inspircd/docs/opers.conf.example

#-#-#-#-#-#-#-#-#-#-#-#-  CLASS CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-
#                                                                     #
#   Classes are a group of commands which are grouped together and    #
#   given a unique name. They're used to define which commands        #
#   are available to certain types of Operators.                      #
#                                                                     #
#                                                                     #
#  Note: It is possible to make a class which covers all available    #
#  commands. To do this, specify commands="*". This is not really     #
#  recommended, as it negates the whole purpose of the class system,  #
#  however it is provided for fast configuration (e.g. in test nets)  #
#                                                                     #

<class
     name="Shutdown"

     # commands: oper commands that users of this class can run.
     commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOAD GUNLOADMODULE GRELOADMODULE SAJOIN SAPART SANICK SAQUIT SATOPIC"

     # privs: special privileges that users with this class may utilise.
     #  VIEWING:
     #   - channels/auspex: allows opers with this priv to see more detail about channels than normal users.
     #   - users/auspex: allows opers with this priv to view more details about users than normal users.
     #   - servers/auspex: allows opers with this priv to see more detail about server information than normal users.
     # ACTIONS:
     #   - users/mass-message: allows opers with this priv to PRIVMSG and NOTICE to a server mask (e.g. NOTICE $*)
     # OVERRIDE:
     #   - override/<permname>: allows permisison to be overridden via m_override
     # MODES:
     #   - mode/<modename>: allows setting/unsetting of oper-only modes
     #     (the 2.0 usermodes/chanmodes parameters are still supported for lettered modes)
     #
     # NOTE: many of the settings (channels/high-join-limit, users/flood/*) have changed to
     # numerical settings in the <connect> class to allow them to be assigned to users.
     #
     privs="users/auspex channels/auspex servers/auspex users/mass-message channels/high-join-limit mode/*">

<class name="ServerLink" commands="CONNECT SQUIT CONNECT MKPASSWD ALLTIME SWHOIS CLOSE JUMPSERVER LOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex">
<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK SHUN CLONES CBAN" usermodes="*" chanmodes="*">
<class name="OperChat" commands="WALLOPS GLOBOPS SETIDLE" usermodes="*" chanmodes="*" privs="users/mass-message">
<class name="HostCloak" commands="SETHOST SETIDENT SETNAME CHGHOST CHGIDENT TAXONOMY" usermodes="*" chanmodes="*" privs="users/auspex">


#-#-#-#-#-#-#-#-#-#-#-#-  OPERATOR COMPOSITION   -#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
#   This is where you specify which types of operators you have on    #
#   your server, as well as the commands they are allowed to use.     #
#   This works alongside with the classes specified above.            #
#                                                                     #

<type
	# name: Name of type. Used in actual olines below.
	# Cannot contain spaces. If you would like a space, use
	# the _ character instead and it will translate to a space on whois.
	name="NetAdmin"

	# classes: classes (above blocks) that this type belongs to.
	classes="OperChat BanControl HostCloak Shutdown ServerLink"
	# Note: for faster configuration, you can specify commands/privs directly in
	# the <type> or <oper> blocks; in this case, no <class> blocks are required.

	# class: A named <connect> class for this oper; use to raise general user limits
	class="OperOnlyClass"

	# vhost: host oper gets on oper-up. This is optional.
	vhost="netadmin.omega.org.za"

	# modes: usermodes besides +o that are set on a oper of this type
	# when they oper up. Used for snomasks and other things.
	# Requires that m_opermodes.so be loaded.
	# Note: This was named 'modes' in previous versions.
	automodes="+s +cCqQ">

<type name="GlobalOp" classes="OperChat BanControl HostCloak ServerLink" vhost="ircop.omega.org.za">
<type name="Helper" classes="HostCloak" vhost="helper.omega.org.za">


#-#-#-#-#-#-#-#-#-#-#-  OPERATOR CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#
#                                                                     #
#   Opers are defined here. This is a very important section.         #
#   Remember to only make operators out of trust worthy people.       #
#                                                                     #

# oline with plain-text password
<oper
      # name: oper login that is used to oper up (/oper name password).
      # Remember: This is case sensitive
      name="Brain"

      # password: case-sensitive, unhashed...yea...self-explanatory.
      password="s3cret"

      # host: What hostnames/IP's are allowed to oper up with this oline.
      # Multiple options can be separated by spaces and CIDR's are allowed.
      # You CAN use just * or *@* for this section, but it is not recommended
      # for security reasons.
      host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"

      # ** ADVANCED ** This option is disabled by default.
      # fingerprint: When using the m_sslinfo module, you may specify
      # a key fingerprint here. This can be obtained by using the /sslinfo
      # command while the module is loaded, and is also noticed on connect.
      # This enhances security by verifying that the person opering up has
      # a matching SSL client certificate, which is very difficult to
      # forge (impossible unless preimage attacks on the hash exist).
      # If m_sslinfo isn't loaded, this option will be ignored.
      #fingerprint="67cb9dc013248a829bb2171ed11becd4"

      # autologin: if an SSL fingerprint for this oper is specified, you can
      # have the oper block automatically log in. This moves all security of the
      # oper block to the protection of the client certificate, so be sure that
      # the private key is well-protected! Requires m_sslinfo.
      #autologin="on"

      # sslonly: This oper can only oper up if they're using a SSL connection.
      # Setting this option adds a decent bit of security. Highly recommended
      # if the oper is on wifi, or specifically, unsecured wifi. Note that it
      # is redundant to specify this option if you specify a fingerprint.
      # This setting only takes effect if m_sslinfo is loaded.
      #sslonly="yes"

      # vhost: overrides the vhost in the type block. You can also override
      # any fields in <type> or <class> blocks; permissions and command lists
      # are merged (the oper gets all specified permissions)
      vhost="brain.netadmin.omega"

      # type: What oper type this oline is. Must match a <type> block defined
      # above. Note: this is case sensitive. Use "_" for a space.
      type="NetAdmin">

# oline with plain-text password and no comments..for all who like copy & paste
<oper
      name="Brain"
      password="s3cret"
      host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"
      #fingerprint="67cb9dc013248a829bb2171ed11becd4"
      type="NetAdmin">

# oline with hashed password. It is highly recommended to use hashed passwords.
<oper
      # name: oper login that is used to oper up (/oper name password).
      # Remember: This is case sensitive
      name="Brain"

      # hash: what hash this password is hashed with. requires the module
      # for selected hash (m_md5.so, m_sha256.so or m_ripemd160.so) be
      # loaded and the password hashing module (m_password_hash.so)
      # loaded. Options here are: "md5", "sha256" and "ripemd160".
      # Create hashed password with: /mkpasswd <hash> <password>
      hash="sha256"

      # password: a hash of your password (see above option) hashed
      # with /mkpasswd <hash> <password> . See m_password_hash in modules.conf
      # for more information about password hashing.
      password="1ec1c26b50d5d3c58d9583181af8076655fe00756bf7285940ba3670f99fcba0"

      # host: What hostnames/IP's are allowed to oper up with this oline.
      # Multiple options can be separated by spaces and CIDR's are allowed.
      # You CAN use just * or *@* for this section, but it is not recommended
      # for security reasons.
      host="ident@dialup15.isp.com *@localhost *@server.com *@3ffe::0/16"

      # type: What oper type this oline is. See the block above for list
      # of types. NOTE: This is case-sensitive as well.
      type="NetAdmin">