/
inspircd.conf.example
2195 lines (2001 loc) · 120 KB
/
inspircd.conf.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495
496
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608
609
610
611
612
613
614
615
616
617
618
619
620
621
622
623
624
625
626
627
628
629
630
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
688
689
690
691
692
693
694
695
696
697
698
699
700
701
702
703
704
705
706
707
708
709
710
711
712
713
714
715
716
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
734
735
736
737
738
739
740
741
742
743
744
745
746
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
966
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
########################################################################
# #
# ___ ___ ____ ____ _ #
# |_ _|_ __ ___ _ __|_ _| _ \ / ___|__| | #
# | || '_ \/ __| '_ \| || |_) | | / _` | #
# | || | | \__ \ |_) | || _ <| |__| (_| | #
# |___|_| |_|___/ .__/___|_| \_\\____\__,_| #
# |_| #
# ____ __ _ _ _ #
# / ___|___ _ __ / _(_) __ _ _ _ _ __ __ _| |_(_) ___ _ __ #
# | | / _ \| '_ \| |_| |/ _` | | | | '__/ _` | __| |/ _ \| '_ \ #
# | |__| (_) | | | | _| | (_| | |_| | | | (_| | |_| | (_) | | | | #
# \____\___/|_| |_|_| |_|\__, |\__,_|_| \__,_|\__|_|\___/|_| |_| #
# |___/ #
# #
##################################||####################################
#||#
##################################||####################################
# #
# This is an example of the config file for InspIRCd. #
# Change the options to suit your network #
# #
# $Id$
# #
# ____ _ _____ _ _ ____ _ _ _ #
# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| #
# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) #
# #
# Lines prefixed with READ THIS BIT, as shown above, are IMPORTANT #
# lines, and you REALLY SHOULD READ THEM. Yes, THIS MEANS YOU. Even #
# if you've configured InspIRCd before, these probably indicate #
# something new or different to this version and you SHOULD READ IT. #
# #
########################################################################
# #
# Unalphabeticalise the modules list at your own risk #
# #
########################################################################
#-#-#-#-#-#-#-#-#-#-#-#- SERVER DESCRIPTION -#-#-#-#-#-#-#-#-#-#-#-#-
# #
# Here is where you enter the information about your server. #
# #
# Syntax is as follows: #
# #
# <server name="server.name" #
# description="Server Description" #
# networkemail="Email address shown on g/k/z/q lines" #
# network="MyNetwork"> #
# #
<server name="penguin.omega.org.za"
description="Waddle World"
network="Omega">
#-#-#-#-#-#-#-#-#-#-#-#- ADMIN INFORMATION -#-#-#-#-#-#-#-#-#-#-#-#
# #
# Describes the Server Administrator's real name (optionally), #
# nick, and email address. #
# #
# Syntax is as follows: #
# <admin name="real name" #
# nick="nick name" #
# email="email@address.com"> #
# #
<admin name="Johnny English"
nick="MI5"
email="MI5@the.best.secret.agent">
#-#-#-#-#-#-#-#-#-#-#-#- PORT CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
# #
# Enter the port and address bindings here. #
# #
# bind address - specifies which address ports bind to. Leaving this #
# field blank binds the port to all IPs available. #
# #
# port - The port number to bind to. You may specify a port #
# range here, e.g. "6667-6669,7000,7001". If you do #
# this, the server will count each port within your #
# range as a seperate binding, making the above #
# example equivalent to five seperate bind tags. #
# A failure on one port in the range does not prevent #
# the entire range from being bound, just that one #
# port number. #
# #
# type - can be 'clients' or 'servers'. The clients type is #
# a standard tcp based socket, the servers type is a #
# also a TCP based connection but of a different #
# format. SSL support is provided by modules, to #
# enable SSL support, please read the module section #
# of this configuration file. #
# #
# ssl - When using m_ssl_gnutls.so or m_ssl_openssl.so #
# modules, you must define this value to use ssl on #
# that port. valid values are 'gnutls' or 'openssl' #
# respectively. If the module is not loaded, this #
# setting is ignored. #
# #
# transport - If you have m_spanningtree.so loaded, along with #
# either of the SSL modules (m_ssl_gnutls or #
# m_ssl_openssl) or m_ziplinks.so, then you may make #
# use of this value. #
# setting it to 'openssl' or 'gnutls' or 'zip' #
# indicates that the port should accept connections #
# using the given transport name. Transports are #
# layers which sit on top of a socket and change the #
# way data is sent and received, e.g. encryption, #
# compression, and other such things. Because this #
# may not be limited in use to just encryption, #
# the 'ssl' value used for client ports does not #
# exist for servers, and this value is used instead. #
# ____ _ _____ _ _ ____ _ _ _ #
# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| #
# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) #
# #
# If you want to link servers to InspIRCd you must load the #
# m_spanningtree module! Please see the modules list below for #
# information on how to load this module! If you do not load this #
# module, server ports will NOT be bound! #
# #
# Leaving address empty binds to all available interfaces #
# #
# Syntax is as follows: #
# #
# <bind address="ip address" port="port" type="clients"> #
# <bind address="ip address" port="port" type="servers"> #
# #
# If InspIRCd is built for IPV6, and you wish to accept IPV4 clients, #
# then you can specify IPV4 ip addresses here to bind. You may also #
# use the 4in6 notation, ::ffff:1.2.3.4, where 1.2.3.4 is the IPV4 #
# address to bind the port, but as of InspIRCd 1.1.1, this is not #
# required. #
# #
# ------------------------------------------------------------------- #
# #
# PLEASE NOTE: If you have build InspIRCd as an ipv6 server, and you #
# specify an empty bind address, the binding will be bound to ALL THE #
# IPV6 IP ADDRESSES, and not the ipv4 addresses. If you are using an #
# ipv6 enabled InspIRCd and want to bind to multiple IPV4 addresses #
# in this way, you must specify them by hand. If you have built the #
# server for ipv4 connections only, then specifying an empty bind #
# address binds the port to all ipv4 IP addresses, as expected. #
# #
<bind address="" port="6000" type="clients">
<bind address="" port="6660-6669" type="clients" ssl="gnutls">
# When linking servers, the openssl and gnutls transports are largely
# link-compatible and can be used alongside each other or either/or
# on each end of the link without any significant issues.
<bind address="" port="7000,7001" type="servers">
<bind address="1.2.3.4" port="7005" type="servers" transport="openssl">
#-#-#-#-#-#-#-#-#-#- DIE/RESTART CONFIGURATION -#-#-#-#-#-#-#-#-#-#-
# #
# You can configure the passwords here which you wish to use for #
# the die and restart commands. Only trusted ircops who will #
# need this ability should know the die and restart password. #
# #
# Syntax is as follows: #
# <power diepass="die password" restartpass="restart password" #
# pause="secs before dying"> #
# #
<power diepass="" restartpass="" pause="2">
#-#-#-#-#-#-#-#-#-# INCLUDE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# This optional tag allows you to include another config file #
# allowing you to keep your configuration tidy. The configuration #
# file you include will be treated as part of the configuration file #
# which includes it, in simple terms the inclusion is transparent. #
# #
# All paths to config files are relative to the directory of the main #
# config file inspircd.conf, unless the filename starts with a forward#
# slash (/) in which case it is treated as an absolute path. #
# #
# Syntax is as follows: #
#<include file="file.conf"> #
# #
#-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
# #
# This is where you can configure which connections are allowed #
# and denied access onto your server. The password is optional. #
# You may have as many of these as you require. To allow/deny all #
# connections, use a '*' or 0.0.0.0/0. #
# #
# Syntax is as follows: #
# #
# <connect allow="1.2.3.0/24" password="blahblah" #
# timeout="10" timeout="blah" flood="5" #
# threshold="8" pingfreq="120" sendq="99999" #
# revcq="696969" localmax="3" globalmax="3" #
# port="6660"> #
# #
# <connect deny="127.0.0.1" port="6667"> #
# #
# IP masks may be specified in CIDR format or wildcard format, #
# for IPV4 and IPV6. You *cannot* use hostnames in the allow or #
# deny field, as the state is applied before the user's DNS has #
# been resolved. #
# #
# You may optionally include timeout="x" on any allow line, which #
# specifies the amount of time given before an unknown connection #
# is closed if USER/NICK/PASS are not given. This value is in secs #
# #
# You should also include a flood="x" line which indicates #
# the number of lines a user may place into their buffer at once #
# before they are disconnected for excess flood. This feature can #
# not be disabled, however it can be set to extremely high values, #
# rendering it effectively disabled. A recommended value is 10. #
# A counter is maintained for each user which is reset every #
# 'threshold' seconds and specifying this threshold value with #
# threshold="X" indicates how often the counter is reset. For #
# example, with flood="5" and threshold="8", the user may not send #
# more than 5 lines in 8 secs. #
# #
# You may optionally specify the sendq size and ping frequency of #
# each connect:allow line using the pingfreq="X" and sendq="X" #
# settings as shown in the full example below. #
# The ping frequency is specified in seconds, and the sendq size #
# in bytes. It is recommended, although not enforced, that you #
# should never set your sendq size to less than 8k. Send Queues are #
# dynamically allocated and can grow as needed up to the maximum #
# size specified. #
# #
# The optional recvq value is the maximum size which users in this #
# group may grow their receive queue to. This is recommended to be #
# kept pretty low compared to the sendq, as users will always #
# receive more than they send in normal circumstances. The default #
# if not specified is 4096. #
# #
# The sendq is the data waiting to be sent TO THE USER. #
# The recvq is the data being received FROM THE USER. #
# The names sendq and recvq are from the SERVER'S PERSPECTIVE not #
# that of the user... Just to clear up any confusion or complaints #
# that these are backwards :p #
# #
# The localmax and globalmax values can be used to enforce local #
# and global session limits on connections. The session limits are #
# counted against all users, but applied only to users within the #
# class. For example, if you had a class 'A' which has a session #
# limit of 3, and a class 'B' which has a session limit of 5, and #
# somehow, two users managed to get into class B which also match #
# class A, there is only one connection left for this IP now in A, #
# but if they can connect again to B, there are three. You get the #
# idea (i hope). #
# #
# The optional port value determines which port the connect tag is #
# handling. If left out the connect tag covers all bound ports else #
# only incoming connections on the specified port will match. Port #
# tags may be used on connect allow and connect deny tags. #
# #
<connect allow="196.12.*" password="secret" port="6667">
<connect allow="*"
timeout="60"
flood="20"
threshold="1"
pingfreq="120"
sendq="262144"
recvq="8192"
localmax="3"
globalmax="3">
<connect deny="69.254.*">
<connect deny="3ffe::0/32">
#-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
# #
# Classes are a group of commands which are grouped together #
# and given a unique name. They used to define which commands #
# are available to certain types of Operators. #
# #
# Syntax is as follows: #
# #
# <class name="name" commands="oper commands"> #
# #
# ____ _ _____ _ _ ____ _ _ _ #
# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| #
# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) #
# #
# You are not forced to give these classes the names given below. #
# You can create your own named classes, if you want, in fact that #
# is the whole idea of this system! #
# #
# Note: It is possible to make a class which covers all available #
# commands. To do this, specify commands="*". This is not really #
# recommended, as it negates the whole purpose of the class system, #
# however it is provided for fast configuration (e.g. in test nets) #
# #
<class name="Shutdown" commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOAD">
<class name="ServerLink" commands="CONNECT SQUIT RCONNECT MKPASSWD MKSHA256">
<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE">
<class name="OperChat" commands="WALLOPS GLOBOPS SETIDLE SPYLIST SPYNAMES">
<class name="HostCloak" commands="SETHOST SETIDENT SETNAME CHGHOST CHGIDENT">
#-#-#-#-#-#-#-#-#-#-#-#- OPERATOR COMPOSITION -#-#-#-#-#-#-#-#-#-#-#
# #
# This is where you specify which types of operators you have on #
# your server, as well as the commands they are allowed to use. #
# This works alongside with the classes specified above. #
# #
# type name - a name for the combined class types #
# a type name cannot contain spaces, however if you #
# put an _ symbol in the name, it will be translated #
# to a space when displayed in a WHOIS. #
# #
# classes - specified above, used for flexibility for the #
# server admin to decide on which operators get #
# what commands. Class names are case sensitive, #
# seperate multiple class names with spaces. #
# #
# host - optional hostmask operators will receive on oper-up. #
# #
# Syntax is as follows: #
# #
# <type name="name" classes="class names" host="oper hostmask"> #
# #
# ____ _ _____ _ _ ____ _ _ _ #
# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| #
# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) #
# #
# You are not forced to give these types the names given below. #
# You can create your own named types, if you want, in fact that #
# is the whole idea of this system! #
# #
<type name="NetAdmin" classes="OperChat BanControl HostCloak Shutdown ServerLink" host="netadmin.omega.org.za">
<type name="GlobalOp" classes="OperChat BanControl HostCloak ServerLink" host="ircop.omega.org.za">
<type name="Helper" classes="HostCloak" host="helper.omega.org.za">
#-#-#-#-#-#-#-#-#-#-#- OPERATOR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
# #
# Opers are defined here. This is a very important section. #
# Remember to only make operators out of truthworthy people. #
# #
# name - oper name, This is case sensitive, so it is best to #
# use lower-case. #
# #
# password - password to oper-up, also case sensitive. #
# encryption is supported via modules. You may load #
# modules for MD5 or SHA256 encryption, and if you do, #
# this value will be a hash value, otherwise put a #
# plaintext password in this value. #
# #
# host - hosts of client allowed to oper-up. #
# wildcards accepted, seperate multiple hosts with a #
# space. You may also specify CIDR ip addresses. #
# #
# fingerprint - When using the m_ssl_oper_cert.so module, you may #
# specify a key fingerprint here. This can be obtained #
# using the /fingerprint command whilst the module is #
# loaded, or from the notice given to you when you #
# connect to the ircd using a client certificate, #
# and will lock this oper block to only the user who #
# has that specific key/certificate pair. #
# This enhances security a great deal, however it #
# requires that opers use clients which can send ssl #
# client certificates, if this is configured for that #
# oper. Note that if the m_ssl_oper.so module is not #
# loaded, and/or one of m_ssl_openssl or m_ssl_gnutls #
# is not loaded, this configuration option has no #
# effect and will be ignored. #
# #
# type - Defines the kind of operator. This must match a type #
# tag you defined above, and is case sensitive. #
# #
# Syntax is as follows: #
# <oper name="login" #
# password="pass" #
# host="hostmask@of.oper" #
# fingerprint="hexsequence" #
# type="oper type"> #
# #
<oper name="Brain"
password="s3cret"
host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"
type="NetAdmin">
#-#-#-#-#-#-#-#-#-#-#- SERVER LINK CONFIGURATION -#-#-#-#-#-#-#-#-#-#
# #
# Defines which servers can link to this one, and which servers this #
# server may create outbound links to. #
# #
# name - The name is the canocial name of the server, does #
# not have to resolve - but it is expected to be set #
# in the remote servers connection info. #
# #
# ipaddr - Valid host or ip address for remote server. These #
# hosts are resolved on rehash, and cached, if you #
# specify a hostname, so if you find that your server #
# is still trying to connect to an old IP after you #
# have updated your dns, try rehashing and then #
# attempting the connect again. #
# #
# port - The TCP port for the remote server. #
# #
# sendpass - Password to send to create an outbound connection #
# to this server. #
# #
# recvpass - Password to receive to accept an inbound connection #
# from this server. #
# #
# autoconnect - Sets the server to autoconnect. Where x is the num. #
# (optional) of seconds between attempts. e.g. 300 = 5 minutes. #
# #
# transport - If defined, this is a transport name implemented by #
# another module. Transports are layers on top of #
# plaintext connections, which alter them in certain #
# ways. Currently the three supported transports are #
# 'openssl' and 'gnutls' which are types of SSL #
# encryption, and 'zip' which is for compression. #
# If you define a transport, both ends of the #
# connection must use a compatible transport for the #
# link to succeed. OpenSSL and GnuTLS are link- #
# compatible with each other. #
# #
# statshidden - When using m_spanningtree.so for linking. you may #
# set this to 'yes', and if you do, the IP address/ #
# hostname of this connection will NEVER be shown to #
# any opers on the network. In /STATS c its address #
# will show as *@<hidden>, and during CONNECT and #
# inbound connections, its IP will show as <hidden> #
# UNLESS the connection fails (e.g. due to a bad #
# password or servername) #
# #
# allowmask - When this is defined, it indicates a range of IP #
# addresses to allow for this link (You may use CIDR #
# or wildcard form for this address). #
# e.g. if your server is going to connect to you from #
# the range 1.2.3.1 through 1.2.3.255, put 1.2.3.0/24 #
# into this value. If it is not defined, then only #
# the ipaddr field of the server shall be allowed. #
# #
# failover - If you define this option, it must be the name of a #
# different link tag in your configuration. This #
# option causes the ircd to attempt a connection to #
# the failover link in the event that the connection #
# to this server fails. For example, you could define #
# two hub uplinks to a leaf server, and set an #
# american server to autoconnect, with a european #
# hub as its failover. In this situation, your ircd #
# will only try the link to the european hub if the #
# american hub is unreachable. NOTE that for the #
# intents and purposes of this option, an unreachable #
# server is one which DOES NOT ANSWER THE CONNECTION. #
# If the server answers the connection with accept(), #
# EVEN IF THE CREDENTIALS ARE INVALID, the failover #
# link will not be tried! Failover settings will also #
# apply to autoconnected servers as well as manually #
# connected ones. #
# #
# timeout - If this is defined, then outbound connections will #
# time out if they are not connected within this many #
# seconds. If this is not defined, the default of ten #
# seconds is used. #
# #
# bind - If you specify this value, then when creating an #
# outbound connection to the given server, the IP you #
# place here will be bound to. This is for multi- #
# homed servers which may have multiple IP addresses. #
# If you do not define this value, the first IP that #
# is not empty or localhost from your <bind> tags #
# will be bound to. This is usually acceptable, #
# however if your server has multiple network cards #
# then you may have to manually specify the bind #
# value instead of leaving it to automatic binding. #
# You can usually tell if you need to set this by #
# looking for the error 'Could not assign requested #
# address' in your log when connecting to servers. #
# #
# hidden - If this is set to true, yes, or 1, then the server #
# is completely hidden from non-opers. It does not #
# show in LINKS and it does not show in MAP. Also, #
# any servers which are child servers of this one #
# in the network will *also* be hidden. Use with #
# care! You can use this to 'mask off' sections of #
# the network so that users only see a small portion #
# of a much larger net. It should NOT be relied upon #
# as a security tool, unless it is being used for #
# example to hide a non-client hub, for which clients #
# do not have an IP address or resolvable hostname. #
# #
# to u:line a server (give it extra privilages required for running #
# services, Q, etc) you must include the <uline server> tag as shown #
# in the example below. You can have as many of these as you like. #
# #
# WARNING: Unlike other ircds, u:lining a server allows ALL users on #
# that server to operoverride modes. This should only be used for #
# services and protected oper servers! #
# #
# ------------------------------------------------------------------- #
# #
# NOTE: If you have built your server as an ipv6 server, then when a #
# DNS lookup of a server's host occurs, AAAA records (ipv6) are #
# priorotized over A records (ipv4). Therefore, if the server you are #
# connecting to has both an IPV6 ip address and an IPV4 ip address in #
# its DNS entry, the IPV6 address will *always* be selected. To #
# change this behaviour simply specify the IPV4 IP address rather #
# than the hostname of the server. #
# #
# ------------------------------------------------------------------- #
# #
# ____ _ _____ _ _ ____ _ _ _ #
# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| #
# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) #
# #
# If you want to link servers to InspIRCd you must load the #
# m_spanningtree module! Please see the modules list below for #
# information on how to load this module! If you do not load this #
# module, server links will NOT work! #
# #
# Also, if you define any transports, you must load the modules for #
# these transports BEFORE you load m_spanningtree, e.g. place them #
# above it in the configuration file. Currently this means the three #
# modules m_ssl_gnutls, m_ziplinks and m_ssl_openssl, depending on #
# which you choose to use. #
# #
<link name="hub.penguin.org"
ipaddr="penguin.box.com"
port="7000"
allowmask="69.58.44.0/24"
autoconnect="300"
failover="hub.other.net"
timeout="15"
transport="gnutls"
bind="1.2.3.4"
statshidden="no"
hidden="no"
sendpass="outgoing!password"
recvpass="incoming!password">
<link name="services.antarctic.com"
ipaddr="localhost"
port="7000"
allowmask="127.0.0.0/8"
sendpass="penguins"
recvpass="polarbears">
#-#-#-#-#-#-#-#-#-#-#-#- ULINES CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
# This tag defines a ulined server. A U-Lined server has special #
# permissions, and should be used with caution. Services servers are #
# usually u-lined in this manner. #
# #
# The 'silent' value if set to yes indicates that this server should #
# not generate quit and connect notices, which can cut down on noise #
# to opers on the network. #
# #
<uline server="services.antarctic.com" silent="yes">
#-#-#-#-#-#-#-#-#-#- MISCELLANEOUS CONFIGURATION -#-#-#-#-#-#-#-#-#-#
# #
# These options let you define the path to your motd and rules #
# files. If these are relative paths, they are relative to the #
# configurtion directory. #
# #
<files motd="inspircd.motd.example"
rules="inspircd.rules.example">
#-#-#-#-#-#-#-#-#-#-#-# MAXIMUM CHANNELS -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# This optional configuration tag lets you define the maximum number #
# of channels that both opers and users may be on at any one time. #
# the default is 20 for user and 60 for opers if this tag is not #
# defined. Remote users are not restricted in any manner. #
# #
<channels users="20"
opers="60">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-# DNS SERVER -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# Define your DNS server address here. InspIRCd has its own resolver. #
# If you do not define this value, then then InspIRCd will attempt to #
# determine your DNS server from your operating system. On POSIX #
# platforms, InspIRCd will read /etc/resolv.conf, and populate this #
# value with the first DNS server address found. On Windows platforms #
# InspIRCd will check the registry, and use the DNS server of the #
# first active network interface, if one exists. #
# If a DNS server cannot be determined from these checks, the default #
# value '127.0.0.1' is used instead. The timeout value is in seconds. #
# #
# ____ _ _____ _ _ ____ _ _ _ #
# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| #
# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) #
# #
# When choosing a server, be sure to choose one which will do a #
# RECURSIVE LOOKUP. InspIRCd's resolver does not currently do these #
# recursive lookups itself, to save time and resources. The dns #
# server recommended by the InspIRCd team is bind, available from the #
# ISC website. If your DNS server does not do a recursive lookup, you #
# will be able to notice this by the fact that none of your users are #
# resolving even though the DNS server appears to be up! Most ISP and #
# hosting provider DNS servers support recursive lookups. #
# #
# ------------------------------------------------------------------- #
# #
# NOTE: if you have built InspIRCd with IPV6 support, then both #
# ipv6 and ipv4 addresses are allowed here, and also in the system #
# resolv.conf file. Remember that an ipv4 dns server can still #
# resolve ipv6 addresses, and vice versa. #
# #
<dns server="127.0.0.1" timeout="5">
# An example of using an IPV6 nameserver
#<dns server="::1" timeout="5">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-# PID FILE -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# Define the path to the PID file here. The PID file can be used to #
# rehash the ircd from the shell or to terminate the ircd from the #
# shell using shell scripts, perl scripts etc, and to monitor the #
# ircd's state via cron jobs. If this is a relative path, it will be #
# relative to the configuration directory, and if it is not defined, #
# the default of 'inspircd.pid' is used. #
# #
#<pid file="/path/to/inspircd.pid">
#-#-#-#-#-#-#-#-#-#-#-#-#- BANLIST LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# Use these tags to customise the ban limits on a per channel basis. #
# the tags are read from top to bottom, and any tag found which #
# matches the channels name applies the banlimit to that channel. #
# It is advisable to put an entry with the channel as '*' at the #
# bottom of the list. If none are specified or no maxbans tag is #
# matched, the banlist size defaults to 64 entries. #
# #
<banlist chan="#morons" limit="128">
<banlist chan="*" limit="69">
#-#-#-#-#-#-#-#-#-#-#- DISABLED COMMANDS -#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# This tag is optional, and specifies one or more commands which are #
# not available to non-operators. For example you may wish to disable #
# NICK and prevent non-opers from changing their nicknames. #
# Note that any disabled commands take effect only after the user has #
# 'registered' (e.g. after the initial USER/NICK/PASS on connection) #
# so for example disabling NICK will not cripple your network. #
# #
#<disabled commands="TOPIC MODE">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- RTFM LINE -#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# Just remove this... Its here to make you read ALL of the config #
# file options ;) #
<die value="You should probably edit your config *PROPERLY* and try again.">
#-#-#-#-#-#-#-#-#-#-#-#-#- SERVER OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# Settings to define which features are useable on your server. #
# #
# prefixquit - A prefix to be placed on the start of a client's #
# quit message #
# #
# suffixquit - A suffix to be placed on the end of a client's #
# quit message. #
# #
# fixedquit - A fixed quit message to display for all client #
# QUITS. If specified, overrides both prefixquit #
# and suffixquit options. #
# #
# loglevel - specifies what detail of messages to log in the #
# log file. You may select from debug, verbose, #
# default, sparse and none. #
# #
# allowhalfop - allows the +h channel mode #
# #
# noservices - If noservices is true, yes, or 1, then the first #
# user into a channel gets founder status. This is #
# only useful on networks running the m_chanprotect #
# module without services. #
# #
# qaprefixes - If qaprefixes is true, yes, or 1, then users #
# with +q or +a will get the ~ or & prefixes #
# used in unreal. This is only useful on networks #
# running the m_chanprotect module #
# #
# deprotectself - If this value is set to yes, true, or 1, then any #
# user with +q or +a may remove the +q or +a from #
# themselves. The default setting is to not enable #
# this feature, which stops even the founder taking #
# away their founder status without using services. #
# #
# deprotectothers-If this value is set to yes, true, or 1, then any #
# user with +q or +a may remove the +q or +a from #
# other users. The default setting is to not enable #
# this feature, so that only +q may remove +a, and #
# nothing but services may remove +q. #
# #
# cyclehosts - If this is set to true, yes or 1, then when a #
# user's hostname changes, they will appear to quit #
# and then rejoin with their new host. This prevents #
# clients from being confused by host changes, #
# especially in the case of bots, and it is #
# recommended that this option is enabled. #
# #
# netbuffersize - size of the buffer used to receive data from #
# clients. The ircd may only read() this amount #
# of text in one go at any time. (OPTIONAL) #
# #
# maxwho - The maximum number of results returned by a /WHO #
# query. This is to prevent /WHO being used as a #
# spam vector or means of flooding an ircd. The #
# default is 128, it is not recommended to raise it #
# above 1024. Values up to 65535 are permitted. If #
# this value is omitted, any size WHO is allowed by #
# anyone. #
# #
# somaxconn - The maximum number of sockets that may be waiting #
# in the accept queue. This usually allows the ircd #
# to soak up more connections in a shorter space of #
# time when increased but please be aware there is a #
# system defined maximum value to this, the same way #
# there is a system defined maximum number of file #
# descriptors. Some systems may only allow this to #
# be up to 5 (ugh) while others such as FreeBSD will #
# default to a much nicer 128. #
# #
# moduledir - This optional value indicates a runtime change of #
# the location where modules are to be found. This #
# does not add a supplementary directory. There can #
# only be one module path. #
# #
# softlimit - This optional feature allows a defined softlimit. #
# if defined sets a soft maxconnections value, has #
# to be less than the ./configure maxclients #
# #
# userstats - The userstats field is optional and specifies #
# which stats characters in /STATS may be requested #
# by non-operators. Stats characters in this field #
# are case sensitive and are allowed to users #
# independent of if they are in a module or the core #
# #
# operspywhois - If this is set then when an IRC operator uses #
# /WHOIS on a user they will see all channels, even #
# ones if channels are secret (+s), private (+p) or #
# if the target user is invisible +i. #
# #
# customversion - If you specify this configuration item, and it is #
# not set to an empty value, then when a user does #
# a /VERSION command on the ircd, this string will #
# be displayed as the second portion of the output, #
# replacing the system 'uname', compile flags and #
# socket engine/dns engine names. You may use this #
# to enhance security, or simply for vanity. #
# #
# maxtargets - The maxtargets field is optional, and if not #
# defined, defaults to 20. It indicates the maximum #
# number of targets which may be given to commands #
# such as PRIVMSG, KICK etc. #
# #
# hidesplits - When set to 'yes', will hide split server names #
# from non-opers. Non-opers will see '*.net *.split' #
# instead of the server names in the quit message, #
# identical to the way IRCu displays them. #
# #
# hidebans - When set to 'yes', will hide gline, kline, zline #
# and qline quit messages from non-opers. For #
# example, user A who is not an oper will just see #
# (G-Lined) while user B who is an oper will see the #
# text (G-Lined: Reason here) instead. #
# #
# hidewhois - When defined with a non-empty value, the given #
# text will be used in place of the user's server #
# in WHOIS, when a user is WHOISed by a non-oper. #
# For example, most nets will want to set this to #
# something like '*.netname.net' to conceal the #
# actual server the user is on. #
# #
# flatlinks - When you are using m_spanningtree.so, and this #
# value is set to true, yes or 1, /MAP and /LINKS #
# will be flattened when shown to a non-oper. #
# #
# hideulines - When you are using m_spanningtree.so, and this #
# value is set to true, yes or 1, then U-lined #
# servers will be hidden in /LINKS and /MAP. For non #
# opers. Please be aware that this will also hide #
# any leaf servers of a U-lined server, e.g. jupes. #
# #
# nouserdns - If set to 'yes', 'true' or '1', no user dns #
# lookups will be performed for connecting users. #
# this can save a lot of resources on very busy irc #
# servers. #
# #
# syntaxhints - If set to 'yes', 'true' or '1', when a user does #
# not give enough parameters for a command, a syntax #
# hint will be given (using the RPL_TEXT numeric) #
# as well as the standard ERR_NEEDMOREPARAMS. #
# #
# announcets - If this value is defined to 'yes', 'true' or '1', #
# then if a channel's timestamp is updated the users #
# on the channel will be informed of the change via #
# a server notice to the channel with the old and #
# new TS values in the timestamp. If you think this #
# is just pointless noise, define the value to 0. #
# #
# ircumsgprefix - Use undernet style message prefix for channel #
# NOTICE and PRIVMSG adding the prefix to the line #
# of text sent out. Eg. NOTICE @#test :@ testing #
# vs. the off setting: NOTICE @#test :testing #
# #
# hostintopic - If this is set to yes (the default) then the full #
# nick!user@host is shown for who set a TOPIC last. #
# if set to no, then only the nickname is shown. #
# #
# announceinvites #
# - If this option is set to yes (the default), then #
# invites are announced to the channel when a user #
# invites annother user. If you consider this to be #
# unnecessary noise, explicitly set this to no. #
# #
# disablehmac - If you are linking your InspIRCd to older versions #
# then you can specify this option and set it to #
# yes. 1.1.6 and above support HMAC and challenge- #
# response for password authentication. These can #
# greatly enhance security of your server to server #
# connections when you are not using SSL (as is the #
# case with a lot of larger networks). Linking to #
# older versions of InspIRCd should not *usually* be #
# a problem, but if you have problems with HMAC #
# authentication, this option can be used to turn it #
# off. #
# #
# hidemodes - If this option is enabled, then the listmodes #
# given (e.g. +eI), will be hidden from users below #
# halfop. This is not recommended to be set on mode #
# +b, as it may break some features in popular #
# clients such as mIRC. #
# #
# quietbursts - When synching or splitting from the network, a #
# server can generate a lot of connect and quit #
# snotices to the +C and +Q snomasks. Setting this #
# value to yes squelches those messages, which can #
# make them more useful for opers, however it will #
# degrade their use by certain third party programs #
# such as BOPM which rely on them to scan users when #
# a split heals in certain configurations. #
# #
# pingwarning - This should be set to a number between 1 and 59 if #
# defined, and if it is defined will cause the server#
# to send out a warning via snomask +l if a server #
# does not answer to PING after this many seconds. #
# This can be useful for finding servers which are #
# at risk of pinging out due to network issues. #
# #
# exemptchanops - This option allows channel operators to be exempted#
# from certain channel modes. #
# Supported modes are +SfgNc. Defaults to off. #
# #
# defaultmodes - The default modes to be given to each channel on #
# creation. Defaults to 'nt'. There should be no + #
# or - symbols in this sequence, if you add them #
# they will be ignored. You may add parameters for #
# parameterised modes. #
# #
# moronbanner - The NOTICE to show to users who are glined, zlined #
# klined or qlined when they are disconnected. This #
# is totally freeform, you may place any text here #
# you wish. #
# #
<options prefixquit="Quit: "
loglevel="default"
netbuffersize="10240"
maxwho="128"
noservices="no"
qaprefixes="no"
deprotectself="no"
deprotectothers="no"
somaxconn="128"
softlimit="12800"
userstats="Pu"
operspywhois="no"
customversion=""
maxtargets="20"
hidesplits="no"
hidebans="no"
hidewhois=""
flatlinks="no"
hideulines="no"
nouserdns="no"
syntaxhints="no"
cyclehosts="yes"
ircumsgprefix="no"
announcets="yes"
disablehmac="no"
hostintopic="yes"
hidemodes="eI"
quietbursts="yes"
pingwarning="15"
allowhalfop="yes"
defaultmodes="nt"
moronbanner="You're banned! Email haha@abuse.com with the ERROR line below for help."
exemptchanops="">
#-#-#-#-#-#-#-#-#-#-#-#-#-#- TIME SYNC OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#
# Time sychronization options for m_spanningtree linking. #
# #
# Because IRC is very time and clock dependent, InspIRCd provides its #
# own methods for syncronization of time between servers as shown #
# in the example below, for servers that don't have ntpd running. #
# #
# enable - If this value is 'yes', 'true', or '1', time #
# synchronization is enabled on this server. This #
# means any servers you are linked to will #
# automatically synchronize time, however you should #
# use ntpd instead where possible, NOT this option. #
# #
# master - If this value is set to yes, then this server will #
# act as the authoritative time source for the whole #
# network. All other servers will respect its time #
# without question, and match their times to it. #
# only one server should have the master value set #
# to 'yes'. #
# #
<timesync enable="no" master="no">
#-#-#-#-#-#-#-#-#-#-#-#-#- WHOWAS OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# This tag lets you define the behaviour of the /whowas command of #
# your server. #
# #
# groupsize - Controls the maximum entries per nick shown when #
# performing a /whowas nick. Setting this to 0 dis- #
# ables whowas completely. #
# #
# maxgroups - The maximum number of nickgroups that can be added #
# to the list. If max is reached, oldest group will #
# be deleted first like a FIFO. A groupsize of 3 and #
# a maxgroups of 5000 will allow for 5000 nicks to #
# be stored with a history of 3, thus giving a total #
# of 3 * 5000 = 15000 entries. A setting of 0 dis- #
# ables whowas completely. #
# #
# maxkeep - The maximum time a nick is kept in the whowas list #
# before being pruned. Time may be specified in #
# seconds, or in the following format: 1y2w3d4h5m6s #
# meaning one year, two weeks, three days, 4 hours, #
# 5 minutes and 6 seconds. All fields in this format #
# are optional. Minimum is 1 hour, if less InspIRCd #
# will default back to 1 hour. #
# #
#<whowas groupsize="10" #
# maxgroups="100000" #
# maxkeep="3d"> #
#-#-#-#-#-#-#-#-#-#-#-#-#- MODULE OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# These tags define which modules will be loaded on startup by your #
# server. Add modules without any paths. When you make your ircd #
# using the 'make' command, all compiled modules will be moved into #
# the folder you specified when you ran ./configure. The module tag #
# automatically looks for modules in this location. #
# If you attempt to load a module outside of this location, either #
# in the config, or via /LOADMODULE, you will receive an error. #
# #
# By default, ALL modules are commented out. You must uncomment them #
# or add lines to your config to load modules. Please refer to #
# http://www.inspircd.org/wiki/Modules_List for a list of modules and#