Backport various minor config changes from 2.1.

2026-06-28 23:26:39 +02:00 · 2025-06-25 10:04:29 +01:00
parent 4b15ca0232
commit 0bb1bc5c67
9 changed files with 178 additions and 154 deletions
@@ -65,10 +65,6 @@
 *     will typically be disabled. If this is not the case, more
 *     information will be given in the documentation.
 *
- * [DISCOURAGED]
- *     Indicates a directive which may cause undesirable side effects if
- *     specified.
- *
 * [DEPRECATED]
 *     Indicates a directive which will disappear in a future version of
 *     Services, usually because its functionality has been either
@@ -85,7 +81,7 @@

 /*
 * The services.host define is used in multiple different locations throughout the
- * configuration for services clients hostnames.
+ * configuration for the server name and pseudoclient hostnames.
 */
 define
 {
@@ -209,7 +205,7 @@ serverinfo
 	 * other server names on the rest of your IRC network. Note that it does not have
 	 * to be an existing hostname, just one that isn't on your network already.
 	 */
-	name = "services.example.com"
+	name = "services.host"

 	/*
 	 * The text which should appear as the server's information in /WHOIS and similar
@@ -254,16 +250,16 @@ serverinfo
 * You MUST modify this to match the IRCd you run.
 *
 * Supported:
- *  - bahamut
+ *  - [DEPRECATED] bahamut
 *  - charybdis
 *  - hybrid
- *  - inspircd12
- *  - inspircd20
+ *  - [DEPRECATED] inspircd12
+ *  - [DEPRECATED] inspircd20
 *  - inspircd3 (for 3.x and 4.x)
 *  - ngircd
 *  - plexus
 *  - ratbox
- *  - unreal (for 3.2.x)
+ *  - [DEPRECATED] unreal (for 3.2.x)
 *  - unreal4 (for 4.x or later)
 */
 module
@@ -347,16 +343,16 @@ networkinfo
 	 *
 	 * It is recommended you DON'T change this.
 	 */
-	vhost_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-"
+	vhost_chars = "abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ0123456789.-/"

 	/*
-	 * If set to true, allows vHosts to not contain dots (.).
+	 * If enabled, allows vHosts to not contain dots (.).
 	 * Newer IRCds generally do not have a problem with this, but the same warning as
 	 * vhost_chars applies.
 	 *
 	 * It is recommended you DON'T change this.
 	 */
-	allow_undotted_vhosts = false
+	allow_undotted_vhosts = no

 	/*
 	 * The characters that are not allowed to be at the very beginning or very ending
@@ -364,7 +360,7 @@ networkinfo
 	 *
 	 * It is recommended you DON'T change this.
 	 */
-	disallow_start_or_end = ".-"
+	disallow_start_or_end = ".-/"
 }

 /*
@@ -618,7 +614,7 @@ include
 }

 /*
- * [OPTIONAL] NickServ
+ * [RECOMMENDED] NickServ
 *
 * Includes nickserv.example.conf, which is necessary for NickServ functionality.
 *
@@ -755,7 +751,6 @@ log
 * You may define groups of commands and privileges, as well as who may use them.
 *
 * This block is recommended, as without it you will be unable to access most oper commands.
- * It replaces the old ServicesRoot directive amongst others.
 *
 * The command names below are defaults and are configured in the *serv.conf's. If you configure
 * additional commands with permissions, such as commands from third party modules, the permissions
@@ -952,15 +947,20 @@ mail
 	usemail = yes

 	/*
-	 * This is the command-line that will be used to call the mailer to send an
-	 * e-mail. It must be called with all the parameters needed to make it
-	 * scan the mail input to find the mail recipient; consult your mailer
-	 * documentation.
+	 * The command used for sending emails. It is assumed that this behaves like
+	 * sendmail (i.e. it reads the email from the standard input stream) but you
+	 * should probably use Postfix or some other sendmail-compatible emailer
+	 * instead of sendmail as sendmail is very hard to configure correctly. If
+	 * you are using Windows then https://www.glob.com.au/sendmail/ is probably
+	 * the best option currently.
 	 *
-	 * Postfix users must use the compatible sendmail utility provided with
-	 * it. This one usually needs no parameters on the command-line. Most
-	 * sendmail applications (or replacements of it) require the -t option
-	 * to be used.
+	 * If your emailer sends emails directly from the services host you will
+	 * need to configure DKIM, DMARC, and SPF to avoid email hosts from marking
+	 * your services emails as spam. It is important that you do this *BEFORE*
+	 * sending emails for the first time as some email providers will add your
+	 * host to a DNSBL like Spamhaus if they consider your emails to be spam. If
+	 * this is too difficult then you may want to consider sending emails via an
+	 * external email provider using a forwarder like msmtp.
 	 */
 	sendmailpath = "/usr/sbin/sendmail -t"

@@ -1107,7 +1107,7 @@ mail
 /*
 * [RECOMMENDED] db_flatfile
 *
- * This is the default flatfile database format.
+ * Stores your database in a custom flatfile format.
 */
 module
 {
@@ -1126,7 +1126,7 @@ module
 	 *
 	 * This directive is optional, but recommended.
 	 */
-	keepbackups = 3
+	keepbackups = 7

 	/*
 	 * Allows Services to continue file write operations (i.e. database saving)
@@ -1154,17 +1154,16 @@ module
 /*
 * db_sql and db_sql_live
 *
- * db_sql module allows saving and loading databases using one of the SQL engines.
- * This module loads the databases once on startup, then incrementally updates
- * objects in the database as they are changed within Anope in real time. Changes
- * to the SQL tables not done by Anope will have no effect and will be overwritten.
+ * Allows saving and loading databases to a SQL database.
 *
- * db_sql_live module allows saving and loading databases using one of the SQL engines.
- * This module reads and writes to SQL in real time. Changes to the SQL tables
- * will be immediately reflected into Anope. This module should not be loaded
- * in conjunction with db_sql. It should also not be used on large networks as it
- * executes quite a lot of queries which can cause performance issues.
+ * db_sql loads the databases once on startup and then incrementally updates in
+ * in the database as they are changed within Anope. Changes to the SQL tables
+ * not done by Anope will have no effect and will be overwritten.
 *
+ * db_sql_live module reads and writes to SQL in real time. Changes to the SQL
+ * tables will be immediately reflected in Anope. This module can not be loaded
+ * at the same time as db_sql. It should also not be used on large networks as
+ * it executes quite a lot of queries which can cause performance issues.
 */
 #module
 {
@@ -1172,10 +1171,10 @@ module
 	#name = "db_sql_live"

 	/*
-	 * The SQL service db_sql(_live) should use, these are configured in modules.conf.
-	 * For MySQL, this should probably be mysql/main.
+	 * The SQL service that db_sql(_live) should use. These are configured in
+	 * modules.example.conf. For MySQL, this should probably be mysql/main.
 	 */
-	engine = "sqlite/main"
+	engine = "mysql/main"

 	/*
 	 * An optional prefix to prepended to the name of each created table.
@@ -1183,18 +1182,22 @@ module
 	 */
 	#prefix = "anope_db_"

-	/* Whether or not to import data from another database module in to SQL on startup.
-	 * If you enable this, be sure that the database services is configured to use is
-	 * empty and that another database module to import from is loaded BEFORE db_sql.
-	 * After you enable this and do a database import you MUST disable it for
-	 * subsequent restarts. If you want to keep writing a flatfile database after the
-	 * SQL import is done you should load db_flatfile AFTER this module.
+	/*
+	 * Whether or not to import data from another database module in to SQL on
+	 * startup.
 	 *
-	 * Note that you can not import databases using db_sql_live. If you want to import
-	 * databases and use db_sql_live you should import them using db_sql, then shut down
-	 * and start services with db_sql_live.
+	 * If you enable this, be sure that the database Anope is configured to use
+	 * is empty and that another database module to import from is loaded BEFORE
+	 * db_sql. After you enable this and do a database import you MUST disable
+	 * it for subsequent restarts. If you want to keep writing a file database
+	 * after the SQL import is done you should load db_flatfile AFTER this
+	 * module.
+	 *
+	 * Note that you can not import databases using db_sql_live. If you want to
+	 * import databases and use db_sql_live you should import them using db_sql,
+	 * then shut down and start Anope with db_sql_live.
 	 */
-	import = false
+	import = no
 }

 /*
@@ -1221,50 +1224,65 @@ module
 /*
 * [RECOMMENDED] Encryption modules.
 *
- * The encryption modules are used when dealing with passwords. This determines how
- * the passwords are stored in the databases, and does not add any security as
- * far as transmitting passwords over the network goes.
- *
- * Without any encryption modules loaded users will not be able to authenticate unless
- * there is another module loaded that provides authentication checking, such as
- * m_ldap_authentication or m_sql_authentication.
- *
- * With enc_none, passwords will be stored in plain text, allowing for passwords
- * to be recovered later but it isn't secure and therefore is not recommended.
- *
- * The other encryption modules use one-way encryption, so the passwords can not
- * be recovered later if those are used.
- *
- * The first encryption module loaded is the primary encryption module. All new passwords are
- * encrypted by this module. Old passwords stored in another encryption method are
- * automatically re-encrypted by the primary encryption module on next identify.
- *
- * enc_md5, enc_sha1, and enc_old are deprecated, and are provided for users
- * to upgrade to a newer encryption module. Do not use them as the primary
- * encryption module. They will be removed in a future release.
+ * The encryption modules are used when dealing with passwords. This determines
+ * how the passwords are stored in the databases.
 *
+ * The first encryption module loaded is the primary encryption module. All new
+ * passwords are encrypted by this module. Old passwords encrypted with another
+ * encryption method are automatically re-encrypted with the primary encryption
+ * module the next time the user identifies.
 */

-#module { name = "enc_bcrypt" }
-module { name = "enc_sha256" }
-
 /*
- * When using enc_none, passwords will be stored without encryption. This isn't secure
- * therefore it is not recommended.
+ * enc_bcrypt
+ *
+ * Provides support for encrypting passwords using the Bcrypt algorithm. See
+ * https://en.wikipedia.org/wiki/Bcrypt for more information.
 */
-#module { name = "enc_none" }
+#module
+{
+	name = "enc_bcrypt"

-/* Deprecated encryption modules */
+	/** The number of Bcrypt rounds to perform on passwords. Can be set to any
+	 * number between 10 and 32 but higher numbers are more CPU intensive and
+	 * may impact performance.
+	 */
+	#rounds = 10
+}
+
+/*
+ * [RECOMMENDED] enc_sha256
+ *
+ * Provides support for encrypting passwords using the SHA-2 algorithm with a
+ * salted initialization vector. See https://en.wikipedia.org/wiki/SHA-2 for
+ * more information.
+ */
+module
+{
+	name = "enc_sha256"
+}
+
+/*
+ * [DEPRECATED] enc_md5, enc_none, enc_old, enc_sha1
+ *
+ * Provides support for passwords encrypted using encryption methods from older
+ * versions of Anope. These methods are no longer considered secure and will be
+ * removed in a future version of Anope. Only load them if you are upgrading
+ * from a previous version of Anope that used them.
+ *
+ * enc_md5:    Verifies passwords encrypted with the MD5 algorithm
+ * enc_none:   Verifies passwords that are not encrypted
+ * enc_sha1:   Verifies passwords encrypted with the SHA1 algorithm
+ * enc_old:    Verifies passwords encrypted with the broken MD5 algorithm used
+ *             before 1.7.17.
+ *
+ * You must load another encryption method before this to re-encrypt passwords
+ * with when a user logs in.
+ */
 #module { name = "enc_md5" }
-#module { name = "enc_sha1" }
-
-/*
- * enc_old is Anope's previous (broken) MD5 implementation used from 1.4.x to 1.7.16.
- * If your databases were made using that module, load it here to allow conversion to the primary
- * encryption method.
- */
+#module { name = "enc_none" }
 #module { name = "enc_old" }
-
+#module { name = "enc_sha1" }

 /* Extra (optional) modules. */
 include