4
mirror of git://git.acid.vegas/unrealircd.git synced 2024-11-14 12:06:41 +00:00

Started a hidden service conf file for future onion (SASL/TLS only most likely)

This commit is contained in:
Dionysus 2023-06-21 02:53:40 -04:00
parent 769ef5b9ab
commit 11daf071b8
Signed by: acidvegas
GPG Key ID: EF4B922DB85DC9DE
3 changed files with 213 additions and 3 deletions

View File

@ -2,6 +2,7 @@
except ban {
mask {
ip { 127.0.0.1; ::1; }
#ip { 0.0.0.0; }
ip { 37.187.119.203; 51.75.161.177; 135.125.132.246; 151.80.60.156; }
ip { 2001:41d0:801:2000::1099; 2001:41d0:302:2200::43c; 2001:41d0:701:1100::5772; }
}

View File

@ -139,9 +139,6 @@ set {
"REDACTED";
}
cloak-prefix "SUPER";
#tls {
# options { fail-if-no-clientcert; }
#}
plaintext-policy {
user warn;
oper deny;

View File

@ -0,0 +1,212 @@
@define $VOID "8,4 E N T E R T H E V O I D ";
admin {
"4Administrator: Brandon Brown 14(aka MRCHATS) 6branbran89@supernets.org";
" 4Moderator: Bristopher Manning 14(aka delorean) 6simpsonsfan95@supernets.org";
" 4Sales: Branthony Bronson 14(aka pyrex) 6showercaphandgun@supernets.org";
"";
"Feel free to chat with us in #5000 for network help & support!";
}
alias botserv { type services; }
alias bs { target botserv; type services; }
alias chanserv { type services; }
alias cs { target chanserv; type services; }
alias hostserv { type services; }
alias hs { target hostserv; type services; }
alias nickserv { type services; }
alias ns { target nickserv; type services; }
alias operserv { type services; }
alias os { target operserv; type services; }
class clients { pingfreq 120; maxclients 100; sendq 1M; options { nofakelag; } }
class servers { pingfreq 120; maxclients 10; sendq 50M; connfreq 15; }
allow { mask { ip 0.0.0.0; class clients; maxperip 100; global-maxperip 100; }
listen { ip *; port REDACTED; options { serversonly; tls; } }
listen { file "/etc/tor/unrealircd/tor_ircd.socket"; mode 0777; spoof-ip 127.0.0.2; options { tls; } }
#require authentication {
# mask { ip 0.0.0.0; }
# reason "$VOID";
#};
deny channel { channel "#help"; reason "This channel has moved to #superbowl"; redirect "#superbowl"; }
deny channel { channel "#mensa"; reason "This channel has been closed"; redirect "#superbowl"; }
deny channel { channel "#pumpcoin"; reason "This channel has moved to #exchange"; redirect "#exchange"; }
link irc.supernets.org {
incoming { mask REDACTED; }
outgoing {
bind-ip *;
hostname REDACTED;
port REDACTED;
options { tls; autoconnect; }
}
password "REDACTED" { spkifp; }
class servers;
}
log {
source { error; fatal; warn; }
destination { file "ircd.log" { maxsize 5M; } }
}
log {
source { antimixedutf8; antirandom; connthrottle; flood; htm; kill; listen; link; oper; sacmds; }
destination { channel "#syslog"; }
}
tld { mask *@*; motd remote.motd; rules remote.motd; options { remote; } }
ulines { services.supernets.org; }
set {
kline-address "enterthevoid@supernets.org"; # replace with onion address
gline-address "enterthevoid@supernets.org"; # replace with onion address
modes-on-connect "+iIpTx";
modes-on-oper "+Hq";
snomask-on-oper "+o";
modes-on-join "+ns";
level-on-join "op";
restrict-usermodes "ips";
restrict-channelmodes "nLpPs";
restrict-commands {
channel-message { except { connect-time 15; identified yes; } }
channel-notice { except { connect-time 60; identified yes; } }
invite { except { connect-time 300; identified yes; } }
join { except { connect-time 15; identified yes; } }
list { except { connect-time 30; identified yes; } }
private-message { except { connect-time 300; identified yes; } }
private-notice { except { connect-time 300; identified yes; } }
}
who-limit 0;
nick-length 20;
maxchannelsperuser 10;
channel-command-prefix "`!@$.";
topic-setter nick;
ban-setter nick;
options { hide-ulines; flat-map; identd-check; }
network-name "SuperNETs";
default-server "irc.supernets.org";
services-server "services.supernets.org";
sasl-server "services.supernets.org";
help-channel "#superbowl";
cloak-method ip;
cloak-keys {
"REDACTED";
"REDACTED";
"REDACTED";
}
cloak-prefix "ONION";
#tls {
# options { fail-if-no-clientcert; }
#}
outdated-tls-policy {
user warn;
oper deny;
server deny;
user-message "4WARNING: You are using an outdated TLS protocol or cipher";
oper-message "Network operators must be using an up-to-date TLS protocol & cipher";
}
anti-flood {
channel {
profile defcon { flood-mode "[10j#R5,500m#M5,10n#N5,10k#K5]:15"; }
boot-delay 75;
split-delay 75;
}
everyone {
away-flood 3:300;
invite-flood 3:300;
knock-flood 3:300;
handshake-data-flood {
amount 4k;
ban-action gzline;
ban-time 1h;
}
}
known-users {
connect-flood 10:300;
join-flood 10:300;
nick-flood 10:300;
max-concurrent-conversations { users 5; new-user-every 60s; }
lag-penalty 10; # update?
lag-penalty-bytes 0;
}
unknown-users {
connect-flood 3:300;
join-flood 3:300;
nick-flood 3:300;
max-concurrent-conversations { users 2; new-user-every 120s; }
lag-penalty 1000;
lag-penalty-bytes 90;
}
}
default-bantime 30d;
modef-default-unsettime 5;
spamfilter {
ban-time 30d;
ban-reason "$VOID";
utf8 yes;
except "#anythinggoes";
}
max-targets-per-command { kick 1; part 1; privmsg 1; }
hide-ban-reason yes;
reject-message {
gline "$VOID";
kline "$VOID";
password-mismatch "$VOID";
server-full "$VOID";
too-many-connections "$VOID";
unauthorized "$VOID";
}
antimixedutf8 {
score 8;
ban-action block;
ban-reason "$VOID";
}
connthrottle {
except { reputation-score 100; identified yes; webirc yes; }
new-users { local-throttle 20:60; global-throttle 30:60; }
disabled-when { reputation-gathering 1w; start-delay 3m; }
reason "$VOID";
}
history {
channel {
playback-on-join { lines 1000; time 1d; }
max-storage-per-channel {
registered { lines 1000; time 1d; }
unregistered { lines 100; time 1h; }
}
}
}
manual-ban-target ip;
hide-idle-time { policy always; }
whois-details {
channels { everyone none; self full; oper full; }
reputation { everyone full; }
server { everyone none; self full; oper full; }
swhois { everyone full; }
}
}
set known-users {
auto-join "#superbowl";
}
set unknown-users {
static-quit "EMO-QUIT";
static-part "EMO-PART";
}
hideserver {
disable-map yes;
disable-links yes;
map-deny-message "$VOID";
links-deny-message "$VOID";
}
security-group known-users {
identified yes;
}