anope/data/modules.example.conf

/*
 * [OPTIONAL] Non-Core Modules
 *
 * The following blocks are used to load all non-core modules, including 3rd-party modules.
 * Modules can be prevented from loading by commenting out the line, other modules can be added by
 * adding a module block. These modules will be loaded prior to Services connecting to your network.
 */

/*
 * cs_appendtopic
 *
 * Adds the APPENDTOPIC command to ChanServ, which allows users to easially append text to
 * the end of existing channel topics.
 */
module { name = "cs_appendtopic" }
command { service = "ChanServ"; name = "APPENDTOPIC"; command = "chanserv/appendtopic"; }

/*
 * cs_enforce
 *
 * Adds the ENFORCE commad to ChanServ, which allows enforcing various channel settings like
 * SECUREOPS and RESTRICTED.
 */
module { name = "cs_enforce" }
command { service = "ChanServ"; name = "ENFORCE"; command = "chanserv/enforce"; }

/*
 * cs_entrymsg
 *
 * Allows you to set entry messages on your channel, which are shown to anyone
 * who joins.
 */
module { name = "cs_entrymsg" }
command { service = "ChanServ"; name = "ENTRYMSG"; command = "chanserv/entrymsg"; }
cs_entrymsg
{
	/* The maximum number of entrymsgs allowed per channel. If not set, defaults to 5. */
	maxentries = 5
}

/*
 * cs_set_misc
 *
 * Allows you to create misc /chanserv set commands, and have the data
 * show up in /chanserv info
 */
module { name = "cs_set_misc" }
cs_set_misc
{
	/* The name of the command */
	name = "OINFO"
	/* A short description of the command */
	desc = "Associate oper only information to this channel"
	/* Set to yes if only opers and privileged users can set it and see it */
	privileged = yes
}
cs_set_misc
{
	name = "URL"
	desc = "Associate a URL with the channel"
}
cs_set_misc
{
	name = "EMAIL"
	desc = "Associate an EMail with the channel"
}

/*
 * db_plain
 *
 * This is the default flatfile database format. You must have at least one database
 * module loaded or Anope will not save databases!
 */
module { name = "db_plain" }
db_plain
{
	/*
	 * The database db_plain should use
	 */
	database = "anope.db"
}

/*
 * db_mysql and db_mysql_live
 *
 * Enables (live) MySQL support. 
 *
 * The db_mysql_live module is an extension to db_mysql, and should only be used if
 * db_mysql is being used. This module pulls data in real time from SQL as it is
 * requested by the core as a result of someone executing commands.
 *
 * This effectively allows you to edit your database and have it be immediately
 * reflected back in Anope.
 *
 * For information on how to make db_mysql_live use asynchronous queries see
 * m_async_commands.
 *
 * At this time db_mysql_live only supports pulling data in real time from the three
 * main tables: anope_cs_info, anope_ns_alias, and anope_ns_core.
 */
#module { name = "db_mysql" }
#module { name = "db_mysql_live" }

/*
 * hs_request
 *
 * Allows users to request vhosts which opers may then view, accept or deny
 */
module { name = "hs_request" }
command { service = "HostServ"; name = "REQUEST"; command = "hostserv/request"; }
command { service = "HostServ"; name = "ACTIVATE"; command = "hostserv/active"; }
command { service = "HostServ"; name = "REJECT"; command = "hostserv/reject"; }
command { service = "HostServ"; name = "WAITING"; command = "hostserv/waiting"; }
hs_request
{
	/*
	 * If set, Services will send a memo to the user requesting a vHost when it's been
	 * approved or rejected.
	 */
	#memouser = yes

	/*
	 * If set, Services will send a memo to all Services staff when a new vHost is requested.
	 */
	#memooper = yes
}

/*
 * m_async_commands
 *
 * Threads for each command executed by users. You should
 * only load this if you are using a module designed to work with this.
 *
 * If this is loaded with db_mysql_live then Anope will support
 * processing multiple commands at once which will negate the "lag"
 * issues caused from the overhead of SQL queries by db_mysql_live.
 *
 * Note that this module is currently EXPERIMENTAL and you should report
 * any bugs you find.
 */
#module { name = "m_async_commands" }

/* m_dnsbl
 *
 * Allows configurable DNS blacklists to check connecting users against. If a user
 * is found on the blacklist they will be immediately banned. This is a crucial module
 * to prevent bot attacks.
 */
module { name = "m_dnsbl" }
m_dnsbl
{
	/*
	 * If set, Services will check clients against the DNSBLs when services connect to its uplink.
	 * This is not recommended, and on large networks will open a very large amount of DNS queries.
	 * Whilst services are not drastically affected by this, your nameserver/DNSBL might care.
	 */
	check_on_connect = no

	/*
	 * If set, Services will check clients when coming back from a netsplit. This can cause a large number
	 * of DNS queries open at once. Whilst services are not drastically affected by this, your nameserver/DNSBL
	 * might care.
	 */
	check_on_netburst = no

	/*
	 * If set, OperServ will add clients found in the DNSBL to the akill list. Without it, OperServ simply sends
	 * a timed G/K-line to the IRCd and forgets about it. Can be useful if your akill list is being fill up by bots.
	 */
	add_to_akill = yes
}
blacklist
{
	/* Name of the blacklist */
	name = "rbl.efnetrbl.org"

	/* How long to set the ban for */
	time = 4h

	/* Reason for akill.
	 * %n is the nick of the user
	 * %u is the ident/username of the user
	 * %g is the realname of the user
	 * %h is the hostname of the user
	 * %i is the IP of the user
	 * %r is the reason (configured below). Will be nothing if not configured.
	 * %N is the network name set in networkinfo:networkname
	 */
	reason = "You are listed in the efnet RBL, visit http://rbl.efnetrbl.org/?i=%i for info"

	/* Replies to ban and their reason. If this is totally ommited all replies get banned */
	1 = "Open Proxy"
	/* Don't ban for result 2 or 3 */
	#2 = "spamtrap666"
	#3 = "spamtrap50"
	4 = "TOR"
	5 = "Drones / Flooding"
}
blacklist
{
	name = "dnsbl.dronebl.org"
	time = 4h
	reason = "You have a host listed in the DroneBL. For more information, visit http://dronebl.org/lookup_branded.do?ip=%i&network=%N"
}

/* m_helpchan
 *
 * Gives users who are op in the specified help channel usermode +h (helpop).
 */
#module { name = "m_helpchan" }
m_helpchan
{
	helpchannel = "#help"
}

/*
 * m_ldap
 *
 * This module allows other modules to use LDAP. By itself, this module does nothing useful.
 */
#module { name = "m_ldap" }
ldap
{
	server = "ldap://127.0.0.1"
	port = 389
	admin_binddn = "cn=Manager,dc=anope,dc=org"
	admin_password = "secret"
}

/*
 * m_ldap_authentication
 *
 * This module allows many commands such as IDENTIFY, RELEASE, RECOVER, GHOST, etc. use
 * LDAP to authenticate users. Requires m_ldap.
*/
#module { name = "m_ldap_authentication" }
m_ldap_authentication
{
	/*
	 * The distinguished name we should bind to when a user tries to identify.
	 */
	binddn = "ou=users,dc=anope,dc=org"

	/*
	 * The object class used by LDAP to store user account information.
	 * Used for adding new users to LDAP if disable_ns_register is false
	 */
	object_class = "anopeUser"

	/*
	 * The attribute value used for account names.
	 */
	username_attribute = "uid"

	/*
	 * The attribute value used for email addresses.
	 * This directive is optional.
	 */
	email_attribute = "email"

	/*
	 * The attribute value used for passwords.
	 * Used when registering new accounts in LDAP.
	 */
	password_attribute = "userPassword"

	/*
	 * Enable to have this module disable /nickserv register.
	 */
	disable_ns_register = false

	/*
	 * The reason to give the users who try to /ns register if
	 * disable_ns_register is enabled.
	 */
	#disable_reason = "To register on this network visit http://some.misconfigured.site/register"
}

/*
 * m_ldap_oper
 *
 * This module dynamically ties users to Anope opertypes when they identify
 * via LDAP group membership. Requires m_ldap.
 *
 * Note that this doesn't give the user privileges on the IRCd, only in Services.
 */
#module { name = "m_ldap_oper" }
m_ldap_oper
{
	/*
	 * An optional binddn to use when searching for groups.
	 * %a is replaced with the account name of the user.
	 */
	#binddn = "cn=Manager,dc=anope,dc=org"

	/*
	 * An optional password to bind with.
	 */
	#password = "secret"

	/*
	 * The base DN where the groups are.
	 */
	basedn = "ou=groups,dc=anope,dc=org"

	/*
	 * The filter to use when searching for users.
	 * %a is replaced with the account name of the user.
	 */
	filter = "(member=uid=%a,ou=users,dc=anope,dc=org)"

	/*
	 * The attribute of the group that is the name of the opertype.
	 * The cn attribute should match a known opertype in the config.
	 */
	opertype_attribute = "cn"
}

/*
 * m_mysql
 *
 * This module allows other modules (db_mysql/db_mysql_live) to use MySQL.
 * Be sure you have imported the table schema with mydbgen before
 * trying to use MySQL
 */
#module { name = "m_mysql" }
mysql
{
	database = "anope"
	server = "127.0.0.1"
	username = "anope"
	password = "mypassword"
	port = 3306
}

/*
 * m_ssl
 *
 * This module uses SSL to connect to the uplink server(s)
 */
module { name = "m_ssl" }

/*
 * m_statusupdate
 *
 * This module automatically updates users status on channels when the
 * channel's access list is modified.
 */
module { name = "m_statusupdate" }

/* 
 * m_xmlrpc
 *
 * Allows remote applications (websites) to execute queries in real time to retrieve data from Anope.
 * By itself this module does nothing, but allows other modules (m_xmlrpc_main) to receive and send XMLRPC queries.
 */
#module { name = "m_xmlrpc" }
m_xmlrpc
{
	/* IP to listen on */
	bindip = "127.0.0.1"
	/* Port to listen on */
	port = 26673
	/* Enable for IPv6 */
	ipv6 = no
	/* If enabled, requires m_ssl to be loaded */
	ssl = no
        /* IPs allowed to connect (separate with spaces), this should be secured. We also recommend you firewall this
         * with an outside program to increase security.
         */
	allowed = "127.0.0.0/24"
}

/*
 * m_xmlrpc_main
 *
 * Adds the main XMLRPC core functions.
 * Requires m_xmlrpc.
 */
#module { name = "m_xmlrpc_main" }

/*
 * ns_maxemail
 *
 * Limits how many times the same email address may be used in Anope
 * to register accounts.
 */
module { name = "ns_maxemail" }
ns_maxemail
{
	/*
	 * The limit to how many registered nicks can use the same e-mail address. If set to 0 or left
	 * commented, there will be no limit enforced when registering new accounts or using
	 * /msg NickServ SET EMAIL.
	 */
	#maxemails = 1
}

/*
 * ns_set_misc
 *
 * Allows you to create misc /nickserv set commands, and have the data
 * show up in /nickserv info
 */
module { name = "ns_set_misc" }
ns_set_misc
{
	name = "OINFO"
	desc = "Associate oper only information to this nick"
	privileged = yes
}
ns_set_misc
{
	name = "URL"
	desc = "Associate a URL with the nick"
}
ns_set_misc
{
	name = "ICQ"
	desc = "Associate an ICQ number with the nick"
}

/*
 * os_defcon
 *
 * Allows you to set services in defcon mode, which can be used to restrict services access
 * during bot attacks.
 */
#module { name = "os_defcon" }
command { service = "OperServ"; name = "DEFCON"; command = "operserv/defcon"; }
defcon
{
	/*
	 * Default DefCon level (1-5) to use when starting Services up. Level 5 constitutes normal operation
	 * while level 1 constitutes the most restrictive operation. If this setting is left out or set to
	 * 0, DefCon will be disabled and the rest of this block will be ignored.
	 */
	#defaultlevel = 5

	/*
	 * The following 4 directives define what operations will take place when DefCon is set to levels
	 * 1 through 4. Each level is a list that must be separated by spaces.
	 *
	 * The following operations can be defined at each level:
	 * - nonewchannels: Disables registering new channels
	 * - nonewnicks: Disables registering new nicks
	 * - nomlockchanges: Disables changing MLOCK on registered channels
	 * - forcechanmodes: Forces all channels to have the modes given in the later chanmodes directive
	 * - reducedsessions: Reduces the session limit to the value given in the later sessionlimit directive
	 * - nonewclients: KILL any new clients trying to connect
	 * - operonly: Services will ignore all non-IRCops
	 * - silentoperonly: Services will silently ignore all non-IRCops
	 * - akillnewclients: AKILL any new clients trying to connect
	 * - nonewmemos: No new memos will be sent to block MemoServ attacks
	 */
	level4 = "nonewchannels nonewnicks nomlockchanges reducedsessions"
	level3 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions"
	level2 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions silentoperonly"
	level1 = "nonewchannels nonewnicks nomlockchanges forcechanmodes reducedsessions silentoperonly akillnewclients"

	/*
	 * New session limit to use when a DefCon level is using "reduced" session limiting.
	 */
	#sessionlimit = 2

	/*
	 * Length of time to add an AKILL for when DefCon is preventing new clients from connecting to the
	 * network.
	 */
	#akillexpire = 5m

	/*
	 * The channel modes to set on all channels when the DefCon channel mode system is in use.
	 *
	 * Note 1: Choose these modes carefully, because when DefCon switches to a level which does NOT have
	 * the mode setting selected, Services will set the reverse on all channels, e.g. if this setting
	 * is +RN when DefCon is used, all channels will be set to +RN, when DefCon is removed, all
	 * channels will be set to -RN. You don't want to set this to +k for example, because when DefCon
	 * is removed all channels with -k.
	 *
	 * Note 2: MLOCKed modes will not be lost.
	 */
	#chanmodes = "+R"

	/*
	 * This value can be used to automatically return the network to DefCon level 5 after the specified
	 * time period, just in case any IRC Operator forgets to remove a DefCon setting.
	 *
	 * This directive is optional.
	 */
	#timeout = 15m

	/*
	 * If set, Services will send a global message on DefCon level changes.
	 *
	 * This directive is optional.
	 */
	#globalondefcon = yes

	/*
	 * If set, Services will send the global message defined in the message directive on DefCon level
	 * changes.
	 *
	 * This directive is optional.
	 */
	#globalondefconmore = yes

	/*
	 * Defines the message that will be sent on DefCon level changes when globalondefconmore is set.
	 *
	 * This directive is required only when globalondefconmore is set.
	 */
	#message = "Put your message to send your users here. Dont forget to uncomment globalondefconmore"

	/*
	 * Defines the message that will be sent when DefCon is returned to level 5. This directive is optional,
	 * and will also override globalondefcon and globalondefconmore when set.
	 */
	#offmessage = "Services are now back to normal, sorry for any inconvenience"

	/*
	 * Defines the reason to use when clients are KILLed or AKILLed from the network while the proper
	 * DefCon operation is in effect.
	 */
	#akillreason = "This network is currently not accepting connections, please try again later"
}