]>
Commit | Line | Data |
---|---|---|
2ae078d8 AB |
1 | Server config file format |
2 | ========================= | |
3 | ||
4 | General format | |
8a7d33db | 5 | ~~~~~~~~~~~~~~ |
2ae078d8 AB |
6 | |
7 | The config file consists of a series of BIND-style blocks. Each block | |
8 | consists of a series of values inside it which pertain to configuration | |
9 | settings that apply to the given block. | |
10 | ||
11 | Several values take lists of values and have defaults preset inside | |
9546ba08 | 12 | them. Prefix a keyword with a tilde (``~``) to override the default and |
2ae078d8 AB |
13 | disable it. |
14 | ||
9546ba08 AB |
15 | A line may also be a .include directive, which is of the form:: |
16 | ||
17 | .include "file" | |
18 | ||
19 | and causes file to be read in at that point, before the rest of | |
2ae078d8 | 20 | the current file is processed. Relative paths are first tried relative |
9546ba08 | 21 | to ``PREFIX`` and then relative to ``ETCPATH`` (normally ``PREFIX``/etc). |
2ae078d8 | 22 | |
9546ba08 | 23 | Anything from a ``#`` to the end of a line is a comment. Blank lines are |
2ae078d8 AB |
24 | ignored. C-style comments are also supported. |
25 | ||
26 | Specific blocks and directives | |
8a7d33db | 27 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ |
2ae078d8 AB |
28 | |
29 | Not all configuration blocks and directives are listed here, only the | |
30 | most common ones. More blocks and directives will be documented in later | |
31 | revisions of this manual. | |
32 | ||
33 | loadmodule directive | |
34 | -------------------- | |
35 | ||
9546ba08 AB |
36 | :: |
37 | ||
38 | loadmodule "text"; | |
39 | ||
2ae078d8 AB |
40 | Loads a module into the IRCd. In charybdis 1.1, most modules are |
41 | automatically loaded in. In future versions, it is intended to remove | |
42 | this behaviour as to allow for easy customization of the IRCd's | |
43 | featureset. | |
44 | ||
45 | serverinfo {} block | |
46 | ------------------- | |
47 | ||
9546ba08 AB |
48 | :: |
49 | ||
50 | serverinfo { | |
51 | name = "text"; | |
52 | sid = "text"; | |
53 | description = "text"; | |
54 | network_name = "text"; | |
55 | network_desc = "text"; | |
56 | hub = boolean; | |
57 | vhost = "text"; | |
58 | vhost6 = "text"; | |
59 | }; | |
60 | ||
2ae078d8 AB |
61 | The serverinfo {} block defines the core operational parameters of the |
62 | IRC server. | |
63 | ||
9546ba08 AB |
64 | serverinfo {} variables |
65 | ~~~~~~~~~~~~~~~~~~~~~~~ | |
66 | ||
2ae078d8 AB |
67 | name |
68 | The name of the IRC server that you are configuring. This must | |
69 | contain at least one dot. It is not necessarily equal to any DNS | |
70 | name. This must be unique on the IRC network. | |
71 | ||
72 | sid | |
73 | A unique ID which describes the server. This consists of one digit | |
74 | and two characters which can be digits or letters. | |
75 | ||
76 | description | |
77 | A user-defined field of text which describes the IRC server. This | |
9546ba08 | 78 | information is used in ``/links`` and ``/whois`` requests. Geographical |
2ae078d8 AB |
79 | location information could be a useful use of this field, but most |
80 | administrators put a witty saying inside it instead. | |
81 | ||
82 | network\_name | |
83 | The name of the IRC network that this server will be a member of. | |
9546ba08 | 84 | This is used in the welcome message and ``NETWORK=`` in 005. |
2ae078d8 AB |
85 | |
86 | hub | |
87 | A boolean which defines whether or not this IRC server will be | |
88 | serving as a hub, i.e. have multiple servers connected to it. | |
89 | ||
90 | vhost | |
91 | An optional text field which defines an IPv4 address from which | |
92 | to connect outward to other IRC servers. | |
93 | ||
94 | vhost6 | |
95 | An optional text field which defines an IPv6 address from which | |
96 | to connect outward to other IRC servers. | |
97 | ||
98 | admin {} block | |
99 | -------------- | |
100 | ||
9546ba08 AB |
101 | :: |
102 | ||
103 | admin { | |
104 | name = "text"; | |
105 | description = "text"; | |
106 | email = "text"; | |
107 | }; | |
108 | ||
109 | This block provides the information which is returned by the ``ADMIN`` | |
2ae078d8 AB |
110 | command. |
111 | ||
112 | name | |
113 | The name of the administrator running this service. | |
114 | ||
115 | description | |
116 | The description of the administrator's position in the network. | |
117 | ||
118 | ||
119 | A point of contact for the administrator, usually an e-mail address. | |
120 | ||
121 | class {} block | |
122 | -------------- | |
123 | ||
9546ba08 AB |
124 | :: |
125 | ||
126 | class "name" { | |
127 | ping_time = duration; | |
128 | number_per_ident = number; | |
129 | number_per_ip = number; | |
130 | number_per_ip_global = number; | |
131 | cidr_ipv4_bitlen = number; | |
132 | cidr_ipv6_bitlen = number; | |
133 | number_per_cidr = number; | |
134 | max_number = number; | |
135 | sendq = size; | |
136 | }; | |
137 | ||
138 | class "name" { | |
139 | ping_time = duration; | |
140 | connectfreq = duration; | |
141 | max_number = number; | |
142 | sendq = size; | |
143 | }; | |
144 | ||
2ae078d8 AB |
145 | Class blocks define classes of connections for later use. The class name |
146 | is used to connect them to other blocks in the config file (auth{} and | |
147 | connect{}). They must be defined before they are used. | |
148 | ||
149 | Classes are used both for client and server connections, but most | |
150 | variables are different. | |
151 | ||
9546ba08 AB |
152 | class {} variables: client classes |
153 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
154 | ||
2ae078d8 AB |
155 | ping\_time |
156 | The amount of time between checking pings for clients, e.g.: 2 | |
157 | minutes | |
158 | ||
159 | number\_per\_ident | |
160 | The amount of clients which may be connected from a single identd | |
161 | username on a per-IP basis, globally. Unidented clients all count as | |
162 | the same username. | |
163 | ||
164 | number\_per\_ip | |
165 | The amount of clients which may be connected from a single IP | |
166 | address. | |
167 | ||
168 | number\_per\_ip\_global | |
169 | The amount of clients which may be connected globally from a single | |
170 | IP address. | |
171 | ||
172 | cidr\_ipv4\_bitlen | |
173 | The netblock length to use with CIDR-based client limiting for IPv4 | |
174 | users in this class (between 0 and 32). | |
175 | ||
176 | cidr\_ipv6\_bitlen | |
177 | The netblock length to use with CIDR-based client limiting for IPv6 | |
178 | users in this class (between 0 and 128). | |
179 | ||
180 | number\_per\_cidr | |
181 | The amount of clients which may be connected from a single netblock. | |
182 | ||
183 | If this needs to differ between IPv4 and IPv6, make different | |
184 | classes for IPv4 and IPv6 users. | |
185 | ||
186 | max\_number | |
187 | The maximum amount of clients which may use this class at any given | |
188 | time. | |
189 | ||
190 | sendq | |
191 | The maximum size of the queue of data to be sent to a client before | |
192 | it is dropped. | |
193 | ||
9546ba08 AB |
194 | class {} variables: server classes |
195 | ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ | |
196 | ||
2ae078d8 AB |
197 | ping\_time |
198 | The amount of time between checking pings for servers, e.g.: 2 | |
199 | minutes | |
200 | ||
201 | connectfreq | |
202 | The amount of time between autoconnects. This must at least be one | |
203 | minute, as autoconnects are evaluated with that granularity. | |
204 | ||
205 | max\_number | |
206 | The amount of servers to autoconnect to in this class. More | |
207 | precisely, no autoconnects are done if the number of servers in this | |
208 | class is greater than or equal max\_number | |
209 | ||
210 | sendq | |
211 | The maximum size of the queue of data to be sent to a server before | |
212 | it is dropped. | |
213 | ||
214 | auth {} block | |
215 | ------------- | |
216 | ||
9546ba08 AB |
217 | :: |
218 | ||
219 | auth { | |
220 | user = "hostmask"; | |
221 | password = "text"; | |
222 | spoof = "text"; | |
223 | flags = list; | |
224 | class = "text"; | |
225 | }; | |
226 | ||
2ae078d8 AB |
227 | auth {} blocks allow client connections to the server, and set various |
228 | properties concerning those connections. | |
229 | ||
230 | Auth blocks are evaluated from top to bottom in priority, so put special | |
231 | blocks first. | |
232 | ||
9546ba08 AB |
233 | auth {} variables |
234 | ~~~~~~~~~~~~~~~~~ | |
235 | ||
2ae078d8 | 236 | user |
9546ba08 | 237 | A hostmask (``user@host``) that the auth {} block applies to. It is |
2ae078d8 AB |
238 | matched against the hostname and IP address (using :: shortening for |
239 | IPv6 and prepending a 0 if it starts with a colon) and can also use | |
240 | CIDR masks. You can have multiple user entries. | |
241 | ||
242 | password | |
243 | An optional password to use for authenticating into this auth{} | |
244 | block. If the password is wrong the user will not be able to connect | |
245 | (will not fall back on another auth{} block). | |
246 | ||
247 | spoof | |
9546ba08 AB |
248 | An optional fake hostname (or ``user@host``) to apply to users |
249 | authenticated to this auth{} block. In ``STATS i`` and ``TESTLINE``, an | |
250 | equals sign (=) appears before the ``user@host`` and the spoof is shown. | |
2ae078d8 AB |
251 | |
252 | flags | |
9546ba08 | 253 | A list of flags to apply to this ``auth{}`` block. They are listed |
2ae078d8 | 254 | below. Some of the flags appear as a special character, |
9546ba08 AB |
255 | parenthesized in the list, before the ``user@host`` in ``STATS i`` and |
256 | ``TESTLINE``. | |
2ae078d8 AB |
257 | |
258 | class | |
259 | A name of a class to put users matching this auth{} block into. | |
260 | ||
9546ba08 AB |
261 | auth {} flags |
262 | ~~~~~~~~~~~~~ | |
263 | ||
2ae078d8 AB |
264 | encrypted |
265 | The password used has been encrypted. | |
266 | ||
267 | spoof\_notice | |
268 | Causes the IRCd to send out a server notice when activating a spoof | |
269 | provided by this auth{} block. | |
270 | ||
271 | exceed\_limit (>) | |
272 | Users in this auth{} block can exceed class-wide limitations. | |
273 | ||
274 | dnsbl\_exempt ($) | |
275 | Users in this auth{} block are exempted from DNS blacklist checks. | |
276 | However, they will still be warned if they are listed. | |
277 | ||
278 | kline\_exempt (^) | |
279 | Users in this auth{} block are exempted from DNS blacklists, k:lines | |
280 | and x:lines. | |
281 | ||
282 | spambot\_exempt | |
283 | Users in this auth{} block are exempted from spambot checks. | |
284 | ||
285 | shide\_exempt | |
286 | Users in this auth{} block are exempted from some serverhiding | |
287 | effects. | |
288 | ||
289 | jupe\_exempt | |
290 | Users in this auth{} block do not trigger an alarm when joining | |
291 | juped channels. | |
292 | ||
293 | resv\_exempt | |
294 | Users in this auth{} block may use reserved nicknames and channels. | |
295 | ||
9546ba08 | 296 | .. note:: The initial nickname may still not be reserved. |
4245facd AB |
297 | |
298 | flood\_exempt (\|) Users in this auth{} block may send arbitrary | |
299 | amounts of commands per time unit to the server. This does not | |
300 | exempt them from any other flood limits. You should use this | |
301 | setting with caution. | |
2ae078d8 AB |
302 | |
303 | no\_tilde (-) | |
304 | Users in this auth{} block will not have a tilde added to their | |
305 | username if they do not run identd. | |
306 | ||
307 | need\_ident (+) | |
308 | Users in this auth{} block must have identd, otherwise they will be | |
309 | rejected. | |
310 | ||
311 | need\_ssl | |
312 | Users in this auth{} block must be connected via SSL/TLS, otherwise | |
313 | they will be rejected. | |
314 | ||
315 | need\_sasl | |
316 | Users in this auth{} block must identify via SASL, otherwise they | |
317 | will be rejected. | |
318 | ||
319 | exempt {} block | |
320 | --------------- | |
321 | ||
9546ba08 AB |
322 | :: |
323 | ||
324 | exempt { | |
325 | ip = "ip"; | |
326 | }; | |
327 | ||
328 | An exempt block specifies IP addresses which are exempt from ``D:lines`` and | |
2ae078d8 | 329 | throttling. Multiple addresses can be specified in one block. Clients |
9546ba08 | 330 | coming from these addresses can still be ``K/G/X:lined`` or banned by a DNS |
2ae078d8 AB |
331 | blacklist unless they also have appropriate flags in their auth{} block. |
332 | ||
9546ba08 AB |
333 | exempt {} variables |
334 | ~~~~~~~~~~~~~~~~~~~ | |
335 | ||
2ae078d8 AB |
336 | ip |
337 | The IP address or CIDR range to exempt. | |
338 | ||
339 | privset {} block | |
340 | ---------------- | |
341 | ||
9546ba08 AB |
342 | :: |
343 | ||
344 | privset { | |
345 | extends = "name"; | |
346 | privs = list; | |
347 | }; | |
348 | ||
2ae078d8 AB |
349 | A privset (privilege set) block specifies a set of operator privileges. |
350 | ||
9546ba08 AB |
351 | privset {} variables |
352 | ~~~~~~~~~~~~~~~~~~~~ | |
353 | ||
2ae078d8 AB |
354 | extends |
355 | An optional privset to inherit. The new privset will have all | |
356 | privileges that the given privset has. | |
357 | ||
358 | privs | |
359 | Privileges to grant to this privset. These are described in the | |
360 | operator privileges section. | |
361 | ||
362 | operator {} block | |
363 | ----------------- | |
364 | ||
9546ba08 AB |
365 | :: |
366 | ||
367 | operator "name" { | |
368 | user = "hostmask"; | |
369 | password = "text"; | |
370 | rsa_public_key_file = "text"; | |
371 | umodes = list; | |
372 | snomask = "text"; | |
373 | flags = list; | |
374 | }; | |
375 | ||
376 | Operator blocks define who may use the ``OPER`` command to gain extended | |
2ae078d8 AB |
377 | privileges. |
378 | ||
9546ba08 AB |
379 | operator {} variables |
380 | ~~~~~~~~~~~~~~~~~~~~~ | |
381 | ||
2ae078d8 AB |
382 | user |
383 | A hostmask that users trying to use this operator {} block must | |
384 | match. This is checked against the original host and IP address; | |
385 | CIDR is also supported. So auth {} spoofs work in operator {} | |
386 | blocks; the real host behind them is not checked. Other kind of | |
387 | spoofs do not work in operator {} blocks; the real host behind them | |
388 | is checked. | |
389 | ||
390 | Note that this is different from charybdis 1.x where all kinds of | |
391 | spoofs worked in operator {} blocks. | |
392 | ||
393 | password | |
9546ba08 | 394 | A password used with the ``OPER`` command to use this operator {} block. |
2ae078d8 AB |
395 | Passwords are encrypted by default, but may be unencrypted if |
396 | ~encrypted is present in the flags list. | |
397 | ||
398 | rsa\_public\_key\_file | |
399 | An optional path to a RSA public key file associated with the | |
9546ba08 | 400 | operator {} block. This information is used by the ``CHALLENGE`` |
2ae078d8 | 401 | command, which is an alternative authentication scheme to the |
9546ba08 | 402 | traditional ``OPER`` command. |
2ae078d8 AB |
403 | |
404 | umodes | |
405 | A list of usermodes to apply to successfully opered clients. | |
406 | ||
407 | snomask | |
408 | An snomask to apply to successfully opered clients. | |
409 | ||
410 | privset | |
411 | The privilege set granted to successfully opered clients. This must | |
412 | be defined before this operator{} block. | |
413 | ||
414 | flags | |
415 | A list of flags to apply to this operator{} block. They are listed | |
416 | below. | |
417 | ||
9546ba08 AB |
418 | operator {} flags |
419 | ~~~~~~~~~~~~~~~~~ | |
420 | ||
2ae078d8 AB |
421 | encrypted |
422 | The password used has been encrypted. This is enabled by default, | |
423 | use ~encrypted to disable it. | |
424 | ||
425 | need\_ssl | |
426 | Restricts use of this operator{} block to SSL/TLS connections only. | |
427 | ||
428 | connect {} block | |
429 | ---------------- | |
430 | ||
9546ba08 AB |
431 | :: |
432 | ||
433 | connect "name" { | |
434 | host = "text"; | |
435 | send_password = "text"; | |
436 | accept_password = "text"; | |
437 | port = number; | |
438 | hub_mask = "mask"; | |
439 | leaf_mask = "mask"; | |
440 | class = "text"; | |
441 | flags = list; | |
442 | aftype = protocol; | |
443 | }; | |
444 | ||
2ae078d8 AB |
445 | Connect blocks define what servers may connect or be connected to. |
446 | ||
9546ba08 AB |
447 | connect {} variables |
448 | ~~~~~~~~~~~~~~~~~~~~ | |
449 | ||
2ae078d8 AB |
450 | host |
451 | The hostname or IP to connect to. | |
452 | ||
9546ba08 AB |
453 | .. note:: Furthermore, if a hostname is used, it must have an |
454 | ``A`` or ``AAAA`` record (no ``CNAME``) and it must be | |
455 | the primary hostname for inbound connections to work. | |
2ae078d8 AB |
456 | |
457 | send\_password | |
458 | The password to send to the other server. | |
459 | ||
460 | accept\_password | |
461 | The password that should be accepted from the other server. | |
462 | ||
463 | port | |
464 | The port on the other server to connect to. | |
465 | ||
466 | hub\_mask | |
467 | An optional domain mask of servers allowed to be introduced by this | |
468 | link. Usually, "\*" is fine. Multiple hub\_masks may be specified, | |
469 | and any of them may be introduced. Violation of hub\_mask and | |
470 | leaf\_mask restrictions will cause the local link to be closed. | |
471 | ||
472 | leaf\_mask | |
473 | An optional domain mask of servers not allowed to be introduced by | |
474 | this link. Multiple leaf\_masks may be specified, and none of them | |
475 | may be introduced. leaf\_mask has priority over hub\_mask. | |
476 | ||
477 | class | |
478 | The name of the class this server should be placed into. | |
479 | ||
480 | flags | |
481 | A list of flags concerning the connect block. They are listed below. | |
482 | ||
483 | aftype | |
484 | The protocol that should be used to connect with, either ipv4 or | |
485 | ipv6. This defaults to neither, allowing connection using either | |
486 | address family. | |
487 | ||
9546ba08 AB |
488 | connect {} flags |
489 | ~~~~~~~~~~~~~~~~ | |
490 | ||
2ae078d8 AB |
491 | encrypted |
492 | The value for accept\_password has been encrypted. | |
493 | ||
494 | autoconn | |
495 | The server should automatically try to connect to the server defined | |
496 | in this connect {} block if it's not connected already and | |
497 | max\_number in the class is not reached yet. | |
498 | ||
499 | compressed | |
500 | Ziplinks should be used with this server connection. This compresses | |
501 | traffic using zlib, saving some bandwidth and speeding up netbursts. | |
502 | ||
503 | If you have trouble setting up a link, you should turn this off as | |
504 | it often hides error messages. | |
505 | ||
506 | topicburst | |
507 | Topics should be bursted to this server. | |
508 | ||
509 | This is enabled by default. | |
510 | ||
511 | listen {} block | |
512 | --------------- | |
513 | ||
9546ba08 AB |
514 | :: |
515 | ||
516 | listen { | |
517 | host = "text"; | |
518 | port = number; | |
519 | }; | |
520 | ||
2ae078d8 AB |
521 | A listen block specifies what ports a server should listen on. |
522 | ||
9546ba08 AB |
523 | listen {} variables |
524 | ~~~~~~~~~~~~~~~~~~~ | |
525 | ||
2ae078d8 AB |
526 | host |
527 | An optional host to bind to. Otherwise, the ircd will listen on all | |
528 | available hosts. | |
529 | ||
530 | port | |
531 | A port to listen on. You can specify multiple ports via commas, and | |
532 | define a range by seperating the start and end ports with two dots | |
533 | (..). | |
534 | ||
535 | modules {} block | |
536 | ---------------- | |
537 | ||
9546ba08 AB |
538 | :: |
539 | ||
540 | modules { | |
541 | path = "text"; | |
542 | module = text; | |
543 | }; | |
544 | ||
2ae078d8 AB |
545 | The modules block specifies information for loadable modules. |
546 | ||
9546ba08 AB |
547 | modules {} variables |
548 | ~~~~~~~~~~~~~~~~~~~~ | |
549 | ||
2ae078d8 AB |
550 | path |
551 | Specifies a path to search for loadable modules. | |
552 | ||
553 | module | |
554 | Specifies a module to load, similar to loadmodule. | |
555 | ||
556 | general {} block | |
557 | ---------------- | |
558 | ||
9546ba08 AB |
559 | :: |
560 | ||
561 | modules { | |
562 | values | |
563 | }; | |
564 | ||
2ae078d8 AB |
565 | The general block specifies a variety of options, many of which were in |
566 | ``config.h`` in older daemons. The options are documented in | |
567 | ``reference.conf``. | |
568 | ||
569 | channel {} block | |
570 | ---------------- | |
571 | ||
9546ba08 AB |
572 | :: |
573 | ||
574 | modules { | |
575 | values | |
576 | }; | |
577 | ||
2ae078d8 AB |
578 | The channel block specifies a variety of channel-related options, many |
579 | of which were in ``config.h`` in older daemons. The options are | |
580 | documented in ``reference.conf``. | |
581 | ||
582 | serverhide {} block | |
583 | ------------------- | |
584 | ||
9546ba08 AB |
585 | :: |
586 | ||
587 | modules { | |
588 | values | |
589 | }; | |
590 | ||
2ae078d8 AB |
591 | The serverhide block specifies options related to server hiding. The |
592 | options are documented in ``reference.conf``. | |
593 | ||
594 | blacklist {} block | |
595 | ------------------ | |
596 | ||
9546ba08 AB |
597 | :: |
598 | ||
599 | blacklist { | |
600 | host = "text"; | |
601 | reject_reason = "text"; | |
602 | }; | |
603 | ||
2ae078d8 AB |
604 | The blacklist block specifies DNS blacklists to check. Listed clients |
605 | will not be allowed to connect. IPv6 clients are not checked against | |
606 | these. | |
607 | ||
608 | Multiple blacklists can be specified, in pairs with first host then | |
609 | reject\_reason. | |
610 | ||
9546ba08 AB |
611 | blacklist {} variables |
612 | ~~~~~~~~~~~~~~~~~~~~~~ | |
613 | ||
2ae078d8 AB |
614 | host |
615 | The DNSBL to use. | |
616 | ||
617 | reject\_reason | |
618 | The reason to send to listed clients when disconnecting them. | |
619 | ||
620 | alias {} block | |
621 | -------------- | |
622 | ||
9546ba08 AB |
623 | :: |
624 | ||
625 | alias "name" { | |
626 | target = "text"; | |
627 | }; | |
628 | ||
2ae078d8 | 629 | Alias blocks allow the definition of custom commands. These commands |
9546ba08 | 630 | send ``PRIVMSG`` to the given target. A real command takes precedence above |
2ae078d8 AB |
631 | an alias. |
632 | ||
9546ba08 AB |
633 | alias {} variables |
634 | ~~~~~~~~~~~~~~~~~~ | |
635 | ||
2ae078d8 | 636 | target |
9546ba08 | 637 | The target nick (must be a network service (umode ``+S``)) or |
2ae078d8 AB |
638 | user@server. In the latter case, the server cannot be this server, |
639 | only opers can use user starting with "opers" reliably and the user | |
640 | is interpreted on the target server only so you may need to use | |
641 | nick@server instead). | |
642 | ||
643 | cluster {} block | |
644 | ---------------- | |
645 | ||
9546ba08 AB |
646 | :: |
647 | ||
648 | cluster { | |
649 | name = "text"; | |
650 | flags = list; | |
651 | }; | |
652 | ||
2ae078d8 AB |
653 | The cluster block specifies servers we propagate things to |
654 | automatically. This does not allow them to set bans, you need a separate | |
655 | shared{} block for that. | |
656 | ||
657 | Having overlapping cluster{} items will cause the command to be executed | |
658 | twice on the target servers. This is particularly undesirable for ban | |
659 | removals. | |
660 | ||
9546ba08 AB |
661 | The letters in parentheses denote the flags in ``/stats`` U. |
662 | ||
663 | cluster {} variables | |
664 | ~~~~~~~~~~~~~~~~~~~~ | |
2ae078d8 AB |
665 | |
666 | name | |
667 | The server name to share with, this may contain wildcards and may be | |
668 | stacked. | |
669 | ||
670 | flags | |
671 | The list of what to share, all the name lines above this (up to | |
672 | another flags entry) will receive these flags. They are listed | |
673 | below. | |
674 | ||
9546ba08 AB |
675 | cluster {} flags |
676 | ~~~~~~~~~~~~~~~~ | |
677 | ||
2ae078d8 | 678 | kline (K) |
9546ba08 | 679 | Permanent ``K:lines`` |
2ae078d8 AB |
680 | |
681 | tkline (k) | |
9546ba08 | 682 | Temporary ``K:lines`` |
2ae078d8 AB |
683 | |
684 | unkline (U) | |
9546ba08 | 685 | ``K:line`` removals |
2ae078d8 AB |
686 | |
687 | xline (X) | |
9546ba08 | 688 | Permanent ``X:lines`` |
2ae078d8 AB |
689 | |
690 | txline (x) | |
9546ba08 | 691 | Temporary ``X:lines`` |
2ae078d8 AB |
692 | |
693 | unxline (Y) | |
9546ba08 | 694 | ``X:line`` removals |
2ae078d8 AB |
695 | |
696 | resv (Q) | |
697 | Permanently reserved nicks/channels | |
698 | ||
699 | tresv (q) | |
700 | Temporarily reserved nicks/channels | |
701 | ||
702 | unresv (R) | |
9546ba08 | 703 | ``RESV`` removals |
2ae078d8 AB |
704 | |
705 | locops (L) | |
9546ba08 AB |
706 | ``LOCOPS`` messages (sharing this with \* makes ``LOCOPS`` rather similar to |
707 | ``OPERWALL`` which is not useful) | |
2ae078d8 AB |
708 | |
709 | all | |
710 | All of the above | |
711 | ||
712 | shared {} block | |
713 | --------------- | |
714 | ||
9546ba08 AB |
715 | :: |
716 | ||
717 | shared { | |
718 | oper = "user@host", "server"; | |
719 | flags = list; | |
720 | }; | |
721 | ||
2ae078d8 AB |
722 | The shared block specifies opers allowed to perform certain actions on |
723 | our server remotely. These are ordered top down. The first one matching | |
724 | will determine the oper's access. If access is denied, the command will | |
725 | be silently ignored. | |
726 | ||
9546ba08 AB |
727 | The letters in parentheses denote the flags in ``/stats U``. |
728 | ||
729 | shared {} variables | |
730 | ~~~~~~~~~~~~~~~~~~~ | |
2ae078d8 AB |
731 | |
732 | oper | |
733 | The user@host the oper must have, and the server they must be on. | |
734 | This may contain wildcards. | |
735 | ||
736 | flags | |
737 | The list of what to allow, all the oper lines above this (up to | |
738 | another flags entry) will receive these flags. They are listed | |
739 | below. | |
740 | ||
9546ba08 AB |
741 | .. note:: While they have the same names, the flags have subtly |
742 | different meanings from those in the cluster{} block. | |
743 | ||
744 | shared {} flags | |
745 | ~~~~~~~~~~~~~~~ | |
2ae078d8 AB |
746 | |
747 | kline (K) | |
9546ba08 | 748 | Permanent and temporary ``K:lines`` |
2ae078d8 AB |
749 | |
750 | tkline (k) | |
9546ba08 | 751 | Temporary ``K:lines`` |
2ae078d8 AB |
752 | |
753 | unkline (U) | |
9546ba08 | 754 | ``K:line`` removals |
2ae078d8 AB |
755 | |
756 | xline (X) | |
9546ba08 | 757 | Permanent and temporary ``X:lines`` |
2ae078d8 AB |
758 | |
759 | txline (x) | |
9546ba08 | 760 | Temporary ``X:lines`` |
2ae078d8 AB |
761 | |
762 | unxline (Y) | |
9546ba08 | 763 | ``X:line`` removals |
2ae078d8 AB |
764 | |
765 | resv (Q) | |
766 | Permanently and temporarily reserved nicks/channels | |
767 | ||
768 | tresv (q) | |
769 | Temporarily reserved nicks/channels | |
770 | ||
771 | unresv (R) | |
9546ba08 | 772 | ``RESV`` removals |
2ae078d8 AB |
773 | |
774 | all | |
775 | All of the above; this does not include locops, rehash, dline, | |
776 | tdline or undline. | |
777 | ||
778 | locops (L) | |
9546ba08 AB |
779 | ``LOCOPS`` messages (accepting this from \* makes ``LOCOPS`` rather similar |
780 | to ``OPERWALL`` which is not useful); unlike the other flags, this can | |
2ae078d8 AB |
781 | only be accepted from \*@\* although it can be restricted based on |
782 | source server. | |
783 | ||
784 | rehash (H) | |
9546ba08 | 785 | ``REHASH`` commands; all options can be used |
2ae078d8 AB |
786 | |
787 | dline (D) | |
9546ba08 | 788 | Permanent and temporary ``D:lines`` |
2ae078d8 AB |
789 | |
790 | tdline (d) | |
9546ba08 | 791 | Temporary ``D:lines`` |
2ae078d8 AB |
792 | |
793 | undline (E) | |
9546ba08 | 794 | ``D:line`` removals |
2ae078d8 AB |
795 | |
796 | none | |
797 | Allow nothing to be done | |
798 | ||
799 | service {} block | |
800 | ---------------- | |
801 | ||
9546ba08 AB |
802 | :: |
803 | ||
804 | service { | |
805 | name = "text"; | |
806 | }; | |
807 | ||
2ae078d8 AB |
808 | The service block specifies privileged servers (services). These servers |
809 | have extra privileges such as setting login names on users and | |
9546ba08 | 810 | introducing clients with umode ``+S`` (unkickable, hide channels, etc). This |
2ae078d8 AB |
811 | does not allow them to set bans, you need a separate shared{} block for |
812 | that. | |
813 | ||
814 | Do not place normal servers here. | |
815 | ||
816 | Multiple names may be specified but there may be only one service{} | |
817 | block. | |
818 | ||
9546ba08 AB |
819 | service {} variables |
820 | ~~~~~~~~~~~~~~~~~~~~ | |
821 | ||
2ae078d8 AB |
822 | name |
823 | The server name to grant special privileges. This may not contain | |
824 | wildcards. | |
825 | ||
826 | Hostname resolution (DNS) | |
8a7d33db | 827 | ~~~~~~~~~~~~~~~~~~~~~~~~~ |
2ae078d8 AB |
828 | |
829 | Charybdis uses solely DNS for all hostname/address lookups (no | |
830 | ``/etc/hosts`` or anything else). The DNS servers are taken from | |
831 | ``/etc/resolv.conf``. If this file does not exist or no valid IP | |
9546ba08 | 832 | addresses are listed in it, the local host (``127.0.0.1``) is used. (Note |
2ae078d8 AB |
833 | that the latter part did not work in older versions of Charybdis.) |
834 | ||
835 | IPv4 as well as IPv6 DNS servers are supported, but it is not possible | |
836 | to use both IPv4 and IPv6 in ``/etc/resolv.conf``. | |
837 | ||
838 | For both security and performance reasons, it is recommended that a | |
839 | caching nameserver such as BIND be run on the same machine as Charybdis | |
9546ba08 | 840 | and that ``/etc/resolv.conf`` only list ``127.0.0.1``. |