X-Git-Url: https://jfr.im/git/irc/rqf/shadowircd.git/blobdiff_plain/48de3c18524f2345ccb5dad878c0cfa9cca08348..c8d858891539e6d5f56d56a2c9c3bfae9698282b:/doc/example.conf?ds=sidebyside diff --git a/doc/example.conf b/doc/example.conf index 3b92a77..932846e 100755 --- a/doc/example.conf +++ b/doc/example.conf @@ -92,11 +92,12 @@ log { */ class "users" { ping_time = 2 minutes; - number_per_ident = 10; - number_per_ip = 10; - number_per_ip_global = 50; - cidr_bitlen = 64; - number_per_cidr = 8; + number_per_ident = 2; + number_per_ip = 3; + number_per_ip_global = 5; + cidr_ipv4_bitlen = 24; + cidr_ipv6_bitlen = 64; + number_per_cidr = 4; max_number = 3000; sendq = 400 kbytes; }; @@ -172,6 +173,7 @@ auth { * USE WITH CAUTION. * no_tilde (old - flag) | don't prefix ~ to username if no ident * need_ident (old + flag) | require ident for user in this class + * need_ssl | require SSL/TLS for user in this class * need_sasl | require SASL id for user in this class */ flags = kline_exempt, exceed_limit; @@ -185,20 +187,27 @@ auth { class = "users"; }; -/* privsets... XXX document me later */ +/* privset {} blocks MUST be specified before anything that uses them. That + * means they must be defined before operator {}. + */ privset "local_op" { privs = oper:local_kill, oper:operwall; }; +privset "server_bot" { + extends = "local_op"; + privs = oper:global_kill, oper:kline, oper:remoteban, snomask:nick_changes; +}; + privset "global_op" { extends = "local_op"; privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline, - oper:resv, oper:mass_notice, oper:remote_ban; + oper:resv, oper:mass_notice, oper:remoteban; }; privset "admin" { extends = "global_op"; - privs = oper:admin, oper:die, oper:rehash, oper:adminwall, oper:spy; + privs = oper:admin, oper:die, oper:rehash, oper:spy; }; operator "god" { @@ -233,44 +242,19 @@ operator "god" { */ snomask = "+Zbfkrsuy"; - /* privileges: controls the activities and commands an oper is - * allowed to do on the server. You may prefix an option with ~ to - * disable it, ie ~operwall + /* flags: misc options for the operator. You may prefix an option + * with ~ to disable it, e.g. ~encrypted. * - * Default flags are operwall, remoteban and encrypted. + * Default flags are encrypted. * * Available options: * * encrypted: the password above is encrypted [DEFAULT] - * local_kill: allows local users to be /KILL'd - * global_kill: allows local and remote users to be - * /KILL'd (OLD 'O' flag) - * remote: allows remote SQUIT and CONNECT (OLD 'R' flag) - * kline: allows KLINE and DLINE (OLD 'K' flag) - * unkline: allows UNKLINE and UNDLINE (OLD 'U' flag) - * nick_changes: allows oper to see nickchanges (OLD 'N' flag) - * via snomask +n - * rehash: allows oper to REHASH config (OLD 'H' flag) - * die: allows DIE and RESTART (OLD 'D' flag) - * admin: gives admin privileges. admins - * may (un)load modules and see the - * real IPs of servers. - * hidden_admin: gives admin privileges except - * will not have the admin lines in - * stats p and whois. - * xline: allows use of /quote xline/unxline - * resv: allows /quote resv/unresv and cmode +LP [DEFAULT] - * operwall: allows the oper to send/receive operwalls [DEFAULT] - * oper_spy: allows 'operspy' features to see through +s - * channels etc. see /quote help operspy - * hidden_oper: hides the oper from /stats p (OLD UMODE +p) - * remoteban: allows remote kline etc [DEFAULT] - * mass_notice: allows sending wallops and mass notices [DEFAULT] + * need_ssl: must be using SSL/TLS to oper up */ - flags = global_kill, remote, kline, unkline, - die, rehash, admin, xline, operwall; + flags = encrypted; - /* privset: replaces flags */ + /* privset: privileges set to grant */ privset = "admin"; };