X-Git-Url: https://jfr.im/git/irc/evilnet/x3.git/blobdiff_plain/c02cd944e0261c030db976e64815929681302462..8da897110dbfa9fc6b742ecbb055368bc45b0f07:/x3.conf.example diff --git a/x3.conf.example b/x3.conf.example index 7fce206..34650bc 100644 --- a/x3.conf.example +++ b/x3.conf.example @@ -47,8 +47,18 @@ /* hidden_host should match the F:HIDDEN_HOST: line in your ircu's ircd.conf; * x3 does not set the host suffix for users, but must know it when making * things like bans, where it should not show the user's real hostname. */ + "hidden_host_type" "1"; // change this to 2 if you use Nefarious's style 2 host hiding. + "key1" "45432"; // Set these key values to the network KEY values you use + "key2" "76934"; // for host hiding style 2. + "key3" "98336"; "numeric" "51"; // hint: If you get collisions on link, CHANGE THIS. - "type" "4"; // Only change this to 5 if you are using Nefarious 0.5.0 off SVN + /* Type handles some changes in nefarious 1.0 (was 0.5.0) + * 4 - nefarious 0.4.x and other ircds + * 5 - nefarious 1.0.x and higher (Branch Revision) + * 6 - nefarious 1.0.x and higher (Trunk Revision) + */ + "type" "5"; + "host_in_topic" "1"; //Set to 1 if your Nefarious server have the HOST_IN_TOPIC F:line set to TRUE. "max_users" "256"; // You can save a little memory by setting this to a lower value. "force_n2k" "1"; // Use extended (5-digit) numnick for self, even if 3 are possible. "ping_freq" "60"; @@ -62,9 +72,11 @@ "Support Staff " ); /* extended_accounts - - * enable this for nefarious 0.4.x and higher. Sends 'AC R nick account'instead of - * 'AC nick account' and allows for renames etc. */ + * enable this for nefarious 0.4.x and higher and in ircd.conf add F:EXTENDED_ACCOUNTS:TRUE. + * Sends 'AC R nick account' instead of 'AC nick account' and allows + * for renames, login-on-connect, etc. If you use stock ircu set to 0. */ "extended_accounts" "1"; + /* the following two settings are for ircu's HEAD_IN_SAND features, and are equivelent to * the F: lines in ircu's ircd.conf. both can be disabled by commenting them out. */ //"his_servername" "*.AfterNET.org"; // hidden server name, shown in remote /whois requests @@ -121,6 +133,9 @@ "valid_account_regex" "^[-_a-z0-9A-Z]{2,15}$"; "valid_nick_regex" "^[-_a-z][-_a-z0-9]*$"; + // Whats a valid hostname look like for fakehosts? + "valid_fakehost_regex" "^[-_a-zA-Z0-9.]+$"; + // "Nickserv" networks, set this to 0. "Authserv" networks, // set it to 1. "disable_nicks" "1"; @@ -132,8 +147,7 @@ // What to do when someone uses the NickServ "reclaim" command? // This can be one of "none", "warn", "svsnick", or "kill", but - // stock ircu does not support svsnick -- you need Bahamut or - // nefarious. + // stock ircu does not support svsnick -- you need nefarious. "reclaim_action" "none"; // What (else) to do when someone uses a registered nick? @@ -152,7 +166,7 @@ "lc_h" "800"; // support helper (lower case h) "uc_H" "800"; // net helper (upper case H) "S" "999"; // O3 access suspended - "b" "1"; // Bot (not sure what it does tho) + "b" "1"; // Bot (Hidden from !staff etc) }; // and for who can change epithets for staff @@ -193,6 +207,11 @@ "set_title_level" "900"; // Access to use 'uset title'. "set_fakehost_level" "1000"; //Access to set a freeform fakehost. (uset fakehost) + // A list of denied words in the fakehosts + "denied_fakehost_words" ("sex", + "fuck", + "asshole"); + // This is a hacked in feature which exports every account change to a file sync.log. Afternet uses this and // a bunch of custom PHP scripts to make our websites SQL user db the same as authserv, every 5 minutes. // You have to be a pretty handy person with the shell commands and programming to make use of this.. @@ -200,6 +219,18 @@ // Nickserv 'style' setting affects .userlist and other outputs. "default_style" "n"; // can be: n = normal, c = clean, or a = advanced. + + + // LDAP configuration(s) + // THIS IS EXPERIMENTAL! DO NOT USE IT IF YOU ARNT'T A DEVELOPER!! + // LDAP stands for light directory access protocol. its what many larger orgs use for central user/password management. Its also the core technology behind windows active directory. + // If you have an ldap server, you can configure X3 to use it instead of saving passwords locally. + //"ldap_enable" "1"; + //"ldap_host" "ldap.yourdomain.com" + //"ldap_port" "683" + //"ldap_base" "ou=Users,dc=afternet,dc=org" + //"ldap_dn_fmt" "uid=%s,ou=Users,dc=afternet,dc=org" + //"ldap_autocreate" "0"; // automatically create accounts if they exist in ldap but not x3 }; /* @@ -232,6 +263,9 @@ "staff_auth_channel" "#OperServ"; // Bot will join this channel, also. "staff_auth_channel_modes" "+tnOs"; // modes get set every time X3 starts up + // which channels should all services autojoin? + "autojoin_channels" ("#TheOps", "#OperServ"); + // how many clones to allow from an untrusted host? // Use this carefully, users with half the # of clones will trigger this // when a server pings out and they reconnect before the old connection is noticed @@ -252,6 +286,73 @@ // how long to keep an illegal channel locked down (seconds)? "purge_lock_delay" "60"; + // ------------------------------------------------------------------ + // Defcon Settings + // + // No new channel registrations 1 + // No New Nick Registrations 2 + // No Channel Mode changes 4 + // Force Chan Mode 8 + // Use Reduced Session Limit 16 + // KILL any new clients trying to connect 32 + // Services will ignore everyone but opers 64 + // Services will silently ignore everyone but opers 128 + // GLINE all new clients trying to connect 256 + // No new memos sent to block MemoServ attacks 512 + // SHUN all new clients trying to connect 1024 + // + // These are the values are added together to determine each defcon setting: + "DefCon1" "415"; + "DefCon2" "159"; + "DefCon3" "31"; + "DefCon4" "23"; + + // Default defcon level, 5 is running all normally + "DefConLevel" "5"; + + // If defcon is limiting sessions then how many sessions should O3 allow? + "DefConSessionLimit" "2"; + + // Length of glines and shuns set on newly connecting clients, if defcon is glining + // or shunning newly connecting clients + "DefConGlineExpire" "5m"; + + // Mode to set on all channels if defcon is forcing channel modes on all channels + "DefConChanModes" "+r"; + + // If not set to 0, defcon will set back to level 5 after this time + "DefConTimeOut" "15m"; + + // Set to 1 to send a notice to all users when defcon levels are changed + "GlobalOnDefcon" "0"; + + // If set to 1 along with the notice that the levels are changing an extra + // notice will be sent + "GlobalOnDefconMore" "0"; + + // GlobalOnDefconMore notice. + "DefconMessage" "Put your message to send your users here. Dont forget to uncomment GlobalOnDefconMore"; + + // This notice will be used if GlobalOnDefcon and GlobalOnDefconMore are off + "DefConOffMessage" "Services are now back to normal, sorry for any inconvenience"; + + // Reason placed in defcon Glines and Shuns. + "DefConGlineReason" "This network is currently not accepting connections, please try again later"; + + // ------------------------------------------------------------------ + + // To use geoip support in Opserv WHOIS then you will need to install + // the c GeoIP api. Its available on http://www.maxmind.com, also on + // apt on debian and ubuntu. The dat files can also be obtained + // from the earlier URL. Place them in your X3 dir and away you go. + // X3 will need a recompile once you install the c api. If there is a + // GeoIP City Data file then the GeoIP data file will be ignored. However + // bear in mind that the city data file is a lot larger than the plain + // country data file so does take a bit longer to query. If you are + // expieriencing ping timeouts you may need to tweak X3's I:line. + "geoip_data_file" "./GeoIP.dat"; + "geoip_city_data_file" ""; + // The join-flood policer code goes off all the time when a server // goes down (and everyone reconnects) so i don't reccomend using it. // Automatically moderate join flooded channels? @@ -270,11 +371,18 @@ "size" "200"; "drain-rate" "3"; }; + // Min opserv level needed to set 'silent' glines in trace/addalert + // (nefarious only) + "silent_level" "700"; }; "chanserv" { "nick" "X3"; + // The umodes - add +d if you use nefarious 1.0 and you added 'b:lines' + // to pass cmdchar through to chanserv anyway. + "modes" "+iok"; + // The off_channel setting takes one of three numerical values: // 0 = off // 1 = use a registered channel mode, have services op themselves @@ -317,7 +425,7 @@ "chan_expire_delay" "30d"; // what !set options should we show when user calls "!set" with no arguments? - "set_shows" ("DefaultTopic", "TopicMask", "Greeting", "UserGreeting", "Modes", "PubCmd", "InviteMe", "UserInfo", "EnfOps", "EnfModes", "EnfTopic", "TopicSnarf", "Setters", "CtcpReaction", "Voice", "Protect", "Toys", "DynLimit", "NoDelete"); + "set_shows" ("DefaultTopic", "TopicMask", "Greeting", "UserGreeting", "Modes", "PubCmd", "InviteMe", "UserInfo", "EnfOps", "EnfModes", "EnfTopic", "TopicSnarf", "Setters", "CtcpReaction", "BanTimeout", "Protect", "Toys", "DynLimit", "NoDelete"); // A list of !8ball responses "8ball" ( @@ -346,8 +454,8 @@ // maximum number of channels a user may have. ( FORCE can override ) "max_owned" "2"; - // how long between automatic topic refreshes with TopicRefresh 0 - "refresh_period" "99d"; // Nefarious sync's topics so we'll practically disable this.. + // how long between automatic topic and userlist refreshes with TopicRefresh/Resync + "refresh_period" "10h"; // what should !access say for various staff? "irc_operator_epithet" "AfterNET IRC Operator"; @@ -359,6 +467,9 @@ // minimum opserv access to set, clear or override channel nodelete setting? "nodelete_level" "1"; + + // when does god mode time out? + "god_timeout" "30m"; }; /* Global is a service bot that can send out network-wide messages for you. I @@ -371,6 +482,60 @@ // opt into (or out of, depending on this setting) "announcements_default" "on"; }; + + + "spamserv" { + // You may enable this service by removing the double slashes from the config + // item. To disable it again add the double slashes back. + // "nick" "SpamServ"; + + // debug channel + "debug_channel" "#operserv"; + + // url of the network rules. if you don't have network rules, remove this key. + "network_rules" "http://www.afternet.org/aup"; + + // trigger for spamserv; remove this key to disable the trigger + "trigger" "%"; + + // ban duration of a short timedban. + "short_ban_duration" "15m"; + + // ban duration of a long timedban. + "long_ban_duration" "1h"; + + // duration of a gline. SpamServ will issue it after several violations and a kill. + "gline_duration" "1h"; + + // users may add "exception_max" exceptions to the list. IRCOps can override "exception_max". + "exception_max" "10"; + + // minimum & maximum length of an exception. + "exception_min_len" "4"; + "exception_max_len" "12"; + + // users may add "badword_max" badwords to the list. IRCOps can override badword_max". + "badword_max" "10"; + + // minimum & maximum length of an badword. + "badword_min_len" "4"; + "badword_max_len" "12"; + + // if someone advertises a channel, which doesn't exist (channel is empty, no users), + // SpamServ doesn't punish the user. + // enable this setting, if SpamServ has to ignore advertisements of channels, which do not exist. + // disable this setting, if SpamServ has to punish the users whenever they advertise. + "adv_chan_must_exist" "1"; + + // remove all mirc codes from messages before checking for advertisements. + // if this setting is disabled and someone spams a url which + // contains a bold char, SpamServ doesn't punish him. + "strip_mirc_codes" "1"; + + // enable this, if SpamServ has to "follow" ChanServ, when a channel moves or merges. + // disable it, if it shouldn't be possible to move or merge SpamServ with /msg chanserv move|merge. + "allow_move_merge" "1"; + }; }; /* MODULES (optional components) ************************************************* @@ -395,6 +560,10 @@ // How long should a helpserv be inactive (no requests assigned) // before it can be unregistered by the expire command? "expiration" "60d"; + + // If a user prefix's this before their helpserv commands then instead + // of a request being opened, they will be able to use helpserv commands. + "user_escape" "@"; }; /* SockCheck reads sockcheck.conf and can do configurable scans * to probe for open relays in an attempt to stop drones from using @@ -424,6 +593,8 @@ }; /* Track works just like Snoop except it only sends events for users * who have been specified + * DANGER: track is currently very broken, and will crash x3 and possibly corrupt your db file. + * Unless your a developer, dont even compile it in! */ "track" { // What to track by default? @@ -439,8 +610,10 @@ */ "memoserv" { "bot" "MemoServ"; + "modes" "+k"; "message_expiry" "30d"; // age when messages are deleted; set // to 0 to disable message expiration + "limit" "30"; // Max amount of messages a person can get. }; }; @@ -493,6 +666,7 @@ "NickServ" { "mondo_section" "NickServ"; }; "OpServ" { "mondo_section" "OpServ"; }; "sendmail" { "mondo_section" "sendmail"; }; + "SpamServ" { "mondo_section" "SpamServ"; }; // These are the options if you want a database to be in its own file. "mondo" {