From: Someone Date: Sun, 24 Aug 2025 01:11:04 +0000 (+0200) Subject: roles/server/irc-services/files X-Git-Tag: activeVersion X-Git-Url: https://git.somenet.org/root/pub/somesible.git/commitdiff_plain?ds=sidebyside roles/server/irc-services/files --- diff --git a/roles/server/irc-services/files/default/chanserv.conf b/roles/server/irc-services/files/default/chanserv.conf index 39fc4a8..9e2889a 100644 --- a/roles/server/irc-services/files/default/chanserv.conf +++ b/roles/server/irc-services/files/default/chanserv.conf @@ -8,15 +8,51 @@ /* * First, create the service. - * Note that an easy way to rename this service is to define{} the client name to something else. */ service { + /* + * The name of the ChanServ client. + * If you change this value, you probably want to change the client directive in the configuration for the chanserv module too. + */ nick = "ChanServ" - user = "chanserv" + + /* + * The username of the ChanServ client. + */ + user = "services" + + /* + * The hostname of the ChanServ client. + */ host = "services.host" + + /* + * The realname of the ChanServ client. + */ gecos = "Channel Registration Service" + + /* + * The modes this client should use. + * Do not modify this unless you know what you are doing. + * + * These modes are very IRCd specific. If left commented, sane defaults + * are used based on what protocol module you have loaded. + * + * Note that setting this option incorrectly could potentially BREAK some, if + * not all, usefulness of the client. We will not support you if this client is + * unable to do certain things if this option is enabled. + */ #modes = "+o" + + /* + * An optional comma separated list of channels this service should join. Outside + * of log channels this is not very useful, as the service will just idle in the + * specified channels, and will not accept any types of commands. + * + * Prefixes may be given to the channels in the form of mode characters or prefix symbols. + */ + #channels = "@#services,#mychan" } /* @@ -47,7 +83,7 @@ module * - cs_secure: Enable channel security, requiring the user to be identified with NickServ in * order to be considered for being on the access list of the channel * - secureops: Only allow operator status to be given if the user is on the access list - * - securefounder: Only allow the real founder of the channel to drop the channel, change it's + * - securefounder: Only allow the real founder of the channel to drop the channel, change its * password, or change the founder or successor * - signkick: Use of ChanServ's KICK command will cause the user's nick to be signed to the kick. * - signkick_level: Same as above, but the kick will not be signed if the user is at the same access @@ -57,20 +93,84 @@ module * - noautoop: Disables autoop on the channel * - cs_keep_modes: Enables keep modes on the channel, which retains modes when the channel is * not in use. + * - cs_no_expire: Enables no expire. Needs founder, successor (if set) or anyone in the access list + * to be a registered nick, otherwise the channel will be dropped. * - none: No defaults * - * This directive is optional, if left blank, the options will default to keeptopic, cs_secure, securefounder, - * and signkick. If you really want no defaults, use "none" by itself as the option. + * This directive is optional, if left blank, the options will default to keeptopic, peace, cs_secure, + * securefounder, and signkick. If you really want no defaults, use "none" by itself as the option. */ defaults = "keeptopic peace cs_secure securefounder signkick cs_keep_modes" - maxregistered = 64 + + /* + * The maximum number of channels which may be registered to a single nickname. + * + * This directive is optional, but recommended. + * If not set, there will be no restriction on the numbers of channels a single nickname can have registered. + */ + maxregistered = 200 + + /* + * The length of time before a channel registration expires. + * + * This directive is optional. If not set, the default is never. + */ expire = 180d + + /* + * The maximum number of entries on a channel's access list. + * If not set, the default is 1024. This can be set to 0 for unlimited. + */ accessmax = 1024 - inhabit = 30s + + /* + * The length of time ChanServ stays in a channel after kicking a user from a channel they are not + * permitted to be in. This only occurs when the user is the only one in the channel. + */ + inhabit = 15s + + /* + * Allow only IRC Operators to use ChanServ. + * + * This directive is optional. + */ + #opersonly = yes + + /* + * Modes that will not be allowed to be locked. Oper only modes such as +O + * are always restricted from regular users and are not affected by this. + * Comment out for no restrictions. + */ #nomlock = "P" + + /* + * Modes that are required to be set and only set on all registered channels. + * These modes can not be locked or unlocked. The registered channel mode is + * automatically always required, if such a mode exists. + */ #require = "r" + + /* + * The maximum length of the reason field for user commands such as chanserv/kick + * and chanserv/ban. + */ reasonmax = 200 + + /* + * The message formatting to use for signed kick messages. + * %n is the nick of the kicker + * %m is the message specified + */ + signkickformat = "%m (%n)" + + /* + * If set, prevents channel access entries from containing hostmasks. + */ disallow_hostmask_access = false + + /* + * If set, prevents channels from being on access lists. + */ disallow_channel_access = false /* @@ -78,32 +178,32 @@ module * This prevents several race conditions where unauthorized users can join empty registered channels and set * modes etc. prior to services deopping them. */ - #always_lower_ts = true + always_lower_ts = false } /* * ChanServ privilege configuration. * * ChanServ privileges are used to determine who has what access in channels. By default the core has its own - * set of levels it uses for various ChanServ commands, which are defined below. Privilege ranks are used to - * determine how powerful privileges are relative to each other, which is used by Anope to determine who has greater - * access in a channel. + * set of privileges it uses for various commands, which are defined below. Privilege ranks are used to + * determine how powerful privileges are relative to other privileges, which is used by Anope to determine + * who has greater access in a channel. * - * If you loaded cs_access, you may define a level for the privilege, which is used by chanserv/access and chanserv/levels. + * If you load cs_access, you may define a level for the privilege, which is used by chanserv/access and chanserv/levels. * The levels defined will be used as the default levels for newly registered channels. * The level "founder" is a special level which means anyone with the privilege FOUNDER on the channel * has that permission. Additionally, the level "disabled" means that no one can use the privilege, including founders. * - * If you loaded cs_flags, you may define a flag associated with that privilege for use in chanserv/flags. + * If you load cs_flags, you may define a flag associated with that privilege for use in chanserv/flags. * - * If you loaded cs_xop, you may define a xop command to associate the privilege with. + * If you load cs_xop, you may define a XOP command to associate the privilege with. * - * The name of privileges are uesd to associate them with channel modes. If you are using an IRCd that allows you to define additional + * The name of privileges are used to associate them with channel modes. If you are using an IRCd that allows you to define additional * channel status modes, such as InspIRCd, you can associate privileges (and thus access levels, flags, xop) with the mode by naming * the privileges appropriately. For example, if you had a channel mode called admin, you could create AUTOADMIN, ADMIN, and ADMINME * privileges which would automatically be associated with that channel mode. * - * Defining new privileges here is not useful unless you have a module (eg, a third party one) made to check for + * Defining new privileges here is not useful unless you have a module (e.g. a third party one) made to check for * the specific level you are defining. * * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior. @@ -315,7 +415,7 @@ privilege { name = "FOUNDER" rank = 360 - level = "founder" + level = 10000 flag = "F" xop = "QOP" } @@ -325,7 +425,7 @@ privilege * * Used by chanserv/getkey and nickserv/ajoin. * - * Users with this permission can get they channel key with GETKEY and + * Users with this permission can get their channel key with GETKEY and * can use nickserv/ajoin to join channels with keys. */ privilege @@ -597,7 +697,7 @@ privilege * chanserv/saset/noexpire and chanserv/set. * * Users with this permission can set what BotServ will kick for, change - * BotServ and ChanServ settings, clone ChanServ channel setings, and + * BotServ and ChanServ settings, clone ChanServ channel settings, and * set ChanServ logging options. */ privilege @@ -711,25 +811,25 @@ privilege command_group { name = "chanserv/access" - description = "Used to manage the list of privileged users" + description = _("Used to manage the list of privileged users") } command_group { name = "chanserv/status" - description = "Used to modify the channel status of you or other users" + description = _("Used to modify the channel status of you or other users") } command_group { name = "chanserv/management" - description = "Used to manage channels" + description = _("Used to manage channels") } command_group { name = "chanserv/admin" - description = "Services Operator commands" + description = _("Services Operator commands") } /* Give it a help command. */ @@ -741,7 +841,12 @@ command { service = "ChanServ"; name = "HELP"; command = "generic/help"; } * Provides commands chanserv/access and chanserv/levels. * Provides the access system "levels". * - * Used for giving users access in channels. + * Used for giving users access in channels using a levels system. Allows redefining which privileges + * are represented by given level on a per channel basis. + * + * The "LIST" subcommand of chanserv/access will show every access entry on the channel, including access + * entries not added by cs_access. The "level" of these entries will be the representation of the access + * entry by the other access system, which could be an XOP command name, or a set of flags. */ module { name = "cs_access" } command { service = "ChanServ"; name = "ACCESS"; command = "chanserv/access"; group = "chanserv/access"; } @@ -761,14 +866,13 @@ module /* * The maximum number of entries on a channel's autokick list. */ - autokickmax = 64 + autokickmax = 32 /* * The default reason for an autokick if none is given. */ autokickreason = "User has been banned from the channel" } - command { service = "ChanServ"; name = "AKICK"; command = "chanserv/akick"; group = "chanserv/management"; } /* @@ -776,6 +880,12 @@ command { service = "ChanServ"; name = "AKICK"; command = "chanserv/akick"; grou * * Provides the command chanserv/ban. * + * The configuration option 'kick' may be set in a command block for this command to control + * whether or not users will be kicked from the channel once banned. The default is 'yes'. + * + * The configuration option 'mode' may be set to control which mode is set, such as BAN or QUIET. + * The default is BAN. + * * Used for banning users from channels. */ module { name = "cs_ban" } @@ -834,6 +944,10 @@ command { service = "ChanServ"; name = "ENTRYMSG"; command = "chanserv/entrymsg" * Provides the access system "flags". * * Used for giving users access in channels. + * + * The "LIST" subcommand of chanserv/flags will show every access entry on the channel, including access + * entries not added by cs_flags. The "flags" of these entries will be the flags representation of the + * privilege set granted by the access entry. */ module { name = "cs_flags" } command { service = "ChanServ"; name = "FLAGS"; command = "chanserv/flags"; group = "chanserv/access"; } @@ -892,12 +1006,13 @@ module /* * The maximum number of channels to be returned for a ChanServ LIST command. */ - listmax = 75 + listmax = 50 } +command { service = "ChanServ"; name = "LIST"; command = "chanserv/list"; } -command { service = "ChanServ"; name = "LIST"; command = "chanserv/list"; group = "chanserv/admin"; } command { service = "ChanServ"; name = "SET PRIVATE"; command = "chanserv/set/private"; } + /* * cs_log * @@ -944,7 +1059,9 @@ command { service = "ChanServ"; name = "LOG"; command = "chanserv/log"; group = * * Provides the command chanserv/mode and chanserv/modes. * - * Used for changing mode locks and changing modes. + * Used for changing mode locks and changing modes. Multiple commands may be mapped to chanserv/modes, the + * configuration directives 'set' and 'unset' are used to tell chanserv/modes which modes should be set or + * unset when the command is executed. */ module { @@ -956,8 +1073,14 @@ module * If not set, the default is +nt. */ mlock = "+nt" -} + /* + * The maximum number of entries that may be on a mode lock list. + * + * This directive is optional. + */ + max = 32 +} command { service = "ChanServ"; name = "MODE"; command = "chanserv/mode"; group = "chanserv/management"; } command { service = "ChanServ"; name = "OWNER"; command = "chanserv/modes"; group = "chanserv/status"; set = "OWNER" } @@ -975,6 +1098,7 @@ command { service = "ChanServ"; name = "DEHALFOP"; command = "chanserv/modes"; g command { service = "ChanServ"; name = "VOICE"; command = "chanserv/modes"; group = "chanserv/status"; set = "VOICE" } command { service = "ChanServ"; name = "DEVOICE"; command = "chanserv/modes"; group = "chanserv/status"; unset = "VOICE" } + /* * cs_register * @@ -1002,9 +1126,6 @@ command { service = "ChanServ"; name = "REGISTER"; command = "chanserv/register" /* Sets the time to keep seen entries in the seen database. */ purgetime = "30d" - - /* Sets the delay between checks for expired seen entries. */ - expiretimeout = "1d" } #command { service = "OperServ"; name = "SEEN"; command = "operserv/seen"; permission = "operserv/seen"; } @@ -1045,17 +1166,22 @@ module * 3: ban in the form of *!*user@*.domain */ defbantype = 2 -} + /* + * If set, persistent channels have their creation times lowered to their + * original registration dates. + */ + persist_lower_ts = true +} command { service = "ChanServ"; name = "SET"; command = "chanserv/set"; group = "chanserv/management"; } command { service = "ChanServ"; name = "SET AUTOOP"; command = "chanserv/set/autoop"; } command { service = "ChanServ"; name = "SET BANTYPE"; command = "chanserv/set/bantype"; } command { service = "ChanServ"; name = "SET DESCRIPTION"; command = "chanserv/set/description"; } -command { service = "ChanServ"; name = "SET DESC"; command = "chanserv/set/description"; } +command { service = "ChanServ"; name = "SET DESC"; command = "chanserv/set/description"; hide = yes; } command { service = "ChanServ"; name = "SET FOUNDER"; command = "chanserv/set/founder"; } command { service = "ChanServ"; name = "SET KEEPMODES"; command = "chanserv/set/keepmodes"; } command { service = "ChanServ"; name = "SET PEACE"; command = "chanserv/set/peace"; } -#command { service = "ChanServ"; name = "SET PERSIST"; command = "chanserv/set/persist"; } +command { service = "ChanServ"; name = "SET PERSIST"; command = "chanserv/set/persist"; } command { service = "ChanServ"; name = "SET RESTRICTED"; command = "chanserv/set/restricted"; } command { service = "ChanServ"; name = "SET SECURE"; command = "chanserv/set/secure"; } command { service = "ChanServ"; name = "SET SECUREFOUNDER"; command = "chanserv/set/securefounder"; } @@ -1075,7 +1201,6 @@ command { service = "ChanServ"; name = "SET NOEXPIRE"; command = "chanserv/saset module { name = "cs_set_misc" } command { service = "ChanServ"; name = "SET URL"; command = "chanserv/set/misc"; misc_description = _("Associate a URL with the channel"); } command { service = "ChanServ"; name = "SET EMAIL"; command = "chanserv/set/misc"; misc_description = _("Associate an E-mail address with the channel"); } -command { service = "ChanServ"; name = "SET TWITTER"; command = "chanserv/set/misc"; misc_description = _("Associate a Twitter account with the channel"); } /* * cs_status @@ -1105,7 +1230,7 @@ module * This directive is optional. * If not set, the default is never. */ - #expire = 90d + expire = 180d /* * Settings to show to non-opers in ChanServ's INFO output. @@ -1167,9 +1292,12 @@ command { service = "ChanServ"; name = "UP"; command = "chanserv/up"; group = "c * Provides the access system "XOP". * * Used for giving users access in channels. Many commands may be linked to chanserv/xop, but the - * privileges given by each is determined by the privilege:xop settings above. These commands should + * privileges given by each are determined by the privilege:xop settings above. These commands should * be ordered from highest to lowest, as each command inherits the privileges of the commands below * it. + * + * The "LIST" subcommand of chanserv/xop will show only XOP access entries of the given XOP type. You + * can not view the entire access list at once, and instead should use another access system to do that. */ module { name = "cs_xop" } command { service = "ChanServ"; name = "QOP"; command = "chanserv/xop"; group = "chanserv/access"; } @@ -1186,7 +1314,7 @@ command { service = "ChanServ"; name = "VOP"; command = "chanserv/xop"; group = /* * cs_statusupdate * - * This module automatically updates users status on channels when the + * This module automatically updates users' status on channels when the * channel's access list is modified. */ module { name = "cs_statusupdate" } diff --git a/roles/server/irc-services/files/default/global.conf b/roles/server/irc-services/files/default/global.conf index ab17617..ce52a66 100644 --- a/roles/server/irc-services/files/default/global.conf +++ b/roles/server/irc-services/files/default/global.conf @@ -8,15 +8,51 @@ /* * First, create the service. - * Note that an easy way to rename this service is to define{} the client name to something else. */ service { + /* + * The name of the Global client. + * If you change this value, you probably want to change the client directive in the configuration for the global module too. + */ nick = "Global" - user = "global" + + /* + * The username of the Global client. + */ + user = "services" + + /* + * The hostname of the Global client. + */ host = "services.host" + + /* + * The realname of the Global client. + */ gecos = "Global Noticer" + + /* + * The modes this client should use. + * Do not modify this unless you know what you are doing. + * + * These modes are very IRCd specific. If left commented, sane defaults + * are used based on what protocol module you have loaded. + * + * Note that setting this option incorrectly could potentially BREAK some, if + * not all, usefulness of the client. We will not support you if this client is + * unable to do certain things if this option is enabled. + */ #modes = "+o" + + /* + * An optional comma separated list of channels this service should join. Outside + * of log channels this is not very useful, as the service will just idle in the + * specified channels, and will not accept any types of commands. + * + * Prefixes may be given to the channels in the form of mode characters or prefix symbols. + */ + #channels = "@#services,#mychan" } /* @@ -27,9 +63,34 @@ service module { name = "global" + + /* + * The name of the client that should be Global. + */ client = "Global" - globaloncycledown = "Services are restarting, they will be back shortly - please be good while we're gone" + + /* + * This is the global message that will be sent when Services are being + * shutdown/restarted. + * + * This directive is optional. + */ + globaloncycledown = "Services are restarting, they will be back shortly - please be good while they're gone" + + /* + * This is the global message that will be sent when Services (re)join the + * network. + * + * This directive is optional. + */ globaloncycleup = "Services are now back online - have a nice day" + + /* + * If set, Services will hide the IRC Operator's nick in a global + * message/notice. + * + * This directive is optional. + */ #anonymousglobal = yes } @@ -55,5 +116,4 @@ command { service = "Global"; name = "HELP"; command = "generic/help"; } * Used for sending a message to every online user. */ module { name = "gl_global" } -command { service = "OperServ"; name = "GLOBAL"; command = "global/global"; permission = "operserv/global"; } command { service = "Global"; name = "GLOBAL"; command = "global/global"; permission = "global/global"; } diff --git a/roles/server/irc-services/files/default/hostserv.conf b/roles/server/irc-services/files/default/hostserv.conf index 33783f4..7e945f4 100644 --- a/roles/server/irc-services/files/default/hostserv.conf +++ b/roles/server/irc-services/files/default/hostserv.conf @@ -8,15 +8,51 @@ /* * First, create the service. - * Note that an easy way to rename this service is to define{} the client name to something else. */ service { + /* + * The name of the HostServ client. + * If you change this value, you probably want to change the client directive in the configuration for the hostserv module too. + */ nick = "HostServ" - user = "hostserv" + + /* + * The username of the HostServ client. + */ + user = "services" + + /* + * The hostname of the HostServ client. + */ host = "services.host" + + /* + * The realname of the HostServ client. + */ gecos = "vHost Service" + + /* + * The modes this client should use. + * Do not modify this unless you know what you are doing. + * + * These modes are very IRCd specific. If left commented, sane defaults + * are used based on what protocol module you have loaded. + * + * Note that setting this option incorrectly could potentially BREAK some, if + * not all, usefulness of the client. We will not support you if this client is + * unable to do certain things if this option is enabled. + */ #modes = "+o" + + /* + * An optional comma separated list of channels this service should join. Outside + * of log channels this is not very useful, as the service will just idle in the + * specified channels, and will not accept any types of commands. + * + * Prefixes may be given to the channels in the form of mode characters or prefix symbols. + */ + #channels = "@#services,#mychan" } /* @@ -27,7 +63,15 @@ service module { name = "hostserv" + + /* + * The name of the client that should be HostServ. + */ client = "HostServ" + + /* + * If enabled, vhosts are activated on users immediately when they are set. + */ activate_on_set = true } @@ -112,7 +156,7 @@ command { service = "HostServ"; name = "ON"; command = "hostserv/on"; } /* * hs_request * - * Provides the commands hostserv/request, hostserv/active, hostserv/reject, and hostserv/waiting. + * Provides the commands hostserv/request, hostserv/activate, hostserv/reject, and hostserv/waiting. * * Used to manage vHosts requested by users. */ diff --git a/roles/server/irc-services/files/default/memoserv.conf b/roles/server/irc-services/files/default/memoserv.conf index 6072a33..16183d8 100644 --- a/roles/server/irc-services/files/default/memoserv.conf +++ b/roles/server/irc-services/files/default/memoserv.conf @@ -8,15 +8,51 @@ /* * First, create the service. - * Note that an easy way to rename this service is to define{} the client name to something else. */ service { + /* + * The name of the MemoServ client. + * If you change this value, you probably want to change the client directive in the configuration for the memoserv module too. + */ nick = "MemoServ" - user = "memoserv" + + /* + * The username of the MemoServ client. + */ + user = "services" + + /* + * The hostname of the MemoServ client. + */ host = "services.host" + + /* + * The realname of the MemoServ client. + */ gecos = "Memo Service" + + /* + * The modes this client should use. + * Do not modify this unless you know what you are doing. + * + * These modes are very IRCd specific. If left commented, sane defaults + * are used based on what protocol module you have loaded. + * + * Note that setting this option incorrectly could potentially BREAK some, if + * not all, usefulness of the client. We will not support you if this client is + * unable to do certain things if this option is enabled. + */ #modes = "+o" + + /* + * An optional comma separated list of channels this service should join. Outside + * of log channels this is not very useful, as the service will just idle in the + * specified channels, and will not accept any types of commands. + * + * Prefixes may be given to the channels in the form of mode characters or prefix symbols. + */ + #channels = "@#services,#mychan" } /* @@ -27,9 +63,31 @@ service module { name = "memoserv" + /* + * The name of the client that should be MemoServ. Clients are configured + * with the service blocks. + */ client = "MemoServ" - maxmemos = 128 - senddelay = 5s + + /* + * The maximum number of memos a user is allowed to keep by default. Normal users may set the + * limit anywhere between 0 and this value. Services Admins can change it to any value or + * disable it. + * + * This directive is optional, but recommended. If not set, the limit is disabled + * by default, and normal users can set any limit they want. + */ + maxmemos = 512 + + /* + * The delay between consecutive uses of the MemoServ SEND command. This can help prevent spam + * as well as denial-of-service attacks from sending large numbers of memos and filling up disk + * space (and memory). The default 3-second wait means a maximum average of 150 bytes of memo + * per second per user under the current IRC protocol. + * + * This directive is optional, but recommended. + */ + senddelay = 3s } /* @@ -83,7 +141,17 @@ command { service = "MemoServ"; name = "DEL"; command = "memoserv/del"; } * * Used to ignore memos from specific users. */ -module { name = "ms_ignore" } +module +{ + name = "ms_ignore" + + /* + * The maximum number of entries that may be on a memo ignore list. + * + * This directive is optional. + */ + max = 32 +} command { service = "MemoServ"; name = "IGNORE"; command = "memoserv/ignore"; } /* diff --git a/roles/server/irc-services/files/default/modules.conf b/roles/server/irc-services/files/default/modules.conf index 8fbae6d..fee5262 100644 --- a/roles/server/irc-services/files/default/modules.conf +++ b/roles/server/irc-services/files/default/modules.conf @@ -13,8 +13,8 @@ * Modules can be prevented from loading by commenting out the line, other modules can be added by * adding a module block. These modules will be loaded prior to Services connecting to your network. * - * Note that some of these modules are labeled EXTRA, and must be enabled prior to compiling by - * running the 'extras' script on Linux and UNIX. + * Note that some of these modules are labeled EXTRA, and are not included in the Debian package. Please + * file a wishlist bug against anope in the Debian BTS if you would like to use an 'extra' module. */ /* @@ -38,7 +38,7 @@ module { name = "help" } /* * The nameserver to use for resolving hostnames, must be an IP or a resolver configuration file. - * The below should work fine on all unix like systems. Windows users will have to find their nameservers + * The below should work fine on all UNIX-like systems. Windows users will have to find their nameservers * from ipconfig /all and put the IP here. */ nameserver = "/etc/resolv.conf" @@ -135,9 +135,9 @@ module { name = "help" } * %r is the reply reason (configured below). Will be nothing if not configured. * %N is the network name set in networkinfo:networkname */ - reason = "You are listed in the efnet RBL, visit http://rbl.efnetrbl.org/?i=%i for info" + reason = "You are listed in the EFnet RBL, visit https://rbl.efnetrbl.org/?i=%i for info" - /* Replies to ban and their reason. If no relies are configured, all replies get banned. */ + /* Replies to ban and their reason. If no replies are configured, all replies get banned. */ reply { code = 1 @@ -179,11 +179,11 @@ module { name = "help" } { name = "dnsbl.dronebl.org" time = 4h - reason = "You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded?ip=%i&network=%N" + reason = "You have a host listed in the DroneBL. For more information, visit https://dronebl.org/lookup_branded?ip=%i&network=%N" } /* Exempt localhost from DNSBL checks */ - exempt { ip = "127.0.0.1" } + exempt { ip = "127.0.0.0/8" } } /* @@ -231,8 +231,9 @@ module { name = "help" } * extforward_headers set below, set this to its IP. * This allows services to obtain the real IP of users by * reading the forwarded-for HTTP header. + * Multiple IP addresses can be specified separated by a space character. */ - #extforward_ip = "192.168.0.255" + #extforward_ip = "192.168.0.255 192.168.1.255" /* The header to look for. These probably work as is. */ extforward_header = "X-Forwarded-For Forwarded-For" @@ -251,7 +252,6 @@ module { name = "help" } ldap { server = "ldap://127.0.0.1" - port = 389 /* * Admin credentials used for performing searches and adding users. @@ -307,18 +307,18 @@ module { name = "help" } password_attribute = "userPassword" /* - * If set, the reason to give the users who try to register with nickserv, + * If set, the reason to give the users who try to register with NickServ, * including nick registration from grouping. * * If not set, then registration is not blocked. */ - #disable_register_reason = "To register on this network visit http://some.misconfigured.site/register" + #disable_register_reason = "To register on this network visit https://some.misconfigured.site/register" /* * If set, the reason to give the users who try to "/msg NickServ SET EMAIL". * If not set, then email changing is not blocked. */ - #disable_email_reason = "To change your email address visit http://some.misconfigured.site" + #disable_email_reason = "To change your email address visit https://some.misconfigured.site" } /* @@ -382,6 +382,7 @@ module { name = "help" } port = 3306 } } + /* * m_redis * @@ -410,9 +411,18 @@ module { name = "help" } /* * m_regex_pcre [EXTRA] * - * Provides the regex engine regex/pcre, which uses the Perl Compatible Regular Expressions library. + * Provides the regex engine regex/pcre, which uses version 1 of the Perl Compatible Regular + * Expressions library. This can not be loaded at the same time as the m_regex_pcre2 module. */ -#module { name = "m_regex_pcre" } +module { name = "m_regex_pcre" } + +/* + * m_regex_pcre2 [EXTRA] + * + * Provides the regex engine regex/pcre, which uses version 2 of the Perl Compatible Regular + * Expressions library. This can not be loaded at the same time as the m_regex_pcre module. + */ +#module { name = "m_regex_pcre2" } /* * m_regex_posix [EXTRA] @@ -420,7 +430,7 @@ module { name = "help" } * Provides the regex engine regex/posix, which uses the POSIX compliant regular expressions. * This is likely the only regex module you will not need extra libraries for. */ -module { name = "m_regex_posix" } +#module { name = "m_regex_posix" } /* * m_regex_tre [EXTRA] @@ -446,7 +456,7 @@ module { name = "m_regex_posix" } rewrite_source = "CLEAR $ USERS" /* - * Message to rewrite the source message to. A $ followed by a number, eg $0, gets + * Message to rewrite the source message to. A $ followed by a number, e.g. $0, gets * replaced by the number-th word from the source_message, starting from 0. */ rewrite_target = "KICK $1 *" @@ -551,31 +561,13 @@ module { name = "m_regex_posix" } */ module { name = "m_sasl" } -/* - * m_sasl_dh-aes [EXTRA] - * - * Add the DH-AES mechanism to SASL. - * Requires m_sasl to be loaded. - * Requires openssl. - */ -module { name = "m_sasl_dh-aes" } - -/* - * m_sasl_dh-blowfish [EXTRA] - * - * Add the DH-BLOWFISH mechanism to SASL. - * Requires m_sasl to be loaded. - * Requires openssl. - */ -module { name = "m_sasl_dh-blowfish" } - /* * m_ssl_gnutls [EXTRA] * * This module provides SSL services to Anope using GnuTLS, for example to * connect to the uplink server(s) via SSL. * - * You may only load either m_ssl_gnutls or m_ssl_openssl, bot not both. + * You may only load either m_ssl_gnutls or m_ssl_openssl, but not both. */ #module { @@ -613,7 +605,7 @@ module { name = "m_sasl_dh-blowfish" } * This module provides SSL services to Anope using OpenSSL, for example to * connect to the uplink server(s) via SSL. * - * You may only load either m_ssl_openssl or m_ssl_gnutls, bot not both. + * You may only load either m_ssl_openssl or m_ssl_gnutls, but not both. * */ #module @@ -682,13 +674,13 @@ module { name = "m_sasl_dh-blowfish" } * If set, the reason to give the users who try to "/msg NickServ REGISTER". * If not set, then registration is not blocked. */ - #disable_reason = "To register on this network visit http://some.misconfigured.site/register" + #disable_reason = "To register on this network visit https://some.misconfigured.site/register" /* * If set, the reason to give the users who try to "/msg NickServ SET EMAIL". * If not set, then email changing is not blocked. */ - #disable_email_reason = "To change your email address visit http://some.misconfigured.site" + #disable_email_reason = "To change your email address visit https://some.misconfigured.site" } /* @@ -742,7 +734,7 @@ module { name = "m_sasl_dh-blowfish" } * * This module allows other modules to use SQLite. */ -#module +module { name = "m_sqlite" @@ -753,33 +745,10 @@ module { name = "m_sasl_dh-blowfish" } name = "sqlite/main" /* The database name, it will be created if it does not exist. */ - database = "anope.db" + database = "anope.sqlite" } } -/* - * webcpanel - * - * This module creates a web configuration panel that allows users and operators to perform any task - * as they could over IRC. If you are using the default configuration you should be able to access - * this panel by visiting http://127.0.0.1:8080 in your web browser from the machine Anope is running on. - * - * This module requires m_httpd. - */ -#module -{ - name = "webcpanel" - - /* Web server to use. */ - server = "httpd/main"; - - /* Template to use. */ - template = "default"; - - /* Page title. */ - title = "Anope IRC Services"; -} - /* * m_xmlrpc * diff --git a/roles/server/irc-services/files/default/nickserv.conf b/roles/server/irc-services/files/default/nickserv.conf index f645ee8..d864bf1 100644 --- a/roles/server/irc-services/files/default/nickserv.conf +++ b/roles/server/irc-services/files/default/nickserv.conf @@ -8,23 +8,85 @@ /* * First, create the service. - * Note that an easy way to rename this service is to define{} the client name to something else. */ service { + /* + * The name of the NickServ client. + * If you change this value, you probably want to change the client directive in the configuration for the nickserv module too. + */ nick = "NickServ" - user = "nickserv" + + /* + * The username of the NickServ client. + */ + user = "services" + + /* + * The hostname of the NickServ client. + */ host = "services.host" + + /* + * The realname of the NickServ client. + */ gecos = "Nickname Registration Service" + + /* + * The modes this client should use. + * Do not modify this unless you know what you are doing. + * + * These modes are very IRCd specific. If left commented, sane defaults + * are used based on what protocol module you have loaded. + * + * Note that setting this option incorrectly could potentially BREAK some, if + * not all, usefulness of the client. We will not support you if this client is + * unable to do certain things if this option is enabled. + */ #modes = "+o" + + /* + * An optional comma separated list of channels this service should join. Outside + * of log channels this is not very useful, as the service will just idle in the + * specified channels, and will not accept any types of commands. + * + * Prefixes may be given to the channels in the form of mode characters or prefix symbols. + */ + #channels = "@#services,#mychan" } +/* + * Core NickServ module. + * + * Provides essential functionality for NickServ. + */ module { name = "nickserv" + + /* + * The name of the client that should be NickServ. + */ client = "NickServ" + + /* + * Force users to give an e-mail address when they register a nick. + * + * This directive defaults to "yes" and is recommended to be enabled. This is required if e-mail registration is enabled. + */ forceemail = yes + + /* + * Require users who change their email address to confirm they + * own their new email. + */ confirmemailchanges = no + + /* + * A message sent to users on connect if they use an unregistered nick. %n will be replaced with the user's nickname. + * + * This directive is optional. + */ #unregistered_notice = "Your nickname is not registered. To register it, use: /msg NickServ REGISTER password email" /* @@ -34,34 +96,127 @@ module * * The options are: * - killprotect: Kill nick if not identified within 60 seconds - * - kill_quick: Kill nick if not identified within 20 seconds, this one overrides the above - * option and the above must be specified with this one + * - kill_quick: Kill nick if not identified within 20 seconds, this one overrides the killprotect + * option and the killprotect option must be specified with this one + * - kill_immed: Kill nick immediately if not identified, this one overrides both the killprotect + * and kill_quick options and the killprotect option must be specified with this one * - ns_secure: Enable nickname security, requiring the nick's password before any operations * can be done on it * - ns_private: Hide the nick from NickServ's LIST command - * - hide_email: Hide's the nick's e-mail address from NickServ's INFO command - * - hide_mask: Hide's the nick's last or current user@host from NickServ's INFO command - * - hide_quit: Hide's the nick's last quit message + * - hide_email: Hide the nick's e-mail address from NickServ's INFO command + * - hide_mask: Hide the nick's last or current user@host from NickServ's INFO command + * - hide_status: Hide the nick's services operator access status from NickServ's INFO command + * - hide_quit: Hide the nick's last quit message from NickServ's INFO command * - memo_signon: Notify user if they have a new memo when they sign into the nick * - memo_receive: Notify user if they have a new memo as soon as it's received + * - memo_mail: Notify user if they have a new memo by mail * - autoop: User will be automatically opped in channels they enter and have access to * - msg: Services messages will be sent as PRIVMSGs instead of NOTICEs, requires * options:useprivmsg to be enabled as well - * - ns_keepmodes: Enables keepmodes, which retains user modes across sessions + * - ns_keep_modes: Enables keepmodes, which retains user modes across sessions * * This directive is optional, if left blank, the options will default to ns_secure, memo_signon, and * memo_receive. If you really want no defaults, use "none" by itself as the option. */ - defaults = "killprotect ns_secure ns_private hide_email memo_signon memo_receive autoop" + defaults = "killprotect ns_secure ns_private hide_email hide_mask memo_signon memo_receive autoop" + + /* + * The minimum length of time between consecutive uses of NickServ's REGISTER command. This + * directive is optional, but recommended. If not set, this restriction will be disabled. + */ regdelay = 90s - expire = 190d + + /* + * The length of time before a nick's registration expires. + * + * This directive is optional, but recommended. If not set, the default is 21 days. + */ + expire = 370d + + /* + * Prevents the use of the ACCESS and CERT (excluding their LIST subcommand), DROP, FORBID, SUSPEND, + * GETPASS and SET PASSWORD commands by services operators on other services operators. + * + * This directive is optional, but recommended. + */ secureadmins = yes + + /* + * If set, Services will set the channel modes a user has access to upon identifying, assuming + * they are not already set. + * + * This directive is optional. + */ modeonid = yes + + /* + * If set, Services will set these user modes on any user who identifies. + * + * This directive is optional. + */ #modesonid = "+R" + + /* + * If set, Services will not show netsplits in the last quit message field + * of NickServ's INFO command. + */ hidenetsplitquit = no + + /* + * If set, is the length of time NickServ's killquick and kill options wait before + * forcing users off of protected nicknames. + */ killquick = 20s kill = 60s + + /* + * If set, forbids the registration of nicks that contain an existing + * nick with Services access. For example, if Tester is a Services Oper, + * you can't register NewTester or Tester123 unless you are an IRC + * Operator. + * + * NOTE: If you enable this, you will have to be logged in as an IRC + * operator in order to register a Services Root nick when setting up + * Anope for the first time. + * + * This directive is optional. + */ #restrictopernicks = yes + + /* + * The username, and possibly hostname, used for fake users created when Services needs to + * hold a nickname. + */ + enforceruser = "enforcer" + enforcerhost = "services.host" + + /* + * The length of time Services hold nicknames. + * + * This directive is optional, but recommended. If not set it defaults to 1 minute. + */ + releasetimeout = 1m + + /* + * When a user's nick is forcibly changed to enforce a "nick kill", their new nick will start + * with this value. The rest will be made up of 6 or 7 digits. + * Make sure this is a valid nick and Nicklen+7 is not longer than the allowed Nicklen on your ircd. + * + * This directive is optional. If not set it defaults to "Guest" + */ + guestnickprefix = "Guest" + + /* + * If set, Services do not allow ownership of nick names, only ownership of accounts. + */ + nonicknameownership = no + + /* + * The maximum length of passwords + * + * This directive is optional. If not set it defaults to 32. + */ + passlen = 32 } /* @@ -83,7 +238,7 @@ module command_group { name = "nickserv/admin" - description = "Services Operator commands" + description = _("Services Operator commands") } /* Give it a help command. */ @@ -102,6 +257,7 @@ module /* * The maximum number of entries allowed on a nickname's access list. + * If not set, the default is 32. This number cannot be set to 0. */ accessmax = 64 @@ -113,7 +269,6 @@ module */ addaccessonreg = no } - command { service = "NickServ"; name = "ACCESS"; command = "nickserv/access"; } /* @@ -130,7 +285,7 @@ module /* * The maximum number of channels a user can have on NickServ's AJOIN command. */ - ajoinmax = 32 + ajoinmax = 64 } command { service = "NickServ"; name = "AJOIN"; command = "nickserv/ajoin"; } @@ -151,7 +306,16 @@ command { service = "NickServ"; name = "ALIST"; command = "nickserv/alist"; } * * Used for configuring your SSL certificate list, which can be used to automatically identify you. */ -module { name = "ns_cert"; max = 16; } +module +{ + name = "ns_cert" + + /* + * The maximum number of entries allowed on a nickname's certificate fingerprint list. + * The default is 5. This number cannot be set to 0. + */ + max = 5 +} command { service = "NickServ"; name = "CERT"; command = "nickserv/cert"; } /* @@ -205,13 +369,13 @@ module maxaliases = 64 /* - * If set, the NickServ GROUP command won't allow any group change. This is recommended for - * better performance and to protect against nick stealing, however users will have less - * flexibility. + * If set, the NickServ GROUP command won't allow any group changes. This is recommended to + * prevent users from accidentally dropping their nicks, as it forces users to explicitly + * drop their nicks before adding it to another group. * * This directive is optional, but recommended. */ - #nogroupchange = yes + nogroupchange = no } command { service = "NickServ"; name = "GLIST"; command = "nickserv/glist"; } command { service = "NickServ"; name = "GROUP"; command = "nickserv/group"; } @@ -224,7 +388,15 @@ command { service = "NickServ"; name = "UNGROUP"; command = "nickserv/ungroup"; * * Used for identifying to accounts. */ -module { name = "ns_identify" } +module +{ + name = "ns_identify" + + /* + * If set, limits the number of concurrent users that can be logged in as a given account at once. + */ + maxlogins = 10 +} command { service = "NickServ"; name = "ID"; command = "nickserv/identify"; hide = true; } command { service = "NickServ"; name = "IDENTIFY"; command = "nickserv/identify"; } @@ -233,7 +405,7 @@ command { service = "NickServ"; name = "IDENTIFY"; command = "nickserv/identify" * * Provides the commands: * nickserv/info. - Used for gathering information about an account. - * nickserv/set/hide, nickserv/saset/hide - Used for configuring which options are publically shown in nickserv/info. + * nickserv/set/hide, nickserv/saset/hide - Used for configuring which options are publicly shown in nickserv/info. * */ module { name = "ns_info" } @@ -242,6 +414,7 @@ command { service = "NickServ"; name = "INFO"; command = "nickserv/info"; } command { service = "NickServ"; name = "SET HIDE"; command = "nickserv/set/hide"; } command { service = "NickServ"; name = "SASET HIDE"; command = "nickserv/saset/hide"; permission = "nickserv/saset/hide"; } + /* * ns_list * @@ -257,13 +430,14 @@ module /* * The maximum number of nicks to be returned for a NickServ LIST command. */ - listmax = 75 + listmax = 50 } -command { service = "NickServ"; name = "LIST"; command = "nickserv/list"; group = "nickserv/admin"; } +command { service = "NickServ"; name = "LIST"; command = "nickserv/list"; } command { service = "NickServ"; name = "SET PRIVATE"; command = "nickserv/set/private"; } command { service = "NickServ"; name = "SASET PRIVATE"; command = "nickserv/saset/private"; permission = "nickserv/saset/private"; } + /* * ns_logout * @@ -289,7 +463,7 @@ module * If set, Services will svsnick and svsjoin users who use the recover * command on an identified user to the nick and channels of the recovered user. * - * This directive is opional. + * This directive is optional. */ restoreonrecover = yes } @@ -335,9 +509,8 @@ module * The length of time a user using an unconfirmed account has * before the account will be released for general use again. */ - unconfirmedexpire = 1d + unconfirmedexpire = 7d } - command { service = "NickServ"; name = "CONFIRM"; command = "nickserv/confirm"; } command { service = "NickServ"; name = "REGISTER"; command = "nickserv/register"; } command { service = "NickServ"; name = "RESEND"; command = "nickserv/resend"; } @@ -380,7 +553,6 @@ module #allowkillimmed = yes } - command { service = "NickServ"; name = "SET"; command = "nickserv/set"; } command { service = "NickServ"; name = "SASET"; command = "nickserv/saset"; permission = "nickserv/saset/"; group = "nickserv/admin"; } @@ -413,6 +585,7 @@ command { service = "NickServ"; name = "SASET SECURE"; command = "nickserv/saset command { service = "NickServ"; name = "SASET NOEXPIRE"; command = "nickserv/saset/noexpire"; permission = "nickserv/saset/noexpire"; } + /* * ns_set_misc * @@ -424,12 +597,13 @@ command { service = "NickServ"; name = "SASET NOEXPIRE"; command = "nickserv/sas module { name = "ns_set_misc" } command { service = "NickServ"; name = "SET URL"; command = "nickserv/set/misc"; misc_description = _("Associate a URL with your account"); } command { service = "NickServ"; name = "SASET URL"; command = "nickserv/saset/misc"; misc_description = _("Associate a URL with this account"); permission = "nickserv/saset/url"; group = "nickserv/admin"; } -command { service = "NickServ"; name = "SET PUBLICMAIL"; command = "nickserv/set/misc"; misc_description = _("Associate an eMail address with your account"); } -command { service = "NickServ"; name = "SASET PUBLICMAIL"; command = "nickserv/saset/misc"; misc_description = _("Associate an eMail address with this account"); permission = "nickserv/saset/publicmail"; group = "nickserv/admin"; } -command { service = "NickServ"; name = "SET TWITTER"; command = "nickserv/set/misc"; misc_description = _("Associate a Twitter account with your account"); } -command { service = "NickServ"; name = "SASET TWITTER"; command = "nickserv/saset/misc"; misc_description = _("Associate a Twitter account with this account"); permission = "nickserv/saset/twitter"; group = "nickserv/admin"; } -#command { service = "NickServ"; name = "SET FACEBOOK"; command = "nickserv/set/misc"; misc_description = _("Associate a Facebook URL with your account"); } -#command { service = "NickServ"; name = "SASET FACEBOOK"; command = "nickserv/saset/misc"; misc_description = _("Associate a Facebook URL with this account"); permission = "nickserv/saset/facebook"; group = "nickserv/admin"; } +command { service = "NickServ"; name = "SET DISCORD"; command = "nickserv/set/misc"; misc_description = _("Associate a Discord account with your account"); } +command { service = "NickServ"; name = "SASET DISCORD"; command = "nickserv/saset/misc"; misc_description = _("Associate a Discord account with this account"); permission = "nickserv/saset/discord"; group = "nickserv/admin"; } +command { service = "NickServ"; name = "SET FACEBOOK"; command = "nickserv/set/misc"; misc_description = _("Associate a Facebook URL with your account"); } +command { service = "NickServ"; name = "SASET FACEBOOK"; command = "nickserv/saset/misc"; misc_description = _("Associate a Facebook URL with this account"); permission = "nickserv/saset/facebook"; group = "nickserv/admin"; } +command { service = "NickServ"; name = "SET MASTODON"; command = "nickserv/set/misc"; misc_description = _("Associate a Mastodon account with your account"); } +command { service = "NickServ"; name = "SASET MASTODON"; command = "nickserv/saset/misc"; misc_description = _("Associate a Mastodon account with this account"); permission = "nickserv/saset/mastodon"; group = "nickserv/admin"; } + /* * ns_status @@ -466,7 +640,6 @@ module */ show = "suspended, by, reason, on, expires" } - command { service = "NickServ"; name = "SUSPEND"; command = "nickserv/suspend"; permission = "nickserv/suspend"; group = "nickserv/admin"; } command { service = "NickServ"; name = "UNSUSPEND"; command = "nickserv/unsuspend"; permission = "nickserv/suspend"; group = "nickserv/admin"; } diff --git a/roles/server/irc-services/files/default/operserv.conf b/roles/server/irc-services/files/default/operserv.conf index 75db911..575942c 100644 --- a/roles/server/irc-services/files/default/operserv.conf +++ b/roles/server/irc-services/files/default/operserv.conf @@ -8,30 +8,119 @@ /* * First, create the service. - * Note that an easy way to rename this service is to define{} the client name to something else. */ service { + /* + * The name of the OperServ client. + * If you change this value, you probably want to change the client directive in the configuration for the operserv module too. + */ nick = "OperServ" - user = "operserv" + + /* + * The username of the OperServ client. + */ + user = "services" + + /* + * The hostname of the OperServ client. + */ host = "services.host" + + /* + * The realname of the OperServ client. + */ gecos = "Operator Service" + + /* + * The modes this client should use. + * Do not modify this unless you know what you are doing. + * + * These modes are very IRCd specific. If left commented, sane defaults + * are used based on what protocol module you have loaded. + * + * Note that setting this option incorrectly could potentially BREAK some, if + * not all, usefulness of the client. We will not support you if this client is + * unable to do certain things if this option is enabled. + */ #modes = "+o" + + /* + * An optional comma separated list of channels this service should join. Outside + * of log channels this is not very useful, as the service will just idle in the + * specified channels, and will not accept any types of commands. + * + * Prefixes may be given to the channels in the form of mode characters or prefix symbols. + */ + #channels = "@#services,#mychan" } +/* + * Core OperServ module. + * + * Provides essential functionality for OperServ. + */ module { name = "operserv" + + /* + * The name of the client that should be OperServ. + */ client = "OperServ" + + /* + * These define the default expiration times for, respectively, AKILLs, CHANKILLs, SNLINEs, + * and SQLINEs. + */ autokillexpiry = 30d chankillexpiry = 30d snlineexpiry = 30d sqlineexpiry = 30d + + /* + * If set, this option will make Services send an AKILL command immediately after it has been + * added with AKILL ADD. This eliminates the need for killing the user after the AKILL has + * been added. + * + * This directive is optional, but recommended. + */ akillonadd = yes + + /* + * If set, this option will make Services send an (SVS)KILL command immediately after SNLINE ADD. + * This eliminates the need for killing the user after the SNLINE has been added. + * + * This directive is optional. + */ killonsnline = yes + + /* + * If set, this option will make Services send an (SVS)KILL command immediately after SQLINE ADD. + * This eliminates the need for killing the user after the SQLINE has been added. + * + * This directive is optional. + */ killonsqline = yes + + /* + * Adds the nickname of the IRC Operator issuing an AKILL to the kill reason. + * + * This directive is optional. + */ addakiller = yes + + /* + * Adds akill IDs to akills. Akill IDs are given to users in their ban reason and can be used to easily view, + * modify, or remove an akill from the ID. + */ akillids = yes + + /* + * If set, only IRC Operators will be permitted to use OperServ, regardless of command access restrictions. + * + * This directive is optional, but recommended. + */ opersonly = yes } @@ -74,7 +163,7 @@ command { service = "OperServ"; name = "CHANKILL"; command = "operserv/chankill" * * Provides the command operserv/defcon. * - * Allows you to set services in defcon mode, which can be used to restrict services access + * Allows you to set services in DefCon mode, which can be used to restrict services access * during bot attacks. */ #module @@ -175,7 +264,7 @@ command { service = "OperServ"; name = "CHANKILL"; command = "operserv/chankill" */ #akillreason = "This network is currently not accepting connections, please try again later." } -#command { service = "OperServ"; name = "DEFCON"; command = "operserv/defcon"; } +#command { service = "OperServ"; name = "DEFCON"; command = "operserv/defcon"; permission = "operserv/defcon"; } /* * os_dns @@ -403,11 +492,10 @@ module /* * The number of LOGON/OPER news items to display when a user logs on. * - * This directive is optional, if no set it will default to 3. + * This directive is optional, if not set it will default to 3. */ #newscount = 3 } - command { service = "OperServ"; name = "LOGONNEWS"; command = "operserv/logonnews"; permission = "operserv/news"; } command { service = "OperServ"; name = "OPERNEWS"; command = "operserv/opernews"; permission = "operserv/news"; } command { service = "OperServ"; name = "RANDOMNEWS"; command = "operserv/randomnews"; permission = "operserv/news"; } @@ -427,11 +515,11 @@ command { service = "OperServ"; name = "NOOP"; command = "operserv/noop"; permis * * Provides the command operserv/oline. * - * Used to set oper flags on users, and is specific to UnrealIRCd. + * Used to set oper flags on users, and is specific to UnrealIRCd 3.2. * See /helpop ?svso on your IRCd for more information. */ -module { name = "os_oline" } -command { service = "OperServ"; name = "OLINE"; command = "operserv/oline"; permission = "operserv/oline"; } +#module { name = "os_oline" } +#command { service = "OperServ"; name = "OLINE"; command = "operserv/oline"; permission = "operserv/oline"; } /* * os_oper @@ -460,36 +548,34 @@ command { service = "OperServ"; name = "RELOAD"; command = "operserv/reload"; pe * * This module enables session limiting. Session limiting prevents users from connecting more than a certain * number of times from the same IP at the same time - thus preventing most types of cloning. - * Once a host reaches it's session limit, all clients attempting to connect from that host will + * Once a host reaches its session limit, all clients attempting to connect from that host will * be killed. Exceptions to the default session limit can be defined via the exception list. * * Used to manage the session limit exception list, and view currently active sessions. */ -#module +module { name = "os_session" /* - * Default session limit per host. Once a host reaches it's session limit, all clients attempting + * Default session limit per host. Once a host reaches its session limit, all clients attempting * to connect from that host will be killed. * - * This directive is require if os_session is loaded. + * This directive is required if os_session is loaded. */ - defaultsessionlimit = 3 + defaultsessionlimit = 5 /* * The maximum session limit that may be set for a host in an exception. * - * This directive is require if os_session is loaded. + * This directive is required if os_session is loaded. */ maxsessionlimit = 100 /* * Sets the default expiry time for session exceptions. - * - * This directive is require if os_session is loaded. */ - exceptionexpiry = 1d + #exceptionexpiry = 1d /* * The message that will be NOTICE'd to a user just before they are removed from the network because @@ -510,10 +596,10 @@ command { service = "OperServ"; name = "RELOAD"; command = "operserv/reload"; pe * * This directive is optional, if not set, nothing will be sent. */ - #sessionlimitdetailsloc = "Please visit http://your.website.url/ for more information about session limits." + #sessionlimitdetailsloc = "Please visit https://your.website.url/ for more information about session limits." /* - * If set and is not 0, this directive tells Services to add an AKILL the number of subsequent kills + * If set and is not 0, this directive tells Services to add an AKILL if the number of subsequent kills * for the same host exceeds this value, preventing the network from experiencing KILL floods. * * This directive is optional. @@ -536,8 +622,8 @@ command { service = "OperServ"; name = "RELOAD"; command = "operserv/reload"; pe session_ipv4_cidr = 32 session_ipv6_cidr = 128 } -#command { service = "OperServ"; name = "EXCEPTION"; command = "operserv/exception"; permission = "operserv/exception"; } -#command { service = "OperServ"; name = "SESSION"; command = "operserv/session"; permission = "operserv/session"; } +command { service = "OperServ"; name = "EXCEPTION"; command = "operserv/exception"; permission = "operserv/exception"; } +command { service = "OperServ"; name = "SESSION"; command = "operserv/session"; permission = "operserv/session"; } /* * os_set @@ -558,7 +644,6 @@ module */ #superadmin = yes } - command { service = "OperServ"; name = "SET"; command = "operserv/set"; permission = "operserv/set"; } /*