diff options
| author | Preston Pan <ret2pop@gmail.com> | 2025-03-21 04:52:46 -0700 |
|---|---|---|
| committer | Preston Pan <ret2pop@gmail.com> | 2025-03-21 04:52:46 -0700 |
| commit | 00c9e35779cbb298d6395a6e2c2534007a92976f (patch) | |
| tree | e5bfc2d375b331ba6b664ddf6152f51bfcc900df /nix/modules/inspircd.nix | |
| parent | 2a4c959ef00fea785633afe44be0af77d6441a4b (diff) | |
add a ton of VPS upgrades; update website; live life
Diffstat (limited to 'nix/modules/inspircd.nix')
| -rw-r--r-- | nix/modules/inspircd.nix | 539 |
1 files changed, 539 insertions, 0 deletions
diff --git a/nix/modules/inspircd.nix b/nix/modules/inspircd.nix new file mode 100644 index 0000000..bf3e9ba --- /dev/null +++ b/nix/modules/inspircd.nix @@ -0,0 +1,539 @@ +{ lib, config, ... }: +{ + services.inspircd = { + enable = lib.mkDefault config.monorepo.profiles.server.enable; + modules = [ "ssl_openssl" ]; + config = '' +<server name="nullring.xyz" + description="Nullring IRC Instance" + network="NullRing"> + +<admin + name="Preston Pan" + nick="prestonp" + email="ret2pop@gmail.com"> + +<bind + address="0.0.0.0" + port="6697" + type="clients" + ssl="openssl"> + +<module name="ssl_openssl"> +<openssl certfile="/var/lib/acme/fullchain.pem" keyfile="/var/lib/acme/key.pem"> + +<power + # hash: what hash these passwords are hashed with. + # Requires the module for selected hash (m_md5.so, m_sha256.so + # or m_ripemd160.so) be loaded and the password hashing module + # (m_password_hash.so) loaded. + # Options here are: "md5", "sha256" and "ripemd160", or one of + # these prefixed with "hmac-", e.g.: "hmac-sha256". + # Optional, but recommended. Create hashed passwords with: + # /mkpasswd <hash> <password> + #hash="sha256" + + # diepass: Password for opers to use if they need to shutdown (die) + # a server. + diepass="" + + # restartpass: Password for opers to use if they need to restart + # a server. + restartpass=""> + +<connect + # name: Name to use for this connect block. Mainly used for + # connect class inheriting. + name="main" + + # allow: What IP addresses/hosts to allow for this block. + allow="*" + + # maxchans: Maximum number of channels a user in this class + # be in at one time. This overrides every other maxchans setting. + #maxchans="30" + + # timeout: How long (in seconds) the server will wait before + # disconnecting a user if they do not do anything on connect. + # (Note, this is a client-side thing, if the client does not + # send /nick, /user or /pass) + timeout="10" + + # pingfreq: How often (in seconds) the server tries to ping connecting clients. + pingfreq="120" + + # hardsendq: maximum amount of data allowed in a client's send queue + # before they are dropped. Keep this value higher than the length of + # your network's /LIST or /WHO output, or you will have lots of + # disconnects from sendq overruns! + # Setting this to "1M" is equivalent to "1048576", "8K" is 8192, etc. + hardsendq="1M" + + # softsendq: amount of data in a client's send queue before the server + # begins delaying their commands in order to allow the sendq to drain + softsendq="8192" + + # recvq: amount of data allowed in a client's queue before they are dropped. + # Entering "8K" is equivalent to "8192", see above. + recvq="8K" + + # threshold: This specifies the amount of command penalty a user is allowed to have + # before being quit or fakelagged due to flood. Normal commands have a penalty of 1, + # ones such as /OPER have penalties up to 10. + # + # If you are not using fakelag, this should be at least 20 to avoid excess flood kills + # from processing some commands. + threshold="10" + + # commandrate: This specifies the maximum rate that commands can be processed. + # If commands are sent more rapidly, the user's penalty will increase and they will + # either be fakelagged or killed when they reach the threshold + # + # Units are millicommands per second, so 1000 means one line per second. + commandrate="1000" + + # fakelag: Use fakelag instead of killing users for excessive flood + # + # Fake lag stops command processing for a user when a flood is detected rather than + # immediately killing them; their commands are held in the recvq and processed later + # as the user's command penalty drops. Note that if this is enabled, flooders will + # quit with "RecvQ exceeded" rather than "Excess Flood". + fakelag="on" + + # localmax: Maximum local connections per IP. + + localmax="200" + + # globalmax: Maximum global (network-wide) connections per IP. + + globalmax="200" + + # useident: Defines if users in this class must respond to a ident query or not. + useident="no" + + # limit: How many users are allowed in this class + limit="5000" + + # modes: Usermodes that are set on users in this block on connect. + # Enabling this option requires that the m_conn_umodes module be loaded. + # This entry is highly recommended to use for/with IP Cloaking/masking. + # For the example to work, this also requires that the m_cloaking + # module be loaded as well. + modes="+x"> + + +#-#-#-#-#-#-#-#-#-#-#-#- CIDR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#- +# # +# CIDR configuration allows detection of clones and applying of # +# throttle limits across a CIDR range. (A CIDR range is a group of # +# IPs, for example, the CIDR range 192.168.1.0-192.168.1.255 may be # +# represented as 192.168.1.0/24). This means that abuse across an ISP # +# is detected and curtailed much easier. Here is a good chart that # +# shows how many IPs the different CIDRs correspond to: # +# http://en.wikipedia.org/wiki/CIDR#Prefix_aggregation # +# # + +<cidr + # ipv4clone: specifies how many bits of an IP address should be + # looked at for clones. The default only looks for clones on a + # single IP address of a user. You do not want to set this + # extremely low. (Values are 0-32). + ipv4clone="32" + + # ipv6clone: specifies how many bits of an IP address should be + # looked at for clones. The default only looks for clones on a + # single IP address of a user. You do not want to set this + # extremely low. (Values are 0-128). + ipv6clone="128"> + +<channels + # users: Maximum number of channels a user can be in at once. + users="20" + + # opers: Maximum number of channels an oper can be in at once. + opers="60"> + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-# DNS SERVER -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# If these values are not defined, InspIRCd uses the default DNS resolver +# of your system. + +<dns + # server: DNS server to use to attempt to resolve IP's to hostnames. + # in most cases, you won't need to change this, as inspircd will + # automatically detect the nameserver depending on /etc/resolv.conf + # (or, on Windows, your set nameservers in the registry.) + # Note that this must be an IP address and not a hostname, because + # there is no resolver to resolve the name until this is defined! + # + # server="127.0.0.1" + + # timeout: seconds to wait to try to resolve DNS/hostname. + timeout="5"> + +# An example of using an IPv6 nameserver +#<dns server="::1" timeout="5"> + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-# PID FILE -#-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# Define the path to the PID file here. The PID file can be used to # +# rehash the ircd from the shell or to terminate the ircd from the # +# shell using shell scripts, perl scripts, etc... and to monitor the # +# ircd's state via cron jobs. If this is a relative path, it will be # +# relative to the configuration directory, and if it is not defined, # +# the default of 'inspircd.pid' is used. # +# # + +#<pid file="/path/to/inspircd.pid"> + +#-#-#-#-#-#-#-#-#-#-#-#-#- BANLIST LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# Use these tags to customise the ban limits on a per channel basis. # +# The tags are read from top to bottom, and any tag found which # +# matches the channels name applies the banlimit to that channel. # +# It is advisable to put an entry with the channel as '*' at the # +# bottom of the list. If none are specified or no maxbans tag is # +# matched, the banlist size defaults to 64 entries. # +# # + +<banlist chan="#largechan" limit="128"> +<banlist chan="*" limit="69"> + +#-#-#-#-#-#-#-#-#-#-#- DISABLED FEATURES -#-#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# This tag is optional, and specifies one or more features which are # +# not available to non-operators. # +# # +# For example you may wish to disable NICK and prevent non-opers from # +# changing their nicknames. # +# Note that any disabled commands take effect only after the user has # +# 'registered' (e.g. after the initial USER/NICK/PASS on connection) # +# so for example disabling NICK will not cripple your network. # +# # +# You can also define if you want to disable any channelmodes # +# or usermodes from your users. # +# # +# `fakenonexistant' will make the ircd pretend that nonexistant # +# commands simply don't exist to non-opers ("no such command"). # +# # +#<disabled commands="TOPIC MODE" usermodes="" chanmodes="" fakenonexistant="yes"> + + +#-#-#-#-#-#-#-#-#-#-#-#-#-#-#- RTFM LINE -#-#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# Just remove this... Its here to make you read ALL of the config # +# file options ;) # + +#<die value="You should probably edit your config *PROPERLY* and try again."> + + + +#-#-#-#-#-#-#-#-#-#-#-#-#- SERVER OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# Settings to define which features are usable on your server. # +# # + +<options + # prefixquit: What (if anything) users' quit messages + # should be prefixed with. + prefixquit="Quit: " + + # suffixquit: What (if anything) users' quit messages + # should be suffixed with. + suffixquit="" + + # prefixpart: What (if anything) users' part messages + # should be prefixed with. + prefixpart=""" + # NOTE: Use "\"" instead of """ if not using <config format="xml"> + + # suffixpart: What (if anything) users' part message + # should be suffixed with. + suffixpart=""" + + # fixedquit: Set all users' quit messages to this value. + #fixedquit="" + + # fixedpart: Set all users' part messages in all channels + # to this value. + #fixedpart="" + + # syntaxhints: If enabled, if a user fails to send the correct parameters + # for a command, the ircd will give back some help text of what + # the correct parameters are. + syntaxhints="no" + + # cyclehosts: If enabled, when a user gets a host set, it will cycle + # them in all their channels. If not, it will simply change their host + # without cycling them. + cyclehosts="yes" + + # cyclehostsfromuser: If enabled, the source of the mode change for + # cyclehosts will be the user who cycled. This can look nicer, but + # triggers anti-takeover mechanisms of some obsolete bots. + cyclehostsfromuser="no" + + # ircumsgprefix: Use undernet-style message prefixing for NOTICE and + # PRIVMSG. If enabled, it will add users' prefix to the line, if not, + # it will just message the user normally. + ircumsgprefix="no" + + # announcets: If set to yes, when the timestamp on a channel changes, all users + # in the channel will be sent a NOTICE about it. + announcets="yes" + + # allowmismatch: Setting this option to yes will allow servers to link even + # if they don't have the same "optionally common" modules loaded. Setting this to + # yes may introduce some desyncs and unwanted behaviour. + allowmismatch="no" + + # defaultbind: Sets the default for <bind> tags without an address. Choices are + # ipv4 or ipv6; if not specified, IPv6 will be used if your system has support, + # falling back to IPv4 otherwise. + defaultbind="auto" + + # hostintopic: If enabled, channels will show the host of the topic setter + # in the topic. If set to no, it will only show the nick of the topic setter. + hostintopic="yes" + + # pingwarning: If a server does not respond to a ping within x seconds, + # it will send a notice to opers with snomask +l informing that the server + # is about to ping timeout. + pingwarning="15" + + # serverpingfreq: How often pings are sent between servers (in seconds). + serverpingfreq="60" + + # defaultmodes: What modes are set on a empty channel when a user + # joins it and it is unregistered. + defaultmodes="nt" + + # moronbanner: This is the text that is sent to a user when they are + # banned from the server. + moronbanner="You're banned! Email abuse@example.com with the ERROR line below for help." + + # exemptchanops: exemptions for channel access restrictions based on prefix. + exemptchanops="nonick:v flood:o" + + # invitebypassmodes: This allows /invite to bypass other channel modes. + # (Such as +k, +j, +l, etc.) + invitebypassmodes="yes" + + # nosnoticestack: This prevents snotices from 'stacking' and giving you + # the message saying '(last message repeated X times)'. Defaults to no. + nosnoticestack="no" + + # welcomenotice: When turned on, this sends a NOTICE to connecting users + # with the text Welcome to <networkname>! after successful registration. + # Defaults to yes. + welcomenotice="yes"> + + +#-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-# +# # + +<performance + # netbuffersize: Size of the buffer used to receive data from clients. + # The ircd may only read this amount of text in 1 go at any time. + netbuffersize="10240" + + # somaxconn: The maximum number of connections that may be waiting + # in the accept queue. This is *NOT* the total maximum number of + # connections per server. Some systems may only allow this to be up + # to 5, while others (such as Linux and *BSD) default to 128. + somaxconn="128" + + # limitsomaxconn: By default, somaxconn (see above) is limited to a + # safe maximum value in the 2.0 branch for compatibility reasons. + # This setting can be used to disable this limit, forcing InspIRCd + # to use the value specified above. + limitsomaxconn="true" + + # softlimit: This optional feature allows a defined softlimit for + # connections. If defined, it sets a soft max connections value. + softlimit="12800" + + # quietbursts: When syncing or splitting from a network, a server + # can generate a lot of connect and quit messages to opers with + # +C and +Q snomasks. Setting this to yes squelches those messages, + # which makes it easier for opers, but degrades the functionality of + # bots like BOPM during netsplits. + quietbursts="yes" + + # nouserdns: If enabled, no DNS lookups will be performed on + # connecting users. This can save a lot of resources on very busy servers. + nouserdns="no"> + +#-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-# +# # + +<security + + # announceinvites: This option controls which members of the channel + # receive an announcement when someone is INVITEd. Available values: + # 'none' - don't send invite announcements + # 'all' - send invite announcements to all members + # 'ops' - send invite announcements to ops and higher ranked users + # 'dynamic' - send invite announcements to halfops (if available) and + # higher ranked users. This is the recommended setting. + announceinvites="dynamic" + + # hidemodes: If enabled, then the listmodes given will be hidden + # from users below halfop. This is not recommended to be set on +b + # as it may break some functionality in popular clients such as mIRC. + hidemodes="eI" + + # hideulines: If this value is set to yes, U-lined servers will + # be hidden from non-opers in /links and /map. + hideulines="no" + + # flatlinks: If this value is set to yes, /map and /links will + # be flattened when shown to non-opers. + flatlinks="no" + + # hidewhois: When defined, the given text will be used in place + # of the server a user is on when whoised by a non-oper. Most + # networks will want to set this to something like "*.netname.net" + # to conceal the actual server a user is on. + # Note that enabling this will cause users' idle times to only be + # shown when the format /WHOIS <nick> <nick> is used. + hidewhois="" + + # hidebans: If this value is set to yes, when a user is banned ([gkz]lined) + # only opers will see the ban message when the user is removed + # from the server. + hidebans="no" + + # hidekills: If defined, replaces who set a /kill with a custom string. + hidekills="" + + # hideulinekills: Hide kills from clients of ulined servers from server notices. + hideulinekills="yes" + + # hidesplits: If enabled, non-opers will not be able to see which + # servers split in a netsplit, they will only be able to see that one + # occurred (If their client has netsplit detection). + hidesplits="no" + + # maxtargets: Maximum number of targets per command. + # (Commands like /notice, /privmsg, /kick, etc) + maxtargets="20" + + # customversion: Displays a custom string when a user /version's + # the ircd. This may be set for security reasons or vanity reasons. + customversion="" + + # operspywhois: show opers (users/auspex) the +s channels a user is in. Values: + # splitmsg Split with an explanatory message + # yes Split with no explanatory message + # no Do not show + operspywhois="no" + + # runasuser: If this is set, InspIRCd will attempt to switch + # to run as this user, which allows binding of ports under 1024. + # You should NOT set this unless you are starting as root. + # NOT SUPPORTED/NEEDED UNDER WINDOWS. + #runasuser="" + + # runasgroup: If this is set, InspIRCd will attempt to switch + # to run as this group, which allows binding of ports under 1024. + # You should NOT set this unless you are starting as root. + # NOT SUPPORTED/NEEDED UNDER WINDOWS. + #runasgroup="" + + # restrictbannedusers: If this is set to yes, InspIRCd will not allow users + # banned on a channel to change nickname or message channels they are + # banned on. + restrictbannedusers="yes" + + # genericoper: Setting this value to yes makes all opers on this server + # appear as 'is an IRC operator' in their WHOIS, regardless of their + # oper type, however oper types are still used internally. This only + # affects the display in WHOIS. + genericoper="no" + + # userstats: /stats commands that users can run (opers can run all). + userstats="Pu"> + +<limits + # maxnick: Maximum length of a nickname. + maxnick="500" + + # maxchan: Maximum length of a channel name. + maxchan="500" + + # maxmodes: Maximum number of mode changes per line. + maxmodes="20" + + # maxident: Maximum length of a ident/username. + maxident="500" + + # maxquit: Maximum length of a quit message. + maxquit="255" + + # maxtopic: Maximum length of a channel topic. + maxtopic="307" + + # maxkick: Maximum length of a kick message. + maxkick="255" + + # maxgecos: Maximum length of a GECOS (realname). + maxgecos="128" + + # maxaway: Maximum length of an away message. + maxaway="200"> + +<log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="logs/ircd.log"> + +#-#-#-#-#-#-#-#-#-#-#-#-#- WHOWAS OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-# +# # +# This tag lets you define the behaviour of the /whowas command of # +# your server. # +# # + +<whowas + # groupsize: Maximum entries per nick shown when performing + # a /whowas nick. + groupsize="10" + + # maxgroups: Maximum number of nickgroups that can be added to + # the list so that /whowas does not use a lot of resources on + # large networks. + maxgroups="100000" + + # maxkeep: Maximum time a nick is kept in the whowas list + # before being pruned. Time may be specified in seconds, + # or in the following format: 1y2w3d4h5m6s. Minimum is + # 1 hour. + maxkeep="3d"> + +<badnick + # nick: Nick to disallow. Wildcards are supported. + nick="ChanServ" + + # reason: Reason to display on /nick. + reason="Reserved For Services"> + +<badnick nick="NickServ" reason="Reserved For Services"> +<badnick nick="OperServ" reason="Reserved For Services"> +<badnick nick="MemoServ" reason="Reserved For Services"> + +<badhost host="root@*" reason="Don't IRC as root!"> + +<insane + # hostmasks: Allow bans with insane hostmasks. (over-reaching bans) + hostmasks="no" + + # ipmasks: Allow bans with insane ipmasks. (over-reaching bans) + ipmasks="no" + + # nickmasks: Allow bans with insane nickmasks. (over-reaching bans) + nickmasks="no" + + # trigger: What percentage of users on the network to trigger + # specifying an insane ban as. The default is 95.5%, which means + # if you have a 1000 user network, a ban will not be allowed if it + # will be banning 955 or more users. + trigger="95.5"> +''; + }; +} |