1 |
# Example module configuration file for Services. After making the |
2 |
# appropriate changes to this file, place it in the Services data directory |
3 |
# (as specified in the "configure" script, default /usr/local/lib/ircservices) |
4 |
# with the name "modules.conf". |
5 |
|
6 |
########################################################################### |
7 |
# |
8 |
# Protocol module settings |
9 |
# |
10 |
########################################################################### |
11 |
|
12 |
# Enter the protocol name here, then uncomment the appropriate directives. |
13 |
|
14 |
Module protocol/(insert protocol name here) |
15 |
|
16 |
# NetworkDomain domain [RECOMMENDED] |
17 |
# Protocols: bahamut, dalnet, dreamforge, monkey, ptlink, rfc1459, |
18 |
# trircd, ts8, undernet-p9 |
19 |
# |
20 |
# Specifies the common domain, if any, shared by all servers on |
21 |
# your IRC network; this is required for global notices to function |
22 |
# properly. Make sure you do not include a "." before the domain |
23 |
# name. If you do not specify this, some or all users may not |
24 |
# receive global notices. |
25 |
|
26 |
#NetworkDomain "example.net" |
27 |
|
28 |
# ServerNumeric <numeric> [RECOMMENDED] |
29 |
# Protocols: unreal |
30 |
# |
31 |
# Makes Services send a numeric to the remote server on connect. |
32 |
# This must be a value between 1 and 254, and must not be in use by |
33 |
# any other IRC server on the network. If you do not want to use a |
34 |
# numeric for Services, comment the directive out. |
35 |
|
36 |
#ServerNumeric 1 |
37 |
|
38 |
# SetServerTimes [<time>] [RECOMMENDED] |
39 |
# Protocols: unreal |
40 |
# |
41 |
# Causes Services to synchronize all servers' internal clocks with |
42 |
# its own; this can help avoid potential problems with users |
43 |
# improperly gaining chanops, particularly during netsplits. If a |
44 |
# time parameter is given, Services will repeatedly synchronize the |
45 |
# servers clocks at that interval, otherwise synchronization will |
46 |
# only be performed at startup. |
47 |
|
48 |
#SetServerTimes |
49 |
#SetServerTimes 12h |
50 |
|
51 |
# CSSetChannelTime [OPTIONAL] |
52 |
# Protocols: bahamut, monkey, trircd, unreal |
53 |
# |
54 |
# When enabled, causes Services to set the "creation time" (the |
55 |
# time at which the first user joined the channel) of a registered |
56 |
# channel to the time at which the channel was registered. This |
57 |
# can help prevent spurious mode changes and "op hacking" when a |
58 |
# split server reconnects to the network. When using Unreal, |
59 |
# however, the first user to join the channel when it is empty gets |
60 |
# set -o and +o in quick succession due to limitations of the IRC |
61 |
# server; if this bothers you, do not enable this option. Also, some |
62 |
# servers (such as Bahamut) generate server notices each time a |
63 |
# channel's timestamp is changed, which can be safely ignored. |
64 |
|
65 |
#CSSetChannelTime |
66 |
|
67 |
EndModule |
68 |
|
69 |
########################################################################### |
70 |
# |
71 |
# Database module configuration |
72 |
# |
73 |
########################################################################### |
74 |
|
75 |
Module database/standard |
76 |
|
77 |
# This module has no configurable settings. |
78 |
|
79 |
EndModule |
80 |
|
81 |
Module database/version4 |
82 |
|
83 |
# NickServDB <name> [REQUIRED] |
84 |
# Specifies the filename used for the registered nickname databases. |
85 |
|
86 |
NickServDB "nick.db" |
87 |
|
88 |
# ChanServDB <name> [REQUIRED] |
89 |
# Specifies the filename used for the registered channel databases. |
90 |
|
91 |
ChanServDB "chan.db" |
92 |
|
93 |
# OperServDB <name> [REQUIRED] |
94 |
# Specifies the filename used for the OperServ database. |
95 |
|
96 |
OperServDB "oper.db" |
97 |
|
98 |
# NewsDB <name> [REQUIRED] |
99 |
# Specifies the filename used for the news database. |
100 |
|
101 |
NewsDB "news.db" |
102 |
|
103 |
# AutokillDB <name> [REQUIRED] |
104 |
# Specifies the filename used for the autokill and autokill |
105 |
# exclusion databases. |
106 |
|
107 |
AutokillDB "akill.db" |
108 |
|
109 |
# ExceptionDB <name> [REQUIRED] |
110 |
# Specifies the filename used for the session exception database. |
111 |
|
112 |
ExceptionDB "exception.db" |
113 |
|
114 |
# SlineDB <name> [REQUIRED] |
115 |
# Specifies the filename used for the SGline, SQline, and SZline |
116 |
# databases. |
117 |
|
118 |
SlineDB "sline.db" |
119 |
|
120 |
# StatServDB <name> [REQUIRED] |
121 |
# Specifies the filename used for the StatServ server statistics |
122 |
# database. |
123 |
|
124 |
StatServDB "stats.db" |
125 |
|
126 |
EndModule |
127 |
|
128 |
########################################################################### |
129 |
# |
130 |
# Encryption module configuration |
131 |
# |
132 |
########################################################################### |
133 |
|
134 |
# No encryption modules have any configurable settings. |
135 |
|
136 |
########################################################################### |
137 |
# |
138 |
# Encryption module configuration |
139 |
# |
140 |
########################################################################### |
141 |
|
142 |
Module encryption/md5 |
143 |
|
144 |
# EnableAnopeWorkaround [OPTIONAL] |
145 |
# Enables a workaround for encrypted passwords imported from the |
146 |
# Anope or Epona programs, which have a bug (inherited from an old |
147 |
# version of Services) causing passwords to be incorrectly |
148 |
# encrypted. |
149 |
# |
150 |
# WARNING: Enabling this option may reduce the security of |
151 |
# encrypted passwords! If you need this option for importing an |
152 |
# Anope or Epona database, it is recommended that you enable this |
153 |
# only long enough to ensure that all users have used SET PASSWORD |
154 |
# to reset their passwords (possibly to the same password). |
155 |
|
156 |
#EnableAnopeWorkaround |
157 |
|
158 |
EndModule |
159 |
|
160 |
########################################################################### |
161 |
# |
162 |
# Mail module configuration |
163 |
# |
164 |
########################################################################### |
165 |
|
166 |
Module mail/main |
167 |
|
168 |
# FromAddress <email> [REQUIRED] |
169 |
# Specifies the E-mail address to be used on outgoing mail. Make |
170 |
# sure you enter the correct address here before uncommenting the |
171 |
# directive. |
172 |
|
173 |
#FromAddress services@example.net |
174 |
|
175 |
# FromName <name> [OPTIONAL] |
176 |
# Specifies the "real name" to be used on outgoing mail. Make sure |
177 |
# to include quotes if this is a multi-word string. |
178 |
|
179 |
#FromName "ExampleNet Services" |
180 |
|
181 |
# MaxMessages <count> [RECOMMENDED] |
182 |
# Specifies the maximum number of messages that are permitted to be |
183 |
# in transit simultaneously. Attempts to send messages above this |
184 |
# limit will be rejected with a "no resources" error. If not |
185 |
# given, no limit is enforced. |
186 |
|
187 |
MaxMessages 100 |
188 |
|
189 |
# SendTimeout <time> [RECOMMENDED] |
190 |
# Specifies the amount of time Services will wait before aborting a |
191 |
# mail message in the process of being sent. If not specified, |
192 |
# message sends will not time out. |
193 |
|
194 |
SendTimeout 1m |
195 |
|
196 |
EndModule |
197 |
|
198 |
################################ Sendmail-based low-level module |
199 |
|
200 |
Module mail/sendmail |
201 |
|
202 |
# SendmailPath <path> [REQUIRED] |
203 |
# Specifies the full path to the "sendmail" program to be used to |
204 |
# send mail. This program must accept a command-line option "-t" |
205 |
# to extract recipient addresses from a mail message given on |
206 |
# standard input (the standard "sendmail" program does this). |
207 |
# The program will be executed with the same environment as |
208 |
# Services itself is run with. |
209 |
|
210 |
SendmailPath /usr/lib/sendmail |
211 |
|
212 |
EndModule |
213 |
|
214 |
################################ SMTP-based low-level module |
215 |
|
216 |
Module mail/smtp |
217 |
|
218 |
# RelayHost <hostname> [REQUIRED] |
219 |
# Specifies the host to which all mail will be sent, e.g. your |
220 |
# local mail server. This directive may be given multiple times to |
221 |
# specify backup servers; the servers will be tried in the order |
222 |
# listed. |
223 |
|
224 |
#RelayHost mail.example.net |
225 |
|
226 |
# SMTPName <hostname> [REQUIRED] |
227 |
# Specifies the hostname Services will use in the HELO command to |
228 |
# the remote server. Normally, this should be set to the same as |
229 |
# the hostname of the machine Services runs on. |
230 |
|
231 |
#SMTPName services.example.net |
232 |
|
233 |
EndModule |
234 |
|
235 |
########################################################################### |
236 |
# |
237 |
# OperServ configuration |
238 |
# |
239 |
########################################################################### |
240 |
|
241 |
Module operserv/main |
242 |
|
243 |
# OperServName <nick> <string> [REQUIRED] |
244 |
# Specifies the nickname (first parameter) and "real" name (second |
245 |
# parameter) used by the OperServ pseudoclient. |
246 |
|
247 |
OperServName "OperServ" "Operator Server" |
248 |
|
249 |
# GlobalName <nick> <string> [REQUIRED] |
250 |
# Specifies the nickname (first parameter) and "real" name (second |
251 |
# parameter) used by the global-noticer pseudoclient. This client |
252 |
# is used to send messages from the OperServ GLOBAL command and |
253 |
# news messages. |
254 |
|
255 |
GlobalName "Global" "Global Noticer" |
256 |
|
257 |
# ServicesRoot <nick> [REQUIRED] |
258 |
# Specifies the Services "super-user". The super-user, or "root" as |
259 |
# in Unix terminology, is the only user who can add or delete |
260 |
# Services admins. |
261 |
# |
262 |
# This is commented out by default; make sure you insert the correct |
263 |
# nick before uncommenting it. |
264 |
|
265 |
#ServicesRoot SuperUser |
266 |
|
267 |
# KillClonesAutokill <expiry-time> [RECOMMENDED] |
268 |
# Causes Services to add an autokill for hosts killed using the |
269 |
# KILLCLONES command, to prevent the clients from immediately |
270 |
# reconnecting. The expiry-time parameter sets the expiry time for |
271 |
# the autokill. |
272 |
# |
273 |
# If the autokill module (operserv/akill) is not loaded, this |
274 |
# directive has no effect. |
275 |
|
276 |
KillClonesAutokill 30m |
277 |
|
278 |
# AllowRaw [DISCOURAGED] |
279 |
# Enables use of the OperServ RAW command. This command can be |
280 |
# used for testing IRC server features and other limited uses, but |
281 |
# can also wreak havoc on a network if used improperly; use with |
282 |
# extreme caution. |
283 |
|
284 |
#AllowRaw |
285 |
|
286 |
# WallOper [OPTIONAL] |
287 |
# Causes Services to send a WALLOPS/GLOBOPS when a user becomes an |
288 |
# IRC operator. Note that this can cause WALLOPS floods when |
289 |
# Services first connects to the network. |
290 |
|
291 |
#WallOper |
292 |
|
293 |
# WallBadOS [OPTIONAL] |
294 |
# Causes Services to send a WALLOPS/GLOBOPS if a non-IRC-operator |
295 |
# tries to use OperServ. |
296 |
|
297 |
#WallBadOS |
298 |
|
299 |
# WallOSChannel [OPTIONAL] |
300 |
# Cause Services to send a WALLOPS/GLOBOPS on use of any of the |
301 |
# MODE, KICK, CLEARMODES, and CLEARCHAN commands. |
302 |
|
303 |
#WallOSChannel |
304 |
|
305 |
# WallSU [OPTIONAL] |
306 |
# Causes Services to send a WALLOPS/GLOBOPS whenever a Services |
307 |
# admin successfully obtains Services super-user privileges with |
308 |
# the SU command. Note that Services will always send a |
309 |
# WALLOPS/GLOBOPS when an incorrect password is given to the SU |
310 |
# command or a user without Services admin privileges attempts to |
311 |
# use the SU command. |
312 |
|
313 |
WallSU |
314 |
|
315 |
EndModule |
316 |
|
317 |
################################ Autokill module settings |
318 |
|
319 |
Module operserv/akill |
320 |
|
321 |
# AutokillReason <reason> [REQUIRED] |
322 |
# The reason to use when sending out KILLs for autokills and with |
323 |
# the actual AKILL/GLINE commands. Some servers show this reason |
324 |
# to users if their connection is rejected because they match an |
325 |
# autokill. If you include a "%s" in the reason, it will be |
326 |
# replaced by the reason given with the autokill itself. |
327 |
|
328 |
AutokillReason "You are banned from this network" |
329 |
#AutokillReason "Autokilled: %s" |
330 |
|
331 |
# AutokillExpiry <time> [RECOMMENDED] |
332 |
# Sets the default expiry time for autokills. If not defined, |
333 |
# autokills will not expire by default. |
334 |
|
335 |
AutokillExpiry 30d |
336 |
|
337 |
# AkillChanExpiry <time> [REQUIRED] |
338 |
# Sets the default expiry time for autokills added by an AKILLCHAN |
339 |
# command. |
340 |
|
341 |
AkillChanExpiry 7d |
342 |
|
343 |
# OperMaxExpiry <time> [OPTIONAL] |
344 |
# Sets the maximum expiry time usable by Services operators. If |
345 |
# not defined, Services operators can set any expiry time, just as |
346 |
# Services administrators can. If this is set to a value lower |
347 |
# than AutokillExpiry or AkillChanExpiry, autokills entered without |
348 |
# an expiry time will use this setting instead of the relevant |
349 |
# default. |
350 |
|
351 |
#OperMaxExpiry 7d |
352 |
|
353 |
# EnableExclude [OPTIONAL] |
354 |
# Causes autokill exclusions to be usable. If not given, the |
355 |
# EXCLUDE command will be unavailable, and any autokill |
356 |
# exclusions previously added will be ignored. |
357 |
# |
358 |
# NOTICE: On IRC servers without autokill exclusion functionality |
359 |
# (such as that in trircd version 5), this will cause autokills to |
360 |
# not be sent to the server; instead, Services will issue a KILL |
361 |
# for each user that matches an autokill and does not match any |
362 |
# autokill exclusions. This is necessary to allow Services to |
363 |
# apply exclusions to users before they are disconnected. |
364 |
|
365 |
#EnableExclude |
366 |
|
367 |
# ExcludeReason <reason> [REQUIRED if EnableExclude set] |
368 |
# The reason to use when sending out EXCLUDE commands on servers |
369 |
# which support them. If you include a "%s" in the reason, it will |
370 |
# be replaced by the reason given with the exclusion itself. |
371 |
|
372 |
ExcludeReason "IRC operator host" |
373 |
#ExcludeReason "Excluded from autokills: %s" |
374 |
|
375 |
# ExcludeExpiry <time> [OPTIONAL] |
376 |
# Sets the default expiry time for autokill exclusions. If not |
377 |
# defined, autokill exclusions will not expire by default. |
378 |
|
379 |
ExcludeExpiry 30d |
380 |
|
381 |
# ImmediatelySendAutokill [OPTIONAL] |
382 |
# Causes OperServ to inform all servers of a new autokill the |
383 |
# moment it is added, rather than waiting for someone to match it |
384 |
# first. (Note that autokill exclusions are always sent to the |
385 |
# server immediately; this is to avoid an autokill being triggered |
386 |
# by a non-excluded match before the exclusion has been sent, |
387 |
# resulting in the excluded users being autokilled as well.) |
388 |
|
389 |
#ImmediatelySendAutokill |
390 |
|
391 |
# WallOSAkill [OPTIONAL] |
392 |
# Cause Services to send a WALLOPS/GLOBOPS on use of the AKILL or |
393 |
# EXCLUDE command to add or delete autokills or exclusions. |
394 |
|
395 |
#WallOSAkill |
396 |
|
397 |
# WallAutokillExpire [OPTIONAL] |
398 |
# Causes Services to send a WALLOPS/GLOBOPS whenever an autokill |
399 |
# or autokill exclusion expires. |
400 |
|
401 |
#WallAutokillExpire |
402 |
|
403 |
EndModule |
404 |
|
405 |
################################ News module settings |
406 |
|
407 |
Module operserv/news |
408 |
|
409 |
# This module has no configurable settings. |
410 |
|
411 |
EndModule |
412 |
|
413 |
################################ Sessions module settings |
414 |
|
415 |
Module operserv/sessions |
416 |
|
417 |
# DefSessionLimit <limit> [RECOMMENDED] |
418 |
# Default session limit per host. Once a host reaches its session |
419 |
# limit, all clients attempting to connect from that host will be |
420 |
# killed. A value of zero (or omitting the option entirely) means |
421 |
# an unlimited session limit. |
422 |
|
423 |
DefSessionLimit 3 |
424 |
|
425 |
# MaxSessionLimit <limit> [OPTIONAL] |
426 |
# The maximum session limit that may be set for a host in an |
427 |
# exception. |
428 |
|
429 |
MaxSessionLimit 100 |
430 |
|
431 |
# ExceptionExpiry <time> [RECOMMENDED] |
432 |
# Sets the default expiry time for exceptions. If not set, |
433 |
# exceptions will not expire by default. |
434 |
|
435 |
ExceptionExpiry 1d |
436 |
|
437 |
# SessionLimitExceeded <message> [OPTIONAL] |
438 |
# The message that will be NOTICE'd to a user just before they are |
439 |
# removed from the network because their host's session limit has |
440 |
# been exceeded. It may be used to give a slightly more |
441 |
# descriptive reason for the impending kill as opposed to simply |
442 |
# "Session limit exceeded". If this is commented out, nothing will |
443 |
# be sent. |
444 |
|
445 |
SessionLimitExceeded "The session limit for your host %s has been exceeded." |
446 |
|
447 |
# SessionLimitDetailsLoc <message> [OPTIONAL] |
448 |
# Same as above, but should be used to provide a website address |
449 |
# where users can find out more about session limits and how to go |
450 |
# about applying for an exception. If this is commented out, |
451 |
# nothing will be sent. |
452 |
# |
453 |
# This option has been intentionally commented out in an effort to |
454 |
# remind you to change the URL it contains. It is recommended that |
455 |
# you supply an address/URL where people can get help regarding |
456 |
# session limits. |
457 |
|
458 |
#SessionLimitDetailsLoc "Please visit http://your.website.url/ for more information about session limits." |
459 |
|
460 |
# SessionLimitAutokill <max-kill-interval> <num-kills> <expiry> <reason> [OPTIONAL] |
461 |
# With this option, Services will add an automatic autokill when |
462 |
# the same host's session limit is exceeded repeatedly in a short |
463 |
# period of time. If not given, autokills will not be |
464 |
# automatically added (Services will just keep killing users from |
465 |
# the host as they come on). Note that the autokill module |
466 |
# (operserv/akill) must be loaded for this to work. |
467 |
# |
468 |
# <max-kill-interval> sets the maximum interval which can elapse |
469 |
# between kills before the kill counter is reset. |
470 |
# |
471 |
# <num-kills> sets the number of kills before an autokill is added. |
472 |
# |
473 |
# <expiry> sets the expiration time for the autokill. |
474 |
# |
475 |
# <reason> sets the reason for the autokill. |
476 |
|
477 |
#SessionLimitAutokill 10s 5 30m "Exceeding session limit" |
478 |
|
479 |
# WallOSException [OPTIONAL] |
480 |
# Cause Services to send a WALLOPS/GLOBOPS on use of the EXCEPTION |
481 |
# command to add or delete a session exception. |
482 |
|
483 |
#WallOSException |
484 |
|
485 |
# WallExceptionExpire [OPTIONAL] |
486 |
# Causes Services to send a WALLOPS/GLOBOPS whenever a session |
487 |
# limit exception expires. |
488 |
|
489 |
#WallExceptionExpire |
490 |
|
491 |
EndModule |
492 |
|
493 |
################################ S-line module settings |
494 |
|
495 |
Module operserv/sline |
496 |
|
497 |
# SGlineReason <reason> [REQUIRED] |
498 |
# The reason to use when sending out KILLs and SGLINE commands. |
499 |
# Some servers show this reason to users if their connection is |
500 |
# rejected because they match an SGline. If you include a "%s" |
501 |
# in the reason, it will be replaced by the reason given with the |
502 |
# SGline entry itself. |
503 |
|
504 |
SGlineReason "Invalid real name" |
505 |
#SGlineReason "Invalid real name: %s" |
506 |
|
507 |
# SQlineReason <reason> [REQUIRED] |
508 |
# The reason to use when sending out KILLs and SQLINE commands. |
509 |
# Some servers show this reason to users if their connection is |
510 |
# rejected because they match an SQline. If you include a "%s" |
511 |
# in the reason, it will be replaced by the reason given with the |
512 |
# SQline entry itself. |
513 |
|
514 |
SQlineReason "Reserved nickname" |
515 |
#SQlineReason "Reserved nickname: %s" |
516 |
|
517 |
# SZlineReason <reason> [REQUIRED] |
518 |
# The reason to use when sending out KILLs and SZLINE commands. |
519 |
# Some servers show this reason to users if their connection is |
520 |
# rejected because they match an SZline. If you include a "%s" |
521 |
# in the reason, it will be replaced by the reason given with the |
522 |
# SZline entry itself. |
523 |
|
524 |
SZlineReason "You are banned from this network" |
525 |
#SZlineReason "Z-lined: %s" |
526 |
|
527 |
# ImmediatelySendSline [OPTIONAL] |
528 |
# Causes OperServ to inform all servers of a new S-line the moment |
529 |
# it is added, rather than waiting for someone to match it first. |
530 |
|
531 |
#ImmediatelySendSline |
532 |
|
533 |
# SGlineExpiry <time> [OPTIONAL] |
534 |
# Sets the default expiry time for SGlines. If not defined, |
535 |
# SGlines of that type will not expire by default. |
536 |
|
537 |
#SGlineExpiry 30d |
538 |
|
539 |
# SQlineExpiry <time> [OPTIONAL] |
540 |
# Sets the default expiry time for SQlines. If not defined, |
541 |
# SQlines of that type will not expire by default. |
542 |
|
543 |
#SQlineExpiry 30d |
544 |
|
545 |
# SZlineExpiry <time> [OPTIONAL] |
546 |
# Sets the default expiry time for SZlines. If not defined, |
547 |
# SZlines of that type will not expire by default. |
548 |
|
549 |
SZlineExpiry 30d |
550 |
|
551 |
# WallOSSline [OPTIONAL] |
552 |
# Cause Services to send a WALLOPS/GLOBOPS on use of the SGLINE, |
553 |
# SQLINE, or SZLINE commands to add or delete S-lines. |
554 |
|
555 |
#WallOSSline |
556 |
|
557 |
# WallSlineExpire [OPTIONAL] |
558 |
# Causes Services to send a WALLOPS/GLOBOPS whenever an autokill |
559 |
# expires. |
560 |
|
561 |
#WallSlineExpire |
562 |
|
563 |
# SQlineIgnoreOpers [OPTIONAL] |
564 |
# Allows IRC operators to use nicknames that match an SQline. |
565 |
# (Note that this may not function properly if the IRC server does |
566 |
# not allow IRC operators to use such nicknames.) |
567 |
|
568 |
SQlineIgnoreOpers |
569 |
|
570 |
# SQlineKill [OPTIONAL] |
571 |
# Normally, users whose nickname matches an SQline will have their |
572 |
# nickname changed (on servers which support forced nickname |
573 |
# changing) instead of being killed. Setting this option causes |
574 |
# such users to be killed even on such servers, which may be |
575 |
# helpful for dealing with clone attacks. |
576 |
# |
577 |
# Note that if this option is set, Services will not send SQlines |
578 |
# to the IRC network; if it did, the IRC servers would step in and |
579 |
# send the user an "invalid nickname" message before Services had a |
580 |
# chance to kill the user. |
581 |
|
582 |
#SQlineKill |
583 |
|
584 |
EndModule |
585 |
|
586 |
########################################################################### |
587 |
# |
588 |
# NickServ configuration |
589 |
# |
590 |
########################################################################### |
591 |
|
592 |
Module nickserv/main |
593 |
|
594 |
# NickServName <nick> <string> [REQUIRED] |
595 |
# Specifies the nickname (first parameter) and "real" name (second |
596 |
# parameter) used by the NickServ pseudoclient. |
597 |
|
598 |
NickServName "NickServ" "Nickname Server" |
599 |
|
600 |
# NSEnableRegister [OPTIONAL] |
601 |
# Allows the REGISTER command to be used. This is usually a good |
602 |
# thing, but if you don't want your users to be able to register |
603 |
# nicknames, remove (or comment out) this directive. Note that you |
604 |
# will need to at least enable this to register the Services |
605 |
# super-user nick (defined in the operserv/main ServicesRoot |
606 |
# directive), or you will not be able to use any privileged |
607 |
# OperServ functions! |
608 |
|
609 |
NSEnableRegister |
610 |
|
611 |
# NSRegEmailMax <count> [OPTIONAL] |
612 |
# Sets the maximum number of nicknames that can be registered to a |
613 |
# single E-mail address; this affects both ordinary registration as |
614 |
# well as changing the address using SET EMAIL, and also nickname |
615 |
# linking (if the appropriate module is loaded). If not given, |
616 |
# there is no limit. |
617 |
# |
618 |
# This option is most useful in combination with NSRequireEmail, |
619 |
# below. |
620 |
|
621 |
#NSRegEmailMax 20 |
622 |
|
623 |
# NSRequireEmail [OPTIONAL] |
624 |
# Makes an E-mail address required at registration time. Users |
625 |
# also will not be able to clear the address once registered, |
626 |
# though they can change it. If not set, an E-mail address is not |
627 |
# required (but may still be given), and the address may be cleared |
628 |
# later on. |
629 |
|
630 |
NSRequireEmail |
631 |
|
632 |
# NSRegDenyIfSuspended [OPTIONAL] |
633 |
# Disallows the use of REGISTER if the E-mail address given with |
634 |
# the command is associated with a suspended nickname. This can |
635 |
# help prevent users from getting around nickname suspensions by |
636 |
# registering a new nickname. |
637 |
|
638 |
NSRegDenyIfSuspended |
639 |
|
640 |
# NSRegDelay <time> [RECOMMENDED] |
641 |
# Sets the minimum length of time between consecutive uses of the |
642 |
# REGISTER command. If not given, this restriction is disabled. |
643 |
# |
644 |
# WARNING: Not setting NSRegDelay, or setting it too low, will not |
645 |
# only allow "registration flooding" but, if the mail-auth |
646 |
# module is also loaded, will also allow users to abuse |
647 |
# this command to send large quantities of mail (mailbombs) |
648 |
# to arbitrary users! |
649 |
|
650 |
NSRegDelay 5m |
651 |
|
652 |
# NSInitialRegDelay <time> [OPTIONAL] |
653 |
# Sets the minimum length of time the user must be connected before |
654 |
# using the REGISTER command for the first time. If not given, |
655 |
# this restriction is disabled. This option can be helpful in |
656 |
# preventing malicious bots from flooding your network with |
657 |
# registrations. |
658 |
|
659 |
#NSInitialRegDelay 30s |
660 |
|
661 |
# NSSetEmailDelay <time> [RECOMMENDED] |
662 |
# Sets the minimum length of time between consecutive uses of the |
663 |
# SET EMAIL command. If not given, this restriction is disabled. |
664 |
# |
665 |
# WARNING: If you use the mail-auth module, then not setting |
666 |
# NSSetEmailDelay, or setting it too low, will allow users |
667 |
# to abuse this command to send large quantities of mail |
668 |
# (mailbombs) to arbitrary users! |
669 |
|
670 |
NSSetEmailDelay 5m |
671 |
|
672 |
# NSDef... [OPTIONAL] |
673 |
# Sets the default options for newly registered nicks. Note that |
674 |
# changing these options will have no effect on nicks which are |
675 |
# already registered. Options not listed here will be unset on new |
676 |
# nicks. |
677 |
# |
678 |
# If both NSDefKill and NSDefKillQuick are given, NSDefKillQuick |
679 |
# takes precedence. KILL IMMED cannot be specified as a default. |
680 |
|
681 |
#NSDefKill |
682 |
#NSDefKillQuick |
683 |
NSDefSecure |
684 |
#NSDefPrivate |
685 |
#NSDefNoOp |
686 |
NSDefHideEmail |
687 |
NSDefHideUsermask |
688 |
#NSDefHideQuit |
689 |
NSDefMemoSignon |
690 |
NSDefMemoReceive |
691 |
|
692 |
# NSExpire <time> [RECOMMENDED] |
693 |
# Sets the length of time before a nick registration expires. If |
694 |
# not set, nicknames will not expire. |
695 |
|
696 |
NSExpire 30d |
697 |
|
698 |
# NSExpireWarning <time> [OPTIONAL] |
699 |
# Sets the length of time before nick expiration during which |
700 |
# warnings are sent to the user when the user is online (and not |
701 |
# identified). If not set, no warnings will be sent; however, a |
702 |
# message will still be sent when the nickname actually expires. |
703 |
|
704 |
NSExpireWarning 3d |
705 |
|
706 |
# NSSuspendExpire <time> <grace-period> [RECOMMENDED] |
707 |
# Sets the default expiry time and recovery grace period for |
708 |
# nickname suspensions. (The expiry time can be set individually |
709 |
# for each suspension; the grace period cannot.) |
710 |
# |
711 |
# The recovery grace period is the length of time a nick must exist |
712 |
# for, after being unsuspended, before it is allowed to expire. |
713 |
# This gives the owner a chance to reclaim the nick. It is |
714 |
# enforced, if necessary, by adjusting the "last seen time" value, |
715 |
# as well as the AUTH timeout when the mail-auth module is in use, |
716 |
# when the nick is unsuspended. If set to zero, nicknames that are |
717 |
# suspended for longer than "NSExpire" will be expired (dropped) |
718 |
# during the next check for nickname expiration, giving the owners |
719 |
# very little time to identify for their nicknames and prevent |
720 |
# their expiry. |
721 |
# |
722 |
# If not specified, nickname suspensions will not expire by |
723 |
# default, and there will be no grace period for recovering the nick. |
724 |
|
725 |
NSSuspendExpire 25d 5d |
726 |
|
727 |
# NSShowPassword [OPTIONAL] |
728 |
# Causes the user's password to be sent back to them in a NOTICE at |
729 |
# registration time, as a reminder. |
730 |
|
731 |
NSShowPassword |
732 |
|
733 |
# NSEnforcerUser <user>[@<host>] [REQUIRED] |
734 |
# Sets the username (and possibly hostname) used for the fake user |
735 |
# created when NickServ collides a user. Should be in user@host |
736 |
# format. If the host is not given, the one from ServicesUser is |
737 |
# used. |
738 |
|
739 |
NSEnforcerUser enforcer |
740 |
#NSEnforcerUser enforcer@localhost.net |
741 |
|
742 |
# NSForceNickChange [OPTIONAL] |
743 |
# When enabled, makes NickServ change a user's nick to a |
744 |
# "Guest######" nick instead of killing them when enforcing a |
745 |
# "nick kill". (The actual nickname used is determined by the |
746 |
# GuestNickPrefix setting in ircservices.conf.) |
747 |
# |
748 |
# This setting has no effect with IRC servers that do not support |
749 |
# forcibly changing a client's nickname, and a warning will be |
750 |
# written to the log file if this option is used in such a case. |
751 |
|
752 |
#NSForceNickChange |
753 |
|
754 |
# NSReleaseTimeout <time> [REQUIRED] |
755 |
# Sets the delay before a NickServ-collided nick is released. |
756 |
|
757 |
NSReleaseTimeout 1m |
758 |
|
759 |
# NSAllowKillImmed [OPTIONAL] |
760 |
# When given, allows the use of the IMMED option with the NickServ |
761 |
# SET KILL command. |
762 |
|
763 |
#NSAllowKillImmed |
764 |
|
765 |
# NSListOpersOnly [OPTIONAL] |
766 |
# When enabled, limits use of the NickServ LIST and LISTEMAIL |
767 |
# commands to IRC operators. |
768 |
|
769 |
#NSListOpersOnly |
770 |
|
771 |
# NSSecureAdmins [RECOMMENDED] |
772 |
# When enabled, prevents the use of the DROPNICK, GETPASS, FORBID, |
773 |
# SUSPEND, and SET PASSWORD commands by Services admins on other |
774 |
# Services admins or the Services root. (These restrictions do not |
775 |
# apply to the Services root.) |
776 |
|
777 |
NSSecureAdmins |
778 |
|
779 |
# NSEnableDropEmail [OPTIONAL] |
780 |
# Allows the DROPEMAIL command to be used. This command can help |
781 |
# recover from mass-registration attacks, but can also destroy your |
782 |
# database if used improperly. |
783 |
|
784 |
#NSEnableDropEmail |
785 |
|
786 |
# NSDropEmailExpire [REQUIRED] |
787 |
# Sets the maximum length of time allowed between a DROPEMAIL |
788 |
# command and the corresponding DROPEMAIL-CONFIRM command. |
789 |
|
790 |
NSDropEmailExpire 10m |
791 |
|
792 |
# NSHelpWarning <time> [OPTIONAL] |
793 |
# When enabled, displays a "do not abuse NickServ" warning at the |
794 |
# end of the NickServ HELP output similar to previous versions of |
795 |
# Services. Otherwise, the warning is not displayed. |
796 |
|
797 |
#NSHelpWarning |
798 |
|
799 |
# NSAlias <alias>=<command> [OPTIONAL] |
800 |
# Creates an alias for a command. "alias" is the name of the |
801 |
# alias, and "command" is the command which should be executed for |
802 |
# that alias; the two are joined by an equals sign ("=") with no |
803 |
# intervening whitespace. The alias and command names are |
804 |
# case-insensitive. |
805 |
# |
806 |
# Any number of aliases can be created by adding more NSAlias |
807 |
# directives, but recursive aliases are not allowed; "command" must |
808 |
# be a valid (unaliased) command name. |
809 |
|
810 |
#NSAlias ID=IDENTIFY |
811 |
|
812 |
EndModule |
813 |
|
814 |
################################ Access list module |
815 |
|
816 |
Module nickserv/access |
817 |
|
818 |
# NSAccessMax <count> [REQUIRED] |
819 |
# Sets the maximum number of entries allowed on a nickname access |
820 |
# list. |
821 |
|
822 |
NSAccessMax 32 |
823 |
|
824 |
# NSFirstAccessEnable [OPTIONAL] |
825 |
# When enabled, causes an access entry based on the registering |
826 |
# user's username and hostname to be automatically added to the |
827 |
# access list of a newly-registered nickname. When disabled, |
828 |
# newly-registered nicknames will have an empty access list. |
829 |
|
830 |
NSFirstAccessEnable |
831 |
|
832 |
# NSFirstAccessWild [OPTIONAL] |
833 |
# When enabled, causes the first access list entry added to a newly |
834 |
# registered nickname to use a wildcard in the hostname when |
835 |
# appropriate. When disabled, the first access list entry consists |
836 |
# of the registering user's username and hostname as-is, without |
837 |
# wildcards. This directive has no effect if NSFirstAccessEnable |
838 |
# is disabled. |
839 |
|
840 |
NSFirstAccessWild |
841 |
|
842 |
EndModule |
843 |
|
844 |
################################ Autojoin module |
845 |
|
846 |
Module nickserv/autojoin |
847 |
|
848 |
# NSAutojoinMax <count> [REQUIRED] |
849 |
# Sets the maximum number of entries allowed on an autojoin list. |
850 |
# There is little point in setting this higher than the maximum |
851 |
# number of channels a client is allowed to join by the server |
852 |
# (usually 10). |
853 |
|
854 |
NSAutojoinMax 10 |
855 |
|
856 |
EndModule |
857 |
|
858 |
################################ Link module |
859 |
|
860 |
Module nickserv/link |
861 |
|
862 |
# NSLinkMax <count> [REQUIRED] |
863 |
# Sets the maximum number of links allowed for a single nickname |
864 |
# group. |
865 |
|
866 |
NSLinkMax 20 |
867 |
|
868 |
EndModule |
869 |
|
870 |
################################ Authentication module |
871 |
|
872 |
Module nickserv/mail-auth |
873 |
|
874 |
# NSNoAuthExpire <time> [OPTIONAL] |
875 |
# Sets the period of time after which a newly registered nickname |
876 |
# will expire if it is not authenticated. If not specified, the |
877 |
# standard nickname expiration time (NSExpire) is used. |
878 |
|
879 |
#NSNoAuthExpire 12h |
880 |
|
881 |
# NSSendauthDelay <time> [RECOMMENDED] |
882 |
# Sets the minimum length of time between consecutive uses of the |
883 |
# SENDAUTH command for the same nick group. If not specified, this |
884 |
# restriction is disabled. |
885 |
# |
886 |
# WARNING: Not setting NSSendauthDelay, or setting it too low, will |
887 |
# allow users to abuse this command to send large |
888 |
# quantities of mail (mailbombs) to arbitrary users! |
889 |
|
890 |
NSSendauthDelay 1d |
891 |
|
892 |
EndModule |
893 |
|
894 |
########################################################################### |
895 |
# |
896 |
# ChanServ configuration |
897 |
# |
898 |
########################################################################### |
899 |
|
900 |
Module chanserv/main |
901 |
|
902 |
# ChanServName <nick> <string> [REQUIRED] |
903 |
# Specifies the nickname (first parameter) and "real" name (second |
904 |
# parameter) used by the ChanServ pseudoclient. |
905 |
|
906 |
ChanServName "ChanServ" "Channel Server" |
907 |
|
908 |
# CSEnableRegister [OPTIONAL] |
909 |
# Allows the REGISTER command to be used. This is usually a good |
910 |
# thing, but if you don't want your users to be able to register |
911 |
# channels, remove (or comment out) this directive. Note, however, |
912 |
# that Services administrators and the Services super-user will |
913 |
# still be able to use the REGISTER command regardless of whether |
914 |
# this directive is given or not. |
915 |
|
916 |
CSEnableRegister |
917 |
|
918 |
# CSRegisteredOnly [OPTIONAL] |
919 |
# Treats unregistered channels as if they were forbidden, |
920 |
# disallowing access by ordinary users to any channels not |
921 |
# explicitly registered with ChanServ. IRC operators will be |
922 |
# allowed to enter such channels, as they are for ordinary |
923 |
# forbidden channels. Note that this directive operates |
924 |
# independently from the CSEnableRegister directive; if |
925 |
# CSEnableRegister is commented out, non-Services-admin IRC |
926 |
# operators will be able to join unregistered channels but will |
927 |
# not be permitted to register them. |
928 |
|
929 |
#CSRegisteredOnly |
930 |
|
931 |
# CSMaxReg <count> [RECOMMENDED] |
932 |
# Limits the number of channels which may be registered to a single |
933 |
# nickname. In the case of linked nicks, this limit applies to the |
934 |
# entire set of linked nicks. |
935 |
|
936 |
CSMaxReg 20 |
937 |
|
938 |
# CSDef... [OPTIONAL] |
939 |
# Sets the default options for newly registered channels. Note |
940 |
# that changing these options will have no effect on channels which |
941 |
# are already registered. Options not listed here will be unset on |
942 |
# new channels. |
943 |
|
944 |
CSDefKeepTopic |
945 |
#CSDefSecureOps |
946 |
#CSDefPrivate |
947 |
#CSDefTopicLock |
948 |
#CSDefLeaveOps |
949 |
CSDefSecure |
950 |
#CSDefOpNotice |
951 |
#CSDefEnforce |
952 |
#CSDefMemoRestricted |
953 |
#CSDefHideEmail |
954 |
#CSDefHideTopic |
955 |
#CSDefHideMlock |
956 |
|
957 |
# CSDefModeLock <mode-string> [OPTIONAL] |
958 |
# Sets the default mode lock for newly registered channels, in the |
959 |
# same format as the SET MLOCK command. If not set, the default is |
960 |
# "+nt". Note that only binary modes (modes which take no |
961 |
# parameters) can be used with this directive. |
962 |
|
963 |
CSDefModeLock +nt |
964 |
|
965 |
# CSExpire <time> [RECOMMENDED] |
966 |
# Sets the length of time before a channel expires. If not set, |
967 |
# channels will not expire. |
968 |
|
969 |
CSExpire 14d |
970 |
|
971 |
# CSSuspendExpire <time> [RECOMMENDED] |
972 |
# Sets the default expiry time and recovery grace period for channel |
973 |
# suspensions. If not set, channel suspensions will not expire by |
974 |
# default and there will be no recovery grace period. |
975 |
|
976 |
CSSuspendExpire 12d 2d |
977 |
|
978 |
# CSShowPassword [OPTIONAL] |
979 |
# If specified, causes the user's password to be sent back to them |
980 |
# in a NOTICE at registration time, as a reminder. |
981 |
|
982 |
CSShowPassword |
983 |
|
984 |
# CSAccessMax <count> [REQUIRED] |
985 |
# Sets the maximum number of entries on a channel's access list. |
986 |
# Channel access lists may contain only registered nicknames; |
987 |
# therefore, checking each entry on the list requires only a single |
988 |
# scalar comparison instead of a wildcard match, and this limit may |
989 |
# be safely set much higher than (for example) the autokick list |
990 |
# size limit without impacting performance significantly. |
991 |
|
992 |
CSAccessMax 1024 |
993 |
|
994 |
# CSAutokickMax <count> [REQUIRED] |
995 |
# Sets the maximum number of entries on a channel's autokick list. |
996 |
|
997 |
CSAutokickMax 32 |
998 |
|
999 |
# CSInhabit <time> [REQUIRED] |
1000 |
# Sets the length of time ChanServ stays in a channel after kicking |
1001 |
# a user from a channel s/he is not permitted to be in. This only |
1002 |
# occurs when the user is the only one in the channel. |
1003 |
|
1004 |
CSInhabit 15s |
1005 |
|
1006 |
# CSRestrictDelay <time> [OPTIONAL] |
1007 |
# When enabled, causes ChanServ to permit users to join channels |
1008 |
# with the RESTRICTED option set if they would be permitted to join |
1009 |
# after identifying for their nick, and to not remove mode +o (ops) |
1010 |
# from users who would be auto-opped if identified for their nick, |
1011 |
# for the given period of time after Services starts up. This gives |
1012 |
# such users time to identify to NickServ before being kicked out of |
1013 |
# restricted channels or getting deopped. |
1014 |
|
1015 |
CSRestrictDelay 15s |
1016 |
|
1017 |
# CSListOpersOnly [OPTIONAL] |
1018 |
# When enabled, limits use of the ChanServ LIST command to IRC |
1019 |
# operators. |
1020 |
|
1021 |
#CSListOpersOnly |
1022 |
|
1023 |
# CSForbidShortChannel [OPTIONAL] |
1024 |
# When enabled, treats the channel "#" as a forbidden channel, not |
1025 |
# allowing any users to join it. When not enabled, the channel "#" |
1026 |
# can be used normally, although ChanServ functions cannot be used |
1027 |
# with it. If CSRegisteredOnly is enabled, this directive has no |
1028 |
# effect (the "#" channel will be treated as forbidden along with |
1029 |
# all other unregistered channel). |
1030 |
|
1031 |
#CSForbidShortChannel |
1032 |
|
1033 |
# CSSkipModeRCheck [OPTIONAL] |
1034 |
# When enabled, causes ChanServ to not kick users with unregistered |
1035 |
# nicknames who try to join <tt>+R</tt> channels (on networks |
1036 |
# supporting <tt>+R</tt> or another mode restricting channels to |
1037 |
# registered nicknames only). |
1038 |
|
1039 |
#CSSkipModeRCheck |
1040 |
|
1041 |
# CSAlias <alias>=<command> [OPTIONAL] |
1042 |
# Creates an alias for a command. The parameter format is the same |
1043 |
# as for the NSAlias directive. |
1044 |
|
1045 |
#CSAlias ID=IDENTIFY |
1046 |
|
1047 |
EndModule |
1048 |
|
1049 |
########################################################################### |
1050 |
# |
1051 |
# MemoServ configuration |
1052 |
# |
1053 |
########################################################################### |
1054 |
|
1055 |
Module memoserv/main |
1056 |
|
1057 |
# MemoServName <nick> <string> [REQUIRED] |
1058 |
# Specifies the nickname (first parameter) and "real" name (second |
1059 |
# parameter) used by the MemoServ pseudoclient. |
1060 |
|
1061 |
MemoServName "MemoServ" "Memo Server" |
1062 |
|
1063 |
# MSMaxMemos <count> [RECOMMENDED] |
1064 |
# Sets the maximum number of memos a user is allowed to keep by |
1065 |
# default. Normal users may set the limit anywhere between zero |
1066 |
# and this value; Services admins can change it to any value or |
1067 |
# disable it. If not given, the limit is disabled by default, and |
1068 |
# normal users can set any limit they want. |
1069 |
|
1070 |
MSMaxMemos 20 |
1071 |
|
1072 |
# MSExpire <time> [OPTIONAL] |
1073 |
# Sets the length of time after a memo is sent until it expires and |
1074 |
# is automatically deleted. If not set, memos will not expire. |
1075 |
# Note that memos sent while MSExpire is disabled will not expire |
1076 |
# even if MSExpire is later enabled. |
1077 |
|
1078 |
#MSExpire 3d |
1079 |
|
1080 |
# MSExpireDelay <time> [OPTIONAL] |
1081 |
# Sets the length of time after first being read a memo's |
1082 |
# expiration will be delayed. Even if a memo reaches the age given |
1083 |
# in the MSExpire directive, it will not be deleted until at least |
1084 |
# the length of time given in this directive has passed since the |
1085 |
# memo was first read. If not set, memo expiration will not be |
1086 |
# delayed, and unread memos which have expired will be deleted |
1087 |
# immediately upon being read. |
1088 |
# |
1089 |
# If MSExpire is not set, this directive is ignored. |
1090 |
|
1091 |
MSExpireDelay 1d |
1092 |
|
1093 |
# MSSendDelay <time> [RECOMMENDED] |
1094 |
# Sets the delay between consecutive uses of the MemoServ SEND |
1095 |
# command. This can help prevent spam as well as denial-of-service |
1096 |
# attacks from sending large numbers of memos and filling up disk |
1097 |
# space (and memory). A 3-second wait means a maximum average of |
1098 |
# 150 bytes of memo per second per user under the current IRC |
1099 |
# protocol. |
1100 |
|
1101 |
MSSendDelay 3s |
1102 |
|
1103 |
# MSAlias <alias>=<command> [OPTIONAL] |
1104 |
# Creates an alias for a command. The parameter format is the same |
1105 |
# as for the NSAlias directive. |
1106 |
|
1107 |
#MSAlias R=READ |
1108 |
|
1109 |
EndModule |
1110 |
|
1111 |
################################ FORWARD module |
1112 |
|
1113 |
Module memoserv/forward |
1114 |
|
1115 |
# MSAllowForward [OPTIONAL] |
1116 |
# If given, allows the FORWARD command to be used (the SET FORWARD |
1117 |
# command is always available). While the FORWARD command can be |
1118 |
# useful particularly for users first setting the FORWARD option |
1119 |
# on, a large number of users using the FORWARD ALL command can |
1120 |
# place a significant load on Services. |
1121 |
|
1122 |
MSAllowForward |
1123 |
|
1124 |
# MSForwardDelay <time> [RECOMMENDED if MSAllowForward is set] |
1125 |
# Sets the minimum length of time between consecutive uses of the |
1126 |
# FORWARD command. If not given, this restriction is disabled. |
1127 |
# (Note that this can allow users to place a significant load on |
1128 |
# Services and/or your mail server!) |
1129 |
# |
1130 |
# If MSAllowForward is not set, this directive is ignored. |
1131 |
|
1132 |
MSForwardDelay 10s |
1133 |
|
1134 |
EndModule |
1135 |
|
1136 |
################################ IGNORE module |
1137 |
|
1138 |
Module memoserv/ignore |
1139 |
|
1140 |
# MSIgnoreMax [REQUIRED] |
1141 |
# Sets the maximum number of entries a user can have for their |
1142 |
# nickname group's memo ignore list. |
1143 |
|
1144 |
MSIgnoreMax 32 |
1145 |
|
1146 |
EndModule |
1147 |
|
1148 |
########################################################################### |
1149 |
# |
1150 |
# StatServ configuration |
1151 |
# |
1152 |
########################################################################### |
1153 |
|
1154 |
Module statserv/main |
1155 |
|
1156 |
# StatServName <nick> <string> [REQUIRED] |
1157 |
# Specifies the nickname (first parameter) and "real" name (second |
1158 |
# parameter) used by the StatServ pseudoclient. |
1159 |
|
1160 |
StatServName "StatServ" "Statistics Server" |
1161 |
|
1162 |
# SSOpersOnly [OPTIONAL] |
1163 |
# Limits the use of StatServ to IRC operators only. |
1164 |
|
1165 |
#SSOpersOnly |
1166 |
|
1167 |
EndModule |
1168 |
|
1169 |
########################################################################### |
1170 |
# |
1171 |
# HTTP server modules |
1172 |
# |
1173 |
########################################################################### |
1174 |
|
1175 |
Module httpd/main |
1176 |
|
1177 |
# ListenTo <address>:<port> [REQUIRED] |
1178 |
# Specifies the address and port number on which the HTTP server |
1179 |
# will listen for incoming requests. <address> may be specified as |
1180 |
# an IP address (first example below), a hostname (second example), |
1181 |
# or the special string "*", which means "any IP address" (third |
1182 |
# example). |
1183 |
# |
1184 |
# When a hostname is given, as in the second example below, |
1185 |
# Services will look up the address(es) associated with the |
1186 |
# hostname at startup time, and bind to every IP address found. |
1187 |
# This can be useful, for example, with dynamic DNS, in which |
1188 |
# the server's IP address changes periodically; however, the |
1189 |
# hostname lookup can take time--especially if there is no DNS |
1190 |
# server on the local network--and is susceptible to network or |
1191 |
# DNS server outages, so IP addresses or "*" should be used |
1192 |
# whenever possible. |
1193 |
# |
1194 |
# Note that many systems restrict low port numbers to the system |
1195 |
# administrator; in particular, Unix-like systems allow only the |
1196 |
# root user (UID 0) to use ports less than 1024. |
1197 |
|
1198 |
#ListenTo 127.0.0.1:12701 |
1199 |
#ListenTo services.example.net:8080 |
1200 |
#ListenTo *:80 |
1201 |
|
1202 |
# ListenBacklog [REQUIRED] |
1203 |
# Specifies the maximum number of connections that can be received |
1204 |
# by the operating system without being accepted by Services (the |
1205 |
# second parameter, `backlog', to the listen() system call). If |
1206 |
# you start seeing refused or delayed connections on a busy server, |
1207 |
# try increasing this value. |
1208 |
# |
1209 |
# If you don't understand the above, leave this setting alone. |
1210 |
|
1211 |
ListenBacklog 5 |
1212 |
|
1213 |
# RequestBufferSize <bytes> [REQUIRED] |
1214 |
# Specifies the size of the buffer allocated for each HTTP request. |
1215 |
# Note that this buffer is allocated for every connection, and an |
1216 |
# additional amount of memory will be allocated for header pointers |
1217 |
# (in the pathological case this extra amount could reach 4/3 of |
1218 |
# the value given for this directive). If a client sends a request |
1219 |
# (including POST data) exceeding this value, an error will be |
1220 |
# returned and the connection terminated. |
1221 |
# |
1222 |
# If you don't understand the above, leave this setting alone. |
1223 |
|
1224 |
RequestBufferSize 4096 |
1225 |
|
1226 |
# MaxConnections <count> [RECOMMENDED] |
1227 |
# Specifies the maximum number of simultaneous connections allowed. |
1228 |
# If not given, no limit is placed on the number of connections; |
1229 |
# however, the operating system may impose its own limits, which |
1230 |
# are not under the control of Services. |
1231 |
|
1232 |
MaxConnections 10 |
1233 |
|
1234 |
# MaxRequests <count> [RECOMMENDED] |
1235 |
# Specifies the maximum number of requests that can be made over a |
1236 |
# single connection before the server disconnects it. If not |
1237 |
# given, no limit is placed on the number of requests per |
1238 |
# connection; note that this may allow malicious users to interfere |
1239 |
# with Services' normal operations by sending large numbers of |
1240 |
# requests over a single connection. |
1241 |
|
1242 |
MaxRequests 20 |
1243 |
|
1244 |
# IdleTimeout <time> [RECOMMENDED] |
1245 |
# Specifies the length of time a connection can be idle (not |
1246 |
# sending data) before it will be automatically closed. If not |
1247 |
# given, connections will never be closed automatically. |
1248 |
|
1249 |
IdleTimeout 30s |
1250 |
|
1251 |
# LogConnections [OPTIONAL] |
1252 |
# If given, a log message will be written for each connection to |
1253 |
# the server. |
1254 |
|
1255 |
LogConnections |
1256 |
|
1257 |
EndModule |
1258 |
|
1259 |
################################ IP address authorization module |
1260 |
|
1261 |
Module httpd/auth-ip |
1262 |
|
1263 |
# AllowHost <path> <address> [OPTIONAL] |
1264 |
# DenyHost <path> <address> [OPTIONAL] |
1265 |
# Specifies which hosts will be allowed (or not allowed) to access |
1266 |
# resources provided by the HTTP server. The <path> parameter is a |
1267 |
# URL path (not including the "http://host.name"), and matches any |
1268 |
# URL which begins with the same string; for example, "/dir" |
1269 |
# matches both "/dir/file" and "/dirty". The <address> can be an |
1270 |
# IP address, a hostname (as with ListenTo in the main server |
1271 |
# module, all addresses associated with the hostname will be |
1272 |
# allowed or denied), the string "*" (which means all addresses), |
1273 |
# or the special format "<IP-address>/<mask>", where <mask> is an |
1274 |
# integer from 1 to 31 giving the number of bits in the subnet |
1275 |
# address, which indicates that the entire subnet of addressess |
1276 |
# specified should be allowed or denied; for example, |
1277 |
# "192.168.1.64/26" represents the range of addresses from |
1278 |
# 192.168.1.64 to 192.168.1.127. |
1279 |
# |
1280 |
# Examples: |
1281 |
# AllowHost /debug 127.0.0.1 # Allow all requests from localhost |
1282 |
# # to the debug page |
1283 |
# AllowHost / 192.168.0.0/24 # Allow any host in the 192.168.0.* |
1284 |
# # network access to the entire |
1285 |
# # server |
1286 |
# DenyHost / shell.example.org # Deny connections from any address |
1287 |
# # associated with shell.example.org |
1288 |
# |
1289 |
# Multiple AllowHost or DenyHost directives for the same path may |
1290 |
# be used to specify multiple addresses to allow or deny. Each |
1291 |
# condition will be checked in the order they are listed here, and |
1292 |
# the first matching one will be used. For example, these lines: |
1293 |
# AllowHost / 192.168.0.1 |
1294 |
# DenyHost / 192.168.0.0/24 |
1295 |
# deny access to all hosts in the 192.168.0.* network _except_ |
1296 |
# 192.168.0.1. However, the reverse: |
1297 |
# DenyHost / 192.168.0.0/24 |
1298 |
# AllowHost / 192.168.0.1 |
1299 |
# simply blocks all hosts in the 192.168.0.* network, since the |
1300 |
# first rule matches 192.168.0.1 and the second is never checked. |
1301 |
# |
1302 |
# Access to the entire server can be allowed or denied by using the |
1303 |
# path "/", which matches every URL (since all URLs begin with a |
1304 |
# slash). Such a rule should always be included at the end of the |
1305 |
# rule list to explicitly indicate what should be done with |
1306 |
# requests that do not match any other rule; the behavior of the |
1307 |
# module for requests without a matching rule is undefined. For |
1308 |
# example: |
1309 |
# AllowHost / * |
1310 |
# or: |
1311 |
# DenyHost / * |
1312 |
# |
1313 |
# WARNING: Hostnames are resolved only once at startup; any changes |
1314 |
# in a host's IP address will not be seen by Services. |
1315 |
# |
1316 |
# Note: These directives are listed as "optional" only because the |
1317 |
# module will still load even if no directives are listed; |
1318 |
# however, unless AllowHost/DenyHost directives are given, |
1319 |
# the module will not have any effect. |
1320 |
|
1321 |
AllowHost / * |
1322 |
|
1323 |
EndModule |
1324 |
|
1325 |
################################ Password authorization module |
1326 |
|
1327 |
Module httpd/auth-password |
1328 |
|
1329 |
# AuthName <name> [REQUIRED] |
1330 |
# Specifies the name to be used by the user's browser when asking |
1331 |
# for a password (as in "Enter username and password for <name>:"). |
1332 |
|
1333 |
AuthName "IRC Services" |
1334 |
|
1335 |
# Protect <path> <user>:<pass> [OPTIONAL] |
1336 |
# Sets the URLs (paths) which will be protected by password |
1337 |
# authorization, and the username and password for each path. The |
1338 |
# username and password can be different for each path. The path |
1339 |
# given will match any URL beginning with that string, as with the |
1340 |
# auth-ip module. |
1341 |
# |
1342 |
# Examples: |
1343 |
# Protect /debug "debug:debug" |
1344 |
# Protect /~ "nickuser:nickpass" |
1345 |
# |
1346 |
# Note: This directive is listed as "optional" only because the |
1347 |
# module will still load even if no directives are listed; |
1348 |
# however, unless Protect directives are given, the module |
1349 |
# will not have any effect. Use a path of "/" to apply |
1350 |
# password protection to the entire server. |
1351 |
|
1352 |
EndModule |
1353 |
|
1354 |
################################ Database access module |
1355 |
|
1356 |
Module httpd/dbaccess |
1357 |
|
1358 |
# NOTICE: This module allows complete access to all Services data; |
1359 |
# be certain to protect it from unauthorized access using |
1360 |
# authorization modules or other means. |
1361 |
|
1362 |
# Prefix <path> [REQUIRED] |
1363 |
# Sets the URL (path) at which database access will be accessible. |
1364 |
# If this does not end with a slash, one will be appended |
1365 |
# automatically. Access is provided using the following directory |
1366 |
# tree: |
1367 |
# |
1368 |
# <path>/ Main menu |
1369 |
# <path>/operserv/ OperServ data and menu |
1370 |
# <path>/operserv/akill/ Autokill list |
1371 |
# <path>/operserv/news/ News item list |
1372 |
# <path>/operserv/sessions/ Session and exception lists |
1373 |
# <path>/operserv/sline/ S-line lists |
1374 |
# <path>/nickserv/ Nickname list and information |
1375 |
# <path>/chanserv/ Channel list and information |
1376 |
# <path>/statserv/ Network statistics |
1377 |
# <path>/xml-export/ XML-format database download |
1378 |
# |
1379 |
# Categories for which the relevant module is not loaded will not |
1380 |
# be accessible. |
1381 |
# |
1382 |
# WARNING: These functions, particularly the XML export function, |
1383 |
# can cause Services to stop for a significant period of |
1384 |
# time while they are processed! |
1385 |
# |
1386 |
# This is commented out by default; make sure you implement proper |
1387 |
# access protection (see above) before uncommenting it. |
1388 |
|
1389 |
#Prefix "/dbaccess" |
1390 |
|
1391 |
EndModule |
1392 |
|
1393 |
################################ Debug page module |
1394 |
|
1395 |
Module httpd/debug |
1396 |
|
1397 |
# DebugURL <path> [REQUIRED] |
1398 |
# Sets the URL (path) at which the debug page will be accessible. |
1399 |
# This must begin with a slash. |
1400 |
|
1401 |
DebugURL "/debug" |
1402 |
|
1403 |
EndModule |
1404 |
|
1405 |
################################ Nick/channel redirect module |
1406 |
|
1407 |
Module httpd/redirect |
1408 |
|
1409 |
# NicknamePrefix <path> [OPTIONAL] |
1410 |
# Sets the URL (path) at which nickname redirects will be |
1411 |
# accessible; all characters after this prefix, up to the next |
1412 |
# slash, will be taken as the nickname. This must begin with a |
1413 |
# slash. The default value, "/~", emulates the traditional home |
1414 |
# page URL of "http://www.example.net/~username/". If you use a |
1415 |
# directory name instead, it must end with a slash, for example: |
1416 |
# "/nickname/". See also ChannelPrefix, below. |
1417 |
# |
1418 |
# If not set, nickname redirects will not be done. |
1419 |
|
1420 |
NicknamePrefix "/~" |
1421 |
|
1422 |
# ChannelPrefix <path> [OPTIONAL] |
1423 |
# Sets the URL (path) at which channel redirects will be |
1424 |
# accessible; all characters after this prefix, up to the next |
1425 |
# slash, will be taken as the channel name (without the leading |
1426 |
# "#", which cannot be used in URLs). The path must begin with |
1427 |
# a slash. The default value, "/channel/", gives URLs like |
1428 |
# "http://services.example.net/channels/channelname/" for channel |
1429 |
# "#channelname". |
1430 |
# |
1431 |
# If not set, channel redirects will not be done. |
1432 |
# |
1433 |
# Note: If a URL could be interpreted as both a nickname URL and a |
1434 |
# channel URL, the nickname will take precedence, even if it |
1435 |
# is not registered or does not have a URL associated with it. |
1436 |
|
1437 |
ChannelPrefix "/channel/" |
1438 |
|
1439 |
EndModule |
1440 |
|
1441 |
################################ Top page module |
1442 |
|
1443 |
Module httpd/top-page |
1444 |
|
1445 |
# Filename <path> [<content-type>] [OPTIONAL] |
1446 |
# Sets the name of a file to be delivered as the server's top page. |
1447 |
# If this does not begin with a slash, then it is taken as relative |
1448 |
# to the Services data directory. The second parameter specifies |
1449 |
# the MIME content type of the file; if not given, it defaults to |
1450 |
# text/html. |
1451 |
|
1452 |
#Filename "Top Page.txt" text/plain |
1453 |
#Filename /var/www/html/ircservices/top-page.html |
1454 |
|
1455 |
# Redirect <URL> [OPTIONAL] |
1456 |
# Sets a URL to be provided as a redirect to a client accessing the |
1457 |
# top page. This must be a full URL, beginning with "http://" (or |
1458 |
# some other protocol specifier). If both Filename and Redirect |
1459 |
# are given, Redirect takes precedence. |
1460 |
|
1461 |
#Redirect http://www.example.net/ircservices/ |
1462 |
|
1463 |
EndModule |
1464 |
|
1465 |
########################################################################### |
1466 |
# |
1467 |
# Miscellaneous modules |
1468 |
# |
1469 |
########################################################################### |
1470 |
|
1471 |
################################ DevNull settings |
1472 |
|
1473 |
Module misc/devnull |
1474 |
|
1475 |
# DevNullName <nick> <string> [REQUIRED] |
1476 |
# Specifies the nickname (first parameter) and "real" name (second |
1477 |
# parameter) used by the DevNull pseudoclient. |
1478 |
|
1479 |
DevNullName "DevNull" "/dev/null -- message sink" |
1480 |
|
1481 |
EndModule |
1482 |
|
1483 |
################################ HelpServ settings |
1484 |
|
1485 |
Module misc/helpserv |
1486 |
|
1487 |
# HelpServName <nick> <string> [REQUIRED] |
1488 |
# Specifies the nickname (first parameter) and "real" name (second |
1489 |
# parameter) used by the HelpServ pseudoclient. |
1490 |
|
1491 |
HelpServName "HelpServ" "Help Server" |
1492 |
|
1493 |
# HelpDir <dirname> [REQUIRED] |
1494 |
# Specifies the name of the subdirectory containing help files for |
1495 |
# HelpServ. |
1496 |
|
1497 |
HelpDir helpfiles |
1498 |
|
1499 |
EndModule |
1500 |
|
1501 |
################################ XML export settings |
1502 |
|
1503 |
Module misc/xml-export |
1504 |
|
1505 |
# This module has no configurable settings. |
1506 |
|
1507 |
EndModule |
1508 |
|
1509 |
################################ XML import settings |
1510 |
|
1511 |
Module misc/xml-import |
1512 |
|
1513 |
# OnNicknameCollision <action> [OPTIONAL] |
1514 |
# Specifies the action to be taken when a nickname in the data to |
1515 |
# import is already registered. The string must be one of either |
1516 |
# "skipgroup" (skip over the nickname group containing the nickname |
1517 |
# in the imported data), "skipnick" (skip only the colliding |
1518 |
# nickname), "overwrite" (drop the existing nickname), or "abort" |
1519 |
# (do not import any data). Note that when "abort" is selected, |
1520 |
# the entire XML input is still checked for errors, but Services |
1521 |
# will abort before actually merging any data. |
1522 |
# |
1523 |
# When using "overwrite", if a nickname group has only one nickname |
1524 |
# and that nickname is overwritten, the nickname group will be |
1525 |
# dropped as well. As a consequence, any channels owned by such a |
1526 |
# nickname will be dropped (or shifted to their successors) as |
1527 |
# well. All nicknames and channels overwritten or dropped in this |
1528 |
# manner will be displayed on standard error. |
1529 |
# |
1530 |
# If not specified, defaults to "skipgroup". |
1531 |
|
1532 |
#OnNicknameCollision skipgroup |
1533 |
|
1534 |
# OnChannelCollision <action> [OPTIONAL] |
1535 |
# Specifies the action to be taken when a channel in the data to |
1536 |
# import is already registered. The string must be one of either |
1537 |
# "skip" (skip over the channel in the imported data), "overwrite" |
1538 |
# (drop the existing channel), or "abort" (do not import any data). |
1539 |
# Note that when "abort" is selected, the entire XML input is still |
1540 |
# checked for errors, but Services will abort before actually |
1541 |
# merging any data. If not specified, defaults to "skip". |
1542 |
|
1543 |
#OnChannelCollision skip |
1544 |
|
1545 |
# ImportNews [OPTIONAL] |
1546 |
# Causes news items in the XML data to be imported into the |
1547 |
# database (normally, news items are skipped). |
1548 |
|
1549 |
#ImportNews |
1550 |
|
1551 |
# VerboseImport [OPTIONAL] |
1552 |
# Causes a detailed list of imported nicknames, channels, and other |
1553 |
# data to be printed to standard output. |
1554 |
|
1555 |
VerboseImport |
1556 |
|
1557 |
EndModule |