/* Configuration file for UnrealIRCd 6 * * Simply copy this file to your conf/ directory, call it * 'unrealircd.conf' and walk through it line by line (edit it!) * * Important: All lines, except { and } end with an ; * This is very important, if you miss a ; somewhere then the * configuration file parser will complain and the file will not * be processed correctly! * If this is your first experience with an UnrealIRCd configuration * file then we really recommend you to read a little about the syntax, * this only takes a few minutes and will help you a lot: * https://www.unrealircd.org/docs/Configuration#Configuration_file_syntax * * UnrealIRCd 6 documentation (very extensive!): * https://www.unrealircd.org/docs/UnrealIRCd_6_documentation * * Frequently Asked Questions: * https://www.unrealircd.org/docs/FAQ * */ /* This is a comment, all text here is ignored (comment type #1) */ // This is also a comment, this line is ignored (comment type #2) # This is also a comment, again this line is ignored (comment type #3) /* UnrealIRCd makes heavy use of modules. Modules allow you to completely * customize the featureset you wish to enable in UnrealIRCd. * See: https://www.unrealircd.org/docs/Modules * * By using the include below we instruct the IRCd to read the file * 'modules.default.conf' which will load more than 150 modules * shipped with UnrealIRCd. In other words: this will simply load * all the available features in UnrealIRCd. * If you are setting up UnrealIRCd for the first time we suggest you * use this. Then, when everything is up and running you can come * back later to customize the list (if you wish). */ include "modules.default.conf"; /* Now let's include some other files as well: * - help/help.conf for our on-IRC /HELPOP system * - badwords.conf for channel and user mode +G * - spamfilter.conf as an example for spamfilter usage * (commented out) * - operclass.default.conf contains some good operclasses which * you can use in your oper blocks. */ include "help/help.conf"; include "badwords.conf"; //include "spamfilter.conf"; include "operclass.default.conf"; include "snomasks.default.conf"; /* Load the default cloaking module (2021 onwards): */ loadmodule "cloak_sha256"; /* Or load the old module from UnrealIRCd 3.2/4/5 instead: */ //loadmodule "cloak_md5"; loadmodule "websocket"; loadmodule "webserver"; /* This is the me { } block which basically says who we are. * It defines our server name, some information line and an unique "sid". * The server id (sid) must start with a digit followed by two digits or * letters. The sid must be unique for your IRC network (each server should * have it's own sid). */ me { name "notice.lol"; info "Be yourself; everyone else is already taken.🤍"; sid "001"; } /* The admin { } block defines what users will see if they type /ADMIN. * It normally contains information on how to contact the administrator. */ admin { "Rain"; "Rain"; "Rain@notice.lol"; } /* Clients and servers are put in class { } blocks, we define them here. * Class blocks consist of the following items: * - pingfreq: how often to ping a user / server (in seconds) * - connfreq: how often we try to connect to this server (in seconds) * - sendq: the maximum queue size for a connection * - recvq: maximum receive queue from a connection (flood control) */ /* Client class with good defaults */ class clients { pingfreq 90; maxclients 1000; sendq 200k; recvq 8000; } /* Special class for IRCOps with higher limits */ class opers { pingfreq 90; maxclients 50; sendq 1M; recvq 8000; } /* Server class with good defaults */ class servers { pingfreq 60; connfreq 15; /* try to connect every 15 seconds */ maxclients 10; /* max servers */ sendq 20M; } /* Allow blocks define which clients may connect to this server. * This allows you to add a server password or restrict the server to * specific IP's only. You also configure the maximum connections * allowed per IP here. * See also: https://www.unrealircd.org/docs/Allow_block */ /* Allow everyone in, but only 3 connections per IP */ allow { mask *; class clients; maxperip 3; } /* Example of a special allow block on a specific IP: * Requires users on that IP to connect with a password. If the password * is correct then it permits 20 connections on that IP. */ allow { mask 57.129.16.149; class clients; password "at"; maxperip 250; } /* Oper blocks define your IRC Operators. * IRC Operators are people who have "extra rights" compared to others, * for example they may /KILL other people, initiate server linking, * /JOIN channels even though they are banned, etc. * * For more information about becoming an IRCOp and how to do admin * tasks, see: https://www.unrealircd.org/docs/IRCOp_guide * * For details regarding the oper { } block itself, see * https://www.unrealircd.org/docs/Oper_block */ /* Here is an example oper block for 'bobsmith' * You MUST change this!! */ oper Rain { class opers; mask *@*; /* Technically you can put oper passwords in plaintext in the conf but * this is HIGHLY DISCOURAGED. Instead you should generate a password hash: * On *NIX, run: ./unrealircd mkpasswd * On Windows, run: "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" mkpasswd * .. and then paste the result below: */ password "$argon2id$v=19$m=6144,t=2,p=2$E4+GfTEyCI5WMewAYf+UtA$tQXqHrRa8uIxrD2ul8FfgrS64aZmO+o5eR/4a3x+OkI"; /* See https://www.unrealircd.org/docs/Authentication_types for * more information, including even better authentication types * such as 'certfp', and how to generate hashes on Windows. */ /* Oper permissions are defined in an 'operclass' block. * See https://www.unrealircd.org/docs/Operclass_block * UnrealIRCd ships with a number of default blocks, see * the article for a full list. We choose 'netadmin' here. */ operclass netadmin-with-override; swhois "is a Network Administrator"; vhost psycho.net; } /* Listen blocks define the ports where the server should listen on. * In other words: the ports that clients and servers may use to * connect to this server. * * Syntax: * listen { * { * ip ; * port ; * options { * ; * } * } */ listen { ip *; port 8000; options { tls; websocket { type text; } // type must be either 'text' or 'binary' }; tls-options { certificate "/etc/letsencrypt/live/notice.lol/fullchain.pem"; key "/etc/letsencrypt/live/notice.lol/privkey.pem"; options { no-client-certificate; }; }; }; loadmodule "webserver"; /* Standard IRC port 6667 */ listen { ip *; port 6667; } /* Standard IRC SSL/TLS port 6697 */ listen { ip *; port 6697; options { tls; } } /* Special SSL/TLS servers-only port for linking */ listen { ip *; port 6900; options { tls; serversonly; } } /* Standard IRC SSL/TLS port 6697 */ listen { ip *; port 6697; options { tls; }; tls-options { certificate "/etc/letsencrypt/live/notice.lol/fullchain.pem"; key "/etc/letsencrypt/live/notice.lol/privkey.pem"; }; }; /* NOTE: If you are on an IRCd shell with multiple IP's and you use * the above listen { } blocks then you will likely get an * 'Address already in use' error and the ircd won't start. * This means you MUST bind to a specific IP instead of '*' like: * listen { ip 1.2.3.4; port 6667; } * Of course, replace the IP with the IP that was assigned to you. */ /* * Link blocks allow you to link multiple servers together to form a network. * See https://www.unrealircd.org/docs/Tutorial:_Linking_servers */ link hub.psycho.net { incoming { mask *@something; } outgoing { bind-ip *; /* or explicitly an IP */ hostname hub.example.org; port 6900; options { tls; } } /* We use the SPKI fingerprint of the other server for authentication. * Open a shell on the OTHER SERVER and run the command to get the fingerprint: * On *NIX, run: ./unrealircd spkifp * On Windows, run: "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" spkifp */ password "cn0z2tgBxwwfp9HXNiYOtGS95BNf7hb/dS/v42i5dH0=" { spkifp; } class servers; } /* The link block for services is usually much simpler. * For more information about what Services are, * see https://www.unrealircd.org/docs/Services */ link services.psycho.net { incoming { mask 127.0.0.1; } password "at"; class servers; } /* U-lines give other servers (even) more power/commands. * If you use services you MUST add them here. You must add the * services server name in ulines { } in the config file on * every UnrealIRCd server on your network. * IMPORTANT: Never put the name of an UnrealIRCd server here, * it's only for Services! */ ulines { services.psycho.net; } /* Here you can add a password for the IRCOp-only /DIE and /RESTART commands. * This is mainly meant to provide a little protection against accidental * restarts and server kills. */ drpass { restart "restart"; die "die"; } /* The log block defines what should be logged and to what file. * See also https://www.unrealircd.org/docs/Log_block */ /* This is a good default, it logs everything except * debug stuff and join/part/kick. */ log { source { all; !debug; !join.LOCAL_CLIENT_JOIN; !join.REMOTE_CLIENT_JOIN; !part.LOCAL_CLIENT_PART; !part.REMOTE_CLIENT_PART; !kick.LOCAL_CLIENT_KICK; !kick.REMOTE_CLIENT_KICK; } destination { file "ircd.log" { maxsize 100M; } } } /* With "aliases" you can create an alias like /SOMETHING to send a message to * some user or bot. They are usually used for services. * * We have a number of pre-set alias files, check out the alias/ directory. * As an example, here we include all aliases used for anope services. */ include "aliases/anope.conf"; /* Ban nick names so they cannot be used by regular users */ ban nick { mask "*C*h*a*n*S*e*r*v*"; reason "Reserved for Services"; } /* Ban ip. * Note that you normally use /KLINE, /GLINE and /ZLINE for this. */ ban ip { mask 195.86.232.81; reason "Hate you"; } /* Ban server - if we see this server linked to someone then we delink */ ban server { mask eris.berkeley.edu; reason "Get out of here."; } /* Ban user - just as an example, you normally use /KLINE or /GLINE for this */ ban user { mask *tirc@*.saturn.bbn.com; reason "Idiot"; } /* Ban realname allows you to ban clients based on their 'real name' * or 'gecos' field. */ ban realname { mask "Swat Team"; reason "mIRKFORCE"; } ban realname { mask "sub7server"; reason "sub7"; } /* Ban and TKL exceptions. Allows you to exempt users / machines from * KLINE, GLINE, etc. * If you are an IRCOp with a static IP (and no untrusted persons on that IP) * then we suggest you add yourself here. That way you can always get in * even if you accidentally place a *LINE ban on yourself. */ /* except ban with type 'all' protects you from GLINE, GZLINE, QLINE, SHUN */ except ban { mask *@192.0.2.1; type all; } /* This allows IRCCloud connections in without maxperip restrictions * and also exempt them from connect-flood throttling. */ except ban { mask *.irccloud.com; type { maxperip; connect-flood; } } /* With deny dcc blocks you can ban filenames for DCC */ deny dcc { filename "*sub7*"; reason "Possible Sub7 Virus"; } /* deny channel allows you to ban a channel (mask) entirely */ deny channel { channel "*warez*"; reason "Warez is illegal"; class "clients"; } /* VHosts (Virtual Hosts) allow users to acquire a different host. * See https://www.unrealircd.org/docs/Vhost_block */ /* Example vhost which you can use. On IRC type: /VHOST test test * NOTE: only people with an 'unrealircd.com' host may use it so * be sure to change the vhost::mask before you test. */ vhost { vhost i.hate.microsefrs.com; mask *@unrealircd.com; login "test"; password "test"; } /* Blacklist blocks will query an external DNS Blacklist service * whenever a user connects, to see if the IP address is known * to cause drone attacks, is a known hacked machine, etc. * Documentation: https://www.unrealircd.org/docs/Blacklist_block * Or just have a look at the blocks below. */ /* DroneBL, probably the most popular blacklist used by IRC Servers. * See https://dronebl.org/ for their documentation and the * meaning of the reply types. At time of writing we use types: * 3: IRC Drone, 5: Bottler, 6: Unknown spambot or drone, * 7: DDoS Drone, 8: SOCKS Proxy, 9: HTTP Proxy, 10: ProxyChain, * 11: Web Page Proxy, 12: Open DNS Resolver, 13: Brute force attackers, * 14: Open Wingate Proxy, 15: Compromised router / gateway, * 16: Autorooting worms. */ blacklist dronebl { dns { name dnsbl.dronebl.org; type record; reply { 3; 5; 6; 7; 8; 9; 10; 11; 12; 13; 14; 15; 16; } } action gline; ban-time 24h; reason "Proxy/Drone detected. Check https://dronebl.org/lookup?ip=$ip for details."; } /* EFnetRBL, see https://rbl.efnetrbl.org/ for documentation * and the meaning of the reply types. * At time of writing: 1 is open proxy, 4 is TOR, 5 is drones/flooding. * * NOTE: If you want to permit TOR proxies on your server, then * you need to remove the '4;' below in the reply section. */ blacklist efnetrbl { dns { name rbl.efnetrbl.org; type record; reply { 1; 4; 5; } } action gline; ban-time 24h; reason "Proxy/Drone/TOR detected. Check https://rbl.efnetrbl.org/?i=$ip for details."; } /* You can include other configuration files */ /* include "klines.conf"; */ /* Network configuration */ set { network-name "Poison"; default-server "notice.lol"; services-server "services.psycho.net"; stats-server "stats.psycho.net"; help-channel "#services"; cloak-prefix "Poison"; prefix-quit "Quit"; /* Cloak keys should be the same at all servers on the network. * They are used for generating masked hosts and should be kept secret. * The keys should be 3 random strings of 80 characters each (or more). * and must consist of lowcase (a-z), upcase (A-Z) and digits (0-9). * On *NIX, you can run './unrealircd gencloak' in your shell to let * UnrealIRCd generate 3 random strings for you. * On Windows, you can run "C:\Program Files\UnrealIRCd 6\bin\unrealircdctl" gencloak */ cloak-keys { "43JXddo20jEX1e6gN2nWh7d216G1aBSd5oj1o7CBkfH388Dx32EiD4kY1BxF0FB5a7BB7GMxkaQgRmbm"; "Qpi33tLw52qL16725T1f7eTMy8g5buu2W2X52cFQ121iWRo3Jo6xP30nbyY7y4qmdq0sd3M0cFYvCaDP"; "Js33XrC7DmAxeVfxYnjyrCOQ7QnFj125Mtd5D4823tGjdq5b1M5VlOIWp32u1478084YR08N4iSyT40D"; } } /* Server specific configuration */ set { kline-address 'Rain@live.com'; /* e-mail or URL shown when a user is banned */ modes-on-connect "+ixw"; /* when users connect, they will get these user modes */ modes-on-oper "+xws"; /* when someone becomes IRCOp they'll get these modes */ modes-on-join "+nt"; /* default channel modes when a new channel is created */ oper-auto-join "#services"; /* IRCOps are auto-joined to this channel */ options { hide-ulines; /* hide U-lines in /MAP and /LINKS */ show-connect-info; /* show "looking up your hostname" messages on connect */ } maxchannelsperuser 10; /* maximum number of channels a user may /JOIN */ /* The minimum time a user must be connected before being allowed to * use a QUIT message. This will hopefully help stop spam. */ anti-spam-quit-message-time 10s; /* Or simply set a static quit, meaning any /QUIT reason is ignored */ /* static-quit "Client quit"; */ /* static-part does the same for /PART */ /* static-part yes; */ /* Flood protection: * There are lots of settings for this and most have good defaults. * See https://www.unrealircd.org/docs/Set_block#set::anti-flood */ anti-flood { } /* Settings for spam filter */ spamfilter { ban-time 1d; /* default duration of a *LINE ban set by spamfilter */ ban-reason "Spam/Advertising"; /* default reason */ virus-help-channel "#help"; /* channel to use for 'viruschan' action */ /* except "#help"; channel to exempt from Spamfilter */ } /* Restrict certain commands. * See https://www.unrealircd.org/docs/Set_block#set::restrict-commands */ restrict-commands { list { except { connect-time 60; /* after 60 seconds you can use LIST */ identified yes; /* or immediately, if you are identified to services */ reputation-score 24; /* or if you have a reputation score of 24 or more */ } } invite { except { connect-time 120; identified yes; reputation-score 24; } } /* In addition to the ability to restrict any command, * such as shown above. There are also 4 special types * that you can restrict. These are "private-message", * "private-notice", "channel-message" and "channel-notice". * They are commented out (disabled) in this example: */ //private-message { // except { connect-time 10; } //} //private-notice { // except { connect-time 10; } //} } } /* * The following will configure connection throttling of "unknown users". * * When UnrealIRCd detects a high number of users connecting from IP addresses * that have not been seen before, then connections from new IP's are rejected * above the set rate. For example at 10:60 only 10 users per minute can connect * that have not been seen before. Known IP addresses can always get in, * regardless of the set rate. Same for users who login using SASL. * * See also https://www.unrealircd.org/docs/Connthrottle for details. * Or just keep reading the default configuration settings below: */ set { connthrottle { /* First we configure which users are exempt from the * restrictions. These users are always allowed in! * By default these are users on IP addresses that have * a score of 24 or higher. A score of 24 means that the * IP was connected to this network for at least 2 hours * in the past month (or minimum 1 hour if registered). * We also allow users who are identified to services via * SASL to bypass the restrictions. */ except { reputation-score 24; identified yes; /* for more options, see * https://www.unrealircd.org/docs/Mask_item */ } /* New users are all users that do not belong in the * known-users group. They are considered "new" and in * case of a high number of such new users connecting * they are subject to connection rate limiting. * By default the rate is 20 new local users per minute * and 30 new global users per minute. */ new-users { local-throttle 20:60; global-throttle 30:60; } /* This configures when this module will NOT be active. * The default settings will disable the module when: * - The reputation module has been running for less than * a week. If running less than 1 week then there is * insufficient data to consider who is a "known user". * - The server has just been booted up (first 3 minutes). */ disabled-when { reputation-gathering 1w; start-delay 3m; } } } /* CHANNEL HISTORY: * UnrealIRCd has channel mode +H which can be used by users to read back * channel history, such as from before they joined. For general information * on this feature, see https://www.unrealircd.org/docs/Channel_history * * The history limits can be configured via set::history. The defaults are * probably already good for you, but if you are on a low-memory system * or have thousands of channels then you may want to double check. See * https://www.unrealircd.org/docs/Set_block#set::history for the options. * * In addition to that, you can have "persistent channel history", which * means channel history is stored encrypted on disk so it is preserved * between IRC server restarts, see * https://www.unrealircd.org/docs/Set_block#Persistent_channel_history * The persistent history feature is NOT enabled by default because you * need to configure a secret { } block for it. The following is a simple * example with passwords stored directly in the configuration file. * To get better security, read https://www.unrealircd.org/docs/Secret_block * on alternative ways so you don't store passwords directly in the config. */ //secret historydb { password "at"; } //set { history { channel { persist yes; db-secret "historydb"; } } } /* Finally, you may wish to have a MOTD (Message of the Day), this can be * done by creating an 'ircd.motd' text file in your conf/ directory. * This file will be shown to your users on connect. * For more information see https://www.unrealircd.org/docs/MOTD_and_Rules */ /* * Problems or need more help? * 1) https://www.unrealircd.org/docs/ * 2) https://www.unrealircd.org/docs/FAQ <- answers 80% of your questions! * 3) If you are still having problems then you can get support: * - Forums: https://forums.unrealircd.org/ * - IRC: irc.unrealircd.org (SSL on port 6697) / #unreal-support * Note that we require you to read the documentation and FAQ first! */ ################################################################################ link chat.notice.lol { incoming { mask *; } outgoing { hostname chat.notice.lol; port 6900; options { tls; autoconnect; } } password "L7whqK1U61nO9E/FvP/av7CrGCGzYDx2Qs/Nta8l3UY=" { spkifp; } class servers; } ################################################################################