X-Git-Url: https://jfr.im/git/solanum.git/blobdiff_plain/cdc31cc55fb9cff25251e8236007204386194170..f590bc6cece0cf3961f1a115fafec706f17a98f4:/doc/ircd.conf.example diff --git a/doc/ircd.conf.example b/doc/ircd.conf.example index a635abb8..8771f232 100644 --- a/doc/ircd.conf.example +++ b/doc/ircd.conf.example @@ -164,7 +164,13 @@ listen { /* Listen on IPv6 (if you used host= above). */ #host = "2001:db8:2::6"; #port = 5000, 6665 .. 6669; - #sslport = 9999; + #sslport = 6697; + + /* wsock: listeners defined with this option enabled will be websocket listeners, + * and will not accept normal clients. + */ + wsock = yes; + sslport = 9999; }; /* auth {}: allow users to connect to the ircd (OLD I:) @@ -230,7 +236,8 @@ auth { * means they must be defined before operator {}. */ privset "local_op" { - privs = oper:local_kill, oper:operwall; + privs = oper:general, oper:privs, oper:testline, oper:local_kill, oper:operwall, usermode:servnotice, + auspex:oper, auspex:hostname, auspex:umodes, auspex:cmodes; }; privset "server_bot" { @@ -241,7 +248,7 @@ privset "server_bot" { privset "global_op" { extends = "local_op"; privs = oper:global_kill, oper:routing, oper:kline, oper:unkline, oper:xline, - oper:resv, oper:mass_notice, oper:remoteban; + oper:resv, oper:cmodes, oper:mass_notice, oper:remoteban; }; privset "admin" { @@ -368,6 +375,7 @@ channel { autochanmodes = "+nt"; displayed_usercount = 3; strip_topic_colors = no; + opmod_send_statusmsg = no; }; serverhide { @@ -377,14 +385,14 @@ serverhide { disable_hidden = no; }; -/* These are the blacklist settings. +/* These are the DNSBL settings. * You can have multiple combinations of host and rejection reasons. * They are used in pairs of one host/rejection reason. * - * These settings should be adequate for most networks. + * The default settings should be adequate for most networks. * - * Word to the wise: Do not use blacklists like SPEWS for blocking IRC - * connections. + * It is not recommended to use DNSBL services designed for e-mail spam + * prevention, such as SPEWS for blocking IRC connections. * * As of charybdis 2.2, you can do some keyword substitution on the rejection * reason. The available keyword substitutions are: @@ -404,13 +412,13 @@ serverhide { * is considered a match. If included, a comma-separated list of *quoted* * strings is allowed to match queries. They may be of the format "0" to "255" * to match the final octet (e.g. 127.0.0.1) or "127.x.y.z" to explicitly match - * an A record. The blacklist is only applied if it matches anything in the + * an A record. The DNSBL match is only applied if it matches anything in the * list. You may freely mix full IP's and final octets. * - * Consult your blacklist provider for the meaning of these parameters; they - * are usually used to denote different ban types. + * Consult your DNSBL provider for the meaning of these parameters; they + * are usually used to denote different block reasons. */ -blacklist { +dnsbl { host = "rbl.efnetrbl.org"; type = ipv4; reject_reason = "${nick}, your IP (${ip}) is listed in EFnet's RBL. For assistance, see http://efnetrbl.org/?i=${ip}"; @@ -434,10 +442,9 @@ blacklist { * WARNING: * These settings are considered experimental. Only the most common proxy types * are checked for (Charybdis is immune from POST and GET proxies). If you are - * not comfortable with experimental code, remove or comment out the *entire* - * block below to disable the proxy scanner. + * not comfortable with experimental code, do not use this feature. */ -opm { +#opm { /* IPv4 address to listen on. This must be a publicly facing IP address * to be effective. * If omitted, it defaults to serverinfo::vhost. @@ -447,7 +454,7 @@ opm { /* IPv4 port to listen on. * This should not be the same as any existing listeners. */ - #port_ipv4 = 32000; + #port_v4 = 32000; /* IPv6 address to listen on. This must be a publicly facing IP address * to be effective. @@ -458,42 +465,42 @@ opm { /* IPv6 port to listen on. * This should not be the same as any existing listeners. */ - #port_ipv6 = 32000; + #port_v6 = 32000; /* You can also set the listen_port directive which will set both the * IPv4 and IPv6 ports at once. */ - listen_port = 32000; + #listen_port = 32000; /* This sets the timeout in seconds before ending open proxy scans. * Values less than 1 or greater than 60 are ignored. * It is advisable to keep it as short as feasible, so clients do not * get held up by excessively long scan times. */ - timeout = 5; + #timeout = 5; /* These are the ports to scan for SOCKS4 proxies on. They may overlap * with other scan types. Sensible defaults are given below. */ - socks4_ports = 1080, 10800, 443, 80, 8080, 8000; + #socks4_ports = 1080, 10800, 443, 80, 8080, 8000; /* These are the ports to scan for SOCKS5 proxies on. They may overlap * with other scan types. Sensible defaults are given below. */ - socks5_ports = 1080, 10800, 443, 80, 8080, 8000; + #socks5_ports = 1080, 10800, 443, 80, 8080, 8000; /* These are the ports to scan for HTTP connect proxies on (plaintext). * They may overlap with other scan types. Sensible defaults are given * below. */ - httpconnect_ports = 80, 8080, 8000; + #httpconnect_ports = 80, 8080, 8000; /* These are the ports to scan for HTTPS CONNECT proxies on (SSL). * They may overlap with other scan types. Sensible defaults are given * below. */ - httpsconnect_ports = 443, 4443; -}; + #httpsconnect_ports = 443, 4443; +#}; alias "NickServ" { target = "NickServ"; @@ -574,8 +581,8 @@ general { resv_fnc = yes; global_snotices = yes; dline_with_reason = yes; - kline_delay = 0 seconds; kline_with_reason = yes; + hide_tkdline_duration = no; kline_reason = "K-Lined"; identify_service = "NickServ@services.int"; identify_command = "IDENTIFY"; @@ -604,6 +611,7 @@ general { no_oper_flood = yes; max_targets = 4; client_flood_max_lines = 20; + post_registration_delay = 0 seconds; use_whois_actually = no; oper_only_umodes = operwall, locops, servnotice; oper_umodes = locops, servnotice, operwall, wallop; @@ -619,6 +627,7 @@ general { away_interval = 30; certfp_method = spki_sha256; hide_opers_in_whois = no; + tls_ciphers_oper_only = no; }; modules {