X-Git-Url: https://jfr.im/git/irc/evilnet/x3.git/blobdiff_plain/7827220c933cf2fd53437d1285b639a49b213508..3e06ac80fc4ebc46916da348f8056840461f352d:/x3.conf.example diff --git a/x3.conf.example b/x3.conf.example index 83ae1b7..9d5ad92 100644 --- a/x3.conf.example +++ b/x3.conf.example @@ -15,7 +15,7 @@ */ "uplinks" { // This first entry connects to an ircd on teh same server an X3.. - "Hub" { // This can be any string, just used here for your conveniance + "Hub" { // This can be any string, just used here for your convenience "address" "127.0.0.1"; // The IP address of the server "port" "8888"; // What TCP port to connect to "password" "laoo,rpe"; // Both of these passwords must match @@ -47,12 +47,20 @@ /* hidden_host should match the F:HIDDEN_HOST: line in your ircu's ircd.conf; * x3 does not set the host suffix for users, but must know it when making * things like bans, where it should not show the user's real hostname. */ + "hidden_host_type" "1"; // change this to 2 if you use Nefarious's style 2 host hiding. + "key1" "45432"; // Set these key values to the network KEY values you use + "key2" "76934"; // for host hiding style 2. If you are using Nefarious 1.3.0 (type 8) + "key3" "98336"; // then these are ignored. + "prefix" "AfterNET"; // If you use style 2 then this is the name that is prefixed to hosts. "numeric" "51"; // hint: If you get collisions on link, CHANGE THIS. - /* Type handles some changes in nefarious 1.0 (was 0.5.0) + /* Type handles some changes in Nefarious from version to version. * 4 - nefarious 0.4.x and other ircds - * 5 - nefarious 1.0.x and higher + * 5 - nefarious 1.0.x and higher (Obselete) + * 6 - nefarious 1.1.0 and higher (Obselete) + * 7 - nefarious 1.2.0 and higher (Branch Revsion) + * 8 - nefarious 1.3.0 and higher (Trunk Revsions) */ - "type" "5"; + "type" "8"; "host_in_topic" "1"; //Set to 1 if your Nefarious server have the HOST_IN_TOPIC F:line set to TRUE. "max_users" "256"; // You can save a little memory by setting this to a lower value. "force_n2k" "1"; // Use extended (5-digit) numnick for self, even if 3 are possible. @@ -131,6 +139,10 @@ // Whats a valid hostname look like for fakehosts? "valid_fakehost_regex" "^[-_a-zA-Z0-9.]+$"; + // Force account names to lowercase? 1=yes 0=no + // WARNING: this will convert when reading them from the db, too. + "force_handles_lowercase" "0"; + // "Nickserv" networks, set this to 0. "Authserv" networks, // set it to 1. "disable_nicks" "1"; @@ -154,6 +166,15 @@ // This is ignored if "auto_reclaim_action" is "none". "auto_reclaim_delay" "0"; + // Expire nicks + "expire_nicks" "0"; + + // how often should nicks be expired? + "nick_expire_freq" "1d"; + + // how long until a nick expires? + "nick_expire_delay" "900d"; + // access control for who can change account flags // See /msg authserv help account flags "flag_levels" { @@ -161,7 +182,7 @@ "lc_h" "800"; // support helper (lower case h) "uc_H" "800"; // net helper (upper case H) "S" "999"; // O3 access suspended - "b" "1"; // Bot (not sure what it does tho) + "b" "1"; // Bot (Hidden from !staff etc) }; // and for who can change epithets for staff @@ -180,6 +201,12 @@ // how long until an account with no access to any channels expires? "nochan_account_expire_delay" "365d"; + // how long must an account be inactive so it can be ounregistered without force? + "ounregister_inactive" "1M"; + + // which flags on an account require the ounregister to be used with force? + "ounregister_flags" "ShgsfnHbu"; + // If somebody keeps guessing passwords incorrectly, do we gag them? "autogag_enabled" "1"; "autogag_duration" "30m"; @@ -214,6 +241,39 @@ // Nickserv 'style' setting affects .userlist and other outputs. "default_style" "n"; // can be: n = normal, c = clean, or a = advanced. + + + // LDAP configuration(s) + // THIS IS EXPERIMENTAL! DO NOT USE IT IF YOU ARNT'T A DEVELOPER!! + // LDAP stands for light directory access protocol. its what many larger orgs use for central user/password management. Its also the core technology behind windows active directory. + // If you have an ldap server, you can configure X3 to use it instead of saving passwords locally. + + //"ldap_enable" "0"; + //"ldap_uri" "ldaps://ldap.yournetwork.server:636"; + //"ldap_base" "ou=Users,dc=afternet,dc=org"; + //"ldap_dn_fmt" "uid=%s,ou=Users,dc=afternet,dc=org"; + //"ldap_autocreate" "1"; // automatically create accounts if they exist in ldap but not x3 + //// If you will be allowing users to register on IRC you need these: + //"ldap_admin_dn" "cn=Admin,dc=afternet,dc=org"; + //"ldap_admin_pass" "xxxxxxxxxxx"; + //"ldap_object_classes" ( "top", "inetOrgAnonAccount" ); + //// NOTE: inetOrgAnon is something I made up. its schema + //// can be found in the tools/ directory. ldap servers wont + //// know what that is by default. + //// These configure what I store, and where. + //"ldap_field_account" "uid"; + //"ldap_field_password" "userPassword"; + //"ldap_field_email" "mail"; + //"ldap_field_oslevel" "X3AccountLevel"; + //// NOTE: X3AccountLevel is a custom LDAP attribute + //// that LDAP servers will not know by default. A custom + //// schema is required to provide it. + //// This bit is needed if you want to put ircops into a group: + //"ldap_oper_group_dn" "cn=Opers,ou=Groups,dc=afternet,dc=org"; + //"ldap_oper_group_level" "99"; // must be above this level to be added to oper ldap group + //"ldap_field_group_member" "memberUid"; // what field group members are in + //"ldap_timeout" "10"; // seconds + }; /* @@ -324,6 +384,18 @@ // ------------------------------------------------------------------ + // To use geoip support in Opserv WHOIS then you will need to install + // the c GeoIP api. Its available on http://www.maxmind.com, also on + // apt on debian and ubuntu. The dat files can also be obtained + // from the earlier URL. Place them in your X3 dir and away you go. + // X3 will need a recompile once you install the c api. If there is a + // GeoIP City Data file then the GeoIP data file will be ignored. However + // bear in mind that the city data file is a lot larger than the plain + // country data file so does take a bit longer to query. If you are + // expieriencing ping timeouts you may need to tweak X3's I:line. + "geoip_data_file" "./GeoIP.dat"; + "geoip_city_data_file" ""; + // The join-flood policer code goes off all the time when a server // goes down (and everyone reconnects) so i don't reccomend using it. // Automatically moderate join flooded channels? @@ -359,8 +431,9 @@ // 1 = use a registered channel mode, have services op themselves // 2 = all of the above, and a channel setting to have ChanServ not // idle in the channel - // NOTE: +z mode, needed for this to work, is inharently flawed and - // will cause desynch, so don't use it IMO -Rubin. + // NOTE: +z mode, needed for this to work. X3 contains modifications to + // try and prevent desynchs. If you use this mode do not use any other service + // that uses this mode. "off_channel" "no"; // Infolines are sent when channel users join the channel. Users set them with USET INFO in X3. @@ -377,7 +450,7 @@ // maximum bans on a channel banlist "max_chan_bans" "512"; // maximum length of a user's infoline - "max_userinfo_length" "400"; // for god sake lower this. 80 seems good. + "max_userinfo_length" "400"; // hard limit for infolines. This is also the default value. // If SET DynLimit is on and there are N users in the channel, ChanServ will // try to keep the limit at N+. This makes the channel @@ -395,8 +468,11 @@ // How long is a channel unvisited (by masters or above) before it can be expired? "chan_expire_delay" "30d"; + // How often to look for dnrs that have expired? + "dnr_expire_freq" "1h"; + // what !set options should we show when user calls "!set" with no arguments? - "set_shows" ("DefaultTopic", "TopicMask", "Greeting", "UserGreeting", "Modes", "PubCmd", "InviteMe", "UserInfo", "EnfOps", "EnfModes", "EnfTopic", "TopicSnarf", "Setters", "CtcpReaction", "Voice", "Protect", "Toys", "DynLimit", "NoDelete"); + "set_shows" ("DefaultTopic", "TopicMask", "Greeting", "UserGreeting", "Modes", "PubCmd", "InviteMe", "UserInfo", "EnfOps", "EnfModes", "EnfTopic", "TopicSnarf", "Setters", "CtcpReaction", "BanTimeout", "Protect", "Toys", "DynLimit", "NoDelete"); // A list of !8ball responses "8ball" ( @@ -418,6 +494,23 @@ "No.", "Maybe."); + // This is a list of wheel-of-misfortune results. Remove them to disable. + // You must make sure your ircd supports, and has enabled, the features needed + // for these. + "wheel" ( + "peer", + // "partall", // needs svspart + "gline", + // "shun", // needs shun + "nothing", + // "randjoin", // needs svsjoin and svspart + // "abusewhois", // needs epitaph in /whois support + "kickall", + // "nickchange", // needs svsnick + "kill", + "svsignore", + "kickbanall" ); + // channel(s) that support helpers must be in to be helping // if this is a list, any one by itself will do "support_channel" ("#Operations", "#Help"); @@ -441,6 +534,11 @@ // when does god mode time out? "god_timeout" "30m"; + + // What should valid registered channels look like? + // Be very carefull changing these. This default is + // basically limited to letters, numbers, dash and underscore. + "valid_channel_regex" "^#[-_a-z][-_a-z0-9]*$"; }; /* Global is a service bot that can send out network-wide messages for you. I @@ -531,6 +629,10 @@ // How long should a helpserv be inactive (no requests assigned) // before it can be unregistered by the expire command? "expiration" "60d"; + + // If a user prefix's this before their helpserv commands then instead + // of a request being opened, they will be able to use helpserv commands. + "user_escape" "@"; }; /* SockCheck reads sockcheck.conf and can do configurable scans * to probe for open relays in an attempt to stop drones from using @@ -544,7 +646,7 @@ "max_read" "1024"; // don't read more than 1024 bytes from any client "gline_duration" "1d"; // issue G-lines lasting one hour "max_cache_age" "60"; // only cache results for 60 seconds - "address" "192.168.1.10"; // do proxy tests from this address + "bind_address" "192.168.0.10"; // do proxy tests from this address }; /* Snoop sends connect, quit, join, and part messages for every user * on the network, and helps in finding drones. Put it somewhere secure @@ -560,6 +662,8 @@ }; /* Track works just like Snoop except it only sends events for users * who have been specified + * DANGER: track is currently very broken, and will crash x3 and possibly corrupt your db file. + * Unless your a developer, dont even compile it in! */ "track" { // What to track by default? @@ -575,10 +679,65 @@ */ "memoserv" { "bot" "MemoServ"; + "modes" "+k"; "message_expiry" "30d"; // age when messages are deleted; set // to 0 to disable message expiration "limit" "30"; // Max amount of messages a person can get. }; + "qserver" { + "bind_address" "127.0.0.1"; + "port" "7702"; + "password" "hello"; + }; + "blacklist" { + // File containing blacklisted client addresses. + // "file" "blacklist.txt"; + // Each line in the file should start with an IP or hostname. + // If there is whitespace and a message after that, the + // message will override this one: + "file_reason" "client is blacklisted"; + // How long should a blacklist G-line last? + "gline_duration" "1h"; + // If you want to use DNS blacklists, add them here: + "dnsbl" { + // This DNSBL zone does not exist - you'll have to pick your own. + "dnsbl.example.org" { + "description" "Example DNSBL entry"; + "reason" "busted by a dns blacklist"; + "duration" "1h"; + // You can stick the client's IP in the G-line message. + "reason_2" "Example DNSBL reported %ip%'s address as 127.0.0.2"; + // .. or the contents of a DNS TXT. + "reason_3" "%txt%"; + }; + }; + }; + "sar" { + // You generally will not want to override these defaults. + // "resolv_conf" "/etc/resolv.conf"; + // "services" "/etc/services"; + // "bind_address" "0.0.0.0"; + // "bind_port" "0"; + // The defaults for these are derived from the system config files (above). + // "domain" "example.org"; + // "timeout" "3"; // base timeout for a DNS reply + // "retries" "3"; // number of times to retry on different servers or longer timeouts + // "ndots" "1"; // number of dots needed in a hostname to bypass search path + // "edns0" "0"; // if set, enable EDNS0 extended message sizes + // "search" ("example.org", "example.net"); + // "nameservers" ("127.0.0.1"); + }; + /* WebTV allows webtv clients to use common IRC commands. + */ + "webtv" { + "bot" "IRC"; + "modes" "+k"; + + // Should clients need to be marked to use this service? + "required_mark" "1"; + // which marks are valid webtv marks? + "valid_marks" ("webtv", "msntv", "msntv2"); + }; }; "policers" { @@ -609,6 +768,10 @@ "body_prefix" ("AfterNET Support - User and Channel registration system"); "body_suffix_first" ("", "AfterNET IRC Network", "http://www.afternet.org"); "body_suffix" ("", "AfterNET IRC Network", "http://www.afternet.org", "support@afternet.org","irc://irc.afternet.org/afternet"); + // If you are using the smtp mail back-end, you may need to set these: + "smtp_server" "localhost"; + "smtp_service" "smtp"; + // "smtp_myname" "localhost.domain"; }; /* DBS (Databases) *************************************************