-
Notifications
You must be signed in to change notification settings - Fork 8
/
srvx.conf.example
474 lines (454 loc) · 21.3 KB
/
srvx.conf.example
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
// services configuration file (example)
/* It allows two kinds of comments. Whitespaces between tokens are
* ignored. All strings (even if they're just numbers) MUST be
* enclosed in double quotes. There must be a semicolon after every
* key/value pair.
*/
// The "uplinks" section describes what servers we can possibly link
// to. Each subsection describes one server.
"uplinks" {
"private-network" {
// IP address and port the server listens on
"address" "10.0.0.3";
"port" "6660";
// What password should we send when we connect?
"password" "passwordtoconnect";
// What password should we require our peer to send?
// (If it is blank, we do not require a specific password.)
"their_password" "passwordtorequire";
"enabled" "1";
// How many times should we try to connect before giving up?
"max_tries" "3";
// What IP should we bind to?
// If you do not specify bind_address, the default is used.
// "bind_address" "192.168.0.10"; // use this ip to link
};
/* unused-uplink is just an example to show you how you can
* define more than one uplink (and how you can disable one or
* more of them.) */
"unused-uplink" {
"address" "10.0.0.4";
"port" "6660";
"password" "passwordtoconnect";
"their_password" "passwordtorequire";
// If "enabled" is 0, we will not try to use this uplink.
"enabled" "0";
"max_tries" "3";
};
};
// The "services" section configures the services that make up srvx.
"services" {
"nickserv" {
"nick" "NickServ";
// What user modes do you want this service to have? Please keep in
// mind which ircd software you are using here, and that all of the
// services need to be at least +o.
// "modes" "+iok";
// If you want to by have *@* as the default hostmask for all
// new accounts, set default_hostmask. This is discouraged
// for security reasons.
// "default_hostmask" "1";
// do we warn users when someone new auths to their account?
"warn_clone_auth" "1";
// what is the default maxlogins value?
"default_maxlogins" "2";
// what is the absolute maxlogins value?
"hard_maxlogins" "10";
// Which mode should we use for account timestamps?
"account_timestamp_mode" "ignore";
// This names a file that contains easily guessed passwords.
// It always contains "password", "<password>" and the user's
// account name.
"dict_file" "/usr/share/dict/words";
// Minimum number of various types of characters permitted in
// a password.
"password_min_length" "4";
"password_min_digits" "1";
"password_min_upper" "0";
"password_min_lower" "0";
// What should valid account and nicks look like?
// If valid_nick_regex is omitted, valid_account_regex is used
// for both nicks and accounts.
// These look funny because "[][-]" is the only way to write the
// character class containing the characters ']', '[' and '-'.
"valid_account_regex" "^[][_a-z^`'{}|-][][_a-z0-9^`'{}|-]*$";
"valid_nick_regex" "^[-_a-z][-_a-z0-9]*$";
// Should nick ownership be disabled?
"disable_nicks" "0";
// One account may only own this many nicks.
"nicks_per_account" "4";
// Send a warning when someone uses a registered nick?
"warn_nick_owned" "0";
// What to do when someone uses the NickServ "reclaim" command?
// This can be one of "none", "warn", "svsnick", or "kill", but
// stock ircu does not support svsnick -- you need Bahamut or a
// patch for ircu. no, don't ask srvx developers for the patch.
"reclaim_action" "none";
// What (else) to do when someone uses a registered nick?
// This can be anything "reclaim_action" can be, but it makes
// more sense to use the "warn_nick_owned" instead of "warn".
"auto_reclaim_action" "none";
// How long to wait before doing the auto_reclaim_action?
// This is ignored if "auto_reclaim_action" is "none".
"auto_reclaim_delay" "0";
// access control for who can change account flags
"flag_levels" {
"g" "800";
"lc_h" "800"; // specifically lower case h
"uc_H" "800"; // .. and upper case H
"S" "999";
"b" "1";
};
// and for who can change epithets for staff
"set_epithet_level" "800";
// what opserv access level do you need to set somebody else's level?
"modoper_level" "850";
// how often should accounts be expired?
"account_expire_freq" "1d";
// how long until an account with access to any channel(s) expires?
"account_expire_delay" "35d";
// how long until an account with no access to any channels expires?
"nochan_account_expire_delay" "14d";
// how long must an account be inactive so it can be ounregistered without force?
"ounregister_inactive" "1M";
// which flags on an account require the ounregister to be used with force?
"ounregister_flags" "ShgsfnHbu";
/* "require_qualified" has been removed. It is now
* integrated into the modcmd command authorization
* and dispatch mechanism. "/msg OpServ help modcmd"
* for details.
*/
// If somebody keeps guessing passwords incorrectly, do we gag them?
"autogag_enabled" "1";
"autogag_duration" "30m";
"auth_policer" {
"size" "5";
"drain-rate" "0.05";
};
// How to integrate with email cookies?
"email_enabled" "0"; // if set, /mail/enable MUST be set too
"email_required" "0"; // ignored unless email_enabled is non-zero
"cookie_timeout" "1d"; // how long before we expire cookies?
"accounts_per_email" "1"; // you may want to increase this; or not
"email_search_level" "600"; // minimum OpServ level to search based on email address
"email_visible_level" "800"; // minimum OpServ level to see somebody's email address
};
"opserv" {
"nick" "OpServ";
// What user modes do you want this service to have? Please keep in
// mind which ircd software you are using here, and that all of the
// services need to be at least +o.
// "modes" "+iok";
// should use of this service be limited to global opers?
"privileged" "1";
// fullname for service
"description" "Oper Service Bot";
// hostname for service; only used if "description" is also set
"hostname" "dances-all-night-with.srvx.net";
// what channel should opserv send debug output to?
"debug_channel" "#opserv";
"debug_channel_modes" "+tinms";
// where to send general alerts (e.g. flood alerts)?
"alert_channel" "#ircops";
"alert_channel_modes" "+tns";
// who to tell about staff auths?
"staff_auth_channel" "#opserv";
"staff_auth_channel_modes" "+tinms";
// how many clones to allow from an untrusted host?
"untrusted_max" "4";
// how long of a g-line should be issued if the max hosts is exceeded?
"clone_gline_duration" "1h";
// how long to g-line for ?block (or, by default, for ?trace gline)?
"block_gline_duration" "1h";
// how long to keep an illegal channel locked down (seconds)?
"purge_lock_delay" "60";
// channel join flood policer params?
"join_policer" {
"size" "20";
"drain-rate" "1";
};
// automatically moderate join flooded channels?
"join_flood_moderate" "1";
// Don't moderate and warn channels unless there are more than
// join_flood_moderate_threshold users in the channel. the
// value 0 will disable the threshold.
"join_flood_moderate_threshold" "50";
// new user flood policer params
"new_user_policer" {
"size" "200";
"drain-rate" "3";
};
};
"chanserv" {
// You may disable a service by removing its "nick" config item.
// That means: SERVICES WILL ONLY WORK IF YOU DEFINE THEIR NICK.
// (This is changed relative srvx-1.0.x, which would use default
// unless you specified ".disabled".)
"nick" "ChanServ";
// What user modes do you want this service to have? Please keep in
// mind which ircd software you are using here, and that all of the
// services need to be at least +o.
// "modes" "+iok";
// Does your ircd have off-channel services support? Does it have
// a registered channel mode? Does it support services opping themselves?
// Bahamut has these things; ircu2.10.11 does not.
// This setting takes three numerical values:
// 0 = off
// 1 = use a registered channel mode, have services op themselves
// 2 = all of the above, and a channel setting to have ChanServ not
// idle in the channel
"off_channel" "0";
// how long should a person be unseen before resending infoline?
"info_delay" "120";
// maximum greeting length
"max_greetlen" "200";
// maximum users in a channel userlist
"max_chan_users" "512";
// maximum bans on a channel banlist
"max_chan_bans" "512";
// maximum length of a user's infoline
"max_userinfo_length" "400";
// If DynLimit is on and there are N users in the channel, ChanServ will
// try to keep the limit at N+<adjust_threshold>.
"adjust_threshold" "15";
// .. but ChanServ will only increment or decrement the limit this often.
"adjust_delay" "30";
// How often to look for channels that have expired?
"chan_expire_freq" "3d";
// How long is a channel unvisited (by masters or above) before it can be expired?
"chan_expire_delay" "30d";
// How often to look for dnrs that have expired?
"dnr_expire_freq" "1h";
// what !set options should we show when user calls "!set" with no arguments?
"set_shows" ("DefaultTopic", "TopicMask", "Greeting", "UserGreeting", "Modes", "PubCmd", "InviteMe", "EnfModes", "EnfTopic", "TopicSnarf", "UserInfo", "GiveVoice", "GiveOps", "EnfOps", "Setters", "CtcpUsers", "CtcpReaction", "Protect", "Toys", "DynLimit", "NoDelete");
// A list of !8ball responses
"8ball" ("Not a chance.",
"In your dreams.",
"Absolutely!",
"Could be, could be.");
// channel(s) that support helpers must be in to be helping
// if this is a list, any one by itself will do
"support_channel" ("#support", "#registration");
// maximum number of channels owned by one account before FORCE is required
"max_owned" "5";
// how long between automatic topic refreshes with TopicRefresh 0
"refresh_period" "3h";
// what should !access say for various staff?
"irc_operator_epithet" "a megalomaniacal power hungry tyrant";
"network_helper_epithet" "a wannabe tyrant";
"support_helper_epithet" "a wannabe tyrant";
// what should a newly registered channel get as its modes?
"default_modes" "+nt";
// minimum opserv access to set, clear or override nodelete setting?
"nodelete_level" "1";
// how long before a new channel owner can give ownership away?
"giveownership_timeout" "1w";
};
"global" {
"nick" "Global";
// What user modes do you want this service to have? Please keep in
// mind which ircd software you are using here, and that all of the
// services need to be at least +o.
// "modes" "+iok";
// should users get community announcements by default or not?
"announcements_default" "on";
};
};
// The modules section gives configuration information to optional modules.
"modules" {
"helpserv" {
// The description/fullname field
"description" "Help Queue Manager";
// HelpServ bots log all of their requests to this file, with
// details on when they were opened, closed, their contents,
// helper, etc. The file is written in saxdb format for easy
// parsing by external programs. Please note that you cannot
// use ?set to change this value while srvx is running.
"reqlogfile" "helpservreq.log";
// How long should a helpserv be inactive (no requests assigned)
// before it can be unregistered by the expire command?
"expiration" "60d";
};
"sockcheck" {
"max_sockets" "64"; // allow 64 concurrent clients to be checked
"max_read" "1024"; // don't read more than 1024 bytes from any client
"gline_duration" "1h"; // issue G-lines lasting one hour
"max_cache_age" "60"; // only cache results for 60 seconds
// "bind_address" "192.168.0.10"; // do proxy tests from this address
};
"snoop" {
// Where to send snoop messages?
"channel" "#wherever";
// Which bot? (It must already exist on srvx.)
"bot" "OpServ";
// Show new users and joins from net joins? (off by default)
"show_bursts" "0";
};
"memoserv" {
"bot" "NickServ";
"message_expiry" "30d"; // age when messages are deleted; set
// to 0 to disable message expiration
};
"qserver" {
"bind_address" "127.0.0.1";
"port" "7702";
"password" "hello";
};
"blacklist" {
// File containing blacklisted client addresses.
// "file" "blacklist.txt";
// Each line in the file should start with an IP or hostname.
// If there is whitespace and a message after that, the
// message will override this one:
"file_reason" "client is blacklisted";
// How long should a blacklist G-line last?
"gline_duration" "1h";
// Bot used to send debug notices
"debug_bot" "OpServ";
// To which channel should debug output be sent?
"debug_channel" "#opserv";
"debug_channel_modes" "+tinms";
// If you want to use DNS blacklists, add them here:
"dnsbl" {
// This DNSBL zone does not exist - you'll have to pick your own.
"dnsbl.example.org" {
// Send a notice instead of glining blacklisted ips
"debug" "1";
"description" "Example DNSBL entry";
"reason" "busted by a dns blacklist";
"duration" "1h";
// You can stick the client's IP in the G-line message.
"reason_2" "Example DNSBL reported %ip%'s address as 127.0.0.2";
// .. or the contents of a DNS TXT.
"reason_3" "%txt%";
};
};
};
"sar" {
// You generally will not want to override these defaults.
// "resolv_conf" "/etc/resolv.conf";
// "services" "/etc/services";
// "bind_address" "0.0.0.0";
// "bind_port" "0";
// The defaults for these are derived from the system config files (above).
// "domain" "example.org";
// "timeout" "3"; // base timeout for a DNS reply
// "retries" "3"; // number of times to retry on different servers or longer timeouts
// "ndots" "1"; // number of dots needed in a hostname to bypass search path
// "edns0" "0"; // if set, enable EDNS0 extended message sizes
// "search" ("example.org", "example.net");
// "nameservers" ("127.0.0.1");
};
};
"policers" {
"commands-luser" {
"size" "5";
"drain-rate" "0.5";
};
};
"rlimits" {
"data" "50M";
"stack" "6M";
"vmem" "100M";
};
"server" {
"hostname" "localhost.domain";
"description" "Network Services";
"network" "GenericNET";
"hidden_host" "users.Generic.NET"; // set this if you enabled ircd/Undernet's +x mode
/* hidden_host should match the F:HIDDEN_HOST: line in your ircu's ircd.conf;
* srvx does not set the host suffix for users, but must know it when making
* things like bans, where it should not show the user's real hostname. */
"numeric" "10"; // hint: If you get collisions on link, CHANGE THIS.
"max_users" "256"; // You can save a little memory by setting this to a lower value.
"force_n2k" "1"; // Use extended (5-digit) numnick for self, even if 3 are possible.
"ping_freq" "60";
"ping_timeout" "90";
"max_cycles" "30"; // max uplink cycles before giving up
// Admin information is traditionally: location, location, email
"admin" ("IRC Network", "Gotham City, GO", "Mr Commissioner <[email protected]>");
/* the following two settings are for ircu's HEAD_IN_SAND features, and are equivelent to
* the F: lines in ircu's ircd.conf. both can be disabled by commenting them out. */
"his_servername" "*.Generic.NET"; // hidden server name, shown in remote /whois requests
"his_servercomment" "The Generic, Boring IRC Network";
};
// controlling how services (mostly NickServ) send mail
"mail" {
// These options are the defaults.
"enable" "0";
"mailer" "/usr/sbin/sendmail";
"from_address" "[email protected]";
// These are not :>
"extra_headers" ("X-Ereet-Services: srvx r reet");
"body_prefix_first" ("Welcome to our network. This prefix is used whenever srvx thinks this may be the first time we send email to your address.");
"body_prefix" ("This goes before the mail text.", "Each string here is treated as a separate \"paragraph\" for line wrapping.");
"body_suffix_first" ("We care a lot about spam. If you did not request this email, bitch and moan loudly at our opers, and tell our ISP to gank our connection.");
"body_suffix" ("PLEASE DO NOT BE ALARMED. CALMLY BOARD THE AIRCRAFT, STRAP YOUR ARMS ACROSS YOUR BODY, AND JUMP THE HELL OUT OF THE PLANE.", "Yaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaatta!");
// If you are using the smtp mail back-end, you may need to set these:
"smtp_server" "localhost";
"smtp_service" "smtp";
// "smtp_myname" "localhost.domain";
};
// New section in srvx-1.2 to control database locations, etc.
// If you leave this section out, each database will be in its own file,
// and they will be written out every half hour.
"dbs" {
// This just illustrates how you can jam every database into one huge ("mondo") file.
"ChanServ" { "mondo_section" "ChanServ"; };
"gline" { "mondo_section" "gline"; };
"Global" { "mondo_section" "Global"; };
"HelpServ" { "mondo_section" "HelpServ"; };
"modcmd" { "mondo_section" "modcmd"; };
"NickServ" { "mondo_section" "NickServ"; };
"OpServ" { "mondo_section" "OpServ"; };
"sendmail" { "mondo_section" "sendmail"; };
// These are the options if you want a database to be in its own file.
"mondo" {
// Where to put it?
"filename" "srvx.db";
// How often should it be saved?
// (You can disable automatic saves by setting this to 0.)
"frequency" "30m";
};
};
// New section in srvx-1.2 to control log destinations.
// If you leave this section out, each service (technically, each log
// facility) will be in its own file, just like before.
"logs" {
// Two kinds of items exist in this section.
// One is a facility configuration subsection. These have the
// name of a log facility (one of "ChanServ", "Global",
// "HelpServ", "NickServ", "OpServ", "ProxyCheck", or "srvx") and
// the value is a subsection. The "srvx" log facility is a
// catch-all/fall-back facility.
"srvx" {
// The "max_age" option says how long to keep log audit entries.
"max_age" "10m";
// The "max_count" option says how many log audit entries to keep.
"max_count" "1024";
// Audit (command tracking) entries are discarded if they exceed
// either limit: for example, if entry 500 is 10 minutes old, it
// will be discarded next time any audit command is logged.
};
// The other kind of item is a target list. The name of each is a
// description of facility-and-severity combinations, and the value
// is a string (or list of strings) that describe where matching
// events should be logged. As a special case, the facility * will
// specify how to log events regardless of their true facility, and
// the severity * will match all severities for a facility.
// Log targets use a psuedo-URI syntax: one of "file:filename",
// "std:[out|err|n]" where n is a valid file descriptor, or
// "irc:#channel" (nicknames or server masks can be used instead
// of channel names, but should be used with care).
// The severity is one of "replay", "debug", "command", "info",
// "override", "staff", "warning", "error", or "fatal".
// WARNING: If any severity except "replay" for a facility is left
// unspecified, it will use the default target (for example,
// "file:chanserv.log"). For "replay" severity, you must ALWAYS
// list a target to log it -- this is because it is very rarely
// useful.
"*.*" ("std:out", "file:everything.log"); // does NOT suppress any defaults
"*.override,staff" "irc:#big-brother"; // report all uses of staff commands
"ChanServ.*" "file:chanserv.log"; // duplicates the default behavior
"ProxyCheck.*" (); // stop it from logging anything
};