supernets/unrealircd
supernets
/
unrealircd
mirror of git://git.acid.vegas/unrealircd.git
4
Fork 0
Code Issues Activity

Non-standard ports opened, re-enabled modules that were disabled, remote conf revamped

This commit is contained in:
Dionysus 2023-06-21 01:52:50 -04:00
parent a73cf120b2
commit f36d862cfd
Signed by: acidvegas
GPG Key ID: EF4B922DB85DC9DE
5 changed files with 96 additions and 109 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

33
doc/conf/modules.conf
View File

@ -22,7 +22,7 @@ loadmodule "pass";
loadmodule "pingpong"; loadmodule "pingpong";
loadmodule "protoctl"; loadmodule "protoctl";
loadmodule "quit"; loadmodule "quit";
#loadmodule "rules"; loadmodule "rules";
loadmodule "topic"; loadmodule "topic";
loadmodule "user"; loadmodule "user";
loadmodule "userhost"; loadmodule "userhost";
@ -84,7 +84,6 @@ loadmodule "creationtime";
loadmodule "eos"; loadmodule "eos";
loadmodule "md"; loadmodule "md";
loadmodule "netinfo"; loadmodule "netinfo";
#loadmodule "require-module";
loadmodule "server"; loadmodule "server";
loadmodule "sinfo"; loadmodule "sinfo";
loadmodule "sjoin"; loadmodule "sjoin";
@ -99,7 +98,7 @@ loadmodule "sendsno";
loadmodule "sendumode"; loadmodule "sendumode";
loadmodule "svsjoin"; loadmodule "svsjoin";
loadmodule "svskill"; loadmodule "svskill";
#loadmodule "svslogin"; loadmodule "svslogin";
loadmodule "svslusers"; loadmodule "svslusers";
loadmodule "svsmode"; loadmodule "svsmode";
loadmodule "svsmotd"; loadmodule "svsmotd";
@ -149,7 +148,7 @@ loadmodule "chanmodes/topiclimit"; /* +t */
// User Modes // User Modes
loadmodule "usermodes/bot"; /* +B */ loadmodule "usermodes/bot"; /* +B */
#loadmodule "usermodes/censor"; /* +G */ loadmodule "usermodes/censor"; /* +G */
loadmodule "usermodes/noctcp"; /* +T */ loadmodule "usermodes/noctcp"; /* +T */
loadmodule "usermodes/nokick"; /* +q */ loadmodule "usermodes/nokick"; /* +q */
loadmodule "usermodes/privacy"; /* +p */ loadmodule "usermodes/privacy"; /* +p */
@ -168,11 +167,11 @@ loadmodule "extbans/flood"; /* +e ~flood */
loadmodule "extbans/inchannel"; /* +b ~channel */ loadmodule "extbans/inchannel"; /* +b ~channel */
loadmodule "extbans/join"; /* +b ~join */ loadmodule "extbans/join"; /* +b ~join */
loadmodule "extbans/msgbypass"; /* +e ~msgbypass */ loadmodule "extbans/msgbypass"; /* +e ~msgbypass */
#loadmodule "extbans/nickchange"; /* +b ~nickchange */ loadmodule "extbans/nickchange"; /* +b ~nickchange */
#loadmodule "extbans/operclass"; /* +b ~operclass */ #loadmodule "extbans/operclass"; /* +b ~operclass */
#loadmodule "extbans/partmsg"; /* +b ~partmsg */ #loadmodule "extbans/partmsg"; /* +b ~partmsg */
loadmodule "extbans/quiet"; /* +b ~quiet */ loadmodule "extbans/quiet"; /* +b ~quiet */
#loadmodule "extbans/realname"; /* +b ~realname */ loadmodule "extbans/realname"; /* +b ~realname */
loadmodule "extbans/textban"; /* +b ~text */ loadmodule "extbans/textban"; /* +b ~text */
loadmodule "extbans/timedban"; /* +b ~time */ loadmodule "extbans/timedban"; /* +b ~time */
loadmodule "extbans/securitygroup"; /* +b ~security-group */ loadmodule "extbans/securitygroup"; /* +b ~security-group */
@ -200,17 +199,17 @@ loadmodule "sts";
loadmodule "typing-indicator"; loadmodule "typing-indicator";
// RPC // RPC
loadmodule "rpc/rpc"; #loadmodule "rpc/rpc";
loadmodule "rpc/stats"; #loadmodule "rpc/stats";
loadmodule "rpc/user"; #loadmodule "rpc/user";
loadmodule "rpc/server"; #loadmodule "rpc/server";
loadmodule "rpc/channel"; #loadmodule "rpc/channel";
loadmodule "rpc/server_ban"; #loadmodule "rpc/server_ban";
loadmodule "rpc/server_ban_exception"; #loadmodule "rpc/server_ban_exception";
loadmodule "rpc/name_ban"; #loadmodule "rpc/name_ban";
loadmodule "rpc/spamfilter"; #loadmodule "rpc/spamfilter";
loadmodule "rpc/log"; #loadmodule "rpc/log";
loadmodule "rpc/whowas"; #loadmodule "rpc/whowas";
// Other // Other
loadmodule "antimixedutf8"; loadmodule "antimixedutf8";

42
doc/conf/opers.conf
View File

@ -1,11 +1,10 @@
oper acidvegas { oper acidvegas {
auto-login yes; auto-login yes;
mask { certfp "REDACTED"; }; class local;
class clients; mask { certfp "REDACTED"; }
maxlogins 1;
operclass netadmin; operclass netadmin;
require-modes z; require-modes z;
maxlogins 1;
vhost most.dangerous.motherfuck;
swhois "1,1 1,5 1,1 "; swhois "1,1 1,5 1,1 ";
swhois "1,1 1,5 1,7 1,5 1,7 1,5 1,1 "; swhois "1,1 1,5 1,7 1,5 1,7 1,5 1,1 ";
swhois "1,1 1,5 1,7 1,5 1,7 1,5 1,7 1,5 1,1 0 1 "; swhois "1,1 1,5 1,7 1,5 1,7 1,5 1,7 1,5 1,1 0 1 ";
@ -65,44 +64,49 @@ oper acidvegas {
swhois "1,1 1,5 1,7 1,5 1,1 "; swhois "1,1 1,5 1,7 1,5 1,1 ";
swhois "1,1 1,5 1,7 1,5 1,1 "; swhois "1,1 1,5 1,7 1,5 1,1 ";
swhois "1,1 1,5 1,1 "; swhois "1,1 1,5 1,1 ";
vhost most.dangerous.motherfuck;
} }
#oper mate { #oper mate {
# class clients; # auto-login yes;
# mask localhost; # class local;
# password "REDACTED" { sslclientcertfp; } # mask { certfp "REDACTED"; }
# maxlogins 1;
# operclass mate; # operclass mate;
# require-modes z; # require-modes z;
# maxlogins 1;
# vhost super.nets.link; # vhost super.nets.link;
#} #}
oper 5000 { oper 5000 {
class clients; auto-login yes;
mask localhost; class local;
password "REDACTED"; mask { account FUCKYOU; }
maxlogins 1;
modes BdD;
operclass fuckyou; operclass fuckyou;
require-modes z; require-modes z;
maxlogins 1;
vhost 5000; vhost 5000;
} }
oper cancer { oper cancer {
class clients; auto-login yes;
mask localhost; class local;
password "REDACTED"; mask { account CANCER; }
maxlogins 1;
modes BdD;
operclass cancer; operclass cancer;
require-modes z; require-modes z;
maxlogins 1;
vhost RETTE; vhost RETTE;
} }
oper phalanx { oper phalanx {
class clients; auto-login yes;
class local;
mask localhost; mask localhost;
password 'REDACTED';
operclass phalanx;
maxlogins 5000; maxlogins 5000;
modes BdD;
operclass phalanx;
password 'REDACTED';
vhost R; vhost R;
} }

5
doc/conf/unrealircd.hub.conf
View File

@ -22,11 +22,6 @@ log {
destination { file "ircd.log" { maxsize 1M; } } destination { file "ircd.log" { maxsize 1M; } }
} }
log {
source { antimixedutf8; antirandom; flood; oper; }
destination { channel "#services"; }
}
ulines { services.supernets.org; } ulines { services.supernets.org; }
set { set {

8
doc/conf/unrealircd.link.conf
View File

@ -11,8 +11,8 @@ listen {
port 6697; port 6697;
options { clientsonly; tls; } options { clientsonly; tls; }
tls-options { tls-options {
certificate "/etc/letsencrypt/live/irc.supernets.org/fullchain.pem"; certificate "tls/irc.crt";
key "/etc/letsencrypt/live/irc.supernets.org/privkey.pem"; key "tls/irc.key";
} }
} }
listen { listen {
@ -20,7 +20,7 @@ listen {
port 9000; port 9000;
options { clientsonly; tls; } options { clientsonly; tls; }
tls-options { tls-options {
certificate "/etc/letsencrypt/live/irc.supernets.org/fullchain.pem"; certificate "tls/irc.crt";
key "/etc/letsencrypt/live/irc.supernets.org/privkey.pem"; key "tls/irc.key";
} }
} }

117
doc/conf/unrealircd.remote.conf
View File

@ -19,17 +19,24 @@ alias ns { target nickserv; type services; }
alias operserv { type services; } alias operserv { type services; }
alias os { target operserv; type services; } alias os { target operserv; type services; }
class clients { pingfreq 120; maxclients 100; sendq 1M; options { nofakelag; } } class clients { pingfreq 120; maxclients 100; sendq 1M; options { nofakelag; } }
class local { pingfreq 300; maxclients 1000; sendq 5M; options { nofakelag; } } class known { pingfreq 120; maxclients 250; sendq 5M; options { nofakelag; } }
class servers { pingfreq 120; maxclients 10; sendq 1M; connfreq 30; } class local { pingfreq 300; maxclients 1000; sendq 10M; options { nofakelag; } }
class servers { pingfreq 120; maxclients 10; sendq 50M; connfreq 15; }
allow { mask *; class clients; maxperip 2; global-maxperip 2; } allow { mask *; class clients; maxperip 2; global-maxperip 2; }
allow { mask 127.0.0.1; class local; maxperip 1000; global-maxperip 1000; } allow { mask { security-group known-users; } class known; maxperip 3; global-maxperip 3; }
allow { mask { 127.0.0.1; ::1; } class local; maxperip 1000; global-maxperip 1000; password "simpsonsfan"; }
listen { ip *; port 66606669; options { clientsonly; } } listen { ip *; port 66606669; options { clientsonly; } }
listen { ip *; port 7000; options { clientsonly; } } listen { ip *; port 7000; options { clientsonly; } }
listen { ip *; port REDACTED; options { serversonly; tls; } } listen { ip *; port REDACTED; options { serversonly; tls; } }
#require authentication {
# mask { ip *; }
# reason "$VOID";
#}
deny channel { channel "#help"; reason "This channel has moved to #superbowl"; redirect "#superbowl"; } deny channel { channel "#help"; reason "This channel has moved to #superbowl"; redirect "#superbowl"; }
deny channel { channel "#mensa"; reason "This channel has been closed"; redirect "#superbowl"; } deny channel { channel "#mensa"; reason "This channel has been closed"; redirect "#superbowl"; }
deny channel { channel "#pumpcoin"; reason "This channel has moved to #exchange"; redirect "#exchange"; } deny channel { channel "#pumpcoin"; reason "This channel has moved to #exchange"; redirect "#exchange"; }
@ -52,8 +59,8 @@ log {
} }
log { log {
source { antimixedutf8; antirandom; flood; oper; } source { antimixedutf8; antirandom; connthrottle; flood; htm; kill; listen; link; oper; sacmds; }
destination { channel "#services"; } destination { channel "#syslog"; }
} }
tld { mask *@*; motd remote.motd; rules remote.motd; options { remote; } } tld { mask *@*; motd remote.motd; rules remote.motd; options { remote; } }
@ -105,22 +112,20 @@ set {
restrict-channelmodes "nLpPs"; restrict-channelmodes "nLpPs";
restrict-commands { restrict-commands {
channel-message { except { connect-time 5; identified yes; reputation-score 100; } } channel-message { except { connect-time 5; identified yes; reputation-score 100; } }
channel-notice { except { connect-time 30; identified yes; reputation-score 100; } } channel-notice { except { connect-time 15; identified yes; reputation-score 100; } }
invite { except { connect-time 300; identified yes; reputation-score 100; } } invite { except { connect-time 300; identified yes; reputation-score 100; } }
join { except { connect-time 5; identified yes; reputation-score 100; } } join { except { connect-time 5; identified yes; reputation-score 100; } }
list { except { connect-time 5; identified yes; reputation-score 100; } } list { except { connect-time 5; identified yes; reputation-score 100; } }
private-message { except { connect-time 300; identified yes; reputation-score 100; } } private-message { except { connect-time 300; identified yes; reputation-score 100; } }
private-notice { except { connect-time 300; identified yes; reputation-score 100; } } private-notice { except { connect-time 300; identified yes; reputation-score 100; } }
} }
auto-join "#superbowl"; oper-auto-join "#syslog";
oper-auto-join "#services"; who-limit 0;
static-quit "EMO-QUIT";
static-part "EMO-PART";
nick-length 20; nick-length 20;
maxchannelsperuser 10; maxchannelsperuser 10;
channel-command-prefix "`!@$."; channel-command-prefix "`!@$.";
ban-setter nick;
topic-setter nick; topic-setter nick;
ban-setter nick;
options { hide-ulines; flat-map; identd-check; } options { hide-ulines; flat-map; identd-check; }
network-name "SuperNETs"; network-name "SuperNETs";
default-server "irc.supernets.org"; default-server "irc.supernets.org";
@ -134,6 +139,9 @@ set {
"REDACTED"; "REDACTED";
} }
cloak-prefix "SUPER"; cloak-prefix "SUPER";
#tls {
# options { fail-if-no-clientcert; }
#}
plaintext-policy { plaintext-policy {
user warn; user warn;
oper deny; oper deny;
@ -150,49 +158,33 @@ set {
} }
anti-flood { anti-flood {
channel { channel {
profile defcon { flood-mode "[10j#R5,200m#M5,10n#N5]:15"; } profile defcon { flood-mode "[10j#R5,500m#M5,10n#N5,10k#K5]:15"; }
boot-delay 75; boot-delay 75;
split-delay 75; split-delay 75;
} }
everyone { everyone {
connect-flood 3:300; away-flood 3:300;
invite-flood 3:300;
knock-flood 3:300;
handshake-data-flood { handshake-data-flood {
amount 4k; amount 4k;
ban-action gzline; ban-action gzline;
ban-time 1h; ban-time 1h;
} }
target-flood {
channel-notice 15:5;
channel-privmsg 45:5;
channel-tagmsg 15:5;
private-notice 10:5;
private-privmsg 30:5;
private-tagmsg 10:5;
}
} }
known-users { known-users {
away-flood 3:300; connect-flood 10:300;
invite-flood 3:300; join-flood 10:300;
join-flood 3:300; nick-flood 10:300;
knock-flood 3:300; max-concurrent-conversations { users 5; new-user-every 60s; }
nick-flood 3:300;
max-concurrent-conversations {
users 5;
new-user-every 60s;
}
lag-penalty 10; # update? lag-penalty 10; # update?
lag-penalty-bytes 0; lag-penalty-bytes 0;
} }
unknown-users { unknown-users {
away-flood 3:300; connect-flood 3:300;
invite-flood 3:300; join-flood 3:300;
join-flood 3:300; nick-flood 3:300;
knock-flood 3:300; max-concurrent-conversations { users 2; new-user-every 120s; }
nick-flood 3:300;
max-concurrent-conversations {
users 3;
new-user-every 60s;
}
lag-penalty 1000; lag-penalty 1000;
lag-penalty-bytes 90; lag-penalty-bytes 90;
} }
@ -200,8 +192,9 @@ set {
default-bantime 30d; default-bantime 30d;
modef-default-unsettime 5; modef-default-unsettime 5;
spamfilter { spamfilter {
ban-time 1d; ban-time 30d;
ban-reason "$VOID"; ban-reason "$VOID";
utf8 yes;
except "#anythinggoes"; except "#anythinggoes";
} }
max-targets-per-command { kick 1; part 1; privmsg 1; } max-targets-per-command { kick 1; part 1; privmsg 1; }
@ -220,9 +213,9 @@ set {
ban-reason "$VOID"; ban-reason "$VOID";
} }
connthrottle { connthrottle {
except { reputation-score 100; identified yes; webirc yes; } except { reputation-score 100; identified yes; webirc yes; }
new-users { local-throttle 20:60; global-throttle 30:60; } new-users { local-throttle 20:60; global-throttle 30:60; }
disabled-when { reputation-gathering 1w; start-delay 3m; } disabled-when { reputation-gathering 1w; start-delay 3m; }
reason "$VOID"; reason "$VOID";
} }
history { history {
@ -234,29 +227,25 @@ set {
} }
} }
} }
manual-ban-target ip;
hide-idle-time { policy always; } hide-idle-time { policy always; }
whois-details { whois-details {
account { everyone full; } channels { everyone none; self full; oper full; }
away { everyone full; } reputation { everyone full; }
basic { everyone full; } server { everyone none; self full; oper full; }
bot { everyone full; } swhois { everyone full; }
certfp { everyone full; }
channels { everyone none; self full; oper full; }
geo { everyone none; }
idle { everyone none; }
modes { everyone none; self full; oper full; }
oper { everyone limited; self full; oper full; }
realhost { everyone none; self full; oper full; }
registered-nick { everyone full; }
reputation { everyone full; }
secure { everyone limited; self full; oper full; }
server { everyone full; }
services { everyone full; }
shunned { everyone none; self none; oper full; }
swhois { everyone full; }
} }
} }
set known-users {
auto-join "#superbowl";
}
set unknown-users {
static-quit "EMO-QUIT";
static-part "EMO-PART";
}
hideserver { hideserver {
disable-map yes; disable-map yes;
disable-links yes; disable-links yes;
@ -266,5 +255,5 @@ hideserver {
security-group known-users { security-group known-users {
identified yes; identified yes;
reputation-score 100; reputation-score 10000;
} }