diff --git a/host_vars/irc.adm.crans.org.yml b/host_vars/irc.adm.crans.org.yml
index 722c6fcf..dfb6def1 100644
--- a/host_vars/irc.adm.crans.org.yml
+++ b/host_vars/irc.adm.crans.org.yml
@@ -39,3 +39,9 @@ loc_inspircd:
   diepass: "{{ vault.irc_inspircd_diepass }}"
   restartpass: "{{ vault.irc_inspircd_restartpass }}"
   opers: "{{ vault.irc_inspircd_opers }}"
+
+loc_anope:
+  recvpass: "{{ vault.irc_anope_recvpass }}"
+  sendpass: "{{ vault.irc_anope_sendpass }}"
+  options_seed: "{{ vault.irc_anope_options_seed }}"
+  services_roots: "{{ vault.irc_anope_services_roots }}"
diff --git a/plays/irc.yml b/plays/irc.yml
index d3701060..b0c12a86 100755
--- a/plays/irc.yml
+++ b/plays/irc.yml
@@ -17,5 +17,7 @@
 - hosts: irc
   vars:
     inspircd: "{{ glob_inspircd | default({}) | combine(loc_inspircd | default({})) }}"
+    anope: "{{ glob_anope | default({}) | combine(loc_anope | default({})) }}"
   roles:
     - inspircd
+    - anope
diff --git a/roles/anope/tasks/main.yml b/roles/anope/tasks/main.yml
new file mode 100644
index 00000000..122b34e7
--- /dev/null
+++ b/roles/anope/tasks/main.yml
@@ -0,0 +1,27 @@
+---
+- name: Install Anope
+  apt:
+    update_cache: true
+    install_recommends: false
+    name:
+      - anope
+  register: apt_result
+  retries: 3
+  until: apt_result is succeeded
+
+- name: Deploy Anope configuration
+  template:
+    src: "anope/{{ item }}.j2"
+    dest: "/etc/anope/{{ item }}"
+    mode: 0640
+    owner: root
+    group: irc
+  loop:
+    - botserv.conf
+    - chanserv.conf
+    - global.conf
+    - hostserv.conf
+    - modules.conf
+    - nickserv.conf
+    - operserv.conf
+    - services.conf
diff --git a/roles/anope/templates/anope/botserv.conf.j2 b/roles/anope/templates/anope/botserv.conf.j2
new file mode 100644
index 00000000..cadef068
--- /dev/null
+++ b/roles/anope/templates/anope/botserv.conf.j2
@@ -0,0 +1,408 @@
+/*
+{{ ansible_header | comment(decoration=' * ') }}
+ */
+
+/*
+ * Example configuration file for BotServ.
+ */
+
+/*
+ * First, create the service. If you do not want to have a 'BotServ', but do want the ability to have
+ * ChanServ assigned to channels for the use of fantasy commands, you may delete the below 'service' block.
+ *
+ * Note that deleting a 'service' block for a pseudoclient that is already online will not remove the
+ * client, the client becomes no different from a normal service bot, so you will have to use botserv/bot
+ * to manually delete the client.
+ *
+ * You may then want to map some of the below commands to other services, like placing botserv/bot on
+ * OperServ so you can delete the below client, and mapping assign and unassign to ChanServ so users are
+ * able to control whether or not ChanServ is in the channel. You may also want to map botserv/set/nobot
+ * to OperServ so you can restrict who can assign the other core service clients.
+ */
+service
+{
+	/*
+	 * The name of the BotServ client.
+	 * If you change this value, you probably want to change the client directive in the configuration for the botserv module too.
+	 */
+	nick = "BotServ"
+
+	/*
+	 * The username of the BotServ client.
+	 */
+	user = "services"
+
+	/*
+	 * The hostname of the BotServ client.
+	 */
+	host = "services.host"
+
+	/*
+	 * The realname of the BotServ client.
+	 */
+	gecos = "Bot Service"
+
+	/*
+	 * The modes this client should use.
+	 * Do not modify this unless you know what you are doing.
+	 *
+	 * These modes are very IRCd specific. If left commented, sane defaults
+	 * are used based on what protocol module you have loaded.
+	 *
+	 * Note that setting this option incorrectly could potentially BREAK some, if
+	 * not all, usefulness of the client. We will not support you if this client is
+	 * unable to do certain things if this option is enabled.
+	 */
+	#modes = "+o"
+
+	/*
+	 * An optional comma separated list of channels this service should join. Outside
+	 * of log channels this is not very useful, as the service will just idle in the
+	 * specified channels, and will not accept any types of commands.
+	 *
+	 * Prefixes may be given to the channels in the form of mode characters or prefix symbols.
+	 */
+	#channels = "@#services"
+}
+
+/*
+ * Core BotServ module.
+ *
+ * Provides essential functionality for BotServ.
+ */
+module
+{
+	name = "botserv"
+
+	/*
+	 * The name of the client that should be BotServ.
+	 *
+	 * This directive is optional.
+	 */
+	client = "BotServ"
+
+	/*
+	 * The default bot options for newly registered channels. Note that changing these options
+	 * will have no effect on channels which are already registered. The list must be separated
+	 * by spaces.
+	 *
+	 * The options are:
+	 * -    dontkickops: Channel operators will be protected against BotServ kicks
+	 * - dontkickvoices: Voiced users will be protected against BotServ kicks
+	 * -          greet: The channel's BotServ bot will greet incoming users that have set a greet
+	 *                     in their NickServ settings
+	 * -        fantasy: Enables the use of BotServ fantasy commands in the channel
+	 *
+	 * This directive is optional, if left blank, there will be no defaults.
+	 */
+	defaults = "greet fantasy"
+
+	/*
+	 * The minimum number of users there must be in a channel before the bot joins it. The best
+	 * value for this setting is 1 or 2. This can be 0, the service bots will not part unless
+	 * specifically unassigned, and will keep the channel open.
+	 */
+	minusers = 0
+
+	/*
+	 * The bots are currently not affected by any modes or bans when they try to join a channel.
+	 * But some people may want to make it act like a real bot, that is, for example, remove all
+	 * the bans affecting the bot before joining the channel, remove a ban that affects the bot
+	 * set by a user when it is in the channel, and so on. Since it consumes a bit more CPU
+	 * time, you should not enable this on larger networks.
+	 *
+	 * This directive is optional.
+	 */
+	#smartjoin = yes
+
+	/*
+	 * Modes to set on service bots when they join channels, comment this out for no modes
+	 *
+	 * This directive is optional.
+	 */
+	botmodes = "ao"
+
+	/*
+	 * User modes to set on service bots. Read the comment about the service:modes directive
+	 * on why this can be a bad idea to set.
+	 */
+	#botumodes = "i"
+}
+
+/*
+ * Core BotServ commands.
+ *
+ * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
+ * are loaded you can then configure the commands to be added to any client you like with any name you like.
+ *
+ * Additionally, you may provide a permission name that must be in the opertype of users executing the command.
+ *
+ * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
+ */
+
+/* Give it a help command. */
+command { service = "BotServ"; name = "HELP"; command = "generic/help"; }
+
+/*
+ * bs_assign
+ *
+ * Provides the commands:
+ *   botserv/assign - Used to assign BotServ bots to channels
+ *   botserv/unassign - Used to unassign BotServ bots
+ *   botserv/set/nobot - Used to prohibit channels from being assigned BotServ bots.
+ *
+ * Used for assigning and unassigning bots to channels.
+ */
+module { name = "bs_assign" }
+command { service = "BotServ"; name = "ASSIGN"; command = "botserv/assign"; }
+command { service = "BotServ"; name = "UNASSIGN"; command = "botserv/unassign"; }
+command { service = "BotServ"; name = "SET NOBOT"; command = "botserv/set/nobot"; permission = "botserv/set/nobot"; }
+
+/*
+ * bs_autoassign
+ *
+ * Allows service bots to be automatically assigned to channels upon registration.
+ */
+#module
+{
+	name = "bs_autoassign"
+
+	/*
+	 * Automatically assign ChanServ to channels upon registration.
+	 */
+	bot = "ChanServ"
+}
+
+/*
+ * bs_badwords
+ *
+ * Provides the command botserv/badwords.
+ *
+ * Used for controlling the channel badword list.
+ */
+module
+{
+	name = "bs_badwords"
+
+	/*
+	 * The maximum number of entries a single bad words list can have.
+	 */
+	badwordsmax = 32
+
+	/*
+	 * If set, BotServ will use case sensitive checking for badwords.
+	 *
+	 * This directive is optional.
+	 */
+	#casesensitive = yes
+}
+command { service = "BotServ"; name = "BADWORDS"; command = "botserv/badwords"; }
+
+/*
+ * bs_bot
+ *
+ * Provides the command botserv/bot.
+ *
+ * Used for administrating BotServ bots.
+ */
+module { name = "bs_bot" }
+command { service = "BotServ"; name = "BOT"; command = "botserv/bot"; permission = "botserv/bot"; }
+
+/*
+ * bs_botlist
+ *
+ * Provides the command botserv/botlist.
+ *
+ * Used for listing all available bots.
+ */
+module { name = "bs_botlist" }
+command { service = "BotServ"; name = "BOTLIST"; command = "botserv/botlist"; }
+
+/*
+ * bs_control
+ *
+ * Provides the commands botserv/act and botserv/say.
+ *
+ * Used for making the bot message a channel.
+ */
+module { name = "bs_control" }
+command { service = "BotServ"; name = "ACT"; command = "botserv/act"; }
+command { service = "BotServ"; name = "SAY"; command = "botserv/say"; }
+
+/*
+ * bs_info
+ *
+ * Provides the command botserv/info.
+ *
+ * Used for getting information on bots or channels.
+ */
+module { name = "bs_info" }
+command { service = "BotServ"; name = "INFO"; command = "botserv/info"; }
+
+/*
+ * bs_kick
+ *
+ * Provides the commands:
+ *   botserv/kick - Dummy help wrapper for the KICK command.
+ *   botserv/kick/amsg - Configures BotServ's AMSG kicker.
+ *   botserv/kick/badwords - Configures BotServ's badwords kicker.
+ *   botserv/kick/bolds - Configures BotServ's bold text kiceker.
+ *   botserv/kick/caps - Configures BotServ's capital letters kicker.
+ *   botserv/kick/colors - Configures BotServ's color kicker.
+ *   botserv/kick/flood - Configures BotServ's flood kicker.
+ *   botserv/kick/italics - Configures BotServ's italics kicker.
+ *   botserv/kick/repeat - Configures BotServ's repeat kicker.
+ *   botserv/kick/reverses - Configures BotServ's reverse kicker.
+ *   botserv/kick/underlines - Configures BotServ's reverse kicker.
+ *   botserv/set/dontkickops - Used for preventing BotServ from kicking channel operators.
+ *   botserv/set/dontkickvoices - Used for preventing BotServ from kicking voices.
+ *
+ * Used for configuring what bots should kick for.
+ */
+module
+{
+	name = "bs_kick"
+
+	/*
+	 * The amount of time that data for a user is valid in BotServ. If the data exceeds this time,
+	 * it is reset or deleted depending on the case. Do not set it too high, otherwise your
+	 * resources will be slightly affected.
+	 */
+	keepdata = 10m
+
+	/*
+	 * If set, the bots will use a kick reason that does not state the word when it is kicking.
+	 * This is especially useful if you have young people on your network.
+	 *
+	 * This directive is optional.
+	 */
+	gentlebadwordreason = yes
+}
+command { service = "BotServ"; name = "KICK"; command = "botserv/kick"; }
+command { service = "BotServ"; name = "KICK AMSG"; command = "botserv/kick/amsg"; }
+command { service = "BotServ"; name = "KICK BADWORDS"; command = "botserv/kick/badwords"; }
+command { service = "BotServ"; name = "KICK BOLDS"; command = "botserv/kick/bolds"; }
+command { service = "BotServ"; name = "KICK CAPS"; command = "botserv/kick/caps"; }
+command { service = "BotServ"; name = "KICK COLORS"; command = "botserv/kick/colors"; }
+command { service = "BotServ"; name = "KICK FLOOD"; command = "botserv/kick/flood"; }
+command { service = "BotServ"; name = "KICK ITALICS"; command = "botserv/kick/italics"; }
+command { service = "BotServ"; name = "KICK REPEAT"; command = "botserv/kick/repeat"; }
+command { service = "BotServ"; name = "KICK REVERSES"; command = "botserv/kick/reverses"; }
+command { service = "BotServ"; name = "KICK UNDERLINES"; command = "botserv/kick/underlines"; }
+
+command { service = "BotServ"; name = "SET DONTKICKOPS"; command = "botserv/set/dontkickops"; }
+command { service = "BotServ"; name = "SET DONTKICKVOICES"; command = "botserv/set/dontkickvoices"; }
+
+
+/*
+ * bs_set
+ *
+ * Provides the commands:
+ *   botserv/set/private - Used to prohibit specific BotServ bots from being assigned to channels.
+ */
+module { name = "bs_set" }
+command { service = "BotServ"; name = "SET"; command = "botserv/set"; }
+command { service = "BotServ"; name = "SET BANEXPIRE"; command = "botserv/set/banexpire"; }
+command { service = "BotServ"; name = "SET PRIVATE"; command = "botserv/set/private"; permission = "botserv/set/private"; }
+
+/*
+ * greet
+ *
+ * Provides the commands:
+ *   botserv/set/greet - Used for enabling or disabling BotServ's greet messages in a channel.
+ *   nickserv/set/greet, nickserv/saset/greet - Used for changing a users greet message, which is displayed when they enter channels.
+ */
+module { name = "greet" }
+command { service = "BotServ"; name = "SET GREET"; command = "botserv/set/greet"; }
+command { service = "NickServ"; name = "SET GREET"; command = "nickserv/set/greet"; }
+command { service = "NickServ"; name = "SASET GREET"; command = "nickserv/saset/greet"; permission = "nickserv/saset/greet"; }
+
+/*
+ * GREET privilege.
+ *
+ * Used by 'greet'.
+ *
+ * Users with this privilege have their greet shown when they join channels.
+ */
+privilege
+{
+	name = "GREET"
+	rank = 40
+	level = 5
+	flag = "g"
+	xop = "AOP"
+}
+
+
+/*
+ * fantasy
+ *
+ * Allows 'fantaisist' commands to be used in channels.
+ *
+ * Provides the commands:
+ *   botserv/set/fantasy - Used for enabling or disabling BotServ's fantasist commands.
+ */
+module
+{
+	name = "fantasy"
+
+	/*
+	 * Defines the prefixes for fantasy commands in channels. One of these characters will have to be prepended
+	 * to all fantasy commands. If you choose "!", for example, fantasy commands will be "!kick",
+	 * "!op", etc. This directive is optional, if left out, the default fantasy character is "!".
+	 */
+	#fantasycharacter = "!."
+}
+command { service = "BotServ"; name = "SET FANTASY"; command = "botserv/set/fantasy"; }
+
+/*
+ * Fantasy commands
+ *
+ * Fantasy commands can be executed in channels that have a BotServ bot by prefixing the
+ * command with one of the fantasy characters configured in botserv's fantasycharacter
+ * directive.
+ *
+ * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
+ */
+fantasy { name = "ACCESS"; command = "chanserv/access"; }
+fantasy { name = "AKICK"; command = "chanserv/akick"; }
+fantasy { name = "AOP"; command = "chanserv/xop"; }
+fantasy { name = "BAN"; command = "chanserv/ban"; }
+fantasy { name = "CLONE"; command = "chanserv/clone"; }
+fantasy { name = "DEHALFOP"; command = "chanserv/modes"; }
+fantasy { name = "DEOP"; command = "chanserv/modes"; }
+fantasy { name = "DEOWNER"; command = "chanserv/modes"; }
+fantasy { name = "DEPROTECT"; command = "chanserv/modes"; }
+fantasy { name = "DEVOICE"; command = "chanserv/modes"; }
+fantasy { name = "DOWN"; command = "chanserv/down"; }
+fantasy { name = "ENFORCE"; command = "chanserv/enforce"; }
+fantasy { name = "ENTRYMSG"; command = "chanserv/entrymsg"; }
+fantasy { name = "FLAGS"; command = "chanserv/flags"; }
+fantasy { name = "HALFOP"; command = "chanserv/modes"; }
+fantasy { name = "HELP"; command = "generic/help"; prepend_channel = false; }
+fantasy { name = "HOP"; command = "chanserv/xop"; }
+fantasy { name = "INFO"; command = "chanserv/info"; prepend_channel = false; }
+fantasy { name = "INVITE"; command = "chanserv/invite"; }
+fantasy { name = "K"; command = "chanserv/kick"; }
+fantasy { name = "KB"; command = "chanserv/ban"; }
+fantasy { name = "KICK"; command = "chanserv/kick"; }
+fantasy { name = "LEVELS"; command = "chanserv/levels"; }
+fantasy { name = "LIST"; command = "chanserv/list"; prepend_channel = false; }
+fantasy { name = "LOG"; command = "chanserv/log"; }
+fantasy { name = "MODE"; command = "chanserv/mode"; }
+fantasy { name = "MUTE"; command = "chanserv/ban"; kick = no; mode = "QUIET"; }
+fantasy { name = "OP"; command = "chanserv/modes"; }
+fantasy { name = "OWNER"; command = "chanserv/modes"; }
+fantasy { name = "PROTECT"; command = "chanserv/modes"; }
+fantasy { name = "QOP"; command = "chanserv/xop"; }
+fantasy { name = "SEEN"; command = "chanserv/seen"; prepend_channel = false; }
+fantasy { name = "SOP"; command = "chanserv/xop"; }
+fantasy { name = "STATUS"; command = "chanserv/status"; }
+fantasy { name = "SUSPEND"; command = "chanserv/suspend"; permission = "chanserv/suspend"; }
+fantasy { name = "SYNC"; command = "chanserv/sync"; }
+fantasy { name = "TOPIC"; command = "chanserv/topic"; }
+fantasy { name = "UNBAN"; command = "chanserv/unban"; }
+fantasy { name = "UNSUSPEND"; command = "chanserv/unsuspend"; permission = "chanserv/suspend"; }
+fantasy { name = "UP"; command = "chanserv/up"; }
+fantasy { name = "VOICE"; command = "chanserv/modes"; }
+fantasy { name = "VOP"; command = "chanserv/xop"; }
diff --git a/roles/anope/templates/anope/chanserv.conf.j2 b/roles/anope/templates/anope/chanserv.conf.j2
new file mode 100644
index 00000000..60e00c31
--- /dev/null
+++ b/roles/anope/templates/anope/chanserv.conf.j2
@@ -0,0 +1,1322 @@
+/*
+{{ ansible_header | comment(decoration=' * ') }}
+ */
+
+/*
+ * Example configuration file for ChanServ.
+ */
+
+/*
+ * First, create the service.
+ */
+service
+{
+	/*
+	 * The name of the ChanServ client.
+	 * If you change this value, you probably want to change the client directive in the configuration for the chanserv module too.
+	 */
+	nick = "ChanServ"
+
+	/*
+	 * The username of the ChanServ client.
+	 */
+	user = "services"
+
+	/*
+	 * The hostname of the ChanServ client.
+	 */
+	host = "services.host"
+
+	/*
+	 * The realname of the ChanServ client.
+	 */
+	gecos = "Channel Registration Service"
+
+	/*
+	 * The modes this client should use.
+	 * Do not modify this unless you know what you are doing.
+	 *
+	 * These modes are very IRCd specific. If left commented, sane defaults
+	 * are used based on what protocol module you have loaded.
+	 *
+	 * Note that setting this option incorrectly could potentially BREAK some, if
+	 * not all, usefulness of the client. We will not support you if this client is
+	 * unable to do certain things if this option is enabled.
+	 */
+	#modes = "+o"
+
+	/*
+	 * An optional comma separated list of channels this service should join. Outside
+	 * of log channels this is not very useful, as the service will just idle in the
+	 * specified channels, and will not accept any types of commands.
+	 *
+	 * Prefixes may be given to the channels in the form of mode characters or prefix symbols.
+	 */
+	#channels = "@#services"
+}
+
+/*
+ * Core ChanServ module.
+ *
+ * Provides essential functionality for ChanServ.
+ */
+module
+{
+	name = "chanserv"
+
+	/*
+	 * The name of the client that should be ChanServ.
+	 */
+	client = "ChanServ"
+
+	/*
+	 * The default options for newly registered channels. Note that changing these options
+	 * will have no effect on channels which are already registered. The list must be separated
+	 * by spaces.
+	 *
+	 * The options are:
+	 * -      keeptopic: Retain topic when the channel is not in use
+	 * -          peace: Disallow users from kicking or removing modes from others who are of the same
+	 *                     access level or superior
+	 * -     cs_private: Hide the channel from ChanServ's LIST command
+	 * -     restricted: Kick/ban users who are restricted from the channel
+	 * -      cs_secure: Enable channel security, requiring the user to be identified with NickServ in
+	 *                     order to be considered for being on the access list of the channel
+	 * -      secureops: Only allow operator status to be given if the user is on the access list
+	 * -  securefounder: Only allow the real founder of the channel to drop the channel, change it's
+	 *                     password, or change the founder or successor
+	 * -       signkick: Use of ChanServ's KICK command will cause the user's nick to be signed to the kick.
+	 * - signkick_level: Same as above, but the kick will not be signed if the user is at the same access
+	 *                     level or superior to the target
+	 * -      topiclock: Disallow the topic to be changed except with ChanServ's TOPIC command
+	 * -        persist: Keep the channel open at all times
+	 * -       noautoop: Disables autoop on the channel
+	 * -  cs_keep_modes: Enables keep modes on the channel, which retains modes when the channel is
+	 *                     not in use.
+	 * -           none: No defaults
+	 *
+	 * This directive is optional, if left blank, the options will default to keeptopic, cs_secure, securefounder,
+	 * and signkick. If you really want no defaults, use "none" by itself as the option.
+	 */
+	defaults = "keeptopic peace cs_secure securefounder signkick"
+
+	/*
+	 * The maximum number of channels which may be registered to a single nickname.
+	 *
+	 * This directive is optional, but recommended.
+	 * If not set, there will be no restriction on the numbers of channels a single nickname can have registered.
+	 */
+	maxregistered = 20
+
+	/*
+	 * The length of time before a channel registration expires.
+	 *
+	 * This directive is optional, but recommended.
+	 * If not set, the default is 14 days.
+	 */
+	expire = 14d
+
+	/*
+	 * The maximum number of entries on a channel's access list.
+	 * If not set, the default is 1024. This can be set to 0 for unlimited.
+	 */
+	accessmax = 1024
+
+	/*
+	 * The length of time ChanServ stays in a channel after kicking a user from a channel they are not
+	 * permitted to be in. This only occurs when the user is the only one in the channel.
+	 */
+	inhabit = 15s
+
+	/*
+	 * Allow only IRC Operators to use ChanServ.
+	 *
+	 * This directive is optional.
+	 */
+	#opersonly = yes
+
+	/*
+	 * Modes that will not be allowed to be locked. Oper only modes such as +O
+	 * are always restricted from regular users and are not affected by this.
+	 * Comment out for no restrictions.
+	 */
+	#nomlock = "P"
+
+	/*
+	 * Modes that are required to be set and only set on all registered channels.
+	 * These modes can not be locked or unlocked. The registered channel mode is
+	 * automatically always required, if such a mode exists.
+	 */
+	#require = "r"
+
+	/*
+	 * The maximum length of the reason field for user commands such as chanserv/kick
+	 * and chanserv/ban.
+	 */
+	reasonmax = 200
+
+	/*
+	 * The message formatting to use for signed kick messages.
+	 * %n is the nick of the kicker
+	 * %m is the message specified
+	 */
+	signkickformat = "%m (%n)"
+
+	/*
+	 * If set, prevents channel access entries from containing hostmasks.
+	 */
+	disallow_hostmask_access = false
+
+	/*
+	 * If set, prevents channels from being on access lists.
+	 */
+	disallow_channel_access = false
+
+	/*
+	 * If set, ChanServ will always lower the timestamp of registered channels to their registration date.
+	 * This prevents several race conditions where unauthorized users can join empty registered channels and set
+	 * modes etc. prior to services deopping them.
+	 */
+	always_lower_ts = false
+}
+
+/*
+ * ChanServ privilege configuration.
+ *
+ * ChanServ privileges are used to determine who has what access in channels. By default the core has its own
+ * set of privileges it uses for various commands, which are defined below. Privilege ranks are used to
+ * determine how powerful privileges are relative to other privileges, which is used by Anope to determine
+ * who has greater access in a channel.
+ *
+ * If you load cs_access, you may define a level for the privilege, which is used by chanserv/access and chanserv/levels.
+ * The levels defined will be used as the default levels for newly registered channels.
+ * The level "founder" is a special level which means anyone with the privilege FOUNDER on the channel
+ * has that permission. Additionally, the level "disabled" means that no one can use the privilege, including founders.
+ *
+ * If you load cs_flags, you may define a flag associated with that privilege for use in chanserv/flags.
+ *
+ * If you load cs_xop, you may define a XOP command to associate the privilege with.
+ *
+ * The name of privileges are uesd to associate them with channel modes. If you are using an IRCd that allows you to define additional
+ * channel status modes, such as InspIRCd, you can associate privileges (and thus access levels, flags, xop) with the mode by naming
+ * the privileges appropriately. For example, if you had a channel mode called admin, you could create AUTOADMIN, ADMIN, and ADMINME
+ * privileges which would automatically be associated with that channel mode.
+ *
+ * Defining new privileges here is not useful unless you have a module (eg, a third party one) made to check for
+ * the specific level you are defining.
+ *
+ * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
+ */
+
+/*
+ * ACCESS_CHANGE privilege.
+ *
+ * Used by chanserv/access, chanserv/flags and chanserv/xop.
+ *
+ * Users with this permission can modify the permissions of others.
+ */
+privilege
+{
+	name = "ACCESS_CHANGE"
+	rank = 0
+	level = 10
+	flag = "f"
+	xop = "SOP"
+}
+
+/*
+ * ACCESS_LIST privilege.
+ *
+ * Used by chanserv/access, chanserv/flags, and chanserv/xop.
+ *
+ * Users with this permission can view the access list of channels.
+ */
+privilege
+{
+	name = "ACCESS_LIST"
+	rank = 10
+	level = 3
+	flag = "f"
+	xop = "VOP"
+}
+
+/*
+ * AKICK privilege.
+ *
+ * Used by chanserv/akick and chanserv/enforce.
+ *
+ * Users with this permission can modify the AKICK list.
+ */
+privilege
+{
+	name = "AKICK"
+	rank = 250
+	level = 10
+	flag = "K"
+	xop = "SOP"
+}
+
+/*
+ * ASSIGN privilege.
+ *
+ * Used by botserv/assign.
+ *
+ * Users with this permission can assign and unassign BotServ bots to and from the channel.
+ */
+privilege
+{
+	name = "ASSIGN"
+	rank = 270
+	level = "founder"
+	flag = "s"
+	xop = "QOP"
+}
+
+/*
+ * AUTOHALFOP privilege.
+ *
+ * Used by the core.
+ *
+ * Users with this permission get halfop on join.
+ */
+privilege
+{
+	name = "AUTOHALFOP"
+	rank = 100
+	level = 4
+	flag = "H"
+	xop = "HOP"
+}
+
+/*
+ * AUTOOP privilege.
+ *
+ * Used by the core.
+ *
+ * Users with this permission get op on join.
+ */
+privilege
+{
+	name = "AUTOOP"
+	rank = 210
+	level = 5
+	flag = "O"
+	xop = "AOP"
+}
+
+/*
+ * AUTOOWNER privilege.
+ *
+ * Used by the core.
+ *
+ * Users with this permission get owner on join.
+ */
+privilege
+{
+	name = "AUTOOWNER"
+	rank = 330
+	level = 9999
+	flag = "Q"
+	xop = "QOP"
+}
+
+/*
+ * AUTOPROTECT privilege.
+ *
+ * Used by the core.
+ *
+ * Users with this permission get admin on join.
+ */
+privilege
+{
+	name = "AUTOPROTECT"
+	rank = 240
+	level = 10
+	flag = "A"
+	xop = "SOP"
+}
+
+/*
+ * AUTOVOICE privilege.
+ *
+ * Used by the core.
+ *
+ * Users with this permission get voice on join.
+ */
+privilege
+{
+	name = "AUTOVOICE"
+	rank = 50
+	level = 3
+	flag = "V"
+	xop = "VOP"
+}
+
+/*
+ * BADWORDS privilege.
+ *
+ * Used by botserv/badwords.
+ *
+ * Users with this permission can modify BotServ's BADWORDS list.
+ */
+privilege
+{
+	name = "BADWORDS"
+	rank = 260
+	level = 10
+	flag = "K"
+	xop = "SOP"
+}
+
+/*
+ * BAN privilege.
+ *
+ * Used by chanserv/ban.
+ *
+ * Users with this permission can use the BAN command.
+ */
+privilege
+{
+	name = "BAN"
+	rank = 150
+	level = 4
+	flag = "b"
+	xop = "HOP"
+}
+
+/*
+ * FANTASIA privilege.
+ *
+ * Used by botserv/main and chanserv/xop.
+ *
+ * Users with this permission can use fantasy commands in the channel.
+ */
+privilege
+{
+	name = "FANTASIA"
+	rank = 30
+	level = 3
+	flag = "c"
+	xop = "VOP"
+}
+
+/*
+ * FOUNDER privilege.
+ *
+ * Used by chanserv/access, chanserv/akick,
+ * chanserv/drop, chanserv/set/founder,
+ * chanserv/set/securefounder, chanserv/set/successor and chanserv/xop.
+ *
+ * Users with this permission are treated as founders and can use
+ * commands restricted to founders.
+ */
+privilege
+{
+	name = "FOUNDER"
+	rank = 360
+	level = 10000
+	flag = "F"
+	xop = "QOP"
+}
+
+/*
+ * GETKEY privilege.
+ *
+ * Used by chanserv/getkey and nickserv/ajoin.
+ *
+ * Users with this permission can get they channel key with GETKEY and
+ * can use nickserv/ajoin to join channels with keys.
+ */
+privilege
+{
+	name = "GETKEY"
+	rank = 180
+	level = 5
+	flag = "G"
+	xop = "AOP"
+}
+
+/*
+ * HALFOP privilege.
+ *
+ * Used by chanserv/mode, chanserv/halfop and chanserv/dehalfop.
+ *
+ * Users with this permission can use ChanServ to halfop and dehalfop
+ * others in the channel.
+ */
+privilege
+{
+	name = "HALFOP"
+	rank = 120
+	level = 5
+	flag = "h"
+	xop = "AOP"
+}
+
+/*
+ * HALFOPME privilege.
+ *
+ * Used by chanserv/mode, chanserv/halfop and chanserv/dehalfop.
+ *
+ * Users with this permission can use ChanServ to halfop and dehalfop
+ * themselves in the channel.
+ */
+privilege
+{
+	name = "HALFOPME"
+	rank = 110
+	level = 4
+	flag = "h"
+	xop = "HOP"
+}
+
+/*
+ * INFO privilege.
+ *
+ * Used by botserv/info and chanserv/info.
+ *
+ * Users with this permission are allowed to get the full INFO output
+ * from BotServ and ChanServ.
+ */
+privilege
+{
+	name = "INFO"
+	rank = 80
+	level = 9999
+	flag = "I"
+	xop = "QOP"
+}
+
+/*
+ * INVITE privilege.
+ *
+ * Used by chanserv/invite and nickserv/ajoin.
+ *
+ * Users with this permission can invite users through ChanServ and
+ * join invite only channels with nickserv/ajoin.
+ */
+privilege
+{
+	name = "INVITE"
+	rank = 190
+	level = 5
+	flag = "i"
+	xop = "AOP"
+}
+
+/*
+ * KICK privilege.
+ *
+ * Used by chanserv/kick.
+ *
+ * Users with this permission can use the KICK command.
+ */
+privilege
+{
+	name = "KICK"
+	rank = 130
+	level = 4
+	flag = "k"
+	xop = "HOP"
+}
+
+/*
+ * MEMO privilege.
+ *
+ * Used by memoserv/del, memoserv/ignore, memoserv/info, memoserv/list,
+ * memoserv/main, memoserv/read and memoserv/set.
+ *
+ * Users with this permission can manage channel memos.
+ */
+privilege
+{
+	name = "MEMO"
+	rank = 280
+	level = 10
+	flag = "m"
+	xop = "SOP"
+}
+
+/*
+ * MODE privilege.
+ *
+ * Used by chanserv/mode.
+ *
+ * Users with this permission can set modes through ChanServ and change
+ * the mode lock.
+ */
+privilege
+{
+	name = "MODE"
+	rank = 170
+	level = 9999
+	flag = "s"
+	xop = "QOP"
+}
+
+/*
+ * NOKICK privilege.
+ *
+ * Used by botserv/kick.
+ *
+ * Users with this permission are spared from automated BotServ kicks.
+ */
+privilege
+{
+	name = "NOKICK"
+	rank = 20
+	level = 1
+	flag = "N"
+	xop = "VOP"
+}
+
+/*
+ * OP privilege.
+ *
+ * Used by chanserv/mode, chanserv/modes.
+ *
+ * Users with this permission can use ChanServ to op and deop
+ * others in the channel.
+ */
+privilege
+{
+	name = "OP"
+	rank = 230
+	level = 5
+	flag = "o"
+	xop = "SOP"
+}
+
+/*
+ * OPME privilege.
+ *
+ * Used by chanserv/mode, chanserv/modes.
+ *
+ * Users with this permission can use ChanServ to op and deop
+ * themselves in the channel.
+ */
+privilege
+{
+	name = "OPME"
+	rank = 220
+	level = 5
+	flag = "o"
+	xop = "AOP"
+}
+
+/*
+ * OWNER privilege.
+ *
+ * Used by chanserv/mode and chanserv/modes.
+ *
+ * Users with this permission can use ChanServ to owner and deowner
+ * others in the channel.
+ */
+privilege
+{
+	name = "OWNER"
+	rank = 350
+	level = "founder"
+	flag = "q"
+	xop = "QOP"
+}
+
+/*
+ * OWNERME privilege.
+ *
+ * Used by chanserv/mode and chanserv/modes.
+ *
+ * Users with this permission can use ChanServ to owner and deowner
+ * themselves in the channel.
+ */
+privilege
+{
+	name = "OWNERME"
+	rank = 340
+	level = 9999
+	flag = "q"
+	xop = "QOP"
+}
+
+/*
+ * PROTECT privilege.
+ *
+ * Used by chanserv/mode and chanserv/modes.
+ *
+ * Users with this permission can use ChanServ to protect and deprotect
+ * others in the channel.
+ */
+privilege
+{
+	name = "PROTECT"
+	rank = 310
+	level = 9999
+	flag = "a"
+	xop = "QOP"
+}
+
+/*
+ * PROTECTME privilege.
+ *
+ * Used by chanserv/mode and chanserv/modes.
+ *
+ * Users with this permission can use ChanServ to protect and deprotect
+ * themselves in the channel.
+ */
+privilege
+{
+	name = "PROTECTME"
+	rank = 300
+	level = 10
+	flag = "a"
+	xop = "AOP"
+}
+
+/*
+ * SAY privilege.
+ *
+ * Used by botserv/control.
+ *
+ * Users with this permission can use the BotServ bot in the channel to
+ * say or do a /me with the provided message.
+ */
+privilege
+{
+	name = "SAY"
+	rank = 90
+	level = 5
+	flag = "B"
+	xop = "AOP"
+}
+
+/*
+ * SET privilege.
+ *
+ * Used by botserv/kick, botserv/set, chanserv/clone, chanserv/log,
+ * chanserv/saset/noexpire and chanserv/set.
+ *
+ * Users with this permission can set what BotServ will kick for, change
+ * BotServ and ChanServ settings, clone ChanServ channel setings, and
+ * set ChanServ logging options.
+ */
+privilege
+{
+	name = "SET"
+	rank = 320
+	level = 9999
+	flag = "s"
+	xop = "QOP"
+}
+
+/*
+ * SIGNKICK privilege.
+ *
+ * Used by chanserv/ban and chanserv/kick.
+ *
+ * Users with this permission won't get their nick shown in the kick
+ * through ChanServ when the setting SIGNKICK is set to LEVEL.
+ */
+privilege
+{
+	name = "SIGNKICK"
+	rank = 140
+	level = 9999
+	flag = "K"
+	xop = "QOP"
+}
+
+/*
+ * TOPIC privilege.
+ *
+ * Used by chanserv/topic.
+ *
+ * Users with this permission can change the channel topic through ChanServ.
+ */
+privilege
+{
+	name = "TOPIC"
+	rank = 160
+	level = 5
+	flag = "t"
+	xop = "AOP"
+}
+
+/*
+ * UNBAN privilege.
+ *
+ * Used by chanserv/unban.
+ *
+ * Users with this permission can unban themselves and others through ChanServ.
+ */
+privilege
+{
+	name = "UNBAN"
+	rank = 200
+	level = 4
+	flag = "u"
+	xop = "HOP"
+}
+
+/*
+ * VOICE privilege.
+ *
+ * Used by chanserv/mode and chanserv/modes.
+ *
+ * Users with this permission can use ChanServ to voice and devoice
+ * others in the channel.
+ */
+privilege
+{
+	name = "VOICE"
+	rank = 70
+	level = 4
+	flag = "v"
+	xop = "HOP"
+}
+
+/*
+ * VOICEME privilege.
+ *
+ * Used by chanserv/mode and chanserv/modes.
+ *
+ * Users with this permission can use ChanServ to voice and devoice
+ * themselves in the channel.
+ */
+privilege
+{
+	name = "VOICEME"
+	rank = 60
+	level = 3
+	flag = "v"
+	xop = "VOP"
+}
+
+/*
+ * Core ChanServ commands.
+ *
+ * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
+ * are loaded you can then configure the commands to be added to any client you like with any name you like.
+ *
+ * Additionally, you may provide a permission name that must be in the opertype of users executing the command.
+ *
+ * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
+ */
+
+/* Command group configuration for ChanServ.
+ *
+ * Commands may optionally be placed into groups to make ChanServ's HELP output easier to understand.
+ * Remove the following groups to use the old behavior of simply listing all ChanServ commands from HELP.
+ */
+command_group
+{
+	name = "chanserv/access"
+	description = _("Used to manage the list of privileged users")
+}
+
+command_group
+{
+	name = "chanserv/status"
+	description = _("Used to modify the channel status of you or other users")
+}
+
+command_group
+{
+	name = "chanserv/management"
+	description = _("Used to manage channels")
+}
+
+command_group
+{
+	name = "chanserv/admin"
+	description = _("Services Operator commands")
+}
+
+/* Give it a help command. */
+command { service = "ChanServ"; name = "HELP"; command = "generic/help"; }
+
+/*
+ * cs_access
+ *
+ * Provides commands chanserv/access and chanserv/levels.
+ * Provides the access system "levels".
+ *
+ * Used for giving users access in channels using a levels system. Allows allows redefining which privileges
+ * are representated by given level on a per channel basis.
+ *
+ * The "LIST" subcommand of chanserv/access will show every access entry on the channel, including access
+ * entries not added by cs_access. The "level" of these entries will be the representation of the access
+ * entry by the other access system, which could be an XOP command name, or a set of flags.
+ */
+module { name = "cs_access" }
+command { service = "ChanServ"; name = "ACCESS"; command = "chanserv/access"; group = "chanserv/access"; }
+command { service = "ChanServ"; name = "LEVELS"; command = "chanserv/levels"; group = "chanserv/access"; }
+
+/*
+ * cs_akick
+ *
+ * Provides the command chanserv/akick.
+ *
+ * Used for preventing users from joining channels.
+ */
+module
+{
+	name = "cs_akick"
+
+	/*
+	 * The maximum number of entries on a channel's autokick list.
+	 */
+	autokickmax = 32
+
+	/*
+	 * The default reason for an autokick if none is given.
+	 */
+	autokickreason = "User has been banned from the channel"
+}
+command { service = "ChanServ"; name = "AKICK"; command = "chanserv/akick"; group = "chanserv/management"; }
+
+/*
+ * cs_ban
+ *
+ * Provides the command chanserv/ban.
+ *
+ * The configuration option 'kick' may be set in a command block for this command to control
+ * whether or not users will be kicked from the channel once banned. The default is 'yes'.
+ *
+ * The configuration option 'mode' may be set to control which mode is set, such as BAN or QUIET.
+ * The default is BAN.
+ *
+ * Used for banning users from channels.
+ */
+module { name = "cs_ban" }
+command { service = "ChanServ"; name = "BAN"; command = "chanserv/ban"; }
+
+/*
+ * cs_clone
+ *
+ * Provides the command chanserv/clone.
+ *
+ * Used for copying channel settings from one channel to another.
+ */
+module { name = "cs_clone" }
+command { service = "ChanServ"; name = "CLONE"; command = "chanserv/clone"; group = "chanserv/management"; }
+
+/*
+ * cs_drop
+ *
+ * Provides the command chanserv/drop.
+ *
+ * Used for unregistering channels.
+ */
+module { name = "cs_drop" }
+command { service = "ChanServ"; name = "DROP"; command = "chanserv/drop"; }
+
+/*
+ * cs_enforce
+ *
+ * Provides the command chanserv/enforce.
+ *
+ * Used to enforce various channel settings such as secureops and restricted.
+ */
+module { name = "cs_enforce" }
+command { service = "ChanServ"; name = "ENFORCE"; command = "chanserv/enforce"; group = "chanserv/management"; }
+
+/*
+ * cs_entrymsg
+ *
+ * Provides the command chanserv/entrymsg.
+ *
+ * Used to configure entry messages sent to users when they join a channel.
+ */
+module
+{
+	name = "cs_entrymsg"
+
+	/* The maximum number of entrymsgs allowed per channel. If not set, defaults to 5. */
+	maxentries = 5
+}
+command { service = "ChanServ"; name = "ENTRYMSG"; command = "chanserv/entrymsg"; group = "chanserv/management"; }
+
+/*
+ * cs_flags
+ *
+ * Provides the command chanserv/flags.
+ * Provides the access system "flags".
+ *
+ * Used for giving users access in channels.
+ *
+ * The "LIST" subcommand of chanserv/flags will show every access entry on the channel, including access
+ * entries not added by cs_flags. The "Flags" of these entries will be the flags representation of the
+ * privilege set granted by the access entry.
+ */
+module { name = "cs_flags" }
+command { service = "ChanServ"; name = "FLAGS"; command = "chanserv/flags"; group = "chanserv/access"; }
+
+/*
+ * cs_getkey
+ *
+ * Provides the command chanserv/getkey.
+ *
+ * Used for getting the key for channels.
+ */
+module { name = "cs_getkey" }
+command { service = "ChanServ"; name = "GETKEY"; command = "chanserv/getkey"; }
+
+/*
+ * cs_info
+ *
+ * Provides the command chanserv/info.
+ *
+ * Used for getting information about channels.
+ */
+module { name = "cs_info" }
+command { service = "ChanServ"; name = "INFO"; command = "chanserv/info"; }
+
+/*
+ * cs_invite
+ *
+ * Provides the command chanserv/invite.
+ *
+ * Used for inviting yourself in to channels.
+ */
+module { name = "cs_invite" }
+command { service = "ChanServ"; name = "INVITE"; command = "chanserv/invite"; }
+
+/*
+ * cs_kick
+ *
+ * Provides the command chanserv/kick.
+ *
+ * Used for kicking users from channels.
+ */
+module { name = "cs_kick" }
+command { service = "ChanServ"; name = "KICK"; command = "chanserv/kick"; }
+
+/*
+ * cs_list
+ *
+ * Provides the commands:
+ *   chanserv/list - Used for retrieving and searching the registered channel list.
+ *   chanserv/set/private - Used for setting whether channels should show up in chanserv/list.
+ */
+module
+{
+	name = "cs_list"
+
+	/*
+	 * The maximum number of channels to be returned for a ChanServ LIST command.
+	 */
+	listmax = 50
+}
+command { service = "ChanServ"; name = "LIST"; command = "chanserv/list"; }
+
+command { service = "ChanServ"; name = "SET PRIVATE"; command = "chanserv/set/private"; }
+
+
+/*
+ * cs_log
+ *
+ * Provides the command chanserv/log.
+ *
+ * Use for configuring what actions on channels are logged and where.
+ */
+module
+{
+	name = "cs_log"
+
+	/* Default log settings for newly registered channels */
+
+	#default
+	{
+		command = "chanserv/modes"
+		method = "MESSAGE @"
+	}
+
+	#default
+	{
+		service = "ChanServ"
+		command = "ACCESS"
+		method = "MESSAGE @"
+	}
+
+	#default
+	{
+		command = "chanserv/xop"
+		method = "MESSAGE @"
+	}
+
+	#default
+	{
+		service = "ChanServ"
+		command = "FLAGS"
+		method = "MESSAGE @"
+	}
+}
+command { service = "ChanServ"; name = "LOG"; command = "chanserv/log"; group = "chanserv/management"; }
+
+/*
+ * cs_mode
+ *
+ * Provides the command chanserv/mode and chanserv/modes.
+ *
+ * Used for changing mode locks and changing modes. Multiple commands may be mapped to chanserv/modes, the
+ * configuration directive 'set' and 'unset' are used to tell chanserv/modes which modes should be set or
+ * unset when the command is executed.
+ */
+module
+{
+	name = "cs_mode"
+
+	/*
+	 * Default modes for mode lock, these are set on newly registered channels.
+	 *
+	 * If not set, the default is +nt.
+	 */
+	mlock = "+n"
+
+	/*
+	 * The maximum number of entries that may be on a mode lock list.
+	 *
+	 * This directive is optional.
+	 */
+	max = 32
+}
+command { service = "ChanServ"; name = "MODE"; command = "chanserv/mode"; group = "chanserv/management"; }
+
+command { service = "ChanServ"; name = "OWNER"; command = "chanserv/modes"; group = "chanserv/status"; set = "OWNER" }
+command { service = "ChanServ"; name = "DEOWNER"; command = "chanserv/modes"; group = "chanserv/status"; unset = "OWNER" }
+
+command { service = "ChanServ"; name = "PROTECT"; command = "chanserv/modes"; group = "chanserv/status"; set = "PROTECT" }
+command { service = "ChanServ"; name = "DEPROTECT"; command = "chanserv/modes"; group = "chanserv/status"; unset = "PROTECT" }
+
+command { service = "ChanServ"; name = "OP"; command = "chanserv/modes"; group = "chanserv/status"; set = "OP" }
+command { service = "ChanServ"; name = "DEOP"; command = "chanserv/modes"; group = "chanserv/status"; unset = "OP" }
+
+command { service = "ChanServ"; name = "HALFOP"; command = "chanserv/modes"; group = "chanserv/status"; set = "HALFOP" }
+command { service = "ChanServ"; name = "DEHALFOP"; command = "chanserv/modes"; group = "chanserv/status"; unset = "HALFOP" }
+
+command { service = "ChanServ"; name = "VOICE"; command = "chanserv/modes"; group = "chanserv/status"; set = "VOICE" }
+command { service = "ChanServ"; name = "DEVOICE"; command = "chanserv/modes"; group = "chanserv/status"; unset = "VOICE" }
+
+
+/*
+ * cs_register
+ *
+ * Provides the commands chanserv/register.
+ *
+ * Used for registering channels.
+ */
+module { name = "cs_register" }
+command { service = "ChanServ"; name = "REGISTER"; command = "chanserv/register"; }
+
+/*
+ * cs_seen
+ *
+ * Provides the commands chanserv/seen and operserv/seen.
+ *
+ * Records the last time a user was seen and what they were doing and allows users to request this data.
+ * Also allows administrators to view stats about seen data and purge the database.
+ */
+module
+{
+	name = "cs_seen"
+
+	/* If set, uses the older 1.8 style seen, which is less resource intensive */
+	simple = false
+
+	/* Sets the time to keep seen entries in the seen database. */
+	purgetime = "30d"
+
+	/* Sets the delay between checks for expired seen entries. */
+	expiretimeout = "1d"
+}
+command { service = "OperServ"; name = "SEEN"; command = "operserv/seen"; permission = "operserv/seen"; }
+
+/*
+ * cs_set
+ *
+ * Provides the commands:
+ *   chanserv/set and chanserv/saset - Dummy help wrappers for the SET commands.
+ *   chanserv/set/autoop - Used for configuring whether or not ChanServ automatically gives channel status to users.
+ *   chanserv/set/bantype - Used for controlling what format of bans are placed on channels.
+ *   chanserv/set/description - Used for changing channels descriptions.
+ *   chanserv/set/founder - Used for changing a channel's founder.
+ *   chanserv/set/keepmodes - Used for enabling or disabling keepmodes, which retains channel modes.
+ *   chanserv/set/peace - Used for configuring if users are able to kick other users with higher access than them.
+ *   chanserv/set/persist - Used for setting whether ChanServ should stay in channels after the last user leaves.
+ *   chanserv/set/restricted - Used for setting whether users not on a channel's access list can join.
+ *   chanserv/set/secure - Used for setting whether users who are recognized for accounts should have their access in channels.
+ *   chanserv/set/securefounder - Used for setting whether users with founder level access in channels have true founder or not.
+ *   chanserv/set/secureops - Used for restricting who can have channel op privilege in a channel to those whom have access in the channel.
+ *   chanserv/set/signkick - Used for setting signkick, which appends the kicker's name to kicks sent through ChanServ.
+ *   chanserv/set/successor - Used for setting channel successors, which become channel founders if the founders' account expires.
+ *   chanserv/saset/noexpire - Used for setting noexpire, which prevents channels from expiring.
+ *
+ * This is a dummy command to provide a help wrapper for the various SET commands.
+ */
+module
+{
+	name = "cs_set"
+
+	/*
+	 * The default ban type for newly registered channels.
+	 *
+	 * defbantype can be:
+	 *
+	 * 0: ban in the form of *!user@host
+	 * 1: ban in the form of *!*user@host
+	 * 2: ban in the form of *!*@host
+	 * 3: ban in the form of *!*user@*.domain
+	 */
+	defbantype = 2
+
+	/*
+	 * If set, persisent channels have their creation times lowered to their
+	 * original registration dates.
+	 */
+	persist_lower_ts = true
+}
+command { service = "ChanServ"; name = "SET"; command = "chanserv/set"; group = "chanserv/management"; }
+command { service = "ChanServ"; name = "SET AUTOOP"; command = "chanserv/set/autoop"; }
+command { service = "ChanServ"; name = "SET BANTYPE"; command = "chanserv/set/bantype"; }
+command { service = "ChanServ"; name = "SET DESCRIPTION"; command = "chanserv/set/description"; }
+command { service = "ChanServ"; name = "SET DESC"; command = "chanserv/set/description"; hide = yes; }
+command { service = "ChanServ"; name = "SET FOUNDER"; command = "chanserv/set/founder"; }
+command { service = "ChanServ"; name = "SET KEEPMODES"; command = "chanserv/set/keepmodes"; }
+command { service = "ChanServ"; name = "SET PEACE"; command = "chanserv/set/peace"; }
+command { service = "ChanServ"; name = "SET PERSIST"; command = "chanserv/set/persist"; }
+command { service = "ChanServ"; name = "SET RESTRICTED"; command = "chanserv/set/restricted"; }
+command { service = "ChanServ"; name = "SET SECURE"; command = "chanserv/set/secure"; }
+command { service = "ChanServ"; name = "SET SECUREFOUNDER"; command = "chanserv/set/securefounder"; }
+command { service = "ChanServ"; name = "SET SECUREOPS"; command = "chanserv/set/secureops"; }
+command { service = "ChanServ"; name = "SET SIGNKICK"; command = "chanserv/set/signkick"; }
+command { service = "ChanServ"; name = "SET SUCCESSOR"; command = "chanserv/set/successor"; }
+command { service = "ChanServ"; name = "SET NOEXPIRE"; command = "chanserv/saset/noexpire"; permission = "chanserv/saset/noexpire"; }
+
+/*
+ * cs_set_misc
+ *
+ * Provides the command chanserv/set/misc.
+ *
+ * Allows you to create arbitrary commands to set data, and have that data show up in chanserv/info.
+ * A field named misc_description may be given for use with help output.
+ */
+module { name = "cs_set_misc" }
+command { service = "ChanServ"; name = "SET URL"; command = "chanserv/set/misc"; misc_description = _("Associate a URL with the channel"); }
+command { service = "ChanServ"; name = "SET EMAIL"; command = "chanserv/set/misc"; misc_description = _("Associate an E-mail address with the channel"); }
+
+/*
+ * cs_status
+ *
+ * Provides the command chanserv/status.
+ *
+ * Used for determining a user's access on a channel and whether
+ * or not they match any autokick entries.
+ */
+module { name = "cs_status" }
+command { service = "ChanServ"; name = "STATUS"; command = "chanserv/status"; }
+
+/*
+ * cs_suspend
+ *
+ * Provides the commands chanserv/suspend and chanserv/unsuspend.
+ *
+ * Used for suspending and unsuspending channels. Suspended channels can not be used but their settings are stored.
+ */
+module
+{
+	name = "cs_suspend"
+
+	/*
+	 * The length of time before a suspended channel expires.
+	 *
+	 * This directive is optional.
+	 * If not set, the default is never.
+	 */
+	expire = 90d
+
+	/*
+	 * Settings to show to non-opers in ChanServ's INFO output.
+	 * Comment to completely disable showing any information about
+	 * suspended channels to non-opers.
+	 */
+	show = "suspended, by, reason, on, expires"
+}
+command { service = "ChanServ"; name = "SUSPEND"; command = "chanserv/suspend"; permission = "chanserv/suspend"; group = "chanserv/admin"; }
+command { service = "ChanServ"; name = "UNSUSPEND"; command = "chanserv/unsuspend"; permission = "chanserv/suspend"; group = "chanserv/admin"; }
+
+/*
+ * cs_sync
+ *
+ * Provides the command chanserv/sync.
+ *
+ * Used to sync users channel status modes with what access they have.
+ */
+module { name = "cs_sync" }
+command { service = "ChanServ"; name = "SYNC"; command = "chanserv/sync"; group = "chanserv/management"; }
+
+/*
+ * cs_topic
+ *
+ * Provides the commands:
+ *   chanserv/topic - Used for changing the channel topic. Useful in conjunction with chanserv/set/topiclock.
+ *   chanserv/set/keeptopic - Used for configuring if ChanServ is to restore the channel topic when a channel is created.
+ *
+ */
+module { name = "cs_topic" }
+command { service = "ChanServ"; name = "TOPIC"; command = "chanserv/topic"; group = "chanserv/management"; }
+command { service = "ChanServ"; name = "SET KEEPTOPIC"; command = "chanserv/set/keeptopic"; }
+
+/*
+ * cs_unban
+ *
+ * Provides the command chanserv/unban.
+ *
+ * Used for unbanning users from channels.
+ */
+module { name = "cs_unban" }
+command { service = "ChanServ"; name = "UNBAN"; command = "chanserv/unban"; }
+
+/*
+ * cs_updown
+ *
+ * Provides the commands chanserv/up and chanserv/down.
+ *
+ * Used for setting or removing your status modes on a channel.
+ */
+module { name = "cs_updown" }
+command { service = "ChanServ"; name = "DOWN"; command = "chanserv/down"; group = "chanserv/status"; }
+command { service = "ChanServ"; name = "UP"; command = "chanserv/up"; group = "chanserv/status"; }
+
+/*
+ * cs_xop
+ *
+ * Provides the command chanserv/xop.
+ * Provides the access system "XOP".
+ *
+ * Used for giving users access in channels. Many commands may be linked to chanserv/xop, but the
+ * privileges given by each is determined by the privilege:xop settings above. These commands should
+ * be ordered from highest to lowest, as each command inherits the privileges of the commands below
+ * it.
+ *
+ * The "LIST" subcommand of chanserv/xop will show only XOP access entries of the given XOP type. You
+ * can not view the entire access list at once, and instead should use another access system to do that.
+ */
+module { name = "cs_xop" }
+command { service = "ChanServ"; name = "QOP"; command = "chanserv/xop"; group = "chanserv/access"; }
+command { service = "ChanServ"; name = "SOP"; command = "chanserv/xop"; group = "chanserv/access"; }
+command { service = "ChanServ"; name = "AOP"; command = "chanserv/xop"; group = "chanserv/access"; }
+command { service = "ChanServ"; name = "HOP"; command = "chanserv/xop"; group = "chanserv/access"; }
+command { service = "ChanServ"; name = "VOP"; command = "chanserv/xop"; group = "chanserv/access"; }
+
+
+/*
+ * Extra ChanServ related modules.
+ */
+
+/*
+ * cs_statusupdate
+ *
+ * This module automatically updates users status on channels when the
+ * channel's access list is modified.
+ */
+module { name = "cs_statusupdate" }
diff --git a/roles/anope/templates/anope/global.conf.j2 b/roles/anope/templates/anope/global.conf.j2
new file mode 100644
index 00000000..1b2cf20d
--- /dev/null
+++ b/roles/anope/templates/anope/global.conf.j2
@@ -0,0 +1,119 @@
+/*
+{{ ansible_header | comment(decoration=' * ') }}
+ */
+
+/*
+ * Example configuration file for Global.
+ */
+
+/*
+ * First, create the service.
+ */
+service
+{
+	/*
+	 * The name of the Global client.
+	 * If you change this value, you probably want to change the client directive in the configuration for the global module too.
+	 */
+	nick = "Global"
+
+	/*
+	 * The username of the Global client.
+	 */
+	user = "services"
+
+	/*
+	 * The hostname of the Global client.
+	 */
+	host = "services.host"
+
+	/*
+	 * The realname of the Global client.
+	 */
+	gecos = "Global Noticer"
+
+	/*
+	 * The modes this client should use.
+	 * Do not modify this unless you know what you are doing.
+	 *
+	 * These modes are very IRCd specific. If left commented, sane defaults
+	 * are used based on what protocol module you have loaded.
+	 *
+	 * Note that setting this option incorrectly could potentially BREAK some, if
+	 * not all, usefulness of the client. We will not support you if this client is
+	 * unable to do certain things if this option is enabled.
+	 */
+	#modes = "+o"
+
+	/*
+	 * An optional comma separated list of channels this service should join. Outside
+	 * of log channels this is not very useful, as the service will just idle in the
+	 * specified channels, and will not accept any types of commands.
+	 *
+	 * Prefixes may be given to the channels in the form of mode characters or prefix symbols.
+	 */
+	channels = "@#services"
+}
+
+/*
+ * Core Global module.
+ *
+ * Provides essential functionality for Global.
+ */
+module
+{
+	name = "global"
+
+	/*
+	 * The name of the client that should be Global.
+	 */
+	client = "Global"
+
+	/*
+	 * This is the global message that will be sent when Services are being
+	 * shutdown/restarted.
+	 *
+	 * This directive is optional.
+	 */
+	#globaloncycledown = "Services are restarting, they will be back shortly - please be good while we're gone"
+
+	/*
+	 * This is the global message that will be sent when Services (re)join the
+	 * network.
+	 *
+	 * This directive is optional.
+	 */
+	#globaloncycleup = "Services are now back online - have a nice day"
+
+	/*
+	 * If set, Services will hide the IRC Operator's nick in a global
+	 * message/notice.
+	 *
+	 * This directive is optional.
+	 */
+	#anonymousglobal = yes
+}
+
+/*
+ * Core Global commands.
+ *
+ * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
+ * are loaded you can then configure the commands to be added to any client you like with any name you like.
+ *
+ * Additionally, you may provide a permission name that must be in the opertype of users executing the command.
+ *
+ * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
+ */
+
+/* Give it a help command. */
+command { service = "Global"; name = "HELP"; command = "generic/help"; }
+
+/*
+ * gl_global
+ *
+ * Provides the command global/global.
+ *
+ * Used for sending a message to every online user.
+ */
+module { name = "gl_global" }
+command { service = "Global"; name = "GLOBAL"; command = "global/global"; permission = "global/global"; }
diff --git a/roles/anope/templates/anope/hostserv.conf.j2 b/roles/anope/templates/anope/hostserv.conf.j2
new file mode 100644
index 00000000..9a72d453
--- /dev/null
+++ b/roles/anope/templates/anope/hostserv.conf.j2
@@ -0,0 +1,192 @@
+/*
+{{ ansible_header | comment(decoration=' * ') }}
+ */
+
+/*
+ * Example configuration file for HostServ.
+ */
+
+/*
+ * First, create the service.
+ */
+service
+{
+	/*
+	 * The name of the HostServ client.
+	 * If you change this value, you probably want to change the client directive in the configuration for the hostserv module too.
+	 */
+	nick = "HostServ"
+
+	/*
+	 * The username of the HostServ client.
+	 */
+	user = "services"
+
+	/*
+	 * The hostname of the HostServ client.
+	 */
+	host = "services.host"
+
+	/*
+	 * The realname of the HostServ client.
+	 */
+	gecos = "vHost Service"
+
+	/*
+	 * The modes this client should use.
+	 * Do not modify this unless you know what you are doing.
+	 *
+	 * These modes are very IRCd specific. If left commented, sane defaults
+	 * are used based on what protocol module you have loaded.
+	 *
+	 * Note that setting this option incorrectly could potentially BREAK some, if
+	 * not all, usefulness of the client. We will not support you if this client is
+	 * unable to do certain things if this option is enabled.
+	 */
+	#modes = "+o"
+
+	/*
+	 * An optional comma separated list of channels this service should join. Outside
+	 * of log channels this is not very useful, as the service will just idle in the
+	 * specified channels, and will not accept any types of commands.
+	 *
+	 * Prefixes may be given to the channels in the form of mode characters or prefix symbols.
+	 */
+	channels = "@#services"
+}
+
+/*
+ * Core HostServ module.
+ *
+ * Provides essential functionality for HostServ.
+ */
+module
+{
+	name = "hostserv"
+
+	/*
+	 * The name of the client that should be HostServ.
+	 */
+	client = "HostServ"
+
+	/*
+	 * If enabled, vhosts are activated on users immediately when they are set.
+	 */
+	activate_on_set = yes
+}
+
+/*
+ * Core HostServ commands.
+ *
+ * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
+ * are loaded you can then configure the commands to be added to any client you like with any name you like.
+ *
+ * Additionally, you may provide a permission name that must be in the opertype of users executing the command.
+ *
+ * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
+ */
+
+/* Give it a help command. */
+command { service = "HostServ"; name = "HELP"; command = "generic/help"; }
+
+/*
+ * hs_del
+ *
+ * Provides the commands hostserv/del and hostserv/delall.
+ *
+ * Used for removing users' vHosts.
+ */
+module { name = "hs_del" }
+command { service = "HostServ"; name = "DEL"; command = "hostserv/del"; permission = "hostserv/del"; }
+command { service = "HostServ"; name = "DELALL"; command = "hostserv/delall"; permission = "hostserv/del"; }
+
+/*
+ * hs_group
+ *
+ * Provides the command hostserv/group.
+ *
+ * Used for grouping one vHost to many nicks.
+ */
+module
+{
+	name = "hs_group"
+
+	/*
+	 * Upon nickserv/group, this option syncs the nick's main vHost to the grouped nick.
+	 */
+	syncongroup = false
+
+	/*
+	 * This makes vhosts act as if they are per account.
+	 */
+	synconset = false
+}
+command { service = "HostServ"; name = "GROUP"; command = "hostserv/group"; }
+
+/*
+ * hs_list
+ *
+ * Provides the command hostserv/list.
+ *
+ * Used for listing actively set vHosts.
+ */
+module { name = "hs_list" }
+command { service = "HostServ"; name = "LIST"; command = "hostserv/list"; permission = "hostserv/list"; }
+
+/*
+ * hs_off
+ *
+ * Provides the command hostserv/off.
+ *
+ * Used for turning off your vHost.
+ */
+module { name = "hs_off" }
+command { service = "HostServ"; name = "OFF"; command = "hostserv/off"; }
+
+/*
+ * hs_on
+ *
+ * Provides the command hostserv/on.
+ *
+ * Used for turning on your vHost.
+ */
+module { name = "hs_on" }
+command { service = "HostServ"; name = "ON"; command = "hostserv/on"; }
+
+/*
+ * hs_request
+ *
+ * Provides the commands hostserv/request, hostserv/activate, hostserv/reject, and hostserv/waiting.
+ *
+ * Used to manage vHosts requested by users.
+ */
+module
+{
+	name = "hs_request"
+
+	/*
+	 * If set, Services will send a memo to the user requesting a vHost when it's been
+	 * approved or rejected.
+	 */
+	memouser = yes
+
+	/*
+	 * If set, Services will send a memo to all Services staff when a new vHost is requested.
+	 */
+	memooper = yes
+}
+command { service = "HostServ"; name = "REQUEST"; command = "hostserv/request"; }
+command { service = "HostServ"; name = "ACTIVATE"; command = "hostserv/activate"; permission = "hostserv/set"; }
+command { service = "HostServ"; name = "REJECT"; command = "hostserv/reject"; permission = "hostserv/set"; }
+command { service = "HostServ"; name = "WAITING"; command = "hostserv/waiting"; permission = "hostserv/set"; }
+
+/*
+ * hs_set
+ *
+ * Provides the commands hostserv/set and hostserv/setall.
+ *
+ * Used for setting users' vHosts.
+ */
+module { name = "hs_set" }
+command { service = "HostServ"; name = "SET"; command = "hostserv/set"; permission = "hostserv/set"; }
+command { service = "HostServ"; name = "SETALL"; command = "hostserv/setall"; permission = "hostserv/set"; }
diff --git a/roles/anope/templates/anope/memoserv.conf.j2 b/roles/anope/templates/anope/memoserv.conf.j2
new file mode 100644
index 00000000..da60a5cd
--- /dev/null
+++ b/roles/anope/templates/anope/memoserv.conf.j2
@@ -0,0 +1,247 @@
+/*
+{{ ansible_header | comment(decoration=' * ') }}
+ */
+
+/*
+ * Example configuration file for MemoServ.
+ */
+
+/*
+ * First, create the service.
+ */
+service
+{
+	/*
+	 * The name of the MemoServ client.
+	 * If you change this value, you probably want to change the client directive in the configuration for the memoserv module too.
+	 */
+	nick = "MemoServ"
+
+	/*
+	 * The username of the MemoServ client.
+	 */
+	user = "services"
+
+	/*
+	 * The hostname of the MemoServ client.
+	 */
+	host = "services.host"
+
+	/*
+	 * The realname of the MemoServ client.
+	 */
+	gecos = "Memo Service"
+
+	/*
+	 * The modes this client should use.
+	 * Do not modify this unless you know what you are doing.
+	 *
+	 * These modes are very IRCd specific. If left commented, sane defaults
+	 * are used based on what protocol module you have loaded.
+	 *
+	 * Note that setting this option incorrectly could potentially BREAK some, if
+	 * not all, usefulness of the client. We will not support you if this client is
+	 * unable to do certain things if this option is enabled.
+	 */
+	#modes = "+o"
+
+	/*
+	 * An optional comma separated list of channels this service should join. Outside
+	 * of log channels this is not very useful, as the service will just idle in the
+	 * specified channels, and will not accept any types of commands.
+	 *
+	 * Prefixes may be given to the channels in the form of mode characters or prefix symbols.
+	 */
+	channels = "@#services"
+}
+
+/*
+ * Core MemoServ module.
+ *
+ * Provides essential functionality for MemoServ.
+ */
+module
+{
+	name = "memoserv"
+	/*
+	 * The name of the client that should be MemoServ. Clients are configured
+	 * with the service blocks.
+	 */
+	client = "MemoServ"
+
+	/*
+	 * The maximum number of memos a user is allowed to keep by default. Normal users may set the
+	 * limit anywhere between 0 and this value. Services Admins can change it to any value or
+	 * disable it.
+	 *
+	 * This directive is optional, but recommended. If not set, the limit is disabled
+	 * by default, and normal users can set any limit they want.
+	 */
+	maxmemos = 20
+
+	/*
+	 * The delay between consecutive uses of the MemoServ SEND command. This can help prevent spam
+	 * as well as denial-of-service attacks from sending large numbers of memos and filling up disk
+	 * space (and memory). The default 3-second wait means a maximum average of 150 bytes of memo
+	 * per second per user under the current IRC protocol.
+	 *
+	 * This directive is optional, but recommended.
+	 */
+	senddelay = 3s
+}
+
+/*
+ * Core MemoServ commands.
+ *
+ * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
+ * are loaded you can then configure the commands to be added to any client you like with any name you like.
+ *
+ * Additionally, you may provide a permission name that must be in the opertype of users executing the command.
+ *
+ * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
+ */
+
+/* Give it a help command. */
+command { service = "MemoServ"; name = "HELP"; command = "generic/help"; }
+
+/*
+ * ms_cancel
+ *
+ * Provides the command memoserv/cancel.
+ *
+ * Used to cancel memos already sent but not yet read.
+ */
+module { name = "ms_cancel" }
+command { service = "MemoServ"; name = "CANCEL"; command = "memoserv/cancel"; }
+
+/*
+ * ms_check
+ *
+ * Provides the command memoserv/check.
+ *
+ * Used to check if a sent memo has been read.
+ */
+module { name = "ms_check" }
+command { service = "MemoServ"; name = "CHECK"; command = "memoserv/check"; }
+
+/*
+ * ms_del
+ *
+ * Provides the command memoserv/del.
+ *
+ * Used to delete your memos.
+ */
+module { name = "ms_del" }
+command { service = "MemoServ"; name = "DEL"; command = "memoserv/del"; }
+
+/*
+ * ms_ignore
+ *
+ * Provides the command memoserv/ignore.
+ *
+ * Used to ignore memos from specific users.
+ */
+module
+{
+	name = "ms_ignore"
+
+	/*
+	 * The maximum number of entries that may be on a memo ignore list.
+	 *
+	 * This directive is optional.
+	 */
+	max = 32
+}
+command { service = "MemoServ"; name = "IGNORE"; command = "memoserv/ignore"; }
+
+/*
+ * ms_info
+ *
+ * Provides the command memoserv/info.
+ *
+ * Used to show memo related information about an account or a channel.
+ */
+module { name = "ms_info" }
+command { service = "MemoServ"; name = "INFO"; command = "memoserv/info"; }
+
+/*
+ * ms_list
+ *
+ * Provides the command memoserv/list.
+ *
+ * Used to list your current memos.
+ */
+module { name = "ms_list" }
+command { service = "MemoServ"; name = "LIST"; command = "memoserv/list"; }
+
+/*
+ * ms_read
+ *
+ * Provides the command memoserv/read.
+ *
+ * Used to read your memos.
+ */
+module { name = "ms_read" }
+command { service = "MemoServ"; name = "READ"; command = "memoserv/read"; }
+
+/*
+ * ms_rsend
+ *
+ * Provides the command memoserv/rsend.
+ *
+ * Used to send a memo requiring a receipt be sent back once it is read.
+ *
+ * Requires configuring memoserv:memoreceipt.
+ */
+module
+{
+	name = "ms_rsend"
+
+	/*
+	 * Only allow Services Operators to use ms_rsend.
+	 *
+	 * This directive is optional.
+	 */
+	operonly = false
+}
+command { service = "MemoServ"; name = "RSEND"; command = "memoserv/rsend"; }
+
+/*
+ * ms_send
+ *
+ * Provides the command memoserv/send.
+ *
+ * Used to send memos.
+ */
+module { name = "ms_send" }
+command { service = "MemoServ"; name = "SEND"; command = "memoserv/send"; }
+
+/*
+ * ms_sendall
+ *
+ * Provides the command memoserv/sendall.
+ *
+ * Used to send a mass memo to every registered user.
+ */
+module { name = "ms_sendall" }
+command { service = "MemoServ"; name = "SENDALL"; command = "memoserv/sendall"; permission = "memoserv/sendall"; }
+
+/*
+ * ms_set
+ *
+ * Provides the command memoserv/set.
+ *
+ * Used to set settings such as how you are notified of new memos, and your memo limit.
+ */
+module { name = "ms_set" }
+command { service = "MemoServ"; name = "SET"; command = "memoserv/set"; }
+
+/*
+ * ms_staff
+ *
+ * Provides the command memoserv/staff.
+ *
+ * Used to send a memo to all registered staff members.
+ */
+module { name = "ms_staff" }
+command { service = "MemoServ"; name = "STAFF"; command = "memoserv/staff"; permission = "memoserv/staff"; }
diff --git a/roles/anope/templates/anope/modules.conf.j2 b/roles/anope/templates/anope/modules.conf.j2
new file mode 100644
index 00000000..8f201751
--- /dev/null
+++ b/roles/anope/templates/anope/modules.conf.j2
@@ -0,0 +1,757 @@
+/*
+{{ ansible_header | comment(decoration=' * ') }}
+ */
+
+/*
+ * [OPTIONAL] Non-Core Modules
+ *
+ * The following blocks are used to load all non-core modules, including 3rd-party modules.
+ * Modules can be prevented from loading by commenting out the line, other modules can be added by
+ * adding a module block. These modules will be loaded prior to Services connecting to your network.
+ *
+ * Note that some of these modules are labeled EXTRA, and are not included in the Debian package. Please
+ * file a wishlist bug against anope in the Debian BTS if you would like to use an 'extra' module.
+ */
+
+/*
+ * help
+ *
+ * Provides the command generic/help.
+ *
+ * This is a generic help command that can be used with any client.
+ */
+module { name = "help" }
+
+/*
+ * m_dns
+ *
+ * Adds support for the DNS protocol. By itself this module does nothing useful,
+ * but other modules such as m_dnsbl and os_dns require this.
+ */
+#module
+{
+	name = "m_dns"
+
+	/*
+	 * The nameserver to use for resolving hostnames, must be an IP or a resolver configuration file.
+	 * The below should work fine on all unix like systems. Windows users will have to find their nameservers
+	 * from ipconfig /all and put the IP here.
+	 */
+	nameserver = "/etc/resolv.conf"
+	#nameserver = "127.0.0.1"
+
+	/*
+	 * How long to wait in seconds before a DNS query has timed out.
+	 */
+	timeout = 5
+
+
+	/* Only edit below if you are expecting to use os_dns or otherwise answer DNS queries. */
+
+	/*
+	 * The IP and port services use to listen for DNS queries.
+	 * Note that ports less than 1024 are privileged on UNIX/Linux systems, and
+	 * require Anope to be started as root. If you do this, it is recommended you
+	 * set options:user and options:group so Anope can change users after binding
+	 * to this port.
+	 */
+	ip = "0.0.0.0"
+	port = 53
+
+
+	/*
+	 * SOA record information.
+	 */
+
+	/* E-mail address of the DNS administrator. */
+	admin = "admin@example.com"
+
+	/* This should be the names of the public facing nameservers serving the records. */
+	nameservers = "ns1.example.com ns2.example.com"
+
+	/* The time slave servers are allowed to cache. This should be reasonably low
+	 * if you want your records to be updated without much delay.
+	 */
+	refresh = 3600
+
+	/* A notify block. There should probably be one per nameserver listed in 'nameservers'.
+	 */
+	notify
+	{
+		ip = "192.0.2.0"
+		port = 53
+	}
+}
+
+/*
+ * m_dnsbl
+ *
+ * Allows configurable DNS blacklists to check connecting users against. If a user
+ * is found on the blacklist they will be immediately banned. This is a crucial module
+ * to prevent bot attacks.
+ */
+#module
+{
+	name = "m_dnsbl"
+
+	/*
+	 * If set, Services will check clients against the DNSBLs when services connect to its uplink.
+	 * This is not recommended, and on large networks will open a very large amount of DNS queries.
+	 * Whilst services are not drastically affected by this, your nameserver/DNSBL might care.
+	 */
+	check_on_connect = no
+
+	/*
+	 * If set, Services will check clients when coming back from a netsplit. This can cause a large number
+	 * of DNS queries open at once. Whilst services are not drastically affected by this, your nameserver/DNSBL
+	 * might care.
+	 */
+	check_on_netburst = no
+
+	/*
+	 * If set, OperServ will add clients found in the DNSBL to the akill list. Without it, OperServ simply sends
+	 * a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being fill up by bots.
+	 */
+	add_to_akill = yes
+
+	blacklist
+	{
+		/* Name of the blacklist. */
+		name = "rbl.efnetrbl.org"
+
+		/* How long to set the ban for. */
+		time = 4h
+
+		/* Reason for akill.
+		 * %n is the nick of the user
+		 * %u is the ident/username of the user
+		 * %g is the realname of the user
+		 * %h is the hostname of the user
+		 * %i is the IP of the user
+		 * %r is the reply reason (configured below). Will be nothing if not configured.
+		 * %N is the network name set in networkinfo:networkname
+		 */
+		reason = "You are listed in the efnet RBL, visit http://rbl.efnetrbl.org/?i=%i for info"
+
+		/* Replies to ban and their reason. If no relies are configured, all replies get banned. */
+		reply
+		{
+			code = 1
+			reason = "Open Proxy"
+		}
+
+		#reply
+		{
+			code = 2
+			reason = "spamtrap666"
+		}
+
+		#reply
+		{
+			code = 3
+			reason = "spamtrap50"
+		}
+
+		reply
+		{
+			code = 4
+			reason = "TOR"
+
+			/*
+			 * If set, users identified to services at the time the result comes back
+			 * will not be banned.
+			 */
+			#allow_account = yes
+		}
+
+		reply
+		{
+			code = 5
+			reason = "Drones / Flooding"
+		}
+	}
+
+	blacklist
+	{
+		name = "dnsbl.dronebl.org"
+		time = 4h
+		reason = "You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded?ip=%i&network=%N"
+	}
+
+	/* Exempt localhost from DNSBL checks */
+	exempt { ip = "127.0.0.1" }
+}
+
+/*
+ * m_helpchan
+ *
+ * Gives users who are op in the specified help channel usermode +h (helpop).
+ */
+#module
+{
+	name = "m_helpchan"
+
+	helpchannel = "#help"
+}
+
+/*
+ * m_httpd
+ *
+ * Allows services to serve web pages. By itself, this module does nothing useful.
+ *
+ * Note that using this will allow users to get the IP of your services.
+ * To prevent this we recommend using a reverse proxy or a tunnel.
+ */
+#module
+{
+	name = "m_httpd"
+
+	httpd
+	{
+		/* Name of this service. */
+		name = "httpd/main"
+
+		/* IP to listen on. */
+		ip = "0.0.0.0"
+
+		/* Port to listen on. */
+		port = 8080
+
+		/* Time before connections to this server are timed out. */
+		timeout = 30
+
+		/* Listen using SSL. Requires an SSL module. */
+		#ssl = yes
+
+		/* If you are using a reverse proxy that sends one of the
+		 * extforward_headers set below, set this to its IP.
+		 * This allows services to obtain the real IP of users by
+		 * reading the forwarded-for HTTP header.
+		 */
+		#extforward_ip = "192.168.0.255"
+
+		/* The header to look for. These probably work as is. */
+		extforward_header = "X-Forwarded-For Forwarded-For"
+	}
+}
+
+/*
+ * m_ldap [EXTRA]
+ *
+ * This module allows other modules to use LDAP. By itself, this module does nothing useful.
+ */
+#module
+{
+	name = "m_ldap"
+
+	ldap
+	{
+		server = "ldap://127.0.0.1"
+
+		/*
+		 * Admin credentials used for performing searches and adding users.
+		 */
+		admin_binddn = "cn=Manager,dc=anope,dc=org"
+		admin_password = "secret"
+	}
+}
+
+/*
+ * m_ldap_authentication [EXTRA]
+ *
+ * This module allows many commands such as IDENTIFY, RELEASE, RECOVER, GHOST, etc. use
+ * LDAP to authenticate users. Requires m_ldap.
+*/
+#module
+{
+	name = "m_ldap_authentication"
+
+	/*
+	 * The distinguished name used for searching for users's accounts.
+	 */
+	basedn = "ou=users,dc=anope,dc=org"
+
+	/*
+	 * The search filter used to look up users's accounts.
+	 * %account is replaced with the user's account.
+	 * %object_class is replaced with the object_class configured below.
+	 */
+	search_filter = "(&(uid=%account)(objectClass=%object_class))"
+
+	/*
+	 * The object class used by LDAP to store user account information.
+	 * This is used for adding new users to LDAP if registration is allowed.
+	 */
+	object_class = "anopeUser"
+
+	/*
+	 * The attribute value used for account names.
+	 */
+	username_attribute = "uid"
+
+	/*
+	 * The attribute value used for email addresses.
+	 * This directive is optional.
+	 */
+	email_attribute = "email"
+
+	/*
+	 * The attribute value used for passwords.
+	 * Used when registering new accounts in LDAP.
+	 */
+	password_attribute = "userPassword"
+
+	/*
+	 * If set, the reason to give the users who try to register with nickserv,
+	 * including nick registration from grouping.
+	 *
+	 * If not set, then registration is not blocked.
+	 */
+	#disable_register_reason = "To register on this network visit http://some.misconfigured.site/register"
+
+	/*
+	 * If set, the reason to give the users who try to "/msg NickServ SET EMAIL".
+	 * If not set, then email changing is not blocked.
+	 */
+	#disable_email_reason = "To change your email address visit http://some.misconfigured.site"
+}
+
+/*
+ * m_ldap_oper [EXTRA]
+ *
+ * This module dynamically ties users to Anope opertypes when they identify
+ * via LDAP group membership. Requires m_ldap.
+ *
+ * Note that this doesn't give the user privileges on the IRCd, only in Services.
+ */
+#module
+{
+	name = "m_ldap_oper"
+
+	/*
+	 * An optional binddn to use when searching for groups.
+	 * %a is replaced with the account name of the user.
+	 */
+	#binddn = "cn=Manager,dc=anope,dc=org"
+
+	/*
+	 * An optional password to bind with.
+	 */
+	#password = "secret"
+
+	/*
+	 * The base DN where the groups are.
+	 */
+	basedn = "ou=groups,dc=anope,dc=org"
+
+	/*
+	 * The filter to use when searching for users.
+	 * %a is replaced with the account name of the user.
+	 */
+	filter = "(member=uid=%a,ou=users,dc=anope,dc=org)"
+
+	/*
+	 * The attribute of the group that is the name of the opertype.
+	 * The cn attribute should match a known opertype in the config.
+	 */
+	opertype_attribute = "cn"
+}
+
+/*
+ * m_mysql [EXTRA]
+ *
+ * This module allows other modules to use MySQL.
+ */
+#module
+{
+	name = "m_mysql"
+
+	mysql
+	{
+		/* The name of this service. */
+		name = "mysql/main"
+		database = "anope"
+		server = "127.0.0.1"
+		username = "anope"
+		password = "mypassword"
+		port = 3306
+	}
+}
+/*
+ * m_redis
+ *
+ * This module allows other modules to use Redis.
+ */
+#module
+{
+	name = "m_redis"
+
+	/* A redis database */
+	redis
+	{
+		/* The name of this service */
+		name = "redis/main"
+
+		/*
+		 * The redis database to use. New connections default to 0.
+		 */
+		db = 0
+
+		ip = "127.0.0.1"
+		port = 6379
+	}
+}
+
+/*
+ * m_regex_pcre [EXTRA]
+ *
+ * Provides the regex engine regex/pcre, which uses the Perl Compatible Regular Expressions library.
+ */
+#module { name = "m_regex_pcre" }
+
+/*
+ * m_regex_posix [EXTRA]
+ *
+ * Provides the regex engine regex/posix, which uses the POSIX compliant regular expressions.
+ * This is likely the only regex module you will not need extra libraries for.
+ */
+#module { name = "m_regex_posix" }
+
+/*
+ * m_regex_tre [EXTRA]
+ *
+ * Provides the regex engine regex/tre, which uses the TRE regex library.
+ */
+#module { name = "m_regex_tre" }
+
+/*
+ * m_rewrite
+ *
+ * Allows rewriting commands sent to/from clients.
+ */
+#module { name = "m_rewrite" }
+#command
+{
+	service = "ChanServ"; name = "CLEAR"; command = "rewrite"
+
+	/* Enable m_rewrite. */
+	rewrite = true
+
+	/* Source message to match. A $ can be used to match anything. */
+	rewrite_source = "CLEAR $ USERS"
+
+	/*
+	 * Message to rewrite the source message to. A $ followed by a number, eg $0, gets
+	 * replaced by the number-th word from the source_message, starting from 0.
+	 */
+	rewrite_target = "KICK $1 *"
+
+	/*
+	 * The command description. This only shows up in HELP's output.
+	 * Comment this option to prevent the command from showing in the
+	 * HELP command.
+	 */
+	rewrite_description = "Clears all users from a channel"
+}
+
+/*
+ * m_proxyscan
+ *
+ * This module allows you to scan connecting clients for open proxies.
+ * Note that using this will allow users to get the IP of your services.
+ *
+ * Currently the two supported proxy types are HTTP and SOCKS5.
+ *
+ * The proxy scanner works by attempting to connect to clients when they
+ * connect to the network, and if they have a proxy running instruct it to connect
+ * back to services. If services are able to connect through the proxy to itself
+ * then it knows it is an insecure proxy, and will ban it.
+ */
+#module
+{
+	name = "m_proxyscan"
+
+	/*
+	 * The target IP services tells the proxy to connect back to. This must be a publicly
+	 * available IP that remote proxies can connect to.
+	 */
+	#target_ip = "127.0.0.1"
+
+	/*
+	 * The port services tells the proxy to connect to.
+	 */
+	target_port = 7226
+
+	/*
+	 * The listen IP services listen on for incoming connections from suspected proxies.
+	 * This probably will be the same as target_ip, but may not be if you are behind a firewall (NAT).
+	 */
+	#listen_ip = "127.0.0.1"
+
+	/*
+	 * The port services should listen on for incoming connections from suspected proxies.
+	 * This most likely will be the same as target_port.
+	 */
+	listen_port = 7226
+
+	/*
+	 * An optional notice sent to clients upon connect.
+	 */
+	#connect_notice = "We will now scan your host for insecure proxies. If you do not consent to this scan please disconnect immediately."
+
+	/*
+	 * Who the notice should be sent from.
+	 */
+	#connect_source = "OperServ"
+
+	/*
+	 * If set, OperServ will add infected clients to the akill list. Without it, OperServ simply sends
+	 * a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being filled up by bots.
+	 */
+	add_to_akill = yes
+
+	/*
+	 * How long before connections should be timed out.
+	 */
+	timeout = 5
+
+	proxyscan
+	{
+		/* The type of proxy to check for. A comma separated list is allowed. */
+		type = "HTTP"
+
+		/* The ports to check. */
+		port = "80,8080"
+
+		/* How long to set the ban for. */
+		time = 4h
+
+		/*
+		 * The reason to ban the user for.
+		 * %h is replaced with the type of proxy found.
+		 * %i is replaced with the IP of proxy found.
+		 * %p is replaced with the port.
+		 */
+		reason = "You have an open proxy running on your host (%t:%i:%p)"
+	}
+}
+
+/*
+ * m_sasl
+ *
+ * Some IRCds allow "SASL" authentication to let users identify to Services
+ * during the IRCd user registration process. If this module is loaded, Services will allow
+ * authenticating users through this mechanism. Supported mechanisms are:
+ * PLAIN, EXTERNAL.
+ */
+#module { name = "m_sasl" }
+
+/*
+ * m_ssl_gnutls [EXTRA]
+ *
+ * This module provides SSL services to Anope using GnuTLS, for example to
+ * connect to the uplink server(s) via SSL.
+ *
+ * You may only load either m_ssl_gnutls or m_ssl_openssl, bot not both.
+ */
+#module
+{
+	name = "m_ssl_gnutls"
+
+	/*
+	 * An optional certificate and key for m_ssl_gnutls to give to the uplink.
+	 *
+	 * You can generate your own certificate and key pair by using:
+	 *
+	 *   certtool --generate-privkey --bits 2048 --outfile anope.key
+	 *   certtool --generate-self-signed --load-privkey anope.key --outfile anope.crt
+	 *
+	 */
+	cert = "data/anope.crt"
+	key = "data/anope.key"
+
+	/*
+	 * Diffie-Hellman parameters to use when acting as a server. This is only
+	 * required for TLS servers that want to use ephemeral DH cipher suites.
+	 *
+	 * This is NOT required for Anope to connect to the uplink server(s) via SSL.
+	 *
+	 * You can generate DH parameters by using:
+	 *
+	 *   certtool --generate-dh-params --bits 2048 --outfile dhparams.pem
+	 *
+	 */
+#	dhparams = "data/dhparams.pem"
+}
+
+/*
+ * m_ssl_openssl [EXTRA]
+ *
+ * This module provides SSL services to Anope using OpenSSL, for example to
+ * connect to the uplink server(s) via SSL.
+ *
+ * You may only load either m_ssl_openssl or m_ssl_gnutls, bot not both.
+ *
+ */
+#module
+{
+	name = "m_ssl_openssl"
+
+	/*
+	 * An optional certificate and key for m_ssl_openssl to give to the uplink.
+	 *
+	 * You can generate your own certificate and key pair by using:
+	 *
+	 *   openssl genrsa -out anope.key 2048
+	 *   openssl req -new -x509 -key anope.key -out anope.crt -days 1095
+	 */
+	cert = "data/anope.crt"
+	key = "data/anope.key"
+
+	/*
+	 * As of 2014 SSL 3.0 is considered insecure, but it might be enabled
+	 * on some systems by default for compatibility reasons.
+	 * You can use the following option to enable or disable it explicitly.
+	 * Leaving this option not set defaults to the default system behavior.
+	 */
+	#sslv3 = no
+}
+
+/*
+ * m_sql_authentication [EXTRA]
+ *
+ * This module allows authenticating users against an external SQL database using a custom
+ * query.
+ */
+#module
+{
+	name = "m_sql_authentication"
+
+	/* SQL engine to use. Should be configured elsewhere with m_mysql, m_sqlite, etc. */
+	engine = "mysql/main"
+
+	/* Query to execute to authenticate. A non empty result from this query is considered a success,
+	 * and the user will be authenticated.
+	 *
+	 * @a@ is replaced with the user's account name
+	 * @p@ is replaced with the user's password
+	 * @n@ is replaced with the user's nickname
+	 * @i@ is replaced with the user's IP
+	 *
+	 * Note that @n@ and @i@ may not always exist in the case of a user identifying outside of the normal
+	 * nickserv/identify command, such as through the web panel.
+	 *
+	 * Furthermore, if a field named email is returned from this query the user's email is
+	 * set to its value.
+	 *
+	 *
+	 * We've included some example queries for some popular website/forum systems.
+	 *
+	 * Drupal 6: "SELECT `mail` AS `email` FROM `users` WHERE `name` = @a@ AND `pass` = MD5(@p@) AND `status` = 1"
+	 * e107 cms: "SELECT `user_email` AS `email` FROM `e107_user` WHERE `user_loginname` = @a@ AND `user_password` = MD5(@p@)"
+	 * SMF Forum: "SELECT `email_address` AS `email` FROM `smf_members` WHERE `member_name` = @a@ AND `passwd` = SHA1(CONCAT(LOWER(@a@), @p@))"
+	 * vBulletin: "SELECT `email` FROM `user` WHERE `username` = @a@ AND `password` = MD5(CONCAT(MD5(@p@), `salt`))"
+	 * IP.Board: "SELECT `email` FROM `ibf_members` WHERE `name` = @a@ AND `members_pass_hash` = MD5(CONCAT(MD5(`members_pass_salt`), MD5(@p@)))"
+	 */
+	query = "SELECT `email_addr` AS `email` FROM `my_users` WHERE `username` = @a@ AND `password` = MD5(CONCAT('salt', @p@))"
+
+	/*
+	 * If set, the reason to give the users who try to "/msg NickServ REGISTER".
+	 * If not set, then registration is not blocked.
+	 */
+	#disable_reason = "To register on this network visit http://some.misconfigured.site/register"
+
+	/*
+	 * If set, the reason to give the users who try to "/msg NickServ SET EMAIL".
+	 * If not set, then email changing is not blocked.
+	 */
+	#disable_email_reason = "To change your email address visit http://some.misconfigured.site"
+}
+
+/*
+ * m_sql_log [EXTRA]
+ *
+ * This module adds an additional target option to log{} blocks
+ * that allows logging Service's logs to SQL. To log to SQL, add
+ * the SQL service name to log:targets prefixed by sql_log:. For
+ * example:
+ *
+ * log
+ * {
+ *     targets = "services.log sql_log:mysql/main"
+ *     ...
+ * }
+ *
+ * By default this module logs to the table `logs`, and will create
+ * it if it doesn't exist. This module does not create any indexes (keys)
+ * on the table and it is recommended you add them yourself as necessary.
+ */
+#module { name = "m_sql_log" }
+
+/*
+ * m_sql_oper [EXTRA]
+ *
+ * This module allows granting users services operator privileges and possibly IRC Operator
+ * privileges based on an external SQL database using a custom query.
+ */
+#module
+{
+	name = "m_sql_oper"
+
+	/* SQL engine to use. Should be configured elsewhere with m_mysql, m_sqlite, etc. */
+	engine = "mysql/main"
+
+	/* Query to execute to determine if a user should have operator privileges.
+	 * A field named opertype must be returned in order to link the user to their oper type.
+	 * The oper types must be configured earlier in services.conf.
+	 *
+	 * If a field named modes is returned from this query then those modes are set on the user.
+	 * Without this, only a simple +o is sent.
+	 *
+	 * @a@ is replaced with the user's account name
+	 * @i@ is replaced with the user's IP
+	 */
+	query = "SELECT `opertype` FROM `my_users` WHERE `user_name` = @a@"
+}
+
+/*
+ * m_sqlite [EXTRA]
+ *
+ * This module allows other modules to use SQLite.
+ */
+#module
+{
+	name = "m_sqlite"
+
+	/* A SQLite database */
+	sqlite
+	{
+		/* The name of this service. */
+		name = "sqlite/main"
+
+		/* The database name, it will be created if it does not exist. */
+		database = "anope.db"
+	}
+}
+
+/*
+ * m_xmlrpc
+ *
+ * Allows remote applications (websites) to execute queries in real time to retrieve data from Anope.
+ * By itself this module does nothing, but allows other modules (m_xmlrpc_main) to receive and send XMLRPC queries.
+ */
+#module
+{
+	name = "m_xmlrpc"
+
+	/* Web service to use. Requires m_httpd. */
+	server = "httpd/main"
+}
+
+/*
+ * m_xmlrpc_main
+ *
+ * Adds the main XMLRPC core functions.
+ * Requires m_xmlrpc.
+ */
+#module { name = "m_xmlrpc_main" }
diff --git a/roles/anope/templates/anope/nickserv.conf.j2 b/roles/anope/templates/anope/nickserv.conf.j2
new file mode 100644
index 00000000..45428a46
--- /dev/null
+++ b/roles/anope/templates/anope/nickserv.conf.j2
@@ -0,0 +1,674 @@
+/*
+{{ ansible_header | comment(decoration=' * ') }}
+ */
+
+/*
+ * Example configuration file for NickServ.
+ */
+
+/*
+ * First, create the service.
+ */
+service
+{
+	/*
+	 * The name of the NickServ client.
+	 * If you change this value, you probably want to change the client directive in the configuration for the nickserv module too.
+	 */
+	nick = "NickServ"
+
+	/*
+	 * The username of the NickServ client.
+	 */
+	user = "services"
+
+	/*
+	 * The hostname of the NickServ client.
+	 */
+	host = "services.host"
+
+	/*
+	 * The realname of the NickServ client.
+	 */
+	gecos = "Nickname Registration Service"
+
+	/*
+	 * The modes this client should use.
+	 * Do not modify this unless you know what you are doing.
+	 *
+	 * These modes are very IRCd specific. If left commented, sane defaults
+	 * are used based on what protocol module you have loaded.
+	 *
+	 * Note that setting this option incorrectly could potentially BREAK some, if
+	 * not all, usefulness of the client. We will not support you if this client is
+	 * unable to do certain things if this option is enabled.
+	 */
+	#modes = "+o"
+
+	/*
+	 * An optional comma separated list of channels this service should join. Outside
+	 * of log channels this is not very useful, as the service will just idle in the
+	 * specified channels, and will not accept any types of commands.
+	 *
+	 * Prefixes may be given to the channels in the form of mode characters or prefix symbols.
+	 */
+	channels = "@#services"
+}
+
+/*
+ * Core NickServ module.
+ *
+ * Provides essential functionality for NickServ.
+ */
+module
+{
+	name = "nickserv"
+
+	/*
+	 * The name of the client that should be NickServ.
+	 */
+	client = "NickServ"
+
+	/*
+	 * Force users to give an e-mail address when they register a nick.
+	 *
+	 * This directive defaults to "yes" and is recommended to be enabled. This is required if e-mail registration is enabled.
+	 */
+	forceemail = yes
+
+	/*
+	 * Require users who change their email address to confirm they
+	 * own their new email.
+	 */
+	confirmemailchanges = no
+
+	/*
+	 * A message sent to users on connect if they use an unregistered nick. %n will be replaced with the user's nickname.
+	 *
+	 * This directive is optional.
+	 */
+	unregistered_notice = "Your nickname is not registered. To register it, use: /msg NickServ REGISTER password email"
+
+	/*
+	 * The default options for newly registered nicks. Note that changing these options
+	 * will have no effect on nicks which are already registered. The list must be separated
+	 * by spaces.
+	 *
+	 * The options are:
+	 * -   killprotect: Kill nick if not identified within 60 seconds
+	 * -    kill_quick: Kill nick if not identified within 20 seconds, this one overrides the above
+	 *                    option and the above must be specified with this one
+	 * -     ns_secure: Enable nickname security, requiring the nick's password before any operations
+	 *                    can be done on it
+	 * -    ns_private: Hide the nick from NickServ's LIST command
+	 * -    hide_email: Hide's the nick's e-mail address from NickServ's INFO command
+	 * -     hide_mask: Hide's the nick's last or current user@host from NickServ's INFO command
+	 * -     hide_quit: Hide's the nick's last quit message
+	 * -   memo_signon: Notify user if they have a new memo when they sign into the nick
+	 * -  memo_receive: Notify user if they have a new memo as soon as it's received
+	 * -     memo_mail: Notify user if they have a new memo by mail
+	 * -        autoop: User will be automatically opped in channels they enter and have access to
+	 * -           msg: Services messages will be sent as PRIVMSGs instead of NOTICEs, requires
+	 *                    options:useprivmsg to be enabled as well
+	 * -  ns_keepmodes: Enables keepmodes, which retains user modes across sessions
+	 * -  ns_no_expire: Enables no expire. Unconfirmed expire overrules this.
+	 *
+	 * This directive is optional, if left blank, the options will default to ns_secure, memo_signon, and
+	 * memo_receive. If you really want no defaults, use "none" by itself as the option.
+	 */
+	defaults = "ns_secure ns_private hide_email hide_mask memo_signon memo_receive autoop"
+
+	/*
+	 * The minimum length of time between consecutive uses of NickServ's REGISTER command. This
+	 * directive is optional, but recommended. If not set, this restriction will be disabled.
+	 */
+	regdelay = 30s
+
+	/*
+	 * The length of time before a nick's registration expires.
+	 *
+	 * This directive is optional, but recommended. If not set, the default is 21 days.
+	 */
+	expire = 365d
+
+	/*
+	 * Prevents the use of the ACCESS and CERT (excluding their LIST subcommand), DROP, FORBID, SUSPEND,
+	 * GETPASS and SET PASSWORD commands by services operators on other services operators.
+	 *
+	 * This directive is optional, but recommended.
+	 */
+	secureadmins = no
+
+	/*
+	 * If set, Services will set the channel modes a user has access to upon identifying, assuming
+	 * they are not already set.
+	 *
+	 * This directive is optional.
+	 */
+	modeonid = yes
+
+	/*
+	 * If set, Services will set these user modes on any user who identifies.
+	 *
+	 * This directive is optional.
+	 */
+	#modesonid = "+R"
+
+	/*
+	 * If set, Services will not show netsplits in the last quit message field
+	 * of NickServ's INFO command.
+	 */
+	hidenetsplitquit = no
+
+	/*
+	 * If set, is the length of time NickServ's killquick and kill options wait before
+	 * forcing users off of protected nicknames.
+	 */
+	killquick = 20s
+	kill = 60s
+
+	/*
+	 * If set, forbids the registration of nicks that contain an existing
+	 * nick with Services access. For example, if Tester is a Services Oper,
+	 * you can't register NewTester or Tester123 unless you are an IRC
+	 * Operator.
+	 *
+	 * NOTE: If you enable this, you will have to be logged in as an IRC
+	 * operator in order to register a Services Root nick when setting up
+	 * Anope for the first time.
+	 *
+	 * This directive is optional.
+	 */
+	#restrictopernicks = yes
+
+	/*
+	 * The username, and possibly hostname, used for fake users created when Services needs to
+	 * hold a nickname.
+	 */
+	enforceruser = "enforcer"
+	enforcerhost = "services.host"
+
+	/*
+	 * The length of time Services hold nicknames.
+	 *
+	 * This directive is optional, but recommended. If not set it defaults to 1 minute.
+	 */
+	releasetimeout = 1m
+
+	/*
+	 * When a user's nick is forcibly changed to enforce a "nick kill", their new nick will start
+	 * with this value. The rest will be made up of 6 or 7 digits.
+	 * Make sure this is a valid nick and Nicklen+7 is not longer than the allowed Nicklen on your ircd.
+	 *
+	 * This directive is optional. If not set it defaults to "Guest"
+	 */
+	guestnickprefix = "Guest"
+
+	/*
+	 * If set, Services do not allow ownership of nick names, only ownership of accounts.
+	 */
+	nonicknameownership = no
+
+	/*
+	 * The maximum length of passwords
+	 *
+	 * This directive is optional. If not set it defaults to 32.
+	 */
+	passlen = 64
+}
+
+/*
+ * Core NickServ commands.
+ *
+ * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
+ * are loaded you can then configure the commands to be added to any client you like with any name you like.
+ *
+ * Additionally, you may provide a permission name that must be in the opertype of users executing the command.
+ *
+ * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
+ */
+
+/* Command group configuration for NickServ.
+ *
+ * Commands may optionally be placed into groups to make NickServ's HELP output easier to understand.
+ * Remove the following groups to use the old behavior of simply listing all NickServ commands from HELP.
+ */
+command_group
+{
+	name = "nickserv/admin"
+	description = _("Services Operator commands")
+}
+
+/* Give it a help command. */
+command { service = "NickServ"; name = "HELP"; command = "generic/help"; }
+
+/*
+ * ns_access
+ *
+ * Provides the command nickserv/access.
+ *
+ * Used for configuring what hosts have access to your account.
+ */
+module
+{
+	name = "ns_access"
+
+	/*
+	 * The maximum number of entries allowed on a nickname's access list.
+	 * If not set, the default is 32. This number cannot be set to 0.
+	 */
+	accessmax = 32
+
+	/*
+	 * If set, Services will add the usermask of registering users to the access list of their
+	 * newly created account. If not set, users will always have to identify to NickServ before
+	 * being recognized, unless they manually add an address to the access list of their account.
+	 * This directive is optional.
+	 */
+	addaccessonreg = yes
+}
+command { service = "NickServ"; name = "ACCESS"; command = "nickserv/access"; }
+
+/*
+ * ns_ajoin
+ *
+ * Provides the command nickserv/ajoin.
+ *
+ * Used for configuring channels to join once you identify.
+ */
+module
+{
+	name = "ns_ajoin"
+
+	/*
+	 * The maximum number of channels a user can have on NickServ's AJOIN command.
+	 */
+	ajoinmax = 10
+}
+command { service = "NickServ"; name = "AJOIN"; command = "nickserv/ajoin"; }
+
+/*
+ * ns_alist
+ *
+ * Provides the command nickserv/alist.
+ *
+ * Used for viewing what channels you have access to.
+ */
+module { name = "ns_alist" }
+command { service = "NickServ"; name = "ALIST"; command = "nickserv/alist"; }
+
+/*
+ * ns_cert
+ *
+ * Provides the command nickserv/cert.
+ *
+ * Used for configuring your SSL certificate list, which can be used to automatically identify you.
+ */
+module
+{
+	name = "ns_cert"
+
+	/*
+	 * The maximum number of entries allowed on a nickname's certificate fingerprint list.
+	 * The default is 5. This number cannot be set to 0.
+	 */
+	max = 5
+}
+command { service = "NickServ"; name = "CERT"; command = "nickserv/cert"; }
+
+/*
+ * ns_drop
+ *
+ * Provides the command nickserv/drop.
+ *
+ * Used for unregistering names.
+ */
+module { name = "ns_drop" }
+command { service = "NickServ"; name = "DROP"; command = "nickserv/drop"; }
+
+/*
+ * ns_getemail
+ *
+ * Provides the command nickserv/getemail.
+ *
+ * Used for getting registered accounts by searching for emails.
+ */
+module { name = "ns_getemail" }
+command { service = "NickServ"; name = "GETEMAIL"; command = "nickserv/getemail"; permission = "nickserv/getemail"; group = "nickserv/admin"; }
+
+/*
+ * ns_getpass
+ *
+ * Provides the command nickserv/getpass.
+ *
+ * Used for getting users passwords.
+ *
+ * Requires no encryption is being used.
+ */
+#module { name = "ns_getpass" }
+#command { service = "NickServ"; name = "GETPASS"; command = "nickserv/getpass"; permission = "nickserv/getpass"; }
+
+/*
+ * ns_group
+ *
+ * Provides the commands nickserv/group, nickserv/glist, and nickserv/ungroup.
+ *
+ * Used for controlling nick groups.
+ */
+module
+{
+	name = "ns_group"
+
+	/*
+	 * The maximum number of nicks allowed in a group.
+	 *
+	 * This directive is optional, but recommended. If not set or set to 0, no limits will be applied.
+	 */
+	maxaliases = 16
+
+	/*
+	 * If set, the NickServ GROUP command won't allow any group changes. This is recommended to
+	 * prevent users from accidentally dropping their nicks, as it forces users to explicitly
+	 * drop their nicks before adding it to another group.
+	 *
+	 * This directive is optional, but recommended.
+	 */
+	nogroupchange = yes
+}
+command { service = "NickServ"; name = "GLIST"; command = "nickserv/glist"; }
+command { service = "NickServ"; name = "GROUP"; command = "nickserv/group"; }
+command { service = "NickServ"; name = "UNGROUP"; command = "nickserv/ungroup"; }
+
+/*
+ * ns_identify
+ *
+ * Provides the command nickserv/identify.
+ *
+ * Used for identifying to accounts.
+ */
+module
+{
+	name = "ns_identify"
+
+	/*
+	 * If set, limits the number of concurrent users that can be logged in as a given account at once.
+	 */
+	maxlogins = 10
+}
+command { service = "NickServ"; name = "ID"; command = "nickserv/identify"; hide = true; }
+command { service = "NickServ"; name = "IDENTIFY"; command = "nickserv/identify"; }
+
+/*
+ * ns_info
+ *
+ * Provides the commands:
+ * nickserv/info. - Used for gathering information about an account.
+ * nickserv/set/hide, nickserv/saset/hide - Used for configuring which options are publicly shown in nickserv/info.
+ *
+ */
+module { name = "ns_info" }
+command { service = "NickServ"; name = "INFO"; command = "nickserv/info"; }
+
+command { service = "NickServ"; name = "SET HIDE"; command = "nickserv/set/hide"; }
+command { service = "NickServ"; name = "SASET HIDE"; command = "nickserv/saset/hide"; permission = "nickserv/saset/hide"; }
+
+
+/*
+ * ns_list
+ *
+ * Provides the commands:
+ *   nickserv/list - Used for retrieving and searching the registered account list.
+ *   nickserv/set/private, nickserv/saset/private - Used for configuring whether or a users account shows up in nickserv/list.
+ *
+ */
+module
+{
+	name = "ns_list"
+
+	/*
+	 * The maximum number of nicks to be returned for a NickServ LIST command.
+	 */
+	listmax = 50
+}
+command { service = "NickServ"; name = "LIST"; command = "nickserv/list"; }
+
+command { service = "NickServ"; name = "SET PRIVATE"; command = "nickserv/set/private"; }
+command { service = "NickServ"; name = "SASET PRIVATE"; command = "nickserv/saset/private"; permission = "nickserv/saset/private"; }
+
+
+/*
+ * ns_logout
+ *
+ * Provides the command nickserv/logout.
+ *
+ * Used for logging out of your account.
+ */
+module { name = "ns_logout" }
+command { service = "NickServ"; name = "LOGOUT"; command = "nickserv/logout"; }
+
+/*
+ * ns_recover
+ *
+ * Provides the command nickserv/recover.
+ *
+ * Used for recovering your nick from services or another user.
+ */
+module
+{
+	name = "ns_recover"
+
+	/*
+	 * If set, Services will svsnick and svsjoin users who use the recover
+	 * command on an identified user to the nick and channels of the recovered user.
+	 *
+	 * This directive is opional.
+	 */
+	restoreonrecover = yes
+}
+command { service = "NickServ"; name = "RECOVER"; command = "nickserv/recover"; }
+# Uncomment below to emulate 1.8's behavior of ghost and release.
+#command { service = "NickServ"; name = "GHOST"; command = "nickserv/recover"; }
+#command { service = "NickServ"; name = "RELEASE"; command = "nickserv/recover"; }
+
+/*
+ * ns_register
+ *
+ * Provides the commands nickserv/confirm, nickserv/register, and nickserv/resend.
+ *
+ * Used for registering accounts.
+ */
+module
+{
+	name = "ns_register"
+
+	/*
+	 * Registration confirmation setting. Set to "none" for no registration confirmation,
+	 * "mail" for email confirmation, and "admin" to have services operators manually confirm
+	 * every registration. Set to "disable" to completely disable all registrations.
+	 */
+	registration = "none"
+
+	/*
+	 * The minimum length of time between consecutive uses of NickServ's RESEND command.
+	 *
+	 * This directive is optional, but recommended. If not set, this restriction will be disabled.
+	 */
+	resenddelay = 90s
+
+	/*
+	 * Prevents users from registering their nick if they are not connected
+	 * for at least the given number of seconds.
+	 *
+	 * This directive is optional.
+	 */
+	nickregdelay = 30s
+
+	/*
+	 * The length of time a user using an unconfirmed account has
+	 * before the account will be released for general use again.
+	 */
+	unconfirmedexpire = 1d
+}
+command { service = "NickServ"; name = "CONFIRM"; command = "nickserv/confirm"; }
+command { service = "NickServ"; name = "REGISTER"; command = "nickserv/register"; }
+command { service = "NickServ"; name = "RESEND"; command = "nickserv/resend"; }
+
+/*
+ * ns_resetpass
+ *
+ * Provides the command nickserv/resetpass.
+ *
+ * Used for resetting passwords by emailing users a temporary one.
+ */
+module { name = "ns_resetpass" }
+command { service = "NickServ"; name = "RESETPASS"; command = "nickserv/resetpass"; }
+
+/*
+ * ns_set
+ *
+ * Provides the commands:
+ *   nickserv/set, nickserv/saset - Dummy help wrappers for the SET and SASET commands.
+ *   nickserv/set/autoop, nickserv/saset/autoop - Determines whether or not modes are automatically set users when joining a channel.
+ *   nickserv/set/display, nickserv/saset/display - Used for setting a users display name.
+ *   nickserv/set/email, nickserv/saset/email - Used for setting a users email address.
+ *   nickserv/set/keepmodes, nickserv/saset/keepmodes - Configure whether or not services should retain a user's modes across sessions.
+ *   nickserv/set/kill, nickserv/saset/kill - Used for configuring nickname protection.
+ *   nickserv/set/language, nickserv/saset/language - Used for configuring what language services use.
+ *   nickserv/set/message, nickserv/saset/message - Used to configure how services send messages to you.
+ *   nickserv/set/password, nickserv/saset/password  - Used for changing a users password.
+ *   nickserv/set/secure, nickserv/saset/secure - Used for configuring whether a user can identify by simply being recognized by nickserv/access.
+ *   nickserv/saset/noexpire - Used for configuring noexpire, which prevents nicks from expiring.
+ */
+module
+{
+	name = "ns_set"
+
+	/*
+	 * Allow the use of the IMMED option in the NickServ SET KILL command.
+	 *
+	 * This directive is optional.
+	 */
+	#allowkillimmed = yes
+}
+
+command { service = "NickServ"; name = "SET"; command = "nickserv/set"; }
+command { service = "NickServ"; name = "SASET"; command = "nickserv/saset"; permission = "nickserv/saset/"; group = "nickserv/admin"; }
+
+command { service = "NickServ"; name = "SET AUTOOP"; command = "nickserv/set/autoop"; }
+command { service = "NickServ"; name = "SASET AUTOOP"; command = "nickserv/saset/autoop"; permission = "nickserv/saset/autoop"; }
+
+command { service = "NickServ"; name = "SET DISPLAY"; command = "nickserv/set/display"; }
+command { service = "NickServ"; name = "SASET DISPLAY"; command = "nickserv/saset/display"; permission = "nickserv/saset/display"; }
+
+command { service = "NickServ"; name = "SET EMAIL"; command = "nickserv/set/email"; }
+command { service = "NickServ"; name = "SASET EMAIL"; command = "nickserv/saset/email"; permission = "nickserv/saset/email"; }
+
+command { service = "NickServ"; name = "SET KEEPMODES"; command = "nickserv/set/keepmodes"; }
+command { service = "NickServ"; name = "SASET KEEPMODES"; command = "nickserv/saset/keepmodes"; permission = "nickserv/saset/keepmodes"; }
+
+command { service = "NickServ"; name = "SET KILL"; command = "nickserv/set/kill"; }
+command { service = "NickServ"; name = "SASET KILL"; command = "nickserv/saset/kill"; permission = "nickserv/saset/kill"; }
+
+command { service = "NickServ"; name = "SET LANGUAGE"; command = "nickserv/set/language"; }
+command { service = "NickServ"; name = "SASET LANGUAGE"; command = "nickserv/saset/language"; permission = "nickserv/saset/language"; }
+
+command { service = "NickServ"; name = "SET MESSAGE"; command = "nickserv/set/message"; }
+command { service = "NickServ"; name = "SASET MESSAGE"; command = "nickserv/saset/message"; permission = "nickserv/saset/message"; }
+
+command { service = "NickServ"; name = "SET PASSWORD"; command = "nickserv/set/password"; }
+command { service = "NickServ"; name = "SASET PASSWORD"; command = "nickserv/saset/password"; permission = "nickserv/saset/password"; }
+
+command { service = "NickServ"; name = "SET SECURE"; command = "nickserv/set/secure"; }
+command { service = "NickServ"; name = "SASET SECURE"; command = "nickserv/saset/secure"; permission = "nickserv/saset/secure"; }
+
+command { service = "NickServ"; name = "SASET NOEXPIRE"; command = "nickserv/saset/noexpire"; permission = "nickserv/saset/noexpire"; }
+
+
+/*
+ * ns_set_misc
+ *
+ * Provides the command nickserv/set/misc.
+ *
+ * Allows you to create arbitrary commands to set data, and have that data show up in nickserv/info.
+ * A field named misc_description may be given for use with help output.
+ */
+module { name = "ns_set_misc" }
+command { service = "NickServ"; name = "SET URL"; command = "nickserv/set/misc"; misc_description = _("Associate a URL with your account"); }
+command { service = "NickServ"; name = "SASET URL"; command = "nickserv/saset/misc"; misc_description = _("Associate a URL with this account"); permission = "nickserv/saset/url"; group = "nickserv/admin"; }
+#command { service = "NickServ"; name = "SET ICQ"; command = "nickserv/set/misc"; misc_description = _("Associate an ICQ account with your account"); }
+#command { service = "NickServ"; name = "SASET ICQ"; command = "nickserv/saset/misc"; misc_description = _("Associate an ICQ account with this account"); permission = "nickserv/saset/icq"; group = "nickserv/admin"; }
+#command { service = "NickServ"; name = "SET TWITTER"; command = "nickserv/set/misc"; misc_description = _("Associate a Twitter account with your account"); }
+#command { service = "NickServ"; name = "SASET TWITTER"; command = "nickserv/saset/misc"; misc_description = _("Associate a Twitter account with this account"); permission = "nickserv/saset/twitter"; group = "nickserv/admin"; }
+#command { service = "NickServ"; name = "SET FACEBOOK"; command = "nickserv/set/misc"; misc_description = _("Associate a Facebook URL with your account"); }
+#command { service = "NickServ"; name = "SASET FACEBOOK"; command = "nickserv/saset/misc"; misc_description = _("Associate a Facebook URL with this account"); permission = "nickserv/saset/facebook"; group = "nickserv/admin"; }
+
+/*
+ * ns_status
+ *
+ * Provides the nickserv/status command.
+ *
+ * Used to determine if a user is recognized or identified by services.
+ */
+module { name = "ns_status" }
+command { service = "NickServ"; name = "STATUS"; command = "nickserv/status"; }
+
+/*
+ * ns_suspend
+ *
+ * Provides the commands nickserv/suspend and nickserv/unsuspend.
+ *
+ * Used to suspend and unsuspend nicknames. Suspended nicknames can not be used but their settings are preserved.
+ */
+module
+{
+	name = "ns_suspend"
+
+	/*
+	 * The length of time before a suspended nick becomes unsuspended.
+	 *
+	 * This directive is optional. If not set, the default is never.
+	 */
+	#suspendexpire = 90d
+
+	/*
+	 * Settings to show to non-opers in NickServ's INFO output.
+	 * Comment to completely disable showing any information about
+	 * suspended nicknames to non-opers.
+	 */
+	show = "suspended, by, reason, on, expires"
+}
+command { service = "NickServ"; name = "SUSPEND"; command = "nickserv/suspend"; permission = "nickserv/suspend"; group = "nickserv/admin"; }
+command { service = "NickServ"; name = "UNSUSPEND"; command = "nickserv/unsuspend"; permission = "nickserv/suspend"; group = "nickserv/admin"; }
+
+/*
+ * ns_update
+ *
+ * Provides the command nickserv/update.
+ *
+ * Used to update your status on all channels, turn on your vHost, etc.
+ */
+module { name = "ns_update" }
+command { service = "NickServ"; name = "UPDATE"; command = "nickserv/update"; }
+
+
+/*
+ * Extra NickServ related modules.
+ */
+
+/*
+ * ns_maxemail
+ *
+ * Limits how many times the same email address may be used in Anope
+ * to register accounts.
+ */
+#module
+{
+	name = "ns_maxemail"
+
+	/*
+	 * The limit to how many registered nicks can use the same e-mail address. If set to 0 or left
+	 * commented, there will be no limit enforced when registering new accounts or using
+	 * /msg NickServ SET EMAIL.
+	 */
+	maxemails = 1
+}
diff --git a/roles/anope/templates/anope/operserv.conf.j2 b/roles/anope/templates/anope/operserv.conf.j2
new file mode 100644
index 00000000..c1fd9819
--- /dev/null
+++ b/roles/anope/templates/anope/operserv.conf.j2
@@ -0,0 +1,702 @@
+/*
+{{ ansible_header | comment(decoration=' * ') }}
+ */
+
+/*
+ * Example configuration file for OperServ.
+ */
+
+/*
+ * First, create the service.
+ */
+service
+{
+	/*
+	 * The name of the OperServ client.
+	 * If you change this value, you probably want to change the client directive in the configuration for the operserv module too.
+	 */
+	nick = "OperServ"
+
+	/*
+	 * The username of the OperServ client.
+	 */
+	user = "services"
+
+	/*
+	 * The hostname of the OperServ client.
+	 */
+	host = "services.host"
+
+	/*
+	 * The realname of the OperServ client.
+	 */
+	gecos = "Operator Service"
+
+	/*
+	 * The modes this client should use.
+	 * Do not modify this unless you know what you are doing.
+	 *
+	 * These modes are very IRCd specific. If left commented, sane defaults
+	 * are used based on what protocol module you have loaded.
+	 *
+	 * Note that setting this option incorrectly could potentially BREAK some, if
+	 * not all, usefulness of the client. We will not support you if this client is
+	 * unable to do certain things if this option is enabled.
+	 */
+	#modes = "+o"
+
+	/*
+	 * An optional comma separated list of channels this service should join. Outside
+	 * of log channels this is not very useful, as the service will just idle in the
+	 * specified channels, and will not accept any types of commands.
+	 *
+	 * Prefixes may be given to the channels in the form of mode characters or prefix symbols.
+	 */
+	channels = "@#services"
+}
+
+/*
+ * Core OperServ module.
+ *
+ * Provides essential functionality for OperServ.
+ */
+module
+{
+	name = "operserv"
+
+	/*
+	 * The name of the client that should be OperServ.
+	 */
+	client = "OperServ"
+
+	/*
+	 * These define the default expiration times for, respectively, AKILLs, CHANKILLs, SNLINEs,
+	 * and SQLINEs.
+	 */
+	autokillexpiry = 30d
+	chankillexpiry = 30d
+	snlineexpiry = 30d
+	sqlineexpiry = 30d
+
+	/*
+	 * If set, this option will make Services send an AKILL command immediately after it has been
+	 * added with AKILL ADD. This eliminates the need for killing the user after the AKILL has
+	 * been added.
+	 *
+	 * This directive is optional, but recommended.
+	 */
+	akillonadd = yes
+
+	/*
+	 * If set, this option will make Services send an (SVS)KILL command immediately after SNLINE ADD.
+	 * This eliminates the need for killing the user after the SNLINE has been added.
+	 *
+	 * This directive is optional.
+	 */
+	killonsnline = yes
+
+	/*
+	 * If set, this option will make Services send an (SVS)KILL command immediately after SQLINE ADD.
+	 * This eliminates the need for killing the user after the SQLINE has been added.
+	 *
+	 * This directive is optional.
+	 */
+	killonsqline = yes
+
+	/*
+	 * Adds the nickname of the IRC Operator issuing an AKILL to the kill reason.
+	 *
+	 * This directive is optional.
+	 */
+	addakiller = yes
+
+	/*
+	 * Adds akill IDs to akills. Akill IDs are given to users in their ban reason and can be used to easily view,
+	 * modify, or remove an akill from the ID.
+	 */
+	akillids = yes
+
+	/*
+	 * If set, only IRC Operators will be permitted to use OperServ, regardless of command access restrictions.
+	 *
+	 * This directive is optional, but recommended.
+	 */
+	opersonly = yes
+}
+
+/*
+ * Core OperServ commands.
+ *
+ * In Anope modules can provide (multiple) commands, each of which has a unique command name. Once these modules
+ * are loaded you can then configure the commands to be added to any client you like with any name you like.
+ *
+ * Additionally, you may provide a permission name that must be in the opertype of users executing the command.
+ *
+ * Sane defaults are provided below that do not need to be edited unless you wish to change the default behavior.
+ */
+
+/* Give it a help command. */
+command { service = "OperServ"; name = "HELP"; command = "generic/help"; }
+
+/*
+ * os_akill
+ *
+ * Provides the command operserv/akill.
+ *
+ * Used to ban users from the network.
+ */
+module { name = "os_akill" }
+command { service = "OperServ"; name = "AKILL"; command = "operserv/akill"; permission = "operserv/akill"; }
+
+/*
+ * os_chankill
+ *
+ * Provides the command operserv/chankill.
+ *
+ * Used to akill users from an entire channel.
+ */
+module { name = "os_chankill" }
+command { service = "OperServ"; name = "CHANKILL"; command = "operserv/chankill"; permission = "operserv/chankill"; }
+
+/*
+ * os_defcon
+ *
+ * Provides the command operserv/defcon.
+ *
+ * Allows you to set services in defcon mode, which can be used to restrict services access
+ * during bot attacks.
+ */
+module
+{
+	name = "os_defcon"
+
+	/*
+	 * Default DefCon level (1-5) to use when starting Services up. Level 5 constitutes normal operation
+	 * while level 1 constitutes the most restrictive operation. If this setting is left out or set to
+	 * 0, DefCon will be disabled and the rest of this block will be ignored.
+	 */
+	defaultlevel = 5
+
+	/*
+	 * The following 4 directives define what operations will take place when DefCon is set to levels
+	 * 1 through 4. Each level is a list that must be separated by spaces.
+	 *
+	 * The following operations can be defined at each level:
+	 * - nonewchannels: Disables registering new channels
+	 * - nonewnicks: Disables registering new nicks
+	 * - nomlockchanges: Disables changing MLOCK on registered channels
+	 * - forcechanmodes: Forces all channels to have the modes given in the later chanmodes directive
+	 * - reducedsessions: Reduces the session limit to the value given in the later sessionlimit directive
+	 * - nonewclients: KILL any new clients trying to connect
+	 * - operonly: Services will ignore all non-IRCops
+	 * - silentoperonly: Services will silently ignore all non-IRCops
+	 * - akillnewclients: AKILL any new clients trying to connect
+	 * - nonewmemos: No new memos will be sent to block MemoServ attacks
+	 */
+	level4 = "nonewchannels nonewnicks nomlockchanges reducedsessions"
+	level3 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions"
+	level2 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions silentoperonly"
+	level1 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions silentoperonly akillnewclients"
+
+	/*
+	 * New session limit to use when a DefCon level is using "reduced" session limiting.
+	 */
+	sessionlimit = 2
+
+	/*
+	 * Length of time to add an AKILL for when DefCon is preventing new clients from connecting to the
+	 * network.
+	 */
+	akillexpire = 5m
+
+	/*
+	 * The channel modes to set on all channels when the DefCon channel mode system is in use.
+	 *
+	 * Note 1: Choose these modes carefully, because when DefCon switches to a level which does NOT have
+	 * the mode setting selected, Services will set the reverse on all channels, e.g. if this setting
+	 * is +RN when DefCon is used, all channels will be set to +RN, when DefCon is removed, all
+	 * channels will be set to -RN. You don't want to set this to +k for example, because when DefCon
+	 * is removed, all channels are set -k, removing the key from previously keyed channels.
+	 *
+	 * Note 2: MLOCKed modes will not be lost.
+	 */
+	chanmodes = "+R"
+
+	/*
+	 * This value can be used to automatically return the network to DefCon level 5 after the specified
+	 * time period, just in case any IRC Operator forgets to remove a DefCon setting.
+	 *
+	 * This directive is optional.
+	 */
+	timeout = 60m
+
+	/*
+	 * If set, Services will send a global message on DefCon level changes.
+	 *
+	 * This directive is optional.
+	 */
+	#globalondefcon = yes
+
+	/*
+	 * If set, Services will send the global message defined in the message directive on DefCon level
+	 * changes.
+	 *
+	 * This directive is optional.
+	 */
+	#globalondefconmore = yes
+
+	/*
+	 * Defines the message that will be sent on DefCon level changes when globalondefconmore is set.
+	 *
+	 * This directive is required only when globalondefconmore is set.
+	 */
+	#message = "Put your message to send your users here. Don't forget to uncomment globalondefconmore"
+
+	/*
+	 * Defines the message that will be sent when DefCon is returned to level 5. This directive is optional,
+	 * and will also override globalondefcon and globalondefconmore when set.
+	 */
+	#offmessage = "Services are now back to normal, sorry for any inconvenience"
+
+	/*
+	 * Defines the reason to use when clients are KILLed or AKILLed from the network while the proper
+	 * DefCon operation is in effect.
+	 */
+	akillreason = "This network is currently not accepting connections, please try again later."
+}
+command { service = "OperServ"; name = "DEFCON"; command = "operserv/defcon"; permission = "operserv/defcon"; }
+
+/*
+ * os_dns
+ *
+ * Provides the command operserv/dns.
+ *
+ * This module requires that m_dns is loaded.
+ *
+ * This module allows controlling a DNS zone. This is useful for
+ * controlling what servers users are placed on for load balancing,
+ * and to automatically remove split servers.
+ *
+ * To use this module you must set a nameserver record for services
+ * so that DNS queries go to services.
+ *
+ * Alternatively, you may use a slave DNS server to hide service's IP,
+ * provide query caching, and provide better fault tolerance.
+ *
+ * To do this using BIND, configure similar to:
+ *
+ * options { max-refresh-time 60; };
+ * zone "irc.example.com" IN {
+ *   type slave;
+ *   masters { 127.0.0.1 port 5353; };
+ * };
+ *
+ * Where 127.0.0.1:5353 is the IP and port services are listening on.
+ * We recommend you externally firewall both UDP and TCP to the port
+ * Anope is listening on.
+ *
+ * Finally set a NS record for irc.example.com. to BIND or services.
+ */
+#module
+{
+	name = "os_dns"
+
+	/* TTL for records. This should be very low if your records change often. */
+	ttl = 1m
+
+	/* If a server drops this many users the server is automatically removed from the DNS zone.
+	 * This directive is optional.
+	 */
+	user_drop_mark = 50
+
+	/* The time used for user_drop_mark. */
+	user_drop_time = 1m
+
+	/* When a server is removed from the zone for dropping users, it is readded after this time.
+	 * This directive is optional.
+	 */
+	user_drop_readd_time = 5m
+
+	/* If set, when a server splits, it is automatically removed from the zone. */
+	remove_split_servers = yes
+
+	/* If set, when a server connects to the network, it will be automatically added to
+	 * the zone if it is a known server.
+	 */
+	readd_connected_servers = no
+}
+#command { service = "OperServ"; name = "DNS"; command = "operserv/dns"; permission = "operserv/dns"; }
+
+/*
+ * os_config
+ *
+ * Provides the command operserv/config.
+ *
+ * Used to view and set configuration options while services are running.
+ */
+module { name = "os_config" }
+command { service = "OperServ"; name = "CONFIG"; command = "operserv/config"; permission = "operserv/config"; }
+
+/*
+ * os_forbid
+ *
+ * Provides the command operserv/forbid.
+ *
+ * Used to forbid specific nicks, channels, emails, etc. from being used.
+ */
+module { name = "os_forbid" }
+command { service = "OperServ"; name = "FORBID"; command = "operserv/forbid"; permission = "operserv/forbid"; }
+
+/*
+ * os_ignore
+ *
+ * Provides the command operserv/ignore.
+ *
+ * Used to make Services ignore users.
+ */
+module { name = "os_ignore" }
+command { service = "OperServ"; name = "IGNORE"; command = "operserv/ignore"; permission = "operserv/ignore"; }
+
+/*
+ * os_info
+ *
+ * Provides the command operserv/info.
+ *
+ * Used to add oper only notes to users and channels.
+ */
+module { name = "os_info" }
+command { service = "OperServ"; name = "INFO"; command = "operserv/info"; permission = "operserv/info"; }
+
+/*
+ * os_jupe
+ *
+ * Provides the command operserv/jupe.
+ *
+ * Used to disconnect servers from the network and prevent them from relinking.
+ */
+module { name = "os_jupe" }
+command { service = "OperServ"; name = "JUPE"; command = "operserv/jupe"; permission = "operserv/jupe"; }
+
+/*
+ * os_kick
+ *
+ * Provides the command operserv/kick.
+ *
+ * Used to kick users from channels.
+ */
+module { name = "os_kick" }
+command { service = "OperServ"; name = "KICK"; command = "operserv/kick"; permission = "operserv/kick"; }
+
+/*
+ * os_kill
+ *
+ * Provides the command operserv/kill.
+ *
+ * Used to forcibly disconnect users from the network.
+ */
+module { name = "os_kill" }
+command { service = "OperServ"; name = "KILL"; command = "operserv/kill"; permission = "operserv/kill"; }
+
+/*
+ * os_list
+ *
+ * Provides the commands operserv/chanlist and operserv/userlist.
+ *
+ * Used to list and search the channels and users currently on the network.
+ */
+module { name = "os_list" }
+command { service = "OperServ"; name = "CHANLIST"; command = "operserv/chanlist"; permission = "operserv/chanlist"; }
+command { service = "OperServ"; name = "USERLIST"; command = "operserv/userlist"; permission = "operserv/userlist"; }
+
+/*
+ * os_login
+ *
+ * Provides the commands operserv/login and operserv/logout.
+ *
+ * Used to login to OperServ, only required if your oper block requires this.
+ */
+module { name = "os_login" }
+command { service = "OperServ"; name = "LOGIN"; command = "operserv/login"; }
+command { service = "OperServ"; name = "LOGOUT"; command = "operserv/logout"; }
+
+/*
+ * os_logsearch
+ *
+ * Provides the command operserv/logsearch.
+ *
+ * Used to search services log files.
+ */
+module
+{
+	name = "os_logsearch"
+
+	/* The log file name to search. There should be a log{} block configured to log
+	 * to a file of this name.
+	 */
+	logname = "services.log"
+}
+command { service = "OperServ"; name = "LOGSEARCH"; command = "operserv/logsearch"; permission = "operserv/logsearch"; }
+
+/*
+ * os_mode
+ *
+ * Provides the commands operserv/mode and operserv/umode.
+ *
+ * Used to change user and channel modes.
+ */
+module { name = "os_mode" }
+command { service = "OperServ"; name = "UMODE"; command = "operserv/umode"; permission = "operserv/umode"; }
+command { service = "OperServ"; name = "MODE"; command = "operserv/mode"; permission = "operserv/mode"; }
+
+/*
+ * os_modinfo
+ *
+ * Provides the commands operserv/modinfo and operserv/modlist.
+ *
+ * Used to show information about loaded modules.
+ */
+module { name = "os_modinfo" }
+command { service = "OperServ"; name = "MODINFO"; command = "operserv/modinfo"; permission = "operserv/modinfo"; }
+command { service = "OperServ"; name = "MODLIST"; command = "operserv/modlist"; permission = "operserv/modinfo"; }
+
+/*
+ * os_module
+ *
+ * Provides the commands operserv/modload, operserv/modreload, and operserv/modunload.
+ *
+ * Used to load, reload, and unload modules.
+ */
+module { name = "os_module" }
+command { service = "OperServ"; name = "MODLOAD"; command = "operserv/modload"; permission = "operserv/modload"; }
+command { service = "OperServ"; name = "MODRELOAD"; command = "operserv/modreload"; permission = "operserv/modload"; }
+command { service = "OperServ"; name = "MODUNLOAD"; command = "operserv/modunload"; permission = "operserv/modload"; }
+
+/*
+ * os_news
+ *
+ * Provides the commands operserv/logonnews, operserv/opernews, and operserv/randomnews.
+ *
+ * Used to configure news notices shown to users when they connect, and opers when they oper.
+ */
+module
+{
+	name = "os_news"
+
+	/*
+	 * The service bot names to use to send news to users on connection
+	 * and to opers when they oper.
+	 */
+	announcer = "Global"
+	oper_announcer = "OperServ"
+
+	/*
+	 * The number of LOGON/OPER news items to display when a user logs on.
+	 *
+	 * This directive is optional, if not set it will default to 3.
+	 */
+	#newscount = 3
+}
+command { service = "OperServ"; name = "LOGONNEWS"; command = "operserv/logonnews"; permission = "operserv/news"; }
+command { service = "OperServ"; name = "OPERNEWS"; command = "operserv/opernews"; permission = "operserv/news"; }
+command { service = "OperServ"; name = "RANDOMNEWS"; command = "operserv/randomnews"; permission = "operserv/news"; }
+
+/*
+ * os_noop
+ *
+ * Provides the command operserv/noop.
+ *
+ * Used to NOOP a server, which prevents users from opering on that server.
+ */
+module { name = "os_noop" }
+command { service = "OperServ"; name = "NOOP"; command = "operserv/noop"; permission = "operserv/noop"; }
+
+/*
+ * os_oline
+ *
+ * Provides the command operserv/oline.
+ *
+ * Used to set oper flags on users, and is specific to UnrealIRCd.
+ * See /helpop ?svso on your IRCd for more information.
+ */
+module { name = "os_oline" }
+command { service = "OperServ"; name = "OLINE"; command = "operserv/oline"; permission = "operserv/oline"; }
+
+/*
+ * os_oper
+ *
+ * Provides the command operserv/oper.
+ *
+ * Used to configure opers and show information about opertypes.
+ */
+module { name = "os_oper" }
+command { service = "OperServ"; name = "OPER"; command = "operserv/oper"; permission = "operserv/oper"; }
+
+/*
+ * os_reload
+ *
+ * Provides the command operserv/reload.
+ *
+ * Used to reload the services.conf configuration file.
+ */
+module { name = "os_reload" }
+command { service = "OperServ"; name = "RELOAD"; command = "operserv/reload"; permission = "operserv/reload"; }
+
+/*
+ * os_session
+ *
+ * Provides the commands operserv/exception and operserv/session.
+ *
+ * This module enables session limiting. Session limiting prevents users from connecting more than a certain
+ * number of times from the same IP at the same time - thus preventing most types of cloning.
+ * Once a host reaches it's session limit, all clients attempting to connect from that host will
+ * be killed. Exceptions to the default session limit can be defined via the exception list.
+ *
+ * Used to manage the session limit exception list, and view currently active sessions.
+ */
+module
+{
+	name = "os_session"
+
+	/*
+	 * Default session limit per host. Once a host reaches its session limit, all clients attempting
+	 * to connect from that host will be killed.
+	 *
+	 * This directive is required if os_session is loaded.
+	 */
+	defaultsessionlimit = 15
+
+	/*
+	 * The maximum session limit that may be set for a host in an exception.
+	 *
+	 * This directive is required if os_session is loaded.
+	 */
+	maxsessionlimit = 250
+
+	/*
+	 * Sets the default expiry time for session exceptions.
+	 */
+	exceptionexpiry = 1d
+
+	/*
+	 * The message that will be NOTICE'd to a user just before they are removed from the network because
+	 * their host's session limit has been exceeded. It may be used to give a slightly more descriptive
+	 * reason for the impending kill as opposed to simply "Session limit exceeded".
+	 *
+	 * This directive is optional, if not set, nothing will be sent.
+	 */
+	sessionlimitexceeded = "The session limit for your IP %IP% has been exceeded."
+
+	/*
+	 * Same as above, but should be used to provide a website address where users can find out more
+	 * about session limits and how to go about applying for an exception.
+	 *
+	 * Note: This directive has been intentionally commented out in an effort to remind you to change
+	 * the URL it contains. It is recommended that you supply an address/URL where people can get help
+	 * regarding session limits.
+	 *
+	 * This directive is optional, if not set, nothing will be sent.
+	 */
+	#sessionlimitdetailsloc = "Please visit http://your.website.url/ for more information about session limits."
+
+	/*
+	 * If set and is not 0, this directive tells Services to add an AKILL if the number of subsequent kills
+	 * for the same host exceeds this value, preventing the network from experiencing KILL floods.
+	 *
+	 * This directive is optional.
+	 */
+	maxsessionkill = 15
+
+	/*
+	 * Sets the expiry time for AKILLs set for hosts exceeding the maxsessionkill directive limit.
+	 *
+	 * This directive is optional, if not set, defaults to 30 minutes.
+	 */
+	sessionautokillexpiry = 30m
+
+	/*
+	 * Sets the CIDR value used to determine which IP addresses represent the same person.
+	 * By default this would limit 3 connections per IPv4 IP and 3 connections per IPv6 IP.
+	 * If you are receiving IPv6 clone attacks it may be useful to set session_ipv6_cidr to
+	 * 64 or 48.
+	 */
+	session_ipv4_cidr = 32
+	session_ipv6_cidr = 128
+}
+command { service = "OperServ"; name = "EXCEPTION"; command = "operserv/exception"; permission = "operserv/exception"; }
+command { service = "OperServ"; name = "SESSION"; command = "operserv/session"; permission = "operserv/session"; }
+
+/*
+ * os_set
+ *
+ * Provides the command operserv/set.
+ *
+ * Used to set various settings such as superadmin, debug mode, etc.
+ */
+module
+{
+	name = "os_set"
+
+	/*
+	 * If set, Services Admins will be able to use SUPERADMIN [ON|OFF] which will temporarily grant
+	 * them extra privileges such as being a founder on ALL channels.
+	 *
+	 * This directive is optional.
+	 */
+	superadmin = yes
+}
+command { service = "OperServ"; name = "SET"; command = "operserv/set"; permission = "operserv/set"; }
+
+/*
+ * os_shutdown
+ *
+ * Provides the commands operserv/quit, operserv/restart, and operserv/shutdown.
+ *
+ * Used to quit, restart, or shutdown services.
+ */
+module { name = "os_shutdown" }
+command { service = "OperServ"; name = "QUIT"; command = "operserv/quit"; permission = "operserv/quit"; }
+command { service = "OperServ"; name = "RESTART"; command = "operserv/restart"; permission = "operserv/restart"; }
+command { service = "OperServ"; name = "SHUTDOWN"; command = "operserv/shutdown"; permission = "operserv/shutdown"; }
+
+/*
+ * os_stats
+ *
+ * Provides the operserv/stats command.
+ *
+ * Used to show statistics about services.
+ */
+module { name = "os_stats" }
+command { service = "OperServ"; name = "STATS"; command = "operserv/stats"; permission = "operserv/stats"; }
+
+/*
+ * os_svs
+ *
+ * Provides the commands operserv/svsnick, operserv/svsjoin, and operserv/svspart.
+ *
+ * Used to force users to change nicks, join and part channels.
+ */
+module { name = "os_svs" }
+command { service = "OperServ"; name = "SVSNICK"; command = "operserv/svsnick"; permission = "operserv/svs"; }
+command { service = "OperServ"; name = "SVSJOIN"; command = "operserv/svsjoin"; permission = "operserv/svs"; }
+command { service = "OperServ"; name = "SVSPART"; command = "operserv/svspart"; permission = "operserv/svs"; }
+
+/*
+ * os_sxline
+ *
+ * Provides the operserv/snline and operserv/sqline commands.
+ *
+ * Used to ban real names, nick names, and possibly channels.
+ */
+module { name = "os_sxline" }
+command { service = "OperServ"; name = "SNLINE"; command = "operserv/snline"; permission = "operserv/snline"; }
+command { service = "OperServ"; name = "SQLINE"; command = "operserv/sqline"; permission = "operserv/sqline"; }
+
+/*
+ * os_update
+ *
+ * Provides the operserv/update command.
+ *
+ * Use to immediately update the databases.
+ */
+module { name = "os_update" }
+command { service = "OperServ"; name = "UPDATE"; command = "operserv/update"; permission = "operserv/update"; }
diff --git a/roles/anope/templates/anope/services.conf.j2 b/roles/anope/templates/anope/services.conf.j2
new file mode 100644
index 00000000..e16e42b5
--- /dev/null
+++ b/roles/anope/templates/anope/services.conf.j2
@@ -0,0 +1,1284 @@
+/*
+{{ ansible_header | comment(decoration=' * ') }}
+ */
+
+/*
+ * Example configuration file for Services. After making the appropriate
+ * changes to this file, place it in the Services conf directory (as
+ * specified in the "configure" script, default /home/username/services/conf)
+ * under the name "services.conf".
+ *
+ * The format of this file is fairly simple: three types of comments are supported:
+ *  - All text after a '#' on a line is ignored, as in shell scripting
+ *  - All text after '//' on a line is ignored, as in C++
+ *  - A block of text like this one is ignored, as in C
+ *
+ * Outside of comments, there are three structures: blocks, keys, and values.
+ *
+ * A block is a named container, which contains a number of key to value pairs
+ * - you may think of this as an array.
+ *
+ * A block is created like so:
+ * foobar
+ * {
+ *    moo = "cow"
+ *    foo = bar
+ * }
+ *
+ * Note that nameless blocks are allowed and are often used with comments to allow
+ * easily commenting an entire block, for example:
+ * #foobar
+ * {
+ *    moo = "cow"
+ *    foo = bar
+ * }
+ * is an entirely commented block.
+ *
+ * Keys are case insensitive. Values depend on what key - generally, information is
+ * given in the key comment. The quoting of values (and most other syntax) is quite
+ * flexible, however, please do not forget to quote your strings:
+ *
+ *   "This is a parameter string with spaces in it"
+ *
+ * If you need to include a double quote inside a quoted string, precede it
+ * by a backslash:
+ *
+ *   "This string has \"double quotes\" in it"
+ *
+ * Time parameters can be specified either as an integer representing a
+ * number of seconds (e.g. "3600" = 1 hour), or as an integer with a unit
+ * specifier: "s" = seconds, "m" = minutes, "h" = hours, "d" = days.
+ * Combinations (such as "1h30m") are not permitted. Examples (all of which
+ * represent the same length of time, one day):
+ *
+ *   "86400", "86400s", "1440m", "24h", "1d"
+ *
+ * In the documentation for each directive, one of the following will be
+ * included to indicate whether an option is required:
+ *
+ * [REQUIRED]
+ *     Indicates a directive which must be given. Without it, Services will
+ *     not start.
+ *
+ * [RECOMMENDED]
+ *     Indicates a directive which may be omitted, but omitting it may cause
+ *     undesirable side effects.
+ *
+ * [OPTIONAL]
+ *     Indicates a directive which is optional. If not given, the feature
+ *     will typically be disabled. If this is not the case, more
+ *     information will be given in the documentation.
+ *
+ * [DISCOURAGED]
+ *     Indicates a directive which may cause undesirable side effects if
+ *     specified.
+ *
+ * [DEPRECATED]
+ *     Indicates a directive which will disappear in a future version of
+ *     Services, usually because its functionality has been either
+ *     superseded by that of other directives or incorporated into the main
+ *     program.
+ */
+
+/*
+ * [OPTIONAL] Defines
+ *
+ * You can define values to other values, which can be used to easily change
+ * many values in the configuration. at once.
+ */
+
+/*
+ * The services.host define is used in multiple different locations throughout the
+ * configuration for services clients hostnames.
+ */
+define
+{
+	name = "services.host"
+	value = "services.localhost.net"
+}
+
+/*
+ * [OPTIONAL] Additional Includes
+ *
+ * You can include additional configuration files here.
+ * You may also include executable files, which will be executed and
+ * the output from it will be included into your configuration.
+ */
+
+#include
+{
+	type = "file"
+	name = "some.conf"
+}
+
+#include
+{
+	type = "executable"
+	name = "/usr/bin/wget -q -O - http://some.misconfigured.network.com/services.conf"
+}
+
+/*
+ * [REQUIRED] IRCd Config
+ *
+ * This section is used to set up Anope to connect to your IRC network.
+ * This section can be included multiple times, and Anope will attempt to
+ * connect to each server until it finally connects.
+ *
+ * Each uplink IRCd should have a corresponding configuration to allow Services
+ * to link to it.
+ *
+ * An example configuration for InspIRCd that is compatible with the below uplink
+ * and serverinfo configuration would look like:
+ *
+ *     <link name="services.localhost.net"
+ *           ipaddr="127.0.0.1"
+ *           port="7000"
+ *           sendpass="mypassword"
+ *           recvpass="mypassword">
+ *     <uline server="services.localhost.net" silent="yes">
+ *     <bind address="127.0.0.1" port="7000" type="servers">
+ *
+ * An example configuration for UnrealIRCd that is compatible with the below uplink
+ * and serverinfo configuration would look like:
+ *
+ *     link services.localhost.net
+ *     {
+ *          username *;
+ *          hostname *;
+ *          bind-ip "127.0.0.1";
+ *          port 7000;
+ *          hub *;
+ *          password-connect "mypassword";
+ *          password-receive "mypassword";
+ *          class servers;
+ *     };
+ *     ulines { services.localhost.net; };
+ *     listen 127.0.0.1:7000;
+ */
+uplink
+{
+	/*
+	 * The IP or hostname of the IRC server you wish to connect Services to.
+	 * Usually, you will want to connect Services over 127.0.0.1 (aka localhost).
+	 *
+	 * NOTE: On some shell providers, this will not be an option.
+	 */
+	host = "127.0.0.1"
+
+	/*
+	 * Enable if Services should connect using IPv6.
+	 */
+	ipv6 = no
+
+	/*
+	 * Enable if Services should connect using SSL.
+	 * You must have an SSL module loaded for this to work.
+	 */
+	ssl = no
+
+	/*
+	 * The port to connect to.
+	 * The IRCd *MUST* be configured to listen on this port, and to accept
+	 * server connections.
+	 *
+	 * Refer to your IRCd documentation for how this is to be done.
+	 */
+	port = 6668
+
+	/*
+	 * The password to send to the IRC server for authentication.
+	 * This must match the link block on your IRCd.
+	 *
+	 * Refer to your IRCd documentation for more information on link blocks.
+	 */
+	password = "{{ anope.sendpass }}"
+}
+
+/*
+ * [REQUIRED] Server Information
+ *
+ * This section contains information about the Services server.
+ */
+serverinfo
+{
+	/*
+	 * The hostname that Services will be seen as, it must have no conflicts with any
+	 * other server names on the rest of your IRC network. Note that it does not have
+	 * to be an existing hostname, just one that isn't on your network already.
+	 */
+	name = "services.irc.crans.org"
+
+	/*
+	 * The text which should appear as the server's information in /whois and similar
+	 * queries.
+	 */
+	description = "Services for IRC Networks"
+
+	/*
+	 * The local address that Services will bind to before connecting to the remote
+	 * server. This may be useful for multihomed hosts. If omitted, Services will let
+	 * the Operating System choose the local address. This directive is optional.
+	 *
+	 * If you don't know what this means or don't need to use it, just leave this
+	 * directive commented out.
+	 */
+	#localhost = "nowhere."
+
+	/*
+	 * What Server ID to use for this connection?
+	 * Note: This should *ONLY* be used for TS6/P10 IRCds. Refer to your IRCd documentation
+	 * to see if this is needed.
+	 */
+	#id = "00A"
+
+	/*
+	 * The filename containing the Services process ID. The path is relative to the
+	 * services root directory.
+	 */
+	pid = "/var/run/anope/anope.pid"
+
+	/*
+	 * The filename containing the Message of the Day. The path is relative to the
+	 * services root directory.
+	 */
+	motd = "/etc/anope/services.motd"
+}
+
+/*
+ * [REQUIRED] Protocol module
+ *
+ * This directive tells Anope which IRCd Protocol to speak when connecting.
+ * You MUST modify this to match the IRCd you run.
+ *
+ * Supported:
+ *  - bahamut
+ *  - charybdis
+ *  - hybrid
+ *  - inspircd12
+ *  - inspircd20
+ *  - ngircd
+ *  - plexus
+ *  - ratbox
+ *  - unreal (for 3.2.x)
+ *  - unreal4
+ */
+module
+{
+	name = "inspircd20"
+
+	/*
+	 * Some protocol modules can enforce mode locks server-side. This reduces the spam caused by
+	 * services immediately reversing mode changes for locked modes.
+	 *
+	 * If the protocol module you have loaded does not support this, this setting will have no effect.
+	 */
+	use_server_side_mlock = yes
+
+	/*
+	 * Some protocol modules can enforce topic locks server-side. This reduces the spam caused by
+	 * services immediately reversing topic changes.
+	 *
+	 * If the protocol module you have loaded does not support this, this setting will have no effect.
+	 */
+	use_server_side_topiclock = yes
+}
+
+/*
+ * [REQUIRED] Network Information
+ *
+ * This section contains information about the IRC network that Services will be
+ * connecting to.
+ */
+networkinfo
+{
+	/*
+	 * This is the name of the network that Services will be running on.
+	 */
+	networkname = "Crans"
+
+	/*
+	 * Set this to the maximum allowed nick length on your network.
+	 * Be sure to set this correctly, as setting this wrong can result in
+	 * Services being disconnected from the network.
+	 */
+	nicklen = 42
+
+	/* Set this to the maximum allowed ident length on your network.
+	 * Be sure to set this correctly, as setting this wrong can result in
+	 * Services being disconnected from the network.
+	 */
+	userlen = 25
+
+	/* Set this to the maximum allowed hostname length on your network.
+	 * Be sure to set this correctly, as setting this wrong can result in
+	 * Services being disconnected from the network.
+	 */
+	hostlen = 64
+
+	/* Set this to the maximum allowed channel length on your network.
+	 */
+	chanlen = 32
+
+	/* The maximum number of list modes settable on a channel (such as b, e, I).
+	 * Comment out or set to 0 to disable.
+	 */
+	modelistsize = 100
+
+	/*
+	 * Characters allowed in nicknames. This always includes the characters described
+	 * in RFC1459, and so does not need to be set for normal behavior. Changing this to
+	 * include characters your IRCd doesn't support will cause your IRCd and/or Services
+	 * to break. Multibyte characters are not supported, nor are escape sequences.
+	 *
+	 * It is recommended you DON'T change this.
+	 */
+	#nick_chars = ""
+
+	/*
+	 * The characters allowed in hostnames. This is used for validating hostnames given
+	 * to services, such as BotServ bot hostnames and user vhosts. Changing this is not
+	 * recommended unless you know for sure your IRCd supports whatever characters you are
+	 * wanting to use. Telling services to set a vHost containing characters your IRCd
+	 * disallows could potentially break the IRCd and/or Services.
+	 *
+	 * It is recommended you DON'T change this.
+	 */
+	vhost_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-"
+
+	/*
+	 * If set to true, allows vHosts to not contain dots (.).
+	 * Newer IRCds generally do not have a problem with this, but the same warning as
+	 * vhost_chars applies.
+	 *
+	 * It is recommended you DON'T change this.
+	 */
+	allow_undotted_vhosts = false
+
+	/*
+	 * The characters that are not allowed to be at the very beginning or very ending
+	 * of a vHost. The same warning as vhost_chars applies.
+	 *
+	 * It is recommended you DON'T change this.
+	 */
+	disallow_start_or_end = ".-"
+}
+
+/*
+ * [REQUIRED] Services Options
+ *
+ * This section contains various options which determine how Services will operate.
+ */
+options
+{
+	/*
+	 * On Linux/UNIX systems Anope can setuid and setgid to this user and group
+	 * after starting up. This is useful if Anope has to bind to privileged ports
+	 */
+	user = "irc"
+	group = "irc"
+
+	/*
+	 * The case mapping used by services. This must be set to a valid locale name
+	 * installed on your machine. Services use this case map to compare, with
+	 * case insensitivity, things such as nick names, channel names, etc.
+	 *
+	 * We provide two special casemaps shipped with Anope, ascii and rfc1459.
+	 *
+	 * This value should be set to what your IRCd uses, which is probably rfc1459,
+	 * however Anope has always used ascii for comparison, so the default is ascii.
+	 *
+	 * Changing this value once set is not recommended.
+	 */
+	casemap = "ascii"
+
+	/*
+	 * This key is used to initiate the random number generator. This number
+	 * MUST be random as you want your passcodes to be random. Don't give this
+	 * key to anyone! Keep it private!
+	 *
+	 * NOTE: If you don't uncomment this or keep the default values, any talented
+	 * programmer would be able to easily "guess" random strings used to mask
+	 * information. Be safe, and come up with a 7-digit number.
+	 *
+	 * This directive is optional, but highly recommended.
+	 */
+	seed = {{ anope.options_seed }}
+
+	/*
+	 * If set, Services will perform more stringent checks on passwords. If this
+	 * isn't set, Services will only disallow a password if it is the same as the
+	 * entity (nickname name) with which it is associated. When set, however,
+	 * Services will also check that the password is at least five
+	 * characters long, and in the future will probably check other things
+	 * as well.
+	 *
+	 * This directive is optional, but recommended.
+	 */
+	strictpasswords = yes
+
+	/*
+	 * Sets the number of invalid password tries before Services removes a user
+	 * from the network. If a user enters a number of invalid passwords equal to
+	 * the given amount for any Services function or combination of functions
+	 * during a single IRC session (subject to badpasstimeout, below), Services
+	 * will issues a /KILL for the user. If not given, Services will ignore
+	 * failed password attempts (though they will be logged in any case).
+	 *
+	 * This directive is optional, but recommended.
+	 */
+	badpasslimit = 10
+
+	/*
+	 * Sets the time after which invalid passwords are forgotten about. If a user
+	 * does not enter any incorrect passwords in this amount of time, the incorrect
+	 * password count will reset to zero. If not given, the timeout will be
+	 * disabled, and the incorrect password count will never be reset until the user
+	 * disconnects.
+	 *
+	 * This directive is optional.
+	 */
+	badpasstimeout = 1h
+
+	/*
+	 * Sets the delay between automatic database updates.
+	 */
+	updatetimeout = 5m
+
+	/*
+	 * Sets the delay between checks for expired nicknames and channels.
+	 */
+	expiretimeout = 30m
+
+	/*
+	 * Sets the timeout period for reading from the uplink.
+	 */
+	readtimeout = 5s
+
+	/*
+	 * Sets the interval between sending warning messages for program errors via
+	 * WALLOPS/GLOBOPS.
+	 */
+	warningtimeout = 4h
+
+	/*
+	 * Sets the (maximum) frequency at which the timeout list is checked. This,
+	 * combined with readtimeout above, determines how accurately timed events,
+	 * such as nick kills, occur; it also determines how much CPU time Services
+	 * will use doing this. Higher values will cause less accurate timing but
+	 * less CPU usage.
+	 *
+	 * Note that this value is not an absolute limit on the period between
+	 * checks of the timeout list; the previous may be as great as readtimeout
+	 * (above) during periods of inactivity.
+	 *
+	 * If this directive is not given, it will default to 0.
+	 */
+	timeoutcheck = 3s
+
+	/*
+	 * If set, this will allow users to let Services send PRIVMSGs to them
+	 * instead of NOTICEs. Also see the "msg" option of nickserv:defaults,
+	 * which also toggles the default communication (PRIVMSG or NOTICE) to
+	 * use for unregistered users.
+	 *
+	 * This is a feature that is against the IRC RFC and should be used ONLY
+	 * if absolutely necessary.
+	 *
+	 * This directive is optional, and not recommended.
+	 */
+	#useprivmsg = yes
+
+	/*
+	 * If set, will force Services to only respond to PRIVMSGs addresses to
+	 * Nick@ServerName - e.g. NickServ@localhost.net. This should be used in
+	 * conjunction with IRCd aliases. This directive is optional.
+	 *
+	 * This option will have no effect on some IRCds, such as TS6 IRCds.
+	 */
+	#usestrictprivmsg = yes
+
+	/*
+	 * If set, Services will only show /stats o to IRC Operators. This directive
+	 * is optional.
+	 */
+	#hidestatso = yes
+
+	/*
+	 * A space-separated list of ulined servers on your network, it is assumed that
+	 * the servers in this list are allowed to set channel modes and Services will
+	 * not attempt to reverse their mode changes.
+	 *
+	 * WARNING: Do NOT put your normal IRC user servers in this directive.
+	 *
+	 * This directive is optional.
+	 */
+	#ulineservers = "stats.your.network"
+
+	/*
+	 * How long to wait between connection retries with the uplink(s).
+	 */
+	retrywait = 60s
+
+	/*
+	 * If set, Services will hide commands that users don't have the privilege to execute
+	 * from HELP output.
+	 */
+	hideprivilegedcommands = yes
+
+	/*
+	 * If set, Services will hide commands that users can't execute because they are not
+	 * logged in from HELP output.
+	 */
+	hideregisteredcommands = yes
+
+	/* The regex engine to use, as provided by the regex modules.
+	 * Leave commented to disable regex matching.
+	 *
+	 * Note for this to work the regex module providing the regex engine must be loaded.
+	 */
+	regexengine = "regex/pcre"
+
+	/*
+	 * A list of languages to load on startup that will be available in /nickserv set language.
+	 * Useful if you translate Anope to your language. (Explained further in docs/LANGUAGE).
+	 * Note that english should not be listed here because it is the base language.
+	 *
+	 * Removing .UTF-8 will instead use the default encoding for the language, eg. iso-8859-1 for western European languages.
+	 */
+	languages = "ca_ES.UTF-8 de_DE.UTF-8 el_GR.UTF-8 es_ES.UTF-8 fr_FR.UTF-8 hu_HU.UTF-8 it_IT.UTF-8 nl_NL.UTF-8 pl_PL.UTF-8 pt_PT.UTF-8 ru_RU.UTF-8 tr_TR.UTF-8"
+
+	/*
+	 * Default language that non- and newly-registered nicks will receive messages in.
+	 * Set to "en" to enable English. Defaults to the language the system uses.
+	 */
+	#defaultlanguage = "es_ES.UTF-8"
+}
+
+/*
+ * [OPTIONAL] BotServ
+ *
+ * Includes botserv.example.conf, which is necessary for BotServ functionality.
+ *
+ * Remove this block to disable BotServ.
+ */
+include
+{
+	type = "file"
+	name = "botserv.conf"
+}
+
+/*
+ * [RECOMMENDED] ChanServ
+ *
+ * Includes chanserv.example.conf, which is necessary for ChanServ functionality.
+ *
+ * Remove this block to disable ChanServ.
+ */
+include
+{
+	type = "file"
+	name = "chanserv.conf"
+}
+
+/*
+ * [RECOMMENDED] Global
+ *
+ * Includes global.example.conf, which is necessary for Global functionality.
+ *
+ * Remove this block to disable Global.
+ */
+include
+{
+	type = "file"
+	name = "global.conf"
+}
+
+/*
+ * [OPTIONAL] HostServ
+ *
+ * Includes hostserv.example.conf, which is necessary for HostServ functionality.
+ *
+ * Remove this block to disable HostServ.
+ */
+include
+{
+	type = "file"
+	name = "hostserv.conf"
+}
+
+/*
+ * [OPTIONAL] MemoServ
+ *
+ * Includes memoserv.example.conf, which is necessary for MemoServ functionality.
+ *
+ * Remove this block to disable MemoServ.
+ */
+include
+{
+	type = "file"
+	name = "memoserv.conf"
+}
+
+/*
+ * [OPTIONAL] NickServ
+ *
+ * Includes nickserv.example.conf, which is necessary for NickServ functionality.
+ *
+ * Remove this block to disable NickServ.
+ */
+include
+{
+	type = "file"
+	name = "nickserv.conf"
+}
+
+/*
+ * [RECOMMENDED] OperServ
+ *
+ * Includes operserv.example.conf, which is necessary for OperServ functionality.
+ *
+ * Remove this block to disable OperServ.
+ */
+include
+{
+	type = "file"
+	name = "operserv.conf"
+}
+
+/*
+ * [RECOMMENDED] Logging Configuration
+ *
+ * This section is used for configuring what is logged and where it is logged to.
+ * You may have multiple log blocks if you wish. Remember to properly secure any
+ * channels you choose to have Anope log to!
+ */
+log
+{
+	/*
+	 * Target(s) to log to, which may be one of the following:
+	 *   - a channel name
+	 *   - a filename
+	 *   - globops
+	 * In Debian, this path is relative to /var/log/anope
+	 */
+	#target = "services.log"
+
+	/* Log to both services.log and the channel #services
+	 *
+	 * Note that some older IRCds, such as Ratbox, require services to be in the
+	 * log channel to be able to message it. To do this, configure service:channels to
+	 * join your logging channel.
+	 */
+	target = "services.log #services"
+
+	/*
+	 * The source(s) to only accept log messages from. Leave commented to allow all sources.
+	 * This can be a users name, a channel name, one of our clients (eg, OperServ), or a server name.
+	 */
+	#source = ""
+
+	/*
+	 * The bot used to log generic messages which have no predefined sender if there
+	 * is a channel in the target directive.
+	 */
+	bot = "Global"
+
+	/*
+	 * The number of days to keep logfiles, only useful if you are logging to a file.
+	 * Set to 0 to never delete old logfiles.
+	 *
+	 * Note that Anope must run 24 hours a day for this feature to work correctly.
+	 */
+	logage = 7
+
+	/*
+	 * What types of log messages should be logged by this block. There are nine general categories:
+	 *
+	 *  admin      - Execution of admin commands (OperServ, etc).
+	 *  override   - A services operator using their powers to execute a command they couldn't normally.
+	 *  commands   - Execution of general commands.
+	 *  servers    - Server actions, linking, squitting, etc.
+	 *  channels   - Actions in channels such as joins, parts, kicks, etc.
+	 *  users      - User actions such as connecting, disconnecting, changing name, etc.
+	 *  other      - All other messages without a category.
+	 *  rawio      - Logs raw input and output from services
+	 *  debug      - Debug messages (log files can become VERY large from this).
+	 *
+	 * These options determine what messages from the categories should be logged. Wildcards are accepted, and
+	 * you can also negate values with a ~. For example, "~operserv/akill operserv/*" would log all operserv
+	 * messages except for operserv/akill. Note that processing stops at the first matching option, which
+	 * means "* ~operserv/*" would log everything because * matches everything.
+	 *
+	 * Valid admin, override, and command options are:
+	 *    pesudo-serv/commandname (eg, operserv/akill, chanserv/set)
+	 *
+	 * Valid server options are:
+	 *    connect, quit, sync, squit
+	 *
+	 * Valid channel options are:
+	 *    create, destroy, join, part, kick, leave, mode
+	 *
+	 * Valid user options are:
+	 *    connect, disconnect, quit, nick, ident, host, mode, maxusers, oper, away
+	 *
+	 * Rawio and debug are simple yes/no answers, there are no types for them.
+	 *
+	 * Note that modules may add their own values to these options.
+	 */
+	admin = "*"
+	override = "chanserv/* nickserv/* memoserv/set ~botserv/set botserv/*"
+	commands = "~operserv/* *"
+	servers = "*"
+	#channels = "~mode *"
+	users = "connect disconnect nick"
+	other = "*"
+	rawio = no
+	debug = no
+}
+
+/*
+ * A log block to globops some useful things.
+ */
+log
+{
+	target = "globops"
+	admin = "global/* operserv/chankill operserv/mode operserv/kick operserv/akill operserv/s*line operserv/noop operserv/jupe operserv/oline operserv/set operserv/svsnick operserv/svsjoin operserv/svspart nickserv/getpass */drop"
+	servers = "squit"
+	users = "oper"
+	other = "expire/* bados akill/*"
+}
+
+/*
+ * [RECOMMENDED] Oper Access Config
+ *
+ * This section is used to set up staff access to restricted oper only commands.
+ * You may define groups of commands and privileges, as well as who may use them.
+ *
+ * This block is recommended, as without it you will be unable to access most oper commands.
+ * It replaces the old ServicesRoot directive amongst others.
+ *
+ * The command names below are defaults and are configured in the *serv.conf's. If you configure
+ * additional commands with permissions, such as commands from third party modules, the permissions
+ * must be included in the opertype block before the command can be used.
+ *
+ * Available privileges:
+ *  botserv/administration        - Can view and assign private BotServ bots
+ *  botserv/fantasy               - Can use fantasy commands without the FANTASIA privilege
+ *  chanserv/administration       - Can modify the settings of any channel (including changing of the owner!)
+ *  chanserv/access/list          - Can view channel access and akick lists, but not modify them
+ *  chanserv/access/modify        - Can modify channel access and akick lists, and use /chanserv enforce
+ *  chanserv/auspex               - Can see any information with /chanserv info
+ *  chanserv/no-register-limit    - May register an unlimited number of channels and nicknames
+ *  chanserv/kick                 - Can kick and ban users from channels through ChanServ
+ *  memoserv/info                 - Can see any information with /memoserv info
+ *  memoserv/set-limit            - Can set the limit of max stored memos on any user and channel
+ *  memoserv/no-limit             - Can send memos through limits and throttles
+ *  nickserv/access               - Can modify other users access and certificate lists
+ *  nickserv/alist                - Can see the channel access list of other users
+ *  nickserv/auspex               - Can see any information with /nickserv info
+ *  nickserv/confirm              - Can confirm other users nicknames
+ *  nickserv/drop                 - Can drop other users nicks
+ *  operserv/config               - Can modify services's configuration
+ *  operserv/oper/modify          - Can add and remove operators with at most the same privileges
+ *  protected                     - Can not be kicked from channels by Services
+ *
+ * Available commands:
+ *   botserv/bot/del          botserv/bot/add               botserv/bot/change        botserv/set/private
+ *   botserv/set/nobot
+ *
+ *   chanserv/drop            chanserv/getkey               chanserv/invite
+ *   chanserv/list            chanserv/suspend              chanserv/topic
+ *
+ *   chanserv/saset/bantype   chanserv/saset/description    chanserv/saset/email       chanserv/saset/keepmodes
+ *   chanserv/saset/founder   chanserv/saset/keeptopic      chanserv/saset/restricted
+ *   chanserv/saset/peace     chanserv/saset/persist        chanserv/saset/private
+ *   chanserv/saset/secure    chanserv/saset/securefounder  chanserv/saset/secureops
+ *   chanserv/saset/signkick  chanserv/saset/successor      chanserv/saset/topiclock
+ *   chanserv/saset/url       chanserv/saset/noexpire       chanserv/saset/autoop
+ *
+ *   memoserv/sendall        memoserv/staff
+ *
+ *   nickserv/getpass        nickserv/getemail      nickserv/suspend      nickserv/ajoin
+ *   nickserv/list
+ *
+ *   nickserv/saset/autoop     nickserv/saset/email   nickserv/saset/greet     nickserv/saset/password
+ *   nickserv/saset/display    nickserv/saset/kill    nickserv/saset/language  nickserv/saset/message
+ *   nickserv/saset/private    nickserv/saset/secure  nickserv/saset/url       nickserv/saset/noexpire
+ *   nickserv/saset/keepmodes
+ *
+ *   hostserv/set            hostserv/del           hostserv/list
+ *
+ *   global/global
+ *
+ *   operserv/news         operserv/stats        operserv/kick       operserv/exception    operserv/seen
+ *   operserv/mode         operserv/session      operserv/modinfo    operserv/ignore       operserv/chanlist
+ *   operserv/chankill     operserv/akill        operserv/sqline     operserv/snline       operserv/userlist
+ *   operserv/oper         operserv/config       operserv/umode      operserv/logsearch
+ *   operserv/modload      operserv/jupe         operserv/set        operserv/noop
+ *   operserv/quit         operserv/update       operserv/reload     operserv/restart
+ *   operserv/shutdown     operserv/svs          operserv/oline      operserv/kill
+ *
+ * Firstly, we define 'opertypes' which are named whatever we want ('Network Administrator', etc).
+ * These can contain commands for oper-only strings (see above) which grants access to that specific command,
+ * and privileges (which grant access to more general permissions for the named area).
+ * Wildcard entries are permitted for both, e.g. 'commands = "operserv/*"' for all OperServ commands.
+ *
+ * Below are some default example types, but this is by no means exhaustive,
+ * and it is recommended that you configure them to your needs.
+ */
+
+opertype
+{
+	/* The name of this opertype */
+	name = "Helper"
+
+	/* What commands (see above) this opertype has */
+	commands = "hostserv/*"
+}
+
+opertype
+{
+	/* The name of this opertype */
+	name = "Services Operator"
+
+	/* What opertype(s) this inherits from. Separate with a comma. */
+	inherits = "Helper, Another Helper"
+
+	/* What commands (see above) this opertype may use */
+	commands = "chanserv/list chanserv/suspend chanserv/topic memoserv/staff nickserv/list nickserv/suspend operserv/mode operserv/chankill operserv/akill operserv/session operserv/modinfo operserv/sqline operserv/oper operserv/kick operserv/ignore operserv/snline"
+
+	/* What privs (see above) this opertype has */
+	privs = "chanserv/auspex chanserv/no-register-limit memoserv/* nickserv/auspex nickserv/confirm"
+
+	/*
+	 * Modes to be set on users when they identify to accounts linked to this opertype.
+	 *
+	 * This can be used to automatically oper users who identify for services operator accounts, and is
+	 * useful for setting modes such as Plexus's user mode +N.
+	 *
+	 * Note that some IRCds, such as InspIRCd, do not allow directly setting +o, and this will not work.
+	 */
+	#modes = "+o"
+}
+
+opertype
+{
+	name = "Services Administrator"
+
+	inherits = "Services Operator"
+
+	commands = "botserv/* chanserv/access/list chanserv/drop chanserv/getkey chanserv/saset/noexpire memoserv/sendall nickserv/saset/* nickserv/getemail operserv/news operserv/jupe operserv/svs operserv/stats operserv/oline operserv/noop operserv/forbid global/*"
+
+	privs = "*"
+}
+
+opertype
+{
+	name = "Services Root"
+
+	commands = "*"
+
+	privs = "*"
+}
+
+/*
+ * After defining different types of operators in the above opertype section, we now define who is in these groups
+ * through 'oper' blocks, similar to ircd access.
+ *
+ * The default is to comment these out (so NOBODY will have Services access).
+ * You probably want to add yourself and a few other people at minimum.
+ *
+ * As with all permissions, make sure to only give trustworthy people access to Services.
+ */
+
+oper
+{
+	/* The nickname of this services oper */
+	name = "Fardale"
+
+	/* The opertype this person will have */
+	type = "Services Root"
+
+	/* If set, the user must be an oper on the IRCd to gain their Services
+	 * oper privileges.
+	 */
+	require_oper = yes
+
+	/* An optional password. If defined the user must login using "/msg OperServ LOGIN" first */
+	#password = "secret"
+
+	/* An optional SSL fingerprint. If defined, it's required to be able to use this opertype. */
+	#certfp = "ed3383b3f7d74e89433ddaa4a6e5b2d7"
+
+	/* An optional list of user@host masks. If defined the user must be connected from one of them */
+	#host = "*@*.anope.org ident@*"
+
+	/* An optional vHost to set on users who identify for this oper block.
+	 * This will override HostServ vHosts, and may not be available on all IRCds
+	 */
+	#vhost = "oper.mynet"
+}
+
+{% for oper in anope.services_roots %}
+oper
+{
+	name = "{{ oper }}"
+	type = "Services Root"
+	require_oper = yes
+}
+
+{% endfor %}
+
+#oper
+{
+	name = "nick2"
+	type = "Services Administrator"
+}
+
+#oper
+{
+	name = "nick3"
+	type = "Helper"
+}
+
+/*
+ * [OPTIONAL] Mail Config
+ *
+ * This section contains settings related to the use of e-mail from Services.
+ * If the usemail directive is set to yes, unless specified otherwise, all other
+ * directives are required.
+ *
+ * NOTE: Users can find the IP of the machine services is running on by examining
+ * mail headers. If you do not want your IP known, you should set up a mail relay
+ * to strip the relevant headers.
+ */
+mail
+{
+	/*
+	 * If set, this option enables the mail commands in Services. You may choose
+	 * to disable it if you have no Sendmail-compatible mailer installed. Whilst
+	 * this directive (and entire block) is optional, it is required if
+	 * nickserv:registration is set to yes.
+	 */
+	usemail = yes
+
+	/*
+	 * This is the command-line that will be used to call the mailer to send an
+	 * e-mail. It must be called with all the parameters needed to make it
+	 * scan the mail input to find the mail recipient; consult your mailer
+	 * documentation.
+	 *
+	 * Postfix users must use the compatible sendmail utility provided with
+	 * it. This one usually needs no parameters on the command-line. Most
+	 * sendmail applications (or replacements of it) require the -t option
+	 * to be used.
+	 */
+	sendmailpath = "/usr/sbin/sendmail -t"
+
+	/*
+	 * This is the e-mail address from which all the e-mails are to be sent from.
+	 * It should really exist.
+	 */
+	sendfrom = "services@crans.org"
+
+	/*
+	 * This controls the minimum amount of time a user must wait before sending
+	 * another e-mail after they have sent one. It also controls the minimum time
+	 * a user must wait before they can receive another e-mail.
+	 *
+	 * This feature prevents users from being mail bombed using Services and
+	 * it is highly recommended that it be used.
+	 *
+	 * This directive is optional, but highly recommended.
+	 */
+	delay = 5m
+
+	/*
+	 * If set, Services will not attempt to put quotes around the TO: fields
+	 * in e-mails.
+	 *
+	 * This directive is optional, and as far as we know, it's only needed
+	 * if you are using ESMTP or QMail to send out e-mails.
+	 */
+	#dontquoteaddresses = yes
+
+	/*
+	 * The subject and message of emails sent to users when they register accounts.
+	 */
+	registration_subject = "Nickname registration for %n"
+	registration_message = "Hi,
+
+				You have requested to register the nickname %n on %N.
+				Please type \" /msg NickServ CONFIRM %c \" to complete registration.
+
+				If you don't know why this mail was sent to you, please ignore it silently.
+
+				%N administrators."
+
+	/*
+	 * The subject and message of emails sent to users when they request a new password.
+	 */
+	reset_subject = "Reset password request for %n"
+	reset_message = "Hi,
+
+			You have requested to have the password for %n reset.
+			To reset your password, type \" /msg NickServ CONFIRM %n %c \"
+
+			If you don't know why this mail was sent to you, please ignore it silently.
+
+			%N administrators."
+
+	/*
+	 * The subject and message of emails sent to users when they request a new email address.
+	 */
+	emailchange_subject = "Email confirmation"
+	emailchange_message = "Hi,
+
+			You have requested to change your email address from %e to %E.
+			Please type \" /msg NickServ CONFIRM %c \" to confirm this change.
+
+			If you don't know why this mail was sent to you, please ignore it silently.
+
+			%N administrators."
+
+	/*
+	 * The subject and message of emails sent to users when they receive a new memo.
+	 */
+	memo_subject = "New memo"
+	memo_message = "Hi %n,
+
+			You've just received a new memo from %s. This is memo number %d.
+
+			Memo text:
+
+			%t"
+}
+
+/*
+ * [REQUIRED] Database configuration.
+ *
+ * This section is used to configure databases used by Anope.
+ * You should at least load one database method, otherwise any data you
+ * have will not be stored!
+ */
+
+/*
+ * [DEPRECATED] db_old
+ *
+ * This is the old binary database format from late Anope 1.7.x, Anope 1.8.x, and
+ * early Anope 1.9.x. This module only loads these databases, and will NOT save them.
+ * You should only use this to upgrade old databases to a newer database format by loading
+ * other database modules in addition to this one, which will be used when saving databases.
+ */
+#module
+{
+	name = "db_old"
+
+	/*
+	 * This is the encryption type used by the databases. This must be set correctly or
+	 * your passwords will not work. Valid options are: md5, oldmd5, sha1, and plain.
+	 * You must also be sure to load the correct encryption module below in the Encryption
+	 * Modules section so that your passwords work.
+	 */
+	hash = "sha1"
+}
+
+/*
+ * [RECOMMENDED] db_flatfile
+ *
+ * This is the default flatfile database format.
+ */
+module
+{
+	name = "db_flatfile"
+
+	/*
+	 * The database name db_flatfile should use
+	 */
+	database = "anope.db"
+
+	/*
+	 * Sets the number of days backups of databases are kept. If you don't give it,
+	 * or if you set it to 0, Services won't backup the databases.
+	 *
+	 * NOTE: Services must run 24 hours a day for this feature to work.
+	 *
+	 * This directive is optional, but recommended.
+	 */
+	keepbackups = 7
+
+	/*
+	 * Allows Services to continue file write operations (i.e. database saving)
+	 * even if the original file cannot be backed up. Enabling this option may
+	 * allow Services to continue operation under conditions where it might
+	 * otherwise fail, such as a nearly-full disk.
+	 *
+	 * NOTE: Enabling this option can cause irrecoverable data loss under some
+	 * conditions, so make CERTAIN you know what you're doing when you enable it!
+	 *
+	 * This directive is optional, and you are discouraged against enabling it.
+	 */
+	#nobackupokay = yes
+
+	/*
+	 * If enabled, services will fork a child process to save databases.
+	 *
+	 * This is only useful with very large databases, with hundreds
+	 * of thousands of objects, that have a noticeable delay from
+	 * writing databases.
+	 *
+	 * If your database is large enough cause a noticeable delay when
+	 * saving you should consider a more powerful alternative such
+	 * as db_sql or db_redis, which incrementally update their
+	 * databases asynchronously in real time.
+	 */
+	fork = no
+}
+
+/*
+ * db_sql and db_sql_live
+ *
+ * db_sql module allows saving and loading databases using one of the SQL engines.
+ * This module loads the databases once on startup, then incrementally updates
+ * objects in the database as they are changed within Anope in real time. Changes
+ * to the SQL tables not done by Anope will have no effect and will be overwritten.
+ *
+ * db_sql_live module allows saving and loading databases using one of the SQL engines.
+ * This module reads and writes to SQL in real time. Changes to the SQL tables
+ * will be immediately reflected into Anope. This module should not be loaded
+ * in conjunction with db_sql.
+ *
+ */
+#module
+{
+	name = "db_sql"
+	#name = "db_sql_live"
+
+	/*
+	 * The SQL service db_sql(_live) should use, these are configured in modules.conf.
+	 * For MySQL, this should probably be mysql/main.
+	 */
+	engine = "sqlite/main"
+
+	/*
+	 * An optional prefix to prepended to the name of each created table.
+	 * Do not use the same prefix for other programs.
+	 */
+	#prefix = "anope_db_"
+
+	/* Whether or not to import data from another database module in to SQL on startup.
+	 * If you enable this, be sure that the database services is configured to use is
+	 * empty and that another database module to import from is loaded before db_sql.
+	 * After you enable this and do a database import you should disable it for
+	 * subsequent restarts.
+	 *
+	 * Note that you can not import databases using db_sql_live. If you want to import
+	 * databases and use db_sql_live you should import them using db_sql, then shut down
+	 * and start services with db_sql_live.
+	 */
+	import = false
+}
+
+/*
+ * db_redis.
+ *
+ * This module allows using Redis (http://redis.io) as a database backend.
+ * This module requires that m_redis is loaded and configured properly.
+ *
+ * Redis 2.8 supports keyspace notifications which allows Redis to push notifications
+ * to Anope about outside modifications to the database. This module supports this and
+ * will internally reflect any changes made to the database immediately once notified.
+ * See docs/REDIS for more information regarding this.
+ */
+#module
+{
+	name = "db_redis"
+
+	/*
+	 * Redis database to use. This must be configured with m_redis.
+	 */
+	engine = "redis/main"
+}
+
+/*
+ * [RECOMMENDED] Encryption modules.
+ *
+ * The encryption modules are used when dealing with passwords. This determines how
+ * the passwords are stored in the databases, and does not add any security as
+ * far as transmitting passwords over the network goes.
+ *
+ * Without any encryption modules loaded users will not be able to authenticate unless
+ * there is another module loaded that provides authentication checking, such as
+ * m_ldap_authentication or m_sql_authentication.
+ *
+ * With enc_none, passwords will be stored in plain text, allowing for passwords
+ * to be recovered later but it isn't secure and therefore is not recommended.
+ *
+ * The other encryption modules use one-way encryption, so the passwords can not
+ * be recovered later if those are used.
+ *
+ * The first encryption module loaded is the primary encryption module. All new passwords are
+ * encrypted by this module. Old passwords stored in another encryption method are
+ * automatically re-encrypted by the primary encryption module on next identify.
+ *
+ * NOTE: enc_old is Anope's previous (broken) MD5 implementation which is present in
+ * versions prior to Anope 1.7.17. If your databases were made using that module,
+ * use this and not enc_md5.
+ *
+ * NOTE: enc_sha1 relies on how the OS stores 2+ byte data internally, and is
+ * potentially broken when moving between 2 different OSes, such as moving from
+ * Linux to Windows. It is recommended that you use enc_sha256 instead if you want
+ * to use an SHA-based encryption. If you choose to do so, it is also recommended
+ * that you first try to get everyone's passwords converted to enc_sha256 before
+ * switching OSes by placing enc_sha256 at the beginning of the list.
+ *
+ */
+
+#module { name = "enc_bcrypt" }
+module { name = "enc_sha256" }
+#module { name = "enc_md5" }
+module { name = "enc_sha1" }
+
+/*
+ * When using enc_none, passwords will be stored without encryption. This isn't secure
+ * therefore it is not recommended.
+ */
+#module { name = "enc_none" }
+
+/*
+ * enc_old is Anope's previous (broken) MD5 implementation used from 1.4.x to 1.7.16.
+ * If your databases were made using that module, load it here to allow conversion to the primary
+ * encryption method.
+ */
+#module { name = "enc_old" }
+
+
+/* Extra (optional) modules. */
+include
+{
+	type = "file"
+	name = "modules.conf"
+}
+
+/*
+ * Chanstats module.
+ * Requires a MySQL Database.
+ */
+#include
+{
+	type = "file"
+	name = "chanstats.conf"
+}
+
+/*
+ * IRC2SQL Gateway
+ * This module collects data about users, channels and servers. It doesn't build stats
+ * itself, however, it gives you the database, it's up to you how you use it.
+ *
+ * Requires a MySQL Database and MySQL version 5.5 or higher
+ */
+#include
+{
+	type = "file"
+	name = "irc2sql.conf"
+}