Initial commit, still needs configuration

This commit is contained in:
Alex 2020-05-24 14:46:47 +02:00
commit a8694d4ad8
Signed by: caskd
GPG Key ID: F92BA85F61F4C173
6 changed files with 724 additions and 0 deletions

1
.gitignore vendored Normal file
View File

@ -0,0 +1 @@
vault/

29
tasks/main.yml Normal file
View File

@ -0,0 +1,29 @@
- name: Include sensitive info
include_vars:
dir: '{{ role_path }}/vault'
tags:
- vault
- inspircd
- name: Copy files
loop:
- { src: 'build.conf', dest: '{{ inspircd.paths.build }}/.configure/cache.cfg', mode: '655' }
- { src: 'inspircd.conf', dest: '{{ inspircd.paths.config }}/conf/inspircd.conf', mode: '600' }
- { src: 'main.motd', dest: '{{ inspircd.paths.config }}/conf/main.motd', mode: '655' }
- { src: 'inspircd.service', dest: '/etc/systemd/system/inspircd.service', mode: '655' }
template:
follow: yes
src: '{{ item.src }}.j2'
dest: '{{ item.dest }}'
mode: '{{ item.mode }}'
notify: Run service actions
tags:
- configs
- vault
- inspircd
- name: Build inspricd
make:
chdir: '{{ inspircd.paths.build }}'
target: 'install'
tags:
- build
- inspircd

19
templates/build.conf.j2 Normal file
View File

@ -0,0 +1,19 @@
BASE_DIR {{ inspircd.paths.config }}/run
SOCKETENGINE epoll
DATA_DIR {{ inspircd.paths.config }}/run/data
HAS_CLOCK_GETTIME 1
VERSION 1
LOG_DIR {{ inspircd.paths.config }}/run/logs
MODULE_DIR {{ inspircd.paths.config }}/run/modules
MANUAL_DIR {{ inspircd.paths.config }}/run/manuals
GROUP nogroup
UID 65534
CXX c++
EXAMPLE_DIR {{ inspircd.paths.config }}/run/conf/examples
GID 65534
BINARY_DIR {{ inspircd.paths.config }}/run/bin
USER nogroup
SCRIPT_DIR {{ inspircd.paths.config }}/run
CONFIG_DIR {{ inspircd.paths.config }}/run/conf
HAS_ARC4RANDOM_BUF
HAS_EVENTFD 1

632
templates/inspircd.conf.j2 Normal file
View File

@ -0,0 +1,632 @@
<config format="xml">
#<include executable="/conf/config.sh" noexec="no">
<module name="override">
#-#-#-#-#-#-#-#-#-#-#-#- SERVER DESCRIPTION -#-#-#-#-#-#-#-#-#-#-#-#-
# #
# Here is where you enter the information about your server. #
# #
<server
name="{{ inspircd.server.name }}"
description="{{ inspircd.server.description }}"
network="{{ inspircd.server.network }}">
#-#-#-#-#-#-#-#-#-#-#-#- ADMIN INFORMATION -#-#-#-#-#-#-#-#-#-#-#-#
# #
# Describes the Server Administrator's real name (optionally), #
# nick, and email address. #
# #
<admin
name="Alex"
nick="caskd"
email="caskd@gmx.de">
{% for binds in inspircd.bind %}
<bind address="{{ binds.address }}" port="{{ binds.port }}" type="{{ binds.type }}"{% if binds.tls %} ssl="gnutls"{% endif %}>
{% endfor %}
#-#-#-#-#-#-#-#-#-#- CONNECTIONS CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#
# #
# This is where you can configure which connections are allowed #
# and denied access onto your server. The password is optional. #
# You may have as many of these as you require. To allow/deny all #
# connections, use a '*' or 0.0.0.0/0. #
# #
# -- It is important to note that connect tags are read from the -- #
# TOP DOWN. This means that you should have more specific deny #
# and allow tags at the top, progressively more general, followed #
# by a <connect allow="*" (should you wish to have one). #
# #
# Connect blocks are searched twice for each user - once when the TCP #
# connection is accepted, and once when the user completes their #
# registration. Most of the information (hostname, ident response, #
# password, SSL when using STARTTLS, etc) is only available during #
# the second search, so if you are trying to make a closed server, #
# you will probably need a connect block just for user registration. #
# This can be done by using <connect registered="no"> #
<connect
# name: Name to use for this connect block. Mainly used for
# connect class inheriting.
name="main"
# allow: What IP addresses/hosts to allow for this block.
allow="*"
# hash: what hash this password is hashed with. requires the module
# for selected hash (m_md5.so, m_sha256.so or m_ripemd160.so) be
# loaded and the password hashing module (m_password_hash.so)
# loaded. Options here are: "md5", "sha256" and "ripemd160".
# Optional, but recommended. Create hashed passwords with:
# /mkpasswd <hash> <password>
#hash="&connecthash;"
# password: Password to use for this block/user(s)
#password="&connectpassword;"
# maxchans: Maximum number of channels a user in this class
# be in at one time. This overrides every other maxchans setting.
#maxchans="30"
# timeout: How long (in seconds) the server will wait before
# disconnecting a user if they do not do anything on connect.
# (Note, this is a client-side thing, if the client does not
# send /nick, /user or /pass)
timeout="10"
# pingfreq: How often (in seconds) the server tries to ping connecting clients.
pingfreq="120"
# hardsendq: maximum amount of data allowed in a client's send queue
# before they are dropped. Keep this value higher than the length of
# your network's /LIST or /WHO output, or you will have lots of
# disconnects from sendq overruns!
# Setting this to "1M" is equivalent to "1048576", "8K" is 8192, etc.
hardsendq="1M"
# softsendq: amount of data in a client's send queue before the server
# begins delaying their commands in order to allow the sendq to drain
softsendq="8192"
# recvq: amount of data allowed in a client's queue before they are dropped.
# Entering "8K" is equivalent to "8192", see above.
recvq="8K"
# threshold: This specifies the amount of command penalty a user is allowed to have
# before being quit or fakelagged due to flood. Normal commands have a penalty of 1,
# ones such as /OPER have penalties up to 10.
#
# If you are not using fakelag, this should be at least 20 to avoid excess flood kills
# from processing some commands.
threshold="10"
# commandrate: This specifies the maximum rate that commands can be processed.
# If commands are sent more rapidly, the user's penalty will increase and they will
# either be fakelagged or killed when they reach the threshold
#
# Units are millicommands per second, so 1000 means one line per second.
commandrate="1000"
# fakelag: Use fakelag instead of killing users for excessive flood
#
# Fake lag stops command processing for a user when a flood is detected rather than
# immediately killing them; their commands are held in the recvq and processed later
# as the user's command penalty drops. Note that if this is enabled, flooders will
# quit with "RecvQ exceeded" rather than "Excess Flood".
fakelag="on"
# localmax: Maximum local connections per IP.
localmax="3"
# globalmax: Maximum global (network-wide) connections per IP.
globalmax="30"
# useident: Defines if users in this class must respond to a ident query or not.
useident="no"
# usednsbl: Defines whether or not users in this class are subject to DNSBL. Default is yes.
# This setting only has effect when m_dnsbl is loaded.
#usednsbl="&usednsbl;"
# limit: How many users are allowed in this class
limit="5000"
# modes: Usermodes that are set on users in this block on connect.
# Enabling this option requires that the m_conn_umodes module be loaded.
# This entry is highly recommended to use for/with IP Cloaking/masking.
# For the example to work, this also requires that the m_cloaking
# module be loaded as well.
modes="+x">
#-#-#-#-#-#-#-#-#-#-#-#- CIDR CONFIGURATION -#-#-#-#-#-#-#-#-#-#-#-
# #
# CIDR configuration allows detection of clones and applying of #
# throttle limits across a CIDR range. (A CIDR range is a group of #
# IPs, for example, the CIDR range 192.168.1.0-192.168.1.255 may be #
# represented as 192.168.1.0/24). This means that abuse across an ISP #
# is detected and curtailed much easier. Here is a good chart that #
# shows how many IPs the different CIDRs correspond to: #
# http://en.wikipedia.org/wiki/CIDR#Prefix_aggregation #
# #
<cidr
# ipv4clone: specifies how many bits of an IP address should be
# looked at for clones. The default only looks for clones on a
# single IP address of a user. You do not want to set this
# extremely low. (Values are 0-32).
ipv4clone="32"
# ipv6clone: specifies how many bits of an IP address should be
# looked at for clones. The default only looks for clones on a
# single IP address of a user. You do not want to set this
# extremely low. (Values are 0-128).
ipv6clone="128">
#-#-#-#-#-#-#-#-#-#- MISCELLANEOUS CONFIGURATION -#-#-#-#-#-#-#-#-#-#
# #
# Files block - contains files whose contents are used by the ircd
#
# motd - displayed on connect and when a user executes /MOTD
# rules - displayed when the user executes /RULES
# Modules can also define their own files
<files motd="main.motd">
#-#-#-#-#-#-#-#-#-#-#-#-#- SERVER OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# Settings to define which features are usable on your server. #
# #
<options
# prefixquit: What (if anything) users' quit messages
# should be prefixed with.
prefixquit="Quit: "
# suffixquit: What (if anything) users' quit messages
# should be suffixed with.
suffixquit=""
# prefixpart: What (if anything) users' part messages
# should be prefixed with.
prefixpart="&quot;"
# NOTE: Use "\"" instead of "&quot;" if not using <config format="xml">
# suffixpart: What (if anything) users' part message
# should be suffixed with.
suffixpart="&quot;"
# fixedquit: Set all users' quit messages to this value.
#fixedquit=""
# fixedpart: Set all users' part messages in all channels
# to this value.
#fixedpart=""
# syntaxhints: If enabled, if a user fails to send the correct parameters
# for a command, the ircd will give back some help text of what
# the correct parameters are.
syntaxhints="no"
# cyclehosts: If enabled, when a user gets a host set, it will cycle
# them in all their channels. If not, it will simply change their host
# without cycling them.
cyclehosts="yes"
# cyclehostsfromuser: If enabled, the source of the mode change for
# cyclehosts will be the user who cycled. This can look nicer, but
# triggers anti-takeover mechanisms of some obsolete bots.
cyclehostsfromuser="no"
# ircumsgprefix: Use undernet-style message prefixing for NOTICE and
# PRIVMSG. If enabled, it will add users' prefix to the line, if not,
# it will just message the user normally.
ircumsgprefix="no"
# announcets: If set to yes, when the timestamp on a channel changes, all users
# in the channel will be sent a NOTICE about it.
announcets="yes"
# allowmismatch: Setting this option to yes will allow servers to link even
# if they don't have the same "optionally common" modules loaded. Setting this to
# yes may introduce some desyncs and unwanted behaviour.
allowmismatch="no"
# defaultbind: Sets the default for <bind> tags without an address. Choices are
# ipv4 or ipv6; if not specified, IPv6 will be used if your system has support,
# falling back to IPv4 otherwise.
defaultbind="auto"
# hostintopic: If enabled, channels will show the host of the topic setter
# in the topic. If set to no, it will only show the nick of the topic setter.
hostintopic="yes"
# pingwarning: If a server does not respond to a ping within x seconds,
# it will send a notice to opers with snomask +l informing that the server
# is about to ping timeout.
pingwarning="15"
# serverpingfreq: How often pings are sent between servers (in seconds).
serverpingfreq="60"
# defaultmodes: What modes are set on a empty channel when a user
# joins it and it is unregistered.
defaultmodes="nt"
# moronbanner: This is the text that is sent to a user when they are
# banned from the server.
moronbanner="You're banned! Email abuse@example.com with the ERROR line below for help."
# exemptchanops: exemptions for channel access restrictions based on prefix.
exemptchanops="nonick:v flood:o"
# invitebypassmodes: This allows /invite to bypass other channel modes.
# (Such as +k, +j, +l, etc.)
invitebypassmodes="yes"
# nosnoticestack: This prevents snotices from 'stacking' and giving you
# the message saying '(last message repeated X times)'. Defaults to no.
nosnoticestack="no"
# welcomenotice: When turned on, this sends a NOTICE to connecting users
# with the text Welcome to <networkname>! after successful registration.
# Defaults to yes.
welcomenotice="yes">
#-#-#-#-#-#-#-#-#-#-#-# PERFORMANCE CONFIGURATION #-#-#-#-#-#-#-#-#-#-#
# #
<performance
# netbuffersize: Size of the buffer used to receive data from clients.
# The ircd may only read this amount of text in 1 go at any time.
netbuffersize="10240"
# somaxconn: The maximum number of connections that may be waiting
# in the accept queue. This is *NOT* the total maximum number of
# connections per server. Some systems may only allow this to be up
# to 5, while others (such as Linux and *BSD) default to 128.
somaxconn="128"
# limitsomaxconn: By default, somaxconn (see above) is limited to a
# safe maximum value in the 2.0 branch for compatibility reasons.
# This setting can be used to disable this limit, forcing InspIRCd
# to use the value specified above.
limitsomaxconn="true"
# softlimit: This optional feature allows a defined softlimit for
# connections. If defined, it sets a soft max connections value.
softlimit="12800"
# quietbursts: When syncing or splitting from a network, a server
# can generate a lot of connect and quit messages to opers with
# +C and +Q snomasks. Setting this to yes squelches those messages,
# which makes it easier for opers, but degrades the functionality of
# bots like BOPM during netsplits.
quietbursts="yes"
# nouserdns: If enabled, no DNS lookups will be performed on
# connecting users. This can save a lot of resources on very busy servers.
nouserdns="no">
#-#-#-#-#-#-#-#-#-#-#-# SECURITY CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#
# #
<security
# announceinvites: This option controls which members of the channel
# receive an announcement when someone is INVITEd. Available values:
# 'none' - don't send invite announcements
# 'all' - send invite announcements to all members
# 'ops' - send invite announcements to ops and higher ranked users
# 'dynamic' - send invite announcements to halfops (if available) and
# higher ranked users. This is the recommended setting.
announceinvites="dynamic"
# hidemodes: If enabled, then the listmodes given will be hidden
# from users below halfop. This is not recommended to be set on +b
# as it may break some functionality in popular clients such as mIRC.
hidemodes="eI"
# hideulines: If this value is set to yes, U-lined servers will
# be hidden from non-opers in /links and /map.
hideulines="no"
# flatlinks: If this value is set to yes, /map and /links will
# be flattened when shown to non-opers.
flatlinks="no"
# hidewhois: When defined, the given text will be used in place
# of the server a user is on when whoised by a non-oper. Most
# networks will want to set this to something like "*.netname.net"
# to conceal the actual server a user is on.
# Note that enabling this will cause users' idle times to only be
# shown when the format /WHOIS <nick> <nick> is used.
hidewhois=""
# hidebans: If this value is set to yes, when a user is banned ([gkz]lined)
# only opers will see the ban message when the user is removed
# from the server.
hidebans="no"
# hidekills: If defined, replaces who set a /kill with a custom string.
hidekills=""
# hidesplits: If enabled, non-opers will not be able to see which
# servers split in a netsplit, they will only be able to see that one
# occurred (If their client has netsplit detection).
hidesplits="no"
# maxtargets: Maximum number of targets per command.
# (Commands like /notice, /privmsg, /kick, etc)
maxtargets="20"
# customversion: Displays a custom string when a user /version's
# the ircd. This may be set for security reasons or vanity reasons.
customversion=""
# operspywhois: show opers (users/auspex) the +s channels a user is in. Values:
# splitmsg Split with an explanatory message
# yes Split with no explanatory message
# no Do not show
operspywhois="no"
# runasuser: If this is set, InspIRCd will attempt to switch
# to run as this user, which allows binding of ports under 1024.
# You should NOT set this unless you are starting as root.
# NOT SUPPORTED/NEEDED UNDER WINDOWS.
#runasuser=""
# runasgroup: If this is set, InspIRCd will attempt to switch
# to run as this group, which allows binding of ports under 1024.
# You should NOT set this unless you are starting as root.
# NOT SUPPORTED/NEEDED UNDER WINDOWS.
#runasgroup=""
# restrictbannedusers: If this is set to yes, InspIRCd will not allow users
# banned on a channel to change nickname or message channels they are
# banned on.
restrictbannedusers="yes"
# genericoper: Setting this value to yes makes all opers on this server
# appear as 'is an IRC operator' in their WHOIS, regardless of their
# oper type, however oper types are still used internally. This only
# affects the display in WHOIS.
genericoper="no"
# userstats: /stats commands that users can run (opers can run all).
userstats="Pu">
#-#-#-#-#-#-#-#-#-#-#-#-# LIMITS CONFIGURATION #-#-#-#-#-#-#-#-#-#-#-#
# #
# This configuration tag defines the maximum sizes of various types #
# on IRC, such as the maximum length of a channel name, and the #
# maximum length of a channel. Note that with the exception of the #
# identmax value all values given here are the exact values you would #
# expect to see on IRC. This contrasts with the older InspIRCd #
# releases where these values would be one character shorter than #
# defined to account for a null terminator on the end of the text. #
# #
# These values should match network-wide otherwise issues will occur. #
# #
# The highest safe value you can set any of these options to is 500, #
# but it is recommended that you keep them somewhat #
# near their defaults (or lower). #
<limits
# maxnick: Maximum length of a nickname.
maxnick="31"
# maxchan: Maximum length of a channel name.
maxchan="64"
# maxmodes: Maximum number of mode changes per line.
maxmodes="20"
# maxident: Maximum length of a ident/username.
maxident="11"
# maxquit: Maximum length of a quit message.
maxquit="255"
# maxtopic: Maximum length of a channel topic.
maxtopic="307"
# maxkick: Maximum length of a kick message.
maxkick="255"
# maxgecos: Maximum length of a GECOS (realname).
maxgecos="128"
# maxaway: Maximum length of an away message.
maxaway="200">
#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#-#
# Logging
# -------
#
# Logging is covered with the <log> tag, which you may use to change
# the behaviour of the logging of the IRCd.
#
# In InspIRCd as of 1.2, logging is pluggable and very extensible.
# Different files can log the same thing, different 'types' of log can
# go to different places, and modules can even extend the log tag
# to do what they want.
#
# An example log tag would be:
# <log method="file" type="OPER" level="default" target="logs/opers.log">
# which would log all information on /oper (failed and successful) to
# a file called opers.log.
#
# There are many different types which may be used, and modules may
# generate their own. A list of useful types:
# - USERS - information relating to user connection and disconnection
# - OPER - succesful and failed oper attempts
# - KILL - kill related messages
# - snomask - server notices (*all* snomasks will be logged)
# - FILTER - messages related to filter matches (m_filter)
# - CONFIG - configuration related messages
# - COMMAND - die and restart messages, and messages related to unknown user types
# - SOCKET - socket engine informational/error messages
# - MODULE - module related messages
# - STARTUP - messages related to starting up the server
#
# You may also log *everything* by using a type of *, and subtract things out
# of that by using -TYPE - for example "* -USERINPUT -USEROUTPUT".
#
# Useful levels are:
# - default (general messages, including errors)
# - sparse (misc error messages)
# - debug (debug messages)
#
# Some types only produce output in the debug level, those are:
# - BANCACHE - ban cache debug messages
# - CHANNELS - information relating to joining/creating channels
# - CULLLIST - debug messages related to issues with removing users
# - RESOLVER - DNS related debug messages
# - CONNECTCLASS - Connection class debug messages
# - USERINPUT
# - USEROUTPUT
#
# The following log tag is highly default and uncustomised. It is recommended you
# sort out your own log tags. This is just here so you get some output.
<log method="file" type="* -USERINPUT -USEROUTPUT" level="default" target="logs/ircd.log">
#-#-#-#-#-#-#-#-#-#-#-#-#- WHOWAS OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# This tag lets you define the behaviour of the /whowas command of #
# your server. #
# #
<whowas
# groupsize: Maximum entries per nick shown when performing
# a /whowas nick.
groupsize="10"
# maxgroups: Maximum number of nickgroups that can be added to
# the list so that /whowas does not use a lot of resources on
# large networks.
maxgroups="100000"
# maxkeep: Maximum time a nick is kept in the whowas list
# before being pruned. Time may be specified in seconds,
# or in the following format: 1y2w3d4h5m6s. Minimum is
# 1 hour.
maxkeep="3d">
#-#-#-#-#-#-#-#-#-#-#-#-#-#- BAN OPTIONS -#-#-#-#-#-#-#-#-#-#-#-#-#-#
# #
# The ban tags define nick masks, host masks and ip ranges which are #
# banned from your server. All details in these tags are local to #
# Your server. #
# #
<badnick nick="ChanServ" reason="Reserved For Services">
<badnick nick="NickServ" reason="Reserved For Services">
<badnick nick="OperServ" reason="Reserved For Services">
<badnick nick="MemoServ" reason="Reserved For Services">
<badnick nick="HostServ" reason="Reserved For Services">
<badnick nick="BotServ" reason="Reserved For Services">
<badnick nick="AuthServ" reason="Reserved For Services">
<badnick nick="UserServ" reason="Reserved For Services">
<badnick nick="Q" reason="Reserved For Services">
<exception host="*@127.0.0.1" reason="localhost">
#<include executable="/conf/opers.sh">
<class name="SACommands" commands="SAJOIN SAPART SANICK SAQUIT SATOPIC SAKICK SAMODE OJOIN">
<class name="ServerLink" commands="CONNECT SQUIT RCONNECT RSQUIT MKPASSWD ALLTIME SWHOIS JUMPSERVER LOCKSERV UNLOCKSERV" usermodes="*" chanmodes="*" privs="servers/auspex">
<class name="BanControl" commands="KILL GLINE KLINE ZLINE QLINE ELINE TLINE RLINE CHECK NICKLOCK NICKUNLOCK SHUN CLONES CBAN CLOSE" usermodes="*" chanmodes="*">
<class name="OperChat" commands="WALLOPS GLOBOPS" usermodes="*" chanmodes="*" privs="users/mass-message">
<class name="HostCloak" commands="SETHOST SETIDENT SETIDLE CHGNAME CHGHOST CHGIDENT" usermodes="*" chanmodes="*" privs="users/auspex">
<type
# name: Name of type. Used in actual server operator accounts below.
# Cannot contain spaces. If you would like a space, use
# the _ character instead and it will translate to a space on whois.
name="NetAdmin"
# classes: Classes (blocks above) that this type belongs to.
classes="SACommands OperChat BanControl HostCloak Shutdown ServerLink"
# vhost: Host opers of this type get when they log in (oper up). This is optional.
#vhost="netadmin&netsuffix;"
# modes: User modes besides +o that are set on an oper of this type
# when they oper up. Used for snomasks and other things.
# Requires that m_opermodes.so be loaded.
modes="+s +cCqQ">
<class
name="Shutdown"
# commands: Oper-only commands that opers of this class can run.
commands="DIE RESTART REHASH LOADMODULE UNLOADMODULE RELOADMODULE GLOADMODULE GUNLOADMODULE GRELOADMODULE"
# privs: Special privileges that users with this class may utilise.
# VIEWING:
# - channels/auspex: allows opers with this priv to see more detail about channels than normal users.
# - users/auspex: allows opers with this priv to view more details about users than normal users, e.g. real host and IP.
# - servers/auspex: allows opers with this priv to see more detail about server information than normal users.
# ACTIONS:
# - users/mass-message: allows opers with this priv to PRIVMSG and NOTICE to a server mask (e.g. NOTICE $*)
# - channels/high-join-limit: allows opers with this priv to join <channels:opers> total channels instead of <channels:users> total channels.
# PERMISSIONS:
# - users/flood/no-fakelag: prevents opers from being penalized with fake lag for flooding (*NOTE)
# - users/flood/no-throttle: allows opers with this priv to send commands without being throttled (*NOTE)
# - users/flood/increased-buffers: allows opers with this priv to send and receive data without worrying about being disconnected for exceeding limits (*NOTE)
#
# *NOTE: These privs are potentially dangerous, as they grant users with them the ability to hammer your server's CPU/RAM as much as they want, essentially.
privs="users/auspex channels/auspex servers/auspex users/mass-message channels/high-join-limit users/flood/no-throttle users/flood/increased-buffers"
# usermodes: Oper-only usermodes that opers with this class can use.
usermodes="*"
# chanmodes: Oper-only channel modes that opers with this class can use.
chanmodes="*">
#<include executable="/conf/links.sh LINK1">
#<include executable="/conf/links.sh LINK2">
#<include executable="/conf/links.sh LINK3">
#<include executable="/conf/services.sh">
<include file="/conf/modules.conf">
#########################################################################
# #
# - InspIRCd Development Team - #
# http://www.inspircd.org #
# #
#########################################################################
## EXTRAS -- REDXEN
<oper
host="caskd@10.*"
name="caskd"
password="{{ vault_inspircd.caskd.password }}"
hash="sha256"
autologin="true"
type="Owner">
<type
name="Owner"
class="FullPerms"
classes="BanControl HostCloak OperChat SACommands ServerLink Shutdown"
vhost="redxen.eu"
override="MODE TOPIC">
<class
name="FullPerms"
commands="WALLOPS GLOBOPS"
privs="users/mass-message"
chanmodes="*"
usermodes="*">
<module name="permchannels">
{% for chans in inspircd.permchannels %}
<permchannels channel="#{{ chans.channel }}"
topic="{{ chans.topic }}"
modes="{{ chans.modes }}"
topicsetby="navi"
topicts="1577889749"
ts="1577889749">
{% endfor %}

View File

@ -0,0 +1,26 @@
[Unit]
Description=Inspire IRC daemon
ExecStart={{ inspircd.paths.config }}/bin/inspircd
Restart=always
DynamicUser=true
ProtectSystem=strict
TemporaryFileSystem=/:ro
BindReadOnlyPaths=/usr /lib /lib64 {{ inspircd.paths.config }}
RootDirectory={{ inspircd.paths.config }}
ProtectSystem=strict
PrivateUsers=true
NoNewPrivileges=yes
ProtectControlGroups=yes
ProtectKernelModules=yes
ProtectKernelTunables=yes
RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6 AF_NETLINK
RestrictNamespaces=yes
RestrictRealtime=yes
RestrictSUIDSGID=yes
MemoryDenyWriteExecute=yes
LockPersonality=yes
PrivateTmp=yes
PrivateDevices=yes
[Install]
WantedBy=multi-user.target

17
templates/main.motd.j2 Normal file
View File

@ -0,0 +1,17 @@
________________________________________________
| _____ ___ __ |
| | __ \ | \ \ / / |
| | |__) |___ __| |\ V / ___ _ __ |
| | _ // _ \/ _` | > < / _ \ '_ \ |
| | | \ \ __/ (_| |/ . \ __/ | | | |
| |_| \_\___|\__,_/_/ \_\___|_| |_| |
| |
| b Welcome to RedXen IRC! * |
| # Enjoy your stay. 1 |
| 0x 0 |
| Want to report something or join us? |
| https://t.me/rxtelegram |
| |
| Server status: https://stats.redxen.eu |
| Join ZeroNet today: https://zeronet.io |
|________________________________________________|