diff --git a/doc/conf/except.conf b/doc/conf/except.conf index d174de8..d6e891a 100644 --- a/doc/conf/except.conf +++ b/doc/conf/except.conf @@ -2,6 +2,7 @@ except ban { mask { ip { 127.0.0.1; ::1; } + #ip { 0.0.0.0; } ip { 37.187.119.203; 51.75.161.177; 135.125.132.246; 151.80.60.156; } ip { 2001:41d0:801:2000::1099; 2001:41d0:302:2200::43c; 2001:41d0:701:1100::5772; } } diff --git a/doc/conf/unrealircd.remote.conf b/doc/conf/unrealircd.remote.conf index 331021c..5a18e21 100644 --- a/doc/conf/unrealircd.remote.conf +++ b/doc/conf/unrealircd.remote.conf @@ -139,9 +139,6 @@ set { "REDACTED"; } cloak-prefix "SUPER"; - #tls { - # options { fail-if-no-clientcert; } - #} plaintext-policy { user warn; oper deny; diff --git a/doc/conf/unrealircd.tor.conf b/doc/conf/unrealircd.tor.conf new file mode 100644 index 0000000..911365f --- /dev/null +++ b/doc/conf/unrealircd.tor.conf @@ -0,0 +1,212 @@ +@define $VOID "8,4 E N T E R T H E V O I D "; + +admin { + "4Administrator: Brandon Brown 14(aka MRCHATS) 6branbran89@supernets.org"; + " 4Moderator: Bristopher Manning 14(aka delorean) 6simpsonsfan95@supernets.org"; + " 4Sales: Branthony Bronson 14(aka pyrex) 6showercaphandgun@supernets.org"; + ""; + "Feel free to chat with us in #5000 for network help & support!"; +} + +alias botserv { type services; } +alias bs { target botserv; type services; } +alias chanserv { type services; } +alias cs { target chanserv; type services; } +alias hostserv { type services; } +alias hs { target hostserv; type services; } +alias nickserv { type services; } +alias ns { target nickserv; type services; } +alias operserv { type services; } +alias os { target operserv; type services; } + +class clients { pingfreq 120; maxclients 100; sendq 1M; options { nofakelag; } } +class servers { pingfreq 120; maxclients 10; sendq 50M; connfreq 15; } + +allow { mask { ip 0.0.0.0; class clients; maxperip 100; global-maxperip 100; } + +listen { ip *; port REDACTED; options { serversonly; tls; } } +listen { file "/etc/tor/unrealircd/tor_ircd.socket"; mode 0777; spoof-ip 127.0.0.2; options { tls; } } + +#require authentication { +# mask { ip 0.0.0.0; } +# reason "$VOID"; +#}; + +deny channel { channel "#help"; reason "This channel has moved to #superbowl"; redirect "#superbowl"; } +deny channel { channel "#mensa"; reason "This channel has been closed"; redirect "#superbowl"; } +deny channel { channel "#pumpcoin"; reason "This channel has moved to #exchange"; redirect "#exchange"; } + +link irc.supernets.org { + incoming { mask REDACTED; } + outgoing { + bind-ip *; + hostname REDACTED; + port REDACTED; + options { tls; autoconnect; } + } + password "REDACTED" { spkifp; } + class servers; +} + +log { + source { error; fatal; warn; } + destination { file "ircd.log" { maxsize 5M; } } +} + +log { + source { antimixedutf8; antirandom; connthrottle; flood; htm; kill; listen; link; oper; sacmds; } + destination { channel "#syslog"; } +} + +tld { mask *@*; motd remote.motd; rules remote.motd; options { remote; } } + +ulines { services.supernets.org; } + +set { + kline-address "enterthevoid@supernets.org"; # replace with onion address + gline-address "enterthevoid@supernets.org"; # replace with onion address + modes-on-connect "+iIpTx"; + modes-on-oper "+Hq"; + snomask-on-oper "+o"; + modes-on-join "+ns"; + level-on-join "op"; + restrict-usermodes "ips"; + restrict-channelmodes "nLpPs"; + restrict-commands { + channel-message { except { connect-time 15; identified yes; } } + channel-notice { except { connect-time 60; identified yes; } } + invite { except { connect-time 300; identified yes; } } + join { except { connect-time 15; identified yes; } } + list { except { connect-time 30; identified yes; } } + private-message { except { connect-time 300; identified yes; } } + private-notice { except { connect-time 300; identified yes; } } + } + who-limit 0; + nick-length 20; + maxchannelsperuser 10; + channel-command-prefix "`!@$."; + topic-setter nick; + ban-setter nick; + options { hide-ulines; flat-map; identd-check; } + network-name "SuperNETs"; + default-server "irc.supernets.org"; + services-server "services.supernets.org"; + sasl-server "services.supernets.org"; + help-channel "#superbowl"; + cloak-method ip; + cloak-keys { + "REDACTED"; + "REDACTED"; + "REDACTED"; + } + cloak-prefix "ONION"; + #tls { + # options { fail-if-no-clientcert; } + #} + outdated-tls-policy { + user warn; + oper deny; + server deny; + user-message "4WARNING: You are using an outdated TLS protocol or cipher"; + oper-message "Network operators must be using an up-to-date TLS protocol & cipher"; + } + anti-flood { + channel { + profile defcon { flood-mode "[10j#R5,500m#M5,10n#N5,10k#K5]:15"; } + boot-delay 75; + split-delay 75; + } + everyone { + away-flood 3:300; + invite-flood 3:300; + knock-flood 3:300; + handshake-data-flood { + amount 4k; + ban-action gzline; + ban-time 1h; + } + } + known-users { + connect-flood 10:300; + join-flood 10:300; + nick-flood 10:300; + max-concurrent-conversations { users 5; new-user-every 60s; } + lag-penalty 10; # update? + lag-penalty-bytes 0; + } + unknown-users { + connect-flood 3:300; + join-flood 3:300; + nick-flood 3:300; + max-concurrent-conversations { users 2; new-user-every 120s; } + lag-penalty 1000; + lag-penalty-bytes 90; + } + } + default-bantime 30d; + modef-default-unsettime 5; + spamfilter { + ban-time 30d; + ban-reason "$VOID"; + utf8 yes; + except "#anythinggoes"; + } + max-targets-per-command { kick 1; part 1; privmsg 1; } + hide-ban-reason yes; + reject-message { + gline "$VOID"; + kline "$VOID"; + password-mismatch "$VOID"; + server-full "$VOID"; + too-many-connections "$VOID"; + unauthorized "$VOID"; + } + antimixedutf8 { + score 8; + ban-action block; + ban-reason "$VOID"; + } + connthrottle { + except { reputation-score 100; identified yes; webirc yes; } + new-users { local-throttle 20:60; global-throttle 30:60; } + disabled-when { reputation-gathering 1w; start-delay 3m; } + reason "$VOID"; + } + history { + channel { + playback-on-join { lines 1000; time 1d; } + max-storage-per-channel { + registered { lines 1000; time 1d; } + unregistered { lines 100; time 1h; } + } + } + } + manual-ban-target ip; + hide-idle-time { policy always; } + whois-details { + channels { everyone none; self full; oper full; } + reputation { everyone full; } + server { everyone none; self full; oper full; } + swhois { everyone full; } + } +} + +set known-users { + auto-join "#superbowl"; +} + +set unknown-users { + static-quit "EMO-QUIT"; + static-part "EMO-PART"; +} + +hideserver { + disable-map yes; + disable-links yes; + map-deny-message "$VOID"; + links-deny-message "$VOID"; +} + +security-group known-users { + identified yes; +} \ No newline at end of file