Non-standard ports opened, re-enabled modules that were disabled, remote conf revamped

2023-06-21 01:52:50 -04:00 · 2023-06-21 01:52:50 -04:00 · f36d862cfd
parent a73cf120b2
commit f36d862cfd
5 changed files with 96 additions and 109 deletions
--- a/doc/conf/modules.conf
+++ b/doc/conf/modules.conf
@ -22,7 +22,7 @@ loadmodule "pass";
 loadmodule "pingpong";
 loadmodule "protoctl";
 loadmodule "quit";
-#loadmodule "rules";
+loadmodule "rules";
 loadmodule "topic";
 loadmodule "user";
 loadmodule "userhost";
@ -84,7 +84,6 @@ loadmodule "creationtime";
 loadmodule "eos";
 loadmodule "md";
 loadmodule "netinfo";
-#loadmodule "require-module";
 loadmodule "server";
 loadmodule "sinfo";
 loadmodule "sjoin";
@ -99,7 +98,7 @@ loadmodule "sendsno";
 loadmodule "sendumode";
 loadmodule "svsjoin";
 loadmodule "svskill";
-#loadmodule "svslogin";
+loadmodule "svslogin";
 loadmodule "svslusers";
 loadmodule "svsmode";
 loadmodule "svsmotd";
@ -149,7 +148,7 @@ loadmodule "chanmodes/topiclimit";     /* +t */

 // User Modes
 loadmodule "usermodes/bot";           /* +B */
-#loadmodule "usermodes/censor";       /* +G */
+loadmodule "usermodes/censor";        /* +G */
 loadmodule "usermodes/noctcp";        /* +T */
 loadmodule "usermodes/nokick";        /* +q */
 loadmodule "usermodes/privacy";       /* +p */
@ -168,11 +167,11 @@ loadmodule "extbans/flood";         /* +e ~flood          */
 loadmodule "extbans/inchannel";     /* +b ~channel        */
 loadmodule "extbans/join";          /* +b ~join           */
 loadmodule "extbans/msgbypass";     /* +e ~msgbypass      */
-#loadmodule "extbans/nickchange";   /* +b ~nickchange     */
+loadmodule "extbans/nickchange";    /* +b ~nickchange     */
 #loadmodule "extbans/operclass";    /* +b ~operclass      */
 #loadmodule "extbans/partmsg";      /* +b ~partmsg        */
 loadmodule "extbans/quiet";         /* +b ~quiet          */
-#loadmodule "extbans/realname";     /* +b ~realname       */
+loadmodule "extbans/realname";      /* +b ~realname       */
 loadmodule "extbans/textban";       /* +b ~text           */
 loadmodule "extbans/timedban";      /* +b ~time           */
 loadmodule "extbans/securitygroup"; /* +b ~security-group */
@ -200,17 +199,17 @@ loadmodule "sts";
 loadmodule "typing-indicator";

 // RPC
-loadmodule "rpc/rpc";
-loadmodule "rpc/stats";
-loadmodule "rpc/user";
-loadmodule "rpc/server";
-loadmodule "rpc/channel";
-loadmodule "rpc/server_ban";
-loadmodule "rpc/server_ban_exception";
-loadmodule "rpc/name_ban";
-loadmodule "rpc/spamfilter";
-loadmodule "rpc/log";
-loadmodule "rpc/whowas";
+#loadmodule "rpc/rpc";
+#loadmodule "rpc/stats";
+#loadmodule "rpc/user";
+#loadmodule "rpc/server";
+#loadmodule "rpc/channel";
+#loadmodule "rpc/server_ban";
+#loadmodule "rpc/server_ban_exception";
+#loadmodule "rpc/name_ban";
+#loadmodule "rpc/spamfilter";
+#loadmodule "rpc/log";
+#loadmodule "rpc/whowas";

 // Other
 loadmodule "antimixedutf8";
--- a/doc/conf/opers.conf
+++ b/doc/conf/opers.conf
@ -1,11 +1,10 @@
 oper acidvegas {
 	auto-login yes;
-	mask { certfp "REDACTED"; };
-	class clients;
+	class local;
+	mask { certfp "REDACTED"; }
+	maxlogins 1;
 	operclass netadmin;
 	require-modes z;
-	maxlogins 1;
-	vhost most.dangerous.motherfuck;
 	swhois "1,1                                 1,5          1,1                                   ";
 	swhois "1,1                                1,5    1,7  1,5  1,7  1,5    1,1                                ";
 	swhois "1,1                              1,5   1,7 1,5 1,7   1,5  1,7     1,5   1,1                      0 1       ";
@ -65,44 +64,49 @@ oper acidvegas {
 	swhois "1,1    1,5     1,7                          1,5    1,1                                       ";
 	swhois "1,1        1,5        1,7               1,5    1,1                                           ";
 	swhois "1,1              1,5                 1,1                                               ";
+	vhost most.dangerous.motherfuck;
 }

 #oper mate {
-#	class clients;
-#	mask localhost;
-#	password "REDACTED" { sslclientcertfp; }
+#	auto-login yes;
+#	class local;
+#	mask { certfp "REDACTED"; }
+#	maxlogins 1;
 #	operclass mate;
 #	require-modes z;
-#	maxlogins 1;
 #	vhost super.nets.link;
 #}

 oper 5000 {
-	class clients;
-	mask localhost;
-	password "REDACTED";
+	auto-login yes;
+	class local;
+	mask { account FUCKYOU; }
+	maxlogins 1;
+	modes BdD;
 	operclass fuckyou;
 	require-modes z;
-	maxlogins 1;
 	vhost 5000;
 }

 oper cancer {
-	class clients;
-	mask localhost;
-	password "REDACTED";
+	auto-login yes;
+	class local;
+	mask { account CANCER; }
+	maxlogins 1;
+	modes BdD;
 	operclass cancer;
 	require-modes z;
-	maxlogins 1;
 	vhost RETTE;
 }

 oper phalanx {
-	class clients;
+	auto-login yes;
+	class local;
 	mask localhost;
-	password 'REDACTED';
-	operclass phalanx;
 	maxlogins 5000;
+	modes BdD;
+	operclass phalanx;
+	password 'REDACTED';
 	vhost R;
 }

--- a/doc/conf/unrealircd.hub.conf
+++ b/doc/conf/unrealircd.hub.conf
@ -22,11 +22,6 @@ log {
 	destination { file "ircd.log" { maxsize 1M; } }
 }

-log {
-	source { antimixedutf8; antirandom; flood; oper; }
-	destination { channel "#services"; }
-}
-
 ulines { services.supernets.org; }

 set {
--- a/doc/conf/unrealircd.link.conf
+++ b/doc/conf/unrealircd.link.conf
@ -11,8 +11,8 @@ listen {
 	port 6697;
 	options { clientsonly; tls; }
 	tls-options {
-		certificate "/etc/letsencrypt/live/irc.supernets.org/fullchain.pem";
-		key         "/etc/letsencrypt/live/irc.supernets.org/privkey.pem";
+		certificate "tls/irc.crt";
+		key         "tls/irc.key";
 	}
 }
 listen {
@ -20,7 +20,7 @@ listen {
 	port 9000;
 	options { clientsonly; tls; }
 	tls-options {
-		certificate "/etc/letsencrypt/live/irc.supernets.org/fullchain.pem";
-		key         "/etc/letsencrypt/live/irc.supernets.org/privkey.pem";
+		certificate "tls/irc.crt";
+		key         "tls/irc.key";
 	}
 }
--- a/doc/conf/unrealircd.remote.conf
+++ b/doc/conf/unrealircd.remote.conf
@ -19,17 +19,24 @@ alias ns { target nickserv; type services; }
 alias operserv { type services; }
 alias os { target operserv; type services; }

-class clients { pingfreq 120; maxclients  100; sendq 1M; options { nofakelag; } }
-class local   { pingfreq 300; maxclients 1000; sendq 5M; options { nofakelag; } }
-class servers { pingfreq 120; maxclients  10;  sendq 1M; connfreq 30;           }
+class clients { pingfreq 120; maxclients  100; sendq  1M; options { nofakelag; } }
+class known   { pingfreq 120; maxclients  250; sendq  5M; options { nofakelag; } }
+class local   { pingfreq 300; maxclients 1000; sendq 10M; options { nofakelag; } }
+class servers { pingfreq 120; maxclients   10; sendq 50M; connfreq 15;           }

-allow { mask *;         class clients; maxperip 2;    global-maxperip 2;    }
-allow { mask 127.0.0.1; class local;   maxperip 1000; global-maxperip 1000; }
+allow { mask *;                              class clients; maxperip 2;    global-maxperip 2; }
+allow { mask { security-group known-users; } class known;   maxperip 3;    global-maxperip 3; }
+allow { mask { 127.0.0.1; ::1;             } class local;   maxperip 1000; global-maxperip 1000; password "simpsonsfan"; }

 listen { ip *; port 6660–6669; options { clientsonly;      } }
 listen { ip *; port 7000;      options { clientsonly;      } }
 listen { ip *; port REDACTED;  options { serversonly; tls; } }

+#require authentication {
+#	mask { ip *; }
+#	reason "$VOID";
+#}
+
 deny channel { channel "#help";     reason "This channel has moved to #superbowl"; redirect "#superbowl"; }
 deny channel { channel "#mensa";    reason "This channel has been closed";         redirect "#superbowl"; }
 deny channel { channel "#pumpcoin"; reason "This channel has moved to #exchange";  redirect "#exchange";  }
@ -52,8 +59,8 @@ log {
 }

 log {
-	source { antimixedutf8; antirandom; flood; oper; }
-	destination { channel "#services"; }        
+	source { antimixedutf8; antirandom; connthrottle; flood; htm; kill; listen; link; oper; sacmds; }
+	destination { channel "#syslog"; }
 }

 tld { mask *@*; motd remote.motd; rules remote.motd; options { remote; } }
@ -105,22 +112,20 @@ set {
 	restrict-channelmodes "nLpPs";
 	restrict-commands {
 		channel-message { except { connect-time 5;   identified yes; reputation-score 100; } }
-		channel-notice  { except { connect-time 30;  identified yes; reputation-score 100; } }
+		channel-notice  { except { connect-time 15;  identified yes; reputation-score 100; } }
 		invite          { except { connect-time 300; identified yes; reputation-score 100; } }
 		join            { except { connect-time 5;   identified yes; reputation-score 100; } }
 		list            { except { connect-time 5;   identified yes; reputation-score 100; } }
 		private-message { except { connect-time 300; identified yes; reputation-score 100; } }
 		private-notice  { except { connect-time 300; identified yes; reputation-score 100; } }
 	}
-	auto-join "#superbowl";
-	oper-auto-join "#services";
-	static-quit "EMO-QUIT";
-	static-part "EMO-PART";
+	oper-auto-join "#syslog";
+	who-limit 0;
 	nick-length 20;
 	maxchannelsperuser 10;
 	channel-command-prefix "`!@$.";
-	ban-setter nick;
 	topic-setter nick;
+	ban-setter nick;
 	options { hide-ulines; flat-map; identd-check; }
 	network-name "SuperNETs";
 	default-server "irc.supernets.org";
@ -134,6 +139,9 @@ set {
 		"REDACTED";
 	}
 	cloak-prefix "SUPER";
+	#tls {
+	#	options { fail-if-no-clientcert; }
+	#}
 	plaintext-policy {
 		user warn;
 		oper deny;
@ -150,49 +158,33 @@ set {
 	}
 	anti-flood {
 		channel {
-			profile defcon { flood-mode "[10j#R5,200m#M5,10n#N5]:15"; }
+			profile defcon { flood-mode "[10j#R5,500m#M5,10n#N5,10k#K5]:15"; }
 			boot-delay 75;
 			split-delay 75;
 		}
 		everyone {
-			connect-flood 3:300;
+			away-flood   3:300;
+			invite-flood 3:300;
+			knock-flood  3:300;
 			handshake-data-flood {
 				amount 4k;
 				ban-action gzline;
 				ban-time 1h;
 			}
-			target-flood {
-				channel-notice  15:5;
-				channel-privmsg 45:5;
-				channel-tagmsg  15:5;
-				private-notice  10:5;
-				private-privmsg 30:5;
-				private-tagmsg  10:5;
-			}
 		}
 		known-users {
-			away-flood   3:300;
-			invite-flood 3:300;
-			join-flood   3:300;
-			knock-flood  3:300;
-			nick-flood   3:300;
-			max-concurrent-conversations {
-				users 5;
-				new-user-every 60s;
-			}
+			connect-flood 10:300;
+			join-flood    10:300;
+			nick-flood    10:300;
+			max-concurrent-conversations { users 5; new-user-every 60s; }
 			lag-penalty 10; # update?
 			lag-penalty-bytes 0;
 		}
 		unknown-users {
-			away-flood   3:300;
-			invite-flood 3:300;
-			join-flood   3:300;
-			knock-flood  3:300;
-			nick-flood   3:300;
-			max-concurrent-conversations {
-				users 3;
-				new-user-every 60s;
-			}
+			connect-flood 3:300;
+			join-flood    3:300;
+			nick-flood    3:300;
+			max-concurrent-conversations { users 2; new-user-every 120s; }
 			lag-penalty 1000;
 			lag-penalty-bytes 90;
 		}
@ -200,8 +192,9 @@ set {
 	default-bantime 30d;
 	modef-default-unsettime 5;
 	spamfilter {
-		ban-time 1d;
+		ban-time 30d;
 		ban-reason "$VOID";
+		utf8 yes;
 		except "#anythinggoes";
 	}
 	max-targets-per-command { kick 1; part 1; privmsg 1; }
@ -220,9 +213,9 @@ set {
 		ban-reason "$VOID";
 	}
 	connthrottle {
-		except        { reputation-score 100;    identified yes; webirc yes; }
-		new-users     { local-throttle 20:60;    global-throttle 30:60;      }
-		disabled-when { reputation-gathering 1w; start-delay 3m;             }
+		except        { reputation-score 100; identified yes; webirc yes; }
+		new-users     { local-throttle 20:60; global-throttle 30:60;      }
+		disabled-when { reputation-gathering 1w; start-delay 3m;          }
 		reason "$VOID";
 	}
 	history {
@ -234,29 +227,25 @@ set {
 			}
 		}
 	}
+	manual-ban-target ip;
 	hide-idle-time { policy always; }
 	whois-details {
-		account         { everyone full;                          }
-		away            { everyone full;                          }
-		basic           { everyone full;                          }
-		bot             { everyone full;                          }
-		certfp          { everyone full;                          }
-		channels        { everyone none;    self full; oper full; }
-		geo             { everyone none;                          }
-		idle            { everyone none;                          }
-		modes           { everyone none;    self full; oper full; }
-		oper            { everyone limited; self full; oper full; }
-		realhost        { everyone none;    self full; oper full; }
-		registered-nick { everyone full;                          }
-		reputation      { everyone full;                          }
-		secure          { everyone limited; self full; oper full; }
-		server          { everyone full;                          }
-		services        { everyone full;                          }
-		shunned         { everyone none;    self none; oper full; }
-		swhois          { everyone full;                          }
+		channels        { everyone none; self full; oper full; }
+		reputation      { everyone full;                       }
+		server          { everyone none; self full; oper full; }
+		swhois          { everyone full;                       }
 	}
 }

+set known-users {
+	auto-join "#superbowl";
+}
+
+set unknown-users {
+	static-quit "EMO-QUIT";
+	static-part "EMO-PART";
+}
+
 hideserver {
 	disable-map yes;
 	disable-links yes;
@ -266,5 +255,5 @@ hideserver {

 security-group known-users {
 	identified yes;
-	reputation-score 100;
+	reputation-score 10000;
 }