2016-04-13 00:55:37 +02:00
|
|
|
# oragono IRCd config
|
2016-04-12 07:44:00 +02:00
|
|
|
|
|
|
|
|
# network configuration
|
|
|
|
|
network:
|
|
|
|
|
# name of the network
|
|
|
|
|
name: OragonoTest
|
|
|
|
|
|
|
|
|
|
# server configuration
|
2016-04-12 15:00:09 +02:00
|
|
|
server:
|
|
|
|
|
# server name
|
2016-04-13 00:55:37 +02:00
|
|
|
name: oragono.test
|
2016-04-12 15:00:09 +02:00
|
|
|
|
|
|
|
|
# addresses to listen on
|
|
|
|
|
listen:
|
|
|
|
|
- ":6667"
|
|
|
|
|
- "127.0.0.1:6668"
|
|
|
|
|
- "[::1]:6668"
|
2016-04-13 12:45:09 +02:00
|
|
|
- ":6697" # ssl port
|
2018-02-01 21:53:49 +01:00
|
|
|
# unix domain socket for proxying:
|
|
|
|
|
# - "/tmp/oragono_sock"
|
2016-04-12 15:00:09 +02:00
|
|
|
|
2016-04-28 12:12:23 +02:00
|
|
|
# tls listeners
|
|
|
|
|
tls-listeners:
|
|
|
|
|
# listener on ":6697"
|
|
|
|
|
":6697":
|
|
|
|
|
key: tls.key
|
|
|
|
|
cert: tls.crt
|
2017-04-30 04:35:07 +02:00
|
|
|
|
2017-03-09 10:07:35 +01:00
|
|
|
# strict transport security, to get clients to automagically use TLS
|
|
|
|
|
sts:
|
|
|
|
|
# whether to advertise STS
|
|
|
|
|
#
|
|
|
|
|
# to stop advertising STS, leave this enabled and set 'duration' below to "0". this will
|
|
|
|
|
# advertise to connecting users that the STS policy they have saved is no longer valid
|
2017-03-09 10:12:53 +01:00
|
|
|
enabled: false
|
2017-03-09 10:07:35 +01:00
|
|
|
|
|
|
|
|
# how long clients should be forced to use TLS for.
|
2017-03-09 10:15:32 +01:00
|
|
|
# setting this to a too-long time will mean bad things if you later remove your TLS.
|
|
|
|
|
# the default duration below is 1 month, 2 days and 5 minutes.
|
|
|
|
|
duration: 1mo2d5m
|
2017-03-09 10:07:35 +01:00
|
|
|
|
|
|
|
|
# tls port - you should be listening on this port above
|
|
|
|
|
port: 6697
|
|
|
|
|
|
|
|
|
|
# should clients include this STS policy when they ship their inbuilt preload lists?
|
|
|
|
|
preload: false
|
2016-04-12 15:00:09 +02:00
|
|
|
|
2016-06-30 11:28:34 +02:00
|
|
|
# use ident protocol to get usernames
|
|
|
|
|
check-ident: true
|
|
|
|
|
|
2016-04-12 15:00:09 +02:00
|
|
|
# password to login to the server
|
2016-04-13 00:55:37 +02:00
|
|
|
# generated using "oragono genpasswd"
|
2016-04-12 15:00:09 +02:00
|
|
|
#password: ""
|
|
|
|
|
|
|
|
|
|
# motd filename
|
2016-04-12 08:34:47 +02:00
|
|
|
# if you change the motd, you should move it to ircd.motd
|
|
|
|
|
motd: oragono.motd
|
2016-04-12 15:00:09 +02:00
|
|
|
|
2017-10-08 12:17:49 +02:00
|
|
|
# motd formatting codes
|
|
|
|
|
# if this is true, the motd is escaped using formatting codes like $c, $b, and $i
|
|
|
|
|
#motd-formatting: true
|
|
|
|
|
|
2017-09-11 07:04:08 +02:00
|
|
|
# addresses/hostnames the PROXY command can be used from
|
2018-02-01 21:53:49 +01:00
|
|
|
# this should be restricted to 127.0.0.1/8 and localhost at most
|
2017-09-11 08:50:41 +02:00
|
|
|
# you should also add these addresses to the connection limits and throttling exemption lists
|
|
|
|
|
proxy-allowed-from:
|
|
|
|
|
# - localhost
|
|
|
|
|
# - "127.0.0.1"
|
2018-02-01 21:53:49 +01:00
|
|
|
# - "127.0.0.1/8"
|
2017-09-11 07:04:08 +02:00
|
|
|
|
2017-10-15 08:18:14 +02:00
|
|
|
# controls the use of the WEBIRC command (by IRC<->web interfaces, bouncers and similar)
|
|
|
|
|
webirc:
|
|
|
|
|
# one webirc block -- should correspond to one set of gateways
|
|
|
|
|
-
|
2017-10-16 00:47:49 +02:00
|
|
|
# tls fingerprint the gateway must connect with to use this webirc block
|
|
|
|
|
fingerprint: 938dd33f4b76dcaf7ce5eb25c852369cb4b8fb47ba22fc235aa29c6623a5f182
|
|
|
|
|
|
2017-10-15 08:18:14 +02:00
|
|
|
# password the gateway uses to connect, made with oragono genpasswd
|
|
|
|
|
password: JDJhJDA0JG9rTTVERlNRa0hpOEZpNkhjZE95SU9Da1BseFdlcWtOTEQxNEFERVlqbEZNTkdhOVlYUkMu
|
|
|
|
|
|
|
|
|
|
# hosts that can use this webirc command
|
|
|
|
|
hosts:
|
|
|
|
|
# - localhost
|
|
|
|
|
# - "127.0.0.1"
|
2018-02-01 21:53:49 +01:00
|
|
|
# - "127.0.0.1/8"
|
2017-10-15 08:18:14 +02:00
|
|
|
# - "0::1"
|
|
|
|
|
|
2017-03-13 23:12:39 +01:00
|
|
|
# maximum length of clients' sendQ in bytes
|
2017-03-23 03:12:39 +01:00
|
|
|
# this should be big enough to hold /LIST and HELP replies
|
2017-03-13 23:12:39 +01:00
|
|
|
max-sendq: 16k
|
|
|
|
|
|
2016-10-23 15:05:00 +02:00
|
|
|
# maximum number of connections per subnet
|
|
|
|
|
connection-limits:
|
2017-10-09 19:48:58 +02:00
|
|
|
# whether to enforce connection limits or not
|
2017-01-12 08:40:01 +01:00
|
|
|
enabled: true
|
|
|
|
|
|
2017-04-30 04:35:07 +02:00
|
|
|
# how wide the cidr should be for IPv4
|
2017-10-02 05:59:02 +02:00
|
|
|
cidr-len-ipv4: 32
|
2016-10-23 15:05:00 +02:00
|
|
|
|
|
|
|
|
# how wide the cidr should be for IPv6
|
2017-10-02 05:59:02 +02:00
|
|
|
cidr-len-ipv6: 64
|
2016-10-23 15:05:00 +02:00
|
|
|
|
2018-02-25 11:17:39 +01:00
|
|
|
# maximum concurrent connections per subnet (defined above by the cidr length)
|
|
|
|
|
connections-per-subnet: 16
|
2016-10-23 15:05:00 +02:00
|
|
|
|
|
|
|
|
# IPs/networks which are exempted from connection limits
|
|
|
|
|
exempted:
|
|
|
|
|
- "127.0.0.1"
|
|
|
|
|
- "127.0.0.1/8"
|
|
|
|
|
- "::1/128"
|
|
|
|
|
|
2017-01-12 08:40:01 +01:00
|
|
|
# automated connection throttling
|
|
|
|
|
connection-throttling:
|
|
|
|
|
# whether to throttle connections or not
|
|
|
|
|
enabled: true
|
|
|
|
|
|
2017-04-30 04:35:07 +02:00
|
|
|
# how wide the cidr should be for IPv4
|
2017-01-12 08:40:01 +01:00
|
|
|
cidr-len-ipv4: 32
|
|
|
|
|
|
|
|
|
|
# how wide the cidr should be for IPv6
|
2017-10-10 23:48:31 +02:00
|
|
|
cidr-len-ipv6: 64
|
2017-01-12 08:40:01 +01:00
|
|
|
|
|
|
|
|
# how long to keep track of connections for
|
|
|
|
|
duration: 10m
|
|
|
|
|
|
|
|
|
|
# maximum number of connections, per subnet, within the given duration
|
2017-10-10 23:48:31 +02:00
|
|
|
max-connections: 32
|
2017-01-12 08:40:01 +01:00
|
|
|
|
|
|
|
|
# how long to ban offenders for, and the message to use
|
|
|
|
|
# after banning them, the number of connections is reset (which lets you use UNDLINE to unban people)
|
|
|
|
|
ban-duration: 10m
|
|
|
|
|
ban-message: You have attempted to connect too many times within a short duration. Wait a while, and you will be able to connect.
|
|
|
|
|
|
|
|
|
|
# IPs/networks which are exempted from connection limits
|
|
|
|
|
exempted:
|
|
|
|
|
- "127.0.0.1"
|
|
|
|
|
- "127.0.0.1/8"
|
|
|
|
|
- "::1/128"
|
|
|
|
|
|
2017-03-06 00:43:52 +01:00
|
|
|
# account options
|
|
|
|
|
accounts:
|
2016-09-05 15:01:40 +02:00
|
|
|
# account registration
|
2017-03-06 00:43:52 +01:00
|
|
|
registration:
|
2016-09-05 15:01:40 +02:00
|
|
|
# can users register new accounts?
|
|
|
|
|
enabled: true
|
|
|
|
|
|
|
|
|
|
# length of time a user has to verify their account before it can be re-registered
|
|
|
|
|
# default is 120 hours, or 5 days
|
|
|
|
|
verify-timeout: "120h"
|
|
|
|
|
|
|
|
|
|
# callbacks to allow
|
|
|
|
|
enabled-callbacks:
|
|
|
|
|
- none # no verification needed, will instantly register successfully
|
2018-02-20 10:20:30 +01:00
|
|
|
|
|
|
|
|
# example configuration for sending verification emails via a local mail relay
|
|
|
|
|
# callbacks:
|
|
|
|
|
# mailto:
|
|
|
|
|
# server: localhost
|
|
|
|
|
# port: 25
|
|
|
|
|
# tls:
|
|
|
|
|
# enabled: false
|
|
|
|
|
# username: ""
|
|
|
|
|
# password: ""
|
|
|
|
|
# sender: "admin@my.network"
|
|
|
|
|
|
2017-09-11 01:16:13 +02:00
|
|
|
# allow multiple account registrations per connection
|
|
|
|
|
# this is for testing purposes and shouldn't be allowed on real networks
|
|
|
|
|
allow-multiple-per-connection: false
|
2016-09-05 15:01:40 +02:00
|
|
|
|
2017-03-06 00:43:52 +01:00
|
|
|
# is account authentication enabled?
|
|
|
|
|
authentication-enabled: true
|
2016-10-23 15:14:13 +02:00
|
|
|
|
2018-02-18 10:46:14 +01:00
|
|
|
# nick-reservation controls how, and whether, nicknames are linked to accounts
|
|
|
|
|
nick-reservation:
|
|
|
|
|
# is there any enforcement of reserved nicknames?
|
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
|
|
# method describes how nickname reservation is handled
|
|
|
|
|
# timeout: let the user change to the registered nickname, give them X seconds
|
|
|
|
|
# to login and then rename them if they haven't done so
|
|
|
|
|
# strict: don't let the user change to the registered nickname unless they're
|
|
|
|
|
# already logged-in using SASL or NickServ
|
|
|
|
|
method: timeout
|
|
|
|
|
|
|
|
|
|
# rename-timeout - this is how long users have 'til they're renamed
|
|
|
|
|
rename-timeout: 30s
|
|
|
|
|
|
|
|
|
|
# rename-prefix - this is the prefix to use when renaming clients (e.g. Guest-AB54U31)
|
|
|
|
|
rename-prefix: Guest-
|
2018-02-11 11:30:40 +01:00
|
|
|
|
2017-03-24 03:52:38 +01:00
|
|
|
# channel options
|
|
|
|
|
channels:
|
2017-09-06 23:34:38 +02:00
|
|
|
# modes that are set when new channels are created
|
|
|
|
|
# +n is no-external-messages and +t is op-only-topic
|
|
|
|
|
# see /QUOTE HELP cmodes for more channel modes
|
|
|
|
|
default-modes: +nt
|
|
|
|
|
|
2017-03-24 03:52:38 +01:00
|
|
|
# channel registration - requires an account
|
|
|
|
|
registration:
|
|
|
|
|
# can users register new channels?
|
|
|
|
|
enabled: true
|
|
|
|
|
|
2016-10-23 02:47:11 +02:00
|
|
|
# operator classes
|
|
|
|
|
oper-classes:
|
|
|
|
|
# local operator
|
|
|
|
|
"local-oper":
|
|
|
|
|
# title shown in WHOIS
|
|
|
|
|
title: Local Operator
|
|
|
|
|
|
|
|
|
|
# capability names
|
|
|
|
|
capabilities:
|
|
|
|
|
- "oper:local_kill"
|
|
|
|
|
- "oper:local_ban"
|
|
|
|
|
- "oper:local_unban"
|
|
|
|
|
|
|
|
|
|
# network operator
|
|
|
|
|
"network-oper":
|
|
|
|
|
# title shown in WHOIS
|
|
|
|
|
title: Network Operator
|
|
|
|
|
|
|
|
|
|
# oper class this extends from
|
|
|
|
|
extends: "local-oper"
|
|
|
|
|
|
|
|
|
|
# capability names
|
|
|
|
|
capabilities:
|
|
|
|
|
- "oper:remote_kill"
|
|
|
|
|
- "oper:remote_ban"
|
|
|
|
|
- "oper:remote_unban"
|
|
|
|
|
|
|
|
|
|
# server admin
|
|
|
|
|
"server-admin":
|
|
|
|
|
# title shown in WHOIS
|
|
|
|
|
title: Server Admin
|
|
|
|
|
|
|
|
|
|
# oper class this extends from
|
|
|
|
|
extends: "local-oper"
|
|
|
|
|
|
|
|
|
|
# capability names
|
|
|
|
|
capabilities:
|
|
|
|
|
- "oper:rehash"
|
|
|
|
|
- "oper:die"
|
2018-02-11 11:30:40 +01:00
|
|
|
- "unregister"
|
2017-01-23 00:36:13 +01:00
|
|
|
- "samode"
|
2016-10-23 02:47:11 +02:00
|
|
|
|
2016-04-12 15:00:09 +02:00
|
|
|
# ircd operators
|
2016-10-23 02:47:11 +02:00
|
|
|
opers:
|
2016-04-12 15:00:09 +02:00
|
|
|
# operator named 'dan'
|
|
|
|
|
dan:
|
2016-10-23 02:47:11 +02:00
|
|
|
# which capabilities this oper has access to
|
|
|
|
|
class: "server-admin"
|
|
|
|
|
|
2016-10-23 03:01:05 +02:00
|
|
|
# custom whois line
|
|
|
|
|
whois-line: is a cool dude
|
|
|
|
|
|
2016-10-23 02:47:11 +02:00
|
|
|
# custom hostname
|
|
|
|
|
vhost: "n"
|
|
|
|
|
|
2017-05-08 01:15:16 +02:00
|
|
|
# modes are the modes to auto-set upon opering-up
|
|
|
|
|
modes: +is acjknoqtux
|
|
|
|
|
|
2016-04-12 15:00:09 +02:00
|
|
|
# password to login with /OPER command
|
2016-04-13 00:55:37 +02:00
|
|
|
# generated using "oragono genpasswd"
|
2016-04-12 15:00:09 +02:00
|
|
|
password: JDJhJDA0JE1vZmwxZC9YTXBhZ3RWT2xBbkNwZnV3R2N6VFUwQUI0RUJRVXRBRHliZVVoa0VYMnlIaGsu
|
2016-08-12 14:20:32 +02:00
|
|
|
|
2017-03-06 04:08:46 +01:00
|
|
|
# logging, takes inspiration from Insp
|
|
|
|
|
logging:
|
|
|
|
|
-
|
|
|
|
|
# how to log these messages
|
|
|
|
|
#
|
|
|
|
|
# file log to given target filename
|
2017-05-01 10:51:37 +02:00
|
|
|
# stdout log to stdout
|
2017-03-06 04:08:46 +01:00
|
|
|
# stderr log to stderr
|
|
|
|
|
method: file stderr
|
|
|
|
|
|
|
|
|
|
# filename to log to, if file method is selected
|
|
|
|
|
filename: ircd.log
|
|
|
|
|
|
|
|
|
|
# type(s) of logs to keep here. you can use - to exclude those types
|
|
|
|
|
#
|
|
|
|
|
# exclusions take precedent over inclusions, so if you exclude a type it will NEVER
|
|
|
|
|
# be logged, even if you explicitly include it
|
|
|
|
|
#
|
|
|
|
|
# useful types include:
|
|
|
|
|
# * everything (usually used with exclusing some types below)
|
|
|
|
|
# accounts account registration and authentication
|
|
|
|
|
# channels channel creation and operations
|
|
|
|
|
# commands command calling and operations
|
|
|
|
|
# opers oper actions, authentication, etc
|
|
|
|
|
# password password hashing and comparing
|
|
|
|
|
# userinput raw lines sent by users
|
|
|
|
|
# useroutput raw lines sent to users
|
2017-03-06 13:11:10 +01:00
|
|
|
type: "* -userinput -useroutput -localconnect -localconnect-ip"
|
2017-03-06 04:08:46 +01:00
|
|
|
|
|
|
|
|
# one of: debug info warn error
|
2017-03-06 13:11:10 +01:00
|
|
|
level: info
|
|
|
|
|
-
|
|
|
|
|
# avoid logging IP addresses to file
|
|
|
|
|
method: stderr
|
|
|
|
|
type: localconnect localconnect-ip
|
|
|
|
|
level: debug
|
2017-03-06 04:08:46 +01:00
|
|
|
|
2017-04-30 04:35:07 +02:00
|
|
|
# debug options
|
|
|
|
|
debug:
|
2017-10-26 10:19:01 +02:00
|
|
|
# when enabled, oragono will attempt to recover from certain kinds of
|
|
|
|
|
# client-triggered runtime errors that would normally crash the server.
|
|
|
|
|
# this makes the server more resilient to DoS, but could result in incorrect
|
|
|
|
|
# behavior. deployments that would prefer to "start from scratch", e.g., by
|
|
|
|
|
# letting the process crash and auto-restarting it with systemd, can set
|
|
|
|
|
# this to false.
|
|
|
|
|
recover-from-errors: true
|
|
|
|
|
|
2017-04-30 04:35:07 +02:00
|
|
|
# enabling StackImpact profiling
|
|
|
|
|
stackimpact:
|
|
|
|
|
# whether to use StackImpact
|
|
|
|
|
enabled: false
|
|
|
|
|
|
|
|
|
|
# the AgentKey to use
|
|
|
|
|
agent-key: examplekeyhere
|
|
|
|
|
|
|
|
|
|
# the app name to report
|
|
|
|
|
app-name: Oragono
|
|
|
|
|
|
2016-09-04 11:25:33 +02:00
|
|
|
# datastore configuration
|
|
|
|
|
datastore:
|
|
|
|
|
# path to the datastore
|
|
|
|
|
path: ircd.db
|
|
|
|
|
|
2018-01-22 08:30:31 +01:00
|
|
|
# languages config
|
|
|
|
|
languages:
|
|
|
|
|
# whether to load languages
|
2018-01-22 08:42:41 +01:00
|
|
|
enabled: false
|
2018-01-22 08:30:31 +01:00
|
|
|
|
|
|
|
|
# default language to use for new clients
|
|
|
|
|
# 'en' is the default English language in the code
|
|
|
|
|
default: en
|
|
|
|
|
|
|
|
|
|
# which directory contains our language files
|
|
|
|
|
path: languages
|
|
|
|
|
|
2016-08-12 14:20:32 +02:00
|
|
|
# limits - these need to be the same across the network
|
|
|
|
|
limits:
|
|
|
|
|
# nicklen is the max nick length allowed
|
|
|
|
|
nicklen: 32
|
|
|
|
|
|
|
|
|
|
# channellen is the max channel length allowed
|
|
|
|
|
channellen: 64
|
2016-08-14 06:07:50 +02:00
|
|
|
|
2016-09-12 04:40:09 +02:00
|
|
|
# awaylen is the maximum length of an away message
|
2016-11-29 09:38:04 +01:00
|
|
|
awaylen: 500
|
2016-09-12 04:40:09 +02:00
|
|
|
|
2016-09-12 04:22:50 +02:00
|
|
|
# kicklen is the maximum length of a kick message
|
2016-11-29 09:38:04 +01:00
|
|
|
kicklen: 1000
|
2016-09-12 04:22:50 +02:00
|
|
|
|
|
|
|
|
# topiclen is the maximum length of a channel topic
|
2016-11-29 09:38:04 +01:00
|
|
|
topiclen: 1000
|
2016-09-12 04:22:50 +02:00
|
|
|
|
2016-10-16 12:14:56 +02:00
|
|
|
# maximum number of monitor entries a client can have
|
|
|
|
|
monitor-entries: 100
|
|
|
|
|
|
2016-08-14 06:07:50 +02:00
|
|
|
# whowas entries to store
|
|
|
|
|
whowas-entries: 100
|
2016-10-23 16:50:18 +02:00
|
|
|
|
|
|
|
|
# maximum length of channel lists (beI modes)
|
|
|
|
|
chan-list-modes: 60
|
2016-11-29 09:38:04 +01:00
|
|
|
|
|
|
|
|
# maximum length of IRC lines
|
2017-01-18 00:46:30 +01:00
|
|
|
# this should generally be 1024-2048, and will only apply when negotiated by clients
|
2017-01-13 15:22:42 +01:00
|
|
|
linelen:
|
|
|
|
|
# tags section
|
|
|
|
|
tags: 2048
|
|
|
|
|
|
|
|
|
|
# rest of the message
|
|
|
|
|
rest: 2048
|
