tmakinen/puppet
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Added irc module

Browse source
This commit is contained in:
Ossi Salmi 2011-10-04 16:43:13 +03:00 committed by Timo Mkinen
parent 8217a3b0f8
commit 758c49dc20
6 changed files with 1980 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

186
irc/manifests/init.pp Normal file
View file

@ -0,0 +1,186 @@
# Install IRC server.
#
class irc::server {
package { "ircd-ratbox":
ensure => installed,
}
file { "/var/lib/ratbox":
ensure => directory,
owner => irc,
group => irc,
mode => 0700,
require => Package["ircd-ratbox"],
}
}
# Install IRC services.
#
class irc::services inherits irc::server {
package { "ratbox-services-sqlite":
ensure => installed,
}
file { "/var/lib/ratbox-services":
ensure => directory,
owner => irc,
group => irc,
mode => 0700,
require => Package["ircd-ratbox", "ratbox-services-sqlite"],
}
}
# Configure IRC network.
#
define irc::network($desc, $servername, $serverdesc,
$port, $sslport, $operpass, $userpass="",
$services=false, $servpass="") {
include irc::server
file { "/var/lib/ratbox/${name}":
ensure => directory,
owner => irc,
group => irc,
mode => 0700,
require => File["/var/lib/ratbox"],
}
file { "/var/lib/ratbox/${name}/ircd.conf":
ensure => present,
mode => 0600,
owner => irc,
group => irc,
content => $services ? {
true => template("irc/ircd-ratbox.conf.erb", "irc/ircd-ratbox-services.conf.erb"),
false => template("irc/ircd-ratbox.conf.erb"),
},
before => Service["ircd-${name}"],
notify => Service["ircd-${name}"],
require => File["/var/lib/ratbox/${name}"],
}
ssl::certificate { "/var/lib/ratbox/${name}/ircd.pem":
cn => "${servername}",
mode => 0600,
owner => "irc",
group => "irc",
require => File["/var/lib/ratbox/${name}"],
}
ssl::dhparam { "/var/lib/ratbox/${name}/dh.pem":
mode => 0600,
owner => "irc",
group => "irc",
require => File["/var/lib/ratbox/${name}"],
}
file { "/etc/init.d/ircd-${name}":
ensure => present,
mode => 0755,
owner => root,
group => root,
content => template("irc/ircd-ratbox.init.erb"),
before => Service["ircd-${name}"],
notify => Exec["enable-ircd-${name}"],
}
exec { "enable-ircd-${name}":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "update-rc.d ircd-${name} defaults",
refreshonly => true,
before => Service["ircd-${name}"],
}
service { "ircd-${name}":
ensure => running,
enable => true,
status => "pgrep -u irc -f /var/lib/ratbox/${name}",
}
if $services == true {
include irc::services
if ! $servpass {
fail("\$servpass must be defined.")
}
file { [ "/var/lib/ratbox-services/${name}",
"/var/lib/ratbox-services/${name}/etc",
"/var/lib/ratbox-services/${name}/etc/ratbox-services",
"/var/lib/ratbox-services/${name}/usr",
"/var/lib/ratbox-services/${name}/usr/share",
"/var/lib/ratbox-services/${name}/usr/share/ratbox-services",
"/var/lib/ratbox-services/${name}/usr/share/ratbox-services/help",
"/var/lib/ratbox-services/${name}/usr/share/ratbox-services/langs",
"/var/lib/ratbox-services/${name}/var",
"/var/lib/ratbox-services/${name}/var/log",
"/var/lib/ratbox-services/${name}/var/log/ratbox-services",
"/var/lib/ratbox-services/${name}/var/run",
"/var/lib/ratbox-services/${name}/var/run/ratbox-services", ]:
ensure => directory,
owner => irc,
group => irc,
mode => 0600,
before => Service["ratbox-services-${name}"],
require => File["/var/lib/ratbox-services"],
}
File["/var/lib/ratbox-services/${name}/usr/share/ratbox-services/help"] {
source => "/usr/share/ratbox-services/help",
recurse => true,
}
file { "/var/lib/ratbox-services/${name}/etc/ratbox-services/ratbox-services.conf":
ensure => present,
mode => 0600,
owner => irc,
group => irc,
content => template("irc/ratbox-services.conf.erb"),
before => Service["ratbox-services-${name}"],
notify => Service["ratbox-services-${name}"],
require => File["/var/lib/ratbox-services/${name}/etc/ratbox-services"],
}
file { "/var/lib/ratbox-services/${name}/etc/ratbox-services/ratbox-services.db":
ensure => present,
mode => 0600,
owner => irc,
group => irc,
source => "/etc/ratbox-services/ratbox-services.db",
replace => false,
before => Service["ratbox-services-${name}"],
require => File["/var/lib/ratbox-services/${name}/etc/ratbox-services"],
}
file { "/etc/init.d/ratbox-services-${name}":
ensure => present,
mode => 0755,
owner => root,
group => root,
content => template("irc/ratbox-services.init.erb"),
before => Service["ratbox-services-${name}"],
notify => Exec["enable-ratbox-services-${name}"],
}
exec { "enable-ratbox-services-${name}":
path => "/bin:/usr/bin:/sbin:/usr/sbin",
command => "update-rc.d ratbox-services-${name} defaults",
refreshonly => true,
before => Service["ratbox-services-${name}"],
}
service { "ratbox-services-${name}":
ensure => running,
enable => true,
status => "pgrep -u irc -f /var/lib/ratbox-services/${name}",
}
}
}

46
irc/templates/ircd-ratbox-services.conf.erb Normal file
View file

@ -0,0 +1,46 @@
/* connect {}: controls servers we connect to (OLD C:, N:, H:, L:) */
connect "ratbox.services" {
/* the name must go above */
/* host: the host or IP to connect to. If a hostname is used it
* must match the reverse dns of the server.
*/
host = "127.0.0.1";
/* vhost: the host or IP to bind to for this connection. If this
* is not specified, the default vhost (in serverinfo {}) is used.
*/
#vhost = "192.168.0.50";
/* passwords: the passwords we send (OLD C:) and accept (OLD N:).
* The remote server will have these passwords reversed.
*/
send_password = "<%= servpass %>";
accept_password = "<%= servpass %>";
/* port: the port to connect to this server on */
port = <%= port %>;
/* hub mask: the mask of servers that this server may hub. Multiple
* entries are permitted
*/
hub_mask = "*";
/* leaf mask: the mask of servers this server may not hub. Multiple
* entries are permitted. Useful for forbidding EU -> US -> EU routes.
*/
#leaf_mask = "*.uk";
/* class: the class this server is in */
class = "server";
/* flags: controls special options for this server
* encrypted - marks the accept_password as being crypt()'d
* autoconn - automatically connect to this server
* compressed - compress traffic via ziplinks
* topicburst - burst topics between servers
* ssl - ssl/tls encrypted server connections
*/
flags = compressed, topicburst;
};

774
irc/templates/ircd-ratbox.conf.erb Normal file
View file

@ -0,0 +1,774 @@
/* IMPORTANT NOTES:
*
* class {} blocks MUST be specified before anything that uses them. That
* means they must be defined before auth {} and before connect {}.
*
* auth {} blocks MUST be specified in order of precedence. The first one
* that matches a user will be used. So place spoofs first, then specials,
* then general access, then restricted.
*
* Both shell style (#) and C style comments are supported.
*
* Files may be included by either:
* .include "filename"
* .include <filename>
*
* Times/durations are written as:
* 12 hours 30 minutes 1 second
*
* Valid units of time:
* month, week, day, hour, minute, second
*
* Valid units of size:
* megabyte/mbyte/mb, kilobyte/kbyte/kb, byte
*
* Sizes and times may be singular or plural.
*/
/* serverinfo {}: Contains information about the server. (OLD M:) */
serverinfo {
/* name: the name of our server */
name = "<%= servername %>";
/* sid: the unique server id of our server. This must be three
* characters long. The first character must be a digit [0-9], the
* remaining two chars may be letters [A-Z] or digits [0-9].
*
* This must be specified even if use_ts6 is set to no.
*/
sid = "42X";
/* description: the description of our server. '[' and ']' may not
* be used here for compatibility with older servers.
*/
description = "<%= serverdesc %>";
/* network info: the name and description of the network this server
* is on. Shown in the 005 reply and used with serverhiding.
*/
network_name = "<%= name %>";
network_desc = "<%= desc %>";
/* hub: allow this server to act as a hub and have multiple servers
* connected to it.
*/
hub = no;
/* vhost: the IP to bind to when we connect outward to ipv4 servers.
* This should be an ipv4 IP only.
*/
#vhost = "192.169.0.1";
/* vhost6: the IP to bind to when we connect outward to ipv6 servers.
* This should be an ipv6 IP only.
*/
#vhost6 = "3ffe:80e8:546::2";
/* vhost_dns: the IP to bind outgoing dns requests when the dns server is
* ipv4
*/
#vhost_dns = "192.169.0.2";
/* vhost6_dns: the IP to bind outgoing dns requests when the dns server is
* ipv6
*/
#vhost_dns6 = "3ffe:80e8:546::3";
/* default max clients: the default maximum number of clients
* allowed to connect. This can be changed once ircd has started by
* issuing:
* /quote set maxclients <limit>
*/
default_max_clients = 10000;
/* ssl_private_key: our ssl private key */
ssl_private_key = "ircd.pem";
/* ssl_cert: certificate for our ssl server */
ssl_cert = "ircd.pem";
/* ssl_dh_params: DH parameters, generate with openssl dhparam -out dh.pem 1024 */
ssl_dh_params = "dh.pem";
/* ssld_count: number of ssld processes you want to start, if you
* have a really busy server, using N-1 where N is the number of
* cpu/cpu cores you have might be useful. A number greater than one
* can also be useful in case of bugs in ssld and because ssld needs
* two file descriptors per SSL connection.
*/
ssld_count = 1;
/* bandb: path to the ban database - default is PREFIX/etc/ban.db */
bandb = "ban.db";
};
/* admin {}: contains admin information about the server. (OLD A:) */
admin {
name = "IRC Admin";
description = "Server Administrator";
email = "<root@localhost>";
};
/* log {}: contains information about logfiles. */
log {
/* logfiles: the logfiles to use for specific activity. if these
* paths are defined, then ircd will log to them, otherwise it wont.
*
* The confs are, in order:
* - userlog: user exits
* - fuserlog: failed user connections
* - operlog: /oper usage
* - foperlog: failed /oper usage
* - serverlog: server connects/disconnects
* - glinelog: glines
* - klinelog: klines, etc
* - killlog: kills
* - operspylog: operspy usage
* - ioerrorlog: IO errors
*/
fname_userlog = "logs/userlog";
#fname_fuserlog = "logs/fuserlog";
fname_operlog = "logs/operlog";
#fname_foperlog = "logs/foperlog";
fname_serverlog = "logs/serverlog";
fname_glinelog = "logs/glinelog";
#fname_klinelog = "logs/klinelog";
fname_killlog = "logs/killlog";
fname_operspylog = "logs/operspylog";
#fname_ioerrorlog = "logs/ioerror";
};
/* class {}: contain information about classes for users (OLD Y:) */
class "users" {
/* class name must go above */
/* ping time: how often a client must reply to a PING from the
* server before they are dropped.
*/
ping_time = 2 minutes;
/* number per ident: the number of users per user@host networkwide
* allowed to connect. Unidented connections are classified as
* the same ident.
*/
number_per_ident = 100;
/* number per ip: the number of local users per host allowed */
number_per_ip = 100;
/* number per ip global: the number of network wide connections
* per host allowed for a user, including connections to the
* local server.
*/
number_per_ip_global = 100;
/* cidr_ipv4_bitlen: Limits numbers of connections from a subnet size
*/
cidr_ipv4_bitlen = 24;
/* cidr_ipv6_bitlen: Limits numbers of connections from a subnet size
* the following example makes the subnet /64 this is useful
* for IPv6 connections in particular
*/
cidr_ipv6_bitlen = 64;
/* number_per_cidr: Number of connections to allow from a subnet of the
* size given in cidr_bitlen. 4 seems to be a good default to me.
*/
number_per_cidr = 100;
/* max number: the maximum number of users allowed in this class */
max_number = 100;
/* sendq: the amount of data allowed in a clients queue before
* they are dropped.
*/
sendq = 100 kbytes;
};
class "restricted" {
ping_time = 1 minute 30 seconds;
number_per_ip = 1;
max_number = 100;
sendq = 60kb;
};
class "opers" {
ping_time = 5 minutes;
number_per_ip = 10;
max_number = 100;
sendq = 100kbytes;
};
class "server" {
ping_time = 5 minutes;
/* connectfreq: only used in server classes. specifies the delay
* between autoconnecting to servers.
*/
connectfreq = 5 minutes;
/* max number: the amount of servers to autoconnect to */
max_number = 1;
/* sendq: servers need a higher sendq as they send more data */
sendq=2 megabytes;
};
/* listen {}: contain information about the ports ircd listens on (OLD P:) */
listen {
host = "127.0.0.1";
port = <%= port %>;
};
listen {
sslport = <%= sslport %>;
};
/* auth {}: allow users to connect to the ircd (OLD I:) */
auth {
user = "*@*";
class = "users";
<% if userpass != "" -%>
password = "<%= userpass %>";
<% end -%>
};
/* operator {}: defines ircd operators. (OLD O:)
* ircd-ratbox no longer supports local operators, privileges are
* controlled via flags.
*/
operator "root" {
/* name: the name of the oper must go above */
/* user: the user@host required for this operator. CIDR *is*
* supported now.
* multiple user="" lines are supported.
*/
user = "*@127.0.0.1";
/* password: the password required to oper. Unless ~encrypted is
* contained in flags = ...; this will need to be encrypted using
* ratbox-mkpasswd, MD5 is supported
*/
password = "<%= operpass %>";
/* rsa key: the public key for this oper when using Challenge.
* A password should not be defined when this is used, see
* doc/challenge.txt for more information.
*/
#rsa_public_key_file = "/usr/local/ircd/etc/oper.pub";
/* umodes: the specific umodes this oper gets when they oper.
* If this is specified an oper will not be given oper_umodes
* These are described above oper_only_umodes in general {};
*/
#umodes = locops, servnotice, operwall, wallop;
/* privileges: controls the activities and commands an oper is
* allowed to do on the server. You may prefix an option with ~ to
* disable it, ie ~operwall
*
* Default flags are operwall, remoteban and encrypted.
*
* Available options:
*
* encrypted: the password above is encrypted [DEFAULT]
* local_kill: allows local users to be /KILL'd
* global_kill: allows local and remote users to be
* /KILL'd (OLD 'O' flag)
* remote: allows remote SQUIT and CONNECT (OLD 'R' flag)
* kline: allows KILL, KLINE and DLINE (OLD 'K' flag)
* unkline: allows UNKLINE and UNDLINE (OLD 'U' flag)
* gline: allows GLINE (OLD 'G' flag)
* nick_changes: allows oper to see nickchanges (OLD 'N' flag)
* via usermode +n
* rehash: allows oper to REHASH config (OLD 'H' flag)
* die: allows DIE and RESTART (OLD 'D' flag)
* admin: gives admin privileges. admins
* may (un)load modules and see the
* real IPs of servers.
* hidden_admin: gives admin privileges except
* will not have the admin lines in
* stats p and whois.
* xline: allows use of /quote xline/unxline
* resv: allows use of /quote resv/unresv
* operwall: allows the oper to send operwalls [DEFAULT]
* oper_spy: allows 'operspy' features to see through +s
* channels etc. see /quote help operspy
* hidden_oper: hides the oper from /stats p (OLD UMODE +p)
* remoteban: allows remote kline etc [DEFAULT]
* need_ssl: oper must be connected via SSL/TLS to oper up
*
*/
flags = global_kill, remote, kline, unkline, gline,
die, rehash, admin, xline, resv, operwall,
~encrypted;
};
/* If you are using the ratbox-services compatibility code, uncomment this. */
/* service{}: privileged servers (services). These servers have extra
* privileges such as setting login names on users and introducing clients
* with umode +S (unkickable). This does not allow them to set bans, you
* need a separate shared{} for that.
* Do not place normal servers here.
* There may be only one service{} block.
*/
#service {
# /* name: the server name. These may be stacked. */
# name = "ratbox.services";
#};
/* The channel block contains options pertaining to channels */
channel {
/* invex: Enable/disable channel mode +I, a n!u@h list of masks
* that can join a +i channel without an invite.
*/
use_invex = yes;
/* except: Enable/disable channel mode +e, a n!u@h list of masks
* that can join a channel through a ban (+b).
*/
use_except = yes;
/* knock: Allows users to request an invite to a channel that
* is locked somehow (+ikl). If the channel is +p or you are banned
* the knock will not be sent.
*/
use_knock = yes;
/* invite ops only: Restrict /invite to ops on channels, rather than
* allowing unopped users to invite people to a -i channel.
*/
invite_ops_only = yes;
/* knock delay: The amount of time a user must wait between issuing
* the knock command.
*/
knock_delay = 5 minutes;
/* knock channel delay: How often a knock to any specific channel
* is permitted, regardless of the user sending the knock.
*/
knock_delay_channel = 1 minute;
/* max chans: The maximum number of channels a user can join/be on. */
max_chans_per_user = 15;
/* quiet on ban: stop banned people talking in channels. */
quiet_on_ban = yes;
/* max bans: maximum number of +b/e/I modes in a channel */
max_bans = 25;
/* splitcode: split users, split servers and either no join on split
* or no create on split must be enabled for split checking.
* splitmode will be entered on either split users or split servers
* dropping below the limit.
*
* you may force splitmode to be permanent by /quote set splitmode on
*/
/* split users: when the usercount is lower than this level, consider
* ourselves split. this must be set for automatic splitmode
*/
default_split_user_count = 0;
/* split servers: when the amount of servers that have acknowledged
* theyve finished bursting is lower than this, consider ourselves
* split. this must be set for automatic splitmode
*/
default_split_server_count = 0;
/* split: no create: disallow users creating channels on split */
no_create_on_split = no;
/* split: no join: disallow users joining channels at all on a split */
no_join_on_split = no;
/* burst topicwho: when bursting topics, also burst the topic setter */
burst_topicwho = yes;
/* use_sslonly: enables the use of channel mode +S which enforces
* that users be one ssl/tls enabled connections
*/
use_sslonly = no;
/* topiclen: length of topics */
topiclen = 160;
};
/* The serverhide block contains the options regarding serverhiding */
serverhide {
/* flatten links: this option will show all servers in /links appear
* that they are linked to this current server
*/
flatten_links = no;
/* links delay: how often to update the links file when it is
* flattened.
*/
links_delay = 5 minutes;
/* hidden: hide this server from a /links output on servers that
* support it. this allows hub servers to be hidden etc.
*/
hidden = no;
/* disable hidden: prevent servers hiding themselves from a
* /links ouput.
*/
disable_hidden = no;
};
/* The general block contains many of the options that were once compiled
* in options in config.h. The general block is read at start time.
*/
general {
/* hide error messages: defines whether error messages from
* servers are hidden or not. These can sometimes contain IPs and
* can have an adverse effect on server ip hiding. Set to:
* yes: hide from opers and admin
* opers: hide from opers only
* no: do not hide error messages
*/
hide_error_messages = opers;
/* hide spoof ips: hide the real ips of spoofed users */
hide_spoof_ips = yes;
/* default invisible: set clients +i on connect */
default_invisible = no;
/* default operstring: defines the default oper response
* in /whois queries, eg "is an IRC Operator"
*/
default_operstring = "is an IRC Operator";
/* default adminstring: defines the default admin response
* in /whois queries, eg "is a Server Administrator"
*/
default_adminstring = "is a Server Administrator";
/* disable fake channels: disable local users joining fake versions
* of channels, eg #foo^B^B. Disables bold, mirc colour, reverse,
* underline and hard space. (ASCII 2, 3, 22, 31, 160 respectively).
*/
disable_fake_channels = no;
/* tkline_expire_notices: give a notice to opers when a tkline
* expires
*/
tkline_expire_notices = no;
/* floodcount: the default value of floodcount that is configurable
* via /quote set floodcount. This is the amount of lines a user
* may send to any other user/channel in one second.
*/
default_floodcount = 10;
/* failed oper notice: send a notice to all opers on the server when
* someone tries to OPER and uses the wrong password, host or ident.
*/
failed_oper_notice = yes;
/* dots in ident: the amount of '.' characters permitted in an ident
* reply before the user is rejected.
*/
dots_in_ident=2;
/* dot in ipv6: ircd-hybrid-6.0 and earlier will disallow hosts
* without a '.' in them. this will add one to the end. only needed
* for older servers.
*/
dot_in_ip6_addr = no;
/* min nonwildcard: the minimum non wildcard characters in k/d/g lines
* placed via the server. klines hand placed are exempt from limits.
* wildcard chars: '.' '*' '?' '@'
*/
min_nonwildcard = 4;
/* min nonwildcard simple: the minimum non wildcard characters in
* xlines/resvs placed via the server.
* wildcard chars: '*' '?'
*/
min_nonwildcard_simple = 3;
/* max accept: maximum allowed /accept's for +g usermode */
max_accept = 20;
/* max monitor: the maximum amount of nicknames a client may have in
* their monitor (server-side notify) list.
*/
max_monitor = 100;
/* nick flood: enable the nickflood control code */
anti_nick_flood = yes;
/* nick flood: the nick changes allowed in the specified period */
max_nick_time = 20 seconds;
max_nick_changes = 5;
/* anti spam time: the minimum time a user must be connected before
* custom quit messages are allowed.
*/
anti_spam_exit_message_time = 5 minutes;
/* ts delta: the time delta allowed between server clocks before
* a warning is given, or before the link is dropped. all servers
* should run ntpdate/rdate to keep clocks in sync
*/
ts_warn_delta = 30 seconds;
ts_max_delta = 5 minutes;
/* client exit: prepend a users quit message with "Client exit: " */
client_exit = yes;
/* collision fnc: change user's nick to their UID instead of
* killing them, if possible. This setting only applies to nick
* collisions detected on this server. Only enable this if
* all servers on the network allow remote nicks to start with
* a digit.
*/
collision_fnc = no;
/* dline reason: show the user the dline reason when they connect
* and are dlined.
*/
dline_with_reason = yes;
/* kline delay: delay the checking of klines until a specified time.
* Useful if large kline lists are applied often to prevent the
* server eating CPU.
*/
kline_delay = 0 seconds;
/* kline reason: show the user the reason why they are k/d/glined
* on exit. may give away who set k/dline when set via tcm.
*/
kline_with_reason = yes;
/* kline reason: make the users quit message on channels this
* reason instead of the oper's reason.
*/
kline_reason = "Connection closed";
/* non redundant klines: flag and ignore redundant klines */
non_redundant_klines = yes;
/* warn no nline: warn opers about servers that try to connect but
* we dont have a connect {} block for. Twits with misconfigured
* servers can get really annoying with this enabled.
*/
warn_no_nline = yes;
/* stats e disabled: disable stats e. useful if server ips are
* exempted and you dont want them listing on irc.
*/
stats_e_disabled = no;
/* stats c oper only: make stats c (connect {}) oper only */
stats_c_oper_only=no;
/* stats h oper only: make stats h (hub_mask/leaf_mask) oper only */
stats_h_oper_only=no;
/* stats y oper only: make stats y (class {}) oper only */
stats_y_oper_only=no;
/* stats o oper only: make stats o (opers) oper only */
stats_o_oper_only=yes;
/* stats P oper only: make stats P (ports) oper only
* NOTE: users doing stats P will never be given the ips that the
* server listens on, simply the ports.
*/
stats_P_oper_only=no;
/* stats i oper only: make stats i (auth {}) oper only. set to:
* yes: show users no auth blocks, made oper only.
* masked: show users first matching auth block
* no: show users all auth blocks.
*/
stats_i_oper_only=masked;
/* stats k/K oper only: make stats k/K (klines) oper only. set to:
* yes: show users no auth blocks, made oper only
* masked: show users first matching auth block
* no: show users all auth blocks.
*/
stats_k_oper_only=masked;
/* map oper only: make /map oper only */
map_oper_only = no;
/* operspy admin only: make operspy notices to +Z admin only */
operspy_admin_only = no;
/* caller id wait: time between notifying a +g user that somebody
* is messaging them.
*/
caller_id_wait = 1 minute;
/* pace wait simple: time between use of less intensive commands
* (HELP, remote WHOIS, WHOWAS)
*/
pace_wait_simple = 1 second;
/* pace wait: time between more intensive commands
* (ADMIN, INFO, LIST, LUSERS, MOTD, STATS, VERSION)
*/
pace_wait = 10 seconds;
/* short motd: send clients a notice telling them to read the motd
* instead of forcing a motd to clients who may simply ignore it.
*/
short_motd = no;
/* ping cookies: require clients to respond exactly to a ping command,
* can help block certain types of drones and FTP PASV mode spoofing.
*/
ping_cookie = no;
/* connect timeout: sets how long we should wait for a connection
* request to succeed
*/
connect_timeout = 30 seconds;
/* disable auth: disables identd checking */
disable_auth = no;
/* no oper flood: increase flood limits for opers. */
no_oper_flood = yes;
/* glines: enable glines, network wide temp klines */
glines = yes;
/* gline time: the amount of time a gline will remain before expiring */
gline_time = 1 day;
/* gline_min_cidr: If using a CIDR gline, the minimum length the
* mask must be
*/
gline_min_cidr = 16;
/* global_cidr_ipv4_bitlen: limits numbers of connections from a subnet size globally
* global_cidr_ipv4_count: number of connections allowed from a given subnet
* global_cidr_ipv6_bitlen and global_cidr_ipv6_count are the same as above but for ipv6
*
* global_cidr: if set to no, do not process limits
*
* The reason these are not in classes is that remote clients do not get assigned classes
* Also this needs TS6 across the entire network to work in a reliable way
*/
global_cidr_ipv4_bitlen = 24;
global_cidr_ipv4_count = 384;
global_cidr_ipv6_bitlen = 64;
global_cidr_ipv6_count = 128;
global_cidr = yes;
/* max targets: the maximum amount of targets in a single
* PRIVMSG/NOTICE. set to 999 NOT 0 for unlimited.
*/
max_targets = 4;
/* client flood: maximum number of lines in a clients queue before
* they are dropped for flooding.
*/
client_flood = 20;
/* post registration delay: after a user has registered, delay
* parsing any commands from them for this amount of time in order
* to perform bopm checks etc.
*
* Warning: if this is set too high (i.e. above 5-10s), it is
* likely to cause issues for clients.
*/
post_registration_delay = 0 seconds;
/* use_whois_actually: send clients requesting a whois a numeric
* giving the real IP of non-spoofed clients to prevent DNS abuse.
*/
use_whois_actually = yes;
/* usermodes configurable: a list of usermodes for the options below
*
* +b - bots - See bot and drone flooding notices
* +c - cconn - Client connection/quit notices
* +C - cconnext - Extended client connection/quit notices
* +d - debug - See debugging notices
* +f - full - See I: line full notices
* +g - callerid - Server Side Ignore
* +i - invisible - Not shown in NAMES or WHO unless you share a
* a channel
* +k - skill - See server generated KILL messages
* +l - locops - See LOCOPS messages
* +n - nchange - See client nick changes
* +r - rej - See rejected client notices
* +s - servnotice - See general server notices
* +u - unauth - See unauthorised client notices
* +w - wallop - See server generated WALLOPS
* +x - external - See remote server connection and split notices
* +y - spy - See LINKS, STATS, TRACE notices etc.
* +z - operwall - See oper generated WALLOPS
* +Z - operspy - See operspy notices
*/
/* oper only umodes: usermodes only opers may set */
oper_only_umodes = bots, cconn, debug, full, skill, nchange,
rej, spy, external, operwall, locops, unauth;
/* oper umodes: default usermodes opers get when they /oper */
oper_umodes = locops, servnotice, operwall, wallop;
/* use egd: if your system does not have *random devices yet you
* want to use OpenSSL and encrypted links, enable this. Beware -
* EGD is *very* CPU intensive when gathering data for its pool
*/
#use_egd = yes;
/* egdpool path: path to EGD pool. Not necessary for OpenSSL >= 0.9.7
* which automatically finds the path.
*/
#egdpool_path = "/var/run/egd-pool";
/* compression level: level of compression for compressed links between
* servers.
*
* values are between: 1 (least compression, fastest)
* and: 9 (most compression, slowest).
*/
#compression_level = 6;
/* burst_away: This enables bursting away messages to servers.
* With this disabled, we will only propogate AWAY messages
* as users send them, but never burst them. Be warned though
* enabling this could increase the size of a burst significantly
* for a large network, like EFnet.
*/
burst_away = yes;
/* reject duration: the amount of time to cache the rejection */
reject_duration = 5 minutes;
/* reject_after_count: the number of times within reject_duration time that
* an IP will start being rejected.
*/
reject_after_count = 3;
/* throttle_duration: Amount of time that throttling will be applied to an IP
* address.
*/
throttle_duration = 60;
/* throttle_count: Number of connections within throttle_duration that it takes
* for throttling to take effect */
throttle_count = 4;
};

121
irc/templates/ircd-ratbox.init.erb Executable file
View file

@ -0,0 +1,121 @@
#! /bin/sh
# ircd-ratbox Start/stop the ratbox IRC server.
# This file is based on debian's ircd-hybrid init script
# Version: ircd-hybrid 7.0rc9-1 03-Mar-2003 joshk@triplehelix.org
# Version: ircd-hybrid 7.2.2-2 10-Sep-2006 ag@roxor.cx
# Version: ircd-ratbox 2.2.6-1 21-Aug-2007 acornet@debian.org
### BEGIN INIT INFO
# Provides: ircd-ratbox
# Required-Start: $syslog
# Required-Stop: $syslog
# Should-Start: $local_fs $network $named
# Should-Stop: $local_fs $network $named
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: ircd-ratbox daemon init.d script
# Description: Control ircd-ratbox IRC server daemon.
### END INIT INFO
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/ircd-ratbox
DEFAULT=/etc/default/ircd-ratbox
NAME="ircd-<%= name %>"
DESC="ratbox IRC Server"
BASEDIR="/var/lib/ratbox/<%= name %>"
ENABLED=1
test -f $DAEMON || exit 0
if [ -e $DEFAULT ]; then
. $DEFAULT
fi
test "$ENABLED" != "0" || exit 0
[ -f /etc/default/rcS ] && . /etc/default/rcS
. /lib/lsb/init-functions
set -e
ratbox_start()
{
if [ ! -d /var/run/ircd ] ; then
mkdir /var/run/ircd
chown irc:irc /var/run/ircd
fi
if [ -f /var/run/ircd/$NAME.pid ] ; then
echo -n " already running"
return 0
fi
start-stop-daemon --start --quiet \
-u irc -c irc --pidfile /var/run/ircd/$NAME.pid \
--exec $DAEMON -- \
-basedir $BASEDIR -configfile $BASEDIR/ircd.conf -logfile /var/log/ircd-ratbox/$NAME.log -pidfile /var/run/ircd/$NAME.pid > /dev/null \
|| return 2
return 0
}
ratbox_stop()
{
start-stop-daemon --oknodo --stop --quiet \
--pidfile /var/run/ircd/$NAME.pid \
--signal 15 --exec $DAEMON -- -pidfile /var/run/ircd/$NAME.pid \
|| return 2
return 0
}
ratbox_reload()
{
if [ -f "/var/run/ircd/$NAME.pid" ]; then
kill -s HUP $(cat /var/run/ircd/$NAME.pid)
return 0
else
return 2
fi
}
case "$1" in
start)
log_daemon_msg "Starting $NAME" "$NAME"
ratbox_start
case "$?" in
0) log_end_msg 0 ;;
1|2) log_end_msg 1 ;;
esac
;;
stop)
log_daemon_msg "Stopping $NAME" "$NAME"
ratbox_stop
case "$?" in
0|1) log_end_msg 0 ;;
2) log_end_msg 1 ;;
esac
;;
reload)
log_daemon_msg "Reloading $NAME" "$NAME"
ratbox_reload
case "$?" in
0|1) log_end_msg 0 ;;
2) log_end_msg 1 ;;
esac
;;
restart|force-reload)
log_daemon_msg "Restarting $NAME" "$NAME"
ratbox_stop
ratbox_start
case "$?" in
0) log_end_msg 0 ;;
1|2) log_end_msg 1 ;;
esac
;;
*)
echo "Usage: $0 {start|stop|restart|reload|force-reload}" >&2
exit 1
;;
esac
exit 0

751
irc/templates/ratbox-services.conf.erb Normal file
View file

@ -0,0 +1,751 @@
/* serverinfo: contains services information */
serverinfo {
/* name: the name of our services */
name = "ratbox.services";
/* sid: the unique server id of services. This follows the same
* form as ircd, eg [0-9][A-Z0-9][A-Z0-9]
*/
sid = "36D";
/* description: the description of our services */
description = "ratbox services";
/* vhost: default vhost to use for connections */
# vhost = "127.0.0.1";
/* dcc vhost: default vhost to use for dcc connections.
* this must be set for /ctcp <service> chat to work.
*/
# dcc_vhost = "127.0.0.1";
/* dcc ports: specifies the portrange to use for inbound
* chat requests.
*/
dcc_low_port = 3000;
dcc_high_port = 5000;
/* reconnect time: time duration between reconnections to
* our uplinks.
*/
reconnect_time = 5 minutes;
/* ping time: time duration to send PINGs after no data */
ping_time = 5 minutes;
/* ratbox: pure ircd-ratbox/hyb7 network */
ratbox = yes;
/* client flood settings: control how many commands an individual
* user may issue in the given time. The limits work on a penalty
* points system, with between 1-3 points per command. HELP has
* a penalty of 2.
*/
/* client flood max: the maximum score a client may have before we
* stop parsing commands from them.
*/
client_flood_max = 20;
/* client flood max ignore: the score at which we start ignoring a
* client.
*/
client_flood_max_ignore = 30;
/* client flood ignore time: the duration for which we ignore a
* client.
*/
client_flood_ignore_time = 5 minutes;
/* client flood time: the length of time to keep the clients current
* flooding score for.
*/
client_flood_time = 1 minute;
/* allow stats o: allow stats O requests to list opers. This
* will only ever be allowed from ircops/services opers
*/
allow_stats_o = yes;
/* allow sslonly: allow users to set +S (SSL only) channelmode
* through chanserv. This affects chanserv only -- services will
* always parse and accept +S from the ircd.
*
* IMPORTANT: do not enable this, if it is not enabled on the ircd.
*/
allow_sslonly = no;
/* default language: the default language to use when communicating
* with users. If userserv is enabled, users may also pick their
* own language from the list. Note, there is no error checking
* for whether this is a valid/available language.
*
* Available languages:
* en - English
*/
#default_language = "en";
};
/* email settings: these settings configure how (if at all) we send email.
*
* IMPORTANT: sending emails carries with it a risk of exposing the
* hidden ips of services servers -- your local mail server should
* take whatever steps are necessary to avoid disclosing private
* ips. Ideally, this would involve relaying through another
* (public) mail server which strips out originating headers.
*/
email {
/* disable email: a master switch to disable sending of emails.
* This will prevent ratbox-services from ever sending emails, and
* will disable usage of commands that require emails.
*/
disable_email = yes;
/* program: email will only ever be sent through a local program,
* this controls the program we call to do it. This should
* be a comma seperated list of quoted strings, starting with the
* email program instead and then optionally any arguments it takes.
*/
email_program = "/usr/sbin/sendmail", "-t";
/* email name: the "name" of the user emails originate from */
email_name = "services";
/* email address: the address emails originate from */
email_address = "services@example.com";
/* email limits: these two options control the maximum number of
* emails we will send in a specified duration
*/
email_number = 15;
email_duration = 1 minute;
};
/* admin: contains general admin information */
admin {
name = "IRC Admin";
description = "Server Administrator";
email = "<root@localhost>";
};
/* connect: specifies a server to connect to, name of uplink
* is specified in quotation marks
*/
connect "<%= servername %>" {
/* host: the host to connect to */
host = "127.0.0.1";
/* vhost: optional vhost to use for this connection */
# vhost = "10.0.0.2";
/* password: the password to use */
password = "<%= servpass %>";
/* port: the port to connect on */
port = <%= port %>;
/* autoconn: auto connect to this server. default yes */
# autoconn = no;
};
/* operator: specifies an oper who has extended access to services.
* The username is specified in quotation marks.
*/
operator "root" {
/* user: specifies a user@host who may connect.
* multiple may be specified, wildcards are accepted.
*/
user = "*@127.0.0.1";
/* you may also restrict the oper to a specific server, they will
* then only be able to connect when using that server.
*/
#user = "flame@127.0.0.1", "irc.ircd-ratbox.org";
/* password: the password to login */
password = "<%= operpass %>";
/* encrypted: specifies whether the above password has been
* encrypted or not. default: yes
*/
encrypted = no;
/* flags: specifies what general privs an oper has
* admin - services admin, .die etc
* dcc - ability to dcc
* route - ability to route services to uplinks
*/
flags = admin, dcc, route;
/* userserv flags:
* admin - all of the below
* register - access to register any username
* suspend - access to (un)suspend users
* drop - access to drop usernames
* setpass - access to reset passwords on accounts
* setemail - access to reset email addresses on accounts
* oper - all of the below
* list - access to list registered users
* info - access to extended username info
*/
userserv = admin;
/* chanserv flags:
* admin - all of the below
* register - access to register any channel to any user
* suspend - access to (un)suspend channels
* drop - access to drop channel registrations
* oper - all of the below
* list - access to list registered chans
* info - access to extended channel info
*/
chanserv = admin;
/* nickserv flags:
* drop - access to drop nickname registrations
*/
nickserv = drop;
/* operserv flags:
* maintain - access to OPERSERV::DIE OPERSERV::REHASH and
* OPERSERV::DBSYNC
* ignore - control over services ignore list
* admin - all of the below
* channel - access to control the channels operserv is in
* takeover - access to OPERSERV::TAKEOVER
* osmode - access to OPERSERV::OSMODE
*/
operserv = admin;
/* operbot flags:
* channel - access to control the channels operbot is in
*/
operbot = channel;
/* global flags:
* netmsg - access to GLOBAL::NETMSG
* welcome - ability to modify welcome messages sent when a
* user connects to irc
*/
global = netmsg, welcome;
/* jupeserv flags:
* jupe - access to (un)jupe
*/
jupeserv = jupe;
/* banserv flags:
* kline - access to set klines
* xline - access to set xlines
* resv - access to set resvs
* perm - access to set permanent bans
* remove - access to remove other opers bans
* sync - access to sync bans to a given server Opers
* can always sync bans to their own server.
* regexp - access to set regular expression matches
* against connecting clients
* nomax - client is exempt from any limits on maximum
* matches to a ban
*/
banserv = kline, xline, resv, perm, remove, regexp, sync;
};
/* userserv - provides facilities to users for the registration of
* usernames. Required for channel registration.
*/
service "userserv" {
/* nick: specify the nick of the service */
nick = "USERSERV";
/* username: specify the username of the service */
username = "user";
/* host: specify the host of the service */
host = "services.int";
/* realname: the real name field of the service */
realname = "user registration service";
/* flags: specifies options for this service
* opered - this service is opered
* msg_self - messages from this service come from its nickname,
* rather than our servername
* disabled - this service is disabled
* short_help - send an simple list of commands, rather than an
* index containing brief documentation of each command
* stealth - service ignores any messages from normal users
* who havent issued OLOGIN. OLOGIN itself will
* always be accepted. ircops are exempt.
* login_help - requires normal users are logged in before HELP
* can be used
* wallop_adm - send server wallops when admin commands are used
* jupeserv sends wallops even without this
* require_shortcut - require commands to this service are sent
* using the command shortcuts (eg /chanserv)
*/
flags = opered, msg_self;
/* loglevel: level to log at, 0 to disable logging
* 1 - Admin commands
* 2 - REGISTER
* 3 - SET, RESETPASS
* 4 -
* 5 - LOGIN
*/
loglevel = 5;
/* disable register: disables USERSERV::REGISTER for users */
#disable_register = yes;
/* register url: optional url to point users towards when
* disable_register is set above.
*/
#register_url = "http://whatever/";
/* register limits: amount of user registrations to allow overall
* from all clients, in the given time
*/
register_time = 1 minute;
register_amount = 5;
/* host register limits: amount of user registrations to allow from
* a specific host, in the given time
*/
host_register_time = 1 day;
host_register_amount = 2;
/* register email: require an email address to register a username */
register_email = no;
/* register verify: ignore the password the user supplies when
* registering a username and email them a password instead.
*/
register_verify = no;
/* expire times: these durations control how long usernames can be
* unused before they are expired. Settings are for normal
* usernames, suspended usernames and unverified usernames.
*/
expire_time = 4 weeks;
expire_suspended_time = 4 weeks;
expire_unverified_time = 1 day;
/* expiry bonuses: these allow you to grant extra expiry bonuses to
* usernames that have been registered for a given length of time,
* extending the length of time they can be unused before expiry.
*/
/* expire bonus regtime: start granting expiry bonuses once a
* username has been registered for this length of time
*/
expire_bonus_regtime = 2 months;
/* expire bonus: grant an expiry bonus of a given duration, for
* every length of time a username has been registered, upto a
* maximum bonus of a given limit.
*/
expire_bonus = 1 day;
expire_bonus_per_time = 2 weeks;
expire_bonus_max = 4 weeks;
/* allow set password: allow users to change their password */
allow_set_password = yes;
/* allow resetpass: allow users to request a reset of their
* password. They will be sent an email containing a token, which
* they must then use to confirm the password reset.
*/
allow_resetpass = no;
/* allow resetemail: allow users to request a reset of their
* email. This happens by two steps. They will be sent an email
* to their current email containing a token, which they must
* then use to confirm the email reset. Another mail is then
* sent to the new address to verify it's validity.
*/
allow_resetemail = no;
/* resetpass_duration: the duration a USERSERV::RESETPASS request is
* kept around whilst waiting for confirmation. Note: users can
* only have one request pending for confirmation.
*/
resetpass_duration = 1 day;
/* resetemail_duration: the duration a USERSERV::RESETEMAIL request is
* kept around whilst waiting for confirmation. Note: users can
* only have one request pending for confirmation.
*/
resetemail_duration = 1 day;
/* reset regtime duration: duration a username must be registered for
* before they can use resetpass/resetemail commands on it
*/
reset_regtime_duration = 2 weeks;
/* allow set email: allow users to change their email addy */
allow_set_email = yes;
/* max logins: maximum amount of clients who may be logged into a
* single username
*/
max_logins = 5;
/* show suspend reasons: show suspend reasons to users (but not the
* admin who suspended the channel)
*/
show_suspend_reasons = no;
};
/* chanserv - provides facilities for the registration of channels. */
service "chanserv" {
nick = "CHANSERV";
username = "chan";
host = "services.int";
realname = "channel registration service";
flags = opered, login_help;
/* loglevel: level to log at, 0 to disable logging
* 1 - Admin commands
* 2 - REGISTER
* 3 - LISTUSERS, DELOWNER
* 4 - CLEARMODES, CLEAROPS, CLEARALLOPS, CLEARBANS
* 5 - ADDUSER, DELUSER, MODUSER
* 6 - Everything.
*/
loglevel = 3;
/* disable register: disables CHANSERV::REGISTER for users */
#disable_register = yes;
/* register limits: amount of user registrations to allow overall
* from all clients, in the given time
*/
register_time = 1 minute;
register_amount = 5;
/* host register limits: amount of user registrations to allow from
* a specific host, in the given time
*/
host_register_time = 1 day;
host_register_amount = 4;
/* expire times: these durations control how long channels can be
* unused before they are expired. Settings are for normal
* channels and suspended channels
*/
expire_time = 4 weeks;
expire_suspended_time = 4 weeks;
/* max bans: maximum amount of bans a channel may have */
max_bans = 50;
/* expireban frequency: how often to run the expiry of channel
* bans. It is advised this is not set lower than 5 minutes, as the
* expiry code is quite cpu intensive. This value is also only
* used on startup and is not changed on rehash.
*/
expireban_frequency = 15 minutes;
/* enforcetopic frequency: how often to reset topics on channels to
* that stored within chanserv.
*/
enforcetopic_frequency = 1 hour;
/* autojoin empty: honour autojoin flags for empty channels. With
* this off (as is default) chanserv will instead automatically
* remove itself from channels where its the only member, except when
* it needs to enforce bans etc.
*
* Enabling this can lead to lots of channels where chanserv is the
* only person in there.
*/
autojoin_empty = no;
/* email delowner: require users removing themselves as owner of a
* channel to confirm the action using a token sent through email
*/
email_delowner = no;
/* delowner duration: if email_delowner is enabled, the duration the
* tokens last.
*/
delowner_duration = 1 day;
/* show suspend reasons: show suspend reasons to users (but not the
* admin who suspended the channel)
*/
show_suspend_reasons = no;
};
/* nickserv - provides nickname registration. These require a username
* registration.
*/
service "nickserv" {
nick = "NICKSERV";
username = "nick";
host = "services.int";
realname = "nickname services";
/* disabled by default */
flags = opered, msg_self, disabled;
/* loglevel: level to log at, 0 to disable logging
* 1 - Admin commands
* 2 - REGISTER
* 3 - DROP
* 4 -
* 5 - INFO
*/
loglevel = 3;
/* max nicks: maximum nicknames a user may register */
max_nicks = 2;
/* allow set warn: enable NICKSERV::SET::WARN, which allows users to
* set nickname warnings on their nicknames, simple notices which
* tell users the nickname is registered.
*/
allow_set_warn = yes;
/* warn string: string give to clients when they use a registered
* nickname.
*/
warn_string = "This nickname is registered, you may be disconnected if a user regains this nickname.";
};
/* operserv - provides facilities for issuing modes and takeovers */
service "operserv" {
nick = "OPERSERV";
username = "oper";
host = "services.int";
realname = "oper services";
flags = opered, msg_self, stealth, wallop_adm;
/* loglevel: level to log at, 0 to disable logging
* 1 - Admin commands
* 2 - DBSYNC, LISTOPERS
*/
loglevel = 1;
/* allow die: allow OPERSERV::DIE over irc */
allow_die = yes;
};
/* jupeserv - provides opers and admins the ability to jupe servers
* preventing them from connecting to the network.
*/
service "jupeserv" {
nick = "JUPESERV";
username = "jupe";
host = "services.int";
realname = "server jupe service";
flags = opered, msg_self, stealth;
/* loglevel: level to log at, 0 to disable logging
* 1 - Admin commands
* 2 - CALLJUPE/CALLUNJUPE
* 3 - PENDING
*/
loglevel = 2;
/* merge into operserv: merge all of this services commands into the
* operserv service. This option is only used when ratbox-services
* starts.
*
* Note: If this service is merged into operserv, it will follow the
* service flags and loglevel from operserv.
*/
merge_into_operserv = no;
/* oper jupe options. The following options control jupes/unjupes
* which can be initiated by any oper, without needing special
* services access.
*/
/* oper score: the score an oper contributes towards a jupe/unjupe.
* Set to 0 to disallow regular opers calling jupes/unjupes.
*/
oper_score = 3;
/* jupe score: the score needed to trigger a jupe.
* Set to 0 to disallow regular opers calling jupes.
*/
jupe_score = 15;
/* unjupe score: the score needed to trigger an unjupe.
* Set to 0 to disallow regular opers calling unjupes.
*/
unjupe_score = 15;
/* pending time: how long pending jupes/unjupes last whilst
* untriggered.
*/
pending_time = 30 minutes;
};
/* operbot - a bot which will invite/op ircops in the set channels. Useful
* for oper only channels etc.
*/
service "operbot" {
nick = "operbot";
username = "operbot";
host = "services.int";
realname = "oper op/invite services";
flags = opered, msg_self, stealth;
/* loglevel: level to log at, 0 to disable logging
* 1 - Admin commands
*/
loglevel = 1;
};
/* alis - a list service that lets users list channels according to more
* specific criteria than an ircd allows.
*/
service "alis" {
nick = "alis";
username = "alis";
host = "services.int";
realname = "Advanced List Service - /msg alis help";
flags = msg_self;
/* loglevel:
* 1 - LIST
*/
loglevel = 1;
/* max matches: maximum number of channels to output from LIST */
max_matches = 60;
};
/* global - the global messaging service. Allows messages to be sent
* to all users on the network.
*/
service "global" {
nick = "GLOBAL";
username = "global";
host = "services.int";
realname = "Network Message Service";
/* this service *MUST* be opered. */
flags = opered, msg_self, stealth;
/* loglevel: level to log at, 0 to disable logging
* 1 - Admin commands
*/
loglevel = 1;
};
/* banserv - the ban service. Allows bans (klines/xlines/resvs) to be
* sent to all servers. These bans can only be set on ircd-ratbox servers
* running version 1.5 and above.
*/
service "banserv" {
nick = "BANSERV";
username = "banserv";
host = "services.int";
realname = "Ban Service";
flags = opered, msg_self, stealth;
/* loglevel: level to log at, 0 to disable logging
* 1 - Admin commands
* 2 - LISTWELCOME
*/
loglevel = 1;
/* merge into operserv: merge all of this services commands into the
* operserv service. This option is only used when ratbox-services
* starts.
*
* Note: If this service is merged into operserv, it will follow the
* service flags and loglevel from operserv.
*/
merge_into_operserv = no;
/* unban time: duration unklines etc are kept around in the
* database to be synced with servers.
*/
unban_time = 2 weeks;
/* regexp time: when issuing klines for users who match regexps, how
* long to make the kline last
*/
regexp_time = 1 day;
/* max kline matches: maximum number of users a kline can match. Set to
* 0 to disable.
*/
max_kline_matches = 200;
/* max xline matches: maximum number of users an xline can match. Set to
* 0 to disable.
*/
max_xline_matches = 200;
/* max regexp matches: maximum number of users a regular expression can
* match. regexps that match more than this amount of users will be
* rejected. Set to 0 to disable.
*/
max_regexp_matches = 200;
/* temp workaround: work around short time limits for temporary
* bans, by issuing an unban for it first then reissuing the ban.
* ratbox-2.0.8 and below, and ratbox-2.1.2 and below have a maximum
* temp time of 4 weeks, which can cause some bans to expire even
* when banserv expects them to still be set.
*
* The only way for banserv to extend the expiry on these servers is
* to issue an unban first. The temp workaround does this for all
* temporary bans.
*/
temp_workaround = no;
/* autosync frequency: how often to automatically sync bans to
* all servers. Set to 0 to disable.
*/
autosync_frequency = 2 weeks;
};
/* watchserv - the service for watching commands issued to services. */
service "watchserv" {
nick = "WATCHSERV";
username = "watchserv";
host = "services.int";
realname = "Command Watching Service";
flags = msg_self, stealth;
/* loglevel: level to log at, 0 to disable logging
* 1 - Admin commands
*/
loglevel = 1;
/* merge into operserv: merge all of this services commands into the
* operserv service. This option is only used when ratbox-services
* starts.
*
* Note: If this service is merged into operserv, it will follow the
* service flags and loglevel from operserv.
*/
merge_into_operserv = no;
};
/* memoserv - the service for sending memos */
service "memoserv" {
nick = "MEMOSERV";
username = "memoserv";
host = "services.int";
realname = "Memo Service";
flags = msg_self;
/* loglevel: level to log at, 0 to disable logging
*
* 2 - SEND
* 3 - LIST, READ, DELETE
*/
loglevel = 0;
/* max memos: maximum number of memos a user may have. */
max_memos = 50;
/* memo regtime duration: duration a username must be registered for
* before they can send memos
*/
memo_regtime_duration = 1 week;
};

102
irc/templates/ratbox-services.init.erb Executable file
View file

@ -0,0 +1,102 @@
#! /bin/sh
# ratbox-services-pgsql Start/stop the ratbox services.
# This file is based on debian's ircd-hybrid init script
# Version: ircd-hybrid 7.0rc9-1 03-Mar-2003 joshk@triplehelix.org
# Version: ircd-hybrid 7.2.2-2 10-Sep-2006 ag@roxor.cx
# Version: ratbox-services 2.2.6-1 21-Aug-2007 acornet@debian.org
# Version: ratbox-services 1.1.2-1 28-Aug-2007 acornet@debian.org
### BEGIN INIT INFO
# Provides: ratbox-services
# Should-Start: $named
# Should-Stop: $named
# Required-Start: $local_fs $remote_fs $network
# Required-Stop: $local_fs $remote_fs
# Default-Start: 2 3 4 5
# Default-Stop: 0 1 6
# Short-Description: ratbox-services daemon init.d script
# Description: Control ratbox-services IRC services
### END INIT INFO
PATH=/sbin:/bin:/usr/sbin:/usr/bin
DAEMON=/usr/sbin/ratbox-services
DEFAULT=/etc/default/ratbox-services
NAME="ratbox-services-<%= name %>"
DESC="ratbox IRC Services"
BASEDIR="/var/lib/ratbox-services/<%= name %>"
UID=$(id -u irc)
GID=$(id -g irc)
ENABLED=1
test -f $DAEMON || exit 0
if [ -e $DEFAULT ]; then
. $DEFAULT
fi
test "$ENABLED" != "0" || exit 0
[ -f /etc/default/rcS ] && . /etc/default/rcS
. /lib/lsb/init-functions
set -e
ratbox_start()
{
if [ ! -d $BASEDIR/var/run/ratbox-services ] ; then
mkdir -p $BASEDIR/var/run/ratbox-services
chown irc:irc $BASEDIR/var/run/ratbox-services
fi
start-stop-daemon --start --quiet \
--pidfile $BASEDIR/var/run/ratbox-services/ratbox-services.pid \
--exec $DAEMON -- \
-g $GID -u $UID -r $BASEDIR > /dev/null \
|| return 2
return 0
}
ratbox_stop()
{
start-stop-daemon --oknodo --stop --quiet \
--pidfile $BASEDIR/var/run/ratbox-services/ratbox-services.pid \
--signal 15 --exec $DAEMON -- \
|| return 2
return 0
}
case "$1" in
start)
log_daemon_msg "Starting ratbox-services" "ratbox-services"
ratbox_start
case "$?" in
0) log_end_msg 0 ;;
1|2) log_end_msg 1 ;;
esac
;;
stop)
log_daemon_msg "Stopping $NAME" "$NAME"
ratbox_stop
case "$?" in
0|1) log_end_msg 0 ;;
2) log_end_msg 1 ;;
esac
;;
restart|force-reload|reload)
log_daemon_msg "Restarting $NAME" "$NAME"
ratbox_stop
ratbox_start
case "$?" in
0) log_end_msg 0 ;;
1|2) log_end_msg 1 ;;
esac
;;
*)
echo "Usage: $0 {start|stop|restart|reload|force-reload}" >&2
exit 1
;;
esac
exit 0