X-Git-Url: https://jfr.im/git/irc/rqf/shadowircd.git/blobdiff_plain/c13a2d9ad3893a66b8f782546fdf5b2a9743fd87..341504a70230b034cb36b0d24c5824be29e6b496:/doc/example.conf

diff --git a/doc/example.conf b/doc/example.conf
index 35a1b55..09a5189 100755
--- a/doc/example.conf
+++ b/doc/example.conf
@@ -10,6 +10,9 @@
  */
 
 /* Extensions */
+#loadmodule "extensions/chm_operonly_compat.so";
+#loadmodule "extensions/chm_quietunreg_compat.so";
+#loadmodule "extensions/chm_sslonly_compat.so";
 #loadmodule "extensions/createauthonly.so";
 #loadmodule "extensions/extb_account.so";
 #loadmodule "extensions/extb_canjoin.so";
@@ -18,6 +21,7 @@
 #loadmodule "extensions/extb_oper.so";
 #loadmodule "extensions/extb_realname.so";
 #loadmodule "extensions/extb_server.so";
+#loadmodule "extensions/extb_ssl.so";
 #loadmodule "extensions/hurt.so";
 #loadmodule "extensions/ip_cloaking.so";
 #loadmodule "extensions/m_findforwards.so";
@@ -42,13 +46,27 @@ serverinfo {
 	#vhost = "192.169.0.1";
 	/* for IPv6 */
 	#vhost6 = "3ffe:80e8:546::2";
+	
+	/* ssl_private_key: our ssl private key */
+	ssl_private_key = "etc/test.key";
+
+	/* ssl_cert: certificate for our ssl server */
+	ssl_cert = "etc/test.cert";
+
+	/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
+	ssl_dh_params = "etc/dh.pem";
 
-	/* max_clients: This should be set to the maximum amount of clients
-	 * that the server should support. Note that you should leave some
-	 * file descriptors free for log files, server connections, ident
-	 * lookups (if enabled), exceed_limit clients, etc.
+	/* ssld_count: number of ssld processes you want to start, if you have a really busy 
+	 * server, using N-1 where N is the number of cpu/cpu cores you have might be useful
 	 */
-	max_clients = 1024;
+	ssld_count = 1;
+
+	/* default max clients: the default maximum number of clients
+	 * allowed to connect.  This can be changed once ircd has started by
+	 * issuing:
+	 *   /quote set maxclients <limit>
+	 */
+	default_max_clients = 1024;
 };
 
 admin {
@@ -63,7 +81,6 @@ log {
 	fname_operlog = "logs/operlog";
 	#fname_foperlog = "logs/foperlog";
 	fname_serverlog = "logs/serverlog";
-	fname_glinelog = "logs/glinelog";
 	#fname_klinelog = "logs/klinelog";
 	fname_killlog = "logs/killlog";
 	fname_operspylog = "logs/operspylog";
@@ -104,10 +121,12 @@ listen {
 	 */
 	#host = "192.169.0.1";
 	port = 5000, 6665 .. 6669;
+	sslport = 9999;
 
 	/* Listen on IPv6 (if you used host= above). */
 	#host = "3ffe:1234:a:b:c::d";
         #port = 5000, 6665 .. 6669;
+        #sslport = 9999;
 };
 
 /* auth {}: allow users to connect to the ircd (OLD I:)
@@ -144,7 +163,6 @@ auth {
 	 * exceed_limit (old > flag)  | allow user to exceed class user limits
 	 * kline_exempt (old ^ flag)  | exempt this user from k/g/xlines&dnsbls
 	 * dnsbl_exempt		      | exempt this user from dnsbls
-	 * gline_exempt (old _ flag)  | exempt this user from glines
 	 * spambot_exempt	      | exempt this user from spambot checks
 	 * shide_exempt		      | exempt this user from serverhiding
 	 * jupe_exempt                | exempt this user from generating
@@ -167,6 +185,27 @@ auth {
 	class = "users";
 };
 
+/* privsets... XXX document me later */
+privset "local_op" {
+	privs = oper:local_kill, oper:operwall;
+};
+
+privset "server_bot" {
+	extends = "local_op";
+	privs = oper:global_kill, oper:kline, oper:remoteban, snomask:nick_changes;
+};
+
+privset "global_op" {
+	extends = "local_op";
+	privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline,
+		oper:resv, oper:mass_notice, oper:remoteban;
+};
+
+privset "admin" {
+	extends = "global_op";
+	privs = oper:admin, oper:die, oper:rehash, oper:spy;
+};
+
 operator "god" {
 	/* name: the name of the oper must go above */
 
@@ -214,7 +253,6 @@ operator "god" {
 	 * remote:       allows remote SQUIT and CONNECT   (OLD 'R' flag)
 	 * kline:        allows KLINE and DLINE            (OLD 'K' flag)
 	 * unkline:      allows UNKLINE and UNDLINE        (OLD 'U' flag)
-	 * gline:        allows GLINE                      (OLD 'G' flag)
 	 * nick_changes: allows oper to see nickchanges    (OLD 'N' flag)
 	 *               via snomask +n
 	 * rehash:       allows oper to REHASH config      (OLD 'H' flag)
@@ -234,8 +272,11 @@ operator "god" {
 	 * remoteban:    allows remote kline etc [DEFAULT]
 	 * mass_notice:  allows sending wallops and mass notices [DEFAULT]
          */
-	flags = global_kill, remote, kline, unkline, gline,
+	flags = global_kill, remote, kline, unkline,
 		die, rehash, admin, xline, operwall;
+
+	/* privset: replaces flags */
+	privset = "admin";
 };
 
 connect "irc.uplink.com" {
@@ -252,6 +293,16 @@ connect "irc.uplink.com" {
 	#aftype = ipv6;
 };
 
+connect "ssl.uplink.com" {
+	host = "192.168.0.1";
+	send_password = "password";
+	accept_password = "anotherpassword";
+	port = 9999;
+	hub_mask = "*";
+	class = "server";
+	flags = ssl, topicburst;
+};
+
 service {
 	name = "services.int";
 };
@@ -422,10 +473,6 @@ general {
 	connect_timeout = 30 seconds;
 	disable_auth = no;
 	no_oper_flood = yes;
-	glines = no;
-	gline_time = 1 day;
-	gline_min_cidr = 16;
-        idletime = 0;
 	max_targets = 4;
 	client_flood = 20;
         use_whois_actually = no;
@@ -437,7 +484,8 @@ general {
 	reject_ban_time = 1 minute;
 	reject_after_count = 3;
 	reject_duration = 5 minutes;
-	max_unknown_ip = 2;
+	throttle_duration = 60;
+	throttle_count = 4;
 };
 
 modules {