Started a hidden service conf file for future onion (SASL/TLS only most likely)

2023-06-21 02:53:40 -04:00 · 2023-06-21 02:53:40 -04:00 · 11daf071b8
parent 769ef5b9ab
commit 11daf071b8
3 changed files with 213 additions and 3 deletions
--- a/doc/conf/except.conf
+++ b/doc/conf/except.conf
@ -2,6 +2,7 @@
 except ban {
 	mask {
 		ip { 127.0.0.1; ::1; }
+		#ip { 0.0.0.0; }
 		ip { 37.187.119.203; 51.75.161.177; 135.125.132.246; 151.80.60.156; }
 		ip { 2001:41d0:801:2000::1099; 2001:41d0:302:2200::43c; 2001:41d0:701:1100::5772; }
 	}
--- a/doc/conf/unrealircd.remote.conf
+++ b/doc/conf/unrealircd.remote.conf
@ -139,9 +139,6 @@ set {
 		"REDACTED";
 	}
 	cloak-prefix "SUPER";
-	#tls {
-	#	options { fail-if-no-clientcert; }
-	#}
 	plaintext-policy {
 		user warn;
 		oper deny;
--- a/doc/conf/unrealircd.tor.conf
+++ b/doc/conf/unrealircd.tor.conf
@ -0,0 +1,212 @@
+@define $VOID "8,4   E N T E R   T H E   V O I D   ";
+
+admin {
+	"4Administrator: Brandon Brown      14(aka MRCHATS)  6branbran89@supernets.org";
+	"    4Moderator: Bristopher Manning 14(aka delorean) 6simpsonsfan95@supernets.org";
+	"        4Sales: Branthony Bronson  14(aka pyrex)    6showercaphandgun@supernets.org";
+	"";
+	"Feel free to chat with us in #5000 for network help & support!";
+}
+
+alias botserv { type services; }
+alias bs { target botserv; type services; }
+alias chanserv { type services; }
+alias cs { target chanserv; type services; }
+alias hostserv { type services; }
+alias hs { target hostserv; type services; }
+alias nickserv { type services; }
+alias ns { target nickserv; type services; }
+alias operserv { type services; }
+alias os { target operserv; type services; }
+
+class clients { pingfreq 120; maxclients  100; sendq  1M; options { nofakelag; } }
+class servers { pingfreq 120; maxclients   10; sendq 50M; connfreq 15;           }
+
+allow { mask { ip 0.0.0.0; class clients; maxperip 100; global-maxperip 100; }
+
+listen { ip *; port REDACTED;  options { serversonly; tls; } }
+listen { file "/etc/tor/unrealircd/tor_ircd.socket"; mode 0777; spoof-ip 127.0.0.2; options { tls; } }
+
+#require authentication {
+#	mask { ip 0.0.0.0; }
+#	reason "$VOID";
+#};
+
+deny channel { channel "#help";     reason "This channel has moved to #superbowl"; redirect "#superbowl"; }
+deny channel { channel "#mensa";    reason "This channel has been closed";         redirect "#superbowl"; }
+deny channel { channel "#pumpcoin"; reason "This channel has moved to #exchange";  redirect "#exchange";  }
+
+link irc.supernets.org {
+	incoming { mask REDACTED; }
+	outgoing {
+		bind-ip *;
+		hostname REDACTED;
+		port REDACTED;
+		options { tls; autoconnect; }
+	}
+	password "REDACTED" { spkifp; }
+	class servers;
+}
+
+log {
+	source { error; fatal; warn; }
+	destination { file "ircd.log" { maxsize 5M; } }
+}
+
+log {
+	source { antimixedutf8; antirandom; connthrottle; flood; htm; kill; listen; link; oper; sacmds; }
+	destination { channel "#syslog"; }
+}
+
+tld { mask *@*; motd remote.motd; rules remote.motd; options { remote; } }
+
+ulines { services.supernets.org; }
+
+set {
+	kline-address "enterthevoid@supernets.org"; # replace with onion address
+	gline-address "enterthevoid@supernets.org"; # replace with onion address
+	modes-on-connect "+iIpTx";
+	modes-on-oper "+Hq";
+	snomask-on-oper "+o";
+	modes-on-join "+ns";
+	level-on-join "op";
+	restrict-usermodes "ips";
+	restrict-channelmodes "nLpPs";
+	restrict-commands {
+		channel-message { except { connect-time 15;  identified yes; } }
+		channel-notice  { except { connect-time 60;  identified yes; } }
+		invite          { except { connect-time 300; identified yes; } }
+		join            { except { connect-time 15;  identified yes; } }
+		list            { except { connect-time 30;  identified yes; } }
+		private-message { except { connect-time 300; identified yes; } }
+		private-notice  { except { connect-time 300; identified yes; } }
+	}
+	who-limit 0;
+	nick-length 20;
+	maxchannelsperuser 10;
+	channel-command-prefix "`!@$.";
+	topic-setter nick;
+	ban-setter nick;
+	options { hide-ulines; flat-map; identd-check; }
+	network-name "SuperNETs";
+	default-server "irc.supernets.org";
+	services-server "services.supernets.org";
+	sasl-server "services.supernets.org";
+	help-channel "#superbowl";
+	cloak-method ip;
+	cloak-keys {
+		"REDACTED";
+		"REDACTED";
+		"REDACTED";
+	}
+	cloak-prefix "ONION";
+	#tls {
+	#	options { fail-if-no-clientcert; }
+	#}
+	outdated-tls-policy {
+		user warn;
+		oper deny;
+		server deny;
+		user-message "4WARNING: You are using an outdated TLS protocol or cipher";
+		oper-message "Network operators must be using an up-to-date TLS protocol & cipher";
+	}
+	anti-flood {
+		channel {
+			profile defcon { flood-mode "[10j#R5,500m#M5,10n#N5,10k#K5]:15"; }
+			boot-delay 75;
+			split-delay 75;
+		}
+		everyone {
+			away-flood   3:300;
+			invite-flood 3:300;
+			knock-flood  3:300;
+			handshake-data-flood {
+				amount 4k;
+				ban-action gzline;
+				ban-time 1h;
+			}
+		}
+		known-users {
+			connect-flood 10:300;
+			join-flood    10:300;
+			nick-flood    10:300;
+			max-concurrent-conversations { users 5; new-user-every 60s; }
+			lag-penalty 10; # update?
+			lag-penalty-bytes 0;
+		}
+		unknown-users {
+			connect-flood 3:300;
+			join-flood    3:300;
+			nick-flood    3:300;
+			max-concurrent-conversations { users 2; new-user-every 120s; }
+			lag-penalty 1000;
+			lag-penalty-bytes 90;
+		}
+	}
+	default-bantime 30d;
+	modef-default-unsettime 5;
+	spamfilter {
+		ban-time 30d;
+		ban-reason "$VOID";
+		utf8 yes;
+		except "#anythinggoes";
+	}
+	max-targets-per-command { kick 1; part 1; privmsg 1; }
+	hide-ban-reason yes;
+	reject-message {
+		gline                "$VOID";
+		kline                "$VOID";
+		password-mismatch    "$VOID";
+		server-full          "$VOID";
+		too-many-connections "$VOID";
+		unauthorized         "$VOID";
+	}
+	antimixedutf8 {
+		score 8;
+		ban-action block;
+		ban-reason "$VOID";
+	}
+	connthrottle {
+		except        { reputation-score 100; identified yes; webirc yes; }
+		new-users     { local-throttle 20:60; global-throttle 30:60;      }
+		disabled-when { reputation-gathering 1w; start-delay 3m;          }
+		reason "$VOID";
+	}
+	history {
+		channel {
+			playback-on-join { lines 1000; time 1d; }
+			max-storage-per-channel {
+				registered   { lines 1000; time 1d; } 
+				unregistered { lines 100;  time 1h; } 
+			}
+		}
+	}
+	manual-ban-target ip;
+	hide-idle-time { policy always; }
+	whois-details {
+		channels        { everyone none; self full; oper full; }
+		reputation      { everyone full;                       }
+		server          { everyone none; self full; oper full; }
+		swhois          { everyone full;                       }
+	}
+}
+
+set known-users {
+	auto-join "#superbowl";
+}
+
+set unknown-users {
+	static-quit "EMO-QUIT";
+	static-part "EMO-PART";
+}
+
+hideserver {
+	disable-map yes;
+	disable-links yes;
+	map-deny-message "$VOID";
+	links-deny-message "$VOID";
+}
+
+security-group known-users {
+	identified yes;
+}