X-Git-Url: https://arthur.barton.de/cgi-bin/gitweb.cgi?p=ngircd-alex.git;a=blobdiff_plain;f=doc%2Fsample-ngircd.conf.tmpl;h=ec425bd284686546de2cc36bb330b82151937ba3;hp=0f2e7ee8c609ef1ea3e91e5785168e2bd42ca1dc;hb=2a40112f09cc58d43447cc2665b7924c8a69c580;hpb=3d0ce77f12117df9e12d364c725c3c54332901bd diff --git a/doc/sample-ngircd.conf.tmpl b/doc/sample-ngircd.conf.tmpl index 0f2e7ee8..ec425bd2 100644 --- a/doc/sample-ngircd.conf.tmpl +++ b/doc/sample-ngircd.conf.tmpl @@ -33,6 +33,10 @@ ;AdminInfo2 = Location ;AdminEMail = admin@irc.server + # Text file which contains the ngIRCd help text. This file is required + # to display help texts when using the "HELP " command. + ;HelpFile = :DOCDIR:/Commands.txt + # Info text of the server. This will be shown by WHOIS and # LINKS requests for example. Info = Server Info Text @@ -50,6 +54,12 @@ # A simple Phrase (<256 chars) if you don't want to use a motd file. ;MotdPhrase = "Hello world!" + # The name of the IRC network to which this server belongs. This name + # is optional, should only contain ASCII characters, and can't contain + # spaces. It is only used to inform clients. The default is empty, + # so no network name is announced to clients. + ;Network = aIRCnetwork + # Global password for all users needed to connect to the server. # (Default: not set) ;Password = abc @@ -57,7 +67,7 @@ # This tells ngIRCd to write its current process ID to a file. # Note that the pidfile is written AFTER chroot and switching the # user ID, e.g. the directory the pidfile resides in must be - # writeable by the ngIRCd user and exist in the chroot directory. + # writable by the ngIRCd user and exist in the chroot directory. ;PidFile = /var/run/ngircd/ngircd.pid # Ports on which the server should listen. There may be more than @@ -84,6 +94,13 @@ # to not yet (or no longer) connected servers. ;ConnectRetry = 60 + # Number of seconds after which the whole daemon should shutdown when + # no connections are left active after handling at least one client + # (0: never, which is the default). + # This can be useful for testing or when ngIRCd is started using + # "socket activation" with systemd(8), for example. + ;IdleTimeout = 0 + # Maximum number of simultaneous in- and outbound connections the # server is allowed to accept (0: unlimited): ;MaxConnections = 0 @@ -95,11 +112,15 @@ # Maximum number of channels a user can be member of (0: no limit): ;MaxJoins = 10 - # Maximum length of an user nick name (Default: 9, as in RFC 2812). + # Maximum length of an user nickname (Default: 9, as in RFC 2812). # Please note that all servers in an IRC network MUST use the same - # maximum nick name length! + # maximum nickname length! ;MaxNickLength = 9 + # Maximum number of channels returned in response to a /list + # command (0: unlimited): + ;MaxListSize = 100 + # After seconds of inactivity the server will send a # PING to the peer to test whether it is alive or not. ;PingTimeout = 120 @@ -110,9 +131,15 @@ [Options] # Optional features and configuration options to further tweak the - # behavior of ngIRCd. If you wan't to get started quickly, you most + # behavior of ngIRCd. If you want to get started quickly, you most # probably don't have to make changes here -- they are all optional. + # List of allowed channel types (channel prefixes) for newly created + # channels on the local server. By default, all supported channel + # types are allowed. Set this variable to the empty string to disallow + # creation of new channels by local clients at all. + ;AllowedChannelTypes = #&+ + # Are remote IRC operators allowed to control this server, e.g. # use commands like CONNECT, SQUIT, DIE, ...? ;AllowRemoteOper = no @@ -125,23 +152,46 @@ ;ChrootDir = /var/empty # Set this hostname for every client instead of the real one. - # Please note: don't use the percentage sign ("%"), it is reserved for - # future extensions! - ;CloakHost = irc.example.net + # Use %x to add the hashed value of the original hostname. + ;CloakHost = cloaked.host + + # Use this hostname for hostname cloaking on clients that have the + # user mode "+x" set, instead of the name of the server. + # Use %x to add the hashed value of the original hostname. + ;CloakHostModeX = cloaked.user + + # The Salt for cloaked hostname hashing. When undefined a random + # hash is generated after each server start. + ;CloakHostSalt = abcdefghijklmnopqrstuvwxyz - # Set every clients' user name to their nick name + # Set every clients' user name to their nickname ;CloakUserToNick = yes # Try to connect to other IRC servers using IPv4 and IPv6, if possible. ;ConnectIPv6 = yes ;ConnectIPv4 = yes - # Do any DNS lookups when a client connects to the server. + # Default user mode(s) to set on new local clients. Please note that + # only modes can be set that the client could set on itself, you can't + # set "a" (away) or "o" (IRC Op), for example! Default: none. + ;DefaultUserModes = i + + # Do DNS lookups when a client connects to the server. ;DNS = yes # Do IDENT lookups if ngIRCd has been compiled with support for it. + # Users identified using IDENT are registered without the "~" character + # prepended to their user name. ;Ident = yes + # Directory containing configuration snippets (*.conf), that should + # be read in after parsing this configuration file. + ;IncludeDir = :ETCDIR:/conf.d + + # Enhance user privacy slightly (useful for IRC server on TOR or I2P) + # by censoring some information like idle time, logon time, etc. + ;MorePrivacy = no + # Normally ngIRCd doesn't send any messages to a client until it is # registered. Enable this option to let the daemon send "NOTICE AUTH" # messages to clients while connecting. @@ -151,21 +201,39 @@ # they are not(!) channel-operators? ;OperCanUseMode = no + # Should IRC Operators get AutoOp (+o) in persistent (+P) channels? + ;OperChanPAutoOp = yes + # Mask IRC Operator mode requests as if they were coming from the # server? (This is a compatibility hack for ircd-irc2 servers) ;OperServerMode = no # Use PAM if ngIRCd has been compiled with support for it. - ;PAM = no - - # Allow Pre-Defined Channels only (see Section [Channels]) - ;PredefChannelsOnly = no + # Users identified using PAM are registered without the "~" character + # prepended to their user name. + ;PAM = yes + + # When PAM is enabled, all clients are required to be authenticated + # using PAM; connecting to the server without successful PAM + # authentication isn't possible. + # If this option is set, clients not sending a password are still + # allowed to connect: they won't become "identified" and keep the "~" + # character prepended to their supplied user name. + # Please note: To make some use of this behavior, it most probably + # isn't useful to enable "Ident", "PAM" and "PAMIsOptional" at the + # same time, because you wouldn't be able to distinguish between + # Ident'ified and PAM-authenticated users: both don't have a "~" + # character prepended to their respective user names! + ;PAMIsOptional = no # Let ngIRCd send an "authentication PING" when a new client connects, # and register this client only after receiving the corresponding # "PONG" reply. ;RequireAuthPing = no + # Silently drop all incoming CTCP requests. + ;ScrubCTCP = no + # Syslog "facility" to which ngIRCd should send log messages. # Possible values are system dependent, but most probably auth, daemon, # user and local1 through local7 are possible values; see syslog(3). @@ -184,25 +252,34 @@ # So don't forget to remove the ";" above if this is the case ... # SSL Server Key Certificate - ;SSLCertFile = :ETCDIR:/ssl/server-cert.pem + ;CertFile = :ETCDIR:/ssl/server-cert.pem + + # Select cipher suites allowed for SSL/TLS connections. This defaults + # to HIGH:!aNULL:@STRENGTH (OpenSSL) or SECURE128 (GnuTLS). + # See 'man 1ssl ciphers' (OpenSSL) or 'man 3 gnutls_priority_init' + # (GnuTLS) for details. + # For OpenSSL: + ;CipherList = HIGH:!aNULL:@STRENGTH + # For GnuTLS: + ;CipherList = SECURE128 # Diffie-Hellman parameters - ;SSLDHFile = :ETCDIR:/ssl/dhparams.pem + ;DHFile = :ETCDIR:/ssl/dhparams.pem # SSL Server Key - ;SSLKeyFile = :ETCDIR:/ssl/server-key.pem + ;KeyFile = :ETCDIR:/ssl/server-key.pem # password to decrypt SSLKeyFile (OpenSSL only) - ;SSLKeyFilePassword = secret + ;KeyFilePassword = secret # Additional Listen Ports that expect SSL/TLS encrypted connections - ;SSLPorts = 6697, 9999 + ;Ports = 6697, 9999 [Operator] # [Operator] sections are used to define IRC Operators. There may be # more than one [Operator] block, one for each local operator. - # ID of the operator (may be different of the nick name) + # ID of the operator (may be different of the nickname) ;Name = TheOper # Password of the IRC operator @@ -265,15 +342,16 @@ # Connect to the remote server using TLS/SSL (Default: false) ;SSLConnect = yes - # Define a (case insensitive) mask matching nick names that should be - # treated as IRC services when introduced via this remote server. + # Define a (case insensitive) list of masks matching nicknames that + # should be treated as IRC services when introduced via this remote + # server, separated by commas (","). # REGULAR SERVERS DON'T NEED this parameter, so leave it empty # (which is the default). # When you are connecting IRC services which mask as a IRC server # and which use "virtual users" to communicate with, for example # "NickServ" and "ChanServ", you should set this parameter to - # something like "*Serv". - ;ServiceMask = *Serv + # something like "*Serv" or "NickServ,ChanServ,XyzServ". + ;ServiceMask = *Serv,Global [Server] # More [Server] sections, if you like ...