anope/data/modules.example.conf

/*
 * [OPTIONAL] Non-Core Modules
 *
 * The following blocks are used to load all non-core modules, including 3rd-party modules.
 * Modules can be prevented from loading by commenting out the line, other modules can be added by
 * adding a module block. These modules will be loaded prior to Services connecting to your network.
 */

/*
 * help
 *
 * Provides commands generic/help
 *
 * Is a generic help command that can be used with any client.
 */
module { name = "help" }

/*
 * m_dnsbl
 *
 * Allows configurable DNS blacklists to check connecting users against. If a user
 * is found on the blacklist they will be immediately banned. This is a crucial module
 * to prevent bot attacks.
 */
module { name = "m_dnsbl" }
m_dnsbl
{
	/*
	 * If set, Services will check clients against the DNSBLs when services connect to its uplink.
	 * This is not recommended, and on large networks will open a very large amount of DNS queries.
	 * Whilst services are not drastically affected by this, your nameserver/DNSBL might care.
	 */
	check_on_connect = no

	/*
	 * If set, Services will check clients when coming back from a netsplit. This can cause a large number
	 * of DNS queries open at once. Whilst services are not drastically affected by this, your nameserver/DNSBL
	 * might care.
	 */
	check_on_netburst = no

	/*
	 * If set, OperServ will add clients found in the DNSBL to the akill list. Without it, OperServ simply sends
	 * a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being fill up by bots.
	 */
	add_to_akill = yes
}
blacklist
{
	/* Name of the blacklist */
	name = "rbl.efnetrbl.org"

	/* How long to set the ban for */
	time = 4h

	/* Reason for akill.
	 * %n is the nick of the user
	 * %u is the ident/username of the user
	 * %g is the realname of the user
	 * %h is the hostname of the user
	 * %i is the IP of the user
	 * %r is the reason (configured below). Will be nothing if not configured.
	 * %N is the network name set in networkinfo:networkname
	 */
	reason = "You are listed in the efnet RBL, visit http://rbl.efnetrbl.org/?i=%i for info"

	/* Replies to ban and their reason. If this is totally ommited all replies get banned */
	1 = "Open Proxy"
	/* Don't ban for result 2 or 3 */
	#2 = "spamtrap666"
	#3 = "spamtrap50"
	4 = "TOR"
	5 = "Drones / Flooding"
}
blacklist
{
	name = "dnsbl.dronebl.org"
	time = 4h
	reason = "You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded.do?ip=%i&network=%N"
}

/*
 * m_helpchan
 *
 * Gives users who are op in the specified help channel usermode +h (helpop).
 */
#module { name = "m_helpchan" }
m_helpchan
{
	helpchannel = "#help"
}

/*
 * m_httpd
 *
 * Allows services to serve web pages. By itself, this module does nothing useful.
 *
 * Note that using this will allow users to get the IP of your services.
 * To prevent this we recommend using a reverse proxy or a tunnel.
 */
#module { name = "m_httpd" }
httpd
{
	/* Name of this service */
	name = "httpd/main"
	
	/* IP to listen on */
	ip = "0.0.0.0"
	/* Port to listen on */
	port = 8080
	/* Time before connections to this server are timed out */
	timeout = 30

	/* If you are using a reverse proxy that sends one of the
	 * extforward_headers set below, set this to its IP.
	 * This allows services to obtain the real IP of users by
	 * reading the forwarded-for HTTP header.
	 */
	#extforward_ip = "192.168.0.255"

	/* The header to look for. These probably work as is. */
	extforward_header = "X-Forwarded-For Forwarded-For"
}

/*
 * m_ldap
 *
 * This module allows other modules to use LDAP. By itself, this module does nothing useful.
 */
#module { name = "m_ldap" }
ldap
{
	server = "ldap://127.0.0.1"
	port = 389

	/*
	 * Admin credentials used for performing searches and adding users.
	 */
	admin_binddn = "cn=Manager,dc=anope,dc=org"
	admin_password = "secret"
}

/*
 * m_ldap_authentication
 *
 * This module allows many commands such as IDENTIFY, RELEASE, RECOVER, GHOST, etc. use
 * LDAP to authenticate users. Requires m_ldap.
*/
#module { name = "m_ldap_authentication" }
m_ldap_authentication
{
	/*
	 * The distinguished name used for searching for users's accounts.
	 */
	basedn = "ou=users,dc=anope,dc=org"

	/*
	 * The search filter used to look up users's accounts.
	 * %account is replaced with the user's account
	 * %object_class is replaced with the object_class configured below.
	 */
	search_filter = "(&(uid=%account)(objectClass=%object_class))"

	/*
	 * The object class used by LDAP to store user account information.
	 * Used for adding new users to LDAP if disable_ns_register is false
	 */
	object_class = "anopeUser"

	/*
	 * The attribute value used for account names.
	 */
	username_attribute = "uid"

	/*
	 * The attribute value used for email addresses.
	 * This directive is optional.
	 */
	email_attribute = "email"

	/*
	 * The attribute value used for passwords.
	 * Used when registering new accounts in LDAP.
	 */
	password_attribute = "userPassword"

	/*
	 * Enable to have this module disable /nickserv register.
	 */
	disable_ns_register = false

	/*
	 * The reason to give the users who try to /ns register if
	 * disable_ns_register is enabled.
	 */
	#disable_reason = "To register on this network visit http://some.misconfigured.site/register"
}

/*
 * m_ldap_oper
 *
 * This module dynamically ties users to Anope opertypes when they identify
 * via LDAP group membership. Requires m_ldap.
 *
 * Note that this doesn't give the user privileges on the IRCd, only in Services.
 */
#module { name = "m_ldap_oper" }
m_ldap_oper
{
	/*
	 * An optional binddn to use when searching for groups.
	 * %a is replaced with the account name of the user.
	 */
	#binddn = "cn=Manager,dc=anope,dc=org"

	/*
	 * An optional password to bind with.
	 */
	#password = "secret"

	/*
	 * The base DN where the groups are.
	 */
	basedn = "ou=groups,dc=anope,dc=org"

	/*
	 * The filter to use when searching for users.
	 * %a is replaced with the account name of the user.
	 */
	filter = "(member=uid=%a,ou=users,dc=anope,dc=org)"

	/*
	 * The attribute of the group that is the name of the opertype.
	 * The cn attribute should match a known opertype in the config.
	 */
	opertype_attribute = "cn"
}

/*
 * m_mysql
 *
 * This module allows other modules to use MySQL.
 */
#module { name = "m_mysql" }
mysql
{
	/* The name of this service */
	name = "mysql/main"
	database = "anope"
	server = "127.0.0.1"
	username = "anope"
	password = "mypassword"
	port = 3306
}

/*
 * m_proxyscan
 *
 * This module allows you to scan connecting clients for open proxies.
 * Note that using this will allow users to get the IP of your services.
 *
 * Currently the two supported proxy types are HTTP and SOCKS5.
 *
 * The proxy scanner works by attempting to connect to clients when they
 * connect to the network, and if they have a proxy running instruct it to connect
 * back to services. If services are able to connect through the proxy to itself
 * then it knows it is an insecure proxy, and will ban it.
 */
#module { name = "m_proxyscan" }
m_proxyscan
{
	/*
	 * The target IP services tells the proxy to connect back to. This must be a publicly
	 * avaiable IP that remote proxies can connect to.
	 */
	#target_ip = "127.0.0.1"
	
	/*
	 * The port services tells the proxy to connect to.
	 */
	target_port = 7226

	/*
	 * The listen IP services listen on for incoming connections from suspected proxies.
	 * This probably will be the same as target_ip, but may not be if you are behind a firewall (NAT).
	 */
	#listen_ip = "127.0.0.1"

	/*
	 * The port services should listen on for incoming connections from suspected proxies.
	 * This most likely will be the same as target_port.
	 */
	listen_port = 7226

	/*
	 * An optional notice sent to clients upon connect.
	 */
	#connect_notice = "We will now scan your host for insecure proxies. If you do not consent to this scan please disconnect immediately"

	/*
	 * Who the notice should be sent from.
	 */
	#connect_source = "OperServ"

	/*
	 * If set, OperServ will add infected clients to the akill list. Without it, OperServ simply sends
	 * a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being fill up by bots.
	 */
	add_to_akill = yes

	/*
	 * How long before connections should be timed out.
	 */
	timeout = 5
}

/*
 * A proxyscan block (must have m_proxyscan loaded).
 * You may have multiple proxyscan blocks.
 */
proxyscan
{
	/* The type of proxy to check for. A comma separated list is allowed */
	type = "HTTP"

	/* The ports to check */
	port = "80,8080"

	/* How long to set the ban for */
	time = 4h

	/*
	 * The reason to ban the user for.
	 * %h is replaced with the type of proxy found.
	 * %i is replaced with the IP of proxy found.
	 * %p is replaced with the port.
	 */
	reason = "You have an open proxy running on your host (%t:%i:%p)"
}

/*
 * m_sql_authentication
 *
 * This module allows authenticating users against an external SQL database using a custom
 * query.
 */
#module { name = "m_sql_authentication" }
m_sql_authentication
{
	/* SQL engine to use. Should be configured elsewhere with m_mysql, m_sqlite, etc. */
	engine = "mysql/main"

	/* Query to execute to authenticate. A non empty result from this query is considered a success,
	* and the user will be authenticated.
	* 
	* @a@ is replaced with the user's account name
	* @p@ is replaced with the user's password
	* @n@ is replaced with the user's nickname
	* @i@ is replaced with the user's IP
	*
	* Furthermore, if a field named email is returned from this query the user's email is
	* set to its value.
	*/
	query = "SELECT `email_addr` AS `email` FROM `my_users` WHERE `username` = @a@ AND `password` = MD5(CONCAT('salt', @p@))"

	/* We've also included some example queries for some popular website/forum systems.
	*
	* Drupal 6: "SELECT `mail` AS `email` FROM `users` WHERE `name` = @a@ AND `pass` = MD5(@p@) AND `status` = 1"
	* e107 cms: "SELECT `user_email` AS `email` FROM `e107_user` WHERE `user_loginname` = @a@ AND `user_password` = MD5(@p@)"
	* SMF Forum: "SELECT `email_address` AS `email` FROM `smf_members` WHERE `member_name` = @a@ AND `passwd` = SHA1(CONCAT(LOWER(@a@), @p@))"
	* vBulletin: "SELECT `email` AS `email` FROM `user` WHERE `username` = @a@ AND `password` = MD5(CONCAT(MD5(@p@), `salt`))"

	/*
	 * Enable to have this module disable /nickserv register.
	 */
	disable_ns_register = false

	/*
	 * The reason to give the users who try to /ns register if
	 * disable_ns_register is enabled.
	 */
	#disable_reason = "To register on this network visit http://some.misconfigured.site/register"
}

/*
 * m_sqlite
 *
 * This module allows other modules to use SQLite.
 */
#module { name = "m_sqlite" }
sqlite
{
	/* The name of this service */
	name = "sqlite/main"
	/* The database name, it will be created if it does not exist. */
	database = "anope.db"
}

/*
 * m_regex_pcre
 *
 * Provides the regex engine regex/pcre, which uses the Perl Compatible Regular Expressions library.
 */
module { name = "m_regex_pcre" }

/*
 * m_regex_posix
 *
 * Provides the regex engine regex/posix, which uses the POSIX compliant regular expressions.
 * This is likely the only regex module you will not need extra libraries for.
 */
#module { name = "m_regex_posix" }

/*
 * m_regex_tre
 *
 * Provides the regex engine regex/tre, which uses the TRE regex library.
 */
#module { name = "m_regex_tre" }

/*
 * m_rewrite
 *
 * Allows rewriting commands sent to clients.
 */
#module { name = "m_rewrite" }
rewrite
{
	/* The client to apply this rewrite to. */
	client = "ChanServ"

	/* Source message to match. A $ can be used to match anything. */
	source_message = "CLEAR $ USERS"
	
	/*
	 * Message to rewrite the source message to. A $ followed by a number, eg $0, gets
	 * replaced by the number-th word from the source_message, starting from 0.
	 */
	target_message = "CLEARUSERS $1"
}

/*
 * m_ssl
 *
 * This module uses SSL to connect to the uplink server(s)
 */
module { name = "m_ssl" }
ssl
{
	/*
	 * An optional certificate and key for m_ssl to give to the uplink.
	 *
	 * You can generate your own certificate and key pair by using:
	 *
	 *   openssl genrsa -out anope.key 2048
	 *   openssl req -new -x509 -key anope.key -out anope.crt -days 1095
	 */
	cert = "data/anope.crt"
	key = "data/anope.key"
}

/*
 * m_statusupdate
 *
 * This module automatically updates users status on channels when the
 * channel's access list is modified.
 */
module { name = "m_statusupdate" }

/* 
 * m_xmlrpc
 *
 * Allows remote applications (websites) to execute queries in real time to retrieve data from Anope.
 * By itself this module does nothing, but allows other modules (m_xmlrpc_main) to receive and send XMLRPC queries.
 */
#module { name = "m_xmlrpc" }
m_xmlrpc
{
	/* IP to listen on */
	bindip = "127.0.0.1"
	/* Port to listen on */
	port = 26673
	/* Enable for IPv6 */
	ipv6 = no
	/* If enabled, requires m_ssl to be loaded */
	ssl = no
        /* IPs allowed to connect (separate with spaces), this should be secured. We also recommend you firewall this
         * with an outside program to increase security.
         */
	allowed = "127.0.0.0/24"
}

/*
 * m_xmlrpc_main
 *
 * Adds the main XMLRPC core functions.
 * Requires m_xmlrpc.
 */
#module { name = "m_xmlrpc_main" }

/*
 * ns_maxemail
 *
 * Limits how many times the same email address may be used in Anope
 * to register accounts.
 */
module { name = "ns_maxemail" }
ns_maxemail
{
	/*
	 * The limit to how many registered nicks can use the same e-mail address. If set to 0 or left
	 * commented, there will be no limit enforced when registering new accounts or using
	 * /msg NickServ SET EMAIL.
	 */
	#maxemails = 1
}

/*
 * webcpanel
 *
 * This module creates a web configuration panel that allows users and operators to perform any task
 * as they could over IRC. If you are using the default configuration you should be able to access
 * this panel by visiting http://127.0.0.1:8080 in your web browser from the machine Anope is running on.
 *
 * This module requires m_httpd.
 */
#module { name = "webcpanel" }
webcpanel
{
	/* Web server to use */
	server = "httpd/main";

	/* Template to use */
	template = "default";

	/* Page title */
	title = "Anope IRC Services";
}