<include file="/etc/inspircd/codepages/rfc1459.conf">

<sslprofile certfile="/etc/inspircd/custom/server.crt"
            keyfile="/etc/inspircd/custom/server.key"
            cafile="/etc/inspircd/custom/ca.crt"
            crlfile="/etc/inspircd/custom/crl.pem"
            dhfile="/etc/inspircd/custom/dh.pem"
            name="defaultssl"
            tlsv11="no"
            tlsv12="yes"
            tlsv13="yes"
            renegotiation="yes"
            requestclientcert="yes"
            provider="gnutls">

<exception host="*@100.64.0.0/10"
           reason="tailscale network">

<exception host="*@127.0.0.1/32"
           reason="localhost">

<exception host="*@fc00:dead:beef:4dad::/64"
           reason="Tor ULA addresses (represents circuit ID)">

<eventexec command="/bin/true"
           event="rehash">

<showfile endtext="End of uptime"
          file="/proc/uptime"
          introtext="server uptime:"
          name="UPTIME">

<showfile endtext="End of loadavg"
          file="/proc/loadavg"
          introtext="server loadavg:"
          name="LOADAVG">

<bind address="127.0.0.1"
      port="7001"
      hook="haproxy">

<connect commandrate="&env.COMMAND_RATE;"
         fakelag="&env.FAKE_LAG;"
         allow="127.0.0.1/32"
         hardsendq="&env.HARD_SENDQ;"
         maxchans="&env.MAX_CHANS;"
         pingfreq="&env.PING_FREQ;"
         recvq="&env.RECVQ;"
         softsendq="&env.SOFT_SENDQ;"
         threshold="&env.COMMAND_RATE_THRESHOLD;"
         timeout="&env.PARTIAL_CONNECT_TIMEOUT;"
         usecloak="yes"
         useconnflood="&env.USE_CONN_FLOOD;"
         usednsbl="no"
         useident="no"
         resolvehostnames="no"
         useconnectban="no"
         globalmax="&env.GLOBAL_MAX;"
         localmax="&env.LOCAL_MAX;"
         maxconnwarn="&env.MAX_CONN_WARN;"
         modes="&env.DEFAULT_USER_MODES;"
         name="tor_haproxy_shim"
         port="7001">

<connect commandrate="&env.COMMAND_RATE;"
         fakelag="&env.FAKE_LAG;"
         allow="fc00:dead:beef:4dad::/64"
         hardsendq="&env.HARD_SENDQ;"
         maxchans="&env.MAX_CHANS;"
         pingfreq="&env.PING_FREQ;"
         recvq="&env.RECVQ;"
         softsendq="&env.SOFT_SENDQ;"
         threshold="&env.COMMAND_RATE_THRESHOLD;"
         timeout="&env.PARTIAL_CONNECT_TIMEOUT;"
         usecloak="yes"
         useconnflood="&env.USE_CONN_FLOOD;"
         usednsbl="no"
         useident="no"
         resolvehostnames="no"
         useconnectban="no"
         autojoin="#tor"
         globalmax="&env.GLOBAL_MAX;"
         localmax="&env.LOCAL_MAX;"
         maxconnwarn="&env.MAX_CONN_WARN;"
         modes="&env.DEFAULT_USER_MODES;"
         name="tor"
         port="6668">

<bind address="127.0.0.1"
      port="8000"
      type="httpd">

 <bind address="*"
      port="&env.SSL_PORT;"
      sslprofile="defaultssl"
      type="clients">

<bind address="*"
      port="&env.PORT;"
      type="clients">

<bind address="*"
      port="&env.SERVER_SSL_PORT;"
      sslprofile="defaultssl"
      type="servers">

<admin email="&env.ADMIN_EMAIL;"
       name="admin"
       nick="admin">

<server description="internet relay chat network"
        id="&env.SID;"
        name="&env.SERVER_NAME;"
        network="&env.NETWORK_NAME;">

<connect commandrate="&env.COMMAND_RATE;"
         fakelag="&env.FAKE_LAG;"
         hardsendq="&env.HARD_SENDQ;"
         maxchans="&env.MAX_CHANS;"
         name="all"
         pingfreq="&env.PING_FREQ;"
         recvq="&env.RECVQ;"
         softsendq="&env.SOFT_SENDQ;"
         threshold="&env.COMMAND_RATE_THRESHOLD;"
         timeout="&env.PARTIAL_CONNECT_TIMEOUT;"
         useconnflood="&env.USE_CONN_FLOOD;"
         usednsbl="&env.USE_DNSBL;"
         useident="&env.USE_IDENT;"
         resolvehostnames="&env.RESOLVE_HOST_NAMES;"
         useconnectban="&env.USE_CONNECT_BAN;">

<connect allow="*"
         autojoin="#blackhole"
         globalmax="&env.GLOBAL_MAX;"
         localmax="&env.LOCAL_MAX;"
         maxconnwarn="&env.MAX_CONN_WARN;"
         modes="&env.DEFAULT_USER_MODES;"
         name="default"
         parent="all"
         port="&env.PORT;">

<connect allow="*"
         autojoin="#blackhole"
         globalmax="&env.GLOBAL_MAX;"
         localmax="&env.LOCAL_MAX;"
         maxconnwarn="&env.MAX_CONN_WARN;"
         modes="&env.SSL_USER_MODES;"
         name="ssl"
         parent="all"
         port="&env.SSL_PORT;">

<connect allow="*"
         name="authenticated"
         globalmax="&env.GLOBAL_MAX;"
         localmax="&env.LOCAL_MAX;"
         maxconnwarn="&env.MAX_CONN_WARN;"
         modes="&env.SSL_USER_MODES;"
         parent="all"
         port="&env.SSL_PORT;"
         requireaccount="yes">

<operjoin channel="&env.OPER_CHANNEL;"
          override="no">

<httpdacl password="&env.HTTP_ACL_PASSWORD;"
          path="/*"
          types="password"
          username="&env.HTTP_ACL_USERNAME;">

<ident prefixunqueried="&env.IDENT_PREFIX_UNQUERIED;"
       timeout="&env.IDENT_TIMEOUT;">

<permchannels channel="&env.OPER_CHANNEL;"
              modes="npstOP"
              topic="party line">

<permchannels channel="&env.SERVICE_CHANNEL;"
              modes="npstOP"
              topic="Service monitoring">

<permchannels channel="#blackhole"
              modes="ntP"
              topic="blackhole">

<exemptfromfilter target="&env.OPER_CHANNEL;">

<exemptfromfilter target="&env.SERVICE_CHANNEL;">

<exemptfromfilter target="&env.HELP_CHANNEL;">

<passforward cmd="SQUERY $nickrequired :IDENTIFY $nick $pass"
             forwardmsg="NOTICE $nick :*** Forwarding PASS to $nickrequired"
             nick="NICKSERV">