/* doc/example.conf - brief example configuration file * * Copyright (C) 200

1. /* doc/example.conf - brief example configuration file
2. *
3. * Copyright (C) 2000-2002 Hybrid Development Team
4. * Copyright (C) 2002-2005 ircd-ratbox development team
5. * Copyright (C) 2005-2006 charybdis development team
6. *
7. * $Id: example.conf 3582 2007-11-17 21:55:48Z jilles $
8. *
9. * See reference.conf for more information.
10. */
11.  
12. /* Extensions */
13. loadmodule "extensions/chm_adminonly.so";
14. loadmodule "extensions/chm_operonly.so";
15. loadmodule "extensions/chm_sslonly.so";
16. loadmodule "extensions/extb_account.so";
17. loadmodule "extensions/extb_canjoin.so";
18. loadmodule "extensions/extb_channel.so";
19. loadmodule "extensions/extb_extgecos.so";
20. loadmodule "extensions/extb_oper.so";
21. loadmodule "extensions/extb_realname.so";
22. loadmodule "extensions/extb_server.so";
23. loadmodule "extensions/extb_ssl.so";
24. loadmodule "extensions/hurt.so";
25. loadmodule "extensions/ip_cloaking.so";
26. #loadmodule "extensions/ip_cloaking_old.so";
27. loadmodule "extensions/m_findforwards.so";
28. loadmodule "extensions/m_identify.so";
29. loadmodule "extensions/m_mkpasswd.so";
30. loadmodule "extensions/m_webirc.so";
31. loadmodule "extensions/m_cycle.so";
32. loadmodule "extensions/m_oaccept.so";
33. loadmodule "extensions/m_opme.so";
34. loadmodule "extensions/m_ojoin.so";
35. loadmodule "extensions/m_omode.so";
36. loadmodule "extensions/m_olist.so";
37. loadmodule "extensions/m_okick.so";
38. loadmodule "extensions/m_force.so";
39. loadmodule "extensions/m_roleplay.so";
40. loadmodule "extensions/no_oper_invis.so";
41. loadmodule "extensions/sno_farconnect.so";
42. loadmodule "extensions/sno_globalkline.so";
43. loadmodule "extensions/sno_globaloper.so";
44. loadmodule "extensions/sno_whois.so";
45.  
46. serverinfo {
47. name = "snakes.ircblaze.net";
48. sid = "14F";
49. description = "IRCBlaze [Public Server]";
50. network_name = "IRCBlaze";
51. network_desc = "IRCBlaze [Public Server]";
52. helpchan = "#help";
53. helpurl = "http://ircblaze.net";
54. hub = yes;
55.  
56. /* On multi-homed hosts you may need the following. These define
57. * the addresses we connect from to other servers. */
58. /* for IPv4 */
59. #vhost = "192.169.0.1";
60. /* for IPv6 */
61. #vhost6 = "3ffe:80e8:546::2";
62.  
63. /* ssl_private_key: our ssl private key */
64. ssl_private_key = "etc/ssl.key";
65.  
66. /* ssl_cert: certificate for our ssl server */
67. ssl_cert = "etc/ssl.cert";
68.  
69. /* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
70. ssl_dh_params = "etc/dh.pem";
71.  
72. /* ssld_count: number of ssld processes you want to start, if you
73. * have a really busy server, using N-1 where N is the number of
74. * cpu/cpu cores you have might be useful. A number greater than one
75. * can also be useful in case of bugs in ssld and because ssld needs
76. * two file descriptors per SSL connection.
77. */
78. ssld_count = 1;
79.  
80. /* default max clients: the default maximum number of clients
81. * allowed to connect. This can be changed once ircd has started by
82. * issuing:
83. * /quote set maxclients <limit>
84. */
85. default_max_clients = 2048;
86. };
87.  
88. admin {
89. name = "IRCBlaze Administration";
90. description = "IRCBlaze Client Server";
91. email = "root@ircblaze.net";
92. };
93.  
94. log {
95. fname_userlog = "logs/userlog";
96. #fname_fuserlog = "logs/fuserlog";
97. fname_operlog = "logs/operlog";
98. #fname_foperlog = "logs/foperlog";
99. fname_serverlog = "logs/serverlog";
100. #fname_klinelog = "logs/klinelog";
101. fname_killlog = "logs/killlog";
102. fname_operspylog = "logs/operspylog";
103. #fname_ioerrorlog = "logs/ioerror";
104. };
105.  
106. /* class {} blocks MUST be specified before anything that uses them. That
107. * means they must be defined before auth {} and before connect {}.
108. */
109. class "users" {
110. ping_time = 2 minutes;
111. number_per_ident = 5;
112. number_per_ip = 2;
113. number_per_ip_global = 4;
114. cidr_ipv4_bitlen = 24;
115. cidr_ipv6_bitlen = 64;
116. number_per_cidr = 200;
117. max_number = 3000;
118. sendq = 400 kbytes;
119. };
120.  
121. class "opers" {
122. ping_time = 5 minutes;
123. number_per_ip = 10;
124. max_number = 1000;
125. sendq = 1 megabyte;
126. };
127.  
128. class "server" {
129. ping_time = 5 minutes;
130. connectfreq = 5 minutes;
131. max_number = 1;
132. sendq = 4 megabytes;
133. };
134.  
135. listen {
136. /* If you want to listen on a specific IP only, specify host.
137. * host definitions apply only to the following port line.
138. */
139. host = "72.20.19.207";
140. port = 5000, 6665 .. 6669;
141. sslport = 6697;
142.  
143. host = "188.166.249.245";
144. port = 5000;
145.  
146. /* Listen on IPv6 (if you used host= above).
147. * host = "2001:470:3018::6667";
148. * port = 5000, 6665 .. 6669;
149. * sslport = 6697;
150. */
151. };
152.  
153. /* auth {}: allow users to connect to the ircd (OLD I:)
154. * auth {} blocks MUST be specified in order of precedence. The first one
155. * that matches a user will be used. So place spoofs first, then specials,
156. * then general access, then restricted.
157. */
158. auth {
159. /* user: the user@host allowed to connect. Multiple IPv4/IPv6 user
160. * lines are permitted per auth block. This is matched against the
161. * hostname and IP address (using :: shortening for IPv6 and
162. * prepending a 0 if it starts with a colon) and can also use CIDR
163. * masks.
164. */
165. user = "*@172.16.0.0/12";
166. user = "*test@123D:B567:*";
167.  
168. /* auth_user: The username (authenticated via SASL or PASS) allowed
169. * to connect. You are able to put multiple auth_user lines. If people
170. * are authenticating via SASL in this way, it is recommended to comment
171. * out the password option below. You will also *NEED* to specify a user
172. * line above auth_user, this can safely be "*@*", however.
173. */
174. auth_user = "jilles";
175. auth_user = "jdhore";
176.  
177. /* password: an optional password that is required to use this block.
178. * By default this is not encrypted, specify the flag "encrypted" in
179. * flags = ...; below if it is.
180. */
181. password = "letmein";
182.  
183. /* spoof: fake the users user@host to be be this. You may either
184. * specify a host or a user@host to spoof to. This is free-form,
185. * just do everyone a favour and dont abuse it. (OLD I: = flag)
186. */
187. spoof = "I.still.hate.packets";
188.  
189. /* autojoin: Channel (or channels, comma-seperated) to join users
190. * in this auth block to on connect. Note that this won't join
191. * the user through any bans or otherwise restrictive chmodes.
192. */
193. autojoin = "#syntaxIRCd";
194.  
195. /* Possible flags in auth:
196. *
197. * encrypted | password is encrypted with mkpasswd
198. * spoof_notice | give a notice when spoofing hosts
199. * exceed_limit (old > flag) | allow user to exceed class user limits
200. * kline_exempt (old ^ flag) | exempt this user from k/g/xlines&dnsbls
201. * dnsbl_exempt | exempt this user from dnsbls
202. * spambot_exempt | exempt this user from spambot checks
203. * shide_exempt | exempt this user from serverhiding
204. * jupe_exempt | exempt this user from generating
205. * warnings joining juped channels
206. * resv_exempt | exempt this user from resvs
207. * flood_exempt | exempt this user from flood limits
208. * USE WITH CAUTION.
209. * no_tilde (old - flag) | don't prefix ~ to username if no ident
210. * need_ident (old + flag) | require ident for user in this class
211. * need_ssl | require SSL/TLS for user in this class
212. * need_sasl | require SASL id for user in this class
213. */
214. flags = kline_exempt, exceed_limit;
215.  
216. /* class: the class the user is placed in */
217. class = "opers";
218. };
219.  
220. /* Example WEBIRC authblock */
221. auth {
222. /* user: webirc@IP.OF.YOUR.WEBIRC . the webirc@ part is required */
223. user = "webirc@23.95.87.115";
224.  
225. /* password: password the webirc client sends in the WEBIRC command.
226. * You can use a encrypted password here (see above auth block).
227. */
228. password = "fish";
229.  
230. /* spoof: This is required to keep it what it is currently if you
231. * want the webirc client to show the users' real host as their
232. * host on IRC.
233. */
234. spoof = "webirc.";
235. class = "users";
236. };
237.  
238. auth {
239. user = "*@193.35.58.234"; user = "*@193.35.58.235";
240. user = "*@193.35.58.236"; user = "*@139.162.195.43"; autojoin = "#SharkBNC";
241. spoof = "sharkbnc.net";
242. flags = exceed_limit, dnsbl_exempt, no_tilde;
243. class = "opers";
244. };
245.  
246.  
247.  
248. auth {
249. user = "*@64.62.228.82";
250. user = "*@207.192.75.252";
251. user = "*@78.129.202.38";
252. user = "*@109.169.29.95";
253. password = "mightyducks25";
254. spoof = "webirc.";
255. class = "users";
256. };
257.  
258. auth {
259. user = "*@*";
260. class = "users";
261. flags = no_tilde;
262. };
263.  
264. /* privset {} blocks MUST be specified before anything that uses them. That
265. * means they must be defined before operator {}.
266. */
267. privset "local_op" {
268. privs = oper:local_kill, oper:operwall;
269. };
270.  
271. privset "server_bot" {
272. extends = "local_op";
273. privs = oper:kline, oper:remoteban, snomask:nick_changes;
274. };
275.  
276. privset "global_op" {
277. extends = "local_op";
278. privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline,
279. oper:resv, oper:mass_notice, oper:remoteban;
280. };
281.  
282. privset "admin" {
283. extends = "global_op";
284. privs = oper:admin, oper:die, oper:rehash, oper:spy, oper:override, snomask:nick_changes;
285. };
286.  
287. connect "services.letstalkcoding.net" {
288. host = "188.166.249.245";
289. send_password = "LolHahHehYes123";
290. accept_password = "LolHahHehYes123";
291. port = 5000;
292. hub_mask = "*";
293. class = "server";
294. flags = compressed, topicburst;
295.  
296. #fingerprint = "c77106576abf7f9f90cca0f63874a60f2e40a64b";
297.  
298. /* If the connection is IPv6, uncomment below.
299. * Use 0::1, not ::1, for IPv6 localhost. */
300. #aftype = ipv6;
301. };
302.  
303. connect "janus.ircblaze.net" {
304. host = "*";
305. send_password = "janus";
306. accept_password = "janus";
307. port = 5000;
308. hub_mask = "*";
309. class = "server";
310. flags = compressed, topicburst, autoconn;
311. };
312. connect "relay.irc" {
313. host = "108.196.9.243";
314. send_password = "janus";
315. accept_password = "janus";
316. port = 8005;
317. hub_mask = "*";
318. class = "server";
319. flags = topicburst, autoconn;
320. };
321.  
322. service {
323. name = "services.letstalkcoding.net";
324. };
325.  
326. cluster {
327. name = "*";
328. flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv;
329. };
330.  
331. shared {
332. oper = "*@*", "*";
333. flags = all;
334. };
335.  
336. /* exempt {}: IPs that are exempt from Dlines and rejectcache. (OLD d:) */
337. exempt {
338. ip = "72.20.19.207";
339. };
340.  
341. channel {
342. #disabledmodes = "ME";
343. autochanmodes = "nt";
344. admin_on_channel_create = no;
345. exemptchanops = "NT";
346. use_halfop = yes;
347. use_admin = yes;
348. use_knock = yes;
349. use_local_channels = yes;
350. knock_delay = 5 minutes;
351. knock_delay_channel = 1 minute;
352. max_chans_per_user = 30;
353. max_bans = 100;
354. max_bans_large = 500;
355. default_split_user_count = 0;
356. default_split_server_count = 0;
357. no_create_on_split = no;
358. no_join_on_split = no;
359. burst_topicwho = yes;
360. kick_on_split_riding = no;
361. only_ascii_channels = no;
362. cycle_host_change = no;
363. host_in_topic = yes;
364. resv_forcepart = yes;
365. channel_target_change = yes;
366. };
367.  
368. serverhide {
369. flatten_links = yes;
370. links_delay = 5 minutes;
371. hidden = no;
372. disable_hidden = no;
373. };
374.  
375. /* These are the blacklist settings.
376. * You can have multiple combinations of host and rejection reasons.
377. * They are used in pairs of one host/rejection reason.
378. *
379. * These settings should be adequate for most networks, and are (presently)
380. * required for use on AthemeNet.
381. *
382. * Word to the wise: Do not use blacklists like SPEWS for blocking IRC
383. * connections.
384. *
385. * As of charybdis 2.1.3, you can do some keyword substitution on the rejection
386. * reason. The available keyword substitutions are:
387. *
388. * ${ip} - the user's IP
389. * ${host} - the user's canonical hostname
390. * ${dnsbl-host} - the dnsbl hostname the lookup was done against
391. * ${nick} - the user's nickname
392. * ${network-name} - the name of the network
393. *
394. * Note: AHBL (the providers of the below *.ahbl.org BLs) request that they be
395. * contacted, via email, at admins@2mbit.com before using these BLs.
396. * See <http://www.ahbl.org/services.php> for more information.
397. */
398. blacklist {
399. host = "rbl.efnetrbl.org";
400. reject_reason = "${nick}, your IP (${ip}) is listed in EFnet's RBL. For assistance, see http://efnetrbl.org/?i=${ip}";
401.  
402. host = "*";
403. reject_reason = "${nick}, your IP (${ip}) is listed in DroneBL. For assistance, see http://dronebl.org/lookup_branded.do?ip=${ip}&network=${network-name}";
404.  
405. host = "*";
406. reject_reason = "${nick}, your IP (${ip}) is listed in ${dnsbl-host} for abusive IRC behaviour. To prevent ${network-name} from abuse, we are not allowing connections from this IP address.";
407.  
408. # host = "tor.ahbl.org";
409. # reject_reason = "${nick}, your IP (${ip}) is listed as a TOR exit node. In order to protect ${network-name} from tor-based abuse, we are not allowing TOR exit nodes to connect to our network.";
410. };
411.  
412. alias "NickServ" {
413. target = "NickServ";
414. };
415.  
416. alias "ChanServ" {
417. target = "ChanServ";
418. };
419.  
420. alias "OperServ" {
421. target = "OperServ";
422. };
423.  
424. alias "MemoServ" {
425. target = "MemoServ";
426. };
427.  
428. alias "HostServ" {
429. target = "HostServ";
430. };
431.  
432. alias "BotServ" {
433. target = "BotServ";
434. };
435.  
436. alias "InfoServ" {
437. target = "InfoServ";
438. };
439.  
440. alias "GroupServ" {
441. target = "GroupServ";
442. };
443.  
444. alias "NS" {
445. target = "NickServ";
446. };
447.  
448. alias "CS" {
449. target = "ChanServ";
450. };
451.  
452. alias "OS" {
453. target = "OperServ";
454. };
455.  
456. alias "MS" {
457. target = "MemoServ";
458. };
459.  
460. alias "HS" {
461. target = "HostServ";
462. };
463.  
464. alias "BS" {
465. target = "BotServ";
466. };
467.  
468. alias "IS" {
469. target = "InfoServ";
470. };
471.  
472. alias "GS" {
473. target = "GroupServ";
474. };
475.  
476. general {
477. hide_error_messages = opers;
478. hide_spoof_ips = no;
479.  
480. /*
481. * default umodes: umodes to set upon connection
482. * If you have enabled the ip_cloaking extension, and you wish for
483. * incoming clients to be cloaked upon connection, +x must be in
484. * the umode string below.
485. */
486. default_umodes = "+ix";
487.  
488. default_operstring = "is an IRC Operator";
489. default_adminstring = "is a Server Administrator";
490. default_operhost = "staff.ircblaze.net";
491. #static_quit = "Client Quit";
492. servicestring = "is a Network Service";
493. disable_fake_channels = yes;
494. hide_channel_below_users = 0;
495. tkline_expire_notices = yes;
496. default_floodcount = 10;
497. failed_oper_notice = yes;
498. dots_in_ident=2;
499. min_nonwildcard = 4;
500. min_nonwildcard_simple = 3;
501. max_accept = 100;
502. max_monitor = 100;
503. anti_nick_flood = yes;
504. max_nick_time = 20 seconds;
505. max_nick_changes = 5;
506. anti_spam_exit_message_time = 2 minutes;
507. use_part_messages = yes;
508. ts_warn_delta = 30 seconds;
509. ts_max_delta = 5 minutes;
510. client_exit = yes;
511. collision_fnc = yes;
512. global_snotices = yes;
513. dline_with_reason = yes;
514. kline_delay = 15 seconds;
515. kline_with_reason = yes;
516. kline_reason = "Quit: K-Lined";
517. identify_service = "NickServ@services.letstalkcoding.net";
518. identify_command = "IDENTIFY";
519. non_redundant_klines = yes;
520. warn_no_nline = yes;
521. use_propagated_bans = yes;
522. stats_e_disabled = no;
523. stats_c_oper_only=no;
524. stats_h_oper_only=no;
525. stats_y_oper_only=no;
526. stats_o_oper_only=yes;
527. stats_P_oper_only=no;
528. stats_i_oper_only=masked;
529. stats_k_oper_only=masked;
530. map_oper_only = no;
531. operspy_admin_only = no;
532. operspy_dont_care_user_info = no;
533. secret_channels_in_whois = no;
534. caller_id_wait = 1 minute;
535. pace_wait_simple = 1 second;
536. pace_wait = 10 seconds;
537. short_motd = no;
538. ping_cookie = no;
539. connect_timeout = 30 seconds;
540. default_ident_timeout = 5;
541. disable_auth = yes;
542. no_oper_flood = yes;
543. true_no_oper_flood = no;
544. max_targets = 4;
545. client_flood = 20;
546. use_whois_actually = yes;
547. oper_only_umodes = operwall, locops, servnotice;
548. oper_umodes = locops, servnotice, operwall, wallop;
549. oper_snomask = "+s";
550. burst_away = yes;
551. nick_delay = 0 seconds; # 15 minutes if you want to enable this
552. reject_ban_time = 1 minute;
553. reject_after_count = 3;
554. reject_duration = 5 minutes;
555. throttle_duration = 60;
556. throttle_count = 4;
557. expire_override_time = 5 minutes;
558. };
559.  
560. modules {
561. path = "modules";
562. path = "modules/autoload";
563. };
564. .include "opers.conf"