#-#-#-#-#-#-#-#-#-#-#-#-#- MODULE OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# # # # These tags define which modules will be loaded on startup by your # # server. Add modules without any paths. When you make your ircd # # using the 'make' command, all compiled modules will be moved into # # the folder you specified when you ran ./configure. The module tag # # automatically looks for modules in this location. # # If you attempt to load a module outside of this location, either # # in the config, or via /LOADMODULE, you will receive an error. # # # # By default, ALL modules are commented out. You must uncomment them # # or add lines to your config to load modules. Please refer to # # https://docs.inspircd.org/4/modules for a list of modules and # # each modules link for any additional conf tags they require. # # # # ____ _ _____ _ _ ____ _ _ _ # # | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # # | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # # | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # # |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # # # # To link servers to InspIRCd, you MUST load the spanningtree module. # # If you don't do this, server links will NOT work at all. # # This is by design, to allow for the implementation of other linking # # protocols in modules in the future. This module is at the bottom of # # this file. # # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Abbreviation module: Provides the ability to abbreviate commands a-la # BBC BASIC keywords. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Account support module: Adds support for user accounts as well as # several several modes relating to accounts. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Alias module: Allows you to define server-side command aliases. # # # Set the 'prefix' for in-channel aliases (fantasy commands) to the # specified character. If not set, the default is "!". # If 'allowbots' is disabled, +B clients will not be able to use # fantasy commands. If not set, the default is no. # # #-#-#-#-#-#-#-#-#-#-#- ALIAS DEFINITIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-# # # # If you have the alias module loaded, you may also define aliases as # # shown below. They are commonly used to provide shortcut commands to # # services, however they are not limited to just this use. # # An alias tag requires the following values to be defined in it: # # # # text - The text to detect as the actual command line. # # Can't contain spaces, but case insensitive. # # You may have multiple aliases with the same # # command name (text="" value), however the first # # found will be executed if its format value is # # matched, or it has no format value. Aliases are # # read from the top of the file to the bottom. # # # # usercommand - If set to yes, the alias can be run simply as # # /ALIASNAME. Defaults to yes. # # # # channelcommand - If set to yes, the alias can be used as an # # in-channel alias or 'fantasy command', prefixed # # by the fantasy prefix character, !aliasname by # # default. Defaults to no. # # # # format - If this is defined, the parameters of the alias # # must match this glob pattern. For example if you # # want the first parameter to start with a # for # # the alias to be executed, set format="#*" in the # # alias definition. Note that the :'s which are # # part of IRC formatted lines will be preserved # # for matching of this text. This value is # # optional. # # # # replace - The text to replace 'text' with. Usually this # # will be "PRIVMSG ServiceName :$2-" or similar. # # You may use the variables $1 through $9 in the # # replace string, which refer to the first through # # ninth word in the original string typed by the # # user. You may also use $1- through $9- which # # refer to the first word onwards, through to the # # ninth word onwards, e.g. if the user types the # # command "foo bar baz qux quz" then $3- will hold # # "baz qux quz" and $2 will contain "bar". You may # # also use the special variables: $nick, $user, # # $address, $host and $vhost, and you may separate # # multiple commands with a newline (which can be # # written in the file literally or encoded as &nl; # # # # requires - If you provide a value for 'requires' this means # # the given nickname MUST be online for the alias # # to successfully trigger. If they are not, then # # the user receives a 'no such nick' 401 numeric. # # # # stripcolor - If set to yes, the text from the user will be # # stripped of color and format codes before # # matching against 'text'. # # # # service - Setting this to yes will ensure that the user # # given in 'requires' is also on a servicesserver, # # as well as actually being on the network. If the # # user is online, but not on a services server, # # then an oper alert is sent out as this is # # possibly a sign of a user trying to impersonate # # a service. # # # # operonly - If yes, this will make the alias oper only. # # If a non-oper attempts to use the alias, it will # # appear to not exist. # # # # # An example of using the format value to create an alias with two # different behaviours depending on the format of the parameters. # # # # # # You may also add aliases to trigger based on something said in a # channel, aka 'fantasy' commands, configured in the same manner as any # other alias, with usercommand="no" and channelcommand="yes" The # command must be preceded by the fantasy prefix when used. # # # # This would be used as "!cs ", with the channel # being automatically inserted after the command in the message to # ChanServ, assuming the fantasy prefix is "!". #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Allowinvite module: Gives channel mode +A to allow all users to use # /INVITE, and extban A to deny invite from specific masks. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Alltime module: Shows time on all connected servers at once. # This module is oper-only and provides /ALLTIME. # To use, ALLTIME must be in one of your oper class blocks. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Anticaps module: Adds channel mode +B which allows you to punish # users that send overly capitalised messages to channels. # # # You may also configure the characters which anticaps considers to be # lower case and upper case. Any characters not listed here are assumed # to be punctuation and will be ignored when counting: # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Argon2 module: Allows other modules to generate Argon2 hashes, # usually for cryptographic uses and security. # This module makes the algorithms argon2i, argon2d and argon2id # available for use. # Note that this module is extra, and must be enabled explicitly # to build. It depends on libargon2. # # # memory: Memory hardness, in KiB. E.g. 131072 KiB = 128 MiB. # iterations: Time hardness in iterations. (def. 3) # threads: Maximum amount of threads each invocation can spawn. (def. 1) # length: Output length in bytes. (def. 32) # saltlength: Salt length in bytes. (def. 16) # version: Algorithm version, 10 or 13. (def. 13) # The parameters can be customized as follows: # # Defines the parameters that are common for all the variants (i/d/id). # Can be overridden on individual basis, e.g. # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Auditorium module: Adds channel mode +u which makes everyone else # except you in the channel invisible, used for large meetings etc. # # # Auditorium settings: # # # # opvisible (auditorium-vis in exemptchanops): # Show channel ops to all users # opcansee (auditorium-see in exemptchanops): # Allow ops to see all joins/parts/kicks in the channel # opercansee: # Allow opers (channels/auspex) to see see all joins/parts/kicks in the channel # # Exemptchanops can be used to adjust the level at which users become visible or # the level at which they can see the full member list of the channel. #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Autoop module: Adds basic channel access controls via the +w listmode. # For example +w o:*!Attila@127.0.0.1 will op anyone matching that mask # on join. This can be combined with extbans, for example +w o:R:Brain # will op anyone identified to the account "Brain". # Another useful combination is with TLS client certificate # fingerprints: +w h:z:72db600734bb9546c1bdd02377bc21d2a9690d48 will # give halfop to the user(s) having the given certificate. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Ban except module: Adds support for channel ban exceptions (+e). # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Ban redirection module: Allows bans which redirect to a specified # channel. e.g. +b nick!user@host#channelbanneduserissentto # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # bcrypt module: Allows other modules to generate bcrypt hashes, # usually for cryptographic uses and security. # # # rounds: Defines how many rounds the bcrypt function will run when # generating new hashes. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Block amsg module: Attempt to block all usage of /amsg and /ame. # # #-#-#-#-#-#-#-#-#-#-#- BLOCKAMSG CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # # If you have the blockamsg module loaded, you can configure it with # # the tag: # # # # delay - How much time between two messages to force them # # to be recognised as unrelated. # # action - Any of 'notice', 'noticeopers', 'silent', 'kill' # # or 'killopers'. Define how to take action when # # a user uses /amsg or /ame. # # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Block color module: Blocking color-coded messages with chan mode +c. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Botmode module: Adds the user mode +B. If set on a user, it will # show that the user is a bot in /WHOIS. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # CallerID module: Adds user mode +g which activates hybrid-style # callerid: block all private messages unless you /ACCEPT first. # # #-#-#-#-#-#-#-#-#-#-#- CALLERID CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # maxaccepts - Maximum number of entries a user can add to their # # /ACCEPT list. Default is 30 entries. # # tracknick - Preserve /ACCEPT entries when a user changes nick? # # If no (the default), the user is removed from # # everyone's accept list if their nickname changes. # # cooldown - Amount of time that must pass since the last # # notification sent to a user before they can be # # sent another. Default is 1 minute. # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # CAP module: Provides the CAP negotiation mechanism required by many # other modules. It is strongly recommended that you load this. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # CBAN module: Lets you disallow channels from being used at runtime. # This module is oper-only and provides /CBAN. # To use, CBAN must be in one of your oper class blocks. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Channel create module: Adds snomask +j, which will notify opers of # any new channels that are created. # This module is oper-only. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Channel filter module: Allows channel-op defined message filtering # using simple string matches (channel mode +g). # # # If hidemask is set to yes, the user will not be shown the mask when # their message is blocked. # # If maxlen is set then it defines the maximum length of a filter entry. # # If notifyuser is set to no, the user will not be notified when # their message is blocked. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Channel history module: Displays the last 'X' lines of chat to a user # joining a channel with +H 'X:T' set; 'T' is the maximum time to keep # lines in the history buffer. Designed so that the new user knows what # the current topic of conversation is when joining the channel. # # #-#-#-#-#-#-#-#-#-#-#- CHANHISTORY CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # # maxduration - The maximum period to keep chat history for. Defaults # # to 4 weeks. # # # # maxlines - The maximum number of lines of chat history to send to a # # joining users. Defaults to 50. # # # # prefixmsg - Whether to send an explanatory message to clients that # # don't support the chathistory batch type. Defaults to # # yes. # # # # savefrombots - Whether to save messages from users with user mode # # +B (bot) in the channel history. Defaults to yes. # # # # sendtobots - Whether to send channel history to users with user # # mode +B (bot) enabled. Defaults to yes. # # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Channel logging module: Used to send snotice output to channels, to # allow staff to centrally monitor and discuss network activity. # # The "channel" field is where you want the messages to go, "snomasks" # is what snomasks you want to be sent to that channel. Multiple tags # are allowed. # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Channel names module: Allows disabling channels which have certain # characters in the channel name such as bold, colorcodes, etc. which # can be quite annoying and allow users to on occasion have a channel # that looks like the name of another channel on the network. # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Channelban: Implements extended ban j:, which stops anyone already # in a channel matching a ban like +b j:#channel from joining. # It is also possible to ban based on their status in that channel, # like so: +b j:@#channel, this example prevents the ops from joining. # Note that by default wildcard characters * and ? are allowed in # channel names. To disallow them, load the channames module and # add characters 42 and 63 to denyrange (see above). # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Check module: Adds the /CHECK command. # Check is useful for looking up information on channels, users, # IP addresses and hosts. # This module is oper-only. # To use, CHECK must be in one of your oper class blocks. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # CHGHOST module: Adds the /CHGHOST command. # This module is oper-only. # To use, CHGHOST must be in one of your oper class blocks. # NOTE: Services will not be able to set vhosts on users if this module # isn't loaded. If you're planning on running services, you probably # want to load this. # # #-#-#-#-#-#-#-#-# /CHGHOST - /SETHOST CONFIGURATION #-#-#-#-#-#-#-#-# # Optional - If you want to use special chars for hostnames you can # # specify your own custom list of chars with the tag: # # # # charmap - A list of chars accepted as valid by the /CHGHOST # # and /SETHOST commands. Also note that the list is # # case-sensitive. # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # CHGIDENT module: Adds the /CHGIDENT command. # This module is oper-only. # To use, CHGIDENT must be in one of your oper class blocks. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # CHGNAME module: Adds the /CHGNAME command. # This module is oper-only. # To use, CHGNAME must be in one of your oper class blocks. # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Connection class ban module: Adds support for extban 'n' which # matches against the class name of the user's connection. # This module assumes that connection classes are named in a uniform # way on all servers of the network. Wildcards are accepted. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Clear chan module: Allows opers to masskick, masskill or # mass G/Z-line all users on a channel using /CLEARCHAN. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Cloak module: Adds user mode x (cloak) which allows user hostnames to # be hidden. This module does not provide any cloak methods by itself. # You should also load another module like cloak_account or cloak_sha256. # # In order to have users automatically cloaked on connect you should # load the conn_umodes module and add "x" to . # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # MD5 cloak module: Adds the "half" and "full" cloak methods. These # methods are deprecated and will be removed in the next major version # of InspIRCd. They should only be used on a network which is upgrading # from v3 and wishes to keep ban compatibility. New networks should use # the "hmac-sha256" method (see below) instead. # # IMPORTANT: If you are using this module you should also load the md5 # module. Failure to do so will result in users not being cloaked. # # #-#-#-#-#-#-#-#-#-#-#- MD5 CLOAK CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # To use the cloak_md5 module you must define a tag. This tag # # tag can have the following fields. # # # # key - The secret key to use when hashing hostnames. This # # MUST be at least 30 characters long. # # # # class - If non-empty then a comma-delimited list of connect # # class names that a user has to be in to get the cloak # # from this tag. # # # # prefix - A freeform value to prefix cloaks with. This must not # # contain spaces. # # # # suffix - A freeform value to suffix cloaks with. This must not # # contain spaces. # # # # domainparts - The maximum number of hostname labels that should be # # visible on the end of a host. Defaults to 3. # # # # ignorecase - Whether to ignore the capitalisation of a hostname # # when generating the cloak. This prevents users from # # evading bans by changing the case of their DNS PTR # # record. Defaults to off. # # # # IMPORTANT: Changing these details will break all of your existing # # bans. If you do not want this to happen you can define multiple # # cloak tags. The first will be used for hostnames and the rest will # # be used for checking if a user is banned in a channel. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # # # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # HMAC-SHA256 cloak module: Adds the "hmac-sha256" (hostname or IP) and # "hmac-sha256-addr" (IP only) cloak methods. This is the recommended # cloak module for new networks. # # IMPORTANT: If you are using this module you should also load the sha2 # module. Failure to do so will result in users not being cloaked. # # #-#-#-#-#-#-#-#-#- HMAC-SHA256 CLOAK CONFIGURATION -#-#-#-#-#-#-#-#-#-# # To use the cloak_sha256 module you must define a tag. This # # tag can have the following fields. # # # # key - The secret key to use when hashing hostnames. This # # MUST be at least 30 characters long. # # # # class - If non-empty then a comma-delimited list of connect # # class names that a user has to be in to get the cloak # # from this tag. # # # # prefix - A freeform value to prefix cloaks with. This must not # # contain spaces. # # # # suffix - A freeform value to suffix IPv4/IPv6 cloaks with. This # # must not contain spaces. # # # # case - The case of the cloak table. Can be set to "upper" or # # "lower". Defaults to "lower". # # # # hostparts - The maximum number of hostname labels that should be # # visible on the end of a host. Defaults to 3. # # # # pathparts - The maximum number of UNIX socket path segments that # # should be visible on the end of a host. Defaults to 1. # # # # psl - If non-empty then the path to a Mozilla Public Suffix # # List database to use for finding the visible part of a # # hostname or "system" to use the system database if one # # exists. This overrides the hostparts (above) field. # # Only available if libpsl was installed at build time. # # # # IMPORTANT: Changing these details will break all of your existing # # bans. If you do not want this to happen you can define multiple # # cloak tags. The first will be used for hostnames and the rest will # # be used for checking if a user is banned in a channel. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # # # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Static cloak module: Adds the "static" (fixed value) cloak method. # # #-#-#-#-#-#-#-#-#-#- STATIC CLOAK CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # To use the cloak_static module you must define a tag. This # # tag can have the following fields. # # # # class - If non-empty then a comma-delimited list of connect class # # names that a user has to be in to get the cloak from this tag. # # # # cloak - The cloak to give to users. # # # # IMPORTANT: Changing these details will break all of your existing # # bans. If you do not want this to happen you can define multiple # # cloak tags. The first will be used for hostnames and the rest will # # be used for checking if a user is banned in a channel. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # User data cloak module: Adds the "account" (services account name), # "account-id" (services account id), "nickname" (current nickname), # "fingerprint" (client certificate fingerprint), and "username" (RFC # 1413 identification string) cloak methods. # # #-#-#-#-#-#-#-#-#-#-#- USER CLOAK CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # To use the cloak_user module you must define a tag. This # # tag can have the following fields. # # # # case - The case to transform the cloak value to. Can be set # # to "upper" to use upper case, "lower" to use lower # # case, or "preserve" to not change the case. Defaults # # to "preserve". # # # # class - If non-empty then a comma-delimited list of connect # # class names that a user has to be in to get the # # cloak from this tag. # # # # invalidchar - The action to take when an invalid host character is # # encountered in the cloak. Can be set to "reject" to # # not apply the cloak, "strip" to remove the invalid # # host character, or "truncate" to truncate the cloak # # at the invalid host character. Defaults to "strip". # # # # length - If using the "fingerprint" method them the number of # # characters of the fingerprint hash to use. Defaults # # to the value of minus the length of # # the prefix and suffix fields. # # # # prefix - A freeform value to prefix cloaks with. This must # # not contain spaces. # # # # suffix - A freeform value to suffix IPv4/IPv6 cloaks with. # # This must not contain spaces. # # # # IMPORTANT: Changing these details will break all of your existing # # bans. If you do not want this to happen you can define multiple # # cloak tags. The first will be used for hostnames and the rest will # # be used for checking if a user is banned in a channel. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # # # # # # # # # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Codepage module: Allows using a custom 8-bit codepage for nicknames # and case mapping. # # # You should include one of the following files to set your codepage: # # # # # # # You can also define a custom codepage. For details on how to do this # please refer to the docs site: # https://docs.inspircd.org/4/modules/codepage #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Common channels module: Adds user mode +c, which, when set, requires # that users must share a common channel with you to PRIVMSG, NOTICE, # TAGMSG, or INVITE you. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Connectban: Provides IP connection throttling. Any IP range that # connects too many times (configurable) in an hour is Z-lined for a # (configurable) duration, and their count resets to 0. # # # threshold - The number of connections which are allowed before a user # is connectbanned. Defaults to 10. # # banmessage - The message to give users when Z-lining them for connecting # too much. # # banduration - The time period to ban users who connect to much for. Defaults # to 10 minutes. # # ipv4cidr - The IPv4 CIDR mask (1-32) to treat connecting users as coming # from the same host. Defaults to 32. # # ipv6cidr - The IPv6 CIDR mask (1-128) to treat connecting users as coming # from the same host. Defaults to 128. # # bootwait - The time period to wait after starting up before enforcing # connection bans. Defaults to 2 minutes. # # splitwait - The time period to wait after a netsplit before enforcing # connection bans. Defaults to 2 minutes. # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Connection throttle module. # # #-#-#-#-#-#-#-#-#-#-#- CONNTHROTTLE CONFIGURATION -#-#-#-#-#-#-#-#-#-# # period, maxconns - Amount of connections per . # # timeout - Time to wait after the throttle was activated # before deactivating it. Be aware that the time # is seconds + timeout. # # quitmsg - The message that users get if they attempt to # connect while the throttle is active. # # bootwait - Amount of time in seconds to wait before enforcing # the throttling when the server just booted. # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Auto join on connect module: Allows you to force users to join one # or more channels automatically upon connecting to the server, or # join them in case they aren't on any channels after being online # for X seconds. # # #-#-#-#-#-#-#-#-#-#-#-#- CONNJOIN CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # If you have the conn_join module loaded, you can configure it below # or set autojoin="#chat,#help" in blocks. # # Join users immediately after connection to #one #two and #three. # # Join users to #chat after 15 seconds if they aren't on any channels. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Set modes on connect module: When this module is loaded # blocks may have an optional modes="" value, which contains modes to # add or remove from users when they connect to the server. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Wait for PONG on connect module: Send a PING to all connecting users # and don't let them connect until they reply with a PONG. # This is useful to stop certain kinds of bots and proxies. # # #-#-#-#-#-#-#-#-#-#-#- WAITPONG CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # # If you have the conn_waitpong module loaded, configure it with the # # tag: # # # # sendsnotice - Whether to send a helpful notice to users on # # connect telling them how to connect, should # # their client not reply PONG automatically. # # # # killonbadreply - Whether to kill the user if they send the wrong # # PONG reply. # # # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Custom prefixes: Allows for channel prefixes to be configured. # # # name The name of the mode, must be unique from other modes. # letter The letter used for this mode. Required. # prefix The prefix used for nicks with this mode. Not required. # rank A numeric rank for this prefix, defining what permissions it gives. # The rank of voice, halfop and op is 10000, 20000, and 30000, # respectively. # ranktoset The numeric rank required to set this mode. Defaults to rank. # ranktounset The numeric rank required to unset this mode. Defaults to ranktoset. # depriv Can you remove the mode from yourself? Defaults to yes. # # # # # You can also override the configuration of prefix modes added by both the core # and other modules by adding a customprefix tag with change="yes" specified. # # # # Do /RELOADMODULE customprefix after changing the settings of this module. #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Custom title module: Adds the /TITLE command which allows for trusted # users to gain a custom whois line and an optional vhost can be # specified. # # #-#-#-#-#-#-#-#-#-#- CUSTOM TITLE CONFIGURATION -#-#-#-#-#-#-#-#-#-# # name - The username used to identify. # password - The password used to identify. # hash - The hash for the specific user's password (optional). # password_hash and a hashing module must be loaded # for this to work. # host - Allowed hostmask (optional). # title - Title shown in whois. # vhost - Displayed host (optional). # # #<title name="bar" password="foo" host="test@test.org" title="Official Chat Helper" vhost="helper.test.org"> #<title name="foo" password="$2a$10$UYZ4OcO8NNTCCGyCdY9SK.2GHiqGgxZfHFPOPmWuxEVWVQTtoDC7C" hash="bcrypt" title="Official Chat Helper"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Channel cycle module: Adds the /CYCLE command which is a server-side # /HOP that bypasses restrictive modes. #<module name="cycle"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # DCCALLOW module: Adds the /DCCALLOW command. #<module name="dccallow"> # #-#-#-#-#-#-#-#-#-#-#- DCCALLOW CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # blockchat - Whether to block DCC CHAT as well as DCC SEND. # length - Default duration of entries in DCCALLOW list. # action - Default action to take if no action is # specified, can be 'block' or 'allow'. # maxentries - Max number of nicks to allow on a DCCALLOW list. # # File configuration: # pattern - The glob pattern to match against. # action - Action to take if a user attempts to send a file # that matches this pattern, can be 'block' or # 'allow'. # #<dccallow blockchat="yes" length="5m" action="block" maxentries="20"> #<banfile pattern="*.exe" action="block"> #<banfile pattern="*.txt" action="allow"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Deaf module: Adds support for user modes +d and +D: # d - deaf to channel messages and notices. # D - deaf to user messages and notices. #<module name="deaf"> # #-#-#-#-#-#-#-#-#-#-#-#- DEAF CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # bypasschars - Characters that bypass deaf to a regular user. # servicebypasschars - Characters that bypass deaf to a services users. # Both of these take a list of characters that must match # the starting character of a message. # If 'servicebypasschars' is empty, then 'bypasschars' will # match for both regular and services users. # privdeafservice - Whether services users bypass user mode +D (privdeaf). # #<deaf bypasschars="" servicebypasschars="!" privdeafservice="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Delay join module: Adds the channel mode +D which delays all JOIN # messages from users until they speak. If they quit or part before # speaking, their quit or part message will not be shown to the channel # which helps cut down noise on large channels in a more friendly way # than the auditorium mode. Only channel ops may set the +D mode. #<module name="delayjoin"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Delay message module: Adds the channel mode +d which disallows a user # from talking in the channel unless they've been joined for X seconds. # Settable using /MODE #chan +d 30 #<module name="delaymsg"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Deny channels module: Deny channels from being used by users. #<module name="denychans"> # #-#-#-#-#-#-#-#-#-#-#- DENYCHAN DEFINITIONS -#-#-#-#-#-#-#-#-#-#-#-# # # # If you have the denychans module loaded, you need to specify the # # channels to deny: # # # # name - The channel name to deny (glob masks are ok). # # allowopers - If operators are allowed to override the deny. # # reason - Reason given for the deny. # # redirect - Redirect the user to a different channel. # # # #<badchan name="#gods*" allowopers="yes" reason="Tortoises!"> # #<badchan name="#chan1" redirect="#chan2" reason="Chan1 is closed"> # # # # Redirects will not work if the target channel is set +L. # # # # Additionally, you may specify channels which are allowed, even if # # a badchan tag specifies it would be denied: # #<goodchan name="#funtimes"> # # Glob masks are accepted here also. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Disable module: Provides support for disabling commands and modes. # #<module name="disable"> # #-#-#-#-#-#-#-#-#-#-#-#- DISABLE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # # # If you have the disable module loaded then you need to specify the # # commands and modes that you want disabled. Users who have not fully # # connected yet are exempt from this module so you can e.g. disable # # the NICK command but still allow users to connect to the server. # # # # commands - A space-delimited list of commands that can not be used # # by users. You can exempt server operators from this with # # the servers/use-disabled-commands privilege. # # # # chanmodes - One or more channel modes that can not be added/removed # # by users. You can exempt server operators from this # # with the servers/use-disabled-modes privilege. # # # # usermodes - One or more user modes that can not be added/removed by # # users. You can exempt server operators from this with # # the servers/use-disabled-modes privilege. # # # # fakenonexistent - Whether to pretend that a disabled command/mode # # does not exist when executed/changed by a user. # # Defaults to no. # # # # notifyopers - Whether to send a notice to snomask `a` when a user # # is prevented from using a disabled command/mode. # # Defaults to no. # # # #<disabled commands="KICK TOPIC" # # chanmodes="kp" # # usermodes="iw" # # fakenonexistent="yes" # # notifyopers="no"> # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # DNS blacklist module: Provides support for looking up IPs on one or # # more blacklists. # #<module name="dnsbl"> # # # For configuration options please see the docs page for dnsbl at # # https://docs.inspircd.org/4/modules/dnsbl. You can also use one or # # more of the following example configs for popular DNSBLs: # # # # DroneBL (https://dronebl.org) # #<include file="&dir.example;/providers/dronebl.example.conf"> # # # EFnet RBL (https://rbl.efnetrbl.org) # #<include file="&dir.example;/providers/efnet-rbl.example.conf"> # # # dan.me.uk Tor exit node DNSBL (https://www.dan.me.uk/dnsbl) # #<include file="&dir.example;/providers/torexit.example.conf"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Exempt channel operators module: Provides support for allowing # # users of a specified channel status to be exempt from some channel # # restriction modes. Supported restrictions are: # # anticaps, auditorium-see, auditorium-vis, blockcolor, delaymsg, # # filter, flood, nickflood, noctcp, nonick, nonotice, opmoderated, # # regmoderated, repeat, stripcolor, topiclock # # See <options:exemptchanops> in inspircd.example.conf for a more # # detailed list of the restriction modes that can be exempted. # # These are settable using: /MODE #chan +X <restriction>:<status> # # Furthermore, the exemptions configured in <options:exemptchanops> # # can also be negated by using: /MODE #chan +X <restriction>:* # #<module name="exemptchanops"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Filter module: Provides message filtering, similar to SPAMFILTER. # #<module name="filter"> # # # This module depends upon a regex provider such as regex_stdlib or # # regex_glob to function. You must specify which of these you want # # the filter module to use via the tag below. # # # # Valid engines are: # # # # glob - Glob patterns, provided via regex_glob. # # pcre - PCRE regexps, provided via regex_pcre2, needs libpcre2. # # posix - POSIX regexps, provided via regex_posix, not available # # on Windows, no dependencies on other operating systems. # # stdregex - stdlib regexps, provided via regex_stdlib, see comment # # at the <module> tag for info on availability. # # # # If enableflags is set, you can specify flags that modify matching # # of the regular expression. # # # # If notifyuser is set to no, the user will not be notified when # # their message is blocked. # # # # If warnonselfmsg is set to yes when a user sends a message to # # themself that matches a filter the filter will be ignored and a # # warning will be sent to opers instead. This stops spambots which # # send their spam message to themselves first to check if it is being # # filtered by the server. # #<filteropts engine="stdregex" # enableflags="yes" # notifyuser="yes" # warnonselfmsg="no"> # # # Your choice of regex engine must match on all servers network-wide. # # # # To learn more about the configuration of this module, read # # examples/filter.example.conf, which covers the various types of # # filters and shows how to add exemptions. # # # #-#-#-#-#-#-#-#-#-#-#- FILTER CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # # # Optional - If you specify to use the filter module, then # # specify below the path to the filter.conf file, or define some # # <keyword> tags. # # # #<include file="&dir.example;/filter.example.conf"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Gateway module: Enables forwarding the real IP address of a user from # a gateway to the IRC server. #<module name="gateway"> # #-#-#-#-#-#-#-#-#-#-#-# GATEWAY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-# # # If you use the gateway module then you must specify the gateways which # are authorised to forward IP/host information to your server. There # are currently two ways to do this: # # The webirc method is the recommended way to allow gateways to forward # IP/host information. When using this method the gateway sends a WEBIRC # message to the server on connection. For more details please read the # IRCv3 WebIRC specification at: https://ircv3.net/specs/extensions/webirc.html # # When using this method you must specify one or more wildcard masks # or CIDR ranges to allow gateway connections from and at least one of # either a TLS client certificate fingerprint for the gateway or # a password to be sent in the WEBIRC command. # # <gateway type="webirc" # fingerprint="bd90547b59c1942b85f382bc059318f4c6ca54c5" # mask="192.0.2.0/24 198.51.100.*"> # <gateway type="webirc" # password="$2a$10$WEUpX9GweJiEF1WxBDSkeODBstIBMlVPweQTG9cKM8/Vd58BeM5cW" # hash="bcrypt" # mask="*.webirc.gateway.example.com"> # # Alternatively if your gateway does not support sending the WEBIRC # message then you can configure InspIRCd to look for the client IP # address in the username sent by the user. This is not recommended # as it only works with IPv4 connections. # # When using this method you must specify one or more wildcard masks # or CIDR ranges to allow gateway connections from. You can also # optionally configure the static value that replaces the IP in the # username to avoid leaking the real IP address of gateway clients # (defaults to "gateway" if not set). # # <gateway type="username" # mask="198.51.100.0/24 203.0.113.*" # newusername="wibble"> # <gateway type="username" # mask="*.username.gateway.example.com" # newusername="wobble"> # # IMPORTANT NOTE: # --------------- # # When you connect gateway clients, there are two connect classes which # apply to these clients. When the client initially connects, the connect # class which matches the gateway site's host is checked. Therefore you # must raise the maximum local/global clients for this IP as high as you # want to allow gateway clients. After the client has connected and is # determined to be a gateway client, the class which matches the client's # real IP is then checked. You may set this class to a lower value, so that # the real IP of the client can still be restricted to, for example, 3 # sessions maximum. #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # MaxMindDB geolocation module: Provides geolocation information for # # other modules that need it using the libMaxMindDB library. # # # # This module depends on a third-party library (libmaxminddb) and may # # need to be manually enabled at build time. If you are building from # # source you can do this by installing this dependency and running: # # # # ./configure --enable-extras geo_maxmind # # make install # # # # Users of binary packages should consult the documentation for their # # package to find out whether this module is available. # #<module name="geo_maxmind"> # # # If you use the geo_maxmind module you MUST provide a database file # # to look up geolocation information in. You can either purchase this # # from MaxMind at https://www.maxmind.com/en/geoip2-country-database # # or use the free CC-BY-SA licensed GeoLite2 Country database which # # can be downloaded at https://dev.maxmind.com/geoip/geoip2/geolite2/ # #<maxmind file="GeoLite2-Country.mmdb"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Geolocation ban module: Adds support for extban 'G' which matches # # against the ISO 3166-1 alpha-2 codes for the countries that users # # are connecting from. Users connecting from unknown origins such as # # internal networks can be matched against using the XX alpha-2 code. # # A full list of ISO 3166-1 alpha-2 codes can be found at # # https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 # #<module name="geoban"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Geolocation connect class module: Adds support for limiting connect # # classes to users from specific countries. With this module you can # # specify a space-delimited list of two character the ISO 3166-1 # # alpha-2 codes in the "country" field of a connect class. e.g. to # # deny connections from users in Russia or Turkey: # # # # <connect deny="*" country="TR RU"> # # # # Users connecting from unknown origins such as internal networks can # # be matched against using the XX alpha-2 code. A full list of ISO # # 3166-1 alpha-2 codes can be found at # # https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 # #<module name="geoclass"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Global load module: Allows loading and unloading of modules network- # wide (USE WITH EXTREME CAUTION!) # This module is oper-only and provides /GLOADMODULE, /GUNLOADMODULE # and /GRELOADMODULE. # To use, GLOADMODULE, GUNLOADMODULE and GRELOADMODULE # must be in one of your oper class blocks. #<module name="globalload"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Globops module: Provides the /GLOBOPS command and snomask +g. # This module is oper-only. # To use, GLOBOPS must be in one of your oper class blocks. #<module name="globops"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # HAProxy module: Adds support for the HAProxy PROXY v2 protocol. To # use this module specify hook="haproxy" in the <bind> tag that HAProxy # has been configured to connect to. #<module name="haproxy"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Help module: Provides the /HELP command #<module name="help"> # #-#-#-#-#-#-#-#-#-#-#-#- HELP CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # # # If you specify to use the help module, then specify below the path # # to the help.conf file. # # # #<include file="&dir.example;/help.example.conf"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Help mode module: Provides oper-only user mode `h` (helpop) which # marks a server operator as available for help. #<module name="helpmode"> # # If you also use the hideoper module you can allow hidden opers with # the help mode set to to be included in `/STATS P` and mark helpers # as such to differentiate them from opers. # <helpmode ignorehideoper="no" # markhelpers="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Hide chans module: Allows users to hide their channels list from non- # opers by setting user mode +I on themselves. #<module name="hidechans"> # # affectsopers: Whether server operators with the users/auspex privilege # are exempt from the hideoper (+I) mode. Defaults to no. # # hideservices: Whether to hide the channels of services pseudoclients # with the hideoper (+I) mode from all users. Defaults # to yes. # # <hidechans affectsopers="no" # hideservices="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Hide list module: Allows for hiding the list of listmodes from users # who do not have sufficient channel rank. #<module name="hidelist"> # # Each <hidelist> tag configures one listmode to hide. # mode: Name of the listmode to hide. # rank: Minimum rank required to view the list. If set to 0, all # members of the channel may view the list, but non-members may not. # The rank of the built-in op and voice mode is 30000 and 10000, # respectively; the rank of other prefix modes is configurable. # Defaults to 20000. # # Hiding the ban list is not recommended because it may break some # clients. # # Hide filter (+g) list: #<hidelist mode="filter" rank="30000"> # Only show invite exceptions (+I) to channel members: #<hidelist mode="invex" rank="0"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Hide mode module: Allows for hiding mode changes from users who do not # have sufficient channel privileges. #<module name="hidemode"> # # Hide bans (+b) from people who are not voiced: #<hidemode mode="ban" rank="10000"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Hide oper module: Allows opers to hide their oper status from non- # opers by setting user mode +H on themselves. # This module is oper-only. #<module name="hideoper"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # hostcycle module: Sends a fake part and join for users when their # username or hostname changes to update client information caches. # This module is compatible with the ircv3_chghost module. Clients # supporting the chghost extension will get the chghost message instead # of seeing a host cycle. #<module name="hostcycle"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # httpd module: Provides HTTP server support for InspIRCd. #<module name="httpd"> # #-#-#-#-#-#-#-#-#-#-#-#- HTTPD CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # If you choose to use the httpd module, then you will need to add # a <bind> tag with type "httpd", and load at least one of the other # httpd_* modules to provide pages to display. # <bind address="127.0.0.1" port="8067" type="httpd"> # <bind address="127.0.0.1" port="8097" type="httpd" sslprofile="Clients"> # # You can adjust the timeout for HTTP connections below. All HTTP # connections will be closed after (roughly) this time period. #<httpd timeout="20"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # HTTP ACL module: Provides access control lists for httpd dependent # modules. Use this module to restrict pages by IP address and by # password. #<module name="httpd_acl"> # #-#-#-#-#-#-#-#-#-#-#-#- HTTPD ACL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # Restrict access to the httpd_stats module to all but the local # network and when the correct password is specified: # <httpdacl path="/stats*" types="password,whitelist" # username="secrets" password="mypasshere" whitelist="127.0.0.*,10.*"> # # Deny all connections to all but the main index page: # <httpdacl path="/*" types="blacklist" blacklist="*"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # HTTP config module: Allows the server configuration to be viewed over # HTTP via the /config path. Requires the httpd module to be loaded for # it to function. # # IMPORTANT: This module exposes extremely sensitive information about # your server and users so you *MUST* protect it using a local-only # <bind> tag and/or the httpd_acl module. See above for details. #<module name="httpd_config"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # HTTP stats module: Provides server statistics over HTTP via the /stats # path. Requires the httpd module to be loaded for it to function. # # IMPORTANT: This module exposes extremely sensitive information about # your server and users so you *MUST* protect it using a local-only # <bind> tag and/or the httpd_acl module. See above for details. #<module name="httpd_stats"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Ident: Provides RFC 1413 ident lookup support. # When this module is loaded <connect:allow> tags may have an optional # useident="yes|no" boolean value, determining whether or not to lookup # usernames on users matching that connect tag. #<module name="ident"> # #-#-#-#-#-#-#-#-#-#-#-#- IDENT CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # # Optional - If you are using the ident module, then you can specify # # the timeout for ident lookups here. If not defined, it will default # # to 5 seconds. This is a non-blocking timeout which holds the user # # in a 'connecting' state until the lookup is complete. # # prefixunqueried: If yes, the usernames of users in a connect class # # with ident lookups disabled (i.e. <connect useident="no">) will be # # prefixed with a "~". If no, the username of those users will not be # # prefixed. Default is no. # # #<ident timeout="5" prefixunqueried="no"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Invite exception module: Adds support for channel invite exceptions # (+I). #<module name="inviteexception"> # bypasskey: If this is enabled, exceptions will bypass +k as well as +i #<inviteexception bypasskey="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # IRCv3 module: Provides the IRCv3 account-notify, away-notify, # extended-join, and standard-replies extensions. These are optional # enhancements to the client-to-server protocol. An extension is only # active for a client when the client specifically requests it, so this # module needs the cap module to work. # # Further information on these extensions can be found at the IRCv3 # working group website: # https://ircv3.net/irc/ # #<module name="ircv3"> # The following block can be used to control which extensions are # enabled. Note that extended-join can be incompatible with delayjoin # and host cycling. #<ircv3 accountnotify="yes" # awaynotify="yes" # extendedjoin="yes" # standardreplies="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # IRCv3 account-tag module. Adds the 'account' tag which contains the # user account name of the message sender. #<module name="ircv3_accounttag"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # IRCv3 batch module: Provides the batch IRCv3 extension which allows # the server to inform a client that a group of messages are related to # each other. #<module name="ircv3_batch"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # IRCv3 cap-notify module: Provides the cap-notify IRCv3 extension. # Required for IRCv3 conformance. #<module name="ircv3_capnotify"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # IRCv3 chghost module: Provides the chghost IRCv3 extension which # allows capable clients to learn when the username or hostname of a # user changes # This module is compatible with the hostcycle module. If both are # loaded, clients supporting the chghost extension will get the chghost # message and won't receive a host cycle. #<module name="ircv3_chghost"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # IRCv3 client-to-client tags module: Provides the message-tags IRCv3 # extension which allows clients to add extra data to their messages. # This is used to support new IRCv3 features such as replies and ids. #<module name="ircv3_ctctags"> # # If you want to only allow client tags that are intended for processing # by the server you can disable the following setting. Doing this is not # recommended though as it may break clients. #<ctctags allowclientonlytags="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # IRCv3 echo-message module: Provides the echo-message IRCv3 # extension which allows capable clients to get an acknowledgement when # their messages are delivered and learn what modifications, if any, # were applied to them. #<module name="ircv3_echomessage"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # IRCv3 invite-notify module: Provides the invite-notify IRCv3 # extension which notifies supporting clients when a user invites # another user into a channel. This respects <security:announceinvites>. #<module name="ircv3_invitenotify"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # IRCv3 labeled-response module: Provides the labeled-response IRCv3 # extension which allows server responses to be associated with the # client message which caused them to be sent. #<module name="ircv3_labeledresponse"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # IRCv3 message id module: Provides the msgid IRCv3 extension which # adds a unique identifier to each message when the message-tags cap # has been requested. This enables support for modern features such as # reactions and replies. #<module name="ircv3_msgid"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # IRCv3 server-time module. Adds the 'time' tag which adds a timestamp # to all messages received from the server. #<module name="ircv3_servertime"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # IRCv3 Strict Transport Security module: Provides the sts IRCv3 # extension which allows clients connecting insecurely to upgrade their # connections to TLS. #<module name="ircv3_sts"> # # If using the ircv3_sts module you MUST define a STS policy to send # to clients using the <sts> tag. This tag takes the following # attributes: # # host - A glob match for the SNI hostname to apply this policy to. # duration - The amount of time that the policy lasts for. Defaults to # five minutes by default. You should raise this to a month # or two once you know that your config is valid. # port - The port on which TLS connections to the server are being # accepted. You MUST have a CA-verified certificate on this # port. Self signed certificates are not acceptable. # preload - Whether client developers can include your certificate in # preload lists. # # <sts host="*.example.com" duration="5m" port="6697" preload="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Join flood module: Adds support for join flood protection +j X:Y. # Closes the channel for N seconds if X users join in Y seconds. #<module name="joinflood"> # # duration: The number of seconds to close a channel for when it is # being flooded with joins. # # bootwait: The number of seconds to disengage joinflood for after # a server boots. This allows users to reconnect without # being throttled by joinflood. # # splitwait: The number of seconds to disengage joinflood for after # a server splits. This allows users to reconnect without # being throttled by joinflood. # # notifyrank: The lowest prefix rank that should receive notification # that the channel is closed to new users. This can be set # to 0 for all users, 10000 for voiced users (+v) and above, # 30000 for channel operators (+o), or the value specified # in <customprefix:rank> for any custom prefix rank. # #<joinflood duration="1m" # bootwait="30s" # splitwait="30s" # notifyrank="0"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Anti auto rejoin: Adds support for prevention of auto-rejoin (+J). #<module name="kicknorejoin"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Knock module: Adds the /KNOCK command and channel mode +K. #<module name="knock"> # # This setting specifies what to do when someone successfully /KNOCKs. # If set to "notice", then a NOTICE will be sent to the channel. # This is the default and the compatible setting, as it requires no # special support from the clients. # If set to "numeric" then a 710 numeric will be sent to the channel. # This allows easier scripting but not all clients support it. # If set to "both" then (surprise!) both will be sent. #<knock notify="notice"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # LDAP module: Allows other SQL modules to access a LDAP database # through a unified API. # # This module depends on a third-party library (OpenLDAP) and may need # to be manually enabled at build time. If you are building from source # you can do this by installing this dependency and running: # # ./configure --enable-extras ldap # make install # # Users of binary packages should consult the documentation for their # package to find out whether this module is available. #<module name="ldap"> # #<database module="ldap" id="ldapdb" server="ldap://localhost" binddn="cn=Manager,dc=inspircd,dc=org" bindauth="mysecretpass" searchscope="subtree"> # The server parameter indicates the LDAP server to connect to. The # # ldap:// style scheme before the hostname proper is MANDATORY. # # # # The binddn and bindauth indicate the DN to bind to for searching, # # and the password for the distinguished name. Some LDAP servers will # # allow anonymous searching in which case these two values do not # # need defining, otherwise they should be set similar to the examples # # above. # # # # The searchscope value indicates the subtree to search under. On our # # test system this is 'subtree'. Your mileage may vary. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # LDAP authentication module: Adds the ability to authenticate users # # via LDAP. # #<module name="ldapauth"> # # # Configuration: # # # # <ldapauth dbid="ldapdb" # # baserdn="ou=People,dc=brainbox,dc=cc" # # attribute="uid" # # killreason="Access denied" # # verbose="yes" # # host="$uid.$ou.inspircd.org" # # field="nickname"> # # # # <ldapexemption mask="*!*@10.42.0.0/16"> # # <ldapexemption mask="Guest*!*@*"> # # # # <ldaprequire attribute="attr" value="val"> # # # # The baserdn indicates the base DN to search in for users. Usually # # this is 'ou=People,dc=yourdomain,dc=yourtld'. # # # # The attribute value indicates the attribute which is used to locate # # a user account by name. On POSIX systems this is usually 'uid'. # # # # The field setting chooses where to select the LDAP username from. # # Valid options are "nickname", "username", and "password". # # # # Killreason indicates the QUIT reason to give to users if they fail # # to authenticate. # # # # Setting the verbose value causes an oper notice to be sent out for # # every failed authentication to the server, with an error string. # # # # ldapwhitelist indicates that clients connecting from an IP in the # # provided CIDR do not need to authenticate against LDAP. It can be # # repeated to whitelist multiple CIDRs. # # # # ldaprequire allows further filtering on the LDAP user, by requiring # # certain LDAP attributes to have a given value. It can be repeated, # # in which case the list will act as an OR list, that is, the # # authentication will succeed if any of the requirements in the list # # is satisfied. # # # # host allows you to change the displayed host of users connecting # # from ldap. The string supplied takes formatters which are replaced # # from the DN. For instance, if your DN looks like: # # uid=w00t,ou=people,dc=inspircd,dc=org, then the formatters uid, ou # # and dc will be available to you. If a key is given multiple times # # in the DN, the last appearance will take precedence. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # LDAP oper configuration module: Adds the ability to authenticate # # opers via LDAP. # #<module name="ldapoper"> # # # Configuration: # # # # <ldapoper dbid="ldapdb" # baserdn="ou=People,dc=brainbox,dc=cc" # attribute="uid"> # # # Available configuration items are identical to the same items in # # ldapauth above (except for the verbose setting, that is only # # supported in ldapauth). # # Please always specify a password in your <oper> tags even if the # # opers are to be authenticated via LDAP, so in case this module is # # not loaded the oper accounts are still protected by a password. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # JSON logging module: Allows writing messages to a JSON file. # # # # This module depends on a third-party library (yyjson or RapidJSON) # # and may need to be manually enabled at build time. If you are # # building from source you can do this by installing this dependency # # and running: # # # # ./configure --enable-extras log_json # # make install # # # # Users of binary packages should consult the documentation for their # # package to find out whether this module is available. # #<module name="log_json"> # #<log method="json" # target="inspircd.json" # level="normal" # type="* -USERINPUT -USEROUTPUT"> # #<log method="json-stderr" # level="normal" # type="* -USERINPUT -USEROUTPUT"> # #<log method="json-stdout" # level="normal" # type="* -USERINPUT -USEROUTPUT"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SQL logging module: Allows writing messages to an SQL database.. # #<module name="log_sql"> # # This module adds the following fields to the <log> tag: # # dbid - The id for the <database> tag that defines your database # connection details. # query - A custom query to use when inserting logs into the database. # #<log method="sql" # level="normal" # type="* -USERINPUT -USEROUTPUT" # dbid="sql-log" # query="INSERT INTO ircd_log (time, type, message) VALUES (FROM_UNIXTIME($time), '$type', '$message');"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Syslog logging module: Allows writing messages to the system log. # # # # This module depends on a POSIX component (syslog) and may need to # # be manually enabled at build time. If you are building from source # # you can do this by running: # # # # ./configure --enable-extras log_syslog # # make install # # # # Users of binary packages should consult the documentation for their # # package to find out whether this module is available. # #<module name="log_syslog"> # #<log method="syslog" # level="normal" # type="* -USERINPUT -USEROUTPUT"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Map hiding module: replaces /MAP and /LINKS output to users with a # # message to see a website, set by maphide="https://test.org/map" in # # the <security> tag, instead. # #<module name="maphide"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # MD5 module: Allows other modules to generate MD5 hashes, usually for # cryptographic uses and security. This module is deprecated and will # be removed in the next major version of InspIRCd. # # IMPORTANT: # Other modules such as cloak_md5 and password_hash may rely on # this module being loaded to function. # #<module name="md5"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Message flood module: Adds message/notice flood protection via # channel mode +f. #<module name="messageflood"> # # The weight to give each message type. TAGMSGs are considered to be # 1/5 of a NOTICE or PRIVMSG to avoid users being accidentally flooded # out of a channel by automatic client features such as typing # notifications. #<messageflood message="Message flood detected (trigger is %messages% messages in %duration%)" # extended="yes" # notice="1.0" # privmsg="1.0" # tagmsg="0.2"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Monitor module: Adds support for MONITOR which is used by clients to # maintain notify lists. #<module name="monitor"> # # Set the maximum number of entries on a user's monitor list below. #<monitor maxentries="30"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Multiple prefix module: Provides support for the IRCv3 multi-prefix # capability which allows clients to see all the prefix modes set on a # user. #<module name="multiprefix"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Muteban: Implements extended ban 'm', which stops anyone matching # a mask like +b m:nick!user@host from speaking on channel. #<module name="muteban"> # # If notifyuser is set to no, the user will not be notified when # their message is blocked. #<muteban notifyuser="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # MySQL module: Allows other SQL modules to access MySQL databases # through a unified API. # # This module depends on a third-party library (libmysqlclient) and may # need to be manually enabled at build time. If you are building from # source you can do this by installing this dependency and running: # # ./configure --enable-extras mysql # make install # # Users of binary packages should consult the documentation for their # package to find out whether this module is available. #<module name="mysql"> # #-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# # # # mysql is more complex than described here, see the docs for more # # info: https://docs.inspircd.org/4/modules/mysql # # #<database module="mysql" name="mydb" user="myuser" pass="mypass" host="localhost" id="my_database2" ssl="no"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Named modes module: Allows for the display and set/unset of channel # modes via long-form mode names via +Z and the /PROP command. # For example, to set a ban, do /MODE #channel +Z ban=foo!bar@baz or # /PROP #channel ban=foo!bar@baz #<module name="namedmodes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Nickchange flood protection module: Provides channel mode +F X:Y # which allows up to X nick changes in Y seconds. #<module name="nickflood"> # # The time period to prevent nick changes for: #<nickflood duration="1m"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Nicklock module: Let opers change a user's nick and then stop that # user from changing their nick again until unlocked. # This module is oper-only. # To use, NICKLOCK and NICKUNLOCK must be in one of your oper class blocks. #<module name="nicklock"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # No CTCP module: Adds the channel mode +C and user mode +T to block # CTCPs and extban 'C' to block CTCPs sent by specific users. #<module name="noctcp"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # No kicks module: Adds the +Q channel mode and the Q: extban to deny # certain users from kicking. #<module name="nokicks"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # No nicks module: Adds the +N channel mode, as well as the 'N' extban. # +N stops all users from changing their nick, the N extban stops # anyone from matching a +b N:nick!user@host mask from changing their # nick. #<module name="nonicks"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # No notice module: Adds the channel mode +T and the extban 'T' to # block specific users from noticing the channel. #<module name="nonotice"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Network business join module: # Allows an oper to join a channel using /OJOIN, giving them +Y on the # channel which makes them immune to kicks. #<module name="ojoin"> # # Specify the prefix that +Y will grant here. # Leave 'prefix' empty if you do not wish +Y to grant a prefix. # If 'notice' is set to on, upon /OJOIN, the server will notice the # channel saying that the oper is joining on network business. # If 'op' is set to on, it will give them +o along with +Y. #<ojoin prefix="!" notice="yes" op="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper channels mode: Adds the +O channel mode which restricts channel # access to server operators and extbans O:<type> and o:<account> that # match against an oper type and oper account respectively. #<module name="operchans"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper join module: Auto-joins opers to a channel upon oper-up. # This module is oper-only. For the user equivalent, see the conn_join # module. #<module name="operjoin"> # #-#-#-#-#-#-#-#-#-#-# OPERJOIN CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # # If you are using the operjoin module, specify options here: # # # # channel - The channel name to join, can also be a comma # # separated list e.g. "#channel1,#channel2". # # # # override - If on, lets the oper join walking thru any modes # # that might be set, even bans. # # # #<operjoin channel="#channel" override="no"> # # Alternatively you can use the autojoin="channellist" in a <type> # # tag to set specific autojoins for a type of oper, for example: # # #<type name="Helper" autojoin="#help" classes="..."> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper levels module: Gives each oper a level and prevents actions # being taken by lower level opers against higher level opers. # Specify the level as the 'level' parameter of the <type> tag. # This module is oper-only. #<module name="operlevels"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper log module: Logs all oper commands to the server log (with log # type "m_operlog" at default loglevel), and optionally to the 'o' # snomask. # This module is oper-only. #<module name="operlog"> # # If the following option is on then all oper commands will be sent to # the snomask 'o'. The default is no. #<operlog tosnomask="no"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper modes module: Allows you to specify modes to add/remove on oper. # Specify the modes as the 'modes' parameter of the <type> tag # and/or as the 'modes' parameter of the <oper> tag. # This module is oper-only. For the user equivalent, see the # conn_umodes module. #<module name="opermodes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper MOTD module: Provides support for a separate message of the day # on oper-up. # This module is oper-only. #<module name="opermotd"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Oper prefixing module: Adds a channel prefix mode +y which is given # to all server operators automatically on all channels they are in. # This prefix mode is more powerful than channel op and other regular # prefix modes. # # Load this module if you want all your server operators to have # channel operator powers. #<module name="operprefix"> # # You may additionally customise the prefix character. #<operprefix prefix="!"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Op moderated module: Adds channel mode +U and extban u: which allow # making messages from matching unprivileged users only visible to # channel operators. #<module name="opmoderated"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Override module: Adds support for oper override. # This module is oper-only. #<module name="override"> # #-#-#-#-#-#-#-#-#-#-# OVERRIDE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # # Much of override's configuration relates to your oper blocks. # # For more information on how to allow opers to override, see: # # https://docs.inspircd.org/4/modules/override # # # # noisy - If enabled, all oper overrides will be announced # # via channel notice. # # # # requirekey - If enabled, overriding on join requires a channel # # key of "override" to be specified. # # # # timeout: The time period after which to automatically remove # # the override user mode. If not set then it will not # # be removed automatically. # # # #<override noisy="yes" # requirekey="no" # timeout="30m"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Password forwarding module: Allows forwarding passwords to services to # automatically log users into their account. The password can either be # specified as the server password or as a second parameter to the /NICK # command. #<module name="passforward"> <passforward # nick: The nick of the service to forward passwords to. nick="NickServ" # forwardmsg: Message to send to users when forwarding their # password. You can use the following variables in this message: # # %nick% The nickname of the authenticating user. # %nickrequired% The nickname of the service to forward to (see above). # %pass% The password to forward to services. # %user% The username of the authenticating user. forwardmsg="NOTICE %nick% :*** Forwarding password to %nickrequired%" # cmd: The message to send to forward passwords to services. cmd="SQUERY %nickrequired% :IDENTIFY %nick% %pass%"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Password hash module: Allows hashed passwords to be used. # To be useful, a hashing module like bcrypt also needs to be loaded. #<module name="password_hash"> # #-#-#-#-#-#-#-#-#-# PASSWORD HASH CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# # # To use this module, you must define a hash type for each oper's # password you want to hash. For example: # # <oper name="Brain" # host="brain@dialup15.isp.test.com" # hash="bcrypt" # password="$2a$10$Mss9AtHHslZTLBrXqM0FB.JBwD.UTSu8A48SfrY9exrpxbsRiRTbO" # type="NetAdmin"> # # If you are using a hash algorithm which does not perform salting you can use # HMAC to salt your passwords in order to prevent them from being looked up in # a rainbow table. # # hash="hmac-sha256" password="lkS1Nbtp$CyLd/WPQXizsbxFUTqFRoMvaC+zhOULEeZaQkUJj+Gg" # # Generate hashes using the /MKPASSWD command on the server. # Don't run it on a server you don't trust with your password. # # You can also make the MKPASSWD command oper only by uncommenting this: #<mkpasswd operonly="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # PBKDF2 module: Allows other modules to generate PBKDF2 hashes, # usually for cryptographic uses and security. # This module relies on other hash providers (e.g. SHA2). #<module name="pbkdf2"> # # iterations: Iterations the hashing function runs when generating new # hashes. # length: Length in bytes of the derived key. #<pbkdf2 iterations="12288" length="32"> # You can override these values with specific values # for specific providers if you want to. Example given for SHA2. #<pbkdf2prov hash="sha256" iterations="24576"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Permanent channels module: Channels with the permanent channel mode # will remain open even after everyone else has left the channel, and # therefore keep things like modes, ban lists and topic. Permanent # channels -may- need support from your Services package to function # properly with them. This adds channel mode +P. # This module is oper-only. #<module name="permchannels"> # # If you like, this module can write a config file of permanent channels # whenever +P is set, unset, or the topic/modes on a +P channel is changed. # If you want to do this, set the filename below, and uncomment the include. # # If 'listmodes' is yes then all list modes (+b, +I, +e, +g...) will be # saved. Defaults to no. # # 'saveperiod' determines how often to check if the database needs to be # saved to disk. Defaults to every five seconds. # # 'backoff' is the value to multiply the saveperiod by every time a save # fails. When the save succeeds the period will be reset. # # 'maxbackoff' is the maximum write period that should be allowed even # if incremental backoff is enabled. # # 'operonly' determines whether a server operator or services server is # needed to enable the permchannels mode. You should generally keep this # set to yes unless you know what you are doing. #<permchanneldb filename="permchannels.conf" # listmodes="yes" # saveperiod="5s" # backoff="2" # maxbackoff="5m" # operonly="yes"> #<include file="permchannels.conf" missingokay="yes"> # # You may also create channels on startup by using the <permchannels> block. #<permchannels channel="#opers" modes="isP" topic="Opers only."> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # PostgreSQL module: Allows other SQL modules to access PgSQL databases # through a unified API. # # This module depends on a third-party library (libpq) and may need to # be manually enabled at build time. If you are building from source # you can do this by installing this dependency and running: # # ./configure --enable-extras pgsql # make install # # Users of binary packages should consult the documentation for their # package to find out whether this module is available. #<module name="pgsql"> # #-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# # # # pgsql is more complex than described here, see the docs for # # more: https://docs.inspircd.org/4/modules/pgsql # # #<database module="pgsql" name="mydb" user="myuser" pass="mypass" host="localhost" id="my_database" tls="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Random quote module: Provides a random quote on connect. # NOTE: Some of these may mimic fatal errors and confuse users and # opers alike - BEWARE! #<module name="randquote"> # #-#-#-#-#-#-#-#-#-#- RANDOMQUOTES CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # # Optional - If you specify to use the randquote module, then specify # # below the path to the quotes file. # # # #<randquote file="quotes.txt"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Real name ban: Implements two extended bans: # # 'a', which matches a n!u@h+realname mask like +b a:*!*@host+*real* # # 'r', which matches a realname mask like +b r:*realname?here* # #<module name="realnameban"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Redirect module: Adds channel mode +L which redirects users to # # another channel when the channel has reached its user limit and # # user mode +L which stops redirection. # #<module name="redirect"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Regular expression provider for glob or wildcard (?/*) matching. # You must have at least 1 provider loaded to use the filter or R-line # modules. This module has no additional requirements, as it uses the # matching already present in InspIRCd core. #<module name="regex_glob"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Regular expression provider for PCRE2 (Perl-Compatible Regular # Expressions). You need libpcre2 installed to compile and load this # module. You must have at least 1 provider loaded to use the filter or # R-line modules. #<module name="regex_pcre2"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Regular expression provider for POSIX regular expressions. # You shouldn't need any additional libraries on a POSIX-compatible # system (i.e.: any Linux, BSD, but not Windows). You must have at # least 1 provider loaded to use the filter or R-line modules. # On POSIX-compliant systems, regex syntax can be found by using the # command: 'man 7 regex'. #<module name="regex_posix"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Regular Expression Provider for RE2 Regular Expressions. # You need libre2 installed and in your include/library paths in order # to compile and load this module. #<module name="regex_re2"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Regular expression provider for C++11 std::regex regular expressions. #<module name="regex_stdlib"> # # Specify the regular expression engine to use here. Valid settings are # bre, ere, awk, grep, egrep, ecmascript (default if not specified). #<stdregex type="ecmascript"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Remove module: Adds the /REMOVE command which is a peaceful # alternative to /KICK. #<module name="remove"> # # supportnokicks: If yes, /REMOVE is not allowed on channels where the # nokicks (+Q) mode is set. Defaults to no. # protectedrank: Members having this rank or above may not be /REMOVE'd # by anyone. Set to 0 to disable this feature. Defaults to 50000. #<remove supportnokicks="yes" protectedrank="50000"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Repeat module: Allows to block, kick or ban upon similar messages # being uttered several times. Provides channel mode +E. # # Syntax: [~|*]<lines>:<duration>[:<difference>][:<backlog>] # ~ is to block, * is to ban, default is kick. # lines - In mode 1, the amount of lines that has to match consecutively. # In mode 2, the size of the backlog to keep for matching. # seconds - How old the message has to be before it's invalidated. # difference - Edit distance, in percent, between two strings to trigger on. # backlog - When set, the function goes into mode 2. In this mode the # function will trigger if this many of the last <lines> matches. # # As this module can be rather CPU-intensive, it comes with some options. # maxbacklog - Maximum size that can be specified for backlog. 0 disables # multiline matching. # maxdistance - Max percentage of difference between two lines we'll allow # to match. Set to 0 to disable edit-distance matching. # maxlines - Max lines of backlog to match against. # maxtime - Maximum period of time a user can set. 0 to allow any. # size - Maximum number of characters to check for, can be used to # truncate messages before they are checked, resulting in # less CPU usage. Increasing this beyond 512 doesn't have # any effect, as the maximum length of a message on IRC # cannot exceed that. # kickmessage - Kick message when * is specified #<repeat maxbacklog="20" # maxdistance="50" # maxlines="20" # maxtime="0s" # size="512" # extended="yes" # message="Repeat flood detected (trigger is %lines% messages in %duration%)"> #<module name="repeat"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Restricted channels module: Allows only opers with the # channels/restricted-create priv and/or registered users to # create channels. # # You probably *DO NOT* want to load this module on a public network. # #<module name="restrictchans"> # # allowregistered: should registered users be allowed to bypass the restrictions? #<restrictchans allowregistered="no"> # # Allow any channel matching #user-* to be created, bypassing restrictchans checks #<allowchannel name="#user-*"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Restrict message module: Allows users to only message opers. # # You probably *DO NOT* want to load this module on a public network. # #<module name="restrictmsg"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # R-line module: Ban users through regular expression patterns. #<module name="rline"> # #-#-#-#-#-#-#-#-#-#-#-#- RLINE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# # # If you wish to re-check a user when they change nickname (can be # useful under some situations, but *can* also use CPU with more users # on a server) then set 'matchonnickchange' to yes. # If you additionally want Z-lines to be added on matches, then # set 'zlineonmatch' to yes. # Also, this is where you set what Regular Expression engine is to be # used. If you ever change it while running, all of your R-lines will # be wiped. This is the regex engine used by all R-lines set, and # regex_<engine> must be loaded, or rline will be non-functional # until you load it or change the engine to one that is loaded. # #<rline matchonnickchange="yes" zlineonmatch="no" engine="stdregex"> # # Generally, you will NOT want to use 'glob' here, as this turns an # R-line into just another G-line. The exceptions are that R-lines will # always use the full "nick!user@host realname" string, rather than only # user@host, but beware that only the ? and * wildcards are available, # and are the only way to specify where the space can occur if you do # use glob. For this reason, is recommended to use a real regex engine # so that at least \s or [[:space:]] is available. #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # RMODE module: Adds the /RMODE command. # Allows channel operators to remove list modes en masse, optionally # matching a glob-based pattern. # Syntax: /RMODE <channel> <mode> [<pattern>] # E.g. '/RMODE #channel b m:*' will remove all mute extbans on the channel. #<module name="rmode"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SAJOIN module: Adds the /SAJOIN command which forcibly joins a user # to the given channel. # This module is oper-only. # To use, SAJOIN must be in one of your oper class blocks. # Opers need the users/sajoin-others priv to be able to /SAJOIN users # other than themselves. #<module name="sajoin"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SAKICK module: Adds the /SAKICK command which kicks a user from the # given channel. # This module is oper-only. # To use, SAKICK must be in one of your oper class blocks. #<module name="sakick"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SAMODE module: Adds the /SAMODE command which allows server operators # to change modes on a channel without requiring them to have any # channel privileges. Also allows changing user modes for any user. # This module is oper-only. # To use, SAMODE must be in one of your oper class blocks. #<module name="samode"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SANICK module: Adds the /SANICK command which allows opers to change # users' nicks. # This module is oper-only. # To use, SANICK must be in one of your oper class blocks. #<module name="sanick"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SAPART module: Adds the /SAPART command which forcibly parts a user # from a channel. # This module is oper-only. # To use, SAPART must be in one of your oper class blocks. #<module name="sapart"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SAQUIT module: Adds the /SAQUIT command which forcibly quits a user. # This module is oper-only. # To use, SAQUIT must be in one of your oper class blocks. #<module name="saquit"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SASL authentication module: Provides support for IRC Authentication # Layer via AUTHENTICATE. Note: You also need to have cap loaded # for SASL to work. #<module name="sasl"> # You must define <sasl:target> to the name of your services server so # that InspIRCd knows where to send SASL authentication messages and # when it should enable the SASL capability. # You can also define <sasl:requiressl> to require users to use TLS # in order to be able to use SASL. #<sasl target="services.mynetwork.com" # requiressl="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SATOPIC module: Adds the /SATOPIC command which allows changing the # topic on a channel without requiring any channel privileges. # This module is oper-only. # To use, SATOPIC must be in one of your oper class blocks. #<module name="satopic"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Secure list module: Prevent users from using the /LIST command until # a predefined period has passed. This helps protect your network from # spambots. #<module name="securelist"> # #-#-#-#-#-#-#-#-#-# SECURELIST CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# # # # Securelist can be harmful to some IRC search engines. To prevent # # securelist blocking these sites from listing, define exception tags # # as shown below: # #<securehost exception="*@*.netsplit.de"> # # # exemptregistered - Whether the waiting period applies to users who # # are logged in to a user account. # # Defaults to no. # # # # fakechans - The number of fake channels to show in /LIST. This can # # be used to break spambots. # # # # fakechanprefix - The prefix for the fake channels. A random suffix # # will be appended to this when generating channels. # # # # fakechantopic - The topic for the fake channels. A random format # # modifier will be inserted into this for randomness. # # # # hidesmallchans - The minimum user count for a channel to show up in # # /LIST after the wait period (see below). If a user # # is exempt from the wait period this will not apply # # to them. # # # # showmsg - Whether to tell users that they need to wait for a while # # before they can use the /LIST command. # # Defaults to no. # # # # waittime - The time period that a user must be connected for before # # they can use the /LIST command. If exemptregistered is # # enabled you can set this to 0 to disable unauthenticated # # users from viewing the channel list. # # Defaults to 1 minute. # # # #<securelist exemptregistered="yes" # fakechans="5" # fakechanprefix="#spam" # fakechantopic="Fake channel for confusing spambots" # hidesmallchans="0" # showmsg="yes" # waittime="1m"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # See nicks module: Adds snomask +n and +N which show local and remote # nick changes. # This module is oper-only. #<module name="seenicks"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Serverban: Implements extended ban 's', which stops anyone connected # to a server matching a mask like +b s:server.mask.here from joining. # Wildcards are accepted. #<module name="serverban"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Services integration module: Adds various features which enable # integrating with a third-party services pseudoserver like Anope or # Atheme. #<module name="services"> # #-#-#-#-#-#-#-#-#-#-#-#- SERVICES CONFIGURATION -#-#-#-#-#-#-#-#-#-#-# # # # accountoverrideshold - Whether to allow users that are logged in # # to an account that has a services-held nick # # in their group to override the SVSHOLD. # # Defaults to no. # # # # disablemodes - Whether channel mode `r` (registered) and # # user mode `r` (u_registered) are disabled. # # These modes are deprecated in InspIRCd v4 # # but may still be needed by older services # # software. Anope 2.1 is known to work with # # this enabled. Defaults to no. # # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # # <servicesintegration accountoverrideshold="yes" # disablemodes="no"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Sethost module: Adds the /SETHOST command. # This module is oper-only. # To use, SETHOST must be in one of your oper class blocks. # See the chghost module for how to customise valid chars for hostnames. #<module name="sethost"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Setident module: Adds the /SETIDENT command. # This module is oper-only. # To use, SETIDENT must be in one of your oper class blocks. #<module name="setident"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Set idle module: Adds a command for opers to change their idle time. # This module is oper-only. # To use, SETIDLE must be in one of your oper class blocks. #<module name="setidle"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SETNAME module: Adds the /SETNAME command. #<module name="setname"> # #-#-#-#-#-#-#-#-#-#-#-#- SETNAME CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # # # operonly - Whether the SETNAME command should only be usable by # # server operators. Defaults to no. # # # # notifyopers - Whether to send a snotice to snomask `a` when a user # # changes their real name. Defaults to to yes if # # oper-only and no if usable by everyone. # # # #<setname notifyopers="yes" # operonly="no"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SHA1 module: Allows other modules to generate SHA1 hashes. # Required by the WebSocket module. #<module name="sha1"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SHA2 module: Allows other modules to generate SHA2 hashes, # usually for cryptographic uses and security. # # IMPORTANT: # Other modules such as password_hash may rely on this module being # loaded to function. Certain modules such as spanningtree will # function without this module but when it is loaded their features will # be enhanced (for example the addition of HMAC authentication). # #<module name="sha2"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Showfile: Provides support for showing a text file to users when # # they enter a command. # # This module adds one command for each <showfile> tag that shows the # # given file to the user as a series of messages or numerics. # #<module name="showfile"> # # #-#-#-#-#-#-#-#-#-#-# SHOWFILE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# # # # name - The name of the command which displays this file. This is # # the only mandatory setting, all others are optional. # # file - The text file to be shown to the user. # # By default same as the command name. # # method - How should the file be shown? # # * numeric: Send contents using a numeric # # (similar to /MOTD; the default). # # * notice: Send contents as a series of notices. # # * msg: Send contents as a series of private messages. # # # # When using the method "numeric", the following extra settings are # # available: # # # # introtext - Introductory line, "Showing <name>" by default. # # intronumeric - Numeric used for the introductory line. # # numeric - Numeric used for sending the text itself. # # endtext - Ending line, "End of <name>" by default. # # endnumeric - Numeric used for the ending line. # # # #<showfile name="RULES" # file="rules.txt" # introtext="Server rules:" # endtext="End of server rules."> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Show whois module: Adds the +W user mode which allows opers to see # when they are /WHOIS'd. # This module is oper-only by default. #<module name="showwhois"> # # If you wish, you may also let users set this mode. #<showwhois opersonly="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Shun module: Provides the /SHUN command, which stops a user from # executing all except configured commands. # This module is oper-only. # To use, SHUN must be in one of your oper class blocks. #<module name="shun"> # # Configuration: # # allowconnect: Whether to only apply shuns to users who are fully # connected to the server. # # allowtags: Whether to allow client tags to be attached to enabled # commands. # # cleanedcommands: The commands that, if enabled, should be cleaned # of any message content if a shunned user tries to # execute them. # # enabledcommands: The commands that a shunned user is allowed to # execute. # # notifyuser: Whether to notify shunned users that a command they tried # to execute has been blocked. # #<shun enabledcommands="ADMIN OPER PING PONG QUIT PART JOIN" # cleanedcommands="AWAY PART QUIT" # allowconnect="no" # allowtags="no" # notifyuser="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Silence module: Adds support for the /SILENCE command, which allows # users to have a server-side ignore list for their client. #<module name="silence"> # # Set the maximum number of entries allowed on a user's silence list. #<silence maxentries="32" # # Whether messages from services servers will bypass silence masks. #exemptservice="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # ____ _ _____ _ _ ____ _ _ _ # # | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | # # | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | # # | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| # # |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) # # # # To link servers to InspIRCd, you MUST load the spanningtree module. # # If you don't do this, server links will NOT work at all. # # This is by design, to allow for the implementation of other linking # # protocols in modules in the future. # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Spanning tree module: Allows linking of servers using the spanning # tree protocol (see the READ THIS BIT section above). # You will almost always want to load this. # #<module name="spanningtree"> # # This file has all the information about server links and services servers. # You *MUST* edit it if you intend to link servers. #<include file="&dir.example;/links.example.conf"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SQL authentication module: Allows IRCd connections to be tied into # a database table (for example a forum). # #<module name="sqlauth"> # #-#-#-#-#-#-#-#-#-#-#- SQLAUTH CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # # # sqlauth is too complex to describe here, see the docs: # # https://docs.inspircd.org/4/modules/sqlauth # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SQLite3 module: Allows other SQL modules to access SQLite3 # # databases through a unified API. # # # # This module depends on a third-party library (SQLite) and may need # # to be manually enabled at build time. If you are building from # # source you can do this by installing this dependency and running: # # # # ./configure --enable-extras sqlite3 # # make install # # # # Users of binary packages should consult the documentation for their # # package to find out whether this module is available. # #<module name="sqlite3"> # #-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# # # # sqlite is more complex than described here, see the docs for more # # info: https://docs.inspircd.org/4/modules/sqlite3 # # #<database module="sqlite" hostname="/full/path/to/database.db" id="anytext"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SQL oper module: Allows you to store oper credentials in an SQL # table. You can add additional table columns like you would config # tags in opers.conf. Opers in opers.conf will override opers from # this module. # #<module name="sqloper"> # #-#-#-#-#-#-#-#-#-#-#- SQLOPER CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # # # dbid - Database ID to use (see SQL modules). # # # # See also: https://docs.inspircd.org/4/modules/sqloper # # # #<sqloper dbid="1"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # GnuTLS TLS module: Adds support for TLS connections using GnuTLS, # if enabled. You must answer 'yes' in ./configure when asked or # manually symlink the source for this module from the directory # src/modules/extra, if you want to enable this, or it will not load. #<module name="ssl_gnutls"> # #-#-#-#-#-#-#-#-#-#-#- GNUTLS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # # # ssl_gnutls is too complex to describe here, see the docs: # # https://docs.inspircd.org/4/modules/ssl_gnutls # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # OpenSSL TLS module: Adds support for TLS connections using OpenSSL, # if enabled. You must answer 'yes' in ./configure when asked or symlink # the source for this module from the directory src/modules/extra, if # you want to enable this, or it will not load. #<module name="ssl_openssl"> # #-#-#-#-#-#-#-#-#-#-#- OPENSSL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # # # ssl_openssl is too complex to describe here, see the docs: # # https://docs.inspircd.org/4/modules/ssl_openssl # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # TLS info module: Allows users to retrieve information about other # users' peer TLS certificates and keys via the SSLINFO command. # This can be used by client scripts to validate users. For this to # work either ssl_gnutls or ssl_openssl must be loaded. # This module also adds the "<user> is using a secure connection" # and "<user> has TLS client certificate fingerprint <fingerprint>" # WHOIS lines, the ability for opers to use TLS cert fingerprints to # verify their identity and the ability to force opers to use TLS # connections in order to oper up. It is highly recommended to load # this module if you use TLS on your network. # For how to use the oper features, please see the first # example <oper> tag in opers.example.conf. # #<module name="sslinfo"> # #-#-#-#-#-#-#-#-#-#-#-#- SSLINFO CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-# # # # hash - The IANA Hash Function Name of the hash algorithm # # used for the TLS client fingerprint of WebIRC # # gateway users (requires the gateway module). This # # should be the same algorithm you specified in the # # <sslprofile:hash> field of the TLS profile used for # # user connections. You can prefix the algorithm name # # with spki- to use a Subject Public Key Info (SPKI) # # fingerprint instead of a certificate fingerprint. # # # # localsecure - Whether to treat locally-connected plaintext users # # as if they are connected with TLS. Defaults to yes. # # # # operonly - Whether TLS client certificate info is only visible # # by server operators. Defaults to no. # # # # warnexpiring - If specified then the maximum period of validity # # that can be left on a user's TLS client certificate # # before users are warned about the imminent expiry. # # # # welcomemsg - Whether to send a welcome message to users that are # # connecting using TLS containing their server name, # # ciphersuite and client fingerprint. Defaults to no. # # # #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # #<sslinfo hash="sha-256" # localsecure="yes" # operonly="no" # warnexpiring="1w" # welcomemsg="no"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # TLS mode module: Adds support for TLS-only channels via the '+z' # channel mode, TLS-only private messages via the '+z' user mode and # the 'z:' extban which matches TLS client certificate fingerprints. # # Does not do anything useful without a working TLS module and the # sslinfo module (see below). #<module name="sslmodes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # TLS rehash signal module: Allows the TLS modules to be rehashed by # sending SIGUSR1 to a running InspIRCd process. # # This module depends on a POSIX component (SIGUSR1) and may need to be # manually enabled at build time. If you are building from source you # can do this by running: # # ./configure --enable-extras sslrehashsignal # make install # # Users of binary packages should consult the documentation for their # package to find out whether this module is available. #<module name="sslrehashsignal"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # StartTLS module: Adds support for the IRCv3 tls capability which # # allows clients to upgrade their connection to use TLS. As well as # # this module you should also load one of ssl_gnutls or ssl_openssl # # modules. You may also want to consider using the ircv3_sts module. # #<module name="starttls"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Strip color module: Adds channel mode +S that strips IRC formatting # characters from all messages sent to the channel. #<module name="stripcolor"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # SWHOIS module: Allows you to add arbitrary lines to user WHOIS. # This module is oper-only. # To use, SWHOIS must be in one of your oper class blocks. #<module name="swhois"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Timed bans module: Adds timed channel bans with the /TBAN command. #<module name="timedbans"> # By default, it sends a notice to channel operators when timed ban is # set and when it is removed by server. #<timedbans sendnotice="yes"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Test line module: Adds the /TLINE command, used to test how many # users a /GLINE or /ZLINE etc. would match. # This module is oper-only. # To use, TLINE must be in one of your oper class blocks. #<module name="tline"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # UHNAMES support module: Adds support for the IRCv3 userhost-in-names # capability which displays the username and hostname of users in the # NAMES response. #<module name="uhnames"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Uninvite module: Adds the /UNINVITE command which lets users remove # pending invites from channels without waiting for the user to join. #<module name="uninvite"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Vhost module: Adds the VHOST command which allows for adding virtual # hosts which are accessible using a username and password in the config. #<module name="vhost"> # #-#-#-#-#-#-#-#-#-#-#- VHOST CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-# # # # user - Username for the vhost. # # # # pass - Password for the vhost. # # # # hash - The hash for the specific user (optional) # # password_hash and a hashing module must be loaded for # # this to work. # # # # host - Vhost to set. # # #<vhost user="some_username" pass="some_password" host="some.host.test.cc"> #<vhost user="foo" password="$2a$10$iTuYLT6BRhRlOgzfsW9oPe62etW.oXwSpyKw5rJit64SGZanLXghO" hash="bcrypt" host="some.other.host.example.com"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Watch module: Adds the WATCH command, which is used by clients to # maintain notify lists. #<module name="watch"> # # Set the maximum number of entries on a user's watch list below. #<watch maxwatch="32"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # WebSocket module: Adds WebSocket support. # Specify hook="websocket" in a <bind> tag to make that port accept # WebSocket connections. Compatible with TLS. # Requires SHA-1 hash support available in the sha1 module. #<module name="websocket"> # # defaultmode: The default frame mode if a client does not send a # WebSocket subprotocol. Potential values are "text" to # encode messages as UTF-8 text frames, "binary" to send # messages as raw binary frames, or "reject" to close # connections which do not request a subprotocol. Defaults # to "text". # # proxyranges: A space-delimited list of glob or CIDR matches to trust # the X-Real-IP or X-Forwarded-For headers from. If enabled # the server will use the IP address specified by those HTTP # headers. You should NOT enable this unless you are using # a HTTP proxy like nginx as it will allow IP spoofing. # # allowmissingorigin: Whether to allow connections from clients that # don't send an origin header. These are probably # not web clients so it probably safe to allow this. # Defaults to yes. # # nativeping: Whether to check client connectivity using WebSocket ping # messages instead of IRC ping messages. Defaults to yes. # #<websocket defaultmode="text" # proxyranges="192.0.2.0/24 198.51.100.*" # allowmissingorigin="yes" # nativeping="yes"> # # If you use the websocket module you MUST specify one or more origins # which are allowed to connect to the server. You should set this as # strict as possible to prevent malicious webpages from connecting to # your server. # <wsorigin allow="https://*.example.com"> #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # X-line database: Stores all *-lines (G/Z/K/R/any added by other modules) # in a file which is re-loaded on restart. This is useful # for two reasons: it keeps bans so users may not evade them, and on # bigger networks, server connections will take less time as there will # be a lot less bans to apply - as most of them will already be there. #<module name="xline_db"> # Specify the filename for the xline database and how often to check whether # the database needs to be saved here. #<xlinedb filename="xline.db" # saveperiod="5s" # backoff="2" # maxbackoff="5m">