X-Git-Url: https://jfr.im/git/irc/rqf/shadowircd.git/blobdiff_plain/c2d96fcbff166764df88108e6e3ec761219ee93c..18395f4fa8e0ddbdf9ee9f4187f1b864728b562a:/doc/example.conf diff --git a/doc/example.conf b/doc/example.conf index dd10abd..5e02e0d 100755 --- a/doc/example.conf +++ b/doc/example.conf @@ -4,12 +4,15 @@ * Copyright (C) 2002-2005 ircd-ratbox development team * Copyright (C) 2005-2006 charybdis development team * - * $Id: example.conf 3251 2007-03-05 18:58:38Z nenolod $ + * $Id: example.conf 3582 2007-11-17 21:55:48Z jilles $ * * See reference.conf for more information. */ /* Extensions */ +#loadmodule "extensions/chm_operonly_compat.so"; +#loadmodule "extensions/chm_quietunreg_compat.so"; +#loadmodule "extensions/chm_sslonly_compat.so"; #loadmodule "extensions/createauthonly.so"; #loadmodule "extensions/extb_account.so"; #loadmodule "extensions/extb_canjoin.so"; @@ -18,6 +21,7 @@ #loadmodule "extensions/extb_oper.so"; #loadmodule "extensions/extb_realname.so"; #loadmodule "extensions/extb_server.so"; +#loadmodule "extensions/extb_ssl.so"; #loadmodule "extensions/hurt.so"; #loadmodule "extensions/ip_cloaking.so"; #loadmodule "extensions/m_findforwards.so"; @@ -26,10 +30,10 @@ #loadmodule "extensions/sno_farconnect.so"; #loadmodule "extensions/sno_globalkline.so"; #loadmodule "extensions/sno_globaloper.so"; +#loadmodule "extensions/sno_whois.so"; serverinfo { name = "hades.arpa"; - use_ts6 = yes; sid = "42X"; description = "charybdis test server"; network_name = "AthemeNET"; @@ -42,11 +46,27 @@ serverinfo { #vhost = "192.169.0.1"; /* for IPv6 */ #vhost6 = "3ffe:80e8:546::2"; + + /* ssl_private_key: our ssl private key */ + ssl_private_key = "etc/test.key"; + + /* ssl_cert: certificate for our ssl server */ + ssl_cert = "etc/test.cert"; - /* max_clients: This should be set to the amount of connections - * the server can handle. + /* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */ + ssl_dh_params = "etc/dh.pem"; + + /* ssld_count: number of ssld processes you want to start, if you have a really busy + * server, using N-1 where N is the number of cpu/cpu cores you have might be useful */ - max_clients = 1024; + ssld_count = 1; + + /* default max clients: the default maximum number of clients + * allowed to connect. This can be changed once ircd has started by + * issuing: + * /quote set maxclients + */ + default_max_clients = 1024; }; admin { @@ -61,7 +81,6 @@ log { fname_operlog = "logs/operlog"; #fname_foperlog = "logs/foperlog"; fname_serverlog = "logs/serverlog"; - fname_glinelog = "logs/glinelog"; #fname_klinelog = "logs/klinelog"; fname_killlog = "logs/killlog"; fname_operspylog = "logs/operspylog"; @@ -102,10 +121,12 @@ listen { */ #host = "192.169.0.1"; port = 5000, 6665 .. 6669; + sslport = 9999; /* Listen on IPv6 (if you used host= above). */ #host = "3ffe:1234:a:b:c::d"; #port = 5000, 6665 .. 6669; + #sslport = 9999; }; /* auth {}: allow users to connect to the ircd (OLD I:) @@ -114,8 +135,11 @@ listen { * then general access, then restricted. */ auth { - /* user: the user@host allowed to connect. multiple IPv4/IPv6 user - * lines are permitted per auth block. + /* user: the user@host allowed to connect. Multiple IPv4/IPv6 user + * lines are permitted per auth block. This is matched against the + * hostname and IP address (using :: shortening for IPv6 and + * prepending a 0 if it starts with a colon) and can also use CIDR + * masks. */ user = "*@172.16.0.0/12"; user = "*test@123D:B567:*"; @@ -139,7 +163,6 @@ auth { * exceed_limit (old > flag) | allow user to exceed class user limits * kline_exempt (old ^ flag) | exempt this user from k/g/xlines&dnsbls * dnsbl_exempt | exempt this user from dnsbls - * gline_exempt (old _ flag) | exempt this user from glines * spambot_exempt | exempt this user from spambot checks * shide_exempt | exempt this user from serverhiding * jupe_exempt | exempt this user from generating @@ -207,11 +230,10 @@ operator "god" { * global_kill: allows local and remote users to be * /KILL'd (OLD 'O' flag) * remote: allows remote SQUIT and CONNECT (OLD 'R' flag) - * kline: allows KILL, KLINE and DLINE (OLD 'K' flag) + * kline: allows KLINE and DLINE (OLD 'K' flag) * unkline: allows UNKLINE and UNDLINE (OLD 'U' flag) - * gline: allows GLINE (OLD 'G' flag) * nick_changes: allows oper to see nickchanges (OLD 'N' flag) - * via usermode +n + * via snomask +n * rehash: allows oper to REHASH config (OLD 'H' flag) * die: allows DIE and RESTART (OLD 'D' flag) * admin: gives admin privileges. admins @@ -221,13 +243,15 @@ operator "god" { * will not have the admin lines in * stats p and whois. * xline: allows use of /quote xline/unxline - * operwall: allows the oper to send operwalls [DEFAULT] + * resv: allows /quote resv/unresv and cmode +LP [DEFAULT] + * operwall: allows the oper to send/receive operwalls [DEFAULT] * oper_spy: allows 'operspy' features to see through +s * channels etc. see /quote help operspy * hidden_oper: hides the oper from /stats p (OLD UMODE +p) * remoteban: allows remote kline etc [DEFAULT] + * mass_notice: allows sending wallops and mass notices [DEFAULT] */ - flags = global_kill, remote, kline, unkline, gline, + flags = global_kill, remote, kline, unkline, die, rehash, admin, xline, operwall; }; @@ -240,10 +264,21 @@ connect "irc.uplink.com" { class = "server"; flags = compressed, topicburst; - /* If the connection is IPv6, uncomment below */ + /* If the connection is IPv6, uncomment below. + * Use 0::1, not ::1, for IPv6 localhost. */ #aftype = ipv6; }; +connect "ssl.uplink.com" { + host = "192.168.0.1"; + send_password = "password"; + accept_password = "anotherpassword"; + port = 9999; + hub_mask = "*"; + class = "server"; + flags = ssl, topicburst; +}; + service { name = "services.int"; }; @@ -258,7 +293,7 @@ shared { flags = all, rehash; }; -/* exempt {}: IPs that are exempt from Dlines. (OLD d:) */ +/* exempt {}: IPs that are exempt from Dlines and rejectcache. (OLD d:) */ exempt { ip = "127.0.0.1"; }; @@ -268,7 +303,6 @@ channel { use_except = yes; use_knock = yes; use_forward = yes; - invite_ops_only = yes; knock_delay = 5 minutes; knock_delay_channel = 1 minute; max_chans_per_user = 15; @@ -308,17 +342,20 @@ serverhide { * ${nick} - the user's nickname * ${network-name} - the name of the network * - * Note: AHBL (the providers of the below BLs) request that they be + * Note: AHBL (the providers of the below *.ahbl.org BLs) request that they be * contacted, via email, at admins@2mbit.com before using these BLs. * See for more information. */ -#blacklist { +blacklist { + host = "dnsbl.dronebl.org"; + reject_reason = "${nick}, your IP (${ip}) is listed in DroneBL. For assistance, see http://dronebl.org/lookup_branded.do?ip=${ip}&network=${network-name}"; + # host = "ircbl.ahbl.org"; # reject_reason = "${nick}, your IP (${ip}) is listed in ${dnsbl-host} for having an open proxy. In order to protect ${network-name} from abuse, we are not allowing connections with open proxies to connect."; # # host = "tor.ahbl.org"; # reject_reason = "${nick}, your IP (${ip}) is listed as a TOR exit node. In order to protect ${network-name} from tor-based abuse, we are not allowing TOR exit nodes to connect to our network."; -#}; +}; alias "NickServ" { target = "NickServ"; @@ -372,7 +409,6 @@ general { default_floodcount = 10; failed_oper_notice = yes; dots_in_ident=2; - dot_in_ip6_addr = no; min_nonwildcard = 4; min_nonwildcard_simple = 3; max_accept = 100; @@ -413,10 +449,6 @@ general { connect_timeout = 30 seconds; disable_auth = no; no_oper_flood = yes; - glines = no; - gline_time = 1 day; - gline_min_cidr = 16; - idletime = 0; max_targets = 4; client_flood = 20; use_whois_actually = no; @@ -428,6 +460,7 @@ general { reject_ban_time = 1 minute; reject_after_count = 3; reject_duration = 5 minutes; + max_unknown_ip = 2; }; modules {