From 49b67de7ece4ed5130cf57d19c10a91b4337d852 Mon Sep 17 00:00:00 2001
From: DarkFeather <ircs://aninix.net:6697/DarkFeather>
Date: Tue, 18 Apr 2023 23:56:59 -0500
Subject: [PATCH] Removing large amounts of extra commenting and old/unused
 features; SASL support

---
 roles/IRC/tasks/web.yml                       |    2 +
 roles/IRC/templates/anope/modules.conf.j2     |    4 +-
 roles/IRC/templates/inspircd/inspircd.conf.j2 |  709 ++------
 roles/IRC/templates/inspircd/links.conf.j2    |   45 -
 roles/IRC/templates/inspircd/modules.conf.j2  | 1568 +----------------
 roles/IRC/templates/inspircd/opers.conf.j2    |  114 +-
 6 files changed, 193 insertions(+), 2249 deletions(-)

diff --git a/roles/IRC/tasks/web.yml b/roles/IRC/tasks/web.yml
index e17960c..1e4f43f 100644
--- a/roles/IRC/tasks/web.yml
+++ b/roles/IRC/tasks/web.yml
@@ -7,6 +7,8 @@
      dest: /usr/local/src/KiwiIRC
      update: no
 
+ # Need to capture AniNIX skinning of client as well as client build process.
+
  - name: Update permissions
    become: yes
    file:
diff --git a/roles/IRC/templates/anope/modules.conf.j2 b/roles/IRC/templates/anope/modules.conf.j2
index fea0f3b..d457600 100644
--- a/roles/IRC/templates/anope/modules.conf.j2
+++ b/roles/IRC/templates/anope/modules.conf.j2
@@ -543,7 +543,7 @@ module
  * authenticating users through this mechanism. Supported mechanisms are:
  * PLAIN, EXTERNAL.
  */
-#module { name = "m_sasl" }
+module { name = "m_sasl" }
 
 /*
  * m_sasl_dh-aes [EXTRA]
@@ -631,7 +631,7 @@ module
 	 * You can use the following option to enable or disable it explicitly.
 	 * Leaving this option not set defaults to the default system behavior.
 	 */
-	#sslv3 = no
+	sslv3 = no
 }
 
 /*
diff --git a/roles/IRC/templates/inspircd/inspircd.conf.j2 b/roles/IRC/templates/inspircd/inspircd.conf.j2
index 365c12e..893c8b0 100644
--- a/roles/IRC/templates/inspircd/inspircd.conf.j2
+++ b/roles/IRC/templates/inspircd/inspircd.conf.j2
@@ -1,563 +1,166 @@
-#-#-#-#-#-#-#-#-#-#  INCLUDE CONFIGURATION  #-#-#-#-#-#-#-#-#-#-#-#-#-#
-#<include file="file.conf">                                           #
-#<include executable="/path/to/executable parameters">                #
-#<include executable="/usr/bin/wget -q -O - http://example.com/inspircd.conf">
+# Includes
+<config format="xml">
 <include file="/etc/inspircd/opers.conf">
 <include file="/etc/inspircd/links.conf">
 <include file="/etc/inspircd/modules.conf">
 <files motd="/etc/inspircd/motd.txt" rules="/etc/inspircd/rules.txt">
 
-
-#-#-#-#-#-#-#-#-#-#-#-#  VARIABLE DEFINITIONS  -#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# You can define variables that will be substituted later in the      #
-# configuration file. This can be useful to allow settings to be      #
-# easily changed, or to parameterize a remote includes.               #
-#                                                                     #
-# Variables may be redefined and may reference other variables.       #
-# Value expansion happens at the time the tag is read.                #
-#                                                                     #
-# Using variable definitions REQUIRES that the config format be       #
-# changed to "xml" from the default "compat" that uses escape         #
-# sequences such as "\"" and "\n", and does not support <define>      #
-<config format="xml">
-#<define name="bindip" value="1.2.2.3">
-#<define name="localips" value="&bindip;/24">
-
-#-#-#-#-#-#-#-#-#-#-#-#-  SERVER DESCRIPTION  -#-#-#-#-#-#-#-#-#-#-#-#-
-#                                                                     #
-#   Here is where you enter the information about your server.        #
-#                                                                     #
+# Server Definition
 <server
-        name="{{ external_domain }}"
-        description="{{ organization['displayname'] }}/IRC"
-        #id="97K"
-        network="{{ organization['displayname'] }}/IRC">
-
-
-#-#-#-#-#-#-#-#-#-#-#-#-   ADMIN INFORMATION   -#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-#   Describes the Server Administrator's real name (optionally),      #
-#   nick, and email address.                                          #
-#                                                                     #
+    name="{{ external_domain }}"
+    description="{{ organization['displayname'] }}/IRC"
+    network="{{ organization['displayname'] }}/IRC">
 <admin
-       name="{{ organization['admin'] }}"
-       nick="{{ organization['admin'] }}"
-       email="{{ organization['email'] }}">
+    name="{{ organization['admin'] }}"
+    nick="{{ organization['admin'] }}"
+    email="{{ organization['email'] }}">
 
-#-#-#-#-#-#-#-#-#-#-#-#-   PORT CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-
-#                                                                     #
-#   Enter the port and address bindings here.                         #
-#                                                                     #
-#                                                                     j
+# Connection Information
 <define name="subnetips" value="10.0.1.0/24">
 <define name="localhost" value="127.0.0.1/32">
+<cidr
+    ipv4clone="32"
+    ipv6clone="128">
 
-<bind
-      address=""
-      port="6697"
-      sslprofile="clients"
-      type="clients">
-
-<bind address="" port="6667" type="clients">
 
+# Plaintext on local only for bots and servers
 <bind address="" port="8067" type="servers">
+<bind address="" port="6667" type="clients">
+<connect
+    name="local"
+    parent="main"
+    allow="127.0.0.1"
+    localmax="20"
+    globalmax="20"
+    limit="20"
+    requiressl="off"
+    modes="+Bwx"
+    threshold="200"
+    port="6667">
 
+# SSL for external connections
+<bind
+    address=""
+    port="6697"
+    sslprofile="clients"
+    type="clients">
+<connect
+    name="main"
+    allow="*"
+    commandrate="1000"
+    fakelag="on"
+    globalmax="500"
+    hardsendq="1M"
+    limit="500"
+    localmax="500"
+    maxconnwarn="on"
+    modes="+wx"
+    pingfreq="120"
+    port="6697"
+    recvq="8192"
+    requiressl="on"
+    resolvehostnames="on"
+    softsendq="8192"
+    threshold="25"
+    timeout="10"
+    useident="no">
+<sslprofile
+    name="clients"
+    provider="openssl"
+    cafile="/etc/letsencrypt/live/{{ ssl['identity'] }}/fullchain.pem"
+    certfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/cert.pem" keyfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/privkey.pem"
+    ciphers="{{ ssl['ciphersuite'] }}"
+    hash="sha256"
+    renegotiation="no"
+    requestclientcert="no"
+    sslv3="no"
+    tlsv1="no"
+    tlsv11="no"
+    tlsv12="yes"
+    tlsv13="yes">
 <openssl onrehash="yes">
 
-<sslprofile
-      name="clients"
-      provider="openssl"
-      cafile="/etc/letsencrypt/live/{{ ssl['identity'] }}/fullchain.pem"
-      certfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/cert.pem"
-      keyfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/privkey.pem"
-      ciphers="{{ ssl['ciphersuite'] }}"
-      hash="sha256"
-      renegotiation="no"
-      requestclientcert="no"
-      sslv3="no"
-      tlsv1="no"
-      tlsv11="no"
-      tlsv12="yes"
-      tlsv13="yes">
 
 
-
-#-#-#-#-#-#-#-#-#-#-  CONNECTIONS CONFIGURATION  -#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-#   This is where you can configure which connections are allowed     #
-#   and denied access onto your server. The password is optional.     #
-#   You may have as many of these as you require. To allow/deny all   #
-#   connections, use a '*' or 0.0.0.0/0.                              #
-#                                                                     #
-#  -- It is important to note that connect tags are read from the  -- #
-#     TOP DOWN. This means that you should have more specific deny    #
-#    and allow tags at the top, progressively more general, followed  #
-#        by a <connect allow="*" (should you wish to have one).       #
-#                                                                     #
-# Connect blocks are searched twice for each user - once when the TCP #
-# connection is accepted, and once when the user completes their      #
-# registration. Most of the information (hostname, ident response,    #
-# password, SSL when using STARTTLS, etc) is only available during    #
-# the second search, so if you are trying to make a closed server,    #
-# you will probably need a connect block just for user registration.  #
-# This can be done by using <connect registered="no">                 #
-
-#<connect deny="192.0.2.*">
-#<connect deny="3ffe::0/32" reason="The 6bone address space is deprecated">
-<connect
-         name="local"
-         parent="main"
-         allow="127.0.0.1"
-         localmax="20"
-         globalmax="20"
-         limit="20"
-         requiressl="off"
-         threshold="200"
-         port="6667">
-<connect
-         name="main"
-         allow="*"
-         commandrate="1000"
-         fakelag="on"
-         globalmax="500"
-         hardsendq="1M"
-         limit="500"
-         localmax="500"
-         maxconnwarn="on"
-         modes="+wx"
-         pingfreq="120"
-         port="6697"
-         recvq="8192"
-         requiressl="on"
-         resolvehostnames="on"
-         softsendq="8192"
-         threshold="25"
-         timeout="10"
-         useident="no">
-
-#-#-#-#-#-#-#-#-#-#-#-#-  CIDR CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-
-#                                                                     #
-# CIDR configuration allows detection of clones and applying of       #
-# throttle limits across a CIDR range. (A CIDR range is a group of    #
-# IPs, for example, the CIDR range 192.168.1.0-192.168.1.255 may be   #
-# represented as 192.168.1.0/24). This means that abuse across an ISP #
-# is detected and curtailed much easier. Here is a good chart that    #
-# shows how many IPs the different CIDRs correspond to:               #
-# http://en.wikipedia.org/wiki/CIDR#Prefix_aggregation                #
-#                                                                     #
-<cidr
-      # ipv4clone: specifies how many bits of an IP address should be
-      # looked at for clones. The default only looks for clones on a
-      # single IP address of a user. You do not want to set this
-      # extremely low. (Values are 0-32).
-      ipv4clone="32"
-      # ipv6clone: specifies how many bits of an IP address should be
-      # looked at for clones. The default only looks for clones on a
-      # single IP address of a user. You do not want to set this
-      # extremely low. (Values are 0-128).
-      ipv6clone="128">
-
-#-#-#-#-#-#-#-#-#-#-#-# MAXIMUM CHANNELS -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-<channels users="20" opers="60">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# DNS SERVER -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# If these values are not defined, InspIRCd uses the default DNS resolver
-# of your system.
-#<dns server="127.0.0.1" timeout="5">
-#<dns server="::1" timeout="5">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#  PID FILE  -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# Define the path to the PID file here. The PID file can be used to   #
-# rehash the ircd from the shell or to terminate the ircd from the    #
-# shell using shell scripts, perl scripts, etc... and to monitor the  #
-# ircd's state via cron jobs. If this is a relative path, it will be  #
-# relative to the configuration directory, and if it is not defined,  #
-# the default of 'inspircd.pid' is used.                              #
-#                                                                     #
-<pid file="/var/lib/inspircd/inspircd.pid">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#- BANLIST LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# Use these tags to customise the ban limits on a per channel basis.  #
-# The tags are read from top to bottom, and any tag found which       #
-# matches the channels name applies the banlimit to that channel.     #
-# It is advisable to put an entry with the channel as '*' at the      #
-# bottom of the list. If none are specified or no maxbans tag is      #
-# matched, the banlist size defaults to 64 entries.                   #
-#                                                                     #
-#<banlist chan="#largechan" limit="128">
-<maxlist chan="*" limit="60">
-
-#-#-#-#-#-#-#-#-#-#-#-  DISABLED FEATURES  -#-#-#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# This tag is optional, and specifies one or more features which are  #
-# not available to non-operators.                                     #
-#                                                                     #
-# For example you may wish to disable NICK and prevent non-opers from #
-# changing their nicknames.                                           #
-# Note that any disabled commands take effect only after the user has #
-# 'registered' (e.g. after the initial USER/NICK/PASS on connection)  #
-# so for example disabling NICK will not cripple your network.        #
-#                                                                     #
-# You can also define if you want to disable any channelmodes         #
-# or usermodes from your users.                                       #
-#                                                                     #
-# `fakenonexistant' will make the ircd pretend that nonexistant       #
-# commands simply don't exist to non-opers ("no such command").       #
-#                                                                     #
-#<disabled commands="TOPIC MODE" usermodes="" chanmodes="" fakenonexistant="yes">
-
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-  SERVER OPTIONS   -#-#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-#   Settings to define which features are usable on your server.      #
-#                                                                     #
-
-<options
-         # prefixquit: What (if anything) users' quit messages
-         # should be prefixed with.
-         prefixquit="Quit: "
-
-         # suffixquit: What (if anything) users' quit messages
-         # should be suffixed with.
-         suffixquit=""
-
-         # prefixpart: What (if anything) users' part messages
-         # should be prefixed with.
-         prefixpart="&quot;"
-         # NOTE: Use "\"" instead of "&quot;" if not using <config format="xml">
-
-         # suffixpart: What (if anything) users' part message
-         # should be suffixed with.
-         suffixpart="&quot;"
-
-         # fixedquit: Set all users' quit messages to this value.
-         #fixedquit=""
-
-         # fixedpart: Set all users' part messages in all channels
-         # to this value.
-         #fixedpart=""
-
-         # syntaxhints: If enabled, if a user fails to send the correct parameters
-         # for a command, the ircd will give back some help text of what
-         # the correct parameters are.
-         syntaxhints="no"
-
-         # cyclehosts: If enabled, when a user gets a host set, it will cycle
-         # them in all their channels. If not, it will simply change their host
-         # without cycling them.
-         cyclehosts="no"
-
-         # cyclehostsfromuser: If enabled, the source of the mode change for
-         # cyclehosts will be the user who cycled. This can look nicer, but
-         # triggers anti-takeover mechanisms of some obsolete bots.
-         cyclehostsfromuser="no"
-
-         # ircumsgprefix: Use undernet-style message prefixing for NOTICE and
-         # PRIVMSG. If enabled, it will add users' prefix to the line, if not,
-         # it will just message the user normally.
-         ircumsgprefix="no"
-
-         # announcets: If set to yes, when the timestamp on a channel changes, all users
-         # in the channel will be sent a NOTICE about it.
-         announcets="yes"
-
-         # allowmismatch: Setting this option to yes will allow servers to link even
-         # if they don't have the same "optionally common" modules loaded. Setting this to
-         # yes may introduce some desyncs and unwanted behaviour.
-         allowmismatch="no"
-
-         # defaultbind: Sets the default for <bind> tags without an address. Choices are
-         # ipv4 or ipv6; if not specified, IPv6 will be used if your system has support,
-         # falling back to IPv4 otherwise.
-         defaultbind="auto"
-
-         # hostintopic: If enabled, channels will show the host of the topic setter
-         # in the topic. If set to no, it will only show the nick of the topic setter.
-         hostintopic="yes"
-
-         # pingwarning: If a server does not respond to a ping within x seconds,
-         # it will send a notice to opers with snomask +l informing that the server
-         # is about to ping timeout.
-         pingwarning="15"
-
-         # serverpingfreq: How often pings are sent between servers (in seconds).
-         serverpingfreq="60"
-
-         # defaultmodes: What modes are set on a empty channel when a user
-         # joins it and it is unregistered.
-         defaultmodes="not"
-
-         # moronbanner: This is the text that is sent to a user when they are
-         # banned from the server.
-         moronbanner="You're banned! Contact {{ organization['email'] }} with the ERROR line below for help."
-
-         # exemptchanops: exemptions for channel access restrictions based on prefix.
-         exemptchanops="nonick:v flood:o"
-
-         # invitebypassmodes: This allows /invite to bypass other channel modes.
-         # (Such as +k, +j, +l, etc.)
-         invitebypassmodes="yes"
-
-         # nosnoticestack: This prevents snotices from 'stacking' and giving you
-         # the message saying '(last message repeated X times)'. Defaults to no.
-         nosnoticestack="no"
-
-         # welcomenotice: When turned on, this sends a NOTICE to connecting users
-         # with the text Welcome to <networkname>! after successful registration.
-         # Defaults to yes.
-         welcomenotice="yes">
-
-
-#-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-
+# Performance
 <performance
-             # netbuffersize: Size of the buffer used to receive data from clients.
-             # The ircd may only read this amount of text in 1 go at any time.
-             netbuffersize="10240"
-
-             # somaxconn: The maximum number of connections that may be waiting
-             # in the accept queue. This is *NOT* the total maximum number of
-             # connections per server. Some systems may only allow this to be up
-             # to 5, while others (such as Linux and *BSD) default to 128.
-             somaxconn="128"
-
-             # limitsomaxconn: By default, somaxconn (see above) is limited to a
-             # safe maximum value in the 2.0 branch for compatibility reasons.
-             # This setting can be used to disable this limit, forcing InspIRCd
-             # to use the value specified above.
-             limitsomaxconn="true"
-
-             # softlimit: This optional feature allows a defined softlimit for
-             # connections. If defined, it sets a soft max connections value.
-             softlimit="1024"
-
-             # quietbursts: When syncing or splitting from a network, a server
-             # can generate a lot of connect and quit messages to opers with
-             # +C and +Q snomasks. Setting this to yes squelches those messages,
-             # which makes it easier for opers, but degrades the functionality of
-             # bots like BOPM during netsplits.
-             quietbursts="yes">
-
-#-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION  #-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-
-<security
-
-          # announceinvites: This option controls which members of the channel
-          # receive an announcement when someone is INVITEd. Available values:
-          # 'none' - don't send invite announcements
-          # 'all' - send invite announcements to all members
-          # 'ops' - send invite announcements to ops and higher ranked users
-          # 'dynamic' - send invite announcements to halfops (if available) and
-          #             higher ranked users. This is the recommended setting.
-          announceinvites="dynamic"
-
-          # hidemodes: If enabled, then the listmodes given will be hidden
-          # from users below halfop. This is not recommended to be set on +b
-          # as it may break some functionality in popular clients such as mIRC.
-          hidemodes="eI"
-
-          # hideulines: If this value is set to yes, U-lined servers will
-          # be hidden from non-opers in /links and /map.
-          hideulines="no"
-
-          # flatlinks: If this value is set to yes, /map and /links will
-          # be flattened when shown to non-opers.
-          flatlinks="no"
-
-          # hidewhois: When defined, the given text will be used in place
-          # of the server a user is on when whoised by a non-oper. Most
-          # networks will want to set this to something like "*.netname.net"
-          # to conceal the actual server a user is on.
-          # Note that enabling this will cause users' idle times to only be
-          # shown when the format /WHOIS <nick> <nick> is used.
-          hidewhois=""
-
-          # hidebans: If this value is set to yes, when a user is banned ([gkz]lined)
-          # only opers will see the ban message when the user is removed
-          # from the server.
-          hidebans="no"
-
-          # hidekills: If defined, replaces who set a /kill with a custom string.
-          hidekills=""
-
-          # hidesplits: If enabled, non-opers will not be able to see which
-          # servers split in a netsplit, they will only be able to see that one
-          # occurred (If their client has netsplit detection).
-          hidesplits="yes"
-
-          # maxtargets: Maximum number of targets per command.
-          # (Commands like /notice, /privmsg, /kick, etc)
-          maxtargets="20"
-
-          # customversion: Displays a custom string when a user /version's
-          # the ircd. This may be set for security reasons or vanity reasons.
-          customversion=""
-
-          # operspywhois: show opers (users/auspex) the +s channels a user is in. Values:
-          #  splitmsg  Split with an explanatory message
-          #  yes       Split with no explanatory message
-          #  no        Do not show
-          operspywhois="yes"
-
-          # runasuser: If this is set, InspIRCd will attempt to switch
-          # to run as this user, which allows binding of ports under 1024.
-          # You should NOT set this unless you are starting as root.
-          # NOT SUPPORTED/NEEDED UNDER WINDOWS.
-          #runasuser="ircd"
-
-          # runasgroup: If this is set, InspIRCd will attempt to switch
-          # to run as this group, which allows binding of ports under 1024.
-          # You should NOT set this unless you are starting as root.
-          # NOT SUPPORTED/NEEDED UNDER WINDOWS.
-          #runasgroup="ircd"
-
-          # restrictbannedusers: If this is set to yes, InspIRCd will not allow users
-          # banned on a channel to change nickname or message channels they are
-          # banned on.
-          restrictbannedusers="yes"
-
-          # genericoper: Setting this value to yes makes all opers on this server
-          # appear as 'is an IRC operator' in their WHOIS, regardless of their
-          # oper type, however oper types are still used internally. This only
-          # affects the display in WHOIS.
-          genericoper="no"
-
-          # userstats: /stats commands that users can run (opers can run all).
-          userstats="Pu">
-
-#-#-#-#-#-#-#-#-#-#-#-#-# LIMITS CONFIGURATION  #-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# This configuration tag defines the maximum sizes of various types   #
-# on IRC, such as the maximum length of a channel name, and the       #
-# maximum length of a channel. Note that with the exception of the    #
-# identmax value all values given here are the exact values you would #
-# expect to see on IRC. This contrasts with the older InspIRCd        #
-# releases where these values would be one character shorter than     #
-# defined to account for a null terminator on the end of the text.    #
-#                                                                     #
-# These values should match network-wide otherwise issues will occur. #
-#                                                                     #
-# The highest safe value you can set any of these options to is 500,  #
-# but it is recommended that you keep them somewhat                   #
-# near their defaults (or lower).                                     #
-
-<limits
-        # maxnick: Maximum length of a nickname.
-        maxnick="12"
-
-        # maxchan: Maximum length of a channel name.
-        maxchan="20"
-
-        # maxmodes: Maximum number of mode changes per line.
-        maxmodes="20"
-
-        # maxident: Maximum length of a ident/username.
-        maxident="64"
-
-        # maxquit: Maximum length of a quit message.
-        maxquit="255"
-
-        # maxtopic: Maximum length of a channel topic.
-        maxtopic="307"
-
-        # maxkick: Maximum length of a kick message.
-        maxkick="255"
-
-        # maxgecos: Maximum length of a GECOS (realname).
-        maxgecos="128"
-
-        # maxaway: Maximum length of an away message.
-        maxaway="200">
-
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Logging
-# -------
-#
-# Logging is covered with the <log> tag, which you may use to change
-# the behaviour of the logging of the IRCd.
-#
-# In InspIRCd as of 1.2, logging is pluggable and very extensible.
-# Different files can log the same thing, different 'types' of log can
-# go to different places, and modules can even extend the log tag
-# to do what they want.
-#
-# An example log tag would be:
-#  <log method="file" type="OPER" level="default" target="logs/opers.log">
-# which would log all information on /oper (failed and successful) to
-# a file called opers.log.
-#
-# There are many different types which may be used, and modules may
-# generate their own. A list of useful types:
-#  - USERS - information relating to user connection and disconnection
-#  - OPER - succesful and failed oper attempts
-#  - KILL - kill related messages
-#  - snomask - server notices (*all* snomasks will be logged)
-#  - FILTER - messages related to filter matches (m_filter)
-#  - CONFIG - configuration related messages
-#  - COMMAND - die and restart messages, and messages related to unknown user types
-#  - SOCKET - socket engine informational/error messages
-#  - MODULE - module related messages
-#  - STARTUP - messages related to starting up the server
-#
-# You may also log *everything* by using a type of *, and subtract things out
-# of that by using -TYPE - for example "* -USERINPUT -USEROUTPUT".
-#
-# Useful levels are:
-#  - default (general messages, including errors)
-#  - sparse (misc error messages)
-#  - debug (debug messages)
-#
-# Some types only produce output in the debug level, those are:
-#  - BANCACHE - ban cache debug messages
-#  - CHANNELS - information relating to joining/creating channels
-#  - CULLLIST - debug messages related to issues with removing users
-#  - RESOLVER - DNS related debug messages
-#  - CONNECTCLASS - Connection class debug messages
-#  - USERINPUT
-#  - USEROUTPUT
-#
-# The following log tag is highly default and uncustomised. It is recommended you
-# sort out your own log tags. This is just here so you get some output.
-
+    netbuffersize="10240"
+    somaxconn="128"
+    limitsomaxconn="true"
+    softlimit="1024"
+    quietbursts="yes">
 <log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="/var/log/inspircd/inspircd.log" flush="1">
+<pid file="/var/lib/inspircd/inspircd.pid">
+<options
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-  WHOWAS OPTIONS   -#-#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# This tag lets you define the behaviour of the /whowas command of    #
-# your server.                                                        #
-#                                                                     #
+    prefixquit="Quit: "
+    suffixquit=""
+    prefixpart="&quot;"
+    suffixpart="&quot;"
 
+    syntaxhints="no"
+
+    cyclehosts="no"
+    cyclehostsfromuser="no"
+
+    ircumsgprefix="no"
+
+    announcets="yes"
+
+    allowmismatch="no"
+
+    defaultbind="auto"
+
+    hostintopic="yes"
+
+    pingwarning="15"
+    serverpingfreq="60"
+
+    defaultmodes="not"
+
+    moronbanner="You're banned! Contact {{ organization['email'] }} with the ERROR line below for help."
+    exemptchanops="nonick:v flood:o"
+    invitebypassmodes="yes"
+    nosnoticestack="no"
+
+    welcomenotice="yes">
+
+
+
+# Security and Controls
+<security
+    announceinvites="dynamic"
+    hidemodes="eI"
+    hideulines="no"
+    flatlinks="no"
+    hidewhois=""
+    hidebans="no"
+    hidekills=""
+    hidesplits="yes"
+    maxtargets="20"
+    customversion=""
+    operspywhois="yes"
+    restrictbannedusers="yes"
+    genericoper="no"
+    userstats="Pu">
+<limits
+    maxnick="12"
+    maxchan="20"
+    maxmodes="20"
+    maxident="64"
+    maxquit="255"
+    maxtopic="307"
+    maxkick="255"
+    maxgecos="128"
+    maxaway="200">
+<channels users="20" opers="60">
+<maxlist chan="*" limit="60">
 <whowas
-        # groupsize: Maximum entries per nick shown when performing
-        # a /whowas nick.
-        groupsize="10"
+    groupsize="10"
+    maxgroups="100000"
+    maxkeep="1d">
 
-        # maxgroups: Maximum number of nickgroups that can be added to
-        # the list so that /whowas does not use a lot of resources on
-        # large networks.
-        maxgroups="100000"
-
-        # maxkeep: Maximum time a nick is kept in the whowas list
-        # before being pruned. Time may be specified in seconds,
-        # or in the following format: 1y2w3d4h5m6s. Minimum is
-        # 1 hour.
-        maxkeep="1d">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-  BAN OPTIONS  -#-#-#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# The ban tags define nick masks, host masks and ip ranges which are  #
-# banned from your server. All details in these tags are local to     #
-# Your server.                                                        #
-#                                                                     #
-
-#<badip ipmask="192.0.2.*" reason="Nope.">
+# Ban options
 <badnick nick="*Serv" reason="Reserved for Services">
 <badhost host="*@*malware*" reason="Malware">
 <badhost host="root@*" reason="Don't IRC as root!">
@@ -565,34 +168,8 @@
 <exception host="{{ organization['admin'] }}@127.0.0.1" reason="localhost">
 <exception host="{{ organization['admin'] }}@{{ external_domain }}" reason="localhost">
 <exception host="{{ organization['admin'] }}@*.{{ external_domain }}" reason="localhost">
-
-#-#-#-#-#-#-#-#-#-#-#- INSANE BAN OPTIONS  -#-#-#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# This optional tag allows you to specify how wide a gline, eline,    #
-# kline, zline or qline can be before it is forbidden from being      #
-# set. By setting hostmasks="yes", you can allow all G, K, E lines,   #
-# no matter how many users the ban would cover. This is not           #
-# recommended! By setting ipmasks="yes", you can allow all Z lines,   #
-# no matter how many users these cover too. Needless to say we        #
-# don't recommend you do this, or, set nickmasks="yes", which will    #
-# allow any qline.                                                    #
-#                                                                     #
 <insane
-        # hostmasks: Allow bans with insane hostmasks. (over-reaching bans)
-        hostmasks="no"
-        # ipmasks: Allow bans with insane ipmasks. (over-reaching bans)
-        ipmasks="no"
-        # nickmasks: Allow bans with insane nickmasks. (over-reaching bans)
-        nickmasks="no"
-        # trigger: What percentage of users on the network to trigger
-        # specifying an insane ban as. The default is 95.5%, which means
-        # if you have a 1000 user network, a ban will not be allowed if it
-        # will be banning 955 or more users.
-        trigger="99">
-
-#########################################################################
-#                                                                       #
-#                     - InspIRCd Development Team -                     #
-#                        http://www.inspircd.org                        #
-#                                                                       #
-#########################################################################
+    hostmasks="no"
+    ipmasks="no"
+    nickmasks="no"
+    trigger="99">
diff --git a/roles/IRC/templates/inspircd/links.conf.j2 b/roles/IRC/templates/inspircd/links.conf.j2
index c084693..31ece10 100644
--- a/roles/IRC/templates/inspircd/links.conf.j2
+++ b/roles/IRC/templates/inspircd/links.conf.j2
@@ -1,35 +1,5 @@
-#-#-#-#-#-#-#-#-#-#-#-  SERVER LINK CONFIGURATION  -#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# Defines which servers can link to this one, and which servers this  #
-# server may create outbound links to.                                #
-#                                                                     #
-#    ____                _   _____ _     _       ____  _ _   _        #
-#   |  _ \ ___  __ _  __| | |_   _| |__ (_)___  | __ )(_) |_| |       #
-#   | |_) / _ \/ _` |/ _` |   | | | '_ \| / __| |  _ \| | __| |       #
-#   |  _ <  __/ (_| | (_| |   | | | | | | \__ \ | |_) | | |_|_|       #
-#   |_| \_\___|\__,_|\__,_|   |_| |_| |_|_|___/ |____/|_|\__(_)       #
-#                                                                     #
-#  If you want to link servers to InspIRCd you must load the          #
-#  m_spanningtree.so module!                                          #
-#                                                                     #
-#                                                                     #
-
-# Server link block
-#<link name="hub.example.org"
-#      ipaddr="penguin.example.org"
-#      port="7000"
-#      allowmask="203.0.113.0/24"
-#      timeout="300"
-#      ssl="gnutls"
-#      bind="1.2.3.4"
-#      statshidden="no"
-#      hidden="no"
-#      sendpass="outgoing!password"
-#      recvpass="incoming!password">
 {{ secrets['IRC']['links'] }}
 
-# Link block for services. Options are the same as for the first
-# link block (depending on what your services package supports).
 <link name="ircservices.{{ external_domain }}"
       ipaddr="core.{{ replica_domain }}"
       port="8067"
@@ -37,19 +7,4 @@
       sendpass="{{ secrets['IRC']['servicespass'] }}"
       recvpass="{{ secrets['IRC']['servicespass'] }}">
 
-# Simple autoconnect block. This enables automatic connection to a hub
-#<autoconnect period="300" server="hub.example.org">
-
-#<autoconnect period="120" server="hub.us.example.org hub.eu.example.org leaf.eu.example.org">
-
-
-#-#-#-#-#-#-#-#-#-#-#-#- ULINES CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
-# This tag defines a ulined server. A U-Lined server has special      #
-# permissions, and should be used with caution. Services servers are  #
-# usually u-lined in this manner.                                     #
-#                                                                     #
-# The 'silent' value, if set to yes, indicates that this server should#
-# not generate quit and connect notices, which can cut down on noise  #
-# to opers on the network.                                            #
-#                                                                     #
 <uline server="ircservices.{{ external_domain }}" silent="no">
diff --git a/roles/IRC/templates/inspircd/modules.conf.j2 b/roles/IRC/templates/inspircd/modules.conf.j2
index 17f187f..b064dc6 100644
--- a/roles/IRC/templates/inspircd/modules.conf.j2
+++ b/roles/IRC/templates/inspircd/modules.conf.j2
@@ -1,58 +1,13 @@
-#-#-#-#-#-#-#-#-#-#-#-#-#-  MODULE OPTIONS   -#-#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-#  These tags define which modules will be loaded on startup by your  #
-#  server. Add modules without any paths. When you make your ircd     #
-#  using the 'make' command, all compiled modules will be moved into  #
-#  the folder you specified when you ran ./configure. The module tag  #
-#  automatically looks for modules in this location.                  #
-#  If you attempt to load a module outside of this location, either   #
-#  in the config, or via /LOADMODULE, you will receive an error.      #
-#                                                                     #
-#  By default, ALL modules are commented out. You must uncomment them #
-#  or add lines to your config to load modules. Please refer to       #
-#  http://wiki.inspircd.org/Modules for a list of modules and         #
-#  each modules link for any additional conf tags they require.       #
-#                                                                     #
-#    ____                _   _____ _     _       ____  _ _   _        #
-#   |  _ \ ___  __ _  __| | |_   _| |__ (_)___  | __ )(_) |_| |       #
-#   | |_) / _ \/ _` |/ _` |   | | | '_ \| / __| |  _ \| | __| |       #
-#   |  _ <  __/ (_| | (_| |   | | | | | | \__ \ | |_) | | |_|_|       #
-#   |_| \_\___|\__,_|\__,_|   |_| |_| |_|_|___/ |____/|_|\__(_)       #
-#                                                                     #
-# To link servers to InspIRCd, you MUST load the m_spanningtree       #
-# module. If you don't do this, server links will NOT work at all.    #
-# This is by design, to allow for the implementation of other linking #
-# protocols in modules in the future. This module is at the bottom of #
-# this file.                                                          #
-#                                                                     #
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Generate hashes using the /MKPASSWD command on the server.
+# Don't run it on a server you don't trust with your password.
+<module name="m_password_hash.so">
 # MD5 module: Allows other modules to generate MD5 hashes, usually for
 # cryptographic uses and security.
-#
-# IMPORTANT:
-# Other modules such as m_cloaking.so and m_password_hash.so may rely on
-# this module being loaded to function.
-#
 <module name="m_md5.so">
-#
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # SHA256 module: Allows other modules to generate SHA256 hashes,
 # usually for cryptographic uses and security.
-#
-# IMPORTANT:
-# Other modules such as m_password_hash.so may rely on this module being
-# loaded to function. Certain modules such as m_spanningtree.so will
-# function without this module but when it is loaded their features will
-# be enhanced (for example the addition of HMAC authentication).
-#
 <module name="m_sha256.so">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# RIPEMD160 module: Allows other modules to generate RIPEMD160 hashes,
-# usually for cryptographic uses and security.
-#
-# IMPORTANT:
-# Other modules may rely on this module being loaded to function.
-#<module name="m_ripemd160.so">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Abbreviation module: Provides the ability to abbreviate commands a-la
@@ -62,173 +17,28 @@
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Alias module: Allows you to define server-side command aliases.
 <module name="m_alias.so">
-#
-# Set the 'prefix' for in-channel aliases (fantasy commands) to the
-# specified character. If not set, the default is "!".
-# If 'allowbots' is disabled, +B clients will not be able to use
-# fantasy commands. If not set, the default is no.
-#<fantasy prefix="!" allowbots="no">
-#
-#-#-#-#-#-#-#-#-#-#-#-  ALIAS DEFINITIONS  -#-#-#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# If you have the m_alias.so module loaded, you may also define       #
-# aliases as shown below. They are commonly used to provide shortcut  #
-# commands to services, however they are not limited to just this use.#
-# An alias tag requires the following values to be defined in it:     #
-#                                                                     #
-# text        -      The text to detect as the actual command line.   #
-#                    Can't contain spaces, but case insensitive.      #
-#                    You may have multiple aliases with the same      #
-#                    command name (text="" value), however the first  #
-#                    found will be executed if its format value is    #
-#                    matched, or it has no format value. Aliases are  #
-#                    read from the top of the file to the bottom.     #
-#                                                                     #
-# usercommand -      If this is true, the alias can be run simply as  #
-#                    /aliasname. Defaults to true.                    #
-#                                                                     #
-# channelcommand -   If this is true, the alias can be used as an     #
-#                    in-channel alias or 'fantasy command', prefixed  #
-#                    by the fantasy prefix character, !aliasname by   #
-#                    default. Defaults to false.                      #
-#                                                                     #
-# format      -      If this is defined, the parameters of the alias  #
-#                    must match this glob pattern. For example if you #
-#                    want the first parameter to start with a # for   #
-#                    the alias to be executed, set format="#*" in the #
-#                    alias definition. Note that the :'s which are    #
-#                    part of IRC formatted lines will be preserved    #
-#                    for matching of this text. This value is         #
-#                    optional.                                        #
-#                                                                     #
-# replace     -      The text to replace 'text' with. Usually this    #
-#                    will be "PRIVMSG ServiceName :$2-" or similar.   #
-#                    You may use the variables $1 through $9 in the   #
-#                    replace string, which refer to the first through #
-#                    ninth word in the original string typed by the   #
-#                    user. You may also use $1- through $9- which     #
-#                    refer to the first word onwards, through to the  #
-#                    ninth word onwards, e.g. if the user types the   #
-#                    command "foo bar baz qux quz" then $3- will hold #
-#                    "baz qux quz" and $2 will contain "bar". You may #
-#                    also use the special variables: $nick, $ident,   #
-#                    $host and $vhost, and you may separate multiple  #
-#                    commands with a newline (which can be written in #
-#                    the file literally, or encoded as &nl; or \n     #
-#                    depending on the config format setting).         #
-#                                                                     #
-# requires    -      If you provide a value for 'requires' this means #
-#                    the given nickname MUST be online for the alias  #
-#                    to successfully trigger. If they are not, then   #
-#                    the user receives a 'no such nick' 401 numeric.  #
-#                                                                     #
-# uline       -      Setting this to true will ensure that the user   #
-#                    given in 'requires' is also on a u-lined server, #
-#                    as well as actually being on the network. If the #
-#                    user is online, but not on a u-lined server,     #
-#                    then an oper alert is sent out as this is        #
-#                    possibly a sign of a user trying to impersonate  #
-#                    a service.                                       #
-#                                                                     #
-# operonly    -      If true, this will make the alias oper only.     #
-#                    If a non-oper attempts to use the alias, it will #
-#                    appear to not exist.                             #
-#                                                                     #
+<alias text="NICKSERV" format=":IDENTIFY *" replace="PRIVMSG NickServ :IDENTIFY $3-" requires="NickServ" uline="yes">
+<alias text="ID" replace="PRIVMSG NickServ :IDENTIFY $2" requires="NickServ" uline="yes">
 <alias text="NICKSERV" replace="PRIVMSG NickServ :$2-" requires="NickServ" uline="yes">
-<alias text="CHANSERV" replace="PRIVMSG ChanServ :$2-" requires="ChanServ" uline="yes">
-<alias text="OPERSERV" replace="PRIVMSG OperServ :$2-" requires="OperServ" uline="yes" operonly="yes">
-<alias text="BOTSERV" replace="PRIVMSG BotServ :$2-" requires="BotServ" uline="yes">
-<alias text="HOSTSERV" replace="PRIVMSG HostServ :$2-" requires="HostServ" uline="yes">
-<alias text="MEMOSERV" replace="PRIVMSG MemoServ :$2-" requires="MemoServ" uline="yes">
 <alias text="NS" replace="PRIVMSG NickServ :$2-" requires="NickServ" uline="yes">
+<alias text="CHANSERV" replace="PRIVMSG ChanServ :$2-" requires="ChanServ" uline="yes">
 <alias text="CS" replace="PRIVMSG ChanServ :$2-" requires="ChanServ" uline="yes">
+<alias text="OPERSERV" replace="PRIVMSG OperServ :$2-" requires="OperServ" uline="yes" operonly="yes">
 <alias text="OS" replace="PRIVMSG OperServ :$2-" requires="OperServ" uline="yes" operonly="yes">
-<alias text="BS" replace="PRIVMSG BotServ :$2-" requires="BotServ" uline="yes">
+<alias text="HOSTSERV" replace="PRIVMSG HostServ :$2-" requires="HostServ" uline="yes">
 <alias text="HS" replace="PRIVMSG HostServ :$2-" requires="HostServ" uline="yes">
+<alias text="MEMOSERV" replace="PRIVMSG MemoServ :$2-" requires="MemoServ" uline="yes">
 <alias text="MS" replace="PRIVMSG MemoServ :$2-" requires="MemoServ" uline="yes">
-#
-# An example of using the format value to create an alias with two
-# different behaviours depending on the format of the parameters.
-#
-#<alias text="ID" format="#*" replace="PRIVMSG ChanServ :IDENTIFY $2 $3"
-#  requires="ChanServ" uline="yes">
-#
-<alias text="ID" replace="PRIVMSG NickServ :IDENTIFY $2"
-  requires="NickServ" uline="yes">
-#
-# This alias fixes a glitch in xchat 2.6.x and above and the way it
-# assumes IDENTIFY must be prefixed by a colon (:) character. It should
-# be placed ABOVE the default NICKSERV alias (the first example) listed
-# above.
-#
-<alias text="NICKSERV" format=":IDENTIFY *" replace="PRIVMSG NickServ :IDENTIFY $3-"
-  requires="NickServ" uline="yes">
-#
-# You may also add aliases to trigger based on something said in a
-# channel, aka 'fantasy' commands, configured in the same manner as any
-# other alias, with usercommand="no" and channelcommand="yes" The
-# command must be preceded by the fantasy prefix when used.
-#
-#<alias text="CS" usercommand="no" channelcommand="yes"
-#  replace="PRIVMSG ChanServ :$1 $chan $2-" requires="ChanServ" uline="yes">
-#
-# This would be used as "!cs <command> <options>", with the channel
-# being automatically inserted after the command in the message to
-# ChanServ, assuming the fantasy prefix is "!".
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Allowinvite module: Gives channel mode +A to allow all users to use
 # /INVITE, and extban A to deny invite from specific masks.
 <module name="m_allowinvite.so">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Alltime module: Shows time on all connected servers at once.
-# This module is oper-only and provides /ALLTIME.
-# To use, ALLTIME must be in one of your oper class blocks.
-#<module name="m_alltime.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Auditorium module: Adds channel mode +u which makes everyone else
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# # Auditorium module: Adds channel mode +u which makes everyone else
 # except you in the channel invisible, used for large meetings etc.
 <module name="m_auditorium.so">
-#
-# Auditorium settings:
-#
 <auditorium opvisible="no" opcansee="no" opercansee="yes">
-#
-# opvisible (auditorium-vis in exemptchanops):
-#   Show channel ops to all users
-# opcansee (auditorium-see in exemptchanops):
-#   Allow ops to see all joins/parts/kicks in the channel
-# opercansee:
-#   Allow opers (channels/auspex) to see see all joins/parts/kicks in the channel
-#
-# Exemptchanops can be used to adjust the level at which users become visible or
-# the level at which they can see the full member list of the channel.
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Autoop module: Adds basic channel access controls via the +w listmode.
-# For example +w o:*!Attila@127.0.0.1 will op anyone matching that mask
-# on join. This can be combined with extbans, for example +w o:R:Brain
-# will op anyone identified to the account "Brain".
-# Another useful combination is with SSL client certificate
-# fingerprints: +w h:z:72db600734bb9546c1bdd02377bc21d2a9690d48 will
-# give halfop to the user(s) having the given certificate.
-#<module name="m_autoop.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Ban except module: Adds support for channel ban exceptions (+e).
-#<module name="m_banexception.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Ban redirection module: Allows bans which redirect to a specified
-# channel. e.g. +b nick!ident@host#channelbanneduserissentto
-#<module name="m_banredirect.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Block amsg module: Attempt to block all usage of /amsg and /ame.
-#<module name="m_blockamsg.so">
-#
 #-#-#-#-#-#-#-#-#-#-#-  BLOCKAMSG CONFIGURATION  -#-#-#-#-#-#-#-#-#-#-#
 #                                                                     #
 # If you have the m_blockamsg.so module loaded, you can configure it  #
@@ -244,54 +54,20 @@
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Block CAPS module: Adds channel mode +B, blocks all-CAPS messages.
-#<module name="m_blockcaps.so">
-#
-#-#-#-#-#-#-#-#-#-#-#-  BLOCKCAPS CONFIGURATION  -#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# percent        - How many percent of text must be caps before text  #
-#                  will be blocked.                                   #
-#                                                                     #
-# minlen         - The minimum length a line must be for the block    #
-#                  percent to have any effect.                        #
-#                                                                     #
-# capsmap        - A list of chars to be considered CAPS. Can be used #
-#                  to add CAPS characters for your language. Also you #
-#                  can add things like ! and space to further lock    #
-#                  down on caps usage.                                #
-#<blockcaps percent="50"
-#           minlen="5"
-#           capsmap="ABCDEFGHIJKLMNOPQRSTUVWXYZ! ">
+<module name="m_blockcaps.so">
+<blockcaps percent="50"
+           minlen="5"
+           capsmap="ABCDEFGHIJKLMNOPQRSTUVWXYZ! ">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Block color module: Blocking color-coded messages with chan mode +c.
-#<module name="m_blockcolor.so">
+<module name="m_blockcolor.so">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Botmode module: Adds the user mode +B. If set on a user, it will
 # show that the user is a bot in /WHOIS.
 <module name="m_botmode.so">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# CallerID module: Adds usermode +g which activates hybrid-style
-# callerid: block all private messages unless you /ACCEPT first.
-#<module name="m_callerid.so">
-#
-#-#-#-#-#-#-#-#-#-#-#- CALLERID  CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
-# maxaccepts     - Maximum number of entries a user can add to his    #
-#                  /ACCEPT list. Default is 16 entries.               #
-# operoverride   - Can opers (note: ALL opers) override callerid?     #
-#                  Default is no.                                     #
-# tracknick      - Preserve /accept entries when a user changes nick? #
-#                  If no (the default), the user is removed from      #
-#                  everyone's accept list if he changes nickname.     #
-# cooldown       - Amount of time (in seconds) that must pass since   #
-#                  the last notification sent to a user before he can #
-#                  be sent another. Default is 60 (1 minute).         #
-#<callerid maxaccepts="16"
-#          operoverride="no"
-#          tracknick="no"
-#          cooldown="60">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # CAP module: Provides the CAP negotiation mechanism required by the
 # m_sasl, m_namesx, m_uhnames, and m_ircv3 modules.
@@ -299,63 +75,27 @@
 <module name="m_cap.so">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# CBAN module: Lets you disallow channels from being used at runtime.
-# This module is oper-only and provides /CBAN.
-# To use, CBAN must be in one of your oper class blocks.
-#<module name="m_cban.so">
+# SASL authentication module: Provides support for IRC Authentication
+# Layer via AUTHENTICATE. Note: You also need to have m_cap.so loaded
+# for SASL to work.
+<module name="m_sasl.so">
+<sasl target="ircservices.{{ external_domain }}">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Censor module: Adds channel and user mode +G.
-#<module name="m_censor.so">
-#
-#-#-#-#-#-#-#-#-#-#-#-  CENSOR  CONFIGURATION  -#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# Optional - If you specify to use the m_censor module, then you must #
-# specify some censor tags. See also:                                 #
-# http://wiki.inspircd.org/Modules/censor                             #
-#
-#<include file="conf/examples/censor.conf.example">
+# IRCv3 module: Provides the following IRCv3.1 extensions:
+# extended-join, away-notify and account-notify. These are optional
+# enhancements to the client-to-server protocol. An extension is only
+# active for a client when the client specifically requests it, so this
+# module needs m_cap to work.
+# http://ircv3.org/extensions/
+<module name="m_ircv3.so">
+<ircv3 accountnotify="on" awaynotify="on" extendedjoin="on">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # CGI:IRC module: Adds support for automatic host changing in CGI:IRC
 # (http://cgiirc.sourceforge.net).
 <module name="m_cgiirc.so">
 <cgihost type="webirc" password="{{ secrets['IRC']['webirc'] }}" mask="127.0.0.1">
-#
-#-#-#-#-#-#-#-#-#-#-#-# CGIIRC  CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
-#
-# Optional - If you specify to use m_cgiirc, then you must specify one
-# or more cgihost tags which indicate authorised CGI:IRC servers which
-# will be connecting to your network, and an optional cgiirc tag.
-# For more information see: http://wiki.inspircd.org/Modules/cgiirc
-#
-# Set to yes if you want to notice opers when CGI:IRC clients connect.
-# <cgiirc opernotice="no">
-#
-# The type field indicates where the module should get the real
-# client's IP address from, for further information, please see the
-# CGI:IRC documentation.
-#
-# Old style:
-# <cgihost type="pass" mask="www.example.com">       # Get IP from PASS
-# <cgihost type="ident" mask="otherbox.example.com"> # Get IP from ident
-# <cgihost type="passfirst" mask="www.example.com">  # See the docs
-# New style:
-# <cgihost type="webirc" password="foobar"
-#   mask="somebox.example.com">                      # Get IP from WEBIRC
-#
-# IMPORTANT NOTE:
-# ---------------
-#
-# When you connect CGI:IRC clients, there are two connect classes which
-# apply to these clients. When the client initially connects, the connect
-# class which matches the CGI:IRC site's host is checked. Therefore you
-# must raise the maximum local/global clients for this ip as high as you
-# want to allow cgi clients. After the client has connected and is
-# determined to be a cgi:irc client, the class which matches the client's
-# real IP is then checked. You may set this class to a lower value, so that
-# the real IP of the client can still be restricted to, for example, 3
-# sessions maximum.
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Channel create module: Adds snomask +j, which will notify opers of
@@ -363,15 +103,6 @@
 # This module is oper-only.
 <module name="m_chancreate.so">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Channel filter module: Allows channel-op defined message filtering
-# using simple string matches (channel mode +g).
-#<module name="m_chanfilter.so">
-#
-# If hidemask is set to yes, the user will not be shown the mask when
-# his/her message is blocked.
-#<chanfilter hidemask="yes">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Channel history module: Displays the last 'X' lines of chat to a user
 # joining a channel with +H 'X:T' set; 'T' is the maximum time to keep
@@ -395,162 +126,50 @@
 <module name="m_chanlog.so">
 <chanlog snomasks="AOcC" channel="#private">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Channel names module: Allows disabling channels which have certain
-# characters in the channel name such as bold, colorcodes, etc. which
-# can be quite annoying and allow users to on occasion have a channel
-# that looks like the name of another channel on the network.
-#<module name="m_channames.so">
-
-#<channames
-	# denyrange: characters or range of characters to deny in channel
-	# names.
-	#denyrange="2,3"
-
-	# allowrange: characters or range of characters to specifically allow
-	# in channel names.
-	#allowrange="">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Channelban: Implements extended ban j:, which stops anyone already
-# in a channel matching a ban like +b j:#channel*mask from joining.
-# Note that by default wildcard characters * and ? are allowed in
-# channel names. To disallow them, load m_channames and add characters
-# 42 and 63 to denyrange (see above).
-#<module name="m_channelban.so">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Custom prefixes: Allows for channel prefixes to be configured.
 <module name="customprefix">
-#
-# name       The name of the mode, must be unique from other modes.
-# letter     The letter used for this mode. Required.
-# prefix     The prefix used for nicks with this mode. Not required.
-# rank       A numeric rank for this prefix, defining what permissions it gives.
-#            The rank of voice, halfop and op is 10000, 20000, and 30000,
-#            respectively.
-# ranktoset  The numeric rank required to set this mode. Defaults to rank.
-# ranktounset The numeric rank required to unset this mode. Defaults to ranktoset.
-# depriv     Can you remove the mode from yourself? Defaults to yes.
 <customprefix name="founder" letter="q" prefix="~" rank="50000" ranktoset="50000">
 <customprefix name="admin" letter="a" prefix="&amp;" rank="40000" ranktoset="50000">
+#<customprefix name="op" letter="o" prefix="@" rank="30000" ranktoset="30000">
 <customprefix name="halfop" letter="h" prefix="%" rank="20000" ranktoset="30000">
-#
-# You can also override the configuration of prefix modes added by both the core
-# and other modules by adding a customprefix tag with change="yes" specified.
-# <customprefix name="op" change="yes" rank="30000" ranktoset="30000">
-# <customprefix name="voice" change="yes" rank="10000" ranktoset="20000" depriv="no">
-
+#<customprefix name="voice" letter="o" prefix="@" rank="10000" ranktoset="20000">
+<module name="m_operprefix.so">
+<operprefix prefix="^">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Check module: Adds the /CHECK command.
-# Check is useful for looking up information on channels, users,
-# IP addresses and hosts.
 # This module is oper-only.
-# To use, CHECK must be in one of your oper class blocks.
 <module name="m_check.so">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # CHGHOST module: Adds the /CHGHOST command.
 # This module is oper-only.
-# To use, CHGHOST must be in one of your oper class blocks.
-# NOTE: Services will not be able to set vhosts on users if this module
-# isn't loaded. If you're planning on running services, you probably
-# want to load this.
 <module name="m_chghost.so">
-#
-#-#-#-#-#-#-#-#-# /CHGHOST - /SETHOST  CONFIGURATION #-#-#-#-#-#-#-#-#
-# Optional - If you want to use special chars for hostnames you can  #
-# specify your own custom list of chars with the <hostname> tag:     #
-#                                                                    #
-# charmap        - A list of chars accepted as valid by the /CHGHOST #
-#                  and /SETHOST commands. Also note that the list is #
-#                  case-sensitive.                                   #
 <hostname charmap="abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ.-_/0123456789">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # CHGIDENT module: Adds the /CHGIDENT command.
 # This module is oper-only.
-# To use, CHGIDENT must be in one of your oper class blocks.
 <module name="m_chgident.so">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # CHGNAME module: Adds the /CHGNAME command.
 # This module is oper-only.
-# To use, CHGNAME must be in one of your oper class blocks.
 <module name="m_chgname.so">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Cloaking module: Adds usermode +x and cloaking support.
 # Relies on the module m_md5.so being loaded.
-# To cloak users when they connect, load m_conn_umodes and set
-# <connect:modes> to include the +x mode. The example <connect> tag
-# shows this. See the m_conn_umodes module for more information.
 <module name="m_cloaking.so">
-#
-#-#-#-#-#-#-#-#-#-#-#- CLOAKING  CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# To use m_cloaking, you must define a cloak key, and optionally a    #
-# cloak prefix as shown below. The cloak key must be shared across    #
-# the network for correct cloaking.                                   #
-#                                                                     #
-# There are four methods of cloaking:                                 #
-#                                                                     #
-#   half           Cloak only the "unique" portion of a host; show    #
-#                  the last 2 parts of the domain, /16 subnet of IPv4 #
-#                  or /48 subnet of the IPv6 address.                 #
-#                                                                     #
-#   full           Cloak the users completely, using three slices for #
-#                  common CIDR bans (IPv4: /16, /24; IPv6: /48, /64). #
-#                                                                     #
-# These methods use a single key that can be any length of text.      #
-# An optional prefix may be specified to mark cloaked hosts.          #
-#                                                                     #
-# The following methods are maintained for backwards compatibility;   #
-# they are slightly less secure, and always hide unresolved IPs.      #
-#                                                                     #
-#   compat-host    InspIRCd 1.2-compatible host-based cloaking.       #
-#   compat-ip      InspIRCd 1.2-compatible ip-always cloaking.        #
-#                                                                     #
-# If you use a compat cloaking mode then you must specify key1, key2, #
-# key3, key4; the values must be less than 0x80000000 and should be   #
-# picked at random. Prefix is mandatory, will default to network name #
-# if not specified, and will always have a "-" appended.              #
-#
 <cloak mode="half"
        key="{{ secrets['IRC']['cloakpass'] }}"
        prefix="aninix-">
 
-#-#-#-#-#-#-#-#-#-#-#-#- CLOSE MODULE #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Close module: Allows an oper to close all unregistered connections.
-# This module is oper-only and provides the /CLOSE command.
-# To use, CLOSE must be in one of your oper class blocks.
-# <module name="m_close.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Clones module: Adds an oper command /CLONES for detecting cloned
-# users. Warning: This command may be resource intensive when it is
-# issued, use with care.
-# This module is oper-only.
-# To use, CLONES must be in one of your oper class blocks.
-#<module name="m_clones.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Common channels module: Adds user mode +c, which, when set, requires
-# that users must share a common channel with you to PRIVMSG or NOTICE
-# you.
-#<module name="m_commonchans.so">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Auto join on connect module: Allows you to force users to join one
 # or more channels automatically upon connecting to the server.
 <module name="m_conn_join.so">
-#
-#-#-#-#-#-#-#-#-#-#-#-#- CONNJOIN CONFIGURATION  -#-#-#-#-#-#-#-#-#-#-#
-#
-# If you have m_conn_join.so loaded, you can configure it using the
-# following values, or set autojoin="#chat,#help" in <connect> blocks.
-#
 <autojoin channel="#lobby">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
@@ -564,170 +183,25 @@
 # and don't let them connect until they reply with a PONG.
 # This is useful to stop certain kinds of bots and proxies.
 <module name="m_conn_waitpong.so">
-#
-#-#-#-#-#-#-#-#-#-#-#-   WAITPONG CONFIGURATION  -#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# If you have the m_conn_waitpong.so module loaded, configure it with #
-# the <waitpong> tag:                                                 #
-#                                                                     #
-# sendsnotice    -   Whether to send a helpful notice to users on     #
-#                    connect telling them how to connect, should      #
-#                    their client not reply PONG automatically.       #
-#                                                                     #
-# killonbadreply -   Whether to kill the user if they send the wrong  #
-#                    PONG reply.                                      #
-#                                                                     #
 <waitpong sendsnotice="yes" killonbadreply="yes">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Channel cycle module: Adds the /CYCLE command which is a server-side
-# /HOP that bypasses restrictive modes.
-#<module name="m_cycle.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Connectban: Provides IP connection throttling. Any IP range that
-# connects too many times (configurable) in an hour is Z-Lined for a
-# (configurable) duration, and their count resets to 0.
-#<module name="m_connectban.so">
-#
-# ipv4cidr and ipv6cidr allow you to turn the comparison from
-# individual IP addresses (32 and 128 bits) into CIDR masks, to allow
-# for throttling over whole ISPs/blocks of IPs, which may be needed to
-# prevent attacks.
-#
-# This allows for 10 connections in an hour with a 10 minute ban if
-# that is exceeded.
-#<connectban threshold="10" duration="10m" ipv4cidr="32" ipv6cidr="128">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Connection throttle module.
 <module name="m_connflood.so">
-#
-#-#-#-#-#-#-#-#-#-#-#- CONNTHROTTLE CONFIGURATION  -#-#-#-#-#-#-#-#-#-#
-#  seconds, maxconns -  Amount of connections per <seconds>.
-#
-#  timeout           -  Time to wait after the throttle was activated
-#                       before deactivating it. Be aware that the time
-#                       is seconds + timeout.
-#
-#  quitmsg           -  The message that users get if they attempt to
-#                       connect while the throttle is active.
-#
-#  bootwait          -  Amount of time in seconds to wait before enforcing
-#                       the throttling when the server just booted.
-#
 <connflood seconds="15" maxconns="5" timeout="30"
    quitmsg="Throttled" bootwait="10">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Custom prefixes: Allows for channel prefixes to be added.
-# This replaces m_chanprotect and m_halfop.
-#<module name="m_customprefix.so">
-#
-# name       The name of the mode, must be unique from other modes.
-# letter     The letter used for this mode. Required.
-# prefix     The prefix used for nicks with this mode. Not required.
-# rank       A numeric rank for this prefix, defining what permissions it gives.
-#            The rank of voice, halfop and op is 10000, 20000, and 30000,
-#            respectively.
-# ranktoset  The numeric rank required to set/unset this mode. Defaults to rank.
-# depriv     Can you remove the mode from yourself? Defaults to yes.
-#<customprefix name="founder" letter="q" prefix="~" rank="50000" ranktoset="50000">
-#<customprefix name="admin" letter="a" prefix="&amp;" rank="40000" ranktoset="50000">
-#<customprefix name="halfop" letter="h" prefix="%" rank="20000" ranktoset="30000">
-#<customprefix name="halfvoice" letter="V" prefix="-" rank="1" ranktoset="20000">
-#
-# Do /RELOADMODULE m_customprefix.so after changing the settings of this module.
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Custom title module: Adds the /TITLE command which allows for trusted
-# users to gain a custom whois line and an optional vhost can be
-# specified.
-#<module name="m_customtitle.so">
-#
-#-#-#-#-#-#-#-#-#-#-  CUSTOM TITLE CONFIGURATION   -#-#-#-#-#-#-#-#-#-#
-#  name     - The username used to identify.
-#  password - The password used to identify.
-#  hash     - The hash for the specific user's password (optional).
-#             m_password_hash.so and a hashing module must be loaded
-#             for this to work.
-#  host     - Allowed hostmask (optional).
-#  title    - Title shown in whois.
-#  vhost    - Displayed host (optional).
-#
-#<title name="foo" password="bar" title="Official Chat Helper">
-#<title name="bar" password="foo" host="ident@test.org" title="Official Chat Helper" vhost="helper.test.org">
-#<title name="foo" password="fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9" hash="sha256" title="Official Chat Helper">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # DCCALLOW module: Adds the /DCCALLOW command.
 #<module name="m_dccallow.so">
-#
-#-#-#-#-#-#-#-#-#-#-#-  DCCALLOW CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#
-#  blockchat         - Whether to block DCC CHAT as well as DCC SEND.
-#  length            - Default duration of entries in DCCALLOW list.
-#  action            - Default action to take if no action is
-#                      specified, can be 'block' or 'allow'.
-#  maxentries        - Max number of nicks to allow on a DCCALLOW list.
-#
-# File configuration:
-#  pattern           - The glob pattern to match against.
-#  action            - Action to take if a user attempts to send a file
-#                      that matches this pattern, can be 'block' or
-#                      'allow'.
-#
 #<dccallow blockchat="yes" length="5m" action="block" maxentries="20">
 #<banfile pattern="*.exe" action="block">
 #<banfile pattern="*.txt" action="allow">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Deaf module: Adds support for the usermode +d - deaf to channel
-# messages and channel notices.
-#<module name="m_deaf.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Delay join module: Adds the channel mode +D which delays all JOIN
-# messages from users until they speak. If they quit or part before
-# speaking, their quit or part message will not be shown to the channel
-# which helps cut down noise on large channels in a more friendly way
-# than the auditorium mode. Only channel ops may set the +D mode.
-#<module name="m_delayjoin.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Delay message module: Adds the channel mode +d which disallows a user
-# from talking in the channel unless they've been joined for X seconds.
-# Settable using /MODE #chan +d 30
-#<module name="m_delaymsg.so">
-# Set allownotice to no to disallow NOTICEs too. Defaults to yes.
-#<delaymsg allownotice="no">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Deny channels module: Deny channels from being used by users.
 <module name="m_denychans.so">
-#
-#-#-#-#-#-#-#-#-#-#-#-   DENYCHAN DEFINITIONS  -#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# If you have the m_denychans.so module loaded, you need to specify   #
-# the channels to deny:                                               #
-#                                                                     #
-# name        -      The channel name to deny (glob masks are ok).    #
-# allowopers  -      If operators are allowed to override the deny.   #
-# reason      -      Reason given for the deny.                       #
-# redirect    -      Redirect the user to a different channel.        #
-#                                                                     #
-<badchan name="#private*" redirect="#lobby" allowopers="yes" reason="Bots and opers only">         #
-#<badchan name="#chan1" redirect="#chan2" reason="Chan1 is closed">   #
-#                                                                     #
-# Redirects will not work if the target channel is set +L.            #
-#                                                                     #
-# Additionally, you may specify channels which are allowed, even if   #
-# a badchan tag specifies it would be denied:                         #
-#<goodchan name="#funtimes">                                          #
-# Glob masks are accepted here also.                                  #
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Devoice module: Let users devoice themselves using /DEVOICE #chan.
-#<module name="m_devoice.so">
+<badchan name="#private*" redirect="#lobby" allowopers="yes" reason="Bots and opers only">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # DNS blacklist module: Provides support for looking up IPs on one or #
@@ -737,51 +211,6 @@
 # For configuration options please see the wiki page for m_dnsbl at   #
 # http://wiki.inspircd.org/Modules/dnsbl                              #
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Exempt channel operators module: Provides support for allowing      #
-# channel operators to be exempt from some channel modes.  Supported  #
-# modes are blockcaps, noctcp, blockcolor, nickflood, flood, censor,  #
-# filter, regmoderated, nonick, nonotice, and stripcolor.             #
-#<module name="m_exemptchanops.so">                                   #
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Filter module: Provides message filtering, similar to SPAMFILTER.   #
-#<module name="m_filter.so">
-#                                                                     #
-# This module depends upon a regex provider such as m_regex_pcre or   #
-# m_regex_glob to function. You must specify which of these you want  #
-# m_filter to use via the tag below.                                  #
-#                                                                     #
-# Valid engines are:                                                  #
-#                                                                     #
-# glob   - Glob patterns, provided via m_regex_glob.                  #
-# pcre   - PCRE regexps, provided via m_regex_pcre, needs libpcre.    #
-# tre    - TRE regexps, provided via m_regex_tre, requires libtre.    #
-# posix  - POSIX regexps, provided via m_regex_posix, not available   #
-#          on Windows, no dependencies on other operating systems.    #
-# stdlib - stdlib regexps, provided via m_regex_stdlib, see comment   #
-#          at the <module> tag for info on availability.              #
-#                                                                     #
-#<filteropts engine="glob">                                           #
-#                                                                     #
-# Your choice of regex engine must match on all servers network-wide.
-#
-# You may specify specific channels that are exempt from being filtered:
-#<exemptfromfilter channel="#blah">
-#
-#-#-#-#-#-#-#-#-#-#-#-  FILTER  CONFIGURATION  -#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# Optional - If you specify to use the m_filter module, then          #
-# specify below the path to the filter.conf file, or define some      #
-# <filter> tags.                                                      #
-#                                                                     #
-#<include file="conf/examples/filter.conf.example">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Gecos ban: Implements extended ban 'r', which stops anyone matching
-# a mask like +b r:*realname?here* from joining a channel.
-#<module name="m_gecosban.so">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # GeoIP module: Allows the server admin to match users by country code.
 # This module is in extras. Re-run configure with:
@@ -810,435 +239,49 @@
 # To use, GLOBOPS must be in one of your oper class blocks.
 <module name="m_globops.so">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Global load module: Allows loading and unloading of modules network-
-# wide (USE WITH EXTREME CAUTION!)
-# This module is oper-only and provides /GLOADMODULE, /GUNLOADMODULE
-# and /GRELOADMODULE.
-# To use, GLOADMODULE, GUNLOADMODULE and GRELOADMODULE
-# must be in one of your oper class blocks.
-#<module name="m_globalload.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Halfop module: Provides the +h (halfops) channel status mode.
-#<module name="m_halfop.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# HELPOP module: Provides the /HELPOP command.
-#<module name="m_helpop.so">
-#
-#-#-#-#-#-#-#-#-#-#-#-#-  HELPOP  CONFIGURATION  -#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# If you specify to use the m_helpop.so module, then specify below    #
-# the path to the helpop.conf file.                                   #
-#<include file="conf/examples/inspircd.helpop-full.example">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Hide chans module: Allows users to hide their channels list from non-
 # opers by setting user mode +I on themselves.
 <module name="m_hidechans.so">
-#
-# This mode can optionally prevent opers from seeing channels on a +I
-# user, for more privacy if set to true.
-# This setting is not recommended for most mainstream networks.
-#<hidechans affectsopers="false">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Hide oper module: Allows opers to hide their oper status from non-
-# opers by setting user mode +H on themselves.
-# This module is oper-only.
-#<module name="m_hideoper.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Hostchange module: Allows a different style of cloaking.
-#<module name="m_hostchange.so">
-#
-#-#-#-#-#-#-#-#-#-#-#-  HOSTCHANGE  CONFIGURATION  -#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# See http://wiki.inspircd.org/Modules/hostchange for help.           #
-#                                                                     #
-#<host suffix="invalid.org" separator="." prefix="">
-#<hostchange mask="*@42.theanswer.example.org" action="addnick">
-#<hostchange mask="*root@*" action="suffix">
-#<hostchange mask="a@example.com" action="set" value="foo.bar.baz">
-#<hostchange mask="localhost" ports="7000,7001,7005-7007" action="set" value="blahblah.foo">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# httpd module: Provides HTTP server support for InspIRCd.
-#<module name="m_httpd.so">
-#
-#-#-#-#-#-#-#-#-#-#-#-#-  HTTPD   CONFIGURATION  -#-#-#-#-#-#-#-#-#-#-#
-#
-# If you choose to use the m_httpd.so module, then you will need to add
-# a <bind> tag with type "httpd", and load at least one of the other
-# m_httpd_* modules to provide pages to display.
-#
-# You can adjust the timeout for HTTP connections below. All HTTP
-# connections will be closed after (roughly) this many seconds.
-#<httpd timeout="20">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# HTTP ACL module: Provides access control lists for m_httpd dependent
-# modules. Use this module to restrict pages by IP address and by
-# password.
-#<module name="m_httpd_acl.so">
-#
-#-#-#-#-#-#-#-#-#-#-#-#- HTTPD ACL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
-#
-# Restrict access to the m_httpd_stats module to all but the local
-# network and when the correct password is specified:
-# <httpdacl path="/stats*" types="password,whitelist"
-#    username="secrets" password="mypasshere" whitelist="127.0.0.*,10.*">
-#
-# Deny all connections to all but the main index page:
-# <httpdacl path="/*" types="blacklist" blacklist="*">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# HTTP config module: Allows the configuration of the server to be
-# viewed over HTTP. Requires m_httpd.so to be loaded for it to function.
-#<module name="m_httpd_config.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# HTTP stats module: Provides basic stats pages over HTTP.
-# Requires m_httpd.so to be loaded for it to function.
-#<module name="m_httpd_stats.so">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Ident: Provides RFC 1413 ident lookup support.
-# When this module is loaded <connect:allow> tags may have an optional
-# useident="yes|no" boolean value, determining whether or not to lookup
-# ident on users matching that connect tag.
 <module name="m_ident.so">
-#
-#-#-#-#-#-#-#-#-#-#-#-#-   IDENT CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# Optional - If you are using the m_ident.so module, then you can     #
-# specify the timeout for ident lookups here. If not defined, it will #
-# default to 5 seconds. This is a non-blocking timeout which holds    #
-# the user in a 'connecting' state until the lookup is complete.      #
-# The bind value indicates which IP to bind outbound requests to.     #
-#
 <ident timeout="20">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Invite exception module: Adds support for channel invite exceptions
-# (+I).
-#<module name="m_inviteexception.so">
-# bypasskey: If this is enabled, exceptions will bypass +k as well as +i
-#<inviteexception bypasskey="yes">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# IRCv3 module: Provides the following IRCv3.1 extensions:
-# extended-join, away-notify and account-notify. These are optional
-# enhancements to the client-to-server protocol. An extension is only
-# active for a client when the client specifically requests it, so this
-# module needs m_cap to work.
-#
-# Further information on these extensions can be found at the IRCv3
-# working group website:
-# http://ircv3.org/extensions/
-#
-#<module name="m_ircv3.so">
-# The following block can be used to control which extensions are
-# enabled. Note that extended-join can be incompatible with m_delayjoin
-# and host cycling.
-<ircv3 accountnotify="on" awaynotify="on" extendedjoin="on">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Join flood module: Adds support for join flood protection +j X:Y.
-# Closes the channel for 60 seconds if X users join in Y seconds.
-#<module name="m_joinflood.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Jump server module: Adds support for the RPL_REDIR numeric.
-# This module is oper-only.
-# To use, JUMPSERVER must be in one of your oper class blocks.
-# If your server is redirecting new clients and you get disconnected,
-# do a REHASH from shell to open up again.
-#<module name="m_jumpserver.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Anti auto rejoin: Adds support for prevention of auto-rejoin (+J).
-#<module name="m_kicknorejoin.so">
-# Set the maximum time that is accepted as a parameter for +J here.
-#<kicknorejoin maxtime="1m">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Knock module: Adds the /KNOCK command and channel mode +K.
 <module name="m_knock.so">
-#
-# This setting specifies what to do when someone successfully /KNOCKs.
-# If set to "notice", then a NOTICE will be sent to the channel.
-# This is the default and the compatible setting, as it requires no
-# special support from the clients.
-# If set to "numeric" then a 710 numeric will be sent to the channel.
-# This allows easier scripting but not all clients support it.
-# If set to "both" then (surprise!) both will be sent.
 <knock notify="notice">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# LDAP authentication module: Adds the ability to authenticate users  #
-# via LDAP. This is an extra module which must be enabled explicitly  #
-# by symlinking it from modules/extra, and requires the OpenLDAP libs #
-# This module is in extras. To enable it, Re-run configure with:      #
-# ./configure --enable-extras=m_ldapauth.cpp                          #
-# and run make install, then uncomment this module.                   #
-#<module name="m_ldapauth.so">
-#                                                                     #
-# Configuration:                                                      #
-#                                                                     #
-# <ldapauth baserdn="ou=People,dc=brainbox,dc=cc"                     #
-#           attribute="uid"                                           #
-#           server="ldap://brainwave.brainbox.cc"                     #
-#           allowpattern="Guest*"                                     #
-#           killreason="Access denied"                                #
-#           searchscope="subtree"                                     #
-#           binddn="cn=Manager,dc=brainbox,dc=cc"                     #
-#           bindauth="mysecretpass"                                   #
-#           verbose="yes"                                             #
-#           host="$uid.$ou.inspircd.org">                             #
-#                                                                     #
-# <ldapwhitelist cidr="10.42.0.0/16">                                 #
-#                                                                     #
-# <ldaprequire attribute="attr" value="val">                          #
-#                                                                     #
-# The baserdn indicates the base DN to search in for users. Usually   #
-# this is 'ou=People,dc=yourdomain,dc=yourtld'.                       #
-#                                                                     #
-# The attribute value indicates the attribute which is used to locate #
-# a user account by name. On POSIX systems this is usually 'uid'.     #
-#                                                                     #
-# The server parameter indicates the LDAP server to connect to. The   #
-# ldap:// style scheme before the hostname proper is MANDATORY.       #
-#                                                                     #
-# The allowpattern value allows you to specify a wildcard mask which  #
-# will always be allowed to connect regardless of if they have an     #
-# account, for example guest users.                                   #
-#                                                                     #
-# Killreason indicates the QUIT reason to give to users if they fail  #
-# to authenticate.                                                    #
-#                                                                     #
-# The searchscope value indicates the subtree to search under. On our #
-# test system this is 'subtree'. Your mileage may vary.               #
-#                                                                     #
-# Setting the verbose value causes an oper notice to be sent out for  #
-# every failed authentication to the server, with an error string.    #
-#                                                                     #
-# The binddn and bindauth indicate the DN to bind to for searching,   #
-# and the password for the distinguished name. Some LDAP servers will #
-# allow anonymous searching in which case these two values do not     #
-# need defining, otherwise they should be set similar to the examples #
-# above.                                                              #
-#                                                                     #
-# ldapwhitelist indicates that clients connecting from an IP in the   #
-# provided CIDR do not need to authenticate against LDAP. It can be   #
-# repeated to whitelist multiple CIDRs.                               #
-#                                                                     #
-# ldaprequire allows further filtering on the LDAP user, by requiring #
-# certain LDAP attibutes to have a given value. It can be repeated,   #
-# in which case the list will act as an OR list, that is, the         #
-# authentication will succeed if any of the requirements in the list  #
-# is satisfied.                                                       #
-#                                                                     #
-# host allows you to change the displayed host of users connecting    #
-# from ldap. The string supplied takes formatters which are replaced  #
-# from the DN. For instance, if your DN looks like:                   #
-# uid=w00t,ou=people,dc=inspircd,dc=org, then the formatters uid, ou  #
-# and dc will be available to you. If a key is given multiple times   #
-# in the DN, the last appearance will take precedence.                #
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# LDAP oper configuration module: Adds the ability to authenticate    #
-# opers via LDAP. This is an extra module which must be enabled       #
-# explicitly by symlinking it from modules/extra, and requires the    #
-# OpenLDAP libs. Re-run configure with:                               #
-# ./configure --enable-extras=m_ldapoper.cpp
-# and run make install, then uncomment this module to enable it.      #
-#<module name="m_ldapoper.so">
-#                                                                     #
-# Configuration:                                                      #
-#                                                                     #
-# <ldapoper baserdn="ou=People,dc=brainbox,dc=cc"
-#           server="ldap://brainwave.brainbox.cc"
-#           searchscope="subtree"
-#           binddn="cn=Manager,dc=brainbox,dc=cc"
-#           bindauth="mysecretpass"
-#           attribute="uid">
-#                                                                     #
-# Available configuration items are identical to the same items in    #
-# m_ldapauth above (except for the verbose setting, that is only      #
-# supported in m_ldapauth).                                           #
-# Please always specify a password in your <oper> tags even if the    #
-# opers are to be authenticated via LDAP, so in case this module is   #
-# not loaded the oper accounts are still protected by a password.     #
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Lock server module: Adds /LOCKSERV and /UNLOCKSERV commands that    #
-# are used to temporarily close/open the server for new connections.  #
-# These commands require that the /LOCKSERV and /UNLOCKSERV commands  #
-# are specified in a <class> tag that the oper is part of. This is so #
-# you can control who has access to this possible dangerous command.  #
-# If your server is locked and you get disconnected, do a REHASH from #
-# shell to open up again.                                             #
-# This module is oper-only.
-<module name="m_lockserv.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Map hiding module: replaces /MAP and /LINKS output to users with a  #
-# message to see a website, set by maphide="http://test.org/map" in   #
-# the <security> tag, instead.                                        #
-#<module name="m_maphide.so">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Message flood module: Adds message/notice flood protection via
 # channel mode +f.
 <module name="m_messageflood.so">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# MLOCK module: Adds support for server-side enforcement of services
-# side MLOCKs. Basically, this module suppresses any mode change that
-# would likely be immediately bounced by services.
-#<module name="m_mlock.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# MsSQL module: Allows other SQL modules to access MS SQL Server
-# through a unified API.
-# This module is in extras. Re-run configure with:
-# ./configure --enable-extras=m_mssql.cpp
-# and run make install, then uncomment this module to enable it.
-#<module name="m_mssql.so">
-#
-#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# m_mssql.so is more complex than described here, see wiki for more   #
-# info http://wiki.inspircd.org/Modules/mssql                         #
-#
-#<database module="mssql" name="db" user="user" pass="pass" host="localhost" id="db1">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# MySQL module: Allows other SQL modules to access MySQL databases
-# through a unified API.
-# This module is in extras. Re-run configure with:
-# ./configure --enable-extras=m_mysql.cpp
-# and run make install, then uncomment this module to enable it.
-#<module name="m_mysql.so">
-#
-#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# m_mysql.so is more complex than described here, see the wiki for    #
-# more: http://wiki.inspircd.org/Modules/mysql                        #
-#
-#<database module="mysql" name="mydb" user="myuser" pass="mypass" host="localhost" id="my_database2">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Named modes module: Allows for the display and set/unset of channel
-# modes via long-form mode names via +Z and the /PROP command.
-# For example, to set a ban, do /mode #channel +Z ban=foo!bar@baz or
-# /PROP #channel ban=foo!bar@baz
-#<module name="m_namedmodes.so">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # NAMESX module: Provides support for the NAMESX extension which allows
 # clients to see all the prefixes set on a user without getting confused.
 # This is supported by mIRC, x-chat, klient, and maybe more.
 <module name="m_namesx.so">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# National characters module:
-# 1) Allows using national characters in nicknames.
-# 2) Allows using custom (national) casemapping over the network.
-#<module name="m_nationalchars.so">
-#
-# file - Location of the file which contains casemapping rules. If this
-#        is a relative path then it is relative to "<PWD>/../locales"
-#        on UNIX and "<PWD>/locales" on Windows.
-# casemapping - The name of the casemapping sent to clients in the 005
-#               numeric. If this is not set then it defaults to the name
-#               of the casemapping file unless the file name contains a
-#               space in which case you will have to specify it manually.
-#<nationalchars file="bynets/russian-w1251-charlink" casemapping="ru_RU.cp1251-charlink">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Nickchange flood protection module: Provides channel mode +F X:Y
-# which allows up to X nick changes in Y seconds.
-#<module name="m_nickflood.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Nicklock module: Let opers change a user's nick and then stop that
-# user from changing their nick again until unlocked.
-# This module is oper-only.
-# To use, NICKLOCK and NICKUNLOCK must be in one of your oper class blocks.
-#<module name="m_nicklock.so">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # No CTCP module: Adds the channel mode +C to block CTCPs and extban
 # 'C' to block CTCPs sent by specific users.
-#<module name="m_noctcp.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# No kicks module: Adds the +Q channel mode and the Q: extban to deny
-# certain users from kicking.
-#<module name="m_nokicks.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# No nicks module: Adds the +N channel mode, as well as the 'N' extban.
-# +N stops all users from changing their nick, the N extban stops
-# anyone from matching a +b N:nick!user@host mask from changing their
-# nick.
-#<module name="m_nonicks.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# No part message module: Adds extban 'p' to block part messages from #
-# matching users.                                                     #
-#<module name="m_nopartmsg.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# No notice module: Adds the channel mode +T and the extban 'T' to
-# block specific users from noticing the channel.
-#<module name="m_nonotice.so">
+<module name="m_noctcp.so">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Network business join module:
 # Allows an oper to join a channel using /OJOIN, giving them +Y on the
 # channel which makes them immune to kick/deop/etc.
 <module name="m_ojoin.so">
-#
-# Specify the prefix that +Y will grant here.
-# Leave 'prefix' empty if you do not wish +Y to grant a prefix.
-# If 'notice' is set to on, upon /OJOIN, the server will notice the
-# channel saying that the oper is joining on network business.
-# If 'op' is set to on, it will give them +o along with +Y.
 <ojoin prefix="!" notice="yes" op="yes">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Oper channels mode: Adds the +O channel mode and extban O:<mask>
-# to ban, except, etc. specific oper types. For example
-# /mode #channel +iI O:* is equivalent to channel mode +O, but you
-# may also set +iI O:AdminTypeOnly to only allow admins.
-# Modes +I and +e work in a similar fashion.
-#<module name="m_operchans.so">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Oper join module: Auto-joins opers to a channel upon oper-up.
 # This module is oper-only. For the user equivalent, see m_conn_join.
 <module name="m_operjoin.so">
-#
-#-#-#-#-#-#-#-#-#-#-#   OPERJOIN CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# If you are using the m_operjoin.so module, specify options here:    #
-#                                                                     #
-# channel     -      The channel name to join, can also be a comma    #
-#                    separated list e.g. "#channel1,#channel2".       #
-#                                                                     #
-# override    -      If on, lets the oper join walking thru any modes #
-#                    that might be set, even bans.                    #
-#                                                                     #
 <operjoin channel="#private" override="no">
-#
-# Alternatively you can use the autojoin="channellist" in a <type>    #
-# tag to set specific autojoins for a type of oper, for example:      #
-#
-#<type name="Helper" autojoin="#help" classes="...">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Oper log module: Logs all oper commands to the server log (with log
@@ -1246,60 +289,8 @@
 # snomask.
 # This module is oper-only.
 <module name="m_operlog.so">
-#
-# If the following option is on then all oper commands will be sent to
-# the snomask 'r'. The default is off.
 <operlog tosnomask="on">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Oper prefixing module: Adds a channel prefix mode +y which is given
-# to all IRC operators automatically on all channels they are in.
-# This prefix mode is more powerful than channel op and other regular
-# prefix modes.
-#
-# Load this module if you want all your IRC operators to have channel
-# operator powers.
-<module name="m_operprefix.so">
-#
-# You may additionally customise the prefix character.
-<operprefix prefix="^">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Oper MOTD module: Provides support for separate message of the day
-# on oper-up.
-# This module is oper-only.
-#<module name="m_opermotd.so">
-#
-#-#-#-#-#-#-#-#-#-#-#   OPERMOTD CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# If you are using the m_opermotd.so module, specify the motd here.   #
-#                                                                     #
-# onoper        - If on, the message is sent on /OPER, otherwise it's #
-#                 only sent when /OPERMOTD is used.                   #
-#                                                                     #
-# processcolors - Allow color codes to be processed in the opermotd.  #
-#                 Read the comment above <connect:allowmotdcolors> in #
-#                 inspircd.conf.example for details.                  #
-#                                                                     #
-#<opermotd file="conf/examples/opermotd.txt.example" onoper="yes" processcolors="false">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Override module: Adds support for oper override.
-# This module is oper-only.
-#<module name="m_override.so">
-#
-#-#-#-#-#-#-#-#-#-#-#   OVERRIDE CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# m_override.so is too complex it describe here, see the wiki:        #
-# http://wiki.inspircd.org/Modules/override                           #
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Oper levels module: Gives each oper a level and prevents actions
-# being taken by lower level opers against higher level opers.
-# Specify the level as the 'level' parameter of the <type> tag.
-# This module is oper-only.
-#<module name="m_operlevels.so">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Oper modes module: Allows you to specify modes to add/remove on oper.
 # Specify the modes as the 'modes' parameter of the <type> tag
@@ -1313,44 +304,11 @@
 # and this module is usually used to authenticate users with NickServ
 # using their connect password.
 <module name="m_passforward.so">
-
 <passforward
-		# nick: nick to forward connect passwords to.
 		nick="NickServ"
-
-		# forwardmsg: Message to send to users using a connect password.
-		# $nick will be the users' nick, $nickrequired will be the nick
-		# of where the password is going (the nick above).
-		# You can also use $user for the user ident string.
 		forwardmsg="NOTICE $nick :*** Forwarding PASS to $nickrequired"
-
-		# cmd: Command for the user to run when it receives a connect
-		# password.
 		cmd="PRIVMSG $nickrequired :IDENTIFY $pass">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Password hash module: Allows hashed passwords to be used.
-# To be useful, a hashing module like m_sha256.so also needs to be loaded.
-<module name="m_password_hash.so">
-#
-#-#-#-#-#-#-#-#-#-# PASSWORD HASH CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#
-#
-# To use this module, you must define a hash type for each oper's
-# password you want to hash. For example:
-#
-#     <oper name="Brain"
-#           host="ident@dialup15.isp.test.com"
-#           hash="sha256"
-#           password="01ba4719c80b6fe911b091a7c05124b64eeece964e09c058ef8f9805daca546b"
-#           type="NetAdmin">
-#
-# Starting from 2.0, you can use a more secure salted hash that prevents simply
-# looking up the hash's value in a rainbow table built for the hash.
-#    hash="hmac-sha256" password="lkS1Nbtp$CyLd/WPQXizsbxFUTqFRoMvaC+zhOULEeZaQkUJj+Gg"
-#
-# Generate hashes using the /MKPASSWD command on the server.
-# Don't run it on a server you don't trust with your password.
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Permanent channels module: Channels with the permanent channel mode
 # will remain open even after everyone else has left the channel, and
@@ -1359,272 +317,41 @@
 # properly with them. This adds channel mode +P.
 # This module is oper-only.
 <module name="m_permchannels.so">
-#
-# If you like, m_permchannels can write a config file of permanent channels
-# whenever +P is set, unset, or the topic/modes on a +P channel is changed.
-# If you want to do this, set the filename below, and uncomment the include.
-#
-# If 'listmodes' is true then all list modes (+b, +I, +e, +g...) will be
-# saved. Defaults to false.
 <permchanneldb filename="/etc/inspircd/data/permchannels.conf" listmodes="true">
 <include file="/etc/inspircd/data/permchannels.conf">
-#
-# You may also create channels on startup by using the <permchannels> block.
-# Don't forget to set them +P in the modes, or they won't stay permanent.
-#<permchannels channel="#opers" modes="isP" topic="Opers only.">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# PostgreSQL module: Allows other SQL modules to access PgSQL databases
-# through a unified API.
-# This module is in extras. Re-run configure with:
-# ./configure --enable-extras=m_pgsql.cpp
-# and run make install, then uncomment this module to enable it.
-#<module name="m_pgsql.so">
-#
-#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# m_pgsql.so is more complex than described here, see the wiki for    #
-# more: http://wiki.inspircd.org/Modules/pgsql                        #
-#
-#<database module="pgsql" name="mydb" user="myuser" pass="mypass" host="localhost" id="my_database" ssl="no">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Muteban: Implements extended ban 'm', which stops anyone matching
 # a mask like +b m:nick!user@host from speaking on channel.
 <module name="m_muteban.so">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Random quote module: Provides a random quote on connect.
-# NOTE: Some of these may mimic fatal errors and confuse users and
-# opers alike - BEWARE!
-#<module name="m_randquote.so">
-#
-#-#-#-#-#-#-#-#-#-#-  RANDOMQUOTES CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# Optional - If you specify to use the m_randquote.so module, then    #
-# specify below the path to the quotes file.                          #
-#                                                                     #
-#<randquote file="quotes.txt">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Redirect module: Adds channel redirection mode +L.                  #
-# Optional: <redirect:antiredirect> to add usermode +L to stop forced #
-# redirection and instead print an error.                             #
-#                                                                     #
-# Note: You can not update this with a simple rehash, it requires     #
-# reloading the module for it to take effect.                         #
-# This also breaks linking to servers that do not have the option.    #
-# This defaults to false for the 2.0 version, it will be enabled in   #
-# all the future versions.                                            #
-#<module name="m_redirect.so">
-#<redirect antiredirect="true">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Regular expression provider for glob or wildcard (?/*) matching.
-# You must have at least 1 provider loaded to use m_filter or m_rline
-# modules. This module has no additional requirements, as it uses the
-# matching already present in InspIRCd core.
 <module name="m_regex_glob.so">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Regular expression provider for PCRE (Perl-Compatible Regular
-# Expressions). You need libpcre installed to compile and load this
-# module. You must have at least 1 provider loaded to use m_filter or
-# m_rline.
-#<module name="m_regex_pcre.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Regular expression provider for POSIX regular expressions.
-# You shouldn't need any additional libraries on a POSIX-compatible
-# system (i.e.: any Linux, BSD, but not Windows). You must have at
-# least 1 provider loaded to use m_filter or m_rline.
-# On POSIX-compliant systems, regex syntax can be found by using the
-# command: 'man 7 regex'.
-#<module name="m_regex_posix.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Regular expression provider for C++11 std::regex regular expressions.
-# This module works on any fully compliant implementation of the C++11
-# std::regex container. Examples for such are Visual C++ 2010 and newer
-# but not libstdc++ (which GCC uses).
-# You should verify that std::regex is supported by your setup before
-# using this module, as it may compile normally but won't do anything
-# on some implementations.
-#<module name="m_regex_stdlib.so">
-#
-# Specify the regular expression engine to use here. Valid settings are
-# bre, ere, awk, grep, ecmascript (default if not specified).
-#<stdregex type="ecmascript">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Regular expression provider for TRE regular expressions.
-# This is the same regular expression engine used by UnrealIRCd, so
-# if you are most familiar with the syntax of /SPAMFILTER from there,
-# this is the provider you want. You need libtre installed in order
-# to compile and load this module.
-#<module name="m_regex_tre.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Registered users only channel creation module. If enabled, only
-# registered users and opers can create new channels.
-#
-# You probably *DO NOT* want to load this module on a public network.
-#
-#<module name="m_regonlycreate.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Remove module: Adds the /REMOVE command which is a peaceful
-# alternative to /KICK.
-#<module name="m_remove.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Restricted channels module: Allows only opers to create channels.
-#
-# You probably *DO NOT* want to load this module on a public network.
-#
-#<module name="m_restrictchans.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Restrict message module: Allows users to only message opers.
-#
-# You probably *DO NOT* want to load this module on a public network.
-#
-#<module name="m_restrictmsg.so">
-#
-# Uncomment this to allow users to message ulines (e.g. services):
-#<restrictmsg uline="yes">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# R-Line module: Ban users through regular expression patterns.
-#<module name="m_rline.so">
-#
-#-#-#-#-#-#-#-#-#-#-#-#- RLINE CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
-#
-# If you wish to re-check a user when they change nickname (can be
-# useful under some situations, but *can* also use CPU with more users
-# on a server) then set 'matchonnickchange' to yes.
-# Also, this is where you set what Regular Expression engine is to be
-# used. If you ever change it while running, all of your R-Lines will
-# be wiped. This is the regex engine used by all R-Lines set, and
-# m_regex_<engine>.so must be loaded, or rline will be non-functional
-# until you load it or change the engine to one that is loaded.
-#
-#<rline matchonnickchange="yes" engine="pcre">
-#
-# Generally, you will NOT want to use 'glob' here, as this turns
-# rline into just another gline. The exceptions are that rline will
-# always use the full "nick!user@host realname" string, rather than only
-# user@host, but beware that only the ? and * wildcards are available,
-# and are the only way to specify where the space can occur if you do
-# use glob. For this reason, is recommended to use a real regex engine
-# so that at least \s or [[:space:]] is available.
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # SAJOIN module: Adds the /SAJOIN command which forcibly joins a user
 # to the given channel.
 # This module is oper-only.
-# To use, SAJOIN must be in one of your oper class blocks.
+# To use these, the option must be in one of your oper class blocks.
 <module name="m_sajoin.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SAKICK module: Adds the /SAKICK command which kicks a user from the
-# given channel.
-# This module is oper-only.
-# To use, SAKICK must be in one of your oper class blocks.
 <module name="m_sakick.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SAMODE module: Adds the /SAMODE command which allows server operators
-# to change modes on a channel without requiring them to have any
-# channel priviliges. Also allows changing user modes for any user.
-# This module is oper-only.
-# To use, SAMODE must be in one of your oper class blocks.
 <module name="m_samode.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SANICK module: Adds the /SANICK command which allows opers to change
-# users' nicks.
-# This module is oper-only.
-# To use, SANICK must be in one of your oper class blocks.
 <module name="m_sanick.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SAPART module: Adds the /SAPART command which forcibly parts a user
-# from a channel.
-# This module is oper-only.
-# To use, SAPART must be in one of your oper class blocks.
 <module name="m_sapart.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SAQUIT module: Adds the /SAQUIT command which forcibly quits a user.
-# This module is oper-only.
-# To use, SAQUIT must be in one of your oper class blocks.
 <module name="m_saquit.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SATOPIC module: Adds the /SATOPIC command which allows changing the
-# topic on a channel without requiring any channel priviliges.
-# This module is oper-only.
-# To use, SATOPIC must be in one of your oper class blocks.
 <module name="m_satopic.so">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SASL authentication module: Provides support for IRC Authentication
-# Layer via AUTHENTICATE. Note: You also need to have m_cap.so loaded
-# for SASL to work.
-<module name="m_sasl.so">
-<sasl target="ircservices.{{ external_domain }}">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Secure list module: Prevent /LIST in the first minute of connection,
 # crippling most spambots and trojan spreader bots.
 <module name="m_securelist.so">
-#
-#-#-#-#-#-#-#-#-#-# SECURELIST CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# Securelist can be harmful to some IRC search engines such as        #
-# netsplit.de and searchirc.com. To prevent securelist blocking these #
-# sites from listing, define exception tags as shown below:           #
-#<securehost exception="*@*.searchirc.org">
-#<securehost exception="*@*.netsplit.de">
-#<securehost exception="*@echo940.server4you.de">
-#<securehost exception="*@*.ircdriven.com">
-#                                                                     #
-# Define the following variable to change how long a user must wait   #
-# before issuing a LIST. If not defined, defaults to 60 seconds.      #
-#                                                                     #
 <securelist waittime="60">                                           #
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Servprotect module: Provides support for Austhex style +k /
-# UnrealIRCD +S services mode.
-#<module name="m_servprotect.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# See nicks module: Adds snomask +n and +N which show local and remote
-# nick changes.
-# This module is oper-only.
-#<module name="m_seenicks.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Set idle module: Adds a command for opers to change their idle time.
-# This module is oper-only.
-# To use, SETIDLE must be in one of your oper class blocks.
-#<module name="m_setidle.so">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Services support module: Adds several usermodes such as +R and +M.
 # This module implements the 'identified' state via account names,
 # and is similar in operation to the way asuka and ircu handle services.
-#
-# At the same time, this offers +r for users and channels to mark them
-# as identified separately from the idea of a master account, which
-# can be useful for services which are heavily nick-as-account centric.
-#
-# Also of note is that this module implements two extbans:
-# +b R: (stop matching account names from joining)
-# +b U:n!u@h (blocks matching unregistered users)
-#
 <module name="m_services_account.so">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
@@ -1644,172 +371,25 @@
 # SETNAME module: Adds the /SETNAME command.
 <module name="m_setname.so">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Serverban: Implements extended ban 's', which stops anyone connected
-# to a server matching a mask like +b s:server.mask.here from joining.
-#<module name="m_serverban.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Show whois module: Adds the +W usermode which allows opers to see
-# when they are /WHOIS'd.
-# This module is oper-only by default.
-#<module name="m_showwhois.so">
-#
-# If you wish, you may also let users set this mode. Only opers with the
-# users/auspex priv will see real hosts of people, though. This setting
-# is not reloadable via /REHASH, changing it requires /RELOADMODULE.
-#<showwhois opersonly="yes">
-#
-# You may also set whether or not users should receive whois notices,
-# should they be /WHOIS'd by an oper.
-#<showfromopers="yes">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Shun module: Provides the /SHUN command, which stops a user from
-# executing all except configured commands.
-# This module is oper-only.
-# To use, SHUN must be in one of your oper class blocks.
-#<module name="m_shun.so">
-#
-# You may also configure which commands you wish a user to be able to
-# perform when shunned. It should be noted that if a shunned user
-# issues QUIT or PART then their message will be removed, as if they
-# did not issue one.
-#
-# You can optionally let the user know that their command was blocked.
-#
-# You may also let SHUN affect opers (defaults to no).
-#<shun enabledcommands="PING PONG QUIT PART JOIN" notifyuser="yes" affectopers="no">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SSL channel mode module: Adds support for SSL-only channels via
-# channel mode +z and the 'z' extban which matches SSL client
-# certificate fingerprints.
-# Does not do anything useful without a working SSL module (see below).
-<module name="m_sslmodes.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# GnuTLS SSL module: Adds support for SSL connections using GnuTLS,
-# if enabled. You must answer 'yes' in ./configure when asked or
-# manually symlink the source for this module from the directory
-# src/modules/extra, if you want to enable this, or it will not load.
-#<module name="m_ssl_gnutls.so">
-#
-#-#-#-#-#-#-#-#-#-#-#-  GNUTLS CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# m_ssl_gnutls.so is too complex to describe here, see the wiki:      #
-# http://wiki.inspircd.org/Modules/ssl_gnutls                         #
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SSL info module: Allows users to retrieve information about other
-# users' peer SSL certificates and keys. This can be used by client
-# scripts to validate users. For this to work, one of m_ssl_gnutls.so
-# or m_ssl_openssl.so must be loaded. This module also adds the
-# "* <user> is using a secure connection" whois line, the ability for
-# opers to use SSL fingerprints to verify their identity and the
-# ability to force opers to use SSL connections in order to oper up.
-# It is highly recommended to load this module if you use SSL on your
-# network.
-# For how to use the oper features, please see the first example <oper> tag
-# in opers.conf.example.
-#
-#<module name="m_sslinfo.so">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # OpenSSL SSL module: Adds support for SSL connections using OpenSSL,
 # if enabled. You must answer 'yes' in ./configure when asked or symlink
 # the source for this module from the directory src/modules/extra, if
 # you want to enable this, or it will not load.
 <module name="m_ssl_openssl.so">
-#
-#-#-#-#-#-#-#-#-#-#-#- OPENSSL CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# m_ssl_openssl.so is too complex to describe here, see the wiki:     #
-# http://wiki.inspircd.org/Modules/ssl_openssl                        #
+# SSL info module: Allows users to retrieve information about other
+# users' peer SSL certificates and keys.
+<module name="m_sslinfo.so">
+# SSL channel mode module: Adds support for SSL-only channels via
+# channel mode +z and the 'z' extban which matches SSL client
+# certificate fingerprints.
+<module name="m_sslmodes.so">
 
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Strip color module: Adds channel mode +S that strips mIRC color
 # codes from all messages sent to the channel.
 <module name="m_stripcolor.so">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Silence module: Adds support for the /SILENCE command, which allows
-# users to have a server-side ignore list for their client.
-#<module name="m_silence.so">
-#
-# Set the maximum number of entries allowed on a user's silence list.
-#<silence maxentries="32">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SQLite3 module: Allows other SQL modules to access SQLite3          #
-# databases through a unified API.                                    #
-# This module is in extras. Re-run configure with:                    #
-# ./configure --enable-extras=m_sqlite.cpp
-# and run make install, then uncomment this module to enable it.      #
-#
-#<module name="m_sqlite3.so">
-#
-#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# m_sqlite.so is more complex than described here, see the wiki for   #
-# more: http://wiki.inspircd.org/Modules/sqlite3                      #
-#
-#<database module="sqlite" hostname="/full/path/to/database.db" id="anytext">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SQL authentication module: Allows IRCd connections to be tied into
-# a database table (for example a forum).
-# This module is in extras. Re-run configure with:
-# ./configure --enable-extras=m_sqlauth.cpp
-# and run make install, then uncomment this module to enable it.
-#
-#<module name="m_sqlauth.so">
-#
-#-#-#-#-#-#-#-#-#-#-#- SQLAUTH CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# m_sqlauth.so is too complex to describe here, see the wiki:         #
-# http://wiki.inspircd.org/Modules/sqlauth                            #
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SQL oper module: Allows you to store oper credentials in an SQL table
-# This module is in extras. Re-run configure with:
-# ./configure --enable-extras=m_sqloper.cpp
-# and run make install, then uncomment this module to enable it.
-#
-#<module name="m_sqloper.so">
-#
-#-#-#-#-#-#-#-#-#-#-#- SQLOPER CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# dbid       - Database ID to use (see SQL modules).                  #
-# hash       - Hashing provider to use for password hashing.          #
-#                                                                     #
-# See also: http://wiki.inspircd.org/Modules/sqloper                  #
-#                                                                     #
-#<sqloper dbid="1" hash="md5">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SVSHold module: Implements SVSHOLD. Like Q:Lines, but can only be   #
-# added/removed by Services.                                          #
-#<module name="m_svshold.so">
-# If silent is true no snotices will be generated by SVSHOLD.
-#<svshold silent="false">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SWHOIS module: Allows you to add arbitrary lines to user WHOIS.
-# This module is oper-only.
-# To use, SWHOIS must be in one of your oper class blocks.
-#<module name="m_swhois.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Test module: Enable this to create a command useful in testing
-# flood control. To avoid accidental use on live networks, the server
-# name must contain ".test" to load the module
-#<module name="m_testnet.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Timed bans module: Adds timed channel bans with the /TBAN command.
-#<module name="m_timedbans.so">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Test line module: Adds the /TLINE command, used to test how many
 # users a /GLINE or /ZLINE etc. would match.
@@ -1822,76 +402,12 @@
 # integration with services packages.
 <module name="m_topiclock.so">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# UHNAMES support module: Adds support for the IRCX style UHNAMES
-# extension, which displays ident and hostname in the names list for
-# each user, saving clients from doing a WHO on the channel.
-# If a client does not support UHNAMES it will not enable it, this will
-# not break incompatible clients.
-#<module name="m_uhnames.so">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Uninvite module: Adds the /UNINVITE command which lets users remove
-# pending invites from channels without waiting for the user to join.
-#<module name="m_uninvite.so">
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Userip module: Adds the /USERIP command.
 # Allows users to query their own IP, also allows opers to query the IP
 # of anyone else.
 <module name="m_userip.so">
 
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Vhost module: Adds the VHOST command which allows for adding virtual
-# hosts which are accessible using a username and password in the config.
-<module name="m_vhost.so">
-#
-#-#-#-#-#-#-#-#-#-#-#- VHOST CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-# user       - Username for the vhost.                                #
-#                                                                     #
-# pass       - Password for the vhost.                                #
-#                                                                     #
-# hash       - The hash for the specific user (optional)              #
-#              m_password_hash.so and a hashing module must be loaded #
-#              for this to work.                                      #
-#                                                                     #
-# host       - Vhost to set.                                          #
-#
-#<vhost user="some_username" pass="some_password" host="some.host.test.cc">
-#<vhost user="foo" password="fcde2b2edba56bf408601fb721fe9b5c338d10ee429ea04fae5511b68fbf8fb9" hash="sha256" host="some.other.host.example.com">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Watch module: Adds the WATCH command, which is used by clients to
-# maintain notify lists.
-#<module name="m_watch.so">
-#
-# Set the maximum number of entries on a user's watch list below.
-#<watch maxentries="32">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# XLine database: Stores all *Lines (G/Z/K/R/any added by other modules)
-# in a file which is re-loaded on restart. This is useful
-# for two reasons: it keeps bans so users may not evade them, and on
-# bigger networks, server connections will take less time as there will
-# be a lot less bans to apply - as most of them will already be there.
-#<module name="m_xline_db.so">
-
-# Specify the filename for the xline database here.
-<xlinedb filename="/etc/inspircd/data/xline.db">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-#    ____                _   _____ _     _       ____  _ _   _        #
-#   |  _ \ ___  __ _  __| | |_   _| |__ (_)___  | __ )(_) |_| |       #
-#   | |_) / _ \/ _` |/ _` |   | | | '_ \| / __| |  _ \| | __| |       #
-#   |  _ <  __/ (_| | (_| |   | | | | | | \__ \ | |_) | | |_|_|       #
-#   |_| \_\___|\__,_|\__,_|   |_| |_| |_|_|___/ |____/|_|\__(_)       #
-#                                                                     #
-# To link servers to InspIRCd, you MUST load the m_spanningtree       #
-# module. If you don't do this, server links will NOT work at all.    #
-# This is by design, to allow for the implementation of other linking #
-# protocols in modules in the future.                                 #
-
 #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
 # Spanning tree module: Allows linking of servers using the spanning
 # tree protocol (see the READ THIS BIT section above).
diff --git a/roles/IRC/templates/inspircd/opers.conf.j2 b/roles/IRC/templates/inspircd/opers.conf.j2
index 92ab5e4..31457df 100644
--- a/roles/IRC/templates/inspircd/opers.conf.j2
+++ b/roles/IRC/templates/inspircd/opers.conf.j2
@@ -1,118 +1,12 @@
-#-#-#-#-#-#-#-#-#-#-#-#-  CLASS CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#-
-#                                                                     #
-#   Classes are a group of commands which are grouped together and    #
-#   given a unique name. They're used to define which commands        #
-#   are available to certain types of Operators.                      #
-#                                                                     #
-#                                                                     #
-#  Note: It is possible to make a class which covers all available    #
-#  commands. To do this, specify commands="*". This is not really     #
-#  recommended, as it negates the whole purpose of the class system,  #
-#  however it is provided for fast configuration (e.g. in test nets). #
-#                                                                     #
-
-<class
-     name="Shutdown"
-
-     # commands: Oper-only commands that opers of this class can run.
-     commands="CLOSE DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOADMODULE GLOADMODULE GUNLOADMODULE GRELOADMODULE"
-
-     # privs: Special privileges that users with this class may utilise.
-     #  VIEWING:
-     #   - channels/auspex: allows opers with this priv to see more detail about channels than normal users.
-     #   - users/auspex: allows opers with this priv to view more details about users than normal users, e.g. real host and IP.
-     #   - servers/auspex: allows opers with this priv to see more detail about server information than normal users.
-     # ACTIONS:
-     #   - users/mass-message: allows opers with this priv to PRIVMSG and NOTICE to a server mask (e.g. NOTICE $*)
-     #   - channels/high-join-limit: allows opers with this priv to join <channels:opers> total channels instead of <channels:users> total channels.
-     # PERMISSIONS:
-     #   - users/flood/no-fakelag: prevents opers from being penalized with fake lag for flooding (*NOTE)
-     #   - users/flood/no-throttle: allows opers with this priv to send commands without being throttled (*NOTE)
-     #   - users/flood/increased-buffers: allows opers with this priv to send and receive data without worrying about being disconnected for exceeding limits (*NOTE)
-     #
-     # *NOTE: These privs are potentially dangerous, as they grant users with them the ability to hammer your server's CPU/RAM as much as they want, essentially.
-     privs="users/auspex channels/auspex servers/auspex users/mass-message channels/high-join-limit users/flood/no-throttle users/flood/increased-buffers channels/ignore-noctcp channels/restricted-create users/ignore-commonchans users/ignore-noctcp users/ignore-privdeaf users/samode-usermodes"
-
-     # usermodes: Oper-only usermodes that opers with this class can use.
-     usermodes="*"
-
-     # chanmodes: Oper-only channel modes that opers with this class can use.
-     chanmodes="*">
-
-<class name="SACommands" commands="SAJOIN SAPART SANICK SAQUIT SATOPIC SAKICK SAMODE OJOIN CHECK">
-<class name="ServerLink" commands="CONNECT SQUIT RCONNECT RSQUIT MKPASSWD ALLTIME SWHOIS JUMPSERVER LOCKSERV UNLOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex">
-<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES CBAN CLOSE" usermodes="*" chanmodes="*">
-<class name="OperChat" commands="WALLOPS GLOBOPS" usermodes="*" chanmodes="*" privs="users/mass-message">
-<class name="HostCloak" commands="SETHOST SETIDENT SETIDLE CHGNAME CHGHOST CHGIDENT" usermodes="*" chanmodes="*" privs="users/auspex">
-
-
-#-#-#-#-#-#-#-#-#-#-#-#-  OPERATOR COMPOSITION   -#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-#   This is where you specify which types of operators you have on    #
-#   your server, as well as the commands they are allowed to use.     #
-#   This works alongside with the classes specified above.            #
-#                                                                     #
-
+# We are not yet deeply using the class system -- only NetAdmins should be managing the network. Most management will be through services.
+<class name="NetAdmin" commands="*" usermodes="*" chanmodes="*" privs="*">
 <type
-    # name: Name of type. Used in actual server operator accounts below.
-    # Cannot contain spaces. If you would like a space, use
-    # the _ character instead and it will translate to a space on whois.
     name="NetAdmin"
-
-    # classes: Classes (blocks above) that this type belongs to.
-    classes="SACommands OperChat BanControl HostCloak Shutdown ServerLink"
-
-    # vhost: Host opers of this type get when they log in (oper up). This is optional.
+    classes="NetAdmin"
     vhost="{{ external_domain }}"
-
-    # modes: User modes besides +o that are set on an oper of this type
-    # when they oper up. Used for snomasks and other things.
-    # Requires that m_opermodes.so be loaded.
-    # Set all watchlists for NetAdmins.
     modes="+s +aAcCjkKlLoOqQr">
-<type name="GlobalOp" classes="SACommands OperChat BanControl HostCloak ServerLink" vhost="{{ external_domain }}">
-<type name="Helper" classes="HostCloak" vhost="{{ external_domain }}">
 
-
-#-#-#-#-#-#-#-#-#-#-#-  OPERATOR CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-#
-#                                                                     #
-#   Opers are defined here. This is a very important section.         #
-#   Remember to only make operators out of trustworthy people.        #
-#                                                                     #
-
-# Unhashed operblock
-#<oper
-#      name="Brain"
-#      password="youshouldhashthis"
-#      host="brain@dialup15.isp.test.com *@localhost *@example.com *@2001:db8::/32"
-#      #fingerprint="67cb9dc013248a829bb2171ed11becd4"
-#      type="NetAdmin">
-#
+# Operators are tracked in the vault.
 {% for oper in secrets['IRC']['opers'] %}
 <oper name="{{ oper }}" password="{{ secrets['IRC']['opers'][oper] }}" hash="sha256" host="*@127.0.0.1 *@10.0.1.* *@localhost *@aninix.net" type="NetAdmin">
 {% endfor %}
-
-#-#-#-#-#-#-#-#-#-#-  DIE/RESTART CONFIGURATION   -#-#-#-#-#-#-#-#-#-#-
-#                                                                     #
-#   You can configure the passwords here which you wish to use for    #
-#   the /DIE and /RESTART commands. Only trusted ircops who will      #
-#   need this ability should know the die and restart password.       #
-#                                                                     #
-<power
-       # hash: what hash these passwords are hashed with.
-       # Requires the module for selected hash (m_md5.so, m_sha256.so
-       # or m_ripemd160.so) be loaded and the password hashing module
-       # (m_password_hash.so) loaded.
-       # Options here are: "md5", "sha256" and "ripemd160", or one of
-       # these prefixed with "hmac-", e.g.: "hmac-sha256".
-       # Optional, but recommended. Create hashed passwords with:
-       # /mkpasswd <hash> <password>
-       hash="sha256"
-
-       # diepass: Password for opers to use if they need to shutdown (die)
-       # a server.
-       diepass="{{ secrets['IRC']['diepass'] }}"
-
-       # restartpass: Password for opers to use if they need to restart
-       # a server.
-       restartpass="{{ secrets['IRC']['restartpass'] }}">