crans
/
ansible
mirror of http://gitlab.adm.crans.org/nounous/ansible.git
19
0
Fork 0
Code Issues Projects Releases Wiki Activity

[anope] Deploy Anope on irc

certbot_on_virtu
_benjamin 2021-02-28 18:16:47 +01:00
parent 1e651977e3
commit 6957939ffc
12 changed files with 5740 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
host_vars/irc.adm.crans.org.yml
View File

@ -39,3 +39,9 @@ loc_inspircd:
diepass: "{{ vault.irc_inspircd_diepass }}"
restartpass: "{{ vault.irc_inspircd_restartpass }}"
opers: "{{ vault.irc_inspircd_opers }}"
loc_anope:
recvpass: "{{ vault.irc_anope_recvpass }}"
sendpass: "{{ vault.irc_anope_sendpass }}"
options_seed: "{{ vault.irc_anope_options_seed }}"
services_roots: "{{ vault.irc_anope_services_roots }}"

2
plays/irc.yml
View File

@ -17,5 +17,7 @@
- hosts: irc
vars:
inspircd: "{{ glob_inspircd | default({}) | combine(loc_inspircd | default({})) }}"
anope: "{{ glob_anope | default({}) | combine(loc_anope | default({})) }}"
roles:
- inspircd
- anope

27
roles/anope/tasks/main.yml 100644
View File

@ -0,0 +1,27 @@
---
- name: Install Anope
apt:
update_cache: true
install_recommends: false
name:
- anope
register: apt_result
retries: 3
until: apt_result is succeeded
- name: Deploy Anope configuration
template:
src: "anope/{{ item }}.j2"
dest: "/etc/anope/{{ item }}"
mode: 0640
owner: root
group: irc
loop:
- botserv.conf
- chanserv.conf
- global.conf
- hostserv.conf
- modules.conf
- nickserv.conf
- operserv.conf
- services.conf

408
roles/anope/templates/anope/botserv.conf.j2 100644
View File

@ -0,0 +1,408 @@
/*
{{ ansible_header | comment(decoration=' * ') }}
*/
/*
* Example configuration file for BotServ.
*/
/*
* First, create the service. If you do not want to have a 'BotServ', but do want the ability to have
* ChanServ assigned to channels for the use of fantasy commands, you may delete the below 'service' block.
*
* Note that deleting a 'service' block for a pseudoclient that is already online will not remove the
* client, the client becomes no different from a normal service bot, so you will have to use botserv/bot
* to manually delete the client.
*
* You may then want to map some of the below commands to other services, like placing botserv/bot on
* OperServ so you can delete the below client, and mapping assign and unassign to ChanServ so users are
* able to control whether or not ChanServ is in the channel. You may also want to map botserv/set/nobot
* to OperServ so you can restrict who can assign the other core service clients.
*/
service
{
/*
* The name of the BotServ client.
* If you change this value, you probably want to change the client directive in the configuration for the botserv module too.
*/
nick = "BotServ"
/*
* The username of the BotServ client.
*/
user = "services"
/*
* The hostname of the BotServ client.
*/
host = "services.host"
/*
* The realname of the BotServ client.
*/
gecos = "Bot Service"
/*
* The modes this client should use.
* Do not modify this unless you know what you are doing.
*
* These modes are very IRCd specific. If left commented, sane defaults
* are used based on what protocol module you have loaded.
*
* Note that setting this option incorrectly could potentially BREAK some, if
* not all, usefulness of the client. We will not support you if this client is
* unable to do certain things if this option is enabled.
*/
#modes = "+o"
/*
* An optional comma separated list of channels this service should join. Outside
* of log channels this is not very useful, as the service will just idle in the
* specified channels, and will not accept any types of commands.
*
* Prefixes may be given to the channels in the form of mode characters or prefix symbols.
*/
#channels = "@#services"
}
/*
* Core BotServ module.
*
* Provides essential functionality for BotServ.
*/
module
{
name = "botserv"
/*
* The name of the client that should be BotServ.
*
* This directive is optional.
*/
client = "BotServ"
/*
* The default bot options for newly registered channels. Note that changing these options
* will have no effect on channels which are already registered. The list must be separated
* by spaces.
*
* The options are:
* - dontkickops: Channel operators will be protected against BotServ kicks
* - dontkickvoices: Voiced users will be protected against BotServ kicks
* - greet: The channel's BotServ bot will greet incoming users that have set a greet
* in their NickServ settings
* - fantasy: Enables the use of BotServ fantasy commands in the channel
*
* This directive is optional, if left blank, there will be no defaults.
*/
defaults = "greet fantasy"
/*
* The minimum number of users there must be in a channel before the bot joins it. The best
* value for this setting is 1 or 2. This can be 0, the service bots will not part unless
* specifically unassigned, and will keep the channel open.
*/
minusers = 0
/*
* The bots are currently not affected by any modes or bans when they try to join a channel.
* But some people may want to make it act like a real bot, that is, for example, remove all
* the bans affecting the bot before joining the channel, remove a ban that affects the bot
* set by a user when it is in the channel, and so on. Since it consumes a bit more CPU
* time, you should not enable this on larger networks.
*
* This directive is optional.
*/
#smartjoin = yes
/*
* Modes to set on service bots when they join channels, comment this out for no modes
*
* This directive is optional.
*/
botmodes = "ao"
/*
* User modes to set on service bots. Read the comment about the service:modes directive
* on why this can be a bad idea to set.
*/
#botumodes = "i"
}
/*
* Core BotServ commands.
*
* In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
* are loaded you can then configure the commands to be added to any client you like with any name you like.
*
* Additionally, you may provide a permission name that must be in the opertype of users executing the command.
*
* Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
*/
/* Give it a help command. */
command { service = "BotServ"; name = "HELP"; command = "generic/help"; }
/*
* bs_assign
*
* Provides the commands:
* botserv/assign - Used to assign BotServ bots to channels
* botserv/unassign - Used to unassign BotServ bots
* botserv/set/nobot - Used to prohibit channels from being assigned BotServ bots.
*
* Used for assigning and unassigning bots to channels.
*/
module { name = "bs_assign" }
command { service = "BotServ"; name = "ASSIGN"; command = "botserv/assign"; }
command { service = "BotServ"; name = "UNASSIGN"; command = "botserv/unassign"; }
command { service = "BotServ"; name = "SET NOBOT"; command = "botserv/set/nobot"; permission = "botserv/set/nobot"; }
/*
* bs_autoassign
*
* Allows service bots to be automatically assigned to channels upon registration.
*/
#module
{
name = "bs_autoassign"
/*
* Automatically assign ChanServ to channels upon registration.
*/
bot = "ChanServ"
}
/*
* bs_badwords
*
* Provides the command botserv/badwords.
*
* Used for controlling the channel badword list.
*/
module
{
name = "bs_badwords"
/*
* The maximum number of entries a single bad words list can have.
*/
badwordsmax = 32
/*
* If set, BotServ will use case sensitive checking for badwords.
*
* This directive is optional.
*/
#casesensitive = yes
}
command { service = "BotServ"; name = "BADWORDS"; command = "botserv/badwords"; }
/*
* bs_bot
*
* Provides the command botserv/bot.
*
* Used for administrating BotServ bots.
*/
module { name = "bs_bot" }
command { service = "BotServ"; name = "BOT"; command = "botserv/bot"; permission = "botserv/bot"; }
/*
* bs_botlist
*
* Provides the command botserv/botlist.
*
* Used for listing all available bots.
*/
module { name = "bs_botlist" }
command { service = "BotServ"; name = "BOTLIST"; command = "botserv/botlist"; }
/*
* bs_control
*
* Provides the commands botserv/act and botserv/say.
*
* Used for making the bot message a channel.
*/
module { name = "bs_control" }
command { service = "BotServ"; name = "ACT"; command = "botserv/act"; }
command { service = "BotServ"; name = "SAY"; command = "botserv/say"; }
/*
* bs_info
*
* Provides the command botserv/info.
*
* Used for getting information on bots or channels.
*/
module { name = "bs_info" }
command { service = "BotServ"; name = "INFO"; command = "botserv/info"; }
/*
* bs_kick
*
* Provides the commands:
* botserv/kick - Dummy help wrapper for the KICK command.
* botserv/kick/amsg - Configures BotServ's AMSG kicker.
* botserv/kick/badwords - Configures BotServ's badwords kicker.
* botserv/kick/bolds - Configures BotServ's bold text kiceker.
* botserv/kick/caps - Configures BotServ's capital letters kicker.
* botserv/kick/colors - Configures BotServ's color kicker.
* botserv/kick/flood - Configures BotServ's flood kicker.
* botserv/kick/italics - Configures BotServ's italics kicker.
* botserv/kick/repeat - Configures BotServ's repeat kicker.
* botserv/kick/reverses - Configures BotServ's reverse kicker.
* botserv/kick/underlines - Configures BotServ's reverse kicker.
* botserv/set/dontkickops - Used for preventing BotServ from kicking channel operators.
* botserv/set/dontkickvoices - Used for preventing BotServ from kicking voices.
*
* Used for configuring what bots should kick for.
*/
module
{
name = "bs_kick"
/*
* The amount of time that data for a user is valid in BotServ. If the data exceeds this time,
* it is reset or deleted depending on the case. Do not set it too high, otherwise your
* resources will be slightly affected.
*/
keepdata = 10m
/*
* If set, the bots will use a kick reason that does not state the word when it is kicking.
* This is especially useful if you have young people on your network.
*
* This directive is optional.
*/
gentlebadwordreason = yes
}
command { service = "BotServ"; name = "KICK"; command = "botserv/kick"; }
command { service = "BotServ"; name = "KICK AMSG"; command = "botserv/kick/amsg"; }
command { service = "BotServ"; name = "KICK BADWORDS"; command = "botserv/kick/badwords"; }
command { service = "BotServ"; name = "KICK BOLDS"; command = "botserv/kick/bolds"; }
command { service = "BotServ"; name = "KICK CAPS"; command = "botserv/kick/caps"; }
command { service = "BotServ"; name = "KICK COLORS"; command = "botserv/kick/colors"; }
command { service = "BotServ"; name = "KICK FLOOD"; command = "botserv/kick/flood"; }
command { service = "BotServ"; name = "KICK ITALICS"; command = "botserv/kick/italics"; }
command { service = "BotServ"; name = "KICK REPEAT"; command = "botserv/kick/repeat"; }
command { service = "BotServ"; name = "KICK REVERSES"; command = "botserv/kick/reverses"; }
command { service = "BotServ"; name = "KICK UNDERLINES"; command = "botserv/kick/underlines"; }
command { service = "BotServ"; name = "SET DONTKICKOPS"; command = "botserv/set/dontkickops"; }
command { service = "BotServ"; name = "SET DONTKICKVOICES"; command = "botserv/set/dontkickvoices"; }
/*
* bs_set
*
* Provides the commands:
* botserv/set/private - Used to prohibit specific BotServ bots from being assigned to channels.
*/
module { name = "bs_set" }
command { service = "BotServ"; name = "SET"; command = "botserv/set"; }
command { service = "BotServ"; name = "SET BANEXPIRE"; command = "botserv/set/banexpire"; }
command { service = "BotServ"; name = "SET PRIVATE"; command = "botserv/set/private"; permission = "botserv/set/private"; }
/*
* greet
*
* Provides the commands:
* botserv/set/greet - Used for enabling or disabling BotServ's greet messages in a channel.
* nickserv/set/greet, nickserv/saset/greet - Used for changing a users greet message, which is displayed when they enter channels.
*/
module { name = "greet" }
command { service = "BotServ"; name = "SET GREET"; command = "botserv/set/greet"; }
command { service = "NickServ"; name = "SET GREET"; command = "nickserv/set/greet"; }
command { service = "NickServ"; name = "SASET GREET"; command = "nickserv/saset/greet"; permission = "nickserv/saset/greet"; }
/*
* GREET privilege.
*
* Used by 'greet'.
*
* Users with this privilege have their greet shown when they join channels.
*/
privilege
{
name = "GREET"
rank = 40
level = 5
flag = "g"
xop = "AOP"
}
/*
* fantasy
*
* Allows 'fantaisist' commands to be used in channels.
*
* Provides the commands:
* botserv/set/fantasy - Used for enabling or disabling BotServ's fantasist commands.
*/
module
{
name = "fantasy"
/*
* Defines the prefixes for fantasy commands in channels. One of these characters will have to be prepended
* to all fantasy commands. If you choose "!", for example, fantasy commands will be "!kick",
* "!op", etc. This directive is optional, if left out, the default fantasy character is "!".
*/
#fantasycharacter = "!."
}
command { service = "BotServ"; name = "SET FANTASY"; command = "botserv/set/fantasy"; }
/*
* Fantasy commands
*
* Fantasy commands can be executed in channels that have a BotServ bot by prefixing the
* command with one of the fantasy characters configured in botserv's fantasycharacter
* directive.
*
* Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
*/
fantasy { name = "ACCESS"; command = "chanserv/access"; }
fantasy { name = "AKICK"; command = "chanserv/akick"; }
fantasy { name = "AOP"; command = "chanserv/xop"; }
fantasy { name = "BAN"; command = "chanserv/ban"; }
fantasy { name = "CLONE"; command = "chanserv/clone"; }
fantasy { name = "DEHALFOP"; command = "chanserv/modes"; }
fantasy { name = "DEOP"; command = "chanserv/modes"; }
fantasy { name = "DEOWNER"; command = "chanserv/modes"; }
fantasy { name = "DEPROTECT"; command = "chanserv/modes"; }
fantasy { name = "DEVOICE"; command = "chanserv/modes"; }
fantasy { name = "DOWN"; command = "chanserv/down"; }
fantasy { name = "ENFORCE"; command = "chanserv/enforce"; }
fantasy { name = "ENTRYMSG"; command = "chanserv/entrymsg"; }
fantasy { name = "FLAGS"; command = "chanserv/flags"; }
fantasy { name = "HALFOP"; command = "chanserv/modes"; }
fantasy { name = "HELP"; command = "generic/help"; prepend_channel = false; }
fantasy { name = "HOP"; command = "chanserv/xop"; }
fantasy { name = "INFO"; command = "chanserv/info"; prepend_channel = false; }
fantasy { name = "INVITE"; command = "chanserv/invite"; }
fantasy { name = "K"; command = "chanserv/kick"; }
fantasy { name = "KB"; command = "chanserv/ban"; }
fantasy { name = "KICK"; command = "chanserv/kick"; }
fantasy { name = "LEVELS"; command = "chanserv/levels"; }
fantasy { name = "LIST"; command = "chanserv/list"; prepend_channel = false; }
fantasy { name = "LOG"; command = "chanserv/log"; }
fantasy { name = "MODE"; command = "chanserv/mode"; }
fantasy { name = "MUTE"; command = "chanserv/ban"; kick = no; mode = "QUIET"; }
fantasy { name = "OP"; command = "chanserv/modes"; }
fantasy { name = "OWNER"; command = "chanserv/modes"; }
fantasy { name = "PROTECT"; command = "chanserv/modes"; }
fantasy { name = "QOP"; command = "chanserv/xop"; }
fantasy { name = "SEEN"; command = "chanserv/seen"; prepend_channel = false; }
fantasy { name = "SOP"; command = "chanserv/xop"; }
fantasy { name = "STATUS"; command = "chanserv/status"; }
fantasy { name = "SUSPEND"; command = "chanserv/suspend"; permission = "chanserv/suspend"; }
fantasy { name = "SYNC"; command = "chanserv/sync"; }
fantasy { name = "TOPIC"; command = "chanserv/topic"; }
fantasy { name = "UNBAN"; command = "chanserv/unban"; }
fantasy { name = "UNSUSPEND"; command = "chanserv/unsuspend"; permission = "chanserv/suspend"; }
fantasy { name = "UP"; command = "chanserv/up"; }
fantasy { name = "VOICE"; command = "chanserv/modes"; }
fantasy { name = "VOP"; command = "chanserv/xop"; }

1322
roles/anope/templates/anope/chanserv.conf.j2 100644
View File

File diff suppressed because it is too large Load Diff

119
roles/anope/templates/anope/global.conf.j2 100644
View File

@ -0,0 +1,119 @@
/*
{{ ansible_header | comment(decoration=' * ') }}
*/
/*
* Example configuration file for Global.
*/
/*
* First, create the service.
*/
service
{
/*
* The name of the Global client.
* If you change this value, you probably want to change the client directive in the configuration for the global module too.
*/
nick = "Global"
/*
* The username of the Global client.
*/
user = "services"
/*
* The hostname of the Global client.
*/
host = "services.host"
/*
* The realname of the Global client.
*/
gecos = "Global Noticer"
/*
* The modes this client should use.
* Do not modify this unless you know what you are doing.
*
* These modes are very IRCd specific. If left commented, sane defaults
* are used based on what protocol module you have loaded.
*
* Note that setting this option incorrectly could potentially BREAK some, if
* not all, usefulness of the client. We will not support you if this client is
* unable to do certain things if this option is enabled.
*/
#modes = "+o"
/*
* An optional comma separated list of channels this service should join. Outside
* of log channels this is not very useful, as the service will just idle in the
* specified channels, and will not accept any types of commands.
*
* Prefixes may be given to the channels in the form of mode characters or prefix symbols.
*/
channels = "@#services"
}
/*
* Core Global module.
*
* Provides essential functionality for Global.
*/
module
{
name = "global"
/*
* The name of the client that should be Global.
*/
client = "Global"
/*
* This is the global message that will be sent when Services are being
* shutdown/restarted.
*
* This directive is optional.
*/
#globaloncycledown = "Services are restarting, they will be back shortly - please be good while we're gone"
/*
* This is the global message that will be sent when Services (re)join the
* network.
*
* This directive is optional.
*/
#globaloncycleup = "Services are now back online - have a nice day"
/*
* If set, Services will hide the IRC Operator's nick in a global
* message/notice.
*
* This directive is optional.
*/
#anonymousglobal = yes
}
/*
* Core Global commands.
*
* In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
* are loaded you can then configure the commands to be added to any client you like with any name you like.
*
* Additionally, you may provide a permission name that must be in the opertype of users executing the command.
*
* Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
*/
/* Give it a help command. */
command { service = "Global"; name = "HELP"; command = "generic/help"; }
/*
* gl_global
*
* Provides the command global/global.
*
* Used for sending a message to every online user.
*/
module { name = "gl_global" }
command { service = "Global"; name = "GLOBAL"; command = "global/global"; permission = "global/global"; }

192
roles/anope/templates/anope/hostserv.conf.j2 100644
View File

@ -0,0 +1,192 @@
/*
{{ ansible_header | comment(decoration=' * ') }}
*/
/*
* Example configuration file for HostServ.
*/
/*
* First, create the service.
*/
service
{
/*
* The name of the HostServ client.
* If you change this value, you probably want to change the client directive in the configuration for the hostserv module too.
*/
nick = "HostServ"
/*
* The username of the HostServ client.
*/
user = "services"
/*
* The hostname of the HostServ client.
*/
host = "services.host"
/*
* The realname of the HostServ client.
*/
gecos = "vHost Service"
/*
* The modes this client should use.
* Do not modify this unless you know what you are doing.
*
* These modes are very IRCd specific. If left commented, sane defaults
* are used based on what protocol module you have loaded.
*
* Note that setting this option incorrectly could potentially BREAK some, if
* not all, usefulness of the client. We will not support you if this client is
* unable to do certain things if this option is enabled.
*/
#modes = "+o"
/*
* An optional comma separated list of channels this service should join. Outside
* of log channels this is not very useful, as the service will just idle in the
* specified channels, and will not accept any types of commands.
*
* Prefixes may be given to the channels in the form of mode characters or prefix symbols.
*/
channels = "@#services"
}
/*
* Core HostServ module.
*
* Provides essential functionality for HostServ.
*/
module
{
name = "hostserv"
/*
* The name of the client that should be HostServ.
*/
client = "HostServ"
/*
* If enabled, vhosts are activated on users immediately when they are set.
*/
activate_on_set = yes
}
/*
* Core HostServ commands.
*
* In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
* are loaded you can then configure the commands to be added to any client you like with any name you like.
*
* Additionally, you may provide a permission name that must be in the opertype of users executing the command.
*
* Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
*/
/* Give it a help command. */
command { service = "HostServ"; name = "HELP"; command = "generic/help"; }
/*
* hs_del
*
* Provides the commands hostserv/del and hostserv/delall.
*
* Used for removing users' vHosts.
*/
module { name = "hs_del" }
command { service = "HostServ"; name = "DEL"; command = "hostserv/del"; permission = "hostserv/del"; }
command { service = "HostServ"; name = "DELALL"; command = "hostserv/delall"; permission = "hostserv/del"; }
/*
* hs_group
*
* Provides the command hostserv/group.
*
* Used for grouping one vHost to many nicks.
*/
module
{
name = "hs_group"
/*
* Upon nickserv/group, this option syncs the nick's main vHost to the grouped nick.
*/
syncongroup = false
/*
* This makes vhosts act as if they are per account.
*/
synconset = false
}
command { service = "HostServ"; name = "GROUP"; command = "hostserv/group"; }
/*
* hs_list
*
* Provides the command hostserv/list.
*
* Used for listing actively set vHosts.
*/
module { name = "hs_list" }
command { service = "HostServ"; name = "LIST"; command = "hostserv/list"; permission = "hostserv/list"; }
/*
* hs_off
*
* Provides the command hostserv/off.
*
* Used for turning off your vHost.
*/
module { name = "hs_off" }
command { service = "HostServ"; name = "OFF"; command = "hostserv/off"; }
/*
* hs_on
*
* Provides the command hostserv/on.
*
* Used for turning on your vHost.
*/
module { name = "hs_on" }
command { service = "HostServ"; name = "ON"; command = "hostserv/on"; }
/*
* hs_request
*
* Provides the commands hostserv/request, hostserv/activate, hostserv/reject, and hostserv/waiting.
*
* Used to manage vHosts requested by users.
*/
module
{
name = "hs_request"
/*
* If set, Services will send a memo to the user requesting a vHost when it's been
* approved or rejected.
*/
memouser = yes
/*
* If set, Services will send a memo to all Services staff when a new vHost is requested.
*/
memooper = yes
}
command { service = "HostServ"; name = "REQUEST"; command = "hostserv/request"; }
command { service = "HostServ"; name = "ACTIVATE"; command = "hostserv/activate"; permission = "hostserv/set"; }
command { service = "HostServ"; name = "REJECT"; command = "hostserv/reject"; permission = "hostserv/set"; }
command { service = "HostServ"; name = "WAITING"; command = "hostserv/waiting"; permission = "hostserv/set"; }
/*
* hs_set
*
* Provides the commands hostserv/set and hostserv/setall.
*
* Used for setting users' vHosts.
*/
module { name = "hs_set" }
command { service = "HostServ"; name = "SET"; command = "hostserv/set"; permission = "hostserv/set"; }
command { service = "HostServ"; name = "SETALL"; command = "hostserv/setall"; permission = "hostserv/set"; }

247
roles/anope/templates/anope/memoserv.conf.j2 100644
View File

@ -0,0 +1,247 @@
/*
{{ ansible_header | comment(decoration=' * ') }}
*/
/*
* Example configuration file for MemoServ.
*/
/*
* First, create the service.
*/
service
{
/*
* The name of the MemoServ client.
* If you change this value, you probably want to change the client directive in the configuration for the memoserv module too.
*/
nick = "MemoServ"
/*
* The username of the MemoServ client.
*/
user = "services"
/*
* The hostname of the MemoServ client.
*/
host = "services.host"
/*
* The realname of the MemoServ client.
*/
gecos = "Memo Service"
/*
* The modes this client should use.
* Do not modify this unless you know what you are doing.
*
* These modes are very IRCd specific. If left commented, sane defaults
* are used based on what protocol module you have loaded.
*
* Note that setting this option incorrectly could potentially BREAK some, if
* not all, usefulness of the client. We will not support you if this client is
* unable to do certain things if this option is enabled.
*/
#modes = "+o"
/*
* An optional comma separated list of channels this service should join. Outside
* of log channels this is not very useful, as the service will just idle in the
* specified channels, and will not accept any types of commands.
*
* Prefixes may be given to the channels in the form of mode characters or prefix symbols.
*/
channels = "@#services"
}
/*
* Core MemoServ module.
*
* Provides essential functionality for MemoServ.
*/
module
{
name = "memoserv"
/*
* The name of the client that should be MemoServ. Clients are configured
* with the service blocks.
*/
client = "MemoServ"
/*
* The maximum number of memos a user is allowed to keep by default. Normal users may set the
* limit anywhere between 0 and this value. Services Admins can change it to any value or
* disable it.
*
* This directive is optional, but recommended. If not set, the limit is disabled
* by default, and normal users can set any limit they want.
*/
maxmemos = 20
/*
* The delay between consecutive uses of the MemoServ SEND command. This can help prevent spam
* as well as denial-of-service attacks from sending large numbers of memos and filling up disk
* space (and memory). The default 3-second wait means a maximum average of 150 bytes of memo
* per second per user under the current IRC protocol.
*
* This directive is optional, but recommended.
*/
senddelay = 3s
}
/*
* Core MemoServ commands.
*
* In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
* are loaded you can then configure the commands to be added to any client you like with any name you like.
*
* Additionally, you may provide a permission name that must be in the opertype of users executing the command.
*
* Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
*/
/* Give it a help command. */
command { service = "MemoServ"; name = "HELP"; command = "generic/help"; }
/*
* ms_cancel
*
* Provides the command memoserv/cancel.
*
* Used to cancel memos already sent but not yet read.
*/
module { name = "ms_cancel" }
command { service = "MemoServ"; name = "CANCEL"; command = "memoserv/cancel"; }
/*
* ms_check
*
* Provides the command memoserv/check.
*
* Used to check if a sent memo has been read.
*/
module { name = "ms_check" }
command { service = "MemoServ"; name = "CHECK"; command = "memoserv/check"; }
/*
* ms_del
*
* Provides the command memoserv/del.
*
* Used to delete your memos.
*/
module { name = "ms_del" }
command { service = "MemoServ"; name = "DEL"; command = "memoserv/del"; }
/*
* ms_ignore
*
* Provides the command memoserv/ignore.
*
* Used to ignore memos from specific users.
*/
module
{
name = "ms_ignore"
/*
* The maximum number of entries that may be on a memo ignore list.
*
* This directive is optional.
*/
max = 32
}
command { service = "MemoServ"; name = "IGNORE"; command = "memoserv/ignore"; }
/*
* ms_info
*
* Provides the command memoserv/info.
*
* Used to show memo related information about an account or a channel.
*/
module { name = "ms_info" }
command { service = "MemoServ"; name = "INFO"; command = "memoserv/info"; }
/*
* ms_list
*
* Provides the command memoserv/list.
*
* Used to list your current memos.
*/
module { name = "ms_list" }
command { service = "MemoServ"; name = "LIST"; command = "memoserv/list"; }
/*
* ms_read
*
* Provides the command memoserv/read.
*
* Used to read your memos.
*/
module { name = "ms_read" }
command { service = "MemoServ"; name = "READ"; command = "memoserv/read"; }
/*
* ms_rsend
*
* Provides the command memoserv/rsend.
*
* Used to send a memo requiring a receipt be sent back once it is read.
*
* Requires configuring memoserv:memoreceipt.
*/
module
{
name = "ms_rsend"
/*
* Only allow Services Operators to use ms_rsend.
*
* This directive is optional.
*/
operonly = false
}
command { service = "MemoServ"; name = "RSEND"; command = "memoserv/rsend"; }
/*
* ms_send
*
* Provides the command memoserv/send.
*
* Used to send memos.
*/
module { name = "ms_send" }
command { service = "MemoServ"; name = "SEND"; command = "memoserv/send"; }
/*
* ms_sendall
*
* Provides the command memoserv/sendall.
*
* Used to send a mass memo to every registered user.
*/
module { name = "ms_sendall" }
command { service = "MemoServ"; name = "SENDALL"; command = "memoserv/sendall"; permission = "memoserv/sendall"; }
/*
* ms_set
*
* Provides the command memoserv/set.
*
* Used to set settings such as how you are notified of new memos, and your memo limit.
*/
module { name = "ms_set" }
command { service = "MemoServ"; name = "SET"; command = "memoserv/set"; }
/*
* ms_staff
*
* Provides the command memoserv/staff.
*
* Used to send a memo to all registered staff members.
*/
module { name = "ms_staff" }
command { service = "MemoServ"; name = "STAFF"; command = "memoserv/staff"; permission = "memoserv/staff"; }

757
roles/anope/templates/anope/modules.conf.j2 100644
View File

@ -0,0 +1,757 @@
/*
{{ ansible_header | comment(decoration=' * ') }}
*/
/*
* [OPTIONAL] Non-Core Modules
*
* The following blocks are used to load all non-core modules, including 3rd-party modules.
* Modules can be prevented from loading by commenting out the line, other modules can be added by
* adding a module block. These modules will be loaded prior to Services connecting to your network.
*
* Note that some of these modules are labeled EXTRA, and are not included in the Debian package. Please
* file a wishlist bug against anope in the Debian BTS if you would like to use an 'extra' module.
*/
/*
* help
*
* Provides the command generic/help.
*
* This is a generic help command that can be used with any client.
*/
module { name = "help" }
/*
* m_dns
*
* Adds support for the DNS protocol. By itself this module does nothing useful,
* but other modules such as m_dnsbl and os_dns require this.
*/
#module
{
name = "m_dns"
/*
* The nameserver to use for resolving hostnames, must be an IP or a resolver configuration file.
* The below should work fine on all unix like systems. Windows users will have to find their nameservers
* from ipconfig /all and put the IP here.
*/
nameserver = "/etc/resolv.conf"
#nameserver = "127.0.0.1"
/*
* How long to wait in seconds before a DNS query has timed out.
*/
timeout = 5
/* Only edit below if you are expecting to use os_dns or otherwise answer DNS queries. */
/*
* The IP and port services use to listen for DNS queries.
* Note that ports less than 1024 are privileged on UNIX/Linux systems, and
* require Anope to be started as root. If you do this, it is recommended you
* set options:user and options:group so Anope can change users after binding
* to this port.
*/
ip = "0.0.0.0"
port = 53
/*
* SOA record information.
*/
/* E-mail address of the DNS administrator. */
admin = "admin@example.com"
/* This should be the names of the public facing nameservers serving the records. */
nameservers = "ns1.example.com ns2.example.com"
/* The time slave servers are allowed to cache. This should be reasonably low
* if you want your records to be updated without much delay.
*/
refresh = 3600
/* A notify block. There should probably be one per nameserver listed in 'nameservers'.
*/
notify
{
ip = "192.0.2.0"
port = 53
}
}
/*
* m_dnsbl
*
* Allows configurable DNS blacklists to check connecting users against. If a user
* is found on the blacklist they will be immediately banned. This is a crucial module
* to prevent bot attacks.
*/
#module
{
name = "m_dnsbl"
/*
* If set, Services will check clients against the DNSBLs when services connect to its uplink.
* This is not recommended, and on large networks will open a very large amount of DNS queries.
* Whilst services are not drastically affected by this, your nameserver/DNSBL might care.
*/
check_on_connect = no
/*
* If set, Services will check clients when coming back from a netsplit. This can cause a large number
* of DNS queries open at once. Whilst services are not drastically affected by this, your nameserver/DNSBL
* might care.
*/
check_on_netburst = no
/*
* If set, OperServ will add clients found in the DNSBL to the akill list. Without it, OperServ simply sends
* a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being fill up by bots.
*/
add_to_akill = yes
blacklist
{
/* Name of the blacklist. */
name = "rbl.efnetrbl.org"
/* How long to set the ban for. */
time = 4h
/* Reason for akill.
* %n is the nick of the user
* %u is the ident/username of the user
* %g is the realname of the user
* %h is the hostname of the user
* %i is the IP of the user
* %r is the reply reason (configured below). Will be nothing if not configured.
* %N is the network name set in networkinfo:networkname
*/
reason = "You are listed in the efnet RBL, visit http://rbl.efnetrbl.org/?i=%i for info"
/* Replies to ban and their reason. If no relies are configured, all replies get banned. */
reply
{
code = 1
reason = "Open Proxy"
}
#reply
{
code = 2
reason = "spamtrap666"
}
#reply
{
code = 3
reason = "spamtrap50"
}
reply
{
code = 4
reason = "TOR"
/*
* If set, users identified to services at the time the result comes back
* will not be banned.
*/
#allow_account = yes
}
reply
{
code = 5
reason = "Drones / Flooding"
}
}
blacklist
{
name = "dnsbl.dronebl.org"
time = 4h
reason = "You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded?ip=%i&network=%N"
}
/* Exempt localhost from DNSBL checks */
exempt { ip = "127.0.0.1" }
}
/*
* m_helpchan
*
* Gives users who are op in the specified help channel usermode +h (helpop).
*/
#module
{
name = "m_helpchan"
helpchannel = "#help"
}
/*
* m_httpd
*
* Allows services to serve web pages. By itself, this module does nothing useful.
*
* Note that using this will allow users to get the IP of your services.
* To prevent this we recommend using a reverse proxy or a tunnel.
*/
#module
{
name = "m_httpd"
httpd
{
/* Name of this service. */
name = "httpd/main"
/* IP to listen on. */
ip = "0.0.0.0"
/* Port to listen on. */
port = 8080
/* Time before connections to this server are timed out. */
timeout = 30
/* Listen using SSL. Requires an SSL module. */
#ssl = yes
/* If you are using a reverse proxy that sends one of the
* extforward_headers set below, set this to its IP.
* This allows services to obtain the real IP of users by
* reading the forwarded-for HTTP header.
*/
#extforward_ip = "192.168.0.255"
/* The header to look for. These probably work as is. */
extforward_header = "X-Forwarded-For Forwarded-For"
}
}
/*
* m_ldap [EXTRA]
*
* This module allows other modules to use LDAP. By itself, this module does nothing useful.
*/
#module
{
name = "m_ldap"
ldap
{
server = "ldap://127.0.0.1"
/*
* Admin credentials used for performing searches and adding users.
*/
admin_binddn = "cn=Manager,dc=anope,dc=org"
admin_password = "secret"
}
}
/*
* m_ldap_authentication [EXTRA]
*
* This module allows many commands such as IDENTIFY, RELEASE, RECOVER, GHOST, etc. use
* LDAP to authenticate users. Requires m_ldap.
*/
#module
{
name = "m_ldap_authentication"
/*
* The distinguished name used for searching for users's accounts.
*/
basedn = "ou=users,dc=anope,dc=org"
/*
* The search filter used to look up users's accounts.
* %account is replaced with the user's account.
* %object_class is replaced with the object_class configured below.
*/
search_filter = "(&(uid=%account)(objectClass=%object_class))"
/*
* The object class used by LDAP to store user account information.
* This is used for adding new users to LDAP if registration is allowed.
*/
object_class = "anopeUser"
/*
* The attribute value used for account names.
*/
username_attribute = "uid"
/*
* The attribute value used for email addresses.
* This directive is optional.
*/
email_attribute = "email"
/*
* The attribute value used for passwords.
* Used when registering new accounts in LDAP.
*/
password_attribute = "userPassword"
/*
* If set, the reason to give the users who try to register with nickserv,
* including nick registration from grouping.
*
* If not set, then registration is not blocked.
*/
#disable_register_reason = "To register on this network visit http://some.misconfigured.site/register"
/*
* If set, the reason to give the users who try to "/msg NickServ SET EMAIL".
* If not set, then email changing is not blocked.
*/
#disable_email_reason = "To change your email address visit http://some.misconfigured.site"
}
/*
* m_ldap_oper [EXTRA]
*
* This module dynamically ties users to Anope opertypes when they identify
* via LDAP group membership. Requires m_ldap.
*
* Note that this doesn't give the user privileges on the IRCd, only in Services.
*/
#module
{
name = "m_ldap_oper"
/*
* An optional binddn to use when searching for groups.
* %a is replaced with the account name of the user.
*/
#binddn = "cn=Manager,dc=anope,dc=org"
/*
* An optional password to bind with.
*/
#password = "secret"
/*
* The base DN where the groups are.
*/
basedn = "ou=groups,dc=anope,dc=org"
/*
* The filter to use when searching for users.
* %a is replaced with the account name of the user.
*/
filter = "(member=uid=%a,ou=users,dc=anope,dc=org)"
/*
* The attribute of the group that is the name of the opertype.
* The cn attribute should match a known opertype in the config.
*/
opertype_attribute = "cn"
}
/*
* m_mysql [EXTRA]
*
* This module allows other modules to use MySQL.
*/
#module
{
name = "m_mysql"
mysql
{
/* The name of this service. */
name = "mysql/main"
database = "anope"
server = "127.0.0.1"
username = "anope"
password = "mypassword"
port = 3306
}
}
/*
* m_redis
*
* This module allows other modules to use Redis.
*/
#module
{
name = "m_redis"
/* A redis database */
redis
{
/* The name of this service */
name = "redis/main"
/*
* The redis database to use. New connections default to 0.
*/
db = 0
ip = "127.0.0.1"
port = 6379
}
}
/*
* m_regex_pcre [EXTRA]
*
* Provides the regex engine regex/pcre, which uses the Perl Compatible Regular Expressions library.
*/
#module { name = "m_regex_pcre" }
/*
* m_regex_posix [EXTRA]
*
* Provides the regex engine regex/posix, which uses the POSIX compliant regular expressions.
* This is likely the only regex module you will not need extra libraries for.
*/
#module { name = "m_regex_posix" }
/*
* m_regex_tre [EXTRA]
*
* Provides the regex engine regex/tre, which uses the TRE regex library.
*/
#module { name = "m_regex_tre" }
/*
* m_rewrite
*
* Allows rewriting commands sent to/from clients.
*/
#module { name = "m_rewrite" }
#command
{
service = "ChanServ"; name = "CLEAR"; command = "rewrite"
/* Enable m_rewrite. */
rewrite = true
/* Source message to match. A $ can be used to match anything. */
rewrite_source = "CLEAR $ USERS"
/*
* Message to rewrite the source message to. A $ followed by a number, eg $0, gets
* replaced by the number-th word from the source_message, starting from 0.
*/
rewrite_target = "KICK $1 *"
/*
* The command description. This only shows up in HELP's output.
* Comment this option to prevent the command from showing in the
* HELP command.
*/
rewrite_description = "Clears all users from a channel"
}
/*
* m_proxyscan
*
* This module allows you to scan connecting clients for open proxies.
* Note that using this will allow users to get the IP of your services.
*
* Currently the two supported proxy types are HTTP and SOCKS5.
*
* The proxy scanner works by attempting to connect to clients when they
* connect to the network, and if they have a proxy running instruct it to connect
* back to services. If services are able to connect through the proxy to itself
* then it knows it is an insecure proxy, and will ban it.
*/
#module
{
name = "m_proxyscan"
/*
* The target IP services tells the proxy to connect back to. This must be a publicly
* available IP that remote proxies can connect to.
*/
#target_ip = "127.0.0.1"
/*
* The port services tells the proxy to connect to.
*/
target_port = 7226
/*
* The listen IP services listen on for incoming connections from suspected proxies.
* This probably will be the same as target_ip, but may not be if you are behind a firewall (NAT).
*/
#listen_ip = "127.0.0.1"
/*
* The port services should listen on for incoming connections from suspected proxies.
* This most likely will be the same as target_port.
*/
listen_port = 7226
/*
* An optional notice sent to clients upon connect.
*/
#connect_notice = "We will now scan your host for insecure proxies. If you do not consent to this scan please disconnect immediately."
/*
* Who the notice should be sent from.
*/
#connect_source = "OperServ"
/*
* If set, OperServ will add infected clients to the akill list. Without it, OperServ simply sends
* a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being filled up by bots.
*/
add_to_akill = yes
/*
* How long before connections should be timed out.
*/
timeout = 5
proxyscan
{
/* The type of proxy to check for. A comma separated list is allowed. */
type = "HTTP"
/* The ports to check. */
port = "80,8080"
/* How long to set the ban for. */
time = 4h
/*
* The reason to ban the user for.
* %h is replaced with the type of proxy found.
* %i is replaced with the IP of proxy found.
* %p is replaced with the port.
*/
reason = "You have an open proxy running on your host (%t:%i:%p)"
}
}
/*
* m_sasl
*
* Some IRCds allow "SASL" authentication to let users identify to Services
* during the IRCd user registration process. If this module is loaded, Services will allow
* authenticating users through this mechanism. Supported mechanisms are:
* PLAIN, EXTERNAL.
*/
#module { name = "m_sasl" }
/*
* m_ssl_gnutls [EXTRA]
*
* This module provides SSL services to Anope using GnuTLS, for example to
* connect to the uplink server(s) via SSL.
*
* You may only load either m_ssl_gnutls or m_ssl_openssl, bot not both.
*/
#module
{
name = "m_ssl_gnutls"
/*
* An optional certificate and key for m_ssl_gnutls to give to the uplink.
*
* You can generate your own certificate and key pair by using:
*
* certtool --generate-privkey --bits 2048 --outfile anope.key
* certtool --generate-self-signed --load-privkey anope.key --outfile anope.crt
*
*/
cert = "data/anope.crt"
key = "data/anope.key"
/*
* Diffie-Hellman parameters to use when acting as a server. This is only
* required for TLS servers that want to use ephemeral DH cipher suites.
*
* This is NOT required for Anope to connect to the uplink server(s) via SSL.
*
* You can generate DH parameters by using:
*
* certtool --generate-dh-params --bits 2048 --outfile dhparams.pem
*
*/
# dhparams = "data/dhparams.pem"
}
/*
* m_ssl_openssl [EXTRA]
*
* This module provides SSL services to Anope using OpenSSL, for example to
* connect to the uplink server(s) via SSL.
*
* You may only load either m_ssl_openssl or m_ssl_gnutls, bot not both.
*
*/
#module
{
name = "m_ssl_openssl"
/*
* An optional certificate and key for m_ssl_openssl to give to the uplink.
*
* You can generate your own certificate and key pair by using:
*
* openssl genrsa -out anope.key 2048
* openssl req -new -x509 -key anope.key -out anope.crt -days 1095
*/
cert = "data/anope.crt"
key = "data/anope.key"
/*
* As of 2014 SSL 3.0 is considered insecure, but it might be enabled
* on some systems by default for compatibility reasons.
* You can use the following option to enable or disable it explicitly.
* Leaving this option not set defaults to the default system behavior.
*/
#sslv3 = no
}
/*
* m_sql_authentication [EXTRA]
*
* This module allows authenticating users against an external SQL database using a custom
* query.
*/
#module
{
name = "m_sql_authentication"
/* SQL engine to use. Should be configured elsewhere with m_mysql, m_sqlite, etc. */
engine = "mysql/main"
/* Query to execute to authenticate. A non empty result from this query is considered a success,
* and the user will be authenticated.
*
* @a@ is replaced with the user's account name
* @p@ is replaced with the user's password
* @n@ is replaced with the user's nickname
* @i@ is replaced with the user's IP
*
* Note that @n@ and @i@ may not always exist in the case of a user identifying outside of the normal
* nickserv/identify command, such as through the web panel.
*
* Furthermore, if a field named email is returned from this query the user's email is
* set to its value.
*
*
* We've included some example queries for some popular website/forum systems.
*
* Drupal 6: "SELECT `mail` AS `email` FROM `users` WHERE `name` = @a@ AND `pass` = MD5(@p@) AND `status` = 1"
* e107 cms: "SELECT `user_email` AS `email` FROM `e107_user` WHERE `user_loginname` = @a@ AND `user_password` = MD5(@p@)"
* SMF Forum: "SELECT `email_address` AS `email` FROM `smf_members` WHERE `member_name` = @a@ AND `passwd` = SHA1(CONCAT(LOWER(@a@), @p@))"
* vBulletin: "SELECT `email` FROM `user` WHERE `username` = @a@ AND `password` = MD5(CONCAT(MD5(@p@), `salt`))"
* IP.Board: "SELECT `email` FROM `ibf_members` WHERE `name` = @a@ AND `members_pass_hash` = MD5(CONCAT(MD5(`members_pass_salt`), MD5(@p@)))"
*/
query = "SELECT `email_addr` AS `email` FROM `my_users` WHERE `username` = @a@ AND `password` = MD5(CONCAT('salt', @p@))"
/*
* If set, the reason to give the users who try to "/msg NickServ REGISTER".
* If not set, then registration is not blocked.
*/
#disable_reason = "To register on this network visit http://some.misconfigured.site/register"
/*
* If set, the reason to give the users who try to "/msg NickServ SET EMAIL".
* If not set, then email changing is not blocked.
*/
#disable_email_reason = "To change your email address visit http://some.misconfigured.site"
}
/*
* m_sql_log [EXTRA]
*
* This module adds an additional target option to log{} blocks
* that allows logging Service's logs to SQL. To log to SQL, add
* the SQL service name to log:targets prefixed by sql_log:. For
* example:
*
* log
* {
* targets = "services.log sql_log:mysql/main"
* ...
* }
*
* By default this module logs to the table `logs`, and will create
* it if it doesn't exist. This module does not create any indexes (keys)
* on the table and it is recommended you add them yourself as necessary.
*/
#module { name = "m_sql_log" }
/*
* m_sql_oper [EXTRA]
*
* This module allows granting users services operator privileges and possibly IRC Operator
* privileges based on an external SQL database using a custom query.
*/
#module
{
name = "m_sql_oper"
/* SQL engine to use. Should be configured elsewhere with m_mysql, m_sqlite, etc. */
engine = "mysql/main"
/* Query to execute to determine if a user should have operator privileges.
* A field named opertype must be returned in order to link the user to their oper type.
* The oper types must be configured earlier in services.conf.
*
* If a field named modes is returned from this query then those modes are set on the user.
* Without this, only a simple +o is sent.
*
* @a@ is replaced with the user's account name
* @i@ is replaced with the user's IP
*/
query = "SELECT `opertype` FROM `my_users` WHERE `user_name` = @a@"
}
/*
* m_sqlite [EXTRA]
*
* This module allows other modules to use SQLite.
*/
#module
{
name = "m_sqlite"
/* A SQLite database */
sqlite
{
/* The name of this service. */
name = "sqlite/main"
/* The database name, it will be created if it does not exist. */
database = "anope.db"
}
}
/*
* m_xmlrpc
*
* Allows remote applications (websites) to execute queries in real time to retrieve data from Anope.
* By itself this module does nothing, but allows other modules (m_xmlrpc_main) to receive and send XMLRPC queries.
*/
#module
{
name = "m_xmlrpc"
/* Web service to use. Requires m_httpd. */
server = "httpd/main"
}
/*
* m_xmlrpc_main
*
* Adds the main XMLRPC core functions.
* Requires m_xmlrpc.
*/
#module { name = "m_xmlrpc_main" }

674
roles/anope/templates/anope/nickserv.conf.j2 100644
View File

@ -0,0 +1,674 @@
/*
{{ ansible_header | comment(decoration=' * ') }}
*/
/*
* Example configuration file for NickServ.
*/
/*
* First, create the service.
*/
service
{
/*
* The name of the NickServ client.
* If you change this value, you probably want to change the client directive in the configuration for the nickserv module too.
*/
nick = "NickServ"
/*
* The username of the NickServ client.
*/
user = "services"
/*
* The hostname of the NickServ client.
*/
host = "services.host"
/*
* The realname of the NickServ client.
*/
gecos = "Nickname Registration Service"
/*
* The modes this client should use.
* Do not modify this unless you know what you are doing.
*
* These modes are very IRCd specific. If left commented, sane defaults
* are used based on what protocol module you have loaded.
*
* Note that setting this option incorrectly could potentially BREAK some, if
* not all, usefulness of the client. We will not support you if this client is
* unable to do certain things if this option is enabled.
*/
#modes = "+o"
/*
* An optional comma separated list of channels this service should join. Outside
* of log channels this is not very useful, as the service will just idle in the
* specified channels, and will not accept any types of commands.
*
* Prefixes may be given to the channels in the form of mode characters or prefix symbols.
*/
channels = "@#services"
}
/*
* Core NickServ module.
*
* Provides essential functionality for NickServ.
*/
module
{
name = "nickserv"
/*
* The name of the client that should be NickServ.
*/
client = "NickServ"
/*
* Force users to give an e-mail address when they register a nick.
*
* This directive defaults to "yes" and is recommended to be enabled. This is required if e-mail registration is enabled.
*/
forceemail = yes
/*
* Require users who change their email address to confirm they
* own their new email.
*/
confirmemailchanges = no
/*
* A message sent to users on connect if they use an unregistered nick. %n will be replaced with the user's nickname.
*
* This directive is optional.
*/
unregistered_notice = "Your nickname is not registered. To register it, use: /msg NickServ REGISTER password email"
/*
* The default options for newly registered nicks. Note that changing these options
* will have no effect on nicks which are already registered. The list must be separated
* by spaces.
*
* The options are:
* - killprotect: Kill nick if not identified within 60 seconds
* - kill_quick: Kill nick if not identified within 20 seconds, this one overrides the above
* option and the above must be specified with this one
* - ns_secure: Enable nickname security, requiring the nick's password before any operations
* can be done on it
* - ns_private: Hide the nick from NickServ's LIST command
* - hide_email: Hide's the nick's e-mail address from NickServ's INFO command
* - hide_mask: Hide's the nick's last or current user@host from NickServ's INFO command
* - hide_quit: Hide's the nick's last quit message
* - memo_signon: Notify user if they have a new memo when they sign into the nick
* - memo_receive: Notify user if they have a new memo as soon as it's received
* - memo_mail: Notify user if they have a new memo by mail
* - autoop: User will be automatically opped in channels they enter and have access to
* - msg: Services messages will be sent as PRIVMSGs instead of NOTICEs, requires
* options:useprivmsg to be enabled as well
* - ns_keepmodes: Enables keepmodes, which retains user modes across sessions
* - ns_no_expire: Enables no expire. Unconfirmed expire overrules this.
*
* This directive is optional, if left blank, the options will default to ns_secure, memo_signon, and
* memo_receive. If you really want no defaults, use "none" by itself as the option.
*/
defaults = "ns_secure ns_private hide_email hide_mask memo_signon memo_receive autoop"
/*
* The minimum length of time between consecutive uses of NickServ's REGISTER command. This
* directive is optional, but recommended. If not set, this restriction will be disabled.
*/
regdelay = 30s
/*
* The length of time before a nick's registration expires.
*
* This directive is optional, but recommended. If not set, the default is 21 days.
*/
expire = 365d
/*
* Prevents the use of the ACCESS and CERT (excluding their LIST subcommand), DROP, FORBID, SUSPEND,
* GETPASS and SET PASSWORD commands by services operators on other services operators.
*
* This directive is optional, but recommended.
*/
secureadmins = no
/*
* If set, Services will set the channel modes a user has access to upon identifying, assuming
* they are not already set.
*
* This directive is optional.
*/
modeonid = yes
/*
* If set, Services will set these user modes on any user who identifies.
*
* This directive is optional.
*/
#modesonid = "+R"
/*
* If set, Services will not show netsplits in the last quit message field
* of NickServ's INFO command.
*/
hidenetsplitquit = no
/*
* If set, is the length of time NickServ's killquick and kill options wait before
* forcing users off of protected nicknames.
*/
killquick = 20s
kill = 60s
/*
* If set, forbids the registration of nicks that contain an existing
* nick with Services access. For example, if Tester is a Services Oper,
* you can't register NewTester or Tester123 unless you are an IRC
* Operator.
*
* NOTE: If you enable this, you will have to be logged in as an IRC
* operator in order to register a Services Root nick when setting up
* Anope for the first time.
*
* This directive is optional.
*/
#restrictopernicks = yes
/*
* The username, and possibly hostname, used for fake users created when Services needs to
* hold a nickname.
*/
enforceruser = "enforcer"
enforcerhost = "services.host"
/*
* The length of time Services hold nicknames.
*
* This directive is optional, but recommended. If not set it defaults to 1 minute.
*/
releasetimeout = 1m
/*
* When a user's nick is forcibly changed to enforce a "nick kill", their new nick will start
* with this value. The rest will be made up of 6 or 7 digits.
* Make sure this is a valid nick and Nicklen+7 is not longer than the allowed Nicklen on your ircd.
*
* This directive is optional. If not set it defaults to "Guest"
*/
guestnickprefix = "Guest"
/*
* If set, Services do not allow ownership of nick names, only ownership of accounts.
*/
nonicknameownership = no
/*
* The maximum length of passwords
*
* This directive is optional. If not set it defaults to 32.
*/
passlen = 64
}
/*
* Core NickServ commands.
*
* In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
* are loaded you can then configure the commands to be added to any client you like with any name you like.
*
* Additionally, you may provide a permission name that must be in the opertype of users executing the command.
*
* Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
*/
/* Command group configuration for NickServ.
*
* Commands may optionally be placed into groups to make NickServ's HELP output easier to understand.
* Remove the following groups to use the old behavior of simply listing all NickServ commands from HELP.
*/
command_group
{
name = "nickserv/admin"
description = _("Services Operator commands")
}
/* Give it a help command. */
command { service = "NickServ"; name = "HELP"; command = "generic/help"; }
/*
* ns_access
*
* Provides the command nickserv/access.
*
* Used for configuring what hosts have access to your account.
*/
module
{
name = "ns_access"
/*
* The maximum number of entries allowed on a nickname's access list.
* If not set, the default is 32. This number cannot be set to 0.
*/
accessmax = 32
/*
* If set, Services will add the usermask of registering users to the access list of their
* newly created account. If not set, users will always have to identify to NickServ before
* being recognized, unless they manually add an address to the access list of their account.
* This directive is optional.
*/
addaccessonreg = yes
}
command { service = "NickServ"; name = "ACCESS"; command = "nickserv/access"; }
/*
* ns_ajoin
*
* Provides the command nickserv/ajoin.
*
* Used for configuring channels to join once you identify.
*/
module
{
name = "ns_ajoin"
/*
* The maximum number of channels a user can have on NickServ's AJOIN command.
*/
ajoinmax = 10
}
command { service = "NickServ"; name = "AJOIN"; command = "nickserv/ajoin"; }
/*
* ns_alist
*
* Provides the command nickserv/alist.
*
* Used for viewing what channels you have access to.
*/
module { name = "ns_alist" }
command { service = "NickServ"; name = "ALIST"; command = "nickserv/alist"; }
/*
* ns_cert
*
* Provides the command nickserv/cert.
*
* Used for configuring your SSL certificate list, which can be used to automatically identify you.
*/
module
{
name = "ns_cert"
/*
* The maximum number of entries allowed on a nickname's certificate fingerprint list.
* The default is 5. This number cannot be set to 0.
*/
max = 5
}
command { service = "NickServ"; name = "CERT"; command = "nickserv/cert"; }
/*
* ns_drop
*
* Provides the command nickserv/drop.
*
* Used for unregistering names.
*/
module { name = "ns_drop" }
command { service = "NickServ"; name = "DROP"; command = "nickserv/drop"; }
/*
* ns_getemail
*
* Provides the command nickserv/getemail.
*
* Used for getting registered accounts by searching for emails.
*/
module { name = "ns_getemail" }
command { service = "NickServ"; name = "GETEMAIL"; command = "nickserv/getemail"; permission = "nickserv/getemail"; group = "nickserv/admin"; }
/*
* ns_getpass
*
* Provides the command nickserv/getpass.
*
* Used for getting users passwords.
*
* Requires no encryption is being used.
*/
#module { name = "ns_getpass" }
#command { service = "NickServ"; name = "GETPASS"; command = "nickserv/getpass"; permission = "nickserv/getpass"; }
/*
* ns_group
*
* Provides the commands nickserv/group, nickserv/glist, and nickserv/ungroup.
*
* Used for controlling nick groups.
*/
module
{
name = "ns_group"
/*
* The maximum number of nicks allowed in a group.
*
* This directive is optional, but recommended. If not set or set to 0, no limits will be applied.
*/
maxaliases = 16
/*
* If set, the NickServ GROUP command won't allow any group changes. This is recommended to
* prevent users from accidentally dropping their nicks, as it forces users to explicitly
* drop their nicks before adding it to another group.
*
* This directive is optional, but recommended.
*/
nogroupchange = yes
}
command { service = "NickServ"; name = "GLIST"; command = "nickserv/glist"; }
command { service = "NickServ"; name = "GROUP"; command = "nickserv/group"; }
command { service = "NickServ"; name = "UNGROUP"; command = "nickserv/ungroup"; }
/*
* ns_identify
*
* Provides the command nickserv/identify.
*
* Used for identifying to accounts.
*/
module
{
name = "ns_identify"
/*
* If set, limits the number of concurrent users that can be logged in as a given account at once.
*/
maxlogins = 10
}
command { service = "NickServ"; name = "ID"; command = "nickserv/identify"; hide = true; }
command { service = "NickServ"; name = "IDENTIFY"; command = "nickserv/identify"; }
/*
* ns_info
*
* Provides the commands:
* nickserv/info. - Used for gathering information about an account.
* nickserv/set/hide, nickserv/saset/hide - Used for configuring which options are publicly shown in nickserv/info.
*
*/
module { name = "ns_info" }
command { service = "NickServ"; name = "INFO"; command = "nickserv/info"; }
command { service = "NickServ"; name = "SET HIDE"; command = "nickserv/set/hide"; }
command { service = "NickServ"; name = "SASET HIDE"; command = "nickserv/saset/hide"; permission = "nickserv/saset/hide"; }
/*
* ns_list
*
* Provides the commands:
* nickserv/list - Used for retrieving and searching the registered account list.
* nickserv/set/private, nickserv/saset/private - Used for configuring whether or a users account shows up in nickserv/list.
*
*/
module
{
name = "ns_list"
/*
* The maximum number of nicks to be returned for a NickServ LIST command.
*/
listmax = 50
}
command { service = "NickServ"; name = "LIST"; command = "nickserv/list"; }
command { service = "NickServ"; name = "SET PRIVATE"; command = "nickserv/set/private"; }
command { service = "NickServ"; name = "SASET PRIVATE"; command = "nickserv/saset/private"; permission = "nickserv/saset/private"; }
/*
* ns_logout
*
* Provides the command nickserv/logout.
*
* Used for logging out of your account.
*/
module { name = "ns_logout" }
command { service = "NickServ"; name = "LOGOUT"; command = "nickserv/logout"; }
/*
* ns_recover
*
* Provides the command nickserv/recover.
*
* Used for recovering your nick from services or another user.
*/
module
{
name = "ns_recover"
/*
* If set, Services will svsnick and svsjoin users who use the recover
* command on an identified user to the nick and channels of the recovered user.
*
* This directive is opional.
*/
restoreonrecover = yes
}
command { service = "NickServ"; name = "RECOVER"; command = "nickserv/recover"; }
# Uncomment below to emulate 1.8's behavior of ghost and release.
#command { service = "NickServ"; name = "GHOST"; command = "nickserv/recover"; }
#command { service = "NickServ"; name = "RELEASE"; command = "nickserv/recover"; }
/*
* ns_register
*
* Provides the commands nickserv/confirm, nickserv/register, and nickserv/resend.
*
* Used for registering accounts.
*/
module
{
name = "ns_register"
/*
* Registration confirmation setting. Set to "none" for no registration confirmation,
* "mail" for email confirmation, and "admin" to have services operators manually confirm
* every registration. Set to "disable" to completely disable all registrations.
*/
registration = "none"
/*
* The minimum length of time between consecutive uses of NickServ's RESEND command.
*
* This directive is optional, but recommended. If not set, this restriction will be disabled.
*/
resenddelay = 90s
/*
* Prevents users from registering their nick if they are not connected
* for at least the given number of seconds.
*
* This directive is optional.
*/
nickregdelay = 30s
/*
* The length of time a user using an unconfirmed account has
* before the account will be released for general use again.
*/
unconfirmedexpire = 1d
}
command { service = "NickServ"; name = "CONFIRM"; command = "nickserv/confirm"; }
command { service = "NickServ"; name = "REGISTER"; command = "nickserv/register"; }
command { service = "NickServ"; name = "RESEND"; command = "nickserv/resend"; }
/*
* ns_resetpass
*
* Provides the command nickserv/resetpass.
*
* Used for resetting passwords by emailing users a temporary one.
*/
module { name = "ns_resetpass" }
command { service = "NickServ"; name = "RESETPASS"; command = "nickserv/resetpass"; }
/*
* ns_set
*
* Provides the commands:
* nickserv/set, nickserv/saset - Dummy help wrappers for the SET and SASET commands.
* nickserv/set/autoop, nickserv/saset/autoop - Determines whether or not modes are automatically set users when joining a channel.
* nickserv/set/display, nickserv/saset/display - Used for setting a users display name.
* nickserv/set/email, nickserv/saset/email - Used for setting a users email address.
* nickserv/set/keepmodes, nickserv/saset/keepmodes - Configure whether or not services should retain a user's modes across sessions.
* nickserv/set/kill, nickserv/saset/kill - Used for configuring nickname protection.
* nickserv/set/language, nickserv/saset/language - Used for configuring what language services use.
* nickserv/set/message, nickserv/saset/message - Used to configure how services send messages to you.
* nickserv/set/password, nickserv/saset/password - Used for changing a users password.
* nickserv/set/secure, nickserv/saset/secure - Used for configuring whether a user can identify by simply being recognized by nickserv/access.
* nickserv/saset/noexpire - Used for configuring noexpire, which prevents nicks from expiring.
*/
module
{
name = "ns_set"
/*
* Allow the use of the IMMED option in the NickServ SET KILL command.
*
* This directive is optional.
*/
#allowkillimmed = yes
}
command { service = "NickServ"; name = "SET"; command = "nickserv/set"; }
command { service = "NickServ"; name = "SASET"; command = "nickserv/saset"; permission = "nickserv/saset/"; group = "nickserv/admin"; }
command { service = "NickServ"; name = "SET AUTOOP"; command = "nickserv/set/autoop"; }
command { service = "NickServ"; name = "SASET AUTOOP"; command = "nickserv/saset/autoop"; permission = "nickserv/saset/autoop"; }
command { service = "NickServ"; name = "SET DISPLAY"; command = "nickserv/set/display"; }
command { service = "NickServ"; name = "SASET DISPLAY"; command = "nickserv/saset/display"; permission = "nickserv/saset/display"; }
command { service = "NickServ"; name = "SET EMAIL"; command = "nickserv/set/email"; }
command { service = "NickServ"; name = "SASET EMAIL"; command = "nickserv/saset/email"; permission = "nickserv/saset/email"; }
command { service = "NickServ"; name = "SET KEEPMODES"; command = "nickserv/set/keepmodes"; }
command { service = "NickServ"; name = "SASET KEEPMODES"; command = "nickserv/saset/keepmodes"; permission = "nickserv/saset/keepmodes"; }
command { service = "NickServ"; name = "SET KILL"; command = "nickserv/set/kill"; }
command { service = "NickServ"; name = "SASET KILL"; command = "nickserv/saset/kill"; permission = "nickserv/saset/kill"; }
command { service = "NickServ"; name = "SET LANGUAGE"; command = "nickserv/set/language"; }
command { service = "NickServ"; name = "SASET LANGUAGE"; command = "nickserv/saset/language"; permission = "nickserv/saset/language"; }
command { service = "NickServ"; name = "SET MESSAGE"; command = "nickserv/set/message"; }
command { service = "NickServ"; name = "SASET MESSAGE"; command = "nickserv/saset/message"; permission = "nickserv/saset/message"; }
command { service = "NickServ"; name = "SET PASSWORD"; command = "nickserv/set/password"; }
command { service = "NickServ"; name = "SASET PASSWORD"; command = "nickserv/saset/password"; permission = "nickserv/saset/password"; }
command { service = "NickServ"; name = "SET SECURE"; command = "nickserv/set/secure"; }
command { service = "NickServ"; name = "SASET SECURE"; command = "nickserv/saset/secure"; permission = "nickserv/saset/secure"; }
command { service = "NickServ"; name = "SASET NOEXPIRE"; command = "nickserv/saset/noexpire"; permission = "nickserv/saset/noexpire"; }
/*
* ns_set_misc
*
* Provides the command nickserv/set/misc.
*
* Allows you to create arbitrary commands to set data, and have that data show up in nickserv/info.
* A field named misc_description may be given for use with help output.
*/
module { name = "ns_set_misc" }
command { service = "NickServ"; name = "SET URL"; command = "nickserv/set/misc"; misc_description = _("Associate a URL with your account"); }
command { service = "NickServ"; name = "SASET URL"; command = "nickserv/saset/misc"; misc_description = _("Associate a URL with this account"); permission = "nickserv/saset/url"; group = "nickserv/admin"; }
#command { service = "NickServ"; name = "SET ICQ"; command = "nickserv/set/misc"; misc_description = _("Associate an ICQ account with your account"); }
#command { service = "NickServ"; name = "SASET ICQ"; command = "nickserv/saset/misc"; misc_description = _("Associate an ICQ account with this account"); permission = "nickserv/saset/icq"; group = "nickserv/admin"; }
#command { service = "NickServ"; name = "SET TWITTER"; command = "nickserv/set/misc"; misc_description = _("Associate a Twitter account with your account"); }
#command { service = "NickServ"; name = "SASET TWITTER"; command = "nickserv/saset/misc"; misc_description = _("Associate a Twitter account with this account"); permission = "nickserv/saset/twitter"; group = "nickserv/admin"; }
#command { service = "NickServ"; name = "SET FACEBOOK"; command = "nickserv/set/misc"; misc_description = _("Associate a Facebook URL with your account"); }
#command { service = "NickServ"; name = "SASET FACEBOOK"; command = "nickserv/saset/misc"; misc_description = _("Associate a Facebook URL with this account"); permission = "nickserv/saset/facebook"; group = "nickserv/admin"; }
/*
* ns_status
*
* Provides the nickserv/status command.
*
* Used to determine if a user is recognized or identified by services.
*/
module { name = "ns_status" }
command { service = "NickServ"; name = "STATUS"; command = "nickserv/status"; }
/*
* ns_suspend
*
* Provides the commands nickserv/suspend and nickserv/unsuspend.
*
* Used to suspend and unsuspend nicknames. Suspended nicknames can not be used but their settings are preserved.
*/
module
{
name = "ns_suspend"
/*
* The length of time before a suspended nick becomes unsuspended.
*
* This directive is optional. If not set, the default is never.
*/
#suspendexpire = 90d
/*
* Settings to show to non-opers in NickServ's INFO output.
* Comment to completely disable showing any information about
* suspended nicknames to non-opers.
*/
show = "suspended, by, reason, on, expires"
}
command { service = "NickServ"; name = "SUSPEND"; command = "nickserv/suspend"; permission = "nickserv/suspend"; group = "nickserv/admin"; }
command { service = "NickServ"; name = "UNSUSPEND"; command = "nickserv/unsuspend"; permission = "nickserv/suspend"; group = "nickserv/admin"; }
/*
* ns_update
*
* Provides the command nickserv/update.
*
* Used to update your status on all channels, turn on your vHost, etc.
*/
module { name = "ns_update" }
command { service = "NickServ"; name = "UPDATE"; command = "nickserv/update"; }
/*
* Extra NickServ related modules.
*/
/*
* ns_maxemail
*
* Limits how many times the same email address may be used in Anope
* to register accounts.
*/
#module
{
name = "ns_maxemail"
/*
* The limit to how many registered nicks can use the same e-mail address. If set to 0 or left
* commented, there will be no limit enforced when registering new accounts or using
* /msg NickServ SET EMAIL.
*/
maxemails = 1
}

702
roles/anope/templates/anope/operserv.conf.j2 100644
View File

@ -0,0 +1,702 @@
/*
{{ ansible_header | comment(decoration=' * ') }}
*/
/*
* Example configuration file for OperServ.
*/
/*
* First, create the service.
*/
service
{
/*
* The name of the OperServ client.
* If you change this value, you probably want to change the client directive in the configuration for the operserv module too.
*/
nick = "OperServ"
/*
* The username of the OperServ client.
*/
user = "services"
/*
* The hostname of the OperServ client.
*/
host = "services.host"
/*
* The realname of the OperServ client.
*/
gecos = "Operator Service"
/*
* The modes this client should use.
* Do not modify this unless you know what you are doing.
*
* These modes are very IRCd specific. If left commented, sane defaults
* are used based on what protocol module you have loaded.
*
* Note that setting this option incorrectly could potentially BREAK some, if
* not all, usefulness of the client. We will not support you if this client is
* unable to do certain things if this option is enabled.
*/
#modes = "+o"
/*
* An optional comma separated list of channels this service should join. Outside
* of log channels this is not very useful, as the service will just idle in the
* specified channels, and will not accept any types of commands.
*
* Prefixes may be given to the channels in the form of mode characters or prefix symbols.
*/
channels = "@#services"
}
/*
* Core OperServ module.
*
* Provides essential functionality for OperServ.
*/
module
{
name = "operserv"
/*
* The name of the client that should be OperServ.
*/
client = "OperServ"
/*
* These define the default expiration times for, respectively, AKILLs, CHANKILLs, SNLINEs,
* and SQLINEs.
*/
autokillexpiry = 30d
chankillexpiry = 30d
snlineexpiry = 30d
sqlineexpiry = 30d
/*
* If set, this option will make Services send an AKILL command immediately after it has been
* added with AKILL ADD. This eliminates the need for killing the user after the AKILL has
* been added.
*
* This directive is optional, but recommended.
*/
akillonadd = yes
/*
* If set, this option will make Services send an (SVS)KILL command immediately after SNLINE ADD.
* This eliminates the need for killing the user after the SNLINE has been added.
*
* This directive is optional.
*/
killonsnline = yes
/*
* If set, this option will make Services send an (SVS)KILL command immediately after SQLINE ADD.
* This eliminates the need for killing the user after the SQLINE has been added.
*
* This directive is optional.
*/
killonsqline = yes
/*
* Adds the nickname of the IRC Operator issuing an AKILL to the kill reason.
*
* This directive is optional.
*/
addakiller = yes
/*
* Adds akill IDs to akills. Akill IDs are given to users in their ban reason and can be used to easily view,
* modify, or remove an akill from the ID.
*/
akillids = yes
/*
* If set, only IRC Operators will be permitted to use OperServ, regardless of command access restrictions.
*
* This directive is optional, but recommended.
*/
opersonly = yes
}
/*
* Core OperServ commands.
*
* In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
* are loaded you can then configure the commands to be added to any client you like with any name you like.
*
* Additionally, you may provide a permission name that must be in the opertype of users executing the command.
*
* Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
*/
/* Give it a help command. */
command { service = "OperServ"; name = "HELP"; command = "generic/help"; }
/*
* os_akill
*
* Provides the command operserv/akill.
*
* Used to ban users from the network.
*/
module { name = "os_akill" }
command { service = "OperServ"; name = "AKILL"; command = "operserv/akill"; permission = "operserv/akill"; }
/*
* os_chankill
*
* Provides the command operserv/chankill.
*
* Used to akill users from an entire channel.
*/
module { name = "os_chankill" }
command { service = "OperServ"; name = "CHANKILL"; command = "operserv/chankill"; permission = "operserv/chankill"; }
/*
* os_defcon
*
* Provides the command operserv/defcon.
*
* Allows you to set services in defcon mode, which can be used to restrict services access
* during bot attacks.
*/
module
{
name = "os_defcon"
/*
* Default DefCon level (1-5) to use when starting Services up. Level 5 constitutes normal operation
* while level 1 constitutes the most restrictive operation. If this setting is left out or set to
* 0, DefCon will be disabled and the rest of this block will be ignored.
*/
defaultlevel = 5
/*
* The following 4 directives define what operations will take place when DefCon is set to levels
* 1 through 4. Each level is a list that must be separated by spaces.
*
* The following operations can be defined at each level:
* - nonewchannels: Disables registering new channels
* - nonewnicks: Disables registering new nicks
* - nomlockchanges: Disables changing MLOCK on registered channels
* - forcechanmodes: Forces all channels to have the modes given in the later chanmodes directive
* - reducedsessions: Reduces the session limit to the value given in the later sessionlimit directive
* - nonewclients: KILL any new clients trying to connect
* - operonly: Services will ignore all non-IRCops
* - silentoperonly: Services will silently ignore all non-IRCops
* - akillnewclients: AKILL any new clients trying to connect
* - nonewmemos: No new memos will be sent to block MemoServ attacks
*/
level4 = "nonewchannels nonewnicks nomlockchanges reducedsessions"
level3 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions"
level2 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions silentoperonly"
level1 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions silentoperonly akillnewclients"
/*
* New session limit to use when a DefCon level is using "reduced" session limiting.
*/
sessionlimit = 2
/*
* Length of time to add an AKILL for when DefCon is preventing new clients from connecting to the
* network.
*/
akillexpire = 5m
/*
* The channel modes to set on all channels when the DefCon channel mode system is in use.
*
* Note 1: Choose these modes carefully, because when DefCon switches to a level which does NOT have
* the mode setting selected, Services will set the reverse on all channels, e.g. if this setting
* is +RN when DefCon is used, all channels will be set to +RN, when DefCon is removed, all
* channels will be set to -RN. You don't want to set this to +k for example, because when DefCon
* is removed, all channels are set -k, removing the key from previously keyed channels.
*
* Note 2: MLOCKed modes will not be lost.
*/
chanmodes = "+R"
/*
* This value can be used to automatically return the network to DefCon level 5 after the specified
* time period, just in case any IRC Operator forgets to remove a DefCon setting.
*
* This directive is optional.
*/
timeout = 60m
/*
* If set, Services will send a global message on DefCon level changes.
*
* This directive is optional.
*/
#globalondefcon = yes
/*
* If set, Services will send the global message defined in the message directive on DefCon level
* changes.
*
* This directive is optional.
*/
#globalondefconmore = yes
/*
* Defines the message that will be sent on DefCon level changes when globalondefconmore is set.
*
* This directive is required only when globalondefconmore is set.
*/
#message = "Put your message to send your users here. Don't forget to uncomment globalondefconmore"
/*
* Defines the message that will be sent when DefCon is returned to level 5. This directive is optional,
* and will also override globalondefcon and globalondefconmore when set.
*/
#offmessage = "Services are now back to normal, sorry for any inconvenience"
/*
* Defines the reason to use when clients are KILLed or AKILLed from the network while the proper
* DefCon operation is in effect.
*/
akillreason = "This network is currently not accepting connections, please try again later."
}
command { service = "OperServ"; name = "DEFCON"; command = "operserv/defcon"; permission = "operserv/defcon"; }
/*
* os_dns
*
* Provides the command operserv/dns.
*
* This module requires that m_dns is loaded.
*
* This module allows controlling a DNS zone. This is useful for
* controlling what servers users are placed on for load balancing,
* and to automatically remove split servers.
*
* To use this module you must set a nameserver record for services
* so that DNS queries go to services.
*
* Alternatively, you may use a slave DNS server to hide service's IP,
* provide query caching, and provide better fault tolerance.
*
* To do this using BIND, configure similar to:
*
* options { max-refresh-time 60; };
* zone "irc.example.com" IN {
* type slave;
* masters { 127.0.0.1 port 5353; };
* };
*
* Where 127.0.0.1:5353 is the IP and port services are listening on.
* We recommend you externally firewall both UDP and TCP to the port
* Anope is listening on.
*
* Finally set a NS record for irc.example.com. to BIND or services.
*/
#module
{
name = "os_dns"
/* TTL for records. This should be very low if your records change often. */
ttl = 1m
/* If a server drops this many users the server is automatically removed from the DNS zone.
* This directive is optional.
*/
user_drop_mark = 50
/* The time used for user_drop_mark. */
user_drop_time = 1m
/* When a server is removed from the zone for dropping users, it is readded after this time.
* This directive is optional.
*/
user_drop_readd_time = 5m
/* If set, when a server splits, it is automatically removed from the zone. */
remove_split_servers = yes
/* If set, when a server connects to the network, it will be automatically added to
* the zone if it is a known server.
*/
readd_connected_servers = no
}
#command { service = "OperServ"; name = "DNS"; command = "operserv/dns"; permission = "operserv/dns"; }
/*
* os_config
*
* Provides the command operserv/config.
*
* Used to view and set configuration options while services are running.
*/
module { name = "os_config" }
command { service = "OperServ"; name = "CONFIG"; command = "operserv/config"; permission = "operserv/config"; }
/*
* os_forbid
*
* Provides the command operserv/forbid.
*
* Used to forbid specific nicks, channels, emails, etc. from being used.
*/
module { name = "os_forbid" }
command { service = "OperServ"; name = "FORBID"; command = "operserv/forbid"; permission = "operserv/forbid"; }
/*
* os_ignore
*
* Provides the command operserv/ignore.
*
* Used to make Services ignore users.
*/
module { name = "os_ignore" }
command { service = "OperServ"; name = "IGNORE"; command = "operserv/ignore"; permission = "operserv/ignore"; }
/*
* os_info
*
* Provides the command operserv/info.
*
* Used to add oper only notes to users and channels.
*/
module { name = "os_info" }
command { service = "OperServ"; name = "INFO"; command = "operserv/info"; permission = "operserv/info"; }
/*
* os_jupe
*
* Provides the command operserv/jupe.
*
* Used to disconnect servers from the network and prevent them from relinking.
*/
module { name = "os_jupe" }
command { service = "OperServ"; name = "JUPE"; command = "operserv/jupe"; permission = "operserv/jupe"; }
/*
* os_kick
*
* Provides the command operserv/kick.
*
* Used to kick users from channels.
*/
module { name = "os_kick" }
command { service = "OperServ"; name = "KICK"; command = "operserv/kick"; permission = "operserv/kick"; }
/*
* os_kill
*
* Provides the command operserv/kill.
*
* Used to forcibly disconnect users from the network.
*/
module { name = "os_kill" }
command { service = "OperServ"; name = "KILL"; command = "operserv/kill"; permission = "operserv/kill"; }
/*
* os_list
*
* Provides the commands operserv/chanlist and operserv/userlist.
*
* Used to list and search the channels and users currently on the network.
*/
module { name = "os_list" }
command { service = "OperServ"; name = "CHANLIST"; command = "operserv/chanlist"; permission = "operserv/chanlist"; }
command { service = "OperServ"; name = "USERLIST"; command = "operserv/userlist"; permission = "operserv/userlist"; }
/*
* os_login
*
* Provides the commands operserv/login and operserv/logout.
*
* Used to login to OperServ, only required if your oper block requires this.
*/
module { name = "os_login" }
command { service = "OperServ"; name = "LOGIN"; command = "operserv/login"; }
command { service = "OperServ"; name = "LOGOUT"; command = "operserv/logout"; }
/*
* os_logsearch
*
* Provides the command operserv/logsearch.
*
* Used to search services log files.
*/
module
{
name = "os_logsearch"
/* The log file name to search. There should be a log{} block configured to log
* to a file of this name.
*/
logname = "services.log"
}
command { service = "OperServ"; name = "LOGSEARCH"; command = "operserv/logsearch"; permission = "operserv/logsearch"; }
/*
* os_mode
*
* Provides the commands operserv/mode and operserv/umode.
*
* Used to change user and channel modes.
*/
module { name = "os_mode" }
command { service = "OperServ"; name = "UMODE"; command = "operserv/umode"; permission = "operserv/umode"; }
command { service = "OperServ"; name = "MODE"; command = "operserv/mode"; permission = "operserv/mode"; }
/*
* os_modinfo
*
* Provides the commands operserv/modinfo and operserv/modlist.
*
* Used to show information about loaded modules.
*/
module { name = "os_modinfo" }
command { service = "OperServ"; name = "MODINFO"; command = "operserv/modinfo"; permission = "operserv/modinfo"; }
command { service = "OperServ"; name = "MODLIST"; command = "operserv/modlist"; permission = "operserv/modinfo"; }
/*
* os_module
*
* Provides the commands operserv/modload, operserv/modreload, and operserv/modunload.
*
* Used to load, reload, and unload modules.
*/
module { name = "os_module" }
command { service = "OperServ"; name = "MODLOAD"; command = "operserv/modload"; permission = "operserv/modload"; }
command { service = "OperServ"; name = "MODRELOAD"; command = "operserv/modreload"; permission = "operserv/modload"; }
command { service = "OperServ"; name = "MODUNLOAD"; command = "operserv/modunload"; permission = "operserv/modload"; }
/*
* os_news
*
* Provides the commands operserv/logonnews, operserv/opernews, and operserv/randomnews.
*
* Used to configure news notices shown to users when they connect, and opers when they oper.
*/
module
{
name = "os_news"
/*
* The service bot names to use to send news to users on connection
* and to opers when they oper.
*/
announcer = "Global"
oper_announcer = "OperServ"
/*
* The number of LOGON/OPER news items to display when a user logs on.
*
* This directive is optional, if not set it will default to 3.
*/
#newscount = 3
}
command { service = "OperServ"; name = "LOGONNEWS"; command = "operserv/logonnews"; permission = "operserv/news"; }
command { service = "OperServ"; name = "OPERNEWS"; command = "operserv/opernews"; permission = "operserv/news"; }
command { service = "OperServ"; name = "RANDOMNEWS"; command = "operserv/randomnews"; permission = "operserv/news"; }
/*
* os_noop
*
* Provides the command operserv/noop.
*
* Used to NOOP a server, which prevents users from opering on that server.
*/
module { name = "os_noop" }
command { service = "OperServ"; name = "NOOP"; command = "operserv/noop"; permission = "operserv/noop"; }
/*
* os_oline
*
* Provides the command operserv/oline.
*
* Used to set oper flags on users, and is specific to UnrealIRCd.
* See /helpop ?svso on your IRCd for more information.
*/
module { name = "os_oline" }
command { service = "OperServ"; name = "OLINE"; command = "operserv/oline"; permission = "operserv/oline"; }
/*
* os_oper
*
* Provides the command operserv/oper.
*
* Used to configure opers and show information about opertypes.
*/
module { name = "os_oper" }
command { service = "OperServ"; name = "OPER"; command = "operserv/oper"; permission = "operserv/oper"; }
/*
* os_reload
*
* Provides the command operserv/reload.
*
* Used to reload the services.conf configuration file.
*/
module { name = "os_reload" }
command { service = "OperServ"; name = "RELOAD"; command = "operserv/reload"; permission = "operserv/reload"; }
/*
* os_session
*
* Provides the commands operserv/exception and operserv/session.
*
* This module enables session limiting. Session limiting prevents users from connecting more than a certain
* number of times from the same IP at the same time - thus preventing most types of cloning.
* Once a host reaches it's session limit, all clients attempting to connect from that host will
* be killed. Exceptions to the default session limit can be defined via the exception list.
*
* Used to manage the session limit exception list, and view currently active sessions.
*/
module
{
name = "os_session"
/*
* Default session limit per host. Once a host reaches its session limit, all clients attempting
* to connect from that host will be killed.
*
* This directive is required if os_session is loaded.
*/
defaultsessionlimit = 15
/*
* The maximum session limit that may be set for a host in an exception.
*
* This directive is required if os_session is loaded.
*/
maxsessionlimit = 250
/*
* Sets the default expiry time for session exceptions.
*/
exceptionexpiry = 1d
/*
* The message that will be NOTICE'd to a user just before they are removed from the network because
* their host's session limit has been exceeded. It may be used to give a slightly more descriptive
* reason for the impending kill as opposed to simply "Session limit exceeded".
*
* This directive is optional, if not set, nothing will be sent.
*/
sessionlimitexceeded = "The session limit for your IP %IP% has been exceeded."
/*
* Same as above, but should be used to provide a website address where users can find out more
* about session limits and how to go about applying for an exception.
*
* Note: This directive has been intentionally commented out in an effort to remind you to change
* the URL it contains. It is recommended that you supply an address/URL where people can get help
* regarding session limits.
*
* This directive is optional, if not set, nothing will be sent.
*/
#sessionlimitdetailsloc = "Please visit http://your.website.url/ for more information about session limits."
/*
* If set and is not 0, this directive tells Services to add an AKILL if the number of subsequent kills
* for the same host exceeds this value, preventing the network from experiencing KILL floods.
*
* This directive is optional.
*/
maxsessionkill = 15
/*
* Sets the expiry time for AKILLs set for hosts exceeding the maxsessionkill directive limit.
*
* This directive is optional, if not set, defaults to 30 minutes.
*/
sessionautokillexpiry = 30m
/*
* Sets the CIDR value used to determine which IP addresses represent the same person.
* By default this would limit 3 connections per IPv4 IP and 3 connections per IPv6 IP.
* If you are receiving IPv6 clone attacks it may be useful to set session_ipv6_cidr to
* 64 or 48.
*/
session_ipv4_cidr = 32
session_ipv6_cidr = 128
}
command { service = "OperServ"; name = "EXCEPTION"; command = "operserv/exception"; permission = "operserv/exception"; }
command { service = "OperServ"; name = "SESSION"; command = "operserv/session"; permission = "operserv/session"; }
/*
* os_set
*
* Provides the command operserv/set.
*
* Used to set various settings such as superadmin, debug mode, etc.
*/
module
{
name = "os_set"
/*
* If set, Services Admins will be able to use SUPERADMIN [ON|OFF] which will temporarily grant
* them extra privileges such as being a founder on ALL channels.
*
* This directive is optional.
*/
superadmin = yes
}
command { service = "OperServ"; name = "SET"; command = "operserv/set"; permission = "operserv/set"; }
/*
* os_shutdown
*
* Provides the commands operserv/quit, operserv/restart, and operserv/shutdown.
*
* Used to quit, restart, or shutdown services.
*/
module { name = "os_shutdown" }
command { service = "OperServ"; name = "QUIT"; command = "operserv/quit"; permission = "operserv/quit"; }
command { service = "OperServ"; name = "RESTART"; command = "operserv/restart"; permission = "operserv/restart"; }
command { service = "OperServ"; name = "SHUTDOWN"; command = "operserv/shutdown"; permission = "operserv/shutdown"; }
/*
* os_stats
*
* Provides the operserv/stats command.
*
* Used to show statistics about services.
*/
module { name = "os_stats" }
command { service = "OperServ"; name = "STATS"; command = "operserv/stats"; permission = "operserv/stats"; }
/*
* os_svs
*
* Provides the commands operserv/svsnick, operserv/svsjoin, and operserv/svspart.
*
* Used to force users to change nicks, join and part channels.
*/
module { name = "os_svs" }
command { service = "OperServ"; name = "SVSNICK"; command = "operserv/svsnick"; permission = "operserv/svs"; }
command { service = "OperServ"; name = "SVSJOIN"; command = "operserv/svsjoin"; permission = "operserv/svs"; }
command { service = "OperServ"; name = "SVSPART"; command = "operserv/svspart"; permission = "operserv/svs"; }
/*
* os_sxline
*
* Provides the operserv/snline and operserv/sqline commands.
*
* Used to ban real names, nick names, and possibly channels.
*/
module { name = "os_sxline" }
command { service = "OperServ"; name = "SNLINE"; command = "operserv/snline"; permission = "operserv/snline"; }
command { service = "OperServ"; name = "SQLINE"; command = "operserv/sqline"; permission = "operserv/sqline"; }
/*
* os_update
*
* Provides the operserv/update command.
*
* Use to immediately update the databases.
*/
module { name = "os_update" }
command { service = "OperServ"; name = "UPDATE"; command = "operserv/update"; permission = "operserv/update"; }

1284
roles/anope/templates/anope/services.conf.j2 100644
View File

File diff suppressed because it is too large Load Diff