X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=doc%2Fsample-ngircd.conf.tmpl;h=018855d5e1f4490f92291069b635f2afa0cf9c34;hp=6e02048ffd93774bbe955f1490e05c43aaed80a9;hb=808c291c76b7ecb4ae13b6ee12e8afe658b627c1;hpb=fc0b0261496d2251e9917da96d5741da771f4bc1

diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl
index 6e02048f..018855d5 100644
--- a/doc/sample-ngircd.conf.tmpl
+++ b/doc/sample-ngircd.conf.tmpl
@@ -12,69 +12,37 @@
 # Use "ngircd --configtest" (see manual page ngircd(8)) to validate that the
 # server interprets the configuration file as expected!
 #
-# Please see ngircd.conf(5) for a complete list of configuration options.
+# Please see ngircd.conf(5) for a complete list of configuration options
+# and their descriptions.
 #
 
 [Global]
 	# The [Global] section of this file is used to define the main
 	# configuration of the server, like the server name and the ports
 	# on which the server should be listening.
+	# These settings depend on your personal preferences, so you should
+	# make sure that they correspond to your installation and setup!
 
 	# Server name in the IRC network, must contain at least one dot
 	# (".") and be unique in the IRC network. Required!
 	Name = irc.example.net
 
-	# Info text of the server. This will be shown by WHOIS and
-	# LINKS requests for example.
-	Info = Server Info Text
-
-	# Global password for all users needed to connect to the server.
-	# (Default: not set)
-	;Password = abc
-
-	# Password required for using the WEBIRC command used by some
-	# Web-to-IRC gateways. If not set/empty, the WEBIRC command can't
-	# be used. (Default: not set)
-	;WebircPassword = xyz
-
 	# Information about the server and the administrator, used by the
 	# ADMIN command. Not required by server but by RFC!
 	;AdminInfo1 = Description
 	;AdminInfo2 = Location
 	;AdminEMail = admin@irc.server
 
-	# Ports on which the server should listen. There may be more than
-	# one port, separated with ",". (Default: 6667)
-	;Ports = 6667, 6668, 6669
-
-	# Additional Listen Ports that expect SSL/TLS encrypted connections
-	;SSLPorts = 6697, 9999
-
-	# SSL Server Key
-	;SSLKeyFile = :ETCDIR:/ssl/server-key.pem
-
-	# password to decrypt SSLKeyFile (OpenSSL only)
-	;SSLKeyFilePassword = secret
-
-	# SSL Server Key Certificate
-	;SSLCertFile = :ETCDIR:/ssl/server-cert.pem
-
-	# Diffie-Hellman parameters
-	;SSLDHFile = :ETCDIR:/ssl/dhparams.pem
+	# Info text of the server. This will be shown by WHOIS and
+	# LINKS requests for example.
+	Info = Server Info Text
 
-	# comma separated list of IP addresses on which the server should
+	# Comma separated list of IP addresses on which the server should
 	# listen. Default values are:
 	# "0.0.0.0" or (if compiled with IPv6 support) "::,0.0.0.0"
 	# so the server listens on all IP addresses of the system by default.
 	;Listen = 127.0.0.1,192.168.0.1
 
-	# Syslog "facility" to which ngIRCd should send log messages.
-	# Possible values are system dependant, but most probably auth, daemon,
-	# user and local1 through local7 are possible values; see syslog(3).
-	# Default is "local5" for historical reasons, you probably want to
-	# change this to "daemon", for example.
-	SyslogFacility = local1
-
 	# Text file with the "message of the day" (MOTD). This message will
 	# be shown to all users connecting to the server:
 	;MotdFile = :ETCDIR:/ngircd.motd
@@ -82,6 +50,25 @@
 	# A simple Phrase (<256 chars) if you don't want to use a motd file.
 	;MotdPhrase = "Hello world!"
 
+	# Global password for all users needed to connect to the server.
+	# (Default: not set)
+	;Password = abc
+
+	# This tells ngIRCd to write its current process ID to a file.
+	# Note that the pidfile is written AFTER chroot and switching the
+	# user ID, e.g. the directory the pidfile resides in must be
+	# writable by the ngIRCd user and exist in the chroot directory.
+	;PidFile = /var/run/ngircd/ngircd.pid
+
+	# Ports on which the server should listen. There may be more than
+	# one port, separated with ",". (Default: 6667)
+	;Ports = 6667, 6668, 6669
+
+	# Group ID under which the ngIRCd should run; you can use the name
+	# of the group or the numerical ID. ATTENTION: For this to work the
+	# server must have been started with root privileges!
+	;ServerGID = 65534
+
 	# User ID under which the server should run; you can use the name
 	# of the user or the numerical ID. ATTENTION: For this to work the
 	# server must have been started with root privileges! In addition,
@@ -89,55 +76,14 @@
 	# otherwise RESTART and REHASH won't work!
 	;ServerUID = 65534
 
-	# Group ID under which the ngircd should run; you can use the name
-	# of the group or the numerical ID. ATTENTION: For this to work the
-	# server must have been started with root privileges!
-	;ServerGID = 65534
-
-	# A directory to chroot in when everything is initialized. It
-	# doesn't need to be populated if ngIRCd is compiled as a static
-	# binary. By default ngIRCd won't use the chroot() feature.
-	# ATTENTION: For this to work the server must have been started
-	# with root privileges!
-	;ChrootDir = /var/empty
-
-	# This tells ngircd to write its current process id to a file.
-	# Note that the pidfile is written AFTER chroot and switching uid,
-	# i. e. the Directory the pidfile resides in must be writeable by
-	# the ngircd user and exist in the chroot directory.
-	;PidFile = /var/run/ngircd/ngircd.pid
-
-	# After <PingTimeout> seconds of inactivity the server will send a
-	# PING to the peer to test whether it is alive or not.
-	;PingTimeout = 120
-
-	# If a client fails to answer a PING with a PONG within <PongTimeout>
-	# seconds, it will be disconnected by the server.
-	;PongTimeout = 20
+[Limits]
+	# Define some limits and timeouts for this ngIRCd instance. Default
+	# values should be safe, but it is wise to double-check :-)
 
 	# The server tries every <ConnectRetry> seconds to establish a link
 	# to not yet (or no longer) connected servers.
 	;ConnectRetry = 60
 
-	# Should IRC Operators be allowed to use the MODE command even if
-	# they are not(!) channel-operators?
-	;OperCanUseMode = no
-
-	# Mask IRC Operator mode requests as if they were coming from the
-	# server? (This is a compatibility hack for ircd-irc2 servers)
-	;OperServerMode = no
-
-	# Are remote IRC operators allowed to control this server, e. g.
-	# use commands like CONNECT, SQUIT, DIE, ...?
-	;AllowRemoteOper = no
-
-	# Allow Pre-Defined Channels only (see Section [Channels])
-	;PredefChannelsOnly = no
-
-	# try to connect to other irc servers using ipv4 and ipv6, if possible
-	;ConnectIPv6 = yes
-	;ConnectIPv4 = yes
-
 	# Maximum number of simultaneous in- and outbound connections the
 	# server is allowed to accept (0: unlimited):
 	;MaxConnections = 0
@@ -154,28 +100,138 @@
 	# maximum nick name length!
 	;MaxNickLength = 9
 
-	# Let ngIRCd send an "authentication PING" when a new client connects,
-	# and register this client only after receiving the corresponding
-	# "PONG" reply.
-	;RequireAuthPing = no
+	# After <PingTimeout> seconds of inactivity the server will send a
+	# PING to the peer to test whether it is alive or not.
+	;PingTimeout = 120
+
+	# If a client fails to answer a PING with a PONG within <PongTimeout>
+	# seconds, it will be disconnected by the server.
+	;PongTimeout = 20
+
+[Options]
+	# Optional features and configuration options to further tweak the
+	# behavior of ngIRCd. If you want to get started quickly, you most
+	# probably don't have to make changes here -- they are all optional.
+
+	# Are remote IRC operators allowed to control this server, e.g.
+	# use commands like CONNECT, SQUIT, DIE, ...?
+	;AllowRemoteOper = no
+
+	# A directory to chroot in when everything is initialized. It
+	# doesn't need to be populated if ngIRCd is compiled as a static
+	# binary. By default ngIRCd won't use the chroot() feature.
+	# ATTENTION: For this to work the server must have been started
+	# with root privileges!
+	;ChrootDir = /var/empty
 
 	# Set this hostname for every client instead of the real one.
-	# Please note: don't use the percentage sign ("%"), it is reserved for
-	# future extensions!
-	;CloakHost = irc.example.net
+	# Use %x to add the hashed value of the original hostname.
+	;CloakHost = cloaked.host
+
+	# Use this hostname for hostname cloaking on clients that have the
+	# user mode "+x" set, instead of the name of the server.
+	# Use %x to add the hashed value of the original hostname.
+	;CloakHostModeX = cloaked.user
+
+	# The Salt for cloaked hostname hashing. When undefined a random
+	# hash is generated after each server start.
+	;CloakHostSalt = abcdefghijklmnopqrstuvwxyz
 
 	# Set every clients' user name to their nick name
 	;CloakUserToNick = yes
 
-[Features]
+	# Try to connect to other IRC servers using IPv4 and IPv6, if possible.
+	;ConnectIPv6 = yes
+	;ConnectIPv4 = yes
+
 	# Do any DNS lookups when a client connects to the server.
 	;DNS = yes
 
-	# Do any IDENT lookups if ngIRCd has been compiled with support for it.
+	# Do IDENT lookups if ngIRCd has been compiled with support for it.
+	# Users identified using IDENT are registered without the "~" character
+	# prepended to their user name.
 	;Ident = yes
 
+	# Enhance user privacy slightly (useful for IRC server on TOR or I2P)
+	# by censoring some information like idle time, logon time, etc.
+	;MorePrivacy = no
+
+	# Normally ngIRCd doesn't send any messages to a client until it is
+	# registered. Enable this option to let the daemon send "NOTICE AUTH"
+	# messages to clients while connecting.
+	;NoticeAuth = no
+
+	# Should IRC Operators be allowed to use the MODE command even if
+	# they are not(!) channel-operators?
+	;OperCanUseMode = no
+
+	# Should IRC Operators get AutoOp (+o) in persistent (+P) channels?
+	;OperChanPAutoOp = yes
+
+	# Mask IRC Operator mode requests as if they were coming from the
+	# server? (This is a compatibility hack for ircd-irc2 servers)
+	;OperServerMode = no
+
 	# Use PAM if ngIRCd has been compiled with support for it.
-	;PAM = no
+	# Users identified using PAM are registered without the "~" character
+	# prepended to their user name.
+	;PAM = yes
+
+	# When PAM is enabled, all clients are required to be authenticated
+	# using PAM; connecting to the server without successful PAM
+	# authentication isn't possible.
+	# If this option is set, clients not sending a password are still
+	# allowed to connect: they won't become "identified" and keep the "~"
+	# character prepended to their supplied user name.
+	# Please note: To make some use of this behavior, it most probably
+	# isn't useful to enable "Ident", "PAM" and "PAMIsOptional" at the
+	# same time, because you wouldn't be able to distinguish between
+	# Ident'ified and PAM-authenticated users: both don't have a "~"
+	# character prepended to their respective user names!
+	;PAMIsOptional = no
+
+	# Allow Pre-Defined Channels only (see Section [Channels])
+	;PredefChannelsOnly = no
+
+	# Let ngIRCd send an "authentication PING" when a new client connects,
+	# and register this client only after receiving the corresponding
+	# "PONG" reply.
+	;RequireAuthPing = no
+
+	# Silently drop all incoming CTCP requests.
+	;ScrubCTCP = no
+
+	# Syslog "facility" to which ngIRCd should send log messages.
+	# Possible values are system dependent, but most probably auth, daemon,
+	# user and local1 through local7 are possible values; see syslog(3).
+	# Default is "local5" for historical reasons, you probably want to
+	# change this to "daemon", for example.
+	;SyslogFacility = local1
+
+	# Password required for using the WEBIRC command used by some
+	# Web-to-IRC gateways. If not set/empty, the WEBIRC command can't
+	# be used. (Default: not set)
+	;WebircPassword = xyz
+
+;[SSL]
+	# SSL-related configuration options. Please note that this section
+	# is only available when ngIRCd is compiled with support for SSL!
+	# So don't forget to remove the ";" above if this is the case ...
+
+	# SSL Server Key Certificate
+	;CertFile = :ETCDIR:/ssl/server-cert.pem
+
+	# Diffie-Hellman parameters
+	;DHFile = :ETCDIR:/ssl/dhparams.pem
+
+	# SSL Server Key
+	;KeyFile = :ETCDIR:/ssl/server-key.pem
+
+	# password to decrypt SSLKeyFile (OpenSSL only)
+	;KeyFilePassword = secret
+
+	# Additional Listen Ports that expect SSL/TLS encrypted connections
+	;Ports = 6697, 9999
 
 [Operator]
 	# [Operator] sections are used to define IRC Operators. There may be
@@ -244,15 +300,16 @@
 	# Connect to the remote server using TLS/SSL (Default: false)
 	;SSLConnect = yes
 
-	# Define a (case insensitive) mask matching nick names that should be
-	# treated as IRC services when introduced via this remote server.
+	# Define a (case insensitive) list of masks matching nick names that
+	# should be treated as IRC services when introduced via this remote
+	# server, separated by commas (",").
 	# REGULAR SERVERS DON'T NEED this parameter, so leave it empty
 	# (which is the default).
 	# When you are connecting IRC services which mask as a IRC server
 	# and which use "virtual users" to communicate with, for example
 	# "NickServ" and "ChanServ", you should set this parameter to
-	# something like "*Serv".
-	;ServiceMask = *Serv
+	# something like "*Serv" or "NickServ,ChanServ,XyzServ".
+	;ServiceMask = *Serv,Global
 
 [Server]
 	# More [Server] sections, if you like ...