From 6d3e8a2907bc58b462a63c119aedaf474d29ee0e Mon Sep 17 00:00:00 2001 From: Someone Date: Fri, 4 Oct 2024 13:42:36 +0200 Subject: [PATCH] [roles/server/irc-services] install anope --- .../irc-services/files/default/anope.service | 26 + .../irc-services/files/default/chanserv.conf | 1192 +++++++++++++++++ .../irc-services/files/default/global.conf | 59 + .../irc-services/files/default/hostserv.conf | 148 ++ .../irc-services/files/default/memoserv.conf | 179 +++ .../irc-services/files/default/modules.conf | 803 +++++++++++ .../irc-services/files/default/nickserv.conf | 504 +++++++ .../irc-services/files/default/operserv.conf | 617 +++++++++ .../irc-services/files/default/services.conf | 9 + .../irc-services/files/default/services.motd | 0 roles/server/irc-services/handlers/main.yml | 12 + roles/server/irc-services/tasks/main.yml | 216 +++ 12 files changed, 3765 insertions(+) create mode 100644 roles/server/irc-services/files/default/anope.service create mode 100644 roles/server/irc-services/files/default/chanserv.conf create mode 100644 roles/server/irc-services/files/default/global.conf create mode 100644 roles/server/irc-services/files/default/hostserv.conf create mode 100644 roles/server/irc-services/files/default/memoserv.conf create mode 100644 roles/server/irc-services/files/default/modules.conf create mode 100644 roles/server/irc-services/files/default/nickserv.conf create mode 100644 roles/server/irc-services/files/default/operserv.conf create mode 100644 roles/server/irc-services/files/default/services.conf create mode 100644 roles/server/irc-services/files/default/services.motd create mode 100644 roles/server/irc-services/handlers/main.yml create mode 100644 roles/server/irc-services/tasks/main.yml diff --git a/roles/server/irc-services/files/default/anope.service b/roles/server/irc-services/files/default/anope.service new file mode 100644 index 0000000..1674384 --- /dev/null +++ b/roles/server/irc-services/files/default/anope.service @@ -0,0 +1,26 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +[Unit] +Description=Anope IRC-Services +After=network.target inspircd.service + +[Service] +Type=forking +PIDFile=/run/anope/anope.pid +RuntimeDirectory=anope +WorkingDirectory=/srv/anope/ +User=anope +Group=anope +ExecStart=/usr/sbin/anope --confdir=/etc/anope --dbdir=/srv/anope/db --logdir=/var/log/anope --modulesdir=/usr/lib/anope --localedir=/usr/share/anope/locale +ExecReload=/bin/kill -HUP $MAINPID +Restart=always +RestartSec=30 + +[Install] +WantedBy=multi-user.target diff --git a/roles/server/irc-services/files/default/chanserv.conf b/roles/server/irc-services/files/default/chanserv.conf new file mode 100644 index 0000000..1fca9c8 --- /dev/null +++ b/roles/server/irc-services/files/default/chanserv.conf @@ -0,0 +1,1192 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +/* + * First, create the service. + * Note that an easy way to rename this service is to define{} the client name to something else. + */ +service +{ + nick = "ChanServ" + user = "chanserv" + host = "services.host" + gecos = "Channel Registration Service" + #modes = "+o" +} + +/* + * Core ChanServ module. + * + * Provides essential functionality for ChanServ. + */ +module +{ + name = "chanserv" + + /* + * The name of the client that should be ChanServ. + */ + client = "ChanServ" + + /* + * The default options for newly registered channels. Note that changing these options + * will have no effect on channels which are already registered. The list must be separated + * by spaces. + * + * The options are: + * - keeptopic: Retain topic when the channel is not in use + * - peace: Disallow users from kicking or removing modes from others who are of the same + * access level or superior + * - cs_private: Hide the channel from ChanServ's LIST command + * - restricted: Kick/ban users who are restricted from the channel + * - cs_secure: Enable channel security, requiring the user to be identified with NickServ in + * order to be considered for being on the access list of the channel + * - secureops: Only allow operator status to be given if the user is on the access list + * - securefounder: Only allow the real founder of the channel to drop the channel, change it's + * password, or change the founder or successor + * - signkick: Use of ChanServ's KICK command will cause the user's nick to be signed to the kick. + * - signkick_level: Same as above, but the kick will not be signed if the user is at the same access + * level or superior to the target + * - topiclock: Disallow the topic to be changed except with ChanServ's TOPIC command + * - persist: Keep the channel open at all times + * - noautoop: Disables autoop on the channel + * - cs_keep_modes: Enables keep modes on the channel, which retains modes when the channel is + * not in use. + * - none: No defaults + * + * This directive is optional, if left blank, the options will default to keeptopic, cs_secure, securefounder, + * and signkick. If you really want no defaults, use "none" by itself as the option. + */ + defaults = "keeptopic peace cs_secure securefounder signkick cs_keep_modes" + maxregistered = 64 + expire = 180d + accessmax = 1024 + inhabit = 30s + #nomlock = "P" + #require = "r" + reasonmax = 200 + disallow_hostmask_access = false + disallow_channel_access = false + + /* + * If set, ChanServ will always lower the timestamp of registered channels to their registration date. + * This prevents several race conditions where unauthorized users can join empty registered channels and set + * modes etc. prior to services deopping them. + */ + #always_lower_ts = true +} + +/* + * ChanServ privilege configuration. + * + * ChanServ privileges are used to determine who has what access in channels. By default the core has its own + * set of levels it uses for various ChanServ commands, which are defined below. Privilege ranks are used to + * determine how powerful privileges are relative to each other, which is used by Anope to determine who has greater + * access in a channel. + * + * If you loaded cs_access, you may define a level for the privilege, which is used by chanserv/access and chanserv/levels. + * The levels defined will be used as the default levels for newly registered channels. + * The level "founder" is a special level which means anyone with the privilege FOUNDER on the channel + * has that permission. Additionally, the level "disabled" means that no one can use the privilege, including founders. + * + * If you loaded cs_flags, you may define a flag associated with that privilege for use in chanserv/flags. + * + * If you loaded cs_xop, you may define a xop command to associate the privilege with. + * + * The name of privileges are uesd to associate them with channel modes. If you are using an IRCd that allows you to define additional + * channel status modes, such as InspIRCd, you can associate privileges (and thus access levels, flags, xop) with the mode by naming + * the privileges appropriately. For example, if you had a channel mode called admin, you could create AUTOADMIN, ADMIN, and ADMINME + * privileges which would automatically be associated with that channel mode. + * + * Defining new privileges here is not useful unless you have a module (eg, a third party one) made to check for + * the specific level you are defining. + * + * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior. + */ + +/* + * ACCESS_CHANGE privilege. + * + * Used by chanserv/access, chanserv/flags and chanserv/xop. + * + * Users with this permission can modify the permissions of others. + */ +privilege +{ + name = "ACCESS_CHANGE" + rank = 0 + level = 10 + flag = "f" + xop = "SOP" +} + +/* + * ACCESS_LIST privilege. + * + * Used by chanserv/access, chanserv/flags, and chanserv/xop. + * + * Users with this permission can view the access list of channels. + */ +privilege +{ + name = "ACCESS_LIST" + rank = 10 + level = 3 + flag = "f" + xop = "VOP" +} + +/* + * AKICK privilege. + * + * Used by chanserv/akick and chanserv/enforce. + * + * Users with this permission can modify the AKICK list. + */ +privilege +{ + name = "AKICK" + rank = 250 + level = 10 + flag = "K" + xop = "SOP" +} + +/* + * ASSIGN privilege. + * + * Used by botserv/assign. + * + * Users with this permission can assign and unassign BotServ bots to and from the channel. + */ +privilege +{ + name = "ASSIGN" + rank = 270 + level = "founder" + flag = "s" + xop = "QOP" +} + +/* + * AUTOHALFOP privilege. + * + * Used by the core. + * + * Users with this permission get halfop on join. + */ +privilege +{ + name = "AUTOHALFOP" + rank = 100 + level = 4 + flag = "H" + xop = "HOP" +} + +/* + * AUTOOP privilege. + * + * Used by the core. + * + * Users with this permission get op on join. + */ +privilege +{ + name = "AUTOOP" + rank = 210 + level = 5 + flag = "O" + xop = "AOP" +} + +/* + * AUTOOWNER privilege. + * + * Used by the core. + * + * Users with this permission get owner on join. + */ +privilege +{ + name = "AUTOOWNER" + rank = 330 + level = 9999 + flag = "Q" + xop = "QOP" +} + +/* + * AUTOPROTECT privilege. + * + * Used by the core. + * + * Users with this permission get admin on join. + */ +privilege +{ + name = "AUTOPROTECT" + rank = 240 + level = 10 + flag = "A" + xop = "SOP" +} + +/* + * AUTOVOICE privilege. + * + * Used by the core. + * + * Users with this permission get voice on join. + */ +privilege +{ + name = "AUTOVOICE" + rank = 50 + level = 3 + flag = "V" + xop = "VOP" +} + +/* + * BADWORDS privilege. + * + * Used by botserv/badwords. + * + * Users with this permission can modify BotServ's BADWORDS list. + */ +privilege +{ + name = "BADWORDS" + rank = 260 + level = 10 + flag = "K" + xop = "SOP" +} + +/* + * BAN privilege. + * + * Used by chanserv/ban. + * + * Users with this permission can use the BAN command. + */ +privilege +{ + name = "BAN" + rank = 150 + level = 4 + flag = "b" + xop = "HOP" +} + +/* + * FANTASIA privilege. + * + * Used by botserv/main and chanserv/xop. + * + * Users with this permission can use fantasy commands in the channel. + */ +privilege +{ + name = "FANTASIA" + rank = 30 + level = 3 + flag = "c" + xop = "VOP" +} + +/* + * FOUNDER privilege. + * + * Used by chanserv/access, chanserv/akick, + * chanserv/drop, chanserv/set/founder, + * chanserv/set/securefounder, chanserv/set/successor and chanserv/xop. + * + * Users with this permission are treated as founders and can use + * commands restricted to founders. + */ +privilege +{ + name = "FOUNDER" + rank = 360 + level = "founder" + flag = "F" + xop = "QOP" +} + +/* + * GETKEY privilege. + * + * Used by chanserv/getkey and nickserv/ajoin. + * + * Users with this permission can get they channel key with GETKEY and + * can use nickserv/ajoin to join channels with keys. + */ +privilege +{ + name = "GETKEY" + rank = 180 + level = 5 + flag = "G" + xop = "AOP" +} + +/* + * HALFOP privilege. + * + * Used by chanserv/mode, chanserv/halfop and chanserv/dehalfop. + * + * Users with this permission can use ChanServ to halfop and dehalfop + * others in the channel. + */ +privilege +{ + name = "HALFOP" + rank = 120 + level = 5 + flag = "h" + xop = "AOP" +} + +/* + * HALFOPME privilege. + * + * Used by chanserv/mode, chanserv/halfop and chanserv/dehalfop. + * + * Users with this permission can use ChanServ to halfop and dehalfop + * themselves in the channel. + */ +privilege +{ + name = "HALFOPME" + rank = 110 + level = 4 + flag = "h" + xop = "HOP" +} + +/* + * INFO privilege. + * + * Used by botserv/info and chanserv/info. + * + * Users with this permission are allowed to get the full INFO output + * from BotServ and ChanServ. + */ +privilege +{ + name = "INFO" + rank = 80 + level = 9999 + flag = "I" + xop = "QOP" +} + +/* + * INVITE privilege. + * + * Used by chanserv/invite and nickserv/ajoin. + * + * Users with this permission can invite users through ChanServ and + * join invite only channels with nickserv/ajoin. + */ +privilege +{ + name = "INVITE" + rank = 190 + level = 5 + flag = "i" + xop = "AOP" +} + +/* + * KICK privilege. + * + * Used by chanserv/kick. + * + * Users with this permission can use the KICK command. + */ +privilege +{ + name = "KICK" + rank = 130 + level = 4 + flag = "k" + xop = "HOP" +} + +/* + * MEMO privilege. + * + * Used by memoserv/del, memoserv/ignore, memoserv/info, memoserv/list, + * memoserv/main, memoserv/read and memoserv/set. + * + * Users with this permission can manage channel memos. + */ +privilege +{ + name = "MEMO" + rank = 280 + level = 10 + flag = "m" + xop = "SOP" +} + +/* + * MODE privilege. + * + * Used by chanserv/mode. + * + * Users with this permission can set modes through ChanServ and change + * the mode lock. + */ +privilege +{ + name = "MODE" + rank = 170 + level = 9999 + flag = "s" + xop = "QOP" +} + +/* + * NOKICK privilege. + * + * Used by botserv/kick. + * + * Users with this permission are spared from automated BotServ kicks. + */ +privilege +{ + name = "NOKICK" + rank = 20 + level = 1 + flag = "N" + xop = "VOP" +} + +/* + * OP privilege. + * + * Used by chanserv/mode, chanserv/modes. + * + * Users with this permission can use ChanServ to op and deop + * others in the channel. + */ +privilege +{ + name = "OP" + rank = 230 + level = 5 + flag = "o" + xop = "SOP" +} + +/* + * OPME privilege. + * + * Used by chanserv/mode, chanserv/modes. + * + * Users with this permission can use ChanServ to op and deop + * themselves in the channel. + */ +privilege +{ + name = "OPME" + rank = 220 + level = 5 + flag = "o" + xop = "AOP" +} + +/* + * OWNER privilege. + * + * Used by chanserv/mode and chanserv/modes. + * + * Users with this permission can use ChanServ to owner and deowner + * others in the channel. + */ +privilege +{ + name = "OWNER" + rank = 350 + level = "founder" + flag = "q" + xop = "QOP" +} + +/* + * OWNERME privilege. + * + * Used by chanserv/mode and chanserv/modes. + * + * Users with this permission can use ChanServ to owner and deowner + * themselves in the channel. + */ +privilege +{ + name = "OWNERME" + rank = 340 + level = 9999 + flag = "q" + xop = "QOP" +} + +/* + * PROTECT privilege. + * + * Used by chanserv/mode and chanserv/modes. + * + * Users with this permission can use ChanServ to protect and deprotect + * others in the channel. + */ +privilege +{ + name = "PROTECT" + rank = 310 + level = 9999 + flag = "a" + xop = "QOP" +} + +/* + * PROTECTME privilege. + * + * Used by chanserv/mode and chanserv/modes. + * + * Users with this permission can use ChanServ to protect and deprotect + * themselves in the channel. + */ +privilege +{ + name = "PROTECTME" + rank = 300 + level = 10 + flag = "a" + xop = "AOP" +} + +/* + * SAY privilege. + * + * Used by botserv/control. + * + * Users with this permission can use the BotServ bot in the channel to + * say or do a /me with the provided message. + */ +privilege +{ + name = "SAY" + rank = 90 + level = 5 + flag = "B" + xop = "AOP" +} + +/* + * SET privilege. + * + * Used by botserv/kick, botserv/set, chanserv/clone, chanserv/log, + * chanserv/saset/noexpire and chanserv/set. + * + * Users with this permission can set what BotServ will kick for, change + * BotServ and ChanServ settings, clone ChanServ channel setings, and + * set ChanServ logging options. + */ +privilege +{ + name = "SET" + rank = 320 + level = 9999 + flag = "s" + xop = "QOP" +} + +/* + * SIGNKICK privilege. + * + * Used by chanserv/ban and chanserv/kick. + * + * Users with this permission won't get their nick shown in the kick + * through ChanServ when the setting SIGNKICK is set to LEVEL. + */ +privilege +{ + name = "SIGNKICK" + rank = 140 + level = 9999 + flag = "K" + xop = "QOP" +} + +/* + * TOPIC privilege. + * + * Used by chanserv/topic. + * + * Users with this permission can change the channel topic through ChanServ. + */ +privilege +{ + name = "TOPIC" + rank = 160 + level = 5 + flag = "t" + xop = "AOP" +} + +/* + * UNBAN privilege. + * + * Used by chanserv/unban. + * + * Users with this permission can unban themselves and others through ChanServ. + */ +privilege +{ + name = "UNBAN" + rank = 200 + level = 4 + flag = "u" + xop = "HOP" +} + +/* + * VOICE privilege. + * + * Used by chanserv/mode and chanserv/modes. + * + * Users with this permission can use ChanServ to voice and devoice + * others in the channel. + */ +privilege +{ + name = "VOICE" + rank = 70 + level = 4 + flag = "v" + xop = "HOP" +} + +/* + * VOICEME privilege. + * + * Used by chanserv/mode and chanserv/modes. + * + * Users with this permission can use ChanServ to voice and devoice + * themselves in the channel. + */ +privilege +{ + name = "VOICEME" + rank = 60 + level = 3 + flag = "v" + xop = "VOP" +} + +/* + * Core ChanServ commands. + * + * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules + * are loaded you can then configure the commands to be added to any client you like with any name you like. + * + * Additionally, you may provide a permission name that must be in the opertype of users executing the command. + * + * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior. + */ + +/* Command group configuration for ChanServ. + * + * Commands may optionally be placed into groups to make ChanServ's HELP output easier to understand. + * Remove the following groups to use the old behavior of simply listing all ChanServ commands from HELP. + */ +command_group +{ + name = "chanserv/access" + description = "Used to manage the list of privileged users" +} + +command_group +{ + name = "chanserv/status" + description = "Used to modify the channel status of you or other users" +} + +command_group +{ + name = "chanserv/management" + description = "Used to manage channels" +} + +command_group +{ + name = "chanserv/admin" + description = "Services Operator commands" +} + +/* Give it a help command. */ +command { service = "ChanServ"; name = "HELP"; command = "generic/help"; } + +/* + * cs_access + * + * Provides commands chanserv/access and chanserv/levels. + * Provides the access system "levels". + * + * Used for giving users access in channels. + */ +module { name = "cs_access" } +command { service = "ChanServ"; name = "ACCESS"; command = "chanserv/access"; group = "chanserv/access"; } +command { service = "ChanServ"; name = "LEVELS"; command = "chanserv/levels"; group = "chanserv/access"; } + +/* + * cs_akick + * + * Provides the command chanserv/akick. + * + * Used for preventing users from joining channels. + */ +module +{ + name = "cs_akick" + + /* + * The maximum number of entries on a channel's autokick list. + */ + autokickmax = 64 + + /* + * The default reason for an autokick if none is given. + */ + autokickreason = "User has been banned from the channel" +} + +command { service = "ChanServ"; name = "AKICK"; command = "chanserv/akick"; group = "chanserv/management"; } + +/* + * cs_ban + * + * Provides the command chanserv/ban. + * + * Used for banning users from channels. + */ +module { name = "cs_ban" } +command { service = "ChanServ"; name = "BAN"; command = "chanserv/ban"; } + +/* + * cs_clone + * + * Provides the command chanserv/clone. + * + * Used for copying channel settings from one channel to another. + */ +module { name = "cs_clone" } +command { service = "ChanServ"; name = "CLONE"; command = "chanserv/clone"; group = "chanserv/management"; } + +/* + * cs_drop + * + * Provides the command chanserv/drop. + * + * Used for unregistering channels. + */ +module { name = "cs_drop" } +command { service = "ChanServ"; name = "DROP"; command = "chanserv/drop"; } + +/* + * cs_enforce + * + * Provides the command chanserv/enforce. + * + * Used to enforce various channel settings such as secureops and restricted. + */ +module { name = "cs_enforce" } +command { service = "ChanServ"; name = "ENFORCE"; command = "chanserv/enforce"; group = "chanserv/management"; } + +/* + * cs_entrymsg + * + * Provides the command chanserv/entrymsg. + * + * Used to configure entry messages sent to users when they join a channel. + */ +module +{ + name = "cs_entrymsg" + + /* The maximum number of entrymsgs allowed per channel. If not set, defaults to 5. */ + maxentries = 5 +} +command { service = "ChanServ"; name = "ENTRYMSG"; command = "chanserv/entrymsg"; group = "chanserv/management"; } + +/* + * cs_flags + * + * Provides the command chanserv/flags. + * Provides the access system "flags". + * + * Used for giving users access in channels. + */ +module { name = "cs_flags" } +command { service = "ChanServ"; name = "FLAGS"; command = "chanserv/flags"; group = "chanserv/access"; } + +/* + * cs_getkey + * + * Provides the command chanserv/getkey. + * + * Used for getting the key for channels. + */ +module { name = "cs_getkey" } +command { service = "ChanServ"; name = "GETKEY"; command = "chanserv/getkey"; } + +/* + * cs_info + * + * Provides the command chanserv/info. + * + * Used for getting information about channels. + */ +module { name = "cs_info" } +command { service = "ChanServ"; name = "INFO"; command = "chanserv/info"; } + +/* + * cs_invite + * + * Provides the command chanserv/invite. + * + * Used for inviting yourself in to channels. + */ +module { name = "cs_invite" } +command { service = "ChanServ"; name = "INVITE"; command = "chanserv/invite"; } + +/* + * cs_kick + * + * Provides the command chanserv/kick. + * + * Used for kicking users from channels. + */ +module { name = "cs_kick" } +command { service = "ChanServ"; name = "KICK"; command = "chanserv/kick"; } + +/* + * cs_list + * + * Provides the commands: + * chanserv/list - Used for retrieving and searching the registered channel list. + * chanserv/set/private - Used for setting whether channels should show up in chanserv/list. + */ +module +{ + name = "cs_list" + + /* + * The maximum number of channels to be returned for a ChanServ LIST command. + */ + listmax = 75 +} + +command { service = "ChanServ"; name = "LIST"; command = "chanserv/list"; group = "chanserv/admin"; } +command { service = "ChanServ"; name = "SET PRIVATE"; command = "chanserv/set/private"; } + +/* + * cs_log + * + * Provides the command chanserv/log. + * + * Use for configuring what actions on channels are logged and where. + */ +module +{ + name = "cs_log" + + /* Default log settings for newly registered channels */ + + #default + { + command = "chanserv/modes" + method = "MESSAGE @" + } + + #default + { + service = "ChanServ" + command = "ACCESS" + method = "MESSAGE @" + } + + #default + { + command = "chanserv/xop" + method = "MESSAGE @" + } + + #default + { + service = "ChanServ" + command = "FLAGS" + method = "MESSAGE @" + } +} +command { service = "ChanServ"; name = "LOG"; command = "chanserv/log"; group = "chanserv/management"; } + +/* + * cs_mode + * + * Provides the command chanserv/mode and chanserv/modes. + * + * Used for changing mode locks and changing modes. + */ +module +{ + name = "cs_mode" + + /* + * Default modes for mode lock, these are set on newly registered channels. + * + * If not set, the default is +nt. + */ + mlock = "+nt" +} + +command { service = "ChanServ"; name = "MODE"; command = "chanserv/mode"; group = "chanserv/management"; } + +command { service = "ChanServ"; name = "OWNER"; command = "chanserv/modes"; group = "chanserv/status"; set = "OWNER" } +command { service = "ChanServ"; name = "DEOWNER"; command = "chanserv/modes"; group = "chanserv/status"; unset = "OWNER" } + +command { service = "ChanServ"; name = "PROTECT"; command = "chanserv/modes"; group = "chanserv/status"; set = "PROTECT" } +command { service = "ChanServ"; name = "DEPROTECT"; command = "chanserv/modes"; group = "chanserv/status"; unset = "PROTECT" } + +command { service = "ChanServ"; name = "OP"; command = "chanserv/modes"; group = "chanserv/status"; set = "OP" } +command { service = "ChanServ"; name = "DEOP"; command = "chanserv/modes"; group = "chanserv/status"; unset = "OP" } + +command { service = "ChanServ"; name = "HALFOP"; command = "chanserv/modes"; group = "chanserv/status"; set = "HALFOP" } +command { service = "ChanServ"; name = "DEHALFOP"; command = "chanserv/modes"; group = "chanserv/status"; unset = "HALFOP" } + +command { service = "ChanServ"; name = "VOICE"; command = "chanserv/modes"; group = "chanserv/status"; set = "VOICE" } +command { service = "ChanServ"; name = "DEVOICE"; command = "chanserv/modes"; group = "chanserv/status"; unset = "VOICE" } + +/* + * cs_register + * + * Provides the commands chanserv/register. + * + * Used for registering channels. + */ +module { name = "cs_register" } +command { service = "ChanServ"; name = "REGISTER"; command = "chanserv/register"; } + +/* + * cs_seen + * + * Provides the commands chanserv/seen and operserv/seen. + * + * Records the last time a user was seen and what they were doing and allows users to request this data. + * Also allows administrators to view stats about seen data and purge the database. + */ +#module +{ + name = "cs_seen" + + /* If set, uses the older 1.8 style seen, which is less resource intensive */ + simple = false + + /* Sets the time to keep seen entries in the seen database. */ + purgetime = "30d" + + /* Sets the delay between checks for expired seen entries. */ + expiretimeout = "1d" +} +#command { service = "OperServ"; name = "SEEN"; command = "operserv/seen"; permission = "operserv/seen"; } + +/* + * cs_set + * + * Provides the commands: + * chanserv/set and chanserv/saset - Dummy help wrappers for the SET commands. + * chanserv/set/autoop - Used for configuring whether or not ChanServ automatically gives channel status to users. + * chanserv/set/bantype - Used for controlling what format of bans are placed on channels. + * chanserv/set/description - Used for changing channels descriptions. + * chanserv/set/founder - Used for changing a channel's founder. + * chanserv/set/keepmodes - Used for enabling or disabling keepmodes, which retains channel modes. + * chanserv/set/peace - Used for configuring if users are able to kick other users with higher access than them. + * chanserv/set/persist - Used for setting whether ChanServ should stay in channels after the last user leaves. + * chanserv/set/restricted - Used for setting whether users not on a channel's access list can join. + * chanserv/set/secure - Used for setting whether users who are recognized for accounts should have their access in channels. + * chanserv/set/securefounder - Used for setting whether users with founder level access in channels have true founder or not. + * chanserv/set/secureops - Used for restricting who can have channel op privilege in a channel to those whom have access in the channel. + * chanserv/set/signkick - Used for setting signkick, which appends the kicker's name to kicks sent through ChanServ. + * chanserv/set/successor - Used for setting channel successors, which become channel founders if the founders' account expires. + * chanserv/saset/noexpire - Used for setting noexpire, which prevents channels from expiring. + * + * This is a dummy command to provide a help wrapper for the various SET commands. + */ +module +{ + name = "cs_set" + + /* + * The default ban type for newly registered channels. + * + * defbantype can be: + * + * 0: ban in the form of *!user@host + * 1: ban in the form of *!*user@host + * 2: ban in the form of *!*@host + * 3: ban in the form of *!*user@*.domain + */ + defbantype = 2 +} + +command { service = "ChanServ"; name = "SET"; command = "chanserv/set"; group = "chanserv/management"; } +command { service = "ChanServ"; name = "SET AUTOOP"; command = "chanserv/set/autoop"; } +command { service = "ChanServ"; name = "SET BANTYPE"; command = "chanserv/set/bantype"; } +command { service = "ChanServ"; name = "SET DESCRIPTION"; command = "chanserv/set/description"; } +command { service = "ChanServ"; name = "SET DESC"; command = "chanserv/set/description"; } +command { service = "ChanServ"; name = "SET FOUNDER"; command = "chanserv/set/founder"; } +command { service = "ChanServ"; name = "SET KEEPMODES"; command = "chanserv/set/keepmodes"; } +command { service = "ChanServ"; name = "SET PEACE"; command = "chanserv/set/peace"; } +#command { service = "ChanServ"; name = "SET PERSIST"; command = "chanserv/set/persist"; } +command { service = "ChanServ"; name = "SET RESTRICTED"; command = "chanserv/set/restricted"; } +command { service = "ChanServ"; name = "SET SECURE"; command = "chanserv/set/secure"; } +command { service = "ChanServ"; name = "SET SECUREFOUNDER"; command = "chanserv/set/securefounder"; } +command { service = "ChanServ"; name = "SET SECUREOPS"; command = "chanserv/set/secureops"; } +command { service = "ChanServ"; name = "SET SIGNKICK"; command = "chanserv/set/signkick"; } +command { service = "ChanServ"; name = "SET SUCCESSOR"; command = "chanserv/set/successor"; } +command { service = "ChanServ"; name = "SET NOEXPIRE"; command = "chanserv/saset/noexpire"; permission = "chanserv/saset/noexpire"; } + +/* + * cs_set_misc + * + * Provides the command chanserv/set/misc. + * + * Allows you to create arbitrary commands to set data, and have that data show up in chanserv/info. + * A field named misc_description may be given for use with help output. + */ +module { name = "cs_set_misc" } +command { service = "ChanServ"; name = "SET URL"; command = "chanserv/set/misc"; misc_description = _("Associate a URL with the channel"); } +command { service = "ChanServ"; name = "SET EMAIL"; command = "chanserv/set/misc"; misc_description = _("Associate an E-mail address with the channel"); } +command { service = "ChanServ"; name = "SET TWITTER"; command = "chanserv/set/misc"; misc_description = _("Associate a Twitter account with the channel"); } + +/* + * cs_status + * + * Provides the command chanserv/status. + * + * Used for determining a user's access on a channel and whether + * or not they match any autokick entries. + */ +module { name = "cs_status" } +command { service = "ChanServ"; name = "STATUS"; command = "chanserv/status"; } + +/* + * cs_suspend + * + * Provides the commands chanserv/suspend and chanserv/unsuspend. + * + * Used for suspending and unsuspending channels. Suspended channels can not be used but their settings are stored. + */ +module +{ + name = "cs_suspend" + + /* + * The length of time before a suspended channel expires. + * + * This directive is optional. + * If not set, the default is never. + */ + #expire = 90d + + /* + * Settings to show to non-opers in ChanServ's INFO output. + * Comment to completely disable showing any information about + * suspended channels to non-opers. + */ + show = "suspended, by, reason, on, expires" +} +command { service = "ChanServ"; name = "SUSPEND"; command = "chanserv/suspend"; permission = "chanserv/suspend"; group = "chanserv/admin"; } +command { service = "ChanServ"; name = "UNSUSPEND"; command = "chanserv/unsuspend"; permission = "chanserv/suspend"; group = "chanserv/admin"; } + +/* + * cs_sync + * + * Provides the command chanserv/sync. + * + * Used to sync users channel status modes with what access they have. + */ +module { name = "cs_sync" } +command { service = "ChanServ"; name = "SYNC"; command = "chanserv/sync"; group = "chanserv/management"; } + +/* + * cs_topic + * + * Provides the commands: + * chanserv/topic - Used for changing the channel topic. Useful in conjunction with chanserv/set/topiclock. + * chanserv/set/keeptopic - Used for configuring if ChanServ is to restore the channel topic when a channel is created. + * + */ +module { name = "cs_topic" } +command { service = "ChanServ"; name = "TOPIC"; command = "chanserv/topic"; group = "chanserv/management"; } +command { service = "ChanServ"; name = "SET KEEPTOPIC"; command = "chanserv/set/keeptopic"; } + +/* + * cs_unban + * + * Provides the command chanserv/unban. + * + * Used for unbanning users from channels. + */ +module { name = "cs_unban" } +command { service = "ChanServ"; name = "UNBAN"; command = "chanserv/unban"; } + +/* + * cs_updown + * + * Provides the commands chanserv/up and chanserv/down. + * + * Used for setting or removing your status modes on a channel. + */ +module { name = "cs_updown" } +command { service = "ChanServ"; name = "DOWN"; command = "chanserv/down"; group = "chanserv/status"; } +command { service = "ChanServ"; name = "UP"; command = "chanserv/up"; group = "chanserv/status"; } + +/* + * cs_xop + * + * Provides the command chanserv/xop. + * Provides the access system "XOP". + * + * Used for giving users access in channels. Many commands may be linked to chanserv/xop, but the + * privileges given by each is determined by the privilege:xop settings above. These commands should + * be ordered from highest to lowest, as each command inherits the privileges of the commands below + * it. + */ +module { name = "cs_xop" } +command { service = "ChanServ"; name = "QOP"; command = "chanserv/xop"; group = "chanserv/access"; } +command { service = "ChanServ"; name = "SOP"; command = "chanserv/xop"; group = "chanserv/access"; } +command { service = "ChanServ"; name = "AOP"; command = "chanserv/xop"; group = "chanserv/access"; } +command { service = "ChanServ"; name = "HOP"; command = "chanserv/xop"; group = "chanserv/access"; } +command { service = "ChanServ"; name = "VOP"; command = "chanserv/xop"; group = "chanserv/access"; } + + +/* + * Extra ChanServ related modules. + */ + +/* + * cs_statusupdate + * + * This module automatically updates users status on channels when the + * channel's access list is modified. + */ +module { name = "cs_statusupdate" } diff --git a/roles/server/irc-services/files/default/global.conf b/roles/server/irc-services/files/default/global.conf new file mode 100644 index 0000000..cce2608 --- /dev/null +++ b/roles/server/irc-services/files/default/global.conf @@ -0,0 +1,59 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +/* + * First, create the service. + * Note that an easy way to rename this service is to define{} the client name to something else. + */ +service +{ + nick = "Global" + user = "global" + host = "services.host" + gecos = "Global Noticer" + #modes = "+o" +} + +/* + * Core Global module. + * + * Provides essential functionality for Global. + */ +module +{ + name = "global" + client = "Global" + globaloncycledown = "Services are restarting, they will be back shortly - please be good while we're gone" + globaloncycleup = "Services are now back online - have a nice day" + #anonymousglobal = yes +} + +/* + * Core Global commands. + * + * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules + * are loaded you can then configure the commands to be added to any client you like with any name you like. + * + * Additionally, you may provide a permission name that must be in the opertype of users executing the command. + * + * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior. + */ + +/* Give it a help command. */ +command { service = "Global"; name = "HELP"; command = "generic/help"; } + +/* + * gl_global + * + * Provides the command global/global. + * + * Used for sending a message to every online user. + */ +module { name = "gl_global" } +command { service = "OperServ"; name = "GLOBAL"; command = "global/global"; permission = "operserv/global"; } +command { service = "Global"; name = "GLOBAL"; command = "global/global"; permission = "global/global"; } diff --git a/roles/server/irc-services/files/default/hostserv.conf b/roles/server/irc-services/files/default/hostserv.conf new file mode 100644 index 0000000..e711ab3 --- /dev/null +++ b/roles/server/irc-services/files/default/hostserv.conf @@ -0,0 +1,148 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +/* + * First, create the service. + * Note that an easy way to rename this service is to define{} the client name to something else. + */ +service +{ + nick = "HostServ" + user = "hostserv" + host = "services.host" + gecos = "vHost Service" + #modes = "+o" +} + +/* + * Core HostServ module. + * + * Provides essential functionality for HostServ. + */ +module +{ + name = "hostserv" + client = "HostServ" + activate_on_set = true +} + +/* + * Core HostServ commands. + * + * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules + * are loaded you can then configure the commands to be added to any client you like with any name you like. + * + * Additionally, you may provide a permission name that must be in the opertype of users executing the command. + * + * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior. + */ + +/* Give it a help command. */ +command { service = "HostServ"; name = "HELP"; command = "generic/help"; } + +/* + * hs_del + * + * Provides the commands hostserv/del and hostserv/delall. + * + * Used for removing users' vHosts. + */ +module { name = "hs_del" } +command { service = "HostServ"; name = "DEL"; command = "hostserv/del"; permission = "hostserv/del"; } +command { service = "HostServ"; name = "DELALL"; command = "hostserv/delall"; permission = "hostserv/del"; } + +/* + * hs_group + * + * Provides the command hostserv/group. + * + * Used for grouping one vHost to many nicks. + */ +module +{ + name = "hs_group" + + /* + * Upon nickserv/group, this option syncs the nick's main vHost to the grouped nick. + */ + syncongroup = false + + /* + * This makes vhosts act as if they are per account. + */ + synconset = false +} +command { service = "HostServ"; name = "GROUP"; command = "hostserv/group"; } + +/* + * hs_list + * + * Provides the command hostserv/list. + * + * Used for listing actively set vHosts. + */ +module { name = "hs_list" } +command { service = "HostServ"; name = "LIST"; command = "hostserv/list"; permission = "hostserv/list"; } + +/* + * hs_off + * + * Provides the command hostserv/off. + * + * Used for turning off your vHost. + */ +module { name = "hs_off" } +command { service = "HostServ"; name = "OFF"; command = "hostserv/off"; } + +/* + * hs_on + * + * Provides the command hostserv/on. + * + * Used for turning on your vHost. + */ +module { name = "hs_on" } +command { service = "HostServ"; name = "ON"; command = "hostserv/on"; } + +/* + * hs_request + * + * Provides the commands hostserv/request, hostserv/active, hostserv/reject, and hostserv/waiting. + * + * Used to manage vHosts requested by users. + */ +module +{ + name = "hs_request" + + /* + * If set, Services will send a memo to the user requesting a vHost when it's been + * approved or rejected. + */ + memouser = yes + + /* + * If set, Services will send a memo to all Services staff when a new vHost is requested. + */ + memooper = yes +} +command { service = "HostServ"; name = "REQUEST"; command = "hostserv/request"; } +command { service = "HostServ"; name = "ACTIVATE"; command = "hostserv/activate"; permission = "hostserv/set"; } +command { service = "HostServ"; name = "REJECT"; command = "hostserv/reject"; permission = "hostserv/set"; } +command { service = "HostServ"; name = "WAITING"; command = "hostserv/waiting"; permission = "hostserv/set"; } + +/* + * hs_set + * + * Provides the commands hostserv/set and hostserv/setall. + * + * Used for setting users' vHosts. + */ +module { name = "hs_set" } +command { service = "HostServ"; name = "SET"; command = "hostserv/set"; permission = "hostserv/set"; } +command { service = "HostServ"; name = "SETALL"; command = "hostserv/setall"; permission = "hostserv/set"; } diff --git a/roles/server/irc-services/files/default/memoserv.conf b/roles/server/irc-services/files/default/memoserv.conf new file mode 100644 index 0000000..0202bd0 --- /dev/null +++ b/roles/server/irc-services/files/default/memoserv.conf @@ -0,0 +1,179 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +/* + * First, create the service. + * Note that an easy way to rename this service is to define{} the client name to something else. + */ +service +{ + nick = "MemoServ" + user = "memoserv" + host = "services.host" + gecos = "Memo Service" + #modes = "+o" +} + +/* + * Core MemoServ module. + * + * Provides essential functionality for MemoServ. + */ +module +{ + name = "memoserv" + client = "MemoServ" + maxmemos = 128 + senddelay = 5s +} + +/* + * Core MemoServ commands. + * + * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules + * are loaded you can then configure the commands to be added to any client you like with any name you like. + * + * Additionally, you may provide a permission name that must be in the opertype of users executing the command. + * + * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior. + */ + +/* Give it a help command. */ +command { service = "MemoServ"; name = "HELP"; command = "generic/help"; } + +/* + * ms_cancel + * + * Provides the command memoserv/cancel. + * + * Used to cancel memos already sent but not yet read. + */ +module { name = "ms_cancel" } +command { service = "MemoServ"; name = "CANCEL"; command = "memoserv/cancel"; } + +/* + * ms_check + * + * Provides the command memoserv/check. + * + * Used to check if a sent memo has been read. + */ +module { name = "ms_check" } +command { service = "MemoServ"; name = "CHECK"; command = "memoserv/check"; } + +/* + * ms_del + * + * Provides the command memoserv/del. + * + * Used to delete your memos. + */ +module { name = "ms_del" } +command { service = "MemoServ"; name = "DEL"; command = "memoserv/del"; } + +/* + * ms_ignore + * + * Provides the command memoserv/ignore. + * + * Used to ignore memos from specific users. + */ +module { name = "ms_ignore" } +command { service = "MemoServ"; name = "IGNORE"; command = "memoserv/ignore"; } + +/* + * ms_info + * + * Provides the command memoserv/info. + * + * Used to show memo related information about an account or a channel. + */ +module { name = "ms_info" } +command { service = "MemoServ"; name = "INFO"; command = "memoserv/info"; } + +/* + * ms_list + * + * Provides the command memoserv/list. + * + * Used to list your current memos. + */ +module { name = "ms_list" } +command { service = "MemoServ"; name = "LIST"; command = "memoserv/list"; } + +/* + * ms_read + * + * Provides the command memoserv/read. + * + * Used to read your memos. + */ +module { name = "ms_read" } +command { service = "MemoServ"; name = "READ"; command = "memoserv/read"; } + +/* + * ms_rsend + * + * Provides the command memoserv/rsend. + * + * Used to send a memo requiring a receipt be sent back once it is read. + * + * Requires configuring memoserv:memoreceipt. + */ +#module +{ + name = "ms_rsend" + + /* + * Only allow Services Operators to use ms_rsend. + * + * This directive is optional. + */ + operonly = false +} +#command { service = "MemoServ"; name = "RSEND"; command = "memoserv/rsend"; } + +/* + * ms_send + * + * Provides the command memoserv/send. + * + * Used to send memos. + */ +module { name = "ms_send" } +command { service = "MemoServ"; name = "SEND"; command = "memoserv/send"; } + +/* + * ms_sendall + * + * Provides the command memoserv/sendall. + * + * Used to send a mass memo to every registered user. + */ +module { name = "ms_sendall" } +command { service = "MemoServ"; name = "SENDALL"; command = "memoserv/sendall"; permission = "memoserv/sendall"; } + +/* + * ms_set + * + * Provides the command memoserv/set. + * + * Used to set settings such as how you are notified of new memos, and your memo limit. + */ +module { name = "ms_set" } +command { service = "MemoServ"; name = "SET"; command = "memoserv/set"; } + +/* + * ms_staff + * + * Provides the command memoserv/staff. + * + * Used to send a memo to all registered staff members. + */ +module { name = "ms_staff" } +command { service = "MemoServ"; name = "STAFF"; command = "memoserv/staff"; permission = "memoserv/staff"; } diff --git a/roles/server/irc-services/files/default/modules.conf b/roles/server/irc-services/files/default/modules.conf new file mode 100644 index 0000000..107f846 --- /dev/null +++ b/roles/server/irc-services/files/default/modules.conf @@ -0,0 +1,803 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +/* + * [OPTIONAL] Non-Core Modules + * + * The following blocks are used to load all non-core modules, including 3rd-party modules. + * Modules can be prevented from loading by commenting out the line, other modules can be added by + * adding a module block. These modules will be loaded prior to Services connecting to your network. + * + * Note that some of these modules are labeled EXTRA, and must be enabled prior to compiling by + * running the 'extras' script on Linux and UNIX. + */ + +/* + * help + * + * Provides the command generic/help. + * + * This is a generic help command that can be used with any client. + */ +module { name = "help" } + +/* + * m_dns + * + * Adds support for the DNS protocol. By itself this module does nothing useful, + * but other modules such as m_dnsbl and os_dns require this. + */ +#module +{ + name = "m_dns" + + /* + * The nameserver to use for resolving hostnames, must be an IP or a resolver configuration file. + * The below should work fine on all unix like systems. Windows users will have to find their nameservers + * from ipconfig /all and put the IP here. + */ + nameserver = "/etc/resolv.conf" + #nameserver = "127.0.0.1" + + /* + * How long to wait in seconds before a DNS query has timed out. + */ + timeout = 5 + + + /* Only edit below if you are expecting to use os_dns or otherwise answer DNS queries. */ + + /* + * The IP and port services use to listen for DNS queries. + * Note that ports less than 1024 are privileged on UNIX/Linux systems, and + * require Anope to be started as root. If you do this, it is recommended you + * set options:user and options:group so Anope can change users after binding + * to this port. + */ + ip = "0.0.0.0" + port = 53 + + + /* + * SOA record information. + */ + + /* E-mail address of the DNS administrator. */ + admin = "admin@example.com" + + /* This should be the names of the public facing nameservers serving the records. */ + nameservers = "ns1.example.com ns2.example.com" + + /* The time slave servers are allowed to cache. This should be reasonably low + * if you want your records to be updated without much delay. + */ + refresh = 3600 + + /* A notify block. There should probably be one per nameserver listed in 'nameservers'. + */ + notify + { + ip = "192.0.2.0" + port = 53 + } +} + +/* + * m_dnsbl + * + * Allows configurable DNS blacklists to check connecting users against. If a user + * is found on the blacklist they will be immediately banned. This is a crucial module + * to prevent bot attacks. + */ +#module +{ + name = "m_dnsbl" + + /* + * If set, Services will check clients against the DNSBLs when services connect to its uplink. + * This is not recommended, and on large networks will open a very large amount of DNS queries. + * Whilst services are not drastically affected by this, your nameserver/DNSBL might care. + */ + check_on_connect = no + + /* + * If set, Services will check clients when coming back from a netsplit. This can cause a large number + * of DNS queries open at once. Whilst services are not drastically affected by this, your nameserver/DNSBL + * might care. + */ + check_on_netburst = no + + /* + * If set, OperServ will add clients found in the DNSBL to the akill list. Without it, OperServ simply sends + * a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being fill up by bots. + */ + add_to_akill = yes + + blacklist + { + /* Name of the blacklist. */ + name = "rbl.efnetrbl.org" + + /* How long to set the ban for. */ + time = 4h + + /* Reason for akill. + * %n is the nick of the user + * %u is the ident/username of the user + * %g is the realname of the user + * %h is the hostname of the user + * %i is the IP of the user + * %r is the reply reason (configured below). Will be nothing if not configured. + * %N is the network name set in networkinfo:networkname + */ + reason = "You are listed in the efnet RBL, visit http://rbl.efnetrbl.org/?i=%i for info" + + /* Replies to ban and their reason. If no relies are configured, all replies get banned. */ + reply + { + code = 1 + reason = "Open Proxy" + } + + #reply + { + code = 2 + reason = "spamtrap666" + } + + #reply + { + code = 3 + reason = "spamtrap50" + } + + reply + { + code = 4 + reason = "TOR" + + /* + * If set, users identified to services at the time the result comes back + * will not be banned. + */ + #allow_account = yes + } + + reply + { + code = 5 + reason = "Drones / Flooding" + } + } + + #blacklist + { + name = "dnsbl.dronebl.org" + time = 4h + reason = "You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded?ip=%i&network=%N" + } + + /* Exempt localhost from DNSBL checks */ + exempt { ip = "127.0.0.1" } +} + +/* + * m_helpchan + * + * Gives users who are op in the specified help channel usermode +h (helpop). + */ +#module +{ + name = "m_helpchan" + + helpchannel = "#help" +} + +/* + * m_httpd + * + * Allows services to serve web pages. By itself, this module does nothing useful. + * + * Note that using this will allow users to get the IP of your services. + * To prevent this we recommend using a reverse proxy or a tunnel. + */ +#module +{ + name = "m_httpd" + + httpd + { + /* Name of this service. */ + name = "httpd/main" + + /* IP to listen on. */ + ip = "0.0.0.0" + + /* Port to listen on. */ + port = 8080 + + /* Time before connections to this server are timed out. */ + timeout = 30 + + /* Listen using SSL. Requires an SSL module. */ + #ssl = yes + + /* If you are using a reverse proxy that sends one of the + * extforward_headers set below, set this to its IP. + * This allows services to obtain the real IP of users by + * reading the forwarded-for HTTP header. + */ + #extforward_ip = "192.168.0.255" + + /* The header to look for. These probably work as is. */ + extforward_header = "X-Forwarded-For Forwarded-For" + } +} + +/* + * m_ldap [EXTRA] + * + * This module allows other modules to use LDAP. By itself, this module does nothing useful. + */ +#module +{ + name = "m_ldap" + + ldap + { + server = "ldap://127.0.0.1" + port = 389 + + /* + * Admin credentials used for performing searches and adding users. + */ + admin_binddn = "cn=Manager,dc=anope,dc=org" + admin_password = "secret" + } +} + +/* + * m_ldap_authentication [EXTRA] + * + * This module allows many commands such as IDENTIFY, RELEASE, RECOVER, GHOST, etc. use + * LDAP to authenticate users. Requires m_ldap. +*/ +#module +{ + name = "m_ldap_authentication" + + /* + * The distinguished name used for searching for users's accounts. + */ + basedn = "ou=users,dc=anope,dc=org" + + /* + * The search filter used to look up users's accounts. + * %account is replaced with the user's account. + * %object_class is replaced with the object_class configured below. + */ + search_filter = "(&(uid=%account)(objectClass=%object_class))" + + /* + * The object class used by LDAP to store user account information. + * This is used for adding new users to LDAP if registration is allowed. + */ + object_class = "anopeUser" + + /* + * The attribute value used for account names. + */ + username_attribute = "uid" + + /* + * The attribute value used for email addresses. + * This directive is optional. + */ + email_attribute = "email" + + /* + * The attribute value used for passwords. + * Used when registering new accounts in LDAP. + */ + password_attribute = "userPassword" + + /* + * If set, the reason to give the users who try to register with nickserv, + * including nick registration from grouping. + * + * If not set, then registration is not blocked. + */ + #disable_register_reason = "To register on this network visit http://some.misconfigured.site/register" + + /* + * If set, the reason to give the users who try to "/msg NickServ SET EMAIL". + * If not set, then email changing is not blocked. + */ + #disable_email_reason = "To change your email address visit http://some.misconfigured.site" +} + +/* + * m_ldap_oper [EXTRA] + * + * This module dynamically ties users to Anope opertypes when they identify + * via LDAP group membership. Requires m_ldap. + * + * Note that this doesn't give the user privileges on the IRCd, only in Services. + */ +#module +{ + name = "m_ldap_oper" + + /* + * An optional binddn to use when searching for groups. + * %a is replaced with the account name of the user. + */ + #binddn = "cn=Manager,dc=anope,dc=org" + + /* + * An optional password to bind with. + */ + #password = "secret" + + /* + * The base DN where the groups are. + */ + basedn = "ou=groups,dc=anope,dc=org" + + /* + * The filter to use when searching for users. + * %a is replaced with the account name of the user. + */ + filter = "(member=uid=%a,ou=users,dc=anope,dc=org)" + + /* + * The attribute of the group that is the name of the opertype. + * The cn attribute should match a known opertype in the config. + */ + opertype_attribute = "cn" +} + +/* + * m_mysql [EXTRA] + * + * This module allows other modules to use MySQL. + */ +#module +{ + name = "m_mysql" + + mysql + { + /* The name of this service. */ + name = "mysql/main" + database = "anope" + server = "127.0.0.1" + username = "anope" + password = "mypassword" + port = 3306 + } +} +/* + * m_redis + * + * This module allows other modules to use Redis. + */ +#module +{ + name = "m_redis" + + /* A redis database */ + redis + { + /* The name of this service */ + name = "redis/main" + + /* + * The redis database to use. New connections default to 0. + */ + db = 0 + + ip = "127.0.0.1" + port = 6379 + } +} + +/* + * m_regex_pcre [EXTRA] + * + * Provides the regex engine regex/pcre, which uses the Perl Compatible Regular Expressions library. + */ +#module { name = "m_regex_pcre" } + +/* + * m_regex_posix [EXTRA] + * + * Provides the regex engine regex/posix, which uses the POSIX compliant regular expressions. + * This is likely the only regex module you will not need extra libraries for. + */ +module { name = "m_regex_posix" } + +/* + * m_regex_tre [EXTRA] + * + * Provides the regex engine regex/tre, which uses the TRE regex library. + */ +#module { name = "m_regex_tre" } + +/* + * m_rewrite + * + * Allows rewriting commands sent to/from clients. + */ +#module { name = "m_rewrite" } +#command +{ + service = "ChanServ"; name = "CLEAR"; command = "rewrite" + + /* Enable m_rewrite. */ + rewrite = true + + /* Source message to match. A $ can be used to match anything. */ + rewrite_source = "CLEAR $ USERS" + + /* + * Message to rewrite the source message to. A $ followed by a number, eg $0, gets + * replaced by the number-th word from the source_message, starting from 0. + */ + rewrite_target = "KICK $1 *" + + /* + * The command description. This only shows up in HELP's output. + * Comment this option to prevent the command from showing in the + * HELP command. + */ + rewrite_description = "Clears all users from a channel" +} + +/* + * m_proxyscan + * + * This module allows you to scan connecting clients for open proxies. + * Note that using this will allow users to get the IP of your services. + * + * Currently the two supported proxy types are HTTP and SOCKS5. + * + * The proxy scanner works by attempting to connect to clients when they + * connect to the network, and if they have a proxy running instruct it to connect + * back to services. If services are able to connect through the proxy to itself + * then it knows it is an insecure proxy, and will ban it. + */ +#module +{ + name = "m_proxyscan" + + /* + * The target IP services tells the proxy to connect back to. This must be a publicly + * available IP that remote proxies can connect to. + */ + #target_ip = "127.0.0.1" + + /* + * The port services tells the proxy to connect to. + */ + target_port = 7226 + + /* + * The listen IP services listen on for incoming connections from suspected proxies. + * This probably will be the same as target_ip, but may not be if you are behind a firewall (NAT). + */ + #listen_ip = "127.0.0.1" + + /* + * The port services should listen on for incoming connections from suspected proxies. + * This most likely will be the same as target_port. + */ + listen_port = 7226 + + /* + * An optional notice sent to clients upon connect. + */ + #connect_notice = "We will now scan your host for insecure proxies. If you do not consent to this scan please disconnect immediately." + + /* + * Who the notice should be sent from. + */ + #connect_source = "OperServ" + + /* + * If set, OperServ will add infected clients to the akill list. Without it, OperServ simply sends + * a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being filled up by bots. + */ + add_to_akill = yes + + /* + * How long before connections should be timed out. + */ + timeout = 5 + + proxyscan + { + /* The type of proxy to check for. A comma separated list is allowed. */ + type = "HTTP" + + /* The ports to check. */ + port = "80,8080" + + /* How long to set the ban for. */ + time = 4h + + /* + * The reason to ban the user for. + * %h is replaced with the type of proxy found. + * %i is replaced with the IP of proxy found. + * %p is replaced with the port. + */ + reason = "You have an open proxy running on your host (%t:%i:%p)" + } +} + +/* + * m_sasl + * + * Some IRCds allow "SASL" authentication to let users identify to Services + * during the IRCd user registration process. If this module is loaded, Services will allow + * authenticating users through this mechanism. Supported mechanisms are: + * PLAIN, EXTERNAL. + */ +module { name = "m_sasl" } + +/* + * m_sasl_dh-aes [EXTRA] + * + * Add the DH-AES mechanism to SASL. + * Requires m_sasl to be loaded. + * Requires openssl. + */ +module { name = "m_sasl_dh-aes" } + +/* + * m_sasl_dh-blowfish [EXTRA] + * + * Add the DH-BLOWFISH mechanism to SASL. + * Requires m_sasl to be loaded. + * Requires openssl. + */ +module { name = "m_sasl_dh-blowfish" } + +/* + * m_ssl_gnutls [EXTRA] + * + * This module provides SSL services to Anope using GnuTLS, for example to + * connect to the uplink server(s) via SSL. + * + * You may only load either m_ssl_gnutls or m_ssl_openssl, bot not both. + */ +#module +{ + name = "m_ssl_gnutls" + + /* + * An optional certificate and key for m_ssl_gnutls to give to the uplink. + * + * You can generate your own certificate and key pair by using: + * + * certtool --generate-privkey --bits 2048 --outfile anope.key + * certtool --generate-self-signed --load-privkey anope.key --outfile anope.crt + * + */ + cert = "data/anope.crt" + key = "data/anope.key" + + /* + * Diffie-Hellman parameters to use when acting as a server. This is only + * required for TLS servers that want to use ephemeral DH cipher suites. + * + * This is NOT required for Anope to connect to the uplink server(s) via SSL. + * + * You can generate DH parameters by using: + * + * certtool --generate-dh-params --bits 2048 --outfile dhparams.pem + * + */ +# dhparams = "data/dhparams.pem" +} + +/* + * m_ssl_openssl [EXTRA] + * + * This module provides SSL services to Anope using OpenSSL, for example to + * connect to the uplink server(s) via SSL. + * + * You may only load either m_ssl_openssl or m_ssl_gnutls, bot not both. + * + */ +#module +{ + name = "m_ssl_openssl" + + /* + * An optional certificate and key for m_ssl_openssl to give to the uplink. + * + * You can generate your own certificate and key pair by using: + * + * openssl genrsa -out anope.key 2048 + * openssl req -new -x509 -key anope.key -out anope.crt -days 1095 + */ + cert = "data/anope.crt" + key = "data/anope.key" + + /* + * As of 2014 SSL 3.0 is considered insecure, but it might be enabled + * on some systems by default for compatibility reasons. + * You can use the following option to enable or disable it explicitly. + * Leaving this option not set defaults to the default system behavior. + */ + #sslv3 = no +} + +/* + * m_sql_authentication [EXTRA] + * + * This module allows authenticating users against an external SQL database using a custom + * query. + */ +#module +{ + name = "m_sql_authentication" + + /* SQL engine to use. Should be configured elsewhere with m_mysql, m_sqlite, etc. */ + engine = "mysql/main" + + /* Query to execute to authenticate. A non empty result from this query is considered a success, + * and the user will be authenticated. + * + * @a@ is replaced with the user's account name + * @p@ is replaced with the user's password + * @n@ is replaced with the user's nickname + * @i@ is replaced with the user's IP + * + * Note that @n@ and @i@ may not always exist in the case of a user identifying outside of the normal + * nickserv/identify command, such as through the web panel. + * + * Furthermore, if a field named email is returned from this query the user's email is + * set to its value. + * + * + * We've included some example queries for some popular website/forum systems. + * + * Drupal 6: "SELECT `mail` AS `email` FROM `users` WHERE `name` = @a@ AND `pass` = MD5(@p@) AND `status` = 1" + * e107 cms: "SELECT `user_email` AS `email` FROM `e107_user` WHERE `user_loginname` = @a@ AND `user_password` = MD5(@p@)" + * SMF Forum: "SELECT `email_address` AS `email` FROM `smf_members` WHERE `member_name` = @a@ AND `passwd` = SHA1(CONCAT(LOWER(@a@), @p@))" + * vBulletin: "SELECT `email` FROM `user` WHERE `username` = @a@ AND `password` = MD5(CONCAT(MD5(@p@), `salt`))" + * IP.Board: "SELECT `email` FROM `ibf_members` WHERE `name` = @a@ AND `members_pass_hash` = MD5(CONCAT(MD5(`members_pass_salt`), MD5(@p@)))" + */ + query = "SELECT `email_addr` AS `email` FROM `my_users` WHERE `username` = @a@ AND `password` = MD5(CONCAT('salt', @p@))" + + /* + * If set, the reason to give the users who try to "/msg NickServ REGISTER". + * If not set, then registration is not blocked. + */ + #disable_reason = "To register on this network visit http://some.misconfigured.site/register" + + /* + * If set, the reason to give the users who try to "/msg NickServ SET EMAIL". + * If not set, then email changing is not blocked. + */ + #disable_email_reason = "To change your email address visit http://some.misconfigured.site" +} + +/* + * m_sql_log [EXTRA] + * + * This module adds an additional target option to log{} blocks + * that allows logging Service's logs to SQL. To log to SQL, add + * the SQL service name to log:targets prefixed by sql_log:. For + * example: + * + * log + * { + * targets = "services.log sql_log:mysql/main" + * ... + * } + * + * By default this module logs to the table `logs`, and will create + * it if it doesn't exist. This module does not create any indexes (keys) + * on the table and it is recommended you add them yourself as necessary. + */ +#module { name = "m_sql_log" } + +/* + * m_sql_oper [EXTRA] + * + * This module allows granting users services operator privileges and possibly IRC Operator + * privileges based on an external SQL database using a custom query. + */ +#module +{ + name = "m_sql_oper" + + /* SQL engine to use. Should be configured elsewhere with m_mysql, m_sqlite, etc. */ + engine = "mysql/main" + + /* Query to execute to determine if a user should have operator privileges. + * A field named opertype must be returned in order to link the user to their oper type. + * The oper types must be configured earlier in services.conf. + * + * If a field named modes is returned from this query then those modes are set on the user. + * Without this, only a simple +o is sent. + * + * @a@ is replaced with the user's account name + * @i@ is replaced with the user's IP + */ + query = "SELECT `opertype` FROM `my_users` WHERE `user_name` = @a@" +} + +/* + * m_sqlite [EXTRA] + * + * This module allows other modules to use SQLite. + */ +#module +{ + name = "m_sqlite" + + /* A SQLite database */ + sqlite + { + /* The name of this service. */ + name = "sqlite/main" + + /* The database name, it will be created if it does not exist. */ + database = "anope.db" + } +} + +/* + * webcpanel + * + * This module creates a web configuration panel that allows users and operators to perform any task + * as they could over IRC. If you are using the default configuration you should be able to access + * this panel by visiting http://127.0.0.1:8080 in your web browser from the machine Anope is running on. + * + * This module requires m_httpd. + */ +#module +{ + name = "webcpanel" + + /* Web server to use. */ + server = "httpd/main"; + + /* Template to use. */ + template = "default"; + + /* Page title. */ + title = "Anope IRC Services"; +} + +/* + * m_xmlrpc + * + * Allows remote applications (websites) to execute queries in real time to retrieve data from Anope. + * By itself this module does nothing, but allows other modules (m_xmlrpc_main) to receive and send XMLRPC queries. + */ +#module +{ + name = "m_xmlrpc" + + /* Web service to use. Requires m_httpd. */ + server = "httpd/main" +} + +/* + * m_xmlrpc_main + * + * Adds the main XMLRPC core functions. + * Requires m_xmlrpc. + */ +#module { name = "m_xmlrpc_main" } diff --git a/roles/server/irc-services/files/default/nickserv.conf b/roles/server/irc-services/files/default/nickserv.conf new file mode 100644 index 0000000..3c15b6e --- /dev/null +++ b/roles/server/irc-services/files/default/nickserv.conf @@ -0,0 +1,504 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +/* + * First, create the service. + * Note that an easy way to rename this service is to define{} the client name to something else. + */ +service +{ + nick = "NickServ" + user = "nickserv" + host = "services.host" + gecos = "Nickname Registration Service" + #modes = "+o" +} + +module +{ + name = "nickserv" + client = "NickServ" + forceemail = yes + confirmemailchanges = no + #unregistered_notice = "Your nickname is not registered. To register it, use: /msg NickServ REGISTER password email" + + /* + * The default options for newly registered nicks. Note that changing these options + * will have no effect on nicks which are already registered. The list must be separated + * by spaces. + * + * The options are: + * - killprotect: Kill nick if not identified within 60 seconds + * - kill_quick: Kill nick if not identified within 20 seconds, this one overrides the above + * option and the above must be specified with this one + * - ns_secure: Enable nickname security, requiring the nick's password before any operations + * can be done on it + * - ns_private: Hide the nick from NickServ's LIST command + * - hide_email: Hide's the nick's e-mail address from NickServ's INFO command + * - hide_mask: Hide's the nick's last or current user@host from NickServ's INFO command + * - hide_quit: Hide's the nick's last quit message + * - memo_signon: Notify user if they have a new memo when they sign into the nick + * - memo_receive: Notify user if they have a new memo as soon as it's received + * - autoop: User will be automatically opped in channels they enter and have access to + * - msg: Services messages will be sent as PRIVMSGs instead of NOTICEs, requires + * options:useprivmsg to be enabled as well + * - ns_keepmodes: Enables keepmodes, which retains user modes across sessions + * + * This directive is optional, if left blank, the options will default to ns_secure, memo_signon, and + * memo_receive. If you really want no defaults, use "none" by itself as the option. + */ + defaults = "killprotect ns_secure ns_private hide_email memo_signon memo_receive autoop" + regdelay = 90s + expire = 190d + secureadmins = yes + modeonid = yes + #modesonid = "+R" + hidenetsplitquit = no + killquick = 20s + kill = 60s + #restrictopernicks = yes +} + +/* + * Core NickServ commands. + * + * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules + * are loaded you can then configure the commands to be added to any client you like with any name you like. + * + * Additionally, you may provide a permission name that must be in the opertype of users executing the command. + * + * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior. + */ + +/* Command group configuration for NickServ. + * + * Commands may optionally be placed into groups to make NickServ's HELP output easier to understand. + * Remove the following groups to use the old behavior of simply listing all NickServ commands from HELP. + */ +command_group +{ + name = "nickserv/admin" + description = "Services Operator commands" +} + +/* Give it a help command. */ +command { service = "NickServ"; name = "HELP"; command = "generic/help"; } + +/* + * ns_access + * + * Provides the command nickserv/access. + * + * Used for configuring what hosts have access to your account. + */ +module +{ + name = "ns_access" + + /* + * The maximum number of entries allowed on a nickname's access list. + */ + accessmax = 64 + + /* + * If set, Services will add the usermask of registering users to the access list of their + * newly created account. If not set, users will always have to identify to NickServ before + * being recognized, unless they manually add an address to the access list of their account. + * This directive is optional. + */ + addaccessonreg = no +} + +command { service = "NickServ"; name = "ACCESS"; command = "nickserv/access"; } + +/* + * ns_ajoin + * + * Provides the command nickserv/ajoin. + * + * Used for configuring channels to join once you identify. + */ +module +{ + name = "ns_ajoin" + + /* + * The maximum number of channels a user can have on NickServ's AJOIN command. + */ + ajoinmax = 32 +} +command { service = "NickServ"; name = "AJOIN"; command = "nickserv/ajoin"; } + +/* + * ns_alist + * + * Provides the command nickserv/alist. + * + * Used for viewing what channels you have access to. + */ +module { name = "ns_alist" } +command { service = "NickServ"; name = "ALIST"; command = "nickserv/alist"; } + +/* + * ns_cert + * + * Provides the command nickserv/cert. + * + * Used for configuring your SSL certificate list, which can be used to automatically identify you. + */ +module { name = "ns_cert"; max = 16; } +command { service = "NickServ"; name = "CERT"; command = "nickserv/cert"; } + +/* + * ns_drop + * + * Provides the command nickserv/drop. + * + * Used for unregistering names. + */ +module { name = "ns_drop" } +command { service = "NickServ"; name = "DROP"; command = "nickserv/drop"; } + +/* + * ns_getemail + * + * Provides the command nickserv/getemail. + * + * Used for getting registered accounts by searching for emails. + */ +module { name = "ns_getemail" } +command { service = "NickServ"; name = "GETEMAIL"; command = "nickserv/getemail"; permission = "nickserv/getemail"; group = "nickserv/admin"; } + +/* + * ns_getpass + * + * Provides the command nickserv/getpass. + * + * Used for getting users passwords. + * + * Requires no encryption is being used. + */ +#module { name = "ns_getpass" } +#command { service = "NickServ"; name = "GETPASS"; command = "nickserv/getpass"; permission = "nickserv/getpass"; } + +/* + * ns_group + * + * Provides the commands nickserv/group, nickserv/glist, and nickserv/ungroup. + * + * Used for controlling nick groups. + */ +module +{ + name = "ns_group" + + /* + * The maximum number of nicks allowed in a group. + * + * This directive is optional, but recommended. If not set or set to 0, no limits will be applied. + */ + maxaliases = 64 + + /* + * If set, the NickServ GROUP command won't allow any group change. This is recommended for + * better performance and to protect against nick stealing, however users will have less + * flexibility. + * + * This directive is optional, but recommended. + */ + #nogroupchange = yes +} +command { service = "NickServ"; name = "GLIST"; command = "nickserv/glist"; } +command { service = "NickServ"; name = "GROUP"; command = "nickserv/group"; } +command { service = "NickServ"; name = "UNGROUP"; command = "nickserv/ungroup"; } + +/* + * ns_identify + * + * Provides the command nickserv/identify. + * + * Used for identifying to accounts. + */ +module { name = "ns_identify" } +command { service = "NickServ"; name = "ID"; command = "nickserv/identify"; hide = true; } +command { service = "NickServ"; name = "IDENTIFY"; command = "nickserv/identify"; } + +/* + * ns_info + * + * Provides the commands: + * nickserv/info. - Used for gathering information about an account. + * nickserv/set/hide, nickserv/saset/hide - Used for configuring which options are publically shown in nickserv/info. + * + */ +module { name = "ns_info" } +command { service = "NickServ"; name = "INFO"; command = "nickserv/info"; } + +command { service = "NickServ"; name = "SET HIDE"; command = "nickserv/set/hide"; } +command { service = "NickServ"; name = "SASET HIDE"; command = "nickserv/saset/hide"; permission = "nickserv/saset/hide"; } + +/* + * ns_list + * + * Provides the commands: + * nickserv/list - Used for retrieving and searching the registered account list. + * nickserv/set/private, nickserv/saset/private - Used for configuring whether or a users account shows up in nickserv/list. + * + */ +module +{ + name = "ns_list" + + /* + * The maximum number of nicks to be returned for a NickServ LIST command. + */ + listmax = 75 +} +command { service = "NickServ"; name = "LIST"; command = "nickserv/list"; group = "nickserv/admin"; } + +command { service = "NickServ"; name = "SET PRIVATE"; command = "nickserv/set/private"; } +command { service = "NickServ"; name = "SASET PRIVATE"; command = "nickserv/saset/private"; permission = "nickserv/saset/private"; } + +/* + * ns_logout + * + * Provides the command nickserv/logout. + * + * Used for logging out of your account. + */ +module { name = "ns_logout" } +command { service = "NickServ"; name = "LOGOUT"; command = "nickserv/logout"; } + +/* + * ns_recover + * + * Provides the command nickserv/recover. + * + * Used for recovering your nick from services or another user. + */ +module +{ + name = "ns_recover" + + /* + * If set, Services will svsnick and svsjoin users who use the recover + * command on an identified user to the nick and channels of the recovered user. + * + * This directive is opional. + */ + restoreonrecover = yes +} +command { service = "NickServ"; name = "RECOVER"; command = "nickserv/recover"; } +# Uncomment below to emulate 1.8's behavior of ghost and release. +#command { service = "NickServ"; name = "GHOST"; command = "nickserv/recover"; } +#command { service = "NickServ"; name = "RELEASE"; command = "nickserv/recover"; } + +/* + * ns_register + * + * Provides the commands nickserv/confirm, nickserv/register, and nickserv/resend. + * + * Used for registering accounts. + */ +module +{ + name = "ns_register" + + /* + * Registration confirmation setting. Set to "none" for no registration confirmation, + * "mail" for email confirmation, and "admin" to have services operators manually confirm + * every registration. Set to "disable" to completely disable all registrations. + */ + registration = "none" + + /* + * The minimum length of time between consecutive uses of NickServ's RESEND command. + * + * This directive is optional, but recommended. If not set, this restriction will be disabled. + */ + resenddelay = 90s + + /* + * Prevents users from registering their nick if they are not connected + * for at least the given number of seconds. + * + * This directive is optional. + */ + nickregdelay = 90s + + /* + * The length of time a user using an unconfirmed account has + * before the account will be released for general use again. + */ + unconfirmedexpire = 1d +} + +command { service = "NickServ"; name = "CONFIRM"; command = "nickserv/confirm"; } +command { service = "NickServ"; name = "REGISTER"; command = "nickserv/register"; } +command { service = "NickServ"; name = "RESEND"; command = "nickserv/resend"; } + +/* + * ns_resetpass + * + * Provides the command nickserv/resetpass. + * + * Used for resetting passwords by emailing users a temporary one. + */ +module { name = "ns_resetpass" } +command { service = "NickServ"; name = "RESETPASS"; command = "nickserv/resetpass"; } + +/* + * ns_set + * + * Provides the commands: + * nickserv/set, nickserv/saset - Dummy help wrappers for the SET and SASET commands. + * nickserv/set/autoop, nickserv/saset/autoop - Determines whether or not modes are automatically set users when joining a channel. + * nickserv/set/display, nickserv/saset/display - Used for setting a users display name. + * nickserv/set/email, nickserv/saset/email - Used for setting a users email address. + * nickserv/set/keepmodes, nickserv/saset/keepmodes - Configure whether or not services should retain a user's modes across sessions. + * nickserv/set/kill, nickserv/saset/kill - Used for configuring nickname protection. + * nickserv/set/language, nickserv/saset/language - Used for configuring what language services use. + * nickserv/set/message, nickserv/saset/message - Used to configure how services send messages to you. + * nickserv/set/password, nickserv/saset/password - Used for changing a users password. + * nickserv/set/secure, nickserv/saset/secure - Used for configuring whether a user can identify by simply being recognized by nickserv/access. + * nickserv/saset/noexpire - Used for configuring noexpire, which prevents nicks from expiring. + */ +module +{ + name = "ns_set" + + /* + * Allow the use of the IMMED option in the NickServ SET KILL command. + * + * This directive is optional. + */ + #allowkillimmed = yes +} + + +command { service = "NickServ"; name = "SET"; command = "nickserv/set"; } +command { service = "NickServ"; name = "SASET"; command = "nickserv/saset"; permission = "nickserv/saset/"; group = "nickserv/admin"; } + +command { service = "NickServ"; name = "SET AUTOOP"; command = "nickserv/set/autoop"; } +command { service = "NickServ"; name = "SASET AUTOOP"; command = "nickserv/saset/autoop"; permission = "nickserv/saset/autoop"; } + +command { service = "NickServ"; name = "SET DISPLAY"; command = "nickserv/set/display"; } +command { service = "NickServ"; name = "SASET DISPLAY"; command = "nickserv/saset/display"; permission = "nickserv/saset/display"; } + +command { service = "NickServ"; name = "SET EMAIL"; command = "nickserv/set/email"; } +command { service = "NickServ"; name = "SASET EMAIL"; command = "nickserv/saset/email"; permission = "nickserv/saset/email"; } + +command { service = "NickServ"; name = "SET KEEPMODES"; command = "nickserv/set/keepmodes"; } +command { service = "NickServ"; name = "SASET KEEPMODES"; command = "nickserv/saset/keepmodes"; permission = "nickserv/saset/keepmodes"; } + +command { service = "NickServ"; name = "SET KILL"; command = "nickserv/set/kill"; } +command { service = "NickServ"; name = "SASET KILL"; command = "nickserv/saset/kill"; permission = "nickserv/saset/kill"; } + +command { service = "NickServ"; name = "SET LANGUAGE"; command = "nickserv/set/language"; } +command { service = "NickServ"; name = "SASET LANGUAGE"; command = "nickserv/saset/language"; permission = "nickserv/saset/language"; } + +command { service = "NickServ"; name = "SET MESSAGE"; command = "nickserv/set/message"; } +command { service = "NickServ"; name = "SASET MESSAGE"; command = "nickserv/saset/message"; permission = "nickserv/saset/message"; } + +command { service = "NickServ"; name = "SET PASSWORD"; command = "nickserv/set/password"; } +command { service = "NickServ"; name = "SASET PASSWORD"; command = "nickserv/saset/password"; permission = "nickserv/saset/password"; } + +command { service = "NickServ"; name = "SET SECURE"; command = "nickserv/set/secure"; } +command { service = "NickServ"; name = "SASET SECURE"; command = "nickserv/saset/secure"; permission = "nickserv/saset/secure"; } + +command { service = "NickServ"; name = "SASET NOEXPIRE"; command = "nickserv/saset/noexpire"; permission = "nickserv/saset/noexpire"; } + +/* + * ns_set_misc + * + * Provides the command nickserv/set/misc. + * + * Allows you to create arbitrary commands to set data, and have that data show up in nickserv/info. + * A field named misc_description may be given for use with help output. + */ +module { name = "ns_set_misc" } +command { service = "NickServ"; name = "SET URL"; command = "nickserv/set/misc"; misc_description = _("Associate a URL with your account"); } +command { service = "NickServ"; name = "SASET URL"; command = "nickserv/saset/misc"; misc_description = _("Associate a URL with this account"); permission = "nickserv/saset/url"; group = "nickserv/admin"; } +command { service = "NickServ"; name = "SET PUBLICMAIL"; command = "nickserv/set/misc"; misc_description = _("Associate an eMail address with your account"); } +command { service = "NickServ"; name = "SASET PUBLICMAIL"; command = "nickserv/saset/misc"; misc_description = _("Associate an eMail address with this account"); permission = "nickserv/saset/publicmail"; group = "nickserv/admin"; } +command { service = "NickServ"; name = "SET TWITTER"; command = "nickserv/set/misc"; misc_description = _("Associate a Twitter account with your account"); } +command { service = "NickServ"; name = "SASET TWITTER"; command = "nickserv/saset/misc"; misc_description = _("Associate a Twitter account with this account"); permission = "nickserv/saset/twitter"; group = "nickserv/admin"; } +#command { service = "NickServ"; name = "SET FACEBOOK"; command = "nickserv/set/misc"; misc_description = _("Associate a Facebook URL with your account"); } +#command { service = "NickServ"; name = "SASET FACEBOOK"; command = "nickserv/saset/misc"; misc_description = _("Associate a Facebook URL with this account"); permission = "nickserv/saset/facebook"; group = "nickserv/admin"; } + +/* + * ns_status + * + * Provides the nickserv/status command. + * + * Used to determine if a user is recognized or identified by services. + */ +module { name = "ns_status" } +command { service = "NickServ"; name = "STATUS"; command = "nickserv/status"; } + +/* + * ns_suspend + * + * Provides the commands nickserv/suspend and nickserv/unsuspend. + * + * Used to suspend and unsuspend nicknames. Suspended nicknames can not be used but their settings are preserved. + */ +module +{ + name = "ns_suspend" + + /* + * The length of time before a suspended nick becomes unsuspended. + * + * This directive is optional. If not set, the default is never. + */ + #suspendexpire = 90d + + /* + * Settings to show to non-opers in NickServ's INFO output. + * Comment to completely disable showing any information about + * suspended nicknames to non-opers. + */ + show = "suspended, by, reason, on, expires" +} + +command { service = "NickServ"; name = "SUSPEND"; command = "nickserv/suspend"; permission = "nickserv/suspend"; group = "nickserv/admin"; } +command { service = "NickServ"; name = "UNSUSPEND"; command = "nickserv/unsuspend"; permission = "nickserv/suspend"; group = "nickserv/admin"; } + +/* + * ns_update + * + * Provides the command nickserv/update. + * + * Used to update your status on all channels, turn on your vHost, etc. + */ +module { name = "ns_update" } +command { service = "NickServ"; name = "UPDATE"; command = "nickserv/update"; } + + +/* + * Extra NickServ related modules. + */ + +/* + * ns_maxemail + * + * Limits how many times the same email address may be used in Anope + * to register accounts. + */ +#module +{ + name = "ns_maxemail" + + /* + * The limit to how many registered nicks can use the same e-mail address. If set to 0 or left + * commented, there will be no limit enforced when registering new accounts or using + * /msg NickServ SET EMAIL. + */ + maxemails = 1 +} diff --git a/roles/server/irc-services/files/default/operserv.conf b/roles/server/irc-services/files/default/operserv.conf new file mode 100644 index 0000000..e81524a --- /dev/null +++ b/roles/server/irc-services/files/default/operserv.conf @@ -0,0 +1,617 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +/* + * First, create the service. + * Note that an easy way to rename this service is to define{} the client name to something else. + */ +service +{ + nick = "OperServ" + user = "operserv" + host = "services.host" + gecos = "Operator Service" + #modes = "+o" +} + +module +{ + name = "operserv" + client = "OperServ" + autokillexpiry = 30d + chankillexpiry = 30d + snlineexpiry = 30d + sqlineexpiry = 30d + akillonadd = yes + killonsnline = yes + killonsqline = yes + addakiller = yes + akillids = yes + opersonly = yes +} + +/* + * Core OperServ commands. + * + * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules + * are loaded you can then configure the commands to be added to any client you like with any name you like. + * + * Additionally, you may provide a permission name that must be in the opertype of users executing the command. + * + * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior. + */ + +/* Give it a help command. */ +command { service = "OperServ"; name = "HELP"; command = "generic/help"; } + +/* + * os_akill + * + * Provides the command operserv/akill. + * + * Used to ban users from the network. + */ +module { name = "os_akill" } +command { service = "OperServ"; name = "AKILL"; command = "operserv/akill"; permission = "operserv/akill"; } + +/* + * os_chankill + * + * Provides the command operserv/chankill. + * + * Used to akill users from an entire channel. + */ +module { name = "os_chankill" } +command { service = "OperServ"; name = "CHANKILL"; command = "operserv/chankill"; permission = "operserv/chankill"; } + +/* + * os_defcon + * + * Provides the command operserv/defcon. + * + * Allows you to set services in defcon mode, which can be used to restrict services access + * during bot attacks. + */ +#module +{ + name = "os_defcon" + + /* + * Default DefCon level (1-5) to use when starting Services up. Level 5 constitutes normal operation + * while level 1 constitutes the most restrictive operation. If this setting is left out or set to + * 0, DefCon will be disabled and the rest of this block will be ignored. + */ + #defaultlevel = 5 + + /* + * The following 4 directives define what operations will take place when DefCon is set to levels + * 1 through 4. Each level is a list that must be separated by spaces. + * + * The following operations can be defined at each level: + * - nonewchannels: Disables registering new channels + * - nonewnicks: Disables registering new nicks + * - nomlockchanges: Disables changing MLOCK on registered channels + * - forcechanmodes: Forces all channels to have the modes given in the later chanmodes directive + * - reducedsessions: Reduces the session limit to the value given in the later sessionlimit directive + * - nonewclients: KILL any new clients trying to connect + * - operonly: Services will ignore all non-IRCops + * - silentoperonly: Services will silently ignore all non-IRCops + * - akillnewclients: AKILL any new clients trying to connect + * - nonewmemos: No new memos will be sent to block MemoServ attacks + */ + level4 = "nonewchannels nonewnicks nomlockchanges reducedsessions" + level3 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions" + level2 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions silentoperonly" + level1 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions silentoperonly akillnewclients" + + /* + * New session limit to use when a DefCon level is using "reduced" session limiting. + */ + #sessionlimit = 2 + + /* + * Length of time to add an AKILL for when DefCon is preventing new clients from connecting to the + * network. + */ + #akillexpire = 5m + + /* + * The channel modes to set on all channels when the DefCon channel mode system is in use. + * + * Note 1: Choose these modes carefully, because when DefCon switches to a level which does NOT have + * the mode setting selected, Services will set the reverse on all channels, e.g. if this setting + * is +RN when DefCon is used, all channels will be set to +RN, when DefCon is removed, all + * channels will be set to -RN. You don't want to set this to +k for example, because when DefCon + * is removed, all channels are set -k, removing the key from previously keyed channels. + * + * Note 2: MLOCKed modes will not be lost. + */ + #chanmodes = "+R" + + /* + * This value can be used to automatically return the network to DefCon level 5 after the specified + * time period, just in case any IRC Operator forgets to remove a DefCon setting. + * + * This directive is optional. + */ + #timeout = 15m + + /* + * If set, Services will send a global message on DefCon level changes. + * + * This directive is optional. + */ + #globalondefcon = yes + + /* + * If set, Services will send the global message defined in the message directive on DefCon level + * changes. + * + * This directive is optional. + */ + #globalondefconmore = yes + + /* + * Defines the message that will be sent on DefCon level changes when globalondefconmore is set. + * + * This directive is required only when globalondefconmore is set. + */ + #message = "Put your message to send your users here. Don't forget to uncomment globalondefconmore" + + /* + * Defines the message that will be sent when DefCon is returned to level 5. This directive is optional, + * and will also override globalondefcon and globalondefconmore when set. + */ + #offmessage = "Services are now back to normal, sorry for any inconvenience" + + /* + * Defines the reason to use when clients are KILLed or AKILLed from the network while the proper + * DefCon operation is in effect. + */ + #akillreason = "This network is currently not accepting connections, please try again later." +} +#command { service = "OperServ"; name = "DEFCON"; command = "operserv/defcon"; } + +/* + * os_dns + * + * Provides the command operserv/dns. + * + * This module requires that m_dns is loaded. + * + * This module allows controlling a DNS zone. This is useful for + * controlling what servers users are placed on for load balancing, + * and to automatically remove split servers. + * + * To use this module you must set a nameserver record for services + * so that DNS queries go to services. + * + * Alternatively, you may use a slave DNS server to hide service's IP, + * provide query caching, and provide better fault tolerance. + * + * To do this using BIND, configure similar to: + * + * options { max-refresh-time 60; }; + * zone "irc.example.com" IN { + * type slave; + * masters { 127.0.0.1 port 5353; }; + * }; + * + * Where 127.0.0.1:5353 is the IP and port services are listening on. + * We recommend you externally firewall both UDP and TCP to the port + * Anope is listening on. + * + * Finally set a NS record for irc.example.com. to BIND or services. + */ +#module +{ + name = "os_dns" + + /* TTL for records. This should be very low if your records change often. */ + ttl = 1m + + /* If a server drops this many users the server is automatically removed from the DNS zone. + * This directive is optional. + */ + user_drop_mark = 50 + + /* The time used for user_drop_mark. */ + user_drop_time = 1m + + /* When a server is removed from the zone for dropping users, it is readded after this time. + * This directive is optional. + */ + user_drop_readd_time = 5m + + /* If set, when a server splits, it is automatically removed from the zone. */ + remove_split_servers = yes + + /* If set, when a server connects to the network, it will be automatically added to + * the zone if it is a known server. + */ + readd_connected_servers = no +} +#command { service = "OperServ"; name = "DNS"; command = "operserv/dns"; permission = "operserv/dns"; } + +/* + * os_config + * + * Provides the command operserv/config. + * + * Used to view and set configuration options while services are running. + */ +module { name = "os_config" } +command { service = "OperServ"; name = "CONFIG"; command = "operserv/config"; permission = "operserv/config"; } + +/* + * os_forbid + * + * Provides the command operserv/forbid. + * + * Used to forbid specific nicks, channels, emails, etc. from being used. + */ +module { name = "os_forbid" } +command { service = "OperServ"; name = "FORBID"; command = "operserv/forbid"; permission = "operserv/forbid"; } + +/* + * os_ignore + * + * Provides the command operserv/ignore. + * + * Used to make Services ignore users. + */ +module { name = "os_ignore" } +command { service = "OperServ"; name = "IGNORE"; command = "operserv/ignore"; permission = "operserv/ignore"; } + +/* + * os_info + * + * Provides the command operserv/info. + * + * Used to add oper only notes to users and channels. + */ +module { name = "os_info" } +command { service = "OperServ"; name = "INFO"; command = "operserv/info"; permission = "operserv/info"; } + +/* + * os_jupe + * + * Provides the command operserv/jupe. + * + * Used to disconnect servers from the network and prevent them from relinking. + */ +module { name = "os_jupe" } +command { service = "OperServ"; name = "JUPE"; command = "operserv/jupe"; permission = "operserv/jupe"; } + +/* + * os_kick + * + * Provides the command operserv/kick. + * + * Used to kick users from channels. + */ +module { name = "os_kick" } +command { service = "OperServ"; name = "KICK"; command = "operserv/kick"; permission = "operserv/kick"; } + +/* + * os_kill + * + * Provides the command operserv/kill. + * + * Used to forcibly disconnect users from the network. + */ +module { name = "os_kill" } +command { service = "OperServ"; name = "KILL"; command = "operserv/kill"; permission = "operserv/kill"; } + +/* + * os_list + * + * Provides the commands operserv/chanlist and operserv/userlist. + * + * Used to list and search the channels and users currently on the network. + */ +module { name = "os_list" } +command { service = "OperServ"; name = "CHANLIST"; command = "operserv/chanlist"; permission = "operserv/chanlist"; } +command { service = "OperServ"; name = "USERLIST"; command = "operserv/userlist"; permission = "operserv/userlist"; } + +/* + * os_login + * + * Provides the commands operserv/login and operserv/logout. + * + * Used to login to OperServ, only required if your oper block requires this. + */ +module { name = "os_login" } +command { service = "OperServ"; name = "LOGIN"; command = "operserv/login"; } +command { service = "OperServ"; name = "LOGOUT"; command = "operserv/logout"; } + +/* + * os_logsearch + * + * Provides the command operserv/logsearch. + * + * Used to search services log files. + */ +module +{ + name = "os_logsearch" + + /* The log file name to search. There should be a log{} block configured to log + * to a file of this name. + */ + logname = "services.log" +} +command { service = "OperServ"; name = "LOGSEARCH"; command = "operserv/logsearch"; permission = "operserv/logsearch"; } + +/* + * os_mode + * + * Provides the commands operserv/mode and operserv/umode. + * + * Used to change user and channel modes. + */ +module { name = "os_mode" } +command { service = "OperServ"; name = "UMODE"; command = "operserv/umode"; permission = "operserv/umode"; } +command { service = "OperServ"; name = "MODE"; command = "operserv/mode"; permission = "operserv/mode"; } + +/* + * os_modinfo + * + * Provides the commands operserv/modinfo and operserv/modlist. + * + * Used to show information about loaded modules. + */ +module { name = "os_modinfo" } +command { service = "OperServ"; name = "MODINFO"; command = "operserv/modinfo"; permission = "operserv/modinfo"; } +command { service = "OperServ"; name = "MODLIST"; command = "operserv/modlist"; permission = "operserv/modinfo"; } + +/* + * os_module + * + * Provides the commands operserv/modload, operserv/modreload, and operserv/modunload. + * + * Used to load, reload, and unload modules. + */ +module { name = "os_module" } +command { service = "OperServ"; name = "MODLOAD"; command = "operserv/modload"; permission = "operserv/modload"; } +command { service = "OperServ"; name = "MODRELOAD"; command = "operserv/modreload"; permission = "operserv/modload"; } +command { service = "OperServ"; name = "MODUNLOAD"; command = "operserv/modunload"; permission = "operserv/modload"; } + +/* + * os_news + * + * Provides the commands operserv/logonnews, operserv/opernews, and operserv/randomnews. + * + * Used to configure news notices shown to users when they connect, and opers when they oper. + */ +module +{ + name = "os_news" + + /* + * The service bot names to use to send news to users on connection + * and to opers when they oper. + */ + announcer = "Global" + oper_announcer = "OperServ" + + /* + * The number of LOGON/OPER news items to display when a user logs on. + * + * This directive is optional, if no set it will default to 3. + */ + #newscount = 3 +} + +command { service = "OperServ"; name = "LOGONNEWS"; command = "operserv/logonnews"; permission = "operserv/news"; } +command { service = "OperServ"; name = "OPERNEWS"; command = "operserv/opernews"; permission = "operserv/news"; } +command { service = "OperServ"; name = "RANDOMNEWS"; command = "operserv/randomnews"; permission = "operserv/news"; } + +/* + * os_noop + * + * Provides the command operserv/noop. + * + * Used to NOOP a server, which prevents users from opering on that server. + */ +module { name = "os_noop" } +command { service = "OperServ"; name = "NOOP"; command = "operserv/noop"; permission = "operserv/noop"; } + +/* + * os_oline + * + * Provides the command operserv/oline. + * + * Used to set oper flags on users, and is specific to UnrealIRCd. + * See /helpop ?svso on your IRCd for more information. + */ +module { name = "os_oline" } +command { service = "OperServ"; name = "OLINE"; command = "operserv/oline"; permission = "operserv/oline"; } + +/* + * os_oper + * + * Provides the command operserv/oper. + * + * Used to configure opers and show information about opertypes. + */ +module { name = "os_oper" } +command { service = "OperServ"; name = "OPER"; command = "operserv/oper"; permission = "operserv/oper"; } + +/* + * os_reload + * + * Provides the command operserv/reload. + * + * Used to reload the services.conf configuration file. + */ +module { name = "os_reload" } +command { service = "OperServ"; name = "RELOAD"; command = "operserv/reload"; permission = "operserv/reload"; } + +/* + * os_session + * + * Provides the commands operserv/exception and operserv/session. + * + * This module enables session limiting. Session limiting prevents users from connecting more than a certain + * number of times from the same IP at the same time - thus preventing most types of cloning. + * Once a host reaches it's session limit, all clients attempting to connect from that host will + * be killed. Exceptions to the default session limit can be defined via the exception list. + * + * Used to manage the session limit exception list, and view currently active sessions. + */ +#module +{ + name = "os_session" + + /* + * Default session limit per host. Once a host reaches it's session limit, all clients attempting + * to connect from that host will be killed. + * + * This directive is require if os_session is loaded. + */ + defaultsessionlimit = 3 + + /* + * The maximum session limit that may be set for a host in an exception. + * + * This directive is require if os_session is loaded. + */ + maxsessionlimit = 100 + + /* + * Sets the default expiry time for session exceptions. + * + * This directive is require if os_session is loaded. + */ + exceptionexpiry = 1d + + /* + * The message that will be NOTICE'd to a user just before they are removed from the network because + * their host's session limit has been exceeded. It may be used to give a slightly more descriptive + * reason for the impending kill as opposed to simply "Session limit exceeded". + * + * This directive is optional, if not set, nothing will be sent. + */ + sessionlimitexceeded = "The session limit for your IP %IP% has been exceeded." + + /* + * Same as above, but should be used to provide a website address where users can find out more + * about session limits and how to go about applying for an exception. + * + * Note: This directive has been intentionally commented out in an effort to remind you to change + * the URL it contains. It is recommended that you supply an address/URL where people can get help + * regarding session limits. + * + * This directive is optional, if not set, nothing will be sent. + */ + #sessionlimitdetailsloc = "Please visit http://your.website.url/ for more information about session limits." + + /* + * If set and is not 0, this directive tells Services to add an AKILL the number of subsequent kills + * for the same host exceeds this value, preventing the network from experiencing KILL floods. + * + * This directive is optional. + */ + maxsessionkill = 15 + + /* + * Sets the expiry time for AKILLs set for hosts exceeding the maxsessionkill directive limit. + * + * This directive is optional, if not set, defaults to 30 minutes. + */ + sessionautokillexpiry = 30m + + /* + * Sets the CIDR value used to determine which IP addresses represent the same person. + * By default this would limit 3 connections per IPv4 IP and 3 connections per IPv6 IP. + * If you are receiving IPv6 clone attacks it may be useful to set session_ipv6_cidr to + * 64 or 48. + */ + session_ipv4_cidr = 32 + session_ipv6_cidr = 128 +} +#command { service = "OperServ"; name = "EXCEPTION"; command = "operserv/exception"; permission = "operserv/exception"; } +#command { service = "OperServ"; name = "SESSION"; command = "operserv/session"; permission = "operserv/session"; } + +/* + * os_set + * + * Provides the command operserv/set. + * + * Used to set various settings such as superadmin, debug mode, etc. + */ +module +{ + name = "os_set" + + /* + * If set, Services Admins will be able to use SUPERADMIN [ON|OFF] which will temporarily grant + * them extra privileges such as being a founder on ALL channels. + * + * This directive is optional. + */ + #superadmin = yes +} + +command { service = "OperServ"; name = "SET"; command = "operserv/set"; permission = "operserv/set"; } + +/* + * os_shutdown + * + * Provides the commands operserv/quit, operserv/restart, and operserv/shutdown. + * + * Used to quit, restart, or shutdown services. + */ +module { name = "os_shutdown" } +command { service = "OperServ"; name = "QUIT"; command = "operserv/quit"; permission = "operserv/quit"; } +command { service = "OperServ"; name = "RESTART"; command = "operserv/restart"; permission = "operserv/restart"; } +command { service = "OperServ"; name = "SHUTDOWN"; command = "operserv/shutdown"; permission = "operserv/shutdown"; } + +/* + * os_stats + * + * Provides the operserv/stats command. + * + * Used to show statistics about services. + */ +module { name = "os_stats" } +command { service = "OperServ"; name = "STATS"; command = "operserv/stats"; permission = "operserv/stats"; } + +/* + * os_svs + * + * Provides the commands operserv/svsnick, operserv/svsjoin, and operserv/svspart. + * + * Used to force users to change nicks, join and part channels. + */ +module { name = "os_svs" } +command { service = "OperServ"; name = "SVSNICK"; command = "operserv/svsnick"; permission = "operserv/svs"; } +command { service = "OperServ"; name = "SVSJOIN"; command = "operserv/svsjoin"; permission = "operserv/svs"; } +command { service = "OperServ"; name = "SVSPART"; command = "operserv/svspart"; permission = "operserv/svs"; } + +/* + * os_sxline + * + * Provides the operserv/snline and operserv/sqline commands. + * + * Used to ban real names, nick names, and possibly channels. + */ +module { name = "os_sxline" } +command { service = "OperServ"; name = "SNLINE"; command = "operserv/snline"; permission = "operserv/snline"; } +command { service = "OperServ"; name = "SQLINE"; command = "operserv/sqline"; permission = "operserv/sqline"; } + +/* + * os_update + * + * Provides the operserv/update command. + * + * Use to immediately update the databases. + */ +module { name = "os_update" } +command { service = "OperServ"; name = "UPDATE"; command = "operserv/update"; permission = "operserv/update"; } diff --git a/roles/server/irc-services/files/default/services.conf b/roles/server/irc-services/files/default/services.conf new file mode 100644 index 0000000..e26e80e --- /dev/null +++ b/roles/server/irc-services/files/default/services.conf @@ -0,0 +1,9 @@ +# +################################################ +### Managed by someone's ansible provisioner ### +################################################ +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# + +# file full of secrets - override it! diff --git a/roles/server/irc-services/files/default/services.motd b/roles/server/irc-services/files/default/services.motd new file mode 100644 index 0000000..e69de29 diff --git a/roles/server/irc-services/handlers/main.yml b/roles/server/irc-services/handlers/main.yml new file mode 100644 index 0000000..eebee22 --- /dev/null +++ b/roles/server/irc-services/handlers/main.yml @@ -0,0 +1,12 @@ +##################################### +### someone's ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +--- +- name: reload anope.service + systemd: + name: anope.service + state: reloaded + ignore_errors: yes diff --git a/roles/server/irc-services/tasks/main.yml b/roles/server/irc-services/tasks/main.yml new file mode 100644 index 0000000..6a8cc7b --- /dev/null +++ b/roles/server/irc-services/tasks/main.yml @@ -0,0 +1,216 @@ +##################################### +### someone"s ansible provisioner ### +##################################### +# Part of: https://git.somenet.org/root/pub/somesible.git +# 2017-2024 by someone +# +--- +- name: install anope irc services + apt: + pkg: + - anope + state: present + policy_rc_d: 101 + tags: "online" + ignore_errors: "{{ignore_online_errors | bool}}" + + +- name: create anope user + user: + name: "anope" + home: "/srv/anope" + shell: "/bin/bash" + createhome: no + system: yes + state: present + + +- name: create anope user's homedir + file: + path: "/srv/anope" + state: directory + mode: 0710 + owner: "anope" + group: "anope" + + +- name: create anope-db dir + file: + path: "/srv/anope/db" + state: directory + mode: 0750 + owner: "anope" + group: "anope" + + +- name: create anope-db-backup dir + file: + path: "/srv/anope/db/backups" + state: directory + mode: 0750 + owner: "anope" + group: "anope" + + +- name: create anope logdir + file: + path: "/var/log/anope" + state: directory + mode: 0750 + owner: "anope" + group: "anope" + + +- name: copy chanserv.conf config + copy: + src: "{{item}}" + dest: "/etc/anope/chanserv.conf" + mode: 0640 + owner: "anope" + group: "anope" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/chanserv.conf" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/chanserv.conf" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/chanserv.conf" + - "default/chanserv.conf" + notify: reload anope.service + + +- name: copy global.conf config + copy: + src: "{{item}}" + dest: "/etc/anope/global.conf" + mode: 0640 + owner: "anope" + group: "anope" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/global.conf" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/global.conf" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/global.conf" + - "default/global.conf" + notify: reload anope.service + + +- name: copy hostserv.conf config + copy: + src: "{{item}}" + dest: "/etc/anope/hostserv.conf" + mode: 0640 + owner: "anope" + group: "anope" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/hostserv.conf" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/hostserv.conf" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/hostserv.conf" + - "default/hostserv.conf" + notify: reload anope.service + + +- name: copy memoserv.conf config + copy: + src: "{{item}}" + dest: "/etc/anope/memoserv.conf" + mode: 0640 + owner: "anope" + group: "anope" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/memoserv.conf" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/memoserv.conf" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/memoserv.conf" + - "default/memoserv.conf" + notify: reload anope.service + + +- name: copy modules.conf config + copy: + src: "{{item}}" + dest: "/etc/anope/modules.conf" + mode: 0640 + owner: "anope" + group: "anope" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/modules.conf" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/modules.conf" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/modules.conf" + - "default/modules.conf" + notify: reload anope.service + + +- name: copy nickserv.conf config + copy: + src: "{{item}}" + dest: "/etc/anope/nickserv.conf" + mode: 0640 + owner: "anope" + group: "anope" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/nickserv.conf" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/nickserv.conf" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/nickserv.conf" + - "default/nickserv.conf" + notify: reload anope.service + + +- name: copy operserv.conf config + copy: + src: "{{item}}" + dest: "/etc/anope/operserv.conf" + mode: 0640 + owner: "anope" + group: "anope" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/operserv.conf" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/operserv.conf" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/operserv.conf" + - "default/operserv.conf" + notify: reload anope.service + + +- name: copy services.conf config + copy: + src: "{{item}}" + dest: "/etc/anope/services.conf" + mode: 0640 + owner: "anope" + group: "anope" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/services.conf" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/services.conf" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/services.conf" + - "default/services.conf" + notify: reload anope.service + + +- name: copy services.motd config + copy: + src: "{{item}}" + dest: "/etc/anope/services.motd" + mode: 0640 + owner: "anope" + group: "anope" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/services.motd" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/services.motd" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/services.motd" + - "default/services.motd" + notify: reload anope.service + + +- name: copy anope.service to /etc/systemd/system/ + copy: + src: "{{item}}" + dest: "/etc/systemd/system/anope.service" + mode: 0644 + owner: "root" + group: "root" + with_first_found: + - "{{lookup('env','PWD')}}/host_files/{{inventory_hostname}}/{{role_name}}/anope.service" + - "{{lookup('env','PWD')}}/group_files/{{group_files_group}}/{{role_name}}/anope.service" + - "{{lookup('env','PWD')}}/group_files/all/{{role_name}}/anope.service" + - "default/anope.service" + + +- name: enable and start anope.service + include_role: name="base/systemd/enable-and-start" + vars: + service_name: anope.service -- 2.43.0