commit 3cee8679f80f0f014aca5840262466ce652f00d6 Author: agatha Date: Mon Aug 21 19:14:15 2023 -0400 Initial commit diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..117ce38 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,33 @@ +FROM alpine:latest + +# Create ircd user +RUN addgroup -S ircd && adduser -S -G ircd ircd +ENV HOME=/home/ircd + +# Install prerequisites +RUN apk add --no-cache gcc make openssl-dev build-base + +# Copy and extract ratbox source +COPY ircd-ratbox-3.0.10.tar.bz2 /tmp +RUN cd /tmp && tar jxvf ircd-ratbox-3.0.10.tar.bz2 + +# Compile ratbox +RUN cd /tmp/ircd-ratbox-3.0.10/ \ + && ./configure --prefix=/home/ircd --enable-openssl --enable-ipv6 \ + && make \ + && make install \ + && rm -rf /tmp/* + +# Set up ratbox +COPY ircd.conf /home/ircd/etc/ircd.conf +RUN mkdir /home/ircd/logs +RUN chown -R ircd:ircd /home/ircd/ + +# Expose ports +EXPOSE 6667 + +# Start ratbox +USER ircd +WORKDIR /home/ircd +CMD ["bin/ircd", "-foreground"] +# CMD ["/bin/sh"] diff --git a/README.md b/README.md new file mode 100644 index 0000000..e440a10 --- /dev/null +++ b/README.md @@ -0,0 +1,11 @@ +# ircd-ratbox Docker +Dockerized ratbox for development only. + +The configuration is barely functional and a lot of shit is probably insecure, +but will be good enough to do some local development of IRC related shit. + +## Usage +```sh +docker build -t ircd-ratbox . +docker run -d -p 6667:6667 ircd-ratbox:latest +``` diff --git a/ircd-ratbox-3.0.10.tar.bz2 b/ircd-ratbox-3.0.10.tar.bz2 new file mode 100644 index 0000000..1c3afe8 Binary files /dev/null and b/ircd-ratbox-3.0.10.tar.bz2 differ diff --git a/ircd.conf b/ircd.conf new file mode 100644 index 0000000..a6e4ff1 --- /dev/null +++ b/ircd.conf @@ -0,0 +1,951 @@ +/* doc/example.conf - ircd-ratbox Example configuration file + * + * Copyright (C) 2000-2002 Hybrid Development Team + * Copyright (C) 2002-2012 ircd-ratbox development team + * + * Written by ejb, wcampbel, db, leeh and others + * + * $Id: example.conf 28671 2015-09-29 15:09:55Z androsyn $ + */ + +/* IMPORTANT NOTES: + * + * class {} blocks MUST be specified before anything that uses them. That + * means they must be defined before auth {} and before connect {}. + * + * auth {} blocks MUST be specified in order of precedence. The first one + * that matches a user will be used. So place spoofs first, then specials, + * then general access, then restricted. + * + * Both shell style (#) and C style comments are supported. + * + * Files may be included by either: + * .include "filename" + * .include + * + * Times/durations are written as: + * 12 hours 30 minutes 1 second + * + * Valid units of time: + * month, week, day, hour, minute, second + * + * Valid units of size: + * megabyte/mbyte/mb, kilobyte/kbyte/kb, byte + * + * Sizes and times may be singular or plural. + */ + +/* EFNET NOTE: + * + * This config file is NOT suitable for EFNet. EFNet admins should use + * example.efnet.conf + */ + + /* serverinfo {}: Contains information about the server. (OLD M:) */ +serverinfo { + /* name: the name of our server */ + name = "irc.efnot.org"; + + /* sid: the unique server id of our server. This must be three + * characters long. The first character must be a digit [0-9], the + * remaining two chars may be letters [A-Z] or digits [0-9]. + * + * This must be specified even if use_ts6 is set to no. + */ + sid = "64Y"; + + /* description: the description of our server. '[' and ']' may not + * be used here for compatibility with older servers. + */ + description = "EFNot IRC Server"; + + /* network info: the name and description of the network this server + * is on. Shown in the 005 reply and used with serverhiding. + */ + network_name = "EFNot"; + network_desc = "EFNot IRC Network"; + + /* hub: allow this server to act as a hub and have multiple servers + * connected to it. + */ + hub = no; + + /* vhost: the IP to bind to when we connect outward to ipv4 servers. + * This should be an ipv4 IP only. + */ + #vhost = "192.169.0.1"; + + /* vhost6: the IP to bind to when we connect outward to ipv6 servers. + * This should be an ipv6 IP only. + */ + #vhost6 = "3ffe:80e8:546::2"; + + /* vhost_dns: the IP to bind outgoing dns requests when the dns server is + * ipv4 + */ + # vhost_dns = "192.169.0.2"; + + /* vhost6_dns: the IP to bind outgoing dns requests when the dns server is + * ipv6 + */ + # vhost6_dns = "3ffe:80e8:546::3"; + + /* default max clients: the default maximum number of clients + * allowed to connect. This can be changed once ircd has started by + * issuing: + * /quote set maxclients + */ + default_max_clients = 10000; + + /* ssl_private_key: our ssl private key */ + ssl_private_key = "etc/test.key"; + + /* ssl_cert: certificate for our ssl server */ + ssl_cert = "etc/test.cert"; + + /* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */ + ssl_dh_params = "etc/dh.pem"; + + /* ssld_count: number of ssld processes you want to start, if you + * have a really busy server, using N-1 where N is the number of + * cpu/cpu cores you have might be useful. A number greater than one + * can also be useful in case of bugs in ssld and because ssld needs + * two file descriptors per SSL connection. + */ + ssld_count = 1; + + /* bandb: path to the ban database - default is PREFIX/etc/ban.db */ + bandb = "etc/ban.db"; +}; + +/* admin {}: contains admin information about the server. (OLD A:) */ +admin { + name = "oper"; + description = "Main Server Administrator"; + email = "oper@efnot.org"; +}; + +/* log {}: contains information about logfiles. */ +log { + /* logfiles: the logfiles to use for specific activity. if these + * paths are defined, then ircd will log to them, otherwise it wont. + * + * The confs are, in order: + * - userlog: user exits + * - fuserlog: failed user connections + * - operlog: /oper usage + * - foperlog: failed /oper usage + * - serverlog: server connects/disconnects + * - glinelog: glines + * - klinelog: klines, etc + * - killlog: kills + * - operspylog: operspy usage + * - ioerrorlog: IO errors + */ + fname_userlog = "logs/userlog"; + fname_fuserlog = "logs/fuserlog"; + fname_operlog = "logs/operlog"; + fname_foperlog = "logs/foperlog"; + fname_serverlog = "logs/serverlog"; + fname_glinelog = "logs/glinelog"; + fname_klinelog = "logs/klinelog"; + fname_killlog = "logs/killlog"; + fname_operspylog = "logs/operspylog"; + fname_ioerrorlog = "logs/ioerror"; +}; + +/* class {}: contain information about classes for users (OLD Y:) */ +class "users" { + /* class name must go above */ + + /* ping time: how often a client must reply to a PING from the + * server before they are dropped. + */ + ping_time = 2 minutes; + + /* number per ident: the number of users per user@host networkwide + * allowed to connect. Unidented connections are classified as + * the same ident. + */ + number_per_ident = 2; + + /* number per ip: the number of local users per host allowed */ + number_per_ip = 3; + + /* number per ip global: the number of network wide connections + * per host allowed for a user, including connections to the + * local server. + */ + number_per_ip_global = 5; + + /* cidr_ipv4_bitlen: Limits numbers of connections from a subnet size + */ + cidr_ipv4_bitlen = 24; + + /* cidr_ipv6_bitlen: Limits numbers of connections from a subnet size + * the following example makes the subnet /64 this is useful + * for IPv6 connections in particular + */ + cidr_ipv6_bitlen = 64; + + /* number_per_cidr: Number of connections to allow from a subnet of the + * size given in cidr_bitlen. 4 seems to be a good default to me. + */ + number_per_cidr = 4; + + /* max number: the maximum number of users allowed in this class */ + max_number = 100; + + /* sendq: the amount of data allowed in a clients queue before + * they are dropped. + */ + sendq = 100 kbytes; +}; + +class "restricted" { + ping_time = 1 minute 30 seconds; + number_per_ip = 1; + max_number = 100; + sendq = 60kb; +}; + +class "opers" { + ping_time = 5 minutes; + number_per_ip = 10; + max_number = 100; + sendq = 100kbytes; +}; + +class "server" { + ping_time = 5 minutes; + + /* connectfreq: only used in server classes. specifies the delay + * between autoconnecting to servers. + */ + connectfreq = 5 minutes; + + /* max number: the amount of servers to autoconnect to */ + max_number = 1; + + /* sendq: servers need a higher sendq as they send more data */ + sendq=2 megabytes; +}; + +/* listen {}: contain information about the ports ircd listens on (OLD P:) */ +listen { + /* port: the specific port to listen on. if no host is specified + * before, it will listen on all available IPs. + * + * ports are seperated via a comma, a range may be specified using ".." + */ + + /* aftype: accepts either ipv4 or ipv6 as the IP type to use + * when the address to bind to is not specified + */ + aftype = ipv4; + + /* port: listen on all available IPs, ports 5000 and 6665 to 6669 */ + port = 5000, 6665 .. 6669; + + /* listen on :: on port 7003 */ + aftype = ipv6; + port = 7003; + + /* host: set a specific IP/host the ports after the line will listen + * on. This may be ipv4 or ipv6. + */ + # host = "1.2.3.4"; + # port = 7000, 7001; + + # host = "3ffe:1234:a:b:c::d"; + # port = 7002; + + /* sslport sets up an SSL/TLS listener, otherwise it acts just like + * the port option above + */ + sslport = 9999; +}; + +/* auth {}: allow users to connect to the ircd (OLD I:) */ +auth { + /* user: the user@host allowed to connect. multiple IPv4/IPv6 user + * lines are permitted per auth block. + */ + user = "*@192.168.0.0/24"; + # user = "*test@123D:B567:*"; + + /* password: an optional password that is required to use this block. + * By default this is not encrypted, specify the flag "encrypted" in + * flags = ...; below if it is. + */ + password = "letmein"; + + /* spoof: fake the users user@host to be be this. You may either + * specify a host or a user@host to spoof to. This is free-form, + * just do everyone a favour and dont abuse it. (OLD I: = flag) + */ + spoof = "I.still.hate.packets"; + + /* Possible flags in auth: + * + * encrypted | password is encrypted with ratbox-mkpasswd + * spoof_notice | give a notice when spoofing hosts + * exceed_limit (old > flag) | allow user to exceed class user limits + * kline_exempt (old ^ flag) | exempt this user from k/g/xlines + * gline_exempt (old _ flag) | exempt this user from glines + * spambot_exempt | exempt this user from spambot checks + * shide_exempt | exempt this user from serverhiding + * jupe_exempt | exempt this user from generating + * warnings joining juped channels + * resv_exempt | exempt this user from resvs + * flood_exempt | exempt this user from flood limits + * USE WITH CAUTION. + * no_tilde (old - flag) | don't prefix ~ to username if no ident + * need_ident (old + flag) | require ident for user in this class + * need_ssl | a SSL/TLS connection is required for + * this auth + */ + flags = kline_exempt, exceed_limit; + + /* class: the class the user is placed in */ + class = "opers"; +}; + +auth { + user = "*@*"; + class = "users"; +}; + +/* operator {}: defines ircd operators. (OLD O:) + * ircd-ratbox no longer supports local operators, privileges are + * controlled via flags. + */ +operator "god" { + /* name: the name of the oper must go above */ + + /* user: the user@host required for this operator. CIDR *is* + * supported now. + * multiple user="" lines are supported. + */ + user = "*god@*"; + user = "*@127.0.0.1"; + + /* password: the password required to oper. Unless ~encrypted is + * contained in flags = ...; this will need to be encrypted using + * ratbox-mkpasswd, MD5 is supported + */ + password = "replacemebeforedeployment"; + + /* rsa key: the public key for this oper when using Challenge. + * A password should not be defined when this is used, see + * doc/challenge.txt for more information. + */ + #rsa_public_key_file = "/usr/local/ircd/etc/oper.pub"; + + /* umodes: the specific umodes this oper gets when they oper. + * If this is specified an oper will not be given oper_umodes + * These are described above oper_only_umodes in general {}; + */ + #umodes = locops, servnotice, operwall, wallop; + + /* privileges: controls the activities and commands an oper is + * allowed to do on the server. You may prefix an option with ~ to + * disable it, ie ~operwall + * + * Default flags are operwall, remoteban and encrypted. + * + * Available options: + * + * encrypted: the password above is encrypted [DEFAULT] + * local_kill: allows local users to be /KILL'd + * global_kill: allows local and remote users to be + * /KILL'd (OLD 'O' flag) + * remote: allows remote SQUIT and CONNECT (OLD 'R' flag) + * kline: allows KILL, KLINE and DLINE (OLD 'K' flag) + * unkline: allows UNKLINE and UNDLINE (OLD 'U' flag) + * gline: allows GLINE (OLD 'G' flag) + * nick_changes: allows oper to see nickchanges (OLD 'N' flag) + * via usermode +n + * rehash: allows oper to REHASH config (OLD 'H' flag) + * die: allows DIE and RESTART (OLD 'D' flag) + * admin: gives admin privileges. admins + * may (un)load modules and see the + * real IPs of servers. + * hidden_admin: gives admin privileges except + * will not have the admin lines in + * stats p and whois. + * xline: allows use of /quote xline/unxline + * resv: allows use of /quote resv/unresv + * operwall: allows the oper to send operwalls [DEFAULT] + * oper_spy: allows 'operspy' features to see through +s + * channels etc. see /quote help operspy + * hidden_oper: hides the oper from /stats p (OLD UMODE +p) + * remoteban: allows remote kline etc [DEFAULT] + * need_ssl: oper must be connected via SSL/TLS to oper up + * + */ + flags = global_kill, remote, kline, unkline, gline, + die, rehash, admin, xline, resv, operwall; +}; + +/* connect {}: controls servers we connect to (OLD C:, N:, H:, L:) */ + +/* cluster {}; servers that we propagate things to automatically. + * NOTE: This does NOT grant them privileges to apply anything locally, + * you must add a seperate shared block for that. Clustering will + * only be done for actions by LOCAL opers, that arent directed + * remotely. + */ +cluster { + /* name: the server to share with, this can be a wildcard and may be + * stacked. + */ + /* flags: list of what to share, all the name lines above this (up + * until another flags entry) will receive these flags. + * + * kline - share perm klines + * tkline - share temp klines + * unkline - share unklines + * locops - share locops + * xline - share perm xlines + * txline - share temp xlines + * unxline - share unxlines + * resv - share perm resvs + * tresv - share temp resvs + * unresv - share unresvs + * all - share all of the above + */ + + /* share klines/unklines/xlines with *.lan */ + name = "*.lan"; + flags = kline, unkline, xline; + + /* share locops with irc.ircd-ratbox.org and ircd.ircd-ratbox.org */ + name = "irc.ircd-ratbox.org"; + name = "ircd.ircd-ratbox.org"; + flags = locops; +}; + +/* If you are using the ratbox-services compatibility code, uncomment this. */ +/* service{}: privileged servers (services). These servers have extra + * privileges such as setting login names on users and introducing clients + * with umode +S (unkickable). This does not allow them to set bans, you + * need a separate shared{} for that. + * Do not place normal servers here. + * There may be only one service{} block. + */ +#service { +# /* name: the server name. These may be stacked. */ +# name = "ratbox.services"; +#}; + +/* shared {}: users that are allowed to place remote bans on our server. + * NOTE: These are ordered top down. The first one the user@host and server + * matches will be used. Their access will then be decided on that + * block and will not fall back to another block that matches. + */ +shared { + /* oper: the user@host and server the user must be on to set klines. + * The first field must be a user@host, the second field is an + * optional server. These may be stacked. + */ + + /* flags: list of what to allow them to place, all the oper lines + * above this (up until another flags entry) will receive these + * flags. This *must* be present. + * + * kline - allow setting perm/temp klines + * tkline - allow setting temp klines + * unkline - allow removing klines + * xline - allow setting perm/temp xlines + * txline - allow setting temp xlines + * unxline - allow removing xlines + * resv - allow setting perm/temp resvs + * tresv - allow setting temp resvs + * unresv - allow removing xlines + * all - allow oper/server to do all of above. + * locops - allow locops - only used for servers who cluster + * none - disallow everything + */ + + /* allow flame@*.leeh.co.uk on server irc.ircd-ratbox.org and + * allow leeh@*.leeh.co.uk on server ircd.ircd-ratbox.org to kline + */ + oper = "flame@*.leeh.co.uk", "irc.ircd-ratbox.org"; + oper = "leeh@*.leeh.co.uk", "ircd.ircd-ratbox.org"; + flags = kline; + + /* you may forbid certain opers/servers from doing anything */ + oper = "irc@vanity.oper", "*"; + oper = "*@*", "irc.vanity.server"; + oper = "irc@another.vanity.oper", "bigger.vanity.server"; + flags = none; + + /* or allow everyone to place temp klines */ + oper = "*@*"; + flags = tkline; +}; + +/* exempt {}: IPs that are exempt from deny {} and Dlines. (OLD d:) */ +exempt { + ip = "192.168.0.0/16"; + + /* these may be stacked */ + ip = "127.0.0.1"; + ip = "10.0.0.0/8"; +}; + +/* The channel block contains options pertaining to channels */ +channel { + /* invex: Enable/disable channel mode +I, a n!u@h list of masks + * that can join a +i channel without an invite. + */ + use_invex = yes; + + /* except: Enable/disable channel mode +e, a n!u@h list of masks + * that can join a channel through a ban (+b). + */ + use_except = yes; + + /* knock: Allows users to request an invite to a channel that + * is locked somehow (+ikl). If the channel is +p or you are banned + * the knock will not be sent. + */ + use_knock = yes; + + /* invite ops only: Restrict /invite to ops on channels, rather than + * allowing unopped users to invite people to a -i channel. + */ + invite_ops_only = yes; + + /* knock delay: The amount of time a user must wait between issuing + * the knock command. + */ + knock_delay = 5 minutes; + + /* knock channel delay: How often a knock to any specific channel + * is permitted, regardless of the user sending the knock. + */ + knock_delay_channel = 1 minute; + + /* max chans: The maximum number of channels a user can join/be on. */ + max_chans_per_user = 15; + + /* quiet on ban: stop banned people talking in channels. */ + quiet_on_ban = yes; + + /* max bans: maximum number of +b/e/I modes in a channel */ + max_bans = 25; + + /* splitcode: split users, split servers and either no join on split + * or no create on split must be enabled for split checking. + * splitmode will be entered on either split users or split servers + * dropping below the limit. + * + * you may force splitmode to be permanent by /quote set splitmode on + */ + + /* split users: when the usercount is lower than this level, consider + * ourselves split. this must be set for automatic splitmode + */ + default_split_user_count = 0; + + /* split servers: when the amount of servers that have acknowledged + * theyve finished bursting is lower than this, consider ourselves + * split. this must be set for automatic splitmode + */ + default_split_server_count = 0; + + /* split: no create: disallow users creating channels on split */ + no_create_on_split = no; + + /* split: no join: disallow users joining channels at all on a split */ + no_join_on_split = no; + + /* burst topicwho: when bursting topics, also burst the topic setter */ + burst_topicwho = yes; + + /* use_sslonly: enables the use of channel mode +S which enforces + * that users be one ssl/tls enabled connections + */ + use_sslonly = no; + + /* topiclen: length of topics */ + topiclen = 160; +}; + +/* The serverhide block contains the options regarding serverhiding */ +serverhide { + /* flatten links: this option will show all servers in /links appear + * that they are linked to this current server + */ + flatten_links = no; + + /* links delay: how often to update the links file when it is + * flattened. + */ + links_delay = 5 minutes; + + /* hidden: hide this server from a /links output on servers that + * support it. this allows hub servers to be hidden etc. + */ + hidden = no; + + /* disable hidden: prevent servers hiding themselves from a + * /links ouput. + */ + disable_hidden = no; +}; + +/* The general block contains many of the options that were once compiled + * in options in config.h. The general block is read at start time. + */ +general { + /* hide error messages: defines whether error messages from + * servers are hidden or not. These can sometimes contain IPs and + * can have an adverse effect on server ip hiding. Set to: + * yes: hide from opers and admin + * opers: hide from opers only + * no: do not hide error messages + */ + hide_error_messages = opers; + + /* hide spoof ips: hide the real ips of spoofed users */ + hide_spoof_ips = yes; + + /* default invisible: set clients +i on connect */ + default_invisible = no; + + /* default operstring: defines the default oper response + * in /whois queries, eg "is an IRC Operator" + */ + default_operstring = "is an IRC Operator"; + + /* default adminstring: defines the default admin response + * in /whois queries, eg "is a Server Administrator" + */ + default_adminstring = "is a Server Administrator"; + + /* disable fake channels: disable local users joining fake versions + * of channels, eg #foo^B^B. Disables bold, mirc colour, reverse, + * underline and hard space. (ASCII 2, 3, 22, 31, 160 respectively). + */ + disable_fake_channels = no; + + /* tkline_expire_notices: give a notice to opers when a tkline + * expires + */ + tkline_expire_notices = no; + + /* floodcount: the default value of floodcount that is configurable + * via /quote set floodcount. This is the amount of lines a user + * may send to any other user/channel in one second. + */ + default_floodcount = 10; + + /* failed oper notice: send a notice to all opers on the server when + * someone tries to OPER and uses the wrong password, host or ident. + */ + failed_oper_notice = yes; + + /* dots in ident: the amount of '.' characters permitted in an ident + * reply before the user is rejected. + */ + dots_in_ident=2; + + /* dot in ipv6: ircd-hybrid-6.0 and earlier will disallow hosts + * without a '.' in them. this will add one to the end. only needed + * for older servers. + */ + dot_in_ip6_addr = no; + + /* min nonwildcard: the minimum non wildcard characters in k/d/g lines + * placed via the server. klines hand placed are exempt from limits. + * wildcard chars: '.' '*' '?' '@' + */ + min_nonwildcard = 4; + + /* min nonwildcard simple: the minimum non wildcard characters in + * xlines/resvs placed via the server. + * wildcard chars: '*' '?' + */ + min_nonwildcard_simple = 3; + + /* max accept: maximum allowed /accept's for +g usermode */ + max_accept = 20; + + /* nick flood: enable the nickflood control code */ + anti_nick_flood = yes; + + /* nick flood: the nick changes allowed in the specified period */ + max_nick_time = 20 seconds; + max_nick_changes = 5; + + /* anti spam time: the minimum time a user must be connected before + * custom quit messages are allowed. + */ + anti_spam_exit_message_time = 5 minutes; + + /* ts delta: the time delta allowed between server clocks before + * a warning is given, or before the link is dropped. all servers + * should run ntpdate/rdate to keep clocks in sync + */ + ts_warn_delta = 30 seconds; + ts_max_delta = 5 minutes; + + /* client exit: prepend a users quit message with "Client exit: " */ + client_exit = yes; + + /* collision fnc: change user's nick to their UID instead of + * killing them, if possible. This setting only applies to nick + * collisions detected on this server. Only enable this if + * all servers on the network allow remote nicks to start with + * a digit. + */ + collision_fnc = no; + + /* dline reason: show the user the dline reason when they connect + * and are dlined. + */ + dline_with_reason = yes; + + /* kline delay: delay the checking of klines until a specified time. + * Useful if large kline lists are applied often to prevent the + * server eating CPU. + */ + kline_delay = 0 seconds; + + /* kline reason: show the user the reason why they are k/d/glined + * on exit. may give away who set k/dline when set via tcm. + */ + kline_with_reason = yes; + + /* kline reason: make the users quit message on channels this + * reason instead of the oper's reason. + */ + kline_reason = "Connection closed"; + + /* non redundant klines: flag and ignore redundant klines */ + non_redundant_klines = yes; + + /* warn no nline: warn opers about servers that try to connect but + * we dont have a connect {} block for. Twits with misconfigured + * servers can get really annoying with this enabled. + */ + warn_no_nline = yes; + + /* stats e disabled: disable stats e. useful if server ips are + * exempted and you dont want them listing on irc. + */ + stats_e_disabled = no; + + /* stats c oper only: make stats c (connect {}) oper only */ + stats_c_oper_only=no; + + /* stats h oper only: make stats h (hub_mask/leaf_mask) oper only */ + stats_h_oper_only=no; + + /* stats y oper only: make stats y (class {}) oper only */ + stats_y_oper_only=no; + + /* stats o oper only: make stats o (opers) oper only */ + stats_o_oper_only=yes; + + /* stats P oper only: make stats P (ports) oper only + * NOTE: users doing stats P will never be given the ips that the + * server listens on, simply the ports. + */ + stats_P_oper_only=no; + + /* stats i oper only: make stats i (auth {}) oper only. set to: + * yes: show users no auth blocks, made oper only. + * masked: show users first matching auth block + * no: show users all auth blocks. + */ + stats_i_oper_only=masked; + + /* stats k/K oper only: make stats k/K (klines) oper only. set to: + * yes: show users no auth blocks, made oper only + * masked: show users first matching auth block + * no: show users all auth blocks. + */ + stats_k_oper_only=masked; + + /* map oper only: make /map oper only */ + map_oper_only = no; + + /* operspy admin only: make operspy notices to +Z admin only */ + operspy_admin_only = no; + + /* caller id wait: time between notifying a +g user that somebody + * is messaging them. + */ + caller_id_wait = 1 minute; + + /* pace wait simple: time between use of less intensive commands + * (HELP, remote WHOIS, WHOWAS) + */ + pace_wait_simple = 1 second; + + /* pace wait: time between more intensive commands + * (ADMIN, INFO, LIST, LUSERS, MOTD, STATS, VERSION) + */ + pace_wait = 10 seconds; + + /* short motd: send clients a notice telling them to read the motd + * instead of forcing a motd to clients who may simply ignore it. + */ + short_motd = no; + + /* ping cookies: require clients to respond exactly to a ping command, + * can help block certain types of drones and FTP PASV mode spoofing. + */ + ping_cookie = no; + + /* connect timeout: sets how long we should wait for a connection + * request to succeed + */ + connect_timeout = 30 seconds; + + /* disable auth: disables identd checking */ + disable_auth = no; + + /* no oper flood: increase flood limits for opers. */ + no_oper_flood = yes; + + /* glines: enable glines, network wide temp klines */ + glines = yes; + + /* gline time: the amount of time a gline will remain before expiring */ + gline_time = 1 day; + + /* gline_min_cidr: If using a CIDR gline, the minimum length the + * mask must be + */ + gline_min_cidr = 16; + + /* global_cidr_ipv4_bitlen: limits numbers of connections from a subnet size globally + * global_cidr_ipv4_count: number of connections allowed from a given subnet + * global_cidr_ipv6_bitlen and global_cidr_ipv6_count are the same as above but for ipv6 + * + * global_cidr: if set to no, do not process limits + * + * The reason these are not in classes is that remote clients do not get assigned classes + * Also this needs TS6 across the entire network to work in a reliable way + */ + global_cidr_ipv4_bitlen = 24; + global_cidr_ipv4_count = 384; + + global_cidr_ipv6_bitlen = 64; + global_cidr_ipv6_count = 128; + global_cidr = yes; + + /* max targets: the maximum amount of targets in a single + * PRIVMSG/NOTICE. set to 999 NOT 0 for unlimited. + */ + max_targets = 4; + + /* client flood: maximum number of lines in a clients queue before + * they are dropped for flooding. + */ + client_flood = 20; + + /* post registration delay: after a user has registered, delay + * parsing any commands from them for this amount of time in order + * to perform bopm checks etc. + * + * Warning: if this is set too high (i.e. above 5-10s), it is + * likely to cause issues for clients. + */ + post_registration_delay = 0 seconds; + + /* use_whois_actually: send clients requesting a whois a numeric + * giving the real IP of non-spoofed clients to prevent DNS abuse. + */ + use_whois_actually = yes; + + /* usermodes configurable: a list of usermodes for the options below + * + * +b - bots - See bot and drone flooding notices + * +c - cconn - Client connection/quit notices + * +C - cconnext - Extended client connection/quit notices + * +d - debug - See debugging notices + * +f - full - See I: line full notices + * +g - callerid - Server Side Ignore + * +i - invisible - Not shown in NAMES or WHO unless you share a + * a channel + * +k - skill - See server generated KILL messages + * +l - locops - See LOCOPS messages + * +n - nchange - See client nick changes + * +r - rej - See rejected client notices + * +s - servnotice - See general server notices + * +u - unauth - See unauthorised client notices + * +w - wallop - See server generated WALLOPS + * +x - external - See remote server connection and split notices + * +y - spy - See LINKS, STATS, TRACE notices etc. + * +z - operwall - See oper generated WALLOPS + * +Z - operspy - See operspy notices + */ + + /* oper only umodes: usermodes only opers may set */ + oper_only_umodes = bots, cconn, cconnext, debug, full, skill, nchange, + rej, spy, external, operwall, locops, unauth; + + /* oper umodes: default usermodes opers get when they /oper */ + oper_umodes = locops, servnotice, operwall, wallop; + + /* use egd: if your system does not have *random devices yet you + * want to use OpenSSL and encrypted links, enable this. Beware - + * EGD is *very* CPU intensive when gathering data for its pool + */ + #use_egd = yes; + + /* egdpool path: path to EGD pool. Not necessary for OpenSSL >= 0.9.7 + * which automatically finds the path. + */ + #egdpool_path = "/var/run/egd-pool"; + + /* compression level: level of compression for compressed links between + * servers. + * + * values are between: 1 (least compression, fastest) + * and: 9 (most compression, slowest). + */ + #compression_level = 6; + + /* burst_away: This enables bursting away messages to servers. + * With this disabled, we will only propogate AWAY messages + * as users send them, but never burst them. Be warned though + * enabling this could increase the size of a burst significantly + * for a large network, like EFnet. + */ + burst_away = yes; + + /* reject duration: the amount of time to cache the rejection */ + reject_duration = 5 minutes; + + /* reject_after_count: the number of times within reject_duration time that + * an IP will start being rejected. + */ + reject_after_count = 3; + + /* throttle_duration: Amount of time that throttling will be applied to an IP + * address. + */ + throttle_duration = 60; + + /* throttle_count: Number of connections within throttle_duration that it takes + * for throttling to take effect */ + throttle_count = 4; +}; + +modules { + /* module path: paths to search for modules specified below and + * in /modload. + */ + path = "/home/ircd/modules"; + path = "/home/ircd/modules/autoload"; + + /* module: the name of a module to load on startup/rehash */ + #module = "some_module.so"; +};