mirror of
https://github.com/ergochat/ergo.git
synced 2024-12-23 11:12:44 +01:00
8b2f6de3e0
* Add email-based password reset Fixes #734 * rename SETPASS to RESETPASS * review fixes * abuse mitigations * SENDPASS and RESETPASS should both touch the client login throttle * Produce a logline and a sno on SENDPASS (since it actually sends an email) * don't re-retrieve the settings value * add email confirmation for NS SET EMAIL * smtp: if require-tls is disabled, don't validate server cert * review fixes * remove cooldown for NS SET EMAIL If you accidentally set the wrong address, the cooldown would prevent you from fixing your mistake. Since we touch the registration throttle anyway, this shouldn't present more of an abuse concern than registration itself.
952 lines
39 KiB
YAML
952 lines
39 KiB
YAML
# This is the "traditional" or "mainstream" config file for Ergo.
|
|
# It tries to replicate the behavior of other ircds, at the cost of not
|
|
# taking full advantage of Ergo's features. This config is suitable for use
|
|
# in IRCv3 conformance testing.
|
|
|
|
# network configuration
|
|
network:
|
|
# name of the network
|
|
name: ErgoTest
|
|
|
|
# server configuration
|
|
server:
|
|
# server name
|
|
name: ergo.test
|
|
|
|
# addresses to listen on
|
|
listeners:
|
|
# This version of the config provides a public plaintext listener on
|
|
# port 6667 for testing and compatibility with legacy applications.
|
|
# We recommend disabling this listener in a production setting
|
|
# and replacing it with loopback-only listeners (see default.yaml):
|
|
":6667":
|
|
|
|
# The standard SSL/TLS port for IRC is 6697. This will listen on all interfaces:
|
|
":6697":
|
|
# this is a standard TLS configuration with a single certificate;
|
|
# see the manual for instructions on how to configure SNI
|
|
tls:
|
|
cert: fullchain.pem
|
|
key: privkey.pem
|
|
# 'proxy' should typically be false. It's for cloud load balancers that
|
|
# always send a PROXY protocol header ahead of the connection. See the
|
|
# manual ("Reverse proxies") for more details.
|
|
proxy: false
|
|
# optionally set the minimum TLS version (defaults to 1.0):
|
|
# min-tls-version: 1.2
|
|
|
|
# Example of a Unix domain socket for proxying:
|
|
# "/tmp/ergo_sock":
|
|
|
|
# Example of a Tor listener: any connection that comes in on this listener will
|
|
# be considered a Tor connection. It is strongly recommended that this listener
|
|
# *not* be on a public interface --- it should be on 127.0.0.0/8 or unix domain:
|
|
# "/hidden_service_sockets/ergo_tor_sock":
|
|
# tor: true
|
|
|
|
# Example of a WebSocket listener:
|
|
# ":8097":
|
|
# websocket: true
|
|
# tls:
|
|
# cert: fullchain.pem
|
|
# key: privkey.pem
|
|
|
|
# sets the permissions for Unix listen sockets. on a typical Linux system,
|
|
# the default is 0775 or 0755, which prevents other users/groups from connecting
|
|
# to the socket. With 0777, it behaves like a normal TCP socket
|
|
# where anyone can connect.
|
|
unix-bind-mode: 0777
|
|
|
|
# configure the behavior of Tor listeners (ignored if you didn't enable any):
|
|
tor-listeners:
|
|
# if this is true, connections from Tor must authenticate with SASL
|
|
require-sasl: false
|
|
|
|
# what hostname should be displayed for Tor connections?
|
|
vhost: "tor-network.onion"
|
|
|
|
# allow at most this many connections at once (0 for no limit):
|
|
max-connections: 64
|
|
|
|
# connection throttling (limit how many connection attempts are allowed at once):
|
|
throttle-duration: 10m
|
|
# set to 0 to disable throttling:
|
|
max-connections-per-duration: 64
|
|
|
|
# strict transport security, to get clients to automagically use TLS
|
|
sts:
|
|
# whether to advertise STS
|
|
#
|
|
# to stop advertising STS, leave this enabled and set 'duration' below to "0". this will
|
|
# advertise to connecting users that the STS policy they have saved is no longer valid
|
|
enabled: false
|
|
|
|
# how long clients should be forced to use TLS for.
|
|
# setting this to a too-long time will mean bad things if you later remove your TLS.
|
|
# the default duration below is 1 month, 2 days and 5 minutes.
|
|
duration: 1mo2d5m
|
|
|
|
# tls port - you should be listening on this port above
|
|
port: 6697
|
|
|
|
# should clients include this STS policy when they ship their inbuilt preload lists?
|
|
preload: false
|
|
|
|
websockets:
|
|
# Restrict the origin of WebSocket connections by matching the "Origin" HTTP
|
|
# header. This setting causes ergo to reject websocket connections unless
|
|
# they originate from a page on one of the whitelisted websites in this list.
|
|
# This prevents malicious websites from making their visitors connect to your
|
|
# ergo instance without their knowledge. An empty list means there are no
|
|
# restrictions.
|
|
allowed-origins:
|
|
# - "https://ergo.chat"
|
|
# - "https://*.ergo.chat"
|
|
|
|
# casemapping controls what kinds of strings are permitted as identifiers (nicknames,
|
|
# channel names, account names, etc.), and how they are normalized for case.
|
|
# with the recommended default of 'precis', UTF8 identifiers that are "sane"
|
|
# (according to RFC 8265) are allowed, and the server additionally tries to protect
|
|
# against confusable characters ("homoglyph attacks").
|
|
# the other options are 'ascii' (traditional ASCII-only identifiers), and 'permissive',
|
|
# which allows identifiers to contain unusual characters like emoji, but makes users
|
|
# vulnerable to homoglyph attacks. unless you're really confident in your decision,
|
|
# we recommend leaving this value at its default (changing it once the network is
|
|
# already up and running is problematic).
|
|
casemapping: "precis"
|
|
|
|
# enforce-utf8 controls whether the server will preemptively discard non-UTF8
|
|
# messages (since they cannot be relayed to websocket clients), or will allow
|
|
# them and relay them to non-websocket clients (as in traditional IRC).
|
|
enforce-utf8: true
|
|
|
|
# whether to look up user hostnames with reverse DNS. there are 3 possibilities:
|
|
# 1. [enabled here] lookup-hostnames enabled, IP cloaking disabled; users will see each other's hostnames
|
|
# 2. lookup-hostnames disabled, IP cloaking disabled; users will see each other's numeric IPs
|
|
# 3. IP cloaking enabled; users will see cloaked hostnames
|
|
lookup-hostnames: true
|
|
# whether to confirm hostname lookups using "forward-confirmed reverse DNS", i.e., for
|
|
# any hostname returned from reverse DNS, resolve it back to an IP address and reject it
|
|
# unless it matches the connecting IP
|
|
forward-confirm-hostnames: true
|
|
|
|
# use ident protocol to get usernames
|
|
check-ident: true
|
|
|
|
# ignore the supplied user/ident string from the USER command, always setting user/ident
|
|
# to the following literal value; this can potentially reduce confusion and simplify bans.
|
|
# the value must begin with a '~' character. comment out / omit to disable:
|
|
#coerce-ident: '~u'
|
|
|
|
# password to login to the server, generated using `ergo genpasswd`:
|
|
#password: "$2a$04$0123456789abcdef0123456789abcdef0123456789abcdef01234"
|
|
|
|
# motd filename
|
|
# if you change the motd, you should move it to ircd.motd
|
|
motd: ergo.motd
|
|
|
|
# motd formatting codes
|
|
# if this is true, the motd is escaped using formatting codes like $c, $b, and $i
|
|
motd-formatting: true
|
|
|
|
# relaying using the RELAYMSG command
|
|
relaymsg:
|
|
# is relaymsg enabled at all?
|
|
enabled: true
|
|
|
|
# which character(s) are reserved for relayed nicks?
|
|
separators: "/"
|
|
|
|
# can channel operators use RELAYMSG in their channels?
|
|
# our implementation of RELAYMSG makes it safe for chanops to use without the
|
|
# possibility of real users being silently spoofed
|
|
available-to-chanops: true
|
|
|
|
# IPs/CIDRs the PROXY command can be used from
|
|
# This should be restricted to localhost (127.0.0.1/8, ::1/128, and unix sockets).
|
|
# Unless you have a good reason. you should also add these addresses to the
|
|
# connection limits and throttling exemption lists.
|
|
proxy-allowed-from:
|
|
- localhost
|
|
# - "192.168.1.1"
|
|
# - "192.168.10.1/24"
|
|
|
|
# controls the use of the WEBIRC command (by IRC<->web interfaces, bouncers and similar)
|
|
webirc:
|
|
# one webirc block -- should correspond to one set of gateways
|
|
-
|
|
# SHA-256 fingerprint of the TLS certificate the gateway must use to connect
|
|
# (comment this out to use passwords only)
|
|
certfp: "abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789"
|
|
|
|
# password the gateway uses to connect, made with `ergo genpasswd`
|
|
password: "$2a$04$abcdef0123456789abcdef0123456789abcdef0123456789abcde"
|
|
|
|
# IPs/CIDRs that can use this webirc command
|
|
# you should also add these addresses to the connection limits and throttling exemption lists
|
|
hosts:
|
|
- localhost
|
|
# - "192.168.1.1"
|
|
# - "192.168.10.1/24"
|
|
|
|
# allow use of the RESUME extension over plaintext connections:
|
|
# do not enable this unless the ircd is only accessible over internal networks
|
|
allow-plaintext-resume: false
|
|
|
|
# maximum length of clients' sendQ in bytes
|
|
# this should be big enough to hold bursts of channel/direct messages
|
|
max-sendq: 96k
|
|
|
|
# compatibility with legacy clients
|
|
compatibility:
|
|
# many clients require that the final parameter of certain messages be an
|
|
# RFC1459 trailing parameter, i.e., prefixed with :, whether or not this is
|
|
# actually required. this forces Ergo to send those parameters
|
|
# as trailings. this is recommended unless you're testing clients for conformance;
|
|
# defaults to true when unset for that reason.
|
|
force-trailing: true
|
|
|
|
# some clients (ZNC 1.6.x and lower, Pidgin 2.12 and lower) do not
|
|
# respond correctly to SASL messages with the server name as a prefix:
|
|
# https://github.com/znc/znc/issues/1212
|
|
# this works around that bug, allowing them to use SASL.
|
|
send-unprefixed-sasl: true
|
|
|
|
# traditionally, IRC servers will truncate and send messages that are
|
|
# too long to be relayed intact. this behavior can be disabled by setting
|
|
# allow-truncation to false, in which case Ergo will reject the message
|
|
# and return an error to the client. (note that this option defaults to true
|
|
# when unset.)
|
|
allow-truncation: true
|
|
|
|
# IP-based DoS protection
|
|
ip-limits:
|
|
# whether to limit the total number of concurrent connections per IP/CIDR
|
|
count: true
|
|
# maximum concurrent connections per IP/CIDR
|
|
max-concurrent-connections: 16
|
|
|
|
# whether to restrict the rate of new connections per IP/CIDR
|
|
throttle: true
|
|
# how long to keep track of connections for
|
|
window: 10m
|
|
# maximum number of new connections per IP/CIDR within the given duration
|
|
max-connections-per-window: 32
|
|
|
|
# how wide the CIDR should be for IPv4 (a /32 is a fully specified IPv4 address)
|
|
cidr-len-ipv4: 32
|
|
# how wide the CIDR should be for IPv6 (a /64 is the typical prefix assigned
|
|
# by an ISP to an individual customer for their LAN)
|
|
cidr-len-ipv6: 64
|
|
|
|
# IPs/networks which are exempted from connection limits
|
|
exempted:
|
|
- "localhost"
|
|
# - "192.168.1.1"
|
|
# - "2001:0db8::/32"
|
|
|
|
# custom connection limits for certain IPs/networks.
|
|
custom-limits:
|
|
#"irccloud":
|
|
# nets:
|
|
# - "192.184.9.108" # highgate.irccloud.com
|
|
# - "192.184.9.110" # ealing.irccloud.com
|
|
# - "192.184.9.112" # charlton.irccloud.com
|
|
# - "192.184.10.118" # brockwell.irccloud.com
|
|
# - "192.184.10.9" # tooting.irccloud.com
|
|
# - "192.184.8.73" # hathersage.irccloud.com
|
|
# - "192.184.8.103" # stonehaven.irccloud.com
|
|
# - "5.254.36.57" # tinside.irccloud.com
|
|
# - "5.254.36.56/29" # additional ipv4 net
|
|
# - "2001:67c:2f08::/48"
|
|
# - "2a03:5180:f::/64"
|
|
# max-concurrent-connections: 2048
|
|
# max-connections-per-window: 2048
|
|
|
|
# pluggable IP ban mechanism, via subprocess invocation
|
|
# this can be used to check new connections against a DNSBL, for example
|
|
# see the manual for details on how to write an IP ban checking script
|
|
ip-check-script:
|
|
enabled: false
|
|
command: "/usr/local/bin/check-ip-ban"
|
|
# constant list of args to pass to the command; the actual query
|
|
# and result are transmitted over stdin/stdout:
|
|
args: []
|
|
# timeout for process execution, after which we send a SIGTERM:
|
|
timeout: 9s
|
|
# how long after the SIGTERM before we follow up with a SIGKILL:
|
|
kill-timeout: 1s
|
|
# how many scripts are allowed to run at once? 0 for no limit:
|
|
max-concurrency: 64
|
|
|
|
# IP cloaking hides users' IP addresses from other users and from channel admins
|
|
# (but not from server admins), while still allowing channel admins to ban
|
|
# offending IP addresses or networks. In place of hostnames derived from reverse
|
|
# DNS, users see fake domain names like pwbs2ui4377257x8.irc. These names are
|
|
# generated deterministically from the underlying IP address, but if the underlying
|
|
# IP is not already known, it is infeasible to recover it from the cloaked name.
|
|
ip-cloaking:
|
|
# whether to enable IP cloaking
|
|
enabled: false
|
|
|
|
# whether to use these cloak settings (specifically, `netname` and `num-bits`)
|
|
# to produce unique hostnames for always-on clients. you can enable this even if
|
|
# you disabled IP cloaking for normal clients above. if this is disabled,
|
|
# always-on clients will all have an identical hostname (the server name).
|
|
enabled-for-always-on: true
|
|
|
|
# fake TLD at the end of the hostname, e.g., pwbs2ui4377257x8.irc
|
|
# you may want to use your network name here
|
|
netname: "irc"
|
|
|
|
# the cloaked hostname is derived only from the CIDR (most significant bits
|
|
# of the IP address), up to a configurable number of bits. this is the
|
|
# granularity at which bans will take effect for IPv4. Note that changing
|
|
# this value will invalidate any stored bans.
|
|
cidr-len-ipv4: 32
|
|
|
|
# analogous granularity for IPv6
|
|
cidr-len-ipv6: 64
|
|
|
|
# number of bits of hash output to include in the cloaked hostname.
|
|
# more bits means less likelihood of distinct IPs colliding,
|
|
# at the cost of a longer cloaked hostname. if this value is set to 0,
|
|
# all users will receive simply `netname` as their cloaked hostname.
|
|
num-bits: 64
|
|
|
|
# secure-nets identifies IPs and CIDRs which are secure at layer 3,
|
|
# for example, because they are on a trusted internal LAN or a VPN.
|
|
# plaintext connections from these IPs and CIDRs will be considered
|
|
# secure (clients will receive the +Z mode and be allowed to resume
|
|
# or reattach to secure connections). note that loopback IPs are always
|
|
# considered secure:
|
|
secure-nets:
|
|
# - "10.0.0.0/8"
|
|
|
|
# Ergo will write files to disk under certain circumstances, e.g.,
|
|
# CPU profiling or data export. by default, these files will be written
|
|
# to the working directory. set this to customize:
|
|
#output-path: "/home/ergo/out"
|
|
|
|
# the hostname used by "services", e.g., NickServ, defaults to "localhost",
|
|
# e.g., `NickServ!NickServ@localhost`. uncomment this to override:
|
|
#override-services-hostname: "example.network"
|
|
|
|
# in a "closed-loop" system where you control the server and all the clients,
|
|
# you may want to increase the maximum (non-tag) length of an IRC line from
|
|
# the default value of 512. DO NOT change this on a public server:
|
|
# max-line-len: 512
|
|
|
|
# account options
|
|
accounts:
|
|
# is account authentication enabled, i.e., can users log into existing accounts?
|
|
authentication-enabled: true
|
|
|
|
# account registration
|
|
registration:
|
|
# can users register new accounts for themselves? if this is false, operators with
|
|
# the `accreg` capability can still create accounts with `/NICKSERV SAREGISTER`
|
|
enabled: true
|
|
|
|
# can users use the REGISTER command to register before fully connecting?
|
|
allow-before-connect: true
|
|
|
|
# global throttle on new account creation
|
|
throttling:
|
|
enabled: true
|
|
# window
|
|
duration: 10m
|
|
# number of attempts allowed within the window
|
|
max-attempts: 30
|
|
|
|
# this is the bcrypt cost we'll use for account passwords
|
|
# (note that 4 is the lowest value allowed by the bcrypt library)
|
|
bcrypt-cost: 4
|
|
|
|
# length of time a user has to verify their account before it can be re-registered
|
|
verify-timeout: "32h"
|
|
|
|
# options for email verification of account registrations
|
|
email-verification:
|
|
enabled: false
|
|
sender: "admin@my.network"
|
|
require-tls: true
|
|
helo-domain: "my.network" # defaults to server name if unset
|
|
# options to enable DKIM signing of outgoing emails (recommended, but
|
|
# requires creating a DNS entry for the public key):
|
|
# dkim:
|
|
# domain: "my.network"
|
|
# selector: "20200229"
|
|
# key-file: "dkim.pem"
|
|
# to use an MTA/smarthost instead of sending email directly:
|
|
# mta:
|
|
# server: localhost
|
|
# port: 25
|
|
# username: "admin"
|
|
# password: "hunter2"
|
|
blacklist-regexes:
|
|
# - ".*@mailinator.com"
|
|
timeout: 60s
|
|
# email-based password reset:
|
|
password-reset:
|
|
enabled: false
|
|
# time before we allow resending the email
|
|
cooldown: 1h
|
|
# time for which a password reset code is valid
|
|
timeout: 1d
|
|
|
|
# throttle account login attempts (to prevent either password guessing, or DoS
|
|
# attacks on the server aimed at forcing repeated expensive bcrypt computations)
|
|
login-throttling:
|
|
enabled: true
|
|
|
|
# window
|
|
duration: 1m
|
|
|
|
# number of attempts allowed within the window
|
|
max-attempts: 3
|
|
|
|
# some clients (notably Pidgin and Hexchat) offer only a single password field,
|
|
# which makes it impossible to specify a separate server password (for the PASS
|
|
# command) and SASL password. if this option is set to true, a client that
|
|
# successfully authenticates with SASL will not be required to send
|
|
# PASS as well, so it can be configured to authenticate with SASL only.
|
|
skip-server-password: false
|
|
|
|
# enable login to accounts via the PASS command, e.g., PASS account:password
|
|
# this is useful for compatibility with old clients that don't support SASL
|
|
login-via-pass-command: false
|
|
|
|
# require-sasl controls whether clients are required to have accounts
|
|
# (and sign into them using SASL) to connect to the server
|
|
require-sasl:
|
|
# if this is enabled, all clients must authenticate with SASL while connecting.
|
|
# WARNING: for a private server, you MUST set accounts.registration.enabled
|
|
# to false as well, in order to prevent non-administrators from registering
|
|
# accounts.
|
|
enabled: false
|
|
|
|
# IPs/CIDRs which are exempted from the account requirement
|
|
exempted:
|
|
- "localhost"
|
|
# - '10.10.0.0/16'
|
|
|
|
# nick-reservation controls how, and whether, nicknames are linked to accounts
|
|
nick-reservation:
|
|
# is there any enforcement of reserved nicknames?
|
|
enabled: true
|
|
|
|
# how many nicknames, in addition to the account name, can be reserved?
|
|
# (note that additional nicks are unusable under force-nick-equals-account
|
|
# or if the client is always-on)
|
|
additional-nick-limit: 2
|
|
|
|
# method describes how nickname reservation is handled
|
|
# strict: users must already be logged in to their account (via
|
|
# SASL, PASS account:password, or /NickServ IDENTIFY)
|
|
# in order to use their reserved nickname(s)
|
|
# optional: no enforcement by default, but allow users to opt in to
|
|
# the enforcement level of their choice
|
|
method: optional
|
|
|
|
# allow users to set their own nickname enforcement status, e.g.,
|
|
# to opt out of strict enforcement
|
|
allow-custom-enforcement: true
|
|
|
|
# format for guest nicknames:
|
|
# 1. these nicknames cannot be registered or reserved
|
|
# 2. if a client is automatically renamed by the server,
|
|
# this is the template that will be used (e.g., Guest-nccj6rgmt97cg)
|
|
# 3. if enforce-guest-format (see below) is enabled, clients without
|
|
# a registered account will have this template applied to their
|
|
# nicknames (e.g., 'katie' will become 'Guest-katie')
|
|
guest-nickname-format: "Guest-*"
|
|
|
|
# when enabled, forces users not logged into an account to use
|
|
# a nickname matching the guest template. a caveat: this may prevent
|
|
# users from choosing nicknames in scripts different from the guest
|
|
# nickname format.
|
|
force-guest-format: false
|
|
|
|
# when enabled, forces users logged into an account to use the
|
|
# account name as their nickname. when combined with strict nickname
|
|
# enforcement, this lets users treat nicknames and account names
|
|
# as equivalent for the purpose of ban/invite/exception lists.
|
|
force-nick-equals-account: false
|
|
|
|
# parallel setting to force-nick-equals-account: if true, this forbids
|
|
# anonymous users (i.e., users not logged into an account) to change their
|
|
# nickname after the initial connection is complete
|
|
forbid-anonymous-nick-changes: false
|
|
|
|
# multiclient controls whether Ergo allows multiple connections to
|
|
# attach to the same client/nickname identity; this is part of the
|
|
# functionality traditionally provided by a bouncer like ZNC
|
|
multiclient:
|
|
# when disabled, each connection must use a separate nickname (as is the
|
|
# typical behavior of IRC servers). when enabled, a new connection that
|
|
# has authenticated with SASL can associate itself with an existing
|
|
# client
|
|
enabled: true
|
|
|
|
# if this is disabled, clients have to opt in to bouncer functionality
|
|
# using nickserv or the cap system. if it's enabled, they can opt out
|
|
# via nickserv
|
|
allowed-by-default: false
|
|
|
|
# whether to allow clients that remain on the server even
|
|
# when they have no active connections. The possible values are:
|
|
# "disabled", "opt-in", "opt-out", or "mandatory".
|
|
always-on: "disabled"
|
|
|
|
# whether to mark always-on clients away when they have no active connections:
|
|
auto-away: "opt-in"
|
|
|
|
# QUIT always-on clients from the server if they go this long without connecting
|
|
# (use 0 or omit for no expiration):
|
|
#always-on-expiration: 90d
|
|
|
|
# vhosts controls the assignment of vhosts (strings displayed in place of the user's
|
|
# hostname/IP) by the HostServ service
|
|
vhosts:
|
|
# are vhosts enabled at all?
|
|
enabled: true
|
|
|
|
# maximum length of a vhost
|
|
max-length: 64
|
|
|
|
# regexp for testing the validity of a vhost
|
|
# (make sure any changes you make here are RFC-compliant)
|
|
valid-regexp: '^[0-9A-Za-z.\-_/]+$'
|
|
|
|
# modes that are set by default when a user connects
|
|
# if unset, no user modes will be set by default
|
|
# +i is invisible (a user's channels are hidden from whois replies)
|
|
# see /QUOTE HELP umodes for more user modes
|
|
# default-user-modes: +i
|
|
|
|
# pluggable authentication mechanism, via subprocess invocation
|
|
# see the manual for details on how to write an authentication plugin script
|
|
auth-script:
|
|
enabled: false
|
|
command: "/usr/local/bin/authenticate-irc-user"
|
|
# constant list of args to pass to the command; the actual authentication
|
|
# data is transmitted over stdin/stdout:
|
|
args: []
|
|
# should we automatically create users if the plugin returns success?
|
|
autocreate: true
|
|
# timeout for process execution, after which we send a SIGTERM:
|
|
timeout: 9s
|
|
# how long after the SIGTERM before we follow up with a SIGKILL:
|
|
kill-timeout: 1s
|
|
# how many scripts are allowed to run at once? 0 for no limit:
|
|
max-concurrency: 64
|
|
|
|
# channel options
|
|
channels:
|
|
# modes that are set when new channels are created
|
|
# +n is no-external-messages and +t is op-only-topic
|
|
# see /QUOTE HELP cmodes for more channel modes
|
|
default-modes: +nt
|
|
|
|
# how many channels can a client be in at once?
|
|
max-channels-per-client: 100
|
|
|
|
# if this is true, new channels can only be created by operators with the
|
|
# `chanreg` operator capability
|
|
operator-only-creation: false
|
|
|
|
# channel registration - requires an account
|
|
registration:
|
|
# can users register new channels?
|
|
enabled: true
|
|
|
|
# restrict new channel registrations to operators only?
|
|
# (operators can then transfer channels to regular users using /CS TRANSFER)
|
|
operator-only: false
|
|
|
|
# how many channels can each account register?
|
|
max-channels-per-account: 15
|
|
|
|
# as a crude countermeasure against spambots, anonymous connections younger
|
|
# than this value will get an empty response to /LIST (a time period of 0 disables)
|
|
list-delay: 0s
|
|
|
|
# INVITE to an invite-only channel expires after this amount of time
|
|
# (0 or omit for no expiration):
|
|
invite-expiration: 24h
|
|
|
|
# operator classes
|
|
oper-classes:
|
|
# chat moderator: can ban/unban users from the server, join channels,
|
|
# fix mode issues and sort out vhosts.
|
|
"chat-moderator":
|
|
# title shown in WHOIS
|
|
title: Chat Moderator
|
|
|
|
# capability names
|
|
capabilities:
|
|
- "kill"
|
|
- "ban"
|
|
- "nofakelag"
|
|
- "roleplay"
|
|
- "relaymsg"
|
|
- "vhosts"
|
|
- "sajoin"
|
|
- "samode"
|
|
- "snomasks"
|
|
|
|
# server admin: has full control of the ircd, including nickname and
|
|
# channel registrations
|
|
"server-admin":
|
|
# title shown in WHOIS
|
|
title: Server Admin
|
|
|
|
# oper class this extends from
|
|
extends: "chat-moderator"
|
|
|
|
# capability names
|
|
capabilities:
|
|
- "rehash"
|
|
- "accreg"
|
|
- "chanreg"
|
|
- "history"
|
|
- "defcon"
|
|
- "massmessage"
|
|
|
|
# ircd operators
|
|
opers:
|
|
# default operator named 'admin'; log in with /OPER admin <password>
|
|
admin:
|
|
# which capabilities this oper has access to
|
|
class: "server-admin"
|
|
|
|
# custom whois line
|
|
whois-line: is the server administrator
|
|
|
|
# custom hostname
|
|
vhost: "staff"
|
|
|
|
# normally, operator status is visible to unprivileged users in WHO and WHOIS
|
|
# responses. this can be disabled with 'hidden'. ('hidden' also causes the
|
|
# 'vhost' line above to be ignored.)
|
|
hidden: false
|
|
|
|
# modes are modes to auto-set upon opering-up. uncomment this to automatically
|
|
# enable snomasks ("server notification masks" that alert you to server events;
|
|
# see `/quote help snomasks` while opered-up for more information):
|
|
#modes: +is acdjknoqtuxv
|
|
|
|
# operators can be authenticated either by password (with the /OPER command),
|
|
# or by certificate fingerprint, or both. if a password hash is set, then a
|
|
# password is required to oper up (e.g., /OPER dan mypassword). to generate
|
|
# the hash, use `ergo genpasswd`.
|
|
password: "$2a$04$0123456789abcdef0123456789abcdef0123456789abcdef01234"
|
|
|
|
# if a SHA-256 certificate fingerprint is configured here, then it will be
|
|
# required to /OPER. if you comment out the password hash above, then you can
|
|
# /OPER without a password.
|
|
#certfp: "abcdef0123456789abcdef0123456789abcdef0123456789abcdef0123456789"
|
|
# if 'auto' is set (and no password hash is set), operator permissions will be
|
|
# granted automatically as soon as you connect with the right fingerprint.
|
|
#auto: true
|
|
|
|
# example of a moderator named 'alice'
|
|
# (log in with /OPER alice <password>):
|
|
#alice:
|
|
# class: "chat-moderator"
|
|
# whois-line: "can help with moderation issues!"
|
|
# password: "$2a$04$0123456789abcdef0123456789abcdef0123456789abcdef01234"
|
|
|
|
# logging, takes inspiration from Insp
|
|
logging:
|
|
-
|
|
# how to log these messages
|
|
#
|
|
# file log to a file
|
|
# stdout log to stdout
|
|
# stderr log to stderr
|
|
# (you can specify multiple methods, e.g., to log to both stderr and a file)
|
|
method: stderr
|
|
|
|
# filename to log to, if file method is selected
|
|
# filename: ircd.log
|
|
|
|
# type(s) of logs to keep here. you can use - to exclude those types
|
|
#
|
|
# exclusions take precedent over inclusions, so if you exclude a type it will NEVER
|
|
# be logged, even if you explicitly include it
|
|
#
|
|
# useful types include:
|
|
# * everything (usually used with exclusing some types below)
|
|
# server server startup, rehash, and shutdown events
|
|
# accounts account registration and authentication
|
|
# channels channel creation and operations
|
|
# opers oper actions, authentication, etc
|
|
# services actions related to NickServ, ChanServ, etc.
|
|
# internal unexpected runtime behavior, including potential bugs
|
|
# userinput raw lines sent by users
|
|
# useroutput raw lines sent to users
|
|
type: "* -userinput -useroutput"
|
|
|
|
# one of: debug info warn error
|
|
level: info
|
|
#-
|
|
# # example of a file log that avoids logging IP addresses
|
|
# method: file
|
|
# filename: ircd.log
|
|
# type: "* -userinput -useroutput -connect-ip"
|
|
# level: debug
|
|
|
|
# debug options
|
|
debug:
|
|
# when enabled, Ergo will attempt to recover from certain kinds of
|
|
# client-triggered runtime errors that would normally crash the server.
|
|
# this makes the server more resilient to DoS, but could result in incorrect
|
|
# behavior. deployments that would prefer to "start from scratch", e.g., by
|
|
# letting the process crash and auto-restarting it with systemd, can set
|
|
# this to false.
|
|
recover-from-errors: true
|
|
|
|
# optionally expose a pprof http endpoint: https://golang.org/pkg/net/http/pprof/
|
|
# it is strongly recommended that you don't expose this on a public interface;
|
|
# if you need to access it remotely, you can use an SSH tunnel.
|
|
# set to `null`, "", leave blank, or omit to disable
|
|
# pprof-listener: "localhost:6060"
|
|
|
|
# datastore configuration
|
|
datastore:
|
|
# path to the datastore
|
|
path: ircd.db
|
|
|
|
# if the database schema requires an upgrade, `autoupgrade` will attempt to
|
|
# perform it automatically on startup. the database will be backed
|
|
# up, and if the upgrade fails, the original database will be restored.
|
|
autoupgrade: true
|
|
|
|
# connection information for MySQL (currently only used for persistent history):
|
|
mysql:
|
|
enabled: false
|
|
host: "localhost"
|
|
port: 3306
|
|
# if socket-path is set, it will be used instead of host:port
|
|
#socket-path: "/var/run/mysqld/mysqld.sock"
|
|
user: "ergo"
|
|
password: "hunter2"
|
|
history-database: "ergo_history"
|
|
timeout: 3s
|
|
max-conns: 4
|
|
# this may be necessary to prevent middleware from closing your connections:
|
|
#conn-max-lifetime: 180s
|
|
|
|
# languages config
|
|
languages:
|
|
# whether to load languages
|
|
enabled: true
|
|
|
|
# default language to use for new clients
|
|
# 'en' is the default English language in the code
|
|
default: en
|
|
|
|
# which directory contains our language files
|
|
path: languages
|
|
|
|
# limits - these need to be the same across the network
|
|
limits:
|
|
# nicklen is the max nick length allowed
|
|
nicklen: 32
|
|
|
|
# identlen is the max ident length allowed
|
|
identlen: 20
|
|
|
|
# channellen is the max channel length allowed
|
|
channellen: 64
|
|
|
|
# awaylen is the maximum length of an away message
|
|
awaylen: 390
|
|
|
|
# kicklen is the maximum length of a kick message
|
|
kicklen: 390
|
|
|
|
# topiclen is the maximum length of a channel topic
|
|
topiclen: 390
|
|
|
|
# maximum number of monitor entries a client can have
|
|
monitor-entries: 100
|
|
|
|
# whowas entries to store
|
|
whowas-entries: 100
|
|
|
|
# maximum length of channel lists (beI modes)
|
|
chan-list-modes: 60
|
|
|
|
# maximum number of messages to accept during registration (prevents
|
|
# DoS / resource exhaustion attacks):
|
|
registration-messages: 1024
|
|
|
|
# message length limits for the new multiline cap
|
|
multiline:
|
|
max-bytes: 4096 # 0 means disabled
|
|
max-lines: 100 # 0 means no limit
|
|
|
|
# fakelag: prevents clients from spamming commands too rapidly
|
|
fakelag:
|
|
# whether to enforce fakelag
|
|
enabled: true
|
|
|
|
# time unit for counting command rates
|
|
window: 1s
|
|
|
|
# clients can send this many commands without fakelag being imposed
|
|
burst-limit: 5
|
|
|
|
# once clients have exceeded their burst allowance, they can send only
|
|
# this many commands per `window`:
|
|
messages-per-window: 2
|
|
|
|
# client status resets to the default state if they go this long without
|
|
# sending any commands:
|
|
cooldown: 2s
|
|
|
|
# the roleplay commands are semi-standardized extensions to IRC that allow
|
|
# sending and receiving messages from pseudo-nicknames. this can be used either
|
|
# for actual roleplaying, or for bridging IRC with other protocols.
|
|
roleplay:
|
|
# are roleplay commands enabled at all? (channels and clients still have to
|
|
# opt in individually with the +E mode)
|
|
enabled: false
|
|
|
|
# require the "roleplay" oper capability to send roleplay messages?
|
|
require-oper: false
|
|
|
|
# require channel operator permissions to send roleplay messages?
|
|
require-chanops: false
|
|
|
|
# add the real nickname, in parentheses, to the end of every roleplay message?
|
|
add-suffix: true
|
|
|
|
# external services can integrate with the ircd using JSON Web Tokens (https://jwt.io).
|
|
# in effect, the server can sign a token attesting that the client is present on
|
|
# the server, is a member of a particular channel, etc.
|
|
extjwt:
|
|
# # default service config (for `EXTJWT #channel`).
|
|
# # expiration time for the token:
|
|
# expiration: 45s
|
|
# # you can configure tokens to be signed either with HMAC and a symmetric secret:
|
|
# secret: "65PHvk0K1_sM-raTsCEhatVkER_QD8a0zVV8gG2EWcI"
|
|
# # or with an RSA private key:
|
|
# #rsa-private-key-file: "extjwt.pem"
|
|
|
|
# # named services (for `EXTJWT #channel service_name`):
|
|
# services:
|
|
# "jitsi":
|
|
# expiration: 30s
|
|
# secret: "qmamLKDuOzIzlO8XqsGGewei_At11lewh6jtKfSTbkg"
|
|
|
|
# history message storage: this is used by CHATHISTORY, HISTORY, znc.in/playback,
|
|
# various autoreplay features, and the resume extension
|
|
history:
|
|
# should we store messages for later playback?
|
|
# by default, messages are stored in RAM only; they do not persist
|
|
# across server restarts. however, you may want to understand how message
|
|
# history interacts with the GDPR and/or any data privacy laws that apply
|
|
# in your country and the countries of your users.
|
|
enabled: true
|
|
|
|
# how many channel-specific events (messages, joins, parts) should be tracked per channel?
|
|
channel-length: 2048
|
|
|
|
# how many direct messages and notices should be tracked per user?
|
|
client-length: 256
|
|
|
|
# how long should we try to preserve messages?
|
|
# if `autoresize-window` is 0, the in-memory message buffers are preallocated to
|
|
# their maximum length. if it is nonzero, the buffers are initially small and
|
|
# are dynamically expanded up to the maximum length. if the buffer is full
|
|
# and the oldest message is older than `autoresize-window`, then it will overwrite
|
|
# the oldest message rather than resize; otherwise, it will expand if possible.
|
|
autoresize-window: 3d
|
|
|
|
# number of messages to automatically play back on channel join (0 to disable):
|
|
autoreplay-on-join: 0
|
|
|
|
# maximum number of CHATHISTORY messages that can be
|
|
# requested at once (0 disables support for CHATHISTORY)
|
|
chathistory-maxmessages: 100
|
|
|
|
# maximum number of messages that can be replayed at once during znc emulation
|
|
# (znc.in/playback, or automatic replay on initial reattach to a persistent client):
|
|
znc-maxmessages: 2048
|
|
|
|
# options to delete old messages, or prevent them from being retrieved
|
|
restrictions:
|
|
# if this is set, messages older than this cannot be retrieved by anyone
|
|
# (and will eventually be deleted from persistent storage, if that's enabled)
|
|
expire-time: 1w
|
|
|
|
# this restricts access to channel history (it can be overridden by channel
|
|
# owners). options are: 'none' (no restrictions), 'registration-time'
|
|
# (logged-in users cannot retrieve messages older than their account
|
|
# registration date, and anonymous users cannot retrieve messages older than
|
|
# their sign-on time, modulo the grace-period described below), and
|
|
# 'join-time' (users cannot retrieve messages older than the time they
|
|
# joined the channel, so only always-on clients can view history).
|
|
query-cutoff: 'none'
|
|
|
|
# if query-cutoff is set to 'registration-time', this allows retrieval
|
|
# of messages that are up to 'grace-period' older than the above cutoff.
|
|
# if you use 'registration-time', this is recommended to allow logged-out
|
|
# users to query history after disconnections.
|
|
grace-period: 1h
|
|
|
|
# options to store history messages in a persistent database (currently only MySQL).
|
|
# in order to enable any of this functionality, you must configure a MySQL server
|
|
# in the `datastore.mysql` section.
|
|
persistent:
|
|
enabled: false
|
|
|
|
# store unregistered channel messages in the persistent database?
|
|
unregistered-channels: false
|
|
|
|
# for a registered channel, the channel owner can potentially customize
|
|
# the history storage setting. as the server operator, your options are
|
|
# 'disabled' (no persistent storage, regardless of per-channel setting),
|
|
# 'opt-in', 'opt-out', and 'mandatory' (force persistent storage, ignoring
|
|
# per-channel setting):
|
|
registered-channels: "opt-out"
|
|
|
|
# direct messages are only stored in the database for logged-in clients;
|
|
# you can control how they are stored here (same options as above).
|
|
# if you enable this, strict nickname reservation is strongly recommended
|
|
# as well.
|
|
direct-messages: "opt-out"
|
|
|
|
# options to control how messages are stored and deleted:
|
|
retention:
|
|
# allow users to delete their own messages from history?
|
|
allow-individual-delete: false
|
|
|
|
# if persistent history is enabled, create additional index tables,
|
|
# allowing deletion of JSON export of an account's messages. this
|
|
# may be needed for compliance with data privacy regulations.
|
|
enable-account-indexing: false
|
|
|
|
# options to control storage of TAGMSG
|
|
tagmsg-storage:
|
|
# by default, should TAGMSG be stored?
|
|
default: false
|
|
|
|
# if `default` is false, store TAGMSG containing any of these tags:
|
|
whitelist:
|
|
- "+draft/react"
|
|
- "react"
|
|
|
|
# if `default` is true, don't store TAGMSG containing any of these tags:
|
|
#blacklist:
|
|
# - "+draft/typing"
|
|
# - "typing"
|
|
|
|
# whether to allow customization of the config at runtime using environment variables,
|
|
# e.g., ERGO__SERVER__MAX_SENDQ=128k. see the manual for more details.
|
|
allow-environment-overrides: true
|