Configuration
If you are configuring your server from scratch you might find the example configuration files helpful.
These are located in:
/usr/share/doc/inspircdif using our UNIX binary packages.C:\Program Files\InspIRCd\conf\examplesif using our Windows binary package.[ROOT]/run/conf/examplesif you have built in your home directory.
This page only lists core configuration. For details on the configuration of a specific module please refer to the appropriate page for that module.
<admin>
The <admin> tag defines contact details for the server administrator. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| name | Text | None | If defined then the real name of the server operator. |
| nick | Text | admin | The nickname of the server operator. |
| Text | null@example.com | The email address of the server operator. |
Example Usage
<admin name="John Doe"
nick="JDoe123"
email="jdoe123@example.com">
<badhost>
The <badhost> tag defines a permanent K-line. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| host | Text | None | Required! A user@host to K-line. |
| reason | Text | None | Required! The reason for the K-line being added. |
Example Usage
<badhost host="*@example.com"
reason="Spamming">
<badip>
The <badip> tag defines a permanent Z-line. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| ipmask | Text | None | Required! An IP address to Z-line. |
| reason | Text | None | Required! The reason for the Z-line being added. |
Example Usage
<badip ipmask="192.0.2.0/24"
reason="Spamming">
<badnick>
The <badnick> tag defines a permanent Q-line. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| nick | Text | None | Required! A nickname to Q-line. |
| reason | Text | None | Required! The reason for the Q-line being added. |
Example Usage
<badnick nick="NickServ"
reason="Reserved for a network service">
<bind>
The <bind> tag defines an endpoint to listen for connections on. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| address | Text | None | TCP/IP listeners only! If defined then the IP address to bind to instead of listening on all available interfaces. |
| port | No. Range | None | Required for TCP/IP listeners! The TCP port or range of ports to listen for connections on. |
| defer | Duration | 0 | TCP/IP listeners only! The period to defer a connection for whilst waiting for it to send data (not supported on Windows). |
| hook | Text | None | If defined then the name of a module that provides middleware for this listener. |
| free | Boolean | No | TCP/IP listeners only! Whether to allow binding on TCP/IP endpoints which may not be usable yet (not supported on Windows). |
| path | Text | None | Required for UNIX listeners! The UNIX socket endpoint to listen for connections on (not supported on Windows). |
| permissions | Number | None | UNIX listeners only! The permissions to use for the UNIX socket (only supported on Linux). |
| replace | Boolean | No | UNIX listeners only! Whether to replace the UNIX socket file if it already exists (not supported on Windows). |
| type | Text | clients | The type of connection to be allowed on this endpoint. |
Additionally, the following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| sslprofile (since 3.10.0) ssl (3.0.0 to 3.9.0) | Text | None | ssl_openssl | This MUST be set to the name of an OpenSSL TLS (SSL) profile to listen for secure connections with OpenSSL. |
| ssl_mbedtls | This MUST be set to the name of a mbedTLS TLS (SSL) profile to listen for secure connections with mbedTLS. | |||
| ssl_gnutls | This MUST be set to the name of a GnuTLS TLS (SSL) profile to listen for secure connections with GnuTLS. |
If defined the hook field should be set to one of the following values:
| Value | Module | Description |
|---|---|---|
| haproxy | haproxy | Listens for connections that use the HAProxy Proxy protocol. |
| websocket | websocket | Listens for connections that use WebSocket framing. |
The type field should be set to one of the following values:
| Value | Module | Description |
|---|---|---|
| clients | None | Listens for IRC client connections. |
| flashpolicyd | flashpolicyd | Listens for Adobe Flash policy connections. |
| httpd | httpd | Listens for HTTP connections. |
| servers | spanningtree | Listens for IRC server connections. |
Example Usage
Listens for IRC client connections on 192.0.2.1:6667:
<bind address="192.0.2.1"
port="6667"
type="clients"
defer="0s"
free="no">
Listens for IRC client connections on 192.0.2.1 on port range 6661-6669:
<bind address="192.0.2.1"
port="6661-6669"
type="clients"
defer="0s"
free="no">
Listens for IRC client connections on 192.0.2.1 on port range 6661-6667 and port 8002:
<bind address="192.0.2.1"
port="6661-6667,8002"
type="clients"
defer="0s"
free="no">
Listens for IRC server connections on *:7000:
<bind port="7000"
type="servers"
defer="5s"
free="no">
Listens for IRC client connections on /run/inspircd/inspircd.sock
<bind path="/run/inspircd/inspircd.sock"
type="clients"
permissions="750"
replace="yes">
<cidr>
The <cidr> tag defines the number of bits of an IP address that should be looked at when locating clones. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| ipv4clone | Number | 32 | The number of bits (0-32) of an IPv4 address that should be looked at when locating clones. |
| ipv6clone | Number | 128 | The number of bits (0-128) of an IPv6 address that should be looked at when locating clones. |
Example Usage
<cidr ipv4clone="32"
ipv6clone="128">
<class>
The <class> tag defines a set of server operator privileges. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| name | Text | None | A name that uniquely identifies this server operator class. |
| commands | Text | None | A space-delimited list of server operator-only commands that server operators with this class can execute. |
| privs | Text | None | A space-delimited list of server operator privileges that server operators with this class have. |
| chanmodes | Text | None | The server operator-only channel modes that server operators with this class can change. |
| usermodes | Text | None | The server operator-only user modes that server operators with this class can change. |
| snomasks | Text | * | New in v3.6.0! The server operator-only snomasks that server operators with this class can change. |
The core supplies the following server operator privileges for use in <class:privs>.
| Name | Description |
|---|---|
| channels/auspex | Allows server operators to see more details about channels than normal users. |
| servers/auspex | Allows server operators to see more details about server information than normal users. |
| users/auspex | Allows server operators to see more details about users than normal users. |
| users/channel-spy | Allows server operators to view the private/secret channels that a user is on. |
| users/flood/increased-buffers | Allows server operators to send and receive data without worrying about being disconnected for exceeding limits. |
| users/flood/no-fakelag | Prevents server operators from being penalized with fake lag for flooding. |
| users/flood/no-throttle | Allows server operators to send commands without being throttled. |
| users/mass-message | Allows server operators to send a PRIVMSG or NOTICE to a server mask. |
The users/flood/* privileges are potentially dangerous as they grant a server operator the ability to hammer your server's CPU/RAM as much as they want.
Example Usage
<class name="OperChat"
commands="WALLOPS GLOBOPS"
privs="users/mass-message"
chanmodes="*"
usermodes="*"
snomasks="gG">
<class name="OperView"
privs="channels/auspex users/auspex users/channel-spy servers/auspex">
<config>
The <config> tag allows you to to define how the config is parsed. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| format | Text | xml | The config format to use. |
The format field should be set to one of the following values:
| Value | Description |
|---|---|
| compat | Deprecated! Use the 1.2-style format with C-style escape sequences (e.g. \n). |
| xml | Use the 2.0-style format with XML-style escapes (e.g. &nl;), numeric entities (e.g. ) and <define>. |
Example Usage
<config format="xml">
<connect>
The <connect> tag defines a class that users can be filtered into when they connect to the server. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| name | Text | None | If defined then the name of this connect class. |
| allow | Text | None | A glob pattern or CIDR range for an IP address which is allowed to connect to the server. If this is defined then deny (below) MUST NOT be defined. |
| deny | Text | None | A glob pattern or CIDR range for an IP address which is banned from connecting to the server. If this is defined then allow (above) MUST NOT be defined. |
| commandrate | Number | 1000 | The number of millicommands (1000 equals 1 command) per second that a user can execute. |
| fakelag | Boolean | Yes | Whether users should have their input/output delayed when they reach a soft limit rather than being killed. |
| globalmax | Number | 0 | The maximum number of clones per host (see <cidr>) that can be on the entire network for users in this connect class. Set to 0 for no limit. |
| hardsendq | Number | 1048576 | The maximum amount of data allowed in a user's send queue before it is killed. |
| limit | Number | 5000 | The maximum number of users who can be in this connect class. |
| localmax | Number | 0 | The maximum number of clones per host (see <cidr>) that can be on the local server for users in this connect class. Set to 0 for no limit. |
| maxchans | Number | None | If defined then the maximum number of channels that a user in this class can be in. |
| maxconnwarn | Boolean | No | Whether to send a server notice when a connect class limit is reached. |
| parent | Text | None | If defined then the name of the class to inherit most core settings from. |
| password | Text | None | The password that the user must send to be put into this connect class. |
| hash | Text | None | If defined then the hash algorithm that the password field is hashed with. |
| pingfreq | Duration | 2m | The period this client can be idle for before sending it a PING message. |
| port | Number | None | The port on which a client must be connecting to be put into this connect class. |
| reason | Text | Unauthorised connection | If <connect:deny> is set then the reason to give when disconnecting a user. |
| resolvehostnames | Boolean | Yes | Whether to do DNS lookups for the hostnames of users in this class. |
| recvq | Number | 4096 | The maximum amount of data allowed in a user's receive queue before it is killed. |
| registered | Boolean | None | If defined then whether this connect class matches a user in registration or a client that has completed registration. |
| softsendq | Number | 4096 | The maximum number of bytes of data that can be in a user's send queue before the server stops processing their input to allow the send queue to drain. |
| threshold | Number | 10 | The maximum amount of penalty that a user can have before being fakelagged or killed if fakelag is turned off. |
| timeout | Duration | 1m30s | The period after which an unregistered user is timed out. |
| uniqueusername | Boolean | No | New in v3.12.0! Whether users in this class are connecting from a shared host and can be uniquely identified by their username (ident). |
Additionally, the following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| autojoin | Text | None | conn_join | A comma-delimited list of channels for users in this connect class to be joined to on connect. |
| autojoindelay | Duration | 15m | conn_join | The duration to wait before joining users to the specified channels. |
| country | Text | None | geoclass | A space-delimited list of ISO 3166-1 alpha-2 country codes that users must be connecting from to be assigned to this class. |
| dnsbl | Text | None | dnsbl | Match users to this connect class by DNSBL name when using the MARK action. |
| modes | Text | None | conn_umodes | The user modes to set on connecting users. |
| requireaccount | Boolean | No | services_account | Whether users must be logged into a services account to use this class. |
| requireident | Boolean | No | ident | Whether users must have responded to a username (ident) lookup to be assigned to this class. |
| requiressl | Text | no | sslinfo | Whether users must be using TLS (SSL) to use this class. |
| useconnectban | Boolean | yes | connectban | Whether to ban users in this class for making excessive connections to the server. |
| useconnflood | Boolean | yes | connflood | Whether to throttle users in this class when excessive connections are being made to the server. |
| usednsbl | Boolean | Yes | dnsbl | Whether users in this connect class should be looked up in a DNSBL. |
| useident | Boolean | Yes | ident | Whether users in this connect class should have their usernames (idents) looked up. |
| usests | Boolean | Yes | ircv3_sts | Whether users in this connect class should have a STS policy advertised to them. |
| webirc | Text | None | cgiirc | If defined then a glob pattern to match the name of a WebIRC gateway against. |
The hash field is currently optional but will be required in the next major version of InspIRCd when using password authentication.
The following hashing modules are included with InspIRCd:
| Algorithm | Module(s) | Description |
|---|---|---|
| argon2d | argon2 | Hashes using the Argon2d algorithm. |
| argon2i | argon2 | Hashes using the Argon2i algorithm. |
| argon2id | argon2 | Hashes using the Argon2id algorithm. |
| bcrypt | bcrypt | Hashes using the bcrypt algorithm. |
| hmac-md5 | password_hash, md5 | Hashes using the MD5 and HMAC algorithms. |
| hmac-sha1 | password_hash, sha1 | Hashes using the SHA-1 and HMAC algorithms. |
| hmac-sha256 | password_hash, sha256 | Hashes using the SHA-256 and HMAC algorithms. |
| md5 | md5 | Hashes using the MD5 algorithm. |
| pbkdf2-hmac-md5 | pbkdf2, md5 | Hashes using the MD5 and PBKDF2 algorithms. |
| pbkdf2-hmac-sha1 | pbkdf2, sha1 | Hashes using the SHA-1 and PBKDF2 algorithms. |
| pbkdf2-hmac-sha256 | pbkdf2, sha256 | Hashes using the SHA-256 and PBKDF2 algorithms. |
| sha1 | sha1 | Hashes using the SHA-1 algorithm. |
| sha256 | sha256 | Hashes using the SHA-256 algorithm. |
Example Usage
Denies connections to clients connecting from 3ffe::0/32:
<connect name="6bone"
deny="3ffe::0/32"
reason="The 6bone address space is deprecated">
Defines a TLS (SSL) only connect class and then a general connect class to inherit from:
<connect name="Secure"
parent="Main"
allow="*"
port="6697">
<connect name="Main"
allow="*"
commandrate="1000"
fakelag="on"
globalmax="3"
hardsendq="1M"
limit="5000"
localmax="3"
maxchans="30"
maxconnwarn="no"
pingfreq="2m"
recvq="8K"
resolvehostnames="yes"
softsendq="8192"
threshold="10"
timeout="10"
uniqueusername="no">
Special Notes
If you are also using the cgiirc module you should disable DNS lookups for your WebIRC gateway.
<define>
The <define> tag allows you to to define XML-style entities which you can use in your config to avoid duplication. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| name | Text | None | Required! The name of the entity. |
| value | Text | None | The value to replace instances of the entity with. |
The following entities are already defined:
| Name | Description |
|---|---|
& | An ampersand. |
' | New in v3.9.0! A single quote. This can be used unescaped but is supported for compatibility with XML generators. |
&dir.config; | New in v3.11.0! The configuration directory that was configured at build time. |
&dir.data; | New in v3.11.0! The data directory that was configured at build time. |
&dir.log; | New in v3.11.0! The log directory that was configured at build time. |
&dir.module; | New in v3.11.0! The module directory that was configured at build time. |
&dir.runtime; | New in v3.11.0! The runtime directory that was configured at build time. |
&env.NAME; | The value of the NAME environment variable when InspIRCd was first started. |
> | New in v3.9.0! A greater than symbol. This can be used unescaped but is supported for compatibility with XML generators. |
&irc.bold; | New in v3.9.0! Makes subsequent text within an IRC message bold. |
&irc.color; | New in v3.9.0! Makes subsequent text within an IRC message colored. Should be followed by color codes in the format FG[,BG]. See ircdocs for more information. |
&irc.colour; | New in v3.9.0! Makes subsequent text within an IRC message colored. Should be followed by color codes in the format FG[,BG]. See ircdocs for more information. |
&irc.hexcolor; | New in v3.14.0! Makes subsequent text within an IRC message colored. Should be followed by hexadecimal color codes in the format FRFGFB[,BRBGBB] (not widely supported). |
&irc.hexcolour; | New in v3.14.0! Makes subsequent text within an IRC message colored. Should be followed by hexadecimal color codes in the format FRFGFB[,BRBGBB] (not widely supported). |
&irc.italic; | New in v3.9.0! Makes subsequent text within an IRC message italic. |
&irc.monospace; | New in v3.9.0! Makes subsequent text within an IRC message monospace (not widely supported). |
&irc.reset; | New in v3.9.0! Disables all text formatting for subsequent text. |
&irc.reverse; | New in v3.9.0! Makes subsequent text within an IRC message reversed. |
&irc.strikethrough; | New in v3.9.0! Makes subsequent text within an IRC message struckthrough (not widely supported). |
&irc.underline; | New in v3.9.0! Makes subsequent text within an IRC message underlined |
< | New in v3.9.0! A less than symbol. This can be used unescaped but is supported for compatibility with XML generators. |
&nl; | A new line. |
" | A double quote. |
Example Usage
Creates the &ServerHost; entity with a value of "example.com":
<define name="ServerHost"
value="example.com">
<dns>
The <dns> tag defines the DNS server to use when looking up hostnames. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| enabled | Boolean | Yes | New in v3.9.0! Whether DNS lookups are enabled. |
| server | Text | None | If defined then the DNS server to look up hostnames with. If not set then the first system resolver will be used. |
| timeout | Duration | 5s | The period before timing out DNS lookups. |
| sourceip | Text | None | If defined then the IP address to connect from when doing DNS lookups. |
| sourceport | Number | None | If defined then the UDP port to connect from when doing DNS lookups. |
Example Usage
<dns enabled="yes"
server="127.0.0.53"
timeout="5s"
sourceip=""
sourceport="0">
<exception>
The <exception> tag defines a permanent E-line. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| host | Text | None | Required! A user@host to E-line. |
| reason | Text | None | Required! The reason for the E-line being added. |
Example Usage
<exception host="*@localhost"
reason="Local connections">
<execfiles>
The <execfiles> tag runs a shell command and reads its output. This tag can only be defined once. The purpose of the output depends on what field commands are defined in.
Note that commands are only run on rehash, so changes are not automatically detected.
| Name | Type | Default Value | Description |
|---|---|---|---|
| motd | Text | None | A file used as the message of the day, ie. shown to users when they connect or use the /MOTD command. |
Additionally, the following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| opermotd | Text | None | opermotd | The file to read or command to execute to obtain the opermotd text. |
| quotes | Text | None | randquote | The file to read or command to execute to obtain the quotes text. |
The working directory is InspIRCd's configuration directory.
Example Usage
Downloads https://www.example.com/motd.txt and uses it as the message of the day:
<execfiles motd="wget -O - https://www.example.com/motd.txt">
<files>
The <files> tag reads one or more files. This tag can only be defined once. The purpose of these files depends on what field they are defined in.
Note that files are only read on rehash, so changes are not automatically detected.
| Name | Type | Default Value | Description |
|---|---|---|---|
| motd | Text | None | A file used as the message of the day, i.e. shown to users when they connect or use the /MOTD command. |
Additionally, the following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| opermotd | Text | None | opermotd | The file to read or command to execute to obtain the opermotd text. |
| quotes | Text | None | randquote | The file to read or command to execute to obtain the quotes text. |
All paths are relative to InspIRCd's configuration directory. This is:
/etc/inspircdif using our UNIX binary packages.C:\Program Files\InspIRCd\confif using our Windows binary package.[ROOT]/run/confif you have built in your home directory.
File paths are NOT relative to the current config file.
Example Usage
Use the file examples/motd.txt.example as the message of the day:
<files motd="examples/motd.txt.example">
<include>
The <include> tag allows you include the contents of a file or the output of a command into your config file. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| directory | Text | None | If defined then the directory to look for .conf files in. |
| executable | Text | None | If defined then the command to execute. |
| file | Text | None | If defined then the file to read. |
| mandatorytag | Text | None | If defined then a tag that must exist in a config file for it to be valid. |
| missingokay | Boolean | Yes | New in v3.10.0! Whether to ignore config files that don't exist. |
| noenv | Boolean | Yes (executable) No (directory, file) | New in v3.6.0! Whether to allow environment variables to be used from within the included config. |
| noexec | Boolean | Yes (executable) No (directory, file) | Whether to allow executable includes from within the included config. |
| noinclude | Boolean | No | Whether to allow file includes from within the included config. |
Example Usage
Includes links.conf into the config:
<include file="links.conf"
noenv="no"
noexec="no"
noinclude="no"
mandatorytag="link"
missingokay="no">
Includes all of the config files in 'modules' into the config:
<include directory="modules"
noenv="no"
noexec="no"
noinclude="no"
mandatorytag="link">
Executes curl to download https://example.com/links.conf and include it into the config:
<include executable="curl --silent https://example.com/links.conf"
noenv="yes"
noexec="yes"
noinclude="no"
mandatorytag="link">
<insane>
The <insane> tag defines limits to protect against overly wide X-lines being created. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| hostmasks | Boolean | No | Whether to bypass the limit for E-lines, G-lines, and K-lines. |
| ipmasks | Boolean | No | Whether to bypass the limit for Z-lines. |
| nickmasks | Boolean | No | Whether to bypass the limit for Q-lines. |
| trigger | Decimal | 95.5 | The percentage of connected users who must match the X-line for it to be rejected as overly wide. |
Example Usage
<insane hostmasks="no"
ipmasks="no"
nickmasks="no"
trigger="95.5">
<limits>
The <limits> tag defines the maximum length of user-configurable fields. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| maxaway | Number | 200 | The maximum length of an away message. |
| maxchan | Number | 64 | The maximum length of a channel name. |
| maxhost | Number | 64 | The maximum length of a hostname. |
| maxident | Number | 10 | The maximum length of a username (ident). |
| maxkick | Number | 255 | The maximum length of a kick message. |
| maxmodes | Number | 20 | The maximum number of non-flag modes that can be changed in a single MODE message. |
| maxnick | Number | 30 | The maximum length of a nickname. |
| maxquit | Number | 255 | The maximum length of a quit message. |
| maxreal | Number | 128 | The maximum length of a real name (gecos). |
| maxtopic | Number | 307 | The maximum length of a channel topic. |
Example Usage
<limits maxaway="200"
maxchan="64"
maxhost="64"
maxident="11"
maxkick="255"
maxmodes="20"
maxnick="32"
maxquit="255"
maxreal="128"
maxtopic="307">
<log>
The <log> tag defines a location to log to. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| method | Text | file | The method to use for storing logs. |
| type | Text | None | Required! A space-delimited token list of types of message to log. |
| level | Text | default | The level of messages to log. |
| target | Text | None | The location to write the log to. |
| flush | Number | 20 | After how many lines to flush the log to disk. |
The method field should be set to one of the following values:
| Value | Description |
|---|---|
| file | The specified log types should be written to a file. |
The type field should be set to one or more of the following values:
| Value | Logging Levels Used | Description |
|---|---|---|
| BANCACHE | debug | Messages relating to the X-line result cache. |
| CHANNELS | debug | Messages relating to channels. |
| COMMAND | default | Messages relating to command execution. |
| CONFIG | default debug | Messages relating to the configuration. |
| CONNECTCLASS | default debug | Messages relating to connect classes. |
| CULLLIST | debug | Messages relating to object cull lists. |
| HEADER | sparse | Messages relating to starting logging. |
| MODE | debug | Messages relating to modes. |
| MODULE | default debug | Messages relating to modules. |
| SERIALIZE | debug | Messages relating to object serialisation. |
| SERVICE | debug | Messages relating to service registration. |
| SOCKET | default debug | Messages relating to network sockets. |
| STARTUP | default | Messages relating to the startup process. |
| USERINPUT | rawio | Messages relating to user input. |
| USEROUTPUT | rawio | Messages relating to user output. |
| USERS | default debug | Messages relating to users. |
| core_channel | debug | Messages relating to channels. |
| core_dns | sparse default debug | Messages relating to DNS lookups. |
| core_hostname_lookup | debug | Messages relating to user hostname lookups. |
| core_info | default | Messages relating to server-provided information. |
| core_oper | sparse default | Messages relating to server operators. |
| core_reloadmodule | debug | Messages relating to the RELOADMODULE command. |
| core_who | debug | Messages relating to the WHO command. |
| core_whowas | default | Messages relating to the WHOWAS command. |
| m_callerid | default | Messages relating to the callerid module. |
| m_cap | debug | Messages relating to the cap module. |
| m_cgiirc | default debug | Messages relating to the cgiirc module. |
| m_chanlog | default | Messages relating to the chanlog module. |
| m_cloaking | default | Messages relating to the cloaking module. |
| m_codepage | debug | Messages relating to the codepage module. |
| m_connectban | debug | Messages relating to the connectban module. |
| m_customprefix | debug | Messages relating to the customprefix module. |
| m_customtitle | default | Messages relating to the customtitle module. |
| m_dccallow | debug | Messages relating to the dccallow module. |
| m_disable | default debug | Messages relating to the disable module. |
| m_dnsbl | debug | Messages relating to the dnsbl module. |
| m_filter | default debug | Messages relating to the filter module. |
| m_geo_maxmind | debug | Messages relating to the geo_maxmind module. |
| m_hidemode | debug | Messages relating to the hidemode module. |
| m_httpd | debug | Messages relating to the httpd module. |
| m_httpd_acl | debug | Messages relating to the httpd_acl module. |
| m_httpd_config | debug | Messages relating to the httpd_config module. |
| m_httpd_stats | debug | Messages relating to the httpd_stats module. |
| m_ident | debug | Messages relating to the ident module. |
| m_ircv3_sts | debug | Messages relating to the ircv3_sts module. |
| m_ldapauth | debug | Messages relating to the ldapauth module. |
| m_mysql | default debug | Messages relating to the mysql module. |
| m_nationalchars | default | Messages relating to the nationalchars module. |
| m_operlog | default | Messages relating to the operlog module. |
| m_password_hash | default | Messages relating to the password_hash module. |
| m_permchannels | default debug | Messages relating to the permchannels module. |
| m_pgsql | default debug | Messages relating to the pgsql module. |
| m_regex_pcre | debug | Messages relating to the regex_pcre module. |
| m_sasl | default verbose debug | Messages relating to the sasl module. |
| m_showfile | default | Messages relating to the showfile module. |
| m_silence | debug | Messages relating to the silence module. |
| m_spanningtree | default debug rawio | Messages relating to the spanningtree module. |
| m_sqlite3 | default debug | Messages relating to the sqlite3 module. |
| m_sqloper | sparse default | Messages relating to the sqloper module. |
| m_ssl_gnutls | default debug | Messages relating to the ssl_gnutls module. |
| m_ssl_mbedtls | default debug | Messages relating to the ssl_mbedtls module. |
| m_ssl_openssl | default debug | Messages relating to the ssl_openssl module. |
| m_sslinfo | debug | Messages relating to the sslinfo module. |
| m_sslrehashsignal | default | Messages relating to the sslrehashsignal module. |
| m_topiclock | default | Messages relating to the topiclock module. |
| m_vhost | default | Messages relating to the vhost module. |
| m_xline_db | debug | Messages relating to the xline_db module. |
The level field should be set to one of the following values:
| Value | Description |
|---|---|
| rawio | Logs raw I/O traffic. |
| debug | Logs debug information. |
| verbose | Logs verbose information. |
| default | Logs general information. |
| sparse | Log errors and other infrequent information. |
| none | Logs nothing. |
Example Usage
<log method="file"
type="* -USERINPUT -USEROUTPUT"
level="default"
target="ircd.log"
flush="20">
<maxlist>
The <maxlist> tag defines the number of list modes which can be created in a channel. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| chan | Text | None | Required! A glob pattern for channels that this limit applies to. |
| mode | Number | None | The character or name for the mode this limit applies to. If not defined then it applies to all modes. |
| limit | Number | None | Required! The number of bans which can be created in these channels. |
Example Usage
<maxlist chan="#largechan"
mode="b"
limit="500">
<maxlist chan="*"
limit="100">
<module>
The <module> tag defines a module to load. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| name | Text | None | Required! The name of a module to load. |
Example Usage
<module name="ssl_gnutls">
<oper>
The <oper> tag defines a server operator account. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| class | Text | None | If defined then a connect class to assign users who log into this server operator account to. |
| hash | Text | None | If defined then the hash algorithm that the password field is hashed with. |
| host | Text | None | Required! A space-delimited list of glob patterns for the username@hostname mask that users must be connecting from to log into this server operator account. |
| name | Text | None | Required! The username for this server operator account. |
| password | Text | None | Required! The password for this server operator account. |
| type | Text | None | Required! The type of server operator this account is. |
| vhost | Text | None | If defined then a virtual hostname to set on users who log into this server operator account. |
Additionally, the following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| autojoin | Text | None | operjoin | A comma-delimited list of channels for server operators to be joined to when logging into their server operator account. |
| autologin | Text | no | sslinfo | Whether to automatically log server operators in when they connect to the server. |
| fingerprint | Text | None | sslinfo | If defined then a space-delimited list of TLS (SSL) client certificate fingerprints to check against this server operator's TLS (SSL) client certificate. |
| level | Number | 0 | operlevels | The rank to give to the server operators. |
| modes | Text | None | opermodes | The user modes to set on server operators when they log into their server operator account. |
| sslonly | Boolean | No | sslinfo | Whether this server operator must be connected using TLS (SSL) to log into their account. |
| swhois | Text | None | swhois | If defined then defines a custom line to add to the server operator's WHOIS response. |
The following hashing modules are included with InspIRCd:
| Algorithm | Module(s) | Description |
|---|---|---|
| argon2d | argon2 | Hashes using the Argon2d algorithm. |
| argon2i | argon2 | Hashes using the Argon2i algorithm. |
| argon2id | argon2 | Hashes using the Argon2id algorithm. |
| bcrypt | bcrypt | Hashes using the bcrypt algorithm. |
| hmac-md5 | password_hash, md5 | Hashes using the MD5 and HMAC algorithms. |
| hmac-sha1 | password_hash, sha1 | Hashes using the SHA-1 and HMAC algorithms. |
| hmac-sha256 | password_hash, sha256 | Hashes using the SHA-256 and HMAC algorithms. |
| md5 | md5 | Hashes using the MD5 algorithm. |
| pbkdf2-hmac-md5 | pbkdf2, md5 | Hashes using the MD5 and PBKDF2 algorithms. |
| pbkdf2-hmac-sha1 | pbkdf2, sha1 | Hashes using the SHA-1 and PBKDF2 algorithms. |
| pbkdf2-hmac-sha256 | pbkdf2, sha256 | Hashes using the SHA-256 and PBKDF2 algorithms. |
| sha1 | sha1 | Hashes using the SHA-1 algorithm. |
| sha256 | sha256 | Hashes using the SHA-256 algorithm. |
Example Usage
<oper name="Sadie"
password="7H8Tqm+i$jaG48RHAcoLXSB3Guzaf1bQehaNRNbblMoNrHPdguvU"
hash="hmac-sha256"
class="ServerOperators"
host="*@bnc.example.com"
type="NetAdmin"
vhost="staff.example.net">
<options>
The <options> tag defines general configuration options. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| allowzerolimit | Boolean | Yes | Whether to allow channels to have channel mode l (limit) set to 0. |
| casemapping | Text | rfc1459 | The casemapping to use when comparing channel and nicknames insensitively. |
| cyclehostsfromuser | Boolean | No | Whether to send modes from the user rather than the server when sending a fake rejoin. |
| defaultbind | Text | auto | The IP version to bind using if an IP address is not specified. |
| defaultmodes | Text | not | The default modes to apply to newly created channels. |
| exemptchanops | Text | None | The privileges to exempt ranked channel users from. See the notes for the exemptchanops module for more information. |
| fixedpart | Text | None | If defined then a static value to replace users' part messages with. |
| fixedquit | Text | None | If defined then a static value to replace users' quit messages with. |
| hostintopic | Boolean | No | Whether to show the full user mask of a topic setter rather than just their nickname. |
| invitebypassmodes | Boolean | Yes | Whether being invited to a channel allows the invitee to bypass channel modes which would otherwise prevent them from joining. |
| modesinlist | Boolean | Yes | New in v3.6.0! Whether to include the current channel modes in the /LIST output. |
| nosnoticestack | Boolean | No | Whether to stop identical server notices from being stacked with "last message repeated X times". |
| prefixpart | Text | None | If defined then the value to prefix users' part messages with. |
| prefixquit | Text | None | If defined then the value to prefix users' quit messages with. |
| splitwhois | Text | no | Whether to split private/secret channels from normal channels in WHOIS responses. |
| suffixpart | Text | None | If defined then the value to suffix users' part messages with. |
| suffixquit | Text | None | If defined then the value to suffix users' quit messages with. |
| syntaxhints | Boolean | No | Whether to send syntax hints to users who send commands with not enough parameters. |
| xlinemessage | Text | You're banned! | The message to send to users who have been banned from the server. |
Additionally, the following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| allowmismatch | Boolean | No | spanningtree | Whether optionally common modules can be loaded on one server but not the other. |
| announcets | Boolean | No | spanningtree | Whether to announce changes in channel creation time. |
| pingwarning | Duration | 15s | spanningtree | The number of seconds to wait before warning server operators that a server has not responded to a ping. |
| serverpingfreq | Duration | 1m | spanningtree | The number of seconds to wait between pinging servers. |
The casemapping field should be set to one of the following values:
| Value | Description |
|---|---|
| ascii | Use the ASCII case mapping for nicknames and channels. |
| rfc1459 | Use the broken RFC1459 casemapping for nicknames and channels. |
The defaultbind field should be set to one of the following values:
| Value | Description |
|---|---|
| auto | Bind to :: if IPv6 support is available. Otherwise, bind to 0.0.0.0. |
| ipv4 | Bind to 0.0.0.0 by default. |
| ipv6 | Bind to :: by default. |
The splitwhois field should be set to one of the following values:
| Value | Description |
|---|---|
| no | Don't split private/secret channels from normal channels in WHOIS responses. |
| split | Split private/secret channels from normal channels in WHOIS responses. |
| splitmsg | Split private/secret channels from normal channels in WHOIS responses with an explanation. |
Example Usage
<options allowzerolimit="no"
casemapping="ascii"
cyclehostsfromuser="no"
defaultbind="auto"
defaultmodes="nost"
exemptchanops=""
fixedpart=""
fixedquit=""
hostintopic="yes"
invitebypassmodes="yes"
nosnoticestack="no"
modesinlist="no"
prefixpart="""
prefixquit="Quit: "
splitwhois="no"
suffixpart="""
suffixquit=""
syntaxhints="yes"
xlinemessage="You're banned. Email abuse@example.com to appeal this decision.">
<path>
The <path> tag defines the location of the config, data, log, and module directories. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| configdir | Text | &dir.config; | The location of the config directory. |
| datadir | Text | &dir.data; | The location of the data directory. |
| logdir | Text | &dir.log; | The location of the logs directory. |
| moduledir | Text | &dir.module; | The location of the modules directory. |
| runtimedir | Text | &dir.runtime; | New in v3.9.0! The location of the runtime directory. |
You should make sure to specify absolute paths to avoid resolution issues.
Example Usage
<path configdir="&dir.config;"
datadir="&dir.data;"
logdir="&dir.log;"
moduledir="&dir.module;"
runtimedir="&dir.runtime;">
<performance>
The <performance> tag defines configuration options relating to server performance. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| clonesonconnect | Boolean | Yes | Whether to check for clones when a user connects to the server. |
| netbuffersize | Number | 10240 | The size of the buffer used to receive data from users. |
| softlimit | Number | Varies | The maximum number of connections to allow to the IRC server. |
| somaxconn | Number | Varies | The maximum number of connections that may be waiting in the connection accept queue. |
| timeskipwarn | Duration | 2s | The amount of time the server clock can skip by before server operators are warned about lag. |
Additionally, the following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| quietbursts | Boolean | No | spanningtree | Whether to inform server operators of users who connect during a network merge. |
Example Usage
<performance clonesonconnect="yes"
netbuffersize="10240"
softlimit="15000"
somaxconn="128"
timeskipwarn="2s">
<pid>
The <pid> tag defines the location of the pidfile. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| file | Text | inspircd.pid | The location of the pidfile. |
Example Usage
<pid file="inspircd.pid">
<security>
The <security> tag defines configuration options relating to server security. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| allowcoreunload | Boolean | No | Whether core modules can be unloaded by a server operator. |
| announceinvites | Text | dynamic | Whether to send an announcement when a user is invited to a channel. |
| customversion | Text | None | A custom string to show in the /VERSION output. |
| genericoper | Boolean | No | Whether to show "is a server operator" in /WHOIS instead of the server operator's type. |
| hidebans | Boolean | No | Whether to only show X-line messages to server operators. |
| hidekills | Text | None | If defined then the text to show in a kill message instead of the name of the server operator who caused the kill. |
| hideserver | Text | None | If defined then the text to show in place of a server name. |
| hideulinekills | Boolean | No | Whether to hide server notices about kills by users on U-lined servers. |
| maxtargets | Number | 20 | The maximum number of targets a user may specify in a command. |
| restrictbannedusers | Text | Yes | Whether to restrict the behaviour of users who are banned in a channel. |
| runasgroup | Text | None | If defined then the group to switch to after starting up (requires starting as root). |
| runasuser | Text | None | If defined then the user to switch to after starting up (requires starting as root). |
| userstats | Text | Pu (since 3.11.0) None (3.0.0 to 3.10.0) | The /STATS characters that a non-server operator can view. |
Additionally, the following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| flatlinks | Boolean | No | spanningtree | Whether to flatten the output of /LINKS to avoid leaking network architecture. |
| hidesplits | Boolean | No | spanningtree | Whether to show *.net *.split instead of the server names when a netsplit happens |
| hideulines | Boolean | No | spanningtree | Whether to hide U-lined servers from the output of /LINKS and /MAP. |
| maphide | Text | None | maphide | Required! The URL to provide to users who run the /MAP and /LINKS commands. |
The announceinvites field should be set to one of the following values:
| Value | Description |
|---|---|
| none | Don't send any invite announcements. |
| ops | Send invite announcements to channel operators and higher ranked users. |
| dynamic | Send invites to channel half-operators (if available) and higher ranked users. |
| all | Send invites to all channel members. |
The restrictbannedusers field should be set to one of the following values:
| Value | Description |
|---|---|
| yes | Banned users should be restricted. |
| no | Banned users should not be restricted. |
| silent | Banned users should be restricted but should not be informed. |
Example Usage
<security allowcoreunload="no"
announceinvites="dynamic"
customversion=""
genericoper="no"
hidebans="yes"
hidekills=""
hideserver=""
hideulinekills="yes"
maxtargets="20"
restrictbannedusers="yes"
runasgroup=""
runasuser=""
userstats="Pu">
<server>
The <server> tag defines settings about the local server. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| name | Text | None | Required! The hostname of the local server. |
| description | Text | Configure Me | A description of the local server. |
| network | Text | Network | The name of the IRC network the local server is attached to. |
| id | Text | None | If defined then a unique server identifier in the format [0-9][0-9A-Z][0-9A-Z]. |
Example Usage
<server name="irc.eu.example.com"
description="ExampleNet's European server"
network="ExampleNet"
id="34C">
<type>
The <type> tag defines a type of server operator. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| class | Text | None | If defined then a connect class to assign users who log into this server operator account to. |
| classes | Text | None | If defined then a space-delimited list of <class> tags to inherit privileges from. |
| name | Text | None | Required! The name for this server operator type. |
| vhost | Text | None | If defined then a virtual hostname to set on users who log into a server operator account using this type. |
Additionally, the following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| autojoin | Text | None | operjoin | A comma-delimited list of channels for server operators to be joined to when logging into their server operator account. |
| level | Number | 0 | operlevels | The rank to give to the server operators. |
| modes | Text | None | opermodes | The user modes to set on server operators when they log into their server operator account. |
| swhois | Text | None | swhois | If defined then defines a custom line to add to the server operator's WHOIS response. |
Example Usage
<type name="NetAdmin"
class="ServerOperators"
classes="BanControl HostCloak OperChat SACommands ServerLink Shutdown"
vhost="staff.example.net">
<whowas>
The <whowas> tag defines the configuration of the /WHOWAS database. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| groupsize | Number | 10 | The maximum number of /WHOWAS entries for a nickname. If set to 0 then /WHOWAS is disabled. |
| maxgroups | Number | 10240 | The maximum number of /WHOWAS nickname groups. If set to 0 then /WHOWAS is disabled. |
| maxkeep | Duration | 1h | The period of time to keep /WHOWAS records for. |
Example Usage
<whowas groupsize="10"
maxgroups="100000"
maxkeep="3d">