Created
April 6, 2011 16:22
-
-
Save fapestniegd/905966 to your computer and use it in GitHub Desktop.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| <%#---------------------------------------------------------------------------%> | |
| <%# if DNS is tehborken then so is this #-%> | |
| <% require 'resolv' | |
| require 'digest/md5' | |
| members = [] | |
| peers = [] | |
| send_passwd = {} | |
| recv_passwd = {} | |
| irc_hostname = Facter.value( :fqdn ) | |
| # This is just a little secret that should be changed, it helps obfuscate the send/recv passwds a bit | |
| # (it could even be a fact) | |
| secret = 'smeg' | |
| # look up _irc._tcp.yourdomain.com to get our irc server members | |
| domain = Facter.value( :domain ) | |
| srv_res = Resolv::DNS::new('/etc/resolv.conf') | |
| srv_res.each_resource(['_irc._tcp',domain].join('.'), Resolv::DNS::Resource::IN::SRV) do |srv| | |
| Resolv::DNS.new.each_address(srv.target.to_s) do |addr| | |
| members.push(addr.to_s) | |
| if addr.to_s != Facter.value( :ipaddress_eth0_1 ).to_s | |
| peers.push(addr.to_s) | |
| send_passwd[addr.to_s] = Digest::MD5.hexdigest( [secret, addr.to_s, Facter.value( :ipaddress_eth0_1 ) ].join('-') )[0..9] | |
| recv_passwd[addr.to_s] = Digest::MD5.hexdigest( [secret, Facter.value( :ipaddress_eth0_1 ), addr.to_s ].join('-') )[0..9] | |
| else | |
| irc_hostname = srv.target.to_s | |
| end | |
| end | |
| end -%> | |
| <%#---------------------------------------------------------------------------%> | |
| serverinfo { | |
| name="<%= irc_hostname -%>"; | |
| description = "ircd-hybrid 7.2-debian"; | |
| network_name = "<%= domain %> IRC Network"; | |
| network_desc = "just a bunch of people who like beer."; | |
| hub = yes; | |
| vhost = "<%= network_eth0_1 %>"; | |
| #vhost6 = "3ffe:80e8:546::2"; | |
| max_clients = 512; | |
| }; | |
| admin { | |
| name = "ircmaster"; | |
| description = "IRC Administrators"; | |
| email = "<ircmaster@<%= domain -%>>"; | |
| }; | |
| log { | |
| use_logging = yes; | |
| fname_userlog = "logs/userlog"; | |
| fname_operlog = "logs/operlog"; | |
| fname_killlog = "logs/kill"; | |
| fname_klinelog = "logs/kline"; | |
| fname_glinelog = "logs/gline"; | |
| log_level = L_INFO; | |
| }; | |
| class { | |
| name = "users"; | |
| ping_time = 2 minutes; | |
| number_per_ip = 100; | |
| max_number = 100; | |
| sendq = 100 kbytes; | |
| }; | |
| class { | |
| name = "restricted"; | |
| ping_time = 1 minute 30 seconds; | |
| number_per_ip = 1; | |
| max_number = 100; | |
| sendq = 60kb; | |
| }; | |
| class { | |
| name = "opers"; | |
| ping_time = 5 minutes; | |
| number_per_ip = 10; | |
| max_number = 100; | |
| sendq = 100kbytes; | |
| }; | |
| class { | |
| name = "server"; | |
| ping_time = 5 minutes; | |
| connectfreq = 5 minutes; | |
| max_number = 5; | |
| sendq=2 megabytes; | |
| }; | |
| listen { | |
| host = "${selfip}"; | |
| port = 6665 .. 6669; | |
| }; | |
| listen { | |
| host = "127.0.0.1"; | |
| port = 6665 .. 6669; | |
| }; | |
| auth { | |
| user = "*@127.0.0.1"; | |
| <% members.each do |ip| -%> | |
| user = "*@<%= ip -%>"; | |
| <% end -%> | |
| spoof = "irc.websages.com"; | |
| spoof_notice = yes; | |
| exceed_limit = yes; | |
| kline_exempt = yes; | |
| gline_exempt = yes; | |
| no_tilde = yes; | |
| class = "opers"; | |
| }; | |
| auth { | |
| user = "*@*"; | |
| class = "users"; | |
| #restricted = yes; | |
| have_ident = no; | |
| }; | |
| <%# | |
| #################################################################### | |
| # This should probably be generated from ldap or dns | |
| #################################################################### | |
| -%> | |
| operator { | |
| name = "whitejs"; | |
| user = "[email protected]"; | |
| <% members.each do |ip| -%> | |
| user = "whitejs@<%= ip -%>"; | |
| <% end -%> | |
| password = "\$1\$VfAU495x\$z57CXGX2rBxSYfKxuSibk."; | |
| class = "opers"; | |
| global_kill = yes; | |
| remote = yes; | |
| kline = yes; | |
| unkline = yes; | |
| gline = yes; | |
| die = yes; | |
| rehash = yes; | |
| nick_changes = yes; | |
| admin = yes; | |
| }; | |
| <%# | |
| This will depend on what node we're on, create connections for the other nodes | |
| Putting the password algorithm in the erb effectively means we're trusting in | |
| the VPN to keep anyone from spoofing an IP and attaching to our irc nodes. | |
| -%> | |
| <% peers.each do |ip| -%> | |
| connect { | |
| name = "<%= ip -%>; | |
| host = "<%= ip -%>"; | |
| send_password = "<%= send_passwd[ip] -%>"; | |
| accept_password = "<%= recv_passwd[ip] -%>"; | |
| encrypted = no; | |
| port = 6666; | |
| hub_mask = "*"; | |
| class = "server"; | |
| autoconn = yes; | |
| compressed = yes; | |
| }; | |
| shared { | |
| name = "<%= ip -%>"; | |
| user = "root@<%= ip -%>"; | |
| }; | |
| <% end -%> | |
| <%# More stuff common to all servers -%> | |
| resv { | |
| reason = "There are no services on this network"; | |
| nick = "nickserv"; | |
| nick = "chanserv"; | |
| channel = "#services"; | |
| reason = "Clone bots"; | |
| nick = "clone*"; | |
| }; | |
| channel { | |
| use_invex = yes; | |
| use_except = yes; | |
| use_knock = yes; | |
| knock_delay = 5 minutes; | |
| knock_delay_channel = 1 minute; | |
| max_chans_per_user = 15; | |
| quiet_on_ban = yes; | |
| max_bans = 25; | |
| default_split_user_count = 0; | |
| default_split_server_count = 2; | |
| no_create_on_split = no; | |
| no_join_on_split = no; | |
| disable_local_channels = no; | |
| }; | |
| serverhide { | |
| flatten_links = no; | |
| links_delay = 5 minutes; | |
| hidden = no; | |
| disable_hidden = no; | |
| hide_servers = no; | |
| }; | |
| general { | |
| oper_pass_resv = yes; | |
| disable_remote_commands = no; | |
| default_floodcount = 10; | |
| failed_oper_notice = yes; | |
| dots_in_ident=2; | |
| dot_in_ip6_addr = yes; | |
| min_nonwildcard = 4; | |
| anti_nick_flood = yes; | |
| max_nick_time = 20 seconds; | |
| max_nick_changes = 5; | |
| anti_spam_exit_message_time = 0 minutes; | |
| ts_warn_delta = 30 seconds; | |
| ts_max_delta = 5 minutes; | |
| kline_with_reason = yes; | |
| warn_no_nline = yes; | |
| stats_o_oper_only=yes; | |
| stats_P_oper_only=no; | |
| stats_i_oper_only=masked; | |
| stats_k_oper_only=masked; | |
| caller_id_wait = 1 minute; | |
| pace_wait_simple = 1 second; | |
| pace_wait = 10 seconds; | |
| short_motd = no; | |
| ping_cookie = no; | |
| no_oper_flood = yes; | |
| true_no_oper_flood = yes; | |
| idletime = 0; | |
| max_targets = 4; | |
| client_flood = 20; | |
| message_locale = "standard"; | |
| oper_only_umodes = bots, cconn, debug, full, skill, nchange, | |
| rej, spy, external, operwall, locops, unauth; | |
| oper_umodes = locops, servnotice, operwall, wallop; | |
| #servlink_path = "/usr/lib/ircd-hybrid/servlink"; | |
| default_cipher_preference = "BF/128"; | |
| throttle_time = 10; | |
| }; | |
| glines { | |
| enable = yes; | |
| duration = 1 day; | |
| logging = reject, block; | |
| user = "[email protected]"; | |
| name = "hades.arpa"; | |
| action = reject, block; | |
| user = "god@*"; | |
| name = "*"; | |
| action = block; | |
| }; | |
| modules { | |
| path = "/usr/lib/ircd-hybrid/modules"; | |
| path = "/usr/lib/ircd-hybrid/modules/autoload"; | |
| module = "m_tburst.so"; | |
| }; |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment