diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml
index 2bf431fa7c8e7f23658a020392c85f16334671e6..e8cc44a8787417064e99c041aea026db89a920ae 100644
--- a/.github/workflows/build-container.yml
+++ b/.github/workflows/build-container.yml
@@ -13,7 +13,7 @@ jobs:
DOCKER_REPO: inspircd/inspircd-docker
GITHUB_BRANCH: master
GITHUB_REPO: inspircd/docker
- INSP_VERSION: v3.18.0
+ INSP_VERSION: v4.5.0
steps:
-
uses: actions/checkout@v4
diff --git a/Dockerfile b/Dockerfile
index 51c1aa1deb8b8d337f98cf6afa426d05b9f69e85..5d7d562e9de3c8fe8b87860ea123bf849d496081 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -2,7 +2,7 @@ FROM alpine:3.21 AS builder
LABEL maintainer="InspIRCd Team <noreply@inspircd.org>"
-ARG VERSION=insp3
+ARG VERSION=insp4
ARG CONFIGUREARGS=
ARG EXTRASMODULES=
ARG BUILD_DEPENDENCIES=
@@ -26,7 +26,7 @@ RUN git checkout $(git describe --abbrev=0 --tags $VERSION)
RUN { [ $(ls /src/modules/ | wc -l) -gt 0 ] && cp -r /src/modules/* /inspircd-src/src/modules/ || echo "No modules overwritten/added by repository"; }
RUN echo $EXTRASMODULES | xargs --no-run-if-empty ./modulemanager install
-RUN ./configure --prefix /inspircd --uid 10000 --gid 10000
+RUN ./configure --prefix /inspircd --example-dir /inspircd/examples --uid 10000 --gid 10000
RUN echo $CONFIGUREARGS | xargs --no-run-if-empty ./configure
RUN make -j`getconf _NPROCESSORS_ONLN` install
diff --git a/README.md b/README.md
index 114781b640f48b00cc586c55c557eedf8604acd8..0c3be7fce2ac8c3d26061598590b673c05489bf3 100644
--- a/README.md
+++ b/README.md
@@ -60,7 +60,7 @@ Use the following environment variables to configure your container:
|`INSP_NET_NAME` |`Omega` |Name advertised as network name |
|`INSP_SERVER_NAME` |Container ID + `INSP_NET_SUFFIX`|Full container name. Has to be an FQDN |
|`INSP_ADMIN_NAME` |`Jonny English` |Name showed by the `/admin` command |
-|`INSP_ADMIN_NICK` |`MI5` |Nick showed by the `/admin` command |
+|`INSP_ADMIN_DESC` |`MI5` |Description showed by the `/admin` command |
|`INSP_ADMIN_EMAIL` |`jonny.english@example.com` |E-mail shown by the `/admin` command |
|`INSP_ENABLE_DNSBL` |`yes` |Set to `no` to disable DNSBLs |
|`INSP_CONNECT_PASSWORD` |no default |Password either as plaintext, or hash value |
@@ -82,7 +82,7 @@ To see if you're affected by this particular issue, try disabling DNS Blacklists
$ docker run --name inspircd -p 6667:6667 -e "INSP_ENABLE_DNSBL=no" inspircd/inspircd-docker
```
-If you can connect with `INSP_ENABLE_DNSBL=no`, try adding a DNS configuration to your `inspircd.conf` file to point to a DNS server you trust. See [the DNS docs](https://docs.inspircd.org/3/configuration/#ltdnsgt) for details.
+If you can connect with `INSP_ENABLE_DNSBL=no`, try adding a DNS configuration to your `inspircd.conf` file to point to a DNS server you trust. See [the DNS docs](https://docs.inspircd.org/4/configuration/#dns) for details.
### Password authentication
@@ -107,7 +107,7 @@ We provide two possibly ways to define a default oper for the server.
If neither `INSP_OPER_PASSWORD_HASH`, nor `INSP_OPER_FINGERPRINT` is configured, no oper will be provided to keep your server secure.
-Further details see official [`opers.conf` docs](https://github.com/inspircd/inspircd/blob/insp3/docs/conf/opers.conf.example#L103-L999).
+Further details see official [`opers.conf` docs](https://github.com/inspircd/inspircd/blob/insp4/docs/conf/opers.example.conf).
### Password authentication
@@ -282,13 +282,13 @@ Available build arguments:
|Argument |Description |
|--------------------|-------------------------------------------------------------------------|
|`VERSION` |Version of InspIRCd. Uses `-b`-parameter from `git clone` |
-|`CONFIGUREARGS` |Additional parameters. Used to enable core extras like `m_geo_maxmind` |
-|`EXTRASMODULES` |Additional modules from [inspircd-contrib](https://github.com/inspircd/inspircd-contrib) repository like `m_geocmd`|
+|`CONFIGUREARGS` |Additional parameters. Used to enable core extras like `geo_maxmind` |
+|`EXTRASMODULES` |Additional modules from [inspircd-contrib](https://github.com/inspircd/inspircd-contrib) repository like `geocmd`|
|`BUILD_DEPENDENCIES`|Additional packages which are only needed during compilation |
|`RUN_DEPENDENCIES` |Additional packages which are needed to run InspIRCd |
```console
-docker build --build-arg "BUILD_DEPENDENCIES=libmaxminddb-dev pcre-dev" --build-arg "RUN_DEPENDENCIES=libmaxminddb pcre" --build-arg "CONFIGUREARGS=--enable-extras m_geo_maxmind --enable-extras m_regex_pcre" --build-arg "EXTRASMODULES=m_geocmd" --build-arg "VERSION=v1.2.3" inspircd-docker
+docker build --build-arg "BUILD_DEPENDENCIES=libmaxminddb-dev pcre-dev" --build-arg "RUN_DEPENDENCIES=libmaxminddb pcre" --build-arg "CONFIGUREARGS=--enable-extras geo_maxmind --enable-extras regex_pcre" --build-arg "EXTRASMODULES=geocmd" --build-arg "VERSION=v1.2.3" inspircd-docker
```
## Building additional modules
diff --git a/conf/config.sh b/conf/config.sh
index 6c01b7d6e117d15e41e7f3d72bedbd1709db760a..cf73d360661995d593f8eb41f85afbd805950d55 100755
--- a/conf/config.sh
+++ b/conf/config.sh
@@ -23,7 +23,7 @@ cat <<EOF
# Admin section
<define name="adminname" value="${INSP_ADMIN_NAME:-Jonny English}">
-<define name="adminnick" value="${INSP_ADMIN_NICK:-MI5}">
+<define name="admindesc" value="${INSP_ADMIN_DESC:-MI5}">
<define name="adminemail" value="${INSP_ADMIN_EMAIL:-jonny.english@example.com}">
# Connect block section
diff --git a/conf/docker.motd b/conf/docker.motd
index 14ef6137ea43e88d1c334c9b23dae2681b28faa4..82fec2d6eefa8788fa27f8fb30603eb61e76ca0a 100644
--- a/conf/docker.motd
+++ b/conf/docker.motd
@@ -7,7 +7,7 @@
_____________________| |__________________________________
|_____________________|_|__________________________________|
- \iPowering IRC communities since 2006\x
+ \iThe IRC server for the 31st century\x
/\ /\
{ `---' } \bWELCOME TO AN \c13I\c04N\c07S\c08P\c03I\c10R\c12C\c06D\c99 NETWORK\x
diff --git a/conf/inspircd.conf b/conf/inspircd.conf
index 27c0cb79a6d67e162126b4077384a37877e34247..2b88dab13c632cb8bd9cc718608314329b41d811 100644
--- a/conf/inspircd.conf
+++ b/conf/inspircd.conf
@@ -34,15 +34,6 @@
# #
########################################################################
-#-#-#-#-#-#-#-#-#-# CONFIGURATION FORMAT #-#-#-#-#-#-#-#-#-#-#-#-#-#-
-# #
-# In order to maintain compatibility with older configuration files, #
-# you can change the configuration parser to parse as it did in #
-# previous releases. When using the "compat" format, you need to use #
-# C++ escape sequences (e.g. \n) instead of XML ones (e.g. &nl;) and #
-# can not use <define> to create macros. #
-#<config format="compat">
-
#-#-#-#-#-#-#-#-#-# INCLUDE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# This optional tag allows you to include another config file #
@@ -66,6 +57,7 @@
# #
<include executable="sh ./conf/config.sh" noexec="no">
+
#-#-#-#-#-#-#-#-#-#-#-# VARIABLE DEFINITIONS -#-#-#-#-#-#-#-#-#-#-#-#
# #
# You can define variables that will be substituted later in the #
@@ -74,8 +66,11 @@
# #
# Variables may be redefined and may reference other variables. #
# Value expansion happens at the time the tag is read. #
-<define name="bindip" value="1.2.2.3">
-<define name="localips" value="&bindip;/24">
+# #
+# See https://docs.inspircd.org/4/configuration/#define for a list of #
+# predefined config variables. #
+#<define name="networkDomain" value="example.com">
+#<define name="networkName" value="ExampleNet">
#-#-#-#-#-#-#-#-#-#-#-#- SERVER DESCRIPTION -#-#-#-#-#-#-#-#-#-#-#-#-
# #
@@ -103,48 +98,36 @@
#-#-#-#-#-#-#-#-#-#-#-#- ADMIN INFORMATION -#-#-#-#-#-#-#-#-#-#-#-#
# #
-# Describes the Server Administrator's real name (optionally), #
-# nick, and email address. #
+# Configures the name and email of the server admin. #
# #
<admin
- # name: Real Name
+ # name: The nickname, real name, or team name of the server admin(s).
name="&adminname;"
- # nick: Nickname (preferably what you use on the network)
- nick="&adminnick;"
+ # description: An optional description of the server admin(s).
+ description="&admindesc;"
- # email: email address. Does not have to be valid
- # but should be for the users to be able to contact you.
+ # email: An email address at which the server admin(s) can be contacted
+ # in case of issues.
email="&adminemail;">
#-#-#-#-#-#-#-#-#-#-#-#- PORT CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
# #
-# Enter the port and address bindings here. #
+# Configure the port and address bindings here. #
# #
-# #
-# ____ _ _____ _ _ ____ _ _ _ #
-# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
-# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
-# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| #
-# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) #
-# #
-# If you want to link servers to InspIRCd you must load the #
-# spanningtree module! Please see the modules list for #
-# information on how to load this module! If you do not load this #
-# module, server ports will NOT work! #
-# Listener that binds on a TCP/IP endpoint:
+# TLS listener that binds on a TCP/IP endpoint:
<bind
# address: IP address to bind to if the box that you are hosting
# on has more than one IP, else the ircd will try to bind to all
# IP's on the box if this is not defined.
address=""
- # port: Port for users or servers to be able to connect to.
- # you can select multiple ports by separating them
- # with a - character like the example below.
+ # port: Port for users or servers to be able to connect to. You can bind
+ # to multiple ports by separating them with commas and to a range with
+ # a dash (e.g. 6660-6667,7000).
port="6697"
# type: Type of bind block this is. It can either be clients or
@@ -152,14 +135,16 @@
# to this bind section.
type="clients"
- # ssl: If you want the port(s) in this bind tag to use TLS (SSL), set this to
- # the name of a custom <sslprofile> tag that you have defined or one
- # of "openssl", "gnutls", "mbedtls" if you have not defined any. See the
- # docs page for the TLS (SSL) module you are using for more details.
+ # sslprofile: If you want the port(s) in this bind tag to use TLS, set this
+ # to the name of a custom <sslprofile> tag that you have defined. See the
+ # docs page for the TLS module you are using for more details:
+ #
+ # GnuTLS: https://docs.inspircd.org/4/modules/ssl_gnutls#sslprofile
+ # OpenSSL: https://docs.inspircd.org/4/modules/ssl_openssl#sslprofile
#
- # You will need to load the ssl_openssl module for OpenSSL, ssl_gnutls
- # for GnuTLS and ssl_mbedtls for mbedTLS.
- ssl="gnutls"
+ # You will need to load the ssl_openssl module for OpenSSL and ssl_gnutls
+ # for GnuTLS.
+ sslprofile="main"
# defer: When this is non-zero, connections will not be handed over to
# the daemon from the operating system before data is ready.
@@ -178,11 +163,16 @@
# not have brought the network interfaces up yet.
free="no">
+# Plaintext listener that binds on a TCP/IP endpoint:
+<bind address="" port="6667" type="clients">
+
+
# Listener that binds on a UNIX endpoint (not supported on Windows):
#<bind
- # path: The location to store the UNIX socket
- #path="/tmp/inspircd.sock"
+ # path: The location to store the UNIX socket. Relative to the data
+ # directory if not an absolute path.
+ #path="inspircd.sock"
# type: Type of bind block this is. It can either be clients or
# servers. Whichever you select will be the only type able to connect
@@ -203,29 +193,22 @@
# shut down cleanly and left a zombie socket behind.
#replace="yes">
-<bind address="" port="6667" type="clients">
-# Listener accepting HTML5 WebSocket connections.
+# Listener accepting WebSocket connections.
# Requires the websocket module and SHA-1 hashing support (provided by the sha1
# module).
-#<bind address="" port="6666" type="clients" hook="websocket">
+#<bind address="" port="7002" type="clients" hook="websocket">
-# You can define a custom <sslprofile> tag which defines the TLS (SSL) configuration
-# for this listener. See the docs page for the TLS (SSL) module you are using for
+# You must define a custom <sslprofile> tag which defines the TLS configuration
+# for this listener. See the docs page for the TLS module you are using for
# more details.
#
-# Alternatively, you can use one of the default TLS (SSL) profiles which are created
-# when you have not defined any:
-# "openssl" (requires the ssl_openssl module)
-# "gnutls" (requires the ssl_gnutls module)
-# "mbedtls" (requires the ssl_mbedtls module)
-#
-# When linking servers, the OpenSSL, GnuTLS, and mbedTLS implementations are
-# completely link-compatible and can be used alongside each other on each end
-# of the link without any significant issues.
+# When linking servers, the OpenSSL and GnuTLS implementations are completely
+# link-compatible and can be used alongside each other on each end of the link
+# without any significant issues.
<bind address="" port="7000" type="servers">
-<bind address="" port="7001" type="servers" ssl="gnutls">
+<bind address="" port="7001" type="servers" sslprofile="main">
#-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
# #
@@ -241,14 +224,159 @@
# #
# Connect blocks are searched twice for each user - once when the TCP #
# connection is accepted, and once when the user completes their #
-# registration. Most of the information (hostname, ident response, #
-# password, TLS (SSL) when using STARTTLS, etc) is only available #
-# during the second search. If you are trying to make a closed server #
-# you will probably need a connect block just for user registration. #
-# This can be done by using <connect registered="no"> #
+# connection. Most of the information (hostname, ident response, #
+# password, TLS when using STARTTLS, etc) is only available during #
+# the second search. If you are trying to make a closed server you #
+# will probably need a connect block just for user connection. This #
+# can be done by using <connect connected="no"> #
# To enable IRCCloud on your network uncomment this:
-#<include file="examples/providers/irccloud.conf.example">
+#<include file="&dir.example;/providers/irccloud.example.conf">
+
+# A connect class with <connect:deny> set denies connections from the specified host/IP range.
+#<connect
+ # deny: Will not let people connect if they have specified host/IP.
+ #deny="3ffe::0/32"
+
+ # reason: The message that users will see if they match a deny block.
+ #reason="The 6bone address space is deprecated">
+
+# A connect class with <connect:allow> set allows c from the specified host/IP range.
+#<connect
+ # name: Name to use for this connect block. Mainly used for
+ # connect class inheriting.
+ #name="secret"
+
+ # parent: This setting is to specify if this connect class
+ # inherits settings from any other. Put the other class's name
+ # in here to use its settings as a template - for example, if
+ # you only want to adjust sendq and a password
+ #parent="main"
+
+ # allow: The IP address or hostname of clients that can use this
+ # class. You can specify either an exact match, a glob match, or
+ # a CIDR range here.
+ #allow="203.0.113.*"
+
+ # hash: the hash function this password is hashed with. Requires the
+ # module for the selected function (bcrypt, md5, sha1, or sha256) and
+ # the password hashing module (password_hash) to be loaded.
+ #
+ # You may also use any of the above other than bcrypt prefixed with
+ # either "hmac-" or "pbkdf2-hmac-" (requires the pbkdf2 module).
+ # Create hashed passwords with: /MKPASSWD <hashtype> <plaintext>
+ #hash="bcrypt"
+
+ # password: Password to use for this block/user(s)
+ #password="secret"
+
+ # maxchans: Maximum number of channels a user in this class
+ # can be in at one time.
+ #maxchans="20"
+
+ # timeout: How long the server will wait before disconnecting
+ # a user if they do not do anything on connect.
+ # (Note, this is a client-side thing, if the client does not
+ # send /NICK, /USER or /PASS)
+ #timeout="20"
+
+ # localmax: Maximum local connections per IP (or CIDR mask, see below).
+ #localmax="3"
+
+ # globalmax: Maximum global (network-wide) connections per IP (or CIDR mask, see below).
+ #globalmax="3"
+
+ # maxconnwarn: Enable warnings when localmax or globalmax are reached (defaults to yes)
+ #maxconnwarn="no"
+
+ # resolvehostnames: If disabled, no DNS lookups will be performed on connecting users
+ # in this class. This can save a lot of resources on very busy servers.
+ #resolvehostnames="yes"
+
+ # useconnectban: Defines if users in this class should be exempt from connectban limits.
+ # This setting only has effect when the connectban module is loaded.
+ #useconnectban="yes"
+
+ # useconnflood: Defines if users in this class should be exempt from connflood limits.
+ # This setting only has effect when the connflood module is loaded.
+ #useconnflood="yes"
+
+ # usednsbl: Defines whether or not users in this class are subject to DNSBL. Default is yes.
+ # This setting only has effect when the dnsbl module is loaded.
+ #usednsbl="yes"
+
+ # useident: Whether to try to look up the real username of users in this class using
+ # the RFC 1413 identification protocol.
+ # This setting only has effect when the ident module is loaded.
+ #useident="no"
+
+ # usests: Whether a STS policy should be advertised to users in this class.
+ # This setting only has effect when the ircv3_sts module is loaded.
+ #usests="no"
+
+ # webirc: Restricts usage of this class to the specified WebIRC gateway.
+ # This setting only has effect when the gateway module is loaded.
+ #webirc="name"
+
+ # limit: How many users are allowed in this class
+ #limit="5000"
+
+ # modes: The modes to set on users in this class when they connect to
+ # the server. See https://docs.inspircd.org/4/user-modes/ for a list of
+ # user modes. The example below sets user modes c (deaf_commonchans)
+ # and x (cloak) which require the commonchans and cloak modules.
+ # This setting only has effect when the conn_umodes module is loaded.
+ #modes="+cx"
+
+ # requireident: Require that users of this block have a valid ident response.
+ # Requires the ident module to be loaded.
+ #requireident="yes"
+
+ # requiressl: Require that users of this block use a TLS connection.
+ # This can also be set to "trusted", as to only accept client certificates
+ # issued by a certificate authority that you can configure in the
+ # settings of the TLS module that you're using.
+ # Requires the sslinfo module to be loaded.
+ #requiressl="yes"
+
+ # requireaccount: Require that users of this block have authenticated to a
+ # user account.
+ # NOTE: You must complete the signon prior to full connection. Currently,
+ # this is only possible by using SASL authentication; passforward
+ # and PRIVMSG NickServ happen after your final connect block has been found.
+ # You can also set this to "nick" to require that users are logged into their
+ # current nickname.
+ # Requires the account module to be loaded.
+ #requireaccount="yes"
+
+ # Alternate MOTD file for this connect class. The contents of this file are
+ # specified using <files secretmotd="filename"> or <execfiles ...>
+ #
+ # NOTE: the following escape sequences for IRC formatting characters can be
+ # used in your MOTD:
+ # Bold: \b
+ # Color: \c<fg>[,<bg>]
+ # Color (alt): \c{<fg>[,<bg>]}
+ # Hex Color: \h<fg>[,<bg>]
+ # Italic: \i
+ # Monospace: \m (not widely supported)
+ # Reset: \x
+ # Reverse: \r
+ # Strikethrough: \s (not widely supported)
+ # Underline: \u
+ #
+ # When using the alternate color syntax the following colors can be used:
+ # black, blue, brown, cyan, default, green, grey, light blue,
+ # light cyan, light green, light grey, magenta orange, pink,
+ # red, white, yellow.
+ #
+ # See https://defs.ircdocs.horse/info/formatting.html for more information
+ # on client support for formatting characters.
+ #motd="secretmotd"
+
+ # port: What port range this user is allowed to connect on. (optional)
+ # The ports MUST be set to listen in the bind blocks above.
+ #port="6697,9999">
<connect
# name: Name to use for this connect block. Mainly used for
@@ -260,12 +388,13 @@
# a CIDR range here.
allow="*"
- # hash: what hash this password is hashed with. requires the module
- # for selected hash (m_md5.so, m_sha256.so or m_ripemd160.so) be
- # loaded and the password hashing module (m_password_hash.so)
- # loaded. Options here are: "md5", "sha256" and "ripemd160".
- # Optional, but recommended. Create hashed passwords with:
- # /mkpasswd <hash> <password>
+ # hash: the hash function this password is hashed with. Requires the
+ # module for the selected function (bcrypt, md5, sha1, or sha256) and
+ # the password hashing module (password_hash) to be loaded.
+ #
+ # You may also use any of the above other than bcrypt prefixed with
+ # either "hmac-" or "pbkdf2-hmac-" (requires the pbkdf2 module).
+ # Create hashed passwords with: /MKPASSWD <hashtype> <plaintext>
hash="&connecthash;"
# password: Password to use for this block/user(s)
@@ -320,7 +449,7 @@
# immediately killing them; their commands are held in the recvq and processed later
# as the user's command penalty drops. Note that if this is enabled, flooders will
# quit with "RecvQ exceeded" rather than "Excess Flood".
- fakelag="on"
+ fakelag="yes"
# localmax: Maximum local connections per IP.
localmax="3"
@@ -332,11 +461,13 @@
# in this class. This can save a lot of resources on very busy servers.
resolvehostnames="yes"
- # useident: Defines if users in this class must respond to a ident query or not.
+ # useident: Whether to try to look up the real username of users in this class using
+ # the RFC 1413 identification protocol.
+ # This setting only has effect when the ident module is loaded.
useident="no"
# usednsbl: Defines whether or not users in this class are subject to DNSBL. Default is yes.
- # This setting only has effect when m_dnsbl is loaded.
+ # This setting only has effect when the dnsbl module is loaded.
usednsbl="&usednsbl;"
# usests: Whether a STS policy should be advertised to users in this class.
@@ -346,12 +477,13 @@
# limit: How many users are allowed in this class
limit="5000"
- # modes: User modes that are set on users in this block on connect.
- # Enabling this option requires that the conn_umodes module be loaded.
- # This entry is highly recommended to use for/with IP cloaking/masking.
- # For the example to work, this also requires that the cloaking
- # module be loaded as well.
- modes="+x">
+ # modes: The modes to set on users in this class when they connect to
+ # the server. See https://docs.inspircd.org/4/user-modes/ for a list of
+ # user modes. The example below sets user modes c (deaf_commonchans)
+ # and x (cloak) which require the commonchans and cloak modules.
+ # This setting only has effect when the conn_umodes module is loaded.
+ modes="+cx">
+
#-#-#-#-#-#-#-#-#-#-#-#- CIDR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
@@ -379,6 +511,9 @@
# extremely low. (Values are 0-128).
ipv6clone="128">
+# This file has all the information about oper classes, types and o:lines.
+# You *MUST* edit it.
+#<include file="&dir.example;/opers.example.conf">
#-#-#-#-#-#-#-#-#-#- MISCELLANEOUS CONFIGURATION -#-#-#-#-#-#-#-#-#-#
# #
@@ -419,11 +554,11 @@
# rehash the ircd from the shell or to terminate the ircd from the #
# shell using shell scripts, perl scripts, etc... and to monitor the #
# ircd's state via cron jobs. If this is a relative path, it will be #
-# relative to the configuration directory, and if it is not defined, #
-# the default of 'inspircd.pid' is used. #
+# relative to the runtime directory, and if it is not defined, the #
+# default of 'inspircd.pid' is used. #
# #
-#<pid file="/path/to/inspircd.pid">
+#<pid file="inspircd.pid">
#-#-#-#-#-#-#-#-#-#-#-#-#- LIST MODE LIMITS #-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
@@ -464,7 +599,6 @@
# prefixpart: What (if anything) users' part messages
# should be prefixed with.
prefixpart="""
- # NOTE: Use "\"" instead of """ if not using <config format="xml">
# suffixpart: What (if anything) users' part message
# should be suffixed with.
@@ -482,14 +616,6 @@
# the correct parameters are.
syntaxhints="no"
- # casemapping: This sets the case mapping method to be used by the
- # server. This MUST be the same on all servers. Possible values are:
- # "ascii" (recommended)
- # "rfc1459" (default, required for linking to 2.0 servers)
- # NOTE: if you are using the nationalchars module this setting will be
- # ignored. You should use <nationalchars:casemapping> instead.
- casemapping="ascii"
-
# cyclehostsfromuser: If enabled, the source of the mode change for
# cyclehosts will be the user who cycled. This can look nicer, but
# triggers anti-takeover mechanisms of some obsolete bots.
@@ -509,9 +635,13 @@
# falling back to IPv4 otherwise.
defaultbind="auto"
- # hostintopic: If enabled, channels will show the host of the topic setter
- # in the topic. If set to no, it will only show the nick of the topic setter.
- hostintopic="yes"
+ # maskinlist: If enabled then channels will show the nick!user@host of a list
+ # mode setter in the mode list instead of just the nick of the list mode setter.
+ maskinlist="yes"
+
+ # maskintopic: If enabled then channels will show the nick!user@host of the topic
+ # setter in the topic instead of just the nick of the topic setter.
+ maskintopic="yes"
# pingwarning: If a server does not respond to a ping within this period,
# it will send a notice to opers with snomask +l informing that the server
@@ -528,22 +658,48 @@
# 'splitmsg' - the same as split but also send a message explaining the split.
splitwhois="no"
- # defaultmodes: What modes are set on a empty channel when a user
- # joins it and it is unregistered.
+ # defaultmodes: The modes to set on a channel when it is created. See
+ # https://docs.inspircd.org/4/channel-modes/ for a list of channel
+ # modes. If a prefix mode is included in this option it will be set on
+ # the user that created the channel. The example below sets channel
+ # modes n (noextmsg) and t (topiclock) and grants channel prefix mode
+ # o (op) to the channel creator.
defaultmodes="not"
# xlinemessage: This is the text that is sent to a user when they are
# banned from the server.
- xlinemessage="You're banned! Email irc@example.com with the ERROR line below for help."
-
- # allowzerolimit: If enabled then allow a limit of 0 to be set on channels.
- # This is non-standard behaviour and should only be enabled if you need to
- # link with servers running 2.0. Defaults to yes.
- allowzerolimit="no"
+ xlinemessage="You're banned! Email &adminemail; with the ERROR line below for help."
- # modesinlist: If enabled then the current channel modes will be shown
- # in the /LIST response. Defaults to yes.
- modesinlist="no"
+ # xlinequit: The quit message to show to opers and affected users when
+ # a user is [KGZ]-lined. The variables you can use in this are:
+ #
+ # %created% - The date/time at which the X-line was created.
+ # %duration% - The duration of the X-line.
+ # %expiry% - The date/time at which the X-line expires.
+ # %fulltype% - The type of X-line which was matched, suffixed with
+ # "-lined" if its name is one or two characters.
+ # %reason% - The reason the X-line was added.
+ # %remaining% - The duration remaining on the X-line.
+ # %setter% - The name of the X-line setter.
+ # %type% - The type of X-line which was matched.
+ xlinequit="%fulltype%: %reason%"
+
+ # modesinlist: Whether to show the current channel modes in the /LIST
+ # output. Can be set to any one of:
+ # - yes Show the current channel modes to all users.
+ # - opers Show the current channel modes to server operators with the
+ # channels/auspex privilege. This is the default.
+ # - no Do not show the current channel modes in /LIST.
+ modesinlist="opers"
+
+ # extbanformat: The method to use for normalising extbans. Can be set
+ # to one of:
+ # - any Do not perform any extban normalisation.
+ # - name Normalise extbans to use their name.
+ # - letter Normalise extbans to use their letter. This is useful for
+ # if you need to keep compatibility with v3.
+ # Defaults to "any" if not set.
+ extbanformat="name"
# exemptchanops: Allows users with with a status mode to be exempt
# from various channel restrictions. Possible restrictions are:
@@ -557,8 +713,8 @@
# letters (requires the blockcaps module).
# - blockcolor Channel mode +c - blocks messages with formatting codes
# (requires the blockcolor module).
- # - censor Channel mode +G - censors messages based on the network
- # configuration (requires the censor module).
+ # - delaymsg Channel mode +d - blocks sending messages until specified
+ # seconds have passed since user join
# - filter Channel mode +g - blocks messages containing the given
# glob mask (requires the chanfilter module).
# - flood Channel mode +f - kicks (and bans) on text flood of a
@@ -572,13 +728,14 @@
# - nonotice Channel mode +T - blocks /NOTICEs to the channel
# (requires the nonotice module).
# - regmoderated Channel mode +M - blocks unregistered users from
- # speaking (requires the services account module).
+ # speaking (requires the account module).
# - stripcolor Channel mode +S - strips formatting codes from
# messages (requires the stripcolor module).
# - topiclock Channel mode +t - limits changing the topic to (half)ops
- # You can also configure this on a per-channel basis with a channel mode.
- # See m_exemptchanops in modules.conf.example for more details.
- exemptchanops="censor:o filter:o nickflood:o nonick:v regmoderated:o"
+ # You can also configure this on a per-channel basis with a channel mode and
+ # even negate the configured exemptions below.
+ # See exemptchanops in modules.example.conf for more details.
+ exemptchanops="filter:o nickflood:o nonick:v regmoderated:o"
# invitebypassmodes: This allows /INVITE to bypass other channel modes.
# (Such as +k, +j, +l, etc.)
@@ -609,13 +766,13 @@
# connections. If defined, it sets a soft max connections value.
softlimit="12800"
- # clonesonconnect: If this is set to false, we won't check for clones
+ # clonesonconnect: If this is set to no, we won't check for clones
# on initial connection, but only after the DNS check is done.
# This can be useful where your main class is more restrictive
# than some other class a user can be assigned after DNS lookup is complete.
# Turning this option off will make the server spend more time on users we may
# potentially not want. Normally this should be negligible, though.
- # Default value is true
+ # Default value is yes
clonesonconnect="yes"
# timeskipwarn: The time period that a server clock can jump by before
@@ -633,10 +790,6 @@
# #
<security
- # allowcoreunload: If this value is set to yes, Opers will be able to
- # unload core modules (e.g. core_privmsg).
- allowcoreunload="no"
-
# announceinvites: This option controls which members of the channel
# receive an announcement when someone is INVITEd. Available values:
# 'none' - don't send invite announcements
@@ -646,9 +799,9 @@
# higher ranked users. This is the recommended setting.
announceinvites="dynamic"
- # hideulines: If this value is set to yes, U-lined servers will
+ # hideservices: If this value is set to yes, services servers will
# be hidden from non-opers in /LINKS and /MAP.
- hideulines="no"
+ hideservices="no"
# flatlinks: If this value is set to yes, /MAP and /LINKS will
# be flattened when shown to non-opers.
@@ -660,18 +813,27 @@
#
# NOTE: enabling this will cause users' idle times to only be shown
# when a remote whois (/WHOIS <nick> <nick>) is used.
- #hideserver="*.example.com"
+ #hideserver="irc.&networkDomain;"
- # hidebans: If this value is set to yes, when a user is banned ([KGZ]-lined)
- # only opers will see the ban message when the user is removed
- # from the server.
- hidebans="no"
+ # publicxlinequit: The quit message to show to unprivileged users when
+ # a user is [KGZ]-lined. The variables you can use in this are:
+ #
+ # %created% - The date/time at which the X-line was created.
+ # %duration% - The duration of the X-line.
+ # %expiry% - The date/time at which the X-line expires.
+ # %fulltype% - The type of X-line which was matched, suffixed with
+ # "-lined" if its name is one or two characters.
+ # %reason% - The reason the X-line was added.
+ # %remaining% - The duration remaining on the X-line.
+ # %setter% - The name of the X-line setter.
+ # %type% - The type of X-line which was matched.
+ #publicxlinequit="%fulltype%"
# hidekills: If defined, replaces who executed a /KILL with a custom string.
hidekills=""
- # hideulinekills: Hide kills from clients of ulined servers from server notices.
- hideulinekills="yes"
+ # hideservicekills: Hide kills from clients of services servers from server notices.
+ hideservicekills="yes"
# hidesplits: If enabled, non-opers will not be able to see which
# servers split in a netsplit, they will only be able to see that one
@@ -725,35 +887,38 @@
# near their defaults (or lower). #
<limits
- # maxnick: Maximum length of a nickname.
- maxnick="30"
+ # maxaway: Maximum length of an away message.
+ maxaway="200"
# maxchan: Maximum length of a channel name.
- maxchan="64"
-
- # maxmodes: Maximum number of mode changes per line.
- maxmodes="20"
-
- # maxident: Maximum length of a ident/username.
- maxident="10"
+ maxchan="60"
# maxhost: Maximum length of a hostname.
maxhost="64"
- # maxquit: Maximum length of a quit message.
- maxquit="255"
+ # maxuser: Maximum length of a username.
+ maxuser="10"
- # maxtopic: Maximum length of a channel topic.
- maxtopic="307"
+ # maxkey: Maximum length of a channel key.
+ maxkey="30"
# maxkick: Maximum length of a kick message.
- maxkick="255"
+ maxkick="300"
+
+ # maxmodes: Maximum number of mode changes per line.
+ maxmodes="20"
+
+ # maxnick: Maximum length of a nickname.
+ maxnick="30"
+
+ # maxquit: Maximum length of a quit message.
+ maxquit="300"
# maxreal: Maximum length of a real name.
- maxreal="128"
+ maxreal="130"
- # maxaway: Maximum length of an away message.
- maxaway="200">
+ # maxtopic: Maximum length of a channel topic.
+ maxtopic="330">
#-#-#-#-#-#-#-#-#-#-#-#-# PATHS CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
# #
@@ -764,78 +929,66 @@
# where you do not have the ability to set build time configuration. #
#<path configdir="conf" datadir="data" logdir="logs" moduledir="modules">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Logging
-# -------
-#
-# Logging is covered with the <log> tag, which you may use to change
-# the behaviour of the logging of the IRCd.
-#
-# An example log tag would be:
-# <log method="file" type="OPER" level="default" target="opers.log">
-# which would log all information on /OPER (failed and successful) to
-# a file called opers.log.
-#
-# There are many different types which may be used, and modules may
-# generate their own. A list of useful types:
-# - USERS - information relating to user connection and disconnection
-# - OPER - successful and failed oper attempts
-# - KILL - kill related messages
-# - FILTER - messages related to filter matches (filter module)
-# - CONFIG - configuration related messages
-# - COMMAND - die and restart messages, and messages related to unknown user types
-# - SOCKET - socket engine informational/error messages
-# - MODULE - module related messages
-# - STARTUP - messages related to starting up the server
-#
-# You may also log *everything* by using a type of *, and subtract things out
-# of that by using -TYPE - for example "* -USERINPUT -USEROUTPUT".
-#
-# Useful levels are:
-# - default (general messages, including errors)
-# - sparse (misc error messages)
-# - debug (debug messages)
-#
-# Some types only produce output in the debug level, those are:
-# - BANCACHE - ban cache debug messages
-# - CHANNELS - information relating to joining/creating channels
-# - CULLLIST - debug messages related to issues with removing users
-# - RESOLVER - DNS related debug messages
-# - CONNECTCLASS - Connection class debug messages
-# - USERINPUT
-# - USEROUTPUT
-#
-# If your server is producing a high levels of log messages you can also set the
-# flush="[positive number]" attribute to specify how many log messages should be
-# buffered before flushing to disk. You should probably not specify this unless
-# you are having problems.
-#
-# The following log tag is highly default and uncustomised. It is recommended you
-# sort out your own log tags. This is just here so you get some output.
+#-#-#-#-#-#-#-#-#-#-#-# LOGGING CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# The <log> tag allows you to define a list of targets to write log #
+# messages to. #
+# #
+# method - The method to use when logging. This can be set to "file" #
+# to log to a file, "stderr" to log to the standard error #
+# stream, or "stdout" to log to the standard output stream. #
+# You can also set it to a log method provided by a module. #
+# #
+# level - The level of messages to write to this logger. Can be set #
+# to "error", "warning", "normal", or "debug". #
+# #
+# type - A space-delimited list of log types to write to this logger. #
+# See https://docs.inspircd.org/4/configuration/#log for a #
+# full list of log types. You can also use * to include every #
+# log type and then -TYPE to exclude specific unwanted types. #
+# #
+# target - If the method is set to "file" then the name of the file #
+# to write log messages to. #
+
+<log method="file"
+ level="normal"
+ type="* -USERINPUT -USEROUTPUT"
+ target="inspircd.log">
-<log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="ircd.log">
+#<log method="stderr"
+# level="normal"
+# type="* -USERINPUT -USEROUTPUT">
+
+#<log method="stdout"
+# level="normal"
+# type="* -USERINPUT -USEROUTPUT">
#-#-#-#-#-#-#-#-#-#-#-#-#- WHOWAS OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# This tag lets you define the behaviour of the /WHOWAS command of #
# your server. #
# #
-
<whowas
# groupsize: Maximum entries per nick shown when performing
- # a /WHOWAS <nick>.
+ # a /WHOWAS <nick>. Defaults to 10.
groupsize="10"
# maxgroups: Maximum number of nickgroups that can be added to
# the list so that /WHOWAS does not use a lot of resources on
- # large networks.
- maxgroups="100000"
+ # large networks. Defaults to 10000.
+ maxgroups="10000"
# maxkeep: Maximum time a nick is kept in the whowas list
# before being pruned. Time may be specified in seconds,
# or in the following format: 1y2w3d4h5m6s. Minimum is
- # 1 hour.
- maxkeep="3d">
+ # 1 hour. Defaults to 7 days.
+ maxkeep="7d"
+
+ # nickupdate: Whether to update the WHOWAS database on nick
+ # change as well as quit. This can significantly increase the
+ # memory usage of your IRC server so it is not recommended
+ # for large networks. Defaults to yes.
+ nickupdate="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#- BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
@@ -844,23 +997,39 @@
# Your server. #
# #
-<badnick nick="ChanServ" reason="Reserved For Services">
-<badnick nick="NickServ" reason="Reserved For Services">
-<badnick nick="OperServ" reason="Reserved For Services">
-<badnick nick="MemoServ" reason="Reserved For Services">
-<badnick nick="HostServ" reason="Reserved For Services">
-<badnick nick="BotServ" reason="Reserved For Services">
-<badnick nick="AuthServ" reason="Reserved For Services">
-<badnick nick="UserServ" reason="Reserved For Services">
-<badnick nick="Q" reason="Reserved For Services">
+#<badip
+ # ipmask: IP range to ban. Wildcards and CIDR can be used.
+ #ipmask="192.0.2.69"
-<exception host="*@127.0.0.1" reason="localhost">
+ # reason: Reason to display when user is disconnected.
+ #reason="No porn here thanks.">
-<include executable="sh conf/opers.sh">
-<include executable="sh conf/links.sh LINK1">
-<include executable="sh conf/links.sh LINK2">
-<include executable="sh conf/links.sh LINK3">
-<include executable="sh conf/services.sh">
+#<badnick
+ # nick: Nick to disallow. Wildcards are supported.
+ #nick="Tr0ll123"
+
+ # reason: Reason to display on /NICK.
+ #reason="Don't use this nick.">
+
+#<badhost
+ # host: username@hostname to ban.
+ # Wildcards and CIDR (if you specify an IP) can be used.
+ #host="*@banneduser.example.net"
+
+ # reason: Reason to display when user is disconnected
+ #reason="Evading Bans">
+
+#<badhost host="root@*" reason="Don't IRC as root!">
+#<badhost host="*@198.51.100.0/24" reason="This subnet is bad.">
+
+# exception: Hosts that are exempt from [KGZ]-lines.
+#<exception
+ # host: username@hostname to exempt.
+ # Wildcards and CIDR (if you specify an IP) can be used.
+ #host="*@serverop.example.com"
+
+ # reason: Reason for exception. Only shown in /STATS e.
+ #reason="Oper's hostname">
<include file="modules.conf">
@@ -892,6 +1061,22 @@
# will be banning 955 or more users.
trigger="95.5">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-# MODULES #-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# ____ _ _____ _ _ ____ _ _ _ #
+# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
+# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
+# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| #
+# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) #
+# #
+# Well done, you've reached the end of the basic configuration, your #
+# ircd should now start if you want to try it out! (./inspircd start) #
+# #
+# We now suggest you read and edit modules.conf, as modules are what #
+# provide almost all the features of InspIRCd. :) #
+# #
+# The default does nothing -- we include it for simplicity for you. #
+#<include file="&dir.example;/modules.example.conf">
+
#-#-#-#-#-#-#-#-#-#-#-# SERVICES CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#
# #
# If you use services you will probably want to include one of the #
@@ -899,13 +1084,13 @@
# exemptions for services pseudoclients: #
#
# Anope users should uncomment this:
-#<include file="examples/services/anope.conf.example">
+#<include file="&dir.example;/services/anope.example.conf">
#
# Atheme users should uncomment this:
-#<include file="examples/services/atheme.conf.example">
+#<include file="&dir.example;/services/atheme.example.conf">
#
# Users of other services should uncomment this:
-#<include file="examples/services/generic.conf.example">
+<include file="&dir.example;/services/generic.example.conf">
#########################################################################
# #
diff --git a/conf/modules.conf b/conf/modules.conf
index 63e9be2d9be7ea419a77607d92bea2d031eb1c53..f412e19b666f708ab5ac23c5c90e834c1861392f 100644
--- a/conf/modules.conf
+++ b/conf/modules.conf
@@ -10,7 +10,7 @@
# #
# By default, ALL modules are commented out. You must uncomment them #
# or add lines to your config to load modules. Please refer to #
-# https://docs.inspircd.org/3/modules for a list of modules and #
+# https://docs.inspircd.org/4/modules for a list of modules and #
# each modules link for any additional conf tags they require. #
# #
# ____ _ _____ _ _ ____ _ _ _ #
@@ -26,33 +26,16 @@
# this file. #
# #
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# MD5 module: Allows other modules to generate MD5 hashes, usually for
-# cryptographic uses and security.
-#
-# IMPORTANT:
-# Other modules such as cloaking and password_hash may rely on
-# this module being loaded to function.
-#
-#<module name="md5">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SHA256 module: Allows other modules to generate SHA256 hashes,
-# usually for cryptographic uses and security.
-#
-# IMPORTANT:
-# Other modules such as password_hash may rely on this module being
-# loaded to function. Certain modules such as spanningtree will
-# function without this module but when it is loaded their features will
-# be enhanced (for example the addition of HMAC authentication).
-#
-<module name="sha256">
-
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Abbreviation module: Provides the ability to abbreviate commands a-la
# BBC BASIC keywords.
#<module name="abbreviation">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Account support module: Adds support for user accounts as well as
+# several several modes relating to accounts.
+<module name="account">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Alias module: Allows you to define server-side command aliases.
<module name="alias">
@@ -78,13 +61,13 @@
# matched, or it has no format value. Aliases are #
# read from the top of the file to the bottom. #
# #
-# usercommand - If this is true, the alias can be run simply as #
-# /ALIASNAME. Defaults to true. #
+# usercommand - If set to yes, the alias can be run simply as #
+# /ALIASNAME. Defaults to yes. #
# #
-# channelcommand - If this is true, the alias can be used as an #
+# channelcommand - If set to yes, the alias can be used as an #
# in-channel alias or 'fantasy command', prefixed #
# by the fantasy prefix character, !aliasname by #
-# default. Defaults to false. #
+# default. Defaults to no. #
# #
# format - If this is defined, the parameters of the alias #
# must match this glob pattern. For example if you #
@@ -105,61 +88,41 @@
# ninth word onwards, e.g. if the user types the #
# command "foo bar baz qux quz" then $3- will hold #
# "baz qux quz" and $2 will contain "bar". You may #
-# also use the special variables: $nick, $ident, #
-# $host and $vhost, and you may separate multiple #
-# commands with a newline (which can be written in #
-# the file literally, or encoded as &nl; or \n #
-# depending on the config format setting). #
+# also use the special variables: $nick, $user, #
+# $address, $host and $vhost, and you may separate #
+# multiple commands with a newline (which can be #
+# written in the file literally or encoded as &nl; #
# #
# requires - If you provide a value for 'requires' this means #
# the given nickname MUST be online for the alias #
# to successfully trigger. If they are not, then #
# the user receives a 'no such nick' 401 numeric. #
# #
-# stripcolor - If this is true, the text from the user will be #
+# stripcolor - If set to yes, the text from the user will be #
# stripped of color and format codes before #
# matching against 'text'. #
# #
-# uline - Setting this to true will ensure that the user #
-# given in 'requires' is also on a U-lined server, #
+# service - Setting this to yes will ensure that the user #
+# given in 'requires' is also on a servicesserver, #
# as well as actually being on the network. If the #
-# user is online, but not on a U-lined server, #
+# user is online, but not on a services server, #
# then an oper alert is sent out as this is #
# possibly a sign of a user trying to impersonate #
# a service. #
# #
-# operonly - If true, this will make the alias oper only. #
+# operonly - If yes, this will make the alias oper only. #
# If a non-oper attempts to use the alias, it will #
# appear to not exist. #
# #
-<alias text="NICKSERV" replace="SQUERY NickServ :$2-" requires="NickServ" uline="yes">
-<alias text="CHANSERV" replace="SQUERY ChanServ :$2-" requires="ChanServ" uline="yes">
-<alias text="OPERSERV" replace="SQUERY OperServ :$2-" requires="OperServ" uline="yes" operonly="yes">
-<alias text="BOTSERV" replace="SQUERY BotServ :$2-" requires="BotServ" uline="yes">
-<alias text="HOSTSERV" replace="SQUERY HostServ :$2-" requires="HostServ" uline="yes">
-<alias text="MEMOSERV" replace="SQUERY MemoServ :$2-" requires="MemoServ" uline="yes">
-<alias text="NS" replace="SQUERY NickServ :$2-" requires="NickServ" uline="yes">
-<alias text="CS" replace="SQUERY ChanServ :$2-" requires="ChanServ" uline="yes">
-<alias text="OS" replace="SQUERY OperServ :$2-" requires="OperServ" uline="yes" operonly="yes">
-<alias text="BS" replace="SQUERY BotServ :$2-" requires="BotServ" uline="yes">
-<alias text="HS" replace="SQUERY HostServ :$2-" requires="HostServ" uline="yes">
-<alias text="MS" replace="SQUERY MemoServ :$2-" requires="MemoServ" uline="yes">
#
# An example of using the format value to create an alias with two
# different behaviours depending on the format of the parameters.
#
-#<alias text="ID" format="#*" replace="SQUERY ChanServ :IDENTIFY $2 $3"
-# requires="ChanServ" uline="yes">
+#<alias text="ID" format="#*" replace="PRIVMSG ChanServ :IDENTIFY $2 $3"
+# requires="ChanServ" service="yes">
#
-#<alias text="ID" replace="SQUERY NickServ :IDENTIFY $2"
-# requires="NickServ" uline="yes">
-#
-# This alias fixes a glitch in xchat 2.6.x and above and the way it
-# assumes IDENTIFY must be prefixed by a colon (:) character. It should
-# be placed ABOVE the default NICKSERV alias.
-#
-#<alias text="NICKSERV" format=":IDENTIFY *" replace="SQUERY NickServ :IDENTIFY $3-"
-# requires="NickServ" uline="yes">
+#<alias text="ID" replace="PRIVMSG NickServ :IDENTIFY $2"
+# requires="NickServ" service="yes">
#
# You may also add aliases to trigger based on something said in a
# channel, aka 'fantasy' commands, configured in the same manner as any
@@ -167,7 +130,7 @@
# command must be preceded by the fantasy prefix when used.
#
#<alias text="CS" usercommand="no" channelcommand="yes"
-# replace="SQUERY ChanServ :$1 $chan $2-" requires="ChanServ" uline="yes">
+# replace="PRIVMSG ChanServ :$1 $chan $2-" requires="ChanServ" service="yes">
#
# This would be used as "!cs <command> <options>", with the channel
# being automatically inserted after the command in the message to
@@ -186,10 +149,7 @@
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Anticaps module: Adds channel mode +B which allows you to punish
-# users that send overly capitalised messages to channels. Unlike the
-# blockcaps module this module is more flexible as it has more options
-# for punishment and allows channels to configure their own punishment
-# policies.
+# users that send overly capitalised messages to channels.
#<module name="anticaps">
#
# You may also configure the characters which anticaps considers to be
@@ -209,7 +169,6 @@
#
# memory: Memory hardness, in KiB. E.g. 131072 KiB = 128 MiB.
# iterations: Time hardness in iterations. (def. 3)
-# lanes: How many parallel chains can be run. (def. 1)
# threads: Maximum amount of threads each invocation can spawn. (def. 1)
# length: Output length in bytes. (def. 32)
# saltlength: Salt length in bytes. (def. 16)
@@ -246,7 +205,7 @@
# For example +w o:*!Attila@127.0.0.1 will op anyone matching that mask
# on join. This can be combined with extbans, for example +w o:R:Brain
# will op anyone identified to the account "Brain".
-# Another useful combination is with TLS (SSL) client certificate
+# Another useful combination is with TLS client certificate
# fingerprints: +w h:z:72db600734bb9546c1bdd02377bc21d2a9690d48 will
# give halfop to the user(s) having the given certificate.
#<module name="autoop">
@@ -257,7 +216,7 @@
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Ban redirection module: Allows bans which redirect to a specified
-# channel. e.g. +b nick!ident@host#channelbanneduserissentto
+# channel. e.g. +b nick!user@host#channelbanneduserissentto
<module name="banredirect">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
@@ -286,32 +245,6 @@
#
#<blockamsg delay="3" action="killopers">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Block CAPS module: Adds channel mode +B, blocks all-CAPS messages.
-#
-# NOTE: This module is deprecated and will be removed in a future version
-# of InspIRCd. You should use the anticaps module shown above instead.
-#<module name="blockcaps">
-#
-#-#-#-#-#-#-#-#-#-#-#- BLOCKCAPS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
-# #
-# percent - The percentage of a message which must be upper #
-# case before it will be blocked. #
-# #
-# minlen - The minimum length a message must be before it #
-# will be blocked. #
-# #
-# lowercase - The characters which will be considered lower #
-# case. #
-# #
-# uppercase - The characters which will be considered upper #
-# case. #
-#
-#<blockcaps percent="50"
-# minlen="5"
-# lowercase="abcdefghijklmnopqrstuvwxyz"
-# uppercase="ABCDEFGHIJKLMNOPQRSTUVWXYZ">
-
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Block color module: Blocking color-coded messages with chan mode +c.
<module name="blockcolor">
@@ -340,9 +273,8 @@
# cooldown="1m">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# CAP module: Provides the CAP negotiation mechanism required by the
-# sasl, namesx, uhnames, and ircv3 modules.
-# It is also recommended for STARTTLS support in the starttls module.
+# CAP module: Provides the CAP negotiation mechanism required by many
+# other modules. It is strongly recommended that you load this.
<module name="cap">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
@@ -350,89 +282,6 @@
# This module is oper-only and provides /CBAN.
# To use, CBAN must be in one of your oper class blocks.
#<module name="cban">
-# CBAN does not allow glob channelmasks by default for compatibility
-# reasons. You can enable glob support by uncommenting the next line.
-#<cban glob="true">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Censor module: Adds channel and user mode +G which block phrases that
-# are listed in the server bad words list.
-#<module name="censor">
-#
-#-#-#-#-#-#-#-#-#-#-#- CENSOR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
-# #
-# If you have the censor module loaded you should specify one or more #
-# phrases to replace/block in user messages. The config for this is #
-# formatted as follows: #
-# #
-# Replaces "eggplant" with "aubergine" within messages: #
-# <badword text="eggplant" replace="aubergine"> #
-# #
-# Blocks messages that contain "fluffy capybaras": #
-#<badword text="fluffy capybaras"> #
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# CGI:IRC module: Enables forwarding the real IP address of a user from
-# a gateway to the IRC server.
-<module name="cgiirc">
-#
-#-#-#-#-#-#-#-#-#-#-#-# CGIIRC CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
-#
-# If you use the cgiirc module then you must specify the gateways which
-# are authorised to forward IP/host information to your server. There
-# are currently two ways to do this:
-#
-# The webirc method is the recommended way to allow gateways to forward
-# IP/host information. When using this method the gateway sends a WEBIRC
-# message to the server on connection. For more details please read the
-# IRCv3 WebIRC specification at: https://ircv3.net/specs/extensions/webirc.html
-#
-# When using this method you must specify a wildcard mask or CIDR range
-# to allow gateway connections from and at least one of either a TLS (SSL)
-# client certificate fingerprint for the gateway or a password to be
-# sent in the WEBIRC command.
-#
-# <cgihost type="webirc"
-# fingerprint="bd90547b59c1942b85f382bc059318f4c6ca54c5"
-# mask="192.0.2.0/24">
-# <cgihost type="webirc"
-# password="$2a$10$WEUpX9GweJiEF1WxBDSkeODBstIBMlVPweQTG9cKM8/Vd58BeM5cW"
-# hash="bcrypt"
-# mask="*.webirc.gateway.example.com">
-#
-# Alternatively if your gateway does not support sending the WEBIRC
-# message then you can configure InspIRCd to look for the client IP
-# address in the ident sent by the user. This is not recommended as it
-# only works with IPv4 connections.
-#
-# When using this method you must specify a wildcard mask or CIDR range to allow
-# gateway connections from. You can also optionally configure the static value
-# that replaces the IP in the ident to avoid leaking the real IP address of
-# gateway clients (defaults to "gateway" if not set).
-#
-# <cgihost type="ident"
-# mask="198.51.100.0/24"
-# newident="wibble">
-# <cgihost type="ident"
-# mask="*.ident.gateway.example.com"
-# newident="wobble">
-#
-# By default gateway connections are logged to the +w snomask. If you
-# do not want this to happen then you can uncomment this to disable it.
-# <cgiirc opernotice="no">
-
-# IMPORTANT NOTE:
-# ---------------
-#
-# When you connect gateway clients, there are two connect classes which
-# apply to these clients. When the client initially connects, the connect
-# class which matches the gateway site's host is checked. Therefore you
-# must raise the maximum local/global clients for this IP as high as you
-# want to allow gateway clients. After the client has connected and is
-# determined to be a gateway client, the class which matches the client's
-# real IP is then checked. You may set this class to a lower value, so that
-# the real IP of the client can still be restricted to, for example, 3
-# sessions maximum.
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Channel create module: Adds snomask +j, which will notify opers of
@@ -461,13 +310,29 @@
# the current topic of conversation is when joining the channel.
<module name="chanhistory">
#
-# Set the maximum number of lines allowed to be stored per channel below.
-# This is the hard limit for 'X'.
-# If prefixmsg is set to yes, joining users without batch support will get
-# a NOTICE before playback telling them about the following lines being
-# the pre-join history.
-# If bots is set to yes, it will also send to users marked with +B
-#<chanhistory maxlines="50" prefixmsg="yes" bots="yes">
+#-#-#-#-#-#-#-#-#-#-#- CHANHISTORY CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+# #
+# maxduration - The maximum period to keep chat history for. Defaults #
+# to 4 weeks. #
+# #
+# maxlines - The maximum number of lines of chat history to send to a #
+# joining users. Defaults to 50. #
+# #
+# prefixmsg - Whether to send an explanatory message to clients that #
+# don't support the chathistory batch type. Defaults to #
+# yes. #
+# #
+# savefrombots - Whether to save messages from users with user mode #
+# +B (bot) in the channel history. Defaults to yes. #
+# #
+# sendtobots - Whether to send channel history to users with user #
+# mode +B (bot) enabled. Defaults to yes. #
+#
+#<chanhistory maxlines="50"
+# maxduration="4w"
+# prefixmsg="yes"
+# savefrombots="yes"
+# sendtobots="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Channel logging module: Used to send snotice output to channels, to
@@ -556,80 +421,314 @@
#<module name="clearchan">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Cloaking module: Adds user mode +x and cloaking support.
-# Relies on the md5 module being loaded.
-# To cloak users when they connect, load the conn_umodes module and set
-# <connect:modes> to include the +x mode. The example <connect> tag
-# shows this. See the conn_umodes module for more information.
-#<module name="cloaking">
+# Cloak module: Adds user mode x (cloak) which allows user hostnames to
+# be hidden. This module does not provide any cloak methods by itself.
+# You should also load another module like cloak_account or cloak_sha256.
+#
+# In order to have users automatically cloaked on connect you should
+# load the conn_umodes module and add "x" to <connect:modes>.
+#<module name="cloak">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# MD5 cloak module: Adds the "half" and "full" cloak methods. These
+# methods are deprecated and will be removed in the next major version
+# of InspIRCd. They should only be used on a network which is upgrading
+# from v3 and wishes to keep ban compatibility. New networks should use
+# the "hmac-sha256" method (see below) instead.
#
-#-#-#-#-#-#-#-#-#-#-#- CLOAKING CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
+# IMPORTANT: If you are using this module you should also load the md5
+# module. Failure to do so will result in users not being cloaked.
+#<module name="cloak_md5">
+#
+#-#-#-#-#-#-#-#-#-#-#- MD5 CLOAK CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
+# To use the cloak_md5 module you must define a <cloak> tag. This tag #
+# tag can have the following fields. #
+# #
+# key - The secret key to use when hashing hostnames. This #
+# MUST be at least 30 characters long. #
# #
-# To use cloaking, you must define a cloak key, and optionally a #
-# cloak prefix as shown below. The cloak key must be shared across #
-# the network for consistent cloaking and must be at least thirty #
-# characters long. #
+# class - If non-empty then a comma-delimited list of connect #
+# class names that a user has to be in to get the cloak #
+# from this tag. #
# #
-# There are two methods of cloaking: #
+# prefix - A freeform value to prefix cloaks with. This must not #
+# contain spaces. #
# #
-# half Cloak only the "unique" portion of a host; by #
-# default show the last 2 parts of the domain, #
-# /16 subnet of IPv4 or /48 subnet of the IPv6 #
-# address. #
-# To change the number of shown parts, modify the #
-# domainparts option. #
+# suffix - A freeform value to suffix cloaks with. This must not #
+# contain spaces. #
# #
-# full Cloak the users completely, using three slices for #
-# common CIDR bans (IPv4: /16, /24; IPv6: /48, /64). #
+# domainparts - The maximum number of hostname labels that should be #
+# visible on the end of a host. Defaults to 3. #
# #
-# The methods use a single key that can be any length of text. #
-# An optional prefix may be specified to mark cloaked hosts. #
+# ignorecase - Whether to ignore the capitalisation of a hostname #
+# when generating the cloak. This prevents users from #
+# evading bans by changing the case of their DNS PTR #
+# record. Defaults to off. #
# #
# IMPORTANT: Changing these details will break all of your existing #
# bans. If you do not want this to happen you can define multiple #
-# cloak tags. The first will be used for cloaking and the rest will #
+# cloak tags. The first will be used for hostnames and the rest will #
# be used for checking if a user is banned in a channel. #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#
-#<cloak mode="half"
+#<cloak method="half"
# key="changeme"
+# class=""
+# prefix="MyNet-"
+# suffix=".IP"
# domainparts="3"
-# prefix="net-"
-# ignorecase="no">
+# ignorecase="yes">
#
-#<cloak mode="full"
+#<cloak method="full"
# key="changeme"
-# prefix="net-"
-# ignorecase="no">
+# class=""
+# prefix="MyNet-"
+# suffix=".IP">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Clones module: Adds an oper command /CLONES for detecting cloned
-# users. Warning: This command may be resource intensive when it is
-# issued, use with care.
-# This module is oper-only.
-# To use, CLONES must be in one of your oper class blocks.
-#<module name="clones">
+# HMAC-SHA256 cloak module: Adds the "hmac-sha256" (hostname or IP) and
+# "hmac-sha256-addr" (IP only) cloak methods. This is the recommended
+# cloak module for new networks.
+#
+# IMPORTANT: If you are using this module you should also load the sha2
+# module. Failure to do so will result in users not being cloaked.
+#<module name="cloak_sha256">
+#
+#-#-#-#-#-#-#-#-#- HMAC-SHA256 CLOAK CONFIGURATION -#-#-#-#-#-#-#-#-#-#
+# To use the cloak_sha256 module you must define a <cloak> tag. This #
+# tag can have the following fields. #
+# #
+# key - The secret key to use when hashing hostnames. This #
+# MUST be at least 30 characters long. #
+# #
+# class - If non-empty then a comma-delimited list of connect #
+# class names that a user has to be in to get the cloak #
+# from this tag. #
+# #
+# prefix - A freeform value to prefix cloaks with. This must not #
+# contain spaces. #
+# #
+# suffix - A freeform value to suffix IPv4/IPv6 cloaks with. This #
+# must not contain spaces. #
+# #
+# case - The case of the cloak table. Can be set to "upper" or #
+# "lower". Defaults to "lower". #
+# #
+# hostparts - The maximum number of hostname labels that should be #
+# visible on the end of a host. Defaults to 3. #
+# #
+# pathparts - The maximum number of UNIX socket path segments that #
+# should be visible on the end of a host. Defaults to 1. #
+# #
+# psl - If non-empty then the path to a Mozilla Public Suffix #
+# List database to use for finding the visible part of a #
+# hostname or "system" to use the system database if one #
+# exists. This overrides the hostparts (above) field. #
+# Only available if libpsl was installed at build time. #
+# #
+# IMPORTANT: Changing these details will break all of your existing #
+# bans. If you do not want this to happen you can define multiple #
+# cloak tags. The first will be used for hostnames and the rest will #
+# be used for checking if a user is banned in a channel. #
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+#
+#<cloak method="hmac-sha256"
+# key="changeme"
+# class=""
+# prefix="MyNet"
+# suffix="ip"
+# case="lower"
+# hostparts="3"
+# pathparts="1"
+# psl="system">
+#
+#<cloak method="hmac-sha256-addr"
+# key="changeme"
+# class=""
+# prefix="MyNet"
+# suffix="ip"
+# case="lower"
+# pathparts="1">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Static cloak module: Adds the "static" (fixed value) cloak method.
+#<module name="cloak_static">
+#
+#-#-#-#-#-#-#-#-#-#- STATIC CLOAK CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+# To use the cloak_static module you must define a <cloak> tag. This #
+# tag can have the following fields. #
+# #
+# class - If non-empty then a comma-delimited list of connect class #
+# names that a user has to be in to get the cloak from this tag. #
+# #
+# cloak - The cloak to give to users. #
+# #
+# IMPORTANT: Changing these details will break all of your existing #
+# bans. If you do not want this to happen you can define multiple #
+# cloak tags. The first will be used for hostnames and the rest will #
+# be used for checking if a user is banned in a channel. #
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+#
+#<cloak method="static"
+# class=""
+# cloak="some.fixed.value">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# User data cloak module: Adds the "account" (services account name),
+# "account-id" (services account id), "nickname" (current nickname),
+# "fingerprint" (client certificate fingerprint), and "username" (RFC
+# 1413 identification string) cloak methods.
+#<module name="cloak_user">
+#
+#-#-#-#-#-#-#-#-#-#-#- USER CLOAK CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+# To use the cloak_user module you must define a <cloak> tag. This #
+# tag can have the following fields. #
+# #
+# case - The case to transform the cloak value to. Can be set #
+# to "upper" to use upper case, "lower" to use lower #
+# case, or "preserve" to not change the case. Defaults #
+# to "preserve". #
+# #
+# class - If non-empty then a comma-delimited list of connect #
+# class names that a user has to be in to get the #
+# cloak from this tag. #
+# #
+# invalidchar - The action to take when an invalid host character is #
+# encountered in the cloak. Can be set to "reject" to #
+# not apply the cloak, "strip" to remove the invalid #
+# host character, or "truncate" to truncate the cloak #
+# at the invalid host character. Defaults to "strip". #
+# #
+# length - If using the "fingerprint" method them the number of #
+# characters of the fingerprint hash to use. Defaults #
+# to the value of <limits:maxhost> minus the length of #
+# the prefix and suffix fields. #
+# #
+# prefix - A freeform value to prefix cloaks with. This must #
+# not contain spaces. #
+# #
+# suffix - A freeform value to suffix IPv4/IPv6 cloaks with. #
+# This must not contain spaces. #
+# #
+# IMPORTANT: Changing these details will break all of your existing #
+# bans. If you do not want this to happen you can define multiple #
+# cloak tags. The first will be used for hostnames and the rest will #
+# be used for checking if a user is banned in a channel. #
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+#
+#<cloak method="account"
+# case="preserve"
+# class=""
+# invalidchar="strip"
+# prefix=""
+# suffix=".users.example.com">
+#
+#<cloak method="account-id"
+# case="preserve"
+# class=""
+# invalidchar="strip"
+# prefix=""
+# suffix=".users.example.com">
+#
+#<cloak method="fingerprint"
+# case="preserve"
+# class=""
+# invalidchar="strip"
+# length="16"
+# prefix=""
+# suffix=".fp">
+#
+#<cloak method="nickname"
+# case="preserve"
+# class=""
+# invalidchar="strip"
+# prefix="Users/"
+# suffix="">
+#
+#<cloak method="username"
+# case="preserve"
+# class=""
+# invalidchar="strip"
+# prefix="Users/"
+# suffix="">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Codepage module: Allows using a custom 8-bit codepage for nicknames
# and case mapping.
+#<module name="codepage">
#
# You should include one of the following files to set your codepage:
-#<include file="examples/codepages/ascii.conf.example">
-#<include file="examples/codepages/latin1.conf.example">
-#<include file="examples/codepages/rfc1459.conf.example">
-#<include file="examples/codepages/strict-rfc1459.conf.example">
+#<include file="&dir.example;/codepages/ascii.example.conf">
+#<include file="&dir.example;/codepages/iso-8859-1.example.conf">
+#<include file="&dir.example;/codepages/iso-8859-2.example.conf">
+#<include file="&dir.example;/codepages/rfc1459.example.conf">
+#<include file="&dir.example;/codepages/strict-rfc1459.example.conf">
#
# You can also define a custom codepage. For details on how to do this
# please refer to the docs site:
-# https://docs.inspircd.org/3/modules/codepage
+# https://docs.inspircd.org/4/modules/codepage
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Common channels module: Adds user mode +c, which, when set, requires
-# that users must share a common channel with you to PRIVMSG or NOTICE
-# you.
+# that users must share a common channel with you to PRIVMSG, NOTICE,
+# TAGMSG, or INVITE you.
<module name="commonchans">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Connectban: Provides IP connection throttling. Any IP range that
+# connects too many times (configurable) in an hour is Z-lined for a
+# (configurable) duration, and their count resets to 0.
+<module name="connectban">
+#
+# threshold - The number of connections which are allowed before a user
+# is connectbanned. Defaults to 10.
+#
+# banmessage - The message to give users when Z-lining them for connecting
+# too much.
+#
+# banduration - The time period to ban users who connect to much for. Defaults
+# to 10 minutes.
+#
+# ipv4cidr - The IPv4 CIDR mask (1-32) to treat connecting users as coming
+# from the same host. Defaults to 32.
+#
+# ipv6cidr - The IPv6 CIDR mask (1-128) to treat connecting users as coming
+# from the same host. Defaults to 128.
+#
+# bootwait - The time period to wait after starting up before enforcing
+# connection bans. Defaults to 2 minutes.
+#
+# splitwait - The time period to wait after a netsplit before enforcing
+# connection bans. Defaults to 2 minutes.
+#
+#<connectban threshold="10"
+# banmessage="Your IP range has been attempting to connect too many times in too short a duration. Wait a while, and you will be able to connect."
+# banduration="6h"
+# ipv4cidr="32"
+# ipv6cidr="128"
+# bootwait="2m"
+# splitwait="2m">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Connection throttle module.
+<module name="connflood">
+#
+#-#-#-#-#-#-#-#-#-#-#- CONNTHROTTLE CONFIGURATION -#-#-#-#-#-#-#-#-#-#
+# period, maxconns - Amount of connections per <period>.
+#
+# timeout - Time to wait after the throttle was activated
+# before deactivating it. Be aware that the time
+# is seconds + timeout.
+#
+# quitmsg - The message that users get if they attempt to
+# connect while the throttle is active.
+#
+# bootwait - Amount of time in seconds to wait before enforcing
+# the throttling when the server just booted.
+#
+#<connflood period="30" maxconns="3" timeout="30"
+# quitmsg="Throttled" bootwait="2m">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Auto join on connect module: Allows you to force users to join one
# or more channels automatically upon connecting to the server, or
@@ -673,48 +772,6 @@
# #
#<waitpong sendsnotice="no" killonbadreply="yes">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Channel cycle module: Adds the /CYCLE command which is a server-side
-# /HOP that bypasses restrictive modes.
-<module name="cycle">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Connectban: Provides IP connection throttling. Any IP range that
-# connects too many times (configurable) in an hour is Z-lined for a
-# (configurable) duration, and their count resets to 0.
-<module name="connectban">
-#
-# ipv4cidr and ipv6cidr allow you to turn the comparison from
-# individual IP addresses (32 and 128 bits) into CIDR masks, to allow
-# for throttling over whole ISPs/blocks of IPs, which may be needed to
-# prevent attacks.
-#
-# This allows for 10 connections in an hour with a 10 minute ban if
-# that is exceeded.
-#<connectban threshold="10" duration="10m" ipv4cidr="32" ipv6cidr="128"
-# A custom ban message may optionally be specified.
-# banmessage="Your IP range has been attempting to connect too many times in too short a duration. Wait a while, and you will be able to connect.">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Connection throttle module.
-<module name="connflood">
-#
-#-#-#-#-#-#-#-#-#-#-#- CONNTHROTTLE CONFIGURATION -#-#-#-#-#-#-#-#-#-#
-# period, maxconns - Amount of connections per <period>.
-#
-# timeout - Time to wait after the throttle was activated
-# before deactivating it. Be aware that the time
-# is seconds + timeout.
-#
-# quitmsg - The message that users get if they attempt to
-# connect while the throttle is active.
-#
-# bootwait - Amount of time in seconds to wait before enforcing
-# the throttling when the server just booted.
-#
-#<connflood period="30" maxconns="3" timeout="30"
-# quitmsg="Throttled" bootwait="2m">
-
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Custom prefixes: Allows for channel prefixes to be configured.
<module name="customprefix">
@@ -756,9 +813,14 @@
# vhost - Displayed host (optional).
#
#<title name="foo" password="bar" title="Official Chat Helper">
-#<title name="bar" password="foo" host="ident@test.org" title="Official Chat Helper" vhost="helper.test.org">
+#<title name="bar" password="foo" host="test@test.org" title="Official Chat Helper" vhost="helper.test.org">
#<title name="foo" password="$2a$10$UYZ4OcO8NNTCCGyCdY9SK.2GHiqGgxZfHFPOPmWuxEVWVQTtoDC7C" hash="bcrypt" title="Official Chat Helper">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Channel cycle module: Adds the /CYCLE command which is a server-side
+# /HOP that bypasses restrictive modes.
+<module name="cycle">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# DCCALLOW module: Adds the /DCCALLOW command.
#<module name="dccallow">
@@ -784,21 +846,18 @@
# Deaf module: Adds support for user modes +d and +D:
# d - deaf to channel messages and notices.
# D - deaf to user messages and notices.
-# The +D user mode is not enabled by default to enable link compatibility
-# with 2.0 servers.
#<module name="deaf">
#
#-#-#-#-#-#-#-#-#-#-#-#- DEAF CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
-# bypasschars - Characters that bypass deaf to a regular user.
-# bypasscharsuline - Characters that bypass deaf to a U-lined user (services).
-# Both of these take a list of characters that must match
-# the starting character of a message.
-# If 'bypasscharsuline' is empty, then 'bypasschars' will
-# match for both regular and U-lined users.
-# enableprivdeaf - Whether to enable user mode +D (privdeaf).
-# privdeafuline - Whether U-lined users bypass user mode +D (privdeaf).
+# bypasschars - Characters that bypass deaf to a regular user.
+# servicebypasschars - Characters that bypass deaf to a services users.
+# Both of these take a list of characters that must match
+# the starting character of a message.
+# If 'servicebypasschars' is empty, then 'bypasschars' will
+# match for both regular and services users.
+# privdeafservice - Whether services users bypass user mode +D (privdeaf).
#
-#<deaf bypasschars="" bypasscharsuline="!" enableprivdeaf="no" privdeafuline="yes">
+#<deaf bypasschars="" servicebypasschars="!" privdeafservice="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Delay join module: Adds the channel mode +D which delays all JOIN
@@ -813,8 +872,6 @@
# from talking in the channel unless they've been joined for X seconds.
# Settable using /MODE #chan +d 30
#<module name="delaymsg">
-# Set allownotice to no to disallow NOTICEs too. Defaults to yes.
-#<delaymsg allownotice="no">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Deny channels module: Deny channels from being used by users.
@@ -883,60 +940,51 @@
<module name="dnsbl">
# #
# For configuration options please see the docs page for dnsbl at #
-# https://docs.inspircd.org/3/modules/dnsbl #
-<dnsbl name="DroneBL"
- domain="dnsbl.dronebl.org"
- type="record"
- records="3,5,6,7,8,9,10,11,13,14,15,16,17,19"
- action="ZLINE"
- duration="7d"
- reason="You are listed in DroneBL. Please visit https://dronebl.org/lookup.do?ip=%ip% for more information.">
-
-<dnsbl name="EFnet RBL"
- domain="rbl.efnetrbl.org"
- type="record"
- records="1,2,3,4,5"
- action="ZLINE"
- duration="7d"
- reason="You are listed in the EFnet RBL. Please visit https://rbl.efnetrbl.org/?i=%ip% for more information.">
-
-<dnsbl name="torexit.dan.me.uk"
- domain="torexit.dan.me.uk"
- type="record"
- records="100"
- action="ZLINE"
- duration="7d"
- reason="Tor exit nodes are not allowed on this network. See https://metrics.torproject.org/rs.html#search/%ip% for more information.">
+# https://docs.inspircd.org/4/modules/dnsbl. You can also use one or #
+# more of the following example configs for popular DNSBLs: #
+# #
+# DroneBL (https://dronebl.org) #
+<include file="&dir.example;/providers/dronebl.example.conf">
+# #
+# EFnet RBL (https://rbl.efnetrbl.org) #
+<include file="&dir.example;/providers/efnet-rbl.example.conf">
+# #
+# dan.me.uk Tor exit node DNSBL (https://www.dan.me.uk/dnsbl) #
+<include file="&dir.example;/providers/torexit.example.conf">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Exempt channel operators module: Provides support for allowing #
# users of a specified channel status to be exempt from some channel #
# restriction modes. Supported restrictions are: #
-# anticaps, auditorium-see, auditorium-vis, blockcaps, blockcolor, #
-# censor, filter, flood, nickflood, noctcp, nonick, nonotice, #
-# regmoderated, stripcolor, and topiclock. #
-# See <options:exemptchanops> in inspircd.conf.example for a more #
+# anticaps, auditorium-see, auditorium-vis, blockcolor, delaymsg, #
+# filter, flood, nickflood, noctcp, nonick, nonotice, opmoderated, #
+# regmoderated, repeat, stripcolor, topiclock #
+# See <options:exemptchanops> in inspircd.example.conf for a more #
# detailed list of the restriction modes that can be exempted. #
# These are settable using: /MODE #chan +X <restriction>:<status> #
+# Furthermore, the exemptions configured in <options:exemptchanops> #
+# can also be negated by using: /MODE #chan +X <restriction>:* #
<module name="exemptchanops">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Filter module: Provides message filtering, similar to SPAMFILTER. #
<module name="filter">
# #
-# This module depends upon a regex provider such as regex_pcre or #
+# This module depends upon a regex provider such as regex_stdlib or #
# regex_glob to function. You must specify which of these you want #
# the filter module to use via the tag below. #
# #
# Valid engines are: #
# #
# glob - Glob patterns, provided via regex_glob. #
-# pcre - PCRE regexps, provided via regex_pcre, needs libpcre. #
-# tre - TRE regexps, provided via regex_tre, requires libtre. #
+# pcre - PCRE regexps, provided via regex_pcre2, needs libpcre2. #
# posix - POSIX regexps, provided via regex_posix, not available #
# on Windows, no dependencies on other operating systems. #
-# stdlib - stdlib regexps, provided via regex_stdlib, see comment #
-# at the <module> tag for info on availability. #
+# stdregex - stdlib regexps, provided via regex_stdlib, see comment #
+# at the <module> tag for info on availability. #
+# #
+# If enableflags is set, you can specify flags that modify matching #
+# of the regular expression. #
# #
# If notifyuser is set to no, the user will not be notified when #
# their message is blocked. #
@@ -946,12 +994,15 @@
# warning will be sent to opers instead. This stops spambots which #
# send their spam message to themselves first to check if it is being #
# filtered by the server. #
-#<filteropts engine="glob" notifyuser="yes" warnonselfmsg="no">
+#<filteropts engine="stdregex"
+# enableflags="yes"
+# notifyuser="yes"
+# warnonselfmsg="no">
# #
# Your choice of regex engine must match on all servers network-wide. #
# #
# To learn more about the configuration of this module, read #
-# examples/filter.conf.example, which covers the various types of #
+# examples/filter.example.conf, which covers the various types of #
# filters and shows how to add exemptions. #
# #
#-#-#-#-#-#-#-#-#-#-#- FILTER CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
@@ -960,21 +1011,89 @@
# specify below the path to the filter.conf file, or define some #
# <keyword> tags. #
# #
-#<include file="examples/filter.conf.example">
+#<include file="&dir.example;/filter.example.conf">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Flash Policy Daemon module: Allows Flash IRC clients (e.g. LightIRC)#
-# to connect. If no file is specified, it'll serve a default policy #
-# allowing all IPs to connect to all plaintext IRC ports #
-#<bind address="" port="8430" type="flashpolicyd"> #
-#<flashpolicyd timeout="5" file=""> #
-#<module name="flashpolicyd"> #
+# Gateway module: Enables forwarding the real IP address of a user from
+# a gateway to the IRC server.
+<module name="gateway">
+#
+#-#-#-#-#-#-#-#-#-#-#-# GATEWAY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#-#
+#
+# If you use the gateway module then you must specify the gateways which
+# are authorised to forward IP/host information to your server. There
+# are currently two ways to do this:
+#
+# The webirc method is the recommended way to allow gateways to forward
+# IP/host information. When using this method the gateway sends a WEBIRC
+# message to the server on connection. For more details please read the
+# IRCv3 WebIRC specification at: https://ircv3.net/specs/extensions/webirc.html
+#
+# When using this method you must specify one or more wildcard masks
+# or CIDR ranges to allow gateway connections from and at least one of
+# either a TLS client certificate fingerprint for the gateway or
+# a password to be sent in the WEBIRC command.
+#
+# <gateway type="webirc"
+# fingerprint="bd90547b59c1942b85f382bc059318f4c6ca54c5"
+# mask="192.0.2.0/24 198.51.100.*">
+# <gateway type="webirc"
+# password="$2a$10$WEUpX9GweJiEF1WxBDSkeODBstIBMlVPweQTG9cKM8/Vd58BeM5cW"
+# hash="bcrypt"
+# mask="*.webirc.gateway.example.com">
+#
+# Alternatively if your gateway does not support sending the WEBIRC
+# message then you can configure InspIRCd to look for the client IP
+# address in the username sent by the user. This is not recommended
+# as it only works with IPv4 connections.
+#
+# When using this method you must specify one or more wildcard masks
+# or CIDR ranges to allow gateway connections from. You can also
+# optionally configure the static value that replaces the IP in the
+# username to avoid leaking the real IP address of gateway clients
+# (defaults to "gateway" if not set).
+#
+# <gateway type="username"
+# mask="198.51.100.0/24 203.0.113.*"
+# newusername="wibble">
+# <gateway type="username"
+# mask="*.username.gateway.example.com"
+# newusername="wobble">
+#
+# IMPORTANT NOTE:
+# ---------------
+#
+# When you connect gateway clients, there are two connect classes which
+# apply to these clients. When the client initially connects, the connect
+# class which matches the gateway site's host is checked. Therefore you
+# must raise the maximum local/global clients for this IP as high as you
+# want to allow gateway clients. After the client has connected and is
+# determined to be a gateway client, the class which matches the client's
+# real IP is then checked. You may set this class to a lower value, so that
+# the real IP of the client can still be restricted to, for example, 3
+# sessions maximum.
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Real name ban: Implements two extended bans: #
-# 'a', which matches a n!u@h+realname mask like +b a:*!*@host+*real* #
-# 'r', which matches a realname mask like +b r:*realname?here* #
-<module name="gecosban">
+# MaxMindDB geolocation module: Provides geolocation information for #
+# other modules that need it using the libMaxMindDB library. #
+# #
+# This module depends on a third-party library (libmaxminddb) and may #
+# need to be manually enabled at build time. If you are building from #
+# source you can do this by installing this dependency and running: #
+# #
+# ./configure --enable-extras geo_maxmind #
+# make install #
+# #
+# Users of binary packages should consult the documentation for their #
+# package to find out whether this module is available. #
+#<module name="geo_maxmind">
+# #
+# If you use the geo_maxmind module you MUST provide a database file #
+# to look up geolocation information in. You can either purchase this #
+# from MaxMind at https://www.maxmind.com/en/geoip2-country-database #
+# or use the free CC-BY-SA licensed GeoLite2 Country database which #
+# can be downloaded at https://dev.maxmind.com/geoip/geoip2/geolite2/ #
+#<maxmind file="GeoLite2-Country.mmdb">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Geolocation ban module: Adds support for extban 'G' which matches #
@@ -1000,32 +1119,6 @@
# https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2 #
#<module name="geoclass">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# MaxMindDB geolocation module: Provides geolocation information for #
-# other modules that need it using the libMaxMindDB library. #
-# #
-# This module is in extras. Re-run configure with: #
-# ./configure --enable-extras geo_maxmind
-# and run make install, then uncomment this module to enable it. #
-# #
-# This module requires libMaxMindDB to be installed on your system. #
-# Use your package manager to find the appropriate packages or check #
-# the InspIRCd documentation page for this module. #
-#<module name="geo_maxmind">
-# #
-# If you use the geo_maxmind module you MUST provide a database file #
-# to look up geolocation information in. You can either purchase this #
-# from MaxMind at https://www.maxmind.com/en/geoip2-country-database #
-# or use the free CC-BY-SA licensed GeoLite2 Country database which #
-# can be downloaded at https://dev.maxmind.com/geoip/geoip2/geolite2/ #
-#<maxmind file="GeoLite2-Country.mmdb">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Globops module: Provides the /GLOBOPS command and snomask +g.
-# This module is oper-only.
-# To use, GLOBOPS must be in one of your oper class blocks.
-<module name="globops">
-
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Global load module: Allows loading and unloading of modules network-
# wide (USE WITH EXTREME CAUTION!)
@@ -1035,6 +1128,12 @@
# must be in one of your oper class blocks.
<module name="globalload">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Globops module: Provides the /GLOBOPS command and snomask +g.
+# This module is oper-only.
+# To use, GLOBOPS must be in one of your oper class blocks.
+<module name="globops">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# HAProxy module: Adds support for the HAProxy PROXY v2 protocol. To
# use this module specify hook="haproxy" in the <bind> tag that HAProxy
@@ -1042,25 +1141,41 @@
#<module name="haproxy">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# HELPOP module: Provides the /HELPOP command
-#<module name="helpop">
+# Help module: Provides the /HELP command
+<module name="help">
#
-#-#-#-#-#-#-#-#-#-#-#-#- HELPOP CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+#-#-#-#-#-#-#-#-#-#-#-#- HELP CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
# #
-# If you specify to use the helpop module, then specify below the #
-# path to the helpop.conf file. #
+# If you specify to use the help module, then specify below the path #
+# to the help.conf file. #
# #
-#<include file="examples/helpop.conf.example">
+<include file="&dir.example;/help.example.conf">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Help mode module: Provides oper-only user mode `h` (helpop) which
+# marks a server operator as available for help.
+#<module name="helpmode">
+#
+# If you also use the hideoper module you can allow hidden opers with
+# the help mode set to to be included in `/STATS P` and mark helpers
+# as such to differentiate them from opers.
+# <helpmode ignorehideoper="no"
+# markhelpers="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Hide chans module: Allows users to hide their channels list from non-
# opers by setting user mode +I on themselves.
<module name="hidechans">
#
-# This mode can optionally prevent opers from seeing channels on a +I
-# user, for more privacy if set to true.
-# This setting is not recommended for most mainstream networks.
-#<hidechans affectsopers="false">
+# affectsopers: Whether server operators with the users/auspex privilege
+# are exempt from the hideoper (+I) mode. Defaults to no.
+#
+# hideservices: Whether to hide the channels of services pseudoclients
+# with the hideoper (+I) mode from all users. Defaults
+# to yes.
+#
+# <hidechans affectsopers="no"
+# hideservices="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Hide list module: Allows for hiding the list of listmodes from users
@@ -1098,21 +1213,8 @@
#<module name="hideoper">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Hostchange module: Allows a different style of cloaking.
-#<module name="hostchange">
-#
-#-#-#-#-#-#-#-#-#-#-#- HOSTCHANGE CONFIGURATION -#-#-#-#-#-#-#-#-#-#
-# #
-# See https://docs.inspircd.org/3/modules/hostchange for help. #
-# #
-#<hostchange mask="*@42.theanswer.example.org" action="addaccount" suffix=".users.example.com">
-#<hostchange mask="*root@*" action="addnick" prefix="example/users/">
-#<hostchange mask="a@example.com" action="set" value="foo.bar.baz">
-#<hostchange mask="*@localhost" ports="7000,7001,7005-7007" action="set" value="blahblah.foo">
-
-# hostcycle: If loaded, when a user gets a host or ident set, it will
-# cycle them in all their channels. If not loaded it will simply change
-# their host/ident without cycling them.
+# hostcycle module: Sends a fake part and join for users when their
+# username or hostname changes to update client information caches.
# This module is compatible with the ircv3_chghost module. Clients
# supporting the chghost extension will get the chghost message instead
# of seeing a host cycle.
@@ -1128,7 +1230,7 @@
# a <bind> tag with type "httpd", and load at least one of the other
# httpd_* modules to provide pages to display.
# <bind address="127.0.0.1" port="8067" type="httpd">
-# <bind address="127.0.0.1" port="8097" type="httpd" ssl="gnutls">
+# <bind address="127.0.0.1" port="8097" type="httpd" sslprofile="Clients">
#
# You can adjust the timeout for HTTP connections below. All HTTP
# connections will be closed after (roughly) this time period.
@@ -1173,7 +1275,7 @@
# Ident: Provides RFC 1413 ident lookup support.
# When this module is loaded <connect:allow> tags may have an optional
# useident="yes|no" boolean value, determining whether or not to lookup
-# ident on users matching that connect tag.
+# usernames on users matching that connect tag.
#<module name="ident">
#
#-#-#-#-#-#-#-#-#-#-#-#- IDENT CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
@@ -1182,10 +1284,10 @@
# the timeout for ident lookups here. If not defined, it will default #
# to 5 seconds. This is a non-blocking timeout which holds the user #
# in a 'connecting' state until the lookup is complete. #
-# prefixunqueried: If on, the idents of users being in a connect class#
-# with ident lookups disabled (i.e. <connect useident="off">) will be #
-# prefixed with a "~". If off, the ident of those users will not be #
-# prefixed. Default is off. #
+# prefixunqueried: If yes, the usernames of users in a connect class #
+# with ident lookups disabled (i.e. <connect useident="no">) will be #
+# prefixed with a "~". If no, the username of those users will not be #
+# prefixed. Default is no. #
#
#<ident timeout="5" prefixunqueried="no">
@@ -1197,8 +1299,8 @@
#<inviteexception bypasskey="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# IRCv3 module: Provides the following IRCv3 extensions:
-# extended-join, away-notify and account-notify. These are optional
+# IRCv3 module: Provides the IRCv3 account-notify, away-notify,
+# extended-join, and standard-replies extensions. These are optional
# enhancements to the client-to-server protocol. An extension is only
# active for a client when the client specifically requests it, so this
# module needs the cap module to work.
@@ -1211,11 +1313,14 @@
# The following block can be used to control which extensions are
# enabled. Note that extended-join can be incompatible with delayjoin
# and host cycling.
-#<ircv3 accountnotify="on" awaynotify="on" extendedjoin="on">
+#<ircv3 accountnotify="yes"
+# awaynotify="yes"
+# extendedjoin="yes"
+# standardreplies="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 account-tag module. Adds the 'account' tag which contains the
-# services account name of the message sender.
+# user account name of the message sender.
<module name="ircv3_accounttag">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
@@ -1231,10 +1336,11 @@
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 chghost module: Provides the chghost IRCv3 extension which
-# allows capable clients to learn when the host/ident of another user
-# changes without cycling the user. This module is compatible with the
-# hostcycle module. If both are loaded, clients supporting the chghost
-# extension will get the chghost message and won't see host cycling.
+# allows capable clients to learn when the username or hostname of a
+# user changes
+# This module is compatible with the hostcycle module. If both are
+# loaded, clients supporting the chghost extension will get the chghost
+# message and won't receive a host cycle.
<module name="ircv3_chghost">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
@@ -1258,7 +1364,7 @@
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# IRCv3 invite-notify module: Provides the invite-notify IRCv3
# extension which notifies supporting clients when a user invites
-# another user into a channel. This respects <options:announceinvites>.
+# another user into a channel. This respects <security:announceinvites>.
<module name="ircv3_invitenotify">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
@@ -1306,20 +1412,27 @@
# Closes the channel for N seconds if X users join in Y seconds.
<module name="joinflood">
#
-# duration: The number of seconds to close a channel for when it is
-# being flooded with joins.
+# duration: The number of seconds to close a channel for when it is
+# being flooded with joins.
+#
+# bootwait: The number of seconds to disengage joinflood for after
+# a server boots. This allows users to reconnect without
+# being throttled by joinflood.
#
-# bootwait: The number of seconds to disengage joinflood for after
-# a server boots. This allows users to reconnect without
-# being throttled by joinflood.
+# splitwait: The number of seconds to disengage joinflood for after
+# a server splits. This allows users to reconnect without
+# being throttled by joinflood.
#
-# splitwait: The number of seconds to disengage joinflood for after
-# a server splits. This allows users to reconnect without
-# being throttled by joinflood.
+# notifyrank: The lowest prefix rank that should receive notification
+# that the channel is closed to new users. This can be set
+# to 0 for all users, 10000 for voiced users (+v) and above,
+# 30000 for channel operators (+o), or the value specified
+# in <customprefix:rank> for any custom prefix rank.
#
#<joinflood duration="1m"
# bootwait="30s"
-# splitwait="30s">
+# splitwait="30s"
+# notifyrank="0">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Anti auto rejoin: Adds support for prevention of auto-rejoin (+J).
@@ -1341,11 +1454,18 @@
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# LDAP module: Allows other SQL modules to access a LDAP database
# through a unified API.
-# This modules is in extras. Re-run configure with:
-# ./configure --enable-extras ldap
-# and run make install, then uncomment this module to enable it.
#
+# This module depends on a third-party library (OpenLDAP) and may need
+# to be manually enabled at build time. If you are building from source
+# you can do this by installing this dependency and running:
+#
+# ./configure --enable-extras ldap
+# make install
+#
+# Users of binary packages should consult the documentation for their
+# package to find out whether this module is available.
#<module name="ldap">
+#
#<database module="ldap" id="ldapdb" server="ldap://localhost" binddn="cn=Manager,dc=inspircd,dc=org" bindauth="mysecretpass" searchscope="subtree">
# The server parameter indicates the LDAP server to connect to. The #
# ldap:// style scheme before the hostname proper is MANDATORY. #
@@ -1369,13 +1489,13 @@
# <ldapauth dbid="ldapdb" #
# baserdn="ou=People,dc=brainbox,dc=cc" #
# attribute="uid" #
-# allowpattern="Guest* Bot*" #
# killreason="Access denied" #
# verbose="yes" #
# host="$uid.$ou.inspircd.org" #
-# useusername="no"> #
+# field="nickname"> #
# #
-# <ldapwhitelist cidr="10.42.0.0/16"> #
+# <ldapexemption mask="*!*@10.42.0.0/16"> #
+# <ldapexemption mask="Guest*!*@*"> #
# #
# <ldaprequire attribute="attr" value="val"> #
# #
@@ -1385,14 +1505,8 @@
# The attribute value indicates the attribute which is used to locate #
# a user account by name. On POSIX systems this is usually 'uid'. #
# #
-# The allowpattern value allows you to specify a space separated list #
-# of wildcard masks which will always be allowed to connect #
-# regardless of if they have an account, for example guest and bot #
-# users. #
-# #
-# The useusername setting chooses whether the user's username or #
-# nickname is used when locating a user account, if a username isn't #
-# provided in PASS. #
+# The field setting chooses where to select the LDAP username from. #
+# Valid options are "nickname", "username", and "password". #
# #
# Killreason indicates the QUIT reason to give to users if they fail #
# to authenticate. #
@@ -1436,15 +1550,66 @@
# not loaded the oper accounts are still protected by a password. #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Lock server module: Adds /LOCKSERV and /UNLOCKSERV commands that #
-# are used to temporarily close/open the server for new connections. #
-# These commands require that the /LOCKSERV and /UNLOCKSERV commands #
-# are specified in a <class> tag that the oper is part of. This is so #
-# you can control who has access to this possible dangerous command. #
-# If your server is locked and you get disconnected, do a REHASH from #
-# shell to open up again. #
-# This module is oper-only.
-#<module name="lockserv">
+# JSON logging module: Allows writing messages to a JSON file. #
+# #
+# This module depends on a third-party library (yyjson or RapidJSON) #
+# and may need to be manually enabled at build time. If you are #
+# building from source you can do this by installing this dependency #
+# and running: #
+# #
+# ./configure --enable-extras log_json #
+# make install #
+# #
+# Users of binary packages should consult the documentation for their #
+# package to find out whether this module is available. #
+#<module name="log_json">
+#
+#<log method="json"
+# target="inspircd.json"
+# level="normal"
+# type="* -USERINPUT -USEROUTPUT">
+#
+#<log method="json-stderr"
+# level="normal"
+# type="* -USERINPUT -USEROUTPUT">
+#
+#<log method="json-stdout"
+# level="normal"
+# type="* -USERINPUT -USEROUTPUT">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# SQL logging module: Allows writing messages to an SQL database.. #
+#<module name="log_sql">
+#
+# This module adds the following fields to the <log> tag:
+#
+# dbid - The id for the <database> tag that defines your database
+# connection details.
+# query - A custom query to use when inserting logs into the database.
+#
+#<log method="sql"
+# level="normal"
+# type="* -USERINPUT -USEROUTPUT"
+# dbid="sql-log"
+# query="INSERT INTO ircd_log (time, type, message) VALUES (FROM_UNIXTIME($time), '$type', '$message');">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Syslog logging module: Allows writing messages to the system log. #
+# #
+# This module depends on a POSIX component (syslog) and may need to #
+# be manually enabled at build time. If you are building from source #
+# you can do this by running: #
+# #
+# ./configure --enable-extras log_syslog #
+# make install #
+# #
+# Users of binary packages should consult the documentation for their #
+# package to find out whether this module is available. #
+#<module name="log_syslog">
+#
+#<log method="syslog"
+# level="normal"
+# type="* -USERINPUT -USEROUTPUT">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Map hiding module: replaces /MAP and /LINKS output to users with a #
@@ -1452,6 +1617,17 @@
# the <security> tag, instead. #
#<module name="maphide">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# MD5 module: Allows other modules to generate MD5 hashes, usually for
+# cryptographic uses and security. This module is deprecated and will
+# be removed in the next major version of InspIRCd.
+#
+# IMPORTANT:
+# Other modules such as cloak_md5 and password_hash may rely on
+# this module being loaded to function.
+#
+#<module name="md5">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Message flood module: Adds message/notice flood protection via
# channel mode +f.
@@ -1461,18 +1637,11 @@
# 1/5 of a NOTICE or PRIVMSG to avoid users being accidentally flooded
# out of a channel by automatic client features such as typing
# notifications.
-#<messageflood notice="1.0" privmsg="1.0" tagmsg="0.2">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# MLOCK module: Adds support for server-side enforcement of services
-# side MLOCKs. Basically, this module suppresses any mode change that
-# would likely be immediately bounced by services.
-<module name="mlock">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Modenotice module: Adds the /MODENOTICE command that allows opers to
-# send notices to all users having the given user mode(s) set.
-#<module name="modenotice">
+#<messageflood message="Message flood detected (trigger is %messages% messages in %duration%)"
+# extended="yes"
+# notice="1.0"
+# privmsg="1.0"
+# tagmsg="0.2">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Monitor module: Adds support for MONITOR which is used by clients to
@@ -1482,20 +1651,42 @@
# Set the maximum number of entries on a user's monitor list below.
#<monitor maxentries="30">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Multiple prefix module: Provides support for the IRCv3 multi-prefix
+# capability which allows clients to see all the prefix modes set on a
+# user.
+<module name="multiprefix">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Muteban: Implements extended ban 'm', which stops anyone matching
+# a mask like +b m:nick!user@host from speaking on channel.
+#<module name="muteban">
+#
+# If notifyuser is set to no, the user will not be notified when
+# their message is blocked.
+#<muteban notifyuser="yes">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# MySQL module: Allows other SQL modules to access MySQL databases
# through a unified API.
-# This module is in extras. Re-run configure with:
-# ./configure --enable-extras mysql
-# and run make install, then uncomment this module to enable it.
+#
+# This module depends on a third-party library (libmysqlclient) and may
+# need to be manually enabled at build time. If you are building from
+# source you can do this by installing this dependency and running:
+#
+# ./configure --enable-extras mysql
+# make install
+#
+# Users of binary packages should consult the documentation for their
+# package to find out whether this module is available.
#<module name="mysql">
#
#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# mysql is more complex than described here, see the docs for more #
-# info: https://docs.inspircd.org/3/modules/mysql #
+# info: https://docs.inspircd.org/4/modules/mysql #
#
-#<database module="mysql" name="mydb" user="myuser" pass="mypass" host="localhost" id="my_database2">
+#<database module="mysql" name="mydb" user="myuser" pass="mypass" host="localhost" id="my_database2" ssl="no">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Named modes module: Allows for the display and set/unset of channel
@@ -1504,36 +1695,12 @@
# /PROP #channel ban=foo!bar@baz
#<module name="namedmodes">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# NAMESX module: Provides support for the NAMESX extension which allows
-# clients to see all the prefixes set on a user without getting confused.
-# This is supported by mIRC, x-chat, klient, and maybe more.
-<module name="namesx">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# National characters module:
-# 1) Allows using national characters in nicknames.
-# 2) Allows using custom (national) casemapping over the network.
-#
-# This module is incredibly poorly written and documented. You should
-# probably use the codepage module instead for 8-bit codepages.
-#<module name="nationalchars">
-#
-# file - Location of the file which contains casemapping rules. If this
-# is a relative path then it is relative to "<PWD>/../locales"
-# on UNIX and "<PWD>/locales" on Windows.
-# casemapping - The name of the casemapping sent to clients in the 005
-# numeric. If this is not set then it defaults to the name
-# of the casemapping file unless the file name contains a
-# space in which case you will have to specify it manually.
-#<nationalchars file="bynets/russian-w1251-charlink" casemapping="ru_RU.cp1251-charlink">
-
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Nickchange flood protection module: Provides channel mode +F X:Y
# which allows up to X nick changes in Y seconds.
#<module name="nickflood">
#
-# The number of seconds to prevent nick changes for:
+# The time period to prevent nick changes for:
#<nickflood duration="1m">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
@@ -1547,10 +1714,6 @@
# No CTCP module: Adds the channel mode +C and user mode +T to block
# CTCPs and extban 'C' to block CTCPs sent by specific users.
<module name="noctcp">
-#
-# The +T user mode is not enabled by default to enable link compatibility
-# with 2.0 servers. You can enable it by uncommenting this:
-#<noctcp enableumode="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# No kicks module: Adds the +Q channel mode and the Q: extban to deny
@@ -1564,11 +1727,6 @@
# nick.
#<module name="nonicks">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# No part message module: Adds extban 'p' to block part messages from #
-# matching users. #
-#<module name="nopartmsg">
-
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# No notice module: Adds the channel mode +T and the extban 'T' to
# block specific users from noticing the channel.
@@ -1588,12 +1746,10 @@
#<ojoin prefix="!" notice="yes" op="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Oper channels mode: Adds the +O channel mode and extban O:<mask>
-# to ban, except, etc. specific oper types. For example
-# /MODE #channel +iI O:* is equivalent to channel mode +O, but you
-# may also set +iI O:AdminTypeOnly to only allow admins.
-# Modes +I and +e work in a similar fashion.
-<module name="operchans">
+# Oper channels mode: Adds the +O channel mode which restricts channel
+# access to server operators and extbans O:<type> and o:<account> that
+# match against an oper type and oper account respectively.
+#<module name="operchans">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper join module: Auto-joins opers to a channel upon oper-up.
@@ -1618,16 +1774,37 @@
#
#<type name="Helper" autojoin="#help" classes="...">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Oper levels module: Gives each oper a level and prevents actions
+# being taken by lower level opers against higher level opers.
+# Specify the level as the 'level' parameter of the <type> tag.
+# This module is oper-only.
+#<module name="operlevels">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper log module: Logs all oper commands to the server log (with log
-# type "m_operlog" at default loglevel), and optionally to the 'r'
+# type "m_operlog" at default loglevel), and optionally to the 'o'
# snomask.
# This module is oper-only.
<module name="operlog">
#
# If the following option is on then all oper commands will be sent to
-# the snomask 'r'. The default is off.
-#<operlog tosnomask="off">
+# the snomask 'o'. The default is no.
+#<operlog tosnomask="no">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Oper modes module: Allows you to specify modes to add/remove on oper.
+# Specify the modes as the 'modes' parameter of the <type> tag
+# and/or as the 'modes' parameter of the <oper> tag.
+# This module is oper-only. For the user equivalent, see the
+# conn_umodes module.
+<module name="opermodes">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Oper MOTD module: Provides support for a separate message of the day
+# on oper-up.
+# This module is oper-only.
+#<module name="opermotd">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Oper prefixing module: Adds a channel prefix mode +y which is given
@@ -1642,20 +1819,11 @@
# You may additionally customise the prefix character.
#<operprefix prefix="!">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Oper MOTD module: Provides support for a separate message of the day
-# on oper-up.
-# This module is oper-only.
-#<module name="opermotd">
-#
-#-#-#-#-#-#-#-#-#-#-# OPERMOTD CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
-# #
-# If you are using the opermotd module, specify the motd file here. #
-# #
-# onoper - If on, the message is sent on /OPER, otherwise it's #
-# only sent when /OPERMOTD is used. #
-# #
-#<opermotd file="examples/opermotd.txt.example" onoper="yes">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Op moderated module: Adds channel mode +U and extban u: which allow
+# making messages from matching unprivileged users only visible to
+# channel operators.
+#<module name="opmoderated">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Override module: Adds support for oper override.
@@ -1666,7 +1834,7 @@
# #
# Much of override's configuration relates to your oper blocks. #
# For more information on how to allow opers to override, see: #
-# https://docs.inspircd.org/3/modules/override #
+# https://docs.inspircd.org/4/modules/override #
# #
# noisy - If enabled, all oper overrides will be announced #
# via channel notice. #
@@ -1674,45 +1842,37 @@
# requirekey - If enabled, overriding on join requires a channel #
# key of "override" to be specified. #
# #
-# enableumode - If enabled, user mode +O is required for override. #
+# timeout: The time period after which to automatically remove #
+# the override user mode. If not set then it will not #
+# be removed automatically. #
# #
-#<override noisy="yes" requirekey="no" enableumode="yes">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Oper levels module: Gives each oper a level and prevents actions
-# being taken by lower level opers against higher level opers.
-# Specify the level as the 'level' parameter of the <type> tag.
-# This module is oper-only.
-#<module name="operlevels">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Oper modes module: Allows you to specify modes to add/remove on oper.
-# Specify the modes as the 'modes' parameter of the <type> tag
-# and/or as the 'modes' parameter of the <oper> tag.
-# This module is oper-only. For the user equivalent, see the
-# conn_umodes module.
-#<module name="opermodes">
+#<override noisy="yes"
+# requirekey="no"
+# timeout="30m">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Password forwarding module: Forwards a password users can send on
-# connect to the specified client below. The client is usually NickServ
-# and this module is usually used to authenticate users with NickServ
-# using their connect password.
+# Password forwarding module: Allows forwarding passwords to services to
+# automatically log users into their account. The password can either be
+# specified as the server password or as a second parameter to the /NICK
+# command.
<module name="passforward">
<passforward
- # nick: nick to forward connect passwords to.
- nick="NickServ"
- # forwardmsg: Message to send to users using a connect password.
- # $nick will be the users' nick, $nickrequired will be the nick
- # of where the password is going (the nick above).
- # You can also use $user for the user ident string.
- forwardmsg="NOTICE $nick :*** Forwarding PASS to $nickrequired"
+ # nick: The nick of the service to forward passwords to.
+ nick="NickServ"
+
+ # forwardmsg: Message to send to users when forwarding their
+ # password. You can use the following variables in this message:
+ #
+ # %nick% The nickname of the authenticating user.
+ # %nickrequired% The nickname of the service to forward to (see above).
+ # %pass% The password to forward to services.
+ # %user% The username of the authenticating user.
+ forwardmsg="NOTICE %nick% :*** Forwarding password to %nickrequired%"
- # cmd: Command for the user to run when it receives a connect
- # password.
- cmd="SQUERY $nickrequired :IDENTIFY $pass">
+ # cmd: The message to send to forward passwords to services.
+ cmd="SQUERY %nickrequired% :IDENTIFY %nick% %pass%">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Password hash module: Allows hashed passwords to be used.
@@ -1725,7 +1885,7 @@
# password you want to hash. For example:
#
# <oper name="Brain"
-# host="ident@dialup15.isp.test.com"
+# host="brain@dialup15.isp.test.com"
# hash="bcrypt"
# password="$2a$10$Mss9AtHHslZTLBrXqM0FB.JBwD.UTSu8A48SfrY9exrpxbsRiRTbO"
# type="NetAdmin">
@@ -1738,11 +1898,14 @@
#
# Generate hashes using the /MKPASSWD command on the server.
# Don't run it on a server you don't trust with your password.
+#
+# You can also make the MKPASSWD command oper only by uncommenting this:
+#<mkpasswd operonly="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# PBKDF2 module: Allows other modules to generate PBKDF2 hashes,
# usually for cryptographic uses and security.
-# This module relies on other hash providers (e.g. SHA256).
+# This module relies on other hash providers (e.g. SHA2).
#<module name="pbkdf2">
#
# iterations: Iterations the hashing function runs when generating new
@@ -1750,7 +1913,7 @@
# length: Length in bytes of the derived key.
#<pbkdf2 iterations="12288" length="32">
# You can override these values with specific values
-# for specific providers if you want to. Example given for SHA256.
+# for specific providers if you want to. Example given for SHA2.
#<pbkdf2prov hash="sha256" iterations="24576">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
@@ -1766,15 +1929,28 @@
# whenever +P is set, unset, or the topic/modes on a +P channel is changed.
# If you want to do this, set the filename below, and uncomment the include.
#
-# If 'listmodes' is true then all list modes (+b, +I, +e, +g...) will be
-# saved. Defaults to false.
+# If 'listmodes' is yes then all list modes (+b, +I, +e, +g...) will be
+# saved. Defaults to no.
#
# 'saveperiod' determines how often to check if the database needs to be
# saved to disk. Defaults to every five seconds.
+#
+# 'backoff' is the value to multiply the saveperiod by every time a save
+# fails. When the save succeeds the period will be reset.
+#
+# 'maxbackoff' is the maximum write period that should be allowed even
+# if incremental backoff is enabled.
+#
+# 'operonly' determines whether a server operator or services server is
+# needed to enable the permchannels mode. You should generally keep this
+# set to yes unless you know what you are doing.
#<permchanneldb filename="permchannels.conf"
# listmodes="yes"
-# saveperiod="5s">
-#<include file="permchannels.conf">
+# saveperiod="5s"
+# backoff="2"
+# maxbackoff="5m"
+# operonly="yes">
+#<include file="permchannels.conf" missingokay="yes">
#
# You may also create channels on startup by using the <permchannels> block.
#<permchannels channel="#opers" modes="isP" topic="Opers only.">
@@ -1782,26 +1958,24 @@
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# PostgreSQL module: Allows other SQL modules to access PgSQL databases
# through a unified API.
-# This module is in extras. Re-run configure with:
-# ./configure --enable-extras pgsql
-# and run make install, then uncomment this module to enable it.
+#
+# This module depends on a third-party library (libpq) and may need to
+# be manually enabled at build time. If you are building from source
+# you can do this by installing this dependency and running:
+#
+# ./configure --enable-extras pgsql
+# make install
+#
+# Users of binary packages should consult the documentation for their
+# package to find out whether this module is available.
#<module name="pgsql">
#
#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# pgsql is more complex than described here, see the docs for #
-# more: https://docs.inspircd.org/3/modules/pgsql #
+# more: https://docs.inspircd.org/4/modules/pgsql #
#
-#<database module="pgsql" name="mydb" user="myuser" pass="mypass" host="localhost" id="my_database" ssl="no">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Muteban: Implements extended ban 'm', which stops anyone matching
-# a mask like +b m:nick!user@host from speaking on channel.
-#<module name="muteban">
-#
-# If notifyuser is set to no, the user will not be notified when
-# their message is blocked.
-#<muteban notifyuser="yes">
+#<database module="pgsql" name="mydb" user="myuser" pass="mypass" host="localhost" id="my_database" tls="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Random quote module: Provides a random quote on connect.
@@ -1816,6 +1990,12 @@
# #
#<randquote file="quotes.txt">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Real name ban: Implements two extended bans: #
+# 'a', which matches a n!u@h+realname mask like +b a:*!*@host+*real* #
+# 'r', which matches a realname mask like +b r:*realname?here* #
+<module name="realnameban">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Redirect module: Adds channel mode +L which redirects users to #
# another channel when the channel has reached its user limit and #
@@ -1830,17 +2010,11 @@
<module name="regex_glob">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Regular expression provider for PCRE (Perl-Compatible Regular
-# Expressions). You need libpcre installed to compile and load this
+# Regular expression provider for PCRE2 (Perl-Compatible Regular
+# Expressions). You need libpcre2 installed to compile and load this
# module. You must have at least 1 provider loaded to use the filter or
# R-line modules.
-#<module name="regex_pcre">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Regular Expression Provider for RE2 Regular Expressions.
-# You need libre2 installed and in your include/library paths in order
-# to compile and load this module.
-#<module name="regex_re2">
+#<module name="regex_pcre2">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Regular expression provider for POSIX regular expressions.
@@ -1851,36 +2025,27 @@
# command: 'man 7 regex'.
#<module name="regex_posix">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Regular Expression Provider for RE2 Regular Expressions.
+# You need libre2 installed and in your include/library paths in order
+# to compile and load this module.
+#<module name="regex_re2">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Regular expression provider for C++11 std::regex regular expressions.
-# This module works on any fully compliant implementation of the C++11
-# std::regex container. Examples for such are Visual C++ 2010 and newer
-# but not libstdc++ (which GCC uses).
-# You should verify that std::regex is supported by your setup before
-# using this module, as it may compile normally but won't do anything
-# on some implementations.
#<module name="regex_stdlib">
#
# Specify the regular expression engine to use here. Valid settings are
# bre, ere, awk, grep, egrep, ecmascript (default if not specified).
#<stdregex type="ecmascript">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Regular expression provider for TRE regular expressions.
-# This is the same regular expression engine used by UnrealIRCd, so
-# if you are most familiar with the syntax of /SPAMFILTER from there,
-# this is the provider you want. You need libtre installed in order
-# to compile and load this module.
-#<module name="regex_tre">
-
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Remove module: Adds the /REMOVE command which is a peaceful
-# alternative to /KICK. It also provides the /FPART command which works
-# in the same way as /REMOVE.
+# alternative to /KICK.
#<module name="remove">
#
-# supportnokicks: If true, /REMOVE is not allowed on channels where the
-# nokicks (+Q) mode is set. Defaults to false.
+# supportnokicks: If yes, /REMOVE is not allowed on channels where the
+# nokicks (+Q) mode is set. Defaults to no.
# protectedrank: Members having this rank or above may not be /REMOVE'd
# by anyone. Set to 0 to disable this feature. Defaults to 50000.
#<remove supportnokicks="yes" protectedrank="50000">
@@ -1889,7 +2054,7 @@
# Repeat module: Allows to block, kick or ban upon similar messages
# being uttered several times. Provides channel mode +E.
#
-# Syntax: [~|*]<lines>:<sec>[:<difference>][:<backlog>]
+# Syntax: [~|*]<lines>:<duration>[:<difference>][:<backlog>]
# ~ is to block, * is to ban, default is kick.
# lines - In mode 1, the amount of lines that has to match consecutively.
# In mode 2, the size of the backlog to keep for matching.
@@ -1910,7 +2075,14 @@
# less CPU usage. Increasing this beyond 512 doesn't have
# any effect, as the maximum length of a message on IRC
# cannot exceed that.
-#<repeat maxbacklog="20" maxdistance="50" maxlines="20" maxtime="0" size="512">
+# kickmessage - Kick message when * is specified
+#<repeat maxbacklog="20"
+# maxdistance="50"
+# maxlines="20"
+# maxtime="0s"
+# size="512"
+# extended="yes"
+# message="Repeat flood detected (trigger is %lines% messages in %duration%)">
#<module name="repeat">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
@@ -1952,7 +2124,7 @@
# regex_<engine> must be loaded, or rline will be non-functional
# until you load it or change the engine to one that is loaded.
#
-#<rline matchonnickchange="yes" zlineonmatch="no" engine="pcre">
+#<rline matchonnickchange="yes" zlineonmatch="no" engine="stdregex">
#
# Generally, you will NOT want to use 'glob' here, as this turns an
# R-line into just another G-line. The exceptions are that R-lines will
@@ -2014,13 +2186,6 @@
# To use, SAQUIT must be in one of your oper class blocks.
<module name="saquit">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SATOPIC module: Adds the /SATOPIC command which allows changing the
-# topic on a channel without requiring any channel privileges.
-# This module is oper-only.
-# To use, SATOPIC must be in one of your oper class blocks.
-<module name="satopic">
-
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SASL authentication module: Provides support for IRC Authentication
# Layer via AUTHENTICATE. Note: You also need to have cap loaded
@@ -2029,15 +2194,23 @@
# You must define <sasl:target> to the name of your services server so
# that InspIRCd knows where to send SASL authentication messages and
-# when it should enable the SASL capability.
-# You can also define <sasl:requiressl> to require users to use TLS (SSL)
+# when it should enable the SASL capability.
+# You can also define <sasl:requiressl> to require users to use TLS
# in order to be able to use SASL.
#<sasl target="services.mynetwork.com"
# requiressl="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Secure list module: Prevent /LIST in the first minute of connection,
-# crippling most spambots and trojan spreader bots.
+# SATOPIC module: Adds the /SATOPIC command which allows changing the
+# topic on a channel without requiring any channel privileges.
+# This module is oper-only.
+# To use, SATOPIC must be in one of your oper class blocks.
+<module name="satopic">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Secure list module: Prevent users from using the /LIST command until
+# a predefined period has passed. This helps protect your network from
+# spambots.
#<module name="securelist">
#
#-#-#-#-#-#-#-#-#-# SECURELIST CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
@@ -2046,30 +2219,43 @@
# securelist blocking these sites from listing, define exception tags #
# as shown below: #
#<securehost exception="*@*.netsplit.de">
-#<securehost exception="*@*.ircdriven.com">
-#<securehost exception="*@*.ircs.me">
# #
# exemptregistered - Whether the waiting period applies to users who #
-# are logged in to a services account. #
+# are logged in to a user account. #
# Defaults to no. #
# #
+# fakechans - The number of fake channels to show in /LIST. This can #
+# be used to break spambots. #
+# #
+# fakechanprefix - The prefix for the fake channels. A random suffix #
+# will be appended to this when generating channels. #
+# #
+# fakechantopic - The topic for the fake channels. A random format #
+# modifier will be inserted into this for randomness. #
+# #
+# hidesmallchans - The minimum user count for a channel to show up in #
+# /LIST after the wait period (see below). If a user #
+# is exempt from the wait period this will not apply #
+# to them. #
+# #
# showmsg - Whether to tell users that they need to wait for a while #
# before they can use the /LIST command. #
# Defaults to no. #
# #
# waittime - The time period that a user must be connected for before #
-# they can use the /LIST command. #
-# Defaults to 1 minute. #
+# they can use the /LIST command. If exemptregistered is #
+# enabled you can set this to 0 to disable unauthenticated #
+# users from viewing the channel list. #
+# Defaults to 1 minute. #
# #
#<securelist exemptregistered="yes"
+# fakechans="5"
+# fakechanprefix="#spam"
+# fakechantopic="Fake channel for confusing spambots"
+# hidesmallchans="0"
# showmsg="yes"
# waittime="1m">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Servprotect module: Provides support for Austhex style +k /
-# UnrealIRCD +S services mode.
-<module name="servprotect">
-
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# See nicks module: Adds snomask +n and +N which show local and remote
# nick changes.
@@ -2077,25 +2263,35 @@
<module name="seenicks">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Set idle module: Adds a command for opers to change their idle time.
-# This module is oper-only.
-# To use, SETIDLE must be in one of your oper class blocks.
-#<module name="setidle">
+# Serverban: Implements extended ban 's', which stops anyone connected
+# to a server matching a mask like +b s:server.mask.here from joining.
+# Wildcards are accepted.
+#<module name="serverban">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Services support module: Adds several user modes such as +R and +M.
-# This module implements the 'identified' state via account names,
-# and is similar in operation to the way asuka and ircu handle services.
-#
-# At the same time, this offers +r for users and channels to mark them
-# as identified separately from the idea of a master account, which
-# can be useful for services which are heavily nick-as-account centric.
+# Services integration module: Adds various features which enable
+# integrating with a third-party services pseudoserver like Anope or
+# Atheme.
+<module name="services">
#
-# Also of note is that this module implements two extbans:
-# +b R: (stop matching account names from joining)
-# +b U:n!u@h (blocks matching unregistered users)
+#-#-#-#-#-#-#-#-#-#-#-#- SERVICES CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
+# #
+# accountoverrideshold - Whether to allow users that are logged in #
+# to an account that has a services-held nick #
+# in their group to override the SVSHOLD. #
+# Defaults to no. #
+# #
+# disablemodes - Whether channel mode `r` (registered) and #
+# user mode `r` (u_registered) are disabled. #
+# These modes are deprecated in InspIRCd v4 #
+# but may still be needed by older services #
+# software. Anope 2.1 is known to work with #
+# this enabled. Defaults to no. #
+# #
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
#
-<module name="services_account">
+# <servicesintegration accountoverrideshold="yes"
+# disablemodes="no">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Sethost module: Adds the /SETHOST command.
@@ -2110,6 +2306,12 @@
# To use, SETIDENT must be in one of your oper class blocks.
<module name="setident">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# Set idle module: Adds a command for opers to change their idle time.
+# This module is oper-only.
+# To use, SETIDLE must be in one of your oper class blocks.
+#<module name="setidle">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SETNAME module: Adds the /SETNAME command.
<module name="setname">
@@ -2126,17 +2328,23 @@
#<setname notifyopers="yes"
# operonly="no">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Serverban: Implements extended ban 's', which stops anyone connected
-# to a server matching a mask like +b s:server.mask.here from joining.
-# Wildcards are accepted.
-#<module name="serverban">
-
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SHA1 module: Allows other modules to generate SHA1 hashes.
# Required by the WebSocket module.
#<module name="sha1">
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# SHA2 module: Allows other modules to generate SHA2 hashes,
+# usually for cryptographic uses and security.
+#
+# IMPORTANT:
+# Other modules such as password_hash may rely on this module being
+# loaded to function. Certain modules such as spanningtree will
+# function without this module but when it is loaded their features will
+# be enhanced (for example the addition of HMAC authentication).
+#
+<module name="sha2">
+
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Showfile: Provides support for showing a text file to users when #
# they enter a command. #
@@ -2176,13 +2384,8 @@
# This module is oper-only by default.
#<module name="showwhois">
#
-# If you wish, you may also let users set this mode. Only opers with the
-# users/auspex priv will see real hosts of people, though.
-#<showwhois opersonly="yes"
-#
-# You may also set whether or not users should receive whois notices,
-# should they be /WHOIS'd by an oper.
-#showfromopers="yes">
+# If you wish, you may also let users set this mode.
+#<showwhois opersonly="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Shun module: Provides the /SHUN command, which stops a user from
@@ -2193,9 +2396,8 @@
#
# Configuration:
#
-# affectopers: Whether server operators are exempt from shuns. This
-# option is deprecated; you should instead give exempt
-# server operators the servers/ignore-shun privilege.
+# allowconnect: Whether to only apply shuns to users who are fully
+# connected to the server.
#
# allowtags: Whether to allow client tags to be attached to enabled
# commands.
@@ -2210,129 +2412,79 @@
# notifyuser: Whether to notify shunned users that a command they tried
# to execute has been blocked.
#
-<shun enabledcommands="ADMIN OPER PING PONG QUIT PART JOIN"
- cleanedcommands="AWAY PART QUIT"
- affectopers="no"
- allowtags="no"
- notifyuser="yes">
+#<shun enabledcommands="ADMIN OPER PING PONG QUIT PART JOIN"
+# cleanedcommands="AWAY PART QUIT"
+# allowconnect="no"
+# allowtags="no"
+# notifyuser="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SSL mode module: Adds support for TLS (SSL)-only channels via the '+z'
-# channel mode, TLS (SSL)-only private messages via the '+z' user mode and
-# the 'z:' extban which matches TLS (SSL) client certificate fingerprints.
+# Silence module: Adds support for the /SILENCE command, which allows
+# users to have a server-side ignore list for their client.
+<module name="silence">
#
-# Does not do anything useful without a working TLS (SSL) module and the
-# sslinfo module (see below).
-<module name="sslmodes">
+# Set the maximum number of entries allowed on a user's silence list.
+#<silence maxentries="32"
#
-# The +z user mode is not enabled by default to enable link compatibility
-# with 2.0 servers. You can enable it by uncommenting this:
-#<sslmodes enableumode="yes">
+# Whether messages from services servers will bypass silence masks.
+#exemptservice="yes">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SSL rehash signal module: Allows the TLS (SSL) modules to be rehashed by
-# sending SIGUSR1 to a running InspIRCd process.
-# This module is in extras. Re-run configure with:
-# ./configure --enable-extras sslrehashsignal
-# and run make install, then uncomment this module to enable it.
-#<module name="sslrehashsignal">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# GnuTLS SSL module: Adds support for TLS (SSL) connections using GnuTLS,
-# if enabled. You must answer 'yes' in ./configure when asked or
-# manually symlink the source for this module from the directory
-# src/modules/extra, if you want to enable this, or it will not load.
-<module name="ssl_gnutls">
-#
-#-#-#-#-#-#-#-#-#-#-#- GNUTLS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
+# ____ _ _____ _ _ ____ _ _ _ #
+# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
+# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
+# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| #
+# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) #
# #
-# ssl_gnutls is too complex to describe here, see the docs: #
-# https://docs.inspircd.org/3/modules/ssl_gnutls #
+# To link servers to InspIRCd, you MUST load the spanningtree module. #
+# If you don't do this, server links will NOT work at all. #
+# This is by design, to allow for the implementation of other linking #
+# protocols in modules in the future. #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SSL info module: Allows users to retrieve information about other
-# users' peer TLS (SSL) certificates and keys via the SSLINFO command.
-# This can be used by client scripts to validate users. For this to
-# work, one of ssl_gnutls, ssl_mbedtls or ssl_openssl must be loaded.
-# This module also adds the "<user> is using a secure connection"
-# and "<user> has TLS (SSL) client certificate fingerprint <fingerprint>"
-# WHOIS lines, the ability for opers to use TLS (SSL) cert fingerprints to
-# verify their identity and the ability to force opers to use TLS (SSL)
-# connections in order to oper up. It is highly recommended to load
-# this module if you use TLS (SSL) on your network.
-# For how to use the oper features, please see the first
-# example <oper> tag in opers.conf.example.
+# Spanning tree module: Allows linking of servers using the spanning
+# tree protocol (see the READ THIS BIT section above).
+# You will almost always want to load this.
#
-<module name="sslinfo">
+<module name="spanningtree">
#
-# If you want to prevent users from viewing TLS (SSL) certificate information
-# and fingerprints of other users, set operonly to yes.
-#<sslinfo operonly="no">
+# This file has all the information about server links and services servers.
+# You *MUST* edit it if you intend to link servers.
+#<include file="&dir.example;/links.example.conf">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# mbedTLS TLS (SSL) module: Adds support for TLS (SSL) connections using mbedTLS.
-#<module name="ssl_mbedtls">
+# SQL authentication module: Allows IRCd connections to be tied into
+# a database table (for example a forum).
#
-#-#-#-#-#-#-#-#-#-#-#- MBEDTLS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
-# #
-# ssl_mbedtls is too complex to describe here, see the docs: #
-# https://docs.inspircd.org/3/modules/ssl_mbedtls #
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# OpenSSL TLS (SSL) module: Adds support for TLS (SSL) connections using OpenSSL,
-# if enabled. You must answer 'yes' in ./configure when asked or symlink
-# the source for this module from the directory src/modules/extra, if
-# you want to enable this, or it will not load.
-#<module name="ssl_openssl">
+#<module name="sqlauth">
#
-#-#-#-#-#-#-#-#-#-#-#- OPENSSL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
+#-#-#-#-#-#-#-#-#-#-#- SQLAUTH CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
# #
-# ssl_openssl is too complex to describe here, see the docs: #
-# https://docs.inspircd.org/3/modules/ssl_openssl #
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Strip color module: Adds channel mode +S that strips color codes and
-# all control codes except CTCP from all messages sent to the channel.
-#<module name="stripcolor">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Silence module: Adds support for the /SILENCE command, which allows
-# users to have a server-side ignore list for their client.
-<module name="silence">
-#
-# Set the maximum number of entries allowed on a user's silence list.
-#<silence maxentries="32"
-#
-# Whether messages from U-lined servers will bypass silence masks.
-#exemptuline="yes">
+# sqlauth is too complex to describe here, see the docs: #
+# https://docs.inspircd.org/4/modules/sqlauth #
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SQLite3 module: Allows other SQL modules to access SQLite3 #
# databases through a unified API. #
-# This module is in extras. Re-run configure with: #
-# ./configure --enable-extras sqlite3
-# and run make install, then uncomment this module to enable it. #
-#
+# #
+# This module depends on a third-party library (SQLite) and may need #
+# to be manually enabled at build time. If you are building from #
+# source you can do this by installing this dependency and running: #
+# #
+# ./configure --enable-extras sqlite3 #
+# make install #
+# #
+# Users of binary packages should consult the documentation for their #
+# package to find out whether this module is available. #
#<module name="sqlite3">
#
#-#-#-#-#-#-#-#-#-#-#-#- SQL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# sqlite is more complex than described here, see the docs for more #
-# info: https://docs.inspircd.org/3/modules/sqlite3 #
+# info: https://docs.inspircd.org/4/modules/sqlite3 #
#
#<database module="sqlite" hostname="/full/path/to/database.db" id="anytext">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SQL authentication module: Allows IRCd connections to be tied into
-# a database table (for example a forum).
-#
-#<module name="sqlauth">
-#
-#-#-#-#-#-#-#-#-#-#-#- SQLAUTH CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
-# #
-# sqlauth is too complex to describe here, see the docs: #
-# https://docs.inspircd.org/3/modules/sqlauth #
-
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SQL oper module: Allows you to store oper credentials in an SQL
# table. You can add additional table columns like you would config
@@ -2345,24 +2497,131 @@
# #
# dbid - Database ID to use (see SQL modules). #
# #
-# See also: https://docs.inspircd.org/3/modules/sqloper #
+# See also: https://docs.inspircd.org/4/modules/sqloper #
# #
#<sqloper dbid="1">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# StartTLS module: Implements STARTTLS, which allows clients #
-# connected to non TLS (SSL) enabled ports to enable TLS (SSL), if #
-# a proper TLS (SSL) module is loaded (either ssl_gnutls, #
-# ssl_mbedtls or ssl_openssl). #
+# GnuTLS TLS module: Adds support for TLS connections using GnuTLS,
+# if enabled. You must answer 'yes' in ./configure when asked or
+# manually symlink the source for this module from the directory
+# src/modules/extra, if you want to enable this, or it will not load.
+<module name="ssl_gnutls">
+#
+#-#-#-#-#-#-#-#-#-#-#- GNUTLS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# ssl_gnutls is too complex to describe here, see the docs: #
+# https://docs.inspircd.org/4/modules/ssl_gnutls #
+<sslprofile name="main"
+ provider="gnutls"
+ cafile=""
+ certfile="cert.pem"
+ crlfile=""
+ dhfile="dhparams.pem"
+ hash="sha3-256"
+ keyfile="key.pem"
+ mindhbits="1024"
+ outrecsize="2048"
+ priority="NORMAL"
+ requestclientcert="yes"
+ strictpriority="no">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# OpenSSL TLS module: Adds support for TLS connections using OpenSSL,
+# if enabled. You must answer 'yes' in ./configure when asked or symlink
+# the source for this module from the directory src/modules/extra, if
+# you want to enable this, or it will not load.
+#<module name="ssl_openssl">
+#
+#-#-#-#-#-#-#-#-#-#-#- OPENSSL CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# ssl_openssl is too complex to describe here, see the docs: #
+# https://docs.inspircd.org/4/modules/ssl_openssl #
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# TLS info module: Allows users to retrieve information about other
+# users' peer TLS certificates and keys via the SSLINFO command.
+# This can be used by client scripts to validate users. For this to
+# work either ssl_gnutls or ssl_openssl must be loaded.
+# This module also adds the "<user> is using a secure connection"
+# and "<user> has TLS client certificate fingerprint <fingerprint>"
+# WHOIS lines, the ability for opers to use TLS cert fingerprints to
+# verify their identity and the ability to force opers to use TLS
+# connections in order to oper up. It is highly recommended to load
+# this module if you use TLS on your network.
+# For how to use the oper features, please see the first
+# example <oper> tag in opers.example.conf.
+#
+<module name="sslinfo">
+#
+#-#-#-#-#-#-#-#-#-#-#-#- SSLINFO CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-#
+# #
+# hash - The IANA Hash Function Name of the hash algorithm #
+# used for the TLS client fingerprint of WebIRC #
+# gateway users (requires the gateway module). This #
+# should be the same algorithm you specified in the #
+# <sslprofile:hash> field of the TLS profile used for #
+# user connections. You can prefix the algorithm name #
+# with spki- to use a Subject Public Key Info (SPKI) #
+# fingerprint instead of a certificate fingerprint. #
+# #
+# localsecure - Whether to treat locally-connected plaintext users #
+# as if they are connected with TLS. Defaults to yes. #
+# #
+# operonly - Whether TLS client certificate info is only visible #
+# by server operators. Defaults to no. #
+# #
+# warnexpiring - If specified then the maximum period of validity #
+# that can be left on a user's TLS client certificate #
+# before users are warned about the imminent expiry. #
+# #
+# welcomemsg - Whether to send a welcome message to users that are #
+# connecting using TLS containing their server name, #
+# ciphersuite and client fingerprint. Defaults to no. #
+# #
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+#
+#<sslinfo hash="sha-256"
+# localsecure="yes"
+# operonly="no"
+# warnexpiring="1w"
+# welcomemsg="no">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# TLS mode module: Adds support for TLS-only channels via the '+z'
+# channel mode, TLS-only private messages via the '+z' user mode and
+# the 'z:' extban which matches TLS client certificate fingerprints.
+#
+# Does not do anything useful without a working TLS module and the
+# sslinfo module (see below).
+<module name="sslmodes">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# TLS rehash signal module: Allows the TLS modules to be rehashed by
+# sending SIGUSR1 to a running InspIRCd process.
+#
+# This module depends on a POSIX component (SIGUSR1) and may need to be
+# manually enabled at build time. If you are building from source you
+# can do this by running:
+#
+# ./configure --enable-extras sslrehashsignal
+# make install
+#
+# Users of binary packages should consult the documentation for their
+# package to find out whether this module is available.
+#<module name="sslrehashsignal">
+
+#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
+# StartTLS module: Adds support for the IRCv3 tls capability which #
+# allows clients to upgrade their connection to use TLS. As well as #
+# this module you should also load one of ssl_gnutls or ssl_openssl #
+# modules. You may also want to consider using the ircv3_sts module. #
#<module name="starttls">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# SVSHold module: Implements SVSHOLD. Like Q-lines, but can only be #
-# added/removed by Services. #
-<module name="svshold">
-# SVSHOLD does not generate server notices by default, you can turn
-# notices on by uncommenting the next line.
-#<svshold silent="false">
+# Strip color module: Adds channel mode +S that strips IRC formatting
+# characters from all messages sent to the channel.
+#<module name="stripcolor">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# SWHOIS module: Allows you to add arbitrary lines to user WHOIS.
@@ -2385,16 +2644,9 @@
<module name="tline">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Topiclock module: implements server-side topic locking to achieve deeper
-# integration with services packages.
-<module name="topiclock">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# UHNAMES support module: Adds support for the IRCX style UHNAMES
-# extension, which displays ident and hostname in the names list for
-# each user, saving clients from doing a WHO on the channel.
-# If a client does not support UHNAMES it will not enable it, this will
-# not break incompatible clients.
+# UHNAMES support module: Adds support for the IRCv3 userhost-in-names
+# capability which displays the username and hostname of users in the
+# NAMES response.
<module name="uhnames">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
@@ -2402,12 +2654,6 @@
# pending invites from channels without waiting for the user to join.
#<module name="uninvite">
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Userip module: Adds the /USERIP command.
-# Allows users to query their own IP, also allows opers to query the IP
-# of anyone else.
-<module name="userip">
-
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Vhost module: Adds the VHOST command which allows for adding virtual
# hosts which are accessible using a username and password in the config.
@@ -2437,24 +2683,37 @@
#<watch maxwatch="32">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# WebSocket module: Adds HTML5 WebSocket support.
+# WebSocket module: Adds WebSocket support.
# Specify hook="websocket" in a <bind> tag to make that port accept
-# WebSocket connections. Compatible with TLS (SSL).
+# WebSocket connections. Compatible with TLS.
# Requires SHA-1 hash support available in the sha1 module.
#<module name="websocket">
#
+# defaultmode: The default frame mode if a client does not send a
+# WebSocket subprotocol. Potential values are "text" to
+# encode messages as UTF-8 text frames, "binary" to send
+# messages as raw binary frames, or "reject" to close
+# connections which do not request a subprotocol. Defaults
+# to "text".
+#
# proxyranges: A space-delimited list of glob or CIDR matches to trust
# the X-Real-IP or X-Forwarded-For headers from. If enabled
# the server will use the IP address specified by those HTTP
# headers. You should NOT enable this unless you are using
# a HTTP proxy like nginx as it will allow IP spoofing.
-# sendastext: Whether to re-encode messages as UTF-8 before sending to
-# WebSocket clients. This is recommended as the WebSocket
-# protocol requires all text frames to be sent as UTF-8.
-# If you do not have this enabled messages will be sent as
-# binary frames instead.
-#<websocket proxyranges="192.0.2.0/24 198.51.100.*"
-# sendastext="yes">
+#
+# allowmissingorigin: Whether to allow connections from clients that
+# don't send an origin header. These are probably
+# not web clients so it probably safe to allow this.
+# Defaults to yes.
+#
+# nativeping: Whether to check client connectivity using WebSocket ping
+# messages instead of IRC ping messages. Defaults to yes.
+#
+#<websocket defaultmode="text"
+# proxyranges="192.0.2.0/24 198.51.100.*"
+# allowmissingorigin="yes"
+# nativeping="yes">
#
# If you use the websocket module you MUST specify one or more origins
# which are allowed to connect to the server. You should set this as
@@ -2472,23 +2731,7 @@
# Specify the filename for the xline database and how often to check whether
# the database needs to be saved here.
-<xlinedb filename="xline.db" saveperiod="5s">
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# ____ _ _____ _ _ ____ _ _ _ #
-# | _ \ ___ __ _ __| | |_ _| |__ (_)___ | __ )(_) |_| | #
-# | |_) / _ \/ _` |/ _` | | | | '_ \| / __| | _ \| | __| | #
-# | _ < __/ (_| | (_| | | | | | | | \__ \ | |_) | | |_|_| #
-# |_| \_\___|\__,_|\__,_| |_| |_| |_|_|___/ |____/|_|\__(_) #
-# #
-# To link servers to InspIRCd, you MUST load the spanningtree module. #
-# If you don't do this, server links will NOT work at all. #
-# This is by design, to allow for the implementation of other linking #
-# protocols in modules in the future. #
-
-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
-# Spanning tree module: Allows linking of servers using the spanning
-# tree protocol (see the READ THIS BIT section above).
-# You will almost always want to load this.
-#
-<module name="spanningtree">
+#<xlinedb filename="xline.db"
+# saveperiod="5s"
+# backoff="2"
+# maxbackoff="5m">
diff --git a/tests/customBuild.sh b/tests/customBuild.sh
index c038135e96bd3f942e48115e4106c54c43b7c7e3..057eba924e4d99015a1b6764e9326d35bb694484 100755
--- a/tests/customBuild.sh
+++ b/tests/customBuild.sh
@@ -18,9 +18,9 @@ mkdir -p "$TESTDIR"
cp -r . "$TESTDIR"
-wget -O "$TESTDIR/modules/m_timedstaticquit.cpp" "https://raw.githubusercontent.com/inspircd/inspircd-contrib/master/3/m_timedstaticquit.cpp"
+wget -O "$TESTDIR/modules/m_geocmd.cpp" "https://raw.githubusercontent.com/inspircd/inspircd-contrib/master/3/m_geocmd.cpp"
-[ ! -e "$TESTDIR/modules/m_timedstaticquit.cpp" ] && sleep 10
+[ ! -e "$TESTDIR/modules/m_geocmd.cpp" ] && sleep 10
docker build --build-arg VERSION="${INSP_VERSION}" /tmp/test-customBuild/
@@ -33,9 +33,9 @@ DOCKERCONTAINER=$(docker run -d -p "127.0.0.1:${CLIENT_PORT}:6667" -p "127.0.0.1
sleep 5
# Copy the custom module to the local test environemt
-docker cp "${DOCKERCONTAINER}:/inspircd/modules/m_timedstaticquit.so" "$TESTDIR"
+docker cp "${DOCKERCONTAINER}:/inspircd/modules/m_geocmd.so" "$TESTDIR"
-[ -s "$TESTDIR/m_timedstaticquit.so" ] || { echo >&2 "File empty, test failed!"; exit 1; }
+[ -s "$TESTDIR/m_geocmd.so" ] || { echo >&2 "File empty, test failed!"; exit 1; }
docker ps -f id="${DOCKERCONTAINER}"
diff --git a/tests/release.sh b/tests/release.sh
index fff3ad2083ccd73c430b851f656c0844e64adc38..84b69b27e225e4fbee32ad473a0601243327d7b9 100755
--- a/tests/release.sh
+++ b/tests/release.sh
@@ -21,7 +21,7 @@ version_ge() { test "$(printf '%s\n' "$@" | sort -V | head -n 1)" != "$1" || tes
# GitHub get latest release tag
# See: https://www.shivering-isles.com/helpful-shell-snippets-for-docker-testing-and-bootstrapping/
-github_latest_release() { wget -qO- "https://api.github.com/repos/$1/releases" | jq --raw-output 'map(select((.draft | not) and (.tag_name | startswith("v3.")))) | first .tag_name | .[1:]'; }
+github_latest_release() { wget -qO- "https://api.github.com/repos/$1/releases" | jq --raw-output 'map(select((.draft | not) and (.tag_name | startswith("v4.")))) | first .tag_name | .[1:]'; }
command_exists wget
command_exists jq