X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/a6f63a829e22fa83a4551cb9aad3e316e7c8bb18..4a8bd0b2fb32e1b0672c765615867f94cf328761:/doc/reference.conf

diff --git a/doc/reference.conf b/doc/reference.conf
index 91bbe113..22ba0160 100644
--- a/doc/reference.conf
+++ b/doc/reference.conf
@@ -63,7 +63,7 @@
  * Server bans (+b $s:mask)                          -- extb_server
  * SSL bans (+b $z)                                  -- extb_ssl
  * User mode bans (+b $u:modes)                      -- extb_usermode
- * Helpops system (umode +H)                         -- helpops
+ * Helpops system (umode +h)                         -- helpops
  * HURT system                                       -- hurt
  * New host mangling (umode +x)                      -- ip_cloaking_4.0
  * Old host mangling (umode +h)                      -- ip_cloaking
@@ -290,14 +290,17 @@ class "server" {
 	 */
 	connectfreq = 5 minutes;
 
-	/* max number: the amount of servers to autoconnect to.  if the number
+	/* max_autoconn: the amount of servers to autoconnect to.  if the number
 	 * of servers in the class is or exceeds this, no more servers in the
 	 * class are autoconnected.  oper initiated connects are unaffected.
 	 * this should usually be set to either 0 or 1.  (autoconnecting from
 	 * hubs to leaves may cause leaves to function as hubs by having
 	 * multiple servers connected to them.)
 	 */
-	max_number = 1;
+	max_autoconn = 1;
+
+	/* max_number: the maximum number of servers allowed in this class */
+	max_number = 100;
 
 	/* sendq: servers need a higher sendq as they are sent more data */
 	sendq = 2 megabytes;
@@ -438,8 +441,7 @@ privset "local_op" {
 	 * auspex:hostname:      shows hidden hostnames/ips
 	 * oper:privs:           allows /stats o/O and seeing privset in /whois
 	 * oper:testline:        allows /testline and /testgecos
-	 * oper:local_kill:      allows local users to be /KILL'd
-	 * oper:global_kill:     allows local and remote users to be /KILL'd
+	 * oper:kill:            allows local and remote users to be /KILL'd
 	 * oper:routing:         allows remote SQUIT and CONNECT
 	 * oper:kline:           allows KLINE and DLINE
 	 * oper:unkline:         allows UNKLINE and UNDLINE
@@ -470,9 +472,9 @@ privset "local_op" {
 	 * oper:override:        enables oper override via umode +p (from extensions/override)
 	 * oper:receive_immunity:
 	 *   confers the benefits of chmode +M (operpeace) (from extensions/chm_operpeace)
-	 * usermode:helpops      allows setting +H (from extensions/helpops)
+	 * usermode:helpops      allows setting +h (from extensions/helpops)
 	 */
-	privs = oper:general, oper:privs, oper:testline, oper:local_kill, oper:operwall, usermode:servnotice,
+	privs = oper:general, oper:privs, oper:testline, oper:kill, oper:operwall, usermode:servnotice,
 		auspex:oper, auspex:hostname, auspex:umodes, auspex:cmodes;
 };
 
@@ -484,7 +486,7 @@ privset "server_bot" {
 
 privset "global_op" {
 	extends = "local_op";
-	privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline,
+	privs = oper:routing, oper:kline, oper:unkline, oper:xline,
 		oper:resv, oper:cmodes, oper:mass_notice, oper:remoteban;
 };
 
@@ -629,12 +631,7 @@ connect "ssl.uplink.com" {
 	flags = ssl, topicburst;
 };
 
-/* cluster {}; servers that we propagate things to automatically.
- * NOTE: This does NOT grant them privileges to apply anything locally,
- *       you must add a seperate shared block for that.  Clustering will
- *       only be done for actions by LOCAL opers, that arent directed
- *       remotely.
- */
+/* cluster {}; servers that we propagate things to automatically. */
 cluster {
 	/* name: the server to share with, this can be a wildcard and may be
 	 * stacked.
@@ -667,8 +664,7 @@ cluster {
 
 /* service{}: privileged servers (services). These servers have extra
  * privileges such as setting login names on users and introducing clients
- * with umode +S (unkickable, hide channels, etc). This does not allow them
- * to set bans, you need a separate shared{} for that.
+ * with umode +S (unkickable, hide channels, etc).
  * Do not place normal servers here.
  * There may be only one service{} block.
  */
@@ -677,59 +673,6 @@ service {
 	name = "services.int";
 };
 
-/* shared {}: users that are allowed to place remote bans on our server.
- * NOTE: These are ordered top down.  The first one the user@host and server
- *       matches will be used.  Their access will then be decided on that
- *       block and will not fall back to another block that matches.
- */
-shared {
-	/* oper: the user@host and server the user must be on to set klines.
-	 * The first field must be a user@host, the second field is an
-	 * optional server.  These may be stacked.
-	 */
-	/* flags: list of what to allow them to place, all the oper lines
-	 * above this (up until another flags entry) will receive these
-	 * flags.  This *must* be present.
-	 *
-	 *    kline   - allow setting perm/temp klines
-	 *    tkline  - allow setting temp klines
-	 *    unkline - allow removing klines
-	 *    xline   - allow setting perm/temp xlines
-	 *    txline  - allow setting temp xlines
-	 *    unxline - allow removing xlines
-	 *    resv    - allow setting perm/temp resvs
-	 *    tresv   - allow setting temp resvs
-	 *    unresv  - allow removing xlines
-	 *    all     - allow oper/server to do all of above.
-	 *    locops  - allow locops - only used for servers who cluster
-	 *    rehash  - allow rehashing
-	 *    dline   - allow setting perm/temp dlines
-	 *    tdline  - allow setting temp dlines
-	 *    undline - allow removing dlines
-	 *    grant   - allow granting operator status
-	 *    die     - allow remote DIE/RESTART
-	 *    module  - allow remote module commands
-	 *    none    - disallow everything
-	 */
-
-	/* allow flame@*.leeh.co.uk on server irc.ircd-ratbox.org and
-	 * allow leeh@*.leeh.co.uk on server ircd.ircd-ratbox.org to kline
-	 */
-	oper = "flame@*.leeh.co.uk", "irc.ircd-ratbox.org";
-	oper = "leeh@*.leeh.co.uk", "ircd.ircd-ratbox.org";
-	flags = kline;
-
-	/* you may forbid certain opers/servers from doing anything */
-	oper = "irc@vanity.oper", "*";
-	oper = "*@*", "irc.vanity.server";
-	oper = "irc@another.vanity.oper", "bigger.vanity.server";
-	flags = none;
-
-	/* or allow everyone to place temp klines */
-	oper = "*@*";
-	flags = tkline;
-};
-
 /* exempt {}: IPs that are exempt from Dlines and rejectcache. (OLD d:) */
 exempt {
 	ip = "192.0.2.0/24";
@@ -738,6 +681,12 @@ exempt {
 	ip = "127.0.0.1";
 };
 
+/* secure {}: IPs that are considered to be secure networks, and get
+ * +Z without using TLS */
+secure {
+	ip = "127.0.0.1";
+};
+
 /* The channel block contains options pertaining to channels */
 channel {
 	/* invex: Enable/disable channel mode +I, a n!u@h list of masks
@@ -1349,7 +1298,7 @@ general {
 
 	/* usermodes configurable: a list of usermodes for the options below
 	 *
-	 * +g - callerid   - Server Side Ignore
+	 * +g - callerid   - Server-side private message allow list
 	 * +D - deaf       - Don't see channel messages
 	 * +i - invisible  - Not shown in NAMES or WHO unless you share a
 	 *                   a channel
@@ -1463,6 +1412,9 @@ general {
 
 	/* tls_ciphers_oper_only: show the TLS cipher string in /WHOIS only to opers and self */
 	tls_ciphers_oper_only = no;
+
+	/* hidden_caps: client capabilities we'll pretend we don't support until they're requested */
+	#hidden_caps = "userhost-in-names";
 };
 
 modules {