GitHub/ergo
3
0
Fork 0
mirror of https://github.com/ergochat/ergo.git synced 2024-11-14 07:59:31 +01:00
Code Issues Projects Releases Wiki Activity
c55bc1c37d
ergo/oragono.yaml
Chris Smith 5ede1e6d5a Comment out 6668 bindings in default config 
These are just used as examples, and prevent Oragono from starting
up if the host doesn't have an IPv6 stack (e.g. inside docker
containers).

See oragono/oragono-docker#5
2019-01-31 08:43:48 +00:00

480 lines
16 KiB
YAML
Raw Blame History

# oragono IRCd config
# network configuration
network:
# name of the network
name: OragonoTest
# server configuration
server:
# server name
name: oragono.test
# addresses to listen on
listen:
- ":6667"
- ":6697" # ssl port
# Binding on specific IPs:
# - "127.0.0.1:6668"
# - "[::1]:6668"
# Unix domain socket for proxying:
# - "/tmp/oragono_sock"
# sets the permissions for Unix listen sockets. on a typical Linux system,
# the default is 0775 or 0755, which prevents other users/groups from connecting
# to the socket. With 0777, it behaves like a normal TCP socket
# where anyone can connect.
unix-bind-mode: 0777
# tls listeners
tls-listeners:
# listener on ":6697"
":6697":
key: tls.key
cert: tls.crt
# strict transport security, to get clients to automagically use TLS
sts:
# whether to advertise STS
#
# to stop advertising STS, leave this enabled and set 'duration' below to "0". this will
# advertise to connecting users that the STS policy they have saved is no longer valid
enabled: false
# how long clients should be forced to use TLS for.
# setting this to a too-long time will mean bad things if you later remove your TLS.
# the default duration below is 1 month, 2 days and 5 minutes.
duration: 1mo2d5m
# tls port - you should be listening on this port above
port: 6697
# should clients include this STS policy when they ship their inbuilt preload lists?
preload: false
# use ident protocol to get usernames
check-ident: true
# password to login to the server
# generated using "oragono genpasswd"
#password: ""
# motd filename
# if you change the motd, you should move it to ircd.motd
motd: oragono.motd
# motd formatting codes
# if this is true, the motd is escaped using formatting codes like $c, $b, and $i
motd-formatting: true
# addresses/hostnames the PROXY command can be used from
# this should be restricted to 127.0.0.1/8 and localhost at most
# you should also add these addresses to the connection limits and throttling exemption lists
proxy-allowed-from:
# - localhost
# - "127.0.0.1"
# - "127.0.0.1/8"
# controls the use of the WEBIRC command (by IRC<->web interfaces, bouncers and similar)
webirc:
# one webirc block -- should correspond to one set of gateways
-
# tls fingerprint the gateway must connect with to use this webirc block
fingerprint: 938dd33f4b76dcaf7ce5eb25c852369cb4b8fb47ba22fc235aa29c6623a5f182
# password the gateway uses to connect, made with oragono genpasswd
password: "$2a$04$sLEFDpIOyUp55e6gTMKbOeroT6tMXTjPFvA0eGvwvImVR9pkwv7ee"
# hosts that can use this webirc command
# you should also add these addresses to the connection limits and throttling exemption lists
hosts:
# - localhost
# - "127.0.0.1"
# - "127.0.0.1/8"
# - "0::1"
# allow use of the RESUME extension over plaintext connections:
# do not enable this unless the ircd is only accessible over internal networks
allow-plaintext-resume: false
# maximum length of clients' sendQ in bytes
# this should be big enough to hold /LIST and HELP replies
max-sendq: 16k
# maximum number of connections per subnet
connection-limits:
# whether to enforce connection limits or not
enabled: true
# how wide the cidr should be for IPv4
cidr-len-ipv4: 32
# how wide the cidr should be for IPv6
cidr-len-ipv6: 64
# maximum concurrent connections per subnet (defined above by the cidr length)
connections-per-subnet: 16
# IPs/networks which are exempted from connection limits
exempted:
- "127.0.0.1"
- "127.0.0.1/8"
- "::1/128"
# automated connection throttling
connection-throttling:
# whether to throttle connections or not
enabled: true
# how wide the cidr should be for IPv4
cidr-len-ipv4: 32
# how wide the cidr should be for IPv6
cidr-len-ipv6: 64
# how long to keep track of connections for
duration: 10m
# maximum number of connections, per subnet, within the given duration
max-connections: 32
# how long to ban offenders for, and the message to use
# after banning them, the number of connections is reset (which lets you use UNDLINE to unban people)
ban-duration: 10m
ban-message: You have attempted to connect too many times within a short duration. Wait a while, and you will be able to connect.
# IPs/networks which are exempted from connection limits
exempted:
- "127.0.0.1"
- "127.0.0.1/8"
- "::1/128"
# account options
accounts:
# account registration
registration:
# can users register new accounts?
enabled: true
# this is the bcrypt cost we'll use for account passwords
bcrypt-cost: 12
# length of time a user has to verify their account before it can be re-registered
verify-timeout: "32h"
# callbacks to allow
enabled-callbacks:
- none # no verification needed, will instantly register successfully
# example configuration for sending verification emails via a local mail relay
# callbacks:
# mailto:
# server: localhost
# port: 25
# tls:
# enabled: false
# username: ""
# password: ""
# sender: "admin@my.network"
# is account authentication enabled?
authentication-enabled: true
# throttle account login attempts (to prevent either password guessing, or DoS
# attacks on the server aimed at forcing repeated expensive bcrypt computations)
login-throttling:
enabled: true
# window
duration: 1m
# number of attempts allowed within the window
max-attempts: 3
# some clients (notably Pidgin and Hexchat) offer only a single password field,
# which makes it impossible to specify a separate server password (for the PASS
# command) and SASL password. if this option is set to true, a client that
# successfully authenticates with SASL will not be required to send
# PASS as well, so it can be configured to authenticate with SASL only.
skip-server-password: false
# nick-reservation controls how, and whether, nicknames are linked to accounts
nick-reservation:
# is there any enforcement of reserved nicknames?
enabled: false
# how many nicknames, in addition to the account name, can be reserved?
additional-nick-limit: 2
# method describes how nickname reservation is handled
# already logged-in using SASL or NickServ
# timeout: let the user change to the registered nickname, give them X seconds
# to login and then rename them if they haven't done so
# strict: don't let the user change to the registered nickname unless they're
# already logged-in using SASL or NickServ
# optional: no enforcement by default, but allow users to opt in to
# the enforcement level of their choice
method: timeout
# allow users to set their own nickname enforcement status, e.g.,
# to opt in to strict enforcement
allow-custom-enforcement: true
# rename-timeout - this is how long users have 'til they're renamed
rename-timeout: 30s
# rename-prefix - this is the prefix to use when renaming clients (e.g. Guest-AB54U31)
rename-prefix: Guest-
# vhosts controls the assignment of vhosts (strings displayed in place of the user's
# hostname/IP) by the HostServ service
vhosts:
# are vhosts enabled at all?
enabled: true
# maximum length of a vhost
max-length: 64
# regexp for testing the validity of a vhost
# (make sure any changes you make here are RFC-compliant)
valid-regexp: '^[0-9A-Za-z.\-_/]+$'
# options controlling users requesting vhosts:
user-requests:
# can users request vhosts at all? if this is false, operators with the
# 'vhosts' capability can still assign vhosts manually
enabled: false
# if uncommented, all new vhost requests will be dumped into the given
# channel, so opers can review them as they are sent in. ensure that you
# have registered and restricted the channel appropriately before you
# uncomment this.
#channel: "#vhosts"
# after a user's vhost has been approved or rejected, they need to wait
# this long (starting from the time of their original request)
# before they can request a new one.
cooldown: 168h
# channel options
channels:
# modes that are set when new channels are created
# +n is no-external-messages and +t is op-only-topic
# see /QUOTE HELP cmodes for more channel modes
default-modes: +nt
# channel registration - requires an account
registration:
# can users register new channels?
enabled: true
# operator classes
oper-classes:
# local operator
"local-oper":
# title shown in WHOIS
title: Local Operator
# capability names
capabilities:
- "oper:local_kill"
- "oper:local_ban"
- "oper:local_unban"
- "nofakelag"
# network operator
"network-oper":
# title shown in WHOIS
title: Network Operator
# oper class this extends from
extends: "local-oper"
# capability names
capabilities:
- "oper:remote_kill"
- "oper:remote_ban"
- "oper:remote_unban"
# server admin
"server-admin":
# title shown in WHOIS
title: Server Admin
# oper class this extends from
extends: "local-oper"
# capability names
capabilities:
- "oper:rehash"
- "oper:die"
- "accreg"
- "sajoin"
- "samode"
- "vhosts"
- "chanreg"
# ircd operators
opers:
# operator named 'dan'
dan:
# which capabilities this oper has access to
class: "server-admin"
# custom whois line
whois-line: is a cool dude
# custom hostname
vhost: "n"
# modes are the modes to auto-set upon opering-up
modes: +is acjknoqtux
# password to login with /OPER command
# generated using "oragono genpasswd"
password: "$2a$04$LiytCxaY0lI.guDj2pBN4eLRD5cdM2OLDwqmGAgB6M2OPirbF5Jcu"
# logging, takes inspiration from Insp
logging:
-
# how to log these messages
#
# file log to given target filename
# stdout log to stdout
# stderr log to stderr
method: file stderr
# filename to log to, if file method is selected
filename: ircd.log
# type(s) of logs to keep here. you can use - to exclude those types
#
# exclusions take precedent over inclusions, so if you exclude a type it will NEVER
# be logged, even if you explicitly include it
#
# useful types include:
# * everything (usually used with exclusing some types below)
# accounts account registration and authentication
# channels channel creation and operations
# commands command calling and operations
# opers oper actions, authentication, etc
# password password hashing and comparing
# rehash server startup and rehash events
# userinput raw lines sent by users
# useroutput raw lines sent to users
type: "* -userinput -useroutput -localconnect -localconnect-ip"
# one of: debug info warn error
level: info
-
# avoid logging IP addresses to file
method: stderr
type: localconnect localconnect-ip
level: debug
# debug options
debug:
# when enabled, oragono will attempt to recover from certain kinds of
# client-triggered runtime errors that would normally crash the server.
# this makes the server more resilient to DoS, but could result in incorrect
# behavior. deployments that would prefer to "start from scratch", e.g., by
# letting the process crash and auto-restarting it with systemd, can set
# this to false.
recover-from-errors: true
# optionally expose a pprof http endpoint: https://golang.org/pkg/net/http/pprof/
# it is strongly recommended that you don't expose this on a public interface;
# if you need to access it remotely, you can use an SSH tunnel.
# set to `null`, "", leave blank, or omit to disable
# pprof-listener: "localhost:6060"
# datastore configuration
datastore:
# path to the datastore
path: ircd.db
# if the database schema requires an upgrade, `autoupgrade` will attempt to
# perform it automatically on startup. the database will be backed
# up, and if the upgrade fails, the original database will be restored.
autoupgrade: true
# languages config
languages:
# whether to load languages
enabled: true
# default language to use for new clients
# 'en' is the default English language in the code
default: en
# which directory contains our language files
path: languages
# limits - these need to be the same across the network
limits:
# nicklen is the max nick length allowed
nicklen: 32
# channellen is the max channel length allowed
channellen: 64
# awaylen is the maximum length of an away message
awaylen: 500
# kicklen is the maximum length of a kick message
kicklen: 1000
# topiclen is the maximum length of a channel topic
topiclen: 1000
# maximum number of monitor entries a client can have
monitor-entries: 100
# whowas entries to store
whowas-entries: 100
# maximum length of channel lists (beI modes)
chan-list-modes: 60
# maximum length of IRC lines
# this should generally be 1024-2048, and will only apply when negotiated by clients
linelen:
# tags section
tags: 2048
# rest of the message
rest: 2048
# fakelag: prevents clients from spamming commands too rapidly
fakelag:
# whether to enforce fakelag
enabled: false
# time unit for counting command rates
window: 1s
# clients can send this many commands without fakelag being imposed
burst-limit: 5
# once clients have exceeded their burst allowance, they can send only
# this many commands per `window`:
messages-per-window: 2
# client status resets to the default state if they go this long without
# sending any commands:
cooldown: 2s
# message history tracking, for the RESUME extension and possibly other uses in future
history:
# should we store messages for later playback?
enabled: true
# how many channel-specific events (messages, joins, parts) should be tracked per channel?
channel-length: 256
# how many direct messages and notices should be tracked per user?
client-length: 64
# number of messages to automatically play back on channel join (0 to disable):
autoreplay-on-join: 0
Reference in New Issue View Git Blame Copy Permalink