mirror
/
oragono
mirror of https://github.com/oragono/oragono


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265
							# oragono IRCd config

# network configuration
network:
    # name of the network
    name: OragonoTest

# server configuration
server:
    # server name
    name: oragono.test

    # addresses to listen on
    listen:
        - ":6667"
        - "127.0.0.1:6668"
        - "[::1]:6668"
        - ":6697" # ssl port

    # websocket listening port
    ws-listen: ":8080"

    # tls listeners
    tls-listeners:
        # listener on ":6697"
        ":6697":
            key: tls.key
            cert: tls.crt
    
    # strict transport security, to get clients to automagically use TLS
    sts:
        # whether to advertise STS
        #
        # to stop advertising STS, leave this enabled and set 'duration' below to "0". this will
        # advertise to connecting users that the STS policy they have saved is no longer valid
        enabled: true

        # how long clients should be forced to use TLS for.
        # setting this to a too-long time will mean bad things if you later remove your TLS
        duration: 0

        # tls port - you should be listening on this port above
        port: 6697

        # should clients include this STS policy when they ship their inbuilt preload lists?
        preload: false

    # rest management API, for use with web interface
    rest-api:
        # whether the API is enabled or not
        enabled: false

        # rest API listening port
        listen: "localhost:8090"

    # use ident protocol to get usernames
    check-ident: true

    # password to login to the server
    # generated using  "oragono genpasswd"
    #password: ""

    # motd filename
    # if you change the motd, you should move it to ircd.motd
    motd: oragono.motd

    # maximum number of connections per subnet
    connection-limits:
        # whether to throttle limits or not
        enabled: true

        # how wide the cidr should be for IPv4 
        cidr-len-ipv4: 24

        # how wide the cidr should be for IPv6
        cidr-len-ipv6: 120

        # maximum number of IPs per subnet (defined above by the cird length)
        ips-per-subnet: 16

        # IPs/networks which are exempted from connection limits
        exempted:
            - "127.0.0.1"
            - "127.0.0.1/8"
            - "::1/128"

    # automated connection throttling
    connection-throttling:
        # whether to throttle connections or not
        enabled: true

        # how wide the cidr should be for IPv4 
        cidr-len-ipv4: 32

        # how wide the cidr should be for IPv6
        cidr-len-ipv6: 128

        # how long to keep track of connections for
        duration: 10m

        # maximum number of connections, per subnet, within the given duration
        max-connections: 12

        # how long to ban offenders for, and the message to use
        # after banning them, the number of connections is reset (which lets you use UNDLINE to unban people)
        ban-duration: 10m
        ban-message: You have attempted to connect too many times within a short duration. Wait a while, and you will be able to connect.

        # IPs/networks which are exempted from connection limits
        exempted:
            - "127.0.0.1"
            - "127.0.0.1/8"
            - "::1/128"

# account options
accounts:
    # account registration
    registration:
        # can users register new accounts?
        enabled: true

        # length of time a user has to verify their account before it can be re-registered
        # default is 120 hours, or 5 days
        verify-timeout: "120h"

        # callbacks to allow
        enabled-callbacks:
            - none # no verification needed, will instantly register successfully

    # is account authentication enabled?
    authentication-enabled: true

# operator classes
oper-classes:
    # local operator
    "local-oper":
        # title shown in WHOIS
        title: Local Operator

        # capability names
        capabilities:
            - "oper:local_kill"
            - "oper:local_ban"
            - "oper:local_unban"

    # network operator
    "network-oper":
        # title shown in WHOIS
        title: Network Operator

        # oper class this extends from
        extends: "local-oper"

        # capability names
        capabilities:
            - "oper:remote_kill"
            - "oper:remote_ban"
            - "oper:remote_unban"

    # server admin
    "server-admin":
        # title shown in WHOIS
        title: Server Admin

        # oper class this extends from
        extends: "local-oper"

        # capability names
        capabilities:
            - "oper:rehash"
            - "oper:die"
            - "samode"

# ircd operators
opers:
    # operator named 'dan'
    dan:
        # which capabilities this oper has access to
        class: "server-admin"

        # custom whois line
        whois-line: is a cool dude

        # custom hostname
        vhost: "n"

        # password to login with /OPER command
        # generated using  "oragono genpasswd"
        password: JDJhJDA0JE1vZmwxZC9YTXBhZ3RWT2xBbkNwZnV3R2N6VFUwQUI0RUJRVXRBRHliZVVoa0VYMnlIaGsu

# logging, takes inspiration from Insp
logging:
    -
        # how to log these messages
        #
        #   file    log to given target filename
        #   stderr  log to stderr
        method: file stderr

        # filename to log to, if file method is selected
        filename: ircd.log

        # type(s) of logs to keep here. you can use - to exclude those types
        #
        # exclusions take precedent over inclusions, so if you exclude a type it will NEVER
        # be logged, even if you explicitly include it
        #
        # useful types include:
        #   *               everything (usually used with exclusing some types below)
        #   accounts        account registration and authentication
        #   channels        channel creation and operations
        #   commands        command calling and operations
        #   opers           oper actions, authentication, etc
        #   password        password hashing and comparing
        #   userinput       raw lines sent by users
        #   useroutput      raw lines sent to users
        type: "* -userinput -useroutput -localconnect -localconnect-ip"

        # one of: debug info warn error
        level: info
    -
        # avoid logging IP addresses to file
        method: stderr
        type: localconnect localconnect-ip
        level: debug

# datastore configuration
datastore:
    # path to the datastore
    path: ircd.db

# limits - these need to be the same across the network
limits:
    # nicklen is the max nick length allowed
    nicklen: 32

    # channellen is the max channel length allowed
    channellen: 64

    # awaylen is the maximum length of an away message
    awaylen: 500

    # kicklen is the maximum length of a kick message
    kicklen: 1000

    # topiclen is the maximum length of a channel topic
    topiclen: 1000

    # maximum number of monitor entries a client can have
    monitor-entries: 100

    # whowas entries to store
    whowas-entries: 100

    # maximum length of channel lists (beI modes)
    chan-list-modes: 60

    # maximum length of IRC lines
    # this should generally be 1024-2048, and will only apply when negotiated by clients
    linelen:
        # tags section
        tags: 2048

        # rest of the message
        rest: 2048