Added cycle_host_change option.

[irc/rqf/shadowircd.git] / doc / example.conf

diff --git a/doc/example.conf b/doc/example.conf
index 6b11a56718190cfc5c2dbcd00d874999f33830d9..a7417ffdb8e2a11597ce958a99c10deb97197535 100755 (executable)
--- a/doc/example.conf
+++ b/doc/example.conf
@@ -23,7 +23,6 @@
 #loadmodule "extensions/extb_server.so";
 #loadmodule "extensions/extb_ssl.so";
 #loadmodule "extensions/hurt.so";
-#loadmodule "extensions/ip_cloaking.so";
 #loadmodule "extensions/m_findforwards.so";
 #loadmodule "extensions/m_identify.so";
 #loadmodule "extensions/no_oper_invis.so";
@@ -32,10 +31,20 @@
 #loadmodule "extensions/sno_globaloper.so";
 #loadmodule "extensions/sno_whois.so";
 
+/*
+ * IP cloaking extensions: use ip_cloaking_4.0
+ * if you're linking 3.2 and later, otherwise use
+ * ip_cloaking.so, for compatibility with older 3.x
+ * releases.
+ */
+
+#loadmodule "extensions/ip_cloaking_4.0.so";
+#loadmodule "extensions/ip_cloaking.so";
+
 serverinfo {
        name = "hades.arpa";
        sid = "42X";
-       description = "charybdis test server";
+       description = "shadowircd test server";
        network_name = "AthemeNET";
        network_desc = "Your IRC network.";
        hub = yes;
@@ -56,8 +65,11 @@ serverinfo {
        /* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
        ssl_dh_params = "etc/dh.pem";
 
-       /* ssld_count: number of ssld processes you want to start, if you have a really busy 
-        * server, using N-1 where N is the number of cpu/cpu cores you have might be useful
+       /* ssld_count: number of ssld processes you want to start, if you
+        * have a really busy server, using N-1 where N is the number of
+        * cpu/cpu cores you have might be useful. A number greater than one
+        * can also be useful in case of bugs in ssld and because ssld needs
+        * two file descriptors per SSL connection.
         */
        ssld_count = 1;
 
@@ -92,11 +104,12 @@ log {
  */
 class "users" {
        ping_time = 2 minutes;
-        number_per_ident = 10;
+       number_per_ident = 10;
        number_per_ip = 10;
-        number_per_ip_global = 50;
-       cidr_bitlen = 64;
-       number_per_cidr = 8;
+       number_per_ip_global = 50;
+       cidr_ipv4_bitlen = 24;
+       cidr_ipv6_bitlen = 64;
+       number_per_cidr = 200;
        max_number = 3000;
        sendq = 400 kbytes;
 };
@@ -156,6 +169,17 @@ auth {
         */
         spoof = "I.still.hate.packets";
 
+       /* autojoin: Channel (or channels, comma-seperated) to join users
+        * in this auth block to on connect. Note that this won't join
+        * the user through any bans or otherwise restrictive chmodes.
+        */
+       autojoin = "#shadowircd,#test";
+
+       /* autojoin_opers : Channel (or channels, comma-seperated) to join
+        * opers to on oper-up.
+        */
+       autojoin_opers = "#opers,#help";
+
        /* Possible flags in auth:
         * 
         * encrypted                  | password is encrypted with mkpasswd
@@ -186,14 +210,16 @@ auth {
        class = "users";
 };
 
-/* privsets... XXX document me later */
+/* privset {} blocks MUST be specified before anything that uses them.  That
+ * means they must be defined before operator {}.
+ */
 privset "local_op" {
        privs = oper:local_kill, oper:operwall;
 };
 
 privset "server_bot" {
        extends = "local_op";
-       privs = oper:global_kill, oper:kline, oper:remoteban, snomask:nick_changes;
+       privs = oper:kline, oper:remoteban, snomask:nick_changes;
 };
 
 privset "global_op" {
@@ -234,14 +260,19 @@ operator "god" {
         */
        #umodes = locops, servnotice, operwall, wallop;
 
+       /* fingerprint: if specified, the oper's client certificate
+        * fingerprint will be checked against the specified fingerprint
+        * below.
+        */
+       #fingerprint = "c77106576abf7f9f90cca0f63874a60f2e40a64b";
+
        /* snomask: specific server notice mask on oper up.
         * If this is specified an oper will not be given oper_snomask.
         */
        snomask = "+Zbfkrsuy";
 
-       /* privileges: controls the activities and commands an oper is
-        * allowed to do on the server.  You may prefix an option with ~ to
-        * disable it, ie ~encrypted.
+       /* flags: misc options for the operator.  You may prefix an option
+        * with ~ to disable it, e.g. ~encrypted.
         *
         * Default flags are encrypted.
         *
@@ -250,10 +281,9 @@ operator "god" {
         * encrypted:    the password above is encrypted [DEFAULT]
         * need_ssl:     must be using SSL/TLS to oper up
          */
-       flags = global_kill, remote, kline, unkline,
-               die, rehash, admin, xline, operwall;
+       flags = encrypted;
 
-       /* privset: replaces flags */
+       /* privset: privileges set to grant */
        privset = "admin";
 };
 
@@ -316,6 +346,9 @@ channel {
        no_join_on_split = no;
        burst_topicwho = yes;
        kick_on_split_riding = no;
+       only_ascii_channels = no;
+       cycle_host_change = yes;
+       resv_forcepart = yes;
 };
 
 serverhide {
@@ -327,7 +360,7 @@ serverhide {
 
 /* These are the blacklist settings.
  * You can have multiple combinations of host and rejection reasons.
- * They are used in pairs of one host/rejection reason, or multiple hosts/rejection reason.
+ * They are used in pairs of one host/rejection reason.
  *
  * These settings should be adequate for most networks, and are (presently)
  * required for use on AthemeNet.
@@ -397,7 +430,11 @@ general {
 
        /*
         * default_umodes: umodes to enable on connect.
-        * If you have enabled the ip_cloaking module, and you want
+        * If you have enabled the new ip_cloaking_4.0 module, and you want
+        * to make use of it, add +x to this option, i.e.:
+        *      default_umodes = "+ix";
+        *
+        * If you have enabled the old ip_cloaking module, and you want
         * to make use of it, add +h to this option, i.e.:
         *      default_umodes = "+ih";
         */