* Copyright (C) 2002-2005 ircd-ratbox development team
* Copyright (C) 2005-2006 charybdis development team
*
- * $Id: example.conf 3474 2007-05-24 04:16:02Z nenolod $
+ * $Id: example.conf 3582 2007-11-17 21:55:48Z jilles $
*
* See reference.conf for more information.
*/
/* Extensions */
+#loadmodule "extensions/chm_operonly_compat.so";
+#loadmodule "extensions/chm_quietunreg_compat.so";
+#loadmodule "extensions/chm_sslonly_compat.so";
#loadmodule "extensions/createauthonly.so";
#loadmodule "extensions/extb_account.so";
#loadmodule "extensions/extb_canjoin.so";
#loadmodule "extensions/extb_oper.so";
#loadmodule "extensions/extb_realname.so";
#loadmodule "extensions/extb_server.so";
+#loadmodule "extensions/extb_ssl.so";
#loadmodule "extensions/hurt.so";
#loadmodule "extensions/ip_cloaking.so";
#loadmodule "extensions/m_findforwards.so";
#loadmodule "extensions/m_identify.so";
#loadmodule "extensions/no_oper_invis.so";
-#loadmodule "extensions/sno_channeljoin.so";
#loadmodule "extensions/sno_farconnect.so";
#loadmodule "extensions/sno_globalkline.so";
#loadmodule "extensions/sno_globaloper.so";
serverinfo {
name = "hades.arpa";
- use_ts6 = yes;
sid = "42X";
description = "charybdis test server";
network_name = "AthemeNET";
#vhost = "192.169.0.1";
/* for IPv6 */
#vhost6 = "3ffe:80e8:546::2";
+
+ /* ssl_private_key: our ssl private key */
+ ssl_private_key = "etc/test.key";
+
+ /* ssl_cert: certificate for our ssl server */
+ ssl_cert = "etc/test.cert";
+
+ /* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
+ ssl_dh_params = "etc/dh.pem";
- /* max_clients: This should be set to the maximum amount of clients
- * that the server should support. Note that you should leave some
- * file descriptors free for log files, server connections, ident
- * lookups (if enabled), exceed_limit clients, etc.
+ /* ssld_count: number of ssld processes you want to start, if you have a really busy
+ * server, using N-1 where N is the number of cpu/cpu cores you have might be useful
*/
- max_clients = 1024;
+ ssld_count = 1;
+
+ /* default max clients: the default maximum number of clients
+ * allowed to connect. This can be changed once ircd has started by
+ * issuing:
+ * /quote set maxclients <limit>
+ */
+ default_max_clients = 1024;
};
admin {
fname_operlog = "logs/operlog";
#fname_foperlog = "logs/foperlog";
fname_serverlog = "logs/serverlog";
- fname_glinelog = "logs/glinelog";
#fname_klinelog = "logs/klinelog";
fname_killlog = "logs/killlog";
fname_operspylog = "logs/operspylog";
*/
#host = "192.169.0.1";
port = 5000, 6665 .. 6669;
+ sslport = 9999;
/* Listen on IPv6 (if you used host= above). */
#host = "3ffe:1234:a:b:c::d";
#port = 5000, 6665 .. 6669;
+ #sslport = 9999;
};
/* auth {}: allow users to connect to the ircd (OLD I:)
* then general access, then restricted.
*/
auth {
- /* user: the user@host allowed to connect. multiple IPv4/IPv6 user
- * lines are permitted per auth block.
+ /* user: the user@host allowed to connect. Multiple IPv4/IPv6 user
+ * lines are permitted per auth block. This is matched against the
+ * hostname and IP address (using :: shortening for IPv6 and
+ * prepending a 0 if it starts with a colon) and can also use CIDR
+ * masks.
*/
user = "*@172.16.0.0/12";
user = "*test@123D:B567:*";
* exceed_limit (old > flag) | allow user to exceed class user limits
* kline_exempt (old ^ flag) | exempt this user from k/g/xlines&dnsbls
* dnsbl_exempt | exempt this user from dnsbls
- * gline_exempt (old _ flag) | exempt this user from glines
* spambot_exempt | exempt this user from spambot checks
* shide_exempt | exempt this user from serverhiding
* jupe_exempt | exempt this user from generating
class = "users";
};
+/* privsets... XXX document me later */
+privset "local_op" {
+ privs = oper:local_kill, oper:operwall;
+};
+
+privset "server_bot" {
+ extends = "local_op";
+ privs = oper:global_kill, oper:kline, oper:remoteban, snomask:nick_changes;
+};
+
+privset "global_op" {
+ extends = "local_op";
+ privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline,
+ oper:resv, oper:mass_notice, oper:remoteban;
+};
+
+privset "admin" {
+ extends = "global_op";
+ privs = oper:admin, oper:die, oper:rehash, oper:spy;
+};
+
operator "god" {
/* name: the name of the oper must go above */
* global_kill: allows local and remote users to be
* /KILL'd (OLD 'O' flag)
* remote: allows remote SQUIT and CONNECT (OLD 'R' flag)
- * kline: allows KILL, KLINE and DLINE (OLD 'K' flag)
+ * kline: allows KLINE and DLINE (OLD 'K' flag)
* unkline: allows UNKLINE and UNDLINE (OLD 'U' flag)
- * gline: allows GLINE (OLD 'G' flag)
* nick_changes: allows oper to see nickchanges (OLD 'N' flag)
- * via usermode +n
+ * via snomask +n
* rehash: allows oper to REHASH config (OLD 'H' flag)
* die: allows DIE and RESTART (OLD 'D' flag)
* admin: gives admin privileges. admins
* will not have the admin lines in
* stats p and whois.
* xline: allows use of /quote xline/unxline
- * operwall: allows the oper to send operwalls [DEFAULT]
+ * resv: allows /quote resv/unresv and cmode +LP [DEFAULT]
+ * operwall: allows the oper to send/receive operwalls [DEFAULT]
* oper_spy: allows 'operspy' features to see through +s
* channels etc. see /quote help operspy
* hidden_oper: hides the oper from /stats p (OLD UMODE +p)
* remoteban: allows remote kline etc [DEFAULT]
+ * mass_notice: allows sending wallops and mass notices [DEFAULT]
*/
- flags = global_kill, remote, kline, unkline, gline,
+ flags = global_kill, remote, kline, unkline,
die, rehash, admin, xline, operwall;
+
+ /* privset: replaces flags */
+ privset = "admin";
};
connect "irc.uplink.com" {
class = "server";
flags = compressed, topicburst;
- /* If the connection is IPv6, uncomment below */
+ /* If the connection is IPv6, uncomment below.
+ * Use 0::1, not ::1, for IPv6 localhost. */
#aftype = ipv6;
};
+connect "ssl.uplink.com" {
+ host = "192.168.0.1";
+ send_password = "password";
+ accept_password = "anotherpassword";
+ port = 9999;
+ hub_mask = "*";
+ class = "server";
+ flags = ssl, topicburst;
+};
+
service {
name = "services.int";
};
* ${nick} - the user's nickname
* ${network-name} - the name of the network
*
- * Note: AHBL (the providers of the below BLs) request that they be
+ * Note: AHBL (the providers of the below *.ahbl.org BLs) request that they be
* contacted, via email, at admins@2mbit.com before using these BLs.
* See <http://www.ahbl.org/services.php> for more information.
*/
-#blacklist {
+blacklist {
+ host = "dnsbl.dronebl.org";
+ reject_reason = "${nick}, your IP (${ip}) is listed in DroneBL. For assistance, see http://dronebl.org/lookup_branded.do?ip=${ip}&network=${network-name}";
+
# host = "ircbl.ahbl.org";
# reject_reason = "${nick}, your IP (${ip}) is listed in ${dnsbl-host} for having an open proxy. In order to protect ${network-name} from abuse, we are not allowing connections with open proxies to connect.";
#
# host = "tor.ahbl.org";
# reject_reason = "${nick}, your IP (${ip}) is listed as a TOR exit node. In order to protect ${network-name} from tor-based abuse, we are not allowing TOR exit nodes to connect to our network.";
-#};
+};
alias "NickServ" {
target = "NickServ";
default_floodcount = 10;
failed_oper_notice = yes;
dots_in_ident=2;
- dot_in_ip6_addr = no;
min_nonwildcard = 4;
min_nonwildcard_simple = 3;
max_accept = 100;
connect_timeout = 30 seconds;
disable_auth = no;
no_oper_flood = yes;
- glines = no;
- gline_time = 1 day;
- gline_min_cidr = 16;
- idletime = 0;
max_targets = 4;
client_flood = 20;
use_whois_actually = no;
reject_ban_time = 1 minute;
reject_after_count = 3;
reject_duration = 5 minutes;
- max_unknown_ip = 2;
+ throttle_duration = 60;
+ throttle_count = 4;
};
modules {