inspircd/include.conf.example
2024-11-07 01:45:59 +00:00

319 lines
8.6 KiB
Plaintext

<include file="/etc/inspircd/codepages/rfc1459.conf">
#<autoconnect period="8s"
# server="temple.supernets.org">
#<link allowmask="*"
# bind="1.2.3.4"
# hidden="no"
# sslprofile="defaultssl"
# ipaddr="4.2.3.1"
# name="temple.supernets.org"
# port="&env.SERVER_SSL_PORT;"
# recvpass="&env.LINK_RECV_PASSWORD;"
# sendpass="&env.LINK_SEND_PASSWORD;"
# statshidden="no"
# timeout="&env.LINK_TIMEOUT;">
<sslprofile certfile="/etc/inspircd/custom/server.crt"
keyfile="/etc/inspircd/custom/server.key"
cafile="/etc/inspircd/custom/ca.crt"
crlfile="/etc/inspircd/custom/crl.pem"
dhfile="/etc/inspircd/custom/dh.pem"
name="defaultssl"
tlsv11="no"
tlsv12="yes"
tlsv13="yes"
renegotiation="yes"
requestclientcert="yes"
provider="gnutls">
#<sslprofile certfile="/etc/inspircd/custom/server.crt"
# compression="no"
# keyfile="/etc/ssl/inspircd/custom/server.key"
# name="supernets_ssl"
# tlsv11="no"
# tlsv12="yes"
# tlsv13="yes"
# renegotiation="no"
# requestclientcert="no"
# provider="gnutls">
#<badhost host="*@*"
# reason="default hostmask block">
<exception host="*@100.64.0.0/10"
reason="tailscale network">
<exception host="*@127.0.0.1/32"
reason="Local IRC client">
<eventexec command="/bin/true"
event="rehash">
<oper host="*@*"
name="admin"
password="&env.ADMIN_PASSWORD;"
type="NetAdmin">
<showfile endtext="End of uptime"
file="/proc/uptime"
introtext="server uptime:"
name="UPTIME">
<showfile endtext="End of loadavg"
file="/proc/loadavg"
introtext="server loadavg:"
name="LOADAVG">
# from the torrc man page (latest / newer)
# HiddenServiceExportCircuitID protocol
# The onion service will use the given protocol to expose the global circuit identifier
# of each inbound client circuit. The only protocol supported right now 'haproxy'.
# This option is only for v3 services. (Default: none)
#
# Create a hidden service and set HiddenServiceExportCircuitID to 'haproxy' in the
# torrc, then enable this binding:
#
# <bind address="127.0.0.1"
# port="7001"
# hook="haproxy">
# and enable the corresponding connect block:
# <connect commandrate="&env.COMMAND_RATE;"
# fakelag="&env.FAKE_LAG;"
# hardsendq="&env.HARD_SENDQ;"
# maxchans="&env.MAX_CHANS;"
# pingfreq="&env.PING_FREQ;"
# recvq="&env.RECVQ;"
# softsendq="&env.SOFT_SENDQ;"
# threshold="&env.COMMAND_RATE_THRESHOLD;"
# timeout="&env.PARTIAL_CONNECT_TIMEOUT;"
# usecloak="yes"
# useconnflood="&env.USE_CONN_FLOOD;"
# usednsbl="no"
# useident="no"
# resolvehostnames="no"
# useconnectban="no"
# autojoin="#blackhole"
# globalmax="&env.GLOBAL_MAX;"
# localmax="&env.LOCAL_MAX;"
# maxconnwarn="&env.MAX_CONN_WARN;"
# modes="&env.DEFAULT_USER_MODES;"
# name="tor"
# port="7001">
# uncomment this line to masquerade tor users with a cloaked hostmask (uncloaked is
# an fc00::/7 address that corresponds to a Tor circuit ID provided via PROXY
# protocol)
# <cloak method="hmac-sha256"
# suffix="onion"
# class="tor">
# uncomment the following to setup WebIRC
# <gateway type="webirc"
# mask="localhost">
# and enable the corresponding connect block:
# <connect commandrate="&env.COMMAND_RATE;"
# fakelag="&env.FAKE_LAG;"
# hardsendq="&env.HARD_SENDQ;"
# maxchans="&env.MAX_CHANS;"
# pingfreq="&env.PING_FREQ;"
# recvq="&env.RECVQ;"
# softsendq="&env.SOFT_SENDQ;"
# threshold="&env.COMMAND_RATE_THRESHOLD;"
# timeout="&env.PARTIAL_CONNECT_TIMEOUT;"
# usecloak="yes"
# useconnflood="&env.USE_CONN_FLOOD;"
# usednsbl="no"
# useident="no"
# resolvehostnames="no"
# useconnectban="no"
# autojoin="#blackhole"
# globalmax="&env.GLOBAL_MAX;"
# localmax="&env.LOCAL_MAX;"
# maxconnwarn="&env.MAX_CONN_WARN;"
# modes="&env.DEFAULT_USER_MODES;"
# name="webirc"
# webirc="localhost"
# port="7001">
# uncomment this line to masquerade tor users with a cloaked hostmask (uncloaked is
# an fc00::/7 address that corresponds to a Tor circuit ID provided via PROXY
# protocol)
# <cloak method="hmac-sha256"
# suffix="webirc"
# class="webirc">
<bind address="127.0.0.1"
port="8000"
type="httpd">
<bind address="*"
port="&env.SSL_PORT;"
sslprofile="defaultssl"
type="clients">
<bind address="*"
port="&env.PORT;"
type="clients">
<bind address="*"
port="&env.SERVER_SSL_PORT;"
sslprofile="defaultssl"
type="servers">
<admin email="&env.ADMIN_EMAIL;"
name="admin"
nick="admin">
<server description="internet relay chat network"
id="&env.SID;"
name="&env.SERVER_NAME;"
network="&env.NETWORK_NAME;">
<connect commandrate="&env.COMMAND_RATE;"
fakelag="&env.FAKE_LAG;"
hardsendq="&env.HARD_SENDQ;"
maxchans="&env.MAX_CHANS;"
name="all"
pingfreq="&env.PING_FREQ;"
recvq="&env.RECVQ;"
softsendq="&env.SOFT_SENDQ;"
threshold="&env.COMMAND_RATE_THRESHOLD;"
timeout="&env.PARTIAL_CONNECT_TIMEOUT;"
useconnflood="&env.USE_CONN_FLOOD;"
usednsbl="&env.USE_DNSBL;"
useident="&env.USE_IDENT;"
resolvehostnames="&env.RESOLVE_HOST_NAMES;"
useconnectban="&env.USE_CONNECT_BAN;">
<connect allow="*"
autojoin="#blackhole"
globalmax="&env.GLOBAL_MAX;"
localmax="&env.LOCAL_MAX;"
maxconnwarn="&env.MAX_CONN_WARN;"
modes="&env.DEFAULT_USER_MODES;"
name="default"
parent="all"
port="&env.PORT;">
<connect allow="*"
autojoin="#blackhole"
globalmax="&env.GLOBAL_MAX;"
localmax="&env.LOCAL_MAX;"
maxconnwarn="&env.MAX_CONN_WARN;"
modes="&env.SSL_USER_MODES;"
name="ssl"
parent="all"
port="&env.SSL_PORT;">
<connect allow="*"
name="authenticated"
globalmax="&env.GLOBAL_MAX;"
localmax="&env.LOCAL_MAX;"
maxconnwarn="&env.MAX_CONN_WARN;"
modes="&env.SSL_USER_MODES;"
parent="all"
port="&env.SSL_PORT;"
requireaccount="yes">
<operjoin channel="&env.OPER_CHANNEL;"
override="no">
<httpdacl password="&env.HTTP_ACL_PASSWORD;"
path="/*"
types="password"
username="&env.HTTP_ACL_USERNAME;">
<ident prefixunqueried="&env.IDENT_PREFIX_UNQUERIED;"
timeout="&env.IDENT_TIMEOUT;">
<permchannels channel="&env.OPER_CHANNEL;"
modes="npstOP"
topic="party line">
<permchannels channel="&env.SERVICE_CHANNEL;"
modes="npstOP"
topic="Service monitoring">
<permchannels channel="#blackhole"
modes="ntP"
topic="blackhole">
<exemptfromfilter target="&env.OPER_CHANNEL;">
<exemptfromfilter target="&env.SERVICE_CHANNEL;">
<exemptfromfilter target="&env.HELP_CHANNEL;">
<passforward cmd="SQUERY $nickrequired :IDENTIFY $nick $pass"
forwardmsg="NOTICE $nick :*** Forwarding PASS to $nickrequired"
nick="NICKSERV">
#<strictsasl reason="Fix your SASL authentication settings and try again">
#<module name="restrictchans">
#<module name="restrictmsg">
#<allowchannel name="*">
#<restrictchans allowregistered="&env.RESTRICT_CHANS_ALLOW_REGISTERED;">
#<autojoinident chan="#blackhole"
# ident="*">
#<autojoinident chan="#blackhole"
# ident="*">
#<anticaps lowercase="abcdefghijklmnopqrstuvwxyz"
# uppercase="ABCDEFGHIJKLMNOPQRSTUVWXYZ">
#<module name="account">
#<module name="blockhighlight">
#<module name="connectban">
#<module name="connflood">
#<module name="cve_2024_39844">
#<module name="delayuse">
#<module name="discordnick">
#<module name="eventexec">
#<module name="helpmode">
#<module name="ipinfo_io">
#<module name="ircv3_extjwt">
#<module name="ldapauth">
#<module name="messagelength">
#<module name="multiprefix">
#<module name="opmoderated">
#<module name="randomidxlines">
#<module name="randquote">
#<module name="realnameban">
#<module name="solvemsg">
#<module name="sqlauth">
#<module name="sqloper">
#<module name="qrcode">
#<module name="antiknocker">