diff --git a/irc/manifests/init.pp b/irc/manifests/init.pp new file mode 100644 index 0000000..952b686 --- /dev/null +++ b/irc/manifests/init.pp @@ -0,0 +1,186 @@ +# Install IRC server. +# +class irc::server { + + package { "ircd-ratbox": + ensure => installed, + } + + file { "/var/lib/ratbox": + ensure => directory, + owner => irc, + group => irc, + mode => 0700, + require => Package["ircd-ratbox"], + } + +} + + +# Install IRC services. +# +class irc::services inherits irc::server { + + package { "ratbox-services-sqlite": + ensure => installed, + } + + file { "/var/lib/ratbox-services": + ensure => directory, + owner => irc, + group => irc, + mode => 0700, + require => Package["ircd-ratbox", "ratbox-services-sqlite"], + } + +} + + +# Configure IRC network. +# +define irc::network($desc, $servername, $serverdesc, + $port, $sslport, $operpass, $userpass="", + $services=false, $servpass="") { + + include irc::server + + file { "/var/lib/ratbox/${name}": + ensure => directory, + owner => irc, + group => irc, + mode => 0700, + require => File["/var/lib/ratbox"], + } + + file { "/var/lib/ratbox/${name}/ircd.conf": + ensure => present, + mode => 0600, + owner => irc, + group => irc, + content => $services ? { + true => template("irc/ircd-ratbox.conf.erb", "irc/ircd-ratbox-services.conf.erb"), + false => template("irc/ircd-ratbox.conf.erb"), + }, + before => Service["ircd-${name}"], + notify => Service["ircd-${name}"], + require => File["/var/lib/ratbox/${name}"], + } + + ssl::certificate { "/var/lib/ratbox/${name}/ircd.pem": + cn => "${servername}", + mode => 0600, + owner => "irc", + group => "irc", + require => File["/var/lib/ratbox/${name}"], + } + + ssl::dhparam { "/var/lib/ratbox/${name}/dh.pem": + mode => 0600, + owner => "irc", + group => "irc", + require => File["/var/lib/ratbox/${name}"], + } + + file { "/etc/init.d/ircd-${name}": + ensure => present, + mode => 0755, + owner => root, + group => root, + content => template("irc/ircd-ratbox.init.erb"), + before => Service["ircd-${name}"], + notify => Exec["enable-ircd-${name}"], + } + + exec { "enable-ircd-${name}": + path => "/bin:/usr/bin:/sbin:/usr/sbin", + command => "update-rc.d ircd-${name} defaults", + refreshonly => true, + before => Service["ircd-${name}"], + } + + service { "ircd-${name}": + ensure => running, + enable => true, + status => "pgrep -u irc -f /var/lib/ratbox/${name}", + } + + if $services == true { + include irc::services + + if ! $servpass { + fail("\$servpass must be defined.") + } + + file { [ "/var/lib/ratbox-services/${name}", + "/var/lib/ratbox-services/${name}/etc", + "/var/lib/ratbox-services/${name}/etc/ratbox-services", + "/var/lib/ratbox-services/${name}/usr", + "/var/lib/ratbox-services/${name}/usr/share", + "/var/lib/ratbox-services/${name}/usr/share/ratbox-services", + "/var/lib/ratbox-services/${name}/usr/share/ratbox-services/help", + "/var/lib/ratbox-services/${name}/usr/share/ratbox-services/langs", + "/var/lib/ratbox-services/${name}/var", + "/var/lib/ratbox-services/${name}/var/log", + "/var/lib/ratbox-services/${name}/var/log/ratbox-services", + "/var/lib/ratbox-services/${name}/var/run", + "/var/lib/ratbox-services/${name}/var/run/ratbox-services", ]: + ensure => directory, + owner => irc, + group => irc, + mode => 0600, + before => Service["ratbox-services-${name}"], + require => File["/var/lib/ratbox-services"], + } + + File["/var/lib/ratbox-services/${name}/usr/share/ratbox-services/help"] { + source => "/usr/share/ratbox-services/help", + recurse => true, + } + + file { "/var/lib/ratbox-services/${name}/etc/ratbox-services/ratbox-services.conf": + ensure => present, + mode => 0600, + owner => irc, + group => irc, + content => template("irc/ratbox-services.conf.erb"), + before => Service["ratbox-services-${name}"], + notify => Service["ratbox-services-${name}"], + require => File["/var/lib/ratbox-services/${name}/etc/ratbox-services"], + } + + file { "/var/lib/ratbox-services/${name}/etc/ratbox-services/ratbox-services.db": + ensure => present, + mode => 0600, + owner => irc, + group => irc, + source => "/etc/ratbox-services/ratbox-services.db", + replace => false, + before => Service["ratbox-services-${name}"], + require => File["/var/lib/ratbox-services/${name}/etc/ratbox-services"], + } + + file { "/etc/init.d/ratbox-services-${name}": + ensure => present, + mode => 0755, + owner => root, + group => root, + content => template("irc/ratbox-services.init.erb"), + before => Service["ratbox-services-${name}"], + notify => Exec["enable-ratbox-services-${name}"], + } + + exec { "enable-ratbox-services-${name}": + path => "/bin:/usr/bin:/sbin:/usr/sbin", + command => "update-rc.d ratbox-services-${name} defaults", + refreshonly => true, + before => Service["ratbox-services-${name}"], + } + + service { "ratbox-services-${name}": + ensure => running, + enable => true, + status => "pgrep -u irc -f /var/lib/ratbox-services/${name}", + } + } + +} diff --git a/irc/templates/ircd-ratbox-services.conf.erb b/irc/templates/ircd-ratbox-services.conf.erb new file mode 100644 index 0000000..6072f0b --- /dev/null +++ b/irc/templates/ircd-ratbox-services.conf.erb @@ -0,0 +1,46 @@ + +/* connect {}: controls servers we connect to (OLD C:, N:, H:, L:) */ +connect "ratbox.services" { + /* the name must go above */ + + /* host: the host or IP to connect to. If a hostname is used it + * must match the reverse dns of the server. + */ + host = "127.0.0.1"; + + /* vhost: the host or IP to bind to for this connection. If this + * is not specified, the default vhost (in serverinfo {}) is used. + */ + #vhost = "192.168.0.50"; + + /* passwords: the passwords we send (OLD C:) and accept (OLD N:). + * The remote server will have these passwords reversed. + */ + send_password = "<%= servpass %>"; + accept_password = "<%= servpass %>"; + + /* port: the port to connect to this server on */ + port = <%= port %>; + + /* hub mask: the mask of servers that this server may hub. Multiple + * entries are permitted + */ + hub_mask = "*"; + + /* leaf mask: the mask of servers this server may not hub. Multiple + * entries are permitted. Useful for forbidding EU -> US -> EU routes. + */ + #leaf_mask = "*.uk"; + + /* class: the class this server is in */ + class = "server"; + + /* flags: controls special options for this server + * encrypted - marks the accept_password as being crypt()'d + * autoconn - automatically connect to this server + * compressed - compress traffic via ziplinks + * topicburst - burst topics between servers + * ssl - ssl/tls encrypted server connections + */ + flags = compressed, topicburst; +}; diff --git a/irc/templates/ircd-ratbox.conf.erb b/irc/templates/ircd-ratbox.conf.erb new file mode 100644 index 0000000..41e4ce5 --- /dev/null +++ b/irc/templates/ircd-ratbox.conf.erb @@ -0,0 +1,774 @@ +/* IMPORTANT NOTES: + * + * class {} blocks MUST be specified before anything that uses them. That + * means they must be defined before auth {} and before connect {}. + * + * auth {} blocks MUST be specified in order of precedence. The first one + * that matches a user will be used. So place spoofs first, then specials, + * then general access, then restricted. + * + * Both shell style (#) and C style comments are supported. + * + * Files may be included by either: + * .include "filename" + * .include + * + * Times/durations are written as: + * 12 hours 30 minutes 1 second + * + * Valid units of time: + * month, week, day, hour, minute, second + * + * Valid units of size: + * megabyte/mbyte/mb, kilobyte/kbyte/kb, byte + * + * Sizes and times may be singular or plural. + */ + + /* serverinfo {}: Contains information about the server. (OLD M:) */ +serverinfo { + /* name: the name of our server */ + name = "<%= servername %>"; + + /* sid: the unique server id of our server. This must be three + * characters long. The first character must be a digit [0-9], the + * remaining two chars may be letters [A-Z] or digits [0-9]. + * + * This must be specified even if use_ts6 is set to no. + */ + sid = "42X"; + + /* description: the description of our server. '[' and ']' may not + * be used here for compatibility with older servers. + */ + description = "<%= serverdesc %>"; + + /* network info: the name and description of the network this server + * is on. Shown in the 005 reply and used with serverhiding. + */ + network_name = "<%= name %>"; + network_desc = "<%= desc %>"; + + /* hub: allow this server to act as a hub and have multiple servers + * connected to it. + */ + hub = no; + + /* vhost: the IP to bind to when we connect outward to ipv4 servers. + * This should be an ipv4 IP only. + */ + #vhost = "192.169.0.1"; + + /* vhost6: the IP to bind to when we connect outward to ipv6 servers. + * This should be an ipv6 IP only. + */ + #vhost6 = "3ffe:80e8:546::2"; + + /* vhost_dns: the IP to bind outgoing dns requests when the dns server is + * ipv4 + */ + #vhost_dns = "192.169.0.2"; + + /* vhost6_dns: the IP to bind outgoing dns requests when the dns server is + * ipv6 + */ + #vhost_dns6 = "3ffe:80e8:546::3"; + + /* default max clients: the default maximum number of clients + * allowed to connect. This can be changed once ircd has started by + * issuing: + * /quote set maxclients + */ + default_max_clients = 10000; + + /* ssl_private_key: our ssl private key */ + ssl_private_key = "ircd.pem"; + + /* ssl_cert: certificate for our ssl server */ + ssl_cert = "ircd.pem"; + + /* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */ + ssl_dh_params = "dh.pem"; + + /* ssld_count: number of ssld processes you want to start, if you + * have a really busy server, using N-1 where N is the number of + * cpu/cpu cores you have might be useful. A number greater than one + * can also be useful in case of bugs in ssld and because ssld needs + * two file descriptors per SSL connection. + */ + ssld_count = 1; + + /* bandb: path to the ban database - default is PREFIX/etc/ban.db */ + bandb = "ban.db"; +}; + +/* admin {}: contains admin information about the server. (OLD A:) */ +admin { + name = "IRC Admin"; + description = "Server Administrator"; + email = ""; +}; + +/* log {}: contains information about logfiles. */ +log { + /* logfiles: the logfiles to use for specific activity. if these + * paths are defined, then ircd will log to them, otherwise it wont. + * + * The confs are, in order: + * - userlog: user exits + * - fuserlog: failed user connections + * - operlog: /oper usage + * - foperlog: failed /oper usage + * - serverlog: server connects/disconnects + * - glinelog: glines + * - klinelog: klines, etc + * - killlog: kills + * - operspylog: operspy usage + * - ioerrorlog: IO errors + */ + fname_userlog = "logs/userlog"; + #fname_fuserlog = "logs/fuserlog"; + fname_operlog = "logs/operlog"; + #fname_foperlog = "logs/foperlog"; + fname_serverlog = "logs/serverlog"; + fname_glinelog = "logs/glinelog"; + #fname_klinelog = "logs/klinelog"; + fname_killlog = "logs/killlog"; + fname_operspylog = "logs/operspylog"; + #fname_ioerrorlog = "logs/ioerror"; +}; + +/* class {}: contain information about classes for users (OLD Y:) */ +class "users" { + /* class name must go above */ + + /* ping time: how often a client must reply to a PING from the + * server before they are dropped. + */ + ping_time = 2 minutes; + + /* number per ident: the number of users per user@host networkwide + * allowed to connect. Unidented connections are classified as + * the same ident. + */ + number_per_ident = 100; + + /* number per ip: the number of local users per host allowed */ + number_per_ip = 100; + + /* number per ip global: the number of network wide connections + * per host allowed for a user, including connections to the + * local server. + */ + number_per_ip_global = 100; + + /* cidr_ipv4_bitlen: Limits numbers of connections from a subnet size + */ + cidr_ipv4_bitlen = 24; + + /* cidr_ipv6_bitlen: Limits numbers of connections from a subnet size + * the following example makes the subnet /64 this is useful + * for IPv6 connections in particular + */ + cidr_ipv6_bitlen = 64; + + /* number_per_cidr: Number of connections to allow from a subnet of the + * size given in cidr_bitlen. 4 seems to be a good default to me. + */ + number_per_cidr = 100; + + /* max number: the maximum number of users allowed in this class */ + max_number = 100; + + /* sendq: the amount of data allowed in a clients queue before + * they are dropped. + */ + sendq = 100 kbytes; +}; + +class "restricted" { + ping_time = 1 minute 30 seconds; + number_per_ip = 1; + max_number = 100; + sendq = 60kb; +}; + +class "opers" { + ping_time = 5 minutes; + number_per_ip = 10; + max_number = 100; + sendq = 100kbytes; +}; + +class "server" { + ping_time = 5 minutes; + + /* connectfreq: only used in server classes. specifies the delay + * between autoconnecting to servers. + */ + connectfreq = 5 minutes; + + /* max number: the amount of servers to autoconnect to */ + max_number = 1; + + /* sendq: servers need a higher sendq as they send more data */ + sendq=2 megabytes; +}; + +/* listen {}: contain information about the ports ircd listens on (OLD P:) */ +listen { + host = "127.0.0.1"; + port = <%= port %>; +}; +listen { + sslport = <%= sslport %>; +}; + +/* auth {}: allow users to connect to the ircd (OLD I:) */ +auth { + user = "*@*"; + class = "users"; +<% if userpass != "" -%> + password = "<%= userpass %>"; +<% end -%> +}; + +/* operator {}: defines ircd operators. (OLD O:) + * ircd-ratbox no longer supports local operators, privileges are + * controlled via flags. + */ +operator "root" { + /* name: the name of the oper must go above */ + + /* user: the user@host required for this operator. CIDR *is* + * supported now. + * multiple user="" lines are supported. + */ + user = "*@127.0.0.1"; + + /* password: the password required to oper. Unless ~encrypted is + * contained in flags = ...; this will need to be encrypted using + * ratbox-mkpasswd, MD5 is supported + */ + password = "<%= operpass %>"; + + /* rsa key: the public key for this oper when using Challenge. + * A password should not be defined when this is used, see + * doc/challenge.txt for more information. + */ + #rsa_public_key_file = "/usr/local/ircd/etc/oper.pub"; + + /* umodes: the specific umodes this oper gets when they oper. + * If this is specified an oper will not be given oper_umodes + * These are described above oper_only_umodes in general {}; + */ + #umodes = locops, servnotice, operwall, wallop; + + /* privileges: controls the activities and commands an oper is + * allowed to do on the server. You may prefix an option with ~ to + * disable it, ie ~operwall + * + * Default flags are operwall, remoteban and encrypted. + * + * Available options: + * + * encrypted: the password above is encrypted [DEFAULT] + * local_kill: allows local users to be /KILL'd + * global_kill: allows local and remote users to be + * /KILL'd (OLD 'O' flag) + * remote: allows remote SQUIT and CONNECT (OLD 'R' flag) + * kline: allows KILL, KLINE and DLINE (OLD 'K' flag) + * unkline: allows UNKLINE and UNDLINE (OLD 'U' flag) + * gline: allows GLINE (OLD 'G' flag) + * nick_changes: allows oper to see nickchanges (OLD 'N' flag) + * via usermode +n + * rehash: allows oper to REHASH config (OLD 'H' flag) + * die: allows DIE and RESTART (OLD 'D' flag) + * admin: gives admin privileges. admins + * may (un)load modules and see the + * real IPs of servers. + * hidden_admin: gives admin privileges except + * will not have the admin lines in + * stats p and whois. + * xline: allows use of /quote xline/unxline + * resv: allows use of /quote resv/unresv + * operwall: allows the oper to send operwalls [DEFAULT] + * oper_spy: allows 'operspy' features to see through +s + * channels etc. see /quote help operspy + * hidden_oper: hides the oper from /stats p (OLD UMODE +p) + * remoteban: allows remote kline etc [DEFAULT] + * need_ssl: oper must be connected via SSL/TLS to oper up + * + */ + flags = global_kill, remote, kline, unkline, gline, + die, rehash, admin, xline, resv, operwall, + ~encrypted; +}; + +/* If you are using the ratbox-services compatibility code, uncomment this. */ +/* service{}: privileged servers (services). These servers have extra + * privileges such as setting login names on users and introducing clients + * with umode +S (unkickable). This does not allow them to set bans, you + * need a separate shared{} for that. + * Do not place normal servers here. + * There may be only one service{} block. + */ +#service { +# /* name: the server name. These may be stacked. */ +# name = "ratbox.services"; +#}; + +/* The channel block contains options pertaining to channels */ +channel { + /* invex: Enable/disable channel mode +I, a n!u@h list of masks + * that can join a +i channel without an invite. + */ + use_invex = yes; + + /* except: Enable/disable channel mode +e, a n!u@h list of masks + * that can join a channel through a ban (+b). + */ + use_except = yes; + + /* knock: Allows users to request an invite to a channel that + * is locked somehow (+ikl). If the channel is +p or you are banned + * the knock will not be sent. + */ + use_knock = yes; + + /* invite ops only: Restrict /invite to ops on channels, rather than + * allowing unopped users to invite people to a -i channel. + */ + invite_ops_only = yes; + + /* knock delay: The amount of time a user must wait between issuing + * the knock command. + */ + knock_delay = 5 minutes; + + /* knock channel delay: How often a knock to any specific channel + * is permitted, regardless of the user sending the knock. + */ + knock_delay_channel = 1 minute; + + /* max chans: The maximum number of channels a user can join/be on. */ + max_chans_per_user = 15; + + /* quiet on ban: stop banned people talking in channels. */ + quiet_on_ban = yes; + + /* max bans: maximum number of +b/e/I modes in a channel */ + max_bans = 25; + + /* splitcode: split users, split servers and either no join on split + * or no create on split must be enabled for split checking. + * splitmode will be entered on either split users or split servers + * dropping below the limit. + * + * you may force splitmode to be permanent by /quote set splitmode on + */ + + /* split users: when the usercount is lower than this level, consider + * ourselves split. this must be set for automatic splitmode + */ + default_split_user_count = 0; + + /* split servers: when the amount of servers that have acknowledged + * theyve finished bursting is lower than this, consider ourselves + * split. this must be set for automatic splitmode + */ + default_split_server_count = 0; + + /* split: no create: disallow users creating channels on split */ + no_create_on_split = no; + + /* split: no join: disallow users joining channels at all on a split */ + no_join_on_split = no; + + /* burst topicwho: when bursting topics, also burst the topic setter */ + burst_topicwho = yes; + + /* use_sslonly: enables the use of channel mode +S which enforces + * that users be one ssl/tls enabled connections + */ + use_sslonly = no; + + /* topiclen: length of topics */ + topiclen = 160; +}; + + +/* The serverhide block contains the options regarding serverhiding */ +serverhide { + /* flatten links: this option will show all servers in /links appear + * that they are linked to this current server + */ + flatten_links = no; + + /* links delay: how often to update the links file when it is + * flattened. + */ + links_delay = 5 minutes; + + /* hidden: hide this server from a /links output on servers that + * support it. this allows hub servers to be hidden etc. + */ + hidden = no; + + /* disable hidden: prevent servers hiding themselves from a + * /links ouput. + */ + disable_hidden = no; +}; + + + +/* The general block contains many of the options that were once compiled + * in options in config.h. The general block is read at start time. + */ +general { + /* hide error messages: defines whether error messages from + * servers are hidden or not. These can sometimes contain IPs and + * can have an adverse effect on server ip hiding. Set to: + * yes: hide from opers and admin + * opers: hide from opers only + * no: do not hide error messages + */ + hide_error_messages = opers; + + /* hide spoof ips: hide the real ips of spoofed users */ + hide_spoof_ips = yes; + + /* default invisible: set clients +i on connect */ + default_invisible = no; + + /* default operstring: defines the default oper response + * in /whois queries, eg "is an IRC Operator" + */ + default_operstring = "is an IRC Operator"; + + /* default adminstring: defines the default admin response + * in /whois queries, eg "is a Server Administrator" + */ + default_adminstring = "is a Server Administrator"; + + /* disable fake channels: disable local users joining fake versions + * of channels, eg #foo^B^B. Disables bold, mirc colour, reverse, + * underline and hard space. (ASCII 2, 3, 22, 31, 160 respectively). + */ + disable_fake_channels = no; + + /* tkline_expire_notices: give a notice to opers when a tkline + * expires + */ + tkline_expire_notices = no; + + /* floodcount: the default value of floodcount that is configurable + * via /quote set floodcount. This is the amount of lines a user + * may send to any other user/channel in one second. + */ + default_floodcount = 10; + + /* failed oper notice: send a notice to all opers on the server when + * someone tries to OPER and uses the wrong password, host or ident. + */ + failed_oper_notice = yes; + + /* dots in ident: the amount of '.' characters permitted in an ident + * reply before the user is rejected. + */ + dots_in_ident=2; + + /* dot in ipv6: ircd-hybrid-6.0 and earlier will disallow hosts + * without a '.' in them. this will add one to the end. only needed + * for older servers. + */ + dot_in_ip6_addr = no; + + /* min nonwildcard: the minimum non wildcard characters in k/d/g lines + * placed via the server. klines hand placed are exempt from limits. + * wildcard chars: '.' '*' '?' '@' + */ + min_nonwildcard = 4; + + /* min nonwildcard simple: the minimum non wildcard characters in + * xlines/resvs placed via the server. + * wildcard chars: '*' '?' + */ + min_nonwildcard_simple = 3; + + /* max accept: maximum allowed /accept's for +g usermode */ + max_accept = 20; + + /* max monitor: the maximum amount of nicknames a client may have in + * their monitor (server-side notify) list. + */ + max_monitor = 100; + + /* nick flood: enable the nickflood control code */ + anti_nick_flood = yes; + + /* nick flood: the nick changes allowed in the specified period */ + max_nick_time = 20 seconds; + max_nick_changes = 5; + + /* anti spam time: the minimum time a user must be connected before + * custom quit messages are allowed. + */ + anti_spam_exit_message_time = 5 minutes; + + /* ts delta: the time delta allowed between server clocks before + * a warning is given, or before the link is dropped. all servers + * should run ntpdate/rdate to keep clocks in sync + */ + ts_warn_delta = 30 seconds; + ts_max_delta = 5 minutes; + + /* client exit: prepend a users quit message with "Client exit: " */ + client_exit = yes; + + /* collision fnc: change user's nick to their UID instead of + * killing them, if possible. This setting only applies to nick + * collisions detected on this server. Only enable this if + * all servers on the network allow remote nicks to start with + * a digit. + */ + collision_fnc = no; + + /* dline reason: show the user the dline reason when they connect + * and are dlined. + */ + dline_with_reason = yes; + + /* kline delay: delay the checking of klines until a specified time. + * Useful if large kline lists are applied often to prevent the + * server eating CPU. + */ + kline_delay = 0 seconds; + + /* kline reason: show the user the reason why they are k/d/glined + * on exit. may give away who set k/dline when set via tcm. + */ + kline_with_reason = yes; + + /* kline reason: make the users quit message on channels this + * reason instead of the oper's reason. + */ + kline_reason = "Connection closed"; + + /* non redundant klines: flag and ignore redundant klines */ + non_redundant_klines = yes; + + /* warn no nline: warn opers about servers that try to connect but + * we dont have a connect {} block for. Twits with misconfigured + * servers can get really annoying with this enabled. + */ + warn_no_nline = yes; + + /* stats e disabled: disable stats e. useful if server ips are + * exempted and you dont want them listing on irc. + */ + stats_e_disabled = no; + + /* stats c oper only: make stats c (connect {}) oper only */ + stats_c_oper_only=no; + + /* stats h oper only: make stats h (hub_mask/leaf_mask) oper only */ + stats_h_oper_only=no; + + /* stats y oper only: make stats y (class {}) oper only */ + stats_y_oper_only=no; + + /* stats o oper only: make stats o (opers) oper only */ + stats_o_oper_only=yes; + + /* stats P oper only: make stats P (ports) oper only + * NOTE: users doing stats P will never be given the ips that the + * server listens on, simply the ports. + */ + stats_P_oper_only=no; + + /* stats i oper only: make stats i (auth {}) oper only. set to: + * yes: show users no auth blocks, made oper only. + * masked: show users first matching auth block + * no: show users all auth blocks. + */ + stats_i_oper_only=masked; + + /* stats k/K oper only: make stats k/K (klines) oper only. set to: + * yes: show users no auth blocks, made oper only + * masked: show users first matching auth block + * no: show users all auth blocks. + */ + stats_k_oper_only=masked; + + /* map oper only: make /map oper only */ + map_oper_only = no; + + /* operspy admin only: make operspy notices to +Z admin only */ + operspy_admin_only = no; + + /* caller id wait: time between notifying a +g user that somebody + * is messaging them. + */ + caller_id_wait = 1 minute; + + /* pace wait simple: time between use of less intensive commands + * (HELP, remote WHOIS, WHOWAS) + */ + pace_wait_simple = 1 second; + + /* pace wait: time between more intensive commands + * (ADMIN, INFO, LIST, LUSERS, MOTD, STATS, VERSION) + */ + pace_wait = 10 seconds; + + /* short motd: send clients a notice telling them to read the motd + * instead of forcing a motd to clients who may simply ignore it. + */ + short_motd = no; + + /* ping cookies: require clients to respond exactly to a ping command, + * can help block certain types of drones and FTP PASV mode spoofing. + */ + ping_cookie = no; + + /* connect timeout: sets how long we should wait for a connection + * request to succeed + */ + connect_timeout = 30 seconds; + + /* disable auth: disables identd checking */ + disable_auth = no; + + /* no oper flood: increase flood limits for opers. */ + no_oper_flood = yes; + + /* glines: enable glines, network wide temp klines */ + glines = yes; + + /* gline time: the amount of time a gline will remain before expiring */ + gline_time = 1 day; + + /* gline_min_cidr: If using a CIDR gline, the minimum length the + * mask must be + */ + gline_min_cidr = 16; + + + /* global_cidr_ipv4_bitlen: limits numbers of connections from a subnet size globally + * global_cidr_ipv4_count: number of connections allowed from a given subnet + * global_cidr_ipv6_bitlen and global_cidr_ipv6_count are the same as above but for ipv6 + * + * global_cidr: if set to no, do not process limits + * + * The reason these are not in classes is that remote clients do not get assigned classes + * Also this needs TS6 across the entire network to work in a reliable way + */ + global_cidr_ipv4_bitlen = 24; + global_cidr_ipv4_count = 384; + + global_cidr_ipv6_bitlen = 64; + global_cidr_ipv6_count = 128; + global_cidr = yes; + + /* max targets: the maximum amount of targets in a single + * PRIVMSG/NOTICE. set to 999 NOT 0 for unlimited. + */ + max_targets = 4; + + /* client flood: maximum number of lines in a clients queue before + * they are dropped for flooding. + */ + client_flood = 20; + + /* post registration delay: after a user has registered, delay + * parsing any commands from them for this amount of time in order + * to perform bopm checks etc. + * + * Warning: if this is set too high (i.e. above 5-10s), it is + * likely to cause issues for clients. + */ + post_registration_delay = 0 seconds; + + /* use_whois_actually: send clients requesting a whois a numeric + * giving the real IP of non-spoofed clients to prevent DNS abuse. + */ + use_whois_actually = yes; + + /* usermodes configurable: a list of usermodes for the options below + * + * +b - bots - See bot and drone flooding notices + * +c - cconn - Client connection/quit notices + * +C - cconnext - Extended client connection/quit notices + * +d - debug - See debugging notices + * +f - full - See I: line full notices + * +g - callerid - Server Side Ignore + * +i - invisible - Not shown in NAMES or WHO unless you share a + * a channel + * +k - skill - See server generated KILL messages + * +l - locops - See LOCOPS messages + * +n - nchange - See client nick changes + * +r - rej - See rejected client notices + * +s - servnotice - See general server notices + * +u - unauth - See unauthorised client notices + * +w - wallop - See server generated WALLOPS + * +x - external - See remote server connection and split notices + * +y - spy - See LINKS, STATS, TRACE notices etc. + * +z - operwall - See oper generated WALLOPS + * +Z - operspy - See operspy notices + */ + + /* oper only umodes: usermodes only opers may set */ + oper_only_umodes = bots, cconn, debug, full, skill, nchange, + rej, spy, external, operwall, locops, unauth; + + /* oper umodes: default usermodes opers get when they /oper */ + oper_umodes = locops, servnotice, operwall, wallop; + + /* use egd: if your system does not have *random devices yet you + * want to use OpenSSL and encrypted links, enable this. Beware - + * EGD is *very* CPU intensive when gathering data for its pool + */ + #use_egd = yes; + + /* egdpool path: path to EGD pool. Not necessary for OpenSSL >= 0.9.7 + * which automatically finds the path. + */ + #egdpool_path = "/var/run/egd-pool"; + + + /* compression level: level of compression for compressed links between + * servers. + * + * values are between: 1 (least compression, fastest) + * and: 9 (most compression, slowest). + */ + #compression_level = 6; + + /* burst_away: This enables bursting away messages to servers. + * With this disabled, we will only propogate AWAY messages + * as users send them, but never burst them. Be warned though + * enabling this could increase the size of a burst significantly + * for a large network, like EFnet. + */ + burst_away = yes; + + /* reject duration: the amount of time to cache the rejection */ + reject_duration = 5 minutes; + + /* reject_after_count: the number of times within reject_duration time that + * an IP will start being rejected. + */ + reject_after_count = 3; + + + /* throttle_duration: Amount of time that throttling will be applied to an IP + * address. + */ + throttle_duration = 60; + + /* throttle_count: Number of connections within throttle_duration that it takes + * for throttling to take effect */ + throttle_count = 4; +}; diff --git a/irc/templates/ircd-ratbox.init.erb b/irc/templates/ircd-ratbox.init.erb new file mode 100755 index 0000000..eabd9a5 --- /dev/null +++ b/irc/templates/ircd-ratbox.init.erb @@ -0,0 +1,121 @@ +#! /bin/sh + +# ircd-ratbox Start/stop the ratbox IRC server. + +# This file is based on debian's ircd-hybrid init script +# Version: ircd-hybrid 7.0rc9-1 03-Mar-2003 joshk@triplehelix.org +# Version: ircd-hybrid 7.2.2-2 10-Sep-2006 ag@roxor.cx +# Version: ircd-ratbox 2.2.6-1 21-Aug-2007 acornet@debian.org + +### BEGIN INIT INFO +# Provides: ircd-ratbox +# Required-Start: $syslog +# Required-Stop: $syslog +# Should-Start: $local_fs $network $named +# Should-Stop: $local_fs $network $named +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: ircd-ratbox daemon init.d script +# Description: Control ircd-ratbox IRC server daemon. +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/ircd-ratbox +DEFAULT=/etc/default/ircd-ratbox +NAME="ircd-<%= name %>" +DESC="ratbox IRC Server" +BASEDIR="/var/lib/ratbox/<%= name %>" +ENABLED=1 + +test -f $DAEMON || exit 0 + +if [ -e $DEFAULT ]; then + . $DEFAULT +fi + +test "$ENABLED" != "0" || exit 0 + +[ -f /etc/default/rcS ] && . /etc/default/rcS +. /lib/lsb/init-functions + +set -e + +ratbox_start() +{ + if [ ! -d /var/run/ircd ] ; then + mkdir /var/run/ircd + chown irc:irc /var/run/ircd + fi + if [ -f /var/run/ircd/$NAME.pid ] ; then + echo -n " already running" + return 0 + fi + start-stop-daemon --start --quiet \ + -u irc -c irc --pidfile /var/run/ircd/$NAME.pid \ + --exec $DAEMON -- \ + -basedir $BASEDIR -configfile $BASEDIR/ircd.conf -logfile /var/log/ircd-ratbox/$NAME.log -pidfile /var/run/ircd/$NAME.pid > /dev/null \ + || return 2 + return 0 +} + +ratbox_stop() +{ + start-stop-daemon --oknodo --stop --quiet \ + --pidfile /var/run/ircd/$NAME.pid \ + --signal 15 --exec $DAEMON -- -pidfile /var/run/ircd/$NAME.pid \ + || return 2 + return 0 +} + +ratbox_reload() +{ + if [ -f "/var/run/ircd/$NAME.pid" ]; then + kill -s HUP $(cat /var/run/ircd/$NAME.pid) + return 0 + else + return 2 + fi +} + +case "$1" in +start) + log_daemon_msg "Starting $NAME" "$NAME" + ratbox_start + case "$?" in + 0) log_end_msg 0 ;; + 1|2) log_end_msg 1 ;; + esac + ;; +stop) + log_daemon_msg "Stopping $NAME" "$NAME" + ratbox_stop + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; +reload) + log_daemon_msg "Reloading $NAME" "$NAME" + ratbox_reload + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; +restart|force-reload) + log_daemon_msg "Restarting $NAME" "$NAME" + ratbox_stop + ratbox_start + case "$?" in + 0) log_end_msg 0 ;; + 1|2) log_end_msg 1 ;; + esac + ;; +*) + echo "Usage: $0 {start|stop|restart|reload|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 + diff --git a/irc/templates/ratbox-services.conf.erb b/irc/templates/ratbox-services.conf.erb new file mode 100644 index 0000000..33abe58 --- /dev/null +++ b/irc/templates/ratbox-services.conf.erb @@ -0,0 +1,751 @@ +/* serverinfo: contains services information */ +serverinfo { + /* name: the name of our services */ + name = "ratbox.services"; + + /* sid: the unique server id of services. This follows the same + * form as ircd, eg [0-9][A-Z0-9][A-Z0-9] + */ + sid = "36D"; + + /* description: the description of our services */ + description = "ratbox services"; + + /* vhost: default vhost to use for connections */ + # vhost = "127.0.0.1"; + + /* dcc vhost: default vhost to use for dcc connections. + * this must be set for /ctcp chat to work. + */ + # dcc_vhost = "127.0.0.1"; + + /* dcc ports: specifies the portrange to use for inbound + * chat requests. + */ + dcc_low_port = 3000; + dcc_high_port = 5000; + + /* reconnect time: time duration between reconnections to + * our uplinks. + */ + reconnect_time = 5 minutes; + + /* ping time: time duration to send PINGs after no data */ + ping_time = 5 minutes; + + /* ratbox: pure ircd-ratbox/hyb7 network */ + ratbox = yes; + + /* client flood settings: control how many commands an individual + * user may issue in the given time. The limits work on a penalty + * points system, with between 1-3 points per command. HELP has + * a penalty of 2. + */ + /* client flood max: the maximum score a client may have before we + * stop parsing commands from them. + */ + client_flood_max = 20; + + /* client flood max ignore: the score at which we start ignoring a + * client. + */ + client_flood_max_ignore = 30; + + /* client flood ignore time: the duration for which we ignore a + * client. + */ + client_flood_ignore_time = 5 minutes; + + /* client flood time: the length of time to keep the clients current + * flooding score for. + */ + client_flood_time = 1 minute; + + /* allow stats o: allow stats O requests to list opers. This + * will only ever be allowed from ircops/services opers + */ + allow_stats_o = yes; + + /* allow sslonly: allow users to set +S (SSL only) channelmode + * through chanserv. This affects chanserv only -- services will + * always parse and accept +S from the ircd. + * + * IMPORTANT: do not enable this, if it is not enabled on the ircd. + */ + allow_sslonly = no; + + /* default language: the default language to use when communicating + * with users. If userserv is enabled, users may also pick their + * own language from the list. Note, there is no error checking + * for whether this is a valid/available language. + * + * Available languages: + * en - English + */ + #default_language = "en"; +}; + +/* email settings: these settings configure how (if at all) we send email. + * + * IMPORTANT: sending emails carries with it a risk of exposing the + * hidden ips of services servers -- your local mail server should + * take whatever steps are necessary to avoid disclosing private + * ips. Ideally, this would involve relaying through another + * (public) mail server which strips out originating headers. + */ +email { + /* disable email: a master switch to disable sending of emails. + * This will prevent ratbox-services from ever sending emails, and + * will disable usage of commands that require emails. + */ + disable_email = yes; + + /* program: email will only ever be sent through a local program, + * this controls the program we call to do it. This should + * be a comma seperated list of quoted strings, starting with the + * email program instead and then optionally any arguments it takes. + */ + email_program = "/usr/sbin/sendmail", "-t"; + + /* email name: the "name" of the user emails originate from */ + email_name = "services"; + + /* email address: the address emails originate from */ + email_address = "services@example.com"; + + /* email limits: these two options control the maximum number of + * emails we will send in a specified duration + */ + email_number = 15; + email_duration = 1 minute; +}; + +/* admin: contains general admin information */ +admin { + name = "IRC Admin"; + description = "Server Administrator"; + email = ""; +}; + +/* connect: specifies a server to connect to, name of uplink + * is specified in quotation marks + */ +connect "<%= servername %>" { + /* host: the host to connect to */ + host = "127.0.0.1"; + + /* vhost: optional vhost to use for this connection */ + # vhost = "10.0.0.2"; + + /* password: the password to use */ + password = "<%= servpass %>"; + + /* port: the port to connect on */ + port = <%= port %>; + + /* autoconn: auto connect to this server. default yes */ + # autoconn = no; +}; + +/* operator: specifies an oper who has extended access to services. + * The username is specified in quotation marks. + */ +operator "root" { + /* user: specifies a user@host who may connect. + * multiple may be specified, wildcards are accepted. + */ + user = "*@127.0.0.1"; + + /* you may also restrict the oper to a specific server, they will + * then only be able to connect when using that server. + */ + #user = "flame@127.0.0.1", "irc.ircd-ratbox.org"; + + /* password: the password to login */ + password = "<%= operpass %>"; + + /* encrypted: specifies whether the above password has been + * encrypted or not. default: yes + */ + encrypted = no; + + /* flags: specifies what general privs an oper has + * admin - services admin, .die etc + * dcc - ability to dcc + * route - ability to route services to uplinks + */ + flags = admin, dcc, route; + + /* userserv flags: + * admin - all of the below + * register - access to register any username + * suspend - access to (un)suspend users + * drop - access to drop usernames + * setpass - access to reset passwords on accounts + * setemail - access to reset email addresses on accounts + * oper - all of the below + * list - access to list registered users + * info - access to extended username info + */ + userserv = admin; + + /* chanserv flags: + * admin - all of the below + * register - access to register any channel to any user + * suspend - access to (un)suspend channels + * drop - access to drop channel registrations + * oper - all of the below + * list - access to list registered chans + * info - access to extended channel info + */ + chanserv = admin; + + /* nickserv flags: + * drop - access to drop nickname registrations + */ + nickserv = drop; + + /* operserv flags: + * maintain - access to OPERSERV::DIE OPERSERV::REHASH and + * OPERSERV::DBSYNC + * ignore - control over services ignore list + * admin - all of the below + * channel - access to control the channels operserv is in + * takeover - access to OPERSERV::TAKEOVER + * osmode - access to OPERSERV::OSMODE + */ + operserv = admin; + + /* operbot flags: + * channel - access to control the channels operbot is in + */ + operbot = channel; + + /* global flags: + * netmsg - access to GLOBAL::NETMSG + * welcome - ability to modify welcome messages sent when a + * user connects to irc + */ + global = netmsg, welcome; + + /* jupeserv flags: + * jupe - access to (un)jupe + */ + jupeserv = jupe; + + /* banserv flags: + * kline - access to set klines + * xline - access to set xlines + * resv - access to set resvs + * perm - access to set permanent bans + * remove - access to remove other opers bans + * sync - access to sync bans to a given server Opers + * can always sync bans to their own server. + * regexp - access to set regular expression matches + * against connecting clients + * nomax - client is exempt from any limits on maximum + * matches to a ban + */ + banserv = kline, xline, resv, perm, remove, regexp, sync; +}; + +/* userserv - provides facilities to users for the registration of + * usernames. Required for channel registration. + */ +service "userserv" { + /* nick: specify the nick of the service */ + nick = "USERSERV"; + + /* username: specify the username of the service */ + username = "user"; + + /* host: specify the host of the service */ + host = "services.int"; + + /* realname: the real name field of the service */ + realname = "user registration service"; + + /* flags: specifies options for this service + * opered - this service is opered + * msg_self - messages from this service come from its nickname, + * rather than our servername + * disabled - this service is disabled + * short_help - send an simple list of commands, rather than an + * index containing brief documentation of each command + * stealth - service ignores any messages from normal users + * who havent issued OLOGIN. OLOGIN itself will + * always be accepted. ircops are exempt. + * login_help - requires normal users are logged in before HELP + * can be used + * wallop_adm - send server wallops when admin commands are used + * jupeserv sends wallops even without this + * require_shortcut - require commands to this service are sent + * using the command shortcuts (eg /chanserv) + */ + flags = opered, msg_self; + + /* loglevel: level to log at, 0 to disable logging + * 1 - Admin commands + * 2 - REGISTER + * 3 - SET, RESETPASS + * 4 - + * 5 - LOGIN + */ + loglevel = 5; + + /* disable register: disables USERSERV::REGISTER for users */ + #disable_register = yes; + + /* register url: optional url to point users towards when + * disable_register is set above. + */ + #register_url = "http://whatever/"; + + /* register limits: amount of user registrations to allow overall + * from all clients, in the given time + */ + register_time = 1 minute; + register_amount = 5; + + /* host register limits: amount of user registrations to allow from + * a specific host, in the given time + */ + host_register_time = 1 day; + host_register_amount = 2; + + /* register email: require an email address to register a username */ + register_email = no; + + /* register verify: ignore the password the user supplies when + * registering a username and email them a password instead. + */ + register_verify = no; + + /* expire times: these durations control how long usernames can be + * unused before they are expired. Settings are for normal + * usernames, suspended usernames and unverified usernames. + */ + expire_time = 4 weeks; + expire_suspended_time = 4 weeks; + expire_unverified_time = 1 day; + + /* expiry bonuses: these allow you to grant extra expiry bonuses to + * usernames that have been registered for a given length of time, + * extending the length of time they can be unused before expiry. + */ + /* expire bonus regtime: start granting expiry bonuses once a + * username has been registered for this length of time + */ + expire_bonus_regtime = 2 months; + + /* expire bonus: grant an expiry bonus of a given duration, for + * every length of time a username has been registered, upto a + * maximum bonus of a given limit. + */ + expire_bonus = 1 day; + expire_bonus_per_time = 2 weeks; + expire_bonus_max = 4 weeks; + + /* allow set password: allow users to change their password */ + allow_set_password = yes; + + /* allow resetpass: allow users to request a reset of their + * password. They will be sent an email containing a token, which + * they must then use to confirm the password reset. + */ + allow_resetpass = no; + + /* allow resetemail: allow users to request a reset of their + * email. This happens by two steps. They will be sent an email + * to their current email containing a token, which they must + * then use to confirm the email reset. Another mail is then + * sent to the new address to verify it's validity. + */ + allow_resetemail = no; + + /* resetpass_duration: the duration a USERSERV::RESETPASS request is + * kept around whilst waiting for confirmation. Note: users can + * only have one request pending for confirmation. + */ + resetpass_duration = 1 day; + + /* resetemail_duration: the duration a USERSERV::RESETEMAIL request is + * kept around whilst waiting for confirmation. Note: users can + * only have one request pending for confirmation. + */ + resetemail_duration = 1 day; + + /* reset regtime duration: duration a username must be registered for + * before they can use resetpass/resetemail commands on it + */ + reset_regtime_duration = 2 weeks; + + /* allow set email: allow users to change their email addy */ + allow_set_email = yes; + + /* max logins: maximum amount of clients who may be logged into a + * single username + */ + max_logins = 5; + + /* show suspend reasons: show suspend reasons to users (but not the + * admin who suspended the channel) + */ + show_suspend_reasons = no; +}; + +/* chanserv - provides facilities for the registration of channels. */ +service "chanserv" { + nick = "CHANSERV"; + username = "chan"; + host = "services.int"; + realname = "channel registration service"; + flags = opered, login_help; + + /* loglevel: level to log at, 0 to disable logging + * 1 - Admin commands + * 2 - REGISTER + * 3 - LISTUSERS, DELOWNER + * 4 - CLEARMODES, CLEAROPS, CLEARALLOPS, CLEARBANS + * 5 - ADDUSER, DELUSER, MODUSER + * 6 - Everything. + */ + loglevel = 3; + + /* disable register: disables CHANSERV::REGISTER for users */ + #disable_register = yes; + + /* register limits: amount of user registrations to allow overall + * from all clients, in the given time + */ + register_time = 1 minute; + register_amount = 5; + + /* host register limits: amount of user registrations to allow from + * a specific host, in the given time + */ + host_register_time = 1 day; + host_register_amount = 4; + + /* expire times: these durations control how long channels can be + * unused before they are expired. Settings are for normal + * channels and suspended channels + */ + expire_time = 4 weeks; + expire_suspended_time = 4 weeks; + + /* max bans: maximum amount of bans a channel may have */ + max_bans = 50; + + /* expireban frequency: how often to run the expiry of channel + * bans. It is advised this is not set lower than 5 minutes, as the + * expiry code is quite cpu intensive. This value is also only + * used on startup and is not changed on rehash. + */ + expireban_frequency = 15 minutes; + + /* enforcetopic frequency: how often to reset topics on channels to + * that stored within chanserv. + */ + enforcetopic_frequency = 1 hour; + + /* autojoin empty: honour autojoin flags for empty channels. With + * this off (as is default) chanserv will instead automatically + * remove itself from channels where its the only member, except when + * it needs to enforce bans etc. + * + * Enabling this can lead to lots of channels where chanserv is the + * only person in there. + */ + autojoin_empty = no; + + /* email delowner: require users removing themselves as owner of a + * channel to confirm the action using a token sent through email + */ + email_delowner = no; + + /* delowner duration: if email_delowner is enabled, the duration the + * tokens last. + */ + delowner_duration = 1 day; + + /* show suspend reasons: show suspend reasons to users (but not the + * admin who suspended the channel) + */ + show_suspend_reasons = no; +}; + +/* nickserv - provides nickname registration. These require a username + * registration. + */ +service "nickserv" { + nick = "NICKSERV"; + username = "nick"; + host = "services.int"; + realname = "nickname services"; + + /* disabled by default */ + flags = opered, msg_self, disabled; + + /* loglevel: level to log at, 0 to disable logging + * 1 - Admin commands + * 2 - REGISTER + * 3 - DROP + * 4 - + * 5 - INFO + */ + loglevel = 3; + + /* max nicks: maximum nicknames a user may register */ + max_nicks = 2; + + /* allow set warn: enable NICKSERV::SET::WARN, which allows users to + * set nickname warnings on their nicknames, simple notices which + * tell users the nickname is registered. + */ + allow_set_warn = yes; + + /* warn string: string give to clients when they use a registered + * nickname. + */ + warn_string = "This nickname is registered, you may be disconnected if a user regains this nickname."; +}; + +/* operserv - provides facilities for issuing modes and takeovers */ +service "operserv" { + nick = "OPERSERV"; + username = "oper"; + host = "services.int"; + realname = "oper services"; + flags = opered, msg_self, stealth, wallop_adm; + + /* loglevel: level to log at, 0 to disable logging + * 1 - Admin commands + * 2 - DBSYNC, LISTOPERS + */ + loglevel = 1; + + /* allow die: allow OPERSERV::DIE over irc */ + allow_die = yes; +}; + +/* jupeserv - provides opers and admins the ability to jupe servers + * preventing them from connecting to the network. + */ +service "jupeserv" { + nick = "JUPESERV"; + username = "jupe"; + host = "services.int"; + realname = "server jupe service"; + flags = opered, msg_self, stealth; + + /* loglevel: level to log at, 0 to disable logging + * 1 - Admin commands + * 2 - CALLJUPE/CALLUNJUPE + * 3 - PENDING + */ + loglevel = 2; + + /* merge into operserv: merge all of this services commands into the + * operserv service. This option is only used when ratbox-services + * starts. + * + * Note: If this service is merged into operserv, it will follow the + * service flags and loglevel from operserv. + */ + merge_into_operserv = no; + + /* oper jupe options. The following options control jupes/unjupes + * which can be initiated by any oper, without needing special + * services access. + */ + /* oper score: the score an oper contributes towards a jupe/unjupe. + * Set to 0 to disallow regular opers calling jupes/unjupes. + */ + oper_score = 3; + + /* jupe score: the score needed to trigger a jupe. + * Set to 0 to disallow regular opers calling jupes. + */ + jupe_score = 15; + + /* unjupe score: the score needed to trigger an unjupe. + * Set to 0 to disallow regular opers calling unjupes. + */ + unjupe_score = 15; + + /* pending time: how long pending jupes/unjupes last whilst + * untriggered. + */ + pending_time = 30 minutes; +}; + +/* operbot - a bot which will invite/op ircops in the set channels. Useful + * for oper only channels etc. + */ +service "operbot" { + nick = "operbot"; + username = "operbot"; + host = "services.int"; + realname = "oper op/invite services"; + flags = opered, msg_self, stealth; + + /* loglevel: level to log at, 0 to disable logging + * 1 - Admin commands + */ + loglevel = 1; +}; + +/* alis - a list service that lets users list channels according to more + * specific criteria than an ircd allows. + */ +service "alis" { + nick = "alis"; + username = "alis"; + host = "services.int"; + realname = "Advanced List Service - /msg alis help"; + flags = msg_self; + + /* loglevel: + * 1 - LIST + */ + loglevel = 1; + + /* max matches: maximum number of channels to output from LIST */ + max_matches = 60; +}; + +/* global - the global messaging service. Allows messages to be sent + * to all users on the network. + */ +service "global" { + nick = "GLOBAL"; + username = "global"; + host = "services.int"; + realname = "Network Message Service"; + + /* this service *MUST* be opered. */ + flags = opered, msg_self, stealth; + + /* loglevel: level to log at, 0 to disable logging + * 1 - Admin commands + */ + loglevel = 1; +}; + +/* banserv - the ban service. Allows bans (klines/xlines/resvs) to be + * sent to all servers. These bans can only be set on ircd-ratbox servers + * running version 1.5 and above. + */ +service "banserv" { + nick = "BANSERV"; + username = "banserv"; + host = "services.int"; + realname = "Ban Service"; + flags = opered, msg_self, stealth; + + /* loglevel: level to log at, 0 to disable logging + * 1 - Admin commands + * 2 - LISTWELCOME + */ + loglevel = 1; + + /* merge into operserv: merge all of this services commands into the + * operserv service. This option is only used when ratbox-services + * starts. + * + * Note: If this service is merged into operserv, it will follow the + * service flags and loglevel from operserv. + */ + merge_into_operserv = no; + + /* unban time: duration unklines etc are kept around in the + * database to be synced with servers. + */ + unban_time = 2 weeks; + + /* regexp time: when issuing klines for users who match regexps, how + * long to make the kline last + */ + regexp_time = 1 day; + + /* max kline matches: maximum number of users a kline can match. Set to + * 0 to disable. + */ + max_kline_matches = 200; + + /* max xline matches: maximum number of users an xline can match. Set to + * 0 to disable. + */ + max_xline_matches = 200; + + /* max regexp matches: maximum number of users a regular expression can + * match. regexps that match more than this amount of users will be + * rejected. Set to 0 to disable. + */ + max_regexp_matches = 200; + + /* temp workaround: work around short time limits for temporary + * bans, by issuing an unban for it first then reissuing the ban. + * ratbox-2.0.8 and below, and ratbox-2.1.2 and below have a maximum + * temp time of 4 weeks, which can cause some bans to expire even + * when banserv expects them to still be set. + * + * The only way for banserv to extend the expiry on these servers is + * to issue an unban first. The temp workaround does this for all + * temporary bans. + */ + temp_workaround = no; + + /* autosync frequency: how often to automatically sync bans to + * all servers. Set to 0 to disable. + */ + autosync_frequency = 2 weeks; +}; + +/* watchserv - the service for watching commands issued to services. */ +service "watchserv" { + nick = "WATCHSERV"; + username = "watchserv"; + host = "services.int"; + realname = "Command Watching Service"; + flags = msg_self, stealth; + + /* loglevel: level to log at, 0 to disable logging + * 1 - Admin commands + */ + loglevel = 1; + + /* merge into operserv: merge all of this services commands into the + * operserv service. This option is only used when ratbox-services + * starts. + * + * Note: If this service is merged into operserv, it will follow the + * service flags and loglevel from operserv. + */ + merge_into_operserv = no; +}; + +/* memoserv - the service for sending memos */ +service "memoserv" { + nick = "MEMOSERV"; + username = "memoserv"; + host = "services.int"; + realname = "Memo Service"; + flags = msg_self; + + /* loglevel: level to log at, 0 to disable logging + * + * 2 - SEND + * 3 - LIST, READ, DELETE + */ + loglevel = 0; + + /* max memos: maximum number of memos a user may have. */ + max_memos = 50; + + /* memo regtime duration: duration a username must be registered for + * before they can send memos + */ + memo_regtime_duration = 1 week; +}; diff --git a/irc/templates/ratbox-services.init.erb b/irc/templates/ratbox-services.init.erb new file mode 100755 index 0000000..d74881c --- /dev/null +++ b/irc/templates/ratbox-services.init.erb @@ -0,0 +1,102 @@ +#! /bin/sh + +# ratbox-services-pgsql Start/stop the ratbox services. + +# This file is based on debian's ircd-hybrid init script +# Version: ircd-hybrid 7.0rc9-1 03-Mar-2003 joshk@triplehelix.org +# Version: ircd-hybrid 7.2.2-2 10-Sep-2006 ag@roxor.cx +# Version: ratbox-services 2.2.6-1 21-Aug-2007 acornet@debian.org +# Version: ratbox-services 1.1.2-1 28-Aug-2007 acornet@debian.org + +### BEGIN INIT INFO +# Provides: ratbox-services +# Should-Start: $named +# Should-Stop: $named +# Required-Start: $local_fs $remote_fs $network +# Required-Stop: $local_fs $remote_fs +# Default-Start: 2 3 4 5 +# Default-Stop: 0 1 6 +# Short-Description: ratbox-services daemon init.d script +# Description: Control ratbox-services IRC services +### END INIT INFO + +PATH=/sbin:/bin:/usr/sbin:/usr/bin +DAEMON=/usr/sbin/ratbox-services +DEFAULT=/etc/default/ratbox-services +NAME="ratbox-services-<%= name %>" +DESC="ratbox IRC Services" +BASEDIR="/var/lib/ratbox-services/<%= name %>" +UID=$(id -u irc) +GID=$(id -g irc) +ENABLED=1 + +test -f $DAEMON || exit 0 + +if [ -e $DEFAULT ]; then + . $DEFAULT +fi + +test "$ENABLED" != "0" || exit 0 + +[ -f /etc/default/rcS ] && . /etc/default/rcS +. /lib/lsb/init-functions + +set -e + +ratbox_start() +{ + if [ ! -d $BASEDIR/var/run/ratbox-services ] ; then + mkdir -p $BASEDIR/var/run/ratbox-services + chown irc:irc $BASEDIR/var/run/ratbox-services + fi + start-stop-daemon --start --quiet \ + --pidfile $BASEDIR/var/run/ratbox-services/ratbox-services.pid \ + --exec $DAEMON -- \ + -g $GID -u $UID -r $BASEDIR > /dev/null \ + || return 2 + return 0 +} + +ratbox_stop() +{ + start-stop-daemon --oknodo --stop --quiet \ + --pidfile $BASEDIR/var/run/ratbox-services/ratbox-services.pid \ + --signal 15 --exec $DAEMON -- \ + || return 2 + return 0 +} + +case "$1" in +start) + log_daemon_msg "Starting ratbox-services" "ratbox-services" + ratbox_start + case "$?" in + 0) log_end_msg 0 ;; + 1|2) log_end_msg 1 ;; + esac + ;; +stop) + log_daemon_msg "Stopping $NAME" "$NAME" + ratbox_stop + case "$?" in + 0|1) log_end_msg 0 ;; + 2) log_end_msg 1 ;; + esac + ;; +restart|force-reload|reload) + log_daemon_msg "Restarting $NAME" "$NAME" + ratbox_stop + ratbox_start + case "$?" in + 0) log_end_msg 0 ;; + 1|2) log_end_msg 1 ;; + esac + ;; +*) + echo "Usage: $0 {start|stop|restart|reload|force-reload}" >&2 + exit 1 + ;; +esac + +exit 0 +