#
################################################
### Managed by someone's ansible provisioner ###
################################################
# Part of: https://git.somenet.org/root/pub/somesible.git
# 2017-2025 by someone <someone@somenet.org>
#
########################################################################
# #
# ___ ___ ____ ____ _ #
# |_ _|_ __ ___ _ __|_ _| _ \ / ___|__| | #
# | || '_ \/ __| '_ \| || |_) | | / _` | #
# | || | | \__ \ |_) | || _ <| |__| (_| | #
# |___|_| |_|___/ .__/___|_| \_\\____\__,_| #
# |_| #
# ____ __ _ _ _ #
# / ___|___ _ __ / _(_) __ _ _ _ _ __ __ _| |_(_) ___ _ __ #
# | | / _ \| '_ \| |_| |/ _` | | | | '__/ _` | __| |/ _ \| '_ \ #
# | |__| (_) | | | | _| | (_| | |_| | | | (_| | |_| | (_) | | | | #
# \____\___/|_| |_|_| |_|\__, |\__,_|_| \__,_|\__|_|\___/|_| |_| #
# |___/ #
# #
########################################################################
# #
# Unalphabeticalise the modules list at your own risk #
# #
########################################################################
#-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
# #
# This is where you can configure which connections are allowed #
# and denied access onto your server. The password is optional. #
# You may have as many of these as you require. To allow/deny all #
# connections, use a '*' or 0.0.0.0/0. #
# #
# -- It is important to note that connect tags are read from the -- #
# TOP DOWN. This means that you should have more specific deny #
# and allow tags at the top, progressively more general, followed #
# by a <connect allow="*" (should you wish to have one). #
# #
# Connect blocks are searched twice for each user - once when the TCP #
# connection is accepted, and once when the user completes their #
# registration. Most of the information (hostname, ident response, #
# password, SSL when using STARTTLS, etc) is only available during #
# the second search, so if you are trying to make a closed server, #
# you will probably need a connect block just for user registration. #
# This can be done by using <connect registered="no"> #
<connect
# name: Name to use for this connect block. Mainly used for
# connect class inheriting.
name="main"
# allow: The IP address or hostname of clients that can use this
# class. You can specify either an exact match, a glob match, or
# a CIDR range here.
allow="*"
# maxchans: Maximum number of channels a user in this class
# can be in at one time.
#maxchans="20"
# timeout: How long the server will wait before disconnecting
# a user if they do not do anything on connect.
# (Note, this is a client-side thing, if the client does not
# send /NICK, /USER or /PASS)
timeout="20"
# pingfreq: How often the server tries to ping connecting clients.
pingfreq="5m"
# hardsendq: maximum amount of data allowed in a client's send queue
# before they are dropped. Keep this value higher than the length of
# your network's /LIST or /WHO output, or you will have lots of
# disconnects from sendq overruns!
# Setting this to "1M" is equivalent to "1048576", "8K" is 8192, etc.
hardsendq="1M"
# softsendq: amount of data in a client's send queue before the server
# begins delaying their commands in order to allow the sendq to drain
softsendq="10240"
# recvq: amount of data allowed in a client's queue before they are dropped.
# Entering "10K" is equivalent to "10240", see above.
recvq="100K"
# threshold: This specifies the amount of command penalty a user is allowed to have
# before being quit or fakelagged due to flood. Normal commands have a penalty of 1,
# ones such as /OPER have penalties up to 10.
#
# If you are not using fakelag, this should be at least 20 to avoid excess flood kills
# from processing some commands.
threshold="20"
# commandrate: This specifies the maximum rate that commands can be processed.
# If commands are sent more rapidly, the user's penalty will increase and they will
# either be fakelagged or killed when they reach the threshold
#
# Units are millicommands per second, so 1000 means one line per second.
commandrate="1000"
# fakelag: Use fakelag instead of killing users for excessive flood
#
# Fake lag stops command processing for a user when a flood is detected rather than
# immediately killing them; their commands are held in the recvq and processed later
# as the user's command penalty drops. Note that if this is enabled, flooders will
# quit with "RecvQ exceeded" rather than "Excess Flood".
fakelag="on"
# localmax: Maximum local connections per IP.
localmax="50"
# globalmax: Maximum global (network-wide) connections per IP.
globalmax="50"
# resolvehostnames: If disabled, no DNS lookups will be performed on connecting users
# in this class. This can save a lot of resources on very busy servers.
resolvehostnames="yes"
# useident: Defines if users in this class must respond to a ident query or not.
useident="no"
# usests: Whether a STS policy should be advertised to users in this class.
# This setting only has effect when the ircv3_sts module is loaded.
#usests="no"
# limit: How many users are allowed in this class
limit="5000"
# modes: User modes that are set on users in this block on connect.
# Enabling this option requires that the conn_umodes module be loaded.
# This entry is highly recommended to use for/with IP cloaking/masking.
# For the example to work, this also requires that the cloaking
# module be loaded as well.
modes="+xi">
<cidr ipv4clone="32" ipv6clone="128">
# MOVED TO global.secret.conf
# <include file="/etc/inspircd/global.opers.conf">
# MOVED TO inspircd.secret.conf
# <include file="/etc/inspircd/inspircd.links.conf">
<files motd="/etc/inspircd/inspircd.motd">
<channels users="60" opers="64">
<banlist chan="*" limit="128">
#<disabled commands="TOPIC MODE" usermodes="" chanmodes="" fakenonexistant="yes">
<options
# prefixquit: What (if anything) users' quit messages
# should be prefixed with.
prefixquit="Quit: "
# suffixquit: What (if anything) users' quit messages
# should be suffixed with.
suffixquit=""
# prefixpart: What (if anything) users' part messages
# should be prefixed with.
prefixpart="""
# NOTE: Use "\"" instead of """ if not using <config format="xml">
# suffixpart: What (if anything) users' part message
# should be suffixed with.
suffixpart="""
# fixedquit: Set all users' quit messages to this value.
#fixedquit=""
# fixedpart: Set all users' part messages in all channels
# to this value.
#fixedpart=""
# syntaxhints: If enabled, if a user fails to send the correct parameters
# for a command, the ircd will give back some help text of what
# the correct parameters are.
syntaxhints="yes"
# casemapping: This sets the case mapping method to be used by the
# server. This MUST be the same on all servers. Possible values are:
# "ascii" (recommended)
# "rfc1459" (default, required for linking to 2.0 servers)
# NOTE: if you are using the nationalchars module this setting will be
# ignored. You should use <nationalchars:casemapping> instead.
casemapping="ascii"
# cyclehostsfromuser: If enabled, the source of the mode change for
# cyclehosts will be the user who cycled. This can look nicer, but
# triggers anti-takeover mechanisms of some obsolete bots.
cyclehostsfromuser="no"
# announcets: If set to yes, when the timestamp on a channel changes, all users
# in the channel will be sent a NOTICE about it.
announcets="yes"
# allowmismatch: Setting this option to yes will allow servers to link even
# if they don't have the same "optionally common" modules loaded. Setting this to
# yes may introduce some desyncs and unwanted behaviour.
allowmismatch="no"
# defaultbind: Sets the default for <bind> tags without an address. Choices are
# ipv4 or ipv6; if not specified, IPv6 will be used if your system has support,
# falling back to IPv4 otherwise.
defaultbind="ipv4"
# hostintopic: If enabled, channels will show the host of the topic setter
# in the topic. If set to no, it will only show the nick of the topic setter.
hostintopic="yes"
# pingwarning: If a server does not respond to a ping within this period,
# it will send a notice to opers with snomask +l informing that the server
# is about to ping timeout.
pingwarning="15"
# serverpingfreq: How often pings are sent between servers.
serverpingfreq="1m"
# splitwhois: Whether to split private/secret channels from normal channels
# in WHOIS responses. Possible values for this are:
# 'no' - list all channels together in the WHOIS response regardless of type.
# 'split' - split private/secret channels to a separate WHOIS response numeric.
# 'splitmsg' - the same as split but also send a message explaining the split.
splitwhois="no"
# defaultmodes: What modes are set on a empty channel when a user
# joins it and it is unregistered.
defaultmodes="not"
# xlinemessage: This is the text that is sent to a user when they are
# banned from the server.
xlinemessage="You're banned! Email irc@example.com with the ERROR line below for help."
# allowzerolimit: If enabled then allow a limit of 0 to be set on channels.
# This is non-standard behaviour and should only be enabled if you need to
# link with servers running 2.0. Defaults to yes.
allowzerolimit="yes"
# modesinlist: If enabled then the current channel modes will be shown
# in the /LIST response. Defaults to yes.
modesinlist="yes"
# exemptchanops: Allows users with with a status mode to be exempt
# from various channel restrictions. Possible restrictions are:
# - anticaps Channel mode +B - blocks messages with too many capital
# letters (requires the anticaps module).
# - auditorium-see Permission required to see the full user list of
# a +u channel (requires the auditorium module).
# - auditorium-vis Permission required to be visible in a +u channel
# (requires the auditorium module).
# - blockcaps Channel mode +B - blocks messages with too many capital
# letters (requires the blockcaps module).
# - blockcolor Channel mode +c - blocks messages with formatting codes
# (requires the blockcolor module).
# - censor Channel mode +G - censors messages based on the network
# configuration (requires the censor module).
# - filter Channel mode +g - blocks messages containing the given
# glob mask (requires the chanfilter module).
# - flood Channel mode +f - kicks (and bans) on text flood of a
# specified rate (requires the messageflood module).
# - nickflood Channel mode +F - blocks nick changes after a specified
# rate (requires the nickflood module).
# - noctcp Channel mode +C - blocks any CTCPs to the channel
# (requires the noctcp module).
# - nonick Channel mode +N - prevents users on the channel from
# changing nicks (requires the nonicks module).
# - nonotice Channel mode +T - blocks /NOTICEs to the channel
# (requires the nonotice module).
# - regmoderated Channel mode +M - blocks unregistered users from
# speaking (requires the services account module).
# - stripcolor Channel mode +S - strips formatting codes from
# messages (requires the stripcolor module).
# - topiclock Channel mode +t - limits changing the topic to (half)ops
# You can also configure this on a per-channel basis with a channel mode.
# See m_exemptchanops in modules.conf.example for more details.
exemptchanops="censor:o filter:o nickflood:o nonick:v regmoderated:o"
# invitebypassmodes: This allows /INVITE to bypass other channel modes.
# (Such as +k, +j, +l, etc.)
invitebypassmodes="yes"
# nosnoticestack: This prevents snotices from 'stacking' and giving you
# the message saying '(last message repeated X times)'. Defaults to no.
nosnoticestack="no">
<security
# allowcoreunload: If this value is set to yes, Opers will be able to
# unload core modules (e.g. core_privmsg).
allowcoreunload="no"
# announceinvites: This option controls which members of the channel
# receive an announcement when someone is INVITEd. Available values:
# 'none' - don't send invite announcements
# 'all' - send invite announcements to all members
# 'ops' - send invite announcements to ops and higher ranked users
# 'dynamic' - send invite announcements to halfops (if available) and
# higher ranked users. This is the recommended setting.
announceinvites="dynamic"
# hideulines: If this value is set to yes, U-lined servers will
# be hidden from non-opers in /LINKS and /MAP.
hideulines="no"
# flatlinks: If this value is set to yes, /MAP and /LINKS will
# be flattened when shown to non-opers.
flatlinks="no"
# hideserver: When defined, the given text will be used in place
# of the server name in public messages. As with <server:name> this
# does not need to resolve but does need to be a valid hostname.
#
# NOTE: enabling this will cause users' idle times to only be shown
# when a remote whois (/WHOIS <nick> <nick>) is used.
#hideserver="*.example.com"
# hidebans: If this value is set to yes, when a user is banned ([KGZ]-lined)
# only opers will see the ban message when the user is removed
# from the server.
hidebans="no"
# hidekills: If defined, replaces who executed a /KILL with a custom string.
hidekills=""
# hideulinekills: Hide kills from clients of ulined servers from server notices.
hideulinekills="yes"
# hidesplits: If enabled, non-opers will not be able to see which
# servers split in a netsplit, they will only be able to see that one
# occurred (If their client has netsplit detection).
hidesplits="no"
# maxtargets: Maximum number of targets per command.
# (Commands like /NOTICE, /PRIVMSG, /KICK, etc)
maxtargets="20"
# customversion: A custom message to be displayed in the comments field
# of the VERSION command response. This does not hide the InspIRCd version.
customversion=""
# runasuser: If this is set, InspIRCd will attempt to switch
# to run as this user, which allows binding of ports under 1024.
# You should NOT set this unless you are starting as root.
# NOT SUPPORTED/NEEDED UNDER WINDOWS.
#runasuser=""
# runasgroup: If this is set, InspIRCd will attempt to switch
# to run as this group, which allows binding of ports under 1024.
# You should NOT set this unless you are starting as root.
# NOT SUPPORTED/NEEDED UNDER WINDOWS.
#runasgroup=""
# restrictbannedusers: If this is set to yes, InspIRCd will not allow users
# banned on a channel to change nickname or message channels they are
# banned on. This can also be set to silent to restrict the user but not
# notify them.
restrictbannedusers="yes"
# genericoper: Setting this value to yes makes all opers on this server
# appear as 'is a server operator' in their WHOIS, regardless of their
# oper type, however oper types are still used internally. This only
# affects the display in WHOIS.
genericoper="no"
# userstats: /STATS commands that users can run (opers can run all).
userstats="PugkqZR">
<limits
maxnick="30"
maxchan="64"
maxmodes="20"
maxident="10"
maxhost="64"
maxquit="255"
maxtopic="307"
maxkick="255"
maxreal="128"
maxaway="200">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Logging
# -------
#
# Logging is covered with the <log> tag, which you may use to change
# the behaviour of the logging of the IRCd.
#
# An example log tag would be:
# <log method="file" type="OPER" level="default" target="opers.log">
# which would log all information on /OPER (failed and successful) to
# a file called opers.log.
#
# There are many different types which may be used, and modules may
# generate their own. A list of useful types:
# - USERS - information relating to user connection and disconnection
# - OPER - successful and failed oper attempts
# - KILL - kill related messages
# - FILTER - messages related to filter matches (filter module)
# - CONFIG - configuration related messages
# - COMMAND - die and restart messages, and messages related to unknown user types
# - SOCKET - socket engine informational/error messages
# - MODULE - module related messages
# - STARTUP - messages related to starting up the server
#
# You may also log *everything* by using a type of *, and subtract things out
# of that by using -TYPE - for example "* -USERINPUT -USEROUTPUT".
#
# Useful levels are:
# - default (general messages, including errors)
# - sparse (misc error messages)
# - debug (debug messages)
#
# Some types only produce output in the debug level, those are:
# - BANCACHE - ban cache debug messages
# - CHANNELS - information relating to joining/creating channels
# - CULLLIST - debug messages related to issues with removing users
# - RESOLVER - DNS related debug messages
# - CONNECTCLASS - Connection class debug messages
# - USERINPUT
# - USEROUTPUT
#
# If your server is producing a high levels of log messages you can also set the
# flush="[positive number]" attribute to specify how many log messages should be
# buffered before flushing to disk. You should probably not specify this unless
# you are having problems.
#
# The following log tag is highly default and uncustomised. It is recommended you
# sort out your own log tags. This is just here so you get some output.
#<log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="/tmp/ircd.log">
<whowas groupsize="100" maxgroups="100000" maxkeep="90d">
<badnick nick="BotServ" reason="Reserved for a network service">
<badnick nick="ChanServ" reason="Reserved for a network service">
<badnick nick="Global" reason="Reserved for a network service">
<badnick nick="HostServ" reason="Reserved for a network service">
<badnick nick="MemoServ" reason="Reserved for a network service">
<badnick nick="NickServ" reason="Reserved for a network service">
<badnick nick="OperServ" reason="Reserved for a network service">
<badnick nick="StatServ" reason="Reserved for a network service">
<exemptfromfilter target="BotServ">
<exemptfromfilter target="ChanServ">
<exemptfromfilter target="Global">
<exemptfromfilter target="HostServ">
<exemptfromfilter target="MemoServ">
<exemptfromfilter target="NickServ">
<exemptfromfilter target="OperServ">
<exemptfromfilter target="StatServ">
<badhost host="root@*" reason="Don't irc as root!">
#<badhost host="*@172.32.0.0/16" reason="This subnet is bad.">
<exception host="*@localhost" reason="Never block localhost.">
<exception host="*@127.0.0.1" reason="Never block localhost.">
#-#-#-#-#-#-#-#-#-#-#- INSANE BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# This optional tag allows you to specify how wide a gline, eline, #
# kline, zline or qline can be before it is forbidden from being #
# set. By setting hostmasks="yes", you can allow all G, K, E lines, #
# no matter how many users the ban would cover. This is not #
# recommended! By setting ipmasks="yes", you can allow all Z lines, #
# no matter how many users these cover too. Needless to say we #
# don't recommend you do this, or, set nickmasks="yes", which will #
# allow any qline. #
# #
<insane
# hostmasks: Allow bans with insane hostmasks. (over-reaching bans)
hostmasks="no"
# ipmasks: Allow bans with insane ipmasks. (over-reaching bans)
ipmasks="no"
# nickmasks: Allow bans with insane nickmasks. (over-reaching bans)
nickmasks="no"
# trigger: What percentage of users on the network to trigger
# specifying an insane ban as. The default is 95.5%, which means
# if you have a 1000 user network, a ban will not be allowed if it
# will be banning 955 or more users.
trigger="95.5">
<include file="/etc/inspircd/global.modules.conf">
<include file="/etc/inspircd/global.secret.conf">