diff options
Diffstat (limited to 'data/modules.example.conf')
| -rw-r--r-- | data/modules.example.conf | 300 |
1 files changed, 110 insertions, 190 deletions
diff --git a/data/modules.example.conf b/data/modules.example.conf index 9a86266c7..725130137 100644 --- a/data/modules.example.conf +++ b/data/modules.example.conf @@ -19,14 +19,14 @@ module { name = "help" } /* - * m_dns + * dns * * Adds support for the DNS protocol. By itself this module does nothing useful, - * but other modules such as m_dnsbl and os_dns require this. + * but other modules such as dnsbl and operserv/dns require this. */ #module { - name = "m_dns" + name = "dns" /* * The nameserver to use for resolving hostnames, must be an IP or a resolver configuration file. @@ -42,7 +42,7 @@ module { name = "help" } timeout = 5 - /* Only edit below if you are expecting to use os_dns or otherwise answer DNS queries. */ + /* Only edit below if you are expecting to use operserv/dns or otherwise answer DNS queries. */ /* * The IP and port services use to listen for DNS queries. @@ -80,7 +80,7 @@ module { name = "help" } } /* - * m_dnsbl + * dnsbl * * Allows configurable DNS blacklists to check connecting users against. If a user * is found on the blacklist they will be immediately banned. This is a crucial module @@ -88,7 +88,7 @@ module { name = "help" } */ #module { - name = "m_dnsbl" + name = "dnsbl" /* * If set, Services will check clients against the DNSBLs when services connect to its uplink. @@ -113,7 +113,7 @@ module { name = "help" } blacklist { /* Name of the blacklist. */ - name = "dnsbl.dronebl.org" + name = "rbl.efnetrbl.org" /* How long to set the ban for. */ time = 4h @@ -127,17 +127,29 @@ module { name = "help" } * %r is the reply reason (configured below). Will be nothing if not configured. * %N is the network name set in networkinfo:networkname */ - reason = "You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded?ip=%i&network=%N" + reason = "You are listed in the efnet RBL, visit http://rbl.efnetrbl.org/?i=%i for info" + + /* Replies to ban and their reason. If no relies are configured, all replies get banned. */ + reply + { + code = 1 + reason = "Open Proxy" + } - /* Replies to ban and their reason. If no replies are configured, all replies get banned. */ #reply { - code = 3 - reason = "IRC Drone" + code = 2 + reason = "spamtrap666" } #reply { + code = 3 + reason = "spamtrap50" + } + + reply + { code = 4 reason = "TOR" @@ -148,17 +160,18 @@ module { name = "help" } #allow_account = yes } - #reply + reply { - code = 8 - reason = "SOCKS Proxy" + code = 5 + reason = "Drones / Flooding" } + } - #reply - { - code = 9 - reason = "HTTP Proxy" - } + #blacklist + { + name = "dnsbl.dronebl.org" + time = 4h + reason = "You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded?ip=%i&network=%N" } /* Exempt localhost from DNSBL checks */ @@ -166,19 +179,19 @@ module { name = "help" } } /* - * m_helpchan + * helpchan * * Gives users who are op in the specified help channel usermode +h (helpop). */ #module { - name = "m_helpchan" + name = "helpchan" helpchannel = "#help" } /* - * m_httpd + * httpd * * Allows services to serve web pages. By itself, this module does nothing useful. * @@ -187,7 +200,7 @@ module { name = "help" } */ #module { - name = "m_httpd" + name = "httpd" httpd { @@ -219,13 +232,13 @@ module { name = "help" } } /* - * m_ldap [EXTRA] + * ldap [EXTRA] * * This module allows other modules to use LDAP. By itself, this module does nothing useful. */ #module { - name = "m_ldap" + name = "ldap" ldap { @@ -240,14 +253,14 @@ module { name = "help" } } /* - * m_ldap_authentication [EXTRA] + * ldap_authentication [EXTRA] * * This module allows many commands such as IDENTIFY, RELEASE, RECOVER, GHOST, etc. use - * LDAP to authenticate users. Requires m_ldap. + * LDAP to authenticate users. Requires ldap. */ #module { - name = "m_ldap_authentication" + name = "ldap_authentication" /* * The distinguished name used for searching for users's accounts. @@ -300,16 +313,16 @@ module { name = "help" } } /* - * m_ldap_oper [EXTRA] + * ldap_oper [EXTRA] * * This module dynamically ties users to Anope opertypes when they identify - * via LDAP group membership. Requires m_ldap. + * via LDAP group membership. Requires ldap. * * Note that this doesn't give the user privileges on the IRCd, only in Services. */ #module { - name = "m_ldap_oper" + name = "ldap_oper" /* * An optional binddn to use when searching for groups. @@ -341,13 +354,22 @@ module { name = "help" } } /* - * m_mysql [EXTRA] + * mysql [EXTRA] * * This module allows other modules to use MySQL. + * + * If you use db_sql with a mysql service defined below, note that your default + * database collation should be the same as your configured casemap or locale + * in Anope. + * + * For ascii, this is ascii_general_ci. + * + * For rfc1459, a charset configuration file is provided in data/mysql/rfc1459.xml + * Instructions are provided in docs/MySQL.md on how to install it. */ #module { - name = "m_mysql" + name = "mysql" mysql { @@ -360,64 +382,26 @@ module { name = "help" } port = 3306 } } -/* - * m_redis - * - * This module allows other modules to use Redis. - */ -#module -{ - name = "m_redis" - - /* A redis database */ - redis - { - /* The name of this service */ - name = "redis/main" - - /* - * The redis database to use. New connections default to 0. - */ - db = 0 - - ip = "127.0.0.1" - port = 6379 - } -} - -/* - * m_regex_pcre [EXTRA] - * - * Provides the regex engine regex/pcre, which uses the Perl Compatible Regular Expressions library. - */ -#module { name = "m_regex_pcre" } - -/* - * m_regex_posix [EXTRA] - * - * Provides the regex engine regex/posix, which uses the POSIX compliant regular expressions. - * This is likely the only regex module you will not need extra libraries for. - */ -#module { name = "m_regex_posix" } /* - * m_regex_tre [EXTRA] + * rest [EXTRA] * - * Provides the regex engine regex/tre, which uses the TRE regex library. + * This module exposes a RESTful API using JSON via the httpd module. + * See docs/REST.md for details. */ -#module { name = "m_regex_tre" } +#module { name = "rest" } /* - * m_rewrite + * rewrite * * Allows rewriting commands sent to/from clients. */ -#module { name = "m_rewrite" } +#module { name = "rewrite" } #command { service = "ChanServ"; name = "CLEAR"; command = "rewrite" - /* Enable m_rewrite. */ + /* Enable rewrite. */ rewrite = true /* Source message to match. A $ can be used to match anything. */ @@ -438,111 +422,47 @@ module { name = "help" } } /* - * m_proxyscan - * - * This module allows you to scan connecting clients for open proxies. - * Note that using this will allow users to get the IP of your services. + * sasl * - * Currently the two supported proxy types are HTTP and SOCKS5. - * - * The proxy scanner works by attempting to connect to clients when they - * connect to the network, and if they have a proxy running instruct it to connect - * back to services. If services are able to connect through the proxy to itself - * then it knows it is an insecure proxy, and will ban it. + * Some IRCds allow "SASL" authentication to let users identify to Services + * during the IRCd user registration process. If this module is loaded, Services will allow + * authenticating users through this mechanism. Supported mechanisms are: + * PLAIN, EXTERNAL. */ -#module -{ - name = "m_proxyscan" - - /* - * The target IP services tells the proxy to connect back to. This must be a publicly - * available IP that remote proxies can connect to. - */ - #target_ip = "127.0.0.1" - - /* - * The port services tells the proxy to connect to. - */ - target_port = 7226 - - /* - * The listen IP services listen on for incoming connections from suspected proxies. - * This probably will be the same as target_ip, but may not be if you are behind a firewall (NAT). - */ - #listen_ip = "127.0.0.1" - - /* - * The port services should listen on for incoming connections from suspected proxies. - * This most likely will be the same as target_port. - */ - listen_port = 7226 - - /* - * An optional notice sent to clients upon connect. - */ - #connect_notice = "We will now scan your host for insecure proxies. If you do not consent to this scan please disconnect immediately." - - /* - * Who the notice should be sent from. - */ - #connect_source = "OperServ" - - /* - * If set, OperServ will add infected clients to the akill list. Without it, OperServ simply sends - * a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being filled up by bots. - */ - add_to_akill = yes - - /* - * How long before connections should be timed out. - */ - timeout = 5 - - proxyscan - { - /* The type of proxy to check for. A comma separated list is allowed. */ - type = "HTTP" - - /* The ports to check. */ - port = "80,8080" - - /* How long to set the ban for. */ - time = 4h +#module { name = "sasl" } - /* - * The reason to ban the user for. - * %h is replaced with the type of proxy found. - * %i is replaced with the IP of proxy found. - * %p is replaced with the port. - */ - reason = "You have an open proxy running on your host (%t:%i:%p)" - } -} +/* + * sasl_dh-aes [EXTRA] + * + * Add the DH-AES mechanism to SASL. + * Requires sasl to be loaded. + * Requires openssl. + */ +#module { name = "sasl_dh-aes" } /* - * m_sasl + * sasl_dh-blowfish [EXTRA] * - * Some IRCds allow "SASL" authentication to let users identify to Services - * during the IRCd user registration process. If this module is loaded, Services will allow - * authenticating users through this mechanism. Supported mechanisms are: - * PLAIN, EXTERNAL. + * Add the DH-BLOWFISH mechanism to SASL. + * Requires sasl to be loaded. + * Requires openssl. */ -#module { name = "m_sasl" } +#module { name = "sasl_dh-blowfish" } /* - * m_ssl_gnutls [EXTRA] + * ssl_gnutls [EXTRA] * * This module provides SSL services to Anope using GnuTLS, for example to * connect to the uplink server(s) via SSL. * - * You may only load either m_ssl_gnutls or m_ssl_openssl, bot not both. + * You may only load either ssl_gnutls or ssl_openssl, bot not both. */ #module { - name = "m_ssl_gnutls" + name = "ssl_gnutls" /* - * An optional certificate and key for m_ssl_gnutls to give to the uplink. + * An optional certificate and key for ssl_gnutls to give to the uplink. * * You can generate your own certificate and key pair by using: * @@ -568,20 +488,20 @@ module { name = "help" } } /* - * m_ssl_openssl [EXTRA] + * ssl_openssl [EXTRA] * * This module provides SSL services to Anope using OpenSSL, for example to * connect to the uplink server(s) via SSL. * - * You may only load either m_ssl_openssl or m_ssl_gnutls, bot not both. + * You may only load either ssl_openssl or ssl_gnutls, bot not both. * */ #module { - name = "m_ssl_openssl" + name = "ssl_openssl" /* - * An optional certificate and key for m_ssl_openssl to give to the uplink. + * An optional certificate and key for ssl_openssl to give to the uplink. * * You can generate your own certificate and key pair by using: * @@ -601,16 +521,16 @@ module { name = "help" } } /* - * m_sql_authentication [EXTRA] + * sql_authentication [EXTRA] * * This module allows authenticating users against an external SQL database using a custom * query. */ #module { - name = "m_sql_authentication" + name = "sql_authentication" - /* SQL engine to use. Should be configured elsewhere with m_mysql, m_sqlite, etc. */ + /* SQL engine to use. Should be configured elsewhere with mysql, sqlite, etc. */ engine = "mysql/main" /* Query to execute to authenticate. A non empty result from this query is considered a success, @@ -652,7 +572,7 @@ module { name = "help" } } /* - * m_sql_log [EXTRA] + * sql_log [EXTRA] * * This module adds an additional target option to log{} blocks * that allows logging Service's logs to SQL. To log to SQL, add @@ -669,24 +589,24 @@ module { name = "help" } * it if it doesn't exist. This module does not create any indexes (keys) * on the table and it is recommended you add them yourself as necessary. */ -#module { name = "m_sql_log" } +#module { name = "sql_log" } /* - * m_sql_oper [EXTRA] + * sql_oper [EXTRA] * * This module allows granting users services operator privileges and possibly IRC Operator * privileges based on an external SQL database using a custom query. */ #module { - name = "m_sql_oper" + name = "sql_oper" - /* SQL engine to use. Should be configured elsewhere with m_mysql, m_sqlite, etc. */ + /* SQL engine to use. Should be configured elsewhere with mysql, sqlite, etc. */ engine = "mysql/main" /* Query to execute to determine if a user should have operator privileges. * A field named opertype must be returned in order to link the user to their oper type. - * The oper types must be configured earlier in services.conf. + * The oper types must be configured earlier in anope.conf. * * If a field named modes is returned from this query then those modes are set on the user. * Without this, only a simple +o is sent. @@ -698,13 +618,13 @@ module { name = "help" } } /* - * m_sqlite [EXTRA] + * sqlite * * This module allows other modules to use SQLite. */ -#module +module { - name = "m_sqlite" + name = "sqlite" /* A SQLite database */ sqlite @@ -713,7 +633,7 @@ module { name = "help" } name = "sqlite/main" /* The database name, it will be created if it does not exist. */ - database = "anope.db" + database = "anope.sqlite3" } } @@ -724,7 +644,7 @@ module { name = "help" } * as they could over IRC. If you are using the default configuration you should be able to access * this panel by visiting http://127.0.0.1:8080 in your web browser from the machine Anope is running on. * - * This module requires m_httpd. + * This module requires httpd. */ #module { @@ -741,23 +661,23 @@ module { name = "help" } } /* - * m_xmlrpc + * xmlrpc * * Allows remote applications (websites) to execute queries in real time to retrieve data from Anope. - * By itself this module does nothing, but allows other modules (m_xmlrpc_main) to receive and send XMLRPC queries. + * By itself this module does nothing, but allows other modules (xmlrpc_main) to receive and send XMLRPC queries. */ #module { - name = "m_xmlrpc" + name = "xmlrpc" - /* Web service to use. Requires m_httpd. */ + /* Web service to use. Requires httpd. */ server = "httpd/main" } /* - * m_xmlrpc_main + * xmlrpc_main * * Adds the main XMLRPC core functions. - * Requires m_xmlrpc. + * Requires xmlrpc. */ -#module { name = "m_xmlrpc_main" } +#module { name = "xmlrpc_main" } |