supernets/atheme
4
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

atheme works

Browse Source
This commit is contained in:
root 2025-01-05 12:51:24 +00:00
parent 757ee1e161
commit 91d3b05c1f
6 changed files with 103 additions and 181 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
.gitignore vendored
View File

@ -1,2 +1,3 @@
include.conf
config.env
atheme.db

4
Dockerfile
View File

@ -20,7 +20,7 @@ WORKDIR /tmp/atheme
RUN git submodule update --init --recursive
RUN ./configure --prefix=/usr/local --enable-large-net --enable-contrib --enable-legacy-pwcrypto
RUN ./configure --prefix=/usr/local --enable-large-net --enable-contrib --enable-legacy-pwcrypto --enable-contrib
RUN make -j$(nproc)
@ -50,4 +50,4 @@ VOLUME /etc/ssl/atheme
VOLUME /var/log/atheme
ENTRYPOINT ["/usr/local/bin/atheme-services", "-p", "/tmp/atheme.pid", "-n", "-d"]
ENTRYPOINT ["/usr/local/bin/atheme-services", "-p", "/tmp/atheme.pid", "-n"]

152
atheme.conf
View File

@ -1,31 +1,29 @@
loadmodule "/usr/local/modules/security/cmdperm";
loadmodule "/usr/local/modules/protocol/inspircd";
include "/usr/local/etc/include.conf";
#loadmodule "/usr/local/modules/security/cmdperm";
# loadmodule "/usr/local/modules/protocol/mixin_nohalfops";
# loadmodule "/usr/local/modules/protocol/mixin_noholdnick";
# loadmodule "/usr/local/modules/protocol/mixin_noprotect";
# loadmodule "/usr/local/modules/protocol/mixin_noowner";
loadmodule "/usr/local/modules/backend/opensex";
# loadmodule "/usr/local/modules/crypto/argon2";
#loadmodule "/usr/local/modules/crypto/scrypt";
loadmodule "/usr/local/modules/crypto/scrypt";
# loadmodule "/usr/local/modules/crypto/pbkdf2v2";
#loadmodule "/usr/local/modules/crypto/bcrypt";
loadmodule "/usr/local/modules/crypto/bcrypt";
# loadmodule "/usr/local/modules/crypto/pbkdf2";
# loadmodule "/usr/local/modules/crypto/crypt3-sha2-512";
# loadmodule "/usr/local/modules/crypto/crypt3-sha2-256";
# loadmodule "/usr/local/modules/crypto/crypt3-md5";
#loadmodule "/usr/local/modules/crypto/rawsha2-512";
#loadmodule "/usr/local/modules/crypto/rawsha2-256";
#loadmodule "/usr/local/modules/crypto/anope-enc-sha256";
#loadmodule "/usr/local/modules/crypto/rawsha1";
#loadmodule "/usr/local/modules/crypto/rawmd5";
#loadmodule "/usr/local/modules/crypto/ircservices";
loadmodule "/usr/local/modules/crypto/rawsha2-512";
loadmodule "/usr/local/modules/crypto/rawsha2-256";
loadmodule "/usr/local/modules/crypto/anope-enc-sha256";
loadmodule "/usr/local/modules/crypto/rawsha1";
loadmodule "/usr/local/modules/crypto/rawmd5";
loadmodule "/usr/local/modules/crypto/ircservices";
# loadmodule "/usr/local/modules/crypto/crypt3-des";
#loadmodule "/usr/local/modules/crypto/base64";
loadmodule "/usr/local/modules/crypto/base64";
#loadmodule "/usr/local/modules/auth/ldap";
loadmodule "/usr/local/modules/nickserv/main";
#loadmodule "/usr/local/modules/nickserv/access";
loadmodule "/usr/local/modules/nickserv/access";
loadmodule "/usr/local/modules/nickserv/badmail";
loadmodule "/usr/local/modules/nickserv/cert";
loadmodule "/usr/local/modules/nickserv/drop";
@ -56,14 +54,14 @@ loadmodule "/usr/local/modules/nickserv/restrict";
loadmodule "/usr/local/modules/nickserv/return";
loadmodule "/usr/local/modules/nickserv/setpass";
loadmodule "/usr/local/modules/nickserv/sendpass";
loadmodule "/usr/local/modules/nickserv/sendpass_user";
# loadmodule "/usr/local/modules/nickserv/sendpass_user";
loadmodule "/usr/local/modules/nickserv/set_accountname";
loadmodule "/usr/local/modules/nickserv/set_badpasswdmsg";
loadmodule "/usr/local/modules/nickserv/set_email";
loadmodule "/usr/local/modules/nickserv/set_emailmemos";
loadmodule "/usr/local/modules/nickserv/set_enforcetime";
loadmodule "/usr/local/modules/nickserv/set_hidemail";
loadmodule "/usr/local/modules/nickserv/set_language";
# loadmodule "/usr/local/modules/nickserv/set_language";
loadmodule "/usr/local/modules/nickserv/set_nevergroup";
loadmodule "/usr/local/modules/nickserv/set_neverop";
loadmodule "/usr/local/modules/nickserv/set_nogreet";
@ -86,7 +84,7 @@ loadmodule "/usr/local/modules/chanserv/main";
loadmodule "/usr/local/modules/chanserv/access";
loadmodule "/usr/local/modules/chanserv/akick";
loadmodule "/usr/local/modules/chanserv/ban";
loadmodule "/usr/local/modules/chanserv/unban_self";
# loadmodule "/usr/local/modules/chanserv/unban_self";
loadmodule "/usr/local/modules/chanserv/bansearch";
loadmodule "/usr/local/modules/chanserv/clone";
loadmodule "/usr/local/modules/chanserv/close";
@ -168,7 +166,7 @@ loadmodule "/usr/local/modules/operserv/rmatch";
loadmodule "/usr/local/modules/operserv/rnc";
loadmodule "/usr/local/modules/operserv/rwatch";
loadmodule "/usr/local/modules/operserv/set";
loadmodule "/usr/local/modules/operserv/sgline";
# loadmodule "/usr/local/modules/operserv/sgline";
loadmodule "/usr/local/modules/operserv/shutdown";
loadmodule "/usr/local/modules/operserv/soper";
loadmodule "/usr/local/modules/operserv/specs";
@ -191,7 +189,7 @@ loadmodule "/usr/local/modules/saslserv/ecdh-x25519-challenge";
loadmodule "/usr/local/modules/saslserv/ecdsa-nist256p-challenge";
loadmodule "/usr/local/modules/saslserv/external";
loadmodule "/usr/local/modules/saslserv/plain";
loadmodule "/usr/local/modules/saslserv/scram";
# loadmodule "/usr/local/modules/saslserv/scram";
loadmodule "/usr/local/modules/gameserv/dice";
loadmodule "/usr/local/modules/gameserv/eightball";
loadmodule "/usr/local/modules/gameserv/gamecalc";
@ -250,15 +248,16 @@ loadmodule "/usr/local/modules/groupserv/set_joinflags";
loadmodule "/usr/local/modules/groupserv/set_open";
loadmodule "/usr/local/modules/groupserv/set_public";
loadmodule "/usr/local/modules/groupserv/set_url";
#loadmodule "/usr/local/modules/misc/httpd";
#loadmodule "/usr/local/modules/misc/login_throttling";
#loadmodule "/usr/local/modules/transport/xmlrpc";
#loadmodule "/usr/local/modules/exttarget/oper";
#loadmodule "/usr/local/modules/exttarget/registered";
#loadmodule "/usr/local/modules/exttarget/channel";
#loadmodule "/usr/local/modules/exttarget/chanacs";
#loadmodule "/usr/local/modules/exttarget/server";
#loadmodule "/usr/local/modules/proxyscan/dnsbl";
loadmodule "/usr/local/modules/misc/httpd";
loadmodule "/usr/local/modules/misc/login_throttling";
loadmodule "/usr/local/modules/transport/xmlrpc";
loadmodule "/usr/local/modules/exttarget/oper";
loadmodule "/usr/local/modules/exttarget/registered";
loadmodule "/usr/local/modules/exttarget/channel";
loadmodule "/usr/local/modules/exttarget/chanacs";
loadmodule "/usr/local/modules/exttarget/server";
loadmodule "/usr/local/modules/proxyscan/dnsbl";
include "/usr/local/etc/include.conf";
crypto {
# argon2_type = "argon2id";
@ -279,19 +278,18 @@ crypto {
};
nickserv {
nick = "NICKSERV";
user = "_";
host = "services/SuperNETs";
real = "Nickname Services";
spam;
no_nick_ownership;
maxnicks = 5;
expire = 30;
enforce_expire = 14;
enforce_delay = 30;
# spam;
# no_nick_ownership;
maxnicks = 8;
expire = 0;
# enforce_expire = 14;
enforce_delay = 32;
enforce_prefix = "`";
waitreg_time = 0;
waitreg_time = 4;
pwquality_warn_only;
show_custom_metadata;
shorthelp = "";
@ -300,25 +298,20 @@ nickserv {
};
chanserv {
nick = "CHANSERV";
user = "_";
host = "services/SuperNETs";
real = "Channel Services";
aliases {
};
access {
};
reggroup = "!Services-Team";
maxchans = 5;
fantasy;
hide_xop;
hide_flags_akicks;
hide_pubacl_akicks;
templates {
vop = "+AV";
hop = "+AHehitrv";
@ -328,7 +321,6 @@ chanserv {
member = "+Ai";
op = "+AOiortv";
};
deftemplates = "MEMBER=+Ai OP=+AOeiortv";
changets;
trigger = "!";
@ -344,71 +336,55 @@ chanserv {
};
chanfix {
nick = "CHANFIX";
user = "_";
host = "services/SuperNETs";
real = "Channel Fixing Service";
aliases {
};
access {
};
autofix;
};
global {
nick = "GLOBAL";
user = "_";
host = "services/SuperNETs";
real = "Network Announcements";
aliases {
};
access {
};
};
infoserv {
nick = "INFOSERV";
user = "_";
host = "services/SuperNETs";
real = "Information Service";
aliases {
};
access {
};
logoninfo_count = 3;
logoninfo_reverse;
logoninfo_show_metadata;
};
operserv {
nick = "OPERSERV";
user = "_";
host = "services/SuperNETs";
real = "Operator Services";
aliases {
};
access {
};
modinspect_use_colors;
};
saslserv {
nick = "SASLSERV";
user = "_";
host = "services/SuperNETs";
@ -417,173 +393,136 @@ saslserv {
};
memoserv {
nick = "MEMOSERV";
user = "_";
host = "services/SuperNETs";
real = "Memo Services";
aliases {
};
access {
};
maxmemos = 30;
maxmemos = 64;
};
gameserv {
nick = "GAMESERV";
user = "_";
host = "services/SuperNETs";
real = "Game Services";
aliases {
};
access {
};
};
rpgserv {
nick = "RPGSERV";
user = "_";
host = "services/SuperNETs";
real = "RPG Finding Services";
aliases {
};
access {
};
};
botserv {
nick = "BOTSERV";
user = "_";
host = "services/SuperNETs";
real = "Bot Services";
aliases {
};
access {
};
min_users = 0;
};
groupserv {
nick = "GROUPSERV";
user = "_";
host = "services/SuperNETs";
real = "Group Management Services";
aliases {
};
access {
};
maxgroups = 5;
maxgroupacs = 100;
maxgroups = 16;
maxgroupacs = 256;
enable_open_groups;
join_flags = "+";
};
hostserv {
nick = "HOSTSERV";
user = "_";
host = "services/SuperNETs";
real = "Host Management Services";
aliases {
"APPROVE" = "ACTIVATE";
"DENY" = "REJECT";
};
access {
};
reggroup = "!Services-Team";
no_subsequent_requests;
request_per_nick;
};
helpserv {
nick = "HELPSERV";
user = "_";
host = "services/SuperNETs";
real = "Help Services";
aliases {
};
access {
};
};
statserv {
nick = "STATSERV";
user = "_";
host = "services/SuperNETs";
real = "Statistics Services";
aliases {
};
access {
};
};
alis {
nick = "ALIS";
user = "_";
host = "services/SuperNETs";
real = "Channel Directory";
aliases {
};
access {
};
maxmatches = 64;
maxmatches = 128;
};
proxyscan {
nick = "PROXYSCAN";
user = "_";
host = "services/SuperNETs";
real = "Proxyscan Service";
aliases {
};
access {
};
blacklists {
"dnsbl.dronebl.org";
"rbl.efnetrbl.org";
"tor.efnet.org";
};
dnsbl_action = kline;
dnsbl_action = snoop;
};
httpd {
host = "0.0.0.0";
host = "::";
host = "127.0.0.1";
# host = "::";
www_root = "/var/www";
port = 8080;
};
@ -607,7 +546,6 @@ operclass "ircop" {
privs {
special:ircop;
};
privs {
user:auspex;
user:admin;
@ -615,28 +553,24 @@ operclass "ircop" {
user:vhost;
user:mark;
};
privs {
chan:auspex;
chan:admin;
chan:cmodes;
chan:joinstaffonly;
};
privs {
general:auspex;
general:helper;
general:viewprivs;
general:flood;
};
privs {
operserv:omode;
operserv:akill;
operserv:jupe;
operserv:global;
};
privs {
group:auspex;
group:admin;
@ -645,24 +579,20 @@ operclass "ircop" {
operclass "sra" {
extends "ircop";
privs {
user:exceedlimits;
user:hold;
user:regnolimit;
};
privs {
general:metadata;
general:admin;
};
privs {
# operserv:massakill;
# operserv:akill-anymask;
operserv:noop;
operserv:grant;
};
needoper;
# needoper;
};

3
docker-compose.yml
View File

@ -11,12 +11,9 @@ services:
- data:/etc/atheme
- ./include.conf:/usr/local/etc/include.conf:ro
- ./atheme.conf:/usr/local/etc/atheme.conf:ro
- ssl:/etc/ssl/atheme
- log:/var/log/atheme
volumes:
data:
name: atheme_data
ssl:
name: atheme_ssl
log:
name: atheme_log

60
include.default.conf
View File

@ -1,29 +1,29 @@
serverinfo {
name = "lame-network.local";
name = "services.supernets.org";
desc = "IRC Services";
numeric = "00A";
recontime = 10;
netname = "LameNet";
hidehostsuffix = "users.misconfigured";
numeric = "10X";
recontime = 4;
netname = "SuperNETs";
hidehostsuffix = "hidden";
adminname = "admin";
adminemail = "no-reply@lame-network.local";
registeremail = "no-reply@lame-network.local";
hidden;
mta = "/usr/sbin/sendmail";
adminemail = "no-reply@supernets.org";
registeremail = "no-reply@supernets.org";
# hidden;
# mta = "/usr/sbin/sendmail";
loglevel = { admin; error; info; network; wallops; };
maxcertfp = 0;
maxlogins = 5;
maxusers = 5;
mdlimit = 30;
emaillimit = 10;
emailtime = 300;
maxcertfp = 8;
maxlogins = 8;
maxusers = 8;
mdlimit = 64;
emaillimit = 8;
emailtime = 256;
auth = none;
casemapping = rfc1459;
};
uplink "irc.lame-network.local" {
uplink "temple.supernets.org" {
host = "127.0.0.1";
port = 7001;
port = 6000;
send_password = "changeme";
receive_password = "changeme";
};
@ -34,38 +34,34 @@ operator "admin" {
};
general {
permissive_mode;
permissive_mode; # https://github.com/atheme/atheme/issues/937
helpchan = "#help";
helpurl = "https://www.lame-network.local";
helpurl = "https://www.supernets.org";
verbose_wallops;
join_chans;
leave_chans;
secure;
uflags = { hidemail; };
cflags = { guard; verbose; };
raw;
flood_msgs = 7;
cflags = { verbose; verbose_ops; keeptopic; guard; };
flood_msgs = 0;
flood_time = 10;
ratelimit_uses = 5;
ratelimit_period = 60;
vhost_change = 30;
kline_time = 7;
kline_with_ident;
# ratelimit_uses = 5;
# ratelimit_period = 60;
# vhost_change = 30;
kline_time = 1;
# kline_with_ident;
kline_verified_ident;
clone_time = 0;
commit_interval = 5;
commit_interval = 16;
db_save_blocking;
operstring = "is an IRC Operator";
servicestring = "is a Network Service";
default_clone_allowed = 5;
default_clone_allowed = 8;
default_clone_warn = 4;
clone_identified_increase_limit;
uplink_sendq_limit = 1048576;
language = "en";
exempts {
};
allow_taint;
immune_level = immune;
show_entity_id;

8
stunnel/stunnel.conf.example
View File

@ -3,9 +3,7 @@ foreground = yes
[PKI client]
client = yes
accept = 127.0.0.1:6000
connect = 1.2.3.4:7777
verifyChain = yes
connect = 100.79.209.72:7777
CAfile = /ca.crt
cert = /server.crt
key = /server.key
checkHost = hub.lame-network.local
verifyChain = yes
checkHost = super-temple.lame-server.local