*/
"uplinks" {
// This first entry connects to an ircd on teh same server an X3..
- "Hub" { // This can be any string, just used here for your conveniance
+ "Hub" { // This can be any string, just used here for your convenience
"address" "127.0.0.1"; // The IP address of the server
"port" "8888"; // What TCP port to connect to
"password" "laoo,rpe"; // Both of these passwords must match
/* hidden_host should match the F:HIDDEN_HOST: line in your ircu's ircd.conf;
* x3 does not set the host suffix for users, but must know it when making
* things like bans, where it should not show the user's real hostname. */
+ "hidden_host_type" "1"; // change this to 2 if you use Nefarious's style 2 host hiding.
+ "key1" "45432"; // Set these key values to the network KEY values you use
+ "key2" "76934"; // for host hiding style 2.
+ "key3" "98336";
+ "prefix" "AfterNET"; // If you use style 2 then this is the name that is prefixed to hosts.
"numeric" "51"; // hint: If you get collisions on link, CHANGE THIS.
- "type" "4"; // Only change this to 5 if you are using Nefarious 0.5.0 off SVN
+ /* Type handles some changes in nefarious 1.0 (was 0.5.0)
+ * 4 - nefarious 0.4.x and other ircds
+ * 5 - nefarious 1.0.x and higher (Obselete)
+ * 6 - nefarious 1.1.0 and higher (Branch Revision)
+ * 7 - nefarious 1.2.0 and higher (Trunk Revsions)
+ */
+ "type" "6";
+ "host_in_topic" "1"; //Set to 1 if your Nefarious server have the HOST_IN_TOPIC F:line set to TRUE.
"max_users" "256"; // You can save a little memory by setting this to a lower value.
"force_n2k" "1"; // Use extended (5-digit) numnick for self, even if 3 are possible.
"ping_freq" "60";
"Support Staff <support@afternet.org>"
);
/* extended_accounts -
- * enable this for nefarious 0.4.x and higher. Sends 'AC R nick account'instead of
- * 'AC nick account' and allows for renames etc. */
+ * enable this for nefarious 0.4.x and higher and in ircd.conf add F:EXTENDED_ACCOUNTS:TRUE.
+ * Sends 'AC R nick account' instead of 'AC nick account' and allows
+ * for renames, login-on-connect, etc. If you use stock ircu set to 0. */
"extended_accounts" "1";
+
/* the following two settings are for ircu's HEAD_IN_SAND features, and are equivelent to
* the F: lines in ircu's ircd.conf. both can be disabled by commenting them out. */
//"his_servername" "*.AfterNET.org"; // hidden server name, shown in remote /whois requests
"valid_account_regex" "^[-_a-z0-9A-Z]{2,15}$";
"valid_nick_regex" "^[-_a-z][-_a-z0-9]*$";
+ // Whats a valid hostname look like for fakehosts?
+ "valid_fakehost_regex" "^[-_a-zA-Z0-9.]+$";
+
+ // Force account names to lowercase? 1=yes 0=no
+ // WARNING: this will convert when reading them from the db, too.
+ "force_handles_lowercase" "0";
+
// "Nickserv" networks, set this to 0. "Authserv" networks,
// set it to 1.
"disable_nicks" "1";
// What to do when someone uses the NickServ "reclaim" command?
// This can be one of "none", "warn", "svsnick", or "kill", but
- // stock ircu does not support svsnick -- you need Bahamut or
- // nefarious.
+ // stock ircu does not support svsnick -- you need nefarious.
"reclaim_action" "none";
// What (else) to do when someone uses a registered nick?
"lc_h" "800"; // support helper (lower case h)
"uc_H" "800"; // net helper (upper case H)
"S" "999"; // O3 access suspended
- "b" "1"; // Bot (not sure what it does tho)
+ "b" "1"; // Bot (Hidden from !staff etc)
};
// and for who can change epithets for staff
// how long until an account with no access to any channels expires?
"nochan_account_expire_delay" "365d";
+ // how long must an account be inactive so it can be ounregistered without force?
+ "ounregister_inactive" "1M";
+
+ // which flags on an account require the ounregister to be used with force?
+ "ounregister_flags" "ShgsfnHbu";
+
// If somebody keeps guessing passwords incorrectly, do we gag them?
"autogag_enabled" "1";
"autogag_duration" "30m";
// Nickserv 'style' setting affects .userlist and other outputs.
"default_style" "n"; // can be: n = normal, c = clean, or a = advanced.
+
+
+ // LDAP configuration(s)
+ // THIS IS EXPERIMENTAL! DO NOT USE IT IF YOU ARNT'T A DEVELOPER!!
+ // LDAP stands for light directory access protocol. its what many larger orgs use for central user/password management. Its also the core technology behind windows active directory.
+ // If you have an ldap server, you can configure X3 to use it instead of saving passwords locally.
+
+ //"ldap_enable" "0";
+ //"ldap_uri" "ldaps://ldap.yournetwork.server:636";
+ //"ldap_base" "ou=Users,dc=afternet,dc=org";
+ //"ldap_dn_fmt" "uid=%s,ou=Users,dc=afternet,dc=org";
+ //"ldap_autocreate" "1"; // automatically create accounts if they exist in ldap but not x3
+ //// If you will be allowing users to register on IRC you need these:
+ //"ldap_admin_dn" "cn=Admin,dc=afternet,dc=org";
+ //"ldap_admin_pass" "xxxxxxxxxxx";
+ //"ldap_object_classes" ( "top", "inetOrgAnonAccount" );
+ //// NOTE: inetOrgAnon is something I made up. its schema
+ //// can be found in the tools/ directory. ldap servers wont
+ //// know what that is by default.
+ //// These configure what I store, and where.
+ //"ldap_field_account" "uid";
+ //"ldap_field_password" "userPassword";
+ //"ldap_field_email" "mail";
+ //"ldap_field_oslevel" "X3AccountLevel";
+ //// NOTE: X3AccountLevel is a custom LDAP attribute
+ //// that LDAP servers will not know by default. A custom
+ //// schema is required to provide it.
+ //// This bit is needed if you want to put ircops into a group:
+ //"ldap_oper_group_dn" "cn=Opers,ou=Groups,dc=afternet,dc=org";
+ //"ldap_oper_group_level" "99"; // must be above this level to be added to oper ldap group
+ //"ldap_field_group_member" "memberUid"; // what field group members are in
+ //"ldap_timeout" "10"; // seconds
+
};
/*
// how long to keep an illegal channel locked down (seconds)?
"purge_lock_delay" "60";
+ // ------------------------------------------------------------------
+ // Defcon Settings
+ //
+ // No new channel registrations 1
+ // No New Nick Registrations 2
+ // No Channel Mode changes 4
+ // Force Chan Mode 8
+ // Use Reduced Session Limit 16
+ // KILL any new clients trying to connect 32
+ // Services will ignore everyone but opers 64
+ // Services will silently ignore everyone but opers 128
+ // GLINE all new clients trying to connect 256
+ // No new memos sent to block MemoServ attacks 512
+ // SHUN all new clients trying to connect 1024
+ //
+ // These are the values are added together to determine each defcon setting:
+ "DefCon1" "415";
+ "DefCon2" "159";
+ "DefCon3" "31";
+ "DefCon4" "23";
+
+ // Default defcon level, 5 is running all normally
+ "DefConLevel" "5";
+
+ // If defcon is limiting sessions then how many sessions should O3 allow?
+ "DefConSessionLimit" "2";
+
+ // Length of glines and shuns set on newly connecting clients, if defcon is glining
+ // or shunning newly connecting clients
+ "DefConGlineExpire" "5m";
+
+ // Mode to set on all channels if defcon is forcing channel modes on all channels
+ "DefConChanModes" "+r";
+
+ // If not set to 0, defcon will set back to level 5 after this time
+ "DefConTimeOut" "15m";
+
+ // Set to 1 to send a notice to all users when defcon levels are changed
+ "GlobalOnDefcon" "0";
+
+ // If set to 1 along with the notice that the levels are changing an extra
+ // notice will be sent
+ "GlobalOnDefconMore" "0";
+
+ // GlobalOnDefconMore notice.
+ "DefconMessage" "Put your message to send your users here. Dont forget to uncomment GlobalOnDefconMore";
+
+ // This notice will be used if GlobalOnDefcon and GlobalOnDefconMore are off
+ "DefConOffMessage" "Services are now back to normal, sorry for any inconvenience";
+
+ // Reason placed in defcon Glines and Shuns.
+ "DefConGlineReason" "This network is currently not accepting connections, please try again later";
+
+ // ------------------------------------------------------------------
+
+ // To use geoip support in Opserv WHOIS then you will need to install
+ // the c GeoIP api. Its available on http://www.maxmind.com, also on
+ // apt on debian and ubuntu. The dat files can also be obtained
+ // from the earlier URL. Place them in your X3 dir and away you go.
+ // X3 will need a recompile once you install the c api. If there is a
+ // GeoIP City Data file then the GeoIP data file will be ignored. However
+ // bear in mind that the city data file is a lot larger than the plain
+ // country data file so does take a bit longer to query. If you are
+ // expieriencing ping timeouts you may need to tweak X3's I:line.
+ "geoip_data_file" "./GeoIP.dat";
+ "geoip_city_data_file" "";
+
// The join-flood policer code goes off all the time when a server
// goes down (and everyone reconnects) so i don't reccomend using it.
// Automatically moderate join flooded channels?
"chanserv" {
"nick" "X3";
+ // The umodes - add +d if you use nefarious 1.0 and you added 'b:lines'
+ // to pass cmdchar through to chanserv anyway.
+ "modes" "+iok";
+
// The off_channel setting takes one of three numerical values:
// 0 = off
// 1 = use a registered channel mode, have services op themselves
// 2 = all of the above, and a channel setting to have ChanServ not
// idle in the channel
- // NOTE: +z mode, needed for this to work, is inharently flawed and
- // will cause desynch, so don't use it IMO -Rubin.
+ // NOTE: +z mode, needed for this to work. X3 contains modifications to
+ // try and prevent desynchs. If you use this mode do not use any other service
+ // that uses this mode.
"off_channel" "no";
// Infolines are sent when channel users join the channel. Users set them with USET INFO in X3.
// maximum bans on a channel banlist
"max_chan_bans" "512";
// maximum length of a user's infoline
- "max_userinfo_length" "400"; // for god sake lower this. 80 seems good.
+ "max_userinfo_length" "400"; // hard limit for infolines. This is also the default value.
// If SET DynLimit is on and there are N users in the channel, ChanServ will
// try to keep the limit at N+<adjust_threshold>. This makes the channel
// How long is a channel unvisited (by masters or above) before it can be expired?
"chan_expire_delay" "30d";
+ // How often to look for dnrs that have expired?
+ "dnr_expire_freq" "1h";
+
// what !set options should we show when user calls "!set" with no arguments?
- "set_shows" ("DefaultTopic", "TopicMask", "Greeting", "UserGreeting", "Modes", "PubCmd", "InviteMe", "UserInfo", "EnfOps", "EnfModes", "EnfTopic", "TopicSnarf", "Setters", "CtcpReaction", "Voice", "Protect", "Toys", "DynLimit", "NoDelete");
+ "set_shows" ("DefaultTopic", "TopicMask", "Greeting", "UserGreeting", "Modes", "PubCmd", "InviteMe", "UserInfo", "EnfOps", "EnfModes", "EnfTopic", "TopicSnarf", "Setters", "CtcpReaction", "BanTimeout", "Protect", "Toys", "DynLimit", "NoDelete");
// A list of !8ball responses
"8ball" (
"No.",
"Maybe.");
+ // This is a list of wheel-of-misfortune results. Remove them to disable.
+ // You must make sure your ircd supports, and has enabled, the features needed
+ // for these.
+ "wheel" (
+ "peer",
+ // "partall", // needs svspart
+ "gline",
+ // "shun", // needs shun
+ "nothing",
+ // "randjoin", // needs svsjoin and svspart
+ // "abusewhois", // needs epitaph in /whois support
+ "kickall",
+ // "nickchange", // needs svsnick
+ "kill",
+ "svsignore",
+ "kickbanall" );
+
// channel(s) that support helpers must be in to be helping
// if this is a list, any one by itself will do
"support_channel" ("#Operations", "#Help");
// when does god mode time out?
"god_timeout" "30m";
+
+ // What should valid registered channels look like?
+ // Be very carefull changing these. This default is
+ // basically limited to letters, numbers, dash and underscore.
+ "valid_channel_regex" "^#[-_a-z][-_a-z0-9]*$";
};
/* Global is a service bot that can send out network-wide messages for you. I
// How long should a helpserv be inactive (no requests assigned)
// before it can be unregistered by the expire command?
"expiration" "60d";
+
+ // If a user prefix's this before their helpserv commands then instead
+ // of a request being opened, they will be able to use helpserv commands.
+ "user_escape" "@";
};
/* SockCheck reads sockcheck.conf and can do configurable scans
* to probe for open relays in an attempt to stop drones from using
"max_read" "1024"; // don't read more than 1024 bytes from any client
"gline_duration" "1d"; // issue G-lines lasting one hour
"max_cache_age" "60"; // only cache results for 60 seconds
- "address" "192.168.1.10"; // do proxy tests from this address
+ "bind_address" "192.168.0.10"; // do proxy tests from this address
};
/* Snoop sends connect, quit, join, and part messages for every user
* on the network, and helps in finding drones. Put it somewhere secure
};
/* Track works just like Snoop except it only sends events for users
* who have been specified
+ * DANGER: track is currently very broken, and will crash x3 and possibly corrupt your db file.
+ * Unless your a developer, dont even compile it in!
*/
"track" {
// What to track by default?
*/
"memoserv" {
"bot" "MemoServ";
+ "modes" "+k";
"message_expiry" "30d"; // age when messages are deleted; set
// to 0 to disable message expiration
+ "limit" "30"; // Max amount of messages a person can get.
+ };
+ "qserver" {
+ "bind_address" "127.0.0.1";
+ "port" "7702";
+ "password" "hello";
+ };
+ "blacklist" {
+ // File containing blacklisted client addresses.
+ // "file" "blacklist.txt";
+ // Each line in the file should start with an IP or hostname.
+ // If there is whitespace and a message after that, the
+ // message will override this one:
+ "file_reason" "client is blacklisted";
+ // How long should a blacklist G-line last?
+ "gline_duration" "1h";
+ // If you want to use DNS blacklists, add them here:
+ "dnsbl" {
+ // This DNSBL zone does not exist - you'll have to pick your own.
+ "dnsbl.example.org" {
+ "description" "Example DNSBL entry";
+ "reason" "busted by a dns blacklist";
+ "duration" "1h";
+ // You can stick the client's IP in the G-line message.
+ "reason_2" "Example DNSBL reported %ip%'s address as 127.0.0.2";
+ // .. or the contents of a DNS TXT.
+ "reason_3" "%txt%";
+ };
+ };
+ };
+ "sar" {
+ // You generally will not want to override these defaults.
+ // "resolv_conf" "/etc/resolv.conf";
+ // "services" "/etc/services";
+ // "bind_address" "0.0.0.0";
+ // "bind_port" "0";
+ // The defaults for these are derived from the system config files (above).
+ // "domain" "example.org";
+ // "timeout" "3"; // base timeout for a DNS reply
+ // "retries" "3"; // number of times to retry on different servers or longer timeouts
+ // "ndots" "1"; // number of dots needed in a hostname to bypass search path
+ // "edns0" "0"; // if set, enable EDNS0 extended message sizes
+ // "search" ("example.org", "example.net");
+ // "nameservers" ("127.0.0.1");
+ };
+ /* WebTV allows webtv clients to use common IRC commands.
+ */
+ "webtv" {
+ "bot" "IRC";
+ "modes" "+k";
+
+ // Should clients need to be marked to use this service?
+ "required_mark" "1";
+ // which marks are valid webtv marks?
+ "valid_marks" ("webtv", "msntv", "msntv2");
};
};
"body_prefix" ("AfterNET Support - User and Channel registration system");
"body_suffix_first" ("", "AfterNET IRC Network", "http://www.afternet.org");
"body_suffix" ("", "AfterNET IRC Network", "http://www.afternet.org", "support@afternet.org","irc://irc.afternet.org/afternet");
+ // If you are using the smtp mail back-end, you may need to set these:
+ "smtp_server" "localhost";
+ "smtp_service" "smtp";
+ // "smtp_myname" "localhost.domain";
};
/* DBS (Databases) *************************************************