/* This file will load all optional modules. These are features that
 * not everyone will use or are considered experimental.
 * You can include this file from your unrealircd.conf like this:
 * include "modules.optional.conf";
 * OR... and this is probably a better idea... you can copy-paste it
 * to another file where you do your own customizations.
 *
 * DO NOT EDIT THIS FILE! IT WILL BE OVERWRITTEN DURING NEXT UPGRADE!!
 * If you want to customize, make a copy of this file (for example
 * name it modules.custom.conf) and edit it.
 * Then include that file from your unrealircd.conf instead of this one.
 */

/*** Commands ***/

// This add the /IRCOPS command: A more visual way for users
// to see which IRCOps are online.
loadmodule "m_ircops";

// This adds the /STAFF command: This command simply displays
// a text file that you can configure here:
loadmodule "m_staff";
set { staff-file "network.staff"; };


/*** Channel modes ***/

// The following module ('nocodes') is not a true channel mode.
// It simply enhances the existing channel mode +S/+c to include
// stripping/blocking of bold, underline and italic text.
loadmodule "nocodes";


/*** Other ***/

// The hideserver module will hide /MAP and /LINKS to regular users.
// It does not truly enhance security as server names can still be
// seen at other places.
loadmodule "hideserver";

// The antirandom module will kill or *line users that have a nick,
// ident and/or realname that is considered "random".
// This helps to combat simple botnets/drones.
// Note that failure to set the right settings may ban innocent users.
// This is especially true if you are on a non-English network where
// the module may consider a sequence of characters "random" even though
// it is a perfectly pronounceable word in your language.
loadmodule "antirandom";
set {
	antirandom {
		/* THRESHOLD:
		 * This is pretty much the most important setting of all.
		 * For every randomly looking ident the user gets a certain amount of
		 * 'points', if this value reaches 'threshold' then the appropriate
		 * action is taken (killed, *lined, see later on).
		 *  lower = more randomly looking users will be catched (but also more
		 *	  innocent users)
		 * higher = less chance of innocent users getting killed, but also less
		 *	  chance on bots getting catched.
		 * <2:  DON'T!!
		 *  4:  Works good, probably a few more innocent kills but if you got
		 *      quite a bot problem then this might be a useful setting.
		 *  5:  Works well with few innocent kills, probably good to begin with.
		 *  6:  If you want to be a tad more careful
		 * >6:  For the paranoid. Module can still be quite effective, though :)
		 */
		threshold 7;

		/* BAN-ACTION:
		 * Action to take whenever the user is catched as random, options:
		 * warn, kill, gline, gzline, kline, zline, shun, tempshun
		 */
		ban-action kill;

		/* BAN-TIME:
		 * Time to ban the user (irrelevant for tempshun/kill).
		 * Something between 1 hour and 2 days is recommended.
		 * If you set it higher than 3 or 4 days then you get quite a risk
		 * of catching innocent users due to dynamic IP, not to mention
		 * your *line list gets filled up... so choose it wisely.
		 */
		ban-time 4h;

		/* BAN-REASON:
		 * The ban (or kill) reason to use.
		 * You might want to put in an entry to a FAQ or an email address
		 * where users can mail if they have been catched and don't know what to do.
		 * NOTE: One of the various reasons that ""innocent users"" are catched is
		 *       if they just randomly type in info for their nick, ident, or realname.
		 */
		ban-reason "You look like a bot. Be sure to fill in your nick/ident/realname properly.";

		/* CONVERT-TO-LOWERCASE:
		 * Convert nicks, idents, and realnames to lowercase before doing random checks?
		 * This has not been tested extensively for false positives, but might be (very)
		 * helpful to catch GnStA5FYhiTH51TUkf style random nicks as random.
		 * Enabled by default.
		 */
		convert-to-lowercase yes;

		/* FULLSTATUS-ON-LOAD:
		 * If enabled, then upon loading it will check all users that are currently
		 * connected and give a status report about who it would have killed.
		 * Note that it doesn't actually kill any currently connected users, it is for
		 * informative purposes only.
		 * This can be (very) useful if you use the module for the first time.
		 * But you probably want to disable it after a while, since once the module
		 * is actively dealing with randomly looking persons, it shouldn't report any
		 * users anymore on load and then this check only eats useless CPU on /REHASH.
		 * Enabled by default.
		 */
		fullstatus-on-load yes;

		/* SHOW-FAILEDCONNECTS:
		 * This will send out a notice whenever a randomly looking user has been catched
		 * during connecting. Obviously this can be pretty noisy.
		 * Especially recommended to enable during the first few days you use this module.
		 */
		show-failedconnects yes;

		/* EXCEPT-HOSTS:
		 * Hostmasks on this list are matched against the IP and hostname of the connecting
		 * user. If it matches then we do not check if the nick/ident/realname is random.
		 * NOTE: Use the REAL host or IP here, not any cloaked hosts!
		 */
		except-hosts {
			mask 192.168.*;
			mask 127.*;
		};

		/* EXCEPT-WEBIRC:
		 * This will make antirandom not check connections from WEBIRC gateways.
		 * ( see https://www.unrealircd.org/docs/WebIRC_block )
		 * It seems WEBIRC connections frequently cause false positives so the
		 * default is 'yes'.
		 */
		except-webirc yes;
	};
};

// This adds websocket support. For more information, see:
// https://www.unrealircd.org/docs/WebSocket_support
loadmodule "websocket";

// This adds support for WHOX
// This is currently experimental!
loadmodule "m_whox";

// This module will detect and stop spam containing of characters of
// mixed "scripts", where (for example) some characters are in
// Latin script and other characters are in Cyrillic script.
loadmodule "antimixedutf8";
set {
	antimixedutf8 {
		/* Take action at this 'score'.
		 * 10 is a good and safe default.
		 */
		score 10;

		/* Action to take, see:
		 * https://www.unrealircd.org/docs/Actions
		 */
		ban-action block;

		/* Block/kill/ban reason (sent to user) */
		ban-reason "Possible mixed character spam";

		/* Duration of ban (does not apply to block/kill) */
		ban-time 4h; // For other types
	};
};

// This provides an authentication prompt if a user is forced to
// authenticate due to a 'require authentication' block or for
// some other reason. It tells them to use SASL or type /AUTH user:pass
// See also the following article for more general information:
// https://www.unrealircd.org/docs/Authentication
// NOTE: This feature is currently experimental.
loadmodule "authprompt";
set {
	authentication-prompt {
		/* Enabled or not? */
		enabled yes;

		message "The server requires clients from this IP address to authenticate with a registered nickname and password.";
		message "Please reconnect using SASL, or authenticate now by typing: /QUOTE AUTH nick:password";
		/* As you can see you can have multiple 'message' items.
		 * It may be useful to refer to a webpage for more
		 * information and/or where users can register their nick.
		 */

		//fail-message "Authentication failed";
		/* Multiple fail-message lines are also supported */
	};
};
// If you use the authprompt module then you may want to raise the
// timeout in which users must complete the handshake.
// By uncommenting the following, you can raise it from 30 to 60 seconds:
// set { handshake-timeout 60s; };