mirror
/
oragono
mirror of https://github.com/oragono/oragono


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352
							# oragono IRCd config

# network configuration
network:
    # name of the network
    name: OragonoTest

# server configuration
server:
    # server name
    name: oragono.test

    # addresses to listen on
    listen:
        - ":6667"
        - "127.0.0.1:6668"
        - "[::1]:6668"
        - ":6697" # ssl port
        # unix domain socket for proxying:
        # - "/tmp/oragono_sock"

    # tls listeners
    tls-listeners:
        # listener on ":6697"
        ":6697":
            key: tls.key
            cert: tls.crt

    # strict transport security, to get clients to automagically use TLS
    sts:
        # whether to advertise STS
        #
        # to stop advertising STS, leave this enabled and set 'duration' below to "0". this will
        # advertise to connecting users that the STS policy they have saved is no longer valid
        enabled: false

        # how long clients should be forced to use TLS for.
        # setting this to a too-long time will mean bad things if you later remove your TLS.
        # the default duration below is 1 month, 2 days and 5 minutes.
        duration: 1mo2d5m

        # tls port - you should be listening on this port above
        port: 6697

        # should clients include this STS policy when they ship their inbuilt preload lists?
        preload: false

    # use ident protocol to get usernames
    check-ident: true

    # password to login to the server
    # generated using  "oragono genpasswd"
    #password: ""

    # motd filename
    # if you change the motd, you should move it to ircd.motd
    motd: oragono.motd

    # motd formatting codes
    # if this is true, the motd is escaped using formatting codes like $c, $b, and $i
    #motd-formatting: true

    # addresses/hostnames the PROXY command can be used from
    # this should be restricted to 127.0.0.1/8 and localhost at most
    # you should also add these addresses to the connection limits and throttling exemption lists
    proxy-allowed-from:
        # - localhost
        # - "127.0.0.1"
        # - "127.0.0.1/8"

    # controls the use of the WEBIRC command (by IRC<->web interfaces, bouncers and similar)
    webirc:
        # one webirc block -- should correspond to one set of gateways
        -
            # tls fingerprint the gateway must connect with to use this webirc block
            fingerprint: 938dd33f4b76dcaf7ce5eb25c852369cb4b8fb47ba22fc235aa29c6623a5f182

            # password the gateway uses to connect, made with  oragono genpasswd
            password: JDJhJDA0JG9rTTVERlNRa0hpOEZpNkhjZE95SU9Da1BseFdlcWtOTEQxNEFERVlqbEZNTkdhOVlYUkMu

            # hosts that can use this webirc command
            hosts:
                # - localhost
                # - "127.0.0.1"
                # - "127.0.0.1/8"
                # - "0::1"

    # maximum length of clients' sendQ in bytes
    # this should be big enough to hold /LIST and HELP replies
    max-sendq: 16k

    # maximum number of connections per subnet
    connection-limits:
        # whether to enforce connection limits or not
        enabled: true

        # how wide the cidr should be for IPv4
        cidr-len-ipv4: 32

        # how wide the cidr should be for IPv6
        cidr-len-ipv6: 64

        # maximum number of IPs per subnet (defined above by the cird length)
        ips-per-subnet: 16

        # IPs/networks which are exempted from connection limits
        exempted:
            - "127.0.0.1"
            - "127.0.0.1/8"
            - "::1/128"

    # automated connection throttling
    connection-throttling:
        # whether to throttle connections or not
        enabled: true

        # how wide the cidr should be for IPv4
        cidr-len-ipv4: 32

        # how wide the cidr should be for IPv6
        cidr-len-ipv6: 64

        # how long to keep track of connections for
        duration: 10m

        # maximum number of connections, per subnet, within the given duration
        max-connections: 32

        # how long to ban offenders for, and the message to use
        # after banning them, the number of connections is reset (which lets you use UNDLINE to unban people)
        ban-duration: 10m
        ban-message: You have attempted to connect too many times within a short duration. Wait a while, and you will be able to connect.

        # IPs/networks which are exempted from connection limits
        exempted:
            - "127.0.0.1"
            - "127.0.0.1/8"
            - "::1/128"

# account options
accounts:
    # account registration
    registration:
        # can users register new accounts?
        enabled: true

        # length of time a user has to verify their account before it can be re-registered
        # default is 120 hours, or 5 days
        verify-timeout: "120h"

        # callbacks to allow
        enabled-callbacks:
            - none # no verification needed, will instantly register successfully
        
        # allow multiple account registrations per connection
        # this is for testing purposes and shouldn't be allowed on real networks
        allow-multiple-per-connection: false

    # is account authentication enabled?
    authentication-enabled: true

    # will the server enforce that only the account holder can use the account name as a nick?
    # options:
    # `disabled`: no enforcement
    # `timeout` (auth to nickserv within some period of time or you're disconnected)
    # `strict`: must authenticate up front with SASL
    nick-reservation: disabled
    nick-reservation-timeout: 30s

# channel options
channels:
    # modes that are set when new channels are created
    # +n is no-external-messages and +t is op-only-topic
    # see  /QUOTE HELP cmodes  for more channel modes
    default-modes: +nt

    # channel registration - requires an account
    registration:
        # can users register new channels?
        enabled: true

# operator classes
oper-classes:
    # local operator
    "local-oper":
        # title shown in WHOIS
        title: Local Operator

        # capability names
        capabilities:
            - "oper:local_kill"
            - "oper:local_ban"
            - "oper:local_unban"

    # network operator
    "network-oper":
        # title shown in WHOIS
        title: Network Operator

        # oper class this extends from
        extends: "local-oper"

        # capability names
        capabilities:
            - "oper:remote_kill"
            - "oper:remote_ban"
            - "oper:remote_unban"

    # server admin
    "server-admin":
        # title shown in WHOIS
        title: Server Admin

        # oper class this extends from
        extends: "local-oper"

        # capability names
        capabilities:
            - "oper:rehash"
            - "oper:die"
            - "unregister"
            - "samode"

# ircd operators
opers:
    # operator named 'dan'
    dan:
        # which capabilities this oper has access to
        class: "server-admin"

        # custom whois line
        whois-line: is a cool dude

        # custom hostname
        vhost: "n"

        # modes are the modes to auto-set upon opering-up
        modes: +is acjknoqtux

        # password to login with /OPER command
        # generated using  "oragono genpasswd"
        password: JDJhJDA0JE1vZmwxZC9YTXBhZ3RWT2xBbkNwZnV3R2N6VFUwQUI0RUJRVXRBRHliZVVoa0VYMnlIaGsu

# logging, takes inspiration from Insp
logging:
    -
        # how to log these messages
        #
        #   file    log to given target filename
        #   stdout  log to stdout
        #   stderr  log to stderr
        method: file stderr

        # filename to log to, if file method is selected
        filename: ircd.log

        # type(s) of logs to keep here. you can use - to exclude those types
        #
        # exclusions take precedent over inclusions, so if you exclude a type it will NEVER
        # be logged, even if you explicitly include it
        #
        # useful types include:
        #   *               everything (usually used with exclusing some types below)
        #   accounts        account registration and authentication
        #   channels        channel creation and operations
        #   commands        command calling and operations
        #   opers           oper actions, authentication, etc
        #   password        password hashing and comparing
        #   userinput       raw lines sent by users
        #   useroutput      raw lines sent to users
        type: "* -userinput -useroutput -localconnect -localconnect-ip"

        # one of: debug info warn error
        level: info
    -
        # avoid logging IP addresses to file
        method: stderr
        type: localconnect localconnect-ip
        level: debug

# debug options
debug:
    # when enabled, oragono will attempt to recover from certain kinds of
    # client-triggered runtime errors that would normally crash the server.
    # this makes the server more resilient to DoS, but could result in incorrect
    # behavior. deployments that would prefer to "start from scratch", e.g., by
    # letting the process crash and auto-restarting it with systemd, can set
    # this to false.
    recover-from-errors: true

    # enabling StackImpact profiling
    stackimpact:
        # whether to use StackImpact
        enabled: false

        # the AgentKey to use
        agent-key: examplekeyhere

        # the app name to report
        app-name: Oragono

# datastore configuration
datastore:
    # path to the datastore
    path: ircd.db

# languages config
languages:
    # whether to load languages
    enabled: false

    # default language to use for new clients
    # 'en' is the default English language in the code
    default: en

    # which directory contains our language files
    path: languages

# limits - these need to be the same across the network
limits:
    # nicklen is the max nick length allowed
    nicklen: 32

    # channellen is the max channel length allowed
    channellen: 64

    # awaylen is the maximum length of an away message
    awaylen: 500

    # kicklen is the maximum length of a kick message
    kicklen: 1000

    # topiclen is the maximum length of a channel topic
    topiclen: 1000

    # maximum number of monitor entries a client can have
    monitor-entries: 100

    # whowas entries to store
    whowas-entries: 100

    # maximum length of channel lists (beI modes)
    chan-list-modes: 60

    # maximum length of IRC lines
    # this should generally be 1024-2048, and will only apply when negotiated by clients
    linelen:
        # tags section
        tags: 2048

        # rest of the message
        rest: 2048