acidvegas/inspircd
1
Fork 0
forked from supernets/inspircd
Code Pull Requests Activity

added atheme, some fixes to inspi4 dockerfile

Browse Source
This commit is contained in:
root 2024-10-28 07:38:36 +03:00
parent 3bda4d0054
commit 696f45a7b0
5 changed files with 831 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
Dockerfile
View File

@ -208,7 +208,7 @@ ADD inspircd.conf /etc/inspircd
ADD include.default.conf /etc/inspircd/include.conf
ADD GeoLite2-ASN.mmdb /etc/inspircd
ADD GeoLite2-Country.mmdb /etc/inspircd
RUN touch /etc/inspircd/motd.txt

2
services/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
include.conf
config.env

62
services/Dockerfile Normal file
View File

@ -0,0 +1,62 @@
FROM ubuntu:latest
ARG BUILD_SERVER_NAME="services.lame-network.local"
RUN apt -y update
RUN apt -y install coreutils perl git automake autoconf build-essential libpcre2-dev rapidjson-dev libcurl4-gnutls-dev libargon2-dev libmaxminddb-dev libldap2-dev rapidjson-dev libmysqlclient-dev libmysqlclient-dev default-libmysqlclient-dev libpq-dev libre2-dev gnutls-dev libsqlite3-dev libmbedtls-dev libqrencode-dev libpcre3-dev libtre-dev pkg-config libwww-perl libidn-dev libpasswdqc-dev libcrack2-dev libperl-dev libsodium-dev cracklib-runtime libcrypt-cracklib-perl sendmail
RUN groupadd atheme
RUN useradd --system --shell /bin/bash atheme -g atheme
WORKDIR /tmp
RUN apt -y install libperl-dev
RUN git clone https://github.com/atheme/atheme.git
WORKDIR /tmp/atheme
RUN git submodule update --init --recursive
RUN ./configure --prefix=/usr/local --enable-large-net --enable-contrib --enable-legacy-pwcrypto
RUN make -j$(nproc)
RUN make install
RUN mkdir -p /etc/atheme -p /etc/ssl/atheme -p /var/lib/atheme -p /var/log/atheme
RUN mv /usr/local/etc /usr/local/etc_old
RUN ln -sf /etc/atheme /usr/local/etc
ADD atheme.conf /etc/atheme
ADD include.default.conf /etc/atheme/include.conf
RUN openssl genrsa -out /etc/ssl/atheme/server.key
RUN openssl req -new -key /etc/ssl/atheme/server.key -out /etc/ssl/atheme/server.csr \
-subj "/C=US/ST=Washington/L=Seattle/O=LameNetwork/OU=IT Department/CN=$BUILD_SERVER_NAME"
RUN openssl x509 -req -days 365 -in /etc/ssl/atheme/server.csr -signkey /etc/ssl/atheme/server.key -out /etc/ssl/atheme/server.crt
RUN chown -R atheme:atheme /etc/atheme /etc/ssl/atheme /var/log/atheme /var/lib/atheme
WORKDIR /
USER atheme
RUN /usr/local/bin/atheme-services -b ; true
VOLUME /etc/atheme
VOLUME /etc/ssl/atheme
VOLUME /var/lib/atheme
VOLUME /var/log/atheme
ENTRYPOINT ["/usr/local/bin/atheme-services", "-p", "/tmp/atheme.pid", "-n"]

690
services/atheme.conf Normal file
View File

@ -0,0 +1,690 @@
include "/etc/atheme/include.conf";
loadmodule "security/cmdperm";
loadmodule "protocol/charybdis";
loadmodule "protocol/mixin_nohalfops";
loadmodule "protocol/mixin_noholdnick";
loadmodule "protocol/mixin_noprotect";
loadmodule "protocol/mixin_noowner";
loadmodule "backend/opensex";
loadmodule "crypto/argon2";
loadmodule "crypto/scrypt";
loadmodule "crypto/pbkdf2v2";
loadmodule "crypto/bcrypt";
loadmodule "crypto/pbkdf2";
loadmodule "crypto/crypt3-sha2-512";
loadmodule "crypto/crypt3-sha2-256";
loadmodule "crypto/crypt3-md5";
loadmodule "crypto/rawsha2-512";
loadmodule "crypto/rawsha2-256";
loadmodule "crypto/anope-enc-sha256";
loadmodule "crypto/rawsha1";
loadmodule "crypto/rawmd5";
loadmodule "crypto/ircservices";
loadmodule "crypto/crypt3-des";
loadmodule "crypto/base64";
loadmodule "auth/ldap";
loadmodule "nickserv/main";
loadmodule "nickserv/access";
loadmodule "nickserv/badmail";
loadmodule "nickserv/cert";
loadmodule "nickserv/drop";
loadmodule "nickserv/enforce";
loadmodule "nickserv/ghost";
loadmodule "nickserv/group";
loadmodule "nickserv/help";
loadmodule "nickserv/hold";
loadmodule "nickserv/identify";
loadmodule "nickserv/info";
loadmodule "nickserv/info_lastquit";
loadmodule "nickserv/list";
loadmodule "nickserv/listlogins";
loadmodule "nickserv/listmail";
loadmodule "nickserv/listownmail";
loadmodule "nickserv/login";
loadmodule "nickserv/loginnolimit";
loadmodule "nickserv/logout";
loadmodule "nickserv/mark";
loadmodule "nickserv/pwquality";
loadmodule "nickserv/freeze";
loadmodule "nickserv/listchans";
loadmodule "nickserv/listgroups";
loadmodule "nickserv/register";
loadmodule "nickserv/regnolimit";
loadmodule "nickserv/resetpass";
loadmodule "nickserv/restrict";
loadmodule "nickserv/return";
loadmodule "nickserv/setpass";
loadmodule "nickserv/sendpass";
loadmodule "nickserv/sendpass_user";
loadmodule "nickserv/set_accountname";
loadmodule "nickserv/set_badpasswdmsg";
loadmodule "nickserv/set_email";
loadmodule "nickserv/set_emailmemos";
loadmodule "nickserv/set_enforcetime";
loadmodule "nickserv/set_hidemail";
loadmodule "nickserv/set_language";
loadmodule "nickserv/set_nevergroup";
loadmodule "nickserv/set_neverop";
loadmodule "nickserv/set_nogreet";
loadmodule "nickserv/set_nomemo";
loadmodule "nickserv/set_noop";
loadmodule "nickserv/set_nopassword";
loadmodule "nickserv/set_password";
loadmodule "nickserv/set_privmsg";
loadmodule "nickserv/set_private";
loadmodule "nickserv/set_property";
loadmodule "nickserv/set_pubkey";
loadmodule "nickserv/set_quietchg";
loadmodule "nickserv/status";
loadmodule "nickserv/taxonomy";
loadmodule "nickserv/vacation";
loadmodule "nickserv/verify";
loadmodule "nickserv/vhost";
loadmodule "nickserv/waitreg";
loadmodule "chanserv/main";
loadmodule "chanserv/access";
loadmodule "chanserv/akick";
loadmodule "chanserv/ban";
loadmodule "chanserv/unban_self";
loadmodule "chanserv/bansearch";
loadmodule "chanserv/clone";
loadmodule "chanserv/close";
loadmodule "chanserv/clear";
loadmodule "chanserv/clear_akicks";
loadmodule "chanserv/clear_bans";
loadmodule "chanserv/clear_flags";
loadmodule "chanserv/clear_users";
loadmodule "chanserv/count";
loadmodule "chanserv/drop";
loadmodule "chanserv/fflags";
loadmodule "chanserv/flags";
loadmodule "chanserv/ftransfer";
loadmodule "chanserv/getkey";
loadmodule "chanserv/halfop";
loadmodule "chanserv/help";
loadmodule "chanserv/hold";
loadmodule "chanserv/info";
loadmodule "chanserv/invite";
loadmodule "chanserv/kick";
loadmodule "chanserv/list";
loadmodule "chanserv/mark";
loadmodule "chanserv/moderate";
loadmodule "chanserv/op";
loadmodule "chanserv/owner";
loadmodule "chanserv/protect";
loadmodule "chanserv/quiet";
loadmodule "chanserv/recover";
loadmodule "chanserv/register";
loadmodule "chanserv/set_email";
loadmodule "chanserv/set_entrymsg";
loadmodule "chanserv/set_fantasy";
loadmodule "chanserv/set_gameserv";
loadmodule "chanserv/set_guard";
loadmodule "chanserv/set_keeptopic";
loadmodule "chanserv/set_limitflags";
loadmodule "chanserv/set_mlock";
loadmodule "chanserv/set_prefix";
loadmodule "chanserv/set_private";
loadmodule "chanserv/set_property";
loadmodule "chanserv/set_pubacl";
loadmodule "chanserv/set_restricted";
loadmodule "chanserv/set_secure";
loadmodule "chanserv/set_topiclock";
loadmodule "chanserv/set_url";
loadmodule "chanserv/set_verbose";
loadmodule "chanserv/status";
loadmodule "chanserv/sync";
loadmodule "chanserv/successor_acl";
loadmodule "chanserv/taxonomy";
loadmodule "chanserv/template";
loadmodule "chanserv/topic";
loadmodule "chanserv/voice";
loadmodule "chanserv/why";
loadmodule "chanserv/xop";
loadmodule "chanserv/antiflood";
loadmodule "chanfix/main";
loadmodule "operserv/akill";
loadmodule "operserv/clearchan";
loadmodule "operserv/clones";
loadmodule "operserv/compare";
loadmodule "operserv/genhash";
loadmodule "operserv/greplog";
loadmodule "operserv/help";
loadmodule "operserv/identify";
loadmodule "operserv/ignore";
loadmodule "operserv/info";
loadmodule "operserv/joinrate";
loadmodule "operserv/jupe";
loadmodule "operserv/mode";
loadmodule "operserv/modlist";
loadmodule "operserv/modmanager";
loadmodule "operserv/noop";
loadmodule "operserv/rakill";
loadmodule "operserv/readonly";
loadmodule "operserv/rehash";
loadmodule "operserv/restart";
loadmodule "operserv/rmatch";
loadmodule "operserv/rnc";
loadmodule "operserv/rwatch";
loadmodule "operserv/set";
loadmodule "operserv/sgline";
loadmodule "operserv/shutdown";
loadmodule "operserv/soper";
loadmodule "operserv/specs";
loadmodule "operserv/sqline";
loadmodule "operserv/update";
loadmodule "operserv/uptime";
loadmodule "memoserv/help";
loadmodule "memoserv/send";
loadmodule "memoserv/sendops";
loadmodule "memoserv/sendgroup";
loadmodule "memoserv/list";
loadmodule "memoserv/read";
loadmodule "memoserv/forward";
loadmodule "memoserv/delete";
loadmodule "memoserv/ignore";
loadmodule "global/main";
loadmodule "infoserv/main";
loadmodule "saslserv/authcookie";
loadmodule "saslserv/ecdh-x25519-challenge";
loadmodule "saslserv/ecdsa-nist256p-challenge";
loadmodule "saslserv/external";
loadmodule "saslserv/plain";
loadmodule "saslserv/scram";
loadmodule "gameserv/dice";
loadmodule "gameserv/eightball";
loadmodule "gameserv/gamecalc";
loadmodule "gameserv/help";
loadmodule "gameserv/lottery";
loadmodule "gameserv/namegen";
loadmodule "gameserv/rps";
loadmodule "rpgserv/enable";
loadmodule "rpgserv/help";
loadmodule "rpgserv/info";
loadmodule "rpgserv/list";
loadmodule "rpgserv/search";
loadmodule "rpgserv/set";
loadmodule "botserv/main";
loadmodule "botserv/help";
loadmodule "botserv/info";
loadmodule "botserv/bottalk";
loadmodule "botserv/set_fantasy";
loadmodule "botserv/set_nobot";
loadmodule "botserv/set_private";
loadmodule "botserv/set_saycaller";
loadmodule "hostserv/help";
loadmodule "hostserv/onoff";
loadmodule "hostserv/offer";
loadmodule "hostserv/request";
loadmodule "hostserv/vhost";
loadmodule "hostserv/vhostnick";
loadmodule "hostserv/group";
loadmodule "hostserv/drop";
loadmodule "helpserv/helpme";
loadmodule "helpserv/ticket";
loadmodule "helpserv/services";
loadmodule "alis/main";
loadmodule "statserv/channel";
loadmodule "statserv/netsplit";
loadmodule "statserv/server";
loadmodule "groupserv/main";
loadmodule "groupserv/acsnolimit";
loadmodule "groupserv/drop";
loadmodule "groupserv/fflags";
loadmodule "groupserv/flags";
loadmodule "groupserv/help";
loadmodule "groupserv/info";
loadmodule "groupserv/join";
loadmodule "groupserv/list";
loadmodule "groupserv/listchans";
loadmodule "groupserv/register";
loadmodule "groupserv/regnolimit";
loadmodule "groupserv/invite";
loadmodule "groupserv/set";
loadmodule "groupserv/set_channel";
loadmodule "groupserv/set_description";
loadmodule "groupserv/set_email";
loadmodule "groupserv/set_groupname";
loadmodule "groupserv/set_joinflags";
loadmodule "groupserv/set_open";
loadmodule "groupserv/set_public";
loadmodule "groupserv/set_url";
loadmodule "misc/httpd";
loadmodule "misc/login_throttling";
loadmodule "transport/xmlrpc";
loadmodule "exttarget/oper";
loadmodule "exttarget/registered";
loadmodule "exttarget/channel";
loadmodule "exttarget/chanacs";
loadmodule "exttarget/server";
loadmodule "proxyscan/dnsbl";
crypto {
argon2_type = "argon2id";
argon2_memcost = 16;
argon2_timecost = 3;
argon2_threads = 1;
argon2_saltlen = 16;
argon2_hashlen = 64;
scrypt_memlimit = 14;
scrypt_opslimit = 524288;
pbkdf2v2_digest = "SHA2-512";
pbkdf2v2_rounds = 64000;
pbkdf2v2_saltlen = 32;
scram_mechanisms = "SCRAM-SHA-1,SCRAM-SHA-256,SCRAM-SHA-512";
bcrypt_cost = 7;
crypt3_sha2_256_rounds = 5000;
crypt3_sha2_512_rounds = 5000;
};
nickserv {
nick = "NICKSERV";
user = "NICKSERV";
host = "services/-";
real = "Nickname Services";
aliases {
"ID" = "IDENTIFY";
"MYACCESS" = "LISTCHANS";
};
access {
};
spam;
no_nick_ownership;
maxnicks = 5;
expire = 30;
enforce_expire = 14;
enforce_delay = 30;
enforce_prefix = "G`";
waitreg_time = 0;
cracklib_dict = "/var/cache/cracklib/cracklib_dict";
passwdqc_max = 288;
passwdqc_min_n0 = 20;
passwdqc_min_n1 = 16;
passwdqc_min_n2 = 16;
passwdqc_min_n3 = 12;
passwdqc_min_n4 = 8;
passwdqc_words = 4;
pwquality_warn_only;
show_custom_metadata;
emailexempts {
};
shorthelp = "";
listownmail_canon;
bad_password_message;
};
chanserv {
nick = "CHANSERV";
user = "CHANSERV";
host = "services/-";
real = "Channel Services";
aliases {
};
access {
};
reggroup = "!Services-Team";
maxchans = 5;
fantasy;
hide_xop;
hide_flags_akicks;
hide_pubacl_akicks;
templates {
vop = "+AV";
hop = "+AHehitrv";
aop = "+AOehiortv";
sop = "+AOaefhiorstv";
founder = "+AFORaefhioqrstv";
member = "+Ai";
op = "+AOiortv";
};
deftemplates = "MEMBER=+Ai OP=+AOeiortv";
changets;
trigger = "!";
expire = 30;
maxchanacs = 0;
maxfounders = 4;
founder_flags = "AFORefiorstv";
default_mlock = "+nt";
akick_time = 10;
antiflood_enforce_method = quiet;
show_custom_metadata;
shorthelp = "";
};
chanfix {
nick = "CHANFIX";
user = "CHANFIX";
host = "services/-";
real = "Channel Fixing Service";
aliases {
};
access {
};
autofix;
};
global {
nick = "GLOBAL";
user = "GLOBAL";
host = "services/-";
real = "Network Announcements";
aliases {
};
access {
};
};
infoserv {
nick = "INFOSERV";
user = "INFOSERV";
host = "services/-";
real = "Information Service";
aliases {
};
access {
};
logoninfo_count = 3;
logoninfo_reverse;
logoninfo_show_metadata;
};
operserv {
nick = "OPERSERV";
user = "OPERSERV";
host = "services/-";
real = "Operator Services";
aliases {
};
access {
};
modinspect_use_colors;
};
saslserv {
nick = "SASLSERV";
user = "SASLSERV";
host = "services/-";
real = "SASL Authentication Agent";
hide_server_names;
};
memoserv {
nick = "MEMOSERV";
user = "MEMOSERV";
host = "services/-";
real = "Memo Services";
aliases {
};
access {
};
maxmemos = 30;
};
gameserv {
nick = "GAMESERV";
user = "GAMESERV";
host = "services/-";
real = "Game Services";
aliases {
};
access {
};
};
rpgserv {
nick = "RPGSERV";
user = "RPGSERV";
host = "services/-";
real = "RPG Finding Services";
aliases {
};
access {
};
};
botserv {
nick = "BOTSERV";
user = "BOTSERV";
host = "services/-";
real = "Bot Services";
aliases {
};
access {
};
min_users = 0;
};
groupserv {
nick = "GROYPSERV";
user = "GROYPSERV";
host = "services/-";
real = "Group Management Services";
aliases {
};
access {
};
maxgroups = 5;
maxgroupacs = 100;
enable_open_groups;
join_flags = "+";
};
hostserv {
nick = "HOSTSERV";
user = "HOSTSERV";
host = "services/-";
real = "Host Management Services";
aliases {
"APPROVE" = "ACTIVATE";
"DENY" = "REJECT";
};
access {
};
reggroup = "!Services-Team";
no_subsequent_requests;
request_per_nick;
};
helpserv {
nick = "HELPSERV";
user = "HELPSERV";
host = "services/-";
real = "Help Services";
aliases {
};
access {
};
};
statserv {
nick = "STATSERV";
user = "STATSERV";
host = "services/-";
real = "Statistics Services";
aliases {
};
access {
};
};
alis {
nick = "ALIS";
user = "ALIS";
host = "services/-";
real = "Channel Directory";
aliases {
};
access {
};
maxmatches = 64;
};
proxyscan {
nick = "PROXYSCAN";
user = "PROXYSCAN";
host = "services/-";
real = "Proxyscan Service";
aliases {
};
access {
};
blacklists {
"dnsbl.dronebl.org";
"rbl.efnetrbl.org";
"tor.efnet.org";
};
dnsbl_action = kline;
};
httpd {
host = "0.0.0.0";
host = "::";
www_root = "/var/www";
port = 8080;
};
throttle {
address_burst = 5;
address_replenish = 1;
address_account_burst = 2;
address_account_replenish = 2;
};
logfile "/var/log/atheme/account.log" { register; set; };
logfile "/var/log/atheme/commands.log" { commands; };
logfile "/var/log/atheme/audit.log" { denycmd; };
logfile "#services" { admin; denycmd; error; info; register; request; };
logfile "!snotices" { denycmd; error; info; request; };
operclass "user" { };
operclass "ircop" {
privs {
special:ircop;
};
privs {
user:auspex;
user:admin;
user:sendpass;
user:vhost;
user:mark;
};
privs {
chan:auspex;
chan:admin;
chan:cmodes;
chan:joinstaffonly;
};
privs {
general:auspex;
general:helper;
general:viewprivs;
general:flood;
};
privs {
operserv:omode;
operserv:akill;
operserv:jupe;
operserv:global;
};
privs {
group:auspex;
group:admin;
};
};
operclass "sra" {
extends "ircop";
privs {
user:exceedlimits;
user:hold;
user:regnolimit;
};
privs {
general:metadata;
general:admin;
};
privs {
#operserv:massakill;
#operserv:akill-anymask;
operserv:noop;
operserv:grant;
};
needoper;
};

76
services/include.default.conf Normal file
View File

@ -0,0 +1,76 @@
serverinfo {
name = "lame-network.local";
desc = "IRC Services";
numeric = "00A";
recontime = 10;
netname = "LameNet";
hidehostsuffix = "users.misconfigured";
adminname = "admin";
adminemail = "no-reply@lame-network.local";
registeremail = "no-reply@lame-network.local";
hidden;
mta = "/usr/sbin/sendmail";
loglevel = { admin; error; info; network; wallops; };
maxcertfp = 0;
maxlogins = 5;
maxusers = 5;
mdlimit = 30;
emaillimit = 10;
emailtime = 300;
auth = none;
casemapping = rfc1459;
};
uplink "irc.lame-network.local" {
host = "127.0.0.1";
port = 7001;
send_password = "changeme";
receive_password = "changeme";
};
operator "admin" {
operclass = "sra";
password = "changeme";
};
general {
permissive_mode;
helpchan = "#help";
helpurl = "https://www.lame-network.local";
verbose_wallops;
join_chans;
leave_chans;
secure;
uflags = { hidemail; };
cflags = { guard; verbose; };
raw;
flood_msgs = 7;
flood_time = 10;
ratelimit_uses = 5;
ratelimit_period = 60;
vhost_change = 30;
kline_time = 7;
kline_with_ident;
kline_verified_ident;
clone_time = 0;
commit_interval = 5;
db_save_blocking;
operstring = "is an IRC Operator";
servicestring = "is a Network Service";
default_clone_allowed = 5;
default_clone_warn = 4;
clone_identified_increase_limit;
uplink_sendq_limit = 1048576;
language = "en";
exempts {
};
allow_taint;
immune_level = immune;
show_entity_id;
load_database_mdeps;
hide_opers;
match_masks_through_vhost;
default_password_length = 16;
};