]>
Commit | Line | Data |
---|---|---|
5a6d6ae5 | 1 | /* ***************************************************************** |
fbbc275b | 2 | * X3 Services Example Configuration file. |
3 | * | |
4 | * Copy it to your x3 runtime dir, and edit to taste. | |
5 | * | |
6 | * This file allows two kinds of comments. Whitespaces between | |
7 | * tokens are ignored. All strings (even if they're just numbers) | |
8 | * MUST be enclosed in double quotes. There must be a semicolon | |
9 | * after every * key/value pair. | |
d76ed9a9 | 10 | */ |
11 | ||
fbbc275b | 12 | /* UPLINKS (servers we connect to) ********************************* |
13 | * Each subsection describes one server. X3 will try to connect to | |
14 | * each in turn maxtries times, and then will quit. | |
15 | */ | |
d76ed9a9 | 16 | "uplinks" { |
fbbc275b | 17 | // This first entry connects to an ircd on teh same server an X3.. |
0bd0bef6 | 18 | "Hub" { // This can be any string, just used here for your convenience |
fbbc275b | 19 | "address" "127.0.0.1"; // The IP address of the server |
20 | "port" "8888"; // What TCP port to connect to | |
21 | "password" "laoo,rpe"; // Both of these passwords must match | |
22 | "their_password" "laoo,rpe"; // the one in the ircd C line for X3. | |
23 | "enabled" "1"; // Set to 0 to disable connecting to this server | |
24 | "max_tries" "10"; // How many times to attemt reconnect before quitting | |
25 | "bind_address" "127.0.0.1"; // LOCAL IP address we want to connect FROM | |
26 | }; | |
27 | // This next one connects to an ircd on another server | |
28 | "Hub-west" { | |
d76ed9a9 | 29 | // IP address and port the server listens on |
fbbc275b | 30 | "address" "192.168.234.123"; // IP of remote server |
31 | "port" "8888"; | |
32 | "password" "ekrpat"; // C line passwords | |
33 | "their_password" "ekrpat"; // Set same as above | |
34 | "enabled" "0"; // Set this to 1 to use this server.. | |
35 | "max_tries" "1"; | |
36 | "bind_address" "192.168.1.10"; | |
d76ed9a9 | 37 | }; |
fbbc275b | 38 | }; |
d76ed9a9 | 39 | |
fbbc275b | 40 | /* SERVER (Details about our existance) ********************************** |
41 | */ | |
42 | "server" { | |
43 | "hostname" "X3.AfterNET.Services"; // The servers name. (Use this in the ircd's C line) | |
44 | "description" "AfterNET Network Services"; // Shows up in /links. | |
45 | "network" "AfterNET"; | |
46 | "hidden_host" "Users.AfterNET.Org"; // set this if you enabled Nefarious' +x mode | |
47 | /* hidden_host should match the F:HIDDEN_HOST: line in your ircu's ircd.conf; | |
48 | * x3 does not set the host suffix for users, but must know it when making | |
49 | * things like bans, where it should not show the user's real hostname. */ | |
f16ad9e7 | 50 | "hidden_host_type" "1"; // change this to 2 if you use Nefarious's style 2 host hiding. |
51 | "key1" "45432"; // Set these key values to the network KEY values you use | |
1dfca92d | 52 | "key2" "76934"; // for host hiding style 2. If you are using Nefarious 1.3.0 (type 8) |
53 | "key3" "98336"; // then these are ignored. | |
412b1e16 | 54 | "prefix" "AfterNET"; // If you use style 2 then this is the name that is prefixed to hosts. |
fbbc275b | 55 | "numeric" "51"; // hint: If you get collisions on link, CHANGE THIS. |
1dfca92d | 56 | /* Type handles some changes in Nefarious from version to version. |
be3d31e0 | 57 | * 4 - nefarious 0.4.x and other ircds |
412b1e16 | 58 | * 5 - nefarious 1.0.x and higher (Obselete) |
1dfca92d | 59 | * 6 - nefarious 1.1.0 and higher (Obselete) |
b66855e2 MB |
60 | * 7 - nefarious 1.2.0 and higher (Obselete) |
61 | * 8 - nefarious 1.3.0 and higher (Legacy Version) | |
62 | * 9 - nefarious 2.0.x and higher (Current Version) | |
be3d31e0 | 63 | */ |
1dfca92d | 64 | "type" "8"; |
5006460e | 65 | "host_in_topic" "1"; //Set to 1 if your Nefarious server have the HOST_IN_TOPIC F:line set to TRUE. |
fbbc275b | 66 | "max_users" "256"; // You can save a little memory by setting this to a lower value. |
67 | "force_n2k" "1"; // Use extended (5-digit) numnick for self, even if 3 are possible. | |
68 | "ping_freq" "60"; | |
69 | "ping_timeout" "90"; | |
70 | "max_cycles" "30"; // max uplink cycles before giving up | |
71 | // Admin information is traditionally: location, location, email | |
72 | // This shows up on a /admin x3.afternet.services command. | |
73 | "admin" ( | |
74 | "AfterNET IRC Network", | |
75 | "www.afternet.org", | |
76 | "Support Staff <support@afternet.org>" | |
77 | ); | |
805e7c7a | 78 | /* extended_accounts - |
31543e44 | 79 | * enable this for nefarious 0.4.x and higher and in ircd.conf add F:EXTENDED_ACCOUNTS:TRUE. |
80 | * Sends 'AC R nick account' instead of 'AC nick account' and allows | |
81 | * for renames, login-on-connect, etc. If you use stock ircu set to 0. */ | |
805e7c7a | 82 | "extended_accounts" "1"; |
31543e44 | 83 | |
fbbc275b | 84 | /* the following two settings are for ircu's HEAD_IN_SAND features, and are equivelent to |
85 | * the F: lines in ircu's ircd.conf. both can be disabled by commenting them out. */ | |
86 | //"his_servername" "*.AfterNET.org"; // hidden server name, shown in remote /whois requests | |
87 | //"his_servercomment" "AfterNET IRC Network"; | |
d76ed9a9 | 88 | }; |
89 | ||
fbbc275b | 90 | /* SERVICES (Bot nicknames) ******************************************* |
91 | * Each section describes one service nickname and the details of that | |
92 | * bot's features | |
93 | * You may disable a service by commenting out its "nick" config item. | |
94 | */ | |
d76ed9a9 | 95 | "services" { |
fbbc275b | 96 | /* Nickserv is the bot you register with and auth to. |
97 | * Afternet uses the name "Authserv" without the nickname reservation | |
98 | * features enabled. Some nets call it Nickserv and configure it to | |
99 | * reserve nicks. | |
100 | */ | |
d76ed9a9 | 101 | "nickserv" { |
fbbc275b | 102 | "nick" "AuthServ"; // The bots nick on IRC |
103 | ||
104 | // If you want to have *@* as the default hostmask, set | |
105 | // default_hostmask. I highly reccomend this, and its required | |
106 | // for login-on-connect to work. | |
107 | "default_hostmask" "1"; | |
108 | ||
d76ed9a9 | 109 | // do we warn users when someone new auths to their account? |
fbbc275b | 110 | "warn_clone_auth" "1"; // -X3- warning: foobar has authed to your account |
111 | ||
112 | // default max number of logins allowed on new accounts. Users can set it | |
113 | // to something different using authserv commands. | |
114 | "default_maxlogins" "3"; | |
115 | ||
116 | // hard_maxlogins is the ammount the user cant override. | |
d76ed9a9 | 117 | "hard_maxlogins" "10"; |
fbbc275b | 118 | |
36aea90d AS |
119 | //automatically set the following modes when opers auth: |
120 | // - if it includes o, then are auto remote-opered. | |
121 | "auto_oper" "+oxwgs"; | |
122 | "auto_oper_privs" "CHAN_LIMIT SHOW_INVIS SHOW_ALL_INVIS KILL LOCAL_KILL REHASH RESTART DIE JUPE LOCAL_JUPE OPMODE WHOX SEE_CHAN PROPAGATE DISPLAY SEE_OPERS WIDE_GLINE FORCE_OPMODE REMOTEREHASH CHECK SEE_SECRET_CHAN WIDE_SHUN WIDE_ZLINE LIST_CHAN"; | |
123 | ||
d76ed9a9 | 124 | // This names a file that contains easily guessed passwords. |
125 | // It always contains "password", "<password>" and the user's | |
126 | // account name. | |
fbbc275b | 127 | // uncomment if you have a dict file. |
128 | //"dict_file" "/usr/share/dict/words"; | |
129 | ||
d76ed9a9 | 130 | // Minimum number of various types of characters permitted in |
fbbc275b | 131 | // a password. Authserv will enforce these. |
d76ed9a9 | 132 | "password_min_length" "4"; |
fbbc275b | 133 | "password_min_digits" "0"; |
d76ed9a9 | 134 | "password_min_upper" "0"; |
135 | "password_min_lower" "0"; | |
fbbc275b | 136 | |
d76ed9a9 | 137 | // What should valid account and nicks look like? |
138 | // If valid_nick_regex is omitted, valid_account_regex is used | |
139 | // for both nicks and accounts. | |
fbbc275b | 140 | // Be very carefull changing these. This default is |
141 | // basically limited to letters, numbers, dash and underscore. | |
142 | "valid_account_regex" "^[-_a-z0-9A-Z]{2,15}$"; | |
d76ed9a9 | 143 | "valid_nick_regex" "^[-_a-z][-_a-z0-9]*$"; |
144 | ||
bf93ca8d | 145 | // Whats a valid hostname look like for fakehosts? |
146 | "valid_fakehost_regex" "^[-_a-zA-Z0-9.]+$"; | |
147 | ||
acb142f0 | 148 | // Force account names to lowercase? 1=yes 0=no |
149 | // WARNING: this will convert when reading them from the db, too. | |
150 | "force_handles_lowercase" "0"; | |
151 | ||
fbbc275b | 152 | // "Nickserv" networks, set this to 0. "Authserv" networks, |
153 | // set it to 1. | |
154 | "disable_nicks" "1"; | |
155 | // One account may only own this many nicks. | |
156 | "nicks_per_account" "4"; | |
157 | ||
158 | // Send a warning when someone uses a registered nick? | |
159 | "warn_nick_owned" "0"; | |
160 | ||
161 | // What to do when someone uses the NickServ "reclaim" command? | |
162 | // This can be one of "none", "warn", "svsnick", or "kill", but | |
7827220c | 163 | // stock ircu does not support svsnick -- you need nefarious. |
fbbc275b | 164 | "reclaim_action" "none"; |
165 | ||
166 | // What (else) to do when someone uses a registered nick? | |
167 | // This can be anything "reclaim_action" can be, but it makes | |
168 | // more sense to use the "warn_nick_owned" instead of "warn". | |
169 | "auto_reclaim_action" "none"; | |
170 | ||
171 | // How long to wait before doing the auto_reclaim_action? | |
172 | // This is ignored if "auto_reclaim_action" is "none". | |
173 | "auto_reclaim_delay" "0"; | |
d76ed9a9 | 174 | |
ae275267 MB |
175 | // Expire nicks |
176 | "expire_nicks" "0"; | |
177 | ||
178 | // how often should nicks be expired? | |
179 | "nick_expire_freq" "1d"; | |
180 | ||
181 | // how long until a nick expires? | |
182 | "nick_expire_delay" "900d"; | |
183 | ||
d76ed9a9 | 184 | // access control for who can change account flags |
fbbc275b | 185 | // See /msg authserv help account flags |
d76ed9a9 | 186 | "flag_levels" { |
fbbc275b | 187 | "g" "800"; // God mode |
188 | "lc_h" "800"; // support helper (lower case h) | |
189 | "uc_H" "800"; // net helper (upper case H) | |
190 | "S" "999"; // O3 access suspended | |
8d29287a | 191 | "b" "1"; // Bot (Hidden from !staff etc) |
31de7821 | 192 | "I" "999"; // User can impersonate another account using SASL authentication |
d76ed9a9 | 193 | }; |
fbbc275b | 194 | |
d76ed9a9 | 195 | // and for who can change epithets for staff |
fbbc275b | 196 | // epithets show up in /whois as another line about the person. |
d76ed9a9 | 197 | "set_epithet_level" "800"; |
fbbc275b | 198 | |
d76ed9a9 | 199 | // what opserv access level do you need to set somebody else's level? |
200 | "modoper_level" "850"; | |
201 | ||
202 | // how often should accounts be expired? | |
203 | "account_expire_freq" "1d"; | |
fbbc275b | 204 | |
d76ed9a9 | 205 | // how long until an account with access to any channel(s) expires? |
fbbc275b | 206 | "account_expire_delay" "900d"; |
207 | ||
d76ed9a9 | 208 | // how long until an account with no access to any channels expires? |
fbbc275b | 209 | "nochan_account_expire_delay" "365d"; |
210 | ||
1136f709 | 211 | // how long must an account be inactive so it can be ounregistered without force? |
212 | "ounregister_inactive" "1M"; | |
213 | ||
214 | // which flags on an account require the ounregister to be used with force? | |
215 | "ounregister_flags" "ShgsfnHbu"; | |
216 | ||
d76ed9a9 | 217 | // If somebody keeps guessing passwords incorrectly, do we gag them? |
218 | "autogag_enabled" "1"; | |
219 | "autogag_duration" "30m"; | |
220 | "auth_policer" { | |
221 | "size" "5"; | |
222 | "drain-rate" "0.05"; | |
223 | }; | |
fbbc275b | 224 | |
d76ed9a9 | 225 | // How to integrate with email cookies? |
fbbc275b | 226 | // In order to use mail, mail must be enabled and configured |
227 | // down below in the mail section of this config file. | |
228 | "email_enabled" "1"; // Allow account verification and password reset by email. | |
229 | "email_required" "1"; // if above is 1, require verification to authenticate. | |
230 | "cookie_timeout" "2d"; // how long before we expire cookies? | |
231 | "accounts_per_email" "1"; // How many people can use the same email account. | |
232 | ||
233 | "email_search_level" "600"; // minimum OpServ level to search based on email address (search print email *foo*) | |
d76ed9a9 | 234 | "email_visible_level" "800"; // minimum OpServ level to see somebody's email address |
fbbc275b | 235 | "titlehost_suffix" "AfterNET.Org"; // 'USET title' sets a fake hostname of name.title.titlehost on a user. |
236 | "set_title_level" "900"; // Access to use 'uset title'. | |
237 | "set_fakehost_level" "1000"; //Access to set a freeform fakehost. (uset fakehost) | |
04009ebf | 238 | |
7637f48f | 239 | // A list of denied words in the fakehosts |
240 | "denied_fakehost_words" ("sex", | |
241 | "fuck", | |
242 | "asshole"); | |
243 | ||
fbbc275b | 244 | // This is a hacked in feature which exports every account change to a file sync.log. Afternet uses this and |
245 | // a bunch of custom PHP scripts to make our websites SQL user db the same as authserv, every 5 minutes. | |
246 | // You have to be a pretty handy person with the shell commands and programming to make use of this.. | |
247 | "sync_log" "0"; // Log account changes to a file for syncing w/ a website? | |
338a82b5 | 248 | |
249 | // Nickserv 'style' setting affects .userlist and other outputs. | |
250 | "default_style" "n"; // can be: n = normal, c = clean, or a = advanced. | |
e166c31b | 251 | |
252 | ||
253 | // LDAP configuration(s) | |
254 | // THIS IS EXPERIMENTAL! DO NOT USE IT IF YOU ARNT'T A DEVELOPER!! | |
255 | // LDAP stands for light directory access protocol. its what many larger orgs use for central user/password management. Its also the core technology behind windows active directory. | |
256 | // If you have an ldap server, you can configure X3 to use it instead of saving passwords locally. | |
f19aa016 | 257 | |
258 | //"ldap_enable" "0"; | |
bec5dd26 | 259 | //"ldap_uri" "ldaps://ldap.yournetwork.server:636"; |
f19aa016 | 260 | //"ldap_base" "ou=Users,dc=afternet,dc=org"; |
39edf54a | 261 | //"ldap_dn_fmt" "uid=%s,ou=Users,dc=afternet,dc=org"; |
f19aa016 | 262 | //"ldap_autocreate" "1"; // automatically create accounts if they exist in ldap but not x3 |
263 | //// If you will be allowing users to register on IRC you need these: | |
ea02341b | 264 | //"ldap_admin_dn" "cn=Admin,dc=afternet,dc=org"; |
f19aa016 | 265 | //"ldap_admin_pass" "xxxxxxxxxxx"; |
266 | //"ldap_object_classes" ( "top", "inetOrgAnonAccount" ); | |
267 | //// NOTE: inetOrgAnon is something I made up. its schema | |
268 | //// can be found in the tools/ directory. ldap servers wont | |
269 | //// know what that is by default. | |
270 | //// These configure what I store, and where. | |
8a729617 | 271 | //"ldap_field_account" "uid"; |
f19aa016 | 272 | //"ldap_field_password" "userPassword"; |
8a729617 | 273 | //"ldap_field_email" "mail"; |
35ea100f | 274 | //"ldap_field_oslevel" "X3AccountLevel"; |
275 | //// NOTE: X3AccountLevel is a custom LDAP attribute | |
276 | //// that LDAP servers will not know by default. A custom | |
277 | //// schema is required to provide it. | |
f19aa016 | 278 | //// This bit is needed if you want to put ircops into a group: |
8a729617 | 279 | //"ldap_oper_group_dn" "cn=Opers,ou=Groups,dc=afternet,dc=org"; |
17d4a698 | 280 | //"ldap_oper_group_level" "99"; // must be above this level to be added to oper ldap group |
f19aa016 | 281 | //"ldap_field_group_member" "memberUid"; // what field group members are in |
ddcb3eb3 | 282 | //"ldap_timeout" "10"; // seconds |
f19aa016 | 283 | |
d76ed9a9 | 284 | }; |
285 | ||
fbbc275b | 286 | /* |
287 | * OpServ is the bot opers use to do glines, look at info etc. | |
288 | * Afternet uses the nickname "O3" for this as its easier to type. | |
289 | */ | |
d76ed9a9 | 290 | "opserv" { |
fbbc275b | 291 | "nick" "O3"; |
d76ed9a9 | 292 | // should use of this service be limited to global opers? |
fbbc275b | 293 | "privileged" "1"; |
294 | ||
d76ed9a9 | 295 | // fullname for service |
fbbc275b | 296 | "description" "Oper Service Bot"; // (for /whois) |
297 | ||
d76ed9a9 | 298 | // hostname for service; only used if "description" is also set |
fbbc275b | 299 | "hostname" "X3.AfterNET.Services"; // (for /whois) |
300 | ||
301 | // What channel should opserv send debug output to? | |
302 | // I don't have any idea what debug info goes here. You can configure | |
303 | // debugging logs in the log section to go to any channel. | |
304 | // Probably safest to set to your oper channel. | |
305 | "debug_channel" "#TheOps"; // Bot will join this channel, also. | |
306 | "debug_channel_modes" "+tnOS"; // Modes get set every time X3 starts up | |
307 | ||
d76ed9a9 | 308 | // where to send general alerts (e.g. flood alerts)? |
fbbc275b | 309 | "alert_channel" "#TheOps"; // Bot will join this channel, also. |
310 | "alert_channel_modes" "+"; // Modes get set every time X3 starts up | |
311 | ||
d76ed9a9 | 312 | // who to tell about staff auths? |
fbbc275b | 313 | "staff_auth_channel" "#OperServ"; // Bot will join this channel, also. |
314 | "staff_auth_channel_modes" "+tnOs"; // modes get set every time X3 starts up | |
315 | ||
7637f48f | 316 | // which channels should all services autojoin? |
317 | "autojoin_channels" ("#TheOps", "#OperServ"); | |
318 | ||
d76ed9a9 | 319 | // how many clones to allow from an untrusted host? |
fbbc275b | 320 | // Use this carefully, users with half the # of clones will trigger this |
321 | // when a server pings out and they reconnect before the old connection is noticed | |
322 | // to be dead by the server.. so set it at about twice the # you want to allow to | |
323 | // avoid false positives. | |
324 | "untrusted_max" "6"; // 3 connections and 3 ghosts, 7th connection causes a gline. | |
325 | ||
d76ed9a9 | 326 | // how long of a g-line should be issued if the max hosts is exceeded? |
fbbc275b | 327 | "clone_gline_duration" "2h"; // durations are smhdmy |
328 | ||
329 | // how long to g-line for ?block (or, by default, for trace gline)? | |
330 | "block_gline_duration" "12h"; | |
331 | ||
d914d1cb | 332 | // how long to shun for ?sblock (or, by default, for trace shun)? |
333 | "block_shun_duration" "12h"; | |
334 | ||
fbbc275b | 335 | // When a user joins an illegal channel, O3 joins it and locks it down. |
d76ed9a9 | 336 | // how long to keep an illegal channel locked down (seconds)? |
337 | "purge_lock_delay" "60"; | |
fbbc275b | 338 | |
08895577 | 339 | // ------------------------------------------------------------------ |
340 | // Defcon Settings | |
341 | // | |
342 | // No new channel registrations 1 | |
343 | // No New Nick Registrations 2 | |
344 | // No Channel Mode changes 4 | |
345 | // Force Chan Mode 8 | |
346 | // Use Reduced Session Limit 16 | |
347 | // KILL any new clients trying to connect 32 | |
348 | // Services will ignore everyone but opers 64 | |
349 | // Services will silently ignore everyone but opers 128 | |
350 | // GLINE all new clients trying to connect 256 | |
351 | // No new memos sent to block MemoServ attacks 512 | |
0272358e | 352 | // SHUN all new clients trying to connect 1024 |
08895577 | 353 | // |
354 | // These are the values are added together to determine each defcon setting: | |
355 | "DefCon1" "415"; | |
356 | "DefCon2" "159"; | |
357 | "DefCon3" "31"; | |
358 | "DefCon4" "23"; | |
359 | ||
360 | // Default defcon level, 5 is running all normally | |
361 | "DefConLevel" "5"; | |
362 | ||
363 | // If defcon is limiting sessions then how many sessions should O3 allow? | |
364 | "DefConSessionLimit" "2"; | |
365 | ||
0272358e | 366 | // Length of glines and shuns set on newly connecting clients, if defcon is glining |
367 | // or shunning newly connecting clients | |
08895577 | 368 | "DefConGlineExpire" "5m"; |
369 | ||
370 | // Mode to set on all channels if defcon is forcing channel modes on all channels | |
371 | "DefConChanModes" "+r"; | |
372 | ||
373 | // If not set to 0, defcon will set back to level 5 after this time | |
374 | "DefConTimeOut" "15m"; | |
375 | ||
08895577 | 376 | // Set to 1 to send a notice to all users when defcon levels are changed |
377 | "GlobalOnDefcon" "0"; | |
378 | ||
379 | // If set to 1 along with the notice that the levels are changing an extra | |
380 | // notice will be sent | |
381 | "GlobalOnDefconMore" "0"; | |
382 | ||
383 | // GlobalOnDefconMore notice. | |
384 | "DefconMessage" "Put your message to send your users here. Dont forget to uncomment GlobalOnDefconMore"; | |
385 | ||
386 | // This notice will be used if GlobalOnDefcon and GlobalOnDefconMore are off | |
387 | "DefConOffMessage" "Services are now back to normal, sorry for any inconvenience"; | |
388 | ||
0272358e | 389 | // Reason placed in defcon Glines and Shuns. |
08895577 | 390 | "DefConGlineReason" "This network is currently not accepting connections, please try again later"; |
391 | ||
392 | // ------------------------------------------------------------------ | |
393 | ||
21f6caee | 394 | // To use geoip support in Opserv WHOIS then you will need to install |
395 | // the c GeoIP api. Its available on http://www.maxmind.com, also on | |
396 | // apt on debian and ubuntu. The dat files can also be obtained | |
397 | // from the earlier URL. Place them in your X3 dir and away you go. | |
398 | // X3 will need a recompile once you install the c api. If there is a | |
399 | // GeoIP City Data file then the GeoIP data file will be ignored. However | |
400 | // bear in mind that the city data file is a lot larger than the plain | |
01a5e8c8 | 401 | // country data file so does take a bit longer to query. If you are |
402 | // expieriencing ping timeouts you may need to tweak X3's I:line. | |
21f6caee | 403 | "geoip_data_file" "./GeoIP.dat"; |
404 | "geoip_city_data_file" ""; | |
405 | ||
fbbc275b | 406 | // The join-flood policer code goes off all the time when a server |
407 | // goes down (and everyone reconnects) so i don't reccomend using it. | |
408 | // Automatically moderate join flooded channels? | |
409 | "join_flood_moderate" "0"; | |
410 | // channel join flood policer params? | |
411 | "join_policer" { | |
412 | "size" "20"; | |
413 | "drain-rate" "1"; | |
414 | }; | |
415 | // Don't moderate and warn channels unless there are more than | |
416 | // join_flood_moderate_threshold users in the channel. the | |
417 | // value 0 will disable the threshold. | |
418 | "join_flood_moderate_threshold" "50"; | |
419 | // new user flood policer params | |
420 | "new_user_policer" { | |
421 | "size" "200"; | |
422 | "drain-rate" "3"; | |
423 | }; | |
1c5f6697 | 424 | // Min opserv level needed to set 'silent' glines in trace/addalert |
425 | // (nefarious only) | |
426 | "silent_level" "700"; | |
d76ed9a9 | 427 | }; |
428 | ||
429 | "chanserv" { | |
fbbc275b | 430 | "nick" "X3"; |
db4e7826 | 431 | |
d9d33535 | 432 | // The umodes - add +d if you use nefarious 1.0 and you added 'b:lines' |
433 | // to pass cmdchar through to chanserv anyway. | |
434 | "modes" "+iok"; | |
435 | ||
db4e7826 | 436 | // The off_channel setting takes one of three numerical values: |
437 | // 0 = off | |
438 | // 1 = use a registered channel mode, have services op themselves | |
439 | // 2 = all of the above, and a channel setting to have ChanServ not | |
440 | // idle in the channel | |
71d378ae | 441 | // NOTE: +z mode, needed for this to work. X3 contains modifications to |
442 | // try and prevent desynchs. If you use this mode do not use any other service | |
443 | // that uses this mode. | |
fbbc275b | 444 | "off_channel" "no"; |
445 | ||
446 | // Infolines are sent when channel users join the channel. Users set them with USET INFO in X3. | |
d76ed9a9 | 447 | // how long should a person be unseen before resending infoline? |
448 | "info_delay" "120"; | |
fbbc275b | 449 | |
450 | // Greetings can be configured by the channel manager(s) and sent to users who join the channel. | |
451 | // Many people (rightly) find this annoying, so keep them short. | |
d76ed9a9 | 452 | // maximum greeting length |
fbbc275b | 453 | "max_greetlen" "120"; |
454 | ||
d76ed9a9 | 455 | // maximum users in a channel userlist |
456 | "max_chan_users" "512"; | |
457 | // maximum bans on a channel banlist | |
458 | "max_chan_bans" "512"; | |
459 | // maximum length of a user's infoline | |
8b9e7d45 | 460 | "max_userinfo_length" "400"; // hard limit for infolines. This is also the default value. |
fbbc275b | 461 | |
462 | // If SET DynLimit is on and there are N users in the channel, ChanServ will | |
463 | // try to keep the limit at N+<adjust_threshold>. This makes the channel | |
464 | // somewhat protected from clone attacks. | |
465 | "adjust_threshold" "5"; | |
d76ed9a9 | 466 | // .. but ChanServ will only increment or decrement the limit this often. |
fbbc275b | 467 | "adjust_delay" "30"; // (seconds) |
468 | ||
31f23f13 | 469 | // How often to look for expired bans? |
470 | "ban_timeout_freq" "2m"; | |
471 | ||
d76ed9a9 | 472 | // How often to look for channels that have expired? |
fbbc275b | 473 | "chan_expire_freq" "1d"; |
474 | ||
d76ed9a9 | 475 | // How long is a channel unvisited (by masters or above) before it can be expired? |
476 | "chan_expire_delay" "30d"; | |
fbbc275b | 477 | |
1136f709 | 478 | // How often to look for dnrs that have expired? |
479 | "dnr_expire_freq" "1h"; | |
480 | ||
d76ed9a9 | 481 | // what !set options should we show when user calls "!set" with no arguments? |
0c8d17fe | 482 | "set_shows" ("DefaultTopic", "TopicMask", "Greeting", "UserGreeting", "Modes", "PubCmd", "InviteMe", "UserInfo", "EnfOps", "EnfModes", "EnfTopic", "TopicSnarf", "Setters", "CtcpReaction", "BanTimeout", "Protect", "Toys", "DynLimit", "NoDelete"); |
fbbc275b | 483 | |
d76ed9a9 | 484 | // A list of !8ball responses |
240a3274 | 485 | "8ball" ( |
486 | "Are you out of your MIND?", | |
487 | "It won't happen, not a chance, definitely no.", | |
488 | "Outlook seems bleak.", | |
489 | "My sources say no.", | |
490 | "You bet!", | |
491 | "It is decidedly so.", | |
492 | "It's hard to be sure.", | |
493 | "Most definitely.", | |
494 | "In your dreams...", | |
495 | "If the prophets wish it...", | |
496 | "Forecast hazy, try again later.", | |
497 | "I don't know!", | |
d76ed9a9 | 498 | "Absolutely!", |
240a3274 | 499 | "Never.", |
500 | "Yes.", | |
501 | "No.", | |
502 | "Maybe."); | |
fbbc275b | 503 | |
5e6460e4 | 504 | // This is a list of wheel-of-misfortune results. Remove them to disable. |
505 | // You must make sure your ircd supports, and has enabled, the features needed | |
506 | // for these. | |
507 | "wheel" ( | |
508 | "peer", | |
509 | // "partall", // needs svspart | |
510 | "gline", | |
511 | // "shun", // needs shun | |
512 | "nothing", | |
513 | // "randjoin", // needs svsjoin and svspart | |
514 | // "abusewhois", // needs epitaph in /whois support | |
515 | "kickall", | |
516 | // "nickchange", // needs svsnick | |
517 | "kill", | |
518 | "svsignore", | |
519 | "kickbanall" ); | |
520 | ||
d76ed9a9 | 521 | // channel(s) that support helpers must be in to be helping |
522 | // if this is a list, any one by itself will do | |
fbbc275b | 523 | "support_channel" ("#Operations", "#Help"); |
524 | ||
525 | // maximum number of channels a user may have. ( FORCE can override ) | |
526 | "max_owned" "2"; | |
527 | ||
7637f48f | 528 | // how long between automatic topic and userlist refreshes with TopicRefresh/Resync |
529 | "refresh_period" "10h"; | |
fbbc275b | 530 | |
d76ed9a9 | 531 | // what should !access say for various staff? |
fbbc275b | 532 | "irc_operator_epithet" "AfterNET IRC Operator"; |
533 | "network_helper_epithet" "AfterNET Network Helper"; | |
534 | "support_helper_epithet" "AfterNET Support Helper"; | |
535 | ||
d76ed9a9 | 536 | // what should a newly registered channel get as its modes? |
537 | "default_modes" "+nt"; | |
fbbc275b | 538 | |
539 | // minimum opserv access to set, clear or override channel nodelete setting? | |
d76ed9a9 | 540 | "nodelete_level" "1"; |
7637f48f | 541 | |
542 | // when does god mode time out? | |
543 | "god_timeout" "30m"; | |
d3abe0df | 544 | |
545 | // What should valid registered channels look like? | |
546 | // Be very carefull changing these. This default is | |
547 | // basically limited to letters, numbers, dash and underscore. | |
ed5c805e | 548 | "valid_channel_regex" "^#[-_a-z][-_a-z0-9]*$"; |
d76ed9a9 | 549 | }; |
550 | ||
fbbc275b | 551 | /* Global is a service bot that can send out network-wide messages for you. I |
552 | * like to set ours' nick to 'AfterNET', but some people use 'Global' | |
553 | */ | |
d76ed9a9 | 554 | "global" { |
555 | "nick" "Global"; | |
556 | // should users get community announcements by default or not? | |
fbbc275b | 557 | // community announcements are a type of global that users may |
558 | // opt into (or out of, depending on this setting) | |
d76ed9a9 | 559 | "announcements_default" "on"; |
560 | }; | |
63c95a47 | 561 | |
562 | ||
563 | "spamserv" { | |
e3e5ba49 | 564 | // You may enable this service by removing the double slashes from the config |
565 | // item. To disable it again add the double slashes back. | |
566 | // "nick" "SpamServ"; | |
63c95a47 | 567 | |
568 | // debug channel | |
569 | "debug_channel" "#operserv"; | |
3a498ccd | 570 | "debug_channel_modes" "+tinms"; |
63c95a47 | 571 | |
572 | // url of the network rules. if you don't have network rules, remove this key. | |
573 | "network_rules" "http://www.afternet.org/aup"; | |
574 | ||
575 | // trigger for spamserv; remove this key to disable the trigger | |
576 | "trigger" "%"; | |
577 | ||
578 | // ban duration of a short timedban. | |
579 | "short_ban_duration" "15m"; | |
580 | ||
581 | // ban duration of a long timedban. | |
582 | "long_ban_duration" "1h"; | |
583 | ||
584 | // duration of a gline. SpamServ will issue it after several violations and a kill. | |
585 | "gline_duration" "1h"; | |
586 | ||
587 | // users may add "exception_max" exceptions to the list. IRCOps can override "exception_max". | |
588 | "exception_max" "10"; | |
589 | ||
590 | // minimum & maximum length of an exception. | |
591 | "exception_min_len" "4"; | |
592 | "exception_max_len" "12"; | |
593 | ||
594 | // users may add "badword_max" badwords to the list. IRCOps can override badword_max". | |
595 | "badword_max" "10"; | |
596 | ||
597 | // minimum & maximum length of an badword. | |
598 | "badword_min_len" "4"; | |
599 | "badword_max_len" "12"; | |
600 | ||
601 | // if someone advertises a channel, which doesn't exist (channel is empty, no users), | |
602 | // SpamServ doesn't punish the user. | |
603 | // enable this setting, if SpamServ has to ignore advertisements of channels, which do not exist. | |
604 | // disable this setting, if SpamServ has to punish the users whenever they advertise. | |
605 | "adv_chan_must_exist" "1"; | |
606 | ||
607 | // remove all mirc codes from messages before checking for advertisements. | |
608 | // if this setting is disabled and someone spams a url which | |
609 | // contains a bold char, SpamServ doesn't punish him. | |
610 | "strip_mirc_codes" "1"; | |
611 | ||
612 | // enable this, if SpamServ has to "follow" ChanServ, when a channel moves or merges. | |
613 | // disable it, if it shouldn't be possible to move or merge SpamServ with /msg chanserv move|merge. | |
614 | "allow_move_merge" "1"; | |
615 | }; | |
d76ed9a9 | 616 | }; |
617 | ||
fbbc275b | 618 | /* MODULES (optional components) ************************************************* |
619 | * These must be explicitly compiled in (see ./configure --help) | |
620 | * When enabled, they are configured here.. | |
621 | */ | |
d76ed9a9 | 622 | "modules" { |
fbbc275b | 623 | /* Helpserv is a help-queue tracker module for your #support channels, if |
624 | * they are busy. It issues users tickets, and tracks the next available helper. | |
625 | */ | |
d76ed9a9 | 626 | "helpserv" { |
627 | // The description/fullname field | |
fbbc275b | 628 | "description" "Help Queue Manager"; // (for whois) |
629 | ||
d76ed9a9 | 630 | // HelpServ bots log all of their requests to this file, with |
631 | // details on when they were opened, closed, their contents, | |
632 | // helper, etc. The file is written in saxdb format for easy | |
633 | // parsing by external programs. Please note that you cannot | |
fbbc275b | 634 | // use ?set to change this value while x3 is running. |
d76ed9a9 | 635 | "reqlogfile" "helpservreq.log"; |
fbbc275b | 636 | |
d76ed9a9 | 637 | // How long should a helpserv be inactive (no requests assigned) |
638 | // before it can be unregistered by the expire command? | |
639 | "expiration" "60d"; | |
3da28d8e | 640 | |
641 | // If a user prefix's this before their helpserv commands then instead | |
642 | // of a request being opened, they will be able to use helpserv commands. | |
643 | "user_escape" "@"; | |
d76ed9a9 | 644 | }; |
fbbc275b | 645 | /* SockCheck reads sockcheck.conf and can do configurable scans |
646 | * to probe for open relays in an attempt to stop drones from using | |
647 | * the network. DO NOT enable this unless you have permission from | |
648 | * your ISP.. the probes will show up as attacks on everyones firewalls | |
649 | * and you will get a lot of complaints. | |
650 | */ | |
d76ed9a9 | 651 | "sockcheck" { |
fbbc275b | 652 | // disabling this hopefully |
653 | "max_sockets" "0"; // 64 is a good # of concurrent clients to be checked | |
d76ed9a9 | 654 | "max_read" "1024"; // don't read more than 1024 bytes from any client |
fbbc275b | 655 | "gline_duration" "1d"; // issue G-lines lasting one hour |
d76ed9a9 | 656 | "max_cache_age" "60"; // only cache results for 60 seconds |
1136f709 | 657 | "bind_address" "192.168.0.10"; // do proxy tests from this address |
d76ed9a9 | 658 | }; |
fbbc275b | 659 | /* Snoop sends connect, quit, join, and part messages for every user |
660 | * on the network, and helps in finding drones. Put it somewhere secure | |
661 | * so your users privacy is honored. | |
662 | */ | |
d76ed9a9 | 663 | "snoop" { |
664 | // Where to send snoop messages? | |
fbbc275b | 665 | "channel" "#MrSnoopy"; |
e87e89de | 666 | "channel_modes" "+sntim"; |
fbbc275b | 667 | // Which bot? |
668 | "bot" "O3"; | |
d76ed9a9 | 669 | // Show new users and joins from net joins? (off by default) |
670 | "show_bursts" "0"; | |
671 | }; | |
ec311f39 | 672 | /* Track works just like Snoop except it only sends events for users |
673 | * who have been specified | |
5da91ba8 | 674 | * DANGER: track is currently very broken, and will crash x3 and possibly corrupt your db file. |
675 | * Unless your a developer, dont even compile it in! | |
ec311f39 | 676 | */ |
677 | "track" { | |
678 | // What to track by default? | |
679 | "snomask" "nick,join,part,kick,new,del,auth,chanmode,umode"; | |
680 | // Where to send snoop messages? | |
681 | "channel" "#MrPeanuts"; | |
e87e89de | 682 | "channel_modes" "+sntOm"; |
ec311f39 | 683 | // Which bot? |
684 | "bot" "O3"; | |
685 | // Show new users and joins from net joins? (off by default) | |
686 | "show_bursts" "0"; | |
687 | }; | |
fbbc275b | 688 | /* Memoserv lets users send messages to other users accounts. |
689 | */ | |
d76ed9a9 | 690 | "memoserv" { |
fbbc275b | 691 | "bot" "MemoServ"; |
14f0e274 | 692 | "modes" "+k"; |
d76ed9a9 | 693 | "message_expiry" "30d"; // age when messages are deleted; set |
694 | // to 0 to disable message expiration | |
acb6d53d | 695 | "limit" "30"; // Max amount of messages a person can get. |
d76ed9a9 | 696 | }; |
1136f709 | 697 | "qserver" { |
698 | "bind_address" "127.0.0.1"; | |
699 | "port" "7702"; | |
700 | "password" "hello"; | |
701 | }; | |
702 | "blacklist" { | |
703 | // File containing blacklisted client addresses. | |
704 | // "file" "blacklist.txt"; | |
705 | // Each line in the file should start with an IP or hostname. | |
706 | // If there is whitespace and a message after that, the | |
707 | // message will override this one: | |
708 | "file_reason" "client is blacklisted"; | |
709 | // How long should a blacklist G-line last? | |
710 | "gline_duration" "1h"; | |
711 | // If you want to use DNS blacklists, add them here: | |
712 | "dnsbl" { | |
713 | // This DNSBL zone does not exist - you'll have to pick your own. | |
714 | "dnsbl.example.org" { | |
715 | "description" "Example DNSBL entry"; | |
716 | "reason" "busted by a dns blacklist"; | |
717 | "duration" "1h"; | |
718 | // You can stick the client's IP in the G-line message. | |
719 | "reason_2" "Example DNSBL reported %ip%'s address as 127.0.0.2"; | |
720 | // .. or the contents of a DNS TXT. | |
721 | "reason_3" "%txt%"; | |
722 | }; | |
723 | }; | |
724 | }; | |
725 | "sar" { | |
726 | // You generally will not want to override these defaults. | |
727 | // "resolv_conf" "/etc/resolv.conf"; | |
728 | // "services" "/etc/services"; | |
729 | // "bind_address" "0.0.0.0"; | |
730 | // "bind_port" "0"; | |
731 | // The defaults for these are derived from the system config files (above). | |
732 | // "domain" "example.org"; | |
733 | // "timeout" "3"; // base timeout for a DNS reply | |
734 | // "retries" "3"; // number of times to retry on different servers or longer timeouts | |
735 | // "ndots" "1"; // number of dots needed in a hostname to bypass search path | |
736 | // "edns0" "0"; // if set, enable EDNS0 extended message sizes | |
737 | // "search" ("example.org", "example.net"); | |
738 | // "nameservers" ("127.0.0.1"); | |
739 | }; | |
2784452e | 740 | /* WebTV allows webtv clients to use common IRC commands. |
741 | */ | |
742 | "webtv" { | |
743 | "bot" "IRC"; | |
744 | "modes" "+k"; | |
b15cddea | 745 | |
746 | // Should clients need to be marked to use this service? | |
747 | "required_mark" "1"; | |
748 | // which marks are valid webtv marks? | |
749 | "valid_marks" ("webtv", "msntv", "msntv2"); | |
2784452e | 750 | }; |
d76ed9a9 | 751 | }; |
752 | ||
753 | "policers" { | |
754 | "commands-luser" { | |
755 | "size" "5"; | |
756 | "drain-rate" "0.5"; | |
757 | }; | |
758 | }; | |
759 | ||
760 | "rlimits" { | |
761 | "data" "50M"; | |
762 | "stack" "6M"; | |
763 | "vmem" "100M"; | |
764 | }; | |
765 | ||
fbbc275b | 766 | /* MAIL (if and how X3 sends mail ) ********************************* |
767 | * Mainly Authserv/Nickserv send mail, See the Nickserv | |
768 | * section for additional mail settings also. | |
769 | */ | |
d76ed9a9 | 770 | "mail" { |
fbbc275b | 771 | "enable" "1"; |
d76ed9a9 | 772 | "mailer" "/usr/sbin/sendmail"; |
fbbc275b | 773 | // OR Afternet uses a custom script to keep the services IP hidden: |
774 | // "mailer" "/home/x3user/x3/sendmail.sh"; | |
775 | "from_address" "supportrobot@afternet.org"; | |
776 | "extra_headers" ("AfterNET-Services: x3"); | |
777 | "body_prefix_first" ("Welcome to AfterNET, looks like this is your first email from us."); | |
778 | "body_prefix" ("AfterNET Support - User and Channel registration system"); | |
779 | "body_suffix_first" ("", "AfterNET IRC Network", "http://www.afternet.org"); | |
780 | "body_suffix" ("", "AfterNET IRC Network", "http://www.afternet.org", "support@afternet.org","irc://irc.afternet.org/afternet"); | |
1136f709 | 781 | // If you are using the smtp mail back-end, you may need to set these: |
782 | "smtp_server" "localhost"; | |
783 | "smtp_service" "smtp"; | |
784 | // "smtp_myname" "localhost.domain"; | |
d76ed9a9 | 785 | }; |
786 | ||
fbbc275b | 787 | /* DBS (Databases) ************************************************* |
788 | * let you configure what databases go in what files. | |
789 | * | |
790 | * This default sets up everything in one big x3.db file. | |
791 | * | |
792 | * If you leave this section out, each database will be in its own file, | |
793 | * and they will be written out every half hour. | |
794 | */ | |
d76ed9a9 | 795 | "dbs" { |
796 | // This just illustrates how you can jam every database into one huge ("mondo") file. | |
797 | "ChanServ" { "mondo_section" "ChanServ"; }; | |
798 | "gline" { "mondo_section" "gline"; }; | |
d914d1cb | 799 | "shun" { "mondo_section" "shun"; }; |
d76ed9a9 | 800 | "Global" { "mondo_section" "Global"; }; |
801 | "HelpServ" { "mondo_section" "HelpServ"; }; | |
802 | "modcmd" { "mondo_section" "modcmd"; }; | |
803 | "NickServ" { "mondo_section" "NickServ"; }; | |
804 | "OpServ" { "mondo_section" "OpServ"; }; | |
805 | "sendmail" { "mondo_section" "sendmail"; }; | |
63c95a47 | 806 | "SpamServ" { "mondo_section" "SpamServ"; }; |
d76ed9a9 | 807 | |
808 | // These are the options if you want a database to be in its own file. | |
809 | "mondo" { | |
810 | // Where to put it? | |
ceafd592 | 811 | "filename" "x3.db"; |
d76ed9a9 | 812 | // How often should it be saved? |
813 | // (You can disable automatic saves by setting this to 0.) | |
814 | "frequency" "30m"; | |
815 | }; | |
816 | }; | |
817 | ||
fbbc275b | 818 | /* LOGS (If and how X3 logs data ) *********************************** |
819 | * LOGS sets up where X3 logs various kinds of info to. | |
820 | */ | |
d76ed9a9 | 821 | "logs" { |
822 | // Two kinds of items exist in this section. | |
823 | ||
824 | // One is a facility configuration subsection. These have the | |
825 | // name of a log facility (one of "ChanServ", "Global", | |
ceafd592 | 826 | // "HelpServ", "NickServ", "OpServ", "ProxyCheck", or "x3") and |
827 | // the value is a subsection. The "x3" log facility is a | |
d76ed9a9 | 828 | // catch-all/fall-back facility. |
ceafd592 | 829 | "x3" { |
d76ed9a9 | 830 | // The "max_age" option says how long to keep log audit entries. |
fbbc275b | 831 | "max_age" "10h"; |
d76ed9a9 | 832 | // The "max_count" option says how many log audit entries to keep. |
833 | "max_count" "1024"; | |
834 | // Audit (command tracking) entries are discarded if they exceed | |
835 | // either limit: for example, if entry 500 is 10 minutes old, it | |
836 | // will be discarded next time any audit command is logged. | |
837 | }; | |
838 | ||
839 | // The other kind of item is a target list. The name of each is a | |
840 | // description of facility-and-severity combinations, and the value | |
841 | // is a string (or list of strings) that describe where matching | |
842 | // events should be logged. As a special case, the facility * will | |
843 | // specify how to log events regardless of their true facility, and | |
844 | // the severity * will match all severities for a facility. | |
845 | // Log targets use a psuedo-URI syntax: one of "file:filename", | |
846 | // "std:[out|err|n]" where n is a valid file descriptor, or | |
847 | // "irc:#channel" (nicknames or server masks can be used instead | |
848 | // of channel names, but should be used with care). | |
849 | // The severity is one of "replay", "debug", "command", "info", | |
850 | // "override", "staff", "warning", "error", or "fatal". | |
851 | // WARNING: If any severity except "replay" for a facility is left | |
852 | // unspecified, it will use the default target (for example, | |
853 | // "file:chanserv.log"). For "replay" severity, you must ALWAYS | |
854 | // list a target to log it -- this is because it is very rarely | |
855 | // useful. | |
856 | "*.*" ("std:out", "file:everything.log"); // does NOT suppress any defaults | |
fbbc275b | 857 | "*.override,error,fatal" "irc:#TheOps"; // report all uses of staff commands |
858 | "*.staff" "irc:#MrSnoopy"; // report all uses of staff commands | |
d76ed9a9 | 859 | "ChanServ.*" "file:chanserv.log"; // duplicates the default behavior |
860 | "ProxyCheck.*" (); // stop it from logging anything | |
861 | }; |