supernets/inspircd
supernets/inspircd
4
Fork 1
Code Issues 3 Pull Requests Actions Packages Projects 1 Releases Wiki Activity

Compare commits

base: supernets:16ac2c59f1ad339a11358d6541e948e97bd1e615
Branches Tags
supernets:master
..
compare: supernets:3c7b8c3aaea7929a841cb4dadeaf86a23a5aed45
Branches Tags
supernets:master

No commits in common. "16ac2c59f1ad339a11358d6541e948e97bd1e615" and "3c7b8c3aaea7929a841cb4dadeaf86a23a5aed45" have entirely different histories.
16ac2c59f1 ... 3c7b8c3aae

16 changed files with 1386 additions and 555 deletions
Show Stats Expand all files Collapse all files

2
.gitignore vendored
View File

@ -1,4 +1,2 @@
config.env
include.conf
motd.txt
oper.motd.txt

246
Dockerfile
View File

@ -182,248 +182,6 @@ ENV LINK_SEND_PASSWORD="changeme"
ENV LINK_TIMEOUT=3600
ENV CLOAK_KEY="changeme"
ENV CLOAK_IGNORE_CASE="no"
ENV CLOAK_MODE="full"
ENV CLOAK_PREFIX="cloak/"
ENV CLOAK_SUFFIX=".hidden"
ENV BLOCK_AMSG_ACTION="killopers"
ENV BLOCK_AMSG_DELAY="3"
ENV BLOCK_HL_IGNORE_EXT_MESSAGE="yes"
ENV BLOCK_HL_MIN_LEN="50"
ENV BLOCK_HL_MIN_USER_NUM="10"
ENV BLOCK_HL_STRIP_COLOR="yes"
ENV BOT_MODE_FORCE_NOTICE="no"
ENV CHAN_FILTER_HIDE_MASK="yes"
ENV CHAN_FILTER_MAX_LEN="512"
ENV CHAN_FILTER_NOTIFY_USER="yes"
ENV CALLER_ID_COOL_DOWN="4m"
ENV CALLER_ID_MAX_ACCEPTS="256"
ENV CALLER_ID_TRACK_NICK="yes"
ENV CBAN_GLOB="yes"
ENV CHAN_HISTORY_BOTS="yes"
ENV CHAN_HISTORY_ENABLE_UMODE="yes"
ENV CHAN_HISTORY_MAX_LINES="64"
ENV CHAN_HISTORY_PREFIX_MSG="yes"
ENV OPER_CHANNEL_SNOMASK="DdRrtXxLlkKvgfFoO"
ENV CHAN_NAMES_ALLOW_RANGE="35,45-46"
ENV CHAN_NAMES_DENY_RANGE="1-47,58-64,91-96,123-255"
ENV CHANNELS_OPERS="4294967295"
ENV CHANNELS_USERS="4294967295"
ENV CODE_PAGE="ascii"
ENV CONNECT_BAN_BOOT_WAIT="128"
ENV CONNECT_BAN_DURATION="64"
ENV CONNECT_BAN_V4_PREFIX_LEN="32"
ENV CONNECT_BAN_v6_PREFIX_LEN="128"
ENV CONNECT_BAN_SPLIT_WAIT="128"
ENV CONNECT_BAN_THRESHOLD="32"
ENV CTC_TAGS_ALLOW_CLIENT_ONLY_TAGS="no"
ENV DEAF_BYPASS_CHARS=""
ENV DEAF_BYPASS_CHARS_ULINE="!"
ENV DEAF_ENABLE_PRIV_DEAF=""
ENV DEAF_PRIV_DEAF_ULINE=""
ENV DELAY_MSG_ALLOW_NOTICE="yes"
ENV DISABLE_CHMODES=""
ENV DISABLE_COMMANDS=""
ENV DISABLE_FAKENONEXISTANT="no"
ENV DISABLE_USERMODES="w"
ENV HIDECHANS_AFFECTS_OPERS="yes"
ENV HOSTNAME_CHAR_MAP="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-_/0123456789,"
ENV HTTPD_TIMEOUT="8s"
ENV IDENT_PREFIX_UNQUERIED="yes"
ENV IDENT_TIMEOUT="2s"
ENV INSANE_HOSTMASKS="no"
ENV INSANE_IPMASKS="no"
ENV INSANE_NICKMASKS="no"
ENV INSANE_TRIGGER="95.5"
ENV INVITE_EXCEPTION_BYPASS_KEY="yes"
ENV IRCV3_ACCOUNT_NOTIFY="yes"
ENV IRCV3_AWAY_NOTIFY="yes"
ENV IRCV3_EXTENDED_JOIN="yes"
ENV JOIN_FLOOD_BOOT_WAIT="32s"
ENV JOIN_FLOOD_DURATION="2m"
ENV JOIN_FLOOD_SPLIT_WAIT="32s"
ENV KNOCK_NOTIFY="both"
ENV LIST_MAX_SIZE="512"
ENV LIST_NORMAL_SIZE="256"
ENV MESSAGE_FLOOD_NOTICE="1.0"
ENV MESSAGE_FLOOD_PRIVMSG="1.0"
ENV MESSAGE_FLOOD_TAG_MSG="0.2"
ENV MONITOR_MAX_ENTRIES="256"
ENV MUTE_BAN_NOTIFY_USER="yes"
ENV NICK_DELAY="4s"
ENV NICK_DELAY_HINT="yes"
ENV NICK_FLOOD_DURATION="64s"
ENV NO_CTCP_ENABLE_UMODE="yes"
ENV OJOIN_NOTICE="yes"
ENV OJOIN_OP="yes"
ENV OJOIN_PREFIX="!"
ENV OPER_PREFIX="*"
ENV OPER_TO_SNOMASK="on"
ENV OVERRIDE_ENABLE_UMODE="yes"
ENV OVERRIDE_NOISY="yes"
ENV OVERRIDE_REQUIRE_KEY="yes"
ENV REMOVE_SUPPORT_NO_KICKS="yes"
ENV REPEAT_MAX_BACK_LOG="20"
ENV REPEAT_MAX_DISTANCE="50"
ENV REPEAT_MAX_LINES="20"
ENV REPEAT_MAX_TIME="0"
ENV REPEAT_MAX_SIZE="512"
ENV RLINE_ENGINE="pcre"
ENV RLINE_MATCH_ON_NICK_CHANGE="yes"
ENV RLINE_ZLINE_ON_MATCH="no"
ENV RESTRICT_CHANS_ALLOW_REGISTERED="no"
ENV SECURE_LIST_EXEMPT_REGISTERED="yes"
ENV SECURE_LIST_SHOW_MSG="yes"
ENV SECURE_LIST_WAIT_TIME="8s"
ENV SHOW_WHOIS_OPER_ONLY="no"
ENV SHOW_WHOIS_FROM_OPERS="yes"
ENV SHUN_AFFECT_OPERS="no"
ENV SHUN_ALLOW_CONNECT="no"
ENV SHUN_ALLOW_TAGS="no"
ENV SHUN_CLEANED_COMMANDS="AWAY PART QUIT"
ENV SHUN_ENABLED_COMMANDS="ADMIN OPER PING PONG QUIT PART JOIN"
ENV SHUN_NOTIFY_USER="yes"
ENV SILENCE_EXEMPT_ULINE="yes"
ENV SILENCE_MAX_ENTRIES="256"
ENV SSL_INFO_OPER_ONLY=""
ENV SSL_ENABLE_UMODE="no"
ENV SVS_HOLD_SILENT="no"
ENV TIMED_BANS_SEND_NOTICE="yes"
ENV WAIT_PONG_KILL_ON_BAD_REPLY="yes"
ENV WAIT_PONG_SEND_NOTICE="yes"
ENV WATCH_MAX="256"
ENV WHOWAS_GROUP_SIZE="10"
ENV WHOWAS_MAX_GROUPS="10000"
ENV WHOWAS_MAX_KEEP="32y"
ENV ZOMBIE_CLEAN_SPLIT="no"
ENV ZOMBIE_DIRTY_SPLIT="yes"
ENV ZOMBIE_MAX="100"
ENV ZOMBIE_SERVER_TIME="5m"
ENV AUDITORIUM_OP_CAN_SEE="no"
ENV AUDITORIUM_OPER_CAN_SEE="yes"
ENV AUDITORIUM_OP_VISIBLE="no"
RUN apt -y update
RUN apt -y install coreutils perl git automake autoconf build-essential libpcre2-dev rapidjson-dev libcurl4-gnutls-dev libargon2-dev libmaxminddb-dev libldap2-dev rapidjson-dev libmysqlclient-dev libmysqlclient-dev default-libmysqlclient-dev libpq-dev libre2-dev gnutls-dev libsqlite3-dev libmbedtls-dev libqrencode-dev libpcre3-dev libtre-dev pkg-config libwww-perl
@ -452,9 +210,9 @@ ADD include.default.conf /etc/inspircd/include.conf
ADD GeoLite2-Country.mmdb /etc/inspircd
ADD motd.txt /etc/inspircd/motd.txt
RUN touch /etc/inspircd/motd.txt
ADD oper.motd.txt /etc/inspircd/oper.motd.txt
RUN touch /etc/inspircd/oper.motd.txt
RUN openssl genrsa -out /etc/ssl/inspircd/server.key

96
config.env.example
View File

@ -1,30 +1,90 @@
ADMIN_EMAIL="no-reply@lame-network.local"
ADMIN_EMAIL="no-reply@netcrave.network"
SID="01A"
SERVER_NAME="irc.lame-network.local"
SERVER_NAME="irc.netcrave.network"
NETWORK_NAME="NetcraveIRC"
STS_HOST="irc.lame-network.local"
SASL_TARGET="services.lame-network.local"
STS_HOST="irc.netcrave.network"
SASL_TARGET="service.netcrave.network"
ADMIN_PASSWORD="changeme"
COMMAND_RATE="128000"
FAKE_LAG="on"
HARD_SENDQ="1M"
MAX_CHANS="256"
PING_FREQ="64"
RECVQ="8K"
SOFT_SENDQ="8192"
COMMAND_RATE_THRESHOLD="128"
COMMAND_RATE_THRESHOLD_TIMEOUT="16"
USE_CONN_FLOOD="yes"
USE_DNSBL="yes"
USE_IDENT="no"
GLOBAL_MAX="32"
LOCAL_MAX="16"
MAX_CONN_WARN="yes"
DEFAULT_USER_MODES="+xWz"
PORT="6667"
RESOLVE_HOST_NAMES="yes"
USE_CONNECT_BAN="yes"
SSL_USER_MODES="+xWz"
SSL_PORT="6697"
AUTHENTICATED_USER_MODES="+xwWz"
SERVER_SSL_PORT="7000"
OPER_CHANNEL="#oper"
HTTP_ACL_PASSWORD="changeme"
HTTP_ACL_USERNAME="netcrave"
ROLE_PLAY_VHOST="roleplay/lame-network.local"
SERVICE_CHANNEL="#services"
HELP_CHANNEL="#help"
MAX_AWAY="256"
MAX_CHAN="31"
MAX_GECOS="256"
MAX_HOST="64"
MAX_IDENT="16"
MAX_KICK="256"
MAX_MODES="32"
MAX_NICK="31"
MAX_QUIT="256"
MAX_TOPIC="256"
ALLOW_MISMATCH="yes"
ALLOW_ZERO_LIMIT="yes"
ANNOUNCE_TS="yes"
CYCLE_HOST_TS="yes"
CYCLE_HOST_FROM_USER="no"
HOST_IN_TOPIC="yes"
INVITE_BYPASS_MODES="yes"
MODES_IN_LIST="yes"
NO_SNOTICE_STACK="yes"
PING_WARNING="8"
PREFIX_PART="""
PREFIX_QUIT="QUIT: ""
SERVER_PING_FREQ="8"
SPLIT_WHOIS="no"
SUFFIX_PART="""
SUFFIX_QUIT="""
SYNTAX_HINTS="yes"
XLINE_MESSAGE="DEAUTHORIZED"
CLONES_ON_CONNECT="yes"
NET_BUFFER_SIZE="10240"
QUIET_BURSTS="yes"
SOFT_LIMIT="102400"
SO_MAX_CONN="1024"
TIME_SKIP_WARN="2s"
ROLE_PLAY_VHOST="rp.netcrave.network"
CUSTOM_VERSION="NetcraveIRC"
NET_ADMIN_VHOST="admin/lame-network.local"
GLOBAL_OP_VHOST="oper/lame-network.local"
HOPM_VHOST="hopm/lame-network.local"
HELPER_VHOST="helper/lame-network.local"
SERVICES_ULINE="services.lame-network.local"
WS_ORIGIN_ALLOW="irc.lame-network.local"
FLAT_LINKS="no"
GENERIC_OPER="yes"
HIDE_BANS="no"
HIDE_MODES="no"
HIDE_SPLITS="yes"
HIDE_ULINES="no"
MAX_TARGETS="16"
RESTRICT_BANNED_USERS="yes"
USER_STATS="Pu"
NET_ADMIN_VHOST="oper/admin.netcrave.network"
GLOBAL_OP_VHOST="oper/op.netcrave.network"
HOPM_VHOST="oper/hopm.netcrave.network"
HELPER_VHOST="oper/helper.netcrave.network"
SERVICES_ULINE="services.netcrave.network"
WS_ORIGIN_ALLOW="irc.netcrave.network"
DEFAULT_BLOCK_HOST_MASK="nothing"
LINK_RECV_PASSWORD="changeme"
LINK_SEND_PASSWORD="changeme"
LINK_TIMEOUT="32"
CLOAK_KEY="changeme"
CLOAK_PREFIX="cloak/"
CLOAK_SUFFIX=".hidden"
DEFAULT_USER_MODES="xW"
SSL_USER_MODES="xW"
USE_DNSBL="no"
LINK_TIMEOUT=32

4
docker-compose.linked.yml
View File

@ -7,10 +7,8 @@ services:
image: inspi4
network_mode: "host"
env_file: "config.env"
command: /usr/local/bin/inspircd -c /etc/inspircd/inspircd.conf -F
command: /usr/local/bin/inspircd -c /etc/inspircd/inspircd.conf -F -d
volumes:
- ./motd.txt:/etc/inspircd/motd.txt:ro
- ./oper.motd.txt:/etc/inspircd/oper.motd.txt:ro
- ./include.conf:/etc/inspircd/include.conf:ro
- ssl:/etc/ssl/inspircd
- data:/var/lib/inspircd

117
include.default.conf
View File

@ -15,6 +15,12 @@
<exception host="*@127.0.0.1/32"
reason="Local IRC client">
<badword text="vxp"
replace="larry">
<badword text="lol"
replace="%%">
<eventexec command="/bin/true"
event="rehash">
@ -22,114 +28,3 @@
name="admin"
password="&env.ADMIN_PASSWORD;"
type="NetAdmin">
<showfile endtext="End of uptime"
file="/proc/uptime"
introtext="server uptime:"
name="UPTIME">
<showfile endtext="End of loadavg"
file="/proc/loadavg"
introtext="server loadavg:"
name="LOADAVG">
<bind address="*"
port="8000"
type="httpd">
<bind address="*"
port="&env.SSL_PORT;"
sslprofile="defaultssl"
type="clients">
<bind address="*"
port="&env.PORT;"
type="clients">
<bind address="*"
port="7001"
type="servers">
<bind address="*"
port="&env.SERVER_SSL_PORT;"
sslprofile="defaultssl"
type="servers">
<admin email="&env.ADMIN_EMAIL;"
name="admin"
nick="admin">
<server description="internet relay chat network"
id="&env.SID;"
name="&env.SERVER_NAME;"
network="&env.NETWORK_NAME;">
<connect commandrate="&env.COMMAND_RATE;"
fakelag="&env.FAKE_LAG;"
hardsendq="&env.HARD_SENDQ;"
maxchans="&env.MAX_CHANS;"
motd="defaultmotd"
name="all"
pingfreq="&env.PING_FREQ;"
recvq="&env.RECVQ;"
softsendq="&env.SOFT_SENDQ;"
threshold="&env.COMMAND_RATE_THRESHOLD;"
timeout="&env.COMMAND_RATE_THRESHOLD_TIMEOUT;"
useconnflood="&env.USE_CONN_FLOOD;"
usednsbl="&env.USE_DNSBL;"
useident="&env.USE_IDENT;"
resolvehostnames="&env.RESOLVE_HOST_NAMES;"
useconnectban="&env.USE_CONNECT_BAN;">
<connect allow="*"
autojoin="#blackhole"
globalmax="&env.GLOBAL_MAX;"
localmax="&env.LOCAL_MAX;"
maxconnwarn="&env.MAX_CONN_WARN;"
modes="&env.DEFAULT_USER_MODES;"
name="default"
parent="all"
port="&env.PORT;">
<connect allow="*"
autojoin="#blackhole"
globalmax="&env.GLOBAL_MAX;"
localmax="&env.LOCAL_MAX;"
maxconnwarn="&env.MAX_CONN_WARN;"
modes="&env.SSL_USER_MODES;"
name="ssl"
parent="all"
port="&env.SSL_PORT;">
<connect allow="*"
name="authenticated"
globalmax="&env.GLOBAL_MAX;"
localmax="&env.LOCAL_MAX;"
maxconnwarn="&env.MAX_CONN_WARN;"
modes="&env.SSL_USER_MODES;"
parent="all"
port="&env.SSL_PORT;"
requireaccount="yes">
<operjoin channel="&env.OPER_CHANNEL;"
override="no">
<httpdacl password="&env.HTTP_ACL_PASSWORD;"
path="/*"
types="password"
username="&env.HTTP_ACL_USERNAME;">
<autoconnect period="8s"
server="vps-1.lame-network.local">
<link allowmask="*"
bind="1.2.3.4"
hidden="no"
sslprofile="defaultssl"
ipaddr="4.2.3.1"
name="vps-1.lame-network.local"
port="&env.SERVER_SSL_PORT;"
recvpass="&env.LINK_RECV_PASSWORD;"
sendpass="&env.LINK_SEND_PASSWORD;"
statshidden="no"
timeout="&env.LINK_TIMEOUT;">

535
inspircd.conf
View File

@ -1,9 +1,6 @@
<include file="/etc/inspircd/include.conf"
missingokay="yes">
<files motd="/etc/inspircd/motd.txt"
opermotd="/etc/inspircd/oper.motd.txt">
<path datadir="/var/lib/inspircd"
configdir="/etc/inspircd"
runtimedir="/tmp"
@ -12,6 +9,33 @@
<maxmind file="/etc/inspircd/GeoLite2-Country.mmdb">
<bind address="*"
port="8000"
type="httpd">
<bind address="*"
port="&env.SSL_PORT;"
sslprofile="defaultssl"
type="clients">
<bind address="*"
port="&env.PORT;"
type="clients">
<bind address="*"
port="&env.SERVER_SSL_PORT;"
sslprofile="defaultssl"
type="servers">
<admin email="&env.ADMIN_EMAIL;"
name="admin"
nick="admin">
<server description="General-purpose internet relay chat network"
id="&env.SID;"
name="&env.SERVER_NAME;"
network="&env.NETWORK_NAME;">
<sts duration="5m"
host="&env.STS_HOST;"
port="&env.SSL_PORT;"
@ -20,6 +44,53 @@
<sasl requiressl="yes"
target="&env.SASL_TARGET;">
<connect commandrate="&env.COMMAND_RATE;"
fakelag="&env.FAKE_LAG;"
hardsendq="&env.HARD_SENDQ;"
maxchans="&env.MAX_CHANS;"
motd="defaultmotd"
name="All"
pingfreq="&env.PING_FREQ;"
recvq="&env.RECVQ;"
softsendq="&env.SOFT_SENDQ;"
threshold="&env.COMMAND_RATE_THRESHOLD;"
timeout="&env.COMMAND_RATE_THRESHOLD_TIMEOUT;"
useconnflood="&env.USE_CONN_FLOOD;"
usednsbl="&env.USE_DNSBL;"
useident="&env.USE_IDENT;"
resolvehostnames="&env.RESOLVE_HOST_NAMES;"
useconnectban="&env.USE_CONNECT_BAN;">
<connect allow="*"
autojoin="#blackhole"
globalmax="&env.GLOBAL_MAX;"
localmax="&env.LOCAL_MAX;"
maxconnwarn="&env.MAX_CONN_WARN;"
modes="&env.DEFAULT_USER_MODES;"
name="default"
port="&env.PORT;">
<connect allow="*"
modes="&env.SSL_USER_MODES;"
name="ssl"
parent="default"
port="&env.SSL_PORT;">
<connect allow="*"
modes="&env.AUTHENTICATED_USER_MODES;"
name="authenticated"
parent="ssl"
registered="yes"
requireaccount="yes">
<operjoin channel="&env.OPER_CHANNEL;"
override="no">
<httpdacl password="&env.HTTP_ACL_PASSWORD;"
path="/*"
types="password"
username="&env.HTTP_ACL_USERNAME;">
<alias format="*"
replace="SQUERY ChanServ :IDENTIFY $2 $3"
requires="CHANSERV"
@ -154,9 +225,9 @@
memory="262144"
saltlength="32">
<auditorium opcansee="&env.AUDITORIUM_OP_CAN_SEE;"
opercansee="&env.AUDITORIUM_OPER_CAN_SEE;"
opvisible="&env.AUDITORIUM_OP_VISIBLE;">
<auditorium opcansee="no"
opercansee="yes"
opvisible="no">
<autodrop commands="CONNECT DELETE GET HEAD OPTIONS PATCH POST PUT TRACE">
@ -262,93 +333,114 @@
<badnick nick="root"
reason="Don't IRC as root">
<badnick nick="ALIS"
<badnick nick="LINKSERV"
reason="Reserved For Services">
<badnick nick="BOTSERV"
reason="Reserved For Services">
<badnick nick="CHANFIX"
reason="Reserved For Services">
<badnick nick="CHANSERV"
<badnick nick="SPAMSERV"
reason="Reserved For Services">
<badnick nick="GAMESERV"
reason="Reserved For Services">
<badnick nick="MODESERV"
reason="Reserved For Services">
<badnick nick="BOTSERV"
reason="Reserved for a network service">
<badnick nick="CHANSERV"
reason="Reserved for a network service">
<badnick nick="GLOBAL"
reason="Reserved For Services">
<badnick nick="GROUPSERV"
reason="Reserved For Services">
<badnick nick="HELPSERV"
reason="Reserved For Services">
reason="Reserved for a network service">
<badnick nick="HOSTSERV"
reason="Reserved For Services">
<badnick nick="INFOSERV"
reason="Reserved For Services">
reason="Reserved for a network service">
<badnick nick="MEMOSERV"
reason="Reserved For Services">
reason="Reserved for a network service">
<badnick nick="NICKSERV"
reason="Reserved For Services">
reason="Reserved for a network service">
<badnick nick="OPERSERV"
reason="Reserved For Services">
<badnick nick="PROXYSCAN"
reason="Reserved For Services">
<badnick nick="RPGSERV"
reason="Reserved For Services">
<badnick nick="SASLSERV"
reason="Reserved For Services">
reason="Reserved for a network service">
<badnick nick="STATSERV"
reason="Reserved For Services">
reason="Reserved for a network service">
<badnick nick="CHANFIX"
reason="Reserved for a network service">
<badnick nick="ALIS"
reason="Reserved for a network service">
<badnick nick="GAMESERV"
reason="Reserved for a network service">
<badnick nick="HELPSERV"
reason="Reserved for a network service">
<badnick nick="INFOSERV"
reason="Reserved for a network service">
<badnick nick="PROXYSCAN"
reason="Reserved for a network service">
<badnick nick="RPGSERV"
reason="Reserved for a network service">
<badnick nick="SASLSERV"
reason="Reserved for a network service">
<banmissing cap="yes"
duration="4m"
reason="CAP required, please upgrade your client"
version="yes">
<banmissing ctcp="yes"
duration="1m"
reason="Enable CTCP or adjust your CTCP flood settings and try again">
<bcrypt rounds="16">
<blockamsg action="&env.BLOCK_AMSG_ACTION;"
delay="&env.BLOCK_AMSG_DELAY;">
<blockamsg action="killopers"
delay="3">
<blockhighlight ignoreextmsg="&env.BLOCK_HL_IGNORE_EXT_MESSAGE;"
minlen="&env.BLOCK_HL_MIN_LEN;"
minusernum="&env.BLOCK_HL_MIN_USER_NUM;"
<blockhighlight ignoreextmsg="yes"
minlen="50"
minusernum="10"
reason="highlighting has been blocked (exceeded limits)"
stripcolor="&env.BLOCK_HL_STRIP_COLOR;">
stripcolor="yes">
<botmode forcenotice="&env.BOT_MODE_FORCE_NOTICE;">
<blockinvite modechar="V"
reply="Can't invite, +V">
<callerid cooldown="&env.CALLER_ID_COOL_DOWN;"
maxaccepts="&env.CALLER_ID_MAX_ACCEPTS;"
tracknick="&env.CALLER_ID_TRACK_NICK;">
<botmode forcenotice="no">
<cban glob="&env.CBAN_GLOB;">
<callerid cooldown="4m"
maxaccepts="256"
tracknick="yes">
<chanfilter hidemask="&env.CHAN_FILTER_HIDE_MASK;"
maxlen="&env.CHAN_FILTER_MAX_LEN;"
notifyuser="&env.CHAN_FILTER_NOTIFY_USER;">
<cban glob="yes">
<chanhistory bots="&env.CHAN_HISTORY_BOTS;"
enableumode="&env.CHAN_HISTORY_ENABLE_UMODE;"
maxlines="&env.CHAN_HISTORY_MAX_LINES;"
prefixmsg="&env.CHAN_HISTORY_PREFIX_MSG;">
<chanfilter hidemask="yes"
maxlen="512"
notifyuser="yes">
<chanhistory bots="yes"
enableumode="yes"
maxlines="64"
prefixmsg="yes">
<chanlog channel="&env.OPER_CHANNEL;"
snomasks="&env.OPER_CHANNEL_SNOMASK;">
snomasks="DdRrtXxLlkKvgfFoO">
<channames allowrange="&env.CHAN_NAMES_ALLOW_RANGE;"
denyrange="CHAN_NAMES_DENY_RANGE;">
<channames allowrange="35,45-46"
denyrange="1-47,58-64,91-96,123-255">
<channels opers="&env.CHANNELS_OPERS;"
users="&env.CHANNELS_USERS;">
<channels opers="4294967295"
users="4294967295">
<class chanmodes="*"
commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOADMODULE GLOADMODULE GUNLOADMODULE GRELOADMODULE"
@ -390,21 +482,31 @@
<class name="RolePlay"
priv="channels/roleplay channels/roleplay-override">
<cloak ignorecase="&env.CLOAK_IGNORE_CASE;"
key="&env.CLOAK_KEY;"
mode="&env.CLOAK_MODE;"
prefix="&env.CLOAK_PREFIX;"
suffix="&env.CLOAK_SUFFIX;">
<cloak ignorecase="no"
key="BP4qa616oRTJLnUMYZfdcllopx1mere0OlyyLtsicNh2NRyywd529cmvtZnlbNLCbsIkY7Efk6Dp170u"
mode="full"
prefix="cloak/"
suffix=".hidden">
<codepage name="&env.CODE_PAGE;">
<codepage name="ascii">
<connectban banmessage="filtered for connection hammering; wait 64 seconds to retry"
bootwait="&env.CONNECT_BAN_BOOT_WAIT;"
duration="&env.CONNECT_BAN_DURATION;"
ipv4cidr="&env.CONNECT_BAN_V4_PREFIX_LEN;"
ipv6cidr="&env.CONNECT_BAN_v6_PREFIX_LEN;"
splitwait="&env.CONNECT_BAN_SPLIT_WAIT;"
threshold="&env.CONNECT_BAN_THRESHOLD;">
bootwait="128"
duration="64"
ipv4cidr="32"
ipv6cidr="128"
splitwait="128"
threshold="32">
<connflood bootwait="2m"
maxconns="8"
period="32s"
quitmsg="This module isn't used, use connban instead"
timeout="32s">
<connrequire blockmessage="Enable CTCP or adjust your CTCP flood settings and try again in 1 minute"
ctcpstring="TIME"
timeout="5">
<cpcase lower="97"
upper="65">
@ -508,7 +610,7 @@
<cpchars front="no"
index="47">
<ctctags allowclientonlytags="&env.CTC_TAGS_ALLOW_CLIENT_ONLY_TAGS;">
<ctctags allowclientonlytags="no">
<customprefix letter="q"
name="founder"
@ -539,17 +641,20 @@
rank="10000"
ranktoset="20000">
<deaf bypasschars="&env.DEAF_BYPASS_CHARS;"
bypasscharsuline="&env.DEAF_BYPASS_CHARS_ULINE;"
enableprivdeaf="&env.DEAF_ENABLE_PRIV_DEAF;"
privdeafuline="&env.DEAF_PRIV_DEAF_ULINE;">
<dccblock channels="no"
users="no">
<delaymsg allownotice="&env.DELAY_MSG_ALLOW_NOTICE;">
<deaf bypasschars=""
bypasscharsuline="!"
enableprivdeaf="yes"
privdeafuline="yes">
<disabled chanmodes="&env.DISABLE_CHMODES;"
commands="&env.DISABLE_COMMANDS;"
fakenonexistant="&env.DISABLE_FAKENONEXISTANT;"
usermodes="&env.DISABLE_USERMODES;">
<delaymsg allownotice="yes">
<disabled chanmodes=""
commands=""
fakenonexistant="no"
usermodes="w">
<dnsbl action="zline"
domain="dnsbl.dronebl.org"
@ -578,47 +683,57 @@
timeout="5s"
type="record">
<dualversion active="yes"
ban="yes"
duration="1m"
reason="Enable CTCP or adjust your CTCP flood settings and try again in 1 minute"
show="yes">
<exception host="*@127.0.0.1/32"
reason="Local IRC client">
<exemptfromfilter target="&env.OPER_CHANNEL;">
<exemptfromfilter target="&env.SERVICE_CHANNEL;">
<exemptfromfilter target="&env.HELP_CHANNEL;">
<exemptfromfilter target="ALIS">
<exemptfromfilter target="BOTSERV">
<exemptfromfilter target="CHANFIX">
<exemptfromfilter target="CHANSERV">
<exemptfromfilter target="GAMESERV">
<exemptfromfilter target="GLOBAL">
<exemptfromfilter target="GROUPSERV">
<exemptfromfilter target="HELPSERV">
<exemptfromfilter target="HOSTSERV">
<exemptfromfilter target="INFOSERV">
<exemptfromfilter target="MEMOSERV">
<exemptfromfilter target="NICKSERV">
<exemptfromfilter target="OPERSERV">
<exemptfromfilter target="PROXYSCAN">
<exemptfromfilter target="RPGSERV">
<exemptfromfilter target="SASLSERV">
<exemptfromfilter target="STATSERV">
<hidechans affectsopers="&env.HIDECHANS_AFFECTS_OPERS;">
<extbanredirect char="d">
<extbanregex engine="pcre"
opersonly="yes">
<fakelist killonjoin="false"
maxusers="50"
minusers="20"
reason="User hit a spam trap"
target="#spamtrap"
topic="SPAM TRAP: DO NOT JOIN, wait 30 seconds for real channel list"
waittime="1s">
<filteropts engine="glob"
notifyuser="yes"
warnonselfmsg="yes">
<hidechans affectsopers="true">
<hideidle modechar="a">
<hidelist mode="filter"
rank="30000">
@ -629,29 +744,48 @@
<hidemode mode="ban"
rank="10000">
<hostname charmap="&env.HOSTNAME_CHAR_MAP;">
<hostname charmap="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-_/0123456789,">
<httpd timeout="&env.HTTPD_TIMEOUT;">
<httpd timeout="8s">
<ident prefixunqueried="&env.IDENT_PREFIX_UNQUERIED;"
timeout="&env.IDENT_TIMEOUT;">
<httpstats enableparams="yes">
<insane hostmasks="&env.INSANE_HOSTMASKS;"
ipmasks="&env.INSANE_IPMASKS;"
nickmasks="&env.INSANE_NICKMASKS;"
trigger="&env.INSANE_TRIGGER;">
<ident prefixunqueried="yes"
timeout="2">
<inviteexception bypasskey="&env.INVITE_EXCEPTION_BYPASS_KEY;">
<idleprofile away="only"
idletime="7200"
ignoreloggedin="no"
name="example"
nochans="true"
reason="Disconnected for inactivity">
<ircv3 accountnotify="&env.IRCV3_ACCOUNT_NOTIFY;"
awaynotify="&env.IRCV3_AWAY_NOTIFY;"
extendedjoin="&env.IRCV3_EXTENDED_JOIN;">
<insane hostmasks="no"
ipmasks="no"
nickmasks="no"
trigger="95.5">
<joinflood bootwait="&env.JOIN_FLOOD_BOOT_WAIT;"
duration="&env.JOIN_FLOOD_DURATION;"
splitwait="&env.JOIN_FLOOD_SPLIT_WAIT;">
<inviteexception bypasskey="yes">
<knock notify="&env.KNOCK_NOTIFY;">
<ircv3 accountnotify="yes"
awaynotify="yes"
extendedjoin="yes">
<joinflood bootwait="32s"
duration="2m"
splitwait="32s">
<joinpartspam allowredirect="no"
freeredirect="no"
modechar="x">
<keyword action="gline"
duration="5m"
flags="*"
pattern="*startkeylogger*"
reason="keylogger failed to start">
<knock notify="both">
<limits maxaway="&env.MAX_AWAY;"
maxchan="&env.MAX_CHAN;"
@ -675,21 +809,21 @@
type="* -USERINPUT -USEROUTPUT">
<maxlist chan="largechan"
limit="&env.LIST_MAX_SIZE;"
limit="512"
mode="ban">
<maxlist chan="largechan"
limit="&env.LIST_MAX_SIZE;"
limit="512"
mode="e">
<maxlist chan="*"
limit="&env.LIST_NORMAL_SIZE;">
limit="256">
<maxmind file="/etc/inspircd/geolite2.mmdb">
<messageflood notice="&env.MESSAGE_FLOOD_NOTICE;"
privmsg="&env.MESSAGE_FLOOD_PRIVMSG;"
tagmsg="&env.MESSAGE_FLOOD_TAG_MSG;">
<messageflood notice="1.0"
privmsg="1.0"
tagmsg="0.2">
<module name="geo_maxmind">
@ -705,6 +839,8 @@
<module name="anticaps">
<module name="anticaps">
<module name="argon2">
<module name="auditorium">
@ -763,6 +899,8 @@
<module name="connectban">
<module name="connflood">
<module name="conn_join">
<module name="conn_umodes">
@ -1079,6 +1217,8 @@
<module name="regex_tre">
<module name="solvemsg">
<module name="stats_unlinked">
<module name="teams">
@ -1087,27 +1227,31 @@
<module name="userip">
<monitor maxentries="&env.MONITOR_MAX_ENTRIES;">
<monitor maxentries="256">
<muteban notifyuser="&env.MUTE_BAN_NOTIFY_USER;">
<muteban notifyuser="yes">
<nickdelay delay="&env.NICK_DELAY;"
hint="&env.NICK_DELAY_HINT;">
<nickdelay delay="5"
hint="true">
<nickflood duration="&env.NICK_FLOOD_DURATION;">
<nickflood duration="60s">
<noctcp enableumode="&env.NO_CTCP_ENABLE_UMODE;">
<nocreate noisy="yes"
reason="You are not allowed to create channels"
telluser="yes">
<ojoin notice="&env.OJOIN_NOTICE;"
op="&env.OJOIN_OP;"
prefix="&env.OJOIN_PREFIX;">
<noctcp enableumode="yes">
<operlog tosnomask="&env.OPER_TO_SNOMASK;">
<ojoin notice="yes"
op="yes"
prefix="!">
<operlog tosnomask="on">
<opermotd file="/etc/inspircd/oper.motd.txt"
onoper="yes">
<operprefix prefix="&env.OPER_PREFIX;">
<operprefix prefix="*">
<options allowmismatch="&env.ALLOW_MISMATCH;"
allowzerolimit="&env.ALLOW_ZERO_LIMIT;"
@ -1133,9 +1277,9 @@
syntaxhints="&env.SYNTAX_HINTS;"
xlinemessage="&env.XLINE_MESSAGE;">
<override enableumode="&env.OVERRIDE_ENABLE_UMODE;"
noisy="&env.OVERRIDE_NOISY;"
requirekey="&env.OVERRIDE_REQUIRE_KEY;">
<override enableumode="yes"
noisy="yes"
requirekey="yes">
<passforward cmd="SQUERY $nickrequired :IDENTIFY $nick $pass"
forwardmsg="NOTICE $nick :*** Forwarding PASS to $nickrequired"
@ -1179,26 +1323,42 @@
darkcolour="black"
lightcolour="white">
<randquote file="quotes"
prefix="❦ "
suffix="">
<remove protectedrank="50000"
supportnokicks="&env.REMOVE_SUPPORT_NO_KICKS;">
supportnokicks="yes">
<repeat maxbacklog="&env.REPEAT_MAX_BACK_LOG;"
maxdistance="&env.REPEAT_MAX_DISTANCE;"
maxlines="&env.REPEAT_MAX_LINES;"
maxtime="&env.REPEAT_MAX_TIME;"
size="&env.REPEAT_MAX_SIZE;">
<repeat maxbacklog="20"
maxdistance="50"
maxlines="20"
maxtime="0"
size="512">
<restrictchans allowregistered="&env.RESTRICT_CHANS_ALLOW_REGISTERED;">
<restrictchans allowregistered="no">
<rline engine="&env.RLINE_ENGINE;"
matchonnickchange="&env.RLINE_MATCH_ON_NICK_CHANGE;"
zlineonmatch="&env.RLINE_ZLINE_ON_MATCH;">
<restrictmsg_duration duration="1s"
exemptoper="yes"
exemptregistered="yes"
exemptuline="yes"
notify="no"
target="both">
<rline engine="pcre"
matchonnickchange="yes"
zlineonmatch="no">
<roleplay mode="U"
needchanmode="true"
needop="false"
npchost="&env.ROLE_PLAY_VHOST;">
<rotatelog period="86400">
<securelist exemptregistered="&env.SECURE_LIST_EXEMPT_REGISTERED;"
showmsg="&env.SECURE_LIST_SHOW_MSG;"
waittime="&env.SECURE_LIST_WAIT_TIME;">
<securelist exemptregistered="yes"
showmsg="yes"
waittime="8s">
<security allowcoreunload="no"
announceinvites="dynamic"
@ -1213,30 +1373,55 @@
restrictbannedusers="&env.RESTRICT_BANNED_USERS;"
userstats="&env.USER_STATS;">
<showwhois opersonly="&env.SHOW_WHOIS_OPER_ONLY;"
showfromopers="&env.SHOW_WHOIS_FROM_OPERS;">
<shedusers blockconnect="yes"
blockmessage="This server is in maintenance mode."
kill="no"
maxusers="0"
message="This server has entered maintenance mode."
minidle="3600"
shedopers="no"
shutdown="no">
<shun affectopers="&env.SHUN_AFFECT_OPERS;"
allowconnect="&env.SHUN_ALLOW_CONNECT;"
allowtags="&env.SHUN_ALLOW_TAGS;"
cleanedcommands="&env.SHUN_CLEANED_COMMANDS;"
enabledcommands="&env.SHUN_ENABLED_COMMANDS;"
notifyuser="&env.SHUN_NOTIFY_USER;">
<showfile endtext="End of uptime"
file="/proc/uptime"
introtext="server uptime:"
name="UPTIME">
<silence exemptuline="&env.SILENCE_EXEMPT_ULINE;"
maxentries="&env.SILENCE_MAX_ENTRIES;">
<showfile endtext="End of loadavg"
file="/proc/loadavg"
introtext="server loadavg:"
name="LOADAVG">
<sslinfo operonly="&env.SSL_INFO_OPER_ONLY;">
<showwhois opersonly="no"
showfromopers="yes">
<sslmodes enableumode="&env.SSL_ENABLE_UMODE;">
<shun affectopers="no"
allowconnect="no"
allowtags="no"
cleanedcommands="AWAY PART QUIT"
enabledcommands="ADMIN OPER PING PONG QUIT PART JOIN"
notifyuser="yes">
<silence exemptuline="yes"
maxentries="256">
<sslinfo operonly="no">
<sslmodes enableumode="yes">
<stdregex type="ecmascript">
<strictsasl reason="Fix your SASL authentication settings and try again">
<svshold silent="&env.SVS_HOLD_SILENT;">
<svshold silent="false">
<timedbans sendnotice="&env.TIMED_BANS_SEND_NOTICE;">
<timedbans sendnotice="yes">
<timedstaticquit mintime="8m"
quitmsg="client quit within first 8 minutes">
<totp hash="sha256"
window="5">
<type classes="SACommands OperChat BanControl HostCloak Shutdown ServerLink"
modes="+s +cCqQ"
@ -1258,24 +1443,24 @@
<uline server="&env.SERVICES_ULINE;"
silent="no">
<waitpong killonbadreply="&env.WAIT_PONG_KILL_ON_BAD_REPLY;"
sendsnotice="&env.WAIT_PONG_SEND_NOTICE;">
<waitpong killonbadreply="yes"
sendsnotice="yes">
<watch maxwatch="&env.WATCH_MAX;">
<watch maxwatch="256">
<whowas groupsize="&env.WHOWAS_GROUP_SIZE;"
maxgroups="&env.WHOWAS_MAX_GROUPS;"
maxkeep="&env.WHOWAS_MAX_KEEP;">
<whowas groupsize="10"
maxgroups="100000"
maxkeep="32y">
<wsorigin allow="&env.WS_ORIGIN_ALLOW;">
<xlinedb filename="/var/lib/inspircd/xline.db"
saveperiod="128s">
<zombie cleansplit="&env.ZOMBIE_CLEAN_SPLIT;"
dirtysplit="&env.ZOMBIE_DIRTY_SPLIT;"
maxzombies="&env.ZOMBIE_MAX;"
serverzombietime="&env.ZOMBIE_SERVER_TIME;">
<zombie cleansplit="no"
dirtysplit="yes"
maxzombies="100"
serverzombietime="5m">
<alias text="HELPOP" replace="HELP $2-">

1
motd.txt
View File

@ -1 +0,0 @@
-

1
oper.motd.txt
View File

@ -1 +0,0 @@
-

1
services/.env Symbolic link
View File

@ -0,0 +1 @@
config.env

2
services/.gitignore vendored Normal file
View File

@ -0,0 +1,2 @@
include.conf
config.env

58
services/Dockerfile Normal file
View File

@ -0,0 +1,58 @@
FROM ubuntu:latest
ARG BUILD_SERVER_NAME="services.lame-network.local"
RUN apt -y update
RUN apt -y install coreutils perl git automake autoconf build-essential libpcre2-dev rapidjson-dev libcurl4-gnutls-dev libargon2-dev libmaxminddb-dev libldap2-dev rapidjson-dev libmysqlclient-dev libmysqlclient-dev default-libmysqlclient-dev libpq-dev libre2-dev gnutls-dev libsqlite3-dev libmbedtls-dev libqrencode-dev libpcre3-dev libtre-dev pkg-config libwww-perl libidn-dev libpasswdqc-dev libcrack2-dev libperl-dev libsodium-dev cracklib-runtime libcrypt-cracklib-perl sendmail
RUN groupadd atheme
RUN useradd --system --shell /bin/bash atheme -g atheme
WORKDIR /tmp
RUN git clone https://github.com/paigeadelethompson/atheme.git -b inspircd
WORKDIR /tmp/atheme
RUN git submodule update --init --recursive
RUN ./configure --prefix=/usr/local --enable-large-net --enable-contrib --enable-legacy-pwcrypto
RUN make -j$(nproc)
RUN make install
RUN mkdir -p /etc/atheme -p /etc/ssl/atheme -p /var/log/atheme
RUN mv /usr/local/etc /usr/local/etc_old
RUN ln -sf /etc/atheme /usr/local/etc
ADD atheme.conf /etc/atheme
ADD include.default.conf /etc/atheme/include.conf
RUN openssl genrsa -out /etc/ssl/atheme/server.key
RUN openssl req -new -key /etc/ssl/atheme/server.key -out /etc/ssl/atheme/server.csr \
-subj "/C=US/ST=Washington/L=Seattle/O=LameNetwork/OU=IT Department/CN=$BUILD_SERVER_NAME"
RUN openssl x509 -req -days 365 -in /etc/ssl/atheme/server.csr -signkey /etc/ssl/atheme/server.key -out /etc/ssl/atheme/server.crt
RUN chown -R atheme:atheme /etc/atheme /etc/ssl/atheme /var/log/atheme
WORKDIR /
USER atheme
RUN /usr/local/bin/atheme-services -b ; true
VOLUME /etc/atheme
VOLUME /etc/ssl/atheme
VOLUME /var/log/atheme
ENTRYPOINT ["/usr/local/bin/atheme-services", "-p", "/tmp/atheme.pid", "-n", "-d"]

89
services/README.md Normal file
View File

@ -0,0 +1,89 @@
# Instructions
## docker-compose
- Copy `config.env.example` to `config.env` and edit
- Copy `include.default.conf` to `include.conf` and edit
- `docker-compose up -d`
## include.conf
```
serverinfo {
name = "services.netcrave.network";
desc = "IRC Services";
numeric = "00A";
recontime = 10;
netname = "LameNet";
hidehostsuffix = "users.misconfigured";
adminname = "admin";
adminemail = "no-reply@services.netcrave.network";
registeremail = "no-reply@services.netcrave.network";
hidden;
mta = "/usr/sbin/sendmail";
loglevel = { admin; error; info; network; wallops; };
maxcertfp = 0;
maxlogins = 5;
maxusers = 5;
mdlimit = 30;
emaillimit = 10;
emailtime = 300;
auth = none;
casemapping = rfc1459;
};
uplink "irc.netcrave.network" {
host = "127.0.0.1";
port = 7001;
send_password = "changeme";
receive_password = "changeme";
};
operator "admin" {
operclass = "sra";
password = "changeme";
};
general {
permissive_mode;
helpchan = "#help";
helpurl = "https://www.netcrave.network";
verbose_wallops;
join_chans;
leave_chans;
secure;
uflags = { hidemail; };
cflags = { guard; verbose; };
raw;
flood_msgs = 7;
flood_time = 10;
ratelimit_uses = 5;
ratelimit_period = 60;
vhost_change = 30;
kline_time = 7;
kline_with_ident;
kline_verified_ident;
clone_time = 0;
commit_interval = 5;
db_save_blocking;
operstring = "is an IRC Operator";
servicestring = "is a Network Service";
default_clone_allowed = 5;
default_clone_warn = 4;
clone_identified_increase_limit;
uplink_sendq_limit = 1048576;
language = "en";
exempts {
};
allow_taint;
immune_level = immune;
show_entity_id;
load_database_mdeps;
hide_opers;
match_masks_through_vhost;
default_password_length = 16;
};
```

690
services/atheme.conf Normal file
View File

@ -0,0 +1,690 @@
include "/etc/atheme/include.conf";
loadmodule "security/cmdperm";
loadmodule "protocol/inspircd";
loadmodule "protocol/mixin_nohalfops";
loadmodule "protocol/mixin_noholdnick";
loadmodule "protocol/mixin_noprotect";
loadmodule "protocol/mixin_noowner";
loadmodule "backend/opensex";
loadmodule "crypto/argon2";
loadmodule "crypto/scrypt";
loadmodule "crypto/pbkdf2v2";
loadmodule "crypto/bcrypt";
loadmodule "crypto/pbkdf2";
loadmodule "crypto/crypt3-sha2-512";
loadmodule "crypto/crypt3-sha2-256";
loadmodule "crypto/crypt3-md5";
loadmodule "crypto/rawsha2-512";
loadmodule "crypto/rawsha2-256";
loadmodule "crypto/anope-enc-sha256";
loadmodule "crypto/rawsha1";
loadmodule "crypto/rawmd5";
loadmodule "crypto/ircservices";
loadmodule "crypto/crypt3-des";
loadmodule "crypto/base64";
loadmodule "auth/ldap";
loadmodule "nickserv/main";
loadmodule "nickserv/access";
loadmodule "nickserv/badmail";
loadmodule "nickserv/cert";
loadmodule "nickserv/drop";
loadmodule "nickserv/enforce";
loadmodule "nickserv/ghost";
loadmodule "nickserv/group";
loadmodule "nickserv/help";
loadmodule "nickserv/hold";
loadmodule "nickserv/identify";
loadmodule "nickserv/info";
loadmodule "nickserv/info_lastquit";
loadmodule "nickserv/list";
loadmodule "nickserv/listlogins";
loadmodule "nickserv/listmail";
loadmodule "nickserv/listownmail";
loadmodule "nickserv/login";
loadmodule "nickserv/loginnolimit";
loadmodule "nickserv/logout";
loadmodule "nickserv/mark";
loadmodule "nickserv/pwquality";
loadmodule "nickserv/freeze";
loadmodule "nickserv/listchans";
loadmodule "nickserv/listgroups";
loadmodule "nickserv/register";
loadmodule "nickserv/regnolimit";
loadmodule "nickserv/resetpass";
loadmodule "nickserv/restrict";
loadmodule "nickserv/return";
loadmodule "nickserv/setpass";
loadmodule "nickserv/sendpass";
loadmodule "nickserv/sendpass_user";
loadmodule "nickserv/set_accountname";
loadmodule "nickserv/set_badpasswdmsg";
loadmodule "nickserv/set_email";
loadmodule "nickserv/set_emailmemos";
loadmodule "nickserv/set_enforcetime";
loadmodule "nickserv/set_hidemail";
loadmodule "nickserv/set_language";
loadmodule "nickserv/set_nevergroup";
loadmodule "nickserv/set_neverop";
loadmodule "nickserv/set_nogreet";
loadmodule "nickserv/set_nomemo";
loadmodule "nickserv/set_noop";
loadmodule "nickserv/set_nopassword";
loadmodule "nickserv/set_password";
loadmodule "nickserv/set_privmsg";
loadmodule "nickserv/set_private";
loadmodule "nickserv/set_property";
loadmodule "nickserv/set_pubkey";
loadmodule "nickserv/set_quietchg";
loadmodule "nickserv/status";
loadmodule "nickserv/taxonomy";
loadmodule "nickserv/vacation";
loadmodule "nickserv/verify";
loadmodule "nickserv/vhost";
loadmodule "nickserv/waitreg";
loadmodule "chanserv/main";
loadmodule "chanserv/access";
loadmodule "chanserv/akick";
loadmodule "chanserv/ban";
loadmodule "chanserv/unban_self";
loadmodule "chanserv/bansearch";
loadmodule "chanserv/clone";
loadmodule "chanserv/close";
loadmodule "chanserv/clear";
loadmodule "chanserv/clear_akicks";
loadmodule "chanserv/clear_bans";
loadmodule "chanserv/clear_flags";
loadmodule "chanserv/clear_users";
loadmodule "chanserv/count";
loadmodule "chanserv/drop";
loadmodule "chanserv/fflags";
loadmodule "chanserv/flags";
loadmodule "chanserv/ftransfer";
loadmodule "chanserv/getkey";
loadmodule "chanserv/halfop";
loadmodule "chanserv/help";
loadmodule "chanserv/hold";
loadmodule "chanserv/info";
loadmodule "chanserv/invite";
loadmodule "chanserv/kick";
loadmodule "chanserv/list";
loadmodule "chanserv/mark";
loadmodule "chanserv/moderate";
loadmodule "chanserv/op";
loadmodule "chanserv/owner";
loadmodule "chanserv/protect";
loadmodule "chanserv/quiet";
loadmodule "chanserv/recover";
loadmodule "chanserv/register";
loadmodule "chanserv/set_email";
loadmodule "chanserv/set_entrymsg";
loadmodule "chanserv/set_fantasy";
loadmodule "chanserv/set_gameserv";
loadmodule "chanserv/set_guard";
loadmodule "chanserv/set_keeptopic";
loadmodule "chanserv/set_limitflags";
loadmodule "chanserv/set_mlock";
loadmodule "chanserv/set_prefix";
loadmodule "chanserv/set_private";
loadmodule "chanserv/set_property";
loadmodule "chanserv/set_pubacl";
loadmodule "chanserv/set_restricted";
loadmodule "chanserv/set_secure";
loadmodule "chanserv/set_topiclock";
loadmodule "chanserv/set_url";
loadmodule "chanserv/set_verbose";
loadmodule "chanserv/status";
loadmodule "chanserv/sync";
loadmodule "chanserv/successor_acl";
loadmodule "chanserv/taxonomy";
loadmodule "chanserv/template";
loadmodule "chanserv/topic";
loadmodule "chanserv/voice";
loadmodule "chanserv/why";
loadmodule "chanserv/xop";
loadmodule "chanserv/antiflood";
loadmodule "chanfix/main";
loadmodule "operserv/akill";
loadmodule "operserv/clearchan";
loadmodule "operserv/clones";
loadmodule "operserv/compare";
loadmodule "operserv/genhash";
loadmodule "operserv/greplog";
loadmodule "operserv/help";
loadmodule "operserv/identify";
loadmodule "operserv/ignore";
loadmodule "operserv/info";
#loadmodule "operserv/joinrate";
loadmodule "operserv/jupe";
loadmodule "operserv/mode";
loadmodule "operserv/modlist";
loadmodule "operserv/modmanager";
loadmodule "operserv/noop";
loadmodule "operserv/rakill";
loadmodule "operserv/readonly";
loadmodule "operserv/rehash";
loadmodule "operserv/restart";
loadmodule "operserv/rmatch";
loadmodule "operserv/rnc";
loadmodule "operserv/rwatch";
loadmodule "operserv/set";
loadmodule "operserv/sgline";
loadmodule "operserv/shutdown";
loadmodule "operserv/soper";
loadmodule "operserv/specs";
loadmodule "operserv/sqline";
loadmodule "operserv/update";
loadmodule "operserv/uptime";
loadmodule "memoserv/help";
loadmodule "memoserv/send";
loadmodule "memoserv/sendops";
loadmodule "memoserv/sendgroup";
loadmodule "memoserv/list";
loadmodule "memoserv/read";
loadmodule "memoserv/forward";
loadmodule "memoserv/delete";
loadmodule "memoserv/ignore";
loadmodule "global/main";
loadmodule "infoserv/main";
loadmodule "saslserv/authcookie";
loadmodule "saslserv/ecdh-x25519-challenge";
loadmodule "saslserv/ecdsa-nist256p-challenge";
loadmodule "saslserv/external";
loadmodule "saslserv/plain";
loadmodule "saslserv/scram";
loadmodule "gameserv/dice";
loadmodule "gameserv/eightball";
loadmodule "gameserv/gamecalc";
loadmodule "gameserv/help";
loadmodule "gameserv/lottery";
loadmodule "gameserv/namegen";
loadmodule "gameserv/rps";
loadmodule "rpgserv/enable";
loadmodule "rpgserv/help";
loadmodule "rpgserv/info";
loadmodule "rpgserv/list";
loadmodule "rpgserv/search";
loadmodule "rpgserv/set";
loadmodule "botserv/main";
loadmodule "botserv/help";
loadmodule "botserv/info";
loadmodule "botserv/bottalk";
loadmodule "botserv/set_fantasy";
loadmodule "botserv/set_nobot";
loadmodule "botserv/set_private";
loadmodule "botserv/set_saycaller";
loadmodule "hostserv/help";
loadmodule "hostserv/onoff";
loadmodule "hostserv/offer";
loadmodule "hostserv/request";
loadmodule "hostserv/vhost";
loadmodule "hostserv/vhostnick";
loadmodule "hostserv/group";
loadmodule "hostserv/drop";
loadmodule "helpserv/helpme";
loadmodule "helpserv/ticket";
loadmodule "helpserv/services";
loadmodule "alis/main";
loadmodule "statserv/channel";
loadmodule "statserv/netsplit";
loadmodule "statserv/server";
loadmodule "groupserv/main";
loadmodule "groupserv/acsnolimit";
loadmodule "groupserv/drop";
loadmodule "groupserv/fflags";
loadmodule "groupserv/flags";
loadmodule "groupserv/help";
loadmodule "groupserv/info";
loadmodule "groupserv/join";
loadmodule "groupserv/list";
loadmodule "groupserv/listchans";
loadmodule "groupserv/register";
loadmodule "groupserv/regnolimit";
loadmodule "groupserv/invite";
loadmodule "groupserv/set";
loadmodule "groupserv/set_channel";
loadmodule "groupserv/set_description";
loadmodule "groupserv/set_email";
loadmodule "groupserv/set_groupname";
loadmodule "groupserv/set_joinflags";
loadmodule "groupserv/set_open";
loadmodule "groupserv/set_public";
loadmodule "groupserv/set_url";
loadmodule "misc/httpd";
loadmodule "misc/login_throttling";
loadmodule "transport/xmlrpc";
loadmodule "exttarget/oper";
loadmodule "exttarget/registered";
loadmodule "exttarget/channel";
loadmodule "exttarget/chanacs";
loadmodule "exttarget/server";
loadmodule "proxyscan/dnsbl";
crypto {
argon2_type = "argon2id";
argon2_memcost = 16;
argon2_timecost = 3;
argon2_threads = 1;
argon2_saltlen = 16;
argon2_hashlen = 64;
scrypt_memlimit = 14;
scrypt_opslimit = 524288;
pbkdf2v2_digest = "SHA2-512";
pbkdf2v2_rounds = 64000;
pbkdf2v2_saltlen = 32;
scram_mechanisms = "SCRAM-SHA-1,SCRAM-SHA-256,SCRAM-SHA-512";
bcrypt_cost = 7;
crypt3_sha2_256_rounds = 5000;
crypt3_sha2_512_rounds = 5000;
};
nickserv {
nick = "NICKSERV";
user = "NICKSERV";
host = "services/-";
real = "Nickname Services";
aliases {
"ID" = "IDENTIFY";
"MYACCESS" = "LISTCHANS";
};
access {
};
spam;
no_nick_ownership;
maxnicks = 5;
expire = 30;
enforce_expire = 14;
enforce_delay = 30;
enforce_prefix = "G`";
waitreg_time = 0;
cracklib_dict = "/var/cache/cracklib/cracklib_dict";
passwdqc_max = 288;
passwdqc_min_n0 = 20;
passwdqc_min_n1 = 16;
passwdqc_min_n2 = 16;
passwdqc_min_n3 = 12;
passwdqc_min_n4 = 8;
passwdqc_words = 4;
pwquality_warn_only;
show_custom_metadata;
emailexempts {
};
shorthelp = "";
listownmail_canon;
bad_password_message;
};
chanserv {
nick = "CHANSERV";
user = "CHANSERV";
host = "services/-";
real = "Channel Services";
aliases {
};
access {
};
reggroup = "!Services-Team";
maxchans = 5;
fantasy;
hide_xop;
hide_flags_akicks;
hide_pubacl_akicks;
templates {
vop = "+AV";
hop = "+AHehitrv";
aop = "+AOehiortv";
sop = "+AOaefhiorstv";
founder = "+AFORaefhioqrstv";
member = "+Ai";
op = "+AOiortv";
};
deftemplates = "MEMBER=+Ai OP=+AOeiortv";
changets;
trigger = "!";
expire = 30;
maxchanacs = 0;
maxfounders = 4;
founder_flags = "AFORefiorstv";
default_mlock = "+nt";
akick_time = 10;
antiflood_enforce_method = quiet;
show_custom_metadata;
shorthelp = "";
};
chanfix {
nick = "CHANFIX";
user = "CHANFIX";
host = "services/-";
real = "Channel Fixing Service";
aliases {
};
access {
};
autofix;
};
global {
nick = "GLOBAL";
user = "GLOBAL";
host = "services/-";
real = "Network Announcements";
aliases {
};
access {
};
};
infoserv {
nick = "INFOSERV";
user = "INFOSERV";
host = "services/-";
real = "Information Service";
aliases {
};
access {
};
logoninfo_count = 3;
logoninfo_reverse;
logoninfo_show_metadata;
};
operserv {
nick = "OPERSERV";
user = "OPERSERV";
host = "services/-";
real = "Operator Services";
aliases {
};
access {
};
modinspect_use_colors;
};
saslserv {
nick = "SASLSERV";
user = "SASLSERV";
host = "services/-";
real = "SASL Authentication Agent";
hide_server_names;
};
memoserv {
nick = "MEMOSERV";
user = "MEMOSERV";
host = "services/-";
real = "Memo Services";
aliases {
};
access {
};
maxmemos = 30;
};
gameserv {
nick = "GAMESERV";
user = "GAMESERV";
host = "services/-";
real = "Game Services";
aliases {
};
access {
};
};
rpgserv {
nick = "RPGSERV";
user = "RPGSERV";
host = "services/-";
real = "RPG Finding Services";
aliases {
};
access {
};
};
botserv {
nick = "BOTSERV";
user = "BOTSERV";
host = "services/-";
real = "Bot Services";
aliases {
};
access {
};
min_users = 0;
};
groupserv {
nick = "GROYPSERV";
user = "GROYPSERV";
host = "services/-";
real = "Group Management Services";
aliases {
};
access {
};
maxgroups = 5;
maxgroupacs = 100;
enable_open_groups;
join_flags = "+";
};
hostserv {
nick = "HOSTSERV";
user = "HOSTSERV";
host = "services/-";
real = "Host Management Services";
aliases {
"APPROVE" = "ACTIVATE";
"DENY" = "REJECT";
};
access {
};
reggroup = "!Services-Team";
no_subsequent_requests;
request_per_nick;
};
helpserv {
nick = "HELPSERV";
user = "HELPSERV";
host = "services/-";
real = "Help Services";
aliases {
};
access {
};
};
statserv {
nick = "STATSERV";
user = "STATSERV";
host = "services/-";
real = "Statistics Services";
aliases {
};
access {
};
};
alis {
nick = "ALIS";
user = "ALIS";
host = "services/-";
real = "Channel Directory";
aliases {
};
access {
};
maxmatches = 64;
};
proxyscan {
nick = "PROXYSCAN";
user = "PROXYSCAN";
host = "services/-";
real = "Proxyscan Service";
aliases {
};
access {
};
blacklists {
"dnsbl.dronebl.org";
"rbl.efnetrbl.org";
"tor.efnet.org";
};
dnsbl_action = kline;
};
httpd {
host = "0.0.0.0";
host = "::";
www_root = "/var/www";
port = 8080;
};
throttle {
address_burst = 5;
address_replenish = 1;
address_account_burst = 2;
address_account_replenish = 2;
};
logfile "/var/log/atheme/account.log" { register; set; };
logfile "/var/log/atheme/commands.log" { commands; };
logfile "/var/log/atheme/audit.log" { denycmd; };
logfile "#services" { admin; denycmd; error; info; register; request; };
logfile "!snotices" { denycmd; error; info; request; };
operclass "user" { };
operclass "ircop" {
privs {
special:ircop;
};
privs {
user:auspex;
user:admin;
user:sendpass;
user:vhost;
user:mark;
};
privs {
chan:auspex;
chan:admin;
chan:cmodes;
chan:joinstaffonly;
};
privs {
general:auspex;
general:helper;
general:viewprivs;
general:flood;
};
privs {
operserv:omode;
operserv:akill;
operserv:jupe;
operserv:global;
};
privs {
group:auspex;
group:admin;
};
};
operclass "sra" {
extends "ircop";
privs {
user:exceedlimits;
user:hold;
user:regnolimit;
};
privs {
general:metadata;
general:admin;
};
privs {
#operserv:massakill;
#operserv:akill-anymask;
operserv:noop;
operserv:grant;
};
needoper;
};

1
services/config.env.example Normal file
View File

@ -0,0 +1 @@
SERVER_NAME="services.lame-network.local"

22
services/docker-compose.yml Normal file
View File

@ -0,0 +1,22 @@
services:
atheme:
build:
context: .
args:
BUILD_SERVER_NAME: ${SERVER_NAME}
image: atheme
network_mode: "host"
env_file: "config.env"
volumes:
- data:/etc/atheme
- ./include.conf:/etc/atheme/include.conf:ro
- ./atheme.conf:/etc/atheme/atheme.conf:ro
- ssl:/etc/ssl/atheme
- log:/var/log/atheme
volumes:
data:
name: atheme_data
ssl:
name: atheme_ssl
log:
name: atheme_log

76
services/include.default.conf Normal file
View File

@ -0,0 +1,76 @@
serverinfo {
name = "lame-network.local";
desc = "IRC Services";
numeric = "00A";
recontime = 10;
netname = "LameNet";
hidehostsuffix = "users.misconfigured";
adminname = "admin";
adminemail = "no-reply@lame-network.local";
registeremail = "no-reply@lame-network.local";
hidden;
mta = "/usr/sbin/sendmail";
loglevel = { admin; error; info; network; wallops; };
maxcertfp = 0;
maxlogins = 5;
maxusers = 5;
mdlimit = 30;
emaillimit = 10;
emailtime = 300;
auth = none;
casemapping = rfc1459;
};
uplink "irc.lame-network.local" {
host = "127.0.0.1";
port = 7001;
send_password = "changeme";
receive_password = "changeme";
};
operator "admin" {
operclass = "sra";
password = "changeme";
};
general {
permissive_mode;
helpchan = "#help";
helpurl = "https://www.lame-network.local";
verbose_wallops;
join_chans;
leave_chans;
secure;
uflags = { hidemail; };
cflags = { guard; verbose; };
raw;
flood_msgs = 7;
flood_time = 10;
ratelimit_uses = 5;
ratelimit_period = 60;
vhost_change = 30;
kline_time = 7;
kline_with_ident;
kline_verified_ident;
clone_time = 0;
commit_interval = 5;
db_save_blocking;
operstring = "is an IRC Operator";
servicestring = "is a Network Service";
default_clone_allowed = 5;
default_clone_warn = 4;
clone_identified_increase_limit;
uplink_sendq_limit = 1048576;
language = "en";
exempts {
};
allow_taint;
immune_level = immune;
show_entity_id;
load_database_mdeps;
hide_opers;
match_masks_through_vhost;
default_password_length = 16;
};