mirror of https://github.com/pissnet/pissircd.git
250 lines
8.6 KiB
Plaintext
250 lines
8.6 KiB
Plaintext
/* This file will load all optional modules. These are features that
|
|
* not everyone will use or are considered experimental.
|
|
* You can include this file from your unrealircd.conf like this:
|
|
* include "modules.optional.conf";
|
|
* OR... and this is probably a better idea... you can copy-paste it
|
|
* to another file where you do your own customizations.
|
|
*
|
|
* DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
|
|
* If you want to customize, make a copy of this file (for example
|
|
* name it modules.custom.conf) and edit it.
|
|
* Then include that file from your unrealircd.conf instead of this one.
|
|
*/
|
|
|
|
/*** Commands ***/
|
|
|
|
// This add the /IRCOPS command: A more visual way for users
|
|
// to see which IRCOps are online.
|
|
loadmodule "ircops";
|
|
|
|
// This adds the /STAFF command: This command simply displays
|
|
// a text file that you can configure here:
|
|
loadmodule "staff";
|
|
@if module-loaded("staff")
|
|
set { staff-file "network.staff"; }
|
|
@endif
|
|
|
|
|
|
/*** Channel modes ***/
|
|
|
|
// The following module ('nocodes') is not a true channel mode.
|
|
// It simply enhances the existing channel mode +S/+c to include
|
|
// stripping/blocking of bold, underline and italic text.
|
|
loadmodule "nocodes";
|
|
|
|
|
|
/*** Other ***/
|
|
|
|
// The hideserver module will hide /MAP and /LINKS to regular users.
|
|
// It does not truly enhance security as server names can still be
|
|
// seen at other places.
|
|
// Comment out the following line to enable this:
|
|
// loadmodule "hideserver";
|
|
|
|
// The antirandom module will kill or *line users that have a nick,
|
|
// ident and/or realname that is considered "random".
|
|
// This helps to combat simple botnets/drones.
|
|
// Note that failure to set the right settings may ban innocent users.
|
|
// This is especially true if you are on a non-English network where
|
|
// the module may consider a sequence of characters "random" even though
|
|
// it is a perfectly pronounceable word in your language.
|
|
loadmodule "antirandom";
|
|
@if module-loaded("antirandom")
|
|
set {
|
|
antirandom {
|
|
/* THRESHOLD:
|
|
* This is the most important setting of all.
|
|
* For every randomly looking item the user gets a certain amount of
|
|
* 'points'. If the points reach the 'threshold' then the appropriate
|
|
* action is taken (killed, *lined, see later on).
|
|
* lower = more randomly looking users will be caught
|
|
* (but also more innocent users).
|
|
* higher = less chance of innocent users getting killed
|
|
* (but also less chance on bots getting caught).
|
|
* <2: DON'T!!
|
|
* 4: Works good, probably a few more innocent kills, but if you have a
|
|
* big problem with drone attacks then this might be a good setting.
|
|
* 5: Works well with few innocent kills, probably good to begin with.
|
|
* 6: If you want to be a tad more careful
|
|
* >6: For the paranoid. Module can still be quite effective, though :)
|
|
*/
|
|
threshold 6;
|
|
|
|
/* BAN-ACTION:
|
|
* Action to take whenever the user is caught as random, options:
|
|
* warn, kill, gline, gzline, kline, zline, shun, tempshun
|
|
*/
|
|
ban-action kill;
|
|
|
|
/* BAN-TIME:
|
|
* Time to ban the user (irrelevant for tempshun/kill).
|
|
* Something between 1 hour and 2 days is recommended.
|
|
* If you set it higher than 3 or 4 days then you get quite a risk
|
|
* of catching innocent users due to dynamic IP, not to mention
|
|
* your *line list gets filled up... so choose it wisely.
|
|
*/
|
|
ban-time 4h;
|
|
|
|
/* BAN-REASON:
|
|
* The ban or kill reason to use.
|
|
* Tip: you might want to put in an entry to a FAQ or an email address where
|
|
* users can mail if they have been caught and don't know what to do.
|
|
* NOTE: One of the various reasons that "innocent users" are blocked is when
|
|
* they randomly type in info for their nick, ident, or realname.
|
|
*/
|
|
ban-reason "You look like a bot. Be sure to fill in your nick/ident/realname properly.";
|
|
|
|
/* CONVERT-TO-LOWERCASE:
|
|
* Convert nicks, idents, and realnames to lowercase before doing random checks?
|
|
* Useful to catch GnStA5FYhiTH51TUkf style random nicks as random.
|
|
* Enabled by default.
|
|
*/
|
|
convert-to-lowercase yes;
|
|
|
|
/* SHOW-FAILEDCONNECTS:
|
|
* This will send out a notice whenever a randomly looking user has been caught
|
|
* during connecting. This can be pretty noisy.
|
|
* Especially recommended to enable during the first few days you use this module.
|
|
*/
|
|
show-failedconnects yes;
|
|
|
|
/* EXCEPT:
|
|
* Don't do antirandom checks for these users.
|
|
*/
|
|
except {
|
|
/* Exempt WEBIRC gateways because these frequently
|
|
* cause false positives. So the default is yes.
|
|
*/
|
|
webirc yes;
|
|
|
|
/* Exempt LAN users */
|
|
ip { 192.168.*; 127.*; }
|
|
|
|
// Or by hostname:
|
|
//mask { *.example.net; }
|
|
|
|
/* You can also exempt security groups: */
|
|
// security-group known-users;
|
|
|
|
/* For all options, see https://www.unrealircd.org/docs/Mask_item */
|
|
}
|
|
}
|
|
}
|
|
@endif
|
|
|
|
// This module will send a HTTP 301 redirect to any client which sends
|
|
// a HTTP request to us. This is commented out by default:
|
|
//loadmodule "webredir";
|
|
//set {
|
|
// webredir {
|
|
// url 'https://...';
|
|
// }
|
|
//}
|
|
|
|
// Load the webserver module, needed for websocket (see next)
|
|
loadmodule "webserver";
|
|
|
|
// This adds websocket support. For more information, see:
|
|
// https://www.unrealircd.org/docs/WebSocket_support
|
|
loadmodule "websocket";
|
|
|
|
// This module will detect and stop spam containing of characters of
|
|
// mixed "scripts", where (for example) some characters are in
|
|
// Latin script and other characters are in Cyrillic script.
|
|
loadmodule "antimixedutf8";
|
|
@if module-loaded("antimixedutf8")
|
|
set {
|
|
antimixedutf8 {
|
|
/* Take action at this 'score' (lower = more sensitive)
|
|
*
|
|
* A score of 2 or 3 will catch a lot but also
|
|
* catch innocent users who are not using a pure
|
|
* Latin script, such as Russian people who
|
|
* commonly use a mix of Latin and Cyrillic.
|
|
*
|
|
* A score of 8 is a safe default.
|
|
*/
|
|
score 8;
|
|
|
|
/* Action to take, see:
|
|
* https://www.unrealircd.org/docs/Actions
|
|
*/
|
|
ban-action block;
|
|
|
|
/* Block/kill/ban reason (sent to user) */
|
|
ban-reason "Mixed character spam";
|
|
|
|
/* Duration of ban (does not apply to block/kill) */
|
|
ban-time 4h; // For other types
|
|
|
|
/* Except these users - see
|
|
* https://www.unrealircd.org/docs/Mask_item for options.
|
|
*/
|
|
//commented out by default:
|
|
//except {
|
|
// security-group known-users;
|
|
// webirc yes;
|
|
//}
|
|
}
|
|
}
|
|
@endif
|
|
|
|
// This module will add support for /EXTJWT command,
|
|
// used for generating authorization tokens for external services.
|
|
// The feature is based on a specification described here:
|
|
// https://github.com/ircv3/ircv3-specifications/pull/341
|
|
// Please create your configuration block based on the example below.
|
|
// Do not uncomment the example.
|
|
//
|
|
// Supported JWT methods: NONE (not recommended), HS256, HS384, HS512,
|
|
// ES256, ES384, ES512, RS256, RS384, RS512
|
|
// Method NONE does not use any cryptography to sign the token. This
|
|
// is only useful for checking whether the service works when initially
|
|
// setting it up. HS* methods use a password that must be shared with
|
|
// the verification service. ES* and RS* methods use public-private key
|
|
// pairs, so the verification service, knowing your public key, can't
|
|
// generate own valid tokens.
|
|
//
|
|
// For methods requiring a key, place it in your "conf" directory.
|
|
//
|
|
// Use following shell commands to create keys if needed:
|
|
// To generate RS256, RS384 or RS512 private key (for UnrealIRCd):
|
|
// openssl genrsa -out privkey.pem 4096
|
|
// To generate matching public key (for the external service to verify
|
|
// the token):
|
|
// openssl rsa -in privkey.pem -pubout > pubkey.pem
|
|
//
|
|
// To generate ES256, ES384 or ES512 private key (for UnrealIRCd):
|
|
// openssl ecparam -genkey -name secp521r1 -noout -out privkey.pem
|
|
// To generate matching public key (for the external service to verify
|
|
// the token):
|
|
// openssl ec -in privkey.pem -pubout -out pubkey.pem
|
|
//
|
|
// In all cases, substitute your preferred file names for "pubkey.pem"
|
|
// and "privkey.pem".
|
|
|
|
//loadmodule "extjwt";
|
|
//extjwt {
|
|
// /* The configuration below is used when no service name is
|
|
// * provided by the user command.
|
|
// */
|
|
// method "HS256"; /* described above */
|
|
// expire-after 30; /* seconds */
|
|
// secret "somepassword"; /* required for HS* methods */
|
|
// /* Optional service blocks for generating different tokens.
|
|
// * Add as many of these as you need.
|
|
// */
|
|
// service "service1" {
|
|
// method "ES512"; /* will be inherited from main if not given */
|
|
// //secret "anotherpassword"; /* required for HS* method */
|
|
// key "es512.pem"; /* required for ES* and RS* methods */
|
|
// //verify-url 'https://example.com/verify/?t=%s'; /* URL for your validation service - optional; use single quotes here! */
|
|
// expire-after 60; /* seconds, will be inherited from main if not given */
|
|
// };
|
|
// /* Another service block. */
|
|
// service "service2" {
|
|
// method "RS256";
|
|
// key "RS256.pem";
|
|
// };
|
|
//};
|