diff options
Diffstat (limited to 'docs/conf/inspircd.conf.example')
-rw-r--r-- | docs/conf/inspircd.conf.example | 308 |
1 files changed, 169 insertions, 139 deletions
diff --git a/docs/conf/inspircd.conf.example b/docs/conf/inspircd.conf.example index 7ca028ac0..c08982b98 100644 --- a/docs/conf/inspircd.conf.example +++ b/docs/conf/inspircd.conf.example @@ -34,6 +34,15 @@ # # ######################################################################## +#-#-#-#-#-#-#-#-#-# CONFIGURATION FORMAT #-#-#-#-#-#-#-#-#-#-#-#-#-#- +# # +# In order to maintain compatibility with older configuration files, # +# you can change the configuration parser to parse as it did in # +# previous releases. When using the "compat" format, you need to use # +# C++ escape sequences (e.g. \n) instead of XML ones (e.g. &nl;) and # +# can not use <define> to create macros. # +#<config format="compat"> + #-#-#-#-#-#-#-#-#-# INCLUDE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#-# # # # This optional tag allows you to include another config file # @@ -65,11 +74,6 @@ # # # Variables may be redefined and may reference other variables. # # Value expansion happens at the time the tag is read. # -# # -# Using variable definitions REQUIRES that the config format be # -# changed to "xml" from the default "compat" that uses escape # -# sequences such as "\"" and "\n", and does not support <define> # -<config format="xml"> <define name="bindip" value="1.2.2.3"> <define name="localips" value="&bindip;/24"> @@ -128,7 +132,7 @@ # |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # # # # If you want to link servers to InspIRCd you must load the # -# m_spanningtree.so module! Please see the modules list for # +# spanningtree module! Please see the modules list for # # information on how to load this module! If you do not load this # # module, server ports will NOT work! # @@ -148,52 +152,58 @@ # to this bind section. type="clients" - # ssl: If you want the port(s) in this bind tag to use SSL, set this - # to either "gnutls" or "openssl". The appropriate SSL module must be - # loaded for SSL to work. If you do not want the port(s) in this bind - # tag to support SSL, just remove or comment out this option. + # ssl: If you want the port(s) in this bind tag to use SSL, set this to + # the name of a custom <sslprofile> tag that you have defined or one + # of "openssl", "gnutls", "mbedtls" if you have not defined any. See the + # wiki page for the SSL module you are using for more details. + # + # You will need to load the ssl_openssl module for OpenSSL, ssl_gnutls + # for GnuTLS and ssl_mbedtls for mbedTLS. ssl="gnutls" + + # defer: When this is non-zero, connections will not be handed over to + # the daemon from the operating system before data is ready. + # In Linux, the value indicates the time period we'll wait for a + # connection to come up with data. Don't set it too low! + # In BSD the value is ignored; only zero and non-zero is possible. + # Windows ignores this parameter completely. + # Note: This does not take effect on rehash. + # To change it on a running bind, you'll have to comment it out, + # rehash, comment it in and rehash again. + defer="0" + + # free: When this is enabled the listener will be created regardless of + # whether the interface that provides the bind address is available. This + # is useful for if you are starting InspIRCd on boot when the server may + # not have brought the network interfaces up yet. + free="no" > <bind address="" port="6660-6669" type="clients"> -# When linking servers, the OpenSSL and GnuTLS implementations are completely -# link-compatible and can be used alongside each other -# on each end of the link without any significant issues. -# Supported SSL types are: "openssl" and "gnutls". -# You must load m_ssl_openssl for OpenSSL or m_ssl_gnutls for GnuTLS. +# Listener accepting HTML5 WebSocket connections. +# Requires the websocket module and SHA-1 hashing support (provided by the sha1 +# module). +#<bind address="" port="7002" type="clients" hook="websocket"> + +# You can define a custom <sslprofile> tag which defines the SSL configuration +# for this listener. See the wiki page for the SSL module you are using for +# more details. +# +# Alternatively, you can use one of the default SSL profiles which are created +# when you have not defined any: +# "openssl" (requires the ssl_openssl module) +# "gnutls" (requires the ssl_gnutls module) +# "mbedtls" (requires the ssl_mbedtls module) +# +# When linking servers, the OpenSSL, GnuTLS, and mbedTLS implementations are +# completely link-compatible and can be used alongside each other on each end +# of the link without any significant issues. <bind address="" port="7000,7001" type="servers"> <bind address="1.2.3.4" port="7005" type="servers" ssl="openssl"> -#-#-#-#-#-#-#-#-#-#- DIE/RESTART CONFIGURATION -#-#-#-#-#-#-#-#-#-#- -# # -# You can configure the passwords here which you wish to use for # -# the /DIE and /RESTART commands. Only trusted ircops who will # -# need this ability should know the die and restart password. # -# # - -<power - # hash: what hash these passwords are hashed with. - # Requires the module for selected hash (m_md5.so, m_sha256.so - # or m_ripemd160.so) be loaded and the password hashing module - # (m_password_hash.so) loaded. - # Options here are: "md5", "sha256" and "ripemd160", or one of - # these prefixed with "hmac-", e.g.: "hmac-sha256". - # Optional, but recommended. Create hashed passwords with: - # /mkpasswd <hash> <password> - #hash="sha256" - - # diepass: Password for opers to use if they need to shutdown (die) - # a server. - diepass="" - - # restartpass: Password for opers to use if they need to restart - # a server. - restartpass=""> - - #-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # # This is where you can configure which connections are allowed # @@ -235,23 +245,24 @@ # allow: What IP addresses/hosts to allow for this block. allow="203.0.113.*" - # hash: what hash this password is hashed with. requires the module - # for selected hash (m_md5.so, m_sha256.so or m_ripemd160.so) be - # loaded and the password hashing module (m_password_hash.so) - # loaded. Options here are: "md5", "sha256" and "ripemd160". - # Optional, but recommended. Create hashed passwords with: - # /mkpasswd <hash> <password> - #hash="sha256" + # hash: the hash function this password is hashed with. Requires the + # module for the selected function (bcrypt, md5, sha1, sha256, or + # ripemd160) and the password hashing module (password_hash) to be + # loaded. + # You may also use any of the above other than bcrypt prefixed with + # either "hmac-" or "pbkdf2-hmac-" (requires the pbkdf2 module). + # Create hashed passwords with: /mkpasswd <hash> <password> + #hash="bcrypt" # password: Password to use for this block/user(s) password="secret" # maxchans: Maximum number of channels a user in this class - # be in at one time. This overrides every other maxchans setting. - #maxchans="30" + # be in at one time. + maxchans="20" - # timeout: How long (in seconds) the server will wait before - # disconnecting a user if they do not do anything on connect. + # timeout: How long the server will wait before disconnecting + # a user if they do not do anything on connect. # (Note, this is a client-side thing, if the client does not # send /nick, /user or /pass) timeout="10" @@ -265,26 +276,34 @@ # maxconnwarn: Enable warnings when localmax or globalmax are reached (defaults to on) maxconnwarn="off" + # resolvehostnames: If disabled, no DNS lookups will be performed on connecting users + # in this class. This can save a lot of resources on very busy servers. + resolvehostnames="yes" + # usednsbl: Defines whether or not users in this class are subject to DNSBL. Default is yes. - # This setting only has effect when m_dnsbl is loaded. + # This setting only has effect when the dnsbl module is loaded. #usednsbl="yes" # useident: Defines if users in this class MUST respond to a ident query or not. useident="no" + # webirc: Restricts usage of this class to the specified WebIRC gateway. + # This setting only has effect when the cgiirc module is loaded. + #webirc="name" + # limit: How many users are allowed in this class limit="5000" # modes: Usermodes that are set on users in this block on connect. - # Enabling this option requires that the m_conn_umodes module be loaded. + # Enabling this option requires that the conn_umodes module be loaded. # This entry is highly recommended to use for/with IP Cloaking/masking. - # For the example to work, this also requires that the m_cloaking + # For the example to work, this also requires that the "cloaking" # module be loaded as well. modes="+x" # requireident, requiressl, requireaccount: require that users of this # block have a valid ident response, use SSL, or have authenticated. - # Requires m_ident, m_sslinfo, or m_services_account respectively. + # Requires ident, sslinfo, or the services_account module, respectively. requiressl="on" # NOTE: For requireaccount, you must complete the signon prior to full # connection. Currently, this is only possible by using SASL @@ -303,9 +322,9 @@ # \017 or \x = Stop all color sequences allowmotdcolors="false" - # port: What port this user is allowed to connect on. (optional) - # The port MUST be set to listen in the bind blocks above. - port="6697"> + # port: What port range this user is allowed to connect on. (optional) + # The ports MUST be set to listen in the bind blocks above. + port="6697,9999"> <connect # name: Name to use for this connect block. Mainly used for @@ -316,17 +335,17 @@ allow="*" # maxchans: Maximum number of channels a user in this class - # be in at one time. This overrides every other maxchans setting. - #maxchans="30" + # be in at one time. + maxchans="20" - # timeout: How long (in seconds) the server will wait before - # disconnecting a user if they do not do anything on connect. + # timeout: How long the server will wait before disconnecting + # a user if they do not do anything on connect. # (Note, this is a client-side thing, if the client does not # send /nick, /user or /pass) timeout="10" - # pingfreq: How often (in seconds) the server tries to ping connecting clients. - pingfreq="120" + # pingfreq: How often the server tries to ping connecting clients. + pingfreq="2m" # hardsendq: maximum amount of data allowed in a client's send queue # before they are dropped. Keep this value higher than the length of @@ -372,6 +391,10 @@ # globalmax: Maximum global (network-wide) connections per IP. globalmax="3" + # resolvehostnames: If disabled, no DNS lookups will be performed on connecting users + # in this class. This can save a lot of resources on very busy servers. + resolvehostnames="yes" + # useident: Defines if users in this class must respond to a ident query or not. useident="no" @@ -379,9 +402,9 @@ limit="5000" # modes: Usermodes that are set on users in this block on connect. - # Enabling this option requires that the m_conn_umodes module be loaded. + # Enabling this option requires that the conn_umodes module be loaded. # This entry is highly recommended to use for/with IP Cloaking/masking. - # For the example to work, this also requires that the m_cloaking + # For the example to work, this also requires that the cloaking # module be loaded as well. modes="+x"> @@ -413,11 +436,11 @@ # This file has all the information about oper classes, types and o:lines. # You *MUST* edit it. -<include file="conf/examples/opers.conf.example"> +<include file="examples/opers.conf.example"> # This file has all the information about server links and ulined servers. # You *MUST* edit it if you intend to link servers. -<include file="conf/examples/links.conf.example"> +<include file="examples/links.conf.example"> #-#-#-#-#-#-#-#-#-#- MISCELLANEOUS CONFIGURATION -#-#-#-#-#-#-#-#-#-# # # @@ -425,23 +448,12 @@ # Files block - contains files whose contents are used by the ircd # # motd - displayed on connect and when a user executes /MOTD -# rules - displayed when the user executes /RULES # Modules can also define their own files -<files motd="conf/examples/motd.txt.example" rules="conf/examples/rules.txt.example"> +<files motd="examples/motd.txt.example"> # Example of an executable file include. Note this will be read on rehash, # not when the command is run. -#<execfiles rules="wget -O - http://www.example.com/rules.txt"> - -#-#-#-#-#-#-#-#-#-#-#-# MAXIMUM CHANNELS -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# -# # - -<channels - # users: Maximum number of channels a user can be in at once. - users="20" - - # opers: Maximum number of channels an oper can be in at once. - opers="60"> +#<execfiles motd="wget -O - http://www.example.com/motd.txt"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-# DNS SERVER -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # If these values are not defined, InspIRCd uses the default DNS resolver @@ -457,7 +469,7 @@ # # server="127.0.0.1" - # timeout: seconds to wait to try to resolve DNS/hostname. + # timeout: time to wait to try to resolve DNS/hostname. timeout="5"> # An example of using an IPv6 nameserver @@ -482,11 +494,11 @@ # matches the channels name applies the banlimit to that channel. # # It is advisable to put an entry with the channel as '*' at the # # bottom of the list. If none are specified or no maxbans tag is # -# matched, the banlist size defaults to 64 entries. # +# matched, the banlist size defaults to 100 entries. # # # -<banlist chan="#largechan" limit="128"> -<banlist chan="*" limit="69"> +<banlist chan="#largechan" limit="200"> +<banlist chan="*" limit="100"> #-#-#-#-#-#-#-#-#-#-#- DISABLED FEATURES -#-#-#-#-#-#-#-#-#-#-#-#-#-# # # @@ -552,21 +564,19 @@ # the correct parameters are. syntaxhints="no" - # cyclehosts: If enabled, when a user gets a host set, it will cycle - # them in all their channels. If not, it will simply change their host - # without cycling them. - cyclehosts="yes" + # casemapping: This sets the case mapping method to be used by the + # server. This MUST be the same on all servers. Possible values are: + # "ascii" (recommended) + # "rfc1459" (default, required for linking to 2.0 servers) + # NOTE: if you are using the nationalchars module this setting will be + # ignored. You should use <nationalchars:casemapping> instead. + casemapping="ascii" # cyclehostsfromuser: If enabled, the source of the mode change for # cyclehosts will be the user who cycled. This can look nicer, but # triggers anti-takeover mechanisms of some obsolete bots. cyclehostsfromuser="no" - # ircumsgprefix: Use undernet-style message prefixing for NOTICE and - # PRIVMSG. If enabled, it will add users' prefix to the line, if not, - # it will just message the user normally. - ircumsgprefix="no" - # announcets: If set to yes, when the timestamp on a channel changes, all users # in the channel will be sent a NOTICE about it. announcets="yes" @@ -585,21 +595,21 @@ # in the topic. If set to no, it will only show the nick of the topic setter. hostintopic="yes" - # pingwarning: If a server does not respond to a ping within x seconds, + # pingwarning: If a server does not respond to a ping within this period, # it will send a notice to opers with snomask +l informing that the server # is about to ping timeout. pingwarning="15" - # serverpingfreq: How often pings are sent between servers (in seconds). - serverpingfreq="60" + # serverpingfreq: How often pings are sent between servers. + serverpingfreq="1m" # defaultmodes: What modes are set on a empty channel when a user # joins it and it is unregistered. - defaultmodes="nt" + defaultmodes="not" - # moronbanner: This is the text that is sent to a user when they are + # xlinemessage: This is the text that is sent to a user when they are # banned from the server. - moronbanner="You're banned! Email abuse@example.com with the ERROR line below for help." + xlinemessage="You're banned! Email irc@example.com with the ERROR line below for help." # exemptchanops: exemptions for channel access restrictions based on prefix. exemptchanops="nonick:v flood:o" @@ -610,12 +620,7 @@ # nosnoticestack: This prevents snotices from 'stacking' and giving you # the message saying '(last message repeated X times)'. Defaults to no. - nosnoticestack="no" - - # welcomenotice: When turned on, this sends a NOTICE to connecting users - # with the text Welcome to <networkname>! after successful registration. - # Defaults to yes. - welcomenotice="yes"> + nosnoticestack="no"> #-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-# @@ -630,33 +635,37 @@ # in the accept queue. This is *NOT* the total maximum number of # connections per server. Some systems may only allow this to be up # to 5, while others (such as Linux and *BSD) default to 128. + # Setting this above the limit imposed by your OS can have undesired + # effects. somaxconn="128" - # limitsomaxconn: By default, somaxconn (see above) is limited to a - # safe maximum value in the 2.0 branch for compatibility reasons. - # This setting can be used to disable this limit, forcing InspIRCd - # to use the value specified above. - limitsomaxconn="true" - # softlimit: This optional feature allows a defined softlimit for # connections. If defined, it sets a soft max connections value. softlimit="12800" + # clonesonconnect: If this is set to false, we won't check for clones + # on initial connection, but only after the DNS check is done. + # This can be useful where your main class is more restrictive + # than some other class a user can be assigned after DNS lookup is complete. + # Turning this option off will make the server spend more time on users we may + # potentially not want. Normally this should be neglible, though. + # Default value is true + clonesonconnect="true" + # quietbursts: When syncing or splitting from a network, a server # can generate a lot of connect and quit messages to opers with # +C and +Q snomasks. Setting this to yes squelches those messages, # which makes it easier for opers, but degrades the functionality of # bots like BOPM during netsplits. - quietbursts="yes" - - # nouserdns: If enabled, no DNS lookups will be performed on - # connecting users. This can save a lot of resources on very busy servers. - nouserdns="no"> + quietbursts="yes"> #-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# # # <security + # allowcoreunload: If this value is set to yes, Opers will be able to + # unload core modules (e.g. core_privmsg). + allowcoreunload="no" # announceinvites: This option controls which members of the channel # receive an announcement when someone is INVITEd. Available values: @@ -667,11 +676,6 @@ # higher ranked users. This is the recommended setting. announceinvites="dynamic" - # hidemodes: If enabled, then the listmodes given will be hidden - # from users below halfop. This is not recommended to be set on +b - # as it may break some functionality in popular clients such as mIRC. - hidemodes="eI" - # hideulines: If this value is set to yes, U-lined servers will # be hidden from non-opers in /links and /map. hideulines="no" @@ -708,8 +712,8 @@ # (Commands like /notice, /privmsg, /kick, etc) maxtargets="20" - # customversion: Displays a custom string when a user /version's - # the ircd. This may be set for security reasons or vanity reasons. + # customversion: A custom message to be displayed in the comments field + # of the VERSION command response. This does not hide the InspIRCd version. customversion="" # operspywhois: show opers (users/auspex) the +s channels a user is in. Values: @@ -762,7 +766,7 @@ <limits # maxnick: Maximum length of a nickname. - maxnick="31" + maxnick="30" # maxchan: Maximum length of a channel name. maxchan="64" @@ -771,7 +775,10 @@ maxmodes="20" # maxident: Maximum length of a ident/username. - maxident="11" + maxident="10" + + # maxhost: Maximum length of a hostname. + maxhost="64" # maxquit: Maximum length of a quit message. maxquit="255" @@ -788,6 +795,14 @@ # maxaway: Maximum length of an away message. maxaway="200"> +#-#-#-#-#-#-#-#-#-#-#-#-# PATHS CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# +# # +# This configuration tag defines the location that InspIRCd stores # +# various types of files such as configuration files, log files and # +# modules. You will probably not need to change these from the values # +# set when InspIRCd was built unless you are using a binary package # +# where you do not have the ability to set build time configuration. # +#<path configdir="conf" datadir="data" logdir="logs" moduledir="modules"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Logging @@ -802,7 +817,7 @@ # to do what they want. # # An example log tag would be: -# <log method="file" type="OPER" level="default" target="logs/opers.log"> +# <log method="file" type="OPER" level="default" target="opers.log"> # which would log all information on /oper (failed and successful) to # a file called opers.log. # @@ -812,7 +827,7 @@ # - OPER - succesful and failed oper attempts # - KILL - kill related messages # - snomask - server notices (*all* snomasks will be logged) -# - FILTER - messages related to filter matches (m_filter) +# - FILTER - messages related to filter matches (filter module) # - CONFIG - configuration related messages # - COMMAND - die and restart messages, and messages related to unknown user types # - SOCKET - socket engine informational/error messages @@ -836,10 +851,15 @@ # - USERINPUT # - USEROUTPUT # +# If your server is producing a high levels of log messages you can also set the +# flush="[positive number]" attribute to specify how many log messages should be +# buffered before flushing to disk. You should probably not specify this unless +# you are having problems. +# # The following log tag is highly default and uncustomised. It is recommended you # sort out your own log tags. This is just here so you get some output. -<log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="logs/ircd.log"> +<log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="ircd.log"> #-#-#-#-#-#-#-#-#-#-#-#-#- WHOWAS OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# # # @@ -882,11 +902,7 @@ nick="ChanServ" # reason: Reason to display on /nick. - reason="Reserved For Services"> - -<badnick nick="NickServ" reason="Reserved For Services"> -<badnick nick="OperServ" reason="Reserved For Services"> -<badnick nick="MemoServ" reason="Reserved For Services"> + reason="Reserved for a network service"> <badhost # host: ident@hostname to ban. @@ -957,7 +973,7 @@ # provide almost all the features of InspIRCd. :) # # # # The default does nothing -- we include it for simplicity for you. # -<include file="conf/examples/modules.conf.example"> +<include file="examples/modules.conf.example"> # Here are some pre-built modules.conf files that closely match the # default configurations of some popular IRCd's. You still may want to @@ -969,11 +985,25 @@ # recommended that you make your own modules file based on modules.conf.example. # Settings similar to UnrealIRCd defaults. -#<include file="conf/examples/modules/unrealircd.conf.example"> +#<include file="examples/modules/unrealircd.conf.example"> # Settings similar to Charybdis IRCd defaults. -#<include file="conf/examples/modules/charybdis.conf.example"> +#<include file="examples/modules/charybdis.conf.example"> +#-#-#-#-#-#-#-#-#-#-#-# SERVICES CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# +# # +# If you use services you will probably want to include one of the # +# following files which set up aliases, nick reservations and filter # +# exemptions for services pseudoclients: # +# +# Anope users should uncomment this: +#<include file="examples/services/anope.conf.example"> +# +# Atheme users should uncomment this: +#<include file="examples/services/atheme.conf.example"> +# +# Users of other services should uncomment this: +#<include file="examples/services/generic.conf.example"> ######################################################################### # # |