inspircd/docs/conf/modules.example.conf

#-#-#-#-#-#-#-#-#-#-#-#-#-  MODULE OPTIONS   -#-#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
#  These tags define which modules will be loaded on startup by your  #
#  server. Add modules without any paths. When you make your ircd     #
#  using the 'make' command, all compiled modules will be moved into  #
#  the folder you specified when you ran ./configure. The module tag  #
#  automatically looks for modules in this location.                  #
#  If you attempt to load a module outside of this location, either   #
#  in the config, or via /LOADMODULE, you will receive an error.      #
#                                                                     #
#  By default, ALL modules are commented out. You must uncomment them #
#  or add lines to your config to load modules. Please refer to       #
#  https://docs.inspircd.org/4/modules for a list of modules and      #
#  each modules link for any additional conf tags they require.       #
#                                                                     #
#    ____                _   _____ _     _       ____  _ _   _        #
#   |  _ \ ___  __ _  __| | |_   _| |__ (_)___  | __ )(_) |_| |       #
#   | |_) / _ \/ _` |/ _` |   | | | '_ \| / __| |  _ \| | __| |       #
#   |  _ <  __/ (_| | (_| |   | | | | | | \__ \ | |_) | | |_|_|       #
#   |_| \_\___|\__,_|\__,_|   |_| |_| |_|_|___/ |____/|_|\__(_)       #
#                                                                     #
# To link servers to InspIRCd, you MUST load the spanningtree module. #
# If you don't do this, server links will NOT work at all.            #
# This is by design, to allow for the implementation of other linking #
# protocols in modules in the future. This module is at the bottom of #
# this file.                                                          #
#                                                                     #

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Abbreviation module: Provides the ability to abbreviate commands a-la
# BBC BASIC keywords.
#<module name="abbreviation">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Account support module: Adds support for user accounts as well as
# several several modes relating to accounts.
#<module name="account">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Alias module: Allows you to define server-side command aliases.
#<module name="alias">
#
# Set the 'prefix' for in-channel aliases (fantasy commands) to the
# specified character. If not set, the default is "!".
# If 'allowbots' is disabled, +B clients will not be able to use
# fantasy commands. If not set, the default is no.
#<fantasy prefix="!" allowbots="no">
#
#-#-#-#-#-#-#-#-#-#-#-  ALIAS DEFINITIONS  -#-#-#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# If you have the alias module loaded, you may also define aliases as #
# shown below. They are commonly used to provide shortcut commands to #
# services, however they are not limited to just this use.            #
# An alias tag requires the following values to be defined in it:     #
#                                                                     #
# text        -      The text to detect as the actual command line.   #
#                    Can't contain spaces, but case insensitive.      #
#                    You may have multiple aliases with the same      #
#                    command name (text="" value), however the first  #
#                    found will be executed if its format value is    #
#                    matched, or it has no format value. Aliases are  #
#                    read from the top of the file to the bottom.     #
#                                                                     #
# usercommand -      If set to yes, the alias can be run simply as    #
#                    /ALIASNAME. Defaults to yes.                     #
#                                                                     #
# channelcommand -   If set to yes, the alias can be used as an       #
#                    in-channel alias or 'fantasy command', prefixed  #
#                    by the fantasy prefix character, !aliasname by   #
#                    default. Defaults to no.                         #
#                                                                     #
# format      -      If this is defined, the parameters of the alias  #
#                    must match this glob pattern. For example if you #
#                    want the first parameter to start with a # for   #
#                    the alias to be executed, set format="#*" in the #
#                    alias definition. Note that the :'s which are    #
#                    part of IRC formatted lines will be preserved    #
#                    for matching of this text. This value is         #
#                    optional.                                        #
#                                                                     #
# replace     -      The text to replace 'text' with. Usually this    #
#                    will be "PRIVMSG ServiceName :$2-" or similar.   #
#                    You may use the variables $1 through $9 in the   #
#                    replace string, which refer to the first through #
#                    ninth word in the original string typed by the   #
#                    user. You may also use $1- through $9- which     #
#                    refer to the first word onwards, through to the  #
#                    ninth word onwards, e.g. if the user types the   #
#                    command "foo bar baz qux quz" then $3- will hold #
#                    "baz qux quz" and $2 will contain "bar". You may #
#                    also use the special variables: $nick, $user,    #
#                    $address, $host and $vhost, and you may separate #
#                    multiple commands with a newline (which can be   #
#                    written in the file literally or encoded as &nl; #
#                                                                     #
# requires    -      If you provide a value for 'requires' this means #
#                    the given nickname MUST be online for the alias  #
#                    to successfully trigger. If they are not, then   #
#                    the user receives a 'no such nick' 401 numeric.  #
#                                                                     #
# stripcolor  -      If set to yes, the text from the user will be    #
#                    stripped of color and format codes before        #
#                    matching against 'text'.                         #
#                                                                     #
# service     -      Setting this to yes will ensure that the user    #
#                    given in 'requires' is also on a servicesserver, #
#                    as well as actually being on the network. If the #
#                    user is online, but not on a services server,    #
#                    then an oper alert is sent out as this is        #
#                    possibly a sign of a user trying to impersonate  #
#                    a service.                                       #
#                                                                     #
# operonly    -      If yes, this will make the alias oper only.      #
#                    If a non-oper attempts to use the alias, it will #
#                    appear to not exist.                             #
#                                                                     #
#
# An example of using the format value to create an alias with two
# different behaviours depending on the format of the parameters.
#
#<alias text="ID" format="#*" replace="PRIVMSG ChanServ :IDENTIFY $2 $3"
#  requires="ChanServ" service="yes">
#
#<alias text="ID" replace="PRIVMSG NickServ :IDENTIFY $2"
#  requires="NickServ" service="yes">
#
# You may also add aliases to trigger based on something said in a
# channel, aka 'fantasy' commands, configured in the same manner as any
# other alias, with usercommand="no" and channelcommand="yes" The
# command must be preceded by the fantasy prefix when used.
#
#<alias text="CS" usercommand="no" channelcommand="yes"
#  replace="PRIVMSG ChanServ :$1 $chan $2-" requires="ChanServ" service="yes">
#
# This would be used as "!cs <command> <options>", with the channel
# being automatically inserted after the command in the message to
# ChanServ, assuming the fantasy prefix is "!".

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Allowinvite module: Gives channel mode +A to allow all users to use
# /INVITE, and extban A to deny invite from specific masks.
#<module name="allowinvite">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Alltime module: Shows time on all connected servers at once.
# This module is oper-only and provides /ALLTIME.
# To use, ALLTIME must be in one of your oper class blocks.
#<module name="alltime">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Anticaps module: Adds channel mode +B which allows you to punish
# users that send overly capitalised messages to channels.
#<module name="anticaps">
#
# You may also configure the characters which anticaps considers to be
# lower case and upper case. Any characters not listed here are assumed
# to be punctuation and will be ignored when counting:
# <anticaps lowercase="abcdefghijklmnopqrstuvwxyz"
#           uppercase="ABCDEFGHIJKLMNOPQRSTUVWXYZ">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Argon2 module: Allows other modules to generate Argon2 hashes,
# usually for cryptographic uses and security.
# This module makes the algorithms argon2i, argon2d and argon2id
# available for use.
# Note that this module is extra, and must be enabled explicitly
# to build. It depends on libargon2.
#<module name="argon2">
#
# memory: Memory hardness, in KiB. E.g. 131072 KiB = 128 MiB.
# iterations: Time hardness in iterations. (def. 3)
# threads: Maximum amount of threads each invocation can spawn. (def. 1)
# length: Output length in bytes. (def. 32)
# saltlength: Salt length in bytes. (def. 16)
# version: Algorithm version, 10 or 13. (def. 13)
# The parameters can be customized as follows:
#<argon2 iterations="3" memory="131074" length="32" saltlength="16">
# Defines the parameters that are common for all the variants (i/d/id).
# Can be overridden on individual basis, e.g.
#<argon2i iterations="4">
#<argon2d memory="131074"
#<argon2id iterations="5" memory="262144" length="64" saltlength="32">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Auditorium module: Adds channel mode +u which makes everyone else
# except you in the channel invisible, used for large meetings etc.
#<module name="auditorium">
#
# Auditorium settings:
#
#<auditorium opvisible="no" opcansee="no" opercansee="yes">
#
# opvisible (auditorium-vis in exemptchanops):
#   Show channel ops to all users
# opcansee (auditorium-see in exemptchanops):
#   Allow ops to see all joins/parts/kicks in the channel
# opercansee:
#   Allow opers (channels/auspex) to see see all joins/parts/kicks in the channel
#
# Exemptchanops can be used to adjust the level at which users become visible or
# the level at which they can see the full member list of the channel.

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Autoop module: Adds basic channel access controls via the +w listmode.
# For example +w o:*!Attila@127.0.0.1 will op anyone matching that mask
# on join. This can be combined with extbans, for example +w o:R:Brain
# will op anyone identified to the account "Brain".
# Another useful combination is with TLS client certificate
# fingerprints: +w h:z:72db600734bb9546c1bdd02377bc21d2a9690d48 will
# give halfop to the user(s) having the given certificate.
#<module name="autoop">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Ban except module: Adds support for channel ban exceptions (+e).
#<module name="banexception">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Ban redirection module: Allows bans which redirect to a specified
# channel. e.g. +b nick!user@host#channelbanneduserissentto
#<module name="banredirect">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# bcrypt module: Allows other modules to generate bcrypt hashes,
# usually for cryptographic uses and security.
#<module name="bcrypt">
#
# rounds: Defines how many rounds the bcrypt function will run when
# generating new hashes.
#<bcrypt rounds="10">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Block amsg module: Attempt to block all usage of /amsg and /ame.
#<module name="blockamsg">
#
#-#-#-#-#-#-#-#-#-#-#-  BLOCKAMSG CONFIGURATION  -#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# If you have the blockamsg module loaded, you can configure it with  #
# the <blockamsg> tag:                                                #
#                                                                     #
# delay          -   How much time between two messages to force them #
#                    to be recognised as unrelated.                   #
# action         -   Any of 'notice', 'noticeopers', 'silent', 'kill' #
#                    or 'killopers'. Define how to take action when   #
#                    a user uses /amsg or /ame.                       #
#
#<blockamsg delay="3" action="killopers">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Block color module: Blocking color-coded messages with chan mode +c.
#<module name="blockcolor">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Botmode module: Adds the user mode +B. If set on a user, it will
# show that the user is a bot in /WHOIS.
#<module name="botmode">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# CallerID module: Adds user mode +g which activates hybrid-style
# callerid: block all private messages unless you /ACCEPT first.
#<module name="callerid">
#
#-#-#-#-#-#-#-#-#-#-#- CALLERID  CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
# maxaccepts     - Maximum number of entries a user can add to their  #
#                  /ACCEPT list. Default is 30 entries.               #
# tracknick      - Preserve /ACCEPT entries when a user changes nick? #
#                  If no (the default), the user is removed from      #
#                  everyone's accept list if their nickname changes.  #
# cooldown       - Amount of time that must pass since the last       #
#                  notification sent to a user before they can be     #
#                  sent another. Default is 1 minute.                 #
#<callerid maxaccepts="30"
#          tracknick="no"
#          cooldown="1m">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# CAP module: Provides the CAP negotiation mechanism required by many
# other modules. It is strongly recommended that you load this.
#<module name="cap">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# CBAN module: Lets you disallow channels from being used at runtime.
# This module is oper-only and provides /CBAN.
# To use, CBAN must be in one of your oper class blocks.
#<module name="cban">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Channel create module: Adds snomask +j, which will notify opers of
# any new channels that are created.
# This module is oper-only.
#<module name="chancreate">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Channel filter module: Allows channel-op defined message filtering
# using simple string matches (channel mode +g).
#<module name="chanfilter">
#
# If hidemask is set to yes, the user will not be shown the mask when
# their message is blocked.
#
# If maxlen is set then it defines the maximum length of a filter entry.
#
# If notifyuser is set to no, the user will not be notified when
# their message is blocked.
#<chanfilter hidemask="yes" maxlen="50" notifyuser="yes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Channel history module: Displays the last 'X' lines of chat to a user
# joining a channel with +H 'X:T' set; 'T' is the maximum time to keep
# lines in the history buffer. Designed so that the new user knows what
# the current topic of conversation is when joining the channel.
#<module name="chanhistory">
#
#-#-#-#-#-#-#-#-#-#-#- CHANHISTORY CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# maxduration - The maximum period to keep chat history for. Defaults #
#               to 4 weeks.                                           #
#                                                                     #
# maxlines - The maximum number of lines of chat history to send to a #
#            joining users. Defaults to 50.                           #
#                                                                     #
# prefixmsg - Whether to send an explanatory message to clients that  #
#             don't support the chathistory batch type. Defaults to   #
#             yes.                                                    #
#                                                                     #
# savefrombots - Whether to save messages from users with user mode   #
#                +B (bot) in the channel history. Defaults to yes.    #
#                                                                     #
# sendtobots - Whether to send channel history to users with user     #
#              mode +B (bot) enabled. Defaults to yes.                #
#
#<chanhistory maxlines="50"
#             maxduration="4w"
#             prefixmsg="yes"
#             savefrombots="yes"
#             sendtobots="yes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Channel logging module: Used to send snotice output to channels, to
# allow staff to centrally monitor and discuss network activity.
#
# The "channel" field is where you want the messages to go, "snomasks"
# is what snomasks you want to be sent to that channel. Multiple tags
# are allowed.
#<module name="chanlog">
#<chanlog snomasks="AOcC" channel="#opers">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Channel names module: Allows disabling channels which have certain
# characters in the channel name such as bold, colorcodes, etc. which
# can be quite annoying and allow users to on occasion have a channel
# that looks like the name of another channel on the network.
#<module name="channames">

#<channames
	# denyrange: characters or range of characters to deny in channel
	# names.
	#denyrange="2,3"

	# allowrange: characters or range of characters to specifically allow
	# in channel names.
	#allowrange="">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Channelban: Implements extended ban j:, which stops anyone already
# in a channel matching a ban like +b j:#channel from joining.
# It is also possible to ban based on their status in that channel,
# like so: +b j:@#channel, this example prevents the ops from joining.
# Note that by default wildcard characters * and ? are allowed in
# channel names. To disallow them, load the channames module and
# add characters 42 and 63 to denyrange (see above).
#<module name="channelban">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Check module: Adds the /CHECK command.
# Check is useful for looking up information on channels, users,
# IP addresses and hosts.
# This module is oper-only.
# To use, CHECK must be in one of your oper class blocks.
#<module name="check">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# CHGHOST module: Adds the /CHGHOST command.
# This module is oper-only.
# To use, CHGHOST must be in one of your oper class blocks.
# NOTE: Services will not be able to set vhosts on users if this module
# isn't loaded. If you're planning on running services, you probably
# want to load this.
#<module name="chghost">
#
#-#-#-#-#-#-#-#-# /CHGHOST - /SETHOST  CONFIGURATION #-#-#-#-#-#-#-#-#
# Optional - If you want to use special chars for hostnames you can  #
# specify your own custom list of chars with the <hostname> tag:     #
#                                                                    #
# charmap        - A list of chars accepted as valid by the /CHGHOST #
#                  and /SETHOST commands. Also note that the list is #
#                  case-sensitive.                                   #
#<hostname charmap="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-_/0123456789">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# CHGIDENT module: Adds the /CHGIDENT command.
# This module is oper-only.
# To use, CHGIDENT must be in one of your oper class blocks.
#<module name="chgident">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# CHGNAME module: Adds the /CHGNAME command.
# This module is oper-only.
# To use, CHGNAME must be in one of your oper class blocks.
#<module name="chgname">
#
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Connection class ban module: Adds support for extban 'n' which
# matches against the class name of the user's connection.
# This module assumes that connection classes are named in a uniform
# way on all servers of the network. Wildcards are accepted.
#<module name="classban">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Clear chan module: Allows opers to masskick, masskill or
# mass G/Z-line all users on a channel using /CLEARCHAN.
#<module name="clearchan">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Cloak module: Adds user mode x (cloak) which allows user hostnames to
# be hidden. This module does not provide any cloak methods by itself.
# You should also load another module like cloak_account or cloak_sha256.
#
# In order to have users automatically cloaked on connect you should
# load the conn_umodes module and add "x" to <connect:modes>.
#<module name="cloak">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# MD5 cloak module: Adds the "half" and "full" cloak methods. These
# methods are deprecated and will be removed in the next major version
# of InspIRCd. They should only be used on a network which is upgrading
# from v3 and wishes to keep ban compatibility. New networks should use
# the "hmac-sha256" method (see below) instead.
#
# IMPORTANT: If you are using this module you should also load the md5
# module. Failure to do so will result in users not being cloaked.
#<module name="cloak_md5">
#
#-#-#-#-#-#-#-#-#-#-#- MD5 CLOAK CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
# To use the cloak_md5 module you must define a <cloak> tag. This tag #
# tag can have the following fields.                                  #
#                                                                     #
#  key       -  The secret key to use when hashing hostnames. This    #
#               MUST be at least 30 characters long.                  #
#                                                                     #
#  class     - If non-empty then a comma-delimited list of connect    #
#              class names that a user has to be in to get the cloak  #
#              from this tag.                                         #
#                                                                     #
#  prefix    - A freeform value to prefix cloaks with. This must not  #
#              contain spaces.                                        #
#                                                                     #
#  suffix    - A freeform value to suffix cloaks with. This must not  #
#              contain spaces.                                        #
#                                                                     #
#  domainparts - The maximum number of hostname labels that should be #
#              visible on the end of a host. Defaults to 3.           #
#                                                                     #
#  ignorecase  - Whether to ignore the capitalisation of a hostname   #
#                when generating the cloak. This prevents users from  #
#                evading bans by changing the case of their DNS PTR   #
#                record. Defaults to off.                             #
#                                                                     #
# IMPORTANT: Changing these details will break all of your existing   #
# bans. If you do not want this to happen you can define multiple     #
# cloak tags. The first will be used for hostnames and the rest will  #
# be used for checking if a user is banned in a channel.              #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#
#<cloak method="half"
#       key="changeme"
#       class=""
#       prefix="MyNet-"
#       suffix=".IP"
#       domainparts="3"
#       ignorecase="yes">
#
#<cloak method="full"
#       key="changeme"
#       class=""
#       prefix="MyNet-"
#       suffix=".IP">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# HMAC-SHA256 cloak module: Adds the "hmac-sha256" (hostname or IP) and
# "hmac-sha256-addr" (IP only) cloak methods. This is the recommended
# cloak module for new networks.
#
# IMPORTANT: If you are using this module you should also load the sha2
# module. Failure to do so will result in users not being cloaked.
#<module name="cloak_sha256">
#
#-#-#-#-#-#-#-#-#- HMAC-SHA256 CLOAK CONFIGURATION -#-#-#-#-#-#-#-#-#-#
# To use the cloak_sha256 module you must define a <cloak> tag. This  #
# tag can have the following fields.                                  #
#                                                                     #
#  key       -  The secret key to use when hashing hostnames. This    #
#               MUST be at least 30 characters long.                  #
#                                                                     #
#  class     - If non-empty then a comma-delimited list of connect    #
#              class names that a user has to be in to get the cloak  #
#              from this tag.                                         #
#                                                                     #
#  prefix    - A freeform value to prefix cloaks with. This must not  #
#              contain spaces.                                        #
#                                                                     #
#  suffix    - A freeform value to suffix IPv4/IPv6 cloaks with. This #
#              must not contain spaces.                               #
#                                                                     #
#  case      - The case of the cloak table. Can be set to "upper" or  #
#              "lower". Defaults to "lower".                          #
#                                                                     #
#  hostparts - The maximum number of hostname labels that should be   #
#              visible on the end of a host. Defaults to 3.           #
#                                                                     #
#  pathparts - The maximum number of UNIX socket path segments that   #
#              should be visible on the end of a host. Defaults to 1. #
#                                                                     #
#  psl       - If non-empty then the path to a Mozilla Public Suffix  #
#              List database to use for finding the visible part of a #
#              hostname or "system" to use the system database if one #
#              exists. This overrides the hostparts (above) field.    #
#              Only available if libpsl was installed at build time.  #
#                                                                     #
# IMPORTANT: Changing these details will break all of your existing   #
# bans. If you do not want this to happen you can define multiple     #
# cloak tags. The first will be used for hostnames and the rest will  #
# be used for checking if a user is banned in a channel.              #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#
#<cloak method="hmac-sha256"
#       key="changeme"
#       class=""
#       prefix="MyNet"
#       suffix="ip"
#       case="lower"
#       hostparts="3"
#       pathparts="1"
#       psl="system">
#
#<cloak method="hmac-sha256-addr"
#       key="changeme"
#       class=""
#       prefix="MyNet"
#       suffix="ip"
#       case="lower"
#       pathparts="1">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Static cloak module: Adds the "static" (fixed value) cloak method.
#<module name="cloak_static">
#
#-#-#-#-#-#-#-#-#-#- STATIC CLOAK CONFIGURATION  -#-#-#-#-#-#-#-#-#-#-#
# To use the cloak_static module you must define a <cloak> tag. This  #
# tag can have the following fields.                                  #
#                                                                     #
#  class - If non-empty then a comma-delimited list of connect class  #
#  names that a user has to be in to get the cloak from this tag.     #
#                                                                     #
#  cloak - The cloak to give to users.                                #
#                                                                     #
# IMPORTANT: Changing these details will break all of your existing   #
# bans. If you do not want this to happen you can define multiple     #
# cloak tags. The first will be used for hostnames and the rest will  #
# be used for checking if a user is banned in a channel.              #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#
#<cloak method="static"
#       class=""
#       cloak="some.fixed.value">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# User data cloak module: Adds the "account" (services account name),
# "account-id" (services account id), "nickname" (current nickname),
# "fingerprint" (client certificate fingerprint), and "username" (RFC
# 1413 identification string) cloak methods.
#<module name="cloak_user">
#
#-#-#-#-#-#-#-#-#-#-#- USER CLOAK CONFIGURATION  -#-#-#-#-#-#-#-#-#-#-#
# To use the cloak_user module you must define a <cloak> tag. This    #
# tag can have the following fields.                                  #
#                                                                     #
#  case        - The case to transform the cloak value to. Can be set #
#                to "upper" to use upper case, "lower" to use lower   #
#                case, or "preserve" to not change the case. Defaults #
#                to "preserve".                                       #
#                                                                     #
#  class       - If non-empty then a comma-delimited list of connect  #
#                class names that a user has to be in to get the      #
#                cloak from this tag.                                 #
#                                                                     #
#  invalidchar - The action to take when an invalid host character is #
#                encountered in the cloak. Can be set to "reject" to  #
#                not apply the cloak, "strip" to remove the invalid   #
#                host character, or "truncate" to truncate the cloak  #
#                at the invalid host character. Defaults to "strip".  #
#                                                                     #
#  length      - If using the "fingerprint" method them the number of #
#                characters of the fingerprint hash to use. Defaults  #
#                to the value of <limits:maxhost> minus the length of #
#                the prefix and suffix fields.                        #
#                                                                     #
#  prefix      - A freeform value to prefix cloaks with. This must    #
#                not contain spaces.                                  #
#                                                                     #
#  suffix      - A freeform value to suffix IPv4/IPv6 cloaks with.    #
#                This must not contain spaces.                        #
#                                                                     #
# IMPORTANT: Changing these details will break all of your existing   #
# bans. If you do not want this to happen you can define multiple     #
# cloak tags. The first will be used for hostnames and the rest will  #
# be used for checking if a user is banned in a channel.              #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#
#<cloak method="account"
#       case="preserve"
#       class=""
#       invalidchar="strip"
#       prefix=""
#       suffix=".users.example.com">
#
#<cloak method="account-id"
#       case="preserve"
#       class=""
#       invalidchar="strip"
#       prefix=""
#       suffix=".users.example.com">
#
#<cloak method="fingerprint"
#       case="preserve"
#       class=""
#       invalidchar="strip"
#       length="16"
#       prefix=""
#       suffix=".fp">
#
#<cloak method="nickname"
#       case="preserve"
#       class=""
#       invalidchar="strip"
#       prefix="Users/"
#       suffix="">
#
#<cloak method="username"
#       case="preserve"
#       class=""
#       invalidchar="strip"
#       prefix="Users/"
#       suffix="">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Codepage module: Allows using a custom 8-bit codepage for nicknames
# and case mapping.
#<module name="codepage">
#
# You should include one of the following files to set your codepage:
#<include file="&dir.example;/codepages/ascii.example.conf">
#<include file="&dir.example;/codepages/iso-8859-1.example.conf">
#<include file="&dir.example;/codepages/iso-8859-2.example.conf">
#<include file="&dir.example;/codepages/rfc1459.example.conf">
#<include file="&dir.example;/codepages/strict-rfc1459.example.conf">
#
# You can also define a custom codepage. For details on how to do this
# please refer to the docs site:
# https://docs.inspircd.org/4/modules/codepage

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Common channels module: Adds user mode +c, which, when set, requires
# that users must share a common channel with you to PRIVMSG, NOTICE,
# TAGMSG, or INVITE you.
#<module name="commonchans">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Connectban: Provides IP connection throttling. Any IP range that
# connects too many times (configurable) in an hour is Z-lined for a
# (configurable) duration, and their count resets to 0.
#<module name="connectban">
#
# threshold - The number of connections which are allowed before a user
#             is connectbanned. Defaults to 10.
#
# banmessage - The message to give users when Z-lining them for connecting
#              too much.
#
# banduration - The time period to ban users who connect to much for. Defaults
#               to 10 minutes.
#
# ipv4cidr - The IPv4 CIDR mask (1-32) to treat connecting users as coming
#            from the same host. Defaults to 32.
#
# ipv6cidr - The IPv6 CIDR mask (1-128) to treat connecting users as coming
#            from the same host. Defaults to 128.
#
# bootwait - The time period to wait after starting up before enforcing
#            connection bans. Defaults to 2 minutes.
#
# splitwait - The time period to wait after a netsplit before enforcing
#             connection bans. Defaults to 2 minutes.
#
#<connectban threshold="10"
#            banmessage="Your IP range has been attempting to connect too many times in too short a duration. Wait a while, and you will be able to connect."
#            banduration="6h"
#            ipv4cidr="32"
#            ipv6cidr="128"
#            bootwait="2m"
#            splitwait="2m">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Connection throttle module.
#<module name="connflood">
#
#-#-#-#-#-#-#-#-#-#-#- CONNTHROTTLE CONFIGURATION  -#-#-#-#-#-#-#-#-#-#
#  period, maxconns -  Amount of connections per <period>.
#
#  timeout           -  Time to wait after the throttle was activated
#                       before deactivating it. Be aware that the time
#                       is seconds + timeout.
#
#  quitmsg           -  The message that users get if they attempt to
#                       connect while the throttle is active.
#
#  bootwait          -  Amount of time in seconds to wait before enforcing
#                       the throttling when the server just booted.
#
#<connflood period="30" maxconns="3" timeout="30"
#   quitmsg="Throttled" bootwait="2m">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Auto join on connect module: Allows you to force users to join one
# or more channels automatically upon connecting to the server, or
# join them in case they aren't on any channels after being online
# for X seconds.
#<module name="conn_join">
#
#-#-#-#-#-#-#-#-#-#-#-#- CONNJOIN CONFIGURATION  -#-#-#-#-#-#-#-#-#-#-#
#
# If you have the conn_join module loaded, you can configure it below
# or set autojoin="#chat,#help" in <connect> blocks.
#
# Join users immediately after connection to #one #two and #three.
#<autojoin channel="#one,#two,#three">
# Join users to #chat after 15 seconds if they aren't on any channels.
#<autojoin channel="#chat" delay="15">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Set modes on connect module: When this module is loaded <connect>
# blocks may have an optional modes="" value, which contains modes to
# add or remove from users when they connect to the server.
#<module name="conn_umodes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Wait for PONG on connect module: Send a PING to all connecting users
# and don't let them connect until they reply with a PONG.
# This is useful to stop certain kinds of bots and proxies.
#<module name="conn_waitpong">
#
#-#-#-#-#-#-#-#-#-#-#-   WAITPONG CONFIGURATION  -#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# If you have the conn_waitpong module loaded, configure it with the  #
# <waitpong> tag:                                                     #
#                                                                     #
# sendsnotice    -   Whether to send a helpful notice to users on     #
#                    connect telling them how to connect, should      #
#                    their client not reply PONG automatically.       #
#                                                                     #
# killonbadreply -   Whether to kill the user if they send the wrong  #
#                    PONG reply.                                      #
#                                                                     #
#<waitpong sendsnotice="no" killonbadreply="yes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Custom prefixes: Allows for channel prefixes to be configured.
#<module name="customprefix">
#
# name       The name of the mode, must be unique from other modes.
# letter     The letter used for this mode. Required.
# prefix     The prefix used for nicks with this mode. Not required.
# rank       A numeric rank for this prefix, defining what permissions it gives.
#            The rank of voice, halfop and op is 10000, 20000, and 30000,
#            respectively.
# ranktoset  The numeric rank required to set this mode. Defaults to rank.
# ranktounset The numeric rank required to unset this mode. Defaults to ranktoset.
# depriv     Can you remove the mode from yourself? Defaults to yes.
#<customprefix name="founder" letter="q" prefix="~" rank="50000" ranktoset="50000">
#<customprefix name="admin" letter="a" prefix="&amp;" rank="40000" ranktoset="50000">
#<customprefix name="halfop" letter="h" prefix="%" rank="20000" ranktoset="30000">
#
# You can also override the configuration of prefix modes added by both the core
# and other modules by adding a customprefix tag with change="yes" specified.
# <customprefix name="op" change="yes" rank="30000" ranktoset="30000">
# <customprefix name="voice" change="yes" rank="10000" ranktoset="20000" depriv="no">
#
# Do /RELOADMODULE customprefix after changing the settings of this module.

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Custom title module: Adds the /TITLE command which allows for trusted
# users to gain a custom whois line and an optional vhost can be
# specified.
#<module name="customtitle">
#
#-#-#-#-#-#-#-#-#-#-  CUSTOM TITLE CONFIGURATION   -#-#-#-#-#-#-#-#-#-#
#  name     - The username used to identify.
#  password - The password used to identify.
#  hash     - The hash for the specific user's password (optional).
#             password_hash and a hashing module must be loaded
#             for this to work.
#  host     - Allowed hostmask (optional).
#  title    - Title shown in whois.
#  vhost    - Displayed host (optional).
#
#<title name="foo" password="bar" title="Official Chat Helper">
#<title name="bar" password="foo" host="test@test.org" title="Official Chat Helper" vhost="helper.test.org">
#<title name="foo" password="$2a$10$UYZ4OcO8NNTCCGyCdY9SK.2GHiqGgxZfHFPOPmWuxEVWVQTtoDC7C" hash="bcrypt" title="Official Chat Helper">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Channel cycle module: Adds the /CYCLE command which is a server-side
# /HOP that bypasses restrictive modes.
#<module name="cycle">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# DCCALLOW module: Adds the /DCCALLOW command.
#<module name="dccallow">
#
#-#-#-#-#-#-#-#-#-#-#-  DCCALLOW CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#
#  blockchat         - Whether to block DCC CHAT as well as DCC SEND.
#  length            - Default duration of entries in DCCALLOW list.
#  action            - Default action to take if no action is
#                      specified, can be 'block' or 'allow'.
#  maxentries        - Max number of nicks to allow on a DCCALLOW list.
#
# File configuration:
#  pattern           - The glob pattern to match against.
#  action            - Action to take if a user attempts to send a file
#                      that matches this pattern, can be 'block' or
#                      'allow'.
#
#<dccallow blockchat="yes" length="5m" action="block" maxentries="20">
#<banfile pattern="*.exe" action="block">
#<banfile pattern="*.txt" action="allow">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Deaf module: Adds support for user modes +d and +D:
# d - deaf to channel messages and notices.
# D - deaf to user messages and notices.
#<module name="deaf">
#
#-#-#-#-#-#-#-#-#-#-#-#-  DEAF CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#
#  bypasschars        - Characters that bypass deaf to a regular user.
#  servicebypasschars - Characters that bypass deaf to a services users.
#                       Both of these take a list of characters that must match
#                       the starting character of a message.
#                       If 'servicebypasschars' is empty, then 'bypasschars' will
#                       match for both regular and services users.
#  privdeafservice    - Whether services users bypass user mode +D (privdeaf).
#
#<deaf bypasschars="" servicebypasschars="!" privdeafservice="yes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Delay join module: Adds the channel mode +D which delays all JOIN
# messages from users until they speak. If they quit or part before
# speaking, their quit or part message will not be shown to the channel
# which helps cut down noise on large channels in a more friendly way
# than the auditorium mode. Only channel ops may set the +D mode.
#<module name="delayjoin">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Delay message module: Adds the channel mode +d which disallows a user
# from talking in the channel unless they've been joined for X seconds.
# Settable using /MODE #chan +d 30
#<module name="delaymsg">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Deny channels module: Deny channels from being used by users.
#<module name="denychans">
#
#-#-#-#-#-#-#-#-#-#-#-   DENYCHAN DEFINITIONS  -#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# If you have the denychans module loaded, you need to specify the    #
# channels to deny:                                                   #
#                                                                     #
# name        -      The channel name to deny (glob masks are ok).    #
# allowopers  -      If operators are allowed to override the deny.   #
# reason      -      Reason given for the deny.                       #
# redirect    -      Redirect the user to a different channel.        #
#                                                                     #
#<badchan name="#gods*" allowopers="yes" reason="Tortoises!">         #
#<badchan name="#chan1" redirect="#chan2" reason="Chan1 is closed">   #
#                                                                     #
# Redirects will not work if the target channel is set +L.            #
#                                                                     #
# Additionally, you may specify channels which are allowed, even if   #
# a badchan tag specifies it would be denied:                         #
#<goodchan name="#funtimes">                                          #
# Glob masks are accepted here also.                                  #

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Disable module: Provides support for disabling commands and modes.  #
#<module name="disable">
#
#-#-#-#-#-#-#-#-#-#-#-#- DISABLE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# If you have the disable module loaded then you need to specify the  #
# commands and modes that you want disabled. Users who have not fully #
# connected yet are exempt from this module so you can e.g. disable   #
# the NICK command but still allow users to connect to the server.    #
#                                                                     #
# commands - A space-delimited list of commands that can not be used  #
#            by users. You can exempt server operators from this with #
#            the servers/use-disabled-commands privilege.             #
#                                                                     #
# chanmodes - One or more channel modes that can not be added/removed #
#             by users. You can exempt server operators from this     #
#             with the servers/use-disabled-modes privilege.          #
#                                                                     #
# usermodes - One or more user modes that can not be added/removed by #
#             users. You can exempt server operators from this with   #
#             the servers/use-disabled-modes privilege.               #
#                                                                     #
# fakenonexistent - Whether to pretend that a disabled command/mode   #
#                   does not exist when executed/changed by a user.   #
#                   Defaults to no.                                   #
#                                                                     #
# notifyopers - Whether to send a notice to snomask `a` when a user   #
#               is prevented from using a disabled command/mode.      #
#               Defaults to no.                                       #
#                                                                     #
#<disabled commands="KICK TOPIC"                                      #
#          chanmodes="kp"                                             #
#          usermodes="iw"                                             #
#          fakenonexistent="yes"                                      #
#          notifyopers="no">                                          #

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# DNS blacklist module: Provides support for looking up IPs on one or #
# more blacklists.                                                    #
#<module name="dnsbl">
#                                                                     #
# For configuration options please see the docs page for dnsbl at     #
# https://docs.inspircd.org/4/modules/dnsbl. You can also use one or  #
# more of the following example configs for popular DNSBLs:           #
#                                                                     #
# DroneBL (https://dronebl.org)                                       #
#<include file="&dir.example;/providers/dronebl.example.conf">
#                                                                     #
# EFnet RBL (https://rbl.efnetrbl.org)                                #
#<include file="&dir.example;/providers/efnet-rbl.example.conf">
#                                                                     #
# dan.me.uk Tor exit node DNSBL (https://www.dan.me.uk/dnsbl)         #
#<include file="&dir.example;/providers/torexit.example.conf">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Exempt channel operators module: Provides support for allowing      #
# users of a specified channel status to be exempt from some channel  #
# restriction modes. Supported restrictions are:                      #
# anticaps, auditorium-see, auditorium-vis, blockcolor, delaymsg,     #
# filter, flood, nickflood, noctcp, nonick, nonotice, opmoderated,    #
# regmoderated, repeat, stripcolor, topiclock                         #
# See <options:exemptchanops> in inspircd.example.conf for a more     #
# detailed list of the restriction modes that can be exempted.        #
# These are settable using: /MODE #chan +X <restriction>:<status>     #
# Furthermore, the exemptions configured in <options:exemptchanops>   #
# can also be negated by using: /MODE #chan +X <restriction>:*        #
#<module name="exemptchanops">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Filter module: Provides message filtering, similar to SPAMFILTER.   #
#<module name="filter">
#                                                                     #
# This module depends upon a regex provider such as regex_stdlib or   #
# regex_glob to function. You must specify which of these you want    #
# the filter module to use via the tag below.                         #
#                                                                     #
# Valid engines are:                                                  #
#                                                                     #
# glob   - Glob patterns, provided via regex_glob.                    #
# pcre   - PCRE regexps, provided via regex_pcre2, needs libpcre2.    #
# posix  - POSIX regexps, provided via regex_posix, not available     #
#          on Windows, no dependencies on other operating systems.    #
# stdregex - stdlib regexps, provided via regex_stdlib, see comment   #
#            at the <module> tag for info on availability.            #
#                                                                     #
# If enableflags is set, you can specify flags that modify matching   #
# of the regular expression.                                          #
#                                                                     #
# If notifyuser is set to no, the user will not be notified when      #
# their message is blocked.                                           #
#                                                                     #
# If warnonselfmsg is set to yes when a user sends a message to       #
# themself that matches a filter the filter will be ignored and a     #
# warning will be sent to opers instead. This stops spambots which    #
# send their spam message to themselves first to check if it is being #
# filtered by the server.                                             #
#<filteropts engine="stdregex"
#            enableflags="yes"
#            notifyuser="yes"
#            warnonselfmsg="no">
#                                                                     #
# Your choice of regex engine must match on all servers network-wide. #
#                                                                     #
# To learn more about the configuration of this module, read          #
# examples/filter.example.conf, which covers the various types of     #
# filters and shows how to add exemptions.                            #
#                                                                     #
#-#-#-#-#-#-#-#-#-#-#-  FILTER  CONFIGURATION  -#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# Optional - If you specify to use the filter module, then            #
# specify below the path to the filter.conf file, or define some      #
# <keyword> tags.                                                     #
#                                                                     #
#<include file="&dir.example;/filter.example.conf">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Gateway module: Enables forwarding the real IP address of a user from
# a gateway to the IRC server.
#<module name="gateway">
#
#-#-#-#-#-#-#-#-#-#-#-# GATEWAY  CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
#
# If you use the gateway module then you must specify the gateways which
# are authorised to forward IP/host information to your server. There
# are currently two ways to do this:
#
# The webirc method is the recommended way to allow gateways to forward
# IP/host information. When using this method the gateway sends a WEBIRC
# message to the server on connection. For more details please read the
# IRCv3 WebIRC specification at: https://ircv3.net/specs/extensions/webirc.html
#
# When using this method you must specify one or more wildcard masks
# or CIDR ranges to allow gateway connections from and at least one of
# either a TLS client certificate fingerprint for the gateway or
# a password to be sent in the WEBIRC command.
#
# <gateway type="webirc"
#          fingerprint="bd90547b59c1942b85f382bc059318f4c6ca54c5"
#          mask="192.0.2.0/24 198.51.100.*">
# <gateway type="webirc"
#          password="$2a$10$WEUpX9GweJiEF1WxBDSkeODBstIBMlVPweQTG9cKM8/Vd58BeM5cW"
#          hash="bcrypt"
#          mask="*.webirc.gateway.example.com">
#
# Alternatively if your gateway does not support sending the WEBIRC
# message then you can configure InspIRCd to look for the client IP
# address in the username sent by the user. This is not recommended
# as it only works with IPv4 connections.
#
# When using this method you must specify one or more wildcard masks
# or CIDR ranges to allow gateway connections from. You can also
# optionally configure the static value that replaces the IP in the
# username to avoid leaking the real IP address of gateway clients
# (defaults to "gateway" if not set).
#
# <gateway type="username"
#          mask="198.51.100.0/24 203.0.113.*"
#          newusername="wibble">
# <gateway type="username"
#          mask="*.username.gateway.example.com"
#          newusername="wobble">
#
# IMPORTANT NOTE:
# ---------------
#
# When you connect gateway clients, there are two connect classes which
# apply to these clients. When the client initially connects, the connect
# class which matches the gateway site's host is checked. Therefore you
# must raise the maximum local/global clients for this IP as high as you
# want to allow gateway clients. After the client has connected and is
# determined to be a gateway client, the class which matches the client's
# real IP is then checked. You may set this class to a lower value, so that
# the real IP of the client can still be restricted to, for example, 3
# sessions maximum.

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# MaxMindDB geolocation module: Provides geolocation information for  #
# other modules that need it using the libMaxMindDB library.          #
#                                                                     #
# This module depends on a third-party library (libmaxminddb) and may #
# need to be manually enabled at build time. If you are building from #
# source you can do this by installing this dependency and running:   #
#                                                                     #
#   ./configure --enable-extras geo_maxmind                           #
#   make install                                                      #
#                                                                     #
# Users of binary packages should consult the documentation for their #
# package to find out whether this module is available.               #
#<module name="geo_maxmind">
#                                                                     #
# If you use the geo_maxmind module you MUST provide a database file  #
# to look up geolocation information in. You can either purchase this #
# from MaxMind at https://www.maxmind.com/en/geoip2-country-database  #
# or use the free CC-BY-SA licensed GeoLite2 Country database which   #
# can be downloaded at https://dev.maxmind.com/geoip/geoip2/geolite2/ #
#<maxmind file="GeoLite2-Country.mmdb">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Geolocation ban module: Adds support for extban 'G' which matches   #
# against the ISO 3166-1 alpha-2 codes for the countries that users   #
# are connecting from. Users connecting from unknown origins such as  #
# internal networks can be matched against using the XX alpha-2 code. #
# A full list of ISO 3166-1 alpha-2 codes can be found at             #
# https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2                    #
#<module name="geoban">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Geolocation connect class module: Adds support for limiting connect #
# classes to users from specific countries. With this module you can  #
# specify a space-delimited list of two character the ISO 3166-1      #
# alpha-2 codes in the "country" field of a connect class. e.g. to    #
# deny connections from users in Russia or Turkey:                    #
#                                                                     #
# <connect deny="*" country="TR RU">                                  #
#                                                                     #
# Users connecting from unknown origins such as internal networks can #
# be matched against using the XX alpha-2 code. A full list of ISO    #
# 3166-1 alpha-2 codes can be found at                                #
# https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2                    #
#<module name="geoclass">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Global load module: Allows loading and unloading of modules network-
# wide (USE WITH EXTREME CAUTION!)
# This module is oper-only and provides /GLOADMODULE, /GUNLOADMODULE
# and /GRELOADMODULE.
# To use, GLOADMODULE, GUNLOADMODULE and GRELOADMODULE
# must be in one of your oper class blocks.
#<module name="globalload">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Globops module: Provides the /GLOBOPS command and snomask +g.
# This module is oper-only.
# To use, GLOBOPS must be in one of your oper class blocks.
#<module name="globops">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# HAProxy module: Adds support for the HAProxy PROXY v2 protocol. To
# use this module specify hook="haproxy" in the <bind> tag that HAProxy
# has been configured to connect to.
#<module name="haproxy">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Help module: Provides the /HELP command
#<module name="help">
#
#-#-#-#-#-#-#-#-#-#-#-#-  HELP  CONFIGURATION  -#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# If you specify to use the help module, then specify below the path  #
# to the help.conf file.                                              #
#                                                                     #
#<include file="&dir.example;/help.example.conf">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Help mode module: Provides oper-only user mode `h` (helpop) which
# marks a server operator as available for help.
#<module name="helpmode">
#
# If you also use the hideoper module you can allow hidden opers with
# the help mode set to to be included in `/STATS P` and mark helpers
# as such to differentiate them from opers.
# <helpmode ignorehideoper="no"
#           markhelpers="yes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Hide chans module: Allows users to hide their channels list from non-
# opers by setting user mode +I on themselves.
#<module name="hidechans">
#
# affectsopers: Whether server operators with the users/auspex privilege
#               are exempt from the hideoper (+I) mode. Defaults to no.
#
# hideservices: Whether to hide the channels of services pseudoclients
#               with the hideoper (+I) mode from all users. Defaults
#               to yes.
#
# <hidechans affectsopers="no"
#            hideservices="yes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Hide list module: Allows for hiding the list of listmodes from users
# who do not have sufficient channel rank.
#<module name="hidelist">
#
# Each <hidelist> tag configures one listmode to hide.
# mode: Name of the listmode to hide.
# rank: Minimum rank required to view the list. If set to 0, all
# members of the channel may view the list, but non-members may not.
# The rank of the built-in op and voice mode is 30000 and 10000,
# respectively; the rank of other prefix modes is configurable.
# Defaults to 20000.
#
# Hiding the ban list is not recommended because it may break some
# clients.
#
# Hide filter (+g) list:
#<hidelist mode="filter" rank="30000">
# Only show invite exceptions (+I) to channel members:
#<hidelist mode="invex" rank="0">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Hide mode module: Allows for hiding mode changes from users who do not
# have sufficient channel privileges.
#<module name="hidemode">
#
# Hide bans (+b) from people who are not voiced:
#<hidemode mode="ban" rank="10000">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Hide oper module: Allows opers to hide their oper status from non-
# opers by setting user mode +H on themselves.
# This module is oper-only.
#<module name="hideoper">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# hostcycle module: Sends a fake part and join for users when their
# username or hostname changes to update client information caches.
# This module is compatible with the ircv3_chghost module. Clients
# supporting the chghost extension will get the chghost message instead
# of seeing a host cycle.
#<module name="hostcycle">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# httpd module: Provides HTTP server support for InspIRCd.
#<module name="httpd">
#
#-#-#-#-#-#-#-#-#-#-#-#-  HTTPD   CONFIGURATION  -#-#-#-#-#-#-#-#-#-#-#
#
# If you choose to use the httpd module, then you will need to add
# a <bind> tag with type "httpd", and load at least one of the other
# httpd_* modules to provide pages to display.
# <bind address="127.0.0.1" port="8067" type="httpd">
# <bind address="127.0.0.1" port="8097" type="httpd" sslprofile="Clients">
#
# You can adjust the timeout for HTTP connections below. All HTTP
# connections will be closed after (roughly) this time period.
#<httpd timeout="20">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# HTTP ACL module: Provides access control lists for httpd dependent
# modules. Use this module to restrict pages by IP address and by
# password.
#<module name="httpd_acl">
#
#-#-#-#-#-#-#-#-#-#-#-#- HTTPD ACL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
#
# Restrict access to the httpd_stats module to all but the local
# network and when the correct password is specified:
# <httpdacl path="/stats*" types="password,whitelist"
#    username="secrets" password="mypasshere" whitelist="127.0.0.*,10.*">
#
# Deny all connections to all but the main index page:
# <httpdacl path="/*" types="blacklist" blacklist="*">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# HTTP config module: Allows the server configuration to be viewed over
# HTTP via the /config path. Requires the httpd module to be loaded for
# it to function.
#
# IMPORTANT: This module exposes extremely sensitive information about
# your server and users so you *MUST* protect it using a local-only
# <bind> tag and/or the httpd_acl module. See above for details.
#<module name="httpd_config">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# HTTP stats module: Provides server statistics over HTTP via the /stats
# path. Requires the httpd module to be loaded for it to function.
#
# IMPORTANT: This module exposes extremely sensitive information about
# your server and users so you *MUST* protect it using a local-only
# <bind> tag and/or the httpd_acl module. See above for details.
#<module name="httpd_stats">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Ident: Provides RFC 1413 ident lookup support.
# When this module is loaded <connect:allow> tags may have an optional
# useident="yes|no" boolean value, determining whether or not to lookup
# usernames on users matching that connect tag.
#<module name="ident">
#
#-#-#-#-#-#-#-#-#-#-#-#-   IDENT CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# Optional - If you are using the ident module, then you can specify  #
# the timeout for ident lookups here. If not defined, it will default #
# to 5 seconds. This is a non-blocking timeout which holds the user   #
# in a 'connecting' state until the lookup is complete.               #
# prefixunqueried: If yes, the usernames of users in a connect class  #
# with ident lookups disabled (i.e. <connect useident="no">) will be  #
# prefixed with a "~". If no, the username of those users will not be #
# prefixed. Default is no.                                            #
#
#<ident timeout="5" prefixunqueried="no">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Invite exception module: Adds support for channel invite exceptions
# (+I).
#<module name="inviteexception">
# bypasskey: If this is enabled, exceptions will bypass +k as well as +i
#<inviteexception bypasskey="yes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 module: Provides the IRCv3 account-notify, away-notify,
# extended-join, and standard-replies extensions. These are optional
# enhancements to the client-to-server protocol. An extension is only
# active for a client when the client specifically requests it, so this
# module needs the cap module to work.
#
# Further information on these extensions can be found at the IRCv3
# working group website:
# https://ircv3.net/irc/
#
#<module name="ircv3">
# The following block can be used to control which extensions are
# enabled. Note that extended-join can be incompatible with delayjoin
# and host cycling.
#<ircv3 accountnotify="yes"
#       awaynotify="yes"
#       extendedjoin="yes"
#       standardreplies="yes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 account-tag module. Adds the 'account' tag which contains the
# user account name of the message sender.
#<module name="ircv3_accounttag">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 batch module: Provides the batch IRCv3 extension which allows
# the server to inform a client that a group of messages are related to
# each other.
#<module name="ircv3_batch">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 cap-notify module: Provides the cap-notify IRCv3 extension.
# Required for IRCv3 conformance.
#<module name="ircv3_capnotify">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 chghost module: Provides the chghost IRCv3 extension which
# allows capable clients to learn when the username or hostname of a
# user changes
# This module is compatible with the hostcycle module. If both are
# loaded, clients supporting the chghost extension will get the chghost
# message and won't receive a host cycle.
#<module name="ircv3_chghost">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 client-to-client tags module: Provides the message-tags IRCv3
# extension which allows clients to add extra data to their messages.
# This is used to support new IRCv3 features such as replies and ids.
#<module name="ircv3_ctctags">
#
# If you want to only allow client tags that are intended for processing
# by the server you can disable the following setting. Doing this is not
# recommended though as it may break clients.
#<ctctags allowclientonlytags="yes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 echo-message module: Provides the echo-message IRCv3
# extension which allows capable clients to get an acknowledgement when
# their messages are delivered and learn what modifications, if any,
# were applied to them.
#<module name="ircv3_echomessage">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 invite-notify module: Provides the invite-notify IRCv3
# extension which notifies supporting clients when a user invites
# another user into a channel. This respects <security:announceinvites>.
#<module name="ircv3_invitenotify">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 labeled-response module: Provides the labeled-response IRCv3
# extension which allows server responses to be associated with the
# client message which caused them to be sent.
#<module name="ircv3_labeledresponse">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 message id module: Provides the msgid IRCv3 extension which
# adds a unique identifier to each message when the message-tags cap
# has been requested. This enables support for modern features such as
# reactions and replies.
#<module name="ircv3_msgid">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 server-time module. Adds the 'time' tag which adds a timestamp
# to all messages received from the server.
#<module name="ircv3_servertime">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 Strict Transport Security module: Provides the sts IRCv3
# extension which allows clients connecting insecurely to upgrade their
# connections to TLS.
#<module name="ircv3_sts">
#
# If using the ircv3_sts module you MUST define a STS policy to send
# to clients using the <sts> tag. This tag takes the following
# attributes:
#
# host     - A glob match for the SNI hostname to apply this policy to.
# duration - The amount of time that the policy lasts for. Defaults to
#            five minutes by default. You should raise this to a month
#            or two once you know that your config is valid.
# port     - The port on which TLS connections to the server are being
#            accepted. You MUST have a CA-verified certificate on this
#            port. Self signed certificates are not acceptable.
# preload  - Whether client developers can include your certificate in
#            preload lists.
#
# <sts host="*.example.com" duration="5m" port="6697" preload="yes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Join flood module: Adds support for join flood protection +j X:Y.
# Closes the channel for N seconds if X users join in Y seconds.
#<module name="joinflood">
#
# duration:   The number of seconds to close a channel for when it is
#             being flooded with joins.
#
# bootwait:   The number of seconds to disengage joinflood for after
#             a server boots. This allows users to reconnect without
#             being throttled by joinflood.
#
# splitwait:  The number of seconds to disengage joinflood for after
#             a server splits. This allows users to reconnect without
#             being throttled by joinflood.
#
# notifyrank: The lowest prefix rank that should receive notification
#             that the channel is closed to new users. This can be set
#             to 0 for all users, 10000 for voiced users (+v) and above,
#             30000 for channel operators (+o), or the value specified
#             in <customprefix:rank> for any custom prefix rank.
#
#<joinflood duration="1m"
#           bootwait="30s"
#           splitwait="30s"
#           notifyrank="0">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Anti auto rejoin: Adds support for prevention of auto-rejoin (+J).
#<module name="kicknorejoin">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Knock module: Adds the /KNOCK command and channel mode +K.
#<module name="knock">
#
# This setting specifies what to do when someone successfully /KNOCKs.
# If set to "notice", then a NOTICE will be sent to the channel.
# This is the default and the compatible setting, as it requires no
# special support from the clients.
# If set to "numeric" then a 710 numeric will be sent to the channel.
# This allows easier scripting but not all clients support it.
# If set to "both" then (surprise!) both will be sent.
#<knock notify="notice">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# LDAP module: Allows other SQL modules to access a LDAP database
# through a unified API.
#
# This module depends on a third-party library (OpenLDAP) and may need
# to be manually enabled at build time. If you are building from source
# you can do this by installing this dependency and running:
#
#   ./configure --enable-extras ldap
#   make install
#
# Users of binary packages should consult the documentation for their
# package to find out whether this module is available.
#<module name="ldap">
#
#<database module="ldap" id="ldapdb" server="ldap://localhost" binddn="cn=Manager,dc=inspircd,dc=org" bindauth="mysecretpass" searchscope="subtree">
# The server parameter indicates the LDAP server to connect to. The   #
# ldap:// style scheme before the hostname proper is MANDATORY.       #
#                                                                     #
# The binddn and bindauth indicate the DN to bind to for searching,   #
# and the password for the distinguished name. Some LDAP servers will #
# allow anonymous searching in which case these two values do not     #
# need defining, otherwise they should be set similar to the examples #
# above.                                                              #
#                                                                     #
# The searchscope value indicates the subtree to search under. On our #
# test system this is 'subtree'. Your mileage may vary.               #

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# LDAP authentication module: Adds the ability to authenticate users  #
# via LDAP.                                                           #
#<module name="ldapauth">
#                                                                     #
# Configuration:                                                      #
#                                                                     #
# <ldapauth dbid="ldapdb"                                             #
#           baserdn="ou=People,dc=brainbox,dc=cc"                     #
#           attribute="uid"                                           #
#           killreason="Access denied"                                #
#           verbose="yes"                                             #
#           host="$uid.$ou.inspircd.org"                              #
#           field="nickname">                                         #
#                                                                     #
# <ldapexemption mask="*!*@10.42.0.0/16">                             #
# <ldapexemption mask="Guest*!*@*">                                   #
#                                                                     #
# <ldaprequire attribute="attr" value="val">                          #
#                                                                     #
# The baserdn indicates the base DN to search in for users. Usually   #
# this is 'ou=People,dc=yourdomain,dc=yourtld'.                       #
#                                                                     #
# The attribute value indicates the attribute which is used to locate #
# a user account by name. On POSIX systems this is usually 'uid'.     #
#                                                                     #
# The field setting chooses where to select the LDAP username from.   #
# Valid options are "nickname", "username", and "password".           #
#                                                                     #
# Killreason indicates the QUIT reason to give to users if they fail  #
# to authenticate.                                                    #
#                                                                     #
# Setting the verbose value causes an oper notice to be sent out for  #
# every failed authentication to the server, with an error string.    #
#                                                                     #
# ldapwhitelist indicates that clients connecting from an IP in the   #
# provided CIDR do not need to authenticate against LDAP. It can be   #
# repeated to whitelist multiple CIDRs.                               #
#                                                                     #
# ldaprequire allows further filtering on the LDAP user, by requiring #
# certain LDAP attributes to have a given value. It can be repeated,   #
# in which case the list will act as an OR list, that is, the         #
# authentication will succeed if any of the requirements in the list  #
# is satisfied.                                                       #
#                                                                     #
# host allows you to change the displayed host of users connecting    #
# from ldap. The string supplied takes formatters which are replaced  #
# from the DN. For instance, if your DN looks like:                   #
# uid=w00t,ou=people,dc=inspircd,dc=org, then the formatters uid, ou  #
# and dc will be available to you. If a key is given multiple times   #
# in the DN, the last appearance will take precedence.                #

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# LDAP oper configuration module: Adds the ability to authenticate    #
# opers via LDAP.                                                     #
#<module name="ldapoper">
#                                                                     #
# Configuration:                                                      #
#                                                                     #
# <ldapoper dbid="ldapdb"
#           baserdn="ou=People,dc=brainbox,dc=cc"
#           attribute="uid">
#                                                                     #
# Available configuration items are identical to the same items in    #
# ldapauth above (except for the verbose setting, that is only        #
# supported in ldapauth).                                             #
# Please always specify a password in your <oper> tags even if the    #
# opers are to be authenticated via LDAP, so in case this module is   #
# not loaded the oper accounts are still protected by a password.     #

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# JSON logging module: Allows writing messages to a JSON file.        #
#                                                                     #
# This module depends on a third-party library (yyjson or RapidJSON)  #
# and may need to be manually enabled at build time. If you are       #
# building from source you can do this by installing this dependency  #
# and running:                                                        #
#                                                                     #
#   ./configure --enable-extras log_json                              #
#   make install                                                      #
#                                                                     #
# Users of binary packages should consult the documentation for their #
# package to find out whether this module is available.               #
#<module name="log_json">
#
#<log method="json"
#     target="inspircd.json"
#     level="normal"
#     type="* -USERINPUT -USEROUTPUT">
#
#<log method="json-stderr"
#     level="normal"
#     type="* -USERINPUT -USEROUTPUT">
#
#<log method="json-stdout"
#     level="normal"
#     type="* -USERINPUT -USEROUTPUT">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SQL logging module: Allows writing messages to an SQL database..    #
#<module name="log_sql">
#
# This module adds the following fields to the <log> tag:
#
# dbid - The id for the <database> tag that defines your database
#        connection details.
# query - A custom query to use when inserting logs into the database.
#
#<log method="sql"
#     level="normal"
#     type="* -USERINPUT -USEROUTPUT"
#     dbid="sql-log"
#     query="INSERT INTO ircd_log (time, type, message) VALUES (FROM_UNIXTIME($time), '$type', '$message');">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Syslog logging module: Allows writing messages to the system log.   #
#                                                                     #
# This module depends on a POSIX component (syslog) and may need to   #
# be manually enabled at build time. If you are building from source  #
# you can do this by running:                                         #
#                                                                     #
#   ./configure --enable-extras log_syslog                            #
#   make install                                                      #
#                                                                     #
# Users of binary packages should consult the documentation for their #
# package to find out whether this module is available.               #
#<module name="log_syslog">
#
#<log method="syslog"
#     level="normal"
#     type="* -USERINPUT -USEROUTPUT">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Map hiding module: replaces /MAP and /LINKS output to users with a  #
# message to see a website, set by maphide="https://test.org/map" in  #
# the <security> tag, instead.                                        #
#<module name="maphide">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# MD5 module: Allows other modules to generate MD5 hashes, usually for
# cryptographic uses and security. This module is deprecated and will
# be removed in the next major version of InspIRCd.
#
# IMPORTANT:
# Other modules such as cloak_md5 and password_hash may rely on
# this module being loaded to function.
#
#<module name="md5">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Message flood module: Adds message/notice flood protection via
# channel mode +f.
#<module name="messageflood">
#
# The weight to give each message type. TAGMSGs are considered to be
# 1/5 of a NOTICE or PRIVMSG to avoid users being accidentally flooded
# out of a channel by automatic client features such as typing
# notifications.
#<messageflood message="Message flood detected (trigger is %messages% messages in %duration%)"
#              extended="yes"
#              notice="1.0"
#              privmsg="1.0"
#              tagmsg="0.2">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Monitor module: Adds support for MONITOR which is used by clients to
# maintain notify lists.
#<module name="monitor">
#
# Set the maximum number of entries on a user's monitor list below.
#<monitor maxentries="30">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Multiple prefix module: Provides support for the IRCv3 multi-prefix
# capability which allows clients to see all the prefix modes set on a
# user.
#<module name="multiprefix">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Muteban: Implements extended ban 'm', which stops anyone matching
# a mask like +b m:nick!user@host from speaking on channel.
#<module name="muteban">
#
# If notifyuser is set to no, the user will not be notified when
# their message is blocked.
#<muteban notifyuser="yes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# MySQL module: Allows other SQL modules to access MySQL databases
# through a unified API.
#
# This module depends on a third-party library (libmysqlclient) and may
# need to be manually enabled at build time. If you are building from
# source you can do this by installing this dependency and running:
#
#   ./configure --enable-extras mysql
#   make install
#
# Users of binary packages should consult the documentation for their
# package to find out whether this module is available.
#<module name="mysql">
#
#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# mysql is more complex than described here, see the docs for more    #
# info: https://docs.inspircd.org/4/modules/mysql                     #
#
#<database module="mysql" name="mydb" user="myuser" pass="mypass" host="localhost" id="my_database2" ssl="no">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Named modes module: Allows for the display and set/unset of channel
# modes via long-form mode names via +Z and the /PROP command.
# For example, to set a ban, do /MODE #channel +Z ban=foo!bar@baz or
# /PROP #channel ban=foo!bar@baz
#<module name="namedmodes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Nickchange flood protection module: Provides channel mode +F X:Y
# which allows up to X nick changes in Y seconds.
#<module name="nickflood">
#
# The time period to prevent nick changes for:
#<nickflood duration="1m">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Nicklock module: Let opers change a user's nick and then stop that
# user from changing their nick again until unlocked.
# This module is oper-only.
# To use, NICKLOCK and NICKUNLOCK must be in one of your oper class blocks.
#<module name="nicklock">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# No CTCP module: Adds the channel mode +C and user mode +T to block
# CTCPs and extban 'C' to block CTCPs sent by specific users.
#<module name="noctcp">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# No kicks module: Adds the +Q channel mode and the Q: extban to deny
# certain users from kicking.
#<module name="nokicks">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# No nicks module: Adds the +N channel mode, as well as the 'N' extban.
# +N stops all users from changing their nick, the N extban stops
# anyone from matching a +b N:nick!user@host mask from changing their
# nick.
#<module name="nonicks">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# No notice module: Adds the channel mode +T and the extban 'T' to
# block specific users from noticing the channel.
#<module name="nonotice">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Network business join module:
# Allows an oper to join a channel using /OJOIN, giving them +Y on the
# channel which makes them immune to kicks.
#<module name="ojoin">
#
# Specify the prefix that +Y will grant here.
# Leave 'prefix' empty if you do not wish +Y to grant a prefix.
# If 'notice' is set to on, upon /OJOIN, the server will notice the
# channel saying that the oper is joining on network business.
# If 'op' is set to on, it will give them +o along with +Y.
#<ojoin prefix="!" notice="yes" op="yes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper channels mode: Adds the +O channel mode which restricts channel
# access to server operators and extbans O:<type> and o:<account> that
# match against an oper type and oper account respectively.
#<module name="operchans">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper join module: Auto-joins opers to a channel upon oper-up.
# This module is oper-only. For the user equivalent, see the conn_join
# module.
#<module name="operjoin">
#
#-#-#-#-#-#-#-#-#-#-#   OPERJOIN CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# If you are using the operjoin module, specify options here:         #
#                                                                     #
# channel     -      The channel name to join, can also be a comma    #
#                    separated list e.g. "#channel1,#channel2".       #
#                                                                     #
# override    -      If on, lets the oper join walking thru any modes #
#                    that might be set, even bans.                    #
#                                                                     #
#<operjoin channel="#channel" override="no">
#
# Alternatively you can use the autojoin="channellist" in a <type>    #
# tag to set specific autojoins for a type of oper, for example:      #
#
#<type name="Helper" autojoin="#help" classes="...">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper levels module: Gives each oper a level and prevents actions
# being taken by lower level opers against higher level opers.
# Specify the level as the 'level' parameter of the <type> tag.
# This module is oper-only.
#<module name="operlevels">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper log module: Logs all oper commands to the server log (with log
# type "m_operlog" at default loglevel), and optionally to the 'o'
# snomask.
# This module is oper-only.
#<module name="operlog">
#
# If the following option is on then all oper commands will be sent to
# the snomask 'o'. The default is no.
#<operlog tosnomask="no">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper modes module: Allows you to specify modes to add/remove on oper.
# Specify the modes as the 'modes' parameter of the <type> tag
# and/or as the 'modes' parameter of the <oper> tag.
# This module is oper-only. For the user equivalent, see the
# conn_umodes module.
#<module name="opermodes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper MOTD module: Provides support for a separate message of the day
# on oper-up.
# This module is oper-only.
#<module name="opermotd">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper prefixing module: Adds a channel prefix mode +y which is given
# to all server operators automatically on all channels they are in.
# This prefix mode is more powerful than channel op and other regular
# prefix modes.
#
# Load this module if you want all your server operators to have
# channel operator powers.
#<module name="operprefix">
#
# You may additionally customise the prefix character.
#<operprefix prefix="!">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Op moderated module: Adds channel mode +U and extban u: which allow
# making messages from matching unprivileged users only visible to
# channel operators.
#<module name="opmoderated">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Override module: Adds support for oper override.
# This module is oper-only.
#<module name="override">
#
#-#-#-#-#-#-#-#-#-#-#   OVERRIDE CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# Much of override's configuration relates to your oper blocks.       #
# For more information on how to allow opers to override, see:        #
# https://docs.inspircd.org/4/modules/override                        #
#                                                                     #
# noisy         - If enabled, all oper overrides will be announced    #
#                 via channel notice.                                 #
#                                                                     #
# requirekey    - If enabled, overriding on join requires a channel   #
#                 key of "override" to be specified.                  #
#                                                                     #
# timeout:        The time period after which to automatically remove #
#                 the override user mode. If not set then it will not #
#                 be removed automatically.                           #
#                                                                     #
#<override noisy="yes"
#          requirekey="no"
#          timeout="30m">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Password forwarding module: Allows forwarding passwords to services to
# automatically log users into their account. The password can either be
# specified as the server password or as a second parameter to the /NICK
# command.
#<module name="passforward">

<passforward

	# nick: The nick of the service to forward passwords to.
	nick="NickServ"

	# forwardmsg: Message to send to users when forwarding their
	# password. You can use the following variables in this message:
	#
	# %nick%          The nickname of the authenticating user.
	# %nickrequired%  The nickname of the service to forward to (see above).
	# %pass%          The password to forward to services.
	# %user%          The username of the authenticating user.
	forwardmsg="NOTICE %nick% :*** Forwarding password to %nickrequired%"

	# cmd: The message to send to forward passwords to services.
	cmd="SQUERY %nickrequired% :IDENTIFY %nick% %pass%">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Password hash module: Allows hashed passwords to be used.
# To be useful, a hashing module like bcrypt also needs to be loaded.
#<module name="password_hash">
#
#-#-#-#-#-#-#-#-#-# PASSWORD HASH CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#
#
# To use this module, you must define a hash type for each oper's
# password you want to hash. For example:
#
#     <oper name="Brain"
#           host="brain@dialup15.isp.test.com"
#           hash="bcrypt"
#           password="$2a$10$Mss9AtHHslZTLBrXqM0FB.JBwD.UTSu8A48SfrY9exrpxbsRiRTbO"
#           type="NetAdmin">
#
# If you are using a hash algorithm which does not perform salting you can use
# HMAC to salt your passwords in order to prevent them from being looked up in
# a rainbow table.
#
#    hash="hmac-sha256" password="lkS1Nbtp$CyLd/WPQXizsbxFUTqFRoMvaC+zhOULEeZaQkUJj+Gg"
#
# Generate hashes using the /MKPASSWD command on the server.
# Don't run it on a server you don't trust with your password.
#
# You can also make the MKPASSWD command oper only by uncommenting this:
#<mkpasswd operonly="yes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# PBKDF2 module: Allows other modules to generate PBKDF2 hashes,
# usually for cryptographic uses and security.
# This module relies on other hash providers (e.g. SHA2).
#<module name="pbkdf2">
#
# iterations: Iterations the hashing function runs when generating new
# hashes.
# length: Length in bytes of the derived key.
#<pbkdf2 iterations="12288" length="32">
# You can override these values with specific values
# for specific providers if you want to. Example given for SHA2.
#<pbkdf2prov hash="sha256" iterations="24576">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Permanent channels module: Channels with the permanent channel mode
# will remain open even after everyone else has left the channel, and
# therefore keep things like modes, ban lists and topic. Permanent
# channels -may- need support from your Services package to function
# properly with them. This adds channel mode +P.
# This module is oper-only.
#<module name="permchannels">
#
# If you like, this module can write a config file of permanent channels
# whenever +P is set, unset, or the topic/modes on a +P channel is changed.
# If you want to do this, set the filename below, and uncomment the include.
#
# If 'listmodes' is yes then all list modes (+b, +I, +e, +g...) will be
# saved. Defaults to no.
#
# 'saveperiod' determines how often to check if the database needs to be
# saved to disk. Defaults to every five seconds.
#
# 'backoff' is the value to multiply the saveperiod by every time a save
# fails. When the save succeeds the period will be reset.
#
# 'maxbackoff' is the maximum write period that should be allowed even
# if incremental backoff is enabled.
#
# 'operonly' determines whether a server operator or services server is
# needed to enable the permchannels mode. You should generally keep this
# set to yes unless you know what you are doing.
#<permchanneldb filename="permchannels.conf"
#               listmodes="yes"
#               saveperiod="5s"
#               backoff="2"
#               maxbackoff="5m"
#               operonly="yes">
#<include file="permchannels.conf" missingokay="yes">
#
# You may also create channels on startup by using the <permchannels> block.
#<permchannels channel="#opers" modes="isP" topic="Opers only.">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# PostgreSQL module: Allows other SQL modules to access PgSQL databases
# through a unified API.
#
# This module depends on a third-party library (libpq) and may need to
# be manually enabled at build time. If you are building from source
# you can do this by installing this dependency and running:
#
#   ./configure --enable-extras pgsql
#   make install
#
# Users of binary packages should consult the documentation for their
# package to find out whether this module is available.
#<module name="pgsql">
#
#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# pgsql is more complex than described here, see the docs for         #
# more: https://docs.inspircd.org/4/modules/pgsql                     #
#
#<database module="pgsql" name="mydb" user="myuser" pass="mypass" host="localhost" id="my_database" tls="yes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Random quote module: Provides a random quote on connect.
# NOTE: Some of these may mimic fatal errors and confuse users and
# opers alike - BEWARE!
#<module name="randquote">
#
#-#-#-#-#-#-#-#-#-#-  RANDOMQUOTES CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# Optional - If you specify to use the randquote module, then specify #
# below the path to the quotes file.                                  #
#                                                                     #
#<randquote file="quotes.txt">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Real name ban: Implements two extended bans:                        #
# 'a', which matches a n!u@h+realname mask like +b a:*!*@host+*real*  #
# 'r', which matches a realname mask like +b r:*realname?here*        #
#<module name="realnameban">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Redirect module: Adds channel mode +L which redirects users to      #
# another channel when the channel has reached its user limit and     #
# user mode +L which stops redirection.                               #
#<module name="redirect">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Regular expression provider for glob or wildcard (?/*) matching.
# You must have at least 1 provider loaded to use the filter or R-line
# modules. This module has no additional requirements, as it uses the
# matching already present in InspIRCd core.
#<module name="regex_glob">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Regular expression provider for PCRE2 (Perl-Compatible Regular
# Expressions). You need libpcre2 installed to compile and load this
# module. You must have at least 1 provider loaded to use the filter or
# R-line modules.
#<module name="regex_pcre2">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Regular expression provider for POSIX regular expressions.
# You shouldn't need any additional libraries on a POSIX-compatible
# system (i.e.: any Linux, BSD, but not Windows). You must have at
# least 1 provider loaded to use the filter or R-line modules.
# On POSIX-compliant systems, regex syntax can be found by using the
# command: 'man 7 regex'.
#<module name="regex_posix">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Regular Expression Provider for RE2 Regular Expressions.
# You need libre2 installed and in your include/library paths in order
# to compile and load this module.
#<module name="regex_re2">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Regular expression provider for C++11 std::regex regular expressions.
#<module name="regex_stdlib">
#
# Specify the regular expression engine to use here. Valid settings are
# bre, ere, awk, grep, egrep, ecmascript (default if not specified).
#<stdregex type="ecmascript">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Remove module: Adds the /REMOVE command which is a peaceful
# alternative to /KICK.
#<module name="remove">
#
# supportnokicks: If yes, /REMOVE is not allowed on channels where the
# nokicks (+Q) mode is set. Defaults to no.
# protectedrank: Members having this rank or above may not be /REMOVE'd
# by anyone. Set to 0 to disable this feature. Defaults to 50000.
#<remove supportnokicks="yes" protectedrank="50000">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Repeat module: Allows to block, kick or ban upon similar messages
# being uttered several times. Provides channel mode +E.
#
# Syntax: [~|*]<lines>:<duration>[:<difference>][:<backlog>]
#         ~ is to block, * is to ban, default is kick.
# lines      - In mode 1, the amount of lines that has to match consecutively.
#              In mode 2, the size of the backlog to keep for matching.
# seconds    - How old the message has to be before it's invalidated.
# difference - Edit distance, in percent, between two strings to trigger on.
# backlog    - When set, the function goes into mode 2. In this mode the
#              function will trigger if this many of the last <lines> matches.
#
# As this module can be rather CPU-intensive, it comes with some options.
# maxbacklog  - Maximum size that can be specified for backlog. 0 disables
#               multiline matching.
# maxdistance - Max percentage of difference between two lines we'll allow
#               to match. Set to 0 to disable edit-distance matching.
# maxlines    - Max lines of backlog to match against.
# maxtime     - Maximum period of time a user can set. 0 to allow any.
# size        - Maximum number of characters to check for, can be used to
#               truncate messages before they are checked, resulting in
#               less CPU usage. Increasing this beyond 512 doesn't have
#               any effect, as the maximum length of a message on IRC
#               cannot exceed that.
# kickmessage - Kick message when * is specified
#<repeat maxbacklog="20"
#        maxdistance="50"
#        maxlines="20"
#        maxtime="0s"
#        size="512"
#        extended="yes"
#        message="Repeat flood detected (trigger is %lines% messages in %duration%)">
#<module name="repeat">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Restricted channels module: Allows only opers with the
# channels/restricted-create priv and/or registered users to
# create channels.
#
# You probably *DO NOT* want to load this module on a public network.
#
#<module name="restrictchans">
#
# allowregistered: should registered users be allowed to bypass the restrictions?
#<restrictchans allowregistered="no">
#
# Allow any channel matching #user-* to be created, bypassing restrictchans checks
#<allowchannel name="#user-*">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Restrict message module: Allows users to only message opers.
#
# You probably *DO NOT* want to load this module on a public network.
#
#<module name="restrictmsg">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# R-line module: Ban users through regular expression patterns.
#<module name="rline">
#
#-#-#-#-#-#-#-#-#-#-#-#- RLINE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
#
# If you wish to re-check a user when they change nickname (can be
# useful under some situations, but *can* also use CPU with more users
# on a server) then set 'matchonnickchange' to yes.
# If you additionally want Z-lines to be added on matches, then
# set 'zlineonmatch' to yes.
# Also, this is where you set what Regular Expression engine is to be
# used. If you ever change it while running, all of your R-lines will
# be wiped. This is the regex engine used by all R-lines set, and
# regex_<engine> must be loaded, or rline will be non-functional
# until you load it or change the engine to one that is loaded.
#
#<rline matchonnickchange="yes" zlineonmatch="no" engine="stdregex">
#
# Generally, you will NOT want to use 'glob' here, as this turns an
# R-line into just another G-line. The exceptions are that R-lines will
# always use the full "nick!user@host realname" string, rather than only
# user@host, but beware that only the ? and * wildcards are available,
# and are the only way to specify where the space can occur if you do
# use glob. For this reason, is recommended to use a real regex engine
# so that at least \s or [[:space:]] is available.

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# RMODE module: Adds the /RMODE command.
# Allows channel operators to remove list modes en masse, optionally
# matching a glob-based pattern.
# Syntax: /RMODE <channel> <mode> [<pattern>]
# E.g. '/RMODE #channel b m:*' will remove all mute extbans on the channel.
#<module name="rmode">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SAJOIN module: Adds the /SAJOIN command which forcibly joins a user
# to the given channel.
# This module is oper-only.
# To use, SAJOIN must be in one of your oper class blocks.
# Opers need the users/sajoin-others priv to be able to /SAJOIN users
# other than themselves.
#<module name="sajoin">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SAKICK module: Adds the /SAKICK command which kicks a user from the
# given channel.
# This module is oper-only.
# To use, SAKICK must be in one of your oper class blocks.
#<module name="sakick">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SAMODE module: Adds the /SAMODE command which allows server operators
# to change modes on a channel without requiring them to have any
# channel privileges. Also allows changing user modes for any user.
# This module is oper-only.
# To use, SAMODE must be in one of your oper class blocks.
#<module name="samode">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SANICK module: Adds the /SANICK command which allows opers to change
# users' nicks.
# This module is oper-only.
# To use, SANICK must be in one of your oper class blocks.
#<module name="sanick">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SAPART module: Adds the /SAPART command which forcibly parts a user
# from a channel.
# This module is oper-only.
# To use, SAPART must be in one of your oper class blocks.
#<module name="sapart">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SAQUIT module: Adds the /SAQUIT command which forcibly quits a user.
# This module is oper-only.
# To use, SAQUIT must be in one of your oper class blocks.
#<module name="saquit">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SASL authentication module: Provides support for IRC Authentication
# Layer via AUTHENTICATE. Note: You also need to have cap loaded
# for SASL to work.
#<module name="sasl">

# You must define <sasl:target> to the name of your services server so
# that InspIRCd knows where to send SASL authentication messages and
# when it should enable the SASL capability.
# You can also define <sasl:requiressl> to require users to use TLS
# in order to be able to use SASL.
#<sasl target="services.mynetwork.com"
#      requiressl="yes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SATOPIC module: Adds the /SATOPIC command which allows changing the
# topic on a channel without requiring any channel privileges.
# This module is oper-only.
# To use, SATOPIC must be in one of your oper class blocks.
#<module name="satopic">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Secure list module: Prevent users from using the /LIST command until
# a predefined period has passed. This helps protect your network from
# spambots.
#<module name="securelist">
#
#-#-#-#-#-#-#-#-#-# SECURELIST CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# Securelist can be harmful to some IRC search engines. To prevent    #
# securelist blocking these sites from listing, define exception tags #
# as shown below:                                                     #
#<securehost exception="*@*.netsplit.de">
#                                                                     #
# exemptregistered - Whether the waiting period applies to users who  #
#                    are logged in to a user account.                 #
#                    Defaults to no.                                  #
#                                                                     #
# fakechans - The number of fake channels to show in /LIST. This can  #
#             be used to break spambots.                              #
#                                                                     #
# fakechanprefix - The prefix for the fake channels. A random suffix  #
#                  will be appended to this when generating channels. #
#                                                                     #
# fakechantopic - The topic for the fake channels. A random format    #
#                 modifier will be inserted into this for randomness. #
#                                                                     #
# hidesmallchans - The minimum user count for a channel to show up in #
#                  /LIST after the wait period (see below). If a user #
#                  is exempt from the wait period this will not apply #
#                  to them.                                           #
#                                                                     #
# showmsg - Whether to tell users that they need to wait for a while  #
#           before they can use the /LIST command.                    #
#           Defaults to no.                                           #
#                                                                     #
# waittime - The time period that a user must be connected for before #
#            they can use the /LIST command. If exemptregistered is   #
#            enabled you can set this to 0 to disable unauthenticated #
#            users from viewing the channel list.                     #
#            Defaults to 1 minute.                                    #
#                                                                     #
#<securelist exemptregistered="yes"
#            fakechans="5"
#            fakechanprefix="#spam"
#            fakechantopic="Fake channel for confusing spambots"
#            hidesmallchans="0"
#            showmsg="yes"
#            waittime="1m">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# See nicks module: Adds snomask +n and +N which show local and remote
# nick changes.
# This module is oper-only.
#<module name="seenicks">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Serverban: Implements extended ban 's', which stops anyone connected
# to a server matching a mask like +b s:server.mask.here from joining.
# Wildcards are accepted.
#<module name="serverban">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Services integration module: Adds various features which enable
# integrating with a third-party services pseudoserver like Anope or
# Atheme.
#<module name="services">
#
#-#-#-#-#-#-#-#-#-#-#-#- SERVICES  CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
#  accountoverrideshold - Whether to allow users that are logged in   #
#                         to an account that has a services-held nick #
#                         in their group to override the SVSHOLD.     #
#                         Defaults to no.                             #
#                                                                     #
#  disablemodes         - Whether channel mode `r` (registered) and   #
#                         user mode `r` (u_registered) are disabled.  #
#                         These modes are deprecated in InspIRCd v4   #
#                         but may still be needed by older services   #
#                         software. Anope 2.1 is known to work with   #
#                         this enabled. Defaults to no.               #
#                                                                     #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#
# <servicesintegration accountoverrideshold="yes"
#                      disablemodes="no">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Sethost module: Adds the /SETHOST command.
# This module is oper-only.
# To use, SETHOST must be in one of your oper class blocks.
# See the chghost module for how to customise valid chars for hostnames.
#<module name="sethost">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Setident module: Adds the /SETIDENT command.
# This module is oper-only.
# To use, SETIDENT must be in one of your oper class blocks.
#<module name="setident">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Set idle module: Adds a command for opers to change their idle time.
# This module is oper-only.
# To use, SETIDLE must be in one of your oper class blocks.
#<module name="setidle">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SETNAME module: Adds the /SETNAME command.
#<module name="setname">
#
#-#-#-#-#-#-#-#-#-#-#-#- SETNAME CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# operonly - Whether the SETNAME command should only be usable by     #
#            server operators. Defaults to no.                        #
#                                                                     #
# notifyopers - Whether to send a snotice to snomask `a` when a user  #
#               changes their real name. Defaults to to yes if        #
#               oper-only and no if usable by everyone.               #
#                                                                     #
#<setname notifyopers="yes"
#         operonly="no">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SHA1 module: Allows other modules to generate SHA1 hashes.
# Required by the WebSocket module.
#<module name="sha1">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SHA2 module: Allows other modules to generate SHA2 hashes,
# usually for cryptographic uses and security.
#
# IMPORTANT:
# Other modules such as password_hash may rely on this module being
# loaded to function. Certain modules such as spanningtree will
# function without this module but when it is loaded their features will
# be enhanced (for example the addition of HMAC authentication).
#
#<module name="sha2">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Showfile: Provides support for showing a text file to users when    #
# they enter a command.                                               #
# This module adds one command for each <showfile> tag that shows the #
# given file to the user as a series of messages or numerics.         #
#<module name="showfile">
#                                                                     #
#-#-#-#-#-#-#-#-#-#-# SHOWFILE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# name    - The name of the command which displays this file. This is #
#           the only mandatory setting, all others are optional.      #
# file    - The text file to be shown to the user.                    #
#           By default same as the command name.                      #
# method  - How should the file be shown?                             #
#           * numeric: Send contents using a numeric                  #
#             (similar to /MOTD; the default).                        #
#           * notice:  Send contents as a series of notices.          #
#           * msg:     Send contents as a series of private messages. #
#                                                                     #
# When using the method "numeric", the following extra settings are   #
# available:                                                          #
#                                                                     #
# introtext    - Introductory line, "Showing <name>" by default.      #
# intronumeric - Numeric used for the introductory line.              #
# numeric      - Numeric used for sending the text itself.            #
# endtext      - Ending line, "End of <name>" by default.             #
# endnumeric   - Numeric used for the ending line.                    #
#                                                                     #
#<showfile name="RULES"
#          file="rules.txt"
#          introtext="Server rules:"
#          endtext="End of server rules.">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Show whois module: Adds the +W user mode which allows opers to see
# when they are /WHOIS'd.
# This module is oper-only by default.
#<module name="showwhois">
#
# If you wish, you may also let users set this mode.
#<showwhois opersonly="yes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Shun module: Provides the /SHUN command, which stops a user from
# executing all except configured commands.
# This module is oper-only.
# To use, SHUN must be in one of your oper class blocks.
#<module name="shun">
#
# Configuration:
#
#  allowconnect: Whether to only apply shuns to users who are fully
#                connected to the server.
#
#  allowtags: Whether to allow client tags to be attached to enabled
#             commands.
#
#  cleanedcommands: The commands that, if enabled, should be cleaned
#                    of any message content if a shunned user tries to
#                    execute them.
#
#  enabledcommands: The commands that a shunned user is allowed to
#                   execute.
#
#  notifyuser: Whether to notify shunned users that a command they tried
#              to execute has been blocked.
#
#<shun enabledcommands="ADMIN OPER PING PONG QUIT PART JOIN"
#      cleanedcommands="AWAY PART QUIT"
#      allowconnect="no"
#      allowtags="no"
#      notifyuser="yes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Silence module: Adds support for the /SILENCE command, which allows
# users to have a server-side ignore list for their client.
#<module name="silence">
#
# Set the maximum number of entries allowed on a user's silence list.
#<silence maxentries="32"
#
# Whether messages from services servers will bypass silence masks.
#exemptservice="yes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#    ____                _   _____ _     _       ____  _ _   _        #
#   |  _ \ ___  __ _  __| | |_   _| |__ (_)___  | __ )(_) |_| |       #
#   | |_) / _ \/ _` |/ _` |   | | | '_ \| / __| |  _ \| | __| |       #
#   |  _ <  __/ (_| | (_| |   | | | | | | \__ \ | |_) | | |_|_|       #
#   |_| \_\___|\__,_|\__,_|   |_| |_| |_|_|___/ |____/|_|\__(_)       #
#                                                                     #
# To link servers to InspIRCd, you MUST load the spanningtree module. #
# If you don't do this, server links will NOT work at all.            #
# This is by design, to allow for the implementation of other linking #
# protocols in modules in the future.                                 #

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Spanning tree module: Allows linking of servers using the spanning
# tree protocol (see the READ THIS BIT section above).
# You will almost always want to load this.
#
#<module name="spanningtree">
#
# This file has all the information about server links and services servers.
# You *MUST* edit it if you intend to link servers.
#<include file="&dir.example;/links.example.conf">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SQL authentication module: Allows IRCd connections to be tied into
# a database table (for example a forum).
#
#<module name="sqlauth">
#
#-#-#-#-#-#-#-#-#-#-#- SQLAUTH CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# sqlauth is too complex to describe here, see the docs:              #
# https://docs.inspircd.org/4/modules/sqlauth                         #

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SQLite3 module: Allows other SQL modules to access SQLite3          #
# databases through a unified API.                                    #
#                                                                     #
# This module depends on a third-party library (SQLite) and may need  #
# to be manually enabled at build time. If you are building from      #
# source you can do this by installing this dependency and running:   #
#                                                                     #
#   ./configure --enable-extras sqlite3                               #
#   make install                                                      #
#                                                                     #
# Users of binary packages should consult the documentation for their #
# package to find out whether this module is available.               #
#<module name="sqlite3">
#
#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# sqlite is more complex than described here, see the docs for more   #
# info: https://docs.inspircd.org/4/modules/sqlite3                   #
#
#<database module="sqlite" hostname="/full/path/to/database.db" id="anytext">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SQL oper module: Allows you to store oper credentials in an SQL
# table. You can add additional table columns like you would config
# tags in opers.conf. Opers in opers.conf will override opers from
# this module.
#
#<module name="sqloper">
#
#-#-#-#-#-#-#-#-#-#-#- SQLOPER CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# dbid       - Database ID to use (see SQL modules).                  #
#                                                                     #
# See also: https://docs.inspircd.org/4/modules/sqloper               #
#                                                                     #
#<sqloper dbid="1">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# GnuTLS TLS module: Adds support for TLS connections using GnuTLS,
# if enabled. You must answer 'yes' in ./configure when asked or
# manually symlink the source for this module from the directory
# src/modules/extra, if you want to enable this, or it will not load.
#<module name="ssl_gnutls">
#
#-#-#-#-#-#-#-#-#-#-#-  GNUTLS CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# ssl_gnutls is too complex to describe here, see the docs:           #
# https://docs.inspircd.org/4/modules/ssl_gnutls                      #

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# OpenSSL TLS module: Adds support for TLS connections using OpenSSL,
# if enabled. You must answer 'yes' in ./configure when asked or symlink
# the source for this module from the directory src/modules/extra, if
# you want to enable this, or it will not load.
#<module name="ssl_openssl">
#
#-#-#-#-#-#-#-#-#-#-#- OPENSSL CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# ssl_openssl is too complex to describe here, see the docs:          #
# https://docs.inspircd.org/4/modules/ssl_openssl                     #

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# TLS info module: Allows users to retrieve information about other
# users' peer TLS certificates and keys via the SSLINFO command.
# This can be used by client scripts to validate users. For this to
# work either ssl_gnutls or ssl_openssl must be loaded.
# This module also adds the "<user> is using a secure connection"
# and "<user> has TLS client certificate fingerprint <fingerprint>"
# WHOIS lines, the ability for opers to use TLS cert fingerprints to
# verify their identity and the ability to force opers to use TLS
# connections in order to oper up. It is highly recommended to load
# this module if you use TLS on your network.
# For how to use the oper features, please see the first
# example <oper> tag in opers.example.conf.
#
#<module name="sslinfo">
#
#-#-#-#-#-#-#-#-#-#-#-#- SSLINFO CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
#  hash         - The IANA Hash Function Name of the hash algorithm   #
#                 used for the TLS client fingerprint of WebIRC       #
#                 gateway users (requires the gateway module). This   #
#                 should be the same algorithm you specified in the   #
#                 <sslprofile:hash> field of the TLS profile used for #
#                 user connections. You can prefix the algorithm name #
#                 with spki- to use a Subject Public Key Info (SPKI)  #
#                 fingerprint instead of a certificate fingerprint.   #
#                                                                     #
#  localsecure  - Whether to treat locally-connected plaintext users  #
#                 as if they are connected with TLS. Defaults to yes. #
#                                                                     #
#  operonly     - Whether TLS client certificate info is only visible #
#                 by server operators. Defaults to no.                #
#                                                                     #
#  warnexpiring - If specified then the maximum period of validity    #
#                 that can be left on a user's TLS client certificate #
#                 before users are warned about the imminent expiry.  #
#                                                                     #
#  welcomemsg   - Whether to send a welcome message to users that are #
#                 connecting using TLS containing their server name,  #
#                 ciphersuite and client fingerprint. Defaults to no. #
#                                                                     #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#
#<sslinfo hash="sha-256"
#         localsecure="yes"
#         operonly="no"
#         warnexpiring="1w"
#         welcomemsg="no">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# TLS mode module: Adds support for TLS-only channels via the '+z'
# channel mode, TLS-only private messages via the '+z' user mode and
# the 'z:' extban which matches TLS client certificate fingerprints.
#
# Does not do anything useful without a working TLS module and the
# sslinfo module (see below).
#<module name="sslmodes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# TLS rehash signal module: Allows the TLS modules to be rehashed by
# sending SIGUSR1 to a running InspIRCd process.
#
# This module depends on a POSIX component (SIGUSR1) and may need to be
# manually enabled at build time. If you are building from source you
# can do this by running:
#
#   ./configure --enable-extras sslrehashsignal
#   make install
#
# Users of binary packages should consult the documentation for their
# package to find out whether this module is available.
#<module name="sslrehashsignal">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# StartTLS module: Adds support for the IRCv3 tls capability which    #
# allows clients to upgrade their connection to use TLS. As well as   #
# this module you should also load one of ssl_gnutls or ssl_openssl   #
# modules. You may also want to consider using the ircv3_sts module.  #
#<module name="starttls">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Strip color module: Adds channel mode +S that strips IRC formatting
# characters from all messages sent to the channel.
#<module name="stripcolor">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SWHOIS module: Allows you to add arbitrary lines to user WHOIS.
# This module is oper-only.
# To use, SWHOIS must be in one of your oper class blocks.
#<module name="swhois">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Timed bans module: Adds timed channel bans with the /TBAN command.
#<module name="timedbans">
# By default, it sends a notice to channel operators when timed ban is
# set and when it is removed by server.
#<timedbans sendnotice="yes">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Test line module: Adds the /TLINE command, used to test how many
# users a /GLINE or /ZLINE etc. would match.
# This module is oper-only.
# To use, TLINE must be in one of your oper class blocks.
#<module name="tline">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# UHNAMES support module: Adds support for the IRCv3 userhost-in-names
# capability which displays the username and hostname of users in the
# NAMES response.
#<module name="uhnames">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Uninvite module: Adds the /UNINVITE command which lets users remove
# pending invites from channels without waiting for the user to join.
#<module name="uninvite">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Vhost module: Adds the VHOST command which allows for adding virtual
# hosts which are accessible using a username and password in the config.
#<module name="vhost">
#
#-#-#-#-#-#-#-#-#-#-#- VHOST CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
# user       - Username for the vhost.                                #
#                                                                     #
# pass       - Password for the vhost.                                #
#                                                                     #
# hash       - The hash for the specific user (optional)              #
#              password_hash and a hashing module must be loaded for  #
#              this to work.                                          #
#                                                                     #
# host       - Vhost to set.                                          #
#
#<vhost user="some_username" pass="some_password" host="some.host.test.cc">
#<vhost user="foo" password="$2a$10$iTuYLT6BRhRlOgzfsW9oPe62etW.oXwSpyKw5rJit64SGZanLXghO" hash="bcrypt" host="some.other.host.example.com">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Watch module: Adds the WATCH command, which is used by clients to
# maintain notify lists.
#<module name="watch">
#
# Set the maximum number of entries on a user's watch list below.
#<watch maxwatch="32">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# WebSocket module: Adds WebSocket support.
# Specify hook="websocket" in a <bind> tag to make that port accept
# WebSocket connections. Compatible with TLS.
# Requires SHA-1 hash support available in the sha1 module.
#<module name="websocket">
#
# defaultmode: The default frame mode if a client does not send a
#              WebSocket subprotocol. Potential values are "text" to
#              encode messages as UTF-8 text frames, "binary" to send
#              messages as raw binary frames, or "reject" to close
#              connections which do not request a subprotocol. Defaults
#              to "text".
#
# proxyranges: A space-delimited list of glob or CIDR matches to trust
#              the X-Real-IP or X-Forwarded-For headers from. If enabled
#              the server will use the IP address specified by those HTTP
#              headers. You should NOT enable this unless you are using
#              a HTTP proxy like nginx as it will allow IP spoofing.
#
# allowmissingorigin: Whether to allow connections from clients that
#                     don't send an origin header. These are probably
#                     not web clients so it probably safe to allow this.
#                     Defaults to yes.
#
# nativeping: Whether to check client connectivity using WebSocket ping
#             messages instead of IRC ping messages. Defaults to yes.
#
#<websocket defaultmode="text"
#           proxyranges="192.0.2.0/24 198.51.100.*"
#           allowmissingorigin="yes"
#           nativeping="yes">
#
# If you use the websocket module you MUST specify one or more origins
# which are allowed to connect to the server. You should set this as
# strict as possible to prevent malicious webpages from connecting to
# your server.
# <wsorigin allow="https://*.example.com">

#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# X-line database: Stores all *-lines (G/Z/K/R/any added by other modules)
# in a file which is re-loaded on restart. This is useful
# for two reasons: it keeps bans so users may not evade them, and on
# bigger networks, server connections will take less time as there will
# be a lot less bans to apply - as most of them will already be there.
#<module name="xline_db">

# Specify the filename for the xline database and how often to check whether
# the database needs to be saved here.
#<xlinedb filename="xline.db"
#         saveperiod="5s"
#         backoff="2"
#         maxbackoff="5m">