 | * It is recommended you DON'T change this. | |
355 | */ | |
356 | allow_undotted_vhosts = false | |
357 | ||
358 | /* | |
359 | * The characters that are not allowed to be at the very beginning or very ending | |
360 | * of a vHost. The same warning as vhost_chars applies. | |
361 | * | |
362 | * It is recommended you DON'T change this. | |
363 | */ | |
364 | disallow_start_or_end = ".-" | |
365 | } | |
366 | ||
367 | /* | |
368 | * [REQUIRED] Services Options | |
369 | * | |
370 | * This section contains various options which determine how Services will operate. | |
371 | */ | |
372 | options | |
373 | { | |
374 | /* | |
375 | * On Linux/UNIX systems Anope can setuid and setgid to this user and group | |
376 | * after starting up. This is useful if Anope has to bind to privileged ports | |
377 | */ | |
378 | #user = "anope" | |
379 | #group = "anope" | |
380 | ||
381 | /* | |
382 | * The case mapping used by services. This must be set to a valid locale name | |
383 | * installed on your machine. Services use this case map to compare, with | |
384 | * case insensitivity, things such as nick names, channel names, etc. | |
385 | * | |
386 | * We provide two special casemaps shipped with Anope, ascii and rfc1459. | |
387 | * | |
388 | * This value should be set to what your IRCd uses, which is probably rfc1459, | |
389 | * however Anope has always used ascii for comparison, so the default is ascii. | |
390 | * | |
391 | * Changing this value once set is not recommended. | |
392 | */ | |
393 | casemap = "ascii" | |
394 | ||
395 | /* | |
396 | * The maximum length of passwords | |
397 | */ | |
398 | passlen = 32 | |
399 | ||
400 | /* | |
401 | * This key is used to initiate the random number generator. This number | |
402 | * MUST be random as you want your passcodes to be random. Don't give this | |
403 | * key to anyone! Keep it private! | |
404 | * | |
405 | * NOTE: If you don't uncomment this or keep the default values, any talented | |
406 | * programmer would be able to easily "guess" random strings used to mask | |
407 | * information. Be safe, and come up with a 7-digit number. | |
408 | * | |
409 | * This directive is optional, but highly recommended. | |
410 | */ | |
411 | seed = 9866235 | |
412 | ||
413 | /* | |
414 | * If set, Services will perform more stringent checks on passwords. If this | |
415 | * isn't set, Services will only disallow a password if it is the same as the | |
416 | * entity (nickname name) with which it is associated. When set, however, | |
417 | * Services will also check that the password is at least five | |
418 | * characters long, and in the future will probably check other things | |
419 | * as well. | |
420 | * | |
421 | * This directive is optional, but recommended. | |
422 | */ | |
423 | strictpasswords = yes | |
424 | ||
425 | /* | |
426 | * Sets the number of invalid password tries before Services removes a user | |
427 | * from the network. If a user enters a number of invalid passwords equal to | |
428 | * the given amount for any Services function or combination of functions | |
429 | * during a single IRC session (subject to badpasstimeout, below), Services | |
430 | * will issues a /KILL for the user. If not given, Services will ignore | |
431 | * failed password attempts (though they will be logged in any case). | |
432 | * | |
433 | * This directive is optional, but recommended. | |
434 | */ | |
435 | badpasslimit = 5 | |
436 | ||
437 | /* | |
438 | * Sets the time after which invalid passwords are forgotten about. If a user | |
439 | * does not enter any incorrect passwords in this amount of time, the incorrect | |
440 | * password count will reset to zero. If not given, the timeout will be | |
441 | * disabled, and the incorrect password count will never be reset until the user | |
442 | * disconnects. | |
443 | * | |
444 | * This directive is optional. | |
445 | */ | |
446 | badpasstimeout = 10m | |
447 | ||
448 | /* | |
449 | * Sets the delay between automatic database updates. | |
450 | */ | |
451 | updatetimeout = 5m | |
452 | ||
453 | /* | |
454 | * Sets the delay between checks for expired nicknames and channels. | |
455 | */ | |
456 | expiretimeout = 30m | |
457 | ||
458 | /* | |
459 | * Sets the timeout period for reading from the uplink. | |
460 | */ | |
461 | readtimeout = 5s | |
462 | ||
463 | /* | |
464 | * Sets the interval between sending warning messages for program errors via | |
465 | * WALLOPS/GLOBOPS. | |
466 | */ | |
467 | warningtimeout = 4h | |
468 | ||
469 | /* | |
470 | * Sets the (maximum) frequency at which the timeout list is checked. This, | |
471 | * combined with readtimeout above, determines how accurately timed events, | |
472 | * such as nick kills, occur; it also determines how much CPU time Services | |
473 | * will use doing this. Higher values will cause less accurate timing but | |
474 | * less CPU usage. | |
475 | * | |
476 | * Note that this value is not an absolute limit on the period between | |
477 | * checks of the timeout list; the previous may be as great as readtimeout | |
478 | * (above) during periods of inactivity. | |
479 | * | |
480 | * If this directive is not given, it will default to 0. | |
481 | */ | |
482 | timeoutcheck = 3s | |
483 | ||
484 | /* | |
485 | * If set, this will allow users to let Services send PRIVMSGs to them | |
486 | * instead of NOTICEs. Also see the defmsg option of nickserv:defaults, | |
487 | * which also toggles the default communication (PRIVMSG or NOTICE) to | |
488 | * use for unregistered users. | |
489 | * | |
490 | * This is a feature that is against the IRC RFC and should be used ONLY | |
491 | * if absolutely necessary. | |
492 | * | |
493 | * This directive is optional, and not recommended. | |
494 | */ | |
495 | #useprivmsg = yes | |
496 | ||
497 | /* | |
498 | * If set, will force Services to only respond to PRIVMSGs addresses to | |
499 | * Nick@ServerName - e.g. NickServ@localhost.net. This should be used in | |
500 | * conjunction with IRCd aliases. This directive is optional. | |
501 | * | |
502 | * This option will have no effect on some IRCds, such as TS6 IRCds. | |
503 | */ | |
504 | #usestrictprivmsg = yes | |
505 | ||
506 | /* | |
507 | * If set, Services will only show /stats o to IRC Operators. This directive | |
508 | * is optional. | |
509 | */ | |
510 | #hidestatso = yes | |
511 | ||
512 | /* | |
513 | * A space-separated list of ulined servers on your network, it is assumed that | |
514 | * the servers in this list are allowed to set channel modes and Services will | |
515 | * not attempt to reverse their mode changes. | |
516 | * | |
517 | * WARNING: Do NOT put your normal IRC user servers in this directive. | |
518 | * | |
519 | * This directive is optional. | |
520 | */ | |
521 | ulineservers = "services.qc-2011-my.com" | |
522 | ||
523 | /* | |
524 | * How long to wait between connection retries with the uplink(s). | |
525 | */ | |
526 | retrywait = 60s | |
527 | ||
528 | /* | |
529 | * If set, Services will hide commands that users don't have the privileges to execute | |
530 | * from HELP output. | |
531 | */ | |
532 | hideprivilegedcommands = yes | |
533 | ||
534 | /* | |
535 | * If set, Services do not allow ownership of nick names, only ownership of accounts. | |
536 | */ | |
537 | nonicknameownership = no | |
538 | ||
539 | /* The regex engine to use, as provided by the regex modules. | |
540 | * Leave commented to disable regex matching. | |
541 | * | |
542 | * Note for this to work the regex module providing the regex engine must be loaded. | |
543 | */ | |
544 | regexengine = "regex/pcre" | |
545 | ||
546 | /* | |
547 | * A list of languages to load on startup that will be available in /nickserv set language. | |
548 | * Useful if you translate Anope to your language. (Explained further in docs/LANGUAGE). | |
549 | * Note that english should not be listed here because it is the base language. | |
550 | * | |
551 | * Removing .UTF-8 will instead use the default encoding for the language, eg. iso-8859-1 for western European languages. | |
552 | */ | |
553 | languages = "ca_ES.UTF-8 de_DE.UTF-8 el_GR.UTF-8 es_ES.UTF-8 fr_FR.UTF-8 hu_HU.UTF-8 it_IT.UTF-8 nl_NL.UTF-8 pl_PL.UTF-8 pt_PT.UTF-8 ru_RU.UTF-8 tr_TR.UTF-8" | |
554 | ||
555 | /* | |
556 | * Default language that non- and newly-registered nicks will receive messages in. | |
557 | * Leave empty to default to English. | |
558 | */ | |
559 | #defaultlanguage = "es_ES.UTF-8" | |
560 | ||
561 | /* | |
562 | * The username, and possibly hostname, used for fake users created when Services needs to | |
563 | * hold a nickname. | |
564 | */ | |
565 | enforceruser = "enforcer" | |
566 | enforcerhost = "localhost.net" | |
567 | ||
568 | /* | |
569 | * The length of time Services hold nicknames. | |
570 | */ | |
571 | releasetimeout = 1m | |
572 | ||
573 | /* | |
574 | * When a user's nick is forcibly changed to enforce a "nick kill", their new nick will start | |
575 | * with this value. The rest will be made up of 6 or 7 digits. | |
576 | */ | |
577 | guestnickprefix = "Guest" | |
578 | } | |
579 | ||
580 | /* | |
581 | * [OPTIONAL] BotServ | |
582 | * | |
583 | * Includes botserv.example.conf, which is necessary for BotServ functionality. | |
584 | * | |
585 | * Remove this block to disable BotServ. | |
586 | */ | |
587 | include | |
588 | { | |
589 | type = "file" | |
590 | name = "botserv.example.conf" | |
591 | } | |
592 | ||
593 | /* | |
594 | * [RECOMMENDED] ChanServ | |
595 | * | |
596 | * Includes chanserv.example.conf, which is necessary for ChanServ functionality. | |
597 | * | |
598 | * Remove this block to disable ChanServ. | |
599 | */ | |
600 | include | |
601 | { | |
602 | type = "file" | |
603 | name = "chanserv.example.conf" | |
604 | } | |
605 | ||
606 | /* | |
607 | * [RECOMMENDED] Global | |
608 | * | |
609 | * Includes global.example.conf, which is necessary for Global functionality. | |
610 | * | |
611 | * Remove this block to disable Global. | |
612 | */ | |
613 | include | |
614 | { | |
615 | type = "file" | |
616 | name = "global.example.conf" | |
617 | } | |
618 | ||
619 | /* | |
620 | * [OPTIONAL] HostServ | |
621 | * | |
622 | * Includes hostserv.example.conf, which is necessary for HostServ functionality. | |
623 | * | |
624 | * Remove this block to disable HostServ. | |
625 | */ | |
626 | include | |
627 | { | |
628 | type = "file" | |
629 | name = "hostserv.example.conf" | |
630 | } | |
631 | ||
632 | /* | |
633 | * [OPTIONAL] MemoServ | |
634 | * | |
635 | * Includes memoserv.example.conf, which is necessary for MemoServ functionality. | |
636 | * | |
637 | * Remove this block to disable MemoServ. | |
638 | */ | |
639 | include | |
640 | { | |
641 | type = "file" | |
642 | name = "memoserv.example.conf" | |
643 | } | |
644 | ||
645 | /* | |
646 | * [OPTIONAL] NickServ | |
647 | * | |
648 | * Includes nickserv.example.conf, which is necessary for NickServ functionality. | |
649 | * | |
650 | * Remove this block to disable NickServ. | |
651 | */ | |
652 | include | |
653 | { | |
654 | type = "file" | |
655 | name = "nickserv.example.conf" | |
656 | } | |
657 | ||
658 | /* | |
659 | * [RECOMMENDED] OperServ | |
660 | * | |
661 | * Includes operserv.example.conf, which is necessary for OperServ functionality. | |
662 | * | |
663 | * Remove this block to disable OperServ. | |
664 | */ | |
665 | include | |
666 | { | |
667 | type = "file" | |
668 | name = "operserv.example.conf" | |
669 | } | |
670 | ||
671 | /* | |
672 | * [RECOMMENDED] Logging Configuration | |
673 | * | |
674 | * This section is used for configuring what is logged and where it is logged to. | |
675 | * You may have multiple log blocks if you wish. Remember to properly secure any | |
676 | * channels you choose to have Anope log to! | |
677 | */ | |
678 | log | |
679 | { | |
680 | /* | |
681 | * Target(s) to log to, which may be one of the following: | |
682 | * - a channel name | |
683 | * - a filename | |
684 | * - globops | |
685 | */ | |
686 | target = "services.log" | |
687 | ||
688 | /* Log to both services.log and the channel #services | |
689 | * | |
690 | * Note that some older IRCds, such as Ratbox, require services to be in the | |
691 | * log channel to be able to message it. To do this, configure service:channels to | |
692 | * join your logging channel. | |
693 | */ | |
694 | #target = "services.log #services" | |
695 | ||
696 | /* | |
697 | * The source(s) to only accept log messages from. Leave commented to allow all sources. | |
698 | * This can be a users name, a channel name, one of our clients (eg, OperServ), or a server name. | |
699 | */ | |
700 | #source = "" | |
701 | ||
702 | /* | |
703 | * The bot used to log generic messages which have no predefined sender if there | |
704 | * is a channel in the target directive. | |
705 | */ | |
706 | bot = "Global" | |
707 | ||
708 | /* | |
709 | * The number of days to keep logfiles, only useful if you are logging to a file. | |
710 | * Set to 0 to never delete old logfiles. | |
711 | * | |
712 | * Note that Anope must run 24 hours a day for this feature to work correctly. | |
713 | */ | |
714 | logage = 0 | |
715 | ||
716 | /* | |
717 | * What types of log messages should be logged by this block. There are nine general categories: | |
718 | * | |
719 | * admin - Execution of admin commands (OperServ, etc). | |
720 | * override - A services operator using their powers to execute a command they couldn't normally. | |
721 | * commands - Execution of general commands. | |
722 | * servers - Server actions, linking, squitting, etc. | |
723 | * channels - Actions in channels such as joins, parts, kicks, etc. | |
724 | * users - User actions such as connecting, disconnecting, changing name, etc. | |
725 | * other - All other messages without a category. | |
726 | * rawio - Logs raw input and output from services | |
727 | * debug - Debug messages (log files can become VERY large from this). | |
728 | * | |
729 | * These options determine what messages from the categories should be logged. Wildcards are accepted, and | |
730 | * you can also negate values with a ~. For example, "~operserv/akill operserv/*" would log all operserv | |
731 | * messages except for operserv/akill. Note that processing stops at the first matching option, which | |
732 | * means "* ~operserv/*" would log everything because * matches everything. | |
733 | * | |
734 | * Valid admin, override, and command options are: | |
735 | * pesudo-serv/commandname (eg, operserv/akill, chanserv/set) | |
736 | * | |
737 | * Valid server options are: | |
738 | * connect, quit, sync, squit | |
739 | * | |
740 | * Valid channel options are: | |
741 | * create, destroy, join, part, kick, leave, mode | |
742 | * | |
743 | * Valid user options are: | |
744 | * connect, disconnect, quit, nick, ident, host, mode, maxusers, oper | |
745 | * | |
746 | * Rawio and debug are simple yes/no answers, there are no types for them. | |
747 | * | |
748 | * Note that modules may add their own values to these options. | |
749 | */ | |
750 | admin = "operserv/*" | |
751 | override = "chanserv/* nickserv/* memoserv/set ~botserv/set botserv/*" | |
752 | commands = "~operserv/* *" | |
753 | servers = "*" | |
754 | #channels = "~mode *" | |
755 | users = "connect disconnect nick" | |
756 | other = "*" | |
757 | rawio = no | |
758 | debug = no | |
759 | } | |
760 | ||
761 | /* | |
762 | * A log block to globops some useful things. | |
763 | */ | |
764 | log | |
765 | { | |
766 | target = "globops" | |
767 | admin = "global/* operserv/mode operserv/kick operserv/akill operserv/s*line operserv/noop operserv/jupe operserv/oline operserv/set operserv/svsnick operserv/svsjoin operserv/svspart nickserv/getpass */drop" | |
768 | servers = "squit" | |
769 | users = "oper" | |
770 | other = "expire/* bados akill/*" | |
771 | } | |
772 | ||
773 | /* | |
774 | * [RECOMMENDED] Oper Access Config | |
775 | * | |
776 | * This section is used to set up staff access to restricted oper only commands. | |
777 | * You may define groups of commands and privileges, as well as who may use them. | |
778 | * | |
779 | * This block is recommended, as without it you will be unable to access most oper commands. | |
780 | * It replaces the old ServicesRoot directive amongst others. | |
781 | * | |
782 | * The command names below are defaults and are configured in the *serv.conf's. If you configure | |
783 | * additional commands with permissions, such as commands from third party modules, the permissions | |
784 | * must be included in the opertype block before the command can be used. | |
785 | * | |
786 | * Available privileges: | |
787 | * botserv/administration - Can view and assign private BotServ bots | |
788 | * chanserv/administration - Can modify the settings of any channel (including changing of the owner!) | |
789 | * chanserv/access/modify - Can modify channel access and akick lists, and use /chanserv enforce | |
790 | * chanserv/auspex - Can see any information with /chanserv info | |
791 | * chanserv/no-register-limit - May register an unlimited number of channels and nicknames | |
792 | * chanserv/kick - Can kick and ban users from channels through ChanServ | |
793 | * memoserv/info - Can see any information with /memoserv info | |
794 | * memoserv/set-limit - Can set the limit of max stored memos on any user and channel | |
795 | * memoserv/no-limit - Can send memos through limits and throttles | |
796 | * nickserv/access - Can modify other users access and certificate lists | |
797 | * nickserv/alist - Can see the channel access list of other users | |
798 | * nickserv/auspex - Can see any information with /nickserv info | |
799 | * nickserv/confirm - Can confirm other users nicknames | |
800 | * nickserv/drop - Can drop other users nicks | |
801 | * | |
802 | * Available commands: | |
803 | * botserv/bot/del botserv/bot/add botserv/bot/change botserv/set/private | |
804 | * botserv/set/nobot | |
805 | * | |
806 | * chanserv/access/list chanserv/drop chanserv/getkey chanserv/invite | |
807 | * chanserv/list chanserv/suspend chanserv/topic | |
808 | * | |
809 | * chanserv/saset/bantype chanserv/saset/description chanserv/saset/email chanserv/saset/keepmodes | |
810 | * chanserv/saset/founder chanserv/saset/keeptopic chanserv/saset/restricted | |
811 | * chanserv/saset/peace chanserv/saset/persist chanserv/saset/private | |
812 | * chanserv/saset/secure chanserv/saset/securefounder chanserv/saset/secureops | |
813 | * chanserv/saset/signkick chanserv/saset/successor chanserv/saset/topiclock | |
814 | * chanserv/saset/url chanserv/saset/noexpire chanserv/saset/autoop | |
815 | * | |
816 | * memoserv/sendall memoserv/staff | |
817 | * | |
818 | * nickserv/getpass nickserv/getemail nickserv/suspend nickserv/ajoin | |
819 | * nickserv/resetpass nickserv/list | |
820 | * | |
821 | * nickserv/saset/autoop nickserv/saset/email nickserv/saset/greet nickserv/saset/password | |
822 | * nickserv/saset/display nickserv/saset/kill nickserv/saset/language nickserv/saset/message | |
823 | * nickserv/saset/private nickserv/saset/secure nickserv/saset/url nickserv/saset/noexpire | |
824 | * nickserv/saset/keepmodes | |
825 | * | |
826 | * hostserv/set hostserv/del hostserv/list | |
827 | * | |
828 | * global/global | |
829 | * | |
830 | * operserv/news operserv/stats operserv/kick operserv/exception operserv/seen | |
831 | * operserv/mode operserv/session operserv/modinfo operserv/ignore operserv/chanlist | |
832 | * operserv/chankill operserv/akill operserv/sqline operserv/snline operserv/userlist | |
833 | * operserv/oper operserv/config operserv/umode operserv/logsearch | |
834 | * operserv/modload operserv/jupe operserv/set operserv/noop | |
835 | * operserv/quit operserv/update operserv/reload operserv/restart | |
836 | * operserv/shutdown operserv/svs operserv/oline operserv/kill | |
837 | * | |
838 | * Firstly, we define 'opertypes' which are named whatever we want ('Network Administrator', etc). | |
839 | * These can contain commands for oper-only strings (see above) which grants access to that specific command, | |
840 | * and privileges (which grant access to more general permissions for the named area). | |
841 | * Wildcard entries are permitted for both, e.g. 'commands = "operserv/*"' for all OperServ commands. | |
842 | * | |
843 | * Below are some default example types, but this is by no means exhaustive, | |
844 | * and it is recommended that you configure them to your needs. | |
845 | */ | |
846 | ||
847 | opertype | |
848 | { | |
849 | /* The name of this opertype */ | |
850 | name = "Helper" | |
851 | ||
852 | /* What commands (see above) this opertype has */ | |
853 | commands = "hostserv/*" | |
854 | } | |
855 | ||
856 | opertype | |
857 | { | |
858 | /* The name of this opertype */ | |
859 | name = "Services Operator" | |
860 | ||
861 | /* What opertype(s) this inherits from. Seperate with a comma. */ | |
862 | inherits = "Helper, Another Helper" | |
863 | ||
864 | /* What commands (see above) this opertype may use */ | |
865 | commands = "chanserv/list chanserv/suspend chanserv/topic memoserv/staff nickserv/list nickserv/resetpass nickserv/suspend operserv/mode operserv/chankill operserv/akill operserv/session operserv/modinfo operserv/sqline operserv/oper operserv/kick operserv/ignore operserv/snline" | |
866 | ||
867 | /* What privs (see above) this opertype has */ | |
868 | privs = "chanserv/auspex chanserv/no-register-limit memoserv/* nickserv/auspex nickserv/confirm" | |
869 | ||
870 | /* | |
871 | * Modes to be set on users when they identify to accounts linked to this opertype. | |
872 | * | |
873 | * This can be used to automatically oper users who identify for services operator accounts, and is | |
874 | * useful for setting modes such as Plexus's user mode +N. | |
875 | * | |
876 | * Note that some IRCds, such as InspIRCd, do not allow directly setting +o, and this will not work. | |
877 | */ | |
878 | #modes = "+o" | |
879 | } | |
880 | ||
881 | opertype | |
882 | { | |
883 | name = "Services Administrator" | |
884 | ||
885 | inherits = "Services Operator" | |
886 | ||
887 | commands = "chanserv/access/list chanserv/drop chanserv/getkey chanserv/saset/noexpire memoserv/sendall nickserv/saset/* nickserv/getemail operserv/news operserv/jupe operserv/svs operserv/stats operserv/oline operserv/noop operserv/forbid global/*" | |
888 | ||
889 | privs = "*" | |
890 | } | |
891 | ||
892 | opertype | |
893 | { | |
894 | name = "Services Root" | |
895 | ||
896 | commands = "*" | |
897 | ||
898 | privs = "*" | |
899 | } | |
900 | ||
901 | /* | |
902 | * After defining different types of operators in the above opertype section, we now define who is in these groups | |
903 | * through 'oper' blocks, similar to ircd access. | |
904 | * | |
905 | * The default is to comment these out (so NOBODY will have Services access). | |
906 | * You probably want to add yourself and a few other people at minimum. | |
907 | * | |
908 | * As with all permissions, make sure to only give trustworthy people access to Services. | |
909 | */ | |
910 | ||
911 | #oper | |
912 | { | |
913 | /* The nickname of this services oper */ | |
914 | #name = "nick1" | |
915 | ||
916 | /* The opertype this person will have */ | |
917 | type = "Services Root" | |
918 | ||
919 | /* If set, the user must be an oper on the IRCd to gain their Services | |
920 | * oper privileges. | |
921 | */ | |
922 | require_oper = yes | |
923 | ||
924 | /* An optional password. If defined the user must login using "/msg OperServ LOGIN" first */ | |
925 | #password = "secret" | |
926 | ||
927 | /* An optional SSL fingerprint. If defined, it's required to be able to use this opertype. */ | |
928 | #certfp = "ed3383b3f7d74e89433ddaa4a6e5b2d7" | |
929 | ||
930 | /* An optional list of user@host masks. If defined the user must be connected from one of them */ | |
931 | #host = "*@*.anope.org ident@*" | |
932 | ||
933 | /* An optional vHost to set on users who identify for this oper block. | |
934 | * This will override HostServ vHosts, and may not be available on all IRCds | |
935 | */ | |
936 | #vhost = "oper.mynet" | |
937 | } | |
938 | ||
939 | #oper | |
940 | { | |
941 | name = "nick2" | |
942 | type = "Services Administrator" | |
943 | } | |
944 | ||
945 | #oper | |
946 | { | |
947 | name = "nick3" | |
948 | type = "Helper" | |
949 | } | |
950 | ||
951 | /* | |
952 | * [OPTIONAL] Mail Config | |
953 | * | |
954 | * This section contains settings related to the use of e-mail from Services. | |
955 | * If the usemail directive is set to yes, unless specified otherwise, all other | |
956 | * directives are required. | |
957 | * | |
958 | * NOTE: Users can find the IP of the machine services is running on by examining | |
959 | * mail headers. If you do not want your IP known, you should set up a mail relay | |
960 | * to strip the relevant headers. | |
961 | */ | |
962 | ||
963 | { | |
964 | /* | |
965 | * If set, this option enables the mail commands in Services. You may choose | |
966 | * to disable it if you have no Sendmail-compatible mailer installed. Whilst | |
967 | * this directive (and entire block) is optional, it is required if | |
968 | * nickserv:registration is set to yes. | |
969 | */ | |
970 | usemail = yes | |
971 | ||
972 | /* | |
973 | * This is the command-line that will be used to call the mailer to send an | |
974 | * e-mail. It must be called with all the parameters needed to make it | |
975 | * scan the mail input to find the mail recipient; consult your mailer | |
976 | * documentation. | |
977 | * | |
978 | * Postfix users must use the compatible sendmail utility provided with | |
979 | * it. This one usually needs no parameters on the command-line. Most | |
980 | * sendmail applications (or replacements of it) require the -t option | |
981 | * to be used. | |
982 | */ | |
983 | sendmailpath = "/usr/sbin/sendmail -t" | |
984 | ||
985 | /* | |
986 | * This is the e-mail address from which all the e-mails are to be sent from. | |
987 | * It should really exist. | |
988 | */ | |
989 | sendfrom = "services@localhost.net" | |
990 | ||
991 | /* | |
992 | * If set, RESETPASS will be restricted to services operators with access to | |
993 | * nickserv/resetpass in their opertype:commands. | |
994 | * This directive is optional. | |
995 | * | |
996 | * WARNING: If you choose to not enable this option, you should limit the | |
997 | * number of processes that the services user can have at a time (you can | |
998 | * create a special user for this; remember to NEVER launch Services as | |
999 | * root). | |
1000 | */ | |
1001 | restrict = yes | |
1002 | ||
1003 | /* | |
1004 | * This controls the minimum amount of time a user must wait before sending | |
1005 | * another e-mail after they have sent one. It also controls the minimum time | |
1006 | * a user must wait before they can receive another e-mail. | |
1007 | * | |
1008 | * This feature prevents users from being mail bombed using Services and | |
1009 | * it is highly recommended that it be used. | |
1010 | * | |
1011 | * This directive is optional, but highly recommended. | |
1012 | */ | |
1013 | delay = 5m | |
1014 | ||
1015 | /* | |
1016 | * If set, Services will not attempt to put quotes around the TO: fields | |
1017 | * in e-mails. | |
1018 | * | |
1019 | * This directive is optional, and as far as we know, it's only needed | |
1020 | * if you are using ESMTP or QMail to send out e-mails. | |
1021 | */ | |
1022 | #dontquoteaddresses = yes | |
1023 | ||
1024 | /* | |
1025 | * The subject and message of emails sent to users when they register accounts. | |
1026 | */ | |
1027 | registration_subject = "Nickname registration for %n" | |
1028 | registration_message = "Hi, | |
1029 | ||
1030 | You have requested to register the nickname %n on %N. | |
1031 | Please type \" /msg NickServ CONFIRM %c \" to complete registration. | |
1032 | ||
1033 | If you don't know why this mail was sent to you, please ignore it silently. | |
1034 | ||
1035 | %N administrators." | |
1036 | ||
1037 | /* | |
1038 | * The subject and message of emails sent to users when they request a new password. | |
1039 | */ | |
1040 | reset_subject = "Reset password request for %n" | |
1041 | reset_message = "Hi, | |
1042 | ||
1043 | You have requested to have the password for %n reset. | |
1044 | To reset your password, type \" /msg NickServ CONFIRM %n %c \" | |
1045 | ||
1046 | If you don't know why this mail was sent to you, please ignore it silently. | |
1047 | ||
1048 | %N administrators." | |
1049 | ||
1050 | /* | |
1051 | * The subject and message of emails sent to users when they request a new email address. | |
1052 | */ | |
1053 | emailchange_subject = "Email confirmation" | |
1054 | emailchange_message = "Hi, | |
1055 | ||
1056 | You have requested to change your email address to %e. | |
1057 | Please type \" /msg NickServ CONFIRM %c \" to confirm this change. | |
1058 | ||
1059 | If you don't know why this mail was sent to you, please ignore it silently. | |
1060 | ||
1061 | %N administrators." | |
1062 | ||
1063 | /* | |
1064 | * The subject and message of emails sent to users when they receive a new memo. | |
1065 | */ | |
1066 | memo_subject = "New memo" | |
1067 | memo_message = "Hi %n, | |
1068 | ||
1069 | You've just received a new memo from %s. This is memo number %d. | |
1070 | ||
1071 | Memo text: | |
1072 | ||
1073 | %t" | |
1074 | } | |
1075 | ||
1076 | /* | |
1077 | * [REQUIRED] Database configuration. | |
1078 | * | |
1079 | * This section is used to configure databases used by Anope. | |
1080 | * You should at least load one database method, otherwise any data you | |
1081 | * have will not be stored! | |
1082 | */ | |
1083 | ||
1084 | /* | |
1085 | * [DEPRECATED] db_old | |
1086 | * | |
1087 | * This is the old binary database format from late Anope 1.7.x, Anope 1.8.x, and | |
1088 | * early Anope 1.9.x. This module only loads these databases, and will NOT save them. | |
1089 | * You should only use this to upgrade old databases to a newer database format by loading | |
1090 | * other database modules in addition to this one, which will be used when saving databases. | |
1091 | */ | |
1092 | #module | |
1093 | { | |
1094 | name = "db_old" | |
1095 | ||
1096 | /* | |
1097 | * This is the encryption type used by the databases. This must be set correctly or | |
1098 | * your passwords will not work. Valid options are: md5, oldmd5, sha1, and plain. | |
1099 | */ | |
1100 | #hash = "md5" | |
1101 | } | |
1102 | ||
1103 | /* | |
1104 | * [DEPRECATED] db_plain | |
1105 | * | |
1106 | * This is the flatfile database format from Anope-1.9.2 to Anope-1.9.5. | |
1107 | * This module only loads this database, and will NOT save it. | |
1108 | * To convert from this format, load both this and db_flatfile. Be sure to name db_flatfile's | |
1109 | * target database to something else. Start Anope then shut down so the new database will be written. | |
1110 | * Then unload this and restart Anope, loading from the new database. | |
1111 | */ | |
1112 | #module | |
1113 | { | |
1114 | name = "db_plain" | |
1115 | ||
1116 | /* | |
1117 | * The database name db_plain should use | |
1118 | */ | |
1119 | database = "anope.db" | |
1120 | } | |
1121 | ||
1122 | /* | |
1123 | * [RECOMMENDED] db_flatfile | |
1124 | * | |
1125 | * This is the default flatfile database format. | |
1126 | */ | |
1127 | module | |
1128 | { | |
1129 | name = "db_flatfile" | |
1130 | ||
1131 | /* | |
1132 | * The database name db_flatfile should use | |
1133 | */ | |
1134 | database = "anope.db" | |
1135 | ||
1136 | /* | |
1137 | * Sets the number of days backups of databases are kept. If you don't give it, | |
1138 | * or if you set it to 0, Services won't backup the databases. | |
1139 | * | |
1140 | * NOTE: Services must run 24 hours a day for this feature to work. | |
1141 | * | |
1142 | * This directive is optional, but recommended. | |
1143 | */ | |
1144 | keepbackups = 3 | |
1145 | ||
1146 | /* | |
1147 | * Allows Services to continue file write operations (i.e. database saving) | |
1148 | * even if the original file cannot be backed up. Enabling this option may | |
1149 | * allow Services to continue operation under conditions where it might | |
1150 | * otherwise fail, such as a nearly-full disk. | |
1151 | * | |
1152 | * NOTE: Enabling this option can cause irrecoverable data loss under some | |
1153 | * conditions, so make CERTAIN you know what you're doing when you enable it! | |
1154 | * | |
1155 | * This directive is optional, and you are discouraged against enabling it. | |
1156 | */ | |
1157 | #nobackupokay = yes | |
1158 | ||
1159 | /* | |
1160 | * If enabled, services will fork a child process to save databases. | |
1161 | * | |
1162 | * This is only useful with very large databases, with hundreds | |
1163 | * of thousands of objects, that have a noticeable delay from | |
1164 | * writing databases. | |
1165 | * | |
1166 | * If your database is large enough cause a noticeable delay when | |
1167 | * saving you should consider a more powerful alternative such | |
1168 | * as db_sql or db_redis, which incrementally update their | |
1169 | * databases asynchronously in real time. | |
1170 | */ | |
1171 | fork = no | |
1172 | } | |
1173 | ||
1174 | /* | |
1175 | * db_sql and db_sql_live | |
1176 | * | |
1177 | * db_sql module allows saving and loading databases using one of the SQL engines. | |
1178 | * This module loads the databases once on startup, then incrementally updates | |
1179 | * objects in the database as they are changed within Anope in real time. Changes | |
1180 | * to the SQL tables not done by Anope will have no effect and will be overwritten. | |
1181 | * | |
1182 | * db_sql_live module allows saving and loading databases using one of the SQL engines. | |
1183 | * This module reads and writes to SQL in real time. Changes to the SQL tables | |
1184 | * will be immediately reflected into Anope. This module should not be loaded | |
1185 | * in conjunction with db_sql. | |
1186 | * | |
1187 | */ | |
1188 | #module | |
1189 | { | |
1190 | name = "db_sql" | |
1191 | #name = "db_sql_live" | |
1192 | ||
1193 | /* | |
1194 | * The SQL service db_sql(_live) should use, these are configured in modules.conf. | |
1195 | * For MySQL, this should probably be mysql/main. | |
1196 | */ | |
1197 | engine = "sqlite/main" | |
1198 | ||
1199 | /* | |
1200 | * An optional prefix to prepended to the name of each created table. | |
1201 | * Do not use the same prefix for other programs. | |
1202 | */ | |
1203 | #prefix = "anope_db_" | |
1204 | ||
1205 | /* Whether or not to import data from another database module in to SQL on startup. | |
1206 | * If you enable this, be sure that the database services is configured to use is | |
1207 | * empty and that another database module to import from is loaded before db_sql. | |
1208 | * After you enable this and do a database import you should disable it for | |
1209 | * subsequent restarts. | |
1210 | * | |
1211 | * Note that you can not import databases using db_sql_live. If you want to import | |
1212 | * databases and use db_sql_live you should import them using db_sql, then shut down | |
1213 | * and start services with db_sql_live. | |
1214 | */ | |
1215 | import = false | |
1216 | } | |
1217 | ||
1218 | /* | |
1219 | * db_redis. | |
1220 | * | |
1221 | * This module allows using Redis (http://redis.io) as a database backend. | |
1222 | * This module requires that m_redis is loaded and configured properly. | |
1223 | * | |
1224 | * Redis 2.8 supports keyspace notifications which allows Redis to push notifications | |
1225 | * to Anope about outside modifications to the database. This module supports this and | |
1226 | * will internally reflect any changes made to the database immediately once notified. | |
1227 | * See docs/REDIS for more information regarding this. | |
1228 | */ | |
1229 | #module | |
1230 | { | |
1231 | name = "db_redis" | |
1232 | ||
1233 | /* | |
1234 | * Redis database to use. This must be configured with m_redis. | |
1235 | */ | |
1236 | engine = "redis/main" | |
1237 | } | |
1238 | ||
1239 | /* | |
1240 | * [RECOMMENDED] Encryption modules. | |
1241 | * | |
1242 | * The encryption modules are used when dealing with passwords. This determines how | |
1243 | * the passwords are stored in the databases, and does not add any security as | |
1244 | * far as transmitting passwords over the network goes. | |
1245 | * | |
1246 | * Without any encryption modules loaded users will not be able to authenticate unless | |
1247 | * there is another module loaded that provides authentication checking, such as | |
1248 | * m_ldap_authentication or m_sql_authentication. | |
1249 | * | |
1250 | * With enc_none, passwords will be stored in plain text, allowing for passwords | |
1251 | * to be recovered later but it isn't secure and therefore is not recommended. | |
1252 | * | |
1253 | * The other encryption modules use one-way encryption, so the passwords can not | |
1254 | * be recovered later if those are used. | |
1255 | * | |
1256 | * The first encryption module loaded is the primary encryption module. All new passwords are | |
1257 | * encrypted by this module. Old passwords stored in another encryption method are | |
1258 | * automatically re-encrypted by the primary encryption module on next identify. | |
1259 | * | |
1260 | * NOTE: enc_old is Anope's previous (broken) MD5 implementation, if your databases | |
1261 | * were made using that module, continue to use it and do not use enc_md5. | |
1262 | * | |
1263 | * NOTE: enc_sha1 relies on how the OS stores 2+ byte data internally, and is | |
1264 | * potentially broken when moving between 2 different OSes, such as moving from | |
1265 | * Linux to Windows. It is recommended that you use enc_sha256 instead if you want | |
1266 | * to use an SHA-based encryption. If you choose to do so, it is also recommended | |
1267 | * that you first try to get everyone's passwords converted to enc_sha256 before | |
1268 | * switching OSes by placing enc_sha256 at the beginning of the list. | |
1269 | * | |
1270 | */ | |
1271 | ||
1272 | module { name = "enc_sha256" } | |
1273 | #module { name = "enc_md5" } | |
1274 | #module { name = "enc_sha1" } | |
1275 | ||
1276 | /* | |
1277 | * When using enc_none, passwords will be stored without encryption. This isn't secure | |
1278 | * therefore it is not recommended. | |
1279 | */ | |
1280 | #module { name = "enc_none" } | |
1281 | ||
1282 | /* | |
1283 | * enc_old is Anope's previous (broken) MD5 implementation used from 1.4.x to 1.7.16. | |
1284 | * If your databases were made using that module, load it here to allow conversion to the primary | |
1285 | * encryption method. | |
1286 | */ | |
1287 | #module { name = "enc_old" } | |
1288 | ||
1289 | ||
1290 | /* Extra (optional) modules. */ | |
1291 | include | |
1292 | { | |
1293 | type = "file" | |
1294 | name = "modules.example.conf" | |
1295 | } | |
1296 | ||
1297 | /* | |
1298 | * Chanstats module. | |
1299 | * Requires a MySQL Database. | |
1300 | */ | |
1301 | #include | |
1302 | { | |
1303 | type = "file" | |
1304 | name = "chanstats.example.conf" | |
1305 | } |