diff --git a/roles/IRC/README.md b/roles/IRC/README.md
index bae4bf2..2096fb5 100644
--- a/roles/IRC/README.md
+++ b/roles/IRC/README.md
@@ -1,53 +1,53 @@
-IRC is a chat system used by members of the AniNIX network. See [[IRC#Available Clients|Available Clients]] for access methods.
+IRC is a chat system used by members of the AniNIX network.
# Etymology
-[https://en.wikipedia.org/wiki/IRC IRC] stands for Internet Relay Chat -- it is a method of text-based communication across the network via various servers. IRC has long been the self-hosted communication medium of choice for hackers, developers, and the fringe -- though overall adoption has dropped a bit with the rise of other social media, networks like [https://freenode.org Freenode] are growing. IRChttps://royal.pingdom.com/2012/04/24/irc-is-dead-long-live-irc/ is moving to the hacker niche, and we follow along.
+[IRC](https://en.wikipedia.org/wiki/IRC) stands for Internet Relay Chat -- it is a method of text-based communication across the network via various servers. IRC has long been the self-hosted communication medium of choice for hackers, developers, and the fringe -- though overall adoption has dropped a bit with the rise of other social media, networks like [Libera](https://libera.chat/) are [still growing](https://royal.pingdom.com/2012/04/24/irc-is-dead-long-live-irc/). IRC is moving to the hacker niche, and we follow along.
# Relevant Files and Software
The configuration for the IRC service is divided into two parts -- the daemon and services.
+
## InspIRCd
-The IRC daemon is powered by [https://inspircd.org/ InspIRCd 2][[Category:InspIRCd]]. Relevant configuration is in [file:///etc/inspircd/inspircd.conf the conf file] and it logs to [file:///var/log/inspircd/startup.log startup.log].
+The IRC daemon is powered by [InspIRCd](https://inspircd.org/). Relevant configuration is in `/etc/inspircd/` and it logs to journald.
+
## Anope
-The services component is supplied by [https://www.anope.org/ Anope 2][[Category:Anope]]. Relevant configuration is in [file:///etc/anope/services.conf the services.conf] and it logs to the [file:///var/log/anope/ the anope log].
+The services component is supplied by [Anope](https://www.anope.org/). Relevant configuration is in [the services.conf](file:///etc/anope/services.conf) and it logs to the [its own log](file:///var/log/anope/).
-Anope also takes backups of [file:///var/db/anope/anope.db the anope database] to the backups folder in the same location. [[Category:TODO]]
+Anope also takes backups of [the anope database](file:///var/db/anope/anope.db) to the backups folder in the same location.
-Caution: Anope with version 2.0.3 has some issues with gcc6. If you start encountering segmentation faults with Anope, sign in to [[irc://anope.org#anope The Anope support IRC]]. Script a run of "sudo -u ircd gdb /usr/bin/services core". Enter "r " and when it crashes run "bt full". Quit out of everything and pastebin the file. Provide this to the support staff.
+Caution: Anope with version 2.0.3 has some issues with gcc6. If you start encountering segmentation faults with Anope, sign in to `irc://anope.org#anope` (the Anope support IRC network). Script a run of "sudo -u ircd gdb /usr/bin/services core". Enter `r ` and when it crashes run `bt full`. Quit out of everything and pastebin the file. Provide this to the support staff.
+
+Caution: Arch's packaged version of Anope may be missing critical LDAP modules. We still install the package, but you may need to use a localized install in /opt to get it working.
Anope Services' NickServ authentication can be linked to [[Sora|AniNIX::Sora]] for unified credentials.[[Category:LDAP]]
### Service entities
-The following entities can be messaged personally (PM'ed) for help with "/msg help
+The following entities can be messaged personally (PM'ed) for help with `/msg help` from inside an IRC client.
-
-[[Category:Public_Service]]
* NickServ will manage IRC nicknames.
* HostServ will manage IRC virtual hosts, to mask IP's.
* ChanServ will manage IRC channels -- new channels can be registered on the network here.
* MemoServ will manage IRC memos (short text-message-like messages between users).
# Available Clients
-You will need to use your own client. All IRC clients will connect to the service by providing the following information:
+A [simple web client](https://irc.aninix.net) is hosted.
+
+For more advanced options like logging, you will need to use your own client. All IRC clients will connect to the service by providing the following information:
* Host: aninix.net
* Port: 6697
-* The client should accept invalid certificates.
+* The client should accept only valid certificates.
* The client should automatically join the #lobby channel.
* The client should provide a nickname and NickServ password that the user intends to use.
### Clients by OS
Some example clients can be found here.
-* Linux hosts are strongly recommended to use [https://wiki.archlinux.org/index.php/Weechat weechat] inside [https://wiki.archlinux.org/index.php/Tmux tmux] with the [https://weechat.org/themes/source/crym.theme.html/ crym theme], though a Hexchat version is also available.
-* Windows hosts can connect to this service using [https://hexchat.github.io/ HexChat].
-* Mac hosts can use [http://colloquy.info/downloads.html Colloquy].
-* Android hosts can use [http://www.duckspike.net/andchat/ Andchat].
-* iOS devices should use [http://colloquy.info/downloads.html Colloquy's mobile version].
+* Linux hosts are strongly recommended to use [weechat](https://wiki.archlinux.org/index.php/Weechat) inside [tmux](https://wiki.archlinux.org/index.php/Tmux).
+* Windows hosts can connect to this service using [HexChat](https://hexchat.github.io/).
+* Mac and iOS hosts can use [Colloquy](http://colloquy.info/downloads.html).
+* Android hosts can use [AndChat](http://www.duckspike.net/andchat/).
# Equivalents or Competition
-Rivals to IRC include other IRC networks like [http://freenode.net Freenode], mail services like [https://inbox.google.com Google Inbox], and other chat systems like Slack, Microsoft Teams, Discord, Snapchat, WhatsApp, etc. We use Discord to provide new users with a Web-only bridge to the IRC network at https://aninix.net/irc/ -- [[IRC/Discord Bridge|documentation for our Discord hosting]] is also available..
-
-# Additional Reference
-{{:IRC/Commands and Modes}}
-
-### Helpful Reading
+Rivals to IRC include other IRC networks like Libera, mail services like [Gmail](https://mail.google.com), and other chat systems like Slack, Microsoft Teams, Discord, Snapchat, WhatsApp, etc. We use Discord to provide new users with a Web-only bridge to the IRC network, but most features are only available within our own network.
# Additional Reference
+* [IRCHelp.org for operators](https://www.irchelp.org/ircd/ircopguide.html)
+* [InspIRCd modes reference](https://docs.inspircd.org/3/user-modes/)
diff --git a/roles/IRC/files/services/irc.service b/roles/IRC/files/services/irc.service
new file mode 100644
index 0000000..1c3055f
--- /dev/null
+++ b/roles/IRC/files/services/irc.service
@@ -0,0 +1,17 @@
+[Unit]
+Description=AniNIX/IRC daemon
+Requires=network.target
+After=network.target
+
+[Service]
+Type=forking
+PIDFile=/var/lib/inspircd/inspircd.pid
+ExecStart=/usr/lib/inspircd/inspircd start
+ExecReload=/usr/lib/inspircd/inspircd rehash
+ExecStop=/usr/lib/inspircd/inspircd stop
+Restart=always
+User=ircd
+Group=ircd
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/IRC/files/services/ircservices.service b/roles/IRC/files/services/ircservices.service
new file mode 100644
index 0000000..044cae1
--- /dev/null
+++ b/roles/IRC/files/services/ircservices.service
@@ -0,0 +1,16 @@
+[Unit]
+Description=AniNIX/IRC | Anope Services
+Requires=network.target
+After=network.target
+
+[Service]
+Type=simple
+PIDFile=/run/anope/anope.pid
+ExecStart=/opt/anope/bin/services --confdir=/etc/anope/ --dbdir=/opt/anope/data --localedir=/opt/anope/locale --logdir=/var/log/anope --modulesdir=/opt/anope/lib --nofork
+ExecReload=/bin/kill -1 $MAINPID
+Restart=always
+User=ircd
+Group=ircd
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/IRC/files/services/ircweb.service b/roles/IRC/files/services/ircweb.service
new file mode 100644
index 0000000..662326e
--- /dev/null
+++ b/roles/IRC/files/services/ircweb.service
@@ -0,0 +1,15 @@
+[Unit]
+Description=AniNIX/IRC Web Client
+After=network.target irc.service ircservices.service
+
+[Service]
+WorkingDirectory=/usr/local/src/KiwiIRC/
+ExecStart=/bin/sh ./kiwi -f
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=control-group
+Restart=always
+User=ircd
+Group=ircd
+
+[Install]
+WantedBy=multi-user.target
diff --git a/roles/IRC/tasks/bots.yml b/roles/IRC/tasks/bots.yml
new file mode 100644
index 0000000..630f731
--- /dev/null
+++ b/roles/IRC/tasks/bots.yml
@@ -0,0 +1,29 @@
+---
+
+ - user:
+ name: "{{ item }}"
+ state: present
+ shell: "{{ daemon_shell | default('/sbin/nologin') }}"
+ local: yes
+ groups: ircd
+ loop:
+ - bitbot
+ - dsbridge
+ - theraven
+ - werewolf
+
+ # Install TheRaven package
+ - package:
+ name:
+ - TheRaven
+
+ - git:
+ repo: 'https://github.com/jesopo/bitbot.git'
+ dest: /usr/local/src/bitbot/
+ clone: yes
+ update: yes
+
+ - git:
+ repo:
+
+ -
diff --git a/roles/IRC/tasks/daemon.yml b/roles/IRC/tasks/daemon.yml
new file mode 100644
index 0000000..98cba5a
--- /dev/null
+++ b/roles/IRC/tasks/daemon.yml
@@ -0,0 +1,60 @@
+---
+
+ - name: Ensure directory permissions
+ become: yes
+ file:
+ state: directory
+ path: "{{ item }}"
+ owner: ircd
+ group: ircd
+ mode: 0750
+ loop:
+ - "/var/log/inspircd"
+ - "/etc/inspircd"
+
+ - name: Copy config and fill in attributes
+ register: templatefiles
+ become: yes
+ template:
+ src: "inspircd/{{ item }}.j2"
+ dest: "/etc/inspircd/{{ item }}"
+ owner: ircd
+ group: ircd
+ mode: 0600
+ loop:
+ - inspircd.conf
+ - modules.conf
+ - links.conf
+ - opers.conf
+ - rules.txt
+ - motd.txt
+
+ - name: Copy service file
+ become: yes
+ register: servicesfile
+ copy:
+ src: services/irc.service
+ dest: /usr/lib/systemd/system/irc.service
+ owner: root
+ group: root
+ mode: 0644
+
+ - name: Reload services
+ when: servicesfile.changed
+ become: yes
+ systemd:
+ daemon_reload: true
+
+ - name: Ensure service running
+ become: yes
+ service:
+ name: irc
+ state: started
+ enabled: yes
+
+ - name: Reload on config change
+ become: yes
+ when: templatefiles.changed or servicesfile.changed
+ service:
+ name: irc
+ state: reloaded
diff --git a/roles/IRC/tasks/main.yml b/roles/IRC/tasks/main.yml
index 0107254..bbd6614 100644
--- a/roles/IRC/tasks/main.yml
+++ b/roles/IRC/tasks/main.yml
@@ -8,12 +8,11 @@
- anope
- TheRaven
- - name: KiwiIRC Web Front
- become: yes
- git:
- repo: https://github.com/prawnsalad/KiwiIRC.git
- dest: /usr/local/src/KiwiIRC
+ - include_tasks: daemon.yml
+ - include_tasks: services.yml
+ - include_tasks: web.yml
+ #- include_tasks: bots.yml
diff --git a/roles/IRC/tasks/services.yml b/roles/IRC/tasks/services.yml
new file mode 100644
index 0000000..83e40fb
--- /dev/null
+++ b/roles/IRC/tasks/services.yml
@@ -0,0 +1,65 @@
+---
+
+ - name: Ensure directory permissions
+ become: yes
+ file:
+ state: directory
+ path: "{{ item }}"
+ owner: ircd
+ group: ircd
+ mode: 0700
+ loop:
+ - "/etc/anope"
+ - "/opt/anope"
+ - "/opt/anope/data"
+ - "/var/log/anope"
+
+ - name: Copy config and fill in attributes
+ register: templatefiles
+ become: yes
+ template:
+ src: "anope/{{ item }}.j2"
+ dest: "/etc/anope/{{ item }}"
+ owner: ircd
+ group: ircd
+ mode: 0600
+ loop:
+ - botserv.conf
+ - chanserv.conf
+ - global.conf
+ - hostserv.conf
+ - memoserv.conf
+ - modules.conf
+ - nickserv.conf
+ - operserv.conf
+ - services.conf
+
+ - name: Copy service file
+ become: yes
+ register: servicesfile
+ copy:
+ src: services/ircservices.service
+ dest: /usr/lib/systemd/system/ircservices.service
+ owner: root
+ group: root
+ mode: 0644
+
+ - name: Reload services
+ when: servicesfile.changed
+ become: yes
+ systemd:
+ daemon_reload: true
+
+ - name: Ensure service running
+ become: yes
+ service:
+ name: ircservices
+ state: started
+ enabled: yes
+
+ - name: Reload on config change
+ become: yes
+ when: templatefiles.changed or servicesfile.changed
+ service:
+ name: ircservices
+ state: reloaded
diff --git a/roles/IRC/tasks/web.yml b/roles/IRC/tasks/web.yml
new file mode 100644
index 0000000..e17960c
--- /dev/null
+++ b/roles/IRC/tasks/web.yml
@@ -0,0 +1,56 @@
+---
+
+ - name: Clone KiwiIRC
+ become: yes
+ git:
+ repo: https://github.com/prawnsalad/KiwiIRC.git
+ dest: /usr/local/src/KiwiIRC
+ update: no
+
+ - name: Update permissions
+ become: yes
+ file:
+ path: /usr/local/src/KiwiIRC
+ recurse: yes
+ owner: ircd
+ group: ircd
+
+ - name: Populate config
+ become: yes
+ register: config
+ template:
+ src: kiwiirc/config.js.j2
+ dest: /usr/local/src/KiwiIRC/config.js
+ owner: ircd
+ group: ircd
+ mode: 0600
+
+ - name: Copy service file
+ become: yes
+ register: servicesfile
+ copy:
+ src: services/ircweb.service
+ dest: /usr/lib/systemd/system/ircweb.service
+ owner: root
+ group: root
+ mode: 0644
+
+ - name: Reload services
+ when: servicesfile.changed
+ become: yes
+ systemd:
+ daemon_reload: true
+
+ - name: Ensure service running
+ become: yes
+ service:
+ name: ircweb
+ state: started
+ enabled: yes
+
+ - name: Reload on config change
+ become: yes
+ when: config.changed or servicesfile.changed
+ service:
+ name: ircweb
+ state: reloaded
diff --git a/roles/IRC/templates/anope/botserv.conf.j2 b/roles/IRC/templates/anope/botserv.conf.j2
new file mode 100644
index 0000000..a00c6e2
--- /dev/null
+++ b/roles/IRC/templates/anope/botserv.conf.j2
@@ -0,0 +1,404 @@
+/*
+ * Example configuration file for BotServ.
+ */
+
+/*
+ * First, create the service. If you do not want to have a 'BotServ', but do want the ability to have
+ * ChanServ assigned to channels for the use of fantasy commands, you may delete the below 'service' block.
+ *
+ * Note that deleting a 'service' block for a pseudoclient that is already online will not remove the
+ * client, the client becomes no different from a normal service bot, so you will have to use botserv/bot
+ * to manually delete the client.
+ *
+ * You may then want to map some of the below commands to other services, like placing botserv/bot on
+ * OperServ so you can delete the below client, and mapping assign and unassign to ChanServ so users are
+ * able to control whether or not ChanServ is in the channel. You may also want to map botserv/set/nobot
+ * to OperServ so you can restrict who can assign the other core service clients.
+ */
+service
+{
+ /*
+ * The name of the BotServ client.
+ * If you change this value, you probably want to change the client directive in the configuration for the botserv module too.
+ */
+ nick = "BotServ"
+
+ /*
+ * The username of the BotServ client.
+ */
+ user = "services"
+
+ /*
+ * The hostname of the BotServ client.
+ */
+ host = "ircservices.{{ external_domain }}"
+
+ /*
+ * The realname of the BotServ client.
+ */
+ gecos = "Bot Service"
+
+ /*
+ * The modes this client should use.
+ * Do not modify this unless you know what you are doing.
+ *
+ * These modes are very IRCd specific. If left commented, sane defaults
+ * are used based on what protocol module you have loaded.
+ *
+ * Note that setting this option incorrectly could potentially BREAK some, if
+ * not all, usefulness of the client. We will not support you if this client is
+ * unable to do certain things if this option is enabled.
+ */
+ #modes = "+o"
+
+ /*
+ * An optional comma separated list of channels this service should join. Outside
+ * of log channels this is not very useful, as the service will just idle in the
+ * specified channels, and will not accept any types of commands.
+ *
+ * Prefixes may be given to the channels in the form of mode characters or prefix symbols.
+ */
+ #channels = "@#services,#mychan"
+}
+
+/*
+ * Core BotServ module.
+ *
+ * Provides essential functionality for BotServ.
+ */
+module
+{
+ name = "botserv"
+
+ /*
+ * The name of the client that should be BotServ.
+ *
+ * This directive is optional.
+ */
+ client = "BotServ"
+
+ /*
+ * The default bot options for newly registered channels. Note that changing these options
+ * will have no effect on channels which are already registered. The list must be separated
+ * by spaces.
+ *
+ * The options are:
+ * - dontkickops: Channel operators will be protected against BotServ kicks
+ * - dontkickvoices: Voiced users will be protected against BotServ kicks
+ * - greet: The channel's BotServ bot will greet incoming users that have set a greet
+ * in their NickServ settings
+ * - fantasy: Enables the use of BotServ fantasy commands in the channel
+ *
+ * This directive is optional, if left blank, there will be no defaults.
+ */
+ defaults = "greet fantasy"
+
+ /*
+ * The minimum number of users there must be in a channel before the bot joins it. The best
+ * value for this setting is 1 or 2. This can be 0, the service bots will not part unless
+ * specifically unassigned, and will keep the channel open.
+ */
+ minusers = 1
+
+ /*
+ * The bots are currently not affected by any modes or bans when they try to join a channel.
+ * But some people may want to make it act like a real bot, that is, for example, remove all
+ * the bans affecting the bot before joining the channel, remove a ban that affects the bot
+ * set by a user when it is in the channel, and so on. Since it consumes a bit more CPU
+ * time, you should not enable this on larger networks.
+ *
+ * This directive is optional.
+ */
+ #smartjoin = yes
+
+ /*
+ * Modes to set on service bots when they join channels, comment this out for no modes
+ *
+ * This directive is optional.
+ */
+ botmodes = "ao"
+
+ /*
+ * User modes to set on service bots. Read the comment about the service:modes directive
+ * on why this can be a bad idea to set.
+ */
+ #botumodes = "i"
+}
+
+/*
+ * Core BotServ commands.
+ *
+ * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
+ * are loaded you can then configure the commands to be added to any client you like with any name you like.
+ *
+ * Additionally, you may provide a permission name that must be in the opertype of users executing the command.
+ *
+ * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
+ */
+
+/* Give it a help command. */
+command { service = "BotServ"; name = "HELP"; command = "generic/help"; }
+
+/*
+ * bs_assign
+ *
+ * Provides the commands:
+ * botserv/assign - Used to assign BotServ bots to channels
+ * botserv/unassign - Used to unassign BotServ bots
+ * botserv/set/nobot - Used to prohibit channels from being assigned BotServ bots.
+ *
+ * Used for assigning and unassigning bots to channels.
+ */
+module { name = "bs_assign" }
+command { service = "BotServ"; name = "ASSIGN"; command = "botserv/assign"; }
+command { service = "BotServ"; name = "UNASSIGN"; command = "botserv/unassign"; }
+command { service = "BotServ"; name = "SET NOBOT"; command = "botserv/set/nobot"; permission = "botserv/set/nobot"; }
+
+/*
+ * bs_autoassign
+ *
+ * Allows service bots to be automatically assigned to channels upon registration.
+ */
+#module
+{
+ name = "bs_autoassign"
+
+ /*
+ * Automatically assign ChanServ to channels upon registration.
+ */
+ bot = "ChanServ"
+}
+
+/*
+ * bs_badwords
+ *
+ * Provides the command botserv/badwords.
+ *
+ * Used for controlling the channel badword list.
+ */
+module
+{
+ name = "bs_badwords"
+
+ /*
+ * The maximum number of entries a single bad words list can have.
+ */
+ badwordsmax = 32
+
+ /*
+ * If set, BotServ will use case sensitive checking for badwords.
+ *
+ * This directive is optional.
+ */
+ #casesensitive = yes
+}
+command { service = "BotServ"; name = "BADWORDS"; command = "botserv/badwords"; }
+
+/*
+ * bs_bot
+ *
+ * Provides the command botserv/bot.
+ *
+ * Used for administrating BotServ bots.
+ */
+module { name = "bs_bot" }
+command { service = "BotServ"; name = "BOT"; command = "botserv/bot"; permission = "botserv/bot"; }
+
+/*
+ * bs_botlist
+ *
+ * Provides the command botserv/botlist.
+ *
+ * Used for listing all available bots.
+ */
+module { name = "bs_botlist" }
+command { service = "BotServ"; name = "BOTLIST"; command = "botserv/botlist"; }
+
+/*
+ * bs_control
+ *
+ * Provides the commands botserv/act and botserv/say.
+ *
+ * Used for making the bot message a channel.
+ */
+module { name = "bs_control" }
+command { service = "BotServ"; name = "ACT"; command = "botserv/act"; }
+command { service = "BotServ"; name = "SAY"; command = "botserv/say"; }
+
+/*
+ * bs_info
+ *
+ * Provides the command botserv/info.
+ *
+ * Used for getting information on bots or channels.
+ */
+module { name = "bs_info" }
+command { service = "BotServ"; name = "INFO"; command = "botserv/info"; }
+
+/*
+ * bs_kick
+ *
+ * Provides the commands:
+ * botserv/kick - Dummy help wrapper for the KICK command.
+ * botserv/kick/amsg - Configures BotServ's AMSG kicker.
+ * botserv/kick/badwords - Configures BotServ's badwords kicker.
+ * botserv/kick/bolds - Configures BotServ's bold text kiceker.
+ * botserv/kick/caps - Configures BotServ's capital letters kicker.
+ * botserv/kick/colors - Configures BotServ's color kicker.
+ * botserv/kick/flood - Configures BotServ's flood kicker.
+ * botserv/kick/italics - Configures BotServ's italics kicker.
+ * botserv/kick/repeat - Configures BotServ's repeat kicker.
+ * botserv/kick/reverses - Configures BotServ's reverse kicker.
+ * botserv/kick/underlines - Configures BotServ's reverse kicker.
+ * botserv/set/dontkickops - Used for preventing BotServ from kicking channel operators.
+ * botserv/set/dontkickvoices - Used for preventing BotServ from kicking voices.
+ *
+ * Used for configuring what bots should kick for.
+ */
+module
+{
+ name = "bs_kick"
+
+ /*
+ * The amount of time that data for a user is valid in BotServ. If the data exceeds this time,
+ * it is reset or deleted depending on the case. Do not set it too high, otherwise your
+ * resources will be slightly affected.
+ */
+ keepdata = 10m
+
+ /*
+ * If set, the bots will use a kick reason that does not state the word when it is kicking.
+ * This is especially useful if you have young people on your network.
+ *
+ * This directive is optional.
+ */
+ gentlebadwordreason = yes
+}
+command { service = "BotServ"; name = "KICK"; command = "botserv/kick"; }
+command { service = "BotServ"; name = "KICK AMSG"; command = "botserv/kick/amsg"; }
+command { service = "BotServ"; name = "KICK BADWORDS"; command = "botserv/kick/badwords"; }
+command { service = "BotServ"; name = "KICK BOLDS"; command = "botserv/kick/bolds"; }
+command { service = "BotServ"; name = "KICK CAPS"; command = "botserv/kick/caps"; }
+command { service = "BotServ"; name = "KICK COLORS"; command = "botserv/kick/colors"; }
+command { service = "BotServ"; name = "KICK FLOOD"; command = "botserv/kick/flood"; }
+command { service = "BotServ"; name = "KICK ITALICS"; command = "botserv/kick/italics"; }
+command { service = "BotServ"; name = "KICK REPEAT"; command = "botserv/kick/repeat"; }
+command { service = "BotServ"; name = "KICK REVERSES"; command = "botserv/kick/reverses"; }
+command { service = "BotServ"; name = "KICK UNDERLINES"; command = "botserv/kick/underlines"; }
+
+command { service = "BotServ"; name = "SET DONTKICKOPS"; command = "botserv/set/dontkickops"; }
+command { service = "BotServ"; name = "SET DONTKICKVOICES"; command = "botserv/set/dontkickvoices"; }
+
+
+/*
+ * bs_set
+ *
+ * Provides the commands:
+ * botserv/set/private - Used to prohibit specific BotServ bots from being assigned to channels.
+ */
+module { name = "bs_set" }
+command { service = "BotServ"; name = "SET"; command = "botserv/set"; }
+command { service = "BotServ"; name = "SET BANEXPIRE"; command = "botserv/set/banexpire"; }
+command { service = "BotServ"; name = "SET PRIVATE"; command = "botserv/set/private"; permission = "botserv/set/private"; }
+
+/*
+ * greet
+ *
+ * Provides the commands:
+ * botserv/set/greet - Used for enabling or disabling BotServ's greet messages in a channel.
+ * nickserv/set/greet, nickserv/saset/greet - Used for changing a users greet message, which is displayed when they enter channels.
+ */
+module { name = "greet" }
+command { service = "BotServ"; name = "SET GREET"; command = "botserv/set/greet"; }
+command { service = "NickServ"; name = "SET GREET"; command = "nickserv/set/greet"; }
+command { service = "NickServ"; name = "SASET GREET"; command = "nickserv/saset/greet"; permission = "nickserv/saset/greet"; }
+
+/*
+ * GREET privilege.
+ *
+ * Used by 'greet'.
+ *
+ * Users with this privilege have their greet shown when they join channels.
+ */
+privilege
+{
+ name = "GREET"
+ rank = 40
+ level = 5
+ flag = "g"
+ xop = "AOP"
+}
+
+
+/*
+ * fantasy
+ *
+ * Allows 'fantaisist' commands to be used in channels.
+ *
+ * Provides the commands:
+ * botserv/set/fantasy - Used for enabling or disabling BotServ's fantasist commands.
+ */
+module
+{
+ name = "fantasy"
+
+ /*
+ * Defines the prefixes for fantasy commands in channels. One of these characters will have to be prepended
+ * to all fantasy commands. If you choose "!", for example, fantasy commands will be "!kick",
+ * "!op", etc. This directive is optional, if left out, the default fantasy character is "!".
+ */
+ #fantasycharacter = "!."
+}
+command { service = "BotServ"; name = "SET FANTASY"; command = "botserv/set/fantasy"; }
+
+/*
+ * Fantasy commands
+ *
+ * Fantasy commands can be executed in channels that have a BotServ bot by prefixing the
+ * command with one of the fantasy characters configured in botserv's fantasycharacter
+ * directive.
+ *
+ * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
+ */
+fantasy { name = "ACCESS"; command = "chanserv/access"; }
+fantasy { name = "AKICK"; command = "chanserv/akick"; }
+fantasy { name = "AOP"; command = "chanserv/xop"; }
+fantasy { name = "BAN"; command = "chanserv/ban"; }
+fantasy { name = "CLONE"; command = "chanserv/clone"; }
+fantasy { name = "DEHALFOP"; command = "chanserv/modes"; }
+fantasy { name = "DEOP"; command = "chanserv/modes"; }
+fantasy { name = "DEOWNER"; command = "chanserv/modes"; }
+fantasy { name = "DEPROTECT"; command = "chanserv/modes"; }
+fantasy { name = "DEVOICE"; command = "chanserv/modes"; }
+fantasy { name = "DOWN"; command = "chanserv/down"; }
+fantasy { name = "ENFORCE"; command = "chanserv/enforce"; }
+fantasy { name = "ENTRYMSG"; command = "chanserv/entrymsg"; }
+fantasy { name = "FLAGS"; command = "chanserv/flags"; }
+fantasy { name = "HALFOP"; command = "chanserv/modes"; }
+fantasy { name = "HELP"; command = "generic/help"; prepend_channel = false; }
+fantasy { name = "HOP"; command = "chanserv/xop"; }
+fantasy { name = "INFO"; command = "chanserv/info"; prepend_channel = false; }
+fantasy { name = "INVITE"; command = "chanserv/invite"; }
+fantasy { name = "K"; command = "chanserv/kick"; }
+fantasy { name = "KB"; command = "chanserv/ban"; }
+fantasy { name = "KICK"; command = "chanserv/kick"; }
+fantasy { name = "LEVELS"; command = "chanserv/levels"; }
+fantasy { name = "LIST"; command = "chanserv/list"; prepend_channel = false; }
+fantasy { name = "LOG"; command = "chanserv/log"; }
+fantasy { name = "MODE"; command = "chanserv/mode"; }
+fantasy { name = "MUTE"; command = "chanserv/ban"; kick = no; mode = "QUIET"; }
+fantasy { name = "OP"; command = "chanserv/modes"; }
+fantasy { name = "OWNER"; command = "chanserv/modes"; }
+fantasy { name = "PROTECT"; command = "chanserv/modes"; }
+fantasy { name = "QOP"; command = "chanserv/xop"; }
+fantasy { name = "SEEN"; command = "chanserv/seen"; prepend_channel = false; }
+fantasy { name = "SOP"; command = "chanserv/xop"; }
+fantasy { name = "STATUS"; command = "chanserv/status"; }
+fantasy { name = "SUSPEND"; command = "chanserv/suspend"; permission = "chanserv/suspend"; }
+fantasy { name = "SYNC"; command = "chanserv/sync"; }
+fantasy { name = "TOPIC"; command = "chanserv/topic"; }
+fantasy { name = "UNBAN"; command = "chanserv/unban"; }
+fantasy { name = "UNSUSPEND"; command = "chanserv/unsuspend"; permission = "chanserv/suspend"; }
+fantasy { name = "UP"; command = "chanserv/up"; }
+fantasy { name = "VOICE"; command = "chanserv/modes"; }
+fantasy { name = "VOP"; command = "chanserv/xop"; }
diff --git a/roles/IRC/templates/anope/chanserv.conf.j2 b/roles/IRC/templates/anope/chanserv.conf.j2
new file mode 100755
index 0000000..def56ab
--- /dev/null
+++ b/roles/IRC/templates/anope/chanserv.conf.j2
@@ -0,0 +1,1311 @@
+/*
+ * Example configuration file for ChanServ.
+ */
+
+/*
+ * First, create the service.
+ */
+service
+{
+ /*
+ * The name of the ChanServ client.
+ * If you change this value, you probably want to change the client directive in the configuration for the chanserv module too.
+ */
+ nick = "ChanServ"
+
+ /*
+ * The username of the ChanServ client.
+ */
+ user = "services"
+
+ /*
+ * The hostname of the ChanServ client.
+ */
+ host = "ircservices.{{ external_domain }}"
+
+ /*
+ * The realname of the ChanServ client.
+ */
+ gecos = "Channel Registration Service"
+
+ /*
+ * The modes this client should use.
+ * Do not modify this unless you know what you are doing.
+ *
+ * These modes are very IRCd specific. If left commented, sane defaults
+ * are used based on what protocol module you have loaded.
+ *
+ * Note that setting this option incorrectly could potentially BREAK some, if
+ * not all, usefulness of the client. We will not support you if this client is
+ * unable to do certain things if this option is enabled.
+ */
+ #modes = "+o"
+
+ /*
+ * An optional comma separated list of channels this service should join. Outside
+ * of log channels this is not very useful, as the service will just idle in the
+ * specified channels, and will not accept any types of commands.
+ *
+ * Prefixes may be given to the channels in the form of mode characters or prefix symbols.
+ */
+ #channels = "@#services,#mychan"
+}
+
+/*
+ * Core ChanServ module.
+ *
+ * Provides essential functionality for ChanServ.
+ */
+module
+{
+ name = "chanserv"
+
+ /*
+ * The name of the client that should be ChanServ.
+ */
+ client = "ChanServ"
+
+ /*
+ * The default options for newly registered channels. Note that changing these options
+ * will have no effect on channels which are already registered. The list must be separated
+ * by spaces.
+ *
+ * The options are:
+ * - keeptopic: Retain topic when the channel is not in use
+ * - peace: Disallow users from kicking or removing modes from others who are of the same
+ * access level or superior
+ * - cs_private: Hide the channel from ChanServ's LIST command
+ * - restricted: Kick/ban users who are restricted from the channel
+ * - cs_secure: Enable channel security, requiring the user to be identified with NickServ in
+ * order to be considered for being on the access list of the channel
+ * - secureops: Only allow operator status to be given if the user is on the access list
+ * - securefounder: Only allow the real founder of the channel to drop the channel, change it's
+ * password, or change the founder or successor
+ * - signkick: Use of ChanServ's KICK command will cause the user's nick to be signed to the kick.
+ * - signkick_level: Same as above, but the kick will not be signed if the user is at the same access
+ * level or superior to the target
+ * - topiclock: Disallow the topic to be changed except with ChanServ's TOPIC command
+ * - persist: Keep the channel open at all times
+ * - noautoop: Disables autoop on the channel
+ * - cs_keep_modes: Enables keep modes on the channel, which retains modes when the channel is
+ * not in use.
+ * - none: No defaults
+ *
+ * This directive is optional, if left blank, the options will default to keeptopic, cs_secure, securefounder,
+ * and signkick. If you really want no defaults, use "none" by itself as the option.
+ */
+ defaults = "keeptopic peace cs_secure securefounder secureops topiclock persist cs_keep_modes signkick topiclock"
+
+ /*
+ * The maximum number of channels which may be registered to a single nickname.
+ *
+ * This directive is optional, but recommended.
+ * If not set, there will be no restriction on the numbers of channels a single nickname can have registered.
+ */
+ maxregistered = 20
+
+ /*
+ * The length of time before a channel registration expires.
+ *
+ * This directive is optional, but recommended.
+ * If not set, the default is 14 days.
+ */
+ expire = 14d
+
+ /*
+ * The maximum number of entries on a channel's access list.
+ * If not set, the default is 1024. This can be set to 0 for unlimited.
+ */
+ accessmax = 1024
+
+ /*
+ * The length of time ChanServ stays in a channel after kicking a user from a channel they are not
+ * permitted to be in. This only occurs when the user is the only one in the channel.
+ */
+ inhabit = 15s
+
+ /*
+ * Allow only IRC Operators to use ChanServ.
+ *
+ * This directive is optional.
+ */
+ #opersonly = yes
+
+ /*
+ * Modes that will not be allowed to be locked. Oper only modes such as +O
+ * are always restricted from regular users and are not affected by this.
+ * Comment out for no restrictions.
+ */
+ #nomlock = "P"
+
+ /*
+ * Modes that are required to be set and only set on all registered channels.
+ * These modes can not be locked or unlocked. The registered channel mode is
+ * automatically always required, if such a mode exists.
+ */
+ #require = "r"
+
+ /*
+ * The maximum length of the reason field for user commands such as chanserv/kick
+ * and chanserv/ban.
+ */
+ reasonmax = 200
+ /*
+ * The message formatting to use for signed kick messages.
+ * %n is the nick of the kicker
+ * %m is the message specified
+ */
+ signkickformat = "%m (%n)"
+
+
+ /*
+ * If set, prevents channel access entries from containing hostmasks.
+ */
+ disallow_hostmask_access = false
+
+ /*
+ * If set, prevents channels from being on access lists.
+ */
+ disallow_channel_access = false
+
+ /*
+ * If set, ChanServ will always lower the timestamp of registered channels to their registration date.
+ * This prevents several race conditions where unauthorized users can join empty registered channels and set
+ * modes etc. prior to services deopping them.
+ */
+ always_lower_ts = false
+}
+
+/*
+ * ChanServ privilege configuration.
+ *
+ * ChanServ privileges are used to determine who has what access in channels. By default the core has its own
+ * set of privileges it uses for various commands, which are defined below. Privilege ranks are used to
+ * determine how powerful privileges are relative to other privileges, which is used by Anope to determine
+ * who has greater access in a channel.
+ *
+ * If you load cs_access, you may define a level for the privilege, which is used by chanserv/access and chanserv/levels.
+ * The levels defined will be used as the default levels for newly registered channels.
+ * The level "founder" is a special level which means anyone with the privilege FOUNDER on the channel
+ * has that permission. Additionally, the level "disabled" means that no one can use the privilege, including founders.
+ *
+ * If you load cs_flags, you may define a flag associated with that privilege for use in chanserv/flags.
+ *
+ * If you load cs_xop, you may define a XOP command to associate the privilege with.
+ *
+ * The name of privileges are uesd to associate them with channel modes. If you are using an IRCd that allows you to define additional
+ * channel status modes, such as InspIRCd, you can associate privileges (and thus access levels, flags, xop) with the mode by naming
+ * the privileges appropriately. For example, if you had a channel mode called admin, you could create AUTOADMIN, ADMIN, and ADMINME
+ * privileges which would automatically be associated with that channel mode.
+ *
+ * Defining new privileges here is not useful unless you have a module (eg, a third party one) made to check for
+ * the specific level you are defining.
+ *
+ * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
+ */
+
+/*
+ * ACCESS_CHANGE privilege.
+ *
+ * Used by chanserv/access, chanserv/flags and chanserv/xop.
+ *
+ * Users with this permission can modify the permissions of others.
+ */
+privilege
+{
+ name = "ACCESS_CHANGE"
+ rank = 0
+ level = 10
+ flag = "f"
+ xop = "SOP"
+}
+
+/*
+ * ACCESS_LIST privilege.
+ *
+ * Used by chanserv/access, chanserv/flags, and chanserv/xop.
+ *
+ * Users with this permission can view the access list of channels.
+ */
+privilege
+{
+ name = "ACCESS_LIST"
+ rank = 10
+ level = 3
+ flag = "f"
+ xop = "VOP"
+}
+
+/*
+ * AKICK privilege.
+ *
+ * Used by chanserv/akick and chanserv/enforce.
+ *
+ * Users with this permission can modify the AKICK list.
+ */
+privilege
+{
+ name = "AKICK"
+ rank = 250
+ level = 10
+ flag = "K"
+ xop = "SOP"
+}
+
+/*
+ * ASSIGN privilege.
+ *
+ * Used by botserv/assign.
+ *
+ * Users with this permission can assign and unassign BotServ bots to and from the channel.
+ */
+privilege
+{
+ name = "ASSIGN"
+ rank = 270
+ level = "founder"
+ flag = "s"
+ xop = "QOP"
+}
+
+/*
+ * AUTOHALFOP privilege.
+ *
+ * Used by the core.
+ *
+ * Users with this permission get halfop on join.
+ */
+privilege
+{
+ name = "AUTOHALFOP"
+ rank = 100
+ level = 4
+ flag = "H"
+ xop = "HOP"
+}
+
+/*
+ * AUTOOP privilege.
+ *
+ * Used by the core.
+ *
+ * Users with this permission get op on join.
+ */
+privilege
+{
+ name = "AUTOOP"
+ rank = 210
+ level = 5
+ flag = "O"
+ xop = "AOP"
+}
+
+/*
+ * AUTOOWNER privilege.
+ *
+ * Used by the core.
+ *
+ * Users with this permission get owner on join.
+ */
+privilege
+{
+ name = "AUTOOWNER"
+ rank = 330
+ level = 9999
+ flag = "Q"
+ xop = "QOP"
+}
+
+/*
+ * AUTOPROTECT privilege.
+ *
+ * Used by the core.
+ *
+ * Users with this permission get admin on join.
+ */
+privilege
+{
+ name = "AUTOPROTECT"
+ rank = 240
+ level = 10
+ flag = "A"
+ xop = "SOP"
+}
+
+/*
+ * AUTOVOICE privilege.
+ *
+ * Used by the core.
+ *
+ * Users with this permission get voice on join.
+ */
+privilege
+{
+ name = "AUTOVOICE"
+ rank = 50
+ level = 3
+ flag = "V"
+ xop = "VOP"
+}
+
+/*
+ * BADWORDS privilege.
+ *
+ * Used by botserv/badwords.
+ *
+ * Users with this permission can modify BotServ's BADWORDS list.
+ */
+privilege
+{
+ name = "BADWORDS"
+ rank = 260
+ level = 10
+ flag = "K"
+ xop = "SOP"
+}
+
+/*
+ * BAN privilege.
+ *
+ * Used by chanserv/ban.
+ *
+ * Users with this permission can use the BAN command.
+ */
+privilege
+{
+ name = "BAN"
+ rank = 150
+ level = 4
+ flag = "b"
+ xop = "HOP"
+}
+
+/*
+ * FANTASIA privilege.
+ *
+ * Used by botserv/main and chanserv/xop.
+ *
+ * Users with this permission can use fantasy commands in the channel.
+ */
+privilege
+{
+ name = "FANTASIA"
+ rank = 30
+ level = 3
+ flag = "c"
+ xop = "VOP"
+}
+
+/*
+ * FOUNDER privilege.
+ *
+ * Used by chanserv/access, chanserv/akick,
+ * chanserv/drop, chanserv/set/founder,
+ * chanserv/set/securefounder, chanserv/set/successor and chanserv/xop.
+ *
+ * Users with this permission are treated as founders and can use
+ * commands restricted to founders.
+ */
+privilege
+{
+ name = "FOUNDER"
+ rank = 360
+ level = 10000
+ flag = "F"
+ xop = "QOP"
+}
+
+/*
+ * GETKEY privilege.
+ *
+ * Used by chanserv/getkey and nickserv/ajoin.
+ *
+ * Users with this permission can get they channel key with GETKEY and
+ * can use nickserv/ajoin to join channels with keys.
+ */
+privilege
+{
+ name = "GETKEY"
+ rank = 180
+ level = 5
+ flag = "G"
+ xop = "AOP"
+}
+
+/*
+ * HALFOP privilege.
+ *
+ * Used by chanserv/mode, chanserv/halfop and chanserv/dehalfop.
+ *
+ * Users with this permission can use ChanServ to halfop and dehalfop
+ * others in the channel.
+ */
+privilege
+{
+ name = "HALFOP"
+ rank = 120
+ level = 5
+ flag = "h"
+ xop = "AOP"
+}
+
+/*
+ * HALFOPME privilege.
+ *
+ * Used by chanserv/mode, chanserv/halfop and chanserv/dehalfop.
+ *
+ * Users with this permission can use ChanServ to halfop and dehalfop
+ * themselves in the channel.
+ */
+privilege
+{
+ name = "HALFOPME"
+ rank = 110
+ level = 4
+ flag = "h"
+ xop = "HOP"
+}
+
+/*
+ * INFO privilege.
+ *
+ * Used by botserv/info and chanserv/info.
+ *
+ * Users with this permission are allowed to get the full INFO output
+ * from BotServ and ChanServ.
+ */
+privilege
+{
+ name = "INFO"
+ rank = 80
+ level = 9999
+ flag = "I"
+ xop = "QOP"
+}
+
+/*
+ * INVITE privilege.
+ *
+ * Used by chanserv/invite and nickserv/ajoin.
+ *
+ * Users with this permission can invite users through ChanServ and
+ * join invite only channels with nickserv/ajoin.
+ */
+privilege
+{
+ name = "INVITE"
+ rank = 190
+ level = 5
+ flag = "i"
+ xop = "AOP"
+}
+
+/*
+ * KICK privilege.
+ *
+ * Used by chanserv/kick.
+ *
+ * Users with this permission can use the KICK command.
+ */
+privilege
+{
+ name = "KICK"
+ rank = 130
+ level = 4
+ flag = "k"
+ xop = "HOP"
+}
+
+/*
+ * MEMO privilege.
+ *
+ * Used by memoserv/del, memoserv/ignore, memoserv/info, memoserv/list,
+ * memoserv/main, memoserv/read and memoserv/set.
+ *
+ * Users with this permission can manage channel memos.
+ */
+privilege
+{
+ name = "MEMO"
+ rank = 280
+ level = 10
+ flag = "m"
+ xop = "SOP"
+}
+
+/*
+ * MODE privilege.
+ *
+ * Used by chanserv/mode.
+ *
+ * Users with this permission can set modes through ChanServ and change
+ * the mode lock.
+ */
+privilege
+{
+ name = "MODE"
+ rank = 170
+ level = 9999
+ flag = "s"
+ xop = "QOP"
+}
+
+/*
+ * NOKICK privilege.
+ *
+ * Used by botserv/kick.
+ *
+ * Users with this permission are spared from automated BotServ kicks.
+ */
+privilege
+{
+ name = "NOKICK"
+ rank = 20
+ level = 1
+ flag = "N"
+ xop = "VOP"
+}
+
+/*
+ * OP privilege.
+ *
+ * Used by chanserv/mode, chanserv/modes.
+ *
+ * Users with this permission can use ChanServ to op and deop
+ * others in the channel.
+ */
+privilege
+{
+ name = "OP"
+ rank = 230
+ level = 5
+ flag = "o"
+ xop = "SOP"
+}
+
+/*
+ * OPME privilege.
+ *
+ * Used by chanserv/mode, chanserv/modes.
+ *
+ * Users with this permission can use ChanServ to op and deop
+ * themselves in the channel.
+ */
+privilege
+{
+ name = "OPME"
+ rank = 220
+ level = 5
+ flag = "o"
+ xop = "AOP"
+}
+
+/*
+ * OWNER privilege.
+ *
+ * Used by chanserv/mode and chanserv/modes.
+ *
+ * Users with this permission can use ChanServ to owner and deowner
+ * others in the channel.
+ */
+privilege
+{
+ name = "OWNER"
+ rank = 350
+ level = "founder"
+ flag = "q"
+ xop = "QOP"
+}
+
+/*
+ * OWNERME privilege.
+ *
+ * Used by chanserv/mode and chanserv/modes.
+ *
+ * Users with this permission can use ChanServ to owner and deowner
+ * themselves in the channel.
+ */
+privilege
+{
+ name = "OWNERME"
+ rank = 340
+ level = 9999
+ flag = "q"
+ xop = "QOP"
+}
+
+/*
+ * PROTECT privilege.
+ *
+ * Used by chanserv/mode and chanserv/modes.
+ *
+ * Users with this permission can use ChanServ to protect and deprotect
+ * others in the channel.
+ */
+privilege
+{
+ name = "PROTECT"
+ rank = 310
+ level = 9999
+ flag = "a"
+ xop = "QOP"
+}
+
+/*
+ * PROTECTME privilege.
+ *
+ * Used by chanserv/mode and chanserv/modes.
+ *
+ * Users with this permission can use ChanServ to protect and deprotect
+ * themselves in the channel.
+ */
+privilege
+{
+ name = "PROTECTME"
+ rank = 300
+ level = 10
+ flag = "a"
+ xop = "AOP"
+}
+
+/*
+ * SAY privilege.
+ *
+ * Used by botserv/control.
+ *
+ * Users with this permission can use the BotServ bot in the channel to
+ * say or do a /me with the provided message.
+ */
+privilege
+{
+ name = "SAY"
+ rank = 90
+ level = 5
+ flag = "B"
+ xop = "AOP"
+}
+
+/*
+ * SET privilege.
+ *
+ * Used by botserv/kick, botserv/set, chanserv/clone, chanserv/log,
+ * chanserv/saset/noexpire and chanserv/set.
+ *
+ * Users with this permission can set what BotServ will kick for, change
+ * BotServ and ChanServ settings, clone ChanServ channel setings, and
+ * set ChanServ logging options.
+ */
+privilege
+{
+ name = "SET"
+ rank = 320
+ level = 9999
+ flag = "s"
+ xop = "QOP"
+}
+
+/*
+ * SIGNKICK privilege.
+ *
+ * Used by chanserv/ban and chanserv/kick.
+ *
+ * Users with this permission won't get their nick shown in the kick
+ * through ChanServ when the setting SIGNKICK is set to LEVEL.
+ */
+privilege
+{
+ name = "SIGNKICK"
+ rank = 140
+ level = 9999
+ flag = "K"
+ xop = "QOP"
+}
+
+/*
+ * TOPIC privilege.
+ *
+ * Used by chanserv/topic.
+ *
+ * Users with this permission can change the channel topic through ChanServ.
+ */
+privilege
+{
+ name = "TOPIC"
+ rank = 160
+ level = 5
+ flag = "t"
+ xop = "AOP"
+}
+
+/*
+ * UNBAN privilege.
+ *
+ * Used by chanserv/unban.
+ *
+ * Users with this permission can unban themselves and others through ChanServ.
+ */
+privilege
+{
+ name = "UNBAN"
+ rank = 200
+ level = 4
+ flag = "u"
+ xop = "HOP"
+}
+
+/*
+ * VOICE privilege.
+ *
+ * Used by chanserv/mode and chanserv/modes.
+ *
+ * Users with this permission can use ChanServ to voice and devoice
+ * others in the channel.
+ */
+privilege
+{
+ name = "VOICE"
+ rank = 70
+ level = 4
+ flag = "v"
+ xop = "HOP"
+}
+
+/*
+ * VOICEME privilege.
+ *
+ * Used by chanserv/mode and chanserv/modes.
+ *
+ * Users with this permission can use ChanServ to voice and devoice
+ * themselves in the channel.
+ */
+privilege
+{
+ name = "VOICEME"
+ rank = 60
+ level = 3
+ flag = "v"
+ xop = "VOP"
+}
+
+/*
+ * Core ChanServ commands.
+ *
+ * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
+ * are loaded you can then configure the commands to be added to any client you like with any name you like.
+ *
+ * Additionally, you may provide a permission name that must be in the opertype of users executing the command.
+ *
+ * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
+ */
+
+/* Command group configuration for ChanServ.
+ *
+ * Commands may optionally be placed into groups to make ChanServ's HELP output easier to understand.
+ * Remove the following groups to use the old behavior of simply listing all ChanServ commands from HELP.
+ */
+command_group
+{
+ name = "chanserv/access"
+ description = _("Used to manage the list of privileged users")
+}
+
+command_group
+{
+ name = "chanserv/status"
+ description = _("Used to modify the channel status of you or other users")
+}
+
+command_group
+{
+ name = "chanserv/management"
+ description = _("Used to manage channels")
+}
+
+command_group
+{
+ name = "chanserv/admin"
+ description = _("Services Operator commands")
+}
+
+/* Give it a help command. */
+command { service = "ChanServ"; name = "HELP"; command = "generic/help"; }
+
+/*
+ * cs_access
+ *
+ * Provides commands chanserv/access and chanserv/levels.
+ * Provides the access system "levels".
+ *
+ * Used for giving users access in channels using a levels system. Allows allows redefining which privileges
+ * are representated by given level on a per channel basis.
+ *
+ * The "LIST" subcommand of chanserv/access will show every access entry on the channel, including access
+ * entries not added by cs_access. The "level" of these entries will be the representation of the access
+ * entry by the other access system, which could be an XOP command name, or a set of flags.
+ */
+module { name = "cs_access" }
+command { service = "ChanServ"; name = "ACCESS"; command = "chanserv/access"; group = "chanserv/access"; }
+command { service = "ChanServ"; name = "LEVELS"; command = "chanserv/levels"; group = "chanserv/access"; }
+
+/*
+ * cs_akick
+ *
+ * Provides the command chanserv/akick.
+ *
+ * Used for preventing users from joining channels.
+ */
+module
+{
+ name = "cs_akick"
+
+ /*
+ * The maximum number of entries on a channel's autokick list.
+ */
+ autokickmax = 32
+
+ /*
+ * The default reason for an autokick if none is given.
+ */
+ autokickreason = "User has been banned from the channel"
+}
+command { service = "ChanServ"; name = "AKICK"; command = "chanserv/akick"; group = "chanserv/management"; }
+
+/*
+ * cs_ban
+ *
+ * Provides the command chanserv/ban.
+ *
+ * The configuration option 'kick' may be set in a command block for this command to control
+ * whether or not users will be kicked from the channel once banned. The default is 'yes'.
+ *
+ * The configuration option 'mode' may be set to control which mode is set, such as BAN or QUIET.
+ * The default is BAN.
+ *
+ * Used for banning users from channels.
+ */
+module { name = "cs_ban" }
+command { service = "ChanServ"; name = "BAN"; command = "chanserv/ban"; }
+
+/*
+ * cs_clone
+ *
+ * Provides the command chanserv/clone.
+ *
+ * Used for copying channel settings from one channel to another.
+ */
+module { name = "cs_clone" }
+command { service = "ChanServ"; name = "CLONE"; command = "chanserv/clone"; group = "chanserv/management"; }
+
+/*
+ * cs_drop
+ *
+ * Provides the command chanserv/drop.
+ *
+ * Used for unregistering channels.
+ */
+module { name = "cs_drop" }
+command { service = "ChanServ"; name = "DROP"; command = "chanserv/drop"; }
+
+/*
+ * cs_enforce
+ *
+ * Provides the command chanserv/enforce.
+ *
+ * Used to enforce various channel settings such as secureops and restricted.
+ */
+module { name = "cs_enforce" }
+command { service = "ChanServ"; name = "ENFORCE"; command = "chanserv/enforce"; group = "chanserv/management"; }
+
+/*
+ * cs_entrymsg
+ *
+ * Provides the command chanserv/entrymsg.
+ *
+ * Used to configure entry messages sent to users when they join a channel.
+ */
+module
+{
+ name = "cs_entrymsg"
+
+ /* The maximum number of entrymsgs allowed per channel. If not set, defaults to 5. */
+ maxentries = 5
+}
+command { service = "ChanServ"; name = "ENTRYMSG"; command = "chanserv/entrymsg"; group = "chanserv/management"; }
+
+/*
+ * cs_flags
+ *
+ * Provides the command chanserv/flags.
+ * Provides the access system "flags".
+ *
+ * Used for giving users access in channels.
+ *
+ * The "LIST" subcommand of chanserv/flags will show every access entry on the channel, including access
+ * entries not added by cs_flags. The "Flags" of these entries will be the flags representation of the
+ * privilege set granted by the access entry.
+ */
+module { name = "cs_flags" }
+command { service = "ChanServ"; name = "FLAGS"; command = "chanserv/flags"; group = "chanserv/access"; }
+
+/*
+ * cs_getkey
+ *
+ * Provides the command chanserv/getkey.
+ *
+ * Used for getting the key for channels.
+ */
+module { name = "cs_getkey" }
+command { service = "ChanServ"; name = "GETKEY"; command = "chanserv/getkey"; }
+
+/*
+ * cs_info
+ *
+ * Provides the command chanserv/info.
+ *
+ * Used for getting information about channels.
+ */
+module { name = "cs_info" }
+command { service = "ChanServ"; name = "INFO"; command = "chanserv/info"; }
+
+/*
+ * cs_invite
+ *
+ * Provides the command chanserv/invite.
+ *
+ * Used for inviting yourself in to channels.
+ */
+module { name = "cs_invite" }
+command { service = "ChanServ"; name = "INVITE"; command = "chanserv/invite"; }
+
+/*
+ * cs_kick
+ *
+ * Provides the command chanserv/kick.
+ *
+ * Used for kicking users from channels.
+ */
+module { name = "cs_kick" }
+command { service = "ChanServ"; name = "KICK"; command = "chanserv/kick"; }
+
+/*
+ * cs_list
+ *
+ * Provides the commands:
+ * chanserv/list - Used for retrieving and searching the registered channel list.
+ * chanserv/set/private - Used for setting whether channels should show up in chanserv/list.
+ */
+module
+{
+ name = "cs_list"
+
+ /*
+ * The maximum number of channels to be returned for a ChanServ LIST command.
+ */
+ listmax = 50
+}
+command { service = "ChanServ"; name = "LIST"; command = "chanserv/list"; }
+
+command { service = "ChanServ"; name = "SET PRIVATE"; command = "chanserv/set/private"; }
+
+
+/*
+ * cs_log
+ *
+ * Provides the command chanserv/log.
+ *
+ * Use for configuring what actions on channels are logged and where.
+ */
+module
+{
+ name = "cs_log"
+
+ /* Default log settings for newly registered channels */
+
+ #default
+ {
+ command = "chanserv/modes"
+ method = "MESSAGE @"
+ }
+
+ #default
+ {
+ service = "ChanServ"
+ command = "ACCESS"
+ method = "MESSAGE @"
+ }
+
+ #default
+ {
+ command = "chanserv/xop"
+ method = "MESSAGE @"
+ }
+
+ #default
+ {
+ service = "ChanServ"
+ command = "FLAGS"
+ method = "MESSAGE @"
+ }
+}
+command { service = "ChanServ"; name = "LOG"; command = "chanserv/log"; group = "chanserv/management"; }
+
+/*
+ * cs_mode
+ *
+ * Provides the command chanserv/mode and chanserv/modes.
+ *
+ * Used for changing mode locks and changing modes. Multiple commands may be mapped to chanserv/modes, the
+ * configuration directive 'set' and 'unset' are used to tell chanserv/modes which modes should be set or
+ * unset when the command is executed.
+ */
+module
+{
+ name = "cs_mode"
+
+ /*
+ * Default modes for mode lock, these are set on newly registered channels.
+ *
+ * If not set, the default is +nt.
+ */
+ mlock = "+nt"
+}
+command { service = "ChanServ"; name = "MODE"; command = "chanserv/mode"; group = "chanserv/management"; }
+
+command { service = "ChanServ"; name = "OWNER"; command = "chanserv/modes"; group = "chanserv/status"; set = "OWNER" }
+command { service = "ChanServ"; name = "DEOWNER"; command = "chanserv/modes"; group = "chanserv/status"; unset = "OWNER" }
+
+command { service = "ChanServ"; name = "PROTECT"; command = "chanserv/modes"; group = "chanserv/status"; set = "PROTECT" }
+command { service = "ChanServ"; name = "DEPROTECT"; command = "chanserv/modes"; group = "chanserv/status"; unset = "PROTECT" }
+
+command { service = "ChanServ"; name = "OP"; command = "chanserv/modes"; group = "chanserv/status"; set = "OP" }
+command { service = "ChanServ"; name = "DEOP"; command = "chanserv/modes"; group = "chanserv/status"; unset = "OP" }
+
+command { service = "ChanServ"; name = "HALFOP"; command = "chanserv/modes"; group = "chanserv/status"; set = "HALFOP" }
+command { service = "ChanServ"; name = "DEHALFOP"; command = "chanserv/modes"; group = "chanserv/status"; unset = "HALFOP" }
+
+command { service = "ChanServ"; name = "VOICE"; command = "chanserv/modes"; group = "chanserv/status"; set = "VOICE" }
+command { service = "ChanServ"; name = "DEVOICE"; command = "chanserv/modes"; group = "chanserv/status"; unset = "VOICE" }
+
+
+/*
+ * cs_register
+ *
+ * Provides the commands chanserv/register.
+ *
+ * Used for registering channels.
+ */
+module { name = "cs_register" }
+command { service = "ChanServ"; name = "REGISTER"; command = "chanserv/register"; }
+
+/*
+ * cs_seen
+ *
+ * Provides the commands chanserv/seen and operserv/seen.
+ *
+ * Records the last time a user was seen and what they were doing and allows users to request this data.
+ * Also allows administrators to view stats about seen data and purge the database.
+ */
+module
+{
+ name = "cs_seen"
+
+ /* If set, uses the older 1.8 style seen, which is less resource intensive */
+ simple = false
+
+ /* Sets the time to keep seen entries in the seen database. */
+ purgetime = "30d"
+
+ /* Sets the delay between checks for expired seen entries. */
+ expiretimeout = "1d"
+}
+command { service = "OperServ"; name = "SEEN"; command = "operserv/seen"; permission = "operserv/seen"; }
+
+/*
+ * cs_set
+ *
+ * Provides the commands:
+ * chanserv/set and chanserv/saset - Dummy help wrappers for the SET commands.
+ * chanserv/set/autoop - Used for configuring whether or not ChanServ automatically gives channel status to users.
+ * chanserv/set/bantype - Used for controlling what format of bans are placed on channels.
+ * chanserv/set/description - Used for changing channels descriptions.
+ * chanserv/set/founder - Used for changing a channel's founder.
+ * chanserv/set/keepmodes - Used for enabling or disabling keepmodes, which retains channel modes.
+ * chanserv/set/peace - Used for configuring if users are able to kick other users with higher access than them.
+ * chanserv/set/persist - Used for setting whether ChanServ should stay in channels after the last user leaves.
+ * chanserv/set/restricted - Used for setting whether users not on a channel's access list can join.
+ * chanserv/set/secure - Used for setting whether users who are recognized for accounts should have their access in channels.
+ * chanserv/set/securefounder - Used for setting whether users with founder level access in channels have true founder or not.
+ * chanserv/set/secureops - Used for restricting who can have channel op privilege in a channel to those whom have access in the channel.
+ * chanserv/set/signkick - Used for setting signkick, which appends the kicker's name to kicks sent through ChanServ.
+ * chanserv/set/successor - Used for setting channel successors, which become channel founders if the founders' account expires.
+ * chanserv/saset/noexpire - Used for setting noexpire, which prevents channels from expiring.
+ *
+ * This is a dummy command to provide a help wrapper for the various SET commands.
+ */
+module
+{
+ name = "cs_set"
+
+ /*
+ * The default ban type for newly registered channels.
+ *
+ * defbantype can be:
+ *
+ * 0: ban in the form of *!user@host
+ * 1: ban in the form of *!*user@host
+ * 2: ban in the form of *!*@host
+ * 3: ban in the form of *!*user@*.domain
+ */
+ defbantype = 2
+
+ /*
+ * If set, persisent channels have their creation times lowered to their
+ * original registration dates.
+ */
+ persist_lower_ts = true
+}
+command { service = "ChanServ"; name = "SET"; command = "chanserv/set"; group = "chanserv/management"; }
+command { service = "ChanServ"; name = "SET AUTOOP"; command = "chanserv/set/autoop"; }
+command { service = "ChanServ"; name = "SET BANTYPE"; command = "chanserv/set/bantype"; }
+command { service = "ChanServ"; name = "SET DESCRIPTION"; command = "chanserv/set/description"; }
+command { service = "ChanServ"; name = "SET DESC"; command = "chanserv/set/description"; }
+command { service = "ChanServ"; name = "SET FOUNDER"; command = "chanserv/set/founder"; }
+command { service = "ChanServ"; name = "SET KEEPMODES"; command = "chanserv/set/keepmodes"; }
+command { service = "ChanServ"; name = "SET PEACE"; command = "chanserv/set/peace"; }
+command { service = "ChanServ"; name = "SET PERSIST"; command = "chanserv/set/persist"; }
+command { service = "ChanServ"; name = "SET RESTRICTED"; command = "chanserv/set/restricted"; }
+command { service = "ChanServ"; name = "SET SECURE"; command = "chanserv/set/secure"; }
+command { service = "ChanServ"; name = "SET SECUREFOUNDER"; command = "chanserv/set/securefounder"; }
+command { service = "ChanServ"; name = "SET SECUREOPS"; command = "chanserv/set/secureops"; }
+command { service = "ChanServ"; name = "SET SIGNKICK"; command = "chanserv/set/signkick"; }
+command { service = "ChanServ"; name = "SET SUCCESSOR"; command = "chanserv/set/successor"; }
+command { service = "ChanServ"; name = "SET NOEXPIRE"; command = "chanserv/saset/noexpire"; permission = "chanserv/saset/noexpire"; }
+
+/*
+ * cs_set_misc
+ *
+ * Provides the command chanserv/set/misc.
+ *
+ * Allows you to create arbitrary commands to set data, and have that data show up in chanserv/info.
+ * A field named misc_description may be given for use with help output.
+ */
+module { name = "cs_set_misc" }
+command { service = "ChanServ"; name = "SET URL"; command = "chanserv/set/misc"; misc_description = _("Associate a URL with the channel"); }
+command { service = "ChanServ"; name = "SET EMAIL"; command = "chanserv/set/misc"; misc_description = _("Associate an E-mail address with the channel"); }
+
+/*
+ * cs_status
+ *
+ * Provides the command chanserv/status.
+ *
+ * Used for determining a user's access on a channel and whether
+ * or not they match any autokick entries.
+ */
+module { name = "cs_status" }
+command { service = "ChanServ"; name = "STATUS"; command = "chanserv/status"; }
+
+/*
+ * cs_suspend
+ *
+ * Provides the commands chanserv/suspend and chanserv/unsuspend.
+ *
+ * Used for suspending and unsuspending channels. Suspended channels can not be used but their settings are stored.
+ */
+module
+{
+ name = "cs_suspend"
+
+ /*
+ * The length of time before a suspended channel expires.
+ *
+ * This directive is optional.
+ * If not set, the default is never.
+ */
+ expire = 90d
+
+ /*
+ * Settings to show to non-opers in ChanServ's INFO output.
+ * Comment to completely disable showing any information about
+ * suspended channels to non-opers.
+ */
+ show = "suspended, by, reason, on, expires"
+}
+command { service = "ChanServ"; name = "SUSPEND"; command = "chanserv/suspend"; permission = "chanserv/suspend"; group = "chanserv/admin"; }
+command { service = "ChanServ"; name = "UNSUSPEND"; command = "chanserv/unsuspend"; permission = "chanserv/suspend"; group = "chanserv/admin"; }
+
+/*
+ * cs_sync
+ *
+ * Provides the command chanserv/sync.
+ *
+ * Used to sync users channel status modes with what access they have.
+ */
+module { name = "cs_sync" }
+command { service = "ChanServ"; name = "SYNC"; command = "chanserv/sync"; group = "chanserv/management"; }
+
+/*
+ * cs_topic
+ *
+ * Provides the commands:
+ * chanserv/topic - Used for changing the channel topic. Useful in conjunction with chanserv/set/topiclock.
+ * chanserv/set/keeptopic - Used for configuring if ChanServ is to restore the channel topic when a channel is created.
+ *
+ */
+module { name = "cs_topic" }
+command { service = "ChanServ"; name = "TOPIC"; command = "chanserv/topic"; group = "chanserv/management"; }
+command { service = "ChanServ"; name = "SET KEEPTOPIC"; command = "chanserv/set/keeptopic"; }
+
+/*
+ * cs_unban
+ *
+ * Provides the command chanserv/unban.
+ *
+ * Used for unbanning users from channels.
+ */
+module { name = "cs_unban" }
+command { service = "ChanServ"; name = "UNBAN"; command = "chanserv/unban"; }
+
+/*
+ * cs_updown
+ *
+ * Provides the commands chanserv/up and chanserv/down.
+ *
+ * Used for setting or removing your status modes on a channel.
+ */
+module { name = "cs_updown" }
+command { service = "ChanServ"; name = "DOWN"; command = "chanserv/down"; group = "chanserv/status"; }
+command { service = "ChanServ"; name = "UP"; command = "chanserv/up"; group = "chanserv/status"; }
+
+/*
+ * cs_xop
+ *
+ * Provides the command chanserv/xop.
+ * Provides the access system "XOP".
+ *
+ * Used for giving users access in channels. Many commands may be linked to chanserv/xop, but the
+ * privileges given by each is determined by the privilege:xop settings above. These commands should
+ * be ordered from highest to lowest, as each command inherits the privileges of the commands below
+ * it.
+ *
+ * The "LIST" subcommand of chanserv/xop will show only XOP access entries of the given XOP type. You
+ * can not view the entire access list at once, and instead should use another access system to do that.
+ */
+module { name = "cs_xop" }
+command { service = "ChanServ"; name = "QOP"; command = "chanserv/xop"; group = "chanserv/access"; }
+command { service = "ChanServ"; name = "SOP"; command = "chanserv/xop"; group = "chanserv/access"; }
+command { service = "ChanServ"; name = "AOP"; command = "chanserv/xop"; group = "chanserv/access"; }
+command { service = "ChanServ"; name = "HOP"; command = "chanserv/xop"; group = "chanserv/access"; }
+command { service = "ChanServ"; name = "VOP"; command = "chanserv/xop"; group = "chanserv/access"; }
+
+
+/*
+ * Extra ChanServ related modules.
+ */
+
+/*
+ * cs_statusupdate
+ *
+ * This module automatically updates users status on channels when the
+ * channel's access list is modified.
+ */
+module { name = "cs_statusupdate" }
diff --git a/roles/IRC/templates/anope/global.conf.j2 b/roles/IRC/templates/anope/global.conf.j2
new file mode 100755
index 0000000..0f74931
--- /dev/null
+++ b/roles/IRC/templates/anope/global.conf.j2
@@ -0,0 +1,115 @@
+/*
+ * Example configuration file for Global.
+ */
+
+/*
+ * First, create the service.
+ */
+service
+{
+ /*
+ * The name of the Global client.
+ * If you change this value, you probably want to change the client directive in the configuration for the global module too.
+ */
+ nick = "Global"
+
+ /*
+ * The username of the Global client.
+ */
+ user = "services"
+
+ /*
+ * The hostname of the Global client.
+ */
+ host = "ircservices.{{ external_domain }}"
+
+ /*
+ * The realname of the Global client.
+ */
+ gecos = "Global Noticer"
+
+ /*
+ * The modes this client should use.
+ * Do not modify this unless you know what you are doing.
+ *
+ * These modes are very IRCd specific. If left commented, sane defaults
+ * are used based on what protocol module you have loaded.
+ *
+ * Note that setting this option incorrectly could potentially BREAK some, if
+ * not all, usefulness of the client. We will not support you if this client is
+ * unable to do certain things if this option is enabled.
+ */
+ #modes = "+o"
+
+ /*
+ * An optional comma separated list of channels this service should join. Outside
+ * of log channels this is not very useful, as the service will just idle in the
+ * specified channels, and will not accept any types of commands.
+ *
+ * Prefixes may be given to the channels in the form of mode characters or prefix symbols.
+ */
+ #channels = "@#services,#mychan"
+}
+
+/*
+ * Core Global module.
+ *
+ * Provides essential functionality for Global.
+ */
+module
+{
+ name = "global"
+
+ /*
+ * The name of the client that should be Global.
+ */
+ client = "Global"
+
+ /*
+ * This is the global message that will be sent when Services are being
+ * shutdown/restarted.
+ *
+ * This directive is optional.
+ */
+ #globaloncycledown = "Services are restarting, they will be back shortly - please be good while we're gone"
+
+ /*
+ * This is the global message that will be sent when Services (re)join the
+ * network.
+ *
+ * This directive is optional.
+ */
+ #globaloncycleup = "Services are now back online - have a nice day"
+
+ /*
+ * If set, Services will hide the IRC Operator's nick in a global
+ * message/notice.
+ *
+ * This directive is optional.
+ */
+ #anonymousglobal = yes
+}
+
+/*
+ * Core Global commands.
+ *
+ * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
+ * are loaded you can then configure the commands to be added to any client you like with any name you like.
+ *
+ * Additionally, you may provide a permission name that must be in the opertype of users executing the command.
+ *
+ * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
+ */
+
+/* Give it a help command. */
+command { service = "Global"; name = "HELP"; command = "generic/help"; }
+
+/*
+ * gl_global
+ *
+ * Provides the command global/global.
+ *
+ * Used for sending a message to every online user.
+ */
+module { name = "gl_global" }
+command { service = "Global"; name = "GLOBAL"; command = "global/global"; permission = "global/global"; }
diff --git a/roles/IRC/templates/anope/hostserv.conf.j2 b/roles/IRC/templates/anope/hostserv.conf.j2
new file mode 100755
index 0000000..2d19976
--- /dev/null
+++ b/roles/IRC/templates/anope/hostserv.conf.j2
@@ -0,0 +1,188 @@
+/*
+ * Example configuration file for HostServ.
+ */
+
+/*
+ * First, create the service.
+ */
+service
+{
+ /*
+ * The name of the HostServ client.
+ * If you change this value, you probably want to change the client directive in the configuration for the hostserv module too.
+ */
+ nick = "HostServ"
+
+ /*
+ * The username of the HostServ client.
+ */
+ user = "services"
+
+ /*
+ * The hostname of the HostServ client.
+ */
+ host = "ircservices.{{ external_domain }}"
+
+ /*
+ * The realname of the HostServ client.
+ */
+ gecos = "vHost Service"
+
+ /*
+ * The modes this client should use.
+ * Do not modify this unless you know what you are doing.
+ *
+ * These modes are very IRCd specific. If left commented, sane defaults
+ * are used based on what protocol module you have loaded.
+ *
+ * Note that setting this option incorrectly could potentially BREAK some, if
+ * not all, usefulness of the client. We will not support you if this client is
+ * unable to do certain things if this option is enabled.
+ */
+ #modes = "+o"
+
+ /*
+ * An optional comma separated list of channels this service should join. Outside
+ * of log channels this is not very useful, as the service will just idle in the
+ * specified channels, and will not accept any types of commands.
+ *
+ * Prefixes may be given to the channels in the form of mode characters or prefix symbols.
+ */
+ #channels = "@#services,#mychan"
+}
+
+/*
+ * Core HostServ module.
+ *
+ * Provides essential functionality for HostServ.
+ */
+module
+{
+ name = "hostserv"
+
+ /*
+ * The name of the client that should be HostServ.
+ */
+ client = "HostServ"
+
+ /*
+ * If enabled, vhosts are activated on users immediately when they are set.
+ */
+ activate_on_set = false
+}
+
+/*
+ * Core HostServ commands.
+ *
+ * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
+ * are loaded you can then configure the commands to be added to any client you like with any name you like.
+ *
+ * Additionally, you may provide a permission name that must be in the opertype of users executing the command.
+ *
+ * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
+ */
+
+/* Give it a help command. */
+command { service = "HostServ"; name = "HELP"; command = "generic/help"; }
+
+/*
+ * hs_del
+ *
+ * Provides the commands hostserv/del and hostserv/delall.
+ *
+ * Used for removing users' vHosts.
+ */
+module { name = "hs_del" }
+command { service = "HostServ"; name = "DEL"; command = "hostserv/del"; permission = "hostserv/del"; }
+command { service = "HostServ"; name = "DELALL"; command = "hostserv/delall"; permission = "hostserv/del"; }
+
+/*
+ * hs_group
+ *
+ * Provides the command hostserv/group.
+ *
+ * Used for grouping one vHost to many nicks.
+ */
+module
+{
+ name = "hs_group"
+
+ /*
+ * Upon nickserv/group, this option syncs the nick's main vHost to the grouped nick.
+ */
+ syncongroup = false
+
+ /*
+ * This makes vhosts act as if they are per account.
+ */
+ synconset = false
+}
+command { service = "HostServ"; name = "GROUP"; command = "hostserv/group"; }
+
+/*
+ * hs_list
+ *
+ * Provides the command hostserv/list.
+ *
+ * Used for listing actively set vHosts.
+ */
+module { name = "hs_list" }
+command { service = "HostServ"; name = "LIST"; command = "hostserv/list"; permission = "hostserv/list"; }
+
+/*
+ * hs_off
+ *
+ * Provides the command hostserv/off.
+ *
+ * Used for turning off your vHost.
+ */
+module { name = "hs_off" }
+command { service = "HostServ"; name = "OFF"; command = "hostserv/off"; }
+
+/*
+ * hs_on
+ *
+ * Provides the command hostserv/on.
+ *
+ * Used for turning on your vHost.
+ */
+module { name = "hs_on" }
+command { service = "HostServ"; name = "ON"; command = "hostserv/on"; }
+
+/*
+ * hs_request
+ *
+ * Provides the commands hostserv/request, hostserv/activate, hostserv/reject, and hostserv/waiting.
+ *
+ * Used to manage vHosts requested by users.
+ */
+module
+{
+ name = "hs_request"
+
+ /*
+ * If set, Services will send a memo to the user requesting a vHost when it's been
+ * approved or rejected.
+ */
+ memouser = yes
+
+ /*
+ * If set, Services will send a memo to all Services staff when a new vHost is requested.
+ */
+ memooper = yes
+}
+command { service = "HostServ"; name = "REQUEST"; command = "hostserv/request"; }
+command { service = "HostServ"; name = "ACTIVATE"; command = "hostserv/activate"; permission = "hostserv/set"; }
+command { service = "HostServ"; name = "REJECT"; command = "hostserv/reject"; permission = "hostserv/set"; }
+command { service = "HostServ"; name = "WAITING"; command = "hostserv/waiting"; permission = "hostserv/set"; }
+
+/*
+ * hs_set
+ *
+ * Provides the commands hostserv/set and hostserv/setall.
+ *
+ * Used for setting users' vHosts.
+ */
+module { name = "hs_set" }
+command { service = "HostServ"; name = "SET"; command = "hostserv/set"; permission = "hostserv/set"; }
+command { service = "HostServ"; name = "SETALL"; command = "hostserv/setall"; permission = "hostserv/set"; }
diff --git a/roles/IRC/templates/anope/memoserv.conf.j2 b/roles/IRC/templates/anope/memoserv.conf.j2
new file mode 100644
index 0000000..520e2d8
--- /dev/null
+++ b/roles/IRC/templates/anope/memoserv.conf.j2
@@ -0,0 +1,243 @@
+/*
+ * Example configuration file for MemoServ.
+ */
+
+/*
+ * First, create the service.
+ */
+service
+{
+ /*
+ * The name of the MemoServ client.
+ * If you change this value, you probably want to change the client directive in the configuration for the memoserv module too.
+ */
+ nick = "MemoServ"
+
+ /*
+ * The username of the MemoServ client.
+ */
+ user = "services"
+
+ /*
+ * The hostname of the MemoServ client.
+ */
+ host = "ircservices.{{ external_domain }}"
+
+ /*
+ * The realname of the MemoServ client.
+ */
+ gecos = "Memo Service"
+
+ /*
+ * The modes this client should use.
+ * Do not modify this unless you know what you are doing.
+ *
+ * These modes are very IRCd specific. If left commented, sane defaults
+ * are used based on what protocol module you have loaded.
+ *
+ * Note that setting this option incorrectly could potentially BREAK some, if
+ * not all, usefulness of the client. We will not support you if this client is
+ * unable to do certain things if this option is enabled.
+ */
+ #modes = "+o"
+
+ /*
+ * An optional comma separated list of channels this service should join. Outside
+ * of log channels this is not very useful, as the service will just idle in the
+ * specified channels, and will not accept any types of commands.
+ *
+ * Prefixes may be given to the channels in the form of mode characters or prefix symbols.
+ */
+ #channels = "@#services,#mychan"
+}
+
+/*
+ * Core MemoServ module.
+ *
+ * Provides essential functionality for MemoServ.
+ */
+module
+{
+ name = "memoserv"
+ /*
+ * The name of the client that should be MemoServ. Clients are configured
+ * with the service blocks.
+ */
+ client = "MemoServ"
+
+ /*
+ * The maximum number of memos a user is allowed to keep by default. Normal users may set the
+ * limit anywhere between 0 and this value. Services Admins can change it to any value or
+ * disable it.
+ *
+ * This directive is optional, but recommended. If not set, the limit is disabled
+ * by default, and normal users can set any limit they want.
+ */
+ maxmemos = 20
+
+ /*
+ * The delay between consecutive uses of the MemoServ SEND command. This can help prevent spam
+ * as well as denial-of-service attacks from sending large numbers of memos and filling up disk
+ * space (and memory). The default 3-second wait means a maximum average of 150 bytes of memo
+ * per second per user under the current IRC protocol.
+ *
+ * This directive is optional, but recommended.
+ */
+ senddelay = 3s
+}
+
+/*
+ * Core MemoServ commands.
+ *
+ * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
+ * are loaded you can then configure the commands to be added to any client you like with any name you like.
+ *
+ * Additionally, you may provide a permission name that must be in the opertype of users executing the command.
+ *
+ * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
+ */
+
+/* Give it a help command. */
+command { service = "MemoServ"; name = "HELP"; command = "generic/help"; }
+
+/*
+ * ms_cancel
+ *
+ * Provides the command memoserv/cancel.
+ *
+ * Used to cancel memos already sent but not yet read.
+ */
+module { name = "ms_cancel" }
+command { service = "MemoServ"; name = "CANCEL"; command = "memoserv/cancel"; }
+
+/*
+ * ms_check
+ *
+ * Provides the command memoserv/check.
+ *
+ * Used to check if a sent memo has been read.
+ */
+module { name = "ms_check" }
+command { service = "MemoServ"; name = "CHECK"; command = "memoserv/check"; }
+
+/*
+ * ms_del
+ *
+ * Provides the command memoserv/del.
+ *
+ * Used to delete your memos.
+ */
+module { name = "ms_del" }
+command { service = "MemoServ"; name = "DEL"; command = "memoserv/del"; }
+
+/*
+ * ms_ignore
+ *
+ * Provides the command memoserv/ignore.
+ *
+ * Used to ignore memos from specific users.
+ */
+module
+{
+ name = "ms_ignore"
+
+ /*
+ * The maximum number of entries that may be on a memo ignore list.
+ *
+ * This directive is optional.
+ */
+ max = 32
+}
+command { service = "MemoServ"; name = "IGNORE"; command = "memoserv/ignore"; }
+
+/*
+ * ms_info
+ *
+ * Provides the command memoserv/info.
+ *
+ * Used to show memo related information about an account or a channel.
+ */
+module { name = "ms_info" }
+command { service = "MemoServ"; name = "INFO"; command = "memoserv/info"; }
+
+/*
+ * ms_list
+ *
+ * Provides the command memoserv/list.
+ *
+ * Used to list your current memos.
+ */
+module { name = "ms_list" }
+command { service = "MemoServ"; name = "LIST"; command = "memoserv/list"; }
+
+/*
+ * ms_read
+ *
+ * Provides the command memoserv/read.
+ *
+ * Used to read your memos.
+ */
+module { name = "ms_read" }
+command { service = "MemoServ"; name = "READ"; command = "memoserv/read"; }
+
+/*
+ * ms_rsend
+ *
+ * Provides the command memoserv/rsend.
+ *
+ * Used to send a memo requiring a receipt be sent back once it is read.
+ *
+ * Requires configuring memoserv:memoreceipt.
+ */
+#module
+{
+ name = "ms_rsend"
+
+ /*
+ * Only allow Services Operators to use ms_rsend.
+ *
+ * This directive is optional.
+ */
+ operonly = false
+}
+#command { service = "MemoServ"; name = "RSEND"; command = "memoserv/rsend"; }
+
+/*
+ * ms_send
+ *
+ * Provides the command memoserv/send.
+ *
+ * Used to send memos.
+ */
+module { name = "ms_send" }
+command { service = "MemoServ"; name = "SEND"; command = "memoserv/send"; }
+
+/*
+ * ms_sendall
+ *
+ * Provides the command memoserv/sendall.
+ *
+ * Used to send a mass memo to every registered user.
+ */
+module { name = "ms_sendall" }
+command { service = "MemoServ"; name = "SENDALL"; command = "memoserv/sendall"; permission = "memoserv/sendall"; }
+
+/*
+ * ms_set
+ *
+ * Provides the command memoserv/set.
+ *
+ * Used to set settings such as how you are notified of new memos, and your memo limit.
+ */
+module { name = "ms_set" }
+command { service = "MemoServ"; name = "SET"; command = "memoserv/set"; }
+
+/*
+ * ms_staff
+ *
+ * Provides the command memoserv/staff.
+ *
+ * Used to send a memo to all registered staff members.
+ */
+module { name = "ms_staff" }
+command { service = "MemoServ"; name = "STAFF"; command = "memoserv/staff"; permission = "memoserv/staff"; }
diff --git a/roles/IRC/templates/anope/modules.conf.j2 b/roles/IRC/templates/anope/modules.conf.j2
new file mode 100644
index 0000000..fea0f3b
--- /dev/null
+++ b/roles/IRC/templates/anope/modules.conf.j2
@@ -0,0 +1,797 @@
+/*
+ * [OPTIONAL] Non-Core Modules
+ *
+ * The following blocks are used to load all non-core modules, including 3rd-party modules.
+ * Modules can be prevented from loading by commenting out the line, other modules can be added by
+ * adding a module block. These modules will be loaded prior to Services connecting to your network.
+ *
+ * Note that some of these modules are labeled EXTRA, and must be enabled prior to compiling by
+ * running the 'extras' script on Linux and UNIX.
+ */
+
+/*
+ * help
+ *
+ * Provides the command generic/help.
+ *
+ * This is a generic help command that can be used with any client.
+ */
+module { name = "help" }
+
+/*
+ * m_ldap [EXTRA]
+ *
+ * This module allows other modules to use LDAP. By itself, this module does nothing useful.
+ */
+module
+{
+ name = "m_ldap"
+
+ ldap
+ {
+ server = "ldap://127.0.0.1"
+ port = 389
+
+ /*
+ * Admin credentials used for performing searches and adding users.
+ */
+ admin_binddn = "uid=binduser,{{ ldap['userou'] }},{{ ldap['orgdn'] }}"
+ admin_password = "{{ secrets['Sora']['bindpassword'] }}"
+ }
+}
+
+/*
+ * m_ldap_authentication [EXTRA]
+ *
+ * This module allows many commands such as IDENTIFY, RELEASE, RECOVER, GHOST, etc. use
+ * LDAP to authenticate users. Requires m_ldap.
+*/
+module
+{
+ name = "m_ldap_authentication"
+
+ /*
+ * The distinguished name used for searching for users's accounts.
+ */
+ basedn = "{{ ldap['userou'] }},{{ ldap['orgdn'] }}"
+
+ /*
+ * The search filter used to look up users's accounts.
+ * %account is replaced with the user's account.
+ * %object_class is replaced with the object_class configured below.
+ */
+ search_filter = "uid=%account"
+
+ /*
+ * The object class used by LDAP to store user account information.
+ * This is used for adding new users to LDAP if registration is allowed.
+ */
+ object_class = "organizationalPerson"
+
+ /*
+ * The attribute value used for account names.
+ */
+ username_attribute = "uid"
+
+ /*
+ * The attribute value used for email addresses.
+ * This directive is optional.
+ */
+ email_attribute = "email"
+
+ /*
+ * The attribute value used for passwords.
+ * Used when registering new accounts in LDAP.
+ */
+ password_attribute = "userPassword"
+
+ /*
+ * If set, the reason to give the users who try to register with nickserv,
+ * including nick registration from grouping.
+ *
+ * If not set, then registration is not blocked.
+ */
+ #disable_register_reason = "To register on this network, contact a netadmin in #lobby. They will need to add an AniNIX/Sora LDAP account for you."
+
+ /*
+ * If set, the reason to give the users who try to "/msg NickServ SET EMAIL".
+ * If not set, then email changing is not blocked.
+ */
+ disable_email_reason = "Not allowed -- this network does not use email for account management."
+}
+
+/*
+ * m_dns
+ *
+ * Adds support for the DNS protocol. By itself this module does nothing useful,
+ * but other modules such as m_dnsbl and os_dns require this.
+ */
+#module
+{
+ name = "m_dns"
+
+ /*
+ * The nameserver to use for resolving hostnames, must be an IP or a resolver configuration file.
+ * The below should work fine on all unix like systems. Windows users will have to find their nameservers
+ * from ipconfig /all and put the IP here.
+ */
+ nameserver = "/etc/resolv.conf"
+ #nameserver = "127.0.0.1"
+
+ /*
+ * How long to wait in seconds before a DNS query has timed out.
+ */
+ timeout = 5
+
+
+ /* Only edit below if you are expecting to use os_dns or otherwise answer DNS queries. */
+
+ /*
+ * The IP and port services use to listen for DNS queries.
+ * Note that ports less than 1024 are privileged on UNIX/Linux systems, and
+ * require Anope to be started as root. If you do this, it is recommended you
+ * set options:user and options:group so Anope can change users after binding
+ * to this port.
+ */
+ ip = "0.0.0.0"
+ port = 53
+
+
+ /*
+ * SOA record information.
+ */
+
+ /* E-mail address of the DNS administrator. */
+ admin = "admin@example.com"
+
+ /* This should be the names of the public facing nameservers serving the records. */
+ nameservers = "ns1.example.com ns2.example.com"
+
+ /* The time slave servers are allowed to cache. This should be reasonably low
+ * if you want your records to be updated without much delay.
+ */
+ refresh = 3600
+
+ /* A notify block. There should probably be one per nameserver listed in 'nameservers'.
+ */
+ notify
+ {
+ ip = "192.0.2.0"
+ port = 53
+ }
+}
+
+/*
+ * m_dnsbl
+ *
+ * Allows configurable DNS blacklists to check connecting users against. If a user
+ * is found on the blacklist they will be immediately banned. This is a crucial module
+ * to prevent bot attacks.
+ */
+#module
+{
+ name = "m_dnsbl"
+
+ /*
+ * If set, Services will check clients against the DNSBLs when services connect to its uplink.
+ * This is not recommended, and on large networks will open a very large amount of DNS queries.
+ * Whilst services are not drastically affected by this, your nameserver/DNSBL might care.
+ */
+ check_on_connect = no
+
+ /*
+ * If set, Services will check clients when coming back from a netsplit. This can cause a large number
+ * of DNS queries open at once. Whilst services are not drastically affected by this, your nameserver/DNSBL
+ * might care.
+ */
+ check_on_netburst = no
+
+ /*
+ * If set, OperServ will add clients found in the DNSBL to the akill list. Without it, OperServ simply sends
+ * a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being fill up by bots.
+ */
+ add_to_akill = yes
+
+ blacklist
+ {
+ /* Name of the blacklist. */
+ name = "rbl.efnetrbl.org"
+
+ /* How long to set the ban for. */
+ time = 4h
+
+ /* Reason for akill.
+ * %n is the nick of the user
+ * %u is the ident/username of the user
+ * %g is the realname of the user
+ * %h is the hostname of the user
+ * %i is the IP of the user
+ * %r is the reply reason (configured below). Will be nothing if not configured.
+ * %N is the network name set in networkinfo:networkname
+ */
+ reason = "You are listed in the efnet RBL, visit http://rbl.efnetrbl.org/?i=%i for info"
+
+ /* Replies to ban and their reason. If no relies are configured, all replies get banned. */
+ reply
+ {
+ code = 1
+ reason = "Open Proxy"
+ }
+
+ #reply
+ {
+ code = 2
+ reason = "spamtrap666"
+ }
+
+ #reply
+ {
+ code = 3
+ reason = "spamtrap50"
+ }
+
+ reply
+ {
+ code = 4
+ reason = "TOR"
+
+ /*
+ * If set, users identified to services at the time the result comes back
+ * will not be banned.
+ */
+ #allow_account = yes
+ }
+
+ reply
+ {
+ code = 5
+ reason = "Drones / Flooding"
+ }
+ }
+
+ #blacklist
+ {
+ name = "dnsbl.dronebl.org"
+ time = 4h
+ reason = "You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded?ip=%i&network=%N"
+ }
+
+ /* Exempt localhost from DNSBL checks */
+ exempt { ip = "127.0.0.1" }
+}
+
+/*
+ * m_helpchan
+ *
+ * Gives users who are op in the specified help channel usermode +h (helpop).
+ */
+#module
+{
+ name = "m_helpchan"
+
+ helpchannel = "#help"
+}
+
+/*
+ * m_httpd
+ *
+ * Allows services to serve web pages. By itself, this module does nothing useful.
+ *
+ * Note that using this will allow users to get the IP of your services.
+ * To prevent this we recommend using a reverse proxy or a tunnel.
+ */
+#module
+{
+ name = "m_httpd"
+
+ httpd
+ {
+ /* Name of this service. */
+ name = "httpd/main"
+
+ /* IP to listen on. */
+ ip = "0.0.0.0"
+
+ /* Port to listen on. */
+ port = 8080
+
+ /* Time before connections to this server are timed out. */
+ timeout = 30
+
+ /* Listen using SSL. Requires an SSL module. */
+ #ssl = yes
+
+ /* If you are using a reverse proxy that sends one of the
+ * extforward_headers set below, set this to its IP.
+ * This allows services to obtain the real IP of users by
+ * reading the forwarded-for HTTP header.
+ */
+ #extforward_ip = "192.168.0.255"
+
+ /* The header to look for. These probably work as is. */
+ extforward_header = "X-Forwarded-For Forwarded-For"
+ }
+}
+
+
+
+/*
+ * m_ldap_oper [EXTRA]
+ *
+ * This module dynamically ties users to Anope opertypes when they identify
+ * via LDAP group membership. Requires m_ldap.
+ *
+ * Note that this doesn't give the user privileges on the IRCd, only in Services.
+ */
+#module
+{
+ name = "m_ldap_oper"
+
+ /*
+ * An optional binddn to use when searching for groups.
+ * %a is replaced with the account name of the user.
+ */
+ #binddn = "cn=Manager,dc=anope,dc=org"
+
+ /*
+ * An optional password to bind with.
+ */
+ #password = "secret"
+
+ /*
+ * The base DN where the groups are.
+ */
+ basedn = "ou=groups,dc=anope,dc=org"
+
+ /*
+ * The filter to use when searching for users.
+ * %a is replaced with the account name of the user.
+ */
+ filter = "(member=uid=%a,ou=users,dc=anope,dc=org)"
+
+ /*
+ * The attribute of the group that is the name of the opertype.
+ * The cn attribute should match a known opertype in the config.
+ */
+ opertype_attribute = "cn"
+}
+
+/*
+ * m_mysql [EXTRA]
+ *
+ * This module allows other modules to use MySQL.
+ */
+#module
+{
+ name = "m_mysql"
+
+ mysql
+ {
+ /* The name of this service. */
+ name = "mysql/main"
+ database = "anope"
+ server = "127.0.0.1"
+ username = "anope"
+ password =
+ port = 3306
+ }
+}
+/*
+ * m_redis
+ *
+ * This module allows other modules to use Redis.
+ */
+#module
+{
+ name = "m_redis"
+
+ /* A redis database */
+ redis
+ {
+ /* The name of this service */
+ name = "redis/main"
+
+ /*
+ * The redis database to use. New connections default to 0.
+ */
+ db = 0
+
+ ip = "127.0.0.1"
+ port = 6379
+ }
+}
+
+/*
+ * m_regex_pcre [EXTRA]
+ *
+ * Provides the regex engine regex/pcre, which uses the Perl Compatible Regular Expressions library.
+ */
+#module { name = "m_regex_pcre" }
+
+/*
+ * m_regex_posix [EXTRA]
+ *
+ * Provides the regex engine regex/posix, which uses the POSIX compliant regular expressions.
+ * This is likely the only regex module you will not need extra libraries for.
+ */
+#module { name = "m_regex_posix" }
+
+/*
+ * m_regex_tre [EXTRA]
+ *
+ * Provides the regex engine regex/tre, which uses the TRE regex library.
+ */
+#module { name = "m_regex_tre" }
+
+/*
+ * m_rewrite
+ *
+ * Allows rewriting commands sent to/from clients.
+ */
+#module { name = "m_rewrite" }
+#command
+{
+ service = "ChanServ"; name = "CLEAR"; command = "rewrite"
+
+ /* Enable m_rewrite. */
+ rewrite = true
+
+ /* Source message to match. A $ can be used to match anything. */
+ rewrite_source = "CLEAR $ USERS"
+
+ /*
+ * Message to rewrite the source message to. A $ followed by a number, eg $0, gets
+ * replaced by the number-th word from the source_message, starting from 0.
+ */
+ rewrite_target = "KICK $1 *"
+
+ /*
+ * The command description. This only shows up in HELP's output.
+ * Comment this option to prevent the command from showing in the
+ * HELP command.
+ */
+ rewrite_description = "Clears all users from a channel"
+}
+
+/*
+ * m_proxyscan
+ *
+ * This module allows you to scan connecting clients for open proxies.
+ * Note that using this will allow users to get the IP of your services.
+ *
+ * Currently the two supported proxy types are HTTP and SOCKS5.
+ *
+ * The proxy scanner works by attempting to connect to clients when they
+ * connect to the network, and if they have a proxy running instruct it to connect
+ * back to services. If services are able to connect through the proxy to itself
+ * then it knows it is an insecure proxy, and will ban it.
+ */
+#module
+{
+ name = "m_proxyscan"
+
+ /*
+ * The target IP services tells the proxy to connect back to. This must be a publicly
+ * available IP that remote proxies can connect to.
+ */
+ #target_ip = "127.0.0.1"
+
+ /*
+ * The port services tells the proxy to connect to.
+ */
+ target_port = 7226
+
+ /*
+ * The listen IP services listen on for incoming connections from suspected proxies.
+ * This probably will be the same as target_ip, but may not be if you are behind a firewall (NAT).
+ */
+ #listen_ip = "127.0.0.1"
+
+ /*
+ * The port services should listen on for incoming connections from suspected proxies.
+ * This most likely will be the same as target_port.
+ */
+ listen_port = 7226
+
+ /*
+ * An optional notice sent to clients upon connect.
+ */
+ #connect_notice = "We will now scan your host for insecure proxies. If you do not consent to this scan please disconnect immediately."
+
+ /*
+ * Who the notice should be sent from.
+ */
+ #connect_source = "OperServ"
+
+ /*
+ * If set, OperServ will add infected clients to the akill list. Without it, OperServ simply sends
+ * a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being filled up by bots.
+ */
+ add_to_akill = yes
+
+ /*
+ * How long before connections should be timed out.
+ */
+ timeout = 5
+
+ proxyscan
+ {
+ /* The type of proxy to check for. A comma separated list is allowed. */
+ type = "HTTP"
+
+ /* The ports to check. */
+ port = "80,8080"
+
+ /* How long to set the ban for. */
+ time = 4h
+
+ /*
+ * The reason to ban the user for.
+ * %h is replaced with the type of proxy found.
+ * %i is replaced with the IP of proxy found.
+ * %p is replaced with the port.
+ */
+ reason = "You have an open proxy running on your host (%t:%i:%p)"
+ }
+}
+
+/*
+ * m_sasl
+ *
+ * Some IRCds allow "SASL" authentication to let users identify to Services
+ * during the IRCd user registration process. If this module is loaded, Services will allow
+ * authenticating users through this mechanism. Supported mechanisms are:
+ * PLAIN, EXTERNAL.
+ */
+#module { name = "m_sasl" }
+
+/*
+ * m_sasl_dh-aes [EXTRA]
+ *
+ * Add the DH-AES mechanism to SASL.
+ * Requires m_sasl to be loaded.
+ * Requires openssl.
+ */
+#module { name = "m_sasl_dh-aes" }
+
+/*
+ * m_sasl_dh-blowfish [EXTRA]
+ *
+ * Add the DH-BLOWFISH mechanism to SASL.
+ * Requires m_sasl to be loaded.
+ * Requires openssl.
+ */
+#module { name = "m_sasl_dh-blowfish" }
+
+/*
+ * m_ssl_gnutls [EXTRA]
+ *
+ * This module provides SSL services to Anope using GnuTLS, for example to
+ * connect to the uplink server(s) via SSL.
+ *
+ * You may only load either m_ssl_gnutls or m_ssl_openssl, bot not both.
+ */
+#module
+{
+ name = "m_ssl_gnutls"
+
+ /*
+ * An optional certificate and key for m_ssl_gnutls to give to the uplink.
+ *
+ * You can generate your own certificate and key pair by using:
+ *
+ * certtool --generate-privkey --bits 2048 --outfile anope.key
+ * certtool --generate-self-signed --load-privkey anope.key --outfile anope.crt
+ *
+ */
+ cert = "data/anope.crt"
+ key = "data/anope.key"
+
+ /*
+ * Diffie-Hellman parameters to use when acting as a server. This is only
+ * required for TLS servers that want to use ephemeral DH cipher suites.
+ *
+ * This is NOT required for Anope to connect to the uplink server(s) via SSL.
+ *
+ * You can generate DH parameters by using:
+ *
+ * certtool --generate-dh-params --bits 2048 --outfile dhparams.pem
+ *
+ */
+# dhparams = "data/dhparams.pem"
+}
+
+/*
+ * m_ssl_openssl [EXTRA]
+ *
+ * This module provides SSL services to Anope using OpenSSL, for example to
+ * connect to the uplink server(s) via SSL.
+ *
+ * You may only load either m_ssl_openssl or m_ssl_gnutls, bot not both.
+ *
+ */
+#module
+{
+ name = "m_ssl_openssl"
+
+ /*
+ * An optional certificate and key for m_ssl_openssl to give to the uplink.
+ *
+ * You can generate your own certificate and key pair by using:
+ *
+ * openssl genrsa -out anope.key 2048
+ * openssl req -new -x509 -key anope.key -out anope.crt -days 1095
+ */
+ cert = "data/anope.crt"
+ key = "data/anope.key"
+
+ /*
+ * As of 2014 SSL 3.0 is considered insecure, but it might be enabled
+ * on some systems by default for compatibility reasons.
+ * You can use the following option to enable or disable it explicitly.
+ * Leaving this option not set defaults to the default system behavior.
+ */
+ #sslv3 = no
+}
+
+/*
+ * m_sql_authentication [EXTRA]
+ *
+ * This module allows authenticating users against an external SQL database using a custom
+ * query.
+ */
+#module
+{
+ name = "m_sql_authentication"
+
+ /* SQL engine to use. Should be configured elsewhere with m_mysql, m_sqlite, etc. */
+ engine = "mysql/main"
+
+ /* Query to execute to authenticate. A non empty result from this query is considered a success,
+ * and the user will be authenticated.
+ *
+ * @a@ is replaced with the user's account name
+ * @p@ is replaced with the user's password
+ * @n@ is replaced with the user's nickname
+ * @i@ is replaced with the user's IP
+ *
+ * Note that @n@ and @i@ may not always exist in the case of a user identifying outside of the normal
+ * nickserv/identify command, such as through the web panel.
+ *
+ * Furthermore, if a field named email is returned from this query the user's email is
+ * set to its value.
+ *
+ *
+ * We've included some example queries for some popular website/forum systems.
+ *
+ * Drupal 6: "SELECT `mail` AS `email` FROM `users` WHERE `name` = @a@ AND `pass` = MD5(@p@) AND `status` = 1"
+ * e107 cms: "SELECT `user_email` AS `email` FROM `e107_user` WHERE `user_loginname` = @a@ AND `user_password` = MD5(@p@)"
+ * SMF Forum: "SELECT `email_address` AS `email` FROM `smf_members` WHERE `member_name` = @a@ AND `passwd` = SHA1(CONCAT(LOWER(@a@), @p@))"
+ * vBulletin: "SELECT `email` FROM `user` WHERE `username` = @a@ AND `password` = MD5(CONCAT(MD5(@p@), `salt`))"
+ * IP.Board: "SELECT `email` FROM `ibf_members` WHERE `name` = @a@ AND `members_pass_hash` = MD5(CONCAT(MD5(`members_pass_salt`), MD5(@p@)))"
+ */
+ query = "SELECT `email_addr` AS `email` FROM `my_users` WHERE `username` = @a@ AND `password` = MD5(CONCAT('salt', @p@))"
+
+ /*
+ * If set, the reason to give the users who try to "/msg NickServ REGISTER".
+ * If not set, then registration is not blocked.
+ */
+ #disable_reason = "To register on this network visit http://some.misconfigured.site/register"
+
+ /*
+ * If set, the reason to give the users who try to "/msg NickServ SET EMAIL".
+ * If not set, then email changing is not blocked.
+ */
+ #disable_email_reason = "To change your email address visit http://some.misconfigured.site"
+}
+
+/*
+ * m_sql_log [EXTRA]
+ *
+ * This module adds an additional target option to log{} blocks
+ * that allows logging Service's logs to SQL. To log to SQL, add
+ * the SQL service name to log:targets prefixed by sql_log:. For
+ * example:
+ *
+ * log
+ * {
+ * targets = "services.log sql_log:mysql/main"
+ * ...
+ * }
+ *
+ * By default this module logs to the table `logs`, and will create
+ * it if it doesn't exist. This module does not create any indexes (keys)
+ * on the table and it is recommended you add them yourself as necessary.
+ */
+#module { name = "m_sql_log" }
+
+/*
+ * m_sql_oper [EXTRA]
+ *
+ * This module allows granting users services operator privileges and possibly IRC Operator
+ * privileges based on an external SQL database using a custom query.
+ */
+#module
+{
+ name = "m_sql_oper"
+
+ /* SQL engine to use. Should be configured elsewhere with m_mysql, m_sqlite, etc. */
+ engine = "mysql/main"
+
+ /* Query to execute to determine if a user should have operator privileges.
+ * A field named opertype must be returned in order to link the user to their oper type.
+ * The oper types must be configured earlier in services.conf.
+ *
+ * If a field named modes is returned from this query then those modes are set on the user.
+ * Without this, only a simple +o is sent.
+ *
+ * @a@ is replaced with the user's account name
+ * @i@ is replaced with the user's IP
+ */
+ query = "SELECT `opertype` FROM `my_users` WHERE `user_name` = @a@"
+}
+
+/*
+ * m_sqlite [EXTRA]
+ *
+ * This module allows other modules to use SQLite.
+ */
+#module
+{
+ name = "m_sqlite"
+
+ /* A SQLite database */
+ sqlite
+ {
+ /* The name of this service. */
+ name = "sqlite/main"
+
+ /* The database name, it will be created if it does not exist. */
+ database = "anope.db"
+ }
+}
+
+/*
+ * webcpanel
+ *
+ * This module creates a web configuration panel that allows users and operators to perform any task
+ * as they could over IRC. If you are using the default configuration you should be able to access
+ * this panel by visiting http://127.0.0.1:8080 in your web browser from the machine Anope is running on.
+ *
+ * This module requires m_httpd.
+ */
+#module
+{
+ name = "webcpanel"
+
+ /* Web server to use. */
+ server = "httpd/main";
+
+ /* Template to use. */
+ template = "default";
+
+ /* Page title. */
+ title = "Anope IRC Services";
+}
+
+/*
+ * m_xmlrpc
+ *
+ * Allows remote applications (websites) to execute queries in real time to retrieve data from Anope.
+ * By itself this module does nothing, but allows other modules (m_xmlrpc_main) to receive and send XMLRPC queries.
+ */
+#module
+{
+ name = "m_xmlrpc"
+
+ /* Web service to use. Requires m_httpd. */
+ server = "httpd/main"
+}
+
+/*
+ * m_xmlrpc_main
+ *
+ * Adds the main XMLRPC core functions.
+ * Requires m_xmlrpc.
+ */
+#module { name = "m_xmlrpc_main" }
diff --git a/roles/IRC/templates/anope/nickserv.conf.j2 b/roles/IRC/templates/anope/nickserv.conf.j2
new file mode 100755
index 0000000..7fa5b17
--- /dev/null
+++ b/roles/IRC/templates/anope/nickserv.conf.j2
@@ -0,0 +1,662 @@
+/*
+ * Example configuration file for NickServ.
+ */
+
+/*
+ * First, create the service.
+ */
+service
+{
+ /*
+ * The name of the NickServ client.
+ * If you change this value, you probably want to change the client directive in the configuration for the nickserv module too.
+ */
+ nick = "NickServ"
+
+ /*
+ * The username of the NickServ client.
+ */
+ user = "services"
+
+ /*
+ * The hostname of the NickServ client.
+ */
+ host = "ircservices.{{ external_domain }}"
+
+ /*
+ * The realname of the NickServ client.
+ */
+ gecos = "Nickname Registration Service"
+
+ /*
+ * The modes this client should use.
+ * Do not modify this unless you know what you are doing.
+ *
+ * These modes are very IRCd specific. If left commented, sane defaults
+ * are used based on what protocol module you have loaded.
+ *
+ * Note that setting this option incorrectly could potentially BREAK some, if
+ * not all, usefulness of the client. We will not support you if this client is
+ * unable to do certain things if this option is enabled.
+ */
+ #modes = "+o"
+
+ /*
+ * An optional comma separated list of channels this service should join. Outside
+ * of log channels this is not very useful, as the service will just idle in the
+ * specified channels, and will not accept any types of commands.
+ *
+ * Prefixes may be given to the channels in the form of mode characters or prefix symbols.
+ */
+ #channels = "@#services,#mychan"
+}
+
+/*
+ * Core NickServ module.
+ *
+ * Provides essential functionality for NickServ.
+ */
+module
+{
+ name = "nickserv"
+
+ /*
+ * The name of the client that should be NickServ.
+ */
+ client = "NickServ"
+
+ /*
+ * Force users to give an e-mail address when they register a nick.
+ *
+ * This directive defaults to "yes" and is recommended to be enabled. This is required if e-mail registration is enabled.
+ */
+ forceemail = no
+
+ /*
+ * Require users who change their email address to confirm they
+ * own their new email.
+ */
+ confirmemailchanges = no
+
+ /*
+ * A message sent to users on connect if they use an unregistered nick.
+ *
+ * This directive is optional.
+ */
+ unregistered_notice = "Your nickname is not registered. If you would like it registered, contact a netadmin (identified by ^) in #lobby to get it registered."
+
+ /*
+ * The default options for newly registered nicks. Note that changing these options
+ * will have no effect on nicks which are already registered. The list must be separated
+ * by spaces.
+ *
+ * The options are:
+ * - killprotect: Kill nick if not identified within 60 seconds
+ * - kill_quick: Kill nick if not identified within 20 seconds, this one overrides the above
+ * option and the above must be specified with this one
+ * - ns_secure: Enable nickname security, requiring the nick's password before any operations
+ * can be done on it
+ * - ns_private: Hide the nick from NickServ's LIST command
+ * - hide_email: Hide's the nick's e-mail address from NickServ's INFO command
+ * - hide_mask: Hide's the nick's last or current user@host from NickServ's INFO command
+ * - hide_quit: Hide's the nick's last quit message
+ * - memo_signon: Notify user if they have a new memo when they sign into the nick
+ * - memo_receive: Notify user if they have a new memo as soon as it's received
+ * - memo_mail: Notify user if they have a new memo by mail
+ * - autoop: User will be automatically opped in channels they enter and have access to
+ * - msg: Services messages will be sent as PRIVMSGs instead of NOTICEs, requires
+ * options:useprivmsg to be enabled as well
+ * - ns_keepmodes: Enables keepmodes, which retains user modes across sessions
+ *
+ * This directive is optional, if left blank, the options will default to ns_secure, memo_signon, and
+ * memo_receive. If you really want no defaults, use "none" by itself as the option.
+ */
+ defaults = "ns_secure ns_private hide_email hide_mask memo_signon memo_receive autoop killprotect"
+
+ /*
+ * The minimum length of time between consecutive uses of NickServ's REGISTER command. This
+ * directive is optional, but recommended. If not set, this restriction will be disabled.
+ */
+ regdelay = 30s
+
+ /*
+ * The length of time before a nick's registration expires.
+ *
+ * This directive is optional, but recommended. If not set, the default is 21 days.
+ */
+ expire = 3650d
+
+ /*
+ * Prevents the use of the ACCESS and CERT (excluding their LIST subcommand), DROP, FORBID, SUSPEND,
+ * GETPASS and SET PASSWORD commands by services operators on other services operators.
+ *
+ * This directive is optional, but recommended.
+ */
+ secureadmins = yes
+
+ /*
+ * If set, Services will set the channel modes a user has access to upon identifying, assuming
+ * they are not already set.
+ *
+ * This directive is optional.
+ */
+ modeonid = yes
+
+ /*
+ * If set, Services will set these user modes on any user who identifies.
+ *
+ * This directive is optional.
+ */
+ #modesonid = "+R"
+
+ /*
+ * If set, Services will not show netsplits in the last quit message field
+ * of NickServ's INFO command.
+ */
+ hidenetsplitquit = no
+
+ /*
+ * If set, is the length of time NickServ's killquick and kill options wait before
+ * forcing users off of protected nicknames.
+ */
+ killquick = 20s
+ kill = 60s
+
+ /*
+ * If set, forbids the registration of nicks that contain an existing
+ * nick with Services access. For example, if Tester is a Services Oper,
+ * you can't register NewTester or Tester123 unless you are an IRC
+ * Operator.
+ *
+ * NOTE: If you enable this, you will have to be logged in as an IRC
+ * operator in order to register a Services Root nick when setting up
+ * Anope for the first time.
+ *
+ * This directive is optional.
+ */
+ restrictopernicks = yes
+
+ /*
+ * The username, and possibly hostname, used for fake users created when Services needs to
+ * hold a nickname.
+ */
+ enforceruser = "enforcer"
+ enforcerhost = "ircservices.{{ external_domain }}"
+
+ /*
+ * The length of time Services hold nicknames.
+ *
+ * This directive is optional, but recommended. If not set it defaults to 1 minute.
+ */
+ releasetimeout = 1m
+
+ /*
+ * When a user's nick is forcibly changed to enforce a "nick kill", their new nick will start
+ * with this value. The rest will be made up of 6 or 7 digits.
+ * Make sure this is a valid nick and Nicklen+7 is not longer than the allowed Nicklen on your ircd.
+ *
+ * This directive is optional. If not set it defaults to "Guest"
+ */
+ guestnickprefix = "Guest"
+
+ /*
+ * If set, Services do not allow ownership of nick names, only ownership of accounts.
+ */
+ nonicknameownership = no
+
+ /*
+ * The maximum length of passwords
+ *
+ * This directive is optional. If not set it defaults to 32.
+ */
+ passlen = 32
+}
+
+/*
+ * Core NickServ commands.
+ *
+ * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
+ * are loaded you can then configure the commands to be added to any client you like with any name you like.
+ *
+ * Additionally, you may provide a permission name that must be in the opertype of users executing the command.
+ *
+ * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
+ */
+
+/* Command group configuration for NickServ.
+ *
+ * Commands may optionally be placed into groups to make NickServ's HELP output easier to understand.
+ * Remove the following groups to use the old behavior of simply listing all NickServ commands from HELP.
+ */
+command_group
+{
+ name = "nickserv/admin"
+ description = _("Services Operator commands")
+}
+
+/* Give it a help command. */
+command { service = "NickServ"; name = "HELP"; command = "generic/help"; }
+
+/*
+ * ns_access
+ *
+ * Provides the command nickserv/access.
+ *
+ * Used for configuring what hosts have access to your account.
+ */
+module
+{
+ name = "ns_access"
+
+ /*
+ * The maximum number of entries allowed on a nickname's access list.
+ * If not set, the default is 32. This number cannot be set to 0.
+ */
+ accessmax = 32
+
+ /*
+ * If set, Services will add the usermask of registering users to the access list of their
+ * newly created account. If not set, users will always have to identify to NickServ before
+ * being recognized, unless they manually add an address to the access list of their account.
+ * This directive is optional.
+ */
+ addaccessonreg = yes
+}
+command { service = "NickServ"; name = "ACCESS"; command = "nickserv/access"; }
+
+/*
+ * ns_ajoin
+ *
+ * Provides the command nickserv/ajoin.
+ *
+ * Used for configuring channels to join once you identify.
+ */
+module
+{
+ name = "ns_ajoin"
+
+ /*
+ * The maximum number of channels a user can have on NickServ's AJOIN command.
+ */
+ ajoinmax = 50
+}
+command { service = "NickServ"; name = "AJOIN"; command = "nickserv/ajoin"; }
+
+/*
+ * ns_alist
+ *
+ * Provides the command nickserv/alist.
+ *
+ * Used for viewing what channels you have access to.
+ */
+module { name = "ns_alist" }
+command { service = "NickServ"; name = "ALIST"; command = "nickserv/alist"; }
+
+/*
+ * ns_cert
+ *
+ * Provides the command nickserv/cert.
+ *
+ * Used for configuring your SSL certificate list, which can be used to automatically identify you.
+ *
+module
+{
+ name = "ns_cert"
+
+ /*
+ * The maximum number of entries allowed on a nickname's certificate fingerprint list.
+ * The default is 5. This number cannot be set to 0.
+ *
+ max = 5
+}
+command { service = "NickServ"; name = "CERT"; command = "nickserv/cert"; }
+*/
+/*
+ * ns_drop
+ *
+ * Provides the command nickserv/drop.
+ *
+ * Used for unregistering names.
+ */
+module { name = "ns_drop" }
+command { service = "NickServ"; name = "DROP"; command = "nickserv/drop"; }
+
+/*
+ * ns_getemail
+ *
+ * Provides the command nickserv/getemail.
+ *
+ * Used for getting registered accounts by searching for emails.
+ */
+module { name = "ns_getemail" }
+command { service = "NickServ"; name = "GETEMAIL"; command = "nickserv/getemail"; permission = "nickserv/getemail"; group = "nickserv/admin"; }
+
+/*
+ * ns_getpass
+ *
+ * Provides the command nickserv/getpass.
+ *
+ * Used for getting users passwords.
+ *
+ * Requires no encryption is being used.
+ */
+#module { name = "ns_getpass" }
+#command { service = "NickServ"; name = "GETPASS"; command = "nickserv/getpass"; permission = "nickserv/getpass"; }
+
+/*
+ * ns_group
+ *
+ * Provides the commands nickserv/group, nickserv/glist, and nickserv/ungroup.
+ *
+ * Used for controlling nick groups.
+ */
+module
+{
+ name = "ns_group"
+
+ /*
+ * The maximum number of nicks allowed in a group.
+ *
+ * This directive is optional, but recommended. If not set or set to 0, no limits will be applied.
+ */
+ maxaliases = 16
+
+ /*
+ * If set, the NickServ GROUP command won't allow any group changes. This is recommended to
+ * prevent users from accidentally dropping their nicks, as it forces users to explicitly
+ * drop their nicks before adding it to another group.
+ *
+ * This directive is optional, but recommended.
+ */
+ nogroupchange = yes
+}
+command { service = "NickServ"; name = "GLIST"; command = "nickserv/glist"; }
+command { service = "NickServ"; name = "GROUP"; command = "nickserv/group"; }
+command { service = "NickServ"; name = "UNGROUP"; command = "nickserv/ungroup"; }
+
+/*
+ * ns_identify
+ *
+ * Provides the command nickserv/identify.
+ *
+ * Used for identifying to accounts.
+ */
+module { name = "ns_identify" }
+command { service = "NickServ"; name = "ID"; command = "nickserv/identify"; hide = true; }
+command { service = "NickServ"; name = "IDENTIFY"; command = "nickserv/identify"; }
+
+/*
+ * ns_info
+ *
+ * Provides the commands:
+ * nickserv/info. - Used for gathering information about an account.
+ * nickserv/set/hide, nickserv/saset/hide - Used for configuring which options are publically shown in nickserv/info.
+ *
+ */
+module { name = "ns_info" }
+command { service = "NickServ"; name = "INFO"; command = "nickserv/info"; }
+
+command { service = "NickServ"; name = "SET HIDE"; command = "nickserv/set/hide"; }
+command { service = "NickServ"; name = "SASET HIDE"; command = "nickserv/saset/hide"; permission = "nickserv/saset/hide"; }
+
+
+/*
+ * ns_list
+ *
+ * Provides the commands:
+ * nickserv/list - Used for retrieving and searching the registered account list.
+ * nickserv/set/private, nickserv/saset/private - Used for configuring whether or a users account shows up in nickserv/list.
+ *
+ */
+module
+{
+ name = "ns_list"
+
+ /*
+ * The maximum number of nicks to be returned for a NickServ LIST command.
+ */
+ listmax = 50
+}
+command { service = "NickServ"; name = "LIST"; command = "nickserv/list"; }
+
+command { service = "NickServ"; name = "SET PRIVATE"; command = "nickserv/set/private"; }
+command { service = "NickServ"; name = "SASET PRIVATE"; command = "nickserv/saset/private"; permission = "nickserv/saset/private"; }
+
+
+/*
+ * ns_logout
+ *
+ * Provides the command nickserv/logout.
+ *
+ * Used for logging out of your account.
+ */
+module { name = "ns_logout" }
+command { service = "NickServ"; name = "LOGOUT"; command = "nickserv/logout"; }
+
+/*
+ * ns_recover
+ *
+ * Provides the command nickserv/recover.
+ *
+ * Used for recovering your nick from services or another user.
+ */
+module
+{
+ name = "ns_recover"
+
+ /*
+ * If set, Services will svsnick and svsjoin users who use the recover
+ * command on an identified user to the nick and channels of the recovered user.
+ *
+ * This directive is opional.
+ */
+ restoreonrecover = yes
+}
+command { service = "NickServ"; name = "RECOVER"; command = "nickserv/recover"; }
+# Uncomment below to emulate 1.8's behavior of ghost and release.
+#command { service = "NickServ"; name = "GHOST"; command = "nickserv/recover"; }
+#command { service = "NickServ"; name = "RELEASE"; command = "nickserv/recover"; }
+
+/*
+ * ns_register
+ *
+ * Provides the commands nickserv/confirm, nickserv/register, and nickserv/resend.
+ *
+ * Used for registering accounts.
+ */
+module
+{
+ name = "ns_register"
+
+ /*
+ * Registration confirmation setting. Set to "none" for no registration confirmation,
+ * "mail" for email confirmation, and "admin" to have services operators manually confirm
+ * every registration. Set to "disable" to completely disable all registrations.
+ */
+ registration = "none"
+
+ /*
+ * The minimum length of time between consecutive uses of NickServ's RESEND command.
+ *
+ * This directive is optional, but recommended. If not set, this restriction will be disabled.
+ */
+ resenddelay = 90s
+
+ /*
+ * Prevents users from registering their nick if they are not connected
+ * for at least the given number of seconds.
+ *
+ * This directive is optional.
+ */
+ #nickregdelay = 30s
+
+ /*
+ * The length of time a user using an unconfirmed account has
+ * before the account will be released for general use again.
+ */
+ #unconfirmedexpire = 1d
+}
+#command { service = "NickServ"; name = "CONFIRM"; command = "nickserv/confirm"; }
+command { service = "NickServ"; name = "REGISTER"; command = "nickserv/register"; }
+#command { service = "NickServ"; name = "RESEND"; command = "nickserv/resend"; }
+
+/*
+ * ns_resetpass
+ *
+ * Provides the command nickserv/resetpass.
+ *
+ * Used for resetting passwords by emailing users a temporary one.
+ */
+/*module { name = "ns_resetpass" }
+command { service = "NickServ"; name = "RESETPASS"; command = "nickserv/resetpass"; }
+*/
+
+/*
+ * ns_set
+ *
+ * Provides the commands:
+ * nickserv/set, nickserv/saset - Dummy help wrappers for the SET and SASET commands.
+ * nickserv/set/autoop, nickserv/saset/autoop - Determines whether or not modes are automatically set users when joining a channel.
+ * nickserv/set/display, nickserv/saset/display - Used for setting a users display name.
+ * nickserv/set/email, nickserv/saset/email - Used for setting a users email address.
+ * nickserv/set/keepmodes, nickserv/saset/keepmodes - Configure whether or not services should retain a user's modes across sessions.
+ * nickserv/set/kill, nickserv/saset/kill - Used for configuring nickname protection.
+ * nickserv/set/language, nickserv/saset/language - Used for configuring what language services use.
+ * nickserv/set/message, nickserv/saset/message - Used to configure how services send messages to you.
+ * nickserv/set/password, nickserv/saset/password - Used for changing a users password.
+ * nickserv/set/secure, nickserv/saset/secure - Used for configuring whether a user can identify by simply being recognized by nickserv/access.
+ * nickserv/saset/noexpire - Used for configuring noexpire, which prevents nicks from expiring.
+ */
+module
+{
+ name = "ns_set"
+
+ /*
+ * Allow the use of the IMMED option in the NickServ SET KILL command.
+ *
+ * This directive is optional.
+ */
+ #allowkillimmed = yes
+}
+
+command { service = "NickServ"; name = "SET"; command = "nickserv/set"; }
+command { service = "NickServ"; name = "SASET"; command = "nickserv/saset"; permission = "nickserv/saset/"; group = "nickserv/admin"; }
+
+command { service = "NickServ"; name = "SET AUTOOP"; command = "nickserv/set/autoop"; }
+command { service = "NickServ"; name = "SASET AUTOOP"; command = "nickserv/saset/autoop"; permission = "nickserv/saset/autoop"; }
+
+command { service = "NickServ"; name = "SET DISPLAY"; command = "nickserv/set/display"; }
+command { service = "NickServ"; name = "SASET DISPLAY"; command = "nickserv/saset/display"; permission = "nickserv/saset/display"; }
+
+command { service = "NickServ"; name = "SET EMAIL"; command = "nickserv/set/email"; }
+command { service = "NickServ"; name = "SASET EMAIL"; command = "nickserv/saset/email"; permission = "nickserv/saset/email"; }
+
+command { service = "NickServ"; name = "SET KEEPMODES"; command = "nickserv/set/keepmodes"; }
+command { service = "NickServ"; name = "SASET KEEPMODES"; command = "nickserv/saset/keepmodes"; permission = "nickserv/saset/keepmodes"; }
+
+command { service = "NickServ"; name = "SET KILL"; command = "nickserv/set/kill"; }
+command { service = "NickServ"; name = "SASET KILL"; command = "nickserv/saset/kill"; permission = "nickserv/saset/kill"; }
+
+command { service = "NickServ"; name = "SET LANGUAGE"; command = "nickserv/set/language"; }
+command { service = "NickServ"; name = "SASET LANGUAGE"; command = "nickserv/saset/language"; permission = "nickserv/saset/language"; }
+
+command { service = "NickServ"; name = "SET MESSAGE"; command = "nickserv/set/message"; }
+command { service = "NickServ"; name = "SASET MESSAGE"; command = "nickserv/saset/message"; permission = "nickserv/saset/message"; }
+
+/* command { service = "NickServ"; name = "SET PASSWORD"; command = "nickserv/set/password"; }
+command { service = "NickServ"; name = "SASET PASSWORD"; command = "nickserv/saset/password"; permission = "nickserv/saset/password"; }
+*/
+command { service = "NickServ"; name = "SET SECURE"; command = "nickserv/set/secure"; }
+command { service = "NickServ"; name = "SASET SECURE"; command = "nickserv/saset/secure"; permission = "nickserv/saset/secure"; }
+
+command { service = "NickServ"; name = "SASET NOEXPIRE"; command = "nickserv/saset/noexpire"; permission = "nickserv/saset/noexpire"; }
+
+
+/*
+ * ns_set_misc
+ *
+ * Provides the command nickserv/set/misc.
+ *
+ * Allows you to create arbitrary commands to set data, and have that data show up in nickserv/info.
+ * A field named misc_description may be given for use with help output.
+ */
+module { name = "ns_set_misc" }
+command { service = "NickServ"; name = "SET URL"; command = "nickserv/set/misc"; misc_description = _("Associate a URL with your account"); }
+command { service = "NickServ"; name = "SASET URL"; command = "nickserv/saset/misc"; misc_description = _("Associate a URL with this account"); permission = "nickserv/saset/url"; group = "nickserv/admin"; }
+#command { service = "NickServ"; name = "SET ICQ"; command = "nickserv/set/misc"; misc_description = _("Associate an ICQ account with your account"); }
+#command { service = "NickServ"; name = "SASET ICQ"; command = "nickserv/saset/misc"; misc_description = _("Associate an ICQ account with this account"); permission = "nickserv/saset/icq"; group = "nickserv/admin"; }
+#command { service = "NickServ"; name = "SET TWITTER"; command = "nickserv/set/misc"; misc_description = _("Associate a Twitter account with your account"); }
+#command { service = "NickServ"; name = "SASET TWITTER"; command = "nickserv/saset/misc"; misc_description = _("Associate a Twitter account with this account"); permission = "nickserv/saset/twitter"; group = "nickserv/admin"; }
+#command { service = "NickServ"; name = "SET FACEBOOK"; command = "nickserv/set/misc"; misc_description = _("Associate a Facebook URL with your account"); }
+#command { service = "NickServ"; name = "SASET FACEBOOK"; command = "nickserv/saset/misc"; misc_description = _("Associate a Facebook URL with this account"); permission = "nickserv/saset/facebook"; group = "nickserv/admin"; }
+
+/*
+ * ns_status
+ *
+ * Provides the nickserv/status command.
+ *
+ * Used to determine if a user is recognized or identified by services.
+ */
+module { name = "ns_status" }
+command { service = "NickServ"; name = "STATUS"; command = "nickserv/status"; }
+
+/*
+ * ns_suspend
+ *
+ * Provides the commands nickserv/suspend and nickserv/unsuspend.
+ *
+ * Used to suspend and unsuspend nicknames. Suspended nicknames can not be used but their settings are preserved.
+ */
+module
+{
+ name = "ns_suspend"
+
+ /*
+ * The length of time before a suspended nick becomes unsuspended.
+ *
+ * This directive is optional. If not set, the default is never.
+ */
+ #suspendexpire = 90d
+
+ /*
+ * Settings to show to non-opers in NickServ's INFO output.
+ * Comment to completely disable showing any information about
+ * suspended nicknames to non-opers.
+ */
+ show = "suspended, by, reason, on, expires"
+}
+command { service = "NickServ"; name = "SUSPEND"; command = "nickserv/suspend"; permission = "nickserv/suspend"; group = "nickserv/admin"; }
+command { service = "NickServ"; name = "UNSUSPEND"; command = "nickserv/unsuspend"; permission = "nickserv/suspend"; group = "nickserv/admin"; }
+
+/*
+ * ns_update
+ *
+ * Provides the command nickserv/update.
+ *
+ * Used to update your status on all channels, turn on your vHost, etc.
+ */
+module { name = "ns_update" }
+command { service = "NickServ"; name = "UPDATE"; command = "nickserv/update"; }
+
+
+/*
+ * Extra NickServ related modules.
+ */
+
+/*
+ * ns_maxemail
+ *
+ * Limits how many times the same email address may be used in Anope
+ * to register accounts.
+ */
+#module
+{
+ name = "ns_maxemail"
+
+ /*
+ * The limit to how many registered nicks can use the same e-mail address. If set to 0 or left
+ * commented, there will be no limit enforced when registering new accounts or using
+ * /msg NickServ SET EMAIL.
+ */
+ maxemails = 1
+}
diff --git a/roles/IRC/templates/anope/operserv.conf.j2 b/roles/IRC/templates/anope/operserv.conf.j2
new file mode 100755
index 0000000..bb82d1f
--- /dev/null
+++ b/roles/IRC/templates/anope/operserv.conf.j2
@@ -0,0 +1,701 @@
+/*
+ * Example configuration file for OperServ.
+ */
+
+/*
+ * First, create the service.
+ */
+service
+{
+ /*
+ * The name of the OperServ client.
+ * If you change this value, you probably want to change the client directive in the configuration for the operserv module too.
+ */
+ nick = "OperServ"
+
+ /*
+ * The username of the OperServ client.
+ */
+ user = "services"
+
+ /*
+ * The hostname of the OperServ client.
+ */
+ host = "ircservices.{{ external_domain }}"
+
+ /*
+ * The realname of the OperServ client.
+ */
+ gecos = "Operator Service"
+
+ /*
+ * The modes this client should use.
+ * Do not modify this unless you know what you are doing.
+ *
+ * These modes are very IRCd specific. If left commented, sane defaults
+ * are used based on what protocol module you have loaded.
+ *
+ * Note that setting this option incorrectly could potentially BREAK some, if
+ * not all, usefulness of the client. We will not support you if this client is
+ * unable to do certain things if this option is enabled.
+ */
+ #modes = "+o"
+
+ /*
+ * An optional comma separated list of channels this service should join. Outside
+ * of log channels this is not very useful, as the service will just idle in the
+ * specified channels, and will not accept any types of commands.
+ *
+ * Prefixes may be given to the channels in the form of mode characters or prefix symbols.
+ */
+ #channels = "@#services,#mychan"
+}
+
+/*
+ * Core OperServ module.
+ *
+ * Provides essential functionality for OperServ.
+ */
+module
+{
+ name = "operserv"
+
+ /*
+ * The name of the client that should be OperServ.
+ */
+ client = "OperServ"
+
+ /*
+ * These define the default expiration times for, respectively, AKILLs, CHANKILLs, SNLINEs,
+ * and SQLINEs.
+ */
+ autokillexpiry = 30d
+ chankillexpiry = 30d
+ snlineexpiry = 30d
+ sqlineexpiry = 30d
+
+ /*
+ * If set, this option will make Services send an AKILL command immediately after it has been
+ * added with AKILL ADD. This eliminates the need for killing the user after the AKILL has
+ * been added.
+ *
+ * This directive is optional, but recommended.
+ */
+ akillonadd = yes
+
+ /*
+ * If set, this option will make Services send an (SVS)KILL command immediately after SNLINE ADD.
+ * This eliminates the need for killing the user after the SNLINE has been added.
+ *
+ * This directive is optional.
+ */
+ killonsnline = yes
+
+ /*
+ * If set, this option will make Services send an (SVS)KILL command immediately after SQLINE ADD.
+ * This eliminates the need for killing the user after the SQLINE has been added.
+ *
+ * This directive is optional.
+ */
+ killonsqline = yes
+
+ /*
+ * Adds the nickname of the IRC Operator issuing an AKILL to the kill reason.
+ *
+ * This directive is optional.
+ */
+ addakiller = yes
+
+ /*
+ * Adds akill IDs to akills. Akill IDs are given to users in their ban reason and can be used to easily view,
+ * modify, or remove an akill from the ID.
+ */
+ akillids = yes
+
+ /*
+ * If set, only IRC Operators will be permitted to use OperServ, regardless of command access restrictions.
+ *
+ * This directive is optional, but recommended.
+ */
+ opersonly = yes
+}
+
+/*
+ * Core OperServ commands.
+ *
+ * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
+ * are loaded you can then configure the commands to be added to any client you like with any name you like.
+ *
+ * Additionally, you may provide a permission name that must be in the opertype of users executing the command.
+ *
+ * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
+ */
+
+/* Give it a help command. */
+command { service = "OperServ"; name = "HELP"; command = "generic/help"; }
+
+/*
+ * os_akill
+ *
+ * Provides the command operserv/akill.
+ *
+ * Used to ban users from the network.
+ */
+module { name = "os_akill" }
+command { service = "OperServ"; name = "AKILL"; command = "operserv/akill"; permission = "operserv/akill"; }
+
+/*
+ * os_chankill
+ *
+ * Provides the command operserv/chankill.
+ *
+ * Used to akill users from an entire channel.
+ */
+module { name = "os_chankill" }
+command { service = "OperServ"; name = "CHANKILL"; command = "operserv/chankill"; permission = "operserv/chankill"; }
+
+/*
+ * os_session
+ *
+ * Provides the commands operserv/exception and operserv/session.
+ *
+ * This module enables session limiting. Session limiting prevents users from connecting more than a certain
+ * number of times from the same IP at the same time - thus preventing most types of cloning.
+ * Once a host reaches it's session limit, all clients attempting to connect from that host will
+ * be killed. Exceptions to the default session limit can be defined via the exception list.
+ *
+ * Used to manage the session limit exception list, and view currently active sessions.
+ */
+module
+{
+ name = "os_session"
+
+ /*
+ * Default session limit per host. Once a host reaches its session limit, all clients attempting
+ * to connect from that host will be killed.
+ *
+ * This directive is required if os_session is loaded.
+ */
+ defaultsessionlimit = 3
+
+ /*
+ * The maximum session limit that may be set for a host in an exception.
+ *
+ * This directive is required if os_session is loaded.
+ */
+ maxsessionlimit = 100
+
+ /*
+ * Sets the default expiry time for session exceptions.
+ *
+ * This directive is required if os_session is loaded.
+ */
+ exceptionexpiry = 1d
+
+ /*
+ * The message that will be NOTICE'd to a user just before they are removed from the network because
+ * their host's session limit has been exceeded. It may be used to give a slightly more descriptive
+ * reason for the impending kill as opposed to simply "Session limit exceeded".
+ *
+ * This directive is optional, if not set, nothing will be sent.
+ */
+ sessionlimitexceeded = "The session limit for your IP %IP% has been exceeded."
+
+ /*
+ * Same as above, but should be used to provide a website address where users can find out more
+ * about session limits and how to go about applying for an exception.
+ *
+ * Note: This directive has been intentionally commented out in an effort to remind you to change
+ * the URL it contains. It is recommended that you supply an address/URL where people can get help
+ * regarding session limits.
+ *
+ * This directive is optional, if not set, nothing will be sent.
+ */
+ #sessionlimitdetailsloc = "Please visit http://your.website.url/ for more information about session limits."
+
+ /*
+ * If set and is not 0, this directive tells Services to add an AKILL if the number of subsequent kills
+ * for the same host exceeds this value, preventing the network from experiencing KILL floods.
+ *
+ * This directive is optional.
+ */
+ maxsessionkill = 15
+
+ /*
+ * Sets the expiry time for AKILLs set for hosts exceeding the maxsessionkill directive limit.
+ *
+ * This directive is optional, if not set, defaults to 30 minutes.
+ */
+ sessionautokillexpiry = 30m
+
+ /*
+ * Sets the CIDR value used to determine which IP addresses represent the same person.
+ * By default this would limit 3 connections per IPv4 IP and 3 connections per IPv6 IP.
+ * If you are receiving IPv6 clone attacks it may be useful to set session_ipv6_cidr to
+ * 64 or 48.
+ */
+ session_ipv4_cidr = 32
+ session_ipv6_cidr = 128
+}
+command { service = "OperServ"; name = "EXCEPTION"; command = "operserv/exception"; permission = "operserv/exception"; }
+command { service = "OperServ"; name = "SESSION"; command = "operserv/session"; permission = "operserv/session"; }
+
+
+/*
+ * os_defcon
+ *
+ * Provides the command operserv/defcon.
+ *
+ * Allows you to set services in defcon mode, which can be used to restrict services access
+ * during bot attacks.
+ */
+module
+{
+ name = "os_defcon"
+
+ /*
+ * Default DefCon level (1-5) to use when starting Services up. Level 5 constitutes normal operation
+ * while level 1 constitutes the most restrictive operation. If this setting is left out or set to
+ * 0, DefCon will be disabled and the rest of this block will be ignored.
+ */
+ defaultlevel = 5
+
+ /*
+ * The following 4 directives define what operations will take place when DefCon is set to levels
+ * 1 through 4. Each level is a list that must be separated by spaces.
+ *
+ * The following operations can be defined at each level:
+ * - nonewchannels: Disables registering new channels
+ * - nonewnicks: Disables registering new nicks
+ * - nomlockchanges: Disables changing MLOCK on registered channels
+ * - forcechanmodes: Forces all channels to have the modes given in the later chanmodes directive
+ * - reducedsessions: Reduces the session limit to the value given in the later sessionlimit directive
+ * - nonewclients: KILL any new clients trying to connect
+ * - operonly: Services will ignore all non-IRCops
+ * - silentoperonly: Services will silently ignore all non-IRCops
+ * - akillnewclients: AKILL any new clients trying to connect
+ * - nonewmemos: No new memos will be sent to block MemoServ attacks
+ */
+ level4 = "nonewchannels nonewnicks nomlockchanges reducedsessions"
+ level3 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions"
+ level2 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions silentoperonly"
+ level1 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions silentoperonly akillnewclients"
+
+ /*
+ * New session limit to use when a DefCon level is using "reduced" session limiting.
+ */
+ sessionlimit = 2
+
+ /*
+ * Length of time to add an AKILL for when DefCon is preventing new clients from connecting to the
+ * network.
+ */
+ akillexpire = 5m
+
+ /*
+ * The channel modes to set on all channels when the DefCon channel mode system is in use.
+ *
+ * Note 1: Choose these modes carefully, because when DefCon switches to a level which does NOT have
+ * the mode setting selected, Services will set the reverse on all channels, e.g. if this setting
+ * is +RN when DefCon is used, all channels will be set to +RN, when DefCon is removed, all
+ * channels will be set to -RN. You don't want to set this to +k for example, because when DefCon
+ * is removed, all channels are set -k, removing the key from previously keyed channels.
+ *
+ * Note 2: MLOCKed modes will not be lost.
+ */
+ chanmodes = "+Ri"
+
+ /*
+ * This value can be used to automatically return the network to DefCon level 5 after the specified
+ * time period, just in case any IRC Operator forgets to remove a DefCon setting.
+ *
+ * This directive is optional.
+ */
+ timeout = 15m
+
+ /*
+ * If set, Services will send a global message on DefCon level changes.
+ *
+ * This directive is optional.
+ */
+ globalondefcon = yes
+
+ /*
+ * If set, Services will send the global message defined in the message directive on DefCon level
+ * changes.
+ *
+ * This directive is optional.
+ */
+ #globalondefconmore = yes
+
+ /*
+ * Defines the message that will be sent on DefCon level changes when globalondefconmore is set.
+ *
+ * This directive is required only when globalondefconmore is set.
+ */
+ #message = "Put your message to send your users here. Don't forget to uncomment globalondefconmore"
+
+ /*
+ * Defines the message that will be sent when DefCon is returned to level 5. This directive is optional,
+ * and will also override globalondefcon and globalondefconmore when set.
+ */
+ offmessage = "Services are now back to normal; sorry for any inconvenience"
+
+ /*
+ * Defines the reason to use when clients are KILLed or AKILLed from the network while the proper
+ * DefCon operation is in effect.
+ */
+ akillreason = "This network is currently not accepting connections. We are working on diagnostics, so please try again later."
+}
+command { service = "OperServ"; name = "DEFCON"; command = "operserv/defcon"; }
+
+/*
+ * os_dns
+ *
+ * Provides the command operserv/dns.
+ *
+ * This module requires that m_dns is loaded.
+ *
+ * This module allows controlling a DNS zone. This is useful for
+ * controlling what servers users are placed on for load balancing,
+ * and to automatically remove split servers.
+ *
+ * To use this module you must set a nameserver record for services
+ * so that DNS queries go to services.
+ *
+ * Alternatively, you may use a slave DNS server to hide service's IP,
+ * provide query caching, and provide better fault tolerance.
+ *
+ * To do this using BIND, configure similar to:
+ *
+ * options { max-refresh-time 60; };
+ * zone "irc.example.com" IN {
+ * type slave;
+ * masters { 127.0.0.1 port 5353; };
+ * };
+ *
+ * Where 127.0.0.1:5353 is the IP and port services are listening on.
+ * We recommend you externally firewall both UDP and TCP to the port
+ * Anope is listening on.
+ *
+ * Finally set a NS record for irc.example.com. to BIND or services.
+ */
+#module
+{
+ name = "os_dns"
+
+ /* TTL for records. This should be very low if your records change often. */
+ ttl = 1m
+
+ /* If a server drops this many users the server is automatically removed from the DNS zone.
+ * This directive is optional.
+ */
+ user_drop_mark = 50
+
+ /* The time used for user_drop_mark. */
+ user_drop_time = 1m
+
+ /* When a server is removed from the zone for dropping users, it is readded after this time.
+ * This directive is optional.
+ */
+ user_drop_readd_time = 5m
+
+ /* If set, when a server splits, it is automatically removed from the zone. */
+ remove_split_servers = yes
+
+ /* If set, when a server connects to the network, it will be automatically added to
+ * the zone if it is a known server.
+ */
+ readd_connected_servers = no
+}
+#command { service = "OperServ"; name = "DNS"; command = "operserv/dns"; permission = "operserv/dns"; }
+
+/*
+ * os_config
+ *
+ * Provides the command operserv/config.
+ *
+ * Used to view and set configuration options while services are running.
+ */
+module { name = "os_config" }
+command { service = "OperServ"; name = "CONFIG"; command = "operserv/config"; permission = "operserv/config"; }
+
+/*
+ * os_forbid
+ *
+ * Provides the command operserv/forbid.
+ *
+ * Used to forbid specific nicks, channels, emails, etc. from being used.
+ */
+module { name = "os_forbid" }
+command { service = "OperServ"; name = "FORBID"; command = "operserv/forbid"; permission = "operserv/forbid"; }
+
+/*
+ * os_ignore
+ *
+ * Provides the command operserv/ignore.
+ *
+ * Used to make Services ignore users.
+ */
+module { name = "os_ignore" }
+command { service = "OperServ"; name = "IGNORE"; command = "operserv/ignore"; permission = "operserv/ignore"; }
+
+/*
+ * os_info
+ *
+ * Provides the command operserv/info.
+ *
+ * Used to add oper only notes to users and channels.
+ */
+module { name = "os_info" }
+command { service = "OperServ"; name = "INFO"; command = "operserv/info"; permission = "operserv/info"; }
+
+/*
+ * os_jupe
+ *
+ * Provides the command operserv/jupe.
+ *
+ * Used to disconnect servers from the network and prevent them from relinking.
+ */
+module { name = "os_jupe" }
+command { service = "OperServ"; name = "JUPE"; command = "operserv/jupe"; permission = "operserv/jupe"; }
+
+/*
+ * os_kick
+ *
+ * Provides the command operserv/kick.
+ *
+ * Used to kick users from channels.
+ */
+module { name = "os_kick" }
+command { service = "OperServ"; name = "KICK"; command = "operserv/kick"; permission = "operserv/kick"; }
+
+/*
+ * os_kill
+ *
+ * Provides the command operserv/kill.
+ *
+ * Used to forcibly disconnect users from the network.
+ */
+module { name = "os_kill" }
+command { service = "OperServ"; name = "KILL"; command = "operserv/kill"; permission = "operserv/kill"; }
+
+/*
+ * os_list
+ *
+ * Provides the commands operserv/chanlist and operserv/userlist.
+ *
+ * Used to list and search the channels and users currently on the network.
+ */
+module { name = "os_list" }
+command { service = "OperServ"; name = "CHANLIST"; command = "operserv/chanlist"; permission = "operserv/chanlist"; }
+command { service = "OperServ"; name = "USERLIST"; command = "operserv/userlist"; permission = "operserv/userlist"; }
+
+/*
+ * os_login
+ *
+ * Provides the commands operserv/login and operserv/logout.
+ *
+ * Used to login to OperServ, only required if your oper block requires this.
+ */
+module { name = "os_login" }
+command { service = "OperServ"; name = "LOGIN"; command = "operserv/login"; }
+command { service = "OperServ"; name = "LOGOUT"; command = "operserv/logout"; }
+
+/*
+ * os_logsearch
+ *
+ * Provides the command operserv/logsearch.
+ *
+ * Used to search services log files.
+ */
+module
+{
+ name = "os_logsearch"
+
+ /* The log file name to search. There should be a log{} block configured to log
+ * to a file of this name.
+ */
+ logname = "services.log"
+}
+command { service = "OperServ"; name = "LOGSEARCH"; command = "operserv/logsearch"; permission = "operserv/logsearch"; }
+
+/*
+ * os_mode
+ *
+ * Provides the commands operserv/mode and operserv/umode.
+ *
+ * Used to change user and channel modes.
+ */
+module { name = "os_mode" }
+command { service = "OperServ"; name = "UMODE"; command = "operserv/umode"; permission = "operserv/umode"; }
+command { service = "OperServ"; name = "MODE"; command = "operserv/mode"; permission = "operserv/mode"; }
+
+/*
+ * os_modinfo
+ *
+ * Provides the commands operserv/modinfo and operserv/modlist.
+ *
+ * Used to show information about loaded modules.
+ */
+module { name = "os_modinfo" }
+command { service = "OperServ"; name = "MODINFO"; command = "operserv/modinfo"; permission = "operserv/modinfo"; }
+command { service = "OperServ"; name = "MODLIST"; command = "operserv/modlist"; permission = "operserv/modinfo"; }
+
+/*
+ * os_module
+ *
+ * Provides the commands operserv/modload, operserv/modreload, and operserv/modunload.
+ *
+ * Used to load, reload, and unload modules.
+ */
+module { name = "os_module" }
+command { service = "OperServ"; name = "MODLOAD"; command = "operserv/modload"; permission = "operserv/modload"; }
+command { service = "OperServ"; name = "MODRELOAD"; command = "operserv/modreload"; permission = "operserv/modload"; }
+command { service = "OperServ"; name = "MODUNLOAD"; command = "operserv/modunload"; permission = "operserv/modload"; }
+
+/*
+ * os_news
+ *
+ * Provides the commands operserv/logonnews, operserv/opernews, and operserv/randomnews.
+ *
+ * Used to configure news notices shown to users when they connect, and opers when they oper.
+ */
+module
+{
+ name = "os_news"
+
+ /*
+ * The service bot names to use to send news to users on connection
+ * and to opers when they oper.
+ */
+ announcer = "Global"
+ oper_announcer = "OperServ"
+
+ /*
+ * The number of LOGON/OPER news items to display when a user logs on.
+ *
+ * This directive is optional, if not set it will default to 3.
+ */
+ #newscount = 3
+}
+command { service = "OperServ"; name = "LOGONNEWS"; command = "operserv/logonnews"; permission = "operserv/news"; }
+command { service = "OperServ"; name = "OPERNEWS"; command = "operserv/opernews"; permission = "operserv/news"; }
+command { service = "OperServ"; name = "RANDOMNEWS"; command = "operserv/randomnews"; permission = "operserv/news"; }
+
+/*
+ * os_noop
+ *
+ * Provides the command operserv/noop.
+ *
+ * Used to NOOP a server, which prevents users from opering on that server.
+ */
+module { name = "os_noop" }
+command { service = "OperServ"; name = "NOOP"; command = "operserv/noop"; permission = "operserv/noop"; }
+
+/*
+ * os_oline
+ *
+ * Provides the command operserv/oline.
+ *
+ * Used to set oper flags on users, and is specific to UnrealIRCd.
+ * See /helpop ?svso on your IRCd for more information.
+ *
+ * module { name = "os_oline" }
+ * command { service = "OperServ"; name = "OLINE"; command = "operserv/oline"; permission = "operserv/oline"; }
+ */
+/*
+ * os_oper
+ *
+ * Provides the command operserv/oper.
+ *
+ * Used to configure opers and show information about opertypes.
+ */
+module { name = "os_oper" }
+command { service = "OperServ"; name = "OPER"; command = "operserv/oper"; permission = "operserv/oper"; }
+
+/*
+ * os_reload
+ *
+ * Provides the command operserv/reload.
+ *
+ * Used to reload the services.conf configuration file.
+ */
+module { name = "os_reload" }
+command { service = "OperServ"; name = "RELOAD"; command = "operserv/reload"; permission = "operserv/reload"; }
+
+/*
+ * os_set
+ *
+ * Provides the command operserv/set.
+ *
+ * Used to set various settings such as superadmin, debug mode, etc.
+ */
+module
+{
+ name = "os_set"
+
+ /*
+ * If set, Services Admins will be able to use SUPERADMIN [ON|OFF] which will temporarily grant
+ * them extra privileges such as being a founder on ALL channels.
+ *
+ * This directive is optional.
+ */
+ superadmin = yes
+}
+command { service = "OperServ"; name = "SET"; command = "operserv/set"; permission = "operserv/set"; }
+
+/*
+ * os_shutdown
+ *
+ * Provides the commands operserv/quit, operserv/restart, and operserv/shutdown.
+ *
+ * Used to quit, restart, or shutdown services.
+ */
+module { name = "os_shutdown" }
+command { service = "OperServ"; name = "QUIT"; command = "operserv/quit"; permission = "operserv/quit"; }
+command { service = "OperServ"; name = "RESTART"; command = "operserv/restart"; permission = "operserv/restart"; }
+command { service = "OperServ"; name = "SHUTDOWN"; command = "operserv/shutdown"; permission = "operserv/shutdown"; }
+
+/*
+ * os_stats
+ *
+ * Provides the operserv/stats command.
+ *
+ * Used to show statistics about services.
+ */
+module { name = "os_stats" }
+command { service = "OperServ"; name = "STATS"; command = "operserv/stats"; permission = "operserv/stats"; }
+
+/*
+ * os_svs
+ *
+ * Provides the commands operserv/svsnick, operserv/svsjoin, and operserv/svspart.
+ *
+ * Used to force users to change nicks, join and part channels.
+ */
+module { name = "os_svs" }
+command { service = "OperServ"; name = "SVSNICK"; command = "operserv/svsnick"; permission = "operserv/svs"; }
+command { service = "OperServ"; name = "SVSJOIN"; command = "operserv/svsjoin"; permission = "operserv/svs"; }
+command { service = "OperServ"; name = "SVSPART"; command = "operserv/svspart"; permission = "operserv/svs"; }
+
+/*
+ * os_sxline
+ *
+ * Provides the operserv/snline and operserv/sqline commands.
+ *
+ * Used to ban real names, nick names, and possibly channels.
+ */
+module { name = "os_sxline" }
+command { service = "OperServ"; name = "SNLINE"; command = "operserv/snline"; permission = "operserv/snline"; }
+command { service = "OperServ"; name = "SQLINE"; command = "operserv/sqline"; permission = "operserv/sqline"; }
+
+/*
+ * os_update
+ *
+ * Provides the operserv/update command.
+ *
+ * Use to immediately update the databases.
+ */
+module { name = "os_update" }
+command { service = "OperServ"; name = "UPDATE"; command = "operserv/update"; permission = "operserv/update"; }
diff --git a/roles/IRC/templates/anope/services.conf.j2 b/roles/IRC/templates/anope/services.conf.j2
new file mode 100644
index 0000000..7584968
--- /dev/null
+++ b/roles/IRC/templates/anope/services.conf.j2
@@ -0,0 +1,1183 @@
+/*
+ * Example configuration file for Services. After making the appropriate
+ * changes to this file, place it in the Services data directory (as
+ * specified in the "configure" script, default /home/username/services/data)
+ * under the name "services.conf".
+ *
+ * The format of this file is fairly simple: three types of comments are supported:
+ * - All text after a '#' on a line is ignored, as in shell scripting
+ * - All text after '//' on a line is ignored, as in C++
+ * - A block of text like this one is ignored, as in C
+ *
+ * Outside of comments, there are three structures: blocks, keys, and values.
+ *
+ * A block is a named container, which contains a number of key to value pairs
+ * - you may think of this as an array.
+ *
+ * A block is created like so:
+ * foobar
+ * {
+ * moo = "cow"
+ * foo = bar
+ * }
+ *
+ * Keys are case insensitive. Values depend on what key - generally, information is
+ * given in the key comment. The quoting of values (and most other syntax) is quite
+ * flexible, however, please do not forget to quote your strings:
+ *
+ * "This is a parameter string with spaces in it"
+ *
+ * If you need to include a double quote inside a quoted string, precede it
+ * by a backslash:
+ *
+ * "This string has \"double quotes\" in it"
+ *
+ * Time parameters can be specified either as an integer representing a
+ * number of seconds (e.g. "3600" = 1 hour), or as an integer with a unit
+ * specifier: "s" = seconds, "m" = minutes, "h" = hours, "d" = days.
+ * Combinations (such as "1h30m") are not permitted. Examples (all of which
+ * represent the same length of time, one day):
+ *
+ * "86400", "86400s", "1440m", "24h", "1d"
+ *
+ * CAUTION:
+ * Please note that your services might _CRASH_ if you add more format-
+ * strings (%s, %d, etc.) to custom messages than Anope needs. Use the
+ * default messages to see how many format-strings are needed.
+ *
+ * In the documentation for each directive, one of the following will be
+ * included to indicate whether an option is required:
+ *
+ * [REQUIRED]
+ * Indicates a directive which must be given. Without it, Services will
+ * not start.
+ *
+ * [RECOMMENDED]
+ * Indicates a directive which may be omitted, but omitting it may cause
+ * undesirable side effects.
+ *
+ * [OPTIONAL]
+ * Indicates a directive which is optional. If not given, the feature
+ * will typically be disabled. If this is not the case, more
+ * information will be given in the documentation.
+ *
+ * [DISCOURAGED]
+ * Indicates a directive which may cause undesirable side effects if
+ * specified.
+ *
+ * [DEPRECATED]
+ * Indicates a directive which will disappear in a future version of
+ * Services, usually because its functionality has been either
+ * superseded by that of other directives or incorporated into the main
+ * program.
+ */
+
+/*
+ * [OPTIONAL] Defines
+ *
+ * You can define values to other values, which can be used to easially change
+ * every value in the configuration. For example, use:
+ *
+ * define
+ * {
+ * name = "ChanServ"
+ * value = "ChannelServ"
+ * }
+ *
+ * To replace every occurance of ChanServ with ChannelServ in the configuration file,
+ * and in every included configuration file (such as chanserv.example.conf).
+ */
+
+/*
+ * The services.host define is used in multiple different locations throughout the
+ * configuration for services clients hostnames.
+ */
+define
+{
+ name = "ircservices.{{ external_domain }}"
+ value = "ircservices.{{ external_domain }}"
+}
+
+/*
+ * [OPTIONAL] Additional Includes
+ *
+ * You can include additional configuration files here.
+ * You may also include executable files, which will be executed and
+ * the output from it will be included into your configuration.
+ */
+
+/*
+include
+{
+ type = "file"
+ name = "some.conf"
+}
+
+include
+{
+ type = "executable"
+ name = "/usr/bin/wget -q -O - http://some.misconfigured.network.com/services.conf"
+}
+*/
+
+/*
+ * [REQUIRED] IRCd Config
+ *
+ * This section is used to set up Anope to connect to your IRC network.
+ * This section can be included multiple times, and Anope will attempt to
+ * connect to each server until it finally connects.
+ */
+uplink
+{
+ /*
+ * The IP or hostname of the IRC server you wish to connect Services to.
+ * Usually, you will want to connect Services over 127.0.0.1 (aka localhost).
+ *
+ * NOTE: On some shell providers, this will not be an option.
+ */
+ host = "10.0.1.3"
+
+ /*
+ * Enable if Services should connect using IPv6.
+ */
+ ipv6 = no
+
+ /*
+ * Enable if Services should connect using SSL.
+ * You must have m_ssl loaded for this to work.
+ */
+ ssl = no
+
+ /*
+ * The port to connect to.
+ * The IRCd *MUST* be configured to listen on this port, and to accept
+ * server connections.
+ *
+ * Refer to your IRCd documentation for how this is to be done.
+ */
+ port = 8067
+
+ /*
+ * The password to send to the IRC server for authentication.
+ * This must match the link block on your IRCd.
+ *
+ * Refer to your IRCd documentation for more information on link blocks.
+ */
+ password = "{{ secrets['IRC']['servicespass'] }}"
+}
+
+/*
+ * [REQUIRED] Server Information
+ *
+ * This section contains information about the Services server.
+ */
+serverinfo
+{
+ /*
+ * The hostname that Services will be seen as, it must have no conflicts with any
+ * other server names on the rest of your IRC network. Note that it does not have
+ * to be an existing hostname, just one that isn't on your network already.
+ */
+ name = "ircservices.{{ external_domain }}"
+
+ /*
+ * The text which should appear as the server's information in /whois and similar
+ * queries.
+ */
+ description = "{{ organization['displayname'] }}/IRCServices"
+
+ /*
+ * The local address that Services will bind to before connecting to the remote
+ * server. This may be useful for multihomed hosts. If ommited, Services will let
+ * the Operating System choose the local address. This directive is optional.
+ *
+ * If you don't know what this means or don't need to use it, just leave this
+ * directive commented out.
+ */
+ #localhost = "ircservices.{{ external_domain }}"
+
+ /*
+ * What Server ID to use for this connection?
+ * Note: This should *ONLY* be used for TS6/P10 IRCds. Refer to your IRCd documentation
+ * to see if this is needed.
+ */
+ #id = "00A"
+
+ /*
+ * The filename containing the Services process ID. The path is relative to the
+ * services root directory. If not given, defaults to "data/services.pid".
+ */
+ pid = "/var/lib/anope/runtime/services.pid"
+
+ /*
+ * The filename containing the Message of the Day. The path is relative to the
+ * services root directory. If not given, defaults to "conf/services.motd".
+ */
+ motd = "/var/lib/anope/services.motd"
+}
+
+/*
+ * [REQUIRED] Protocol module
+ *
+ * This directive tells Anope which IRCd Protocol to speak when connecting.
+ * You MUST modify this to match the IRCd you run.
+ *
+ * Supported:
+ * - bahamut
+ * - inspircd11
+ * - inspircd12
+ * - inspircd20
+ * - plexus
+ * - ratbox
+ * - unreal
+ */
+module
+{
+ name = "inspircd20"
+
+ /*
+ * Some protocol modules can enforce mode locks server-side. This reduces the spam caused by
+ * services immediately reversing mode changes for locked modes.
+ *
+ * If the protocol module you have loaded does not support this, this setting will have no effect.
+ */
+ use_server_side_mlock = yes
+
+ /*
+ * Some protocol modules can enforce topic locks server-side. This reduces the spam caused by
+ * services immediately reversing topic changes.
+ *
+ * If the protocol module you have loaded does not support this, this setting will have no effect.
+ */
+ use_server_side_topiclock = yes
+}
+/*
+ * [REQUIRED] Network Information
+ *
+ * This section contains information about the IRC network that Services will be
+ * connecting to.
+ */
+networkinfo
+{
+ /*
+ * This is the name of the network that Services will be running on.
+ */
+ networkname = "{{ organization['displayname'] }}/IRC"
+
+ /*
+ * Set this to the maximum allowed nick length on your network.
+ * Be sure to set this correctly, as setting this wrong can result in
+ * Services being disconnected from the network. This directive is optional,
+ * but recommended.
+ */
+ nicklen = 12
+
+ /* Set this to the maximum allowed ident length on your network.
+ * Be sure to set this correctly, as setting this wrong can result in
+ * Services being disconnected from the network. This directive is optional,
+ * but recommended.
+ */
+ userlen = 64
+
+ /* Set this to the maximum allowed hostname length on your network.
+ * Be sure to set this correctly, as setting this wrong can result in
+ * Services being disconnected from the network. This directive is optional,
+ * but recommended.
+ */
+ hostlen = 64
+
+ /* This is the maximum channel length ?
+ * Added 11-12-2015 for testing
+ */
+ chanlen = 20
+
+ /* Adding vhost definitions.
+ */
+ vhost_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-"
+}
+
+/*
+ * [REQUIRED] Services Options
+ *
+ * This section contains various options which determine how Services will operate.
+ */
+options
+{
+ /*
+ * The case mapping used by services. This must be set to a valid locale name
+ * installed on your machine. Services use this case map to compare, with
+ * case insensitivity, things such as nick names, channel names, etc.
+ *
+ * We provide two special casemaps shipped with Anope, ascii and rfc1459.
+ *
+ * This value should be set to what your IRCd uses, which is probably rfc1459,
+ * however Anope has always used ascii for comparison, so the default is ascii.
+ *
+ * Changing this value once set is not recommended.
+ */
+ casemap = "ascii"
+
+ /*
+ * The maximum length of passwords
+ */
+ passlen = 32
+
+ /*
+ * This key is used to initiate the random number generator. This number
+ * MUST be random as you want your passcodes to be random. Don't give this
+ * key to anyone! Keep it private!
+ *
+ * NOTE: If you don't uncomment this or keep the default values, any talented
+ * programmer would be able to easily "guess" random strings used to mask
+ * information. Be safe, and come up with a 7-digit number.
+ *
+ * This directive is optional, but highly recommended.
+ */
+ seed = 7861233
+
+ /*
+ * Allows Services to continue file write operations (i.e. database saving)
+ * even if the original file cannot be backed up. Enabling this option may
+ * allow Services to continue operation under conditions where it might
+ * otherwise fail, such as a nearly-full disk.
+ *
+ * NOTE: Enabling this option can cause irrecoverable data loss under some
+ * conditions, so make CERTAIN you know what you're doing when you enable it!
+ *
+ * This directive is optional, and you are discouraged against enabling it.
+ */
+ #nobackupokay = yes
+
+ /*
+ * If set, Services will perform more stringent checks on passwords. If this
+ * isn't set, Services will only disallow a password if it is the same as the
+ * entity (nickname name) with which it is associated. When set, however,
+ * Services will also check that the password is at least five
+ * characters long, and in the future will probably check other things
+ * as well.
+ *
+ * This directive is optional, but recommended.
+ */
+ strictpasswords = yes
+
+ /*
+ * Sets the number of invalid password tries before Services removes a user
+ * from the network. If a user enters a number of invalid passwords equal to
+ * the given amount for any Services function or combination of functions
+ * during a single IRC session (subject to badpasstimeout, below), Services
+ * will issues a /KILL for the user. If not given, Services will ignore
+ * failed password attempts (though they will be logged in any case).
+ *
+ * This directive is optional, but recommended.
+ */
+ badpasslimit = 5
+
+ /*
+ * Sets the time after which invalid passwords are forgotten about. If a user
+ * does not enter any incorrect passwords in this amount of time, the incorrect
+ * password count will reset to zero. If not given, the timeout will be
+ * disabled, and the incorrect password count will never be reset until the user
+ * disconnects.
+ *
+ * This directive is optional.
+ */
+ badpasstimeout = 1h
+
+ /*
+ * Sets the delay between automatic database updates. This time is reset by
+ * the OperServ UPDATE command.
+ */
+ updatetimeout = 5m
+
+ /*
+ * Sets the delay between checks for expired nicknames and channels. The
+ * OperServ UPDATE command will also cause a check for expiration and reset
+ * this timer.
+ */
+ expiretimeout = 30m
+
+ /*
+ * Sets the timeout period for reading from the uplink.
+ */
+ readtimeout = 5s
+
+ /*
+ * Sets the interval between sending warning messages for program errors via
+ * WALLOPS/GLOBOPS.
+ */
+ warningtimeout = 4h
+
+ /*
+ * Sets the (maximum) frequency at which the timeout list is checked. This,
+ * combined with readtimeout above, determines how accurately timed events,
+ * such as nick kills, occur; it also determines how much CPU time Services
+ * will use doing this. Higher values will cause less accurate timing but
+ * less CPU usage.
+ *
+ * This shouldn't be set any higher than 10 seconds, and 1 second is best
+ * if your system is powerful enough (or your network small enough) to
+ * handle it. 0 will cause the timeout list to be checked every time
+ * through the main loop, which will probably slow down Services too much
+ * to be useful on most networks.
+ *
+ * Note that this value is not an absolute limit on the period between
+ * checks of the timeout list; the previous may be as great as readtimeout
+ * (above) during periods of inactivity.
+ *
+ * If this directive is not given, it will default to 0. See the 2nd paragraph
+ * above for performance impacts if you do this.
+ */
+ timeoutcheck = 3s
+
+ /*
+ * Sets the number of days backups of databases are kept. If you don't give it,
+ * or if you set it to 0, Services won't backup the databases.
+ *
+ * NOTE: Services must run 24 hours a day for this feature to work.
+ *
+ * This directive is optional, but recommended.
+ */
+ keepbackups = 15
+
+ /*
+ * If set, Services will require a reason when a FORBID is added, else the
+ * reason is optional. This directive also applies to SUSPENDed channels as
+ * well.
+ *
+ * This directive is optional.
+ */
+ forceforbidreason = yes
+
+ /*
+ * If set, this will allow users to let Services send PRIVMSGs to them
+ * instead of NOTICEs. Also see the defmsg option of nickserv:defaults,
+ * which also toggles the default communication (PRIVMSG or NOTICE) to
+ * use for unregistered users.
+ *
+ * This is a feature that is against the IRC RFC and should be used ONLY
+ * if absolutely necessary.
+ *
+ * This directive is optional, and not recommended.
+ */
+ #useprivmsg = yes
+
+ /*
+ * If set, will force Services to only respond to PRIVMSGs addresses to
+ * Nick@ServerName - e.g. NickServ@localhost.net. This should be used in
+ * conjunction with IRCd aliases. This directive is optional.
+ *
+ * When using Bahamut, this option will NOT work if the uplink server is
+ * configured as a services hub. The serviceshub option is not designed to
+ * be used with Anope.
+ */
+ #usestrictprivmsg = yes
+
+ /*
+ * If set, Services will only show /stats o to IRC Operators. This directive
+ * is optional.
+ */
+ #hidestatso = yes
+
+ /*
+ * Prevents users from registering their nick if they are not connected
+ * for at least the given number of seconds.
+ *
+ * This directive is optional.
+ */
+ #nickregdelay = 30
+
+ /*
+ * If set, forbids the registration of nicks that contain an existing
+ * nick with Services access. For example, if Tester is a Services Oper,
+ * you can't register NewTester or Tester123 unless you are an IRC
+ * Operator.
+ *
+ * NOTE: If you enable this, you will have to be logged in as an IRC
+ * operator in order to register a Services Root nick when setting up
+ * Anope for the first time.
+ *
+ * This directive is optional.
+ */
+ #restrictopernicks = yes
+
+ /*
+ * The number of LOGON/OPER news items to display when a user logs on.
+ *
+ * This directive is optional, if no set it will default to 3.
+ */
+ #newscount = 3
+
+ /*
+ * A space-separated list of ulined servers on your network, it is assumed that
+ * the servers in this list are allowed to set channel modes and Services will
+ * not attempt to reverse their mode changes.
+ *
+ * WARNING: Do NOT put your normal IRC user servers in this directive.
+ *
+ * This directive is optional.
+ */
+ #ulineservers = "stats.your.network"
+
+ /*
+ * Modes to set on service bots when they join channels, comment this out for no modes
+ *
+ * This directive is optional.
+ */
+ botmodes = "ao"
+
+ /*
+ * How long to wait between connection retries, in seconds.
+ */
+ retrywait = 60
+
+ /*
+ * If set, Services will hide commands that users don't have the privileges to execute
+ * from HELP output.
+ */
+ hideprivilegedcommands = no
+
+ /*
+ * If set, Services do not allow ownership of nick names, only ownership of accounts.
+ */
+ nonicknameownership = no
+
+ /* The regex engine to use, as provided by the regex modules.
+ * Leave commented to disable regex matching.
+ *
+ * Note for this to work the regex module providing the regex engine must be loaded.
+ */
+ regexengine = "regex/pcre"
+}
+
+/*
+ * [OPTIONAL] BotServ
+ *
+ * Includes botserv.example.conf, which is necessary for BotServ functionality.
+ *
+ * Remove this block to disable BotServ.
+
+include
+{
+ type = "file"
+ name = "botserv.conf"
+}
+*/ /* TODO: This is disabled for now. */
+
+/*
+ * [RECOMMENDED] ChanServ
+ *
+ * Includes chanserv.example.conf, which is necessary for ChanServ functionality.
+ *
+ * Remove this block to disable ChanServ.
+ */
+include
+{
+ type = "file"
+ name = "chanserv.conf"
+}
+
+/*
+ * [RECOMMENDED] Global
+ *
+ * Includes global.example.conf, which is necessary for Global functionality.
+ *
+ * Remove this block to disable Global.
+ */
+include
+{
+ type = "file"
+ name = "global.conf"
+}
+
+/*
+ * [OPTIONAL] HostServ
+ *
+ * Includes hostserv.example.conf, which is necessary for HostServ functionality.
+ *
+ * Remove this block to disable HostServ.
+ */
+include
+{
+ type = "file"
+ name = "hostserv.conf"
+}
+
+/*
+ * [OPTIONAL] MemoServ
+ *
+ * Includes memoserv.example.conf, which is necessary for MemoServ functionality.
+ *
+ * Remove this block to disable MemoServ.
+ */
+include
+{
+ type = "file"
+ name = "memoserv.conf"
+}
+
+/*
+ * [OPTIONAL] NickServ
+ *
+ * Includes memoserv.example.conf, which is necessary for NickServ functionality.
+ *
+ * Remove this block to disable NickServ.
+ */
+include
+{
+ type = "file"
+ name = "nickserv.conf"
+}
+
+/*
+ * [RECOMMENDED] OperServ
+ *
+ * Includes operserv.example.conf, which is necessary for OperServ functionality.
+ *
+ * Remove this block to disable OperServ.
+ */
+include
+{
+ type = "file"
+ name = "operserv.conf"
+}
+
+/*
+ * [RECOMMENDED] Logging Configuration
+ *
+ * This section is used for configuring what is logged and where it is logged to.
+ * You may have multiple log blocks if you wish. Remember to properly secure any
+ * channels you choose to have Anope log to!
+ */
+log
+{
+ /*
+ * Target(s) to log to, which may be one of the following:
+ * - a channel name
+ * - a filename
+ * - globops
+ */
+ target = "anope-services.log #services"
+
+ /* Log to both services.log and the channel #services
+ *
+ * Note that some older IRCds, such as Ratbox, require services to be in the
+ * log channel to be able to message it. To do this, configure service:channels to
+ * join your logging channel.
+ */
+ #target = "services.log #services"
+
+ /*
+ * The source(s) to only accept log messages from. Leave commented to allow all sources.
+ * This can be a users name, a channel name, one of our clients (eg, OperServ), or a server name.
+ */
+ #source = ""
+
+ /*
+ * The number of days to keep logfiles, only useful if you are logging to a file.
+ * Set to 0 to never delete old logfiles.
+ *
+ * Note that Anope must run 24 hours a day for this feature to work correctly.
+ */
+ logage = 7
+
+ /*
+ * What types of log messages should be logged by this block. There are nine general categories:
+ *
+ * admin - Execution of admin commands (OperServ, etc).
+ * override - A services operator using their powers to execute a command they couldn't normally.
+ * commands - Execution of general commands.
+ * servers - Server actions, linking, squitting, etc.
+ * channels - Actions in channels such as joins, parts, kicks, etc.
+ * users - User actions such as connecting, disconnecting, changing name, etc.
+ * other - All other messages without a category.
+ * rawio - Logs raw input and output from services
+ * debug - Debug messages (log files can become VERY large from this).
+ *
+ * These options determine what messages from the categories should be logged. Wildcards are accepted, and
+ * you can also negate values with a ~. For example, "~operserv/akill operserv/*" would log all operserv
+ * messages except for operserv/akill. Note that processing stops at the first matching option, which
+ * means "* ~operserv/*" would log everything because * matches everything.
+ *
+ * Valid admin, override, and command options are:
+ * pesudo-serv/commandname (eg, operserv/akill, chanserv/set)
+ *
+ * Valid server options are:
+ * connect, quit, sync, squit
+ *
+ * Valid channel options are:
+ * create, destroy, join, part, kick, leave, mode
+ *
+ * Valid user options are:
+ * connect, disconnect, quit, nick, ident, host, mode, maxusers, oper
+ *
+ * Rawio and debug are simple yes/no answers, there are no types for them.
+ *
+ * Note that modules may add their own values to these options.
+ */
+ admin = "operserv/*"
+ override = "chanserv/* nickserv/* memoserv/set botserv/* ~botserv/set"
+ commands = "~operserv/* *"
+ servers = "*"
+ #channels = "~mode *"
+ users = "connect disconnect nick"
+ other = "*"
+ rawio = no
+ debug = no
+}
+
+/*
+ * A log block to globops some useful things.
+ */
+log
+{
+ target = "globops"
+ admin = "global/* operserv/mode operserv/kick operserv/akill operserv/s*line operserv/noop operserv/jupe operserv/oline operserv/set operserv/svsnick nickserv/getpass */drop"
+ servers = "squit"
+ users = "oper"
+ other = "expire/* bados akill/*"
+}
+
+/*
+ * [RECOMMENDED] Oper Access Config
+ *
+ * This section is used to set up staff access to restricted oper only commands.
+ * You may define groups of commands and privileges, as well as who may use them.
+ *
+ * This block is recommended, as without it you will be unable to access most oper commands.
+ * It replaces the old ServicesRoot directive amongst others.
+ *
+ * The command names below are defaults and are configured in the *serv.conf's. If you configure
+ * additional commands with permissions, such as commands from third party modules, the permissions
+ * must be included in the opertype block before the command can be used.
+ *
+ * Available privileges:
+ * botserv/administration - Can perform certain BotServ administrative tasks
+ * chanserv/access/modify - Can modify channel access and akick lists
+ * chanserv/auspex - Can see any information with /chanserv info
+ * chanserv/no-register-limit - May register an unlimited number of channels and nicknames
+ * chanserv/set - Can modify the settings of any channel (incl. changing of the owner!)
+ * memoserv/info - Can see any information with /memoserv info
+ * memoserv/set-limit - Can set the limit of max stored memos on any user and channel
+ * memoserv/no-limit - Can send memos through limits and throttles
+ * nickserv/access - Can modify other users access list
+ * nickserv/auspex - Can see any information with /nickserv info
+ * nickserv/confirm - Can confirm other users nicknames
+ * nickserv/drop - Can drop other users nicks
+ *
+ * Available commands:
+ * botserv/bot/del botserv/bot/add botserv/bot/change botserv/assign/private
+ * botserv/botlist botserv/set/private botserv/set/nobot
+ *
+ * chanserv/access/list chanserv/drop chanserv/getkey chanserv/invite
+ * chanserv/list chanserv/suspend chanserv/topic chanserv/clearusers
+ *
+ * chanserv/saset/bantype chanserv/saset/description chanserv/saset/email
+ * chanserv/saset/founder chanserv/saset/keeptopic chanserv/saset/restricted
+ * chanserv/saset/peace chanserv/saset/persist chanserv/saset/private
+ * chanserv/saset/secure chanserv/saset/securefounder chanserv/saset/secureops
+ * chanserv/saset/signkick chanserv/saset/successor chanserv/saset/topiclock
+ * chanserv/saset/url chanserv/saset/noexpire
+ *
+ * memoserv/sendall memoserv/staff
+ *
+ * nickserv/getpass nickserv/sendpass nickserv/getemail nickserv/suspend
+ * nickserv/resetpass nickserv/release nickserv/list
+ *
+ * nickserv/saset/autoop nickserv/saset/email nickserv/saset/greet
+ * nickserv/saset/icq nickserv/saset/kill nickserv/saset/language nickserv/saset/message
+ * nickserv/saset/private nickserv/saset/secure nickserv/saset/url nickserv/saset/noexpire
+ *
+ * hostserv/set hostserv/del
+ *
+ * global/global
+ *
+ * operserv/news operserv/stats operserv/kick operserv/exception
+ * operserv/mode operserv/session operserv/modlist operserv/ignore
+ * operserv/chankill operserv/akill operserv/sqline operserv/snline
+ * operserv/szline operserv/oper operserv/config operserv/umode
+ * operserv/modload operserv/jupe operserv/set operserv/noop
+ * operserv/quit operserv/update operserv/reload operserv/restart
+ * operserv/shutdown operserv/svsnick operserv/oline operserv/kill
+ *
+ * Firstly, we define 'opertypes' which are named whatever we want ('Network Administrator', etc).
+ * These can contain commands for oper-only strings (see above) which grants access to that specific command,
+ * and privileges (which grant access to more general permissions for the named area).
+ * Wildcard entries are permitted for both, e.g. 'commands = "operserv/*"' for all OperServ commands.
+ *
+ * Below are some default example types, but this is by no means exhaustive,
+ * and it is recommended that you configure them to your needs.
+ */
+
+opertype
+{
+ /* The name of this opertype */
+ name = "Helper"
+
+ /* What commands (see above) this opertype has */
+ commands = "hostserv/*"
+}
+
+opertype
+{
+ /* The name of this opertype */
+ name = "Services Operator"
+
+ /* What opertype(s) this inherits from. Seperate with a comma. */
+ inherits = "Helper, Another Helper"
+
+ /* What commands (see above) this opertype may use */
+ commands = "chanserv/list chanserv/suspend chanserv/topic memoserv/staff nickserv/list nickserv/sendpass nickserv/resetpass nickserv/suspend operserv/mode operserv/chankill operserv/szline operserv/akill operserv/session operserv/modlist operserv/sqline operserv/oper operserv/kick operserv/ignore operserv/snline"
+
+ /* What privs (see above) this opertype has */
+ privs = "chanserv/auspex chanserv/no-register-limit memoserv/* nickserv/auspex nickserv/confirm"
+
+ /*
+ * Modes to be set on users when they identify to accounts linked to this opertype.
+ *
+ * This can be used to automatically oper users who identify for services operator accounts, and is
+ * useful for setting modes such as Plexus's user mode +N.
+ *
+ * Note that some IRCds, such as InspIRCd, do not allow directly setting +o, and this will not work.
+ */
+ #modes = "+o"
+}
+
+opertype
+{
+ name = "Services Administrator"
+
+ inherits = "Services Operator"
+
+ commands = "chanserv/access/list chanserv/drop chanserv/getkey chanserv/saset/noexpire memoserv/sendall nickserv/saset/* nickserv/getemail operserv/news operserv/jupe operserv/svsnick operserv/stats operserv/oline operserv/noop operserv/forbid global/*"
+
+ privs = "*"
+}
+
+opertype
+{
+ name = "Services Root"
+
+ commands = "*"
+
+ privs = "*"
+}
+
+/*
+ * After defining different types of operators in the above opertype section, we now define who is in these groups
+ * through 'oper' blocks, similar to ircd access.
+ *
+ * The default is to comment these out (so NOBODY will have Services access).
+ * You probably want to add yourself and a few other people at minimum.
+ *
+ * As with all permissions, make sure to only give trustworthy people access to Services.
+ */
+
+/* Include services operators from YAML */
+{% for oper in secrets['IRC']['opers'] %}
+oper
+{
+ name = "{{ oper }}"
+ type = "Services Root"
+ require_oper = "yes"
+}
+{% endfor %}
+
+/*
+ * [OPTIONAL] Mail Config
+ *
+ * This section contains settings related to the use of e-mail from Services.
+ * If the usemail directive is set to yes, unless specified otherwise, all other
+ * directives are required.
+ *
+ * NOTE: Users can find the IP of the machine services is running on by examining
+ * mail headers. If you do not want your IP known, you should set up a mail relay
+ * to strip the relevant headers.
+ */
+mail
+{
+ /*
+ * If set, this option enables the mail commands in Services. You may choose
+ * to disable it if you have no Sendmail-compatible mailer installed. Whilst
+ * this directive (and entire block) is optional, it is required if the
+ * nickserv:emailregistration is set to yes.
+ */
+ usemail = no
+
+ /*
+ * This is the command-line that will be used to call the mailer to send an
+ * e-mail. It must be called with all the parameters needed to make it
+ * scan the mail input to find the mail recipient; consult your mailer
+ * documentation.
+ *
+ * Postfix users must use the compatible sendmail utility provided with
+ * it. This one usually needs no parameters on the command-line. Most
+ * sendmail applications (or replacements of it) require the -t option
+ * to be used.
+ */
+ sendmailpath = "/usr/sbin/sendmail -t"
+
+ /*
+ * This is the e-mail address from which all the e-mails are to be sent from.
+ * It should really exist.
+ */
+ sendfrom = "services@localhost.net"
+
+ /*
+ * If set, SENDPASS and RESETPASS will be restricted to IRC operators.
+ * This directive is optional.
+ *
+ * WARNING: If you choose to not enable this option, you should limit the
+ * number of processes that the services user can have at a time (you can
+ * create a special user for this; remember to NEVER launch Services as
+ * root).
+ */
+ restrict = yes
+
+ /*
+ * This controls the minimum amount of time a user must wait before sending
+ * another e-mail after they have sent one. It also controls the minimum time
+ * a user must wait before they can receive another e-mail.
+ *
+ * This feature prevents users from being mail bombed using Services and
+ * it is highly recommended that it be used.
+ *
+ * This directive is optional, but highly recommended.
+ */
+ delay = 5m
+
+ /*
+ * If set, Services will not attempt to put quotes around the TO: fields
+ * in e-mails.
+ *
+ * This directive is optional, and as far as we know, it's only needed
+ * if you are using ESMTP or QMail to send out e-mails.
+ */
+ #dontquoteaddresses = yes
+
+ /*
+ * The subject and message of emails sent to users when they register accounts.
+ */
+ registration_subject = "Nickname Registration for %n"
+ registration_message = "Hi,
+
+ You have requested to register the nickname %n on %N.
+ Please type \" /msg NickServ confirm %c \" to complete registration.
+
+ If you don't know why this mail was sent to you, please ignore it silently.
+ %N administrators."
+
+ /*
+ * The subject and message of emails sent to users when they request a new password.
+ */
+ reset_subject = "N/A" /* "Reset password request for %n" */
+ reset_message = "N/A" /* "Hi, You have requested to have the password for %n reset. To reset your password, type \"/msg NickServ CONFIRM %n %c\". If you don't know why this mail was sent to you, please ignore it silently. %N administrators." */
+
+ /*
+ * The subject and message of emails sent to users when they request SENDPASS.
+ */
+ sendpass_subject = "N/A" /* "Nickname password for %n" */
+ sendpass_message = "N/A" /* "Hi, You have requested to receive the password of nickname %n by e-mail. The password is %p. For security purposes, you should change it as soon as you receive this mail. If you don't know why this mail was sent to you, please ignore it silently. %N administrators." */
+
+ /*
+ * The subject and message of emails sent to users when they request a new email address.
+ */
+ emailchange_subject = "Email confirmation"
+ emailchange_message = "Hi,
+
+ You have requested to change your email address to %e.
+ Please type \" /msg NickServ confirm %c \" to confirm this change.
+
+ If you don't know why this mail was sent to you, please ignore it silently.
+
+ %N administrators."
+
+ /*
+ * The subject and message of emails sent to users when they recieve a new memo.
+ */
+ memo_subject = "New memo"
+ memo_message = "Hi %n
+ You've just received a new memo from %s. This is memo number %d.
+
+ Memo text:
+
+ %t"
+}
+
+/*
+ * [OPTIONAL] DNS Config
+ *
+ * This section is used to configure DNS.
+ * At this time DNS is only used by a few modules (m_dnsbl)
+ * and is not required by the core to function.
+ */
+dns
+{
+ /*
+ * The nameserver to use for resolving hostnames, must be an IP or a resolver configuration file.
+ * The below should work fine on all unix like systems. Windows users will have to find their nameservers
+ * from ipconfig /all and put the IP here
+ */
+ nameserver = "/etc/resolv.conf"
+ #nameserver = "127.0.0.1"
+
+ /*
+ * How long to wait in seconds before a DNS query has timed out
+ */
+ timeout = 5
+}
+
+/*
+ * [REQUIRED] Database configuration.
+ *
+ * This section is used to configure databases used by Anope.
+ * You should at least load one database method, otherwise any data you
+ * have will not be stored!
+ */
+
+/*
+ * [DEPRECATED] db_old
+ *
+ * This is the old binary database format from late Anope 1.7.x, Anope 1.8.x, and
+ * early Anope 1.9.x. This module only loads these databases, and will NOT save them.
+ * You should only use this to upgrade old databases to a newer database format by loading
+ * other database modules in addition to this one, which will be used when saving databases.
+ */
+#module { name = "db_old" }
+db_old
+{
+ /*
+ * This is the encryption type used by the databases. This must be set correctly or
+ * your passwords will not work. Valid options are: md5, oldmd5, sha1, and plain.
+ */
+ #hash = "md5"
+}
+
+/*
+ * [DEPRECATED] db_plain
+ *
+ * This is the flatfile database format from Anope-1.9.2 to Anope-1.9.5.
+ * To convert from this format, load both this and db_flatfile. Be sure to name db_flatfile's
+ * target database to something else. Start Anope then shut down so the new database will be written.
+ * Then unload this and restart Anope, loading from the new database.
+ */
+#module { name = "db_plain" }
+/*db_plain
+ *{
+ *
+ * The database name db_plain should use
+ *
+ * database = "/var/db/anope/anope.db"
+}*/
+
+/*
+ * db_flatfile
+ *
+ * This is the default flatfile database format.
+ */
+module { name = "db_flatfile" }
+db_flatfile
+{
+ /*
+ * The database name db_flatfile should use
+ */
+ database = "anope.db"
+}
+
+/*
+ * db_sql
+ *
+ * This module allows saving and loading databases using one of the SQL engines.
+ * This module loads the databases once on startup, then incrementally updates
+ * objects in the database as they are changed within Anope in real time. Changes
+ * to the SQL tables not done by Anope will have no effect and will be overwritten.
+ *
+ */
+#module { name = "db_sql" }
+
+/*
+ * db_sql_live
+ *
+ * This module allows saving and loading databases using one of the SQL engines.
+ * This module reads and writes to SQL in real time. Changes to the SQL tables
+ * will be immediately reflected into Anope. This module should not be loaded
+ * in conjunction with db_sql.
+ */
+#module { name = "db_sql_live" }
+
+db_sql
+{
+ /*
+ * The SQL service db_sql(_live) should use, these are configured in modules.conf.
+ * For MySQL, this should probably be mysql/main.
+ */
+ engine = "sqlite/main"
+
+ /*
+ * An optional prefix to prepended to the name of each created table.
+ * Do not use the same prefix for other programs.
+ */
+ #prefix = "anope_db_"
+}
+
+/*
+ * [REQUIRED] Encryption modules.
+ *
+ * The encryption modules are used when dealing with passwords. This determines how
+ * the passwords are stored in the databases, and does not add any security as
+ * far as transmitting passwords over the network goes.
+ *
+ * Without any encryption modules, passwords will be stored in plain text, allowing
+ * for passwords to be recovered later but isn't secure therefore is not recommended.
+ *
+ * The other encryption modules use one-way encryption, so the passwords can not
+ * be recovered later if those are used.
+ *
+ * NOTE: enc_old is Anope's previous (broken) MD5 implementation, if your databases
+ * were made using that module, continue to use it and do not use enc_md5.
+ *
+ * NOTE: enc_sha1 relies on how the OS stores 2+ byte data internally, and is
+ * potentially broken when moving between 2 different OSes, such as moving from
+ * Linux to Windows. It is recommended that you use enc_sha256 instead if you want
+ * to use an SHA-based encryption. If you choose to do so, it is also recommended
+ * that you first try to get everyone's passwords converted to enc_sha256 before
+ * switching OSes by placing enc_sha256 at the beginning of the list.
+ *
+ * The first encryption module loaded is the primary encryption module. All new passwords are
+ * encrypted by this module. Old passwords stored in another encryption method are
+ * automatically re-encrypted by the primary encryption module on next identify.
+ */
+#module { name = "enc_md5" }
+#module { name = "enc_sha1" }
+module { name = "enc_sha256" }
+
+/*
+ * When using enc_none, passwords will be stored without encryption in plain
+ * text, allowing for passwords to be recovered later. This isn't secure therefore
+ * is not recommended.
+ */
+#module { name = "enc_none" }
+
+/*
+ * enc_old is Anope's previous (broken) MD5 implementation, if your databases
+ * were made using that module, load it here to allow conversion to the primary
+ * encryption method.
+ */
+#module { name = "enc_old" }
+
+/* Extra (optional) modules */
+include
+{
+ type = "file"
+ name = "modules.conf"
+}
+
+/*
+ * Chanstats Modules
+ * Requires a MySQL Database
+ */
+
+#include
+#{
+# type = "file"
+# name = "chanstats.example.conf"
+#}
diff --git a/roles/IRC/templates/inspircd/inspircd.conf.j2 b/roles/IRC/templates/inspircd/inspircd.conf.j2
new file mode 100644
index 0000000..74af23c
--- /dev/null
+++ b/roles/IRC/templates/inspircd/inspircd.conf.j2
@@ -0,0 +1,597 @@
+#-#-#-#-#-#-#-#-#-# INCLUDE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# #
+#
+
+
+
+
+
+
+#-#-#-#-#-#-#-#-#-#-#-# VARIABLE DEFINITIONS -#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# You can define variables that will be substituted later in the #
+# configuration file. This can be useful to allow settings to be #
+# easily changed, or to parameterize a remote includes. #
+# #
+# Variables may be redefined and may reference other variables. #
+# Value expansion happens at the time the tag is read. #
+# #
+# Using variable definitions REQUIRES that the config format be #
+# changed to "xml" from the default "compat" that uses escape #
+# sequences such as "\"" and "\n", and does not support #
+
+#
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#- SERVER DESCRIPTION -#-#-#-#-#-#-#-#-#-#-#-#-
+# #
+# Here is where you enter the information about your server. #
+# #
+
+
+
+#-#-#-#-#-#-#-#-#-#-#-#- ADMIN INFORMATION -#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# Describes the Server Administrator's real name (optionally), #
+# nick, and email address. #
+# #
+
+
+#-#-#-#-#-#-#-#-#-#-#-#- PORT CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
+# #
+# Enter the port and address bindings here. #
+# #
+# j
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+#-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+# #
+# This is where you can configure which connections are allowed #
+# and denied access onto your server. The password is optional. #
+# You may have as many of these as you require. To allow/deny all #
+# connections, use a '*' or 0.0.0.0/0. #
+# #
+# -- It is important to note that connect tags are read from the -- #
+# TOP DOWN. This means that you should have more specific deny #
+# and allow tags at the top, progressively more general, followed #
+# by a #
+
+#
+#
+
+
+
+#-#-#-#-#-#-#-#-#-#-#-#- CIDR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
+# #
+# CIDR configuration allows detection of clones and applying of #
+# throttle limits across a CIDR range. (A CIDR range is a group of #
+# IPs, for example, the CIDR range 192.168.1.0-192.168.1.255 may be #
+# represented as 192.168.1.0/24). This means that abuse across an ISP #
+# is detected and curtailed much easier. Here is a good chart that #
+# shows how many IPs the different CIDRs correspond to: #
+# http://en.wikipedia.org/wiki/CIDR#Prefix_aggregation #
+# #
+
+
+#-#-#-#-#-#-#-#-#-#-#-# MAXIMUM CHANNELS -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-# DNS SERVER -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# If these values are not defined, InspIRCd uses the default DNS resolver
+# of your system.
+#
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-# PID FILE -#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# Define the path to the PID file here. The PID file can be used to #
+# rehash the ircd from the shell or to terminate the ircd from the #
+# shell using shell scripts, perl scripts, etc... and to monitor the #
+# ircd's state via cron jobs. If this is a relative path, it will be #
+# relative to the configuration directory, and if it is not defined, #
+# the default of 'inspircd.pid' is used. #
+# #
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#- BANLIST LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# Use these tags to customise the ban limits on a per channel basis. #
+# The tags are read from top to bottom, and any tag found which #
+# matches the channels name applies the banlimit to that channel. #
+# It is advisable to put an entry with the channel as '*' at the #
+# bottom of the list. If none are specified or no maxbans tag is #
+# matched, the banlist size defaults to 64 entries. #
+# #
+#
+
+
+#-#-#-#-#-#-#-#-#-#-#- DISABLED FEATURES -#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# This tag is optional, and specifies one or more features which are #
+# not available to non-operators. #
+# #
+# For example you may wish to disable NICK and prevent non-opers from #
+# changing their nicknames. #
+# Note that any disabled commands take effect only after the user has #
+# 'registered' (e.g. after the initial USER/NICK/PASS on connection) #
+# so for example disabling NICK will not cripple your network. #
+# #
+# You can also define if you want to disable any channelmodes #
+# or usermodes from your users. #
+# #
+# `fakenonexistant' will make the ircd pretend that nonexistant #
+# commands simply don't exist to non-opers ("no such command"). #
+# #
+#
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#- SERVER OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# Settings to define which features are usable on your server. #
+# #
+
+
+
+ # suffixpart: What (if anything) users' part message
+ # should be suffixed with.
+ suffixpart="""
+
+ # fixedquit: Set all users' quit messages to this value.
+ #fixedquit=""
+
+ # fixedpart: Set all users' part messages in all channels
+ # to this value.
+ #fixedpart=""
+
+ # syntaxhints: If enabled, if a user fails to send the correct parameters
+ # for a command, the ircd will give back some help text of what
+ # the correct parameters are.
+ syntaxhints="no"
+
+ # cyclehosts: If enabled, when a user gets a host set, it will cycle
+ # them in all their channels. If not, it will simply change their host
+ # without cycling them.
+ cyclehosts="no"
+
+ # cyclehostsfromuser: If enabled, the source of the mode change for
+ # cyclehosts will be the user who cycled. This can look nicer, but
+ # triggers anti-takeover mechanisms of some obsolete bots.
+ cyclehostsfromuser="no"
+
+ # ircumsgprefix: Use undernet-style message prefixing for NOTICE and
+ # PRIVMSG. If enabled, it will add users' prefix to the line, if not,
+ # it will just message the user normally.
+ ircumsgprefix="no"
+
+ # announcets: If set to yes, when the timestamp on a channel changes, all users
+ # in the channel will be sent a NOTICE about it.
+ announcets="yes"
+
+ # allowmismatch: Setting this option to yes will allow servers to link even
+ # if they don't have the same "optionally common" modules loaded. Setting this to
+ # yes may introduce some desyncs and unwanted behaviour.
+ allowmismatch="no"
+
+ # defaultbind: Sets the default for tags without an address. Choices are
+ # ipv4 or ipv6; if not specified, IPv6 will be used if your system has support,
+ # falling back to IPv4 otherwise.
+ defaultbind="auto"
+
+ # hostintopic: If enabled, channels will show the host of the topic setter
+ # in the topic. If set to no, it will only show the nick of the topic setter.
+ hostintopic="yes"
+
+ # pingwarning: If a server does not respond to a ping within x seconds,
+ # it will send a notice to opers with snomask +l informing that the server
+ # is about to ping timeout.
+ pingwarning="15"
+
+ # serverpingfreq: How often pings are sent between servers (in seconds).
+ serverpingfreq="60"
+
+ # defaultmodes: What modes are set on a empty channel when a user
+ # joins it and it is unregistered.
+ defaultmodes="not"
+
+ # moronbanner: This is the text that is sent to a user when they are
+ # banned from the server.
+ moronbanner="You're banned! Contact {{ organization['email'] }} with the ERROR line below for help."
+
+ # exemptchanops: exemptions for channel access restrictions based on prefix.
+ exemptchanops="nonick:v flood:o"
+
+ # invitebypassmodes: This allows /invite to bypass other channel modes.
+ # (Such as +k, +j, +l, etc.)
+ invitebypassmodes="yes"
+
+ # nosnoticestack: This prevents snotices from 'stacking' and giving you
+ # the message saying '(last message repeated X times)'. Defaults to no.
+ nosnoticestack="no"
+
+ # welcomenotice: When turned on, this sends a NOTICE to connecting users
+ # with the text Welcome to ! after successful registration.
+ # Defaults to yes.
+ welcomenotice="yes">
+
+
+#-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#
+# #
+
+
+
+#-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#
+# #
+
+ is used.
+ hidewhois=""
+
+ # hidebans: If this value is set to yes, when a user is banned ([gkz]lined)
+ # only opers will see the ban message when the user is removed
+ # from the server.
+ hidebans="no"
+
+ # hidekills: If defined, replaces who set a /kill with a custom string.
+ hidekills=""
+
+ # hidesplits: If enabled, non-opers will not be able to see which
+ # servers split in a netsplit, they will only be able to see that one
+ # occurred (If their client has netsplit detection).
+ hidesplits="yes"
+
+ # maxtargets: Maximum number of targets per command.
+ # (Commands like /notice, /privmsg, /kick, etc)
+ maxtargets="20"
+
+ # customversion: Displays a custom string when a user /version's
+ # the ircd. This may be set for security reasons or vanity reasons.
+ customversion=""
+
+ # operspywhois: show opers (users/auspex) the +s channels a user is in. Values:
+ # splitmsg Split with an explanatory message
+ # yes Split with no explanatory message
+ # no Do not show
+ operspywhois="yes"
+
+ # runasuser: If this is set, InspIRCd will attempt to switch
+ # to run as this user, which allows binding of ports under 1024.
+ # You should NOT set this unless you are starting as root.
+ # NOT SUPPORTED/NEEDED UNDER WINDOWS.
+ #runasuser="ircd"
+
+ # runasgroup: If this is set, InspIRCd will attempt to switch
+ # to run as this group, which allows binding of ports under 1024.
+ # You should NOT set this unless you are starting as root.
+ # NOT SUPPORTED/NEEDED UNDER WINDOWS.
+ #runasgroup="ircd"
+
+ # restrictbannedusers: If this is set to yes, InspIRCd will not allow users
+ # banned on a channel to change nickname or message channels they are
+ # banned on.
+ restrictbannedusers="yes"
+
+ # genericoper: Setting this value to yes makes all opers on this server
+ # appear as 'is an IRC operator' in their WHOIS, regardless of their
+ # oper type, however oper types are still used internally. This only
+ # affects the display in WHOIS.
+ genericoper="no"
+
+ # userstats: /stats commands that users can run (opers can run all).
+ userstats="Pu">
+
+#-#-#-#-#-#-#-#-#-#-#-#-# LIMITS CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#
+# #
+# This configuration tag defines the maximum sizes of various types #
+# on IRC, such as the maximum length of a channel name, and the #
+# maximum length of a channel. Note that with the exception of the #
+# identmax value all values given here are the exact values you would #
+# expect to see on IRC. This contrasts with the older InspIRCd #
+# releases where these values would be one character shorter than #
+# defined to account for a null terminator on the end of the text. #
+# #
+# These values should match network-wide otherwise issues will occur. #
+# #
+# The highest safe value you can set any of these options to is 500, #
+# but it is recommended that you keep them somewhat #
+# near their defaults (or lower). #
+
+
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Logging
+# -------
+#
+# Logging is covered with the tag, which you may use to change
+# the behaviour of the logging of the IRCd.
+#
+# In InspIRCd as of 1.2, logging is pluggable and very extensible.
+# Different files can log the same thing, different 'types' of log can
+# go to different places, and modules can even extend the log tag
+# to do what they want.
+#
+# An example log tag would be:
+#
+# which would log all information on /oper (failed and successful) to
+# a file called opers.log.
+#
+# There are many different types which may be used, and modules may
+# generate their own. A list of useful types:
+# - USERS - information relating to user connection and disconnection
+# - OPER - succesful and failed oper attempts
+# - KILL - kill related messages
+# - snomask - server notices (*all* snomasks will be logged)
+# - FILTER - messages related to filter matches (m_filter)
+# - CONFIG - configuration related messages
+# - COMMAND - die and restart messages, and messages related to unknown user types
+# - SOCKET - socket engine informational/error messages
+# - MODULE - module related messages
+# - STARTUP - messages related to starting up the server
+#
+# You may also log *everything* by using a type of *, and subtract things out
+# of that by using -TYPE - for example "* -USERINPUT -USEROUTPUT".
+#
+# Useful levels are:
+# - default (general messages, including errors)
+# - sparse (misc error messages)
+# - debug (debug messages)
+#
+# Some types only produce output in the debug level, those are:
+# - BANCACHE - ban cache debug messages
+# - CHANNELS - information relating to joining/creating channels
+# - CULLLIST - debug messages related to issues with removing users
+# - RESOLVER - DNS related debug messages
+# - CONNECTCLASS - Connection class debug messages
+# - USERINPUT
+# - USEROUTPUT
+#
+# The following log tag is highly default and uncustomised. It is recommended you
+# sort out your own log tags. This is just here so you get some output.
+
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#- WHOWAS OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# This tag lets you define the behaviour of the /whowas command of #
+# your server. #
+# #
+
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#- BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# The ban tags define nick masks, host masks and ip ranges which are #
+# banned from your server. All details in these tags are local to #
+# Your server. #
+# #
+
+#
+
+
+
+
+
+
+
+
+#-#-#-#-#-#-#-#-#-#-#- INSANE BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# This optional tag allows you to specify how wide a gline, eline, #
+# kline, zline or qline can be before it is forbidden from being #
+# set. By setting hostmasks="yes", you can allow all G, K, E lines, #
+# no matter how many users the ban would cover. This is not #
+# recommended! By setting ipmasks="yes", you can allow all Z lines, #
+# no matter how many users these cover too. Needless to say we #
+# don't recommend you do this, or, set nickmasks="yes", which will #
+# allow any qline. #
+# #
+
+
+#########################################################################
+# #
+# - InspIRCd Development Team - #
+# http://www.inspircd.org #
+# #
+#########################################################################
diff --git a/roles/IRC/templates/inspircd/links.conf.j2 b/roles/IRC/templates/inspircd/links.conf.j2
new file mode 100644
index 0000000..c084693
--- /dev/null
+++ b/roles/IRC/templates/inspircd/links.conf.j2
@@ -0,0 +1,55 @@
+#-#-#-#-#-#-#-#-#-#-#- SERVER LINK CONFIGURATION -#-#-#-#-#-#-#-#-#-#
+# #
+# Defines which servers can link to this one, and which servers this #
+# server may create outbound links to. #
+# #
+# ____ _ _____ _ _ ____ _ _ _ #
+# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
+# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
+# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| #
+# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) #
+# #
+# If you want to link servers to InspIRCd you must load the #
+# m_spanningtree.so module! #
+# #
+# #
+
+# Server link block
+#
+{{ secrets['IRC']['links'] }}
+
+# Link block for services. Options are the same as for the first
+# link block (depending on what your services package supports).
+
+
+# Simple autoconnect block. This enables automatic connection to a hub
+#
+
+#
+
+
+#-#-#-#-#-#-#-#-#-#-#-#- ULINES CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
+# This tag defines a ulined server. A U-Lined server has special #
+# permissions, and should be used with caution. Services servers are #
+# usually u-lined in this manner. #
+# #
+# The 'silent' value, if set to yes, indicates that this server should#
+# not generate quit and connect notices, which can cut down on noise #
+# to opers on the network. #
+# #
+
diff --git a/roles/IRC/templates/inspircd/modules.conf.j2 b/roles/IRC/templates/inspircd/modules.conf.j2
new file mode 100644
index 0000000..05ff7e0
--- /dev/null
+++ b/roles/IRC/templates/inspircd/modules.conf.j2
@@ -0,0 +1,1900 @@
+#-#-#-#-#-#-#-#-#-#-#-#-#- MODULE OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# These tags define which modules will be loaded on startup by your #
+# server. Add modules without any paths. When you make your ircd #
+# using the 'make' command, all compiled modules will be moved into #
+# the folder you specified when you ran ./configure. The module tag #
+# automatically looks for modules in this location. #
+# If you attempt to load a module outside of this location, either #
+# in the config, or via /LOADMODULE, you will receive an error. #
+# #
+# By default, ALL modules are commented out. You must uncomment them #
+# or add lines to your config to load modules. Please refer to #
+# http://wiki.inspircd.org/Modules for a list of modules and #
+# each modules link for any additional conf tags they require. #
+# #
+# ____ _ _____ _ _ ____ _ _ _ #
+# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
+# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
+# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| #
+# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) #
+# #
+# To link servers to InspIRCd, you MUST load the m_spanningtree #
+# module. If you don't do this, server links will NOT work at all. #
+# This is by design, to allow for the implementation of other linking #
+# protocols in modules in the future. This module is at the bottom of #
+# this file. #
+# #
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# MD5 module: Allows other modules to generate MD5 hashes, usually for
+# cryptographic uses and security.
+#
+# IMPORTANT:
+# Other modules such as m_cloaking.so and m_password_hash.so may rely on
+# this module being loaded to function.
+#
+
+#
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# SHA256 module: Allows other modules to generate SHA256 hashes,
+# usually for cryptographic uses and security.
+#
+# IMPORTANT:
+# Other modules such as m_password_hash.so may rely on this module being
+# loaded to function. Certain modules such as m_spanningtree.so will
+# function without this module but when it is loaded their features will
+# be enhanced (for example the addition of HMAC authentication).
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# RIPEMD160 module: Allows other modules to generate RIPEMD160 hashes,
+# usually for cryptographic uses and security.
+#
+# IMPORTANT:
+# Other modules may rely on this module being loaded to function.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Abbreviation module: Provides the ability to abbreviate commands a-la
+# BBC BASIC keywords.
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Alias module: Allows you to define server-side command aliases.
+
+#
+# Set the 'prefix' for in-channel aliases (fantasy commands) to the
+# specified character. If not set, the default is "!".
+# If 'allowbots' is disabled, +B clients will not be able to use
+# fantasy commands. If not set, the default is no.
+#
+#
+#-#-#-#-#-#-#-#-#-#-#- ALIAS DEFINITIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# If you have the m_alias.so module loaded, you may also define #
+# aliases as shown below. They are commonly used to provide shortcut #
+# commands to services, however they are not limited to just this use.#
+# An alias tag requires the following values to be defined in it: #
+# #
+# text - The text to detect as the actual command line. #
+# Can't contain spaces, but case insensitive. #
+# You may have multiple aliases with the same #
+# command name (text="" value), however the first #
+# found will be executed if its format value is #
+# matched, or it has no format value. Aliases are #
+# read from the top of the file to the bottom. #
+# #
+# usercommand - If this is true, the alias can be run simply as #
+# /aliasname. Defaults to true. #
+# #
+# channelcommand - If this is true, the alias can be used as an #
+# in-channel alias or 'fantasy command', prefixed #
+# by the fantasy prefix character, !aliasname by #
+# default. Defaults to false. #
+# #
+# format - If this is defined, the parameters of the alias #
+# must match this glob pattern. For example if you #
+# want the first parameter to start with a # for #
+# the alias to be executed, set format="#*" in the #
+# alias definition. Note that the :'s which are #
+# part of IRC formatted lines will be preserved #
+# for matching of this text. This value is #
+# optional. #
+# #
+# replace - The text to replace 'text' with. Usually this #
+# will be "PRIVMSG ServiceName :$2-" or similar. #
+# You may use the variables $1 through $9 in the #
+# replace string, which refer to the first through #
+# ninth word in the original string typed by the #
+# user. You may also use $1- through $9- which #
+# refer to the first word onwards, through to the #
+# ninth word onwards, e.g. if the user types the #
+# command "foo bar baz qux quz" then $3- will hold #
+# "baz qux quz" and $2 will contain "bar". You may #
+# also use the special variables: $nick, $ident, #
+# $host and $vhost, and you may separate multiple #
+# commands with a newline (which can be written in #
+# the file literally, or encoded as &nl; or \n #
+# depending on the config format setting). #
+# #
+# requires - If you provide a value for 'requires' this means #
+# the given nickname MUST be online for the alias #
+# to successfully trigger. If they are not, then #
+# the user receives a 'no such nick' 401 numeric. #
+# #
+# uline - Setting this to true will ensure that the user #
+# given in 'requires' is also on a u-lined server, #
+# as well as actually being on the network. If the #
+# user is online, but not on a u-lined server, #
+# then an oper alert is sent out as this is #
+# possibly a sign of a user trying to impersonate #
+# a service. #
+# #
+# operonly - If true, this will make the alias oper only. #
+# If a non-oper attempts to use the alias, it will #
+# appear to not exist. #
+# #
+
+
+
+
+
+
+
+
+
+
+
+
+#
+# An example of using the format value to create an alias with two
+# different behaviours depending on the format of the parameters.
+#
+#
+#
+
+#
+# This alias fixes a glitch in xchat 2.6.x and above and the way it
+# assumes IDENTIFY must be prefixed by a colon (:) character. It should
+# be placed ABOVE the default NICKSERV alias (the first example) listed
+# above.
+#
+
+#
+# You may also add aliases to trigger based on something said in a
+# channel, aka 'fantasy' commands, configured in the same manner as any
+# other alias, with usercommand="no" and channelcommand="yes" The
+# command must be preceded by the fantasy prefix when used.
+#
+#
+#
+# This would be used as "!cs ", with the channel
+# being automatically inserted after the command in the message to
+# ChanServ, assuming the fantasy prefix is "!".
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Allowinvite module: Gives channel mode +A to allow all users to use
+# /INVITE, and extban A to deny invite from specific masks.
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Alltime module: Shows time on all connected servers at once.
+# This module is oper-only and provides /ALLTIME.
+# To use, ALLTIME must be in one of your oper class blocks.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Auditorium module: Adds channel mode +u which makes everyone else
+# except you in the channel invisible, used for large meetings etc.
+
+#
+# Auditorium settings:
+#
+
+#
+# opvisible (auditorium-vis in exemptchanops):
+# Show channel ops to all users
+# opcansee (auditorium-see in exemptchanops):
+# Allow ops to see all joins/parts/kicks in the channel
+# opercansee:
+# Allow opers (channels/auspex) to see see all joins/parts/kicks in the channel
+#
+# Exemptchanops can be used to adjust the level at which users become visible or
+# the level at which they can see the full member list of the channel.
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Autoop module: Adds basic channel access controls via the +w listmode.
+# For example +w o:*!Attila@127.0.0.1 will op anyone matching that mask
+# on join. This can be combined with extbans, for example +w o:R:Brain
+# will op anyone identified to the account "Brain".
+# Another useful combination is with SSL client certificate
+# fingerprints: +w h:z:72db600734bb9546c1bdd02377bc21d2a9690d48 will
+# give halfop to the user(s) having the given certificate.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Ban except module: Adds support for channel ban exceptions (+e).
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Ban redirection module: Allows bans which redirect to a specified
+# channel. e.g. +b nick!ident@host#channelbanneduserissentto
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Block amsg module: Attempt to block all usage of /amsg and /ame.
+#
+#
+#-#-#-#-#-#-#-#-#-#-#- BLOCKAMSG CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+# #
+# If you have the m_blockamsg.so module loaded, you can configure it #
+# with the tag: #
+# #
+# delay - How many seconds between two messages to force #
+# them to be recognised as unrelated. #
+# action - Any of 'notice', 'noticeopers', 'silent', 'kill' #
+# or 'killopers'. Define how to take action when #
+# a user uses /amsg or /ame. #
+#
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Block CAPS module: Adds channel mode +B, blocks all-CAPS messages.
+#
+#
+#-#-#-#-#-#-#-#-#-#-#- BLOCKCAPS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+# #
+# percent - How many percent of text must be caps before text #
+# will be blocked. #
+# #
+# minlen - The minimum length a line must be for the block #
+# percent to have any effect. #
+# #
+# capsmap - A list of chars to be considered CAPS. Can be used #
+# to add CAPS characters for your language. Also you #
+# can add things like ! and space to further lock #
+# down on caps usage. #
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Block color module: Blocking color-coded messages with chan mode +c.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Botmode module: Adds the user mode +B. If set on a user, it will
+# show that the user is a bot in /WHOIS.
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# CallerID module: Adds usermode +g which activates hybrid-style
+# callerid: block all private messages unless you /ACCEPT first.
+#
+#
+#-#-#-#-#-#-#-#-#-#-#- CALLERID CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
+# maxaccepts - Maximum number of entries a user can add to his #
+# /ACCEPT list. Default is 16 entries. #
+# operoverride - Can opers (note: ALL opers) override callerid? #
+# Default is no. #
+# tracknick - Preserve /accept entries when a user changes nick? #
+# If no (the default), the user is removed from #
+# everyone's accept list if he changes nickname. #
+# cooldown - Amount of time (in seconds) that must pass since #
+# the last notification sent to a user before he can #
+# be sent another. Default is 60 (1 minute). #
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# CAP module: Provides the CAP negotiation mechanism required by the
+# m_sasl, m_namesx, m_uhnames, and m_ircv3 modules.
+# It is also recommended for the STARTTLS support in m_ssl_gnutls.
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# CBAN module: Lets you disallow channels from being used at runtime.
+# This module is oper-only and provides /CBAN.
+# To use, CBAN must be in one of your oper class blocks.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Censor module: Adds channel and user mode +G.
+#
+#
+#-#-#-#-#-#-#-#-#-#-#- CENSOR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# Optional - If you specify to use the m_censor module, then you must #
+# specify some censor tags. See also: #
+# http://wiki.inspircd.org/Modules/censor #
+#
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# CGI:IRC module: Adds support for automatic host changing in CGI:IRC
+# (http://cgiirc.sourceforge.net).
+
+
+#
+#-#-#-#-#-#-#-#-#-#-#-# CGIIRC CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
+#
+# Optional - If you specify to use m_cgiirc, then you must specify one
+# or more cgihost tags which indicate authorised CGI:IRC servers which
+# will be connecting to your network, and an optional cgiirc tag.
+# For more information see: http://wiki.inspircd.org/Modules/cgiirc
+#
+# Set to yes if you want to notice opers when CGI:IRC clients connect.
+#
+#
+# The type field indicates where the module should get the real
+# client's IP address from, for further information, please see the
+# CGI:IRC documentation.
+#
+# Old style:
+# # Get IP from PASS
+# # Get IP from ident
+# # See the docs
+# New style:
+# # Get IP from WEBIRC
+#
+# IMPORTANT NOTE:
+# ---------------
+#
+# When you connect CGI:IRC clients, there are two connect classes which
+# apply to these clients. When the client initially connects, the connect
+# class which matches the CGI:IRC site's host is checked. Therefore you
+# must raise the maximum local/global clients for this ip as high as you
+# want to allow cgi clients. After the client has connected and is
+# determined to be a cgi:irc client, the class which matches the client's
+# real IP is then checked. You may set this class to a lower value, so that
+# the real IP of the client can still be restricted to, for example, 3
+# sessions maximum.
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Channel create module: Adds snomask +j, which will notify opers of
+# any new channels that are created.
+# This module is oper-only.
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Channel filter module: Allows channel-op defined message filtering
+# using simple string matches (channel mode +g).
+#
+#
+# If hidemask is set to yes, the user will not be shown the mask when
+# his/her message is blocked.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Channel history module: Displays the last 'X' lines of chat to a user
+# joining a channel with +H 'X:T' set; 'T' is the maximum time to keep
+# lines in the history buffer. Designed so that the new user knows what
+# the current topic of conversation is when joining the channel.
+#
+#
+# Set the maximum number of lines allowed to be stored per channel below.
+# This is the hard limit for 'X'.
+# If notice is set to yes, joining users will get a NOTICE before playback
+# telling them about the following lines being the pre-join history.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Channel logging module: Used to send snotice output to channels, to
+# allow staff to centrally monitor and discuss network activity.
+#
+# The "channel" field is where you want the messages to go, "snomasks"
+# is what snomasks you want to be sent to that channel. Multiple tags
+# are allowed.
+
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Channel names module: Allows disabling channels which have certain
+# characters in the channel name such as bold, colorcodes, etc. which
+# can be quite annoying and allow users to on occasion have a channel
+# that looks like the name of another channel on the network.
+#
+
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Channelban: Implements extended ban j:, which stops anyone already
+# in a channel matching a ban like +b j:#channel*mask from joining.
+# Note that by default wildcard characters * and ? are allowed in
+# channel names. To disallow them, load m_channames and add characters
+# 42 and 63 to denyrange (see above).
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Custom prefixes: Allows for channel prefixes to be configured.
+
+#
+# name The name of the mode, must be unique from other modes.
+# letter The letter used for this mode. Required.
+# prefix The prefix used for nicks with this mode. Not required.
+# rank A numeric rank for this prefix, defining what permissions it gives.
+# The rank of voice, halfop and op is 10000, 20000, and 30000,
+# respectively.
+# ranktoset The numeric rank required to set this mode. Defaults to rank.
+# ranktounset The numeric rank required to unset this mode. Defaults to ranktoset.
+# depriv Can you remove the mode from yourself? Defaults to yes.
+
+
+
+#
+# You can also override the configuration of prefix modes added by both the core
+# and other modules by adding a customprefix tag with change="yes" specified.
+#
+#
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Check module: Adds the /CHECK command.
+# Check is useful for looking up information on channels, users,
+# IP addresses and hosts.
+# This module is oper-only.
+# To use, CHECK must be in one of your oper class blocks.
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# CHGHOST module: Adds the /CHGHOST command.
+# This module is oper-only.
+# To use, CHGHOST must be in one of your oper class blocks.
+# NOTE: Services will not be able to set vhosts on users if this module
+# isn't loaded. If you're planning on running services, you probably
+# want to load this.
+
+#
+#-#-#-#-#-#-#-#-# /CHGHOST - /SETHOST CONFIGURATION #-#-#-#-#-#-#-#-#
+# Optional - If you want to use special chars for hostnames you can #
+# specify your own custom list of chars with the tag: #
+# #
+# charmap - A list of chars accepted as valid by the /CHGHOST #
+# and /SETHOST commands. Also note that the list is #
+# case-sensitive. #
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# CHGIDENT module: Adds the /CHGIDENT command.
+# This module is oper-only.
+# To use, CHGIDENT must be in one of your oper class blocks.
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# CHGNAME module: Adds the /CHGNAME command.
+# This module is oper-only.
+# To use, CHGNAME must be in one of your oper class blocks.
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Cloaking module: Adds usermode +x and cloaking support.
+# Relies on the module m_md5.so being loaded.
+# To cloak users when they connect, load m_conn_umodes and set
+# to include the +x mode. The example tag
+# shows this. See the m_conn_umodes module for more information.
+
+#
+#-#-#-#-#-#-#-#-#-#-#- CLOAKING CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# To use m_cloaking, you must define a cloak key, and optionally a #
+# cloak prefix as shown below. The cloak key must be shared across #
+# the network for correct cloaking. #
+# #
+# There are four methods of cloaking: #
+# #
+# half Cloak only the "unique" portion of a host; show #
+# the last 2 parts of the domain, /16 subnet of IPv4 #
+# or /48 subnet of the IPv6 address. #
+# #
+# full Cloak the users completely, using three slices for #
+# common CIDR bans (IPv4: /16, /24; IPv6: /48, /64). #
+# #
+# These methods use a single key that can be any length of text. #
+# An optional prefix may be specified to mark cloaked hosts. #
+# #
+# The following methods are maintained for backwards compatibility; #
+# they are slightly less secure, and always hide unresolved IPs. #
+# #
+# compat-host InspIRCd 1.2-compatible host-based cloaking. #
+# compat-ip InspIRCd 1.2-compatible ip-always cloaking. #
+# #
+# If you use a compat cloaking mode then you must specify key1, key2, #
+# key3, key4; the values must be less than 0x80000000 and should be #
+# picked at random. Prefix is mandatory, will default to network name #
+# if not specified, and will always have a "-" appended. #
+#
+
+
+#-#-#-#-#-#-#-#-#-#-#-#- CLOSE MODULE #-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Close module: Allows an oper to close all unregistered connections.
+# This module is oper-only and provides the /CLOSE command.
+# To use, CLOSE must be in one of your oper class blocks.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Clones module: Adds an oper command /CLONES for detecting cloned
+# users. Warning: This command may be resource intensive when it is
+# issued, use with care.
+# This module is oper-only.
+# To use, CLONES must be in one of your oper class blocks.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Common channels module: Adds user mode +c, which, when set, requires
+# that users must share a common channel with you to PRIVMSG or NOTICE
+# you.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Auto join on connect module: Allows you to force users to join one
+# or more channels automatically upon connecting to the server.
+
+#
+#-#-#-#-#-#-#-#-#-#-#-#- CONNJOIN CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+#
+# If you have m_conn_join.so loaded, you can configure it using the
+# following values, or set autojoin="#chat,#help" in blocks.
+#
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Set modes on connect module: When this module is loaded
+# blocks may have an optional modes="" value, which contains modes to
+# add or remove from users when they connect to the server.
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Wait for PONG on connect module: Send a PING to all connecting users
+# and don't let them connect until they reply with a PONG.
+# This is useful to stop certain kinds of bots and proxies.
+
+#
+#-#-#-#-#-#-#-#-#-#-#- WAITPONG CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+# #
+# If you have the m_conn_waitpong.so module loaded, configure it with #
+# the tag: #
+# #
+# sendsnotice - Whether to send a helpful notice to users on #
+# connect telling them how to connect, should #
+# their client not reply PONG automatically. #
+# #
+# killonbadreply - Whether to kill the user if they send the wrong #
+# PONG reply. #
+# #
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Channel cycle module: Adds the /CYCLE command which is a server-side
+# /HOP that bypasses restrictive modes.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Connectban: Provides IP connection throttling. Any IP range that
+# connects too many times (configurable) in an hour is Z-Lined for a
+# (configurable) duration, and their count resets to 0.
+#
+#
+# ipv4cidr and ipv6cidr allow you to turn the comparison from
+# individual IP addresses (32 and 128 bits) into CIDR masks, to allow
+# for throttling over whole ISPs/blocks of IPs, which may be needed to
+# prevent attacks.
+#
+# This allows for 10 connections in an hour with a 10 minute ban if
+# that is exceeded.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Connection throttle module.
+
+#
+#-#-#-#-#-#-#-#-#-#-#- CONNTHROTTLE CONFIGURATION -#-#-#-#-#-#-#-#-#-#
+# seconds, maxconns - Amount of connections per .
+#
+# timeout - Time to wait after the throttle was activated
+# before deactivating it. Be aware that the time
+# is seconds + timeout.
+#
+# quitmsg - The message that users get if they attempt to
+# connect while the throttle is active.
+#
+# bootwait - Amount of time in seconds to wait before enforcing
+# the throttling when the server just booted.
+#
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Custom prefixes: Allows for channel prefixes to be added.
+# This replaces m_chanprotect and m_halfop.
+#
+#
+# name The name of the mode, must be unique from other modes.
+# letter The letter used for this mode. Required.
+# prefix The prefix used for nicks with this mode. Not required.
+# rank A numeric rank for this prefix, defining what permissions it gives.
+# The rank of voice, halfop and op is 10000, 20000, and 30000,
+# respectively.
+# ranktoset The numeric rank required to set/unset this mode. Defaults to rank.
+# depriv Can you remove the mode from yourself? Defaults to yes.
+#
+#
+#
+#
+#
+# Do /RELOADMODULE m_customprefix.so after changing the settings of this module.
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Custom title module: Adds the /TITLE command which allows for trusted
+# users to gain a custom whois line and an optional vhost can be
+# specified.
+#
+#
+#-#-#-#-#-#-#-#-#-#- CUSTOM TITLE CONFIGURATION -#-#-#-#-#-#-#-#-#-#
+# name - The username used to identify.
+# password - The password used to identify.
+# hash - The hash for the specific user's password (optional).
+# m_password_hash.so and a hashing module must be loaded
+# for this to work.
+# host - Allowed hostmask (optional).
+# title - Title shown in whois.
+# vhost - Displayed host (optional).
+#
+#
+#
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# DCCALLOW module: Adds the /DCCALLOW command.
+#
+#
+#-#-#-#-#-#-#-#-#-#-#- DCCALLOW CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+# blockchat - Whether to block DCC CHAT as well as DCC SEND.
+# length - Default duration of entries in DCCALLOW list.
+# action - Default action to take if no action is
+# specified, can be 'block' or 'allow'.
+# maxentries - Max number of nicks to allow on a DCCALLOW list.
+#
+# File configuration:
+# pattern - The glob pattern to match against.
+# action - Action to take if a user attempts to send a file
+# that matches this pattern, can be 'block' or
+# 'allow'.
+#
+#
+#
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Deaf module: Adds support for the usermode +d - deaf to channel
+# messages and channel notices.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Delay join module: Adds the channel mode +D which delays all JOIN
+# messages from users until they speak. If they quit or part before
+# speaking, their quit or part message will not be shown to the channel
+# which helps cut down noise on large channels in a more friendly way
+# than the auditorium mode. Only channel ops may set the +D mode.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Delay message module: Adds the channel mode +d which disallows a user
+# from talking in the channel unless they've been joined for X seconds.
+# Settable using /MODE #chan +d 30
+#
+# Set allownotice to no to disallow NOTICEs too. Defaults to yes.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Deny channels module: Deny channels from being used by users.
+
+#
+#-#-#-#-#-#-#-#-#-#-#- DENYCHAN DEFINITIONS -#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# If you have the m_denychans.so module loaded, you need to specify #
+# the channels to deny: #
+# #
+# name - The channel name to deny (glob masks are ok). #
+# allowopers - If operators are allowed to override the deny. #
+# reason - Reason given for the deny. #
+# redirect - Redirect the user to a different channel. #
+# #
+ #
+# #
+# #
+# Redirects will not work if the target channel is set +L. #
+# #
+# Additionally, you may specify channels which are allowed, even if #
+# a badchan tag specifies it would be denied: #
+# #
+# Glob masks are accepted here also. #
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Devoice module: Let users devoice themselves using /DEVOICE #chan.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# DNS blacklist module: Provides support for looking up IPs on one or #
+# more blacklists. #
+# #
+# #
+# For configuration options please see the wiki page for m_dnsbl at #
+# http://wiki.inspircd.org/Modules/dnsbl #
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Exempt channel operators module: Provides support for allowing #
+# channel operators to be exempt from some channel modes. Supported #
+# modes are blockcaps, noctcp, blockcolor, nickflood, flood, censor, #
+# filter, regmoderated, nonick, nonotice, and stripcolor. #
+# #
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Filter module: Provides message filtering, similar to SPAMFILTER. #
+#
+# #
+# This module depends upon a regex provider such as m_regex_pcre or #
+# m_regex_glob to function. You must specify which of these you want #
+# m_filter to use via the tag below. #
+# #
+# Valid engines are: #
+# #
+# glob - Glob patterns, provided via m_regex_glob. #
+# pcre - PCRE regexps, provided via m_regex_pcre, needs libpcre. #
+# tre - TRE regexps, provided via m_regex_tre, requires libtre. #
+# posix - POSIX regexps, provided via m_regex_posix, not available #
+# on Windows, no dependencies on other operating systems. #
+# stdlib - stdlib regexps, provided via m_regex_stdlib, see comment #
+# at the tag for info on availability. #
+# #
+# #
+# #
+# Your choice of regex engine must match on all servers network-wide.
+#
+# You may specify specific channels that are exempt from being filtered:
+#
+#
+#-#-#-#-#-#-#-#-#-#-#- FILTER CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# Optional - If you specify to use the m_filter module, then #
+# specify below the path to the filter.conf file, or define some #
+# tags. #
+# #
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Gecos ban: Implements extended ban 'r', which stops anyone matching
+# a mask like +b r:*realname?here* from joining a channel.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# GeoIP module: Allows the server admin to match users by country code.
+# This module is in extras. Re-run configure with:
+# ./configure --enable-extras=m_geoip.cpp
+# and run make install, then uncomment this module to enable it.
+# This module requires GeoIP to be installed on your system,
+# use your package manager to find the appropriate packages
+# or check the InspIRCd wiki page for this module.
+#
+#
+# The actual allow/ban actions are done by connect classes, not by the
+# GeoIP module. An example connect class to ban people from russia or
+# turkey:
+#
+#
+#
+# The country code must be in capitals and should be an ISO country
+# code such as TR, GB, or US. Unknown IPs (localhost, LAN IPs, etc)
+# will be assigned the country code "UNK". Since connect classes are
+# matched from top down, your deny classes must be above your allow
+# classes for them to match.
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Globops module: Provides the /GLOBOPS command and snomask +g.
+# This module is oper-only.
+# To use, GLOBOPS must be in one of your oper class blocks.
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Global load module: Allows loading and unloading of modules network-
+# wide (USE WITH EXTREME CAUTION!)
+# This module is oper-only and provides /GLOADMODULE, /GUNLOADMODULE
+# and /GRELOADMODULE.
+# To use, GLOADMODULE, GUNLOADMODULE and GRELOADMODULE
+# must be in one of your oper class blocks.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Halfop module: Provides the +h (halfops) channel status mode.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# HELPOP module: Provides the /HELPOP command.
+#
+#
+#-#-#-#-#-#-#-#-#-#-#-#- HELPOP CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+# #
+# If you specify to use the m_helpop.so module, then specify below #
+# the path to the helpop.conf file. #
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Hide chans module: Allows users to hide their channels list from non-
+# opers by setting user mode +I on themselves.
+
+#
+# This mode can optionally prevent opers from seeing channels on a +I
+# user, for more privacy if set to true.
+# This setting is not recommended for most mainstream networks.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Hide oper module: Allows opers to hide their oper status from non-
+# opers by setting user mode +H on themselves.
+# This module is oper-only.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Hostchange module: Allows a different style of cloaking.
+#
+#
+#-#-#-#-#-#-#-#-#-#-#- HOSTCHANGE CONFIGURATION -#-#-#-#-#-#-#-#-#-#
+# #
+# See http://wiki.inspircd.org/Modules/hostchange for help. #
+# #
+#
+#
+#
+#
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# httpd module: Provides HTTP server support for InspIRCd.
+#
+#
+#-#-#-#-#-#-#-#-#-#-#-#- HTTPD CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+#
+# If you choose to use the m_httpd.so module, then you will need to add
+# a tag with type "httpd", and load at least one of the other
+# m_httpd_* modules to provide pages to display.
+#
+# You can adjust the timeout for HTTP connections below. All HTTP
+# connections will be closed after (roughly) this many seconds.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# HTTP ACL module: Provides access control lists for m_httpd dependent
+# modules. Use this module to restrict pages by IP address and by
+# password.
+#
+#
+#-#-#-#-#-#-#-#-#-#-#-#- HTTPD ACL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+#
+# Restrict access to the m_httpd_stats module to all but the local
+# network and when the correct password is specified:
+#
+#
+# Deny all connections to all but the main index page:
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# HTTP config module: Allows the configuration of the server to be
+# viewed over HTTP. Requires m_httpd.so to be loaded for it to function.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# HTTP stats module: Provides basic stats pages over HTTP.
+# Requires m_httpd.so to be loaded for it to function.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Ident: Provides RFC 1413 ident lookup support.
+# When this module is loaded tags may have an optional
+# useident="yes|no" boolean value, determining whether or not to lookup
+# ident on users matching that connect tag.
+
+#
+#-#-#-#-#-#-#-#-#-#-#-#- IDENT CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+# #
+# Optional - If you are using the m_ident.so module, then you can #
+# specify the timeout for ident lookups here. If not defined, it will #
+# default to 5 seconds. This is a non-blocking timeout which holds #
+# the user in a 'connecting' state until the lookup is complete. #
+# The bind value indicates which IP to bind outbound requests to. #
+#
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Invite exception module: Adds support for channel invite exceptions
+# (+I).
+#
+# bypasskey: If this is enabled, exceptions will bypass +k as well as +i
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# IRCv3 module: Provides the following IRCv3.1 extensions:
+# extended-join, away-notify and account-notify. These are optional
+# enhancements to the client-to-server protocol. An extension is only
+# active for a client when the client specifically requests it, so this
+# module needs m_cap to work.
+#
+# Further information on these extensions can be found at the IRCv3
+# working group website:
+# http://ircv3.org/extensions/
+#
+#
+# The following block can be used to control which extensions are
+# enabled. Note that extended-join can be incompatible with m_delayjoin
+# and host cycling.
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Join flood module: Adds support for join flood protection +j X:Y.
+# Closes the channel for 60 seconds if X users join in Y seconds.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Jump server module: Adds support for the RPL_REDIR numeric.
+# This module is oper-only.
+# To use, JUMPSERVER must be in one of your oper class blocks.
+# If your server is redirecting new clients and you get disconnected,
+# do a REHASH from shell to open up again.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Anti auto rejoin: Adds support for prevention of auto-rejoin (+J).
+#
+# Set the maximum time that is accepted as a parameter for +J here.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Knock module: Adds the /KNOCK command and channel mode +K.
+
+#
+# This setting specifies what to do when someone successfully /KNOCKs.
+# If set to "notice", then a NOTICE will be sent to the channel.
+# This is the default and the compatible setting, as it requires no
+# special support from the clients.
+# If set to "numeric" then a 710 numeric will be sent to the channel.
+# This allows easier scripting but not all clients support it.
+# If set to "both" then (surprise!) both will be sent.
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# LDAP authentication module: Adds the ability to authenticate users #
+# via LDAP. This is an extra module which must be enabled explicitly #
+# by symlinking it from modules/extra, and requires the OpenLDAP libs #
+# This module is in extras. To enable it, Re-run configure with: #
+# ./configure --enable-extras=m_ldapauth.cpp #
+# and run make install, then uncomment this module. #
+#
+# #
+# Configuration: #
+# #
+# #
+# #
+# #
+# #
+# #
+# #
+# The baserdn indicates the base DN to search in for users. Usually #
+# this is 'ou=People,dc=yourdomain,dc=yourtld'. #
+# #
+# The attribute value indicates the attribute which is used to locate #
+# a user account by name. On POSIX systems this is usually 'uid'. #
+# #
+# The server parameter indicates the LDAP server to connect to. The #
+# ldap:// style scheme before the hostname proper is MANDATORY. #
+# #
+# The allowpattern value allows you to specify a wildcard mask which #
+# will always be allowed to connect regardless of if they have an #
+# account, for example guest users. #
+# #
+# Killreason indicates the QUIT reason to give to users if they fail #
+# to authenticate. #
+# #
+# The searchscope value indicates the subtree to search under. On our #
+# test system this is 'subtree'. Your mileage may vary. #
+# #
+# Setting the verbose value causes an oper notice to be sent out for #
+# every failed authentication to the server, with an error string. #
+# #
+# The binddn and bindauth indicate the DN to bind to for searching, #
+# and the password for the distinguished name. Some LDAP servers will #
+# allow anonymous searching in which case these two values do not #
+# need defining, otherwise they should be set similar to the examples #
+# above. #
+# #
+# ldapwhitelist indicates that clients connecting from an IP in the #
+# provided CIDR do not need to authenticate against LDAP. It can be #
+# repeated to whitelist multiple CIDRs. #
+# #
+# ldaprequire allows further filtering on the LDAP user, by requiring #
+# certain LDAP attibutes to have a given value. It can be repeated, #
+# in which case the list will act as an OR list, that is, the #
+# authentication will succeed if any of the requirements in the list #
+# is satisfied. #
+# #
+# host allows you to change the displayed host of users connecting #
+# from ldap. The string supplied takes formatters which are replaced #
+# from the DN. For instance, if your DN looks like: #
+# uid=w00t,ou=people,dc=inspircd,dc=org, then the formatters uid, ou #
+# and dc will be available to you. If a key is given multiple times #
+# in the DN, the last appearance will take precedence. #
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# LDAP oper configuration module: Adds the ability to authenticate #
+# opers via LDAP. This is an extra module which must be enabled #
+# explicitly by symlinking it from modules/extra, and requires the #
+# OpenLDAP libs. Re-run configure with: #
+# ./configure --enable-extras=m_ldapoper.cpp
+# and run make install, then uncomment this module to enable it. #
+#
+# #
+# Configuration: #
+# #
+#
+# #
+# Available configuration items are identical to the same items in #
+# m_ldapauth above (except for the verbose setting, that is only #
+# supported in m_ldapauth). #
+# Please always specify a password in your tags even if the #
+# opers are to be authenticated via LDAP, so in case this module is #
+# not loaded the oper accounts are still protected by a password. #
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Lock server module: Adds /LOCKSERV and /UNLOCKSERV commands that #
+# are used to temporarily close/open the server for new connections. #
+# These commands require that the /LOCKSERV and /UNLOCKSERV commands #
+# are specified in a tag that the oper is part of. This is so #
+# you can control who has access to this possible dangerous command. #
+# If your server is locked and you get disconnected, do a REHASH from #
+# shell to open up again. #
+# This module is oper-only.
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Map hiding module: replaces /MAP and /LINKS output to users with a #
+# message to see a website, set by maphide="http://test.org/map" in #
+# the tag, instead. #
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Message flood module: Adds message/notice flood protection via
+# channel mode +f.
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# MLOCK module: Adds support for server-side enforcement of services
+# side MLOCKs. Basically, this module suppresses any mode change that
+# would likely be immediately bounced by services.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# MsSQL module: Allows other SQL modules to access MS SQL Server
+# through a unified API.
+# This module is in extras. Re-run configure with:
+# ./configure --enable-extras=m_mssql.cpp
+# and run make install, then uncomment this module to enable it.
+#
+#
+#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# m_mssql.so is more complex than described here, see wiki for more #
+# info http://wiki.inspircd.org/Modules/mssql #
+#
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# MySQL module: Allows other SQL modules to access MySQL databases
+# through a unified API.
+# This module is in extras. Re-run configure with:
+# ./configure --enable-extras=m_mysql.cpp
+# and run make install, then uncomment this module to enable it.
+#
+#
+#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# m_mysql.so is more complex than described here, see the wiki for #
+# more: http://wiki.inspircd.org/Modules/mysql #
+#
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Named modes module: Allows for the display and set/unset of channel
+# modes via long-form mode names via +Z and the /PROP command.
+# For example, to set a ban, do /mode #channel +Z ban=foo!bar@baz or
+# /PROP #channel ban=foo!bar@baz
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# NAMESX module: Provides support for the NAMESX extension which allows
+# clients to see all the prefixes set on a user without getting confused.
+# This is supported by mIRC, x-chat, klient, and maybe more.
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# National characters module:
+# 1) Allows using national characters in nicknames.
+# 2) Allows using custom (national) casemapping over the network.
+#
+#
+# file - Location of the file which contains casemapping rules. If this
+# is a relative path then it is relative to "/../locales"
+# on UNIX and "/locales" on Windows.
+# casemapping - The name of the casemapping sent to clients in the 005
+# numeric. If this is not set then it defaults to the name
+# of the casemapping file unless the file name contains a
+# space in which case you will have to specify it manually.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Nickchange flood protection module: Provides channel mode +F X:Y
+# which allows up to X nick changes in Y seconds.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Nicklock module: Let opers change a user's nick and then stop that
+# user from changing their nick again until unlocked.
+# This module is oper-only.
+# To use, NICKLOCK and NICKUNLOCK must be in one of your oper class blocks.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# No CTCP module: Adds the channel mode +C to block CTCPs and extban
+# 'C' to block CTCPs sent by specific users.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# No kicks module: Adds the +Q channel mode and the Q: extban to deny
+# certain users from kicking.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# No nicks module: Adds the +N channel mode, as well as the 'N' extban.
+# +N stops all users from changing their nick, the N extban stops
+# anyone from matching a +b N:nick!user@host mask from changing their
+# nick.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# No part message module: Adds extban 'p' to block part messages from #
+# matching users. #
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# No notice module: Adds the channel mode +T and the extban 'T' to
+# block specific users from noticing the channel.
+#
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Network business join module:
+# Allows an oper to join a channel using /OJOIN, giving them +Y on the
+# channel which makes them immune to kick/deop/etc.
+
+#
+# Specify the prefix that +Y will grant here.
+# Leave 'prefix' empty if you do not wish +Y to grant a prefix.
+# If 'notice' is set to on, upon /OJOIN, the server will notice the
+# channel saying that the oper is joining on network business.
+# If 'op' is set to on, it will give them +o along with +Y.
+
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Oper channels mode: Adds the +O channel mode and extban O: