X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/662147243540f386d55cdfc76591ab42c1ea7323..04e5ed6c57154114cca330767e3bfb1006b46ee9:/doc/reference.conf diff --git a/doc/reference.conf b/doc/reference.conf index 995075df..64270b46 100644 --- a/doc/reference.conf +++ b/doc/reference.conf @@ -148,7 +148,7 @@ serverinfo { /* vhost6: the IP to bind to when we connect outward to ipv6 servers. * This should be an ipv6 IP only. */ - #vhost6 = "2001:db7:2::6"; + #vhost6 = "2001:db8:2::6"; /* ssl_cert: certificate (and optionally key) for our ssl server */ ssl_cert = "etc/ssl.pem"; @@ -395,6 +395,8 @@ auth { * need_ssl | require SSL/TLS for user in this class * need_sasl | require SASL id for user in this class * extend_chans | allow this user to join more channels than normal + * kline_spoof_ip | if this block has a spoof host, klines match only + * | the spoof and not the underlying IP */ flags = kline_exempt, exceed_limit; @@ -548,9 +550,9 @@ connect "irc.uplink.com" { send_password = "password"; accept_password = "anotherpassword"; - /* fingerprint: if specified, the server's client certificate - * fingerprint will be checked against the specified fingerprint - * below. + /* fingerprint: if flags = ssl is specified, the server's + * certificate fingerprint will be checked against the fingerprint + * specified below. required if using flags = ssl. */ #fingerprint = "c77106576abf7f9f90cca0f63874a60f2e40a64b"; @@ -576,6 +578,7 @@ connect "irc.uplink.com" { * compressed - compress traffic via ziplinks * topicburst - burst topics between servers * ssl - ssl/tls encrypted server connections + * no-export - marks the link as a no-export link (not exported to other links) */ flags = compressed, topicburst; }; @@ -834,6 +837,11 @@ channel { /* strip_topic_colors: whether or not color codes in TOPIC should be stripped. */ strip_topic_colors = no; + + /* opmod_send_statusmsg: format messages sent to ops due to +z + * as PRIVMSG @#channel when sent to clients. + */ + opmod_send_statusmsg = no; }; @@ -918,10 +926,9 @@ blacklist { * WARNING: * These settings are considered experimental. Only the most common proxy types * are checked for (Charybdis is immune from POST and GET proxies). If you are - * not comfortable with experimental code, remove or comment out the *entire* - * block below to disable the proxy scanner. + * not comfortable with experimental code, do not use this feature. */ -opm { +#opm { /* IPv4 address to listen on. This must be a publicly facing IP address * to be effective. * If omitted, it defaults to serverinfo::vhost. @@ -931,7 +938,7 @@ opm { /* IPv4 port to listen on. * This should not be the same as any existing listeners. */ - #port_ipv4 = 32000; + #port_v4 = 32000; /* IPv6 address to listen on. This must be a publicly facing IP address * to be effective. @@ -942,42 +949,42 @@ opm { /* IPv6 port to listen on. * This should not be the same as any existing listeners. */ - #port_ipv6 = 32000; + #port_v6 = 32000; /* You can also set the listen_port directive which will set both the * IPv4 and IPv6 ports at once. */ - listen_port = 32000; + #listen_port = 32000; /* This sets the timeout in seconds before ending open proxy scans. * Values less than 1 or greater than 60 are ignored. * It is advisable to keep it as short as feasible, so clients do not * get held up by excessively long scan times. */ - timeout = 5; + #timeout = 5; /* These are the ports to scan for SOCKS4 proxies on. They may overlap * with other scan types. Sensible defaults are given below. */ - socks4_ports = 80, 443, 1080, 8000, 8080, 10800; + #socks4_ports = 80, 443, 1080, 8000, 8080, 10800; /* These are the ports to scan for SOCKS5 proxies on. They may overlap * with other scan types. Sensible defaults are given below. */ - socks5_ports = 80, 443, 1080, 8000, 8080, 10800; + #socks5_ports = 80, 443, 1080, 8000, 8080, 10800; /* These are the ports to scan for HTTP CONNECT proxies on (plaintext). * They may overlap with other scan types. Sensible defaults are given * below. */ - httpconnect_ports = 80, 8080, 8000; + #httpconnect_ports = 80, 8080, 8000; /* These are the ports to scan for HTTPS CONNECT proxies on (SSL). * They may overlap with other scan types. Sensible defaults are given * below. */ - httpsconnect_ports = 443, 4443; -}; + #httpsconnect_ports = 443, 4443; +#}; /* * Alias blocks allow you to define custom commands. (Old m_sshortcut.c) @@ -1173,17 +1180,16 @@ general { */ dline_with_reason = yes; - /* kline delay: delay the checking of klines until a specified time. - * Useful if large kline lists are applied often to prevent the - * server eating CPU. - */ - kline_delay = 0 seconds; - /* kline reason: show the user the reason why they are k/dlined * on exit. may give away who set k/dline when set via tcm. */ kline_with_reason = yes; + /* tkline duration: when showing users their k/dline reason (see + * kline_with_reason), don't add "Temporary K-line 123 min." + */ + hide_tkdline_duration = no; + /* kline reason: make the users quit message on channels this * reason instead of the oper's reason. */ @@ -1311,6 +1317,12 @@ general { */ max_targets = 4; + /* post-registration delay: wait this long before processing commands from a newly + * registered user. Used to allow network utility bots to perform any actions + * (such as host changes or proxy scanning) before the user can join channels. + */ + post_registration_delay = 2 seconds; + /* use_whois_actually: send clients requesting a whois a numeric * giving the real IP of non-spoofed clients to prevent DNS abuse. */ @@ -1419,7 +1431,7 @@ general { * not change unless the private key is changed. This allows the fingerprint to stay * constant even if the certificate is reissued. These fingerprints will be prefixed with * "SPKI:SHA2-256:" or "SPKI:SHA2-512:" depending on the hash type. These fingerprints - * are not supported on servers running charybdis 3.5 or earlier. + * are not supported on servers running charybdis 3.5.3 or earlier. * * To generate a fingerprint from a certificate file, please use the mkfingerprint utility * program located in the bin/ subdirectory of your IRCd installation. Running it with no