You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

oragono.yaml 14KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450
  1. # oragono IRCd config
  2. # network configuration
  3. network:
  4. # name of the network
  5. name: OragonoTest
  6. # server configuration
  7. server:
  8. # server name
  9. name: oragono.test
  10. # addresses to listen on
  11. listen:
  12. - ":6667"
  13. - "127.0.0.1:6668"
  14. - "[::1]:6668"
  15. - ":6697" # ssl port
  16. # unix domain socket for proxying:
  17. # - "/tmp/oragono_sock"
  18. # tls listeners
  19. tls-listeners:
  20. # listener on ":6697"
  21. ":6697":
  22. key: tls.key
  23. cert: tls.crt
  24. # strict transport security, to get clients to automagically use TLS
  25. sts:
  26. # whether to advertise STS
  27. #
  28. # to stop advertising STS, leave this enabled and set 'duration' below to "0". this will
  29. # advertise to connecting users that the STS policy they have saved is no longer valid
  30. enabled: false
  31. # how long clients should be forced to use TLS for.
  32. # setting this to a too-long time will mean bad things if you later remove your TLS.
  33. # the default duration below is 1 month, 2 days and 5 minutes.
  34. duration: 1mo2d5m
  35. # tls port - you should be listening on this port above
  36. port: 6697
  37. # should clients include this STS policy when they ship their inbuilt preload lists?
  38. preload: false
  39. # use ident protocol to get usernames
  40. check-ident: true
  41. # password to login to the server
  42. # generated using "oragono genpasswd"
  43. #password: ""
  44. # motd filename
  45. # if you change the motd, you should move it to ircd.motd
  46. motd: oragono.motd
  47. # motd formatting codes
  48. # if this is true, the motd is escaped using formatting codes like $c, $b, and $i
  49. motd-formatting: true
  50. # addresses/hostnames the PROXY command can be used from
  51. # this should be restricted to 127.0.0.1/8 and localhost at most
  52. # you should also add these addresses to the connection limits and throttling exemption lists
  53. proxy-allowed-from:
  54. # - localhost
  55. # - "127.0.0.1"
  56. # - "127.0.0.1/8"
  57. # controls the use of the WEBIRC command (by IRC<->web interfaces, bouncers and similar)
  58. webirc:
  59. # one webirc block -- should correspond to one set of gateways
  60. -
  61. # tls fingerprint the gateway must connect with to use this webirc block
  62. fingerprint: 938dd33f4b76dcaf7ce5eb25c852369cb4b8fb47ba22fc235aa29c6623a5f182
  63. # password the gateway uses to connect, made with oragono genpasswd
  64. password: "$2a$04$sLEFDpIOyUp55e6gTMKbOeroT6tMXTjPFvA0eGvwvImVR9pkwv7ee"
  65. # hosts that can use this webirc command
  66. # you should also add these addresses to the connection limits and throttling exemption lists
  67. hosts:
  68. # - localhost
  69. # - "127.0.0.1"
  70. # - "127.0.0.1/8"
  71. # - "0::1"
  72. # maximum length of clients' sendQ in bytes
  73. # this should be big enough to hold /LIST and HELP replies
  74. max-sendq: 16k
  75. # maximum number of connections per subnet
  76. connection-limits:
  77. # whether to enforce connection limits or not
  78. enabled: true
  79. # how wide the cidr should be for IPv4
  80. cidr-len-ipv4: 32
  81. # how wide the cidr should be for IPv6
  82. cidr-len-ipv6: 64
  83. # maximum concurrent connections per subnet (defined above by the cidr length)
  84. connections-per-subnet: 16
  85. # IPs/networks which are exempted from connection limits
  86. exempted:
  87. - "127.0.0.1"
  88. - "127.0.0.1/8"
  89. - "::1/128"
  90. # automated connection throttling
  91. connection-throttling:
  92. # whether to throttle connections or not
  93. enabled: true
  94. # how wide the cidr should be for IPv4
  95. cidr-len-ipv4: 32
  96. # how wide the cidr should be for IPv6
  97. cidr-len-ipv6: 64
  98. # how long to keep track of connections for
  99. duration: 10m
  100. # maximum number of connections, per subnet, within the given duration
  101. max-connections: 32
  102. # how long to ban offenders for, and the message to use
  103. # after banning them, the number of connections is reset (which lets you use UNDLINE to unban people)
  104. ban-duration: 10m
  105. ban-message: You have attempted to connect too many times within a short duration. Wait a while, and you will be able to connect.
  106. # IPs/networks which are exempted from connection limits
  107. exempted:
  108. - "127.0.0.1"
  109. - "127.0.0.1/8"
  110. - "::1/128"
  111. # account options
  112. accounts:
  113. # account registration
  114. registration:
  115. # can users register new accounts?
  116. enabled: true
  117. # this is the bcrypt cost we'll use for account passwords
  118. bcrypt-cost: 12
  119. # length of time a user has to verify their account before it can be re-registered
  120. verify-timeout: "32h"
  121. # callbacks to allow
  122. enabled-callbacks:
  123. - none # no verification needed, will instantly register successfully
  124. # example configuration for sending verification emails via a local mail relay
  125. # callbacks:
  126. # mailto:
  127. # server: localhost
  128. # port: 25
  129. # tls:
  130. # enabled: false
  131. # username: ""
  132. # password: ""
  133. # sender: "admin@my.network"
  134. # allow multiple account registrations per connection
  135. # this is for testing purposes and shouldn't be allowed on real networks
  136. allow-multiple-per-connection: false
  137. # is account authentication enabled?
  138. authentication-enabled: true
  139. # some clients (notably Pidgin and Hexchat) offer only a single password field,
  140. # which makes it impossible to specify a separate server password (for the PASS
  141. # command) and SASL password. if this option is set to true, a client that
  142. # successfully authenticates with SASL will not be required to send
  143. # PASS as well, so it can be configured to authenticate with SASL only.
  144. skip-server-password: false
  145. # nick-reservation controls how, and whether, nicknames are linked to accounts
  146. nick-reservation:
  147. # is there any enforcement of reserved nicknames?
  148. enabled: false
  149. # how many nicknames, in addition to the account name, can be reserved?
  150. additional-nick-limit: 2
  151. # method describes how nickname reservation is handled
  152. # timeout: let the user change to the registered nickname, give them X seconds
  153. # to login and then rename them if they haven't done so
  154. # strict: don't let the user change to the registered nickname unless they're
  155. # already logged-in using SASL or NickServ
  156. method: timeout
  157. # rename-timeout - this is how long users have 'til they're renamed
  158. rename-timeout: 30s
  159. # rename-prefix - this is the prefix to use when renaming clients (e.g. Guest-AB54U31)
  160. rename-prefix: Guest-
  161. # vhosts controls the assignment of vhosts (strings displayed in place of the user's
  162. # hostname/IP) by the HostServ service
  163. vhosts:
  164. # are vhosts enabled at all?
  165. enabled: true
  166. # maximum length of a vhost
  167. max-length: 64
  168. # regexp for testing the validity of a vhost
  169. # (make sure any changes you make here are RFC-compliant)
  170. valid-regexp: '^[0-9A-Za-z.\-_/]+$'
  171. # options controlling users requesting vhosts:
  172. user-requests:
  173. # can users request vhosts at all? if this is false, operators with the
  174. # 'vhosts' capability can still assign vhosts manually
  175. enabled: false
  176. # if uncommented, all new vhost requests will be dumped into the given
  177. # channel, so opers can review them as they are sent in. ensure that you
  178. # have registered and restricted the channel appropriately before you
  179. # uncomment this.
  180. #channel: "#vhosts"
  181. # after a user's vhost has been approved or rejected, they need to wait
  182. # this long (starting from the time of their original request)
  183. # before they can request a new one.
  184. cooldown: 168h
  185. # channel options
  186. channels:
  187. # modes that are set when new channels are created
  188. # +n is no-external-messages and +t is op-only-topic
  189. # see /QUOTE HELP cmodes for more channel modes
  190. default-modes: +nt
  191. # channel registration - requires an account
  192. registration:
  193. # can users register new channels?
  194. enabled: true
  195. # operator classes
  196. oper-classes:
  197. # local operator
  198. "local-oper":
  199. # title shown in WHOIS
  200. title: Local Operator
  201. # capability names
  202. capabilities:
  203. - "oper:local_kill"
  204. - "oper:local_ban"
  205. - "oper:local_unban"
  206. - "nofakelag"
  207. # network operator
  208. "network-oper":
  209. # title shown in WHOIS
  210. title: Network Operator
  211. # oper class this extends from
  212. extends: "local-oper"
  213. # capability names
  214. capabilities:
  215. - "oper:remote_kill"
  216. - "oper:remote_ban"
  217. - "oper:remote_unban"
  218. # server admin
  219. "server-admin":
  220. # title shown in WHOIS
  221. title: Server Admin
  222. # oper class this extends from
  223. extends: "local-oper"
  224. # capability names
  225. capabilities:
  226. - "oper:rehash"
  227. - "oper:die"
  228. - "accreg"
  229. - "sajoin"
  230. - "samode"
  231. - "vhosts"
  232. - "chanreg"
  233. # ircd operators
  234. opers:
  235. # operator named 'dan'
  236. dan:
  237. # which capabilities this oper has access to
  238. class: "server-admin"
  239. # custom whois line
  240. whois-line: is a cool dude
  241. # custom hostname
  242. vhost: "n"
  243. # modes are the modes to auto-set upon opering-up
  244. modes: +is acjknoqtux
  245. # password to login with /OPER command
  246. # generated using "oragono genpasswd"
  247. password: "$2a$04$LiytCxaY0lI.guDj2pBN4eLRD5cdM2OLDwqmGAgB6M2OPirbF5Jcu"
  248. # logging, takes inspiration from Insp
  249. logging:
  250. -
  251. # how to log these messages
  252. #
  253. # file log to given target filename
  254. # stdout log to stdout
  255. # stderr log to stderr
  256. method: file stderr
  257. # filename to log to, if file method is selected
  258. filename: ircd.log
  259. # type(s) of logs to keep here. you can use - to exclude those types
  260. #
  261. # exclusions take precedent over inclusions, so if you exclude a type it will NEVER
  262. # be logged, even if you explicitly include it
  263. #
  264. # useful types include:
  265. # * everything (usually used with exclusing some types below)
  266. # accounts account registration and authentication
  267. # channels channel creation and operations
  268. # commands command calling and operations
  269. # opers oper actions, authentication, etc
  270. # password password hashing and comparing
  271. # userinput raw lines sent by users
  272. # useroutput raw lines sent to users
  273. type: "* -userinput -useroutput -localconnect -localconnect-ip"
  274. # one of: debug info warn error
  275. level: info
  276. -
  277. # avoid logging IP addresses to file
  278. method: stderr
  279. type: localconnect localconnect-ip
  280. level: debug
  281. # debug options
  282. debug:
  283. # when enabled, oragono will attempt to recover from certain kinds of
  284. # client-triggered runtime errors that would normally crash the server.
  285. # this makes the server more resilient to DoS, but could result in incorrect
  286. # behavior. deployments that would prefer to "start from scratch", e.g., by
  287. # letting the process crash and auto-restarting it with systemd, can set
  288. # this to false.
  289. recover-from-errors: true
  290. # optionally expose a pprof http endpoint: https://golang.org/pkg/net/http/pprof/
  291. # it is strongly recommended that you don't expose this on a public interface;
  292. # if you need to access it remotely, you can use an SSH tunnel.
  293. # set to `null`, "", leave blank, or omit to disable
  294. # pprof-listener: "localhost:6060"
  295. # enabling StackImpact profiling
  296. stackimpact:
  297. # whether to use StackImpact
  298. enabled: false
  299. # the AgentKey to use
  300. agent-key: examplekeyhere
  301. # the app name to report
  302. app-name: Oragono
  303. # datastore configuration
  304. datastore:
  305. # path to the datastore
  306. path: ircd.db
  307. # if the database schema requires an upgrade, `autoupgrade` will attempt to
  308. # perform it automatically on startup. the database will be backed
  309. # up, and if the upgrade fails, the original database will be restored.
  310. autoupgrade: true
  311. # languages config
  312. languages:
  313. # whether to load languages
  314. enabled: true
  315. # default language to use for new clients
  316. # 'en' is the default English language in the code
  317. default: en
  318. # which directory contains our language files
  319. path: languages
  320. # limits - these need to be the same across the network
  321. limits:
  322. # nicklen is the max nick length allowed
  323. nicklen: 32
  324. # channellen is the max channel length allowed
  325. channellen: 64
  326. # awaylen is the maximum length of an away message
  327. awaylen: 500
  328. # kicklen is the maximum length of a kick message
  329. kicklen: 1000
  330. # topiclen is the maximum length of a channel topic
  331. topiclen: 1000
  332. # maximum number of monitor entries a client can have
  333. monitor-entries: 100
  334. # whowas entries to store
  335. whowas-entries: 100
  336. # maximum length of channel lists (beI modes)
  337. chan-list-modes: 60
  338. # maximum length of IRC lines
  339. # this should generally be 1024-2048, and will only apply when negotiated by clients
  340. linelen:
  341. # tags section
  342. tags: 2048
  343. # rest of the message
  344. rest: 2048
  345. # fakelag: prevents clients from spamming commands too rapidly
  346. fakelag:
  347. # whether to enforce fakelag
  348. enabled: false
  349. # time unit for counting command rates
  350. window: 1s
  351. # clients can send this many commands without fakelag being imposed
  352. burst-limit: 5
  353. # once clients have exceeded their burst allowance, they can send only
  354. # this many commands per `window`:
  355. messages-per-window: 2
  356. # client status resets to the default state if they go this long without
  357. # sending any commands:
  358. cooldown: 2s