/* doc/example.conf - brief example configuration file * * Copyright (C) 200

1. /* doc/example.conf - brief example configuration file
2. *
3. * Copyright (C) 2000-2002 Hybrid Development Team
4. * Copyright (C) 2002-2005 ircd-ratbox development team
5. * Copyright (C) 2005-2006 charybdis development team
6. *
7. * $Id: example.conf 3582 2007-11-17 21:55:48Z jilles $
8. *
9. * See reference.conf for more information.
10. */
11.  
12. /* Extensions */
13. #loadmodule "extensions/chm_adminonly.so";
14. loadmodule "extensions/chm_operonly.so";
15. #loadmodule "extensions/chm_sslonly.so";
16. #loadmodule "extensions/chm_operonly_compat.so";
17. #loadmodule "extensions/chm_quietunreg_compat.so";
18. #loadmodule "extensions/chm_sslonly_compat.so";
19. #loadmodule "extensions/createauthonly.so";
20. loadmodule "extensions/extb_account.so";
21. loadmodule "extensions/extb_canjoin.so";
22. loadmodule "extensions/extb_channel.so";
23. loadmodule "extensions/extb_extgecos.so";
24. loadmodule "extensions/extb_oper.so";
25. loadmodule "extensions/extb_realname.so";
26. #loadmodule "extensions/extb_server.so";
27. #loadmodule "extensions/extb_ssl.so";
28. #loadmodule "extensions/hurt.so";
29. loadmodule "extensions/ip_cloaking.so";
30. #loadmodule "extensions/ip_cloaking_old.so";
31. #loadmodule "extensions/m_findforwards.so";
32. loadmodule "extensions/m_identify.so";
33. loadmodule "extensions/m_mkpasswd.so";
34. loadmodule "extensions/m_webirc.so";
35. #loadmodule "extensions/m_cycle.so";
36. #loadmodule "extensions/m_oaccept.so";
37. #loadmodule "extensions/m_opme.so";
38. #loadmodule "extensions/m_ojoin.so";
39. #loadmodule "extensions/m_omode.so";
40. #loadmodule "extensions/m_olist.so";
41. #loadmodule "extensions/m_okick.so";
42. #loadmodule "extensions/m_forcejoin.so";
43. #loadmodule "extensions/m_forcepart.so";
44. #loadmodule "extensions/m_forcenick.so";
45. #loadmodule "extensions/m_roleplay.so";
46. #loadmodule "extensions/no_oper_invis.so";
47. loadmodule "extensions/sno_farconnect.so";
48. loadmodule "extensions/sno_globalkline.so";
49. loadmodule "extensions/sno_globaloper.so";
50. #loadmodule "extensions/sno_whois.so";
51.  
52. serverinfo {
53. name = "lighting.fenixatomic.net";
54. sid = "42X";
55. description = "FenixATomic Public Server";
56. network_name = "FenixAtomicNET";
57. helpchan = "#help";
58. helpurl = "http://www.mynet.net/help";
59. hub = yes;
60.  
61. /* ssl_private_key: our ssl private key */
62. ssl_private_key = "etc/ssl.key";
63.  
64. /* ssl_cert: certificate for our ssl server */
65. ssl_cert = "etc/ssl.cert";
66.  
67. /* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
68. ssl_dh_params = "etc/dh.pem";
69.  
70. /* ssld_count: number of ssld processes you want to start, if you
71. * have a really busy server, using N-1 where N is the number of
72. * cpu/cpu cores you have might be useful. A number greater than one
73. * can also be useful in case of bugs in ssld and because ssld needs
74. * two file descriptors per SSL connection.
75. */
76. ssld_count = 1;
77.  
78. /* default max clients: the default maximum number of clients
79. * allowed to connect. This can be changed once ircd has started by
80. * issuing:
81. * /quote set maxclients <limit>
82. */
83. default_max_clients = 1024;
84. };
85.  
86. admin {
87. name = "Lazy admin (lazya)";
88. description = "FenixAtomic client server";
89. email = "root@fennixatomic.net";
90. };
91.  
92. log {
93. fname_userlog = "logs/userlog";
94. #fname_fuserlog = "logs/fuserlog";
95. fname_operlog = "logs/operlog";
96. #fname_foperlog = "logs/foperlog";
97. fname_serverlog = "logs/serverlog";
98. #fname_klinelog = "logs/klinelog";
99. fname_killlog = "logs/killlog";
100. fname_operspylog = "logs/operspylog";
101. #fname_ioerrorlog = "logs/ioerror";
102. };
103.  
104. /* class {} blocks MUST be specified before anything that uses them. That
105. * means they must be defined before auth {} and before connect {}.
106. */
107. class "users" {
108. ping_time = 2 minutes;
109. number_per_ident = 10;
110. number_per_ip = 10;
111. number_per_ip_global = 50;
112. cidr_ipv4_bitlen = 24;
113. cidr_ipv6_bitlen = 64;
114. number_per_cidr = 200;
115. max_number = 3000;
116. sendq = 400 kbytes;
117. };
118.  
119. class "opers" {
120. ping_time = 5 minutes;
121. number_per_ip = 10;
122. max_number = 1000;
123. sendq = 1 megabyte;
124. };
125.  
126. class "server" {
127. ping_time = 5 minutes;
128. connectfreq = 5 minutes;
129. max_number = 1;
130. sendq = 4 megabytes;
131. };
132.  
133. listen {
134. /* If you want to listen on a specific IP only, specify host.
135. * host definitions apply only to the following port line.
136. */
137. #host = "192.169.0.1";
138. port = 5000, 6665 .. 6669;
139. sslport = 6697;
140.  
141. /* Listen on IPv6 (if you used host= above). */
142. #host = "3ffe:1234:a:b:c::d";
143. #port = 5000, 6665 .. 6669;
144. #sslport = 9999;
145. };
146.  
147. /* auth {}: allow users to connect to the ircd (OLD I:)
148. * auth {} blocks MUST be specified in order of precedence. The first one
149. * that matches a user will be used. So place spoofs first, then specials,
150. * then general access, then restricted.
151. */
152. auth {
153. /* user: the user@host allowed to connect. Multiple IPv4/IPv6 user
154. * lines are permitted per auth block. This is matched against the
155. * hostname and IP address (using :: shortening for IPv6 and
156. * prepending a 0 if it starts with a colon) and can also use CIDR
157. * masks.
158. */
159. user = "*@172.16.0.0/12";
160. user = "*test@123D:B567:*";
161.  
162. /* auth_user: The username (authenticated via SASL or PASS) allowed
163. * to connect. You are able to put multiple auth_user lines. If people
164. * are authenticating via SASL in this way, it is recommended to comment
165. * out the password option below. You will also *NEED* to specify a user
166. * line above auth_user, this can safely be "*@*", however.
167. */
168. auth_user = "jilles";
169. auth_user = "jdhore";
170.  
171. /* password: an optional password that is required to use this block.
172. * By default this is not encrypted, specify the flag "encrypted" in
173. * flags = ...; below if it is.
174. */
175. password = "letmein";
176.  
177. /* spoof: fake the users user@host to be be this. You may either
178. * specify a host or a user@host to spoof to. This is free-form,
179. * just do everyone a favour and dont abuse it. (OLD I: = flag)
180. */
181. spoof = "I.still.hate.packets";
182.  
183. /* autojoin: Channel (or channels, comma-seperated) to join users
184. * in this auth block to on connect. Note that this won't join
185. * the user through any bans or otherwise restrictive chmodes.
186. */
187. autojoin = "#sIRCd";
188.  
189.  
190. /* Possible flags in auth:
191. *
192. * encrypted | password is encrypted with mkpasswd
193. * spoof_notice | give a notice when spoofing hosts
194. * exceed_limit (old > flag) | allow user to exceed class user limits
195. * kline_exempt (old ^ flag) | exempt this user from k/g/xlines&dnsbls
196. * dnsbl_exempt | exempt this user from dnsbls
197. * spambot_exempt | exempt this user from spambot checks
198. * shide_exempt | exempt this user from serverhiding
199. * jupe_exempt | exempt this user from generating
200. * warnings joining juped channels
201. * resv_exempt | exempt this user from resvs
202. * flood_exempt | exempt this user from flood limits
203. * USE WITH CAUTION.
204. * no_tilde (old - flag) | don't prefix ~ to username if no ident
205. * need_ident (old + flag) | require ident for user in this class
206. * need_ssl | require SSL/TLS for user in this class
207. * need_sasl | require SASL id for user in this class
208. */
209. flags = kline_exempt, exceed_limit;
210.  
211. /* class: the class the user is placed in */
212. class = "opers";
213. };
214.  
215. /* Example WEBIRC authblock */
216. auth {
217. /* user: webirc@IP.OF.YOUR.WEBIRC . the webirc@ part is required */
218. user = "webirc@192.168.1.1";
219.  
220. /* password: password the webirc client sends in the WEBIRC command.
221. * You can use a encrypted password here (see above auth block).
222. */
223. password = "<password>";
224.  
225. /* spoof: This is required to keep it what it is currently if you
226. * want the webirc client to show the users' real host as their
227. * host on IRC.
228. */
229. spoof = "webirc.";
230. class = "users";
231. };
232.  
233. auth {
234. user = "*@*";
235. class = "users";
236. };
237.  
238. /* privset {} blocks MUST be specified before anything that uses them. That
239. * means they must be defined before operator {}.
240. */
241. privset "local_op" {
242. privs = oper:local_kill, oper:operwall;
243. };
244.  
245. privset "server_bot" {
246. extends = "local_op";
247. privs = oper:kline, oper:remoteban, snomask:nick_changes;
248. };
249.  
250. privset "global_op" {
251. extends = "local_op";
252. privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline,
253. oper:resv, oper:mass_notice, oper:remoteban;
254. };
255.  
256. privset "admin" {
257. extends = "global_op";
258. privs = oper:admin, oper:die, oper:rehash, oper:spy, oper:override;
259. };
260.  
261. connect "irc.uplink.com" {
262. host = "192.168.0.1";
263. send_password = "password";
264. accept_password = "anotherpassword";
265. port = 6666;
266. hub_mask = "*";
267. class = "server";
268. flags = compressed, topicburst;
269. };
270.  
271. connect "services.fenixatomic.net" {
272. host = "*;
273. send_password = "password";
274. accept_password = "anotherpassword";
275. port = 6666;
276. hub_mask = "*";
277. class = "server";
278. flags = compressed, topicburst;
279. #fingerprint = "c77106576abf7f9f90cca0f63874a60f2e40a64b";
280.  
281. /* If the connection is IPv6, uncomment below.
282. * Use 0::1, not ::1, for IPv6 localhost. */
283. #aftype = ipv6;
284. };
285.  
286. connect "ssl.uplink.com" {
287. host = "192.168.0.1";
288. send_password = "password";
289. accept_password = "anotherpassword";
290. port = 9999;
291. hub_mask = "*";
292. class = "server";
293. flags = ssl, topicburst;
294. };
295.  
296.  
297.  
298. service {
299. name = "services.fenixatomic.net";
300. };
301.  
302. cluster {
303. name = "*";
304. flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv;
305. };
306.  
307. shared {
308. oper = "*@*", "*";
309. flags = all;
310. };
311.  
312. /* exempt {}: IPs that are exempt from Dlines and rejectcache. (OLD d:) */
313. exempt {
314. ip = "162.243.50.223";
315. };
316.  
317. channel {
318. #disabledmodes = "ME";
319. autochanmodes = "nt";
320. autotopic = "Please set a topic, and if necessary, register this channel.";
321. admin_on_channel_create = no;
322. exemptchanops = "NT";
323. use_halfop = yes;
324. use_admin = yes;
325. use_owner = yes;
326. use_knock = yes;
327. use_local_channels = yes;
328. knock_delay = 5 minutes;
329. knock_delay_channel = 1 minute;
330. max_chans_per_user = 15;
331. max_bans = 100;
332. max_bans_large = 500;
333. default_split_user_count = 0;
334. default_split_server_count = 0;
335. no_create_on_split = no;
336. no_join_on_split = no;
337. burst_topicwho = yes;
338. kick_on_split_riding = no;
339. only_ascii_channels = no;
340. cycle_host_change = yes;
341. host_in_topic = yes;
342. resv_forcepart = yes;
343. channel_target_change = yes;
344. };
345.  
346. serverhide {
347. flatten_links = yes;
348. links_delay = 5 minutes;
349. hidden = no;
350. disable_hidden = no;
351. };
352.  
353. /* These are the blacklist settings.
354. * You can have multiple combinations of host and rejection reasons.
355. * They are used in pairs of one host/rejection reason.
356. *
357. * These settings should be adequate for most networks, and are (presently)
358. * required for use on AthemeNet.
359. *
360. * Word to the wise: Do not use blacklists like SPEWS for blocking IRC
361. * connections.
362. *
363. * As of charybdis 2.1.3, you can do some keyword substitution on the rejection
364. * reason. The available keyword substitutions are:
365. *
366. * ${ip} - the user's IP
367. * ${host} - the user's canonical hostname
368. * ${dnsbl-host} - the dnsbl hostname the lookup was done against
369. * ${nick} - the user's nickname
370. * ${network-name} - the name of the network
371. *
372. * Note: AHBL (the providers of the below *.ahbl.org BLs) request that they be
373. * contacted, via email, at admins@2mbit.com before using these BLs.
374. * See <http://www.ahbl.org/services.php> for more information.
375. */
376. blacklist {
377. host = "rbl.efnetrbl.org";
378. reject_reason = "${nick}, your IP (${ip}) is listed in EFnet's RBL. For assistance, see http://efnetrbl.org/?i=${ip}";
379.  
380. host = "";
381. reject_reason = "${nick}, your IP (${ip}) is listed in DroneBL. For assistance, see http://dronebl.org/lookup_branded.do?ip=${ip}&network=${network-name}";
382.  
383. host = "dnsbl.ircpolice.ga";
384. reject_reason = "${nick}, your IP (${ip}) is listed in ${dnsbl-host} for abusive IRC behaviour. To prevent ${network-name} from abuse, we are not allowing connections from this IP address.";
385.  
386. host = "torexit.dan.me.uk";
387. reject_reason = "${nick}, your IP (${ip}) is listed as a TOR exit node. In order to protect ${network-name} from TOR-based abuse, we are not allowing TOR exit nodes to connect to our network.";
388. };
389.  
390. alias "NickServ" {
391. target = "NickServ";
392. };
393.  
394. alias "ChanServ" {
395. target = "ChanServ";
396. };
397.  
398. alias "OperServ" {
399. target = "OperServ";
400. };
401.  
402. alias "MemoServ" {
403. target = "MemoServ";
404. };
405.  
406. alias "HostServ" {
407. target = "HostServ";
408. };
409.  
410. alias "BotServ" {
411. target = "BotServ";
412. };
413.  
414. alias "InfoServ" {
415. target = "InfoServ";
416. };
417.  
418. alias "GroupServ" {
419. target = "GroupServ";
420. };
421.  
422. alias "NS" {
423. target = "NickServ";
424. };
425.  
426. alias "CS" {
427. target = "ChanServ";
428. };
429.  
430. alias "OS" {
431. target = "OperServ";
432. };
433.  
434. alias "MS" {
435. target = "MemoServ";
436. };
437.  
438. alias "HS" {
439. target = "HostServ";
440. };
441.  
442. alias "BS" {
443. target = "BotServ";
444. };
445.  
446. alias "IS" {
447. target = "InfoServ";
448. };
449.  
450. alias "GS" {
451. target = "GroupServ";
452. };
453.  
454. general {
455. hide_error_messages = opers;
456. hide_spoof_ips = yes;
457.  
458. /*
459. * default umodes: umodes to set upon connection
460. * If you have enabled the ip_cloaking extension, and you wish for
461. * incoming clients to be cloaked upon connection, +x must be in
462. * the umode string below.
463. */
464. default_umodes = "+ix";
465.  
466. default_operstring = "is an IRC Operator";
467. default_adminstring = "is a Server Administrator";
468. default_operhost = "staff.fenixatomic.net";
469. #static_quit = "I like turtles!";
470. servicestring = "is a Network Service";
471. disable_fake_channels = no;
472. hide_channel_below_users = 3;
473. tkline_expire_notices = no;
474. default_floodcount = 10;
475. failed_oper_notice = yes;
476. dots_in_ident=2;
477. min_nonwildcard = 4;
478. min_nonwildcard_simple = 3;
479. max_accept = 100;
480. max_monitor = 100;
481. anti_nick_flood = yes;
482. max_nick_time = 20 seconds;
483. max_nick_changes = 5;
484. anti_spam_exit_message_time = 1 minutes;
485. use_part_messages = yes;
486. ts_warn_delta = 30 seconds;
487. ts_max_delta = 5 minutes;
488. client_exit = yes;
489. collision_fnc = yes;
490. global_snotices = yes;
491. dline_with_reason = yes;
492. kline_delay = 0 seconds;
493. kline_with_reason = yes;
494. kline_reason = "K-Lined";
495. custom_cloak = "cloaked";
496. identify_service = "NickServ@services.fenixatomic.net";
497. identify_command = "IDENTIFY";
498. non_redundant_klines = yes;
499. warn_no_nline = yes;
500. use_propagated_bans = yes;
501. stats_e_disabled = no;
502. stats_c_oper_only=no;
503. stats_h_oper_only=no;
504. stats_y_oper_only=no;
505. stats_o_oper_only=yes;
506. stats_P_oper_only=no;
507. stats_i_oper_only=masked;
508. stats_k_oper_only=masked;
509. map_oper_only = no;
510. links_oper_only = no;
511. operspy_admin_only = no;
512. operspy_dont_care_user_info = no;
513. secret_channels_in_whois = no;
514. caller_id_wait = 1 minute;
515. pace_wait_simple = 1 second;
516. pace_wait = 10 seconds;
517. short_motd = no;
518. ping_cookie = no;
519. connect_timeout = 30 seconds;
520. default_ident_timeout = 5;
521. disable_auth = no;
522. no_oper_flood = yes;
523. true_no_oper_flood = no;
524. max_targets = 4;
525. client_flood = 20;
526. use_whois_actually = no;
527. oper_only_umodes = operwall, locops, servnotice;
528. oper_umodes = locops, servnotice, operwall, wallop;
529. oper_snomask = "+s";
530. burst_away = yes;
531. nick_delay = 0 seconds; # 15 minutes if you want to enable this
532. reject_ban_time = 1 minute;
533. reject_after_count = 3;
534. reject_duration = 5 minutes;
535. throttle_duration = 60;
536. throttle_count = 4;
537. expire_override_time = 5 minutes;
538. hide_opers = no;
539. };
540.  
541. modules {
542. path = "modules";
543. path = "modules/autoload";
544. };
545. .include "opers.conf"