* Charybdis contains several extensions that are not enabled by default.
* To use them, uncomment the lines below.
*
- * Restrict channel creation to logged in users -- createauthonly.so
- * Account bans (+b $a[:mask]) -- extb_account.so
- * Banned from another channel (+b $j:mask) -- extb_canjoin.so
- * Other-channel bans (+b $c:mask) -- extb_channel.so
- * Extended ban (+b $x:mask) -- extb_extgecos.so
- * Oper bans (+b $o) -- extb_oper.so
- * Realname (gecos) bans (+b $r:mask) -- extb_realname.so
- * Server bans (+b $s:mask) -- extb_server.so
- * HURT system -- hurt.so
- * Host mangling (umode +h) -- ip_cloaking.so
- * Find channel forwards -- m_findforwards.so
- * /identify support -- m_identify.so
- * Opers cannot be invisible (umode +i) -- no_oper_invis.so
- * Far connection notices (snomask +F) -- sno_farconnect.so
- * Remote k/d/g/x line active notices -- sno_globalkline.so
- * Remote oper up notices -- sno_globaloper.so
- * /whois notifications (snomask +W) -- sno_whois.so
+ * Emulates channel mode +-O (oper only) (+-iI $o) -- chm_operonly_compat.so
+ * Emulates channel mode +-R (quiet unreg) (+-q $~a) -- chm_quietunreg_compat.so
+ * Emulates channel mode +-S (ssl only) (+-b $~z) -- chm_sslonly_compat.so
+ * Restrict channel creation to logged in users -- createauthonly.so
+ * Account bans (+b $a[:mask]) -- extb_account.so
+ * Banned from another channel (+b $j:mask) -- extb_canjoin.so
+ * Other-channel bans (+b $c:mask) -- extb_channel.so
+ * Extended ban (+b $x:mask) -- extb_extgecos.so
+ * Oper bans (+b $o) -- extb_oper.so
+ * Realname (gecos) bans (+b $r:mask) -- extb_realname.so
+ * Server bans (+b $s:mask) -- extb_server.so
+ * SSL bans (+b $z) -- extb_ssl.so
+ * HURT system -- hurt.so
+ * Host mangling (umode +h) -- ip_cloaking.so
+ * Find channel forwards -- m_findforwards.so
+ * /identify support -- m_identify.so
+ * Opers cannot be invisible (umode +i) -- no_oper_invis.so
+ * Far connection notices (snomask +F) -- sno_farconnect.so
+ * Remote k/d/x line active notices -- sno_globalkline.so
+ * Remote oper up notices -- sno_globaloper.so
+ * /whois notifications (snomask +W) -- sno_whois.so
*/
+#loadmodule "extensions/chm_operonly_compat.so";
+#loadmodule "extensions/chm_quietunreg_compat.so";
+#loadmodule "extensions/chm_sslonly_compat.so";
#loadmodule "extensions/createauthonly.so";
#loadmodule "extensions/extb_account.so";
#loadmodule "extensions/extb_canjoin.so";
#loadmodule "extensions/extb_oper.so";
#loadmodule "extensions/extb_realname.so";
#loadmodule "extensions/extb_server.so";
+#loadmodule "extensions/extb_ssl.so";
#loadmodule "extensions/hurt.so";
#loadmodule "extensions/ip_cloaking.so";
#loadmodule "extensions/m_findforwards.so";
* This should be an ipv6 IP only.
*/
#vhost6 = "3ffe:80e8:546::2";
+
+ /* ssl_private_key: our ssl private key */
+ ssl_private_key = "etc/test.key";
+
+ /* ssl_cert: certificate for our ssl server */
+ ssl_cert = "etc/test.cert";
+
+ /* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
+ ssl_dh_params = "etc/dh.pem";
+
+ /* ssld_count: number of ssld processes you want to start, if you have a really busy
+ * server, using N-1 where N is the number of cpu/cpu cores you have might be useful
+ */
+ ssld_count = 1;
- /* max_clients: this should be set to the maximum amount of clients
- * that the server should support. Note that you should leave some
- * file descriptors free for log files, server connections, ident
- * lookups (if enabled), exceed_limit clients, etc.
+ /* default max clients: the default maximum number of clients
+ * allowed to connect. This can be changed once ircd has started by
+ * issuing:
+ * /quote set maxclients <limit>
*/
- max_clients = 1024;
+ default_max_clients = 1024;
};
/* admin {}: contains admin information about the server. (OLD A:) */
* - operlog: /oper usage
* - foperlog: failed /oper usage
* - serverlog: server connects/disconnects
- * - glinelog: glines
* - klinelog: klines, etc
* - killlog: kills
* - operspylog: operspy usage
fname_operlog = "logs/operlog";
#fname_foperlog = "logs/foperlog";
fname_serverlog = "logs/serverlog";
- fname_glinelog = "logs/glinelog";
#fname_klinelog = "logs/klinelog";
fname_killlog = "logs/killlog";
fname_operspylog = "logs/operspylog";
/* port: the specific port to listen on. if no host is specified
* before, it will listen on all available IPs.
*
+ * sslport: the specific port to listen ssl connections on. if no
+ * host is specified before, it will listen on all available IPs.
+ *
* ports are seperated via a comma, a range may be specified using ".."
*/
/* port: listen on all available IPs, ports 5000 and 6665 to 6669 */
port = 5000, 6665 .. 6669;
+
+ /* sslport: listen for ssl connections on all available IPs, port 9999 */
+ sslport = 9999;
/* host: set a specific IP/host the ports after the line will listen
* on. This may be ipv4 or ipv6.
*/
host = "1.2.3.4";
port = 7000, 7001;
+ sslport = 9000, 9001;
host = "3ffe:1234:a:b:c::d";
port = 7002;
+ sslport = 9002;
};
/* auth {}: allow users to connect to the ircd (OLD I:) */
* exceed_limit (old > flag) | allow user to exceed class user limits
* kline_exempt (old ^ flag) | exempt this user from k/g/xlines&dnsbls
* dnsbl_exempt | exempt this user from dnsbls
- * gline_exempt (old _ flag) | exempt this user from glines
* spambot_exempt | exempt this user from spambot checks
* shide_exempt | exempt this user from serverhiding
* jupe_exempt | exempt this user from generating
* remote: allows remote SQUIT and CONNECT (OLD 'R' flag)
* kline: allows KLINE and DLINE (OLD 'K' flag)
* unkline: allows UNKLINE and UNDLINE (OLD 'U' flag)
- * gline: allows GLINE (OLD 'G' flag)
* nick_changes: allows oper to see nickchanges (OLD 'N' flag)
* via snomask +n
* rehash: allows oper to REHASH config (OLD 'H' flag)
* remoteban: allows remote kline etc [DEFAULT]
* mass_notice: allows sending wallops and mass notices [DEFAULT]
*/
- flags = global_kill, remote, kline, unkline, gline,
+ flags = global_kill, remote, kline, unkline,
die, rehash, admin, xline, operwall;
};
* autoconn - automatically connect to this server
* compressed - compress traffic via ziplinks
* topicburst - burst topics between servers
+ * ssl - ssl/tls encrypted server connections
*/
flags = compressed, topicburst;
};
class = "server";
};
+connect "ssl.uplink.com" {
+ /* Example of ssl server-to-server connection, ssl flag doesn't need
+ * compressed flag, 'cause it uses own compression
+ */
+ host = "192.168.0.1";
+ send_password = "password";
+ accept_password = "anotherpassword";
+ port = 9999;
+ hub_mask = "*";
+ class = "server";
+ flags = ssl, topicburst;
+};
+
/* cluster {}; servers that we propagate things to automatically.
* NOTE: This does NOT grant them privileges to apply anything locally,
* you must add a seperate shared block for that. Clustering will
* all - allow oper/server to do all of above.
* locops - allow locops - only used for servers who cluster
* rehash - allow rehashing
+ * dline - allow setting perm/temp dlines
+ * tdline - allow setting temp dlines
+ * undline - allow removing dlines
* none - disallow everything
*/
*/
kline_delay = 0 seconds;
- /* kline reason: show the user the reason why they are k/d/glined
+ /* kline reason: show the user the reason why they are k/dlined
* on exit. may give away who set k/dline when set via tcm.
*/
kline_with_reason = yes;
/* no oper flood: increase flood limits for opers. */
no_oper_flood = yes;
- /* glines: enable glines, network wide temp klines */
- glines = no;
-
- /* gline time: the amount of time a gline will remain before expiring */
- gline_time = 1 day;
-
- /* gline_min_cidr: If using a CIDR gline, the minimum length the
- * mask must be
- */
- gline_min_cidr = 16;
-
/* REMOVE ME. The following line checks you've been reading. */
havent_read_conf = yes;