roles/server/irc-services/files

[root/pub/somesible.git] / roles / server / irc-services / files / default / operserv.conf

#
################################################
### Managed by someone's ansible provisioner ###
################################################
# Part of: https://git.somenet.org/root/pub/somesible.git
# 2017-2025 by someone <someone@somenet.org>
#

/*
 * First, create the service.
 */
service
{
        /*
         * The name of the OperServ client.
         * If you change this value, you probably want to change the client directive in the configuration for the operserv module too.
         */
        nick = "OperServ"

        /*
         * The username of the OperServ client.
         */
        user = "services"

        /*
         * The hostname of the OperServ client.
         */
        host = "services.host"

        /*
         * The realname of the OperServ client.
         */
        gecos = "Operator Service"

        /*
         * The modes this client should use.
         * Do not modify this unless you know what you are doing.
         *
         * These modes are very IRCd specific. If left commented, sane defaults
         * are used based on what protocol module you have loaded.
         *
         * Note that setting this option incorrectly could potentially BREAK some, if
         * not all, usefulness of the client. We will not support you if this client is
         * unable to do certain things if this option is enabled.
         */
        #modes = "+o"

        /*
         * An optional comma separated list of channels this service should join. Outside
         * of log channels this is not very useful, as the service will just idle in the
         * specified channels, and will not accept any types of commands.
         *
         * Prefixes may be given to the channels in the form of mode characters or prefix symbols.
         */
        #channels = "@#services,#mychan"
}

/*
 * Core OperServ module.
 *
 * Provides essential functionality for OperServ.
 */
module
{
        name = "operserv"

        /*
         * The name of the client that should be OperServ.
         */
        client = "OperServ"

        /*
         * These define the default expiration times for, respectively, AKILLs, CHANKILLs, SNLINEs,
         * and SQLINEs.
         */
        autokillexpiry = 30d
        chankillexpiry = 30d
        snlineexpiry = 30d
        sqlineexpiry = 30d

        /*
         * If set, this option will make Services send an AKILL command immediately after it has been
         * added with AKILL ADD. This eliminates the need for killing the user after the AKILL has
         * been added.
         *
         * This directive is optional, but recommended.
         */
        akillonadd = yes

        /*
         * If set, this option will make Services send an (SVS)KILL command immediately after SNLINE ADD.
         * This eliminates the need for killing the user after the SNLINE has been added.
         *
         * This directive is optional.
         */
        killonsnline = yes

        /*
         * If set, this option will make Services send an (SVS)KILL command immediately after SQLINE ADD.
         * This eliminates the need for killing the user after the SQLINE has been added.
         *
         * This directive is optional.
         */
        killonsqline = yes

        /*
         * Adds the nickname of the IRC Operator issuing an AKILL to the kill reason.
         *
         * This directive is optional.
         */
        addakiller = yes

        /*
         * Adds akill IDs to akills. Akill IDs are given to users in their ban reason and can be used to easily view,
         * modify, or remove an akill from the ID.
         */
        akillids = yes

        /*
         * If set, only IRC Operators will be permitted to use OperServ, regardless of command access restrictions.
         *
         * This directive is optional, but recommended.
         */
        opersonly = yes
}

/*
 * Core OperServ commands.
 *
 * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
 * are loaded you can then configure the commands to be added to any client you like with any name you like.
 *
 * Additionally, you may provide a permission name that must be in the opertype of users executing the command.
 *
 * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
 */

/* Give it a help command. */
command { service = "OperServ"; name = "HELP"; command = "generic/help"; }

/*
 * os_akill
 *
 * Provides the command operserv/akill.
 *
 * Used to ban users from the network.
 */
module { name = "os_akill" }
command { service = "OperServ"; name = "AKILL"; command = "operserv/akill"; permission = "operserv/akill"; }

/*
 * os_chankill
 *
 * Provides the command operserv/chankill.
 *
 * Used to akill users from an entire channel.
 */
module { name = "os_chankill" }
command { service = "OperServ"; name = "CHANKILL"; command = "operserv/chankill"; permission = "operserv/chankill"; }

/*
 * os_defcon
 *
 * Provides the command operserv/defcon.
 *
 * Allows you to set services in DefCon mode, which can be used to restrict services access
 * during bot attacks.
 */
#module
{
        name = "os_defcon"

        /*
         * Default DefCon level (1-5) to use when starting Services up. Level 5 constitutes normal operation
         * while level 1 constitutes the most restrictive operation. If this setting is left out or set to
         * 0, DefCon will be disabled and the rest of this block will be ignored.
         */
        #defaultlevel = 5

        /*
         * The following 4 directives define what operations will take place when DefCon is set to levels
         * 1 through 4. Each level is a list that must be separated by spaces.
         *
         * The following operations can be defined at each level:
         * - nonewchannels: Disables registering new channels
         * - nonewnicks: Disables registering new nicks
         * - nomlockchanges: Disables changing MLOCK on registered channels
         * - forcechanmodes: Forces all channels to have the modes given in the later chanmodes directive
         * - reducedsessions: Reduces the session limit to the value given in the later sessionlimit directive
         * - nonewclients: KILL any new clients trying to connect
         * - operonly: Services will ignore all non-IRCops
         * - silentoperonly: Services will silently ignore all non-IRCops
         * - akillnewclients: AKILL any new clients trying to connect
         * - nonewmemos: No new memos will be sent to block MemoServ attacks
         */
        level4 = "nonewchannels nonewnicks nomlockchanges reducedsessions"
        level3 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions"
        level2 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions silentoperonly"
        level1 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions silentoperonly akillnewclients"

        /*
         * New session limit to use when a DefCon level is using "reduced" session limiting.
         */
        #sessionlimit = 2

        /*
         * Length of time to add an AKILL for when DefCon is preventing new clients from connecting to the
         * network.
         */
        #akillexpire = 5m

        /*
         * The channel modes to set on all channels when the DefCon channel mode system is in use.
         *
         * Note 1: Choose these modes carefully, because when DefCon switches to a level which does NOT have
         * the mode setting selected, Services will set the reverse on all channels, e.g. if this setting
         * is +RN when DefCon is used, all channels will be set to +RN, when DefCon is removed, all
         * channels will be set to -RN. You don't want to set this to +k for example, because when DefCon
         * is removed, all channels are set -k, removing the key from previously keyed channels.
         *
         * Note 2: MLOCKed modes will not be lost.
         */
        #chanmodes = "+R"

        /*
         * This value can be used to automatically return the network to DefCon level 5 after the specified
         * time period, just in case any IRC Operator forgets to remove a DefCon setting.
         *
         * This directive is optional.
         */
        #timeout = 15m

        /*
         * If set, Services will send a global message on DefCon level changes.
         *
         * This directive is optional.
         */
        #globalondefcon = yes

        /*
         * If set, Services will send the global message defined in the message directive on DefCon level
         * changes.
         *
         * This directive is optional.
         */
        #globalondefconmore = yes

        /*
         * Defines the message that will be sent on DefCon level changes when globalondefconmore is set.
         *
         * This directive is required only when globalondefconmore is set.
         */
        #message = "Put your message to send your users here. Don't forget to uncomment globalondefconmore"

        /*
         * Defines the message that will be sent when DefCon is returned to level 5. This directive is optional,
         * and will also override globalondefcon and globalondefconmore when set.
         */
        #offmessage = "Services are now back to normal, sorry for any inconvenience"

        /*
         * Defines the reason to use when clients are KILLed or AKILLed from the network while the proper
         * DefCon operation is in effect.
         */
        #akillreason = "This network is currently not accepting connections, please try again later."
}
#command { service = "OperServ"; name = "DEFCON"; command = "operserv/defcon"; permission = "operserv/defcon"; }

/*
 * os_dns
 *
 * Provides the command operserv/dns.
 *
 * This module requires that m_dns is loaded.
 *
 * This module allows controlling a DNS zone. This is useful for
 * controlling what servers users are placed on for load balancing,
 * and to automatically remove split servers.
 *
 * To use this module you must set a nameserver record for services
 * so that DNS queries go to services.
 *
 * Alternatively, you may use a slave DNS server to hide service's IP,
 * provide query caching, and provide better fault tolerance.
 *
 * To do this using BIND, configure similar to:
 *
 * options { max-refresh-time 60; };
 * zone "irc.example.com" IN {
 *   type slave;
 *   masters { 127.0.0.1 port 5353; };
 * };
 *
 * Where 127.0.0.1:5353 is the IP and port services are listening on.
 * We recommend you externally firewall both UDP and TCP to the port
 * Anope is listening on.
 *
 * Finally set a NS record for irc.example.com. to BIND or services.
 */
#module
{
        name = "os_dns"

        /* TTL for records. This should be very low if your records change often. */
        ttl = 1m

        /* If a server drops this many users the server is automatically removed from the DNS zone.
         * This directive is optional.
         */
        user_drop_mark = 50

        /* The time used for user_drop_mark. */
        user_drop_time = 1m

        /* When a server is removed from the zone for dropping users, it is readded after this time.
         * This directive is optional.
         */
        user_drop_readd_time = 5m

        /* If set, when a server splits, it is automatically removed from the zone. */
        remove_split_servers = yes

        /* If set, when a server connects to the network, it will be automatically added to
         * the zone if it is a known server.
         */
        readd_connected_servers = no
}
#command { service = "OperServ"; name = "DNS"; command = "operserv/dns"; permission = "operserv/dns"; }

/*
 * os_config
 *
 * Provides the command operserv/config.
 *
 * Used to view and set configuration options while services are running.
 */
module { name = "os_config" }
command { service = "OperServ"; name = "CONFIG"; command = "operserv/config"; permission = "operserv/config"; }

/*
 * os_forbid
 *
 * Provides the command operserv/forbid.
 *
 * Used to forbid specific nicks, channels, emails, etc. from being used.
 */
module { name = "os_forbid" }
command { service = "OperServ"; name = "FORBID"; command = "operserv/forbid"; permission = "operserv/forbid"; }

/*
 * os_ignore
 *
 * Provides the command operserv/ignore.
 *
 * Used to make Services ignore users.
 */
module { name = "os_ignore" }
command { service = "OperServ"; name = "IGNORE"; command = "operserv/ignore"; permission = "operserv/ignore"; }

/*
 * os_info
 *
 * Provides the command operserv/info.
 *
 * Used to add oper only notes to users and channels.
 */
module { name = "os_info" }
command { service = "OperServ"; name = "INFO"; command = "operserv/info"; permission = "operserv/info"; }

/*
 * os_jupe
 *
 * Provides the command operserv/jupe.
 *
 * Used to disconnect servers from the network and prevent them from relinking.
 */
module { name = "os_jupe" }
command { service = "OperServ"; name = "JUPE"; command = "operserv/jupe"; permission = "operserv/jupe"; }

/*
 * os_kick
 *
 * Provides the command operserv/kick.
 *
 * Used to kick users from channels.
 */
module { name = "os_kick" }
command { service = "OperServ"; name = "KICK"; command = "operserv/kick"; permission = "operserv/kick"; }

/*
 * os_kill
 *
 * Provides the command operserv/kill.
 *
 * Used to forcibly disconnect users from the network.
 */
module { name = "os_kill" }
command { service = "OperServ"; name = "KILL"; command = "operserv/kill"; permission = "operserv/kill"; }

/*
 * os_list
 *
 * Provides the commands operserv/chanlist and operserv/userlist.
 *
 * Used to list and search the channels and users currently on the network.
 */
module { name = "os_list" }
command { service = "OperServ"; name = "CHANLIST"; command = "operserv/chanlist"; permission = "operserv/chanlist"; }
command { service = "OperServ"; name = "USERLIST"; command = "operserv/userlist"; permission = "operserv/userlist"; }

/*
 * os_login
 *
 * Provides the commands operserv/login and operserv/logout.
 *
 * Used to login to OperServ, only required if your oper block requires this.
 */
module { name = "os_login" }
command { service = "OperServ"; name = "LOGIN"; command = "operserv/login"; }
command { service = "OperServ"; name = "LOGOUT"; command = "operserv/logout"; }

/*
 * os_logsearch
 *
 * Provides the command operserv/logsearch.
 *
 * Used to search services log files.
 */
module
{
        name = "os_logsearch"

        /* The log file name to search. There should be a log{} block configured to log
         * to a file of this name.
         */
        logname = "services.log"
}
command { service = "OperServ"; name = "LOGSEARCH"; command = "operserv/logsearch"; permission = "operserv/logsearch"; }

/*
 * os_mode
 *
 * Provides the commands operserv/mode and operserv/umode.
 *
 * Used to change user and channel modes.
 */
module { name = "os_mode" }
command { service = "OperServ"; name = "UMODE"; command = "operserv/umode"; permission = "operserv/umode"; }
command { service = "OperServ"; name = "MODE"; command = "operserv/mode"; permission = "operserv/mode"; }

/*
 * os_modinfo
 *
 * Provides the commands operserv/modinfo and operserv/modlist.
 *
 * Used to show information about loaded modules.
 */
module { name = "os_modinfo" }
command { service = "OperServ"; name = "MODINFO"; command = "operserv/modinfo"; permission = "operserv/modinfo"; }
command { service = "OperServ"; name = "MODLIST"; command = "operserv/modlist"; permission = "operserv/modinfo"; }

/*
 * os_module
 *
 * Provides the commands operserv/modload, operserv/modreload, and operserv/modunload.
 *
 * Used to load, reload, and unload modules.
 */
module { name = "os_module" }
command { service = "OperServ"; name = "MODLOAD"; command = "operserv/modload"; permission = "operserv/modload"; }
command { service = "OperServ"; name = "MODRELOAD"; command = "operserv/modreload"; permission = "operserv/modload"; }
command { service = "OperServ"; name = "MODUNLOAD"; command = "operserv/modunload"; permission = "operserv/modload"; }

/*
 * os_news
 *
 * Provides the commands operserv/logonnews, operserv/opernews, and operserv/randomnews.
 *
 * Used to configure news notices shown to users when they connect, and opers when they oper.
 */
module
{
        name = "os_news"

        /*
         * The service bot names to use to send news to users on connection
         * and to opers when they oper.
         */
        announcer = "Global"
        oper_announcer = "OperServ"

        /*
         * The number of LOGON/OPER news items to display when a user logs on.
         *
         * This directive is optional, if not set it will default to 3.
         */
        #newscount = 3
}
command { service = "OperServ"; name = "LOGONNEWS"; command = "operserv/logonnews"; permission = "operserv/news"; }
command { service = "OperServ"; name = "OPERNEWS"; command = "operserv/opernews"; permission = "operserv/news"; }
command { service = "OperServ"; name = "RANDOMNEWS"; command = "operserv/randomnews"; permission = "operserv/news"; }

/*
 * os_noop
 *
 * Provides the command operserv/noop.
 *
 * Used to NOOP a server, which prevents users from opering on that server.
 */
module { name = "os_noop" }
command { service = "OperServ"; name = "NOOP"; command = "operserv/noop"; permission = "operserv/noop"; }

/*
 * os_oline
 *
 * Provides the command operserv/oline.
 *
 * Used to set oper flags on users, and is specific to UnrealIRCd 3.2.
 * See /helpop ?svso on your IRCd for more information.
 */
#module { name = "os_oline" }
#command { service = "OperServ"; name = "OLINE"; command = "operserv/oline"; permission = "operserv/oline"; }

/*
 * os_oper
 *
 * Provides the command operserv/oper.
 *
 * Used to configure opers and show information about opertypes.
 */
module { name = "os_oper" }
command { service = "OperServ"; name = "OPER"; command = "operserv/oper"; permission = "operserv/oper"; }

/*
 * os_reload
 *
 * Provides the command operserv/reload.
 *
 * Used to reload the services.conf configuration file.
 */
module { name = "os_reload" }
command { service = "OperServ"; name = "RELOAD"; command = "operserv/reload"; permission = "operserv/reload"; }

/*
 * os_session
 *
 * Provides the commands operserv/exception and operserv/session.
 *
 * This module enables session limiting. Session limiting prevents users from connecting more than a certain
 * number of times from the same IP at the same time - thus preventing most types of cloning.
 * Once a host reaches its session limit, all clients attempting to connect from that host will
 * be killed. Exceptions to the default session limit can be defined via the exception list.
 *
 * Used to manage the session limit exception list, and view currently active sessions.
 */
module
{
        name = "os_session"

        /*
         * Default session limit per host. Once a host reaches its session limit, all clients attempting
         * to connect from that host will be killed.
         *
         * This directive is required if os_session is loaded.
         */
        defaultsessionlimit = 5

        /*
         * The maximum session limit that may be set for a host in an exception.
         *
         * This directive is required if os_session is loaded.
         */
        maxsessionlimit = 100

        /*
         * Sets the default expiry time for session exceptions.
         */
        #exceptionexpiry = 1d

        /*
         * The message that will be NOTICE'd to a user just before they are removed from the network because
         * their host's session limit has been exceeded. It may be used to give a slightly more descriptive
         * reason for the impending kill as opposed to simply "Session limit exceeded".
         *
         * This directive is optional, if not set, nothing will be sent.
         */
        sessionlimitexceeded = "The session limit for your IP %IP% has been exceeded."

        /*
         * Same as above, but should be used to provide a website address where users can find out more
         * about session limits and how to go about applying for an exception.
         *
         * Note: This directive has been intentionally commented out in an effort to remind you to change
         * the URL it contains. It is recommended that you supply an address/URL where people can get help
         * regarding session limits.
         *
         * This directive is optional, if not set, nothing will be sent.
         */
        #sessionlimitdetailsloc = "Please visit https://your.website.url/ for more information about session limits."

        /*
         * If set and is not 0, this directive tells Services to add an AKILL if the number of subsequent kills
         * for the same host exceeds this value, preventing the network from experiencing KILL floods.
         *
         * This directive is optional.
         */
        maxsessionkill = 15

        /*
         * Sets the expiry time for AKILLs set for hosts exceeding the maxsessionkill directive limit.
         *
         * This directive is optional, if not set, defaults to 30 minutes.
         */
        sessionautokillexpiry = 30m

        /*
         * Sets the CIDR value used to determine which IP addresses represent the same person.
         * By default this would limit 3 connections per IPv4 IP and 3 connections per IPv6 IP.
         * If you are receiving IPv6 clone attacks it may be useful to set session_ipv6_cidr to
         * 64 or 48.
         */
        session_ipv4_cidr = 32
        session_ipv6_cidr = 128
}
command { service = "OperServ"; name = "EXCEPTION"; command = "operserv/exception"; permission = "operserv/exception"; }
command { service = "OperServ"; name = "SESSION"; command = "operserv/session"; permission = "operserv/session"; }

/*
 * os_set
 *
 * Provides the command operserv/set.
 *
 * Used to set various settings such as superadmin, debug mode, etc.
 */
module
{
        name = "os_set"

        /*
         * If set, Services Admins will be able to use SUPERADMIN [ON|OFF] which will temporarily grant
         * them extra privileges such as being a founder on ALL channels.
         *
         * This directive is optional.
         */
        #superadmin = yes
}
command { service = "OperServ"; name = "SET"; command = "operserv/set"; permission = "operserv/set"; }

/*
 * os_shutdown
 *
 * Provides the commands operserv/quit, operserv/restart, and operserv/shutdown.
 *
 * Used to quit, restart, or shutdown services.
 */
module { name = "os_shutdown" }
command { service = "OperServ"; name = "QUIT"; command = "operserv/quit"; permission = "operserv/quit"; }
command { service = "OperServ"; name = "RESTART"; command = "operserv/restart"; permission = "operserv/restart"; }
command { service = "OperServ"; name = "SHUTDOWN"; command = "operserv/shutdown"; permission = "operserv/shutdown"; }

/*
 * os_stats
 *
 * Provides the operserv/stats command.
 *
 * Used to show statistics about services.
 */
module { name = "os_stats" }
command { service = "OperServ"; name = "STATS"; command = "operserv/stats"; permission = "operserv/stats"; }

/*
 * os_svs
 *
 * Provides the commands operserv/svsnick, operserv/svsjoin, and operserv/svspart.
 *
 * Used to force users to change nicks, join and part channels.
 */
module { name = "os_svs" }
command { service = "OperServ"; name = "SVSNICK"; command = "operserv/svsnick"; permission = "operserv/svs"; }
command { service = "OperServ"; name = "SVSJOIN"; command = "operserv/svsjoin"; permission = "operserv/svs"; }
command { service = "OperServ"; name = "SVSPART"; command = "operserv/svspart"; permission = "operserv/svs"; }

/*
 * os_sxline
 *
 * Provides the operserv/snline and operserv/sqline commands.
 *
 * Used to ban real names, nick names, and possibly channels.
 */
module { name = "os_sxline" }
command { service = "OperServ"; name = "SNLINE"; command = "operserv/snline"; permission = "operserv/snline"; }
command { service = "OperServ"; name = "SQLINE"; command = "operserv/sqline"; permission = "operserv/sqline"; }

/*
 * os_update
 *
 * Provides the operserv/update command.
 *
 * Use to immediately update the databases.
 */
module { name = "os_update" }
command { service = "OperServ"; name = "UPDATE"; command = "operserv/update"; permission = "operserv/update"; }