/* doc/example.conf - SIRCd brief example Configuration File * Be sure to **RE

1. /* doc/example.conf - SIRCd brief example Configuration File
2. * Be sure to **RENAME** this file to ircd.conf
3. * Adam Hockley , Adam, <contact -at- froglive.me>
4. *
5. * Copyright (C) 2000-2002 Hybrid Development Team
6. * Copyright (C) 2002-2005 ircd-ratbox development team
7. * Copyright (C) 2005-2006 charybdis development team
8. * Copyright (C) 2018-2019 Adam Hockly
9. *
10. * This is the configuration file for aspIRCd.
11. * briefly rewritten and revised throughly each and every clause.
12. *
13. * $Id: example.conf 3582 2007-11-17 21:55:48Z jilles $
14. *
15. * See reference.conf for more information.
16. */
17.  
18. /* Extensions */
19. #loadmodule "extensions/chm_adminonly.so";
20. loadmodule "extensions/chm_operonly.so";
21. #loadmodule "extensions/chm_sslonly.so";
22. #loadmodule "extensions/chm_operonly_compat.so";
23. #loadmodule "extensions/chm_quietunreg_compat.so";
24. #loadmodule "extensions/chm_sslonly_compat.so";
25. #loadmodule "extensions/createauthonly.so";
26. loadmodule "extensions/extb_account.so";
27. loadmodule "extensions/extb_canjoin.so";
28. loadmodule "extensions/extb_channel.so";
29. loadmodule "extensions/extb_extgecos.so";
30. loadmodule "extensions/extb_oper.so";
31. loadmodule "extensions/extb_realname.so";
32. #loadmodule "extensions/extb_server.so";
33. #loadmodule "extensions/extb_ssl.so";
34. #loadmodule "extensions/hurt.so";
35. #loadmodule "extensions/m_findforwards.so";
36. loadmodule "extensions/m_identify.so";
37. loadmodule "extensions/m_mkpasswd.so";
38. loadmodule "extensions/m_webirc.so";
39. #loadmodule "extensions/m_cycle.so";
40. #loadmodule "extensions/m_oaccept.so";
41. #loadmodule "extensions/m_opme.so";
42. #loadmodule "extensions/m_ojoin.so";
43. #loadmodule "extensions/m_omode.so";
44. #loadmodule "extensions/m_olist.so";
45. #loadmodule "extensions/m_okick.so";
46. #loadmodule "extensions/m_forcejoin.so";
47. #loadmodule "extensions/m_forcepart.so";
48. #loadmodule "extensions/m_forcenick.so";
49. #loadmodule "extensions/m_forcequit.so";
50. #loadmodule "extensions/no_oper_invis.so";
51. #loadmodule "extensions/show_whois.so";
52. loadmodule "extensions/sno_farconnect.so";
53. loadmodule "extensions/sno_globalkline.so";
54. loadmodule "extensions/sno_globaloper.so";
55.  
56. serverinfo {
57. name = "london.froglive.me";
58. sid = "12X";
59. description = "FrogLiveme";
60. network_name = "FrogliveMe";
61. helpchan = "#help";
62. helpurl = "http://www.baconrashers.net/help";
63. hub = yes;
64.  
65. /* ssl_private_key: our ssl private key */
66. ssl_private_key = "etc/ssl.key";
67.  
68. /* ssl_cert: certificate for our ssl server */
69. ssl_cert = "etc/ssl.pem";
70.  
71. /* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
72. ssl_dh_params = "etc/dh.pem";
73.  
74. /* ssld_count: number of ssld processes you want to start, if you
75. * have a really busy server, using N-1 where N is the number of
76. * cpu/cpu cores you have might be useful. A number greater than one
77. * can also be useful in case of bugs in ssld and because ssld needs
78. * two file descriptors per SSL connection.
79. */
80. ssld_count = 1;
81.  
82. /* default max clients: the default maximum number of clients
83. * allowed to connect. This can be changed once ircd has started by
84. * issuing:
85. * /quote set maxclients <limit>
86. */
87. default_max_clients = 1024;
88. };
89.  
90. admin {
91. name = "Adam Hockley";
92. description = "Network Administrator";
93. email = "adam@froglive.me";
94. };
95.  
96. log {
97. fname_userlog = "logs/userlog";
98. #fname_fuserlog = "logs/fuserlog";
99. fname_operlog = "logs/operlog";
100. #fname_foperlog = "logs/foperlog";
101. fname_serverlog = "logs/serverlog";
102. #fname_klinelog = "logs/klinelog";
103. fname_killlog = "logs/killlog";
104. fname_operspylog = "logs/operspylog";
105. #fname_ioerrorlog = "logs/ioerror";
106. };
107.  
108. /* class {} blocks MUST be specified before anything that uses them. That
109. * means they must be defined before auth {} and before connect {}.
110. */
111. class "users" {
112. ping_time = 2 minutes;
113. number_per_ident = 10;
114. number_per_ip = 10;
115. number_per_ip_global = 50;
116. cidr_ipv4_bitlen = 24;
117. cidr_ipv6_bitlen = 64;
118. number_per_cidr = 200;
119. max_number = 3000;
120. sendq = 400 kbytes;
121. };
122.  
123. class "opers" {
124. ping_time = 5 minutes;
125. number_per_ip = 10;
126. max_number = 1000;
127. sendq = 1 megabyte;
128. };
129.  
130. class "server" {
131. ping_time = 5 minutes;
132. connectfreq = 5 minutes;
133. max_number = 1;
134. sendq = 4 megabytes;
135. };
136.  
137. listen {
138. /* If you want to listen on a specific IP only, specify host.
139. * host definitions apply only to the following port line.
140. */
141. #host = "192.169.0.1";
142. port = 5000, 6665 .. 6669;
143. sslport = 6697;
144.  
145. /* Listen on IPv6 (if you used host= above). */
146. #host = "3ffe:1234:a:b:c::d";
147. #port = 5000, 6665 .. 6669;
148. #sslport = 9999;
149. };
150.  
151. /* auth {}: allow users to connect to the ircd (OLD I:)
152. * auth {} blocks MUST be specified in order of precedence. The first one
153. * that matches a user will be used. So place spoofs first, then specials,
154. * then general access, then restricted.
155. */
156. auth {
157. /* user: the user@host allowed to connect. Multiple IPv4/IPv6 user
158. * lines are permitted per auth block. This is matched against the
159. * hostname and IP address (using :: shortening for IPv6 and
160. * prepending a 0 if it starts with a colon) and can also use CIDR
161. * masks.
162. */
163. user = "*@127.0.0.1";
164. #user = "*test@123D:B567:*";
165.  
166. /* auth_user: The username (authenticated via SASL or PASS) allowed
167. * to connect. You are able to put multiple auth_user lines. If people
168. * are authenticating via SASL in this way, it is recommended to comment
169. * out the password option below. You will also *NEED* to specify a user
170. * line above auth_user, this can safely be "*@*", however.
171. */
172. #auth_user = "jilles";
173. #auth_user = "jdhore";
174.  
175. /* password: an optional password that is required to use this block.
176. * By default this is not encrypted, specify the flag "encrypted" in
177. * flags = ...; below if it is.
178. */
179. #password = "letmein";
180.  
181. /* spoof: fake the users user@host to be be this. You may either
182. * specify a host or a user@host to spoof to. This is free-form,
183. * just do everyone a favour and dont abuse it. (OLD I: = flag)
184. */
185. spoof = "adam.dumb";
186.  
187. /* autojoin: Channel (or channels, comma-seperated) to join users
188. * in this auth block to on connect. Note that this won't join
189. * the user through any bans or otherwise restrictive chmodes.
190. */
191. autojoin = "#irc";
192.  
193.  
194. /* Possible flags in auth:
195. *
196. * encrypted | password is encrypted with mkpasswd
197. * spoof_notice | give a notice when spoofing hosts
198. * exceed_limit (old > flag) | allow user to exceed class user limits
199. * kline_exempt (old ^ flag) | exempt this user from k/g/xlines&dnsbls
200. * dnsbl_exempt | exempt this user from dnsbls
201. * spambot_exempt | exempt this user from spambot checks
202. * shide_exempt | exempt this user from serverhiding
203. * jupe_exempt | exempt this user from generating
204. * warnings joining juped channels
205. * resv_exempt | exempt this user from resvs
206. * flood_exempt | exempt this user from flood limits
207. * USE WITH CAUTION.
208. * no_tilde (old - flag) | don't prefix ~ to username if no ident
209. * need_ident (old + flag) | require ident for user in this class
210. * need_ssl | require SSL/TLS for user in this class
211. * need_sasl | require SASL id for user in this class
212. */
213. flags = kline_exempt, exceed_limit;
214.  
215. /* class: the class the user is placed in */
216. class = "opers";
217. };
218.  
219. /* Example WEBIRC authblock */
220. auth {
221. /* user: webirc@IP.OF.YOUR.WEBIRC . the webirc@ part is required */
222. user = "webirc@192.168.1.1";
223.  
224. /* password: password the webirc client sends in the WEBIRC command.
225. * You can use a encrypted password here (see above auth block).
226. */
227. #password = "<password>";
228.  
229. /* spoof: This is required to keep it what it is currently if you
230. * want the webirc client to show the users' real host as their
231. * host on IRC.
232. */
233. spoof = "webirc.";
234. class = "users";
235. };
236.  
237. auth {
238. user = "*@*";
239. class = "users";
240. };
241.  
242. /* privset {} blocks MUST be specified before anything that uses them. That
243. * means they must be defined before operator {}.
244. */
245. privset "local_op" {
246. privs = oper:local_kill, oper:operwall;
247. };
248.  
249. privset "server_bot" {
250. extends = "local_op";
251. privs = oper:kline, oper:remoteban, snomask:nick_changes;
252. };
253.  
254. privset "global_op" {
255. extends = "local_op";
256. privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline,
257. oper:resv, oper:mass_notice, oper:remoteban;
258. };
259.  
260. privset "admin" {
261. extends = "global_op";
262. privs = oper:admin, oper:die, oper:rehash, oper:spy, oper:override;
263. };
264.  
265. privset "netadmin" {
266. extends = "admin";
267. privs = oper:admin, oper:die, oper:rehash, oper:spy, oper:override;
268. };
269.  
270.  
271.  
272. connect "london.froglive.me" {
273. host = "178.62.31.75";
274. send_password = "LolHahHehYes123";
275. accept_password = "LolHahHehYes123";
276. port = 5000;
277. hub_mask = "*";
278. class = "server";
279. flags = compressed, topicburst, autoconn;
280.  
281. #fingerprint = "c77106576abf7f9f90cca0f63874a60f2e40a64b";
282.  
283. /* If the connection is IPv6, uncomment below.
284. * Use 0::1, not ::1, for IPv6 localhost. */
285. #aftype = ipv6;
286. };
287.  
288. connect "test2.example.org" {
289. host = "192.168.0.1";
290. send_password = "password";
291. accept_password = "anotherpassword";
292. port = 9999;
293. hub_mask = "*";
294. class = "server";
295. flags = ssl, topicburst;
296. };
297.  
298. service {
299. name = "services.froglive.me";
300. };
301.  
302. cluster {
303. name = "*";
304. flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv;
305. };
306.  
307. shared {
308. oper = "*@*", "*";
309. flags = all;
310. };
311.  
312. /* exempt {}: IPs that are exempt from Dlines and rejectcache. (OLD d:) */
313. exempt {
314. ip = "127.0.0.1";
315. };
316.  
317. channel {
318. #disabledmodes = "ME";
319. autochanmodes = "nt";
320. autotopic = "Please set a topic, and if necessary, register this channel.";
321. admin_on_channel_create = no;
322. exemptchanops = "NT";
323. use_halfop = yes;
324. use_admin = yes;
325. use_owner = yes;
326. use_knock = yes;
327. knock_delay = 5 minutes;
328. knock_delay_channel = 1 minute;
329. max_chans_per_user = 15;
330. max_bans = 100;
331. max_bans_large = 500;
332. default_split_user_count = 0;
333. default_split_server_count = 0;
334. no_create_on_split = no;
335. no_join_on_split = no;
336. burst_topicwho = yes;
337. kick_on_split_riding = no;
338. only_ascii_channels = no;
339. cycle_host_change = yes;
340. host_in_topic = yes;
341. resv_forcepart = yes;
342. channel_target_change = yes;
343. };
344.  
345. serverhide {
346. flatten_links = yes;
347. links_delay = 5 minutes;
348. hidden = no;
349. disable_hidden = no;
350. };
351.  
352. /* These are the blacklist settings.
353. * You can have multiple combinations of host and rejection reasons.
354. * They are used in pairs of one host/rejection reason.
355. *
356. * These settings should be adequate for most networks, and are (presently)
357. * required for use on AthemeNet.
358. *
359. * Word to the wise: Do not use blacklists like SPEWS for blocking IRC
360. * connections.
361. *
362. * As of charybdis 2.1.3, you can do some keyword substitution on the rejection
363. * reason. The available keyword substitutions are:
364. *
365. * ${ip} - the user's IP
366. * ${host} - the user's canonical hostname
367. * ${dnsbl-host} - the dnsbl hostname the lookup was done against
368. * ${nick} - the user's nickname
369. * ${network-name} - the name of the network
370. *
371. * As of sIRCd 1.1.1, a matches parameter is allowed; if omitted, any result
372. * is considered a match. If included, a comma-separated list of *quoted*
373. * strings is allowed to match queries. They may be of the format "0" to "255"
374. * to match the final octet (e.g. 127.0.0.1) or "127.x.y.z" to explicitly match
375. * an A record. The blacklist is only applied if it matches anything in the
376. * list. You may freely mix full IP's and final octets. Consult your blacklist
377. * provider for the meaning of these parameters.
378. *
379. * Note: AHBL (the providers of the below *.ahbl.org BLs) request that they be
380. * contacted, via email, at admins@2mbit.com before using these BLs.
381. * See <http://www.ahbl.org/services.php> for more information.
382. */
383. blacklist {
384. host = "rbl.efnetrbl.org";
385. reject_reason = "${nick}, your IP (${ip}) is listed in EFnet's RBL. For assistance, see http://efnetrbl.org/?i=${ip}";
386.  
387. host = "dnsbl.dronebl.org";
388. reject_reason = "${nick}, your IP (${ip}) is listed in DroneBL. For assistance, see http://dronebl.org/lookup_branded.do?ip=${ip}&network=${network-name}";
389.  
390. host = "torexit.dan.me.uk";
391. reject_reason = "${nick}, your IP (${ip}) is listed as a TOR exit node. In order to protect ${network-name} from TOR-based abuse, we are not allowing TOR exit nodes to connect to our network.";
392.  
393. /* Example of a blacklist that supports both IPv4 and IPv6 and using matches */
394. # host = "foobl.blacklist.invalid";
395. # type = ipv4, ipv6;
396. # matches = "4", "6", "127.0.0.10";
397. # reject_reason = "${nick}, your IP (${ip}) is listed in ${dnsbl-host} for some reason. In order to protect ${network-name} from abuse, we are not allowing connections listed in ${dnsbl-host} to connect";
398.  
399. host = "dnsbl.ungowa.eu";
400. reject_reason = "${nick}, Your IP ${ip} is listed in Ungowa RBL. For Assistance, see https://ungowa.eu/dnsbl.php?ip=${ip}";
401.  
402.  
403. };
404.  
405. alias "NickServ" {
406. target = "NickServ";
407. };
408.  
409. alias "ChanServ" {
410. target = "ChanServ";
411. };
412.  
413. alias "OperServ" {
414. target = "OperServ";
415. };
416.  
417. alias "MemoServ" {
418. target = "MemoServ";
419. };
420.  
421. alias "HostServ" {
422. target = "HostServ";
423. };
424.  
425. alias "BotServ" {
426. target = "BotServ";
427. };
428.  
429. alias "InfoServ" {
430. target = "InfoServ";
431. };
432.  
433. alias "GroupServ" {
434. target = "GroupServ";
435. };
436.  
437. alias "NS" {
438. target = "NickServ";
439. };
440.  
441. alias "CS" {
442. target = "ChanServ";
443. };
444.  
445. alias "OS" {
446. target = "OperServ";
447. };
448.  
449. alias "MS" {
450. target = "MemoServ";
451. };
452.  
453. alias "HS" {
454. target = "HostServ";
455. };
456.  
457. alias "BS" {
458. target = "BotServ";
459. };
460.  
461. alias "IS" {
462. target = "InfoServ";
463. };
464.  
465. alias "GS" {
466. target = "GroupServ";
467. };
468.  
469. general {
470. hide_error_messages = opers;
471. hide_spoof_ips = yes;
472.  
473. /* default umodes: umodes to set upon connection
474. * If you wish for incoming clients to be cloaked upon connection,
475. * +x must be in the umode string below.
476. */
477. default_umodes = "+ix";
478.  
479. default_operstring = "is an IRC Operator";
480. default_adminstring = "is a Network Administrator";
481. default_operhost = "staff.baconrashers.net";
482. #static_quit = "I like turtles!";
483. servicestring = "is a Network Service";
484.  
485. /*
486. * Nick of the network's SASL agent. Used to check whether services are here,
487. * SASL credentials are only sent to its server. Needs to be a service.
488. *
489. * Defaults to SaslServ if unspecified.
490. */
491. sasl_service = "SaslServ";
492. disable_fake_channels = no;
493. hide_channel_below_users = 3;
494. tkline_expire_notices = no;
495. default_floodcount = 10;
496. failed_oper_notice = yes;
497. dots_in_ident=2;
498. min_nonwildcard = 4;
499. min_nonwildcard_simple = 3;
500. max_accept = 100;
501. max_monitor = 100;
502. anti_nick_flood = yes;
503. max_nick_time = 20 seconds;
504. max_nick_changes = 5;
505. anti_spam_exit_message_time = 1 minutes;
506. use_part_messages = yes;
507. ts_warn_delta = 30 seconds;
508. ts_max_delta = 5 minutes;
509. client_exit = yes;
510. collision_fnc = yes;
511. resv_fnc = yes;
512. global_snotices = yes;
513. dline_with_reason = yes;
514. kline_delay = 0 seconds;
515. kline_with_reason = yes;
516. kline_reason = "K-Lined";
517. identify_service = "NickServ@services.int";
518. identify_command = "IDENTIFY";
519. non_redundant_klines = yes;
520. warn_no_nline = yes;
521. use_propagated_bans = yes;
522. stats_e_disabled = no;
523. stats_c_oper_only=no;
524. stats_h_oper_only=no;
525. stats_y_oper_only=no;
526. stats_o_oper_only=yes;
527. stats_P_oper_only=no;
528. stats_i_oper_only=masked;
529. stats_k_oper_only=masked;
530. map_oper_only = no;
531. links_oper_only = no;
532. operspy_admin_only = no;
533. operspy_dont_care_user_info = no;
534. secret_channels_in_whois = no;
535. caller_id_wait = 1 minute;
536. pace_wait_simple = 1 second;
537. pace_wait = 10 seconds;
538. short_motd = no;
539. ping_cookie = no;
540. connect_timeout = 30 seconds;
541. default_ident_timeout = 5;
542. disable_auth = no;
543. no_oper_flood = yes;
544. true_no_oper_flood = no;
545. max_targets = 4;
546. client_flood = 20;
547. use_whois_actually = no;
548. oper_only_umodes = operwall, locops, servnotice;
549. oper_umodes = locops, servnotice, operwall, wallop;
550. oper_snomask = "+s";
551. burst_away = yes;
552. nick_delay = 0 seconds; # 15 minutes if you want to enable this
553. reject_ban_time = 1 minute;
554. reject_after_count = 3;
555. reject_duration = 5 minutes;
556. throttle_duration = 60;
557. throttle_count = 4;
558. static_parts = no;
559. static_part_reason = " ";
560. expire_override_time = 5 minutes;
561. };
562.  
563. modules {
564. path = "modules";
565. path = "modules/autoload";
566. };
567. .include "opers.conf"