AniNIX/Kapisi
AniNIX
/
Kapisi
2
0
Fork 0
Code Issues 25 Pull Requests 1 Projects 1 Releases Wiki Activity

Seeding IRC automation after a lot of work

This commit is contained in:
DarkFeather 2022-12-18 22:18:43 -06:00
parent 0626c66413
commit 72a62b63eb
Signed by: DarkFeather
GPG Key ID: 1CC1E3F4ED06F296
25 changed files with 8866 additions and 27 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
roles/IRC/README.md
View File

@ -1,53 +1,53 @@
IRC is a chat system used by members of the AniNIX network. See [[IRC#Available Clients|Available Clients]] for access methods.
IRC is a chat system used by members of the AniNIX network.
# Etymology
[https://en.wikipedia.org/wiki/IRC IRC] stands for Internet Relay Chat -- it is a method of text-based communication across the network via various servers. IRC has long been the self-hosted communication medium of choice for hackers, developers, and the fringe -- though overall adoption has dropped a bit with the rise of other social media, networks like [https://freenode.org Freenode] are growing. IRC<ref name=ircgrow>https://royal.pingdom.com/2012/04/24/irc-is-dead-long-live-irc/</ref> is moving to the hacker niche, and we follow along.
[IRC](https://en.wikipedia.org/wiki/IRC) stands for Internet Relay Chat -- it is a method of text-based communication across the network via various servers. IRC has long been the self-hosted communication medium of choice for hackers, developers, and the fringe -- though overall adoption has dropped a bit with the rise of other social media, networks like [Libera](https://libera.chat/) are [still growing](https://royal.pingdom.com/2012/04/24/irc-is-dead-long-live-irc/). IRC is moving to the hacker niche, and we follow along.
# Relevant Files and Software
The configuration for the IRC service is divided into two parts -- the daemon and services.
## InspIRCd
The IRC daemon is powered by [https://inspircd.org/ InspIRCd 2][[Category:InspIRCd]]. Relevant configuration is in [file:///etc/inspircd/inspircd.conf the conf file] and it logs to [file:///var/log/inspircd/startup.log startup.log].
The IRC daemon is powered by [InspIRCd](https://inspircd.org/). Relevant configuration is in `/etc/inspircd/` and it logs to journald.
## Anope
The services component is supplied by [https://www.anope.org/ Anope 2][[Category:Anope]]. Relevant configuration is in [file:///etc/anope/services.conf the services.conf] and it logs to the [file:///var/log/anope/ the anope log].
The services component is supplied by [Anope](https://www.anope.org/). Relevant configuration is in [the services.conf](file:///etc/anope/services.conf) and it logs to the [its own log](file:///var/log/anope/).
Anope also takes backups of [file:///var/db/anope/anope.db the anope database] to the backups folder in the same location. [[Category:TODO]]<!--This should be backed up with Wiki-->
Anope also takes backups of [the anope database](file:///var/db/anope/anope.db) to the backups folder in the same location.
<b>Caution:</b> Anope with version 2.0.3 has some issues with gcc6. If you start encountering segmentation faults with Anope, sign in to [[irc://anope.org#anope The Anope support IRC]]. Script a run of "sudo -u ircd gdb /usr/bin/services core". Enter "r <your flags>" and when it crashes run "bt full". Quit out of everything and pastebin the file. Provide this to the support staff.
<b>Caution:</b> Anope with version 2.0.3 has some issues with gcc6. If you start encountering segmentation faults with Anope, sign in to `irc://anope.org#anope` (the Anope support IRC network). Script a run of "sudo -u ircd gdb /usr/bin/services core". Enter `r <your flags>` and when it crashes run `bt full`. Quit out of everything and pastebin the file. Provide this to the support staff.
<b>Caution:</b> Arch's packaged version of Anope may be missing critical LDAP modules. We still install the package, but you may need to use a localized install in /opt to get it working.
Anope Services' NickServ authentication can be linked to [[Sora|AniNIX::Sora]] for unified credentials.[[Category:LDAP]]
### Service entities
The following entities can be messaged personally (PM'ed) for help with "/msg <entity> help
The following entities can be messaged personally (PM'ed) for help with `/msg <entity> help` from inside an IRC client.
[[Category:Public_Service]]
* NickServ will manage IRC nicknames.
* HostServ will manage IRC virtual hosts, to mask IP's.
* ChanServ will manage IRC channels -- new channels can be registered on the network here.
* MemoServ will manage IRC memos (short text-message-like messages between users).
# Available Clients
You will need to use your own client. All IRC clients will connect to the service by providing the following information:
A [simple web client](https://irc.aninix.net) is hosted.
For more advanced options like logging, you will need to use your own client. All IRC clients will connect to the service by providing the following information:
* Host: aninix.net
* Port: 6697
* The client should accept invalid certificates.
* The client should accept only valid certificates.
* The client should automatically join the #lobby channel.
* The client should provide a nickname and NickServ password that the user intends to use.
### Clients by OS
Some example clients can be found here.
* Linux hosts are strongly recommended to use [https://wiki.archlinux.org/index.php/Weechat weechat] inside [https://wiki.archlinux.org/index.php/Tmux tmux] with the [https://weechat.org/themes/source/crym.theme.html/ crym theme], though a Hexchat version is also available.
* Windows hosts can connect to this service using [https://hexchat.github.io/ HexChat].
* Mac hosts can use [http://colloquy.info/downloads.html Colloquy].
* Android hosts can use [http://www.duckspike.net/andchat/ Andchat].
* iOS devices should use [http://colloquy.info/downloads.html Colloquy's mobile version].
* Linux hosts are strongly recommended to use [weechat](https://wiki.archlinux.org/index.php/Weechat) inside [tmux](https://wiki.archlinux.org/index.php/Tmux).
* Windows hosts can connect to this service using [HexChat](https://hexchat.github.io/).
* Mac and iOS hosts can use [Colloquy](http://colloquy.info/downloads.html).
* Android hosts can use [AndChat](http://www.duckspike.net/andchat/).
# Equivalents or Competition
Rivals to IRC include other IRC networks like [http://freenode.net Freenode], mail services like [https://inbox.google.com Google Inbox], and other chat systems like Slack, Microsoft Teams, Discord, Snapchat, WhatsApp, etc. We use Discord to provide new users with a Web-only bridge to the IRC network at https://aninix.net/irc/ -- [[IRC/Discord Bridge|documentation for our Discord hosting]] is also available..
# Additional Reference
{{:IRC/Commands and Modes}}
### Helpful Reading
Rivals to IRC include other IRC networks like Libera, mail services like [Gmail](https://mail.google.com), and other chat systems like Slack, Microsoft Teams, Discord, Snapchat, WhatsApp, etc. We use Discord to provide new users with a Web-only bridge to the IRC network, but most features are only available within our own network.
# Additional Reference
* [IRCHelp.org for operators](https://www.irchelp.org/ircd/ircopguide.html)
* [InspIRCd modes reference](https://docs.inspircd.org/3/user-modes/)

17
roles/IRC/files/services/irc.service Normal file
View File

@ -0,0 +1,17 @@
[Unit]
Description=AniNIX/IRC daemon
Requires=network.target
After=network.target
[Service]
Type=forking
PIDFile=/var/lib/inspircd/inspircd.pid
ExecStart=/usr/lib/inspircd/inspircd start
ExecReload=/usr/lib/inspircd/inspircd rehash
ExecStop=/usr/lib/inspircd/inspircd stop
Restart=always
User=ircd
Group=ircd
[Install]
WantedBy=multi-user.target

16
roles/IRC/files/services/ircservices.service Normal file
View File

@ -0,0 +1,16 @@
[Unit]
Description=AniNIX/IRC | Anope Services
Requires=network.target
After=network.target
[Service]
Type=simple
PIDFile=/run/anope/anope.pid
ExecStart=/opt/anope/bin/services --confdir=/etc/anope/ --dbdir=/opt/anope/data --localedir=/opt/anope/locale --logdir=/var/log/anope --modulesdir=/opt/anope/lib --nofork
ExecReload=/bin/kill -1 $MAINPID
Restart=always
User=ircd
Group=ircd
[Install]
WantedBy=multi-user.target

15
roles/IRC/files/services/ircweb.service Normal file
View File

@ -0,0 +1,15 @@
[Unit]
Description=AniNIX/IRC Web Client
After=network.target irc.service ircservices.service
[Service]
WorkingDirectory=/usr/local/src/KiwiIRC/
ExecStart=/bin/sh ./kiwi -f
ExecReload=/bin/kill -HUP $MAINPID
KillMode=control-group
Restart=always
User=ircd
Group=ircd
[Install]
WantedBy=multi-user.target

29
roles/IRC/tasks/bots.yml Normal file
View File

@ -0,0 +1,29 @@
---
- user:
name: "{{ item }}"
state: present
shell: "{{ daemon_shell | default('/sbin/nologin') }}"
local: yes
groups: ircd
loop:
- bitbot
- dsbridge
- theraven
- werewolf
# Install TheRaven package
- package:
name:
- TheRaven
- git:
repo: 'https://github.com/jesopo/bitbot.git'
dest: /usr/local/src/bitbot/
clone: yes
update: yes
- git:
repo:
-

60
roles/IRC/tasks/daemon.yml Normal file
View File

@ -0,0 +1,60 @@
---
- name: Ensure directory permissions
become: yes
file:
state: directory
path: "{{ item }}"
owner: ircd
group: ircd
mode: 0750
loop:
- "/var/log/inspircd"
- "/etc/inspircd"
- name: Copy config and fill in attributes
register: templatefiles
become: yes
template:
src: "inspircd/{{ item }}.j2"
dest: "/etc/inspircd/{{ item }}"
owner: ircd
group: ircd
mode: 0600
loop:
- inspircd.conf
- modules.conf
- links.conf
- opers.conf
- rules.txt
- motd.txt
- name: Copy service file
become: yes
register: servicesfile
copy:
src: services/irc.service
dest: /usr/lib/systemd/system/irc.service
owner: root
group: root
mode: 0644
- name: Reload services
when: servicesfile.changed
become: yes
systemd:
daemon_reload: true
- name: Ensure service running
become: yes
service:
name: irc
state: started
enabled: yes
- name: Reload on config change
become: yes
when: templatefiles.changed or servicesfile.changed
service:
name: irc
state: reloaded

9
roles/IRC/tasks/main.yml
View File

@ -8,12 +8,11 @@
- anope
- TheRaven
- name: KiwiIRC Web Front
become: yes
git:
repo: https://github.com/prawnsalad/KiwiIRC.git
dest: /usr/local/src/KiwiIRC
- include_tasks: daemon.yml
- include_tasks: services.yml
- include_tasks: web.yml
#- include_tasks: bots.yml

65
roles/IRC/tasks/services.yml Normal file
View File

@ -0,0 +1,65 @@
---
- name: Ensure directory permissions
become: yes
file:
state: directory
path: "{{ item }}"
owner: ircd
group: ircd
mode: 0700
loop:
- "/etc/anope"
- "/opt/anope"
- "/opt/anope/data"
- "/var/log/anope"
- name: Copy config and fill in attributes
register: templatefiles
become: yes
template:
src: "anope/{{ item }}.j2"
dest: "/etc/anope/{{ item }}"
owner: ircd
group: ircd
mode: 0600
loop:
- botserv.conf
- chanserv.conf
- global.conf
- hostserv.conf
- memoserv.conf
- modules.conf
- nickserv.conf
- operserv.conf
- services.conf
- name: Copy service file
become: yes
register: servicesfile
copy:
src: services/ircservices.service
dest: /usr/lib/systemd/system/ircservices.service
owner: root
group: root
mode: 0644
- name: Reload services
when: servicesfile.changed
become: yes
systemd:
daemon_reload: true
- name: Ensure service running
become: yes
service:
name: ircservices
state: started
enabled: yes
- name: Reload on config change
become: yes
when: templatefiles.changed or servicesfile.changed
service:
name: ircservices
state: reloaded

56
roles/IRC/tasks/web.yml Normal file
View File

@ -0,0 +1,56 @@
---
- name: Clone KiwiIRC
become: yes
git:
repo: https://github.com/prawnsalad/KiwiIRC.git
dest: /usr/local/src/KiwiIRC
update: no
- name: Update permissions
become: yes
file:
path: /usr/local/src/KiwiIRC
recurse: yes
owner: ircd
group: ircd
- name: Populate config
become: yes
register: config
template:
src: kiwiirc/config.js.j2
dest: /usr/local/src/KiwiIRC/config.js
owner: ircd
group: ircd
mode: 0600
- name: Copy service file
become: yes
register: servicesfile
copy:
src: services/ircweb.service
dest: /usr/lib/systemd/system/ircweb.service
owner: root
group: root
mode: 0644
- name: Reload services
when: servicesfile.changed
become: yes
systemd:
daemon_reload: true
- name: Ensure service running
become: yes
service:
name: ircweb
state: started
enabled: yes
- name: Reload on config change
become: yes
when: config.changed or servicesfile.changed
service:
name: ircweb
state: reloaded

404
roles/IRC/templates/anope/botserv.conf.j2 Normal file
View File

@ -0,0 +1,404 @@
/*
* Example configuration file for BotServ.
*/
/*
* First, create the service. If you do not want to have a 'BotServ', but do want the ability to have
* ChanServ assigned to channels for the use of fantasy commands, you may delete the below 'service' block.
*
* Note that deleting a 'service' block for a pseudoclient that is already online will not remove the
* client, the client becomes no different from a normal service bot, so you will have to use botserv/bot
* to manually delete the client.
*
* You may then want to map some of the below commands to other services, like placing botserv/bot on
* OperServ so you can delete the below client, and mapping assign and unassign to ChanServ so users are
* able to control whether or not ChanServ is in the channel. You may also want to map botserv/set/nobot
* to OperServ so you can restrict who can assign the other core service clients.
*/
service
{
/*
* The name of the BotServ client.
* If you change this value, you probably want to change the client directive in the configuration for the botserv module too.
*/
nick = "BotServ"
/*
* The username of the BotServ client.
*/
user = "services"
/*
* The hostname of the BotServ client.
*/
host = "ircservices.{{ external_domain }}"
/*
* The realname of the BotServ client.
*/
gecos = "Bot Service"
/*
* The modes this client should use.
* Do not modify this unless you know what you are doing.
*
* These modes are very IRCd specific. If left commented, sane defaults
* are used based on what protocol module you have loaded.
*
* Note that setting this option incorrectly could potentially BREAK some, if
* not all, usefulness of the client. We will not support you if this client is
* unable to do certain things if this option is enabled.
*/
#modes = "+o"
/*
* An optional comma separated list of channels this service should join. Outside
* of log channels this is not very useful, as the service will just idle in the
* specified channels, and will not accept any types of commands.
*
* Prefixes may be given to the channels in the form of mode characters or prefix symbols.
*/
#channels = "@#services,#mychan"
}
/*
* Core BotServ module.
*
* Provides essential functionality for BotServ.
*/
module
{
name = "botserv"
/*
* The name of the client that should be BotServ.
*
* This directive is optional.
*/
client = "BotServ"
/*
* The default bot options for newly registered channels. Note that changing these options
* will have no effect on channels which are already registered. The list must be separated
* by spaces.
*
* The options are:
* - dontkickops: Channel operators will be protected against BotServ kicks
* - dontkickvoices: Voiced users will be protected against BotServ kicks
* - greet: The channel's BotServ bot will greet incoming users that have set a greet
* in their NickServ settings
* - fantasy: Enables the use of BotServ fantasy commands in the channel
*
* This directive is optional, if left blank, there will be no defaults.
*/
defaults = "greet fantasy"
/*
* The minimum number of users there must be in a channel before the bot joins it. The best
* value for this setting is 1 or 2. This can be 0, the service bots will not part unless
* specifically unassigned, and will keep the channel open.
*/
minusers = 1
/*
* The bots are currently not affected by any modes or bans when they try to join a channel.
* But some people may want to make it act like a real bot, that is, for example, remove all
* the bans affecting the bot before joining the channel, remove a ban that affects the bot
* set by a user when it is in the channel, and so on. Since it consumes a bit more CPU
* time, you should not enable this on larger networks.
*
* This directive is optional.
*/
#smartjoin = yes
/*
* Modes to set on service bots when they join channels, comment this out for no modes
*
* This directive is optional.
*/
botmodes = "ao"
/*
* User modes to set on service bots. Read the comment about the service:modes directive
* on why this can be a bad idea to set.
*/
#botumodes = "i"
}
/*
* Core BotServ commands.
*
* In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
* are loaded you can then configure the commands to be added to any client you like with any name you like.
*
* Additionally, you may provide a permission name that must be in the opertype of users executing the command.
*
* Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
*/
/* Give it a help command. */
command { service = "BotServ"; name = "HELP"; command = "generic/help"; }
/*
* bs_assign
*
* Provides the commands:
* botserv/assign - Used to assign BotServ bots to channels
* botserv/unassign - Used to unassign BotServ bots
* botserv/set/nobot - Used to prohibit channels from being assigned BotServ bots.
*
* Used for assigning and unassigning bots to channels.
*/
module { name = "bs_assign" }
command { service = "BotServ"; name = "ASSIGN"; command = "botserv/assign"; }
command { service = "BotServ"; name = "UNASSIGN"; command = "botserv/unassign"; }
command { service = "BotServ"; name = "SET NOBOT"; command = "botserv/set/nobot"; permission = "botserv/set/nobot"; }
/*
* bs_autoassign
*
* Allows service bots to be automatically assigned to channels upon registration.
*/
#module
{
name = "bs_autoassign"
/*
* Automatically assign ChanServ to channels upon registration.
*/
bot = "ChanServ"
}
/*
* bs_badwords
*
* Provides the command botserv/badwords.
*
* Used for controlling the channel badword list.
*/
module
{
name = "bs_badwords"
/*
* The maximum number of entries a single bad words list can have.
*/
badwordsmax = 32
/*
* If set, BotServ will use case sensitive checking for badwords.
*
* This directive is optional.
*/
#casesensitive = yes
}
command { service = "BotServ"; name = "BADWORDS"; command = "botserv/badwords"; }
/*
* bs_bot
*
* Provides the command botserv/bot.
*
* Used for administrating BotServ bots.
*/
module { name = "bs_bot" }
command { service = "BotServ"; name = "BOT"; command = "botserv/bot"; permission = "botserv/bot"; }
/*
* bs_botlist
*
* Provides the command botserv/botlist.
*
* Used for listing all available bots.
*/
module { name = "bs_botlist" }
command { service = "BotServ"; name = "BOTLIST"; command = "botserv/botlist"; }
/*
* bs_control
*
* Provides the commands botserv/act and botserv/say.
*
* Used for making the bot message a channel.
*/
module { name = "bs_control" }
command { service = "BotServ"; name = "ACT"; command = "botserv/act"; }
command { service = "BotServ"; name = "SAY"; command = "botserv/say"; }
/*
* bs_info
*
* Provides the command botserv/info.
*
* Used for getting information on bots or channels.
*/
module { name = "bs_info" }
command { service = "BotServ"; name = "INFO"; command = "botserv/info"; }
/*
* bs_kick
*
* Provides the commands:
* botserv/kick - Dummy help wrapper for the KICK command.
* botserv/kick/amsg - Configures BotServ's AMSG kicker.
* botserv/kick/badwords - Configures BotServ's badwords kicker.
* botserv/kick/bolds - Configures BotServ's bold text kiceker.
* botserv/kick/caps - Configures BotServ's capital letters kicker.
* botserv/kick/colors - Configures BotServ's color kicker.
* botserv/kick/flood - Configures BotServ's flood kicker.
* botserv/kick/italics - Configures BotServ's italics kicker.
* botserv/kick/repeat - Configures BotServ's repeat kicker.
* botserv/kick/reverses - Configures BotServ's reverse kicker.
* botserv/kick/underlines - Configures BotServ's reverse kicker.
* botserv/set/dontkickops - Used for preventing BotServ from kicking channel operators.
* botserv/set/dontkickvoices - Used for preventing BotServ from kicking voices.
*
* Used for configuring what bots should kick for.
*/
module
{
name = "bs_kick"
/*
* The amount of time that data for a user is valid in BotServ. If the data exceeds this time,
* it is reset or deleted depending on the case. Do not set it too high, otherwise your
* resources will be slightly affected.
*/
keepdata = 10m
/*
* If set, the bots will use a kick reason that does not state the word when it is kicking.
* This is especially useful if you have young people on your network.
*
* This directive is optional.
*/
gentlebadwordreason = yes
}
command { service = "BotServ"; name = "KICK"; command = "botserv/kick"; }
command { service = "BotServ"; name = "KICK AMSG"; command = "botserv/kick/amsg"; }
command { service = "BotServ"; name = "KICK BADWORDS"; command = "botserv/kick/badwords"; }
command { service = "BotServ"; name = "KICK BOLDS"; command = "botserv/kick/bolds"; }
command { service = "BotServ"; name = "KICK CAPS"; command = "botserv/kick/caps"; }
command { service = "BotServ"; name = "KICK COLORS"; command = "botserv/kick/colors"; }
command { service = "BotServ"; name = "KICK FLOOD"; command = "botserv/kick/flood"; }
command { service = "BotServ"; name = "KICK ITALICS"; command = "botserv/kick/italics"; }
command { service = "BotServ"; name = "KICK REPEAT"; command = "botserv/kick/repeat"; }
command { service = "BotServ"; name = "KICK REVERSES"; command = "botserv/kick/reverses"; }
command { service = "BotServ"; name = "KICK UNDERLINES"; command = "botserv/kick/underlines"; }
command { service = "BotServ"; name = "SET DONTKICKOPS"; command = "botserv/set/dontkickops"; }
command { service = "BotServ"; name = "SET DONTKICKVOICES"; command = "botserv/set/dontkickvoices"; }
/*
* bs_set
*
* Provides the commands:
* botserv/set/private - Used to prohibit specific BotServ bots from being assigned to channels.
*/
module { name = "bs_set" }
command { service = "BotServ"; name = "SET"; command = "botserv/set"; }
command { service = "BotServ"; name = "SET BANEXPIRE"; command = "botserv/set/banexpire"; }
command { service = "BotServ"; name = "SET PRIVATE"; command = "botserv/set/private"; permission = "botserv/set/private"; }
/*
* greet
*
* Provides the commands:
* botserv/set/greet - Used for enabling or disabling BotServ's greet messages in a channel.
* nickserv/set/greet, nickserv/saset/greet - Used for changing a users greet message, which is displayed when they enter channels.
*/
module { name = "greet" }
command { service = "BotServ"; name = "SET GREET"; command = "botserv/set/greet"; }
command { service = "NickServ"; name = "SET GREET"; command = "nickserv/set/greet"; }
command { service = "NickServ"; name = "SASET GREET"; command = "nickserv/saset/greet"; permission = "nickserv/saset/greet"; }
/*
* GREET privilege.
*
* Used by 'greet'.
*
* Users with this privilege have their greet shown when they join channels.
*/
privilege
{
name = "GREET"
rank = 40
level = 5
flag = "g"
xop = "AOP"
}
/*
* fantasy
*
* Allows 'fantaisist' commands to be used in channels.
*
* Provides the commands:
* botserv/set/fantasy - Used for enabling or disabling BotServ's fantasist commands.
*/
module
{
name = "fantasy"
/*
* Defines the prefixes for fantasy commands in channels. One of these characters will have to be prepended
* to all fantasy commands. If you choose "!", for example, fantasy commands will be "!kick",
* "!op", etc. This directive is optional, if left out, the default fantasy character is "!".
*/
#fantasycharacter = "!."
}
command { service = "BotServ"; name = "SET FANTASY"; command = "botserv/set/fantasy"; }
/*
* Fantasy commands
*
* Fantasy commands can be executed in channels that have a BotServ bot by prefixing the
* command with one of the fantasy characters configured in botserv's fantasycharacter
* directive.
*
* Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
*/
fantasy { name = "ACCESS"; command = "chanserv/access"; }
fantasy { name = "AKICK"; command = "chanserv/akick"; }
fantasy { name = "AOP"; command = "chanserv/xop"; }
fantasy { name = "BAN"; command = "chanserv/ban"; }
fantasy { name = "CLONE"; command = "chanserv/clone"; }
fantasy { name = "DEHALFOP"; command = "chanserv/modes"; }
fantasy { name = "DEOP"; command = "chanserv/modes"; }
fantasy { name = "DEOWNER"; command = "chanserv/modes"; }
fantasy { name = "DEPROTECT"; command = "chanserv/modes"; }
fantasy { name = "DEVOICE"; command = "chanserv/modes"; }
fantasy { name = "DOWN"; command = "chanserv/down"; }
fantasy { name = "ENFORCE"; command = "chanserv/enforce"; }
fantasy { name = "ENTRYMSG"; command = "chanserv/entrymsg"; }
fantasy { name = "FLAGS"; command = "chanserv/flags"; }
fantasy { name = "HALFOP"; command = "chanserv/modes"; }
fantasy { name = "HELP"; command = "generic/help"; prepend_channel = false; }
fantasy { name = "HOP"; command = "chanserv/xop"; }
fantasy { name = "INFO"; command = "chanserv/info"; prepend_channel = false; }
fantasy { name = "INVITE"; command = "chanserv/invite"; }
fantasy { name = "K"; command = "chanserv/kick"; }
fantasy { name = "KB"; command = "chanserv/ban"; }
fantasy { name = "KICK"; command = "chanserv/kick"; }
fantasy { name = "LEVELS"; command = "chanserv/levels"; }
fantasy { name = "LIST"; command = "chanserv/list"; prepend_channel = false; }
fantasy { name = "LOG"; command = "chanserv/log"; }
fantasy { name = "MODE"; command = "chanserv/mode"; }
fantasy { name = "MUTE"; command = "chanserv/ban"; kick = no; mode = "QUIET"; }
fantasy { name = "OP"; command = "chanserv/modes"; }
fantasy { name = "OWNER"; command = "chanserv/modes"; }
fantasy { name = "PROTECT"; command = "chanserv/modes"; }
fantasy { name = "QOP"; command = "chanserv/xop"; }
fantasy { name = "SEEN"; command = "chanserv/seen"; prepend_channel = false; }
fantasy { name = "SOP"; command = "chanserv/xop"; }
fantasy { name = "STATUS"; command = "chanserv/status"; }
fantasy { name = "SUSPEND"; command = "chanserv/suspend"; permission = "chanserv/suspend"; }
fantasy { name = "SYNC"; command = "chanserv/sync"; }
fantasy { name = "TOPIC"; command = "chanserv/topic"; }
fantasy { name = "UNBAN"; command = "chanserv/unban"; }
fantasy { name = "UNSUSPEND"; command = "chanserv/unsuspend"; permission = "chanserv/suspend"; }
fantasy { name = "UP"; command = "chanserv/up"; }
fantasy { name = "VOICE"; command = "chanserv/modes"; }
fantasy { name = "VOP"; command = "chanserv/xop"; }

1311
roles/IRC/templates/anope/chanserv.conf.j2 Executable file
View File

File diff suppressed because it is too large Load Diff

115
roles/IRC/templates/anope/global.conf.j2 Executable file
View File

@ -0,0 +1,115 @@
/*
* Example configuration file for Global.
*/
/*
* First, create the service.
*/
service
{
/*
* The name of the Global client.
* If you change this value, you probably want to change the client directive in the configuration for the global module too.
*/
nick = "Global"
/*
* The username of the Global client.
*/
user = "services"
/*
* The hostname of the Global client.
*/
host = "ircservices.{{ external_domain }}"
/*
* The realname of the Global client.
*/
gecos = "Global Noticer"
/*
* The modes this client should use.
* Do not modify this unless you know what you are doing.
*
* These modes are very IRCd specific. If left commented, sane defaults
* are used based on what protocol module you have loaded.
*
* Note that setting this option incorrectly could potentially BREAK some, if
* not all, usefulness of the client. We will not support you if this client is
* unable to do certain things if this option is enabled.
*/
#modes = "+o"
/*
* An optional comma separated list of channels this service should join. Outside
* of log channels this is not very useful, as the service will just idle in the
* specified channels, and will not accept any types of commands.
*
* Prefixes may be given to the channels in the form of mode characters or prefix symbols.
*/
#channels = "@#services,#mychan"
}
/*
* Core Global module.
*
* Provides essential functionality for Global.
*/
module
{
name = "global"
/*
* The name of the client that should be Global.
*/
client = "Global"
/*
* This is the global message that will be sent when Services are being
* shutdown/restarted.
*
* This directive is optional.
*/
#globaloncycledown = "Services are restarting, they will be back shortly - please be good while we're gone"
/*
* This is the global message that will be sent when Services (re)join the
* network.
*
* This directive is optional.
*/
#globaloncycleup = "Services are now back online - have a nice day"
/*
* If set, Services will hide the IRC Operator's nick in a global
* message/notice.
*
* This directive is optional.
*/
#anonymousglobal = yes
}
/*
* Core Global commands.
*
* In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
* are loaded you can then configure the commands to be added to any client you like with any name you like.
*
* Additionally, you may provide a permission name that must be in the opertype of users executing the command.
*
* Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
*/
/* Give it a help command. */
command { service = "Global"; name = "HELP"; command = "generic/help"; }
/*
* gl_global
*
* Provides the command global/global.
*
* Used for sending a message to every online user.
*/
module { name = "gl_global" }
command { service = "Global"; name = "GLOBAL"; command = "global/global"; permission = "global/global"; }

188
roles/IRC/templates/anope/hostserv.conf.j2 Executable file
View File

@ -0,0 +1,188 @@
/*
* Example configuration file for HostServ.
*/
/*
* First, create the service.
*/
service
{
/*
* The name of the HostServ client.
* If you change this value, you probably want to change the client directive in the configuration for the hostserv module too.
*/
nick = "HostServ"
/*
* The username of the HostServ client.
*/
user = "services"
/*
* The hostname of the HostServ client.
*/
host = "ircservices.{{ external_domain }}"
/*
* The realname of the HostServ client.
*/
gecos = "vHost Service"
/*
* The modes this client should use.
* Do not modify this unless you know what you are doing.
*
* These modes are very IRCd specific. If left commented, sane defaults
* are used based on what protocol module you have loaded.
*
* Note that setting this option incorrectly could potentially BREAK some, if
* not all, usefulness of the client. We will not support you if this client is
* unable to do certain things if this option is enabled.
*/
#modes = "+o"
/*
* An optional comma separated list of channels this service should join. Outside
* of log channels this is not very useful, as the service will just idle in the
* specified channels, and will not accept any types of commands.
*
* Prefixes may be given to the channels in the form of mode characters or prefix symbols.
*/
#channels = "@#services,#mychan"
}
/*
* Core HostServ module.
*
* Provides essential functionality for HostServ.
*/
module
{
name = "hostserv"
/*
* The name of the client that should be HostServ.
*/
client = "HostServ"
/*
* If enabled, vhosts are activated on users immediately when they are set.
*/
activate_on_set = false
}
/*
* Core HostServ commands.
*
* In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
* are loaded you can then configure the commands to be added to any client you like with any name you like.
*
* Additionally, you may provide a permission name that must be in the opertype of users executing the command.
*
* Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
*/
/* Give it a help command. */
command { service = "HostServ"; name = "HELP"; command = "generic/help"; }
/*
* hs_del
*
* Provides the commands hostserv/del and hostserv/delall.
*
* Used for removing users' vHosts.
*/
module { name = "hs_del" }
command { service = "HostServ"; name = "DEL"; command = "hostserv/del"; permission = "hostserv/del"; }
command { service = "HostServ"; name = "DELALL"; command = "hostserv/delall"; permission = "hostserv/del"; }
/*
* hs_group
*
* Provides the command hostserv/group.
*
* Used for grouping one vHost to many nicks.
*/
module
{
name = "hs_group"
/*
* Upon nickserv/group, this option syncs the nick's main vHost to the grouped nick.
*/
syncongroup = false
/*
* This makes vhosts act as if they are per account.
*/
synconset = false
}
command { service = "HostServ"; name = "GROUP"; command = "hostserv/group"; }
/*
* hs_list
*
* Provides the command hostserv/list.
*
* Used for listing actively set vHosts.
*/
module { name = "hs_list" }
command { service = "HostServ"; name = "LIST"; command = "hostserv/list"; permission = "hostserv/list"; }
/*
* hs_off
*
* Provides the command hostserv/off.
*
* Used for turning off your vHost.
*/
module { name = "hs_off" }
command { service = "HostServ"; name = "OFF"; command = "hostserv/off"; }
/*
* hs_on
*
* Provides the command hostserv/on.
*
* Used for turning on your vHost.
*/
module { name = "hs_on" }
command { service = "HostServ"; name = "ON"; command = "hostserv/on"; }
/*
* hs_request
*
* Provides the commands hostserv/request, hostserv/activate, hostserv/reject, and hostserv/waiting.
*
* Used to manage vHosts requested by users.
*/
module
{
name = "hs_request"
/*
* If set, Services will send a memo to the user requesting a vHost when it's been
* approved or rejected.
*/
memouser = yes
/*
* If set, Services will send a memo to all Services staff when a new vHost is requested.
*/
memooper = yes
}
command { service = "HostServ"; name = "REQUEST"; command = "hostserv/request"; }
command { service = "HostServ"; name = "ACTIVATE"; command = "hostserv/activate"; permission = "hostserv/set"; }
command { service = "HostServ"; name = "REJECT"; command = "hostserv/reject"; permission = "hostserv/set"; }
command { service = "HostServ"; name = "WAITING"; command = "hostserv/waiting"; permission = "hostserv/set"; }
/*
* hs_set
*
* Provides the commands hostserv/set and hostserv/setall.
*
* Used for setting users' vHosts.
*/
module { name = "hs_set" }
command { service = "HostServ"; name = "SET"; command = "hostserv/set"; permission = "hostserv/set"; }
command { service = "HostServ"; name = "SETALL"; command = "hostserv/setall"; permission = "hostserv/set"; }

243
roles/IRC/templates/anope/memoserv.conf.j2 Normal file
View File

@ -0,0 +1,243 @@
/*
* Example configuration file for MemoServ.
*/
/*
* First, create the service.
*/
service
{
/*
* The name of the MemoServ client.
* If you change this value, you probably want to change the client directive in the configuration for the memoserv module too.
*/
nick = "MemoServ"
/*
* The username of the MemoServ client.
*/
user = "services"
/*
* The hostname of the MemoServ client.
*/
host = "ircservices.{{ external_domain }}"
/*
* The realname of the MemoServ client.
*/
gecos = "Memo Service"
/*
* The modes this client should use.
* Do not modify this unless you know what you are doing.
*
* These modes are very IRCd specific. If left commented, sane defaults
* are used based on what protocol module you have loaded.
*
* Note that setting this option incorrectly could potentially BREAK some, if
* not all, usefulness of the client. We will not support you if this client is
* unable to do certain things if this option is enabled.
*/
#modes = "+o"
/*
* An optional comma separated list of channels this service should join. Outside
* of log channels this is not very useful, as the service will just idle in the
* specified channels, and will not accept any types of commands.
*
* Prefixes may be given to the channels in the form of mode characters or prefix symbols.
*/
#channels = "@#services,#mychan"
}
/*
* Core MemoServ module.
*
* Provides essential functionality for MemoServ.
*/
module
{
name = "memoserv"
/*
* The name of the client that should be MemoServ. Clients are configured
* with the service blocks.
*/
client = "MemoServ"
/*
* The maximum number of memos a user is allowed to keep by default. Normal users may set the
* limit anywhere between 0 and this value. Services Admins can change it to any value or
* disable it.
*
* This directive is optional, but recommended. If not set, the limit is disabled
* by default, and normal users can set any limit they want.
*/
maxmemos = 20
/*
* The delay between consecutive uses of the MemoServ SEND command. This can help prevent spam
* as well as denial-of-service attacks from sending large numbers of memos and filling up disk
* space (and memory). The default 3-second wait means a maximum average of 150 bytes of memo
* per second per user under the current IRC protocol.
*
* This directive is optional, but recommended.
*/
senddelay = 3s
}
/*
* Core MemoServ commands.
*
* In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
* are loaded you can then configure the commands to be added to any client you like with any name you like.
*
* Additionally, you may provide a permission name that must be in the opertype of users executing the command.
*
* Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
*/
/* Give it a help command. */
command { service = "MemoServ"; name = "HELP"; command = "generic/help"; }
/*
* ms_cancel
*
* Provides the command memoserv/cancel.
*
* Used to cancel memos already sent but not yet read.
*/
module { name = "ms_cancel" }
command { service = "MemoServ"; name = "CANCEL"; command = "memoserv/cancel"; }
/*
* ms_check
*
* Provides the command memoserv/check.
*
* Used to check if a sent memo has been read.
*/
module { name = "ms_check" }
command { service = "MemoServ"; name = "CHECK"; command = "memoserv/check"; }
/*
* ms_del
*
* Provides the command memoserv/del.
*
* Used to delete your memos.
*/
module { name = "ms_del" }
command { service = "MemoServ"; name = "DEL"; command = "memoserv/del"; }
/*
* ms_ignore
*
* Provides the command memoserv/ignore.
*
* Used to ignore memos from specific users.
*/
module
{
name = "ms_ignore"
/*
* The maximum number of entries that may be on a memo ignore list.
*
* This directive is optional.
*/
max = 32
}
command { service = "MemoServ"; name = "IGNORE"; command = "memoserv/ignore"; }
/*
* ms_info
*
* Provides the command memoserv/info.
*
* Used to show memo related information about an account or a channel.
*/
module { name = "ms_info" }
command { service = "MemoServ"; name = "INFO"; command = "memoserv/info"; }
/*
* ms_list
*
* Provides the command memoserv/list.
*
* Used to list your current memos.
*/
module { name = "ms_list" }
command { service = "MemoServ"; name = "LIST"; command = "memoserv/list"; }
/*
* ms_read
*
* Provides the command memoserv/read.
*
* Used to read your memos.
*/
module { name = "ms_read" }
command { service = "MemoServ"; name = "READ"; command = "memoserv/read"; }
/*
* ms_rsend
*
* Provides the command memoserv/rsend.
*
* Used to send a memo requiring a receipt be sent back once it is read.
*
* Requires configuring memoserv:memoreceipt.
*/
#module
{
name = "ms_rsend"
/*
* Only allow Services Operators to use ms_rsend.
*
* This directive is optional.
*/
operonly = false
}
#command { service = "MemoServ"; name = "RSEND"; command = "memoserv/rsend"; }
/*
* ms_send
*
* Provides the command memoserv/send.
*
* Used to send memos.
*/
module { name = "ms_send" }
command { service = "MemoServ"; name = "SEND"; command = "memoserv/send"; }
/*
* ms_sendall
*
* Provides the command memoserv/sendall.
*
* Used to send a mass memo to every registered user.
*/
module { name = "ms_sendall" }
command { service = "MemoServ"; name = "SENDALL"; command = "memoserv/sendall"; permission = "memoserv/sendall"; }
/*
* ms_set
*
* Provides the command memoserv/set.
*
* Used to set settings such as how you are notified of new memos, and your memo limit.
*/
module { name = "ms_set" }
command { service = "MemoServ"; name = "SET"; command = "memoserv/set"; }
/*
* ms_staff
*
* Provides the command memoserv/staff.
*
* Used to send a memo to all registered staff members.
*/
module { name = "ms_staff" }
command { service = "MemoServ"; name = "STAFF"; command = "memoserv/staff"; permission = "memoserv/staff"; }

797
roles/IRC/templates/anope/modules.conf.j2 Normal file
View File

@ -0,0 +1,797 @@
/*
* [OPTIONAL] Non-Core Modules
*
* The following blocks are used to load all non-core modules, including 3rd-party modules.
* Modules can be prevented from loading by commenting out the line, other modules can be added by
* adding a module block. These modules will be loaded prior to Services connecting to your network.
*
* Note that some of these modules are labeled EXTRA, and must be enabled prior to compiling by
* running the 'extras' script on Linux and UNIX.
*/
/*
* help
*
* Provides the command generic/help.
*
* This is a generic help command that can be used with any client.
*/
module { name = "help" }
/*
* m_ldap [EXTRA]
*
* This module allows other modules to use LDAP. By itself, this module does nothing useful.
*/
module
{
name = "m_ldap"
ldap
{
server = "ldap://127.0.0.1"
port = 389
/*
* Admin credentials used for performing searches and adding users.
*/
admin_binddn = "uid=binduser,{{ ldap['userou'] }},{{ ldap['orgdn'] }}"
admin_password = "{{ secrets['Sora']['bindpassword'] }}"
}
}
/*
* m_ldap_authentication [EXTRA]
*
* This module allows many commands such as IDENTIFY, RELEASE, RECOVER, GHOST, etc. use
* LDAP to authenticate users. Requires m_ldap.
*/
module
{
name = "m_ldap_authentication"
/*
* The distinguished name used for searching for users's accounts.
*/
basedn = "{{ ldap['userou'] }},{{ ldap['orgdn'] }}"
/*
* The search filter used to look up users's accounts.
* %account is replaced with the user's account.
* %object_class is replaced with the object_class configured below.
*/
search_filter = "uid=%account"
/*
* The object class used by LDAP to store user account information.
* This is used for adding new users to LDAP if registration is allowed.
*/
object_class = "organizationalPerson"
/*
* The attribute value used for account names.
*/
username_attribute = "uid"
/*
* The attribute value used for email addresses.
* This directive is optional.
*/
email_attribute = "email"
/*
* The attribute value used for passwords.
* Used when registering new accounts in LDAP.
*/
password_attribute = "userPassword"
/*
* If set, the reason to give the users who try to register with nickserv,
* including nick registration from grouping.
*
* If not set, then registration is not blocked.
*/
#disable_register_reason = "To register on this network, contact a netadmin in #lobby. They will need to add an AniNIX/Sora LDAP account for you."
/*
* If set, the reason to give the users who try to "/msg NickServ SET EMAIL".
* If not set, then email changing is not blocked.
*/
disable_email_reason = "Not allowed -- this network does not use email for account management."
}
/*
* m_dns
*
* Adds support for the DNS protocol. By itself this module does nothing useful,
* but other modules such as m_dnsbl and os_dns require this.
*/
#module
{
name = "m_dns"
/*
* The nameserver to use for resolving hostnames, must be an IP or a resolver configuration file.
* The below should work fine on all unix like systems. Windows users will have to find their nameservers
* from ipconfig /all and put the IP here.
*/
nameserver = "/etc/resolv.conf"
#nameserver = "127.0.0.1"
/*
* How long to wait in seconds before a DNS query has timed out.
*/
timeout = 5
/* Only edit below if you are expecting to use os_dns or otherwise answer DNS queries. */
/*
* The IP and port services use to listen for DNS queries.
* Note that ports less than 1024 are privileged on UNIX/Linux systems, and
* require Anope to be started as root. If you do this, it is recommended you
* set options:user and options:group so Anope can change users after binding
* to this port.
*/
ip = "0.0.0.0"
port = 53
/*
* SOA record information.
*/
/* E-mail address of the DNS administrator. */
admin = "admin@example.com"
/* This should be the names of the public facing nameservers serving the records. */
nameservers = "ns1.example.com ns2.example.com"
/* The time slave servers are allowed to cache. This should be reasonably low
* if you want your records to be updated without much delay.
*/
refresh = 3600
/* A notify block. There should probably be one per nameserver listed in 'nameservers'.
*/
notify
{
ip = "192.0.2.0"
port = 53
}
}
/*
* m_dnsbl
*
* Allows configurable DNS blacklists to check connecting users against. If a user
* is found on the blacklist they will be immediately banned. This is a crucial module
* to prevent bot attacks.
*/
#module
{
name = "m_dnsbl"
/*
* If set, Services will check clients against the DNSBLs when services connect to its uplink.
* This is not recommended, and on large networks will open a very large amount of DNS queries.
* Whilst services are not drastically affected by this, your nameserver/DNSBL might care.
*/
check_on_connect = no
/*
* If set, Services will check clients when coming back from a netsplit. This can cause a large number
* of DNS queries open at once. Whilst services are not drastically affected by this, your nameserver/DNSBL
* might care.
*/
check_on_netburst = no
/*
* If set, OperServ will add clients found in the DNSBL to the akill list. Without it, OperServ simply sends
* a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being fill up by bots.
*/
add_to_akill = yes
blacklist
{
/* Name of the blacklist. */
name = "rbl.efnetrbl.org"
/* How long to set the ban for. */
time = 4h
/* Reason for akill.
* %n is the nick of the user
* %u is the ident/username of the user
* %g is the realname of the user
* %h is the hostname of the user
* %i is the IP of the user
* %r is the reply reason (configured below). Will be nothing if not configured.
* %N is the network name set in networkinfo:networkname
*/
reason = "You are listed in the efnet RBL, visit http://rbl.efnetrbl.org/?i=%i for info"
/* Replies to ban and their reason. If no relies are configured, all replies get banned. */
reply
{
code = 1
reason = "Open Proxy"
}
#reply
{
code = 2
reason = "spamtrap666"
}
#reply
{
code = 3
reason = "spamtrap50"
}
reply
{
code = 4
reason = "TOR"
/*
* If set, users identified to services at the time the result comes back
* will not be banned.
*/
#allow_account = yes
}
reply
{
code = 5
reason = "Drones / Flooding"
}
}
#blacklist
{
name = "dnsbl.dronebl.org"
time = 4h
reason = "You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded?ip=%i&network=%N"
}
/* Exempt localhost from DNSBL checks */
exempt { ip = "127.0.0.1" }
}
/*
* m_helpchan
*
* Gives users who are op in the specified help channel usermode +h (helpop).
*/
#module
{
name = "m_helpchan"
helpchannel = "#help"
}
/*
* m_httpd
*
* Allows services to serve web pages. By itself, this module does nothing useful.
*
* Note that using this will allow users to get the IP of your services.
* To prevent this we recommend using a reverse proxy or a tunnel.
*/
#module
{
name = "m_httpd"
httpd
{
/* Name of this service. */
name = "httpd/main"
/* IP to listen on. */
ip = "0.0.0.0"
/* Port to listen on. */
port = 8080
/* Time before connections to this server are timed out. */
timeout = 30
/* Listen using SSL. Requires an SSL module. */
#ssl = yes
/* If you are using a reverse proxy that sends one of the
* extforward_headers set below, set this to its IP.
* This allows services to obtain the real IP of users by
* reading the forwarded-for HTTP header.
*/
#extforward_ip = "192.168.0.255"
/* The header to look for. These probably work as is. */
extforward_header = "X-Forwarded-For Forwarded-For"
}
}
/*
* m_ldap_oper [EXTRA]
*
* This module dynamically ties users to Anope opertypes when they identify
* via LDAP group membership. Requires m_ldap.
*
* Note that this doesn't give the user privileges on the IRCd, only in Services.
*/
#module
{
name = "m_ldap_oper"
/*
* An optional binddn to use when searching for groups.
* %a is replaced with the account name of the user.
*/
#binddn = "cn=Manager,dc=anope,dc=org"
/*
* An optional password to bind with.
*/
#password = "secret"
/*
* The base DN where the groups are.
*/
basedn = "ou=groups,dc=anope,dc=org"
/*
* The filter to use when searching for users.
* %a is replaced with the account name of the user.
*/
filter = "(member=uid=%a,ou=users,dc=anope,dc=org)"
/*
* The attribute of the group that is the name of the opertype.
* The cn attribute should match a known opertype in the config.
*/
opertype_attribute = "cn"
}
/*
* m_mysql [EXTRA]
*
* This module allows other modules to use MySQL.
*/
#module
{
name = "m_mysql"
mysql
{
/* The name of this service. */
name = "mysql/main"
database = "anope"
server = "127.0.0.1"
username = "anope"
password =
port = 3306
}
}
/*
* m_redis
*
* This module allows other modules to use Redis.
*/
#module
{
name = "m_redis"
/* A redis database */
redis
{
/* The name of this service */
name = "redis/main"
/*
* The redis database to use. New connections default to 0.
*/
db = 0
ip = "127.0.0.1"
port = 6379
}
}
/*
* m_regex_pcre [EXTRA]
*
* Provides the regex engine regex/pcre, which uses the Perl Compatible Regular Expressions library.
*/
#module { name = "m_regex_pcre" }
/*
* m_regex_posix [EXTRA]
*
* Provides the regex engine regex/posix, which uses the POSIX compliant regular expressions.
* This is likely the only regex module you will not need extra libraries for.
*/
#module { name = "m_regex_posix" }
/*
* m_regex_tre [EXTRA]
*
* Provides the regex engine regex/tre, which uses the TRE regex library.
*/
#module { name = "m_regex_tre" }
/*
* m_rewrite
*
* Allows rewriting commands sent to/from clients.
*/
#module { name = "m_rewrite" }
#command
{
service = "ChanServ"; name = "CLEAR"; command = "rewrite"
/* Enable m_rewrite. */
rewrite = true
/* Source message to match. A $ can be used to match anything. */
rewrite_source = "CLEAR $ USERS"
/*
* Message to rewrite the source message to. A $ followed by a number, eg $0, gets
* replaced by the number-th word from the source_message, starting from 0.
*/
rewrite_target = "KICK $1 *"
/*
* The command description. This only shows up in HELP's output.
* Comment this option to prevent the command from showing in the
* HELP command.
*/
rewrite_description = "Clears all users from a channel"
}
/*
* m_proxyscan
*
* This module allows you to scan connecting clients for open proxies.
* Note that using this will allow users to get the IP of your services.
*
* Currently the two supported proxy types are HTTP and SOCKS5.
*
* The proxy scanner works by attempting to connect to clients when they
* connect to the network, and if they have a proxy running instruct it to connect
* back to services. If services are able to connect through the proxy to itself
* then it knows it is an insecure proxy, and will ban it.
*/
#module
{
name = "m_proxyscan"
/*
* The target IP services tells the proxy to connect back to. This must be a publicly
* available IP that remote proxies can connect to.
*/
#target_ip = "127.0.0.1"
/*
* The port services tells the proxy to connect to.
*/
target_port = 7226
/*
* The listen IP services listen on for incoming connections from suspected proxies.
* This probably will be the same as target_ip, but may not be if you are behind a firewall (NAT).
*/
#listen_ip = "127.0.0.1"
/*
* The port services should listen on for incoming connections from suspected proxies.
* This most likely will be the same as target_port.
*/
listen_port = 7226
/*
* An optional notice sent to clients upon connect.
*/
#connect_notice = "We will now scan your host for insecure proxies. If you do not consent to this scan please disconnect immediately."
/*
* Who the notice should be sent from.
*/
#connect_source = "OperServ"
/*
* If set, OperServ will add infected clients to the akill list. Without it, OperServ simply sends
* a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being filled up by bots.
*/
add_to_akill = yes
/*
* How long before connections should be timed out.
*/
timeout = 5
proxyscan
{
/* The type of proxy to check for. A comma separated list is allowed. */
type = "HTTP"
/* The ports to check. */
port = "80,8080"
/* How long to set the ban for. */
time = 4h
/*
* The reason to ban the user for.
* %h is replaced with the type of proxy found.
* %i is replaced with the IP of proxy found.
* %p is replaced with the port.
*/
reason = "You have an open proxy running on your host (%t:%i:%p)"
}
}
/*
* m_sasl
*
* Some IRCds allow "SASL" authentication to let users identify to Services
* during the IRCd user registration process. If this module is loaded, Services will allow
* authenticating users through this mechanism. Supported mechanisms are:
* PLAIN, EXTERNAL.
*/
#module { name = "m_sasl" }
/*
* m_sasl_dh-aes [EXTRA]
*
* Add the DH-AES mechanism to SASL.
* Requires m_sasl to be loaded.
* Requires openssl.
*/
#module { name = "m_sasl_dh-aes" }
/*
* m_sasl_dh-blowfish [EXTRA]
*
* Add the DH-BLOWFISH mechanism to SASL.
* Requires m_sasl to be loaded.
* Requires openssl.
*/
#module { name = "m_sasl_dh-blowfish" }
/*
* m_ssl_gnutls [EXTRA]
*
* This module provides SSL services to Anope using GnuTLS, for example to
* connect to the uplink server(s) via SSL.
*
* You may only load either m_ssl_gnutls or m_ssl_openssl, bot not both.
*/
#module
{
name = "m_ssl_gnutls"
/*
* An optional certificate and key for m_ssl_gnutls to give to the uplink.
*
* You can generate your own certificate and key pair by using:
*
* certtool --generate-privkey --bits 2048 --outfile anope.key
* certtool --generate-self-signed --load-privkey anope.key --outfile anope.crt
*
*/
cert = "data/anope.crt"
key = "data/anope.key"
/*
* Diffie-Hellman parameters to use when acting as a server. This is only
* required for TLS servers that want to use ephemeral DH cipher suites.
*
* This is NOT required for Anope to connect to the uplink server(s) via SSL.
*
* You can generate DH parameters by using:
*
* certtool --generate-dh-params --bits 2048 --outfile dhparams.pem
*
*/
# dhparams = "data/dhparams.pem"
}
/*
* m_ssl_openssl [EXTRA]
*
* This module provides SSL services to Anope using OpenSSL, for example to
* connect to the uplink server(s) via SSL.
*
* You may only load either m_ssl_openssl or m_ssl_gnutls, bot not both.
*
*/
#module
{
name = "m_ssl_openssl"
/*
* An optional certificate and key for m_ssl_openssl to give to the uplink.
*
* You can generate your own certificate and key pair by using:
*
* openssl genrsa -out anope.key 2048
* openssl req -new -x509 -key anope.key -out anope.crt -days 1095
*/
cert = "data/anope.crt"
key = "data/anope.key"
/*
* As of 2014 SSL 3.0 is considered insecure, but it might be enabled
* on some systems by default for compatibility reasons.
* You can use the following option to enable or disable it explicitly.
* Leaving this option not set defaults to the default system behavior.
*/
#sslv3 = no
}
/*
* m_sql_authentication [EXTRA]
*
* This module allows authenticating users against an external SQL database using a custom
* query.
*/
#module
{
name = "m_sql_authentication"
/* SQL engine to use. Should be configured elsewhere with m_mysql, m_sqlite, etc. */
engine = "mysql/main"
/* Query to execute to authenticate. A non empty result from this query is considered a success,
* and the user will be authenticated.
*
* @a@ is replaced with the user's account name
* @p@ is replaced with the user's password
* @n@ is replaced with the user's nickname
* @i@ is replaced with the user's IP
*
* Note that @n@ and @i@ may not always exist in the case of a user identifying outside of the normal
* nickserv/identify command, such as through the web panel.
*
* Furthermore, if a field named email is returned from this query the user's email is
* set to its value.
*
*
* We've included some example queries for some popular website/forum systems.
*
* Drupal 6: "SELECT `mail` AS `email` FROM `users` WHERE `name` = @a@ AND `pass` = MD5(@p@) AND `status` = 1"
* e107 cms: "SELECT `user_email` AS `email` FROM `e107_user` WHERE `user_loginname` = @a@ AND `user_password` = MD5(@p@)"
* SMF Forum: "SELECT `email_address` AS `email` FROM `smf_members` WHERE `member_name` = @a@ AND `passwd` = SHA1(CONCAT(LOWER(@a@), @p@))"
* vBulletin: "SELECT `email` FROM `user` WHERE `username` = @a@ AND `password` = MD5(CONCAT(MD5(@p@), `salt`))"
* IP.Board: "SELECT `email` FROM `ibf_members` WHERE `name` = @a@ AND `members_pass_hash` = MD5(CONCAT(MD5(`members_pass_salt`), MD5(@p@)))"
*/
query = "SELECT `email_addr` AS `email` FROM `my_users` WHERE `username` = @a@ AND `password` = MD5(CONCAT('salt', @p@))"
/*
* If set, the reason to give the users who try to "/msg NickServ REGISTER".
* If not set, then registration is not blocked.
*/
#disable_reason = "To register on this network visit http://some.misconfigured.site/register"
/*
* If set, the reason to give the users who try to "/msg NickServ SET EMAIL".
* If not set, then email changing is not blocked.
*/
#disable_email_reason = "To change your email address visit http://some.misconfigured.site"
}
/*
* m_sql_log [EXTRA]
*
* This module adds an additional target option to log{} blocks
* that allows logging Service's logs to SQL. To log to SQL, add
* the SQL service name to log:targets prefixed by sql_log:. For
* example:
*
* log
* {
* targets = "services.log sql_log:mysql/main"
* ...
* }
*
* By default this module logs to the table `logs`, and will create
* it if it doesn't exist. This module does not create any indexes (keys)
* on the table and it is recommended you add them yourself as necessary.
*/
#module { name = "m_sql_log" }
/*
* m_sql_oper [EXTRA]
*
* This module allows granting users services operator privileges and possibly IRC Operator
* privileges based on an external SQL database using a custom query.
*/
#module
{
name = "m_sql_oper"
/* SQL engine to use. Should be configured elsewhere with m_mysql, m_sqlite, etc. */
engine = "mysql/main"
/* Query to execute to determine if a user should have operator privileges.
* A field named opertype must be returned in order to link the user to their oper type.
* The oper types must be configured earlier in services.conf.
*
* If a field named modes is returned from this query then those modes are set on the user.
* Without this, only a simple +o is sent.
*
* @a@ is replaced with the user's account name
* @i@ is replaced with the user's IP
*/
query = "SELECT `opertype` FROM `my_users` WHERE `user_name` = @a@"
}
/*
* m_sqlite [EXTRA]
*
* This module allows other modules to use SQLite.
*/
#module
{
name = "m_sqlite"
/* A SQLite database */
sqlite
{
/* The name of this service. */
name = "sqlite/main"
/* The database name, it will be created if it does not exist. */
database = "anope.db"
}
}
/*
* webcpanel
*
* This module creates a web configuration panel that allows users and operators to perform any task
* as they could over IRC. If you are using the default configuration you should be able to access
* this panel by visiting http://127.0.0.1:8080 in your web browser from the machine Anope is running on.
*
* This module requires m_httpd.
*/
#module
{
name = "webcpanel"
/* Web server to use. */
server = "httpd/main";
/* Template to use. */
template = "default";
/* Page title. */
title = "Anope IRC Services";
}
/*
* m_xmlrpc
*
* Allows remote applications (websites) to execute queries in real time to retrieve data from Anope.
* By itself this module does nothing, but allows other modules (m_xmlrpc_main) to receive and send XMLRPC queries.
*/
#module
{
name = "m_xmlrpc"
/* Web service to use. Requires m_httpd. */
server = "httpd/main"
}
/*
* m_xmlrpc_main
*
* Adds the main XMLRPC core functions.
* Requires m_xmlrpc.
*/
#module { name = "m_xmlrpc_main" }

662
roles/IRC/templates/anope/nickserv.conf.j2 Executable file
View File

@ -0,0 +1,662 @@
/*
* Example configuration file for NickServ.
*/
/*
* First, create the service.
*/
service
{
/*
* The name of the NickServ client.
* If you change this value, you probably want to change the client directive in the configuration for the nickserv module too.
*/
nick = "NickServ"
/*
* The username of the NickServ client.
*/
user = "services"
/*
* The hostname of the NickServ client.
*/
host = "ircservices.{{ external_domain }}"
/*
* The realname of the NickServ client.
*/
gecos = "Nickname Registration Service"
/*
* The modes this client should use.
* Do not modify this unless you know what you are doing.
*
* These modes are very IRCd specific. If left commented, sane defaults
* are used based on what protocol module you have loaded.
*
* Note that setting this option incorrectly could potentially BREAK some, if
* not all, usefulness of the client. We will not support you if this client is
* unable to do certain things if this option is enabled.
*/
#modes = "+o"
/*
* An optional comma separated list of channels this service should join. Outside
* of log channels this is not very useful, as the service will just idle in the
* specified channels, and will not accept any types of commands.
*
* Prefixes may be given to the channels in the form of mode characters or prefix symbols.
*/
#channels = "@#services,#mychan"
}
/*
* Core NickServ module.
*
* Provides essential functionality for NickServ.
*/
module
{
name = "nickserv"
/*
* The name of the client that should be NickServ.
*/
client = "NickServ"
/*
* Force users to give an e-mail address when they register a nick.
*
* This directive defaults to "yes" and is recommended to be enabled. This is required if e-mail registration is enabled.
*/
forceemail = no
/*
* Require users who change their email address to confirm they
* own their new email.
*/
confirmemailchanges = no
/*
* A message sent to users on connect if they use an unregistered nick.
*
* This directive is optional.
*/
unregistered_notice = "Your nickname is not registered. If you would like it registered, contact a netadmin (identified by ^) in #lobby to get it registered."
/*
* The default options for newly registered nicks. Note that changing these options
* will have no effect on nicks which are already registered. The list must be separated
* by spaces.
*
* The options are:
* - killprotect: Kill nick if not identified within 60 seconds
* - kill_quick: Kill nick if not identified within 20 seconds, this one overrides the above
* option and the above must be specified with this one
* - ns_secure: Enable nickname security, requiring the nick's password before any operations
* can be done on it
* - ns_private: Hide the nick from NickServ's LIST command
* - hide_email: Hide's the nick's e-mail address from NickServ's INFO command
* - hide_mask: Hide's the nick's last or current user@host from NickServ's INFO command
* - hide_quit: Hide's the nick's last quit message
* - memo_signon: Notify user if they have a new memo when they sign into the nick
* - memo_receive: Notify user if they have a new memo as soon as it's received
* - memo_mail: Notify user if they have a new memo by mail
* - autoop: User will be automatically opped in channels they enter and have access to
* - msg: Services messages will be sent as PRIVMSGs instead of NOTICEs, requires
* options:useprivmsg to be enabled as well
* - ns_keepmodes: Enables keepmodes, which retains user modes across sessions
*
* This directive is optional, if left blank, the options will default to ns_secure, memo_signon, and
* memo_receive. If you really want no defaults, use "none" by itself as the option.
*/
defaults = "ns_secure ns_private hide_email hide_mask memo_signon memo_receive autoop killprotect"
/*
* The minimum length of time between consecutive uses of NickServ's REGISTER command. This
* directive is optional, but recommended. If not set, this restriction will be disabled.
*/
regdelay = 30s
/*
* The length of time before a nick's registration expires.
*
* This directive is optional, but recommended. If not set, the default is 21 days.
*/
expire = 3650d
/*
* Prevents the use of the ACCESS and CERT (excluding their LIST subcommand), DROP, FORBID, SUSPEND,
* GETPASS and SET PASSWORD commands by services operators on other services operators.
*
* This directive is optional, but recommended.
*/
secureadmins = yes
/*
* If set, Services will set the channel modes a user has access to upon identifying, assuming
* they are not already set.
*
* This directive is optional.
*/
modeonid = yes
/*
* If set, Services will set these user modes on any user who identifies.
*
* This directive is optional.
*/
#modesonid = "+R"
/*
* If set, Services will not show netsplits in the last quit message field
* of NickServ's INFO command.
*/
hidenetsplitquit = no
/*
* If set, is the length of time NickServ's killquick and kill options wait before
* forcing users off of protected nicknames.
*/
killquick = 20s
kill = 60s
/*
* If set, forbids the registration of nicks that contain an existing
* nick with Services access. For example, if Tester is a Services Oper,
* you can't register NewTester or Tester123 unless you are an IRC
* Operator.
*
* NOTE: If you enable this, you will have to be logged in as an IRC
* operator in order to register a Services Root nick when setting up
* Anope for the first time.
*
* This directive is optional.
*/
restrictopernicks = yes
/*
* The username, and possibly hostname, used for fake users created when Services needs to
* hold a nickname.
*/
enforceruser = "enforcer"
enforcerhost = "ircservices.{{ external_domain }}"
/*
* The length of time Services hold nicknames.
*
* This directive is optional, but recommended. If not set it defaults to 1 minute.
*/
releasetimeout = 1m
/*
* When a user's nick is forcibly changed to enforce a "nick kill", their new nick will start
* with this value. The rest will be made up of 6 or 7 digits.
* Make sure this is a valid nick and Nicklen+7 is not longer than the allowed Nicklen on your ircd.
*
* This directive is optional. If not set it defaults to "Guest"
*/
guestnickprefix = "Guest"
/*
* If set, Services do not allow ownership of nick names, only ownership of accounts.
*/
nonicknameownership = no
/*
* The maximum length of passwords
*
* This directive is optional. If not set it defaults to 32.
*/
passlen = 32
}
/*
* Core NickServ commands.
*
* In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
* are loaded you can then configure the commands to be added to any client you like with any name you like.
*
* Additionally, you may provide a permission name that must be in the opertype of users executing the command.
*
* Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
*/
/* Command group configuration for NickServ.
*
* Commands may optionally be placed into groups to make NickServ's HELP output easier to understand.
* Remove the following groups to use the old behavior of simply listing all NickServ commands from HELP.
*/
command_group
{
name = "nickserv/admin"
description = _("Services Operator commands")
}
/* Give it a help command. */
command { service = "NickServ"; name = "HELP"; command = "generic/help"; }
/*
* ns_access
*
* Provides the command nickserv/access.
*
* Used for configuring what hosts have access to your account.
*/
module
{
name = "ns_access"
/*
* The maximum number of entries allowed on a nickname's access list.
* If not set, the default is 32. This number cannot be set to 0.
*/
accessmax = 32
/*
* If set, Services will add the usermask of registering users to the access list of their
* newly created account. If not set, users will always have to identify to NickServ before
* being recognized, unless they manually add an address to the access list of their account.
* This directive is optional.
*/
addaccessonreg = yes
}
command { service = "NickServ"; name = "ACCESS"; command = "nickserv/access"; }
/*
* ns_ajoin
*
* Provides the command nickserv/ajoin.
*
* Used for configuring channels to join once you identify.
*/
module
{
name = "ns_ajoin"
/*
* The maximum number of channels a user can have on NickServ's AJOIN command.
*/
ajoinmax = 50
}
command { service = "NickServ"; name = "AJOIN"; command = "nickserv/ajoin"; }
/*
* ns_alist
*
* Provides the command nickserv/alist.
*
* Used for viewing what channels you have access to.
*/
module { name = "ns_alist" }
command { service = "NickServ"; name = "ALIST"; command = "nickserv/alist"; }
/*
* ns_cert
*
* Provides the command nickserv/cert.
*
* Used for configuring your SSL certificate list, which can be used to automatically identify you.
*
module
{
name = "ns_cert"
/*
* The maximum number of entries allowed on a nickname's certificate fingerprint list.
* The default is 5. This number cannot be set to 0.
*
max = 5
}
command { service = "NickServ"; name = "CERT"; command = "nickserv/cert"; }
*/
/*
* ns_drop
*
* Provides the command nickserv/drop.
*
* Used for unregistering names.
*/
module { name = "ns_drop" }
command { service = "NickServ"; name = "DROP"; command = "nickserv/drop"; }
/*
* ns_getemail
*
* Provides the command nickserv/getemail.
*
* Used for getting registered accounts by searching for emails.
*/
module { name = "ns_getemail" }
command { service = "NickServ"; name = "GETEMAIL"; command = "nickserv/getemail"; permission = "nickserv/getemail"; group = "nickserv/admin"; }
/*
* ns_getpass
*
* Provides the command nickserv/getpass.
*
* Used for getting users passwords.
*
* Requires no encryption is being used.
*/
#module { name = "ns_getpass" }
#command { service = "NickServ"; name = "GETPASS"; command = "nickserv/getpass"; permission = "nickserv/getpass"; }
/*
* ns_group
*
* Provides the commands nickserv/group, nickserv/glist, and nickserv/ungroup.
*
* Used for controlling nick groups.
*/
module
{
name = "ns_group"
/*
* The maximum number of nicks allowed in a group.
*
* This directive is optional, but recommended. If not set or set to 0, no limits will be applied.
*/
maxaliases = 16
/*
* If set, the NickServ GROUP command won't allow any group changes. This is recommended to
* prevent users from accidentally dropping their nicks, as it forces users to explicitly
* drop their nicks before adding it to another group.
*
* This directive is optional, but recommended.
*/
nogroupchange = yes
}
command { service = "NickServ"; name = "GLIST"; command = "nickserv/glist"; }
command { service = "NickServ"; name = "GROUP"; command = "nickserv/group"; }
command { service = "NickServ"; name = "UNGROUP"; command = "nickserv/ungroup"; }
/*
* ns_identify
*
* Provides the command nickserv/identify.
*
* Used for identifying to accounts.
*/
module { name = "ns_identify" }
command { service = "NickServ"; name = "ID"; command = "nickserv/identify"; hide = true; }
command { service = "NickServ"; name = "IDENTIFY"; command = "nickserv/identify"; }
/*
* ns_info
*
* Provides the commands:
* nickserv/info. - Used for gathering information about an account.
* nickserv/set/hide, nickserv/saset/hide - Used for configuring which options are publically shown in nickserv/info.
*
*/
module { name = "ns_info" }
command { service = "NickServ"; name = "INFO"; command = "nickserv/info"; }
command { service = "NickServ"; name = "SET HIDE"; command = "nickserv/set/hide"; }
command { service = "NickServ"; name = "SASET HIDE"; command = "nickserv/saset/hide"; permission = "nickserv/saset/hide"; }
/*
* ns_list
*
* Provides the commands:
* nickserv/list - Used for retrieving and searching the registered account list.
* nickserv/set/private, nickserv/saset/private - Used for configuring whether or a users account shows up in nickserv/list.
*
*/
module
{
name = "ns_list"
/*
* The maximum number of nicks to be returned for a NickServ LIST command.
*/
listmax = 50
}
command { service = "NickServ"; name = "LIST"; command = "nickserv/list"; }
command { service = "NickServ"; name = "SET PRIVATE"; command = "nickserv/set/private"; }
command { service = "NickServ"; name = "SASET PRIVATE"; command = "nickserv/saset/private"; permission = "nickserv/saset/private"; }
/*
* ns_logout
*
* Provides the command nickserv/logout.
*
* Used for logging out of your account.
*/
module { name = "ns_logout" }
command { service = "NickServ"; name = "LOGOUT"; command = "nickserv/logout"; }
/*
* ns_recover
*
* Provides the command nickserv/recover.
*
* Used for recovering your nick from services or another user.
*/
module
{
name = "ns_recover"
/*
* If set, Services will svsnick and svsjoin users who use the recover
* command on an identified user to the nick and channels of the recovered user.
*
* This directive is opional.
*/
restoreonrecover = yes
}
command { service = "NickServ"; name = "RECOVER"; command = "nickserv/recover"; }
# Uncomment below to emulate 1.8's behavior of ghost and release.
#command { service = "NickServ"; name = "GHOST"; command = "nickserv/recover"; }
#command { service = "NickServ"; name = "RELEASE"; command = "nickserv/recover"; }
/*
* ns_register
*
* Provides the commands nickserv/confirm, nickserv/register, and nickserv/resend.
*
* Used for registering accounts.
*/
module
{
name = "ns_register"
/*
* Registration confirmation setting. Set to "none" for no registration confirmation,
* "mail" for email confirmation, and "admin" to have services operators manually confirm
* every registration. Set to "disable" to completely disable all registrations.
*/
registration = "none"
/*
* The minimum length of time between consecutive uses of NickServ's RESEND command.
*
* This directive is optional, but recommended. If not set, this restriction will be disabled.
*/
resenddelay = 90s
/*
* Prevents users from registering their nick if they are not connected
* for at least the given number of seconds.
*
* This directive is optional.
*/
#nickregdelay = 30s
/*
* The length of time a user using an unconfirmed account has
* before the account will be released for general use again.
*/
#unconfirmedexpire = 1d
}
#command { service = "NickServ"; name = "CONFIRM"; command = "nickserv/confirm"; }
command { service = "NickServ"; name = "REGISTER"; command = "nickserv/register"; }
#command { service = "NickServ"; name = "RESEND"; command = "nickserv/resend"; }
/*
* ns_resetpass
*
* Provides the command nickserv/resetpass.
*
* Used for resetting passwords by emailing users a temporary one.
*/
/*module { name = "ns_resetpass" }
command { service = "NickServ"; name = "RESETPASS"; command = "nickserv/resetpass"; }
*/
/*
* ns_set
*
* Provides the commands:
* nickserv/set, nickserv/saset - Dummy help wrappers for the SET and SASET commands.
* nickserv/set/autoop, nickserv/saset/autoop - Determines whether or not modes are automatically set users when joining a channel.
* nickserv/set/display, nickserv/saset/display - Used for setting a users display name.
* nickserv/set/email, nickserv/saset/email - Used for setting a users email address.
* nickserv/set/keepmodes, nickserv/saset/keepmodes - Configure whether or not services should retain a user's modes across sessions.
* nickserv/set/kill, nickserv/saset/kill - Used for configuring nickname protection.
* nickserv/set/language, nickserv/saset/language - Used for configuring what language services use.
* nickserv/set/message, nickserv/saset/message - Used to configure how services send messages to you.
* nickserv/set/password, nickserv/saset/password - Used for changing a users password.
* nickserv/set/secure, nickserv/saset/secure - Used for configuring whether a user can identify by simply being recognized by nickserv/access.
* nickserv/saset/noexpire - Used for configuring noexpire, which prevents nicks from expiring.
*/
module
{
name = "ns_set"
/*
* Allow the use of the IMMED option in the NickServ SET KILL command.
*
* This directive is optional.
*/
#allowkillimmed = yes
}
command { service = "NickServ"; name = "SET"; command = "nickserv/set"; }
command { service = "NickServ"; name = "SASET"; command = "nickserv/saset"; permission = "nickserv/saset/"; group = "nickserv/admin"; }
command { service = "NickServ"; name = "SET AUTOOP"; command = "nickserv/set/autoop"; }
command { service = "NickServ"; name = "SASET AUTOOP"; command = "nickserv/saset/autoop"; permission = "nickserv/saset/autoop"; }
command { service = "NickServ"; name = "SET DISPLAY"; command = "nickserv/set/display"; }
command { service = "NickServ"; name = "SASET DISPLAY"; command = "nickserv/saset/display"; permission = "nickserv/saset/display"; }
command { service = "NickServ"; name = "SET EMAIL"; command = "nickserv/set/email"; }
command { service = "NickServ"; name = "SASET EMAIL"; command = "nickserv/saset/email"; permission = "nickserv/saset/email"; }
command { service = "NickServ"; name = "SET KEEPMODES"; command = "nickserv/set/keepmodes"; }
command { service = "NickServ"; name = "SASET KEEPMODES"; command = "nickserv/saset/keepmodes"; permission = "nickserv/saset/keepmodes"; }
command { service = "NickServ"; name = "SET KILL"; command = "nickserv/set/kill"; }
command { service = "NickServ"; name = "SASET KILL"; command = "nickserv/saset/kill"; permission = "nickserv/saset/kill"; }
command { service = "NickServ"; name = "SET LANGUAGE"; command = "nickserv/set/language"; }
command { service = "NickServ"; name = "SASET LANGUAGE"; command = "nickserv/saset/language"; permission = "nickserv/saset/language"; }
command { service = "NickServ"; name = "SET MESSAGE"; command = "nickserv/set/message"; }
command { service = "NickServ"; name = "SASET MESSAGE"; command = "nickserv/saset/message"; permission = "nickserv/saset/message"; }
/* command { service = "NickServ"; name = "SET PASSWORD"; command = "nickserv/set/password"; }
command { service = "NickServ"; name = "SASET PASSWORD"; command = "nickserv/saset/password"; permission = "nickserv/saset/password"; }
*/
command { service = "NickServ"; name = "SET SECURE"; command = "nickserv/set/secure"; }
command { service = "NickServ"; name = "SASET SECURE"; command = "nickserv/saset/secure"; permission = "nickserv/saset/secure"; }
command { service = "NickServ"; name = "SASET NOEXPIRE"; command = "nickserv/saset/noexpire"; permission = "nickserv/saset/noexpire"; }
/*
* ns_set_misc
*
* Provides the command nickserv/set/misc.
*
* Allows you to create arbitrary commands to set data, and have that data show up in nickserv/info.
* A field named misc_description may be given for use with help output.
*/
module { name = "ns_set_misc" }
command { service = "NickServ"; name = "SET URL"; command = "nickserv/set/misc"; misc_description = _("Associate a URL with your account"); }
command { service = "NickServ"; name = "SASET URL"; command = "nickserv/saset/misc"; misc_description = _("Associate a URL with this account"); permission = "nickserv/saset/url"; group = "nickserv/admin"; }
#command { service = "NickServ"; name = "SET ICQ"; command = "nickserv/set/misc"; misc_description = _("Associate an ICQ account with your account"); }
#command { service = "NickServ"; name = "SASET ICQ"; command = "nickserv/saset/misc"; misc_description = _("Associate an ICQ account with this account"); permission = "nickserv/saset/icq"; group = "nickserv/admin"; }
#command { service = "NickServ"; name = "SET TWITTER"; command = "nickserv/set/misc"; misc_description = _("Associate a Twitter account with your account"); }
#command { service = "NickServ"; name = "SASET TWITTER"; command = "nickserv/saset/misc"; misc_description = _("Associate a Twitter account with this account"); permission = "nickserv/saset/twitter"; group = "nickserv/admin"; }
#command { service = "NickServ"; name = "SET FACEBOOK"; command = "nickserv/set/misc"; misc_description = _("Associate a Facebook URL with your account"); }
#command { service = "NickServ"; name = "SASET FACEBOOK"; command = "nickserv/saset/misc"; misc_description = _("Associate a Facebook URL with this account"); permission = "nickserv/saset/facebook"; group = "nickserv/admin"; }
/*
* ns_status
*
* Provides the nickserv/status command.
*
* Used to determine if a user is recognized or identified by services.
*/
module { name = "ns_status" }
command { service = "NickServ"; name = "STATUS"; command = "nickserv/status"; }
/*
* ns_suspend
*
* Provides the commands nickserv/suspend and nickserv/unsuspend.
*
* Used to suspend and unsuspend nicknames. Suspended nicknames can not be used but their settings are preserved.
*/
module
{
name = "ns_suspend"
/*
* The length of time before a suspended nick becomes unsuspended.
*
* This directive is optional. If not set, the default is never.
*/
#suspendexpire = 90d
/*
* Settings to show to non-opers in NickServ's INFO output.
* Comment to completely disable showing any information about
* suspended nicknames to non-opers.
*/
show = "suspended, by, reason, on, expires"
}
command { service = "NickServ"; name = "SUSPEND"; command = "nickserv/suspend"; permission = "nickserv/suspend"; group = "nickserv/admin"; }
command { service = "NickServ"; name = "UNSUSPEND"; command = "nickserv/unsuspend"; permission = "nickserv/suspend"; group = "nickserv/admin"; }
/*
* ns_update
*
* Provides the command nickserv/update.
*
* Used to update your status on all channels, turn on your vHost, etc.
*/
module { name = "ns_update" }
command { service = "NickServ"; name = "UPDATE"; command = "nickserv/update"; }
/*
* Extra NickServ related modules.
*/
/*
* ns_maxemail
*
* Limits how many times the same email address may be used in Anope
* to register accounts.
*/
#module
{
name = "ns_maxemail"
/*
* The limit to how many registered nicks can use the same e-mail address. If set to 0 or left
* commented, there will be no limit enforced when registering new accounts or using
* /msg NickServ SET EMAIL.
*/
maxemails = 1
}

701
roles/IRC/templates/anope/operserv.conf.j2 Executable file
View File

@ -0,0 +1,701 @@
/*
* Example configuration file for OperServ.
*/
/*
* First, create the service.
*/
service
{
/*
* The name of the OperServ client.
* If you change this value, you probably want to change the client directive in the configuration for the operserv module too.
*/
nick = "OperServ"
/*
* The username of the OperServ client.
*/
user = "services"
/*
* The hostname of the OperServ client.
*/
host = "ircservices.{{ external_domain }}"
/*
* The realname of the OperServ client.
*/
gecos = "Operator Service"
/*
* The modes this client should use.
* Do not modify this unless you know what you are doing.
*
* These modes are very IRCd specific. If left commented, sane defaults
* are used based on what protocol module you have loaded.
*
* Note that setting this option incorrectly could potentially BREAK some, if
* not all, usefulness of the client. We will not support you if this client is
* unable to do certain things if this option is enabled.
*/
#modes = "+o"
/*
* An optional comma separated list of channels this service should join. Outside
* of log channels this is not very useful, as the service will just idle in the
* specified channels, and will not accept any types of commands.
*
* Prefixes may be given to the channels in the form of mode characters or prefix symbols.
*/
#channels = "@#services,#mychan"
}
/*
* Core OperServ module.
*
* Provides essential functionality for OperServ.
*/
module
{
name = "operserv"
/*
* The name of the client that should be OperServ.
*/
client = "OperServ"
/*
* These define the default expiration times for, respectively, AKILLs, CHANKILLs, SNLINEs,
* and SQLINEs.
*/
autokillexpiry = 30d
chankillexpiry = 30d
snlineexpiry = 30d
sqlineexpiry = 30d
/*
* If set, this option will make Services send an AKILL command immediately after it has been
* added with AKILL ADD. This eliminates the need for killing the user after the AKILL has
* been added.
*
* This directive is optional, but recommended.
*/
akillonadd = yes
/*
* If set, this option will make Services send an (SVS)KILL command immediately after SNLINE ADD.
* This eliminates the need for killing the user after the SNLINE has been added.
*
* This directive is optional.
*/
killonsnline = yes
/*
* If set, this option will make Services send an (SVS)KILL command immediately after SQLINE ADD.
* This eliminates the need for killing the user after the SQLINE has been added.
*
* This directive is optional.
*/
killonsqline = yes
/*
* Adds the nickname of the IRC Operator issuing an AKILL to the kill reason.
*
* This directive is optional.
*/
addakiller = yes
/*
* Adds akill IDs to akills. Akill IDs are given to users in their ban reason and can be used to easily view,
* modify, or remove an akill from the ID.
*/
akillids = yes
/*
* If set, only IRC Operators will be permitted to use OperServ, regardless of command access restrictions.
*
* This directive is optional, but recommended.
*/
opersonly = yes
}
/*
* Core OperServ commands.
*
* In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
* are loaded you can then configure the commands to be added to any client you like with any name you like.
*
* Additionally, you may provide a permission name that must be in the opertype of users executing the command.
*
* Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
*/
/* Give it a help command. */
command { service = "OperServ"; name = "HELP"; command = "generic/help"; }
/*
* os_akill
*
* Provides the command operserv/akill.
*
* Used to ban users from the network.
*/
module { name = "os_akill" }
command { service = "OperServ"; name = "AKILL"; command = "operserv/akill"; permission = "operserv/akill"; }
/*
* os_chankill
*
* Provides the command operserv/chankill.
*
* Used to akill users from an entire channel.
*/
module { name = "os_chankill" }
command { service = "OperServ"; name = "CHANKILL"; command = "operserv/chankill"; permission = "operserv/chankill"; }
/*
* os_session
*
* Provides the commands operserv/exception and operserv/session.
*
* This module enables session limiting. Session limiting prevents users from connecting more than a certain
* number of times from the same IP at the same time - thus preventing most types of cloning.
* Once a host reaches it's session limit, all clients attempting to connect from that host will
* be killed. Exceptions to the default session limit can be defined via the exception list.
*
* Used to manage the session limit exception list, and view currently active sessions.
*/
module
{
name = "os_session"
/*
* Default session limit per host. Once a host reaches its session limit, all clients attempting
* to connect from that host will be killed.
*
* This directive is required if os_session is loaded.
*/
defaultsessionlimit = 3
/*
* The maximum session limit that may be set for a host in an exception.
*
* This directive is required if os_session is loaded.
*/
maxsessionlimit = 100
/*
* Sets the default expiry time for session exceptions.
*
* This directive is required if os_session is loaded.
*/
exceptionexpiry = 1d
/*
* The message that will be NOTICE'd to a user just before they are removed from the network because
* their host's session limit has been exceeded. It may be used to give a slightly more descriptive
* reason for the impending kill as opposed to simply "Session limit exceeded".
*
* This directive is optional, if not set, nothing will be sent.
*/
sessionlimitexceeded = "The session limit for your IP %IP% has been exceeded."
/*
* Same as above, but should be used to provide a website address where users can find out more
* about session limits and how to go about applying for an exception.
*
* Note: This directive has been intentionally commented out in an effort to remind you to change
* the URL it contains. It is recommended that you supply an address/URL where people can get help
* regarding session limits.
*
* This directive is optional, if not set, nothing will be sent.
*/
#sessionlimitdetailsloc = "Please visit http://your.website.url/ for more information about session limits."
/*
* If set and is not 0, this directive tells Services to add an AKILL if the number of subsequent kills
* for the same host exceeds this value, preventing the network from experiencing KILL floods.
*
* This directive is optional.
*/
maxsessionkill = 15
/*
* Sets the expiry time for AKILLs set for hosts exceeding the maxsessionkill directive limit.
*
* This directive is optional, if not set, defaults to 30 minutes.
*/
sessionautokillexpiry = 30m
/*
* Sets the CIDR value used to determine which IP addresses represent the same person.
* By default this would limit 3 connections per IPv4 IP and 3 connections per IPv6 IP.
* If you are receiving IPv6 clone attacks it may be useful to set session_ipv6_cidr to
* 64 or 48.
*/
session_ipv4_cidr = 32
session_ipv6_cidr = 128
}
command { service = "OperServ"; name = "EXCEPTION"; command = "operserv/exception"; permission = "operserv/exception"; }
command { service = "OperServ"; name = "SESSION"; command = "operserv/session"; permission = "operserv/session"; }
/*
* os_defcon
*
* Provides the command operserv/defcon.
*
* Allows you to set services in defcon mode, which can be used to restrict services access
* during bot attacks.
*/
module
{
name = "os_defcon"
/*
* Default DefCon level (1-5) to use when starting Services up. Level 5 constitutes normal operation
* while level 1 constitutes the most restrictive operation. If this setting is left out or set to
* 0, DefCon will be disabled and the rest of this block will be ignored.
*/
defaultlevel = 5
/*
* The following 4 directives define what operations will take place when DefCon is set to levels
* 1 through 4. Each level is a list that must be separated by spaces.
*
* The following operations can be defined at each level:
* - nonewchannels: Disables registering new channels
* - nonewnicks: Disables registering new nicks
* - nomlockchanges: Disables changing MLOCK on registered channels
* - forcechanmodes: Forces all channels to have the modes given in the later chanmodes directive
* - reducedsessions: Reduces the session limit to the value given in the later sessionlimit directive
* - nonewclients: KILL any new clients trying to connect
* - operonly: Services will ignore all non-IRCops
* - silentoperonly: Services will silently ignore all non-IRCops
* - akillnewclients: AKILL any new clients trying to connect
* - nonewmemos: No new memos will be sent to block MemoServ attacks
*/
level4 = "nonewchannels nonewnicks nomlockchanges reducedsessions"
level3 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions"
level2 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions silentoperonly"
level1 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions silentoperonly akillnewclients"
/*
* New session limit to use when a DefCon level is using "reduced" session limiting.
*/
sessionlimit = 2
/*
* Length of time to add an AKILL for when DefCon is preventing new clients from connecting to the
* network.
*/
akillexpire = 5m
/*
* The channel modes to set on all channels when the DefCon channel mode system is in use.
*
* Note 1: Choose these modes carefully, because when DefCon switches to a level which does NOT have
* the mode setting selected, Services will set the reverse on all channels, e.g. if this setting
* is +RN when DefCon is used, all channels will be set to +RN, when DefCon is removed, all
* channels will be set to -RN. You don't want to set this to +k for example, because when DefCon
* is removed, all channels are set -k, removing the key from previously keyed channels.
*
* Note 2: MLOCKed modes will not be lost.
*/
chanmodes = "+Ri"
/*
* This value can be used to automatically return the network to DefCon level 5 after the specified
* time period, just in case any IRC Operator forgets to remove a DefCon setting.
*
* This directive is optional.
*/
timeout = 15m
/*
* If set, Services will send a global message on DefCon level changes.
*
* This directive is optional.
*/
globalondefcon = yes
/*
* If set, Services will send the global message defined in the message directive on DefCon level
* changes.
*
* This directive is optional.
*/
#globalondefconmore = yes
/*
* Defines the message that will be sent on DefCon level changes when globalondefconmore is set.
*
* This directive is required only when globalondefconmore is set.
*/
#message = "Put your message to send your users here. Don't forget to uncomment globalondefconmore"
/*
* Defines the message that will be sent when DefCon is returned to level 5. This directive is optional,
* and will also override globalondefcon and globalondefconmore when set.
*/
offmessage = "Services are now back to normal; sorry for any inconvenience"
/*
* Defines the reason to use when clients are KILLed or AKILLed from the network while the proper
* DefCon operation is in effect.
*/
akillreason = "This network is currently not accepting connections. We are working on diagnostics, so please try again later."
}
command { service = "OperServ"; name = "DEFCON"; command = "operserv/defcon"; }
/*
* os_dns
*
* Provides the command operserv/dns.
*
* This module requires that m_dns is loaded.
*
* This module allows controlling a DNS zone. This is useful for
* controlling what servers users are placed on for load balancing,
* and to automatically remove split servers.
*
* To use this module you must set a nameserver record for services
* so that DNS queries go to services.
*
* Alternatively, you may use a slave DNS server to hide service's IP,
* provide query caching, and provide better fault tolerance.
*
* To do this using BIND, configure similar to:
*
* options { max-refresh-time 60; };
* zone "irc.example.com" IN {
* type slave;
* masters { 127.0.0.1 port 5353; };
* };
*
* Where 127.0.0.1:5353 is the IP and port services are listening on.
* We recommend you externally firewall both UDP and TCP to the port
* Anope is listening on.
*
* Finally set a NS record for irc.example.com. to BIND or services.
*/
#module
{
name = "os_dns"
/* TTL for records. This should be very low if your records change often. */
ttl = 1m
/* If a server drops this many users the server is automatically removed from the DNS zone.
* This directive is optional.
*/
user_drop_mark = 50
/* The time used for user_drop_mark. */
user_drop_time = 1m
/* When a server is removed from the zone for dropping users, it is readded after this time.
* This directive is optional.
*/
user_drop_readd_time = 5m
/* If set, when a server splits, it is automatically removed from the zone. */
remove_split_servers = yes
/* If set, when a server connects to the network, it will be automatically added to
* the zone if it is a known server.
*/
readd_connected_servers = no
}
#command { service = "OperServ"; name = "DNS"; command = "operserv/dns"; permission = "operserv/dns"; }
/*
* os_config
*
* Provides the command operserv/config.
*
* Used to view and set configuration options while services are running.
*/
module { name = "os_config" }
command { service = "OperServ"; name = "CONFIG"; command = "operserv/config"; permission = "operserv/config"; }
/*
* os_forbid
*
* Provides the command operserv/forbid.
*
* Used to forbid specific nicks, channels, emails, etc. from being used.
*/
module { name = "os_forbid" }
command { service = "OperServ"; name = "FORBID"; command = "operserv/forbid"; permission = "operserv/forbid"; }
/*
* os_ignore
*
* Provides the command operserv/ignore.
*
* Used to make Services ignore users.
*/
module { name = "os_ignore" }
command { service = "OperServ"; name = "IGNORE"; command = "operserv/ignore"; permission = "operserv/ignore"; }
/*
* os_info
*
* Provides the command operserv/info.
*
* Used to add oper only notes to users and channels.
*/
module { name = "os_info" }
command { service = "OperServ"; name = "INFO"; command = "operserv/info"; permission = "operserv/info"; }
/*
* os_jupe
*
* Provides the command operserv/jupe.
*
* Used to disconnect servers from the network and prevent them from relinking.
*/
module { name = "os_jupe" }
command { service = "OperServ"; name = "JUPE"; command = "operserv/jupe"; permission = "operserv/jupe"; }
/*
* os_kick
*
* Provides the command operserv/kick.
*
* Used to kick users from channels.
*/
module { name = "os_kick" }
command { service = "OperServ"; name = "KICK"; command = "operserv/kick"; permission = "operserv/kick"; }
/*
* os_kill
*
* Provides the command operserv/kill.
*
* Used to forcibly disconnect users from the network.
*/
module { name = "os_kill" }
command { service = "OperServ"; name = "KILL"; command = "operserv/kill"; permission = "operserv/kill"; }
/*
* os_list
*
* Provides the commands operserv/chanlist and operserv/userlist.
*
* Used to list and search the channels and users currently on the network.
*/
module { name = "os_list" }
command { service = "OperServ"; name = "CHANLIST"; command = "operserv/chanlist"; permission = "operserv/chanlist"; }
command { service = "OperServ"; name = "USERLIST"; command = "operserv/userlist"; permission = "operserv/userlist"; }
/*
* os_login
*
* Provides the commands operserv/login and operserv/logout.
*
* Used to login to OperServ, only required if your oper block requires this.
*/
module { name = "os_login" }
command { service = "OperServ"; name = "LOGIN"; command = "operserv/login"; }
command { service = "OperServ"; name = "LOGOUT"; command = "operserv/logout"; }
/*
* os_logsearch
*
* Provides the command operserv/logsearch.
*
* Used to search services log files.
*/
module
{
name = "os_logsearch"
/* The log file name to search. There should be a log{} block configured to log
* to a file of this name.
*/
logname = "services.log"
}
command { service = "OperServ"; name = "LOGSEARCH"; command = "operserv/logsearch"; permission = "operserv/logsearch"; }
/*
* os_mode
*
* Provides the commands operserv/mode and operserv/umode.
*
* Used to change user and channel modes.
*/
module { name = "os_mode" }
command { service = "OperServ"; name = "UMODE"; command = "operserv/umode"; permission = "operserv/umode"; }
command { service = "OperServ"; name = "MODE"; command = "operserv/mode"; permission = "operserv/mode"; }
/*
* os_modinfo
*
* Provides the commands operserv/modinfo and operserv/modlist.
*
* Used to show information about loaded modules.
*/
module { name = "os_modinfo" }
command { service = "OperServ"; name = "MODINFO"; command = "operserv/modinfo"; permission = "operserv/modinfo"; }
command { service = "OperServ"; name = "MODLIST"; command = "operserv/modlist"; permission = "operserv/modinfo"; }
/*
* os_module
*
* Provides the commands operserv/modload, operserv/modreload, and operserv/modunload.
*
* Used to load, reload, and unload modules.
*/
module { name = "os_module" }
command { service = "OperServ"; name = "MODLOAD"; command = "operserv/modload"; permission = "operserv/modload"; }
command { service = "OperServ"; name = "MODRELOAD"; command = "operserv/modreload"; permission = "operserv/modload"; }
command { service = "OperServ"; name = "MODUNLOAD"; command = "operserv/modunload"; permission = "operserv/modload"; }
/*
* os_news
*
* Provides the commands operserv/logonnews, operserv/opernews, and operserv/randomnews.
*
* Used to configure news notices shown to users when they connect, and opers when they oper.
*/
module
{
name = "os_news"
/*
* The service bot names to use to send news to users on connection
* and to opers when they oper.
*/
announcer = "Global"
oper_announcer = "OperServ"
/*
* The number of LOGON/OPER news items to display when a user logs on.
*
* This directive is optional, if not set it will default to 3.
*/
#newscount = 3
}
command { service = "OperServ"; name = "LOGONNEWS"; command = "operserv/logonnews"; permission = "operserv/news"; }
command { service = "OperServ"; name = "OPERNEWS"; command = "operserv/opernews"; permission = "operserv/news"; }
command { service = "OperServ"; name = "RANDOMNEWS"; command = "operserv/randomnews"; permission = "operserv/news"; }
/*
* os_noop
*
* Provides the command operserv/noop.
*
* Used to NOOP a server, which prevents users from opering on that server.
*/
module { name = "os_noop" }
command { service = "OperServ"; name = "NOOP"; command = "operserv/noop"; permission = "operserv/noop"; }
/*
* os_oline
*
* Provides the command operserv/oline.
*
* Used to set oper flags on users, and is specific to UnrealIRCd.
* See /helpop ?svso on your IRCd for more information.
*
* module { name = "os_oline" }
* command { service = "OperServ"; name = "OLINE"; command = "operserv/oline"; permission = "operserv/oline"; }
*/
/*
* os_oper
*
* Provides the command operserv/oper.
*
* Used to configure opers and show information about opertypes.
*/
module { name = "os_oper" }
command { service = "OperServ"; name = "OPER"; command = "operserv/oper"; permission = "operserv/oper"; }
/*
* os_reload
*
* Provides the command operserv/reload.
*
* Used to reload the services.conf configuration file.
*/
module { name = "os_reload" }
command { service = "OperServ"; name = "RELOAD"; command = "operserv/reload"; permission = "operserv/reload"; }
/*
* os_set
*
* Provides the command operserv/set.
*
* Used to set various settings such as superadmin, debug mode, etc.
*/
module
{
name = "os_set"
/*
* If set, Services Admins will be able to use SUPERADMIN [ON|OFF] which will temporarily grant
* them extra privileges such as being a founder on ALL channels.
*
* This directive is optional.
*/
superadmin = yes
}
command { service = "OperServ"; name = "SET"; command = "operserv/set"; permission = "operserv/set"; }
/*
* os_shutdown
*
* Provides the commands operserv/quit, operserv/restart, and operserv/shutdown.
*
* Used to quit, restart, or shutdown services.
*/
module { name = "os_shutdown" }
command { service = "OperServ"; name = "QUIT"; command = "operserv/quit"; permission = "operserv/quit"; }
command { service = "OperServ"; name = "RESTART"; command = "operserv/restart"; permission = "operserv/restart"; }
command { service = "OperServ"; name = "SHUTDOWN"; command = "operserv/shutdown"; permission = "operserv/shutdown"; }
/*
* os_stats
*
* Provides the operserv/stats command.
*
* Used to show statistics about services.
*/
module { name = "os_stats" }
command { service = "OperServ"; name = "STATS"; command = "operserv/stats"; permission = "operserv/stats"; }
/*
* os_svs
*
* Provides the commands operserv/svsnick, operserv/svsjoin, and operserv/svspart.
*
* Used to force users to change nicks, join and part channels.
*/
module { name = "os_svs" }
command { service = "OperServ"; name = "SVSNICK"; command = "operserv/svsnick"; permission = "operserv/svs"; }
command { service = "OperServ"; name = "SVSJOIN"; command = "operserv/svsjoin"; permission = "operserv/svs"; }
command { service = "OperServ"; name = "SVSPART"; command = "operserv/svspart"; permission = "operserv/svs"; }
/*
* os_sxline
*
* Provides the operserv/snline and operserv/sqline commands.
*
* Used to ban real names, nick names, and possibly channels.
*/
module { name = "os_sxline" }
command { service = "OperServ"; name = "SNLINE"; command = "operserv/snline"; permission = "operserv/snline"; }
command { service = "OperServ"; name = "SQLINE"; command = "operserv/sqline"; permission = "operserv/sqline"; }
/*
* os_update
*
* Provides the operserv/update command.
*
* Use to immediately update the databases.
*/
module { name = "os_update" }
command { service = "OperServ"; name = "UPDATE"; command = "operserv/update"; permission = "operserv/update"; }

1183
roles/IRC/templates/anope/services.conf.j2 Normal file
View File

File diff suppressed because it is too large Load Diff

597
roles/IRC/templates/inspircd/inspircd.conf.j2 Normal file
View File

@ -0,0 +1,597 @@
#-#-#-#-#-#-#-#-#-# INCLUDE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#-#
#<include file="file.conf"> #
#<include executable="/path/to/executable parameters"> #
#<include executable="/usr/bin/wget -q -O - http://example.com/inspircd.conf">
<include file="/etc/inspircd/opers.conf">
<include file="/etc/inspircd/links.conf">
<include file="/etc/inspircd/modules.conf">
<files motd="/etc/inspircd/motd.txt" rules="/etc/inspircd/rules.txt">
#-#-#-#-#-#-#-#-#-#-#-# VARIABLE DEFINITIONS -#-#-#-#-#-#-#-#-#-#-#-#
# #
# You can define variables that will be substituted later in the #
# configuration file. This can be useful to allow settings to be #
# easily changed, or to parameterize a remote includes. #
# #
# Variables may be redefined and may reference other variables. #
# Value expansion happens at the time the tag is read. #
# #
# Using variable definitions REQUIRES that the config format be #
# changed to "xml" from the default "compat" that uses escape #
# sequences such as "\"" and "\n", and does not support <define> #
<config format="xml">
#<define name="bindip" value="1.2.2.3">
#<define name="localips" value="&bindip;/24">
#-#-#-#-#-#-#-#-#-#-#-#- SERVER DESCRIPTION -#-#-#-#-#-#-#-#-#-#-#-#-
# #
# Here is where you enter the information about your server. #
# #
<server
name="{{ external_domain }}"
description="{{ organization['displayname'] }}/IRC"
#id="97K"
network="{{ organization['displayname'] }}/IRC">
#-#-#-#-#-#-#-#-#-#-#-#- ADMIN INFORMATION -#-#-#-#-#-#-#-#-#-#-#-#
# #
# Describes the Server Administrator's real name (optionally), #
# nick, and email address. #
# #
<admin
name="{{ organization['admin'] }}"
nick="{{ organization['admin'] }}"
email="{{ organization['email'] }}">
#-#-#-#-#-#-#-#-#-#-#-#- PORT CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
# #
# Enter the port and address bindings here. #
# #
# j
<define name="subnetips" value="10.0.1.0/24">
<define name="localhost" value="127.0.0.1/32">
<bind
address=""
port="6697"
ssl="openssl"
type="clients">
<bind address="" port="6667" type="clients">
<bind address="" port="8067" type="servers">
<openssl onrehash="yes">
<sslprofile
name="Clients"
provider="openssl"
cafile="/etc/letsencrypt/live/{{ ssl['identity'] }}/fullchain.pem"
certfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/cert.pem"
keyfile="/etc/letsencrypt/live/{{ ssl['identity'] }}/privkey.pem"
ciphers="{{ ssl['ciphersuite'] }}"
hash="sha256"
renegotiation="no"
requestclientcert="no"
sslv3="false"
tlsv1="no"
tlsv11="no"
tlsv12="yes">
#-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
# #
# This is where you can configure which connections are allowed #
# and denied access onto your server. The password is optional. #
# You may have as many of these as you require. To allow/deny all #
# connections, use a '*' or 0.0.0.0/0. #
# #
# -- It is important to note that connect tags are read from the -- #
# TOP DOWN. This means that you should have more specific deny #
# and allow tags at the top, progressively more general, followed #
# by a <connect allow="*" (should you wish to have one). #
# #
# Connect blocks are searched twice for each user - once when the TCP #
# connection is accepted, and once when the user completes their #
# registration. Most of the information (hostname, ident response, #
# password, SSL when using STARTTLS, etc) is only available during #
# the second search, so if you are trying to make a closed server, #
# you will probably need a connect block just for user registration. #
# This can be done by using <connect registered="no"> #
#<connect deny="192.0.2.*">
#<connect deny="3ffe::0/32" reason="The 6bone address space is deprecated">
<connect
name="local"
parent="main"
allow="127.0.0.1"
localmax="20"
globalmax="20"
limit="20"
requiressl="off"
threshold="200"
port="6667">
<connect
name="main"
allow="*"
commandrate="1000"
fakelag="on"
globalmax="500"
hardsendq="1M"
limit="500"
localmax="500"
maxconnwarn="on"
modes="+wx"
pingfreq="120"
port="6697"
recvq="8192"
requiressl="on"
resolvehostnames="on"
softsendq="8192"
threshold="25"
timeout="10"
useident="no">
#-#-#-#-#-#-#-#-#-#-#-#- CIDR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
# #
# CIDR configuration allows detection of clones and applying of #
# throttle limits across a CIDR range. (A CIDR range is a group of #
# IPs, for example, the CIDR range 192.168.1.0-192.168.1.255 may be #
# represented as 192.168.1.0/24). This means that abuse across an ISP #
# is detected and curtailed much easier. Here is a good chart that #
# shows how many IPs the different CIDRs correspond to: #
# http://en.wikipedia.org/wiki/CIDR#Prefix_aggregation #
# #
<cidr
# ipv4clone: specifies how many bits of an IP address should be
# looked at for clones. The default only looks for clones on a
# single IP address of a user. You do not want to set this
# extremely low. (Values are 0-32).
ipv4clone="32"
# ipv6clone: specifies how many bits of an IP address should be
# looked at for clones. The default only looks for clones on a
# single IP address of a user. You do not want to set this
# extremely low. (Values are 0-128).
ipv6clone="128">
#-#-#-#-#-#-#-#-#-#-#-# MAXIMUM CHANNELS -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
<channels users="20" opers="60">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-# DNS SERVER -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# If these values are not defined, InspIRCd uses the default DNS resolver
# of your system.
#<dns server="127.0.0.1" timeout="5">
#<dns server="::1" timeout="5">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-# PID FILE -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# Define the path to the PID file here. The PID file can be used to #
# rehash the ircd from the shell or to terminate the ircd from the #
# shell using shell scripts, perl scripts, etc... and to monitor the #
# ircd's state via cron jobs. If this is a relative path, it will be #
# relative to the configuration directory, and if it is not defined, #
# the default of 'inspircd.pid' is used. #
# #
<pid file="/var/lib/inspircd/inspircd.pid">
#-#-#-#-#-#-#-#-#-#-#-#-#- BANLIST LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# Use these tags to customise the ban limits on a per channel basis. #
# The tags are read from top to bottom, and any tag found which #
# matches the channels name applies the banlimit to that channel. #
# It is advisable to put an entry with the channel as '*' at the #
# bottom of the list. If none are specified or no maxbans tag is #
# matched, the banlist size defaults to 64 entries. #
# #
#<banlist chan="#largechan" limit="128">
<maxlist chan="*" limit="60">
#-#-#-#-#-#-#-#-#-#-#- DISABLED FEATURES -#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# This tag is optional, and specifies one or more features which are #
# not available to non-operators. #
# #
# For example you may wish to disable NICK and prevent non-opers from #
# changing their nicknames. #
# Note that any disabled commands take effect only after the user has #
# 'registered' (e.g. after the initial USER/NICK/PASS on connection) #
# so for example disabling NICK will not cripple your network. #
# #
# You can also define if you want to disable any channelmodes #
# or usermodes from your users. #
# #
# `fakenonexistant' will make the ircd pretend that nonexistant #
# commands simply don't exist to non-opers ("no such command"). #
# #
#<disabled commands="TOPIC MODE" usermodes="" chanmodes="" fakenonexistant="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#- SERVER OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# Settings to define which features are usable on your server. #
# #
<options
# prefixquit: What (if anything) users' quit messages
# should be prefixed with.
prefixquit="Quit: "
# suffixquit: What (if anything) users' quit messages
# should be suffixed with.
suffixquit=""
# prefixpart: What (if anything) users' part messages
# should be prefixed with.
prefixpart="&quot;"
# NOTE: Use "\"" instead of "&quot;" if not using <config format="xml">
# suffixpart: What (if anything) users' part message
# should be suffixed with.
suffixpart="&quot;"
# fixedquit: Set all users' quit messages to this value.
#fixedquit=""
# fixedpart: Set all users' part messages in all channels
# to this value.
#fixedpart=""
# syntaxhints: If enabled, if a user fails to send the correct parameters
# for a command, the ircd will give back some help text of what
# the correct parameters are.
syntaxhints="no"
# cyclehosts: If enabled, when a user gets a host set, it will cycle
# them in all their channels. If not, it will simply change their host
# without cycling them.
cyclehosts="no"
# cyclehostsfromuser: If enabled, the source of the mode change for
# cyclehosts will be the user who cycled. This can look nicer, but
# triggers anti-takeover mechanisms of some obsolete bots.
cyclehostsfromuser="no"
# ircumsgprefix: Use undernet-style message prefixing for NOTICE and
# PRIVMSG. If enabled, it will add users' prefix to the line, if not,
# it will just message the user normally.
ircumsgprefix="no"
# announcets: If set to yes, when the timestamp on a channel changes, all users
# in the channel will be sent a NOTICE about it.
announcets="yes"
# allowmismatch: Setting this option to yes will allow servers to link even
# if they don't have the same "optionally common" modules loaded. Setting this to
# yes may introduce some desyncs and unwanted behaviour.
allowmismatch="no"
# defaultbind: Sets the default for <bind> tags without an address. Choices are
# ipv4 or ipv6; if not specified, IPv6 will be used if your system has support,
# falling back to IPv4 otherwise.
defaultbind="auto"
# hostintopic: If enabled, channels will show the host of the topic setter
# in the topic. If set to no, it will only show the nick of the topic setter.
hostintopic="yes"
# pingwarning: If a server does not respond to a ping within x seconds,
# it will send a notice to opers with snomask +l informing that the server
# is about to ping timeout.
pingwarning="15"
# serverpingfreq: How often pings are sent between servers (in seconds).
serverpingfreq="60"
# defaultmodes: What modes are set on a empty channel when a user
# joins it and it is unregistered.
defaultmodes="not"
# moronbanner: This is the text that is sent to a user when they are
# banned from the server.
moronbanner="You're banned! Contact {{ organization['email'] }} with the ERROR line below for help."
# exemptchanops: exemptions for channel access restrictions based on prefix.
exemptchanops="nonick:v flood:o"
# invitebypassmodes: This allows /invite to bypass other channel modes.
# (Such as +k, +j, +l, etc.)
invitebypassmodes="yes"
# nosnoticestack: This prevents snotices from 'stacking' and giving you
# the message saying '(last message repeated X times)'. Defaults to no.
nosnoticestack="no"
# welcomenotice: When turned on, this sends a NOTICE to connecting users
# with the text Welcome to <networkname>! after successful registration.
# Defaults to yes.
welcomenotice="yes">
#-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#
# #
<performance
# netbuffersize: Size of the buffer used to receive data from clients.
# The ircd may only read this amount of text in 1 go at any time.
netbuffersize="10240"
# somaxconn: The maximum number of connections that may be waiting
# in the accept queue. This is *NOT* the total maximum number of
# connections per server. Some systems may only allow this to be up
# to 5, while others (such as Linux and *BSD) default to 128.
somaxconn="128"
# limitsomaxconn: By default, somaxconn (see above) is limited to a
# safe maximum value in the 2.0 branch for compatibility reasons.
# This setting can be used to disable this limit, forcing InspIRCd
# to use the value specified above.
limitsomaxconn="true"
# softlimit: This optional feature allows a defined softlimit for
# connections. If defined, it sets a soft max connections value.
softlimit="1024"
# quietbursts: When syncing or splitting from a network, a server
# can generate a lot of connect and quit messages to opers with
# +C and +Q snomasks. Setting this to yes squelches those messages,
# which makes it easier for opers, but degrades the functionality of
# bots like BOPM during netsplits.
quietbursts="yes">
#-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#
# #
<security
# announceinvites: This option controls which members of the channel
# receive an announcement when someone is INVITEd. Available values:
# 'none' - don't send invite announcements
# 'all' - send invite announcements to all members
# 'ops' - send invite announcements to ops and higher ranked users
# 'dynamic' - send invite announcements to halfops (if available) and
# higher ranked users. This is the recommended setting.
announceinvites="dynamic"
# hidemodes: If enabled, then the listmodes given will be hidden
# from users below halfop. This is not recommended to be set on +b
# as it may break some functionality in popular clients such as mIRC.
hidemodes="eI"
# hideulines: If this value is set to yes, U-lined servers will
# be hidden from non-opers in /links and /map.
hideulines="no"
# flatlinks: If this value is set to yes, /map and /links will
# be flattened when shown to non-opers.
flatlinks="no"
# hidewhois: When defined, the given text will be used in place
# of the server a user is on when whoised by a non-oper. Most
# networks will want to set this to something like "*.netname.net"
# to conceal the actual server a user is on.
# Note that enabling this will cause users' idle times to only be
# shown when the format /WHOIS <nick> <nick> is used.
hidewhois=""
# hidebans: If this value is set to yes, when a user is banned ([gkz]lined)
# only opers will see the ban message when the user is removed
# from the server.
hidebans="no"
# hidekills: If defined, replaces who set a /kill with a custom string.
hidekills=""
# hidesplits: If enabled, non-opers will not be able to see which
# servers split in a netsplit, they will only be able to see that one
# occurred (If their client has netsplit detection).
hidesplits="yes"
# maxtargets: Maximum number of targets per command.
# (Commands like /notice, /privmsg, /kick, etc)
maxtargets="20"
# customversion: Displays a custom string when a user /version's
# the ircd. This may be set for security reasons or vanity reasons.
customversion=""
# operspywhois: show opers (users/auspex) the +s channels a user is in. Values:
# splitmsg Split with an explanatory message
# yes Split with no explanatory message
# no Do not show
operspywhois="yes"
# runasuser: If this is set, InspIRCd will attempt to switch
# to run as this user, which allows binding of ports under 1024.
# You should NOT set this unless you are starting as root.
# NOT SUPPORTED/NEEDED UNDER WINDOWS.
#runasuser="ircd"
# runasgroup: If this is set, InspIRCd will attempt to switch
# to run as this group, which allows binding of ports under 1024.
# You should NOT set this unless you are starting as root.
# NOT SUPPORTED/NEEDED UNDER WINDOWS.
#runasgroup="ircd"
# restrictbannedusers: If this is set to yes, InspIRCd will not allow users
# banned on a channel to change nickname or message channels they are
# banned on.
restrictbannedusers="yes"
# genericoper: Setting this value to yes makes all opers on this server
# appear as 'is an IRC operator' in their WHOIS, regardless of their
# oper type, however oper types are still used internally. This only
# affects the display in WHOIS.
genericoper="no"
# userstats: /stats commands that users can run (opers can run all).
userstats="Pu">
#-#-#-#-#-#-#-#-#-#-#-#-# LIMITS CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#
# #
# This configuration tag defines the maximum sizes of various types #
# on IRC, such as the maximum length of a channel name, and the #
# maximum length of a channel. Note that with the exception of the #
# identmax value all values given here are the exact values you would #
# expect to see on IRC. This contrasts with the older InspIRCd #
# releases where these values would be one character shorter than #
# defined to account for a null terminator on the end of the text. #
# #
# These values should match network-wide otherwise issues will occur. #
# #
# The highest safe value you can set any of these options to is 500, #
# but it is recommended that you keep them somewhat #
# near their defaults (or lower). #
<limits
# maxnick: Maximum length of a nickname.
maxnick="12"
# maxchan: Maximum length of a channel name.
maxchan="20"
# maxmodes: Maximum number of mode changes per line.
maxmodes="20"
# maxident: Maximum length of a ident/username.
maxident="64"
# maxquit: Maximum length of a quit message.
maxquit="255"
# maxtopic: Maximum length of a channel topic.
maxtopic="307"
# maxkick: Maximum length of a kick message.
maxkick="255"
# maxgecos: Maximum length of a GECOS (realname).
maxgecos="128"
# maxaway: Maximum length of an away message.
maxaway="200">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Logging
# -------
#
# Logging is covered with the <log> tag, which you may use to change
# the behaviour of the logging of the IRCd.
#
# In InspIRCd as of 1.2, logging is pluggable and very extensible.
# Different files can log the same thing, different 'types' of log can
# go to different places, and modules can even extend the log tag
# to do what they want.
#
# An example log tag would be:
# <log method="file" type="OPER" level="default" target="logs/opers.log">
# which would log all information on /oper (failed and successful) to
# a file called opers.log.
#
# There are many different types which may be used, and modules may
# generate their own. A list of useful types:
# - USERS - information relating to user connection and disconnection
# - OPER - succesful and failed oper attempts
# - KILL - kill related messages
# - snomask - server notices (*all* snomasks will be logged)
# - FILTER - messages related to filter matches (m_filter)
# - CONFIG - configuration related messages
# - COMMAND - die and restart messages, and messages related to unknown user types
# - SOCKET - socket engine informational/error messages
# - MODULE - module related messages
# - STARTUP - messages related to starting up the server
#
# You may also log *everything* by using a type of *, and subtract things out
# of that by using -TYPE - for example "* -USERINPUT -USEROUTPUT".
#
# Useful levels are:
# - default (general messages, including errors)
# - sparse (misc error messages)
# - debug (debug messages)
#
# Some types only produce output in the debug level, those are:
# - BANCACHE - ban cache debug messages
# - CHANNELS - information relating to joining/creating channels
# - CULLLIST - debug messages related to issues with removing users
# - RESOLVER - DNS related debug messages
# - CONNECTCLASS - Connection class debug messages
# - USERINPUT
# - USEROUTPUT
#
# The following log tag is highly default and uncustomised. It is recommended you
# sort out your own log tags. This is just here so you get some output.
<log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="/var/log/ircd.log">
#-#-#-#-#-#-#-#-#-#-#-#-#- WHOWAS OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# This tag lets you define the behaviour of the /whowas command of #
# your server. #
# #
<whowas
# groupsize: Maximum entries per nick shown when performing
# a /whowas nick.
groupsize="10"
# maxgroups: Maximum number of nickgroups that can be added to
# the list so that /whowas does not use a lot of resources on
# large networks.
maxgroups="100000"
# maxkeep: Maximum time a nick is kept in the whowas list
# before being pruned. Time may be specified in seconds,
# or in the following format: 1y2w3d4h5m6s. Minimum is
# 1 hour.
maxkeep="1d">
#-#-#-#-#-#-#-#-#-#-#-#-#-#- BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# The ban tags define nick masks, host masks and ip ranges which are #
# banned from your server. All details in these tags are local to #
# Your server. #
# #
#<badip ipmask="192.0.2.*" reason="Nope.">
<badnick nick="*Serv" reason="Reserved for Services">
<badhost host="*@*malware*" reason="Malware">
<badhost host="root@*" reason="Don't IRC as root!">
<exception host="{{ organization['admin'] }}@localhost" reason="localhost">
<exception host="{{ organization['admin'] }}@127.0.0.1" reason="localhost">
<exception host="{{ organization['admin'] }}@{{ external_domain }}" reason="localhost">
<exception host="{{ organization['admin'] }}@*.{{ external_domain }}" reason="localhost">
#-#-#-#-#-#-#-#-#-#-#- INSANE BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# This optional tag allows you to specify how wide a gline, eline, #
# kline, zline or qline can be before it is forbidden from being #
# set. By setting hostmasks="yes", you can allow all G, K, E lines, #
# no matter how many users the ban would cover. This is not #
# recommended! By setting ipmasks="yes", you can allow all Z lines, #
# no matter how many users these cover too. Needless to say we #
# don't recommend you do this, or, set nickmasks="yes", which will #
# allow any qline. #
# #
<insane
# hostmasks: Allow bans with insane hostmasks. (over-reaching bans)
hostmasks="no"
# ipmasks: Allow bans with insane ipmasks. (over-reaching bans)
ipmasks="no"
# nickmasks: Allow bans with insane nickmasks. (over-reaching bans)
nickmasks="no"
# trigger: What percentage of users on the network to trigger
# specifying an insane ban as. The default is 95.5%, which means
# if you have a 1000 user network, a ban will not be allowed if it
# will be banning 955 or more users.
trigger="99">
#########################################################################
# #
# - InspIRCd Development Team - #
# http://www.inspircd.org #
# #
#########################################################################

55
roles/IRC/templates/inspircd/links.conf.j2 Normal file
View File

@ -0,0 +1,55 @@
#-#-#-#-#-#-#-#-#-#-#- SERVER LINK CONFIGURATION -#-#-#-#-#-#-#-#-#-#
# #
# Defines which servers can link to this one, and which servers this #
# server may create outbound links to. #
# #
# ____ _ _____ _ _ ____ _ _ _ #
# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| #
# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) #
# #
# If you want to link servers to InspIRCd you must load the #
# m_spanningtree.so module! #
# #
# #
# Server link block
#<link name="hub.example.org"
# ipaddr="penguin.example.org"
# port="7000"
# allowmask="203.0.113.0/24"
# timeout="300"
# ssl="gnutls"
# bind="1.2.3.4"
# statshidden="no"
# hidden="no"
# sendpass="outgoing!password"
# recvpass="incoming!password">
{{ secrets['IRC']['links'] }}
# Link block for services. Options are the same as for the first
# link block (depending on what your services package supports).
<link name="ircservices.{{ external_domain }}"
ipaddr="core.{{ replica_domain }}"
port="8067"
allowmask="10.0.1.3/32"
sendpass="{{ secrets['IRC']['servicespass'] }}"
recvpass="{{ secrets['IRC']['servicespass'] }}">
# Simple autoconnect block. This enables automatic connection to a hub
#<autoconnect period="300" server="hub.example.org">
#<autoconnect period="120" server="hub.us.example.org hub.eu.example.org leaf.eu.example.org">
#-#-#-#-#-#-#-#-#-#-#-#- ULINES CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
# This tag defines a ulined server. A U-Lined server has special #
# permissions, and should be used with caution. Services servers are #
# usually u-lined in this manner. #
# #
# The 'silent' value, if set to yes, indicates that this server should#
# not generate quit and connect notices, which can cut down on noise #
# to opers on the network. #
# #
<uline server="ircservices.{{ external_domain }}" silent="no">

1900
roles/IRC/templates/inspircd/modules.conf.j2 Normal file
View File

File diff suppressed because it is too large Load Diff

45
roles/IRC/templates/inspircd/motd.txt.j2 Normal file
View File

@ -0,0 +1,45 @@
........................................
........................................
..................HHH...................
................HHHHHHHH................
.............HHHHHHHHHHHHH..............
..........HHHHHHH.....HHHHHHH...........
.......HHHHHHH...........HHHHHHH........
......HHHHH.................HHHHH.......
......HHH.....................HHH.......
......HHH.....HH....#.........HHH.......
......HHH.....HH.....###......HHH.......
......HHH.....HH........##....HHH.......
......HHH.....HH........##....HHH.......
......HHH.....HH.....###......HHH.......
......HHH.....HH....#.........HHH.......
......HHH.....................HHH.......
......HHHHH.................HHHHH.......
.......HHHHHHH...........HHHHHHH........
..........HHHHHHH......HHHHHHH..........
............HHHHHHH.HHHHHHH.............
...............HHHHHHHHH................
..................HHH...................
........................................
........................................
........................................
Welcome to the AniNIX/IRC secure chat system!
Reach out to ops and founders in #lobby if you
need any help.
You should check which channels you want to join.
Type the following to get a list:
/list
You will need to request an AniNIX/Sora LDAP
account from an op or founder in #lobby to be
able to log in. If you already have an account,
use the following to authenticate:
"/quote ns identify <password>"
For reference, check out the Wiki:
https://{{ external_domain }}/AniNIX/Wiki
User code of conduct is recorded below:
https://{{ external_domain }}/AniNIX/Wiki/src/branch/main/Policies/User_Ethics.md

118
roles/IRC/templates/inspircd/opers.conf.j2 Normal file
View File

@ -0,0 +1,118 @@
#-#-#-#-#-#-#-#-#-#-#-#- CLASS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
# #
# Classes are a group of commands which are grouped together and #
# given a unique name. They're used to define which commands #
# are available to certain types of Operators. #
# #
# #
# Note: It is possible to make a class which covers all available #
# commands. To do this, specify commands="*". This is not really #
# recommended, as it negates the whole purpose of the class system, #
# however it is provided for fast configuration (e.g. in test nets). #
# #
<class
name="Shutdown"
# commands: Oper-only commands that opers of this class can run.
commands="CLOSE DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOADMODULE GLOADMODULE GUNLOADMODULE GRELOADMODULE"
# privs: Special privileges that users with this class may utilise.
# VIEWING:
# - channels/auspex: allows opers with this priv to see more detail about channels than normal users.
# - users/auspex: allows opers with this priv to view more details about users than normal users, e.g. real host and IP.
# - servers/auspex: allows opers with this priv to see more detail about server information than normal users.
# ACTIONS:
# - users/mass-message: allows opers with this priv to PRIVMSG and NOTICE to a server mask (e.g. NOTICE $*)
# - channels/high-join-limit: allows opers with this priv to join <channels:opers> total channels instead of <channels:users> total channels.
# PERMISSIONS:
# - users/flood/no-fakelag: prevents opers from being penalized with fake lag for flooding (*NOTE)
# - users/flood/no-throttle: allows opers with this priv to send commands without being throttled (*NOTE)
# - users/flood/increased-buffers: allows opers with this priv to send and receive data without worrying about being disconnected for exceeding limits (*NOTE)
#
# *NOTE: These privs are potentially dangerous, as they grant users with them the ability to hammer your server's CPU/RAM as much as they want, essentially.
privs="users/auspex channels/auspex servers/auspex users/mass-message channels/high-join-limit users/flood/no-throttle users/flood/increased-buffers channels/ignore-noctcp channels/restricted-create users/ignore-commonchans users/ignore-noctcp users/ignore-privdeaf users/samode-usermodes"
# usermodes: Oper-only usermodes that opers with this class can use.
usermodes="*"
# chanmodes: Oper-only channel modes that opers with this class can use.
chanmodes="*">
<class name="SACommands" commands="SAJOIN SAPART SANICK SAQUIT SATOPIC SAKICK SAMODE OJOIN CHECK">
<class name="ServerLink" commands="CONNECT SQUIT RCONNECT RSQUIT MKPASSWD ALLTIME SWHOIS JUMPSERVER LOCKSERV UNLOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex">
<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES CBAN CLOSE" usermodes="*" chanmodes="*">
<class name="OperChat" commands="WALLOPS GLOBOPS" usermodes="*" chanmodes="*" privs="users/mass-message">
<class name="HostCloak" commands="SETHOST SETIDENT SETIDLE CHGNAME CHGHOST CHGIDENT" usermodes="*" chanmodes="*" privs="users/auspex">
#-#-#-#-#-#-#-#-#-#-#-#- OPERATOR COMPOSITION -#-#-#-#-#-#-#-#-#-#-#
# #
# This is where you specify which types of operators you have on #
# your server, as well as the commands they are allowed to use. #
# This works alongside with the classes specified above. #
# #
<type
# name: Name of type. Used in actual server operator accounts below.
# Cannot contain spaces. If you would like a space, use
# the _ character instead and it will translate to a space on whois.
name="NetAdmin"
# classes: Classes (blocks above) that this type belongs to.
classes="SACommands OperChat BanControl HostCloak Shutdown ServerLink"
# vhost: Host opers of this type get when they log in (oper up). This is optional.
vhost="{{ external_domain }}"
# modes: User modes besides +o that are set on an oper of this type
# when they oper up. Used for snomasks and other things.
# Requires that m_opermodes.so be loaded.
# Set all watchlists for NetAdmins.
modes="+s +aAcCjkKlLoOqQr">
<type name="GlobalOp" classes="SACommands OperChat BanControl HostCloak ServerLink" vhost="{{ external_domain }}">
<type name="Helper" classes="HostCloak" vhost="{{ external_domain }}">
#-#-#-#-#-#-#-#-#-#-#- OPERATOR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
# #
# Opers are defined here. This is a very important section. #
# Remember to only make operators out of trustworthy people. #
# #
# Unhashed operblock
#<oper
# name="Brain"
# password="youshouldhashthis"
# host="brain@dialup15.isp.test.com *@localhost *@example.com *@2001:db8::/32"
# #fingerprint="67cb9dc013248a829bb2171ed11becd4"
# type="NetAdmin">
#
{% for oper in secrets['IRC']['opers'] %}
<oper name="{{ oper }}" password="{{ secrets['IRC']['opers'][oper] }}" hash="sha256" host="*@127.0.0.1 *@10.0.1.* *@localhost *@aninix.net" type="Helper">
{% endfor %}
#-#-#-#-#-#-#-#-#-#- DIE/RESTART CONFIGURATION -#-#-#-#-#-#-#-#-#-#-
# #
# You can configure the passwords here which you wish to use for #
# the /DIE and /RESTART commands. Only trusted ircops who will #
# need this ability should know the die and restart password. #
# #
<power
# hash: what hash these passwords are hashed with.
# Requires the module for selected hash (m_md5.so, m_sha256.so
# or m_ripemd160.so) be loaded and the password hashing module
# (m_password_hash.so) loaded.
# Options here are: "md5", "sha256" and "ripemd160", or one of
# these prefixed with "hmac-", e.g.: "hmac-sha256".
# Optional, but recommended. Create hashed passwords with:
# /mkpasswd <hash> <password>
hash="sha256"
# diepass: Password for opers to use if they need to shutdown (die)
# a server.
diepass="{{ secrets['IRC']['diepass'] }}"
# restartpass: Password for opers to use if they need to restart
# a server.
restartpass="{{ secrets['IRC']['restartpass'] }}">

4
roles/IRC/templates/inspircd/rules.txt.j2 Normal file
View File

@ -0,0 +1,4 @@
1) Be respectful and do not use the AniNIX for malicious actions.
2) Follow the Hacker Ethic.
3) Contribute, rather than detract, from any community.
Reach out to DarkFeather if you have questions.

259
roles/IRC/templates/kiwiirc/config.js.j2 Normal file
View File

@ -0,0 +1,259 @@
var conf = {};
// Run the Kiwi server under a different user/group
conf.user = "ircd";
conf.group = "ircd";
// Log file location
conf.log = "kiwi.log";
/*
* Server listen blocks
*/
// Do not edit this line!
conf.servers = [];
// Example server block
conf.servers.push({
port: 7778,
address: "127.0.0.1"
});
// Example SSL server block
//conf.servers.push({
// port: 7777,
// address: "0.0.0.0",
//
// ssl: true,
// ssl_key: "server.key",
// ssl_cert: "cert.pem"
//});
// Network interface for outgoing connections
conf.outgoing_address = {
IPv4: '0.0.0.0'
//IPv6: '::'
};
// Do we want to enable the built in Identd server?
conf.identd = {
enabled: false,
port: 113,
address: "0.0.0.0"
};
// Where the client files are
conf.public_http = "client/";
// Transports available to the client.
// Behind an Apache reverse proxy? Uncomment the below - Apache does not support websockets!
//conf.client_transports = ['polling'];
// Max connections per connection. 0 to disable
conf.max_client_conns = 5;
// Max connections per server. 0 to disable.
// Setting is ignored if:
// - There is a WEBIRC password configured for the server,
// - Kiwi is configured to send the client's ip as a username for the server, or
// - Kiwi is running in restricted server mode.
conf.max_server_conns = 0;
/*
* Default encoding to be used by the server
* As specified and limited to iconv-lite library support.
*/
conf.default_encoding = 'utf8';
/*
* Default GECOS (real name) for IRC connections
* %n will be replaced with the users nick
* %h will be replaced with the users hostname
*/
conf.default_gecos = '%n@%h is using a Web IRC client';
/*
* Default ident / username for IRC connections
* %n will be replaced with the users nick
* %h will be replaced with the users hostname
* %i will be replaced with a hexed value of the users IP
*/
conf.default_ident = '%i';
/*
* Default quit message
* If a browser gets disconnected without sending a QUIT command, this
* message will be used instead.
*/
conf.quit_message = 'http://www.kiwiirc.com/ - A hand-crafted IRC client';
/*
* Auto reconnect if the IRC server disconnects a kiwi user
* Hundreds of connected users getting disconnected then reconnecting at once may see
* high CPU usage causing further dropouts. Set to false if under high usage.
*/
conf.ircd_reconnect = true;
/*
* Client side plugins
* Array of URLs that will be loaded into the browser when the client first loads up
* See http://github.com/prawnsalad/KiwiIRC/wiki/Client-plugins
*/
conf.client_plugins = [
// "http://server.com/kiwi/plugins/myplugin.html"
];
// Directory to find the server modules
conf.module_dir = "../server_modules/";
// Which modules to load
conf.modules = [
// Open a TCP port to control the Kiwi server (default port 8888)
// "control",
// Automatically reload CSS files when a theme changes
// "client_file_watcher",
];
// WebIRC password enabled for this server
conf.webirc_pass = "";
// Use the above *OR* the below webirc_pass option
// Multiple WebIRC passwords may be used for multiple servers
//conf.webirc_pass = {
// "irc.network.com": "configured_webirc_password",
// "127.0.0.1": "foobar"
//};
// Whether to verify IRC servers' SSL certificates against built-in well-known certificate authorities
conf.reject_unauthorised_certificates = false;
/*
* Reverse proxy settings
* Reverse proxies that have been reported to work can be found at:
* https://kiwiirc.com/docs/installing/proxies
*/
// Whitelisted HTTP proxies in CIDR format
conf.http_proxies = ["127.0.0.1/32"];
// Header that contains the real-ip from the HTTP proxy
conf.http_proxy_ip_header = "x-forwarded-for";
// Base HTTP path to the KIWI IRC client (eg. /kiwi)
conf.http_base_path = "/kiwi";
/*
* SOCKS (version 5) proxy settings
* This feature is only available on node 0.10.0 and above.
* Do not enable it if you're running 0.8 or below or Bad Things will happen.
*/
conf.socks_proxy = {};
// Enable proxying outbound connections through a SOCKS proxy
conf.socks_proxy.enabled = false;
// Proxy *all* outbound connections through a SOCKS proxy
conf.socks_proxy.all = false;
// Use SOCKS proxy for these hosts only (if conf.sock_proxy.all === false)
conf.socks_proxy.proxy_hosts = [
"irc.{{ external_domain }}"
];
// Host and port for the SOCKS proxy
conf.socks_proxy.address = '127.0.0.1';
conf.socks_proxy.port = 1080;
// Username and password for the SOCKS proxy
// Set user to null to disable password authentication
conf.socks_proxy.user = null;
conf.socks_proxy.pass = null;
// Default settings for the client. These may be changed in the browser
conf.client = {
server: 'localhost',
port: 6667,
ssl: false,
channel: '#lobby',
channel_key: '',
nick: 'kiwi_?',
settings: {
theme: 'cli',
text_theme: 'default',
channel_list_style: 'tabs',
scrollback: 250,
show_joins_parts: true,
show_timestamps: false,
use_24_hour_timestamps: true,
mute_sounds: false,
show_emoticons: true,
ignore_new_queries: false,
count_all_activity: false,
show_autocomplete_slideout: true,
locale: null // null = use the browser locale settings
},
window_title: '{{ organization['displayname'] }}/IRC | KiwiIRC Webchat'
};
// List of themes available for the user to choose from
conf.client_themes = [
'relaxed',
'mini',
'cli',
'basic'
];
// If set, the client may only connect to this 1 IRC server
conf.restrict_server = "127.0.0.1";
conf.restrict_server_port = 6667;
conf.restrict_server_ssl = false;
//conf.restrict_server_password = "";
/*
* If running multiple kiwi servers you may specify them here.
* Note: All kiwi servers must have the same conf.http_base_path config option.
*
* To force the client to connect to one other kiwi server, use:
* conf.client.kiwi_server = 'https://kiwi-server2.com';
*
* To force the client to connect to a random kiwi server from a list, use:
* conf.client.kiwi_server = ['https://kiwi-server1.com', 'https://kiwi-server2.com'];
*/
//conf.client.kiwi_server = '';
/*
* Do not amend the below lines unless you understand the changes!
*/
module.exports.production = conf;