Configuration
If you are configuring your server from scratch you might find the example configuration files helpful.
These are located in:
/usr/share/doc/inspircdif using our UNIX binary packages.C:\Program Files\InspIRCd\conf\examplesif using our Windows binary package.[ROOT]/run/conf/examplesif you have built in your home directory.
This page only lists core configuration. For details on the configuration of a specific module please refer to the appropriate page for that module.
<admin>
The <admin> tag defines contact details for the server administrator. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| name | Text | <server:network> Admins | The nickname, real name, or team name of the server administrator(s). |
| description | Text | None | A description of the server administrator(s). |
| Text | noreply@<server:name> | The email address at which the server administrator(s) can be contacted in case of issues. |
Example Usage
<admin name="Adam Inistrator"
description="Supreme Overlord"
email="noreply@example.com">
<badhost>
The <badhost> tag defines a permanent K-line. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| host | Text | None | Required! A user@host to K-line. |
| reason | Text | None | Required! The reason for the K-line being added. |
Example Usage
<badhost host="*@example.com"
reason="Spamming">
<badip>
The <badip> tag defines a permanent Z-line. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| ipmask | Text | None | Required! An IP address to Z-line. |
| reason | Text | None | Required! The reason for the Z-line being added. |
Example Usage
<badip ipmask="192.0.2.0/24"
reason="Spamming">
<badnick>
The <badnick> tag defines a permanent Q-line. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| nick | Text | None | Required! A nickname to Q-line. |
| reason | Text | None | Required! The reason for the Q-line being added. |
Example Usage
<badnick nick="NickServ"
reason="Reserved for a network service">
<bind>
The <bind> tag defines an endpoint to listen for connections on. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| address | Text | None | IP listeners only! If defined then the IP address to bind to instead of listening on all available interfaces. |
| port | No. Range | None | Required for IP listeners! The port or range of ports to listen for connections on. |
| defer | Duration | 0 | IP listeners only! The period to defer a connection for whilst waiting for it to send data (not supported on Windows). |
| hook | Text | None | If defined then the name of a module that provides middleware for this listener. |
| free | Boolean | No | IP listeners only! Whether to allow binding on IP endpoints which may not be usable yet (not supported on Windows). |
| protocols | Text | all | IP listeners only! The protocols to use for listeners on this endpoint. |
| path | Text | None | Required for UNIX listeners! The UNIX socket endpoint to listen for connections on (not supported on Windows). |
| permissions | Number | None | UNIX listeners only! The permissions to use for the UNIX socket (only supported on Linux). |
| replace | Boolean | No | UNIX listeners only! Whether to replace the UNIX socket file if it already exists (not supported on Windows). |
| type | Text | clients | The type of connection to be allowed on this endpoint. |
Additionally, the following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| sslprofile | Text | None | ssl_openssl | This MUST be set to the name of an OpenSSL TLS (SSL) profile to listen for secure connections with OpenSSL. |
| ssl_gnutls | This MUST be set to the name of a GnuTLS TLS (SSL) profile to listen for secure connections with GnuTLS. |
If defined the hook field should be set to one of the following values:
| Value | Module | Description |
|---|---|---|
| haproxy | haproxy | Listens for connections that use the HAProxy Proxy protocol. |
| websocket | websocket | Listens for connections that use WebSocket framing. |
The protocols field should be set to one or more of the following values:
| Value | Description |
|---|---|
| all | Listen for TCP connections and (if supported) SCTP connections. |
| tcp | Listen for TCP connections. |
| sctp | Listen for SCTP connections. |
The type field should be set to one of the following values:
| Value | Module | Description |
|---|---|---|
| clients | None | Listens for IRC client connections. |
| httpd | httpd | Listens for HTTP connections. |
| servers | spanningtree | Listens for IRC server connections. |
Example Usage
Listens for IRC client connections on 192.0.2.1:6667:
<bind address="192.0.2.1"
port="6667"
type="clients"
defer="0s"
free="no">
Listens for IRC client connections on 192.0.2.1 on port range 6661-6669:
<bind address="192.0.2.1"
port="6661-6669"
type="clients"
defer="0s"
free="no">
Listens for IRC client connections on 192.0.2.1 on port range 6661-6667 and port 8002:
<bind address="192.0.2.1"
port="6661-6667,8002"
type="clients"
defer="0s"
free="no">
Listens for IRC server connections on *:7000:
<bind port="7000"
type="servers"
defer="5s"
free="no">
Listens for IRC client connections on /run/inspircd/inspircd.sock
<bind path="/run/inspircd/inspircd.sock"
type="clients"
permissions="750"
replace="yes">
<cidr>
The <cidr> tag defines the number of bits of an IP address that should be looked at when locating clones. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| ipv4clone | Number | 32 | The number of bits (0-32) of an IPv4 address that should be looked at when locating clones. |
| ipv6clone | Number | 128 | The number of bits (0-128) of an IPv6 address that should be looked at when locating clones. |
Example Usage
<cidr ipv4clone="32"
ipv6clone="128">
<class>
The <class> tag defines a set of server operator privileges. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| name | Text | None | A name that uniquely identifies this server operator class. |
| commands | Text | None | A space-delimited list of server operator-only commands that server operators with this class can execute. |
| privs | Text | None | A space-delimited list of server operator privileges that server operators with this class have. |
| chanmodes | Text | None | The server operator-only channel modes that server operators with this class can change. |
| usermodes | Text | None | The server operator-only user modes that server operators with this class can change. |
| snomasks | Text | None | The server operator-only snomasks that server operators with this class can change. |
The core supplies the following server operator privileges for use in <class:privs>.
| Name | Description |
|---|---|
| channels/auspex | Allows server operators to see more details about channels than normal users. |
| servers/auspex | Allows server operators to see more details about server information than normal users. |
| users/auspex | Allows server operators to see more details about users than normal users. |
| users/channel-spy | Allows server operators to view the private/secret channels that a user is on. |
| users/flood/increased-buffers | Allows server operators to send and receive data without worrying about being disconnected for exceeding limits. |
| users/flood/no-fakelag | Prevents server operators from being penalized with fake lag for flooding. |
| users/flood/no-throttle | Allows server operators to send commands without being throttled. |
| users/mass-message | Allows server operators to send a PRIVMSG or NOTICE to a server mask. |
The users/flood/* privileges are potentially dangerous as they grant a server operator the ability to hammer your server's CPU/RAM as much as they want.
Example Usage
<class name="OperChat"
commands="WALLOPS GLOBOPS"
privs="users/mass-message"
chanmodes="*"
usermodes="*"
snomasks="gG">
<class name="OperView"
privs="channels/auspex users/auspex users/channel-spy servers/auspex">
<connect>
The <connect> tag defines a class that users can be filtered into when they connect to the server. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| name | Text | None | If defined then the name of this connect class. |
| allow | Text | None | A glob pattern or CIDR range for an IP address which is allowed to connect to the server. If this is defined then deny (below) MUST NOT be defined. |
| deny | Text | None | A glob pattern or CIDR range for an IP address which is banned from connecting to the server. If this is defined then allow (above) MUST NOT be defined. |
| commandrate | Number | 1000 | The number of millicommands (1000 equals 1 command) per second that a user can execute. |
| connected | Boolean | None | If defined then whether this connect class matches a user that is partially connected or a client that is fully connected. |
| fakelag | Boolean | Yes | Whether users should have their input/output delayed when they reach a soft limit rather than being killed. |
| globalmax | Number | 0 | The maximum number of clones per host (see <cidr>) that can be on the entire network for users in this connect class. Set to 0 for no limit. |
| hardsendq | Number | 1048576 | The maximum amount of data allowed in a user's send queue before it is killed. |
| limit | Number | 5000 | The maximum number of users who can be in this connect class. |
| localmax | Number | 0 | The maximum number of clones per host (see <cidr>) that can be on the local server for users in this connect class. Set to 0 for no limit. |
| maxchans | Number | 20 | If defined then the maximum number of channels that a user in this class can be in. |
| maxconnwarn | Boolean | No | Whether to send a server notice when a connect class limit is reached. |
| parent | Text | None | If defined then the name of the class to inherit most core settings from. |
| password | Text | None | The password that the user must send to be put into this connect class. |
| hash | Text | None | If defined then the hash algorithm that the password field is hashed with. |
| pingfreq | Duration | 2m | The period this client can be idle for before sending it a PING message. |
| port | Number | None | The port on which a client must be connecting to be put into this connect class. |
| reason | Text | Unauthorised connection | If <connect:deny> is set then the reason to give when disconnecting a user. |
| resolvehostnames | Boolean | Yes | Whether to do DNS lookups for the hostnames of users in this class. |
| recvq | Number | 4096 | The maximum amount of data allowed in a user's receive queue before it is killed. |
| softsendq | Number | 4096 | The maximum number of bytes of data that can be in a user's send queue before the server stops processing their input to allow the send queue to drain. |
| threshold | Number | 10 | The maximum amount of penalty that a user can have before being fakelagged or killed if fakelag is turned off. |
| timeout | Duration | 1m30s | The period after which a partially connected user is timed out. |
| uniqueusername | Boolean | No | Whether users in this class are connecting from a shared host and can be uniquely identified by their username. |
| motd | Text | motd | The file path or name of the field in <files> / <execfiles> to use when reading the message of the day. |
Additionally, the following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| autojoin | Text | None | conn_join | A comma-delimited list of channels for users in this connect class to be joined to on connect. |
| autojoindelay | Duration | 15m | conn_join | The duration to wait before joining users to the specified channels. |
| country | Text | None | geoclass | A space-delimited list of ISO 3166-1 alpha-2 country codes that users must be connecting from to be assigned to this class. |
| dnsbl | Text | None | dnsbl | Match users to this connect class by DNSBL name when using the mark action. |
| modes | Text | None | conn_umodes | The user modes to set on connecting users. |
| requireaccount | Text | No | account | Whether users must be logged into a services account to use this class. |
| requireident | Boolean | No | ident | Whether users must have responded to a ident lookup to be assigned to this class. |
| requiressl | Text | no | sslinfo | Whether users must be using TLS to use this class. |
| usecloak | Boolean | Yes | cloak | Whether users in this connect class can be cloaked. |
| useconnectban | Boolean | yes | connectban | Whether to ban users in this class for making excessive connections to the server. |
| useconnflood | Boolean | yes | connflood | Whether to throttle users in this class when excessive connections are being made to the server. |
| usednsbl | Boolean | Yes | dnsbl | Whether users in this connect class should be looked up in a DNSBL. |
| useident | Boolean | Yes | ident | Whether to try to look up the real username of users in this class using the RFC 1413 identification protocol. |
| usests | Boolean | Yes | ircv3_sts | Whether users in this connect class should have a STS policy advertised to them. |
| webirc | Text | None | gateway | If defined then a glob pattern to match the name of a WebIRC gateway against. |
The hash field is currently optional but will be required in the next major version of InspIRCd when using password authentication.
The following hashing modules are included with InspIRCd:
| Algorithm | Module(s) | Description |
|---|---|---|
| argon2d | argon2 | Hashes using the Argon2d algorithm. |
| argon2i | argon2 | Hashes using the Argon2i algorithm. |
| argon2id | argon2 | Hashes using the Argon2id algorithm. |
| bcrypt | bcrypt | Hashes using the bcrypt algorithm. |
| hmac-md5 | password_hash, md5 | Deprecated! Hashes using the MD5 and HMAC algorithms. |
| hmac-sha1 | password_hash, sha1 | Hashes using the SHA-1 and HMAC algorithms. |
| hmac-sha224 | password_hash, sha2 | Hashes using the SHA-224 and HMAC algorithms. |
| hmac-sha256 | password_hash, sha2 | Hashes using the SHA-256 and HMAC algorithms. |
| hmac-sha384 | password_hash, sha2 | Hashes using the SHA-384 and HMAC algorithms. |
| hmac-sha512 | password_hash, sha2 | Hashes using the SHA-512 and HMAC algorithms. |
| md5 | md5 | Deprecated! Hashes using the MD5 algorithm. |
| pbkdf2-hmac-md5 | pbkdf2, md5 | Deprecated! Hashes using the MD5 and PBKDF2 algorithms. |
| pbkdf2-hmac-sha1 | pbkdf2, sha1 | Hashes using the SHA-1 and PBKDF2 algorithms. |
| pbkdf2-hmac-sha224 | pbkdf2, sha2 | Hashes using the SHA-224 and PBKDF2 algorithms. |
| pbkdf2-hmac-sha256 | pbkdf2, sha2 | Hashes using the SHA-256 and PBKDF2 algorithms. |
| pbkdf2-hmac-sha384 | pbkdf2, sha2 | Hashes using the SHA-384 and PBKDF2 algorithms. |
| pbkdf2-hmac-sha512 | pbkdf2, sha2 | Hashes using the SHA-512 and PBKDF2 algorithms. |
| sha1 | sha1 | Hashes using the SHA-1 algorithm. |
| sha224 | sha2 | Hashes using the SHA-224 algorithm. |
| sha256 | sha2 | Hashes using the SHA-256 algorithm. |
| sha384 | sha2 | Hashes using the SHA-384 algorithm. |
| sha512 | sha2 | Hashes using the SHA-512 algorithm. |
The file specified in the motd field can contain the following formatting codes:
| Escape | Example (raw) | Example (formatted) | Description |
|---|---|---|---|
\b | foo \bbar\b baz | foo bar baz | Toggles whether text should be bold. |
\c<fg>[,<bg>] | foo \c03bar\c bazfoo \c11,04bar\c baz | foo foo | Toggles the foreground and/or background color of text. |
\c{<fg>[,<bg>]} | foo \c{green}bar\c bazfoo \c{cyan,red}bar\c baz | foo foo | New in v4.3.0! Toggles the foreground and/or background color of text using color names (see below). |
\h<fg>[,<bg>] | foo \hea74dcbar\h bazfoo \h613583,2ec27ebar\h baz | foo foo | Toggles the foreground and/or background color of text using hex colors (not widely supported). |
\i | foo \ibar\i baz | foo bar baz | Toggles whether text should be italicised. |
\m | foo \mbar\m baz | foo bar baz | Toggles whether text should be monospace (not widely supported). |
\r | foo \c{blue,orange}bar\r baz | foo | Swaps the foreground and background color. |
\s | foo \sbar\s baz | foo | Toggles whether text should be struckthrough (not widely supported). |
\u | foo \ubar\u baz | foo bar baz | Toggles whether text should be underlined. |
\x | foo \b\ibar\x baz | foo bar baz | Terminates any previously specified formatting. |
If using named colors they are converted to raw color codes as follows:
| Code | Name | Example |
|---|---|---|
| 00 | white | |
| 01 | black | |
| 02 | blue | |
| 03 | green | |
| 04 | red | |
| 05 | brown | |
| 06 | magenta | |
| 07 | orange | |
| 08 | yellow | |
| 09 | light green | |
| 10 | cyan | |
| 11 | light cyan | |
| 12 | light blue | |
| 13 | pink | |
| 14 | grey | |
| 15 | light grey | |
| 99 | default | Depends on client theme |
Colors in the range 16-98 are not widely supported and do not have names. See ircdocs for more information.
Example Usage
Denies connections to clients connecting from 3ffe::0/32:
<connect name="6bone"
deny="3ffe::0/32"
reason="The 6bone address space is deprecated">
Defines a TLS (SSL) only connect class and then a general connect class to inherit from:
<connect name="Secure"
parent="Main"
allow="*"
port="6697">
<connect name="Main"
allow="*"
commandrate="1000"
fakelag="on"
globalmax="3"
hardsendq="1M"
limit="5000"
localmax="3"
maxchans="30"
maxconnwarn="no"
pingfreq="2m"
recvq="8K"
resolvehostnames="yes"
softsendq="8192"
threshold="10"
timeout="10"
uniqueusername="no"
motd="motd">
Special Notes
If you are also using the gateway module you should disable DNS lookups for your WebIRC gateway.
<define>
The <define> tag allows you to to define XML-style entities which you can use in your config to avoid duplication. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| name | Text | None | Required! The name of the entity. |
| value | Text | None | The value to replace instances of the entity with. |
The following entities are already defined:
| Name | Description |
|---|---|
& | An ampersand. |
' | A single quote. This can be used unescaped but is supported for compatibility with XML generators. |
&dir.config; | The configuration directory that was configured at build time. |
&dir.data; | The data directory that was configured at build time. |
&dir.log; | The log directory that was configured at build time. |
&dir.module; | The module directory that was configured at build time. |
&dir.runtime; | The runtime directory that was configured at build time. |
&env.NAME; | The value of the NAME environment variable when InspIRCd was first started. |
> | A greater than symbol. This can be used unescaped but is supported for compatibility with XML generators. |
&irc.bold; | Makes subsequent text within an IRC message bold. |
&irc.color; | Makes subsequent text within an IRC message colored. Should be followed by color codes in the format FG[,BG]. See ircdocs for more information. |
&irc.colour; | Makes subsequent text within an IRC message colored. Should be followed by color codes in the format FG[,BG]. See ircdocs for more information. |
&irc.hexcolor; | Makes subsequent text within an IRC message colored. Should be followed by hexadecimal color codes in the format FRFGFB[,BRBGBB] (not widely supported). |
&irc.hexcolour; | Makes subsequent text within an IRC message colored. Should be followed by hexadecimal color codes in the format FRFGFB[,BRBGBB] (not widely supported). |
&irc.italic; | Makes subsequent text within an IRC message italic. |
&irc.monospace; | Makes subsequent text within an IRC message monospace (not widely supported). |
&irc.reset; | Disables all text formatting for subsequent text. |
&irc.reverse; | Makes subsequent text within an IRC message reversed. |
&irc.strikethrough; | Makes subsequent text within an IRC message struckthrough (not widely supported). |
&irc.underline; | Makes subsequent text within an IRC message underlined |
< | A less than symbol. This can be used unescaped but is supported for compatibility with XML generators. |
&nl; | A new line. |
" | A double quote. |
Example Usage
Creates the &ServerHost; entity with a value of "example.com":
<define name="ServerHost"
value="example.com">
<dns>
The <dns> tag defines the DNS server to use when looking up hostnames. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| enabled | Boolean | Yes | Whether DNS lookups are enabled. |
| server | Text | None | If defined then the DNS server to look up hostnames with. If not set then the first system resolver will be used. |
| timeout | Duration | 5s | The period before timing out DNS lookups. |
| sourceip | Text | None | If defined then the IP address to connect from when doing DNS lookups. |
| sourceport | Number | None | If defined then the UDP port to connect from when doing DNS lookups. |
Example Usage
<dns enabled="yes"
server="127.0.0.53"
timeout="5s"
sourceip=""
sourceport="0">
<exception>
The <exception> tag defines a permanent E-line. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| host | Text | None | Required! A user@host to E-line. |
| reason | Text | None | Required! The reason for the E-line being added. |
Example Usage
<exception host="*@localhost"
reason="Local connections">
<execfiles>
The <execfiles> tag runs a shell command and reads its output. This tag can only be defined once. The purpose of the output depends on what field commands are defined in.
Note that commands are only run on rehash, so changes are not automatically detected.
| Name | Type | Default Value | Description |
|---|---|---|---|
| motd | Text | None | A file used as the message of the day, ie. shown to users when they connect or use the /MOTD command. |
Additionally, the following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| opermotd | Text | None | opermotd | The file to read or command to execute to obtain the opermotd text. |
| quotes | Text | None | randquote | The file to read or command to execute to obtain the quotes text. |
The working directory is InspIRCd's configuration directory.
Example Usage
Downloads https://www.example.com/motd.txt and uses it as the message of the day:
<execfiles motd="wget -O - https://www.example.com/motd.txt">
<extbans>
The <extbans> tag defines the characters used by extended bans. This tag can only be defined once.
The following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| account | Character | R | account | Checks whether users are logged into a services account matching <pattern>. |
| blockcolor | Character | c | blockcolor | Bans <mask> from sending messages that contain IRC formatting codes. |
| blockinvite | Character | A | allowinvite | Bans <mask> from using the /INVITE command. |
| channel | Character | j | channelban | Checks whether users are in a channel matching <pattern>. |
| class | Character | n | classban | Checks whether users are in a connect class <pattern>. |
| country | Character | G | geoban | Matches against the two letter country code for the country that users are connecting from. |
| gateway | Character | w | gateway | Matches against the name of the gateway that WebIRC users are connecting from. |
| mute | Character | m | muteban | Bans <mask> from speaking in the channel. |
| noctcp | Character | C | noctcp | Bans <mask> from sending messages that contain CTCPs. |
| nokick | Character | Q | nokicks | Bans privileged users matching <mask> from using the /KICK command. |
| nonick | Character | N | nonicks | Bans users matching <mask> from changing their nickname whilst in the channel. |
| nonotice | Character | T | nonotice | Bans <mask> from sending messages with the /NOTICE command. |
| oper | Character | o | operchans | Checks whether users are logged into a server operator account with a name matching <pattern>. |
| opertype | Character | O | operchans | Checks whether users are logged into a server operator account with an operator type matching <pattern>. |
| opmoderated | Character | u | opmoderated | Bans <mask> from speaking to unprivileged users in the channel. |
| realmask | Character | a | realnameban | Checks whether users have a nick!user@host+real mask matching <pattern>. |
| realname | Character | r | realnameban | Checks whether users have a a real name matching <pattern>. |
| server | Character | s | serverban | Checks whether users are on a server matching <pattern>. |
| sslfp | Character | z | sslmodes | Checks whether users have a TLS (SSL) client certificate with a fingerprint matching <pattern>. |
| stripcolor | Character | S | stripcolor | Strips IRC formatting codes from messages sent by users matching <mask>. |
| unauthed | Character | U | account | Checks whether users matching <pattern> are not logged into a services account. |
Example Usage
<files>
The <files> tag reads one or more files. This tag can only be defined once. The purpose of these files depends on what field they are defined in.
Note that files are only read on rehash, so changes are not automatically detected.
| Name | Type | Default Value | Description |
|---|---|---|---|
| motd | Text | None | A file used as the message of the day, i.e. shown to users when they connect or use the /MOTD command. |
Additionally, the following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| opermotd | Text | None | opermotd | The file to read or command to execute to obtain the opermotd text. |
| quotes | Text | None | randquote | The file to read or command to execute to obtain the quotes text. |
All paths are relative to InspIRCd's configuration directory. This is:
/etc/inspircdif using our UNIX binary packages.C:\Program Files\InspIRCd\confif using our Windows binary package.[ROOT]/run/confif you have built in your home directory.
File paths are NOT relative to the current config file.
Example Usage
Use the file examples/motd.example.txt as the message of the day:
<files motd="examples/motd.example.txt">
<include>
The <include> tag allows you include the contents of a file or the output of a command into your config file. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| directory | Text | None | If defined then the directory to look for .conf files in. |
| executable | Text | None | If defined then the command to execute. |
| file | Text | None | If defined then the file to read. |
| mandatorytag | Text | None | If defined then a tag that must exist in a config file for it to be valid. |
| missingokay | Boolean | Yes | Whether to ignore config files that don't exist. |
| noenv | Boolean | Yes (executable) No (directory, file) | Whether to allow environment variables to be used from within the included config. |
| noexec | Boolean | Yes (executable) No (directory, file) | Whether to allow executable includes from within the included config. |
| noinclude | Boolean | No | Whether to allow file includes from within the included config. |
Example Usage
Includes links.conf into the config:
<include file="links.conf"
noenv="no"
noexec="no"
noinclude="no"
mandatorytag="link"
missingokay="no">
Includes all of the config files in 'modules' into the config:
<include directory="modules"
noenv="no"
noexec="no"
noinclude="no"
mandatorytag="link">
Executes curl to download https://example.com/links.conf and include it into the config:
<include executable="curl --silent https://example.com/links.conf"
noenv="yes"
noexec="yes"
noinclude="no"
mandatorytag="link">
<insane>
The <insane> tag defines limits to protect against overly wide X-lines being created. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| hostmasks | Boolean | No | Whether to bypass the limit for E-lines, G-lines, and K-lines. |
| ipmasks | Boolean | No | Whether to bypass the limit for Z-lines. |
| nickmasks | Boolean | No | Whether to bypass the limit for Q-lines. |
| trigger | Decimal | 95.5 | The percentage of connected users who must match the X-line for it to be rejected as overly wide. |
Example Usage
<insane hostmasks="no"
ipmasks="no"
nickmasks="no"
trigger="95.5">
<limits>
The <limits> tag defines the maximum length of user-configurable fields. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| maxaway | Number | 200 | The maximum length of an away message. |
| maxchan | Number | 60 | The maximum length of a channel name. |
| maxhost | Number | 64 | The maximum length of a hostname. |
| maxkey | Number | 30 | The maximum length of a channel key. |
| maxkick | Number | 300 | The maximum length of a kick message. |
| maxmodes | Number | 20 | The maximum number of non-flag modes that can be changed in a single MODE message. |
| maxnick | Number | 30 | The maximum length of a nickname. |
| maxquit | Number | 300 | The maximum length of a quit message. |
| maxreal | Number | 130 | The maximum length of a real name. |
| maxtopic | Number | 330 | The maximum length of a channel topic. |
| maxuser | Number | 10 | The maximum length of a username. |
Example Usage
<limits maxaway="200"
maxchan="60"
maxhost="64"
maxkey="30"
maxkick="300"
maxmodes="20"
maxnick="30"
maxquit="300"
maxreal="130"
maxtopic="330"
maxuser="10">
<log>
The <log> tag defines a location to log to. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| method | Text | file | The method to use for storing logs. |
| type | Text | * | A space-delimited token list of types of message to log. |
| level | Text | normal | The level of messages to log. |
| target | Text | None | If using the file method the location to write the log to. |
| flush | Number | 20 | If using the file method after how many lines to flush the log to disk. |
Additionally, the following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| dbid | Text | None | log_sql | Required! The name of the database connection to execute the query against. |
| method | Text | None | log_syslog | Required! This MUST be set to syslog to use system logging. |
| log_json | Required! This MUST be set to json, json-stderr, or json-stdout to use JSON logging. | |||
| log_sql | Required! This MUST be set to sql to use SQL logging. | |||
| query | Text | INSERT INTO ircd_log (time, type, message) VALUES (FROM_UNIXTIME($time), '$type', '$message'); | log_sql | The query to use to insert a log message into the database. |
| target | Text | None | log_json | Required! If using the json method the location to write the log to. |
The method field should be set to one of the following values:
| Value | Module | Description |
|---|---|---|
| file | None | Log to a file. |
| json | log_json | Log to a file in JSON. |
| json-stderr | log_json | Log to the standard error stream in JSON. |
| json-stdout | log_json | Log to the standard output stream in JSON. |
| sql | log_sql | Log to a SQL database. |
| stderr | None | Log to the standard error stream. |
| stdout | None | Log to the standard output stream. |
| syslog | log_syslog | Log to the system log. |
The type field should be set to one or more of the following values:
| Value | Logging Levels Used | Description |
|---|---|---|
| BANCACHE | debug | Messages relating to the X-line result cache. |
| CHANNELS | debug | Messages relating to channels. |
| COMMAND | debug | Messages relating to command execution. |
| CONFIG | warning normal debug | Messages relating to the configuration. |
| CONNECTCLASS | normal debug | Messages relating to connect classes. |
| CULL | debug | Messages relating to object culling. |
| LOG | critical normal | Messages relating to logging. |
| MODE | warning | Messages relating to modes. |
| MODULE | critical normal debug | Messages relating to modules. |
| SERVICE | debug | Messages relating to service registration. |
| SIGNAL | debug | Messages relating to signal handling. |
| SOCKET | warning normal debug | Messages relating to network sockets. |
| STARTUP | critical warning normal | Messages relating to the startup process. |
| USERINPUT | rawio | Messages relating to user input. |
| USEROUTPUT | rawio | Messages relating to user output. |
| USERS | warning debug | Messages relating to users. |
| core_channel | debug | Messages relating to channels. |
| core_dns | critical warning normal debug | Messages relating to DNS lookups. |
| core_hostname_lookup | debug | Messages relating to user hostname lookups. |
| core_info | warning | Messages relating to server-provided information. |
| core_oper | critical normal | Messages relating to server operators. |
| core_reloadmodule | debug | Messages relating to the RELOADMODULE command. |
| core_who | debug | Messages relating to the WHO command. |
| core_whowas | debug | Messages relating to the WHOWAS command. |
| m_callerid | debug | Messages relating to the callerid module. |
| m_cap | debug | Messages relating to the cap module. |
| m_chanlog | normal | Messages relating to the chanlog module. |
| m_cloak | debug | Messages relating to the cloak module. |
| m_cloak_sha256 | normal | Messages relating to the cloak_sha256 module. |
| m_cloak_user | debug | Messages relating to the cloak_user module. |
| m_codepage | debug | Messages relating to the codepage module. |
| m_connectban | debug | Messages relating to the connectban module. |
| m_customprefix | debug | Messages relating to the customprefix module. |
| m_customtitle | normal | Messages relating to the customtitle module. |
| m_dccallow | debug | Messages relating to the dccallow module. |
| m_disable | normal debug | Messages relating to the disable module. |
| m_dnsbl | debug | Messages relating to the dnsbl module. |
| m_filter | warning normal debug | Messages relating to the filter module. |
| m_gateway | normal debug | Messages relating to the gateway module. |
| m_geo_maxmind | normal debug | Messages relating to the geo_maxmind module. |
| m_hidemode | debug | Messages relating to the hidemode module. |
| m_httpd | debug | Messages relating to the httpd module. |
| m_httpd_acl | debug | Messages relating to the httpd_acl module. |
| m_httpd_config | debug | Messages relating to the httpd_config module. |
| m_httpd_stats | debug | Messages relating to the httpd_stats module. |
| m_ident | debug | Messages relating to the ident module. |
| m_ircv3_sts | debug | Messages relating to the ircv3_sts module. |
| m_ldap | normal | Messages relating to the ldap module. |
| m_ldapauth | debug | Messages relating to the ldapauth module. |
| m_log_json | normal | Messages relating to the log_json module. |
| m_mysql | critical normal debug | Messages relating to the mysql module. |
| m_operlog | normal | Messages relating to the operlog module. |
| m_opermotd | normal | Messages relating to the opermotd module. |
| m_password_hash | normal | Messages relating to the password_hash module. |
| m_permchannels | critical warning debug | Messages relating to the permchannels module. |
| m_pgsql | critical normal debug | Messages relating to the pgsql module. |
| m_regex_pcre2 | normal | Messages relating to the regex_pcre2 module. |
| m_sasl | normal debug | Messages relating to the sasl module. |
| m_services | debug | Messages relating to the services module. |
| m_showfile | warning | Messages relating to the showfile module. |
| m_silence | debug | Messages relating to the silence module. |
| m_spanningtree | warning normal debug rawio | Messages relating to the spanningtree module. |
| m_sqlite3 | critical normal debug | Messages relating to the sqlite3 module. |
| m_sqloper | warning debug | Messages relating to the sqloper module. |
| m_ssl_gnutls | warning normal debug | Messages relating to the ssl_gnutls module. |
| m_ssl_openssl | warning normal debug | Messages relating to the ssl_openssl module. |
| m_sslinfo | debug | Messages relating to the sslinfo module. |
| m_sslrehashsignal | normal | Messages relating to the sslrehashsignal module. |
| m_vhost | warning | Messages relating to the vhost module. |
| m_xline_db | critical debug | Messages relating to the xline_db module. |
The level field should be set to one of the following values:
| Value | Description |
|---|---|
| rawio | Log raw I/O traffic. |
| debug | Log information that is useful for debugging. |
| normal | Log general information. |
| warning | Log issues that should be investigated. |
| critical | Log critical errors that must be resolved. |
Example Usage
<log method="file"
type="* -USERINPUT -USEROUTPUT"
level="normal"
target="ircd.log"
flush="20">
<maxlist>
The <maxlist> tag defines the number of list modes which can be created in a channel. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| chan | Text | None | Required! A glob pattern for channels that this limit applies to. |
| mode | Number | None | The character or name for the mode this limit applies to. If not defined then it applies to all modes. |
| limit | Number | None | Required! The number of bans which can be created in these channels. |
Example Usage
<maxlist chan="#largechan"
mode="b"
limit="500">
<maxlist chan="*"
limit="100">
<modes>
The <modes> tag defines the characters used by modes. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| ban | Character | b | Bans users matching <mask> from joining the channel. |
| invisible | Character | i | Marks the user as invisible. |
| inviteonly | Character | i | Prevents users from joining the channel without an invite. |
| key | Character | k | Prevents users from joining the channel who have not specified the <key> password. |
| limit | Character | l | Allows no more than <count> users to join the channel. |
| moderated | Character | m | Prevents users without a prefix rank from messaging the channel. |
| noextmsg | Character | n | Prevents users who are not in the channel from messaging the channel. |
| op | Character | o | Grants channel operator status to <nick>. |
| oper | Character | o | Marks the user as a server operator (can only be set by the server). |
| private | Character | p | Hides the channel in /WHOIS from people who are not a member. You probably want channel mode s (secret) rather than this. |
| secret | Character | s | Hides the channel in /WHOIS and /LIST from people who are not a member. |
| snomask | Character | s | Enables receiving the specified types of server operator notice. |
| topiclock | Character | t | Prevents non-channel operators from changing the channel topic. |
| voice | Character | v | Grants channel voice status to <nick>. |
| wallops | Character | w | Enables receiving /WALLOPS messages from server operators. |
Additionally, the following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| allowinvite | Character | A | allowinvite | Allows unprivileged users to use the /INVITE command. |
| anticaps | Character | B | anticaps | Enables blocking excessively capitalised messages. |
| antiredirect | Character | L | redirect | Prevents users from being redirected by channel mode L (redirect). |
| auditorium | Character | u | auditorium | Enables auditorium mode. |
| autoop | Character | w | autoop | Grants the <status> rank to users matching <mask> on join. |
| banexception | Character | e | banexception | Exempts users matching <mask> from channel mode b (ban). |
| blockcolor | Character | c | blockcolor | Enables blocking messages that contain IRC formatting codes. |
| bot | Character | B | botmode | Marks the user as a bot. |
| c_registered | Character | r | services | Marks the channel as being registered. |
| callerid | Character | g | callerid | Enables whitelisting of who can message the user. |
| cloak | Character | x | cloak | Enables hiding of the user's hostname. |
| deaf | Character | d | deaf | Prevents the user from receiving channel messages. |
| deaf_commonchan | Character | c | commonchans | Requires other users to have a common channel before they can message this user. |
| delayjoin | Character | D | delayjoin | Prevents users from receiving JOIN messages until the joining user speaks. |
| delaymsg | Character | d | delaymsg | Prevents newly joined users from speaking until <seconds> seconds have passed. |
| exemptchanops | Character | X | exemptchanops | Exempts users with the <mode> prefix mode or higher from <restriction>. |
| filter | Character | g | chanfilter | Prevents users from sending messages that match <glob>. |
| flood | Character | f | messageflood | Kicks users who send more than <messages> messages in the last <duration>. If prefixed with * then offending users are also banned. |
| helpop | Character | h | helpmode | Marks the user as being available for help. |
| hidechans | Character | I | hidechans | Hides the channels the user is in from their /WHOIS response. |
| hideoper | Character | H | hideoper | Hides the user's server operator status from unprivileged users. |
| history | Character | H | chanhistory | Sends up to <count> messages from the last <period> on join. |
| invex | Character | I | inviteexception | Exempts users matching <mask> from channel mode i (inviteonly). |
| joinflood | Character | j | joinflood | Prevents more than <joins> joins in the last <seconds> seconds. |
| kicknorejoin | Character | J | kicknorejoin | Prevents who have been kicked from rejoining until <seconds> seconds have passed. |
| namebase | Character | Z | namedmodes | Allows users to add, remove, and view the modes of a specific target. |
| nickflood | Character | F | nickflood | Prevents more than <changes> nickname changes in the last <seconds> seconds. |
| noctcp | Character | C | noctcp | Enables blocking channel messages that contain CTCPs. |
| nohistory | Character | N | chanhistory | Disables receiving channel history on join. |
| nokick | Character | Q | nokicks | Prevents privileged users from using the /KICK command. |
| noknock | Character | K | knock | Disables the usage of the /KNOCK command on this channel. |
| nonick | Character | N | nonicks | Prevents users from changing their nickname whilst in the channel. |
| nonotice | Character | T | nonotice | Enables blocking messages sent with the /NOTICE command. |
| official-join | Character | Y | ojoin | Grants channel official-join status to <nick>. |
| operonly | Character | O | operchans | Prevents non-server operators from joining the channel. |
| operprefix | Character | y | operprefix | Grants channel operprefix status to <nick>. |
| opmoderated | Character | U | opmoderated | Hides the messages of unprivileged users from other unprivileged users. |
| override | Character | O | override | Allows server operators to opt-in to overriding restrictions. |
| permanent | Character | P | permchannels | Prevents the channel from being deleted when the last user leaves. |
| privdeaf | Character | D | deaf | Prevents the user from receiving private messages. |
| redirect | Character | L | redirect | Redirects all new users to <channel> when the user limit is reached. |
| regdeaf | Character | R | account | Prevents users who are not logged into a services account from messaging the user. |
| reginvite | Character | R | account | Prevents users who are not logged into a services account from joining the channel. |
| regmoderated | Character | M | account | Prevents users who are not logged into a services account from speaking in the channel. |
| repeat | Character | E | repeat | Configures the messages that should be considered a repeat. If prefixed with ~ the messages are blocked. If prefixed with * then offending users are banned. If not prefixed then offending users are kicked. |
| servprotect | Character | k | services | Protects services pseudoclients against kicks, kills, and channel prefix mode changes. |
| showwhois | Character | W | showwhois | Informs the user when someone does a /WHOIS query on their nick. |
| sslonly | Character | z | sslmodes | Prevents users who are not connected using TLS (SSL) from joining the channel. |
| sslqueries | Character | z | sslmodes | Prevents messages from being sent to or received from a user that is not connected using TLS (SSL). |
| stripcolor | Character | S | stripcolor | Enables stripping of IRC formatting codes from channel messages. |
| u_noctcp | Character | T | noctcp | Enables blocking private messages that contain CTCPs. |
| u_registered | Character | r | services | Marks the user as being logged into a services account. |
| u_stripcolor | Character | S | stripcolor | Enables stripping of IRC formatting codes from private messages. |
Example Usage
<module>
The <module> tag defines a module to load. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| name | Text | None | Required! The name of a module to load. |
Example Usage
<module name="ssl_gnutls">
<oper>
The <oper> tag defines a server operator account. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| class | Text | None | If defined then a connect class to assign users who log into this server operator account to. |
| hash | Text | None | If defined then the hash algorithm that the password field is hashed with. |
| host | Text | None | Required! A space-delimited list of glob patterns for the username@hostname mask that users must be connecting from to log into this server operator account. |
| name | Text | None | Required! The username for this server operator account. |
| password | Text | None | Required! The password for this server operator account. |
| nopassword | Boolean | No | If enabled then the password field will not be used. You MUST use some other restriction field if this is enabled. |
| type | Text | None | Required! The type of server operator this account is. |
| vhost | Text | None | If defined then a virtual hostname to set on users who log into this server operator account. |
| autologin | Text | never | Whether to automatically log server operators in when they connect to the server. |
| commands | Text | None | A space-delimited list of server operator-only commands that this server operator can execute. |
| privs | Text | None | A space-delimited list of server operator privileges that this server operator has. This is in addition to the privileges from the operator type and operator classes. |
| chanmodes | Text | None | The server operator-only channel modes that this server operator can change. This is in addition to the channel modes from the operator type and operator classes. |
| usermodes | Text | None | The server operator-only user modes that this server operator can change. This is in addition the user modes from the operator type and operator classes. |
| snomasks | Text | None | The server operator-only snomasks that this server operator can change. This is in addition the snomasks from the operator type and operator classes. |
Additionally, the following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| account | Text | None | account | If defined then a space-delimited list of user account names or account identifiers to check against this server operator's account. |
| autojoin | Text | None | operjoin | A comma-delimited list of channels for server operators to be joined to when logging into their server operator account. |
| automotd | Boolean | Yes | opermotd | Whether to send the server operator message of the day to server operators when they log into their server operator account. |
| fingerprint | Text | None | sslinfo | If defined then a space-delimited list of TLS client certificate fingerprints to check against this server operator's TLS client certificate. |
| level | Number | 0 | operlevels | The rank to give to the server operators. |
| modes | Text | None | opermodes | The user modes to set on server operators when they log into their server operator account. |
| motd | Text | opermotd | opermotd | The file path or name of the field in <files> / <execfiles> to use when reading the server operator message of the day. |
| sslonly | Boolean | No | sslinfo | Whether this server operator must be connected using TLS to log into their account. |
| swhois | Text | None | swhois | If defined then defines a custom line to add to the server operator's WHOIS response. |
The autologin field should be set to one of the following values:
| Value | Description |
|---|---|
| never | Do not automatically log users in to this server operator account. |
| relaxed | Automatically log users into this server operator account if their details (account/host/sslonly/etc) match. |
| strict | Automatically log users into this server operator account if their details (account/host/sslonly/etc) match and their nick is the same as the account name. |
The following hashing modules are included with InspIRCd:
| Algorithm | Module(s) | Description |
|---|---|---|
| argon2d | argon2 | Hashes using the Argon2d algorithm. |
| argon2i | argon2 | Hashes using the Argon2i algorithm. |
| argon2id | argon2 | Hashes using the Argon2id algorithm. |
| bcrypt | bcrypt | Hashes using the bcrypt algorithm. |
| hmac-md5 | password_hash, md5 | Deprecated! Hashes using the MD5 and HMAC algorithms. |
| hmac-sha1 | password_hash, sha1 | Hashes using the SHA-1 and HMAC algorithms. |
| hmac-sha224 | password_hash, sha2 | Hashes using the SHA-224 and HMAC algorithms. |
| hmac-sha256 | password_hash, sha2 | Hashes using the SHA-256 and HMAC algorithms. |
| hmac-sha384 | password_hash, sha2 | Hashes using the SHA-384 and HMAC algorithms. |
| hmac-sha512 | password_hash, sha2 | Hashes using the SHA-512 and HMAC algorithms. |
| md5 | md5 | Deprecated! Hashes using the MD5 algorithm. |
| pbkdf2-hmac-md5 | pbkdf2, md5 | Deprecated! Hashes using the MD5 and PBKDF2 algorithms. |
| pbkdf2-hmac-sha1 | pbkdf2, sha1 | Hashes using the SHA-1 and PBKDF2 algorithms. |
| pbkdf2-hmac-sha224 | pbkdf2, sha2 | Hashes using the SHA-224 and PBKDF2 algorithms. |
| pbkdf2-hmac-sha256 | pbkdf2, sha2 | Hashes using the SHA-256 and PBKDF2 algorithms. |
| pbkdf2-hmac-sha384 | pbkdf2, sha2 | Hashes using the SHA-384 and PBKDF2 algorithms. |
| pbkdf2-hmac-sha512 | pbkdf2, sha2 | Hashes using the SHA-512 and PBKDF2 algorithms. |
| sha1 | sha1 | Hashes using the SHA-1 algorithm. |
| sha224 | sha2 | Hashes using the SHA-224 algorithm. |
| sha256 | sha2 | Hashes using the SHA-256 algorithm. |
| sha384 | sha2 | Hashes using the SHA-384 algorithm. |
| sha512 | sha2 | Hashes using the SHA-512 algorithm. |
Example Usage
<oper name="Sadie"
password="7H8Tqm+i$jaG48RHAcoLXSB3Guzaf1bQehaNRNbblMoNrHPdguvU"
nopassword="no"
hash="hmac-sha256"
class="ServerOperators"
host="*@bnc.example.com"
type="NetAdmin"
vhost="staff.example.net"
autologin="never"
commands="-* KILL ZLINE"
privs="users/auspex -servers/auspex"
chanmodes="-*+P"
usermodes="H-h"
snomasks="Aa-Xx">
<options>
The <options> tag defines general configuration options. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| cyclehostsfromuser | Boolean | No | Whether to send modes from the user rather than the server when sending a fake rejoin. |
| defaultbind | Text | auto | The IP version to bind using if an IP address is not specified. |
| defaultmodes | Text | not | The default modes to apply to newly created channels. |
| exemptchanops | Text | None | The privileges to exempt ranked channel users from. See the notes for the exemptchanops module for more information. |
| extbanformat | Text | any | The method to use for normalising extbans. |
| fixedpart | Text | None | If defined then a static value to replace users' part messages with. |
| fixedquit | Text | None | If defined then a static value to replace users' quit messages with. |
| invitebypassmodes | Boolean | Yes | Whether being invited to a channel allows the invitee to bypass channel modes which would otherwise prevent them from joining. |
| maskinlist | Boolean | No | Whether to show the full user mask of a list mode setter rather than just their nickname. |
| maskintopic | Boolean | No | Whether to show the full user mask of a topic setter rather than just their nickname. |
| modesinlist | Text | opers | Whether to include the current channel modes in the /LIST output. |
| nosnoticestack | Boolean | No | Whether to stop identical server notices from being stacked with "last message repeated X times". |
| prefixpart | Text | None | If defined then the value to prefix users' part messages with. |
| prefixquit | Text | None | If defined then the value to prefix users' quit messages with. |
| splitwhois | Text | no | Whether to split private/secret channels from normal channels in WHOIS responses. |
| suffixpart | Text | None | If defined then the value to suffix users' part messages with. |
| suffixquit | Text | None | If defined then the value to suffix users' quit messages with. |
| syntaxhints | Boolean | No | Whether to send syntax hints to users who send commands with not enough parameters. |
| xlinemessage | Text | You're banned! | The message to send to users who have been banned from the server. |
| xlinequit | Text | %fulltype%: %reason% | The quit message to show to opers and affected users when a user is [KGZ]-lined. |
Additionally, the following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| allowmismatch | Boolean | No | spanningtree | Whether optionally common modules can be loaded on one server but not the other. |
| announcets | Boolean | No | spanningtree | Whether to announce changes in channel creation time. |
| pingwarning | Duration | 15s | spanningtree | The number of seconds to wait before warning server operators that a server has not responded to a ping. |
| serverpingfreq | Duration | 1m | spanningtree | The number of seconds to wait between pinging servers. |
The defaultbind field should be set to one of the following values:
| Value | Description |
|---|---|
| auto | Bind to :: if IPv6 support is available. Otherwise, bind to 0.0.0.0. |
| ipv4 | Bind to 0.0.0.0 by default. |
| ipv6 | Bind to :: by default. |
The extbanformat field should be set to one of the following values:
| Value | Description |
|---|---|
| any | Do not perform any extban normalisation. |
| name | Normalise extbans to use their name. |
| letter | Normalise extbans to use their letter. |
The modesinlist field should be set to one of the following values:
| Value | Description |
|---|---|
| yes | Show the current channel modes to all users. |
| opers | New in v4.4.0! Show the current channel modes to server operators with the channels/auspex privilege. |
| no | Do not show the current channel modes in /LIST. |
The splitwhois field should be set to one of the following values:
| Value | Description |
|---|---|
| no | Don't split private/secret channels from normal channels in WHOIS responses. |
| split | Split private/secret channels from normal channels in WHOIS responses. |
| splitmsg | Split private/secret channels from normal channels in WHOIS responses with an explanation. |
The xlinequit field can contain any of the following template variables:
| Variable | Description |
|---|---|
| %created% | The date/time at which the X-line was created. |
| %duration% | The duration of the X-line. |
| %expiry% | The date/time at which the X-line expires. |
| %fulltype% | The type of X-line which was matched, suffixed with "-lined" if its name is one or two characters. |
| %reason% | The reason the X-line was added. |
| %remaining% | The duration remaining on the X-line. |
| %setter% | The name of the X-line setter. |
| %type% | The type of X-line that was matched. |
Example Usage
<options cyclehostsfromuser="no"
defaultbind="auto"
defaultmodes="nost"
exemptchanops=""
extbanformat="name"
fixedpart=""
fixedquit=""
invitebypassmodes="yes"
nosnoticestack="no"
maskinlist="yes"
maskintopic="yes"
modesinlist="opers"
prefixpart="""
prefixquit="Quit: "
splitwhois="no"
suffixpart="""
suffixquit=""
syntaxhints="yes"
xlinemessage="You're banned. Email abuse@example.com to appeal this decision.">
<path>
The <path> tag defines the location of the config, data, log, and module directories. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| configdir | Text | &dir.config; | The location of the config directory. |
| datadir | Text | &dir.data; | The location of the data directory. |
| logdir | Text | &dir.log; | The location of the logs directory. |
| moduledir | Text | &dir.module; | The location of the modules directory. |
| runtimedir | Text | &dir.runtime; | The location of the runtime directory. |
You should make sure to specify absolute paths to avoid resolution issues.
Example Usage
<path configdir="&dir.config;"
datadir="&dir.data;"
logdir="&dir.log;"
moduledir="&dir.module;"
runtimedir="&dir.runtime;">
<performance>
The <performance> tag defines configuration options relating to server performance. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| clonesonconnect | Boolean | Yes | Whether to check for clones when a user connects to the server. |
| netbuffersize | Number | 10240 | The size of the buffer used to receive data from users. |
| softlimit | Number | Varies | The maximum number of connections to allow to the IRC server. |
| somaxconn | Number | Varies | The maximum number of connections that may be waiting in the connection accept queue. |
| timeskipwarn | Duration | 2s | The amount of time the server clock can skip by before server operators are warned about lag. |
Additionally, the following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| quietbursts | Boolean | No | spanningtree | Whether to inform server operators of users who connect during a network merge. |
Example Usage
<performance clonesonconnect="yes"
netbuffersize="10240"
softlimit="15000"
somaxconn="128"
timeskipwarn="2s">
<pid>
The <pid> tag defines the location of the pidfile. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| file | Text | inspircd.pid | The location of the pidfile. |
Example Usage
<pid file="inspircd.pid">
<security>
The <security> tag defines configuration options relating to server security. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| announceinvites | Text | dynamic | Whether to send an announcement when a user is invited to a channel. |
| customversion | Text | None | A custom string to show in the /VERSION output. |
| genericoper | Boolean | No | Whether to show "is a server operator" in /WHOIS instead of the server operator's type. |
| publicxlinequit | Text | None | If non-empty then the quit message to show to non-server operators instead of the X-Line reason. |
| hidekills | Text | None | If defined then the text to show in a kill message instead of the name of the server operator who caused the kill. |
| hideserver | Text | None | If defined then the text to show in place of a server name. |
| hideservicekills | Boolean | No | Whether to hide server notices about kills by users on services servers. |
| maxtargets | Number | 20 | The maximum number of targets a user may specify in a command. |
| restrictbannedusers | Text | Yes | Whether to restrict the behaviour of users who are banned in a channel. |
| runasgroup | Text | None | If defined then the group to switch to after starting up (requires starting as root). |
| runasuser | Text | None | If defined then the user to switch to after starting up (requires starting as root). |
| userstats | Text | Pu | The /STATS characters that a non-server operator can view. |
Additionally, the following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| flatlinks | Boolean | No | spanningtree | Whether to flatten the output of /LINKS to avoid leaking network architecture. |
| hideservices | Boolean | No | spanningtree | Whether to hide services servers from the output of /LINKS and /MAP. |
| hidesplits | Boolean | No | spanningtree | Whether to show *.net *.split instead of the server names when a netsplit happens |
| maphide | Text | None | maphide | Required! The URL to provide to users who run the /MAP and /LINKS commands. |
The announceinvites field should be set to one of the following values:
| Value | Description |
|---|---|
| none | Don't send any invite announcements. |
| ops | Send invite announcements to channel operators and higher ranked users. |
| dynamic | Send invites to channel half-operators (if available) and higher ranked users. |
| all | Send invites to all channel members. |
The publicxlinequit field can contain any of the following template variables:
| Variable | Description |
|---|---|
| %created% | The date/time at which the X-line was created. |
| %duration% | The duration of the X-line. |
| %expiry% | The date/time at which the X-line expires. |
| %fulltype% | The type of X-line which was matched, suffixed with "-lined" if its name is one or two characters. |
| %reason% | The reason the X-line was added. |
| %remaining% | The duration remaining on the X-line. |
| %setter% | The name of the X-line setter. |
| %type% | The type of X-line that was matched. |
The restrictbannedusers field should be set to one of the following values:
| Value | Description |
|---|---|
| yes | Banned users should be restricted. |
| no | Banned users should not be restricted. |
| silent | Banned users should be restricted but should not be informed. |
Example Usage
<security announceinvites="dynamic"
customversion=""
genericoper="no"
publicxlinequit=""
hidekills=""
hideserver=""
hideservicekills="yes"
maxtargets="20"
restrictbannedusers="yes"
runasgroup=""
runasuser=""
userstats="Pu">
<server>
The <server> tag defines settings about the local server. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| name | Text | None | Required! The hostname of the local server. |
| description | Text | Configure Me | A description of the local server. |
| network | Text | Network | The name of the IRC network the local server is attached to. |
| id | Text | None | If defined then a unique server identifier in the format [0-9][0-9A-Z][0-9A-Z]. |
Example Usage
<server name="irc.eu.example.com"
description="ExampleNet's European server"
network="ExampleNet"
id="34C">
<type>
The <type> tag defines a type of server operator. This tag can be defined as many times as required.
| Name | Type | Default Value | Description |
|---|---|---|---|
| class | Text | None | If defined then a connect class to assign users who log into this server operator account to. |
| classes | Text | None | If defined then a space-delimited list of <class> tags to inherit privileges from. |
| name | Text | None | Required! The name for this server operator type. |
| vhost | Text | None | If defined then a virtual hostname to set on users who log into a server operator account using this type. |
| autologin | Text | never | Whether to automatically log server operators using this type in when they connect to the server. |
| commands | Text | None | A space-delimited list of server operator-only commands that server operators of this type can execute. |
| privs | Text | None | A space-delimited list of server operator privileges that server operators of this type has. This is in addition to the privileges from the operator classes. |
| chanmodes | Text | None | The server operator-only channel modes that server operators of this type can change. This is in addition to the channel modes from the operator classes. |
| usermodes | Text | None | The server operator-only user modes that server operators of this type can change. This is in addition the user modes from the operator classes. |
| snomasks | Text | None | The server operator-only snomasks that server operators of this type can change. This is in addition the snomasks from the operator classes. |
Additionally, the following fields are provided by modules:
| Name | Type | Default Value | Module | Description |
|---|---|---|---|---|
| account | Text | None | account | If defined then a space-delimited list of user account names or account identifiers to check against this server operator's account. |
| autojoin | Text | None | operjoin | A comma-delimited list of channels for server operators to be joined to when logging into their server operator account. |
| automotd | Boolean | Yes | opermotd | Whether to send the server operator message of the day to server operators when they log into their server operator account. |
| fingerprint | Text | None | sslinfo | If defined then a space-delimited list of TLS client certificate fingerprints to check against this server operator's TLS client certificate. |
| level | Number | 0 | operlevels | The rank to give to the server operators. |
| modes | Text | None | opermodes | The user modes to set on server operators when they log into their server operator account. |
| motd | Text | opermotd | opermotd | The file path or name of the field in <files> / <execfiles> to use when reading the server operator message of the day. |
| sslonly | Boolean | No | sslinfo | Whether this server operator must be connected using TLS to log into their account. |
| swhois | Text | None | swhois | If defined then defines a custom line to add to the server operator's WHOIS response. |
The autologin field should be set to one of the following values:
| Value | Description |
|---|---|
| never | Do not automatically log users in to a server operator account. |
| relaxed | Automatically log users into a server operator account if their details (account/host/sslonly/etc) match. |
| strict | Automatically log users into a server operator account if their details (account/host/sslonly/etc) match and their nick is the same as the account name. |
Example Usage
<type name="NetAdmin"
class="ServerOperators"
classes="BanControl HostCloak OperChat SACommands ServerLink Shutdown"
vhost="staff.example.net"
autologin="never"
commands="-* KILL ZLINE"
privs="users/auspex -servers/auspex"
chanmodes="-*+P"
usermodes="H-h"
snomasks="Aa-Xx">
<whowas>
The <whowas> tag defines the configuration of the /WHOWAS database. This tag can only be defined once.
| Name | Type | Default Value | Description |
|---|---|---|---|
| groupsize | Number | 10 | The maximum number of /WHOWAS entries for a nickname. If set to 0 then /WHOWAS is disabled. |
| maxgroups | Number | 10000 (since v4.3.0) 10240 (before v4.3.0) | The maximum number of /WHOWAS nickname groups. If set to 0 then /WHOWAS is disabled. |
| maxkeep | Duration | 7d (since v4.3.0) 1h (before v4.3.0) | The period of time to keep /WHOWAS records for. |
| nickupdate | Boolean | Yes | New in v4.3.0! Whether to update the /WHOWAS database on nick change as well as quit. |
Example Usage
<whowas groupsize="10"
maxgroups="10000"
maxkeep="7d"
nickupdate="yes">