doc/example.conf

   1 /* doc/example.conf - brief example configuration file
   2  *
   3  * Copyright (C) 2000-2002 Hybrid Development Team
   4  * Copyright (C) 2002-2005 ircd-ratbox development team
   5  * Copyright (C) 2005-2006 charybdis development team
   6  *
   7  * $Id: example.conf 3562 2007-08-29 22:04:45Z jilles $
   8  *
   9  * See reference.conf for more information.
  10  */
  11
  12 /* Extensions */
  13 #loadmodule "extensions/createauthonly.so";
  14 #loadmodule "extensions/extb_account.so";
  15 #loadmodule "extensions/extb_canjoin.so";
  16 #loadmodule "extensions/extb_channel.so";
  17 #loadmodule "extensions/extb_extgecos.so";
  18 #loadmodule "extensions/extb_oper.so";
  19 #loadmodule "extensions/extb_realname.so";
  20 #loadmodule "extensions/extb_server.so";
  21 #loadmodule "extensions/hurt.so";
  22 #loadmodule "extensions/ip_cloaking.so";
  23 #loadmodule "extensions/m_findforwards.so";
  24 #loadmodule "extensions/m_identify.so";
  25 #loadmodule "extensions/no_oper_invis.so";
  26 #loadmodule "extensions/sno_farconnect.so";
  27 #loadmodule "extensions/sno_globalkline.so";
  28 #loadmodule "extensions/sno_globaloper.so";
  29 #loadmodule "extensions/sno_whois.so";
  30
  31 serverinfo {
  32         name = "hades.arpa";
  33         sid = "42X";
  34         description = "charybdis test server";
  35         network_name = "AthemeNET";
  36         network_desc = "Your IRC network.";
  37         hub = yes;
  38
  39         /* On multi-homed hosts you may need the following. These define
  40          * the addresses we connect from to other servers. */
  41         /* for IPv4 */
  42         #vhost = "192.169.0.1";
  43         /* for IPv6 */
  44         #vhost6 = "3ffe:80e8:546::2";
  45
  46         /* max_clients: This should be set to the maximum amount of clients
  47          * that the server should support. Note that you should leave some
  48          * file descriptors free for log files, server connections, ident
  49          * lookups (if enabled), exceed_limit clients, etc.
  50          */
  51         max_clients = 1024;
  52 };
  53
  54 admin {
  55         name = "Lazy admin (lazya)";
  56         description = "AthemeNET client server";
  57         email = "nobody@127.0.0.1";
  58 };
  59
  60 log {
  61         fname_userlog = "logs/userlog";
  62         #fname_fuserlog = "logs/fuserlog";
  63         fname_operlog = "logs/operlog";
  64         #fname_foperlog = "logs/foperlog";
  65         fname_serverlog = "logs/serverlog";
  66         fname_glinelog = "logs/glinelog";
  67         #fname_klinelog = "logs/klinelog";
  68         fname_killlog = "logs/killlog";
  69         fname_operspylog = "logs/operspylog";
  70         #fname_ioerrorlog = "logs/ioerror";
  71 };
  72
  73 /* class {} blocks MUST be specified before anything that uses them.  That
  74  * means they must be defined before auth {} and before connect {}.
  75  */
  76 class "users" {
  77         ping_time = 2 minutes;
  78         number_per_ident = 10;
  79         number_per_ip = 10;
  80         number_per_ip_global = 50;
  81         cidr_bitlen = 64;
  82         number_per_cidr = 8;
  83         max_number = 3000;
  84         sendq = 400 kbytes;
  85 };
  86
  87 class "opers" {
  88         ping_time = 5 minutes;
  89         number_per_ip = 10;
  90         max_number = 1000;
  91         sendq = 1 megabyte;
  92 };
  93
  94 class "server" {
  95         ping_time = 5 minutes;
  96         connectfreq = 5 minutes;
  97         max_number = 1;
  98         sendq = 4 megabytes;
  99 };
 100
 101 listen {
 102         /* If you want to listen on a specific IP only, specify host.
 103          * host definitions apply only to the following port line.
 104          */
 105         #host = "192.169.0.1";
 106         port = 5000, 6665 .. 6669;
 107
 108         /* Listen on IPv6 (if you used host= above). */
 109         #host = "3ffe:1234:a:b:c::d";
 110         #port = 5000, 6665 .. 6669;
 111 };
 112
 113 /* auth {}: allow users to connect to the ircd (OLD I:)
 114  * auth {} blocks MUST be specified in order of precedence.  The first one
 115  * that matches a user will be used.  So place spoofs first, then specials,
 116  * then general access, then restricted.
 117  */
 118 auth {
 119         /* user: the user@host allowed to connect.  Multiple IPv4/IPv6 user
 120          * lines are permitted per auth block.  This is matched against the
 121          * hostname and IP address (using :: shortening for IPv6 and
 122          * prepending a 0 if it starts with a colon) and can also use CIDR
 123          * masks.
 124          */
 125         user = "*@172.16.0.0/12";
 126         user = "*test@123D:B567:*";
 127
 128         /* password: an optional password that is required to use this block.
 129          * By default this is not encrypted, specify the flag "encrypted" in
 130          * flags = ...; below if it is.
 131          */
 132         password = "letmein";
 133
 134         /* spoof: fake the users user@host to be be this.  You may either
 135          * specify a host or a user@host to spoof to.  This is free-form,
 136          * just do everyone a favour and dont abuse it. (OLD I: = flag)
 137          */
 138         spoof = "I.still.hate.packets";
 139
 140         /* Possible flags in auth:
 141          *
 142          * encrypted                  | password is encrypted with mkpasswd
 143          * spoof_notice               | give a notice when spoofing hosts
 144          * exceed_limit (old > flag)  | allow user to exceed class user limits
 145          * kline_exempt (old ^ flag)  | exempt this user from k/g/xlines&dnsbls
 146          * dnsbl_exempt               | exempt this user from dnsbls
 147          * gline_exempt (old _ flag)  | exempt this user from glines
 148          * spambot_exempt             | exempt this user from spambot checks
 149          * shide_exempt               | exempt this user from serverhiding
 150          * jupe_exempt                | exempt this user from generating
 151          *                              warnings joining juped channels
 152          * resv_exempt                | exempt this user from resvs
 153          * flood_exempt               | exempt this user from flood limits
 154          *                                     USE WITH CAUTION.
 155          * no_tilde     (old - flag)  | don't prefix ~ to username if no ident
 156          * need_ident   (old + flag)  | require ident for user in this class
 157          * need_sasl                  | require SASL id for user in this class
 158          */
 159         flags = kline_exempt, exceed_limit;
 160
 161         /* class: the class the user is placed in */
 162         class = "opers";
 163 };
 164
 165 auth {
 166         user = "*@*";
 167         class = "users";
 168 };
 169
 170 operator "god" {
 171         /* name: the name of the oper must go above */
 172
 173         /* user: the user@host required for this operator.  CIDR *is*
 174          * supported now. auth{} spoofs work here, other spoofs do not.
 175          * multiple user="" lines are supported.
 176          */
 177         user = "*god@127.0.0.1";
 178
 179         /* password: the password required to oper.  Unless ~encrypted is
 180          * contained in flags = ...; this will need to be encrypted using
 181          * mkpasswd, MD5 is supported
 182          */
 183         password = "etcnjl8juSU1E";
 184
 185         /* rsa key: the public key for this oper when using Challenge.
 186          * A password should not be defined when this is used, see
 187          * doc/challenge.txt for more information.
 188          */
 189         #rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
 190
 191         /* umodes: the specific umodes this oper gets when they oper.
 192          * If this is specified an oper will not be given oper_umodes
 193          * These are described above oper_only_umodes in general {};
 194          */
 195         #umodes = locops, servnotice, operwall, wallop;
 196
 197         /* snomask: specific server notice mask on oper up.
 198          * If this is specified an oper will not be given oper_snomask.
 199          */
 200         snomask = "+Zbfkrsuy";
 201
 202         /* privileges: controls the activities and commands an oper is
 203          * allowed to do on the server.  You may prefix an option with ~ to
 204          * disable it, ie ~operwall
 205          *
 206          * Default flags are operwall, remoteban and encrypted.
 207          *
 208          * Available options:
 209          *
 210          * encrypted:    the password above is encrypted [DEFAULT]
 211          * local_kill:   allows local users to be /KILL'd
 212          * global_kill:  allows local and remote users to be
 213          *               /KILL'd                           (OLD 'O' flag)
 214          * remote:       allows remote SQUIT and CONNECT   (OLD 'R' flag)
 215          * kline:        allows KILL, KLINE and DLINE      (OLD 'K' flag)
 216          * unkline:      allows UNKLINE and UNDLINE        (OLD 'U' flag)
 217          * gline:        allows GLINE                      (OLD 'G' flag)
 218          * nick_changes: allows oper to see nickchanges    (OLD 'N' flag)
 219          *               via usermode +n
 220          * rehash:       allows oper to REHASH config      (OLD 'H' flag)
 221          * die:          allows DIE and RESTART            (OLD 'D' flag)
 222          * admin:        gives admin privileges.  admins
 223          *               may (un)load modules and see the
 224          *               real IPs of servers.
 225          * hidden_admin: gives admin privileges except
 226          *               will not have the admin lines in
 227          *               stats p and whois.
 228          * xline:        allows use of /quote xline/unxline
 229          * operwall:     allows the oper to send operwalls [DEFAULT]
 230          * oper_spy:     allows 'operspy' features to see through +s
 231          *               channels etc. see /quote help operspy
 232          * hidden_oper:  hides the oper from /stats p    (OLD UMODE +p)
 233          * remoteban:    allows remote kline etc [DEFAULT]
 234          */
 235         flags = global_kill, remote, kline, unkline, gline,
 236                 die, rehash, admin, xline, operwall;
 237 };
 238
 239 connect "irc.uplink.com" {
 240         host = "192.168.0.1";
 241         send_password = "password";
 242         accept_password = "anotherpassword";
 243         port = 6666;
 244         hub_mask = "*";
 245         class = "server";
 246         flags = compressed, topicburst;
 247
 248         /* If the connection is IPv6, uncomment below.
 249          * Use 0::1, not ::1, for IPv6 localhost. */
 250         #aftype = ipv6;
 251 };
 252
 253 service {
 254         name = "services.int";
 255 };
 256
 257 cluster {
 258         name = "*";
 259         flags = kline, tkline, unkline, xline, txline, unxline, resv, tresv, unresv;
 260 };
 261
 262 shared {
 263         oper = "*@*", "*";
 264         flags = all, rehash;
 265 };
 266
 267 /* exempt {}: IPs that are exempt from Dlines and rejectcache. (OLD d:) */
 268 exempt {
 269         ip = "127.0.0.1";
 270 };
 271
 272 channel {
 273         use_invex = yes;
 274         use_except = yes;
 275         use_knock = yes;
 276         use_forward = yes;
 277         knock_delay = 5 minutes;
 278         knock_delay_channel = 1 minute;
 279         max_chans_per_user = 15;
 280         max_bans = 100;
 281         max_bans_large = 500;
 282         default_split_user_count = 0;
 283         default_split_server_count = 0;
 284         no_create_on_split = no;
 285         no_join_on_split = no;
 286         burst_topicwho = yes;
 287         kick_on_split_riding = no;
 288 };
 289
 290 serverhide {
 291         flatten_links = yes;
 292         links_delay = 5 minutes;
 293         hidden = no;
 294         disable_hidden = no;
 295 };
 296
 297 /* These are the blacklist settings.
 298  * You can have multiple combinations of host and rejection reasons.
 299  * They are used in pairs of one host/rejection reason, or multiple hosts/rejection reason.
 300  *
 301  * These settings should be adequate for most networks, and are (presently)
 302  * required for use on AthemeNet.
 303  *
 304  * Word to the wise: Do not use blacklists like SPEWS for blocking IRC
 305  * connections.
 306  *
 307  * As of charybdis 2.1.3, you can do some keyword substitution on the rejection
 308  * reason. The available keyword substitutions are:
 309  *
 310  *   ${ip}           - the user's IP
 311  *   ${host}         - the user's canonical hostname
 312  *   ${dnsbl-host}   - the dnsbl hostname the lookup was done against
 313  *   ${nick}         - the user's nickname
 314  *   ${network-name} - the name of the network
 315  *
 316  * Note: AHBL (the providers of the below *.ahbl.org BLs) request that they be
 317  * contacted, via email, at admins@2mbit.com before using these BLs.
 318  * See <http://www.ahbl.org/services.php> for more information.
 319  */
 320 blacklist {
 321         host = "dnsbl.dronebl.org";
 322         reject_reason = "${nick}, your IP (${ip}) is listed in DroneBL. For assistance, see http://dronebl.org/lookup_branded.do?ip=${ip}&network=${network-name}";
 323
 324 #       host = "ircbl.ahbl.org";
 325 #       reject_reason = "${nick}, your IP (${ip}) is listed in ${dnsbl-host} for having an open proxy. In order to protect ${network-name} from abuse, we are not allowing connections with open proxies to connect.";
 326 #
 327 #       host = "tor.ahbl.org";
 328 #       reject_reason = "${nick}, your IP (${ip}) is listed as a TOR exit node. In order to protect ${network-name} from tor-based abuse, we are not allowing TOR exit nodes to connect to our network.";
 329 };
 330
 331 alias "NickServ" {
 332         target = "NickServ";
 333 };
 334
 335 alias "ChanServ" {
 336         target = "ChanServ";
 337 };
 338
 339 alias "OperServ" {
 340         target = "OperServ";
 341 };
 342
 343 alias "MemoServ" {
 344         target = "MemoServ";
 345 };
 346
 347 alias "NS" {
 348         target = "NickServ";
 349 };
 350
 351 alias "CS" {
 352         target = "ChanServ";
 353 };
 354
 355 alias "OS" {
 356         target = "OperServ";
 357 };
 358
 359 alias "MS" {
 360         target = "MemoServ";
 361 };
 362
 363 general {
 364         hide_error_messages = opers;
 365         hide_spoof_ips = yes;
 366
 367         /*
 368          * default_umodes: umodes to enable on connect.
 369          * If you have enabled the ip_cloaking module, and you want
 370          * to make use of it, add +h to this option, i.e.:
 371          *      default_umodes = "+ih";
 372          */
 373         default_umodes = "+i";
 374
 375         default_operstring = "is an IRC Operator";
 376         default_adminstring = "is a Server Administrator";
 377         servicestring = "is a Network Service";
 378         disable_fake_channels = no;
 379         tkline_expire_notices = no;
 380         default_floodcount = 10;
 381         failed_oper_notice = yes;
 382         dots_in_ident=2;
 383         dot_in_ip6_addr = no;
 384         min_nonwildcard = 4;
 385         min_nonwildcard_simple = 3;
 386         max_accept = 100;
 387         max_monitor = 100;
 388         anti_nick_flood = yes;
 389         max_nick_time = 20 seconds;
 390         max_nick_changes = 5;
 391         anti_spam_exit_message_time = 5 minutes;
 392         ts_warn_delta = 30 seconds;
 393         ts_max_delta = 5 minutes;
 394         client_exit = yes;
 395         collision_fnc = yes;
 396         global_snotices = yes;
 397         dline_with_reason = yes;
 398         kline_delay = 0 seconds;
 399         kline_with_reason = yes;
 400         kline_reason = "K-Lined";
 401         identify_service = "NickServ@services.int";
 402         identify_command = "IDENTIFY";
 403         non_redundant_klines = yes;
 404         warn_no_nline = yes;
 405         stats_e_disabled = no;
 406         stats_c_oper_only=no;
 407         stats_h_oper_only=no;
 408         stats_y_oper_only=no;
 409         stats_o_oper_only=yes;
 410         stats_P_oper_only=no;
 411         stats_i_oper_only=masked;
 412         stats_k_oper_only=masked;
 413         map_oper_only = no;
 414         operspy_admin_only = no;
 415         operspy_dont_care_user_info = no;
 416         caller_id_wait = 1 minute;
 417         pace_wait_simple = 1 second;
 418         pace_wait = 10 seconds;
 419         short_motd = no;
 420         ping_cookie = no;
 421         connect_timeout = 30 seconds;
 422         disable_auth = no;
 423         no_oper_flood = yes;
 424         glines = no;
 425         gline_time = 1 day;
 426         gline_min_cidr = 16;
 427         idletime = 0;
 428         max_targets = 4;
 429         client_flood = 20;
 430         use_whois_actually = no;
 431         oper_only_umodes = operwall, locops, servnotice;
 432         oper_umodes = locops, servnotice, operwall, wallop;
 433         oper_snomask = "+s";
 434         burst_away = yes;
 435         nick_delay = 0 seconds; # 15 minutes if you want to enable this
 436         reject_ban_time = 1 minute;
 437         reject_after_count = 3;
 438         reject_duration = 5 minutes;
 439         max_unknown_ip = 2;
 440 };
 441
 442 modules {
 443         path = "modules";
 444         path = "modules/autoload";
 445 };